@bsv/sdk 1.6.18 → 1.6.20

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bsv/sdk",
-  "version": "1.6.18",
+  "version": "1.6.20",
   "type": "module",
   "description": "BSV Blockchain Software Development Kit",
   "main": "dist/cjs/mod.js",
@@ -216,7 +216,7 @@
     "lint": "ts-standard --fix src/**/*.ts",
     "build": "npm run build:ts && npm run build:umd",
     "build:ts": "tsc -b && tsconfig-to-dual-package tsconfig.cjs.json",
-    "build:umd": "webpack --config webpack.config.js",
+    "build:umd": "rspack --config rspack.config.js",
     "dev": "tsc -b -w",
     "prepublish": "npm run build",
     "doc": "ts2md",
@@ -243,6 +243,7 @@
   "devDependencies": {
     "@eslint/js": "^9.23.0",
     "@jest/globals": "^29.7.0",
+    "@rspack/cli": "^1.4.9",
     "@types/jest": "^29.5.14",
     "@types/node": "^22.13.14",
     "eslint": "^9.23.0",
@@ -255,17 +256,12 @@
     "ts2md": "^0.2.8",
     "tsconfig-to-dual-package": "^1.2.0",
     "typescript": "5.1",
-    "typescript-eslint": "^8.29.0",
-    "webpack": "^5.98.0",
-    "webpack-cli": "^6.0.1"
+    "typescript-eslint": "^8.29.0"
   },
   "ts-standard": {
     "project": "tsconfig.eslint.json",
     "ignore": [
-      "dist",
-      "src/script/ScriptTemplate.ts",
-      "src/transaction/Transaction.ts",
-      "src/auth/transports/SimplifiedFetchTransport.ts"
+      "dist"
     ]
   }
 }

package/src/auth/transports/SimplifiedFetchTransport.ts

@@ -1,12 +1,10 @@
 // @ts-nocheck
-// @ts-ignore
-import { AuthMessage, RequestedCertificateSet, Transport } from "../types.js"
+// @ts-expect-error
+import { AuthMessage, RequestedCertificateSet, Transport } from '../types.js'
 import * as Utils from '../../primitives/utils.js'
 
-const SUCCESS_STATUS_CODES = [200, 402]
-
 // Only bind window.fetch in the browser
-const defaultFetch = typeof window !== 'undefined' ? fetch.bind(window) : fetch;
+const defaultFetch = typeof window !== 'undefined' ? fetch.bind(window) : fetch
 
 /**
  * Implements an HTTP-specific transport for handling Peer mutual authentication messages.
@@ -17,13 +15,12 @@ export class SimplifiedFetchTransport implements Transport {
   fetchClient: typeof fetch
   baseUrl: string
 
-
   /**
    * Constructs a new instance of SimplifiedFetchTransport.
    * @param baseUrl - The base URL for all HTTP requests made by this transport.
    * @param fetchClient - A fetch implementation to use for HTTP requests (default: global fetch).
    */
-  constructor(baseUrl: string, fetchClient = defaultFetch) {
+  constructor (baseUrl: string, fetchClient = defaultFetch) {
     this.fetchClient = fetchClient
     this.baseUrl = baseUrl
   }
@@ -33,47 +30,48 @@ export class SimplifiedFetchTransport implements Transport {
    * Handles both general and authenticated message types. For general messages,
    * the payload is deserialized and sent as an HTTP request. For other message types,
    * the message is sent as a POST request to the `/auth` endpoint.
-   * 
+   *
    * @param message - The AuthMessage to send.
    * @returns A promise that resolves when the message is successfully sent.
-   * 
+   *
    * @throws Will throw an error if no listener has been registered via `onData`.
    */
-  async send(message: AuthMessage): Promise<void> {
-    if (!this.onDataCallback) {
+  async send (message: AuthMessage): Promise<void> {
+    if (this.onDataCallback == null) {
       throw new Error('Listen before you start speaking. God gave you two ears and one mouth for a reason.')
     }
     if (message.messageType !== 'general') {
-      return new Promise(async (resolve, reject) => {
-        try {
-          const responsePromise = this.fetchClient(`${this.baseUrl}/.well-known/auth`, {
-            method: 'POST',
-            headers: {
-              'Content-Type': 'application/json'
-            },
-            body: JSON.stringify(message)
-          })
+      return await new Promise((resolve, reject) => {
+        void (async () => {
+          try {
+            const responsePromise = this.fetchClient(`${this.baseUrl}/.well-known/auth`, {
+              method: 'POST',
+              headers: {
+                'Content-Type': 'application/json'
+              },
+              body: JSON.stringify(message)
+            })
 
-          // For initialRequest message, mark connection as established and start pool.
-          if (message.messageType !== "initialRequest") {
-            resolve()
-          }
-          const response = await responsePromise
-          // Handle the response if data is received and callback is set
-          if (response.ok && this.onDataCallback) {
-            const responseMessage = await response.json()
-            this.onDataCallback(responseMessage as AuthMessage)
-          } else {
+            // For initialRequest message, mark connection as established and start pool.
+            if (message.messageType !== 'initialRequest') {
+              resolve()
+            }
+            const response = await responsePromise
+            // Handle the response if data is received and callback is set
+            if (response.ok && (this.onDataCallback != null)) {
+              const responseMessage = await response.json()
+              this.onDataCallback(responseMessage as AuthMessage)
+            } else {
             // Server may be a non authenticated server
-            throw new Error('HTTP server failed to authenticate')
+              throw new Error('HTTP server failed to authenticate')
+            }
+            if (message.messageType === 'initialRequest') {
+              resolve()
+            }
+          } catch (e) {
+            reject(e)
           }
-          if (message.messageType === "initialRequest") {
-            resolve()
-          }
-        } catch (e) {
-          reject(e)
-          return
-        }
+        })()
       })
     } else {
       // Parse message payload
@@ -81,7 +79,7 @@ export class SimplifiedFetchTransport implements Transport {
 
       // Send the byte array as the HTTP payload
       const url = `${this.baseUrl}${httpRequest.urlPostfix}`
-      let httpRequestWithAuthHeaders: any = httpRequest
+      const httpRequestWithAuthHeaders: any = httpRequest
       if (typeof httpRequest.headers !== 'object') {
         httpRequestWithAuthHeaders.headers = {}
       }
@@ -95,27 +93,27 @@ export class SimplifiedFetchTransport implements Transport {
       httpRequestWithAuthHeaders.headers['x-bsv-auth-request-id'] = httpRequest.requestId
 
       // Ensure Content-Type is set for requests with a body
-      if (httpRequestWithAuthHeaders.body) {
-        const headers = httpRequestWithAuthHeaders.headers;
-        if (!headers['content-type']) {
-          throw new Error('Content-Type header is required for requests with a body.');
+      if (httpRequestWithAuthHeaders.body != null) {
+        const headers = httpRequestWithAuthHeaders.headers
+        if (headers['content-type'] == null) {
+          throw new Error('Content-Type header is required for requests with a body.')
         }
 
-        const contentType = headers['content-type'];
+        const contentType = String(headers['content-type'] ?? '')
 
         // Transform body based on Content-Type
         if (contentType.includes('application/json')) {
           // Convert byte array to JSON string
-          httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body);
+          httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body)
         } else if (contentType.includes('application/x-www-form-urlencoded')) {
           // Convert byte array to URL-encoded string
-          httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body);
+          httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body)
         } else if (contentType.includes('text/plain')) {
           // Convert byte array to plain UTF-8 string
-          httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body);
+          httpRequestWithAuthHeaders.body = Utils.toUTF8(httpRequestWithAuthHeaders.body)
         } else {
           // For all other content types, treat as binary data
-          httpRequestWithAuthHeaders.body = new Uint8Array(httpRequestWithAuthHeaders.body);
+          httpRequestWithAuthHeaders.body = new Uint8Array(httpRequestWithAuthHeaders.body)
         }
       }
 
@@ -132,14 +130,13 @@ export class SimplifiedFetchTransport implements Transport {
         // Try parsing JSON error
         const errorInfo = await response.json()
         // Otherwise just throw whatever we got
-        throw new Error(`HTTP ${response.status} - ${JSON.stringify(errorInfo)}`);
+        throw new Error(`HTTP ${response.status} - ${JSON.stringify(errorInfo)}`)
       }
 
       const parsedBody = await response.arrayBuffer()
       const payloadWriter = new Utils.Writer()
-      if(response.headers.get('x-bsv-auth-request-id') != null)
-      {
-          payloadWriter.write(Utils.toArray(response.headers.get('x-bsv-auth-request-id'), 'base64'));
+      if (response.headers.get('x-bsv-auth-request-id') != null) {
+        payloadWriter.write(Utils.toArray(response.headers.get('x-bsv-auth-request-id'), 'base64'))
       }
       payloadWriter.writeVarIntNum(response.status)
 
@@ -147,7 +144,7 @@ export class SimplifiedFetchTransport implements Transport {
       // Parse response headers from the server and include only the signed headers:
       // - Include custom headers prefixed with x-bsv (excluding those starting with x-bsv-auth)
       // - Include the authorization header
-      const includedHeaders: [string, string][] = []
+      const includedHeaders: Array<[string, string]> = []
       response.headers.forEach((value, key) => {
         const lowerKey = key.toLowerCase()
         if ((lowerKey.startsWith('x-bsv-') || lowerKey === 'authorization') && !lowerKey.startsWith('x-bsv-auth')) {
@@ -174,7 +171,7 @@ export class SimplifiedFetchTransport implements Transport {
       }
 
       // Handle body
-      if (parsedBody) {
+      if (parsedBody != null) {
         const bodyAsArray = Array.from(new Uint8Array(parsedBody))
         payloadWriter.writeVarIntNum(bodyAsArray.length)
         payloadWriter.write(bodyAsArray)
@@ -191,11 +188,11 @@ export class SimplifiedFetchTransport implements Transport {
         yourNonce: response.headers.get('x-bsv-auth-your-nonce'),
         requestedCertificates: JSON.parse(response.headers.get('x-bsv-auth-requested-certificates')) as RequestedCertificateSet,
         payload: payloadWriter.toArray(),
-        signature: Utils.toArray(response.headers.get('x-bsv-auth-signature'), 'hex'),
+        signature: Utils.toArray(response.headers.get('x-bsv-auth-signature'), 'hex')
       }
 
       // If the server didn't provide the correct authentication headers, throw an error
-      if (!responseMessage.version) {
+      if (responseMessage.version == null) {
         throw new Error('HTTP server failed to authenticate')
       }
 
@@ -205,30 +202,30 @@ export class SimplifiedFetchTransport implements Transport {
   }
 
   /**
-   * Registers a callback to handle incoming messages. 
+   * Registers a callback to handle incoming messages.
    * This must be called before sending any messages to ensure responses can be processed.
-   * 
+   *
    * @param callback - A function to invoke when an incoming AuthMessage is received.
    * @returns A promise that resolves once the callback is set.
    */
-  async onData(callback: (message: AuthMessage) => Promise<void>): Promise<void> {
+  async onData (callback: (message: AuthMessage) => Promise<void>): Promise<void> {
     this.onDataCallback = (m) => {
-      callback(m)
+      void callback(m)
     }
   }
 
   /**
    * Deserializes a request payload from a byte array into an HTTP request-like structure.
-   * 
+   *
    * @param payload - The serialized payload to deserialize.
    * @returns An object representing the deserialized request, including the method,
    *          URL postfix (path and query string), headers, body, and request ID.
    */
-  deserializeRequestPayload(payload: number[]): {
-    method: string,
-    urlPostfix: string,
-    headers: Record<string, string>,
-    body: number[],
+  deserializeRequestPayload (payload: number[]): {
+    method: string
+    urlPostfix: string
+    headers: Record<string, string>
+    body: number[]
     requestId: string
   } {
     // Create a reader
@@ -288,4 +285,4 @@ export class SimplifiedFetchTransport implements Transport {
       requestId
     }
   }
-}
+}

package/src/primitives/ECDSA.ts

@@ -1,7 +1,7 @@
 import BigNumber from './BigNumber.js'
 import Signature from './Signature.js'
 import Curve from './Curve.js'
-import Point from './Point.js'
+import Point, { scalarMultiplyWNAF, biModInv, BI_ZERO, biModMul, GX_BIGINT, GY_BIGINT, jpAdd, N_BIGINT, modInvN, modMulN, modN } from './Point.js'
 import DRBG from './DRBG.js'
 
 /**
@@ -39,6 +39,11 @@ function truncateToN (
   }
 }
 
+const curve = new Curve()
+const bytes = curve.n.byteLength()
+const ns1 = curve.n.subn(1)
+const halfN = N_BIGINT >> 1n
+
 /**
  * Generates a digital signature for a given message.
  *
@@ -60,84 +65,80 @@ export const sign = (
   forceLowS: boolean = false,
   customK?: BigNumber | ((iter: number) => BigNumber)
 ): Signature => {
-  const curve = new Curve()
+  // —— prepare inputs ────────────────────────────────────────────────────────
   msg = truncateToN(msg)
+  const msgBig = BigInt('0x' + msg.toString(16))
+  const keyBig = BigInt('0x' + key.toString(16))
 
-  // Zero-extend key to provide enough entropy
-  const bytes = curve.n.byteLength()
+  // DRBG seeding identical to previous implementation
   const bkey = key.toArray('be', bytes)
-
-  // Zero-extend nonce to have the same byte size as N
   const nonce = msg.toArray('be', bytes)
-
-  // Instantiate Hmac_DRBG
   const drbg = new DRBG(bkey, nonce)
 
-  // Number of bytes to generate
-  const ns1 = curve.n.subn(1)
-
   for (let iter = 0; ; iter++) {
-    // Compute the k-value
-    let k =
+    // —— k generation & basic validity checks ───────────────────────────────
+    let kBN =
       typeof customK === 'function'
         ? customK(iter)
         : BigNumber.isBN(customK)
           ? customK
           : new BigNumber(drbg.generate(bytes), 16)
-    if (k != null) {
-      k = truncateToN(k, true)
-    } else {
-      throw new Error('k is undefined')
-    }
-    if (k.cmpn(1) <= 0 || k.cmp(ns1) >= 0) {
+
+    if (kBN == null) throw new Error('k is undefined')
+    kBN = truncateToN(kBN, true)
+
+    if (kBN.cmpn(1) <= 0 || kBN.cmp(ns1) >= 0) {
       if (BigNumber.isBN(customK)) {
-        throw new Error(
-          'Invalid fixed custom K value (must be more than 1 and less than N-1)'
-        )
-      } else {
-        continue
+        throw new Error('Invalid fixed custom K value (must be >1 and <N‑1)')
       }
+      continue
     }
 
-    const kp = curve.g.mul(k)
-    if (kp.isInfinity()) {
+    const kBig = BigInt('0x' + kBN.toString(16))
+
+    // —— R = k·G (Jacobian, window‑NAF) ──────────────────────────────────────
+    const R = scalarMultiplyWNAF(kBig, { x: GX_BIGINT, y: GY_BIGINT })
+    if (R.Z === 0n) { // point at infinity – should never happen for valid k
       if (BigNumber.isBN(customK)) {
-        throw new Error(
-          'Invalid fixed custom K value (must not create a point at infinity when multiplied by the generator point)'
-        )
-      } else {
-        continue
+        throw new Error('Invalid fixed custom K value (k·G at infinity)')
       }
+      continue
     }
 
-    const kpX = kp.getX()
-    const r = kpX.umod(curve.n)
-    if (r.cmpn(0) === 0) {
+    // affine X coordinate of R
+    const zInv = biModInv(R.Z)
+    const zInv2 = biModMul(zInv, zInv)
+    const xAff = biModMul(R.X, zInv2)
+    const rBig = modN(xAff)
+
+    if (rBig === 0n) {
       if (BigNumber.isBN(customK)) {
-        throw new Error(
-          'Invalid fixed custom K value (when multiplied by G, the resulting x coordinate mod N must not be zero)'
-        )
-      } else {
-        continue
+        throw new Error('Invalid fixed custom K value (r == 0)')
       }
+      continue
     }
 
-    let s = k.invm(curve.n).mul(r.mul(key).iadd(msg))
-    s = s.umod(curve.n)
-    if (s.cmpn(0) === 0) {
+    // —— s = k⁻¹ · (msg + r·key)  mod n ─────────────────────────────────────
+    const kInv = modInvN(kBig)
+    const rTimesKey = modMulN(rBig, keyBig)
+    const sum = modN(msgBig + rTimesKey)
+    let sBig = modMulN(kInv, sum)
+
+    if (sBig === 0n) {
       if (BigNumber.isBN(customK)) {
-        throw new Error(
-          'Invalid fixed custom K value (when used with the key, it cannot create a zero value for S)'
-        )
-      } else {
-        continue
+        throw new Error('Invalid fixed custom K value (s == 0)')
       }
+      continue
     }
 
-    // Use complement of `s`, if it is > `n / 2`
-    if (forceLowS && s.cmp(curve.n.ushrn(1)) > 0) {
-      s = curve.n.sub(s)
+    // low‑S mitigation (BIP‑62/BIP‑340 style)
+    if (forceLowS && sBig > halfN) {
+      sBig = N_BIGINT - sBig
     }
+
+    // —— convert back to BigNumber & return ─────────────────────────────────
+    const r = new BigNumber(rBig.toString(16), 16)
+    const s = new BigNumber(sBig.toString(16), 16)
     return new Signature(r, s)
   }
 }
@@ -161,177 +162,7 @@ export const sign = (
  * const isVerified = verify(msg, sig, key)
  */
 export const verify = (msg: BigNumber, sig: Signature, key: Point): boolean => {
-  // Curve parameters for secp256k1
-  const zero = BigInt(0)
-  const one = BigInt(1)
-  const two = BigInt(2)
-  const three = BigInt(3)
-  const p = BigInt(
-    '0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F'
-  ) // Field prime
-  const n = BigInt(
-    '0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141'
-  ) // Order of the curve
-  const G = {
-    x: BigInt(
-      '0x79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798'
-    ),
-    y: BigInt(
-      '0x483ADA7726A3C4655DA4FBFC0E1108A8FD17B448A68554199C47D08FFB10D4B8'
-    )
-  }
-
-  // Modular arithmetic functions
-  const mod = (a: bigint, m: bigint): bigint => ((a % m) + m) % m
-  const modInv = (a: bigint, m: bigint): bigint => {
-    // Extended Euclidean Algorithm for modular inverse
-    let [oldr, r] = [a, m]
-    let [olds, s] = [BigInt(1), BigInt(0)]
-    while (r !== zero) {
-      const q = oldr / r;
-      [oldr, r] = [r, oldr - q * r];
-      [olds, s] = [s, olds - q * s]
-    }
-    if (oldr > one) return zero // No inverse
-    return mod(olds, m)
-  }
-  const modMul = (a: bigint, b: bigint, m: bigint): bigint => mod(a * b, m)
-  const modSub = (a: bigint, b: bigint, m: bigint): bigint => mod(a - b, m)
-
-  // Define constants
-  const four = BigInt(4)
-  const eight = BigInt(8)
-
-  // Elliptic curve point operations in Jacobian coordinates
-  interface JacobianPoint {
-    X: bigint
-    Y: bigint
-    Z: bigint
-  }
-
-  // Point Doubling
-  const pointDouble = (P: JacobianPoint): JacobianPoint => {
-    const { X: X1, Y: Y1, Z: Z1 } = P
-
-    if (Y1 === zero) {
-      return { X: zero, Y: one, Z: zero } // Point at infinity
-    }
-
-    const Y1sq = modMul(Y1, Y1, p) // Y1^2
-    const S = modMul(four, modMul(X1, Y1sq, p), p) // S = 4 * X1 * Y1^2
-    const M = modMul(three, modMul(X1, X1, p), p) // M = 3 * X1^2
-    const X3 = modSub(modMul(M, M, p), modMul(two, S, p), p) // X3 = M^2 - 2 * S
-    const Y3 = modSub(
-      modMul(M, modSub(S, X3, p), p),
-      modMul(eight, modMul(Y1sq, Y1sq, p), p),
-      p
-    ) // Y3 = M * (S - X3) - 8 * Y1^4
-    const Z3 = modMul(two, modMul(Y1, Z1, p), p) // Z3 = 2 * Y1 * Z1
-
-    return { X: X3, Y: Y3, Z: Z3 }
-  }
-
-  // Point Addition
-  const pointAdd = (P: JacobianPoint, Q: JacobianPoint): JacobianPoint => {
-    if (P.Z === zero) return Q
-    if (Q.Z === zero) return P
-
-    const Z1Z1 = modMul(P.Z, P.Z, p)
-    const Z2Z2 = modMul(Q.Z, Q.Z, p)
-    const U1 = modMul(P.X, Z2Z2, p)
-    const U2 = modMul(Q.X, Z1Z1, p)
-    const S1 = modMul(P.Y, modMul(Z2Z2, Q.Z, p), p)
-    const S2 = modMul(Q.Y, modMul(Z1Z1, P.Z, p), p)
-
-    const H = modSub(U2, U1, p)
-    const r = modSub(S2, S1, p)
-
-    if (H === zero) {
-      if (r === zero) {
-        // P == Q
-        return pointDouble(P)
-      } else {
-        // Point at infinity
-        return { X: zero, Y: one, Z: zero }
-      }
-    }
-
-    const HH = modMul(H, H, p)
-    const HHH = modMul(H, HH, p)
-    const V = modMul(U1, HH, p)
-
-    const X3 = modSub(modSub(modMul(r, r, p), HHH, p), modMul(two, V, p), p)
-    const Y3 = modSub(modMul(r, modSub(V, X3, p), p), modMul(S1, HHH, p), p)
-    const Z3 = modMul(H, modMul(P.Z, Q.Z, p), p)
-
-    return { X: X3, Y: Y3, Z: Z3 }
-  }
-
-  // Scalar Multiplication
-  const scalarMultiply = (
-    k: bigint,
-    P: { x: bigint, y: bigint }
-  ): JacobianPoint => {
-    const N: JacobianPoint = { X: P.x, Y: P.y, Z: one }
-    let Q: JacobianPoint = { X: zero, Y: one, Z: zero } // Point at infinity
-
-    const kBin = k.toString(2)
-    for (let i = 0; i < kBin.length; i++) {
-      Q = pointDouble(Q)
-      if (kBin[i] === '1') {
-        Q = pointAdd(Q, N)
-      }
-    }
-    return Q
-  }
-
-  // Verify Function Using Jacobian Coordinates
-  const verifyECDSA = (
-    hash: bigint,
-    publicKey: { x: bigint, y: bigint },
-    signature: { r: bigint, s: bigint }
-  ): boolean => {
-    const { r, s } = signature
-    const z = hash
-
-    // Check r and s are in [1, n - 1]
-    if (r <= zero || r >= n || s <= zero || s >= n) {
-      return false
-    }
-
-    const w = modInv(s, n) // w = s^-1 mod n
-    if (w === zero) {
-      return false // No inverse exists
-    }
-    const u1 = modMul(z, w, n)
-    const u2 = modMul(r, w, n)
-
-    // Compute point R = u1 * G + u2 * Q
-    const RG = scalarMultiply(u1, G)
-    const RQ = scalarMultiply(u2, publicKey)
-    const R = pointAdd(RG, RQ)
-
-    if (R.Z === zero) {
-      // Point at infinity
-      return false
-    }
-
-    // Compute affine x-coordinate x1 = X / Z^2 mod p
-    const ZInv = modInv(R.Z, p)
-    if (ZInv === zero) {
-      return false // No inverse exists
-    }
-    const ZInv2 = modMul(ZInv, ZInv, p)
-    const x1affine = modMul(R.X, ZInv2, p)
-
-    // Compute v = x1_affine mod n
-    const v = mod(x1affine, n)
-
-    // Signature is valid if v == r mod n
-    return v === r
-  }
-
-  // Convert inputs to BigInt
+// Convert inputs to BigInt
   const hash = BigInt('0x' + msg.toString(16))
   if ((key.x == null) || (key.y == null)) {
     throw new Error('Invalid public key: missing coordinates.')
@@ -346,5 +177,32 @@ export const verify = (msg: BigNumber, sig: Signature, key: Point): boolean => {
     s: BigInt('0x' + sig.s.toString(16))
   }
 
-  return verifyECDSA(hash, publicKey, signature)
+  const { r, s } = signature
+  const z = hash
+
+  // Check r and s are in [1, n - 1]
+  if (r <= BI_ZERO || r >= N_BIGINT || s <= BI_ZERO || s >= N_BIGINT) {
+    return false
+  }
+
+  // ── compute u₁ = z·s⁻¹ mod n  and  u₂ = r·s⁻¹ mod n ───────────────────────
+  const w = modInvN(s) // s⁻¹ mod n
+  if (w === 0n) return false // should never happen
+  const u1 = modMulN(z, w)
+  const u2 = modMulN(r, w)
+
+  // ── R = u₁·G + u₂·Q  (Jacobian, window‑NAF) ──────────────────────────────
+  const RG = scalarMultiplyWNAF(u1, { x: GX_BIGINT, y: GY_BIGINT })
+  const RQ = scalarMultiplyWNAF(u2, publicKey)
+  const R = jpAdd(RG, RQ)
+  if (R.Z === 0n) return false // point at infinity
+
+  // ── affine x‑coordinate of R  (mod p) ─────────────────────────────────────
+  const zInv = biModInv(R.Z) // (Z⁻¹ mod p)
+  const zInv2 = biModMul(zInv, zInv) // Z⁻²
+  const xAff = biModMul(R.X, zInv2) // X / Z²  mod p
+
+  // ── v = xAff mod n  and final check ───────────────────────────────────────
+  const v = modN(xAff)
+  return v === r
 }