@did-btcr2/keypair 0.10.0 → 0.11.0

package/src/public.ts

@@ -1,18 +1,17 @@
 import {
-  BIP340_PUBLIC_KEY_MULTIBASE_PREFIX,
-  BIP340_PUBLIC_KEY_MULTIBASE_PREFIX_HASH,
   Bytes,
-  CURVE,
   Hex,
   KeyBytes,
   MultibaseObject,
   PublicKeyError,
   PublicKeyObject
 } from '@did-btcr2/common';
-import { sha256 } from '@noble/hashes/sha2';
-import { base58btc } from 'multiformats/bases/base58';
-import * as tinysecp from 'tiny-secp256k1';
-import { Secp256k1SecretKey } from './secret.js';
+
+/** Fixed public key header bytes per the Data Integrity BIP340 Cryptosuite spec: [0xe7, 0x01] */
+export const BIP340_PUBLIC_KEY_MULTIBASE_PREFIX: Bytes = new Uint8Array([0xe7, 0x01]);
+import { secp256k1, schnorr } from '@noble/curves/secp256k1.js';
+import { timingSafeEqual } from 'crypto';
+import { base58 } from '@scure/base';
 import { CryptoOptions } from './types.js';
 
 /**
@@ -104,11 +103,11 @@ export interface PublicKey {
   encode(): string;
 
   /**
-   * CompressedSecp256k1PublicKey key equality check. Checks if `this` public key is equal to `other` public key.
-   * @param {CompressedSecp256k1PublicKey} other The public key to compare.
+   * Public key equality check.
+   * @param {PublicKey} other The public key to compare.
    * @returns {boolean} True if the public keys are equal.
    */
-  equals(other: CompressedSecp256k1PublicKey): boolean;
+  equals(other: PublicKey): boolean;
 }
 
 /**
@@ -153,14 +152,14 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
     }
 
     // Validate the point is on curve and in compressed form
-    if (!tinysecp.isPoint(keyBytes)) {
+    if (!secp256k1.utils.isValidPublicKey(keyBytes)) {
       throw new PublicKeyError(
         'Invalid argument: not a valid secp256k1 compressed point',
         'CONSTRUCTOR_ERROR', { keyBytes }
       );
     }
-    // Set the bytes
-    this.#bytes = keyBytes;
+    // Defensive copy — caller cannot mutate internal state
+    this.#bytes = new Uint8Array(keyBytes);
 
     // Set multibase
     this.#multibase.encoded = this.encode();
@@ -181,8 +180,7 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
    * @returns {Uint8Array} The 65-byte uncompressed public key (0x04, x, y).
    */
   get uncompressed(): KeyBytes {
-    const uncompressed = this.liftX();
-    return uncompressed;
+    return secp256k1.Point.fromBytes(this.compressed).toBytes(false);
   }
 
   /**
@@ -240,8 +238,11 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
    * @returns {MultibaseObject} An object containing the multibase bytes, address and prefix.
    */
   get multibase(): MultibaseObject {
-    const multibase = this.#multibase;
-    return multibase;
+    return {
+      prefix  : new Uint8Array(this.#multibase.prefix),
+      key     : [...this.#multibase.key],
+      encoded : this.#multibase.encoded
+    };
   }
 
   /**
@@ -277,33 +278,7 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
    * @returns {KeyBytes} The decoded public key: prefix and public key bytes
    */
   decode(): KeyBytes {
-    // Decode the public key multibase string
-    const decoded = base58btc.decode(this.multibase.encoded);
-
-    // If the public key bytes are not 35 bytes, throw an error
-    if(decoded.length !== 35) {
-      throw new PublicKeyError(
-        'Invalid argument: must be 35 byte publicKeyMultibase',
-        'DECODE_MULTIBASE_ERROR'
-      );
-    }
-
-    // Grab the prefix bytes
-    const prefix = decoded.slice(0, 2);
-
-    // Compute the prefix hash
-    const prefixHash = Buffer.from(sha256(prefix)).toString('hex');
-
-    // If the prefix hash does not equal the BIP340 prefix hash, throw an error
-    if (prefixHash !== BIP340_PUBLIC_KEY_MULTIBASE_PREFIX_HASH) {
-      throw new PublicKeyError(
-        `Invalid prefix: malformed multibase prefix ${prefix}`,
-        'DECODE_MULTIBASE_ERROR'
-      );
-    }
-
-    // Return the decoded public key bytes
-    return decoded;
+    return base58.decode(this.multibase.encoded.slice(1));
   }
 
   /**
@@ -311,25 +286,10 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
    * @returns {string} The public key encoded in base-58-btc multibase format.
    */
   encode(): string {
-    // Convert public key bytes to an array
     const pk = Array.from(this.compressed);
-
-    // Ensure the public key is 33-byte secp256k1 compressed public key
-    if (pk.length !== 33) {
-      throw new PublicKeyError(
-        'Invalid argument: must be 33-byte (compressed) public key',
-        'ENCODE_MULTIBASE_ERROR'
-      );
-    }
-
-    // Convert prefix to an array
     const publicKeyMultibase = Array.from(BIP340_PUBLIC_KEY_MULTIBASE_PREFIX);
-
-    // Push the public key bytes at the end of the prefix
     publicKeyMultibase.push(...pk);
-
-    // Encode the bytes in base58btc format and return
-    return base58btc.encode(Uint8Array.from(publicKeyMultibase));
+    return 'z' + base58.encode(Uint8Array.from(publicKeyMultibase));
   }
 
   /**
@@ -344,13 +304,11 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
     // Default to schnorr scheme
     opts ??= { scheme: 'schnorr' };
 
-    // If scheme is ecdsa, verify using ecdsa
     if(opts.scheme === 'ecdsa') {
-      return tinysecp.verify(data, this.compressed, signature);
+      return secp256k1.verify(signature, data, this.compressed);
     }
-    // If scheme is schnorr, verify using schnorr
     else if(opts.scheme === 'schnorr') {
-      return tinysecp.verifySchnorr(data, this.x, signature);
+      return schnorr.verify(signature, data, this.x);
     }
 
     // If scheme is neither ecdsa nor schnorr, throw an error
@@ -359,11 +317,11 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
 
   /**
    * Compares this public key to another public key.
-   * @param {CompressedSecp256k1PublicKey} other The other public key to compare
+   * @param {PublicKey} other The other public key to compare
    * @returns {boolean} True if the public keys are equal, false otherwise.
    */
-  equals(other: CompressedSecp256k1PublicKey): boolean {
-    return this.hex === other.hex;
+  equals(other: PublicKey): boolean {
+    return timingSafeEqual(this.compressed, other.compressed);
   }
 
   /**
@@ -382,65 +340,6 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
     };
   }
 
-  /**
-   * Computes modular exponentiation: (base^exp) % mod.
-   * Used for computing modular square roots.
-   * @param {bigint} base The base value
-   * @param {bigint} exp The exponent value
-   * @param {bigint} mod The modulus value
-   * @returns {bigint} The result of the modular exponentiation
-   */
-  modPow(base: bigint, exp: bigint, mod: bigint): bigint {
-    let result = 1n;
-    while (exp > 0n) {
-      if (exp & 1n) result = (result * base) % mod;
-      base = (base * base) % mod;
-      exp >>= 1n;
-    }
-    return result;
-  };
-
-  /**
-   * Computes `sqrt(a) mod p` using Tonelli-Shanks algorithm.
-   * This finds `y` such that `y^2 ≡ a mod p`.
-   * @param {bigint} a The value to find the square root of
-   * @param {bigint} p The prime modulus
-   * @returns {bigint} The square root of `a` mod `p`
-   */
-  sqrtMod(a: bigint, p: bigint): bigint {
-    return this.modPow(a, (p + 1n) >> 2n, p);
-  };
-
-  /**
-   * Lifts a 32-byte x-only coordinate into a full secp256k1 point (x, y).
-   * @param xBytes 32-byte x-coordinate
-   * @returns {Uint8Array} 65-byte uncompressed public key (starts with `0x04`)
-   */
-  liftX(): Uint8Array {
-    // Ensure x-coordinate is 32 bytes
-    if (this.x.length !== 32) {
-      throw new PublicKeyError('Invalid argument: x-coordinate length must be 32 bytes', 'LIFT_X_ERROR');
-    }
-
-    // Convert x from Uint8Array → BigInt
-    const x = BigInt('0x' + Buffer.from(this.x).toString('hex'));
-    if (x <= 0n || x >= CURVE.p) {
-      throw new PublicKeyError('Invalid conversion: x out of range as BigInt', 'LIFT_X_ERROR');
-    }
-
-    // Compute y² = x³ + 7 mod p
-    const ySquared = BigInt((x ** 3n + CURVE.b) % CURVE.p);
-
-    // Compute y (do not enforce parity)
-    const y = this.sqrtMod(ySquared, CURVE.p);
-
-    // Convert x and y to Uint8Array
-    const yBytes = Buffer.from(y.toString(16).padStart(64, '0'), 'hex');
-
-    // Return 65-byte uncompressed public key: `0x04 || x || y`
-    return new Uint8Array(Buffer.concat([Buffer.from([0x04]), Buffer.from(this.x), yBytes]));
-  };
-
   /**
    * Static method to validate a public key.
    * @param {Hex} pk The public key in hex (Uint8Array or string) format.
@@ -455,62 +354,13 @@ export class CompressedSecp256k1PublicKey implements PublicKey {
     }
   }
 
-  /**
-   * Returns the point of the public key.
-   * @param {Hex} pk The public key in hex (Uint8Array or string) format.
-   * @returns {Point} The point of the public key.
-   * @throws {PublicKeyError} If the public key is not a valid hex string or byte array.
-   */
-  static point(pk: Hex): Point {
-    // If the public key is a hex string, convert it to a CompressedSecp256k1PublicKey object and return the point
-    if(typeof pk === 'string' && /^[0-9a-fA-F]+$/.test(pk)) {
-      const publicKey = new CompressedSecp256k1PublicKey(Buffer.from(pk, 'hex'));
-      return publicKey.point;
-    }
-
-    // If the public key is a byte array or ArrayBuffer, convert it to a CompressedSecp256k1PublicKey object and return the point
-    if(pk instanceof Uint8Array || ArrayBuffer.isView(pk)) {
-      const publicKey = new CompressedSecp256k1PublicKey(pk as KeyBytes);
-      return publicKey.point;
-    }
-
-    // If the public key is neither a hex string nor a byte array, throw an error
-    throw new PublicKeyError(
-      'Invalid publicKey: must be a hex string or byte array',
-      'POINT_ERROR', { publicKey: pk }
-    );
-  }
-
   /**
    * Creates a CompressedSecp256k1PublicKey object from a JSON representation.
    * @param {PublicKeyObject} json The JSON object to initialize the CompressedSecp256k1PublicKey.
    * @returns {CompressedSecp256k1PublicKey} The initialized CompressedSecp256k1PublicKey object.
    */
   static fromJSON(json: PublicKeyObject): CompressedSecp256k1PublicKey {
-    json.point.x.unshift(json.point.parity);
-    return new CompressedSecp256k1PublicKey(Uint8Array.from(json.point.x));
+    return new CompressedSecp256k1PublicKey(Uint8Array.from([json.point.parity, ...json.point.x]));
   }
 
-  /**
-   * Computes the deterministic public key for a given secret key.
-   * @param {Secp256k1SecretKey | KeyBytes} sk The Secp256k1SecretKey object or the secret key bytes
-   * @returns {CompressedSecp256k1PublicKey} A new CompressedSecp256k1PublicKey object
-   */
-  static fromSecretKey(sk: Secp256k1SecretKey | KeyBytes): CompressedSecp256k1PublicKey {
-    // If the secret key is a Secp256k1SecretKey object, get the raw bytes else use the bytes
-    const bytes = sk instanceof Secp256k1SecretKey ? sk.bytes : sk;
-
-    // Throw error if the secret key is not 32 bytes
-    if(bytes.length !== 32) {
-      throw new PublicKeyError('Invalid arg: must be 32 byte secret key', 'FROM_SECRET_KEY_ERROR');
-    }
-
-    // Compute the public key from the secret key
-    const secret = sk instanceof Secp256k1SecretKey
-      ? sk
-      : new Secp256k1SecretKey(sk);
-
-    // Return a new CompressedSecp256k1PublicKey object
-    return secret.computePublicKey();
-  }
 }

package/src/secret.ts

@@ -1,8 +1,5 @@
 import {
-  BIP340_SECRET_KEY_MULTIBASE_PREFIX,
-  BIP340_SECRET_KEY_MULTIBASE_PREFIX_HASH,
   Bytes,
-  CURVE,
   Hex,
   HexString,
   KeyBytes,
@@ -11,13 +8,18 @@ import {
   SignatureBytes
 } from '@did-btcr2/common';
 import { sha256 } from '@noble/hashes/sha2';
-import { getRandomValues, randomBytes } from 'crypto';
-import { base58btc } from 'multiformats/bases/base58';
-import * as tinysecp from 'tiny-secp256k1';
-import { SchnorrKeyPair } from './pair.js';
+import { bytesToHex } from '@noble/hashes/utils';
+import { secp256k1, schnorr } from '@noble/curves/secp256k1.js';
+import { getRandomValues, timingSafeEqual } from 'crypto';
+import { base58 } from '@scure/base';
 import { CompressedSecp256k1PublicKey } from './public.js';
 import { CryptoOptions } from './types.js';
 
+/** Fixed secret key header bytes per the Data Integrity BIP340 Cryptosuite spec: [0x81, 0x26] */
+const BIP340_SECRET_KEY_MULTIBASE_PREFIX: Bytes = new Uint8Array([0x81, 0x26]);
+/** Hash of the BIP-340 Multikey secret key prefix */
+const BIP340_SECRET_KEY_MULTIBASE_PREFIX_HASH: string = bytesToHex(sha256(BIP340_SECRET_KEY_MULTIBASE_PREFIX));
+
 /**
  * General SecretKey interface for the Secp256k1SecretKey class.
  * @interface SecretKey
@@ -45,10 +47,10 @@ export interface SecretKey {
 
   /**
    * Checks if this secret key is equal to another secret key.
-   * @param {Secp256k1SecretKey} other The other secret key to compare.
+   * @param {SecretKey} other The other secret key to compare.
    * @returns {boolean} True if the private keys are equal.
    */
-  equals(other: Secp256k1SecretKey): boolean;
+  equals(other: SecretKey): boolean;
 
   /**
    * Uses the secret key to compute the corresponding public key.
@@ -73,13 +75,13 @@ export interface SecretKey {
  */
 export class Secp256k1SecretKey implements SecretKey {
   /** @type {KeyBytes} The entropy for the secret key as a byte array */
-  readonly #bytes?: KeyBytes;
+  #bytes?: KeyBytes;
 
   /** @type {bigint} The entropy for the secret key as a bigint */
-  readonly #seed?: bigint;
+  #seed?: bigint;
 
   /** @type {string} The secret key as a secretKeyMultibase */
-  readonly #multibase: string;
+  #multibase: string;
 
   /**
    * Instantiates an instance of Secp256k1SecretKey.
@@ -97,14 +99,14 @@ export class Secp256k1SecretKey implements SecretKey {
       );
     }
 
-    // If bytes and bytes are not length 32
+    // If bytes and length is 32, defensive-copy and derive seed
     if (isBytes && entropy.length === 32) {
-      this.#bytes = entropy;
-      this.#seed = Secp256k1SecretKey.toSecret(entropy);
+      this.#bytes = new Uint8Array(entropy);
+      this.#seed = Secp256k1SecretKey.toSecret(this.#bytes);
     }
 
-    // If secret and secret is not a valid bigint, throw error
-    if (isSecret && !(entropy < 1n || entropy >= CURVE.n)) {
+    // If bigint in valid range [1, n), convert to bytes
+    if (isSecret && entropy >= 1n && entropy < secp256k1.Point.Fn.ORDER) {
       this.#bytes = Secp256k1SecretKey.toBytes(entropy);
       this.#seed = entropy;
     }
@@ -116,9 +118,9 @@ export class Secp256k1SecretKey implements SecretKey {
       );
     }
 
-    if(!this.#seed || (this.#seed < 1n || this.#seed >= CURVE.n)) {
+    if(!this.#seed || this.#seed < 1n || this.#seed >= secp256k1.Point.Fn.ORDER) {
       throw new SecretKeyError(
-        'Invalid seed: must must be valid bigint',
+        'Invalid seed: must be valid bigint',
         'CONSTRUCTOR_ERROR'
       );
     }
@@ -127,6 +129,16 @@ export class Secp256k1SecretKey implements SecretKey {
     this.#multibase = this.encode();
   }
 
+  /**
+   * Zeros out secret key material from memory.
+   * The instance should not be used after calling this method.
+   */
+  public destroy(): void {
+    if (this.#bytes) this.#bytes.fill(0);
+    this.#seed = undefined;
+    this.#multibase = '';
+  }
+
   /**
    * Get the secret key entropy as a byte array.
    * @returns {KeyBytes} The secret key bytes as a Uint8Array
@@ -171,33 +183,19 @@ export class Secp256k1SecretKey implements SecretKey {
    * @returns {string} The secret key in BIP340 multibase format.
    */
   public encode(): string {
-    // Convert Uint8Array bytes to an Array
     const secretKeyBytes = Array.from(this.bytes);
-
-    if(secretKeyBytes.length !== 32) {
-      throw new SecretKeyError(
-        'Invalid secret key: must be a valid 32-byte secret key',
-        'ENCODE_MULTIBASE_ERROR'
-      );
-    }
-    // Convert prefix to an array
     const mbaseBytes = Array.from(BIP340_SECRET_KEY_MULTIBASE_PREFIX);
-
-    // Push the secret key bytes at the end of the prefix
     mbaseBytes.push(...secretKeyBytes);
-
-    // Encode the bytes in base58btc format and return
-    return base58btc.encode(Uint8Array.from(mbaseBytes));
+    return 'z' + base58.encode(Uint8Array.from(mbaseBytes));
   }
 
   /**
    * Checks if this secret key is equal to another.
-   * @param {Secp256k1SecretKey} other The other secret key
+   * @param {SecretKey} other The other secret key
    * @returns {boolean} True if the private keys are equal, false otherwise
    */
-  public equals(other: Secp256k1SecretKey): boolean {
-    // Compare the hex strings of the private keys
-    return this.hex === other.hex;
+  public equals(other: SecretKey): boolean {
+    return timingSafeEqual(this.bytes, other.bytes);
   }
 
   /**
@@ -205,33 +203,22 @@ export class Secp256k1SecretKey implements SecretKey {
    * @returns {CompressedSecp256k1PublicKey} The computed public key
    */
   public computePublicKey(): CompressedSecp256k1PublicKey {
-    // Derive the public key from the secret key
-    const publicKeyBytes = tinysecp.pointFromScalar(this.bytes, true);
-
-    // If no public key, throw error
-    if (!publicKeyBytes) {
-      throw new SecretKeyError(
-        'Invalid compute: failed to derive public key',
-        'COMPUTE_PUBLIC_KEY_ERROR'
-      );
-    }
-
-    // If public key is not compressed, throw error
-    if(publicKeyBytes.length !== 33) {
-      throw new SecretKeyError(
-        'Invalid compute: public key not compressed format',
-        'COMPUTE_PUBLIC_KEY_ERROR'
-      );
-    }
+    return new CompressedSecp256k1PublicKey(secp256k1.getPublicKey(this.bytes));
+  }
 
-    return new CompressedSecp256k1PublicKey(publicKeyBytes);
+  /**
+   * Safe JSON representation. Does not expose secret material.
+   * Called implicitly by JSON.stringify(). Use exportJSON() for full serialization.
+   */
+  public toJSON(): { type: string } {
+    return { type: 'Secp256k1SecretKey' };
   }
 
   /**
-   * Converts the secret key to a JSON object.
+   * Exports the secret key as a JSON object. Contains sensitive material.
    * @returns {SecretKeyObject} The secret key as a JSON object
    */
-  public toJSON(): SecretKeyObject {
+  public exportJSON(): SecretKeyObject {
     return {
       bytes : Array.from(this.bytes),
       seed  : this.seed.toString(),
@@ -239,12 +226,22 @@ export class Secp256k1SecretKey implements SecretKey {
     };
   }
 
+  /** @override Prevents secret material from appearing in console.log */
+  public toString(): string {
+    return '[Secp256k1SecretKey]';
+  }
+
+  /** @override Prevents secret material from appearing in Node.js inspect */
+  [Symbol.for('nodejs.util.inspect.custom')](): string {
+    return '[Secp256k1SecretKey]';
+  }
+
   /**
    * Checks if the secret key is valid.
    * @returns {boolean} True if the secret key is valid, false otherwise
    */
   public isValid(): boolean {
-    return tinysecp.isPrivate(this.bytes);
+    return secp256k1.utils.isValidSecretKey(this.bytes);
   }
 
   /**
@@ -252,16 +249,12 @@ export class Secp256k1SecretKey implements SecretKey {
    * @returns {boolean} True if the public key is valid, false otherwise
    */
   public hasValidPublicKey(): boolean {
-    // Compute the public key from the secret key and compress it
-    const pk = this.computePublicKey();
-
-    // If the public key is not valid, return false
-    if (!tinysecp.isPoint(pk.compressed)) {
+    try {
+      this.computePublicKey();
+      return true;
+    } catch {
       return false;
     }
-
-    // Return true if the computed public key equals the provided public key
-    return true;
   }
 
   /**
@@ -276,14 +269,12 @@ export class Secp256k1SecretKey implements SecretKey {
     // Set default options if not provided
     opts ??= { scheme: 'schnorr' };
 
-    // Sign ecdsa and return
     if(opts.scheme === 'ecdsa') {
-      return tinysecp.sign(data, this.bytes);
+      return secp256k1.sign(data, this.bytes);
     }
 
-    // Sign schnorr and return
     if(opts.scheme === 'schnorr') {
-      return tinysecp.signSchnorr(data, this.bytes, randomBytes(32));
+      return schnorr.sign(data, this.bytes);
     }
 
     throw new SecretKeyError(`Invalid scheme: ${opts.scheme}.`, 'SIGN_ERROR', opts);
@@ -296,7 +287,7 @@ export class Secp256k1SecretKey implements SecretKey {
    */
   public static decode(multibase: string): Bytes {
     // Decode the public key multibase string
-    const decoded = base58btc.decode(multibase);
+    const decoded = base58.decode(multibase.slice(1));
 
     // If the public key bytes are not 35 bytes, throw an error
     if(decoded.length !== 34) {
@@ -333,23 +324,6 @@ export class Secp256k1SecretKey implements SecretKey {
     return new Secp256k1SecretKey(new Uint8Array(json.bytes));
   }
 
-  /**
-   * Converts a Secp256k1SecretKey or KeyBytes to a SchnorrKeyPair.
-   * @param {KeyBytes} bytes The secret key bytes
-   * @returns {SchnorrKeyPair} The SchnorrKeyPair object containing the public and private keys
-   * @throws {SecretKeyError} If the secret key is not valid
-   */
-  public static toKeyPair(bytes: KeyBytes): SchnorrKeyPair {
-    // Create a new Secp256k1SecretKey from the bytes
-    const secretKey = new Secp256k1SecretKey(bytes);
-
-    // Compute the public key from the secret key
-    const publicKey = secretKey.computePublicKey();
-
-    // Create a new Pair from the public key and secret key
-    return new SchnorrKeyPair({ publicKey, secretKey });
-  }
-
   /**
    * Convert a bigint secret to secret key bytes.
    * @param {KeyBytes} bytes The secret key bytes
@@ -372,7 +346,7 @@ export class Secp256k1SecretKey implements SecretKey {
     );
 
     // If bytes are not a valid secp256k1 secret key, throw error
-    if (!tinysecp.isPrivate(bytes)) {
+    if (!secp256k1.utils.isValidSecretKey(bytes)) {
       throw new SecretKeyError(
         'Invalid secret key: secret out of valid range',
         'SET_PRIVATE_KEY_ERROR'
@@ -381,28 +355,13 @@ export class Secp256k1SecretKey implements SecretKey {
     return new Uint8Array(bytes);
   }
 
-  /**
-   * Creates a new Secp256k1SecretKey object from random bytes.
-   * @param {KeyBytes} bytes The secret key bytes
-   * @returns {Secp256k1SecretKey} A new Secp256k1SecretKey object
-   */
-  public static fromBytes(bytes: KeyBytes): Secp256k1SecretKey {
-    // Return a new Secp256k1SecretKey object
-    return new Secp256k1SecretKey(bytes);
-  }
-
   /**
    * Creates a new Secp256k1SecretKey object from a bigint secret.
    * @param {bigint} bint The secret bigint
    * @returns {Secp256k1SecretKey} A new Secp256k1SecretKey object
    */
   public static fromBigInt(bint: bigint): Secp256k1SecretKey {
-    // Convert the secret bigint to a hex string
-    const hexsecret = bint.toString(16).padStart(64, '0');
-    // Convert the hex string to a Uint8Array
-    const bytes = new Uint8Array(hexsecret.match(/.{2}/g)!.map(byte => parseInt(byte, 16)));
-    // Return a new Secp256k1SecretKey object
-    return new Secp256k1SecretKey(bytes);
+    return new Secp256k1SecretKey(Secp256k1SecretKey.toBytes(bint));
   }
 
   /**
@@ -410,11 +369,12 @@ export class Secp256k1SecretKey implements SecretKey {
    * @returns {KeyBytes} Uint8Array of 32 random bytes.
    */
   public static random(): KeyBytes {
-    // Generate empty 32-byte array
     const byteArray = new Uint8Array(32);
-
-    // Use the getRandomValues function to fill the byteArray with random values
-    return getRandomValues(byteArray);
+    // Retry until bytes fall in valid scalar range [1, n)
+    do {
+      getRandomValues(byteArray);
+    } while (!secp256k1.utils.isValidSecretKey(byteArray));
+    return byteArray;
   }
 
   /**

package/src/types.ts

@@ -1,6 +1,6 @@
 import { Hex, KeyBytes } from '@did-btcr2/common';
-import { CompressedSecp256k1PublicKey } from './public.js';
-import { Secp256k1SecretKey } from './secret.js';
+import type { CompressedSecp256k1PublicKey } from './public.js';
+import type { Secp256k1SecretKey } from './secret.js';
 
 export type CryptoOptions = { scheme: 'ecdsa' | 'schnorr' }