@aztec/foundation 3.0.0-devnet.6 → 3.0.0-devnet.6-patch.1

package/src/crypto/schnorr/index.ts

@@ -1,5 +1,6 @@
 import { BarretenbergSync } from '@aztec/bb.js';
-import { type GrumpkinScalar, Point } from '@aztec/foundation/fields';
+import type { GrumpkinScalar } from '@aztec/foundation/curves/grumpkin';
+import { Point } from '@aztec/foundation/curves/grumpkin';
 
 import { SchnorrSignature } from './signature.js';
 
@@ -15,7 +16,7 @@ export class Schnorr {
    * @returns A grumpkin public key.
    */
   public async computePublicKey(privateKey: GrumpkinScalar): Promise<Point> {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.schnorrComputePublicKey({ privateKey: privateKey.toBuffer() });
     return Point.fromBuffer(Buffer.concat([Buffer.from(response.publicKey.x), Buffer.from(response.publicKey.y)]));
@@ -28,7 +29,7 @@ export class Schnorr {
    * @returns A Schnorr signature of the form (s, e).
    */
   public async constructSignature(msg: Uint8Array, privateKey: GrumpkinScalar) {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.schnorrConstructSignature({
       message: msg,
@@ -45,7 +46,7 @@ export class Schnorr {
    * @returns True or false.
    */
   public async verifySignature(msg: Uint8Array, pubKey: Point, sig: SchnorrSignature) {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.schnorrVerifySignature({
       message: msg,

package/src/crypto/schnorr/signature.ts

@@ -1,5 +1,5 @@
-import { randomBytes } from '@aztec/foundation/crypto';
-import { Fr } from '@aztec/foundation/fields';
+import { randomBytes } from '@aztec/foundation/crypto/random';
+import { Fr } from '@aztec/foundation/curves/bn254';
 import { BufferReader, mapTuple } from '@aztec/foundation/serialize';
 
 import type { Signature } from '../signature/index.js';

package/src/crypto/secp256k1/index.ts

@@ -27,7 +27,7 @@ export class Secp256k1 {
    * @returns Result of the multiplication.
    */
   public async mul(point: Uint8Array, scalar: Uint8Array) {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.secp256k1Mul({
       point: { x: point.subarray(0, 32), y: point.subarray(32, 64) },
@@ -41,7 +41,7 @@ export class Secp256k1 {
    * @returns Random field element.
    */
   public async getRandomFr() {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.secp256k1GetRandomFr({ dummy: 0 });
     return Buffer.from(response.value);
@@ -53,7 +53,7 @@ export class Secp256k1 {
    * @returns Buffer representation of the field element.
    */
   public async reduce512BufferToFr(uint512Buf: Buffer) {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.secp256k1Reduce512({ input: uint512Buf });
     return Buffer.from(response.value);

package/src/crypto/secp256k1-signer/utils.ts

@@ -7,6 +7,27 @@ import { keccak256 } from '../keccak/index.js';
 
 const ETH_SIGN_PREFIX = '\x19Ethereum Signed Message:\n32';
 
+/** Signature recovery options */
+type RecoveryOpts = {
+  /**
+   * Whether to allow s-values in the high half of the curve (s >= CURVE.n/2).
+   * These are discouraged by EIP2 to prevent signature malleability, and outright
+   * rejected in OpenZeppelin's ECDSA recover, which we use in our Rollup contract.
+   */
+  allowMalleable?: boolean;
+  /**
+   * Whether to allow an y-parity 0-1 bit instead of the standard v value 27-28.
+   */
+  allowYParityAsV?: boolean;
+};
+
+export class Secp256k1Error extends Error {
+  constructor(message: string, opts?: { cause: unknown }) {
+    super(message, opts);
+    this.name = 'Secp256k1Error';
+  }
+}
+
 // We just hash the message to make it easier to work with in the smart contract.
 export function makeEthSignDigest(message: Buffer32): Buffer32 {
   const prefix = Buffer.from(ETH_SIGN_PREFIX);
@@ -46,16 +67,18 @@ export function addressFromPrivateKey(privateKey: Buffer): EthAddress {
  * Recovers an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address.
- * @throws Error if signature recovery fails.
+ * @throws Error if signature recovery fails or if signature is malleable and allowMalleable is false.
  */
-export function recoverAddress(hash: Buffer32, signature: Signature): EthAddress {
+export function recoverAddress(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): EthAddress {
   try {
-    const publicKey = recoverPublicKey(hash, signature);
+    const publicKey = recoverPublicKey(hash, signature, opts);
     return publicKeyToAddress(publicKey);
-  } catch (err) {
-    throw new Error(
-      `Error recovering Ethereum address from hash ${hash.toString()} and signature ${signature.toString()}: ${err}`,
+  } catch (err: unknown) {
+    throw new Secp256k1Error(
+      `Error recovering Ethereum address from hash ${hash.toString()} and signature ${signature.toString()}`,
+      { cause: err },
     );
   }
 }
@@ -64,11 +87,12 @@ export function recoverAddress(hash: Buffer32, signature: Signature): EthAddress
  * Safely attempts to recover an address from a hash and a signature.
  * @param hash - The hash to recover the address from.
  * @param signature - The signature to recover the address from.
+ * @param opts - Recovery options.
  * @returns The address if recovery succeeds, undefined otherwise.
  */
-export function tryRecoverAddress(hash: Buffer32, signature: Signature): EthAddress | undefined {
+export function tryRecoverAddress(hash: Buffer32, signature: Signature, opts?: RecoveryOpts): EthAddress | undefined {
   try {
-    const publicKey = recoverPublicKey(hash, signature);
+    const publicKey = recoverPublicKey(hash, signature, opts);
     return publicKeyToAddress(publicKey);
   } catch {
     return undefined;
@@ -91,7 +115,7 @@ export function toRecoveryBit(yParityOrV: number) {
   if (yParityOrV === 28) {
     return 1;
   }
-  throw new Error('Invalid yParityOrV value');
+  throw new Secp256k1Error(`Invalid yParityOrV value ${yParityOrV}`);
 }
 
 /**
@@ -105,16 +129,84 @@ export function signMessage(message: Buffer32, privateKey: Buffer) {
   return new Signature(Buffer32.fromBigInt(r), Buffer32.fromBigInt(s), recovery ? 28 : 27);
 }
 
+/**
+ * Flips an ECDSA signature.
+ * If the signature has a low s-value (s < CURVE.n/2), it flips it to high s-value (CURVE.n - s) and vice versa.
+ * Also flips the v value accordingly (27 <-> 28, or 0 <-> 1).
+ * This is useful for testing signature malleability handling.
+ * @param signature - The signature to flip.
+ * @returns A new signature with flipped s-value and v-value.
+ */
+export function flipSignature(signature: Signature): Signature {
+  const { r, s, v } = signature;
+  const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt());
+  const flippedS = secp256k1.CURVE.n - sig.s;
+
+  return new Signature(r, Buffer32.fromBigInt(flippedS), flipV(v));
+}
+
+/**
+ * Normalizes an ECDSA signature.
+ * If the signature has a high s-value (s >= CURVE.n/2), it flips it to low s-value (CURVE.n - s), and flips v accordingly.
+ * If the signature uses a recovery bit of 0/1, it is converted to a v-value 27/28 for ecrecover.
+ * @remarks This does not handle post EIP155 tx signatures which embed the chain id in v. Use it only for feeding into ECRECOVER precompiles.
+ * @param signature - The signature to normalize.
+ */
+export function normalizeSignature(signature: Signature): Signature {
+  const { r, s, v } = signature;
+  const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt());
+  if (sig.hasHighS()) {
+    const newV = flipV(v);
+    const newS = sig.normalizeS().s;
+    return new Signature(r, Buffer32.fromBigInt(newS), toVFromYParityOrV(newV));
+  }
+
+  return new Signature(r, s, toVFromYParityOrV(v));
+}
+
+/** Converts a yParityOrV value to a pre-EIP155 v-value 27-28. */
+function toVFromYParityOrV(yParityOrV: number): number {
+  if (yParityOrV === 0 || yParityOrV === 1) {
+    return yParityOrV + 27;
+  } else if (yParityOrV === 27 || yParityOrV === 28) {
+    return yParityOrV;
+  } else {
+    throw new Secp256k1Error(`Invalid yParityOrV value ${yParityOrV}`);
+  }
+}
+
+/** Flips the recovery bit or v-value */
+function flipV(v: number): number {
+  switch (v) {
+    case 27:
+      return 28;
+    case 28:
+      return 27;
+    case 0:
+      return 1;
+    case 1:
+      return 0;
+    default:
+      throw new Secp256k1Error(`Invalid v value ${v}`);
+  }
+}
+
 /**
  * Recovers a public key from a hash and a signature.
  * @param hash - The hash to recover the public key from.
  * @param signature - The signature to recover the public key from.
  * @returns The public key.
  */
-export function recoverPublicKey(hash: Buffer32, signature: Signature): Buffer {
+export function recoverPublicKey(hash: Buffer32, signature: Signature, opts: RecoveryOpts = {}): Buffer {
   const { r, s, v } = signature;
+  if (!opts.allowYParityAsV && v !== 27 && v !== 28) {
+    throw new Secp256k1Error(`Invalid v value ${v} (expected 27 or 28)`);
+  }
   const recoveryBit = toRecoveryBit(v);
   const sig = new secp256k1.Signature(r.toBigInt(), s.toBigInt()).addRecoveryBit(recoveryBit);
+  if (!opts.allowMalleable && sig.hasHighS()) {
+    throw new Secp256k1Error('Signature has high s-value (malleable signature)');
+  }
   const publicKey = sig.recoverPublicKey(hash.buffer).toHex(false);
   return Buffer.from(publicKey, 'hex');
 }

package/src/crypto/sha256/index.ts

@@ -1,7 +1,7 @@
 /* eslint-disable camelcase */
 import { default as hash } from 'hash.js';
 
-import { Fr } from '../../fields/fields.js';
+import { Fr } from '../../curves/bn254/field.js';
 import { truncateAndPad } from '../../serialize/free_funcs.js';
 import { type Bufferable, serializeToBuffer } from '../../serialize/serialize.js';
 import type { Hasher } from '../../trees/hasher.js';

package/src/crypto/sha512/index.ts

@@ -1,6 +1,6 @@
 import { default as hash } from 'hash.js';
 
-import { GrumpkinScalar } from '../../fields/fields.js';
+import { GrumpkinScalar } from '../../curves/grumpkin/index.js';
 import { type Bufferable, serializeToBuffer } from '../../serialize/serialize.js';
 
 export const sha512 = (data: Buffer) => Buffer.from(hash.sha512().update(data).digest());

package/src/crypto/signature/index.ts

@@ -1,4 +1,4 @@
-import type { Fr } from '@aztec/foundation/fields';
+import type { Fr } from '@aztec/foundation/curves/bn254';
 
 /**
  * Interface to represent a signature.

package/src/crypto/sync/index.ts

@@ -3,4 +3,4 @@ import { BarretenbergSync } from '@aztec/bb.js';
 export * from './poseidon/index.js';
 export * from './pedersen/index.js';
 
-await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+await BarretenbergSync.initSingleton();

package/src/crypto/sync/pedersen/index.ts

@@ -1,6 +1,6 @@
 import { BarretenbergSync } from '@aztec/bb.js';
 
-import { Fr } from '../../../fields/fields.js';
+import { Fr } from '../../../curves/bn254/field.js';
 import { type Fieldable, serializeToFields } from '../../../serialize/serialize.js';
 
 /**

package/src/crypto/sync/poseidon/index.ts

@@ -1,6 +1,6 @@
 import { BarretenbergSync } from '@aztec/bb.js';
 
-import { Fr } from '../../../fields/fields.js';
+import { Fr } from '../../../curves/bn254/field.js';
 import { type Fieldable, serializeToFields } from '../../../serialize/serialize.js';
 
 /**

package/src/{fields/bls12_fields.ts → curves/bls12/field.ts}

@@ -2,12 +2,12 @@
 import { bls12_381 } from '@noble/curves/bls12-381';
 import { inspect } from 'util';
 
-import { toBigIntBE, toBufferBE } from '../bigint-buffer/index.js';
-import { randomBytes } from '../crypto/random/index.js';
-import { hexSchemaFor } from '../schemas/utils.js';
-import { BufferReader } from '../serialize/buffer_reader.js';
-import { TypeRegistry } from '../serialize/type_registry.js';
-import { Fr } from './fields.js';
+import { toBigIntBE, toBufferBE } from '../../bigint-buffer/index.js';
+import { randomBytes } from '../../crypto/random/index.js';
+import { hexSchemaFor } from '../../schemas/utils.js';
+import { BufferReader } from '../../serialize/buffer_reader.js';
+import { TypeRegistry } from '../../serialize/type_registry.js';
+import { Fr } from '../bn254/field.js';
 
 /**
  * Represents a field derived from BLS12Field.

package/src/curves/bls12/index.ts

@@ -0,0 +1,2 @@
+export * from './field.js';
+export * from './point.js';

package/src/{fields/bls12_point.ts → curves/bls12/point.ts}

@@ -3,13 +3,13 @@ import type { ProjPointType } from '@noble/curves/abstract/weierstrass';
 import { bls12_381 } from '@noble/curves/bls12-381';
 import { inspect } from 'util';
 
-import { toBufferBE } from '../bigint-buffer/index.js';
-import { randomBoolean } from '../crypto/random/index.js';
-import { hexSchemaFor } from '../schemas/utils.js';
-import { BufferReader, serializeToBuffer } from '../serialize/index.js';
-import { bufferToHex, hexToBuffer } from '../string/index.js';
-import { BLS12Fq, BLS12Fr } from './bls12_fields.js';
-import { Fr } from './fields.js';
+import { toBufferBE } from '../../bigint-buffer/index.js';
+import { randomBoolean } from '../../crypto/random/index.js';
+import { hexSchemaFor } from '../../schemas/utils.js';
+import { BufferReader, serializeToBuffer } from '../../serialize/index.js';
+import { bufferToHex, hexToBuffer } from '../../string/index.js';
+import { Fr } from '../bn254/field.js';
+import { BLS12Fq, BLS12Fr } from './field.js';
 
 /**
  * Represents a Point on an elliptic curve with x and y coordinates.

package/src/{fields/fields.ts → curves/bn254/field.ts}

@@ -2,11 +2,11 @@ import { BarretenbergSync } from '@aztec/bb.js';
 
 import { inspect } from 'util';
 
-import { toBigIntBE, toBufferBE } from '../bigint-buffer/index.js';
-import { randomBytes } from '../crypto/random/index.js';
-import { hexSchemaFor } from '../schemas/utils.js';
-import { BufferReader } from '../serialize/buffer_reader.js';
-import { TypeRegistry } from '../serialize/type_registry.js';
+import { toBigIntBE, toBufferBE } from '../../bigint-buffer/index.js';
+import { randomBytes } from '../../crypto/random/index.js';
+import { hexSchemaFor } from '../../schemas/utils.js';
+import { BufferReader } from '../../serialize/buffer_reader.js';
+import { TypeRegistry } from '../../serialize/type_registry.js';
 
 const ZERO_BUFFER = Buffer.alloc(32);
 
@@ -321,7 +321,7 @@ export class Fr extends BaseField {
    * @returns A square root of the field element (null if it does not exist).
    */
   async sqrt(): Promise<Fr | null> {
-    await BarretenbergSync.initSingleton({ wasmPath: process.env.BB_WASM_PATH });
+    await BarretenbergSync.initSingleton();
     const api = BarretenbergSync.getSingleton();
     const response = api.bn254FrSqrt({ input: this.toBuffer() });
     if (!response.isSquareRoot) {
@@ -335,7 +335,23 @@ export class Fr extends BaseField {
     return this.toString();
   }
 
+  /**
+   * Creates an Fr instance from a plain object without Zod validation.
+   * This method is optimized for performance and skips validation, making it suitable
+   * for deserializing trusted data (e.g., from C++ via MessagePack).
+   * Handles buffers, strings, numbers, bigints, or existing instances.
+   * @param obj - Plain object, buffer, string, number, bigint, boolean, or Fr instance
+   * @returns An Fr instance
+   */
+  static fromPlainObject(obj: any): Fr {
+    if (obj instanceof Fr) {
+      return obj;
+    }
+    return new Fr(obj);
+  }
+
   static get schema() {
+    // Serialization from hex string.
     return hexSchemaFor(Fr);
   }
 }
@@ -434,6 +450,21 @@ export class Fq extends BaseField {
     return new Fq((this.toBigInt() + rhs.toBigInt()) % Fq.MODULUS);
   }
 
+  /**
+   * Computes a square root of the field element.
+   * @returns A square root of the field element (null if it does not exist).
+   */
+  async sqrt(): Promise<Fq | null> {
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+    const response = api.bn254FqSqrt({ input: this.toBuffer() });
+    if (!response.isSquareRoot) {
+      // Field element is not a quadratic residue mod p so it has no square root.
+      return null;
+    }
+    return Fq.fromBuffer(Buffer.from(response.value));
+  }
+
   toJSON() {
     return this.toString();
   }
@@ -480,14 +511,6 @@ function extendedEuclidean(a: bigint, modulus: bigint): [bigint, bigint, bigint]
   }
 }
 
-/**
- * GrumpkinScalar is an Fq.
- * @remarks Called GrumpkinScalar because it is used to represent elements in Grumpkin's scalar field as defined in
- *          the Aztec Protocol Specs.
- */
-export type GrumpkinScalar = Fq;
-export const GrumpkinScalar = Fq;
-
 /** Wraps a function that returns a buffer so that all results are reduced into a field of the given type. */
 export function reduceFn<TInput, TField extends BaseField>(fn: (input: TInput) => Buffer, field: DerivedField<TField>) {
   return (input: TInput) => fromBufferReduce(fn(input), field);

package/src/curves/bn254/index.ts

@@ -0,0 +1,2 @@
+export * from './field.js';
+export * from './point.js';

package/src/curves/bn254/point.ts

@@ -0,0 +1,170 @@
+import {
+  BN254_G1_GENERATOR,
+  BN254_G2_GENERATOR,
+  BarretenbergSync,
+  type Bn254G1Point as BbApiBn254G1Point,
+  type Bn254G2Point as BbApiBn254G2Point,
+} from '@aztec/bb.js';
+
+import { Fq, Fr } from './field.js';
+
+/**
+ * BN254 G1 point using foundation field classes.
+ * Represents a point on the BN254 elliptic curve in affine coordinates.
+ */
+export class Bn254G1Point {
+  constructor(
+    public readonly x: Fq,
+    public readonly y: Fq,
+  ) {}
+
+  private toBbApiPoint(): BbApiBn254G1Point {
+    return {
+      x: this.x.toBuffer(),
+      y: this.y.toBuffer(),
+    };
+  }
+
+  private static fromBbApiPoint(point: BbApiBn254G1Point): Bn254G1Point {
+    return new Bn254G1Point(Fq.fromBuffer(Buffer.from(point.x)), Fq.fromBuffer(Buffer.from(point.y)));
+  }
+
+  async isOnCurve(): Promise<boolean> {
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const apiPoint = this.toBbApiPoint();
+    const response = api.bn254G1IsOnCurve({ point: apiPoint });
+    return response.isOnCurve;
+  }
+
+  /**
+   * Get the generator point for BN254 G1, or perform scalar multiplication.
+   * When called without arguments, returns the base generator point.
+   * When called with a scalar, returns scalar * generator (useful for public key derivation).
+   */
+  static async generator(scalar?: Fr): Promise<Bn254G1Point> {
+    if (!scalar) {
+      return new Bn254G1Point(
+        Fq.fromBuffer(Buffer.from(BN254_G1_GENERATOR.x)),
+        Fq.fromBuffer(Buffer.from(BN254_G1_GENERATOR.y)),
+      );
+    }
+
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const response = api.bn254G1Mul({
+      point: BN254_G1_GENERATOR,
+      scalar: scalar.toBuffer(),
+    });
+
+    return Bn254G1Point.fromBbApiPoint(response.point);
+  }
+
+  /**
+   * Decompress a BN254 G1 point from compressed form (32 bytes).
+   * The compressed format encodes the x-coordinate and the sign bit of the y-coordinate
+   * in the most significant bit.
+   */
+  static async fromCompressed(compressed: Buffer): Promise<Bn254G1Point> {
+    if (compressed.length !== 32) {
+      throw new Error('Invalid compressed point length');
+    }
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const response = api.bn254G1FromCompressed({
+      compressed: new Uint8Array(compressed),
+    });
+
+    return Bn254G1Point.fromBbApiPoint(response.point);
+  }
+
+  /**
+   * Compress this BN254 G1 point to 32 bytes.
+   * The compressed format encodes the x-coordinate and the sign bit of the y-coordinate
+   * in the most significant bit (bit 255).
+   */
+  compress(): Buffer {
+    const xBytes = this.x.toBuffer();
+    // Get the least significant bit of y to determine the sign
+    const yLsb = this.y.toBigInt() & 1n;
+    // If y is odd, set the most significant bit (bit 255) of the output
+    if (yLsb === 1n) {
+      xBytes[0] |= 0x80;
+    }
+    return xBytes;
+  }
+
+  equals(other: Bn254G1Point): boolean {
+    return this.x.equals(other.x) && this.y.equals(other.y);
+  }
+
+  toString(): string {
+    return `Bn254G1Point(x: ${this.x.toString()}, y: ${this.y.toString()})`;
+  }
+}
+
+/**
+ * BN254 G2 point using foundation field classes.
+ * Represents a point on the BN254 G2 curve (twist curve) in affine coordinates.
+ * G2 points use extension field coordinates (Fq2).
+ */
+export class Bn254G2Point {
+  constructor(
+    public readonly x: [Fq, Fq],
+    public readonly y: [Fq, Fq],
+  ) {}
+
+  private toBbApiPoint(): BbApiBn254G2Point {
+    return {
+      x: [this.x[0].toBuffer(), this.x[1].toBuffer()],
+      y: [this.y[0].toBuffer(), this.y[1].toBuffer()],
+    };
+  }
+
+  private static fromBbApiPoint(point: BbApiBn254G2Point): Bn254G2Point {
+    return new Bn254G2Point(
+      [Fq.fromBuffer(Buffer.from(point.x[0])), Fq.fromBuffer(Buffer.from(point.x[1]))],
+      [Fq.fromBuffer(Buffer.from(point.y[0])), Fq.fromBuffer(Buffer.from(point.y[1]))],
+    );
+  }
+
+  /**
+   * Get the generator point for BN254 G2, or perform scalar multiplication.
+   * When called without arguments, returns the base generator point.
+   * When called with a scalar, returns scalar * generator.
+   */
+  static async generator(scalar?: Fr): Promise<Bn254G2Point> {
+    if (!scalar) {
+      return new Bn254G2Point(
+        [Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.x[0])), Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.x[1]))],
+        [Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.y[0])), Fq.fromBuffer(Buffer.from(BN254_G2_GENERATOR.y[1]))],
+      );
+    }
+
+    await BarretenbergSync.initSingleton();
+    const api = BarretenbergSync.getSingleton();
+
+    const response = api.bn254G2Mul({
+      point: BN254_G2_GENERATOR as BbApiBn254G2Point,
+      scalar: scalar.toBuffer(),
+    });
+
+    return Bn254G2Point.fromBbApiPoint(response.point);
+  }
+
+  equals(other: Bn254G2Point): boolean {
+    return (
+      this.x[0].equals(other.x[0]) &&
+      this.x[1].equals(other.x[1]) &&
+      this.y[0].equals(other.y[0]) &&
+      this.y[1].equals(other.y[1])
+    );
+  }
+
+  toString(): string {
+    return `Bn254G2Point(x: (${this.x[0].toString()}, ${this.x[1].toString()}), y: (${this.y[0].toString()}, ${this.y[1].toString()}))`;
+  }
+}

package/src/curves/grumpkin/index.ts

@@ -0,0 +1,11 @@
+import { Fq } from '../bn254/field.js';
+
+export * from './point.js';
+
+/**
+ * GrumpkinScalar is an Fq.
+ * @remarks Called GrumpkinScalar because it is used to represent elements in Grumpkin's scalar field as defined in
+ *          the Aztec Protocol Specs.
+ */
+export type GrumpkinScalar = Fq;
+export const GrumpkinScalar = Fq;

package/src/{fields → curves/grumpkin}/point.ts

@@ -1,10 +1,10 @@
-import { toBigIntBE } from '../bigint-buffer/index.js';
-import { poseidon2Hash } from '../crypto/poseidon/index.js';
-import { randomBoolean } from '../crypto/random/index.js';
-import { hexSchemaFor } from '../schemas/utils.js';
-import { BufferReader, FieldReader, serializeToBuffer } from '../serialize/index.js';
-import { bufferToHex, hexToBuffer } from '../string/index.js';
-import { Fr } from './fields.js';
+import { toBigIntBE } from '../../bigint-buffer/index.js';
+import { poseidon2Hash } from '../../crypto/poseidon/index.js';
+import { randomBoolean } from '../../crypto/random/index.js';
+import { hexSchemaFor } from '../../schemas/utils.js';
+import { BufferReader, FieldReader, serializeToBuffer } from '../../serialize/index.js';
+import { bufferToHex, hexToBuffer } from '../../string/index.js';
+import { Fr } from '../bn254/field.js';
 
 /**
  * Represents a Point on an elliptic curve with x and y coordinates.
@@ -42,9 +42,28 @@ export class Point {
   }
 
   static get schema() {
+    // Serialization from hex string.
     return hexSchemaFor(Point);
   }
 
+  /**
+   * Creates a Point from a plain object without Zod validation.
+   * This method is optimized for performance and skips validation, making it suitable
+   * for deserializing trusted data (e.g., from C++ via MessagePack).
+   * Handles buffers, existing instances, or objects with x, y, and isInfinite fields.
+   * @param obj - Plain object, buffer, or Point instance
+   * @returns A Point instance
+   */
+  static fromPlainObject(obj: any): Point {
+    if (obj instanceof Point) {
+      return obj;
+    }
+    if (obj instanceof Buffer || Buffer.isBuffer(obj)) {
+      return Point.fromBuffer(obj);
+    }
+    return new Point(Fr.fromPlainObject(obj.x), Fr.fromPlainObject(obj.y), obj.isInfinite ?? false);
+  }
+
   /**
    * Generate a random Point instance.
    *