@bsv/sdk 1.1.28 → 1.1.30

package/docs/primitives.md

@@ -8,15 +8,16 @@ Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](
 
 | | | |
 | --- | --- | --- |
-| [BasePoint](#class-basepoint) | [Point](#class-point) | [SHA1HMAC](#class-sha1hmac) |
-| [BigNumber](#class-bignumber) | [PointInFiniteField](#class-pointinfinitefield) | [SHA256](#class-sha256) |
-| [Curve](#class-curve) | [Polynomial](#class-polynomial) | [SHA256HMAC](#class-sha256hmac) |
-| [DRBG](#class-drbg) | [PrivateKey](#class-privatekey) | [SHA512](#class-sha512) |
-| [JacobianPoint](#class-jacobianpoint) | [PublicKey](#class-publickey) | [SHA512HMAC](#class-sha512hmac) |
-| [K256](#class-k256) | [RIPEMD160](#class-ripemd160) | [Signature](#class-signature) |
-| [KeyShares](#class-keyshares) | [Reader](#class-reader) | [SymmetricKey](#class-symmetrickey) |
-| [Mersenne](#class-mersenne) | [ReductionContext](#class-reductioncontext) | [TransactionSignature](#class-transactionsignature) |
-| [MontgomoryMethod](#class-montgomorymethod) | [SHA1](#class-sha1) | [Writer](#class-writer) |
+| [BasePoint](#class-basepoint) | [PointInFiniteField](#class-pointinfinitefield) | [SHA256HMAC](#class-sha256hmac) |
+| [BigNumber](#class-bignumber) | [Polynomial](#class-polynomial) | [SHA512](#class-sha512) |
+| [Curve](#class-curve) | [PrivateKey](#class-privatekey) | [SHA512HMAC](#class-sha512hmac) |
+| [DRBG](#class-drbg) | [PublicKey](#class-publickey) | [Schnorr](#class-schnorr) |
+| [JacobianPoint](#class-jacobianpoint) | [RIPEMD160](#class-ripemd160) | [Signature](#class-signature) |
+| [K256](#class-k256) | [Reader](#class-reader) | [SymmetricKey](#class-symmetrickey) |
+| [KeyShares](#class-keyshares) | [ReductionContext](#class-reductioncontext) | [TransactionSignature](#class-transactionsignature) |
+| [Mersenne](#class-mersenne) | [SHA1](#class-sha1) | [Writer](#class-writer) |
+| [MontgomoryMethod](#class-montgomorymethod) | [SHA1HMAC](#class-sha1hmac) |  |
+| [Point](#class-point) | [SHA256](#class-sha256) |  |
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Variables](#variables)
 
@@ -7349,6 +7350,116 @@ public hasLowS(): boolean
 
 Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Variables](#variables)
 
+---
+### Class: Schnorr
+
+Class representing the Schnorr Zero-Knowledge Proof (ZKP) protocol.
+
+This class provides methods to generate and verify proofs that demonstrate knowledge of a secret without revealing it.
+Specifically, it allows one party to prove to another that they know the private key corresponding to a public key
+and have correctly computed a shared secret, without disclosing the private key itself.
+
+The protocol involves two main methods:
+- `generateProof`: Generates a proof linking a public key `A` and a shared secret `S`, proving knowledge of the corresponding private key `a`.
+- `verifyProof`: Verifies the provided proof, ensuring its validity without revealing any secret information.
+
+The class utilizes elliptic curve cryptography (ECC) and the SHA-256 hash function to compute challenges within the proof.
+
+Example
+
+```typescript
+const schnorr = new Schnorr();
+const a = PrivateKey.fromRandom(); // Prover's private key
+const A = a.toPublicKey();         // Prover's public key
+const b = PrivateKey.fromRandom(); // Other party's private key
+const B = b.toPublicKey();         // Other party's public key
+const S = B.mul(a);                // Shared secret
+
+// Prover generates the proof
+const proof = schnorr.generateProof(a, A, B, S);
+
+// Verifier verifies the proof
+const isValid = schnorr.verifyProof(A.point, B.point, S.point, proof);
+console.log(`Proof is valid: ${isValid}`);
+```
+```ts
+export default class Schnorr {
+    constructor() 
+    generateProof(aArg: PrivateKey, AArg: PublicKey, BArg: PublicKey, S: Point): {
+        R: Point;
+        SPrime: Point;
+        z: BigNumber;
+    } 
+    verifyProof(A: Point, B: Point, S: Point, proof: {
+        R: Point;
+        SPrime: Point;
+        z: BigNumber;
+    }): boolean 
+}
+```
+
+<details>
+
+<summary>Class Schnorr Details</summary>
+
+#### Method generateProof
+
+Generates a proof that demonstrates the link between public key A and shared secret S
+
+```ts
+generateProof(aArg: PrivateKey, AArg: PublicKey, BArg: PublicKey, S: Point): {
+    R: Point;
+    SPrime: Point;
+    z: BigNumber;
+} 
+```
+
+Returns
+
+Proof (R, S', z)
+
+Argument Details
+
++ **a**
+  + Private key corresponding to public key A
++ **A**
+  + Public key
++ **B**
+  + Other party's public key
++ **S**
+  + Shared secret
+
+#### Method verifyProof
+
+Verifies the proof of the link between public key A and shared secret S
+
+```ts
+verifyProof(A: Point, B: Point, S: Point, proof: {
+    R: Point;
+    SPrime: Point;
+    z: BigNumber;
+}): boolean 
+```
+
+Returns
+
+True if the proof is valid, false otherwise
+
+Argument Details
+
++ **A**
+  + Public key
++ **B**
+  + Other party's public key
++ **S**
+  + Shared secret
++ **proof**
+  + Proof (R, S', z)
+
+</details>
+
+Links: [API](#api), [Interfaces](#interfaces), [Classes](#classes), [Functions](#functions), [Types](#types), [Variables](#variables)
+
 ---
 ## Functions
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.1.28",
+  "version": "1.1.30",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",

package/src/compat/ECIES.ts

@@ -46,9 +46,9 @@ function AES (key) {
       decKey[j] = tmp
     } else {
       decKey[j] = decTable[0][sbox[tmp >>> 24]] ^
-                decTable[1][sbox[tmp >> 16 & 255]] ^
-                decTable[2][sbox[tmp >> 8 & 255]] ^
-                decTable[3][sbox[tmp & 255]]
+        decTable[1][sbox[tmp >> 16 & 255]] ^
+        decTable[2][sbox[tmp >> 8 & 255]] ^
+        decTable[3][sbox[tmp & 255]]
     }
   }
 }
@@ -162,11 +162,11 @@ AES.prototype = {
     // Last round.
     for (i = 0; i < 4; i++) {
       out[dir ? 3 & -i : i] =
-                sbox[a >>> 24] << 24 ^
-                sbox[b >> 16 & 255] << 16 ^
-                sbox[c >> 8 & 255] << 8 ^
-                sbox[d & 255] ^
-                key[kIndex++]
+        sbox[a >>> 24] << 24 ^
+        sbox[b >> 16 & 255] << 16 ^
+        sbox[c >> 8 & 255] << 8 ^
+        sbox[d & 255] ^
+        key[kIndex++]
       a2 = a; a = b; b = c; c = d; d = a2
     }
 
@@ -200,10 +200,10 @@ class AESWrapper {
     const words = []
     for (let i = 0; i < buf.length / 4; i++) {
       const val =
-                (buf[i * 4] * 0x1000000) + // Shift the first byte by 24 bits
-                ((buf[i * 4 + 1] << 16) | // Shift the second byte by 16 bits
-                    (buf[i * 4 + 2] << 8) | // Shift the third byte by 8 bits
-                    buf[i * 4 + 3]) // The fourth byte
+        (buf[i * 4] * 0x1000000) + // Shift the first byte by 24 bits
+        ((buf[i * 4 + 1] << 16) | // Shift the second byte by 16 bits
+          (buf[i * 4 + 2] << 8) | // Shift the third byte by 8 bits
+          buf[i * 4 + 3]) // The fourth byte
       words.push(val)
     }
     return words
@@ -477,12 +477,32 @@ export default class ECIES {
       throw new Error('Invalid Magic')
     }
     let offset = 4
-    if (!fromPublicKey) {
-      // BIE1 use compressed public key, length is always 33.
-      const pub = encBuf.slice(4, 37)
-      fromPublicKey = PublicKey.fromString(toHex(pub))
-      offset = 37
+
+    // Determine if the sender's public key is included in encBuf
+    let Rbuf: number[] | null = null
+    if (encBuf.length - offset - tagLength >= 33) {
+      const firstByte = encBuf[offset]
+      if (firstByte === 0x02 || firstByte === 0x03) {
+        // Compressed public key
+        Rbuf = encBuf.slice(offset, offset + 33)
+        offset += 33
+      } else if (firstByte === 0x04) {
+        // Uncompressed public key
+        Rbuf = encBuf.slice(offset, offset + 65)
+        offset += 65
+      }
+    }
+
+    if (Rbuf) {
+      if (!fromPublicKey) {
+        fromPublicKey = PublicKey.fromString(toHex(Rbuf))
+      }
+    } else {
+      if (!fromPublicKey) {
+        throw new Error('Sender public key is required')
+      }
     }
+
     const { iv, kE, kM } = ECIES.ivkEkM(toPrivateKey, fromPublicKey)
     const ciphertext = encBuf.slice(offset, encBuf.length - tagLength)
     const hmac = encBuf.slice(encBuf.length - tagLength, encBuf.length)
@@ -492,6 +512,7 @@ export default class ECIES {
     if (toHex(hmac) !== toHex(hmac2)) {
       throw new Error('Invalid checksum')
     }
+
     return AESCBC.decrypt(ciphertext, kE, iv)
   }
 

package/src/compat/__tests/ECIES.test.ts

@@ -1,7 +1,7 @@
 import ECIES from '../../../dist/cjs/src/compat/ECIES'
 import * as Hash from '../../../dist/cjs/src/primitives/Hash'
 import PrivateKey from '../../../dist/cjs/src/primitives/PrivateKey'
-import { toArray, toHex, encode, toBase64 } from '../../../dist/cjs/src/primitives/utils'
+import { toArray, toHex, encode, toBase64, toUTF8 } from '../../../dist/cjs/src/primitives/utils'
 
 describe('#ECIES', () => {
   it('should make a new ECIES object', () => {
@@ -93,5 +93,27 @@ describe('#ECIES', () => {
       expect(ECIES.electrumDecrypt(encryptedMessage, bobPrivateKey))
         .toEqual(message)
     })
+
+    it('should encrypt and decrypt message with counterparty public key', () => {
+      const wif = 'L211enC224G1kV8pyyq7bjVd9SxZebnRYEzzM3i7ZHCc1c5E7dQu'
+      const senderPrivateKey = PrivateKey.fromWif(wif)
+      const senderPublicKey = senderPrivateKey.toPublicKey()
+      const msgStr = 'hello world'
+      const messageBuf = toArray(msgStr, 'utf8')
+
+      // Create a random counterparty (recipient) public/private key pair
+      const recipientPrivateKey = PrivateKey.fromRandom()
+      const recipientPublicKey = recipientPrivateKey.toPublicKey()
+
+      // Encrypt the message using electrumEncrypt
+      const encryptedMessage = ECIES.electrumEncrypt(messageBuf, recipientPublicKey, senderPrivateKey)
+
+      // Decrypt the message using electrumDecrypt
+      const decryptedMessageBuf = ECIES.electrumDecrypt(encryptedMessage, recipientPrivateKey, senderPublicKey)
+
+      const decryptedMsgStr = toUTF8(decryptedMessageBuf)
+
+      expect(decryptedMsgStr).toEqual(msgStr)
+    })
   })
 })

package/src/primitives/Schnorr.ts

@@ -0,0 +1,95 @@
+import BigNumber from './BigNumber.js'
+import Curve from './Curve.js'
+import Point from './Point.js'
+import { sha256 } from './Hash.js'
+import { PrivateKey, PublicKey } from './index.js'
+
+/**
+ * Class representing the Schnorr Zero-Knowledge Proof (ZKP) protocol.
+ *
+ * This class provides methods to generate and verify proofs that demonstrate knowledge of a secret without revealing it.
+ * Specifically, it allows one party to prove to another that they know the private key corresponding to a public key
+ * and have correctly computed a shared secret, without disclosing the private key itself.
+ *
+ * The protocol involves two main methods:
+ * - `generateProof`: Generates a proof linking a public key `A` and a shared secret `S`, proving knowledge of the corresponding private key `a`.
+ * - `verifyProof`: Verifies the provided proof, ensuring its validity without revealing any secret information.
+ *
+ * The class utilizes elliptic curve cryptography (ECC) and the SHA-256 hash function to compute challenges within the proof.
+ *
+ * @example
+ * ```typescript
+ * const schnorr = new Schnorr();
+ * const a = PrivateKey.fromRandom(); // Prover's private key
+ * const A = a.toPublicKey();         // Prover's public key
+ * const b = PrivateKey.fromRandom(); // Other party's private key
+ * const B = b.toPublicKey();         // Other party's public key
+ * const S = B.mul(a);                // Shared secret
+ *
+ * // Prover generates the proof
+ * const proof = schnorr.generateProof(a, A, B, S);
+ *
+ * // Verifier verifies the proof
+ * const isValid = schnorr.verifyProof(A.point, B.point, S.point, proof);
+ * console.log(`Proof is valid: ${isValid}`);
+ * ```
+ */
+export default class Schnorr {
+  private readonly curve: Curve
+
+  constructor () {
+    this.curve = new Curve()
+  }
+
+  /**
+     * Generates a proof that demonstrates the link between public key A and shared secret S
+     * @param a Private key corresponding to public key A
+     * @param A Public key
+     * @param B Other party's public key
+     * @param S Shared secret
+     * @returns Proof (R, S', z)
+     */
+  generateProof (aArg: PrivateKey, AArg: PublicKey, BArg: PublicKey, S: Point): { R: Point, SPrime: Point, z: BigNumber } {
+    const r = PrivateKey.fromRandom()
+    const R = r.toPublicKey()
+    const SPrime = BArg.mul(r)
+    const e = this.computeChallenge(AArg, BArg, S, SPrime, R)
+    const z = r.add(e.mul(aArg)).umod(this.curve.n)
+    return { R, SPrime, z }
+  }
+
+  /**
+     * Verifies the proof of the link between public key A and shared secret S
+     * @param A Public key
+     * @param B Other party's public key
+     * @param S Shared secret
+     * @param proof Proof (R, S', z)
+     * @returns True if the proof is valid, false otherwise
+     */
+  verifyProof (A: Point, B: Point, S: Point, proof: { R: Point, SPrime: Point, z: BigNumber }): boolean {
+    const { R, SPrime, z } = proof
+    const e = this.computeChallenge(A, B, S, SPrime, R)
+
+    // Check zG = R + eA
+    const zG = this.curve.g.mul(z)
+    const RpluseA = R.add(A.mul(e))
+    if (!zG.eq(RpluseA)) {
+      return false
+    }
+
+    // Check zB = S' + eS
+    const zB = B.mul(z)
+    const SprimeeS = SPrime.add(S.mul(e))
+    if (!zB.eq(SprimeeS)) {
+      return false
+    }
+
+    return true
+  }
+
+  private computeChallenge (A: Point, B: Point, S: Point, SPrime: Point, R: Point): BigNumber {
+    const message = [...A.encode(true), ...B.encode(true), ...S.encode(true), ...SPrime.encode(true), ...R.encode(true)] as number[]
+    const hash = sha256(message)
+    return new BigNumber(hash).umod(this.curve.n)
+  }
+}

package/src/primitives/__tests/Schnorr.test.ts

@@ -0,0 +1,272 @@
+import Schnorr from '../../../dist/cjs/src/primitives/Schnorr.js'
+import BigNumber from '../../../dist/cjs/src/primitives/BigNumber.js'
+import Curve from '../../../dist/cjs/src/primitives/Curve.js'
+import PrivateKey from '../../../dist/cjs/src/primitives/PrivateKey.js'
+
+describe('Schnorr Zero-Knowledge Proof', () => {
+    let schnorr: Schnorr
+    let curve: Curve
+
+    beforeAll(() => {
+        schnorr = new Schnorr()
+        curve = new Curve()
+    })
+
+    it('should verify a valid proof', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(true)
+    })
+
+    it('should fail verification if proof is tampered (R modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with R
+        const tamperedR = proof.R.add(curve.g)
+        const tamperedProof = { ...proof, R: tamperedR }
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, tamperedProof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if proof is tampered (z modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with z
+        const tamperedZ = proof.z.add(new BigNumber(1)).umod(curve.n)
+        const tamperedProof = { ...proof, z: tamperedZ }
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, tamperedProof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if proof is tampered (S\' modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with S'
+        const tamperedSPrime = proof.SPrime.add(curve.g)
+        const tamperedProof = { ...proof, SPrime: tamperedSPrime }
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, tamperedProof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if inputs are tampered (A modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with A
+        const tamperedA = A.add(curve.g)
+
+        // Verify proof
+        const result = schnorr.verifyProof(tamperedA, B, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if inputs are tampered (B modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with B
+        const tamperedB = B.add(curve.g)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, tamperedB, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if inputs are tampered (S modified)', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Tamper with S
+        const tamperedS = S.add(curve.g)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, tamperedS, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if using wrong private key', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const wrongA = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof using wrong private key
+        const proof = schnorr.generateProof(wrongA, A, B, S)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if using wrong public key', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+        const wrongB = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+        const wrongBPublic = wrongB.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Verify proof with wrong B
+        const result = schnorr.verifyProof(A, wrongBPublic, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should fail verification if shared secret S is incorrect', () => {
+        // Generate private keys
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Intentionally compute incorrect shared secret
+        const S = B.mul(a).add(curve.g)
+
+        // Generate proof with correct S
+        const proof = schnorr.generateProof(a, A, B, B.mul(a))
+
+        // Verify proof with incorrect S
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(false)
+    })
+
+    it('should verify a valid proof with fixed keys', () => {
+        // Use fixed private keys for determinism
+        const a = new PrivateKey(new BigNumber('123456789abcdef123456789abcdef123456789abcdef123456789abcdef', 16))
+        const b = new PrivateKey(new BigNumber('abcdef123456789abcdef123456789abcdef123456789abcdef123456789', 16))
+
+        // Compute public keys
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+
+        // Compute shared secret S = B * a
+        const S = B.mul(a)
+
+        // Generate proof
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        // Verify proof
+        const result = schnorr.verifyProof(A, B, S, proof)
+        expect(result).toBe(true)
+    })
+
+    it('should throw an error if inputs are invalid', () => {
+        const a = PrivateKey.fromRandom()
+        const b = PrivateKey.fromRandom()
+        const A = a.toPublicKey()
+        const B = b.toPublicKey()
+        const S = B.mul(a)
+        const proof = schnorr.generateProof(a, A, B, S)
+
+        expect(() => schnorr.verifyProof(null as any, B, S, proof)).toThrow()
+        expect(() => schnorr.verifyProof(A, null as any, S, proof)).toThrow()
+        expect(() => schnorr.verifyProof(A, B, null as any, proof)).toThrow()
+        expect(() => schnorr.verifyProof(A, B, S, null as any)).toThrow()
+    })
+})

package/src/primitives/index.ts

@@ -11,3 +11,4 @@ export * as Hash from './Hash.js'
 export { default as Random } from './Random.js'
 export { default as TransactionSignature } from './TransactionSignature.js'
 export { default as Polynomial, PointInFiniteField } from './Polynomial.js'
+export { default as Schnorr } from './Schnorr.js'

package/src/totp/totp.ts

@@ -106,7 +106,7 @@ function generateHOTP (
   options: Required<TOTPOptions>
 ): string {
   const timePad = new BigNumber(counter).toArray('be', 8)
-  //console.log({ timePad })
+  // console.log({ timePad })
   const hmac = calcHMAC(secret, timePad, options.algorithm)
   const signature = hmac.digest()