@javakha77/circomlibjs-hinkal-fork 0.0.11

package/hardhat.config.js

@@ -0,0 +1,6 @@
+/**
+ * @type import('hardhat/config').HardhatUserConfig
+ */
+module.exports = {
+  solidity: "0.7.3",
+};

package/main.js

@@ -0,0 +1,5 @@
+export { default as buildBabyjub } from "./src/babyjub.js";
+
+export { default as buildEddsa } from "./src/eddsa.js";
+
+export { buildPoseidon, buildPoseidonWasm } from "./src/poseidon_wasm.js";

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "@javakha77/circomlibjs-hinkal-fork",
+  "version": "0.0.11",
+  "description": "Javascript library to work with circomlib",
+  "keywords": [
+    "circom",
+    "circomlib",
+    "iden3",
+    "snarkjs",
+    "snark",
+    "zero",
+    "knowledge"
+  ],
+  "homepage": "https://github.com/Hinkal-Protocol/circomlibjs#readme",
+  "bugs": {
+    "url": "https://github.com/Hinkal-Protocol/circomlibjs/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/Hinkal-Protocol/circomlibjs.git"
+  },
+  "license": "GPL-3.0",
+  "author": "javakha77",
+  "type": "module",
+  "exports": {
+    "import": "./main.js",
+    "require": "./build/main.cjs"
+  },
+  "main": "./build/main.cjs",
+  "directories": {
+    "test": "test"
+  },
+  "scripts": {
+    "test": "mocha",
+    "poseidonOptimizeConstants": "node tools/poseidon_optimize_constants.js",
+    "build": "rollup -c rollup.cjs.config.js"
+  },
+  "dependencies": {
+    "@noble/hashes": "^2.2.0",
+    "ffjavascript": "^0.3.0",
+    "poseidon-lite": "^0.3.0"
+  },
+  "devDependencies": {
+    "chai": "^4.3.4",
+    "ganache": "^7.3.0",
+    "mocha": "^9.1.3",
+    "rollup": "^4.60.4"
+  },
+  "module": "./main.js"
+}

package/rollup.cjs.config.js

@@ -0,0 +1,16 @@
+import fs from "fs";
+import { builtinModules as builtin } from "module";
+
+const pkg = JSON.parse(fs.readFileSync("./package.json"));
+
+export default {
+    input: "./main.js",
+    output: {
+        file: "build/main.cjs",
+        format: "cjs",
+    },
+    external: [
+        ...Object.keys(pkg.dependencies),
+        ...builtin,
+    ]
+};

package/src/EddsaRN.js

@@ -0,0 +1,77 @@
+/* eslint-disable no-bitwise */
+// React Native port of circomlibjs-hinkal-fork/src/eddsa.js (Poseidon EdDSA over BabyJubJub).
+import { blake512 } from '@noble/hashes/blake1.js';
+import { BabyJubRN } from './babyjubRN.js';
+import { PoseidonRN } from './poseidonRN.js';
+import { mod } from './bigint-math.utils.js';
+
+const BABYJUB_ORDER = 21888242871839275222246405745257275088614511777268538073601725287587578984328n;
+const SUB_ORDER = BABYJUB_ORDER / 8n;
+
+const leBuff2int = (buff, offset = 0, length = buff.length - offset) => {
+  let result = 0n;
+  for (let i = length - 1; i >= 0; i -= 1) {
+    result = (result << 8n) + BigInt(buff[offset + i]);
+  }
+  return result;
+};
+
+const toRprLE = (buff, offset, value, length) => {
+  let v = mod(value);
+  for (let i = 0; i < length; i += 1) {
+    buff[offset + i] = Number(v & 0xffn);
+    v >>= 8n;
+  }
+};
+
+const modSubOrder = (value) => mod(value, SUB_ORDER);
+
+const pruneBuffer = (buff) => {
+  const out = new Uint8Array(buff);
+  out[0] = out[0] & 0xf8;
+  out[31] = out[31] & 0x7f;
+  out[31] = out[31] | 0x40;
+  return out;
+};
+
+/**
+ * @typedef {((inputs: bigint[]) => bigint) & { F: { toString: (v: bigint | number | string) => string } }} PoseidonFn
+ */
+
+export class EddsaRN {
+  constructor(babyJub, poseidon) {
+    this.babyJub = babyJub;
+    this.poseidon = poseidon;
+  }
+
+  prv2pub(prv) {
+    const sBuff = pruneBuffer(blake512(prv).slice(0, 32));
+    const s = leBuff2int(sBuff, 0, 32);
+    return this.babyJub.mulPointEscalar(this.babyJub.Base8, s / 8n);
+  }
+
+  signPoseidon(prv, msg) {
+    const sBuff = pruneBuffer(blake512(prv));
+    const s = leBuff2int(sBuff, 0, 32);
+    const A = this.babyJub.mulPointEscalar(this.babyJub.Base8, s / 8n);
+
+    const composeBuff = new Uint8Array(64);
+    composeBuff.set(sBuff.slice(32), 0);
+    toRprLE(composeBuff, 32, msg, 32);
+
+    const rBuff = blake512(composeBuff);
+    const r = modSubOrder(leBuff2int(rBuff, 0, 64));
+    const R8 = this.babyJub.mulPointEscalar(this.babyJub.Base8, r);
+
+    const hm = this.poseidon([R8[0], R8[1], A[0], A[1], msg]);
+    const hms = mod(BigInt(this.poseidon.F.toString(hm)));
+    const S = modSubOrder(r + modSubOrder(hms * s));
+
+    return { R8, S };
+  }
+}
+
+export const buildEddsaRN = async () => {
+  await PoseidonRN.init();
+  return new EddsaRN(new BabyJubRN(), PoseidonRN.getPoseidon());
+};

package/src/amounts.utils.js

@@ -0,0 +1,155 @@
+import { safeJsonStringify } from './serialize.utils.js';
+
+/**
+ * @typedef {string | number | boolean | bigint | { toBigInt: () => bigint }} BigIntable
+ */
+
+export const calculateSum = (arr) => arr.reduce((prev, item) => prev + item, 0);
+
+export const beepsToPercentage = (beeps) => beeps / 100;
+export const calculateAmountUsingBeeps = (beep, amount) => (amount * beep) / 10000n;
+
+export function toBigInt(value) {
+  if (typeof value === 'object' && 'toBigInt' in value) {
+    return value.toBigInt();
+  }
+  return BigInt(value);
+}
+
+export const advancedToBigInt = (value) => {
+  if (Array.isArray(value) && value.length === 32) {
+    // Convert big-endian byte array to BigInt
+    let result = 0n;
+    for (let i = 0; i < 32; i += 1) {
+      // eslint-disable-next-line no-bitwise
+      result = (result << 8n) | BigInt(value[i]);
+    }
+
+    return result;
+  }
+
+  if (typeof value === 'string' || typeof value === 'number') {
+    return BigInt(value);
+  }
+
+  if (typeof value === 'bigint') {
+    return value;
+  }
+
+  throw new Error(`Cannot convert value to BigInt: ${typeof value}, value: ${safeJsonStringify(value)}`);
+};
+
+/** Converts the value to a BigInt or returns undefined if can't */
+export const toBigIntOrUndefined = (value) => {
+  try {
+    return BigInt(value);
+  } catch {
+    return undefined;
+  }
+};
+
+/** Converts the value to a number or returns undefined if can't */
+export const toNumberOrUndefined = (value) => {
+  const num = Number(value);
+  return Number.isNaN(num) ? undefined : num;
+};
+
+export const toInt = (param, defaultValue) =>
+  param ? parseInt(param, 10) : defaultValue;
+
+export function bigintMax(...values) {
+  return values.reduce((max, value) => (value > max ? value : max));
+}
+
+// here + before Number convers string to number and cuts unused 0s at the end
+export function fixDecimalsAmount(n, decimals) {
+  if (n === 0) {
+    return 0;
+  }
+  return n < 0.00000099999 ? ' < 0.000001' : +Number(n).toFixed(decimals ?? 6);
+}
+
+export const getValueFirstNDigit = (num, numberOfDigits) => {
+  const numStr = num.toFixed(20); // if num = 0.03232e-17 -> it will transform to 0.00...03232
+
+  const indexOfDecimal = numStr.indexOf('.');
+  // If there's no decimal point, return the original number (or handle this case as you need)
+  if (indexOfDecimal === -1) return numStr;
+
+  // Determine the end position for substring, which is start position + n digits after decimal
+  const endPosition = indexOfDecimal + numberOfDigits + 1;
+
+  // Get the string from the start to the specified end position
+  const resultStr = numStr.substring(0, endPosition);
+
+  return resultStr;
+};
+
+export const trimLeadingZeros = (numberString) => {
+  // String of repeating 0's (e.g. '0000000') should be replaced with '0', not empty string
+  if (/^0+$/.test(numberString)) {
+    return '0';
+  }
+  // One leading zero before decimal point is valid
+  if (/^0\.\d+$/.test(numberString)) {
+    return numberString;
+  }
+  const trimmed = numberString.replace(/^0+/, '');
+  return trimmed.startsWith('.') ? `0${trimmed}` : trimmed;
+};
+
+export const toCommaSeparatedNumberString = (numberString) => {
+  const parts = numberString.split('.');
+  const integerPart = parts[0];
+  // Only add the . and decimal part if exist
+  const decimalPart = parts.length > 1 ? `.${parts[1]}` : '';
+
+  // Use a regular expression to format the integer part with commas
+  const formattedIntegerPart = trimLeadingZeros(integerPart).replace(/\B(?=(\d{3})+(?!\d))/g, ',');
+
+  return `${formattedIntegerPart}${decimalPart}`;
+};
+
+export const truncateToDecimalPlaces = (numStr, decimalPlaces = 18) => {
+  const match = numStr.match(/^(\d+)(\.(\d+))?$/);
+  if (match) {
+    const integerPart = match[1];
+    const decimalPart = match[3]?.slice(0, decimalPlaces) || '';
+    return decimalPart ? `${integerPart}.${decimalPart}` : integerPart;
+  }
+  return numStr;
+};
+
+export const formatAmountInput = (
+  valueStr,
+  decimals,
+  inputEl,
+) => {
+  if (!/^[0-9]*[.]?[0-9]*$/.test(valueStr)) return null;
+
+  const formatted = truncateToDecimalPlaces(trimLeadingZeros(valueStr), decimals);
+
+  if (inputEl && formatted !== valueStr) {
+    const oldPos = inputEl.selectionStart ?? 0;
+    const leadingZerosLength = valueStr.match(/^0+(?=\d)/)?.[0]?.length ?? 0;
+    const newCursorPos = Math.max(oldPos - leadingZerosLength, 1);
+
+    requestAnimationFrame(() => {
+      inputEl.setSelectionRange(newCursorPos, newCursorPos);
+    });
+  }
+
+  return formatted;
+};
+
+/** Return absolute value of BigInt */
+export const absBigInt = (n) => (n < 0n ? -n : n);
+
+/** Return the smallest values of the 2 or 3 values provided */
+export const minBigInt = (a, b, c) => {
+  const minOne = a < b ? a : b;
+  if (!c) return minOne;
+  return minOne < c ? minOne : c;
+};
+
+export const maxBigInt = (a, b) => (a > b ? a : b);

package/src/babyjub.js

@@ -0,0 +1,139 @@
+import { getCurveFromName, Scalar }  from "ffjavascript";
+
+export default async function buildBabyJub() {
+    const bn128 = await getCurveFromName("bn128", true);
+    return new BabyJub(bn128.Fr);
+}
+
+class BabyJub {
+    constructor(F) {
+        this.F = F;
+        this.p = Scalar.fromString("21888242871839275222246405745257275088548364400416034343698204186575808495617");
+        this.pm1d2 = Scalar.div(Scalar.sub(this.p, Scalar.e(1)),  Scalar.e(2));
+
+        this.Generator = [
+            F.e("995203441582195749578291179787384436505546430278305826713579947235728471134"),
+            F.e("5472060717959818805561601436314318772137091100104008585924551046643952123905")
+        ];
+        this.Base8 = [
+            F.e("5299619240641551281634865583518297030282874472190772894086521144482721001553"),
+            F.e("16950150798460657717958625567821834550301663161624707787222815936182638968203")
+        ];
+        this.order = Scalar.fromString("21888242871839275222246405745257275088614511777268538073601725287587578984328");
+        this.subOrder = Scalar.shiftRight(this.order, 3);
+        this.A = F.e("168700");
+        this.D = F.e("168696");
+    }
+
+
+    addPoint(a,b) {
+        const F = this.F;
+
+        const res = [];
+
+        /* does the equivalent of:
+        res[0] = bigInt((a[0]*b[1] + b[0]*a[1]) *  bigInt(bigInt("1") + d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
+        res[1] = bigInt((a[1]*b[1] - cta*a[0]*b[0]) * bigInt(bigInt("1") - d*a[0]*b[0]*a[1]*b[1]).inverse(q)).affine(q);
+        */
+
+        const beta = F.mul(a[0],b[1]);
+        const gamma = F.mul(a[1],b[0]);
+        const delta = F.mul(
+            F.sub(a[1], F.mul(this.A, a[0])),
+            F.add(b[0], b[1])
+        );
+        const tau = F.mul(beta, gamma);
+        const dtau = F.mul(this.D, tau);
+
+        res[0] = F.div(
+            F.add(beta, gamma),
+            F.add(F.one, dtau)
+        );
+
+        res[1] = F.div(
+            F.add(delta, F.sub(F.mul(this.A,beta), gamma)),
+            F.sub(F.one, dtau)
+        );
+
+        return res;
+    }
+
+    mulPointEscalar(base, e) {
+        const F = this.F;
+        let res = [F.e("0"),F.e("1")];
+        let rem = e;
+        let exp = base;
+
+        while (! Scalar.isZero(rem)) {
+            if (Scalar.isOdd(rem)) {
+                res = this.addPoint(res, exp);
+            }
+            exp = this.addPoint(exp, exp);
+            rem = Scalar.shiftRight(rem, 1);
+        }
+
+        return res;
+    }
+
+    inSubgroup(P) {
+        const F = this.F;
+        if (!this.inCurve(P)) return false;
+        const res= this.mulPointEscalar(P, this.subOrder);
+        return (F.isZero(res[0]) && F.eq(res[1], F.one));
+    }
+
+    inCurve(P) {
+        const F = this.F;
+        const x2 = F.square(P[0]);
+        const y2 = F.square(P[1]);
+
+        if (!F.eq(
+            F.add(F.mul(this.A, x2), y2),
+            F.add(F.one, F.mul(F.mul(x2, y2), this.D)))) return false;
+
+        return true;
+    }
+
+    packPoint(P) {
+        const F = this.F;
+        const buff = new Uint8Array(32);
+        F.toRprLE(buff, 0, P[1]);
+        const n = F.toObject(P[0]);
+        if (Scalar.gt(n, this.pm1d2)) {
+            buff[31] = buff[31] | 0x80;
+        }
+        return buff;
+    }
+
+    unpackPoint(buff) {
+        const F = this.F;
+        let sign = false;
+        const P = new Array(2);
+        if (buff[31] & 0x80) {
+            sign = true;
+            buff[31] = buff[31] & 0x7F;
+        }
+        P[1] = F.fromRprLE(buff, 0);
+        if (Scalar.gt(F.toObject(P[1]), this.p)) return null;
+
+        const y2 = F.square(P[1]);
+
+        const x2 = F.div(
+            F.sub(F.one, y2),
+            F.sub(this.A, F.mul(this.D, y2))
+        );
+
+        const x2h = F.exp(x2, F.half);
+        if (! F.eq(F.one, x2h)) return null;
+
+        let x = F.sqrt(x2);
+
+        if (x == null) return null;
+
+        if (sign) x = F.neg(x);
+
+        P[0] = x;
+
+        return P;
+    }
+}

package/src/babyjubRN.js

@@ -0,0 +1,118 @@
+import { CIRCOM_P } from './protocol.constants.js';
+import { mod, modInverse } from './bigint-math.utils.js';
+
+const P = CIRCOM_P;
+
+// BabyJub base-field arithmetic over CIRCOM_P (same semantics as circomlibjs F).
+const F = {
+  p: P,
+  zero: 0n,
+  one: 1n,
+  e: (v) => mod(BigInt(v)),
+  add: (a, b) => mod(a + b),
+  sub: (a, b) => mod(a - b),
+  mul: (a, b) => mod(a * b),
+  div: (a, b) => {
+    if (b === 0n) throw new Error('Division by zero in BabyJub field');
+    return mod(a * modInverse(b));
+  },
+  toString: (a) => mod(a).toString(),
+};
+
+/**
+ * @typedef {{ X: bigint, Y: bigint, Z: bigint, T: bigint }} ExtPoint
+ */
+
+// Neutral element in extended coordinates (affine identity 0, 1).
+const IDENTITY = { X: F.zero, Y: F.one, Z: F.one, T: F.zero };
+
+// Embed an affine (x, y) point into extended twisted Edwards form.
+const toExtended = (affine) => {
+  const x = F.e(affine[0]);
+  const y = F.e(affine[1]);
+  return { X: x, Y: y, Z: F.one, T: F.mul(x, y) };
+};
+
+// Project an extended point back to affine (x, y) coordinates.
+const toAffine = (point) => {
+  const zInv = modInverse(point.Z);
+  return [F.mul(point.X, zInv), F.mul(point.Y, zInv)];
+};
+
+const A = F.e('168700');
+const D = F.e('168696');
+
+// Add two extended points (add-2008-hwcd; no per-step field inversions).
+const addExtended = (p1, p2) => {
+  const a = F.mul(p1.X, p2.X);
+  const b = F.mul(p1.Y, p2.Y);
+  const c = F.mul(F.mul(p1.T, p2.T), D);
+  const d = F.mul(p1.Z, p2.Z);
+  const e = F.sub(F.mul(F.add(p1.X, p1.Y), F.add(p2.X, p2.Y)), F.add(a, b));
+  const f = F.sub(d, c);
+  const g = F.add(d, c);
+  const h = F.sub(b, F.mul(A, a));
+  return {
+    X: F.mul(e, f),
+    Y: F.mul(g, h),
+    T: F.mul(e, h),
+    Z: F.mul(f, g),
+  };
+};
+
+// Double an extended point (dbl-2008-hwcd; no per-step field inversions).
+const doubleExtended = (p) => {
+  const a = F.mul(p.X, p.X);
+  const b = F.mul(p.Y, p.Y);
+  const c = F.mul(F.mul(p.Z, p.Z), 2n);
+  const d = F.mul(A, a);
+  const e = F.sub(F.mul(F.add(p.X, p.Y), F.add(p.X, p.Y)), F.add(a, b));
+  const g = F.add(d, b);
+  const f = F.sub(g, c);
+  const h = F.sub(d, b);
+  return {
+    X: F.mul(e, f),
+    Y: F.mul(g, h),
+    T: F.mul(e, h),
+    Z: F.mul(f, g),
+  };
+};
+
+// Pure-JS BabyJub curve used on React Native (circomlibjs uses WASM instead).
+export class BabyJubRN {
+  static A = A;
+
+  static D = D;
+
+  F = F;
+
+  A = A;
+
+  D = D;
+
+  // Standard BabyJub generator used by EdDSA (matches circomlibjs Base8).
+  Base8 = [
+    F.e('5299619240641551281634865583518297030282874472190772894086521144482721001553'),
+    F.e('16950150798460657717958625567821834550301663161624707787222815936182638968203'),
+  ];
+
+  // Add two affine curve points.
+  addPoint(a, b) {
+    return toAffine(addExtended(toExtended(a), toExtended(b)));
+  }
+
+  // Scalar multiplication: returns e * base (double-and-add in extended coords).
+  mulPointEscalar(base, e) {
+    let res = IDENTITY;
+    let exp = toExtended(base);
+    let rem = BigInt(e);
+
+    while (rem !== 0n) {
+      if (rem % 2n === 1n) res = addExtended(res, exp);
+      exp = doubleExtended(exp);
+      rem /= 2n;
+    }
+
+    return toAffine(res);
+  }
+}

package/src/bigint-math.utils.js

@@ -0,0 +1,29 @@
+import { CIRCOM_P } from './protocol.constants.js';
+
+// Reduce value into [0, m); handles negative inputs.
+export const mod = (value, m = CIRCOM_P) => {
+  const result = value % m;
+  return result >= 0n ? result : result + m;
+};
+
+// Modular inverse via extended Euclidean algorithm (a^-1 mod m).
+export const modInverse = (value, m = CIRCOM_P) => {
+  let lm = 1n;
+  let hm = 0n;
+  let low = mod(value, m);
+  let high = m;
+
+  if (low === 0n) throw new Error('Division by zero');
+
+  while (low > 1n) {
+    const remainder = high % low;
+    const quotient = high / low;
+    high = low;
+    low = remainder;
+    const nm = hm - lm * quotient;
+    hm = lm;
+    lm = nm;
+  }
+
+  return lm < 0n ? lm + m : lm;
+};

package/src/eddsa.js

@@ -0,0 +1,101 @@
+import { Scalar, utils } from "ffjavascript";
+import buildBabyJub from "./babyjub.js";
+import { buildPoseidon } from "./poseidon_wasm.js";
+import { blake512 } from "@noble/hashes/blake1.js";
+
+export default async function buildEddsa() {
+  const babyJub = await buildBabyJub("bn128");
+  const poseidon = await buildPoseidon();
+  return new Eddsa(babyJub, poseidon);
+}
+
+class Eddsa {
+  constructor(babyJub, poseidon) {
+    this.babyJub = babyJub;
+    this.poseidon = poseidon;
+    this.F = babyJub.F;
+  }
+
+  pruneBuffer(buff) {
+    buff[0] = buff[0] & 0xf8;
+    buff[31] = buff[31] & 0x7f;
+    buff[31] = buff[31] | 0x40;
+    return buff;
+  }
+
+  prv2pub(prv) {
+    const sBuff = this.pruneBuffer(blake512(prv).slice(0, 32));
+    let s = utils.leBuff2int(sBuff);
+    const A = this.babyJub.mulPointEscalar(
+      this.babyJub.Base8,
+      Scalar.shr(s, 3),
+    );
+    return A;
+  }
+
+  signPoseidon(prv, msg) {
+    const F = this.babyJub.F;
+    const sBuff = this.pruneBuffer(blake512(prv));
+    const s = Scalar.fromRprLE(sBuff, 0, 32);
+    const A = this.babyJub.mulPointEscalar(
+      this.babyJub.Base8,
+      Scalar.shr(s, 3),
+    );
+
+    const composeBuff = new Uint8Array(32 + msg.length);
+    composeBuff.set(sBuff.slice(32), 0);
+    F.toRprLE(composeBuff, 32, msg);
+    const rBuff = blake512(composeBuff);
+    let r = Scalar.mod(Scalar.fromRprLE(rBuff, 0, 64), this.babyJub.subOrder);
+    const R8 = this.babyJub.mulPointEscalar(this.babyJub.Base8, r);
+
+    const hm = this.poseidon([R8[0], R8[1], A[0], A[1], msg]);
+    const hms = Scalar.e(this.babyJub.F.toObject(hm));
+    const S = Scalar.mod(
+      Scalar.add(r, Scalar.mul(hms, s)),
+      this.babyJub.subOrder,
+    );
+    return {
+      R8: R8,
+      S: S,
+    };
+  }
+
+  verifyPoseidon(msg, sig, A) {
+    // Check parameters
+    if (typeof sig != "object") return false;
+    if (!Array.isArray(sig.R8)) return false;
+    if (sig.R8.length != 2) return false;
+    if (!this.babyJub.inCurve(sig.R8)) return false;
+    if (!Array.isArray(A)) return false;
+    if (A.length != 2) return false;
+    if (!this.babyJub.inCurve(A)) return false;
+    if (sig.S >= this.babyJub.subOrder) return false;
+
+    const hm = this.poseidon([sig.R8[0], sig.R8[1], A[0], A[1], msg]);
+    const hms = Scalar.e(this.babyJub.F.toObject(hm));
+
+    const Pleft = this.babyJub.mulPointEscalar(this.babyJub.Base8, sig.S);
+    let Pright = this.babyJub.mulPointEscalar(A, Scalar.mul(hms, 8));
+    Pright = this.babyJub.addPoint(sig.R8, Pright);
+
+    if (!this.babyJub.F.eq(Pleft[0], Pright[0])) return false;
+    if (!this.babyJub.F.eq(Pleft[1], Pright[1])) return false;
+    return true;
+  }
+
+  packSignature(sig) {
+    const buff = new Uint8Array(64);
+    const R8p = this.babyJub.packPoint(sig.R8);
+    buff.set(R8p, 0);
+    const Sp = Scalar.toRprLE(buff, 32, sig.S, 32);
+    return buff;
+  }
+
+  unpackSignature(sigBuff) {
+    return {
+      R8: this.babyJub.unpackPoint(sigBuff.slice(0, 32)),
+      S: Scalar.fromRprLE(sigBuff, 32, 32),
+    };
+  }
+}