@noble/curves 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2022 Paul Miller (https://paulmillr.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the “Software”), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

package/README.md

@@ -0,0 +1,71 @@
+# noble-curves
+
+Minimal, zero-dependency JS implementation of elliptic curve cryptography.
+
+Implements Short Weierstrass curves with ECDSA signature scheme.
+
+To keep the package minimal, no curve definitions are provided out-of-box.
+Main reason for that is the fact hashing library is usually required for full functionality. Use separate package that defines popular curves: `micro-curve-definitions` for P192, P224, P256, P384, P521, secp256k1, stark curve, bn254, pasta (pallas/vesta) - it depends on `@noble/hashes`.
+
+Future plans:
+
+- Edwards, Twisted Edwards & Montgomery curves
+- hash-to-curve standard
+- pairings
+
+### This library belongs to _noble_ crypto
+
+> **noble-crypto** — high-security, easily auditable set of contained cryptographic libraries and tools.
+
+- No dependencies, small files
+- Easily auditable TypeScript/JS code
+- Supported in all major browsers and stable node.js versions
+- All releases are signed with PGP keys
+- Check out [homepage](https://paulmillr.com/noble/) & all libraries:
+  [secp256k1](https://github.com/paulmillr/noble-secp256k1),
+  [ed25519](https://github.com/paulmillr/noble-ed25519),
+  [bls12-381](https://github.com/paulmillr/noble-bls12-381),
+  [hashes](https://github.com/paulmillr/noble-hashes),
+  [curves](https://github.com/paulmillr/noble-curves)
+
+## Usage
+
+Use NPM in node.js / browser, or include single file from
+[GitHub's releases page](https://github.com/paulmillr/noble-curves/releases):
+
+## Usage
+
+```sh
+npm install @noble/curves
+```
+
+```ts
+// Short Weierstrass curve
+import shortw from '@noble/curves/shortw';
+import { sha256 } from '@noble/hashes/sha256';
+import { hmac } from '@noble/hashes/hmac';
+import { concatBytes, randomBytes } from '@noble/hashes/utils';
+
+export const secp256k1 = shortw({
+  a: 0n,
+  b: 7n,
+  // Field over which we'll do calculations
+  P: 2n ** 256n - 2n ** 32n - 2n ** 9n - 2n ** 8n - 2n ** 7n - 2n ** 6n - 2n ** 4n - 1n,
+  // Curve order, total count of valid points in the field
+  n: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n,
+  // Base point (x, y) aka generator point
+  Gx: 55066263022277343669578718895168534326250603453777594175500187360389116729240n,
+  Gy: 32670510020758816978083085130507043184471273380659243275938904335757337482424n,
+  hash: sha256,
+  hmac: (k: Uint8Array, ...msgs: Uint8Array[]) => hmac(sha256, key, concatBytes(...msgs)),
+  randomBytes: randomBytes
+});
+
+// secp256k1.getPublicKey(priv)
+// secp256k1.sign(msg, priv)
+// secp256k1.verify(sig, msg, pub)
+```
+
+## License
+
+MIT (c) Paul Miller [(https://paulmillr.com)](https://paulmillr.com), see LICENSE file.

package/index.js

@@ -0,0 +1 @@
+throw new Error('Incorrect usage. Import submodules instead');

package/lib/esm/modular.js

@@ -0,0 +1,148 @@
+/*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const _0n = BigInt(0);
+const _1n = BigInt(1);
+const _2n = BigInt(2);
+const _3n = BigInt(3);
+const _4n = BigInt(4);
+const _5n = BigInt(5);
+const _8n = BigInt(8);
+// Calculates a modulo b
+export function mod(a, b) {
+    const result = a % b;
+    return result >= _0n ? result : b + result;
+}
+/**
+ * Efficiently exponentiate num to power and do modular division.
+ * @example
+ * powMod(2n, 6n, 11n) // 64n % 11n == 9n
+ */
+export function pow(num, power, modulo) {
+    if (modulo <= _0n || power < _0n)
+        throw new Error('Expected power/modulo > 0');
+    if (modulo === _1n)
+        return _0n;
+    let res = _1n;
+    while (power > _0n) {
+        if (power & _1n)
+            res = (res * num) % modulo;
+        num = (num * num) % modulo;
+        power >>= _1n;
+    }
+    return res;
+}
+// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)
+export function pow2(x, power, modulo) {
+    let res = x;
+    while (power-- > _0n) {
+        res *= res;
+        res %= modulo;
+    }
+    return res;
+}
+// Inverses number over modulo
+export function invert(number, modulo) {
+    if (number === _0n || modulo <= _0n) {
+        throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
+    }
+    // Eucledian GCD https://brilliant.org/wiki/extended-euclidean-algorithm/
+    let a = mod(number, modulo);
+    let b = modulo;
+    // prettier-ignore
+    let x = _0n, y = _1n, u = _1n, v = _0n;
+    while (a !== _0n) {
+        const q = b / a;
+        const r = b % a;
+        const m = x - u * q;
+        const n = y - v * q;
+        // prettier-ignore
+        b = a, a = r, x = u, y = v, u = m, v = n;
+    }
+    const gcd = b;
+    if (gcd !== _1n)
+        throw new Error('invert: does not exist');
+    return mod(x, modulo);
+}
+/**
+ * Takes a list of numbers, efficiently inverts all of them.
+ * @param nums list of bigints
+ * @param p modulo
+ * @returns list of inverted bigints
+ * @example
+ * invertBatch([1n, 2n, 4n], 21n);
+ * // => [1n, 11n, 16n]
+ */
+export function invertBatch(nums, modulo) {
+    const scratch = new Array(nums.length);
+    // Walk from first to last, multiply them by each other MOD p
+    const lastMultiplied = nums.reduce((acc, num, i) => {
+        if (num === _0n)
+            return acc;
+        scratch[i] = acc;
+        return mod(acc * num, modulo);
+    }, _1n);
+    // Invert last element
+    const inverted = invert(lastMultiplied, modulo);
+    // Walk from last to first, multiply them by inverted each other MOD p
+    nums.reduceRight((acc, num, i) => {
+        if (num === _0n)
+            return acc;
+        scratch[i] = mod(acc * scratch[i], modulo);
+        return mod(acc * num, modulo);
+    }, inverted);
+    return scratch;
+}
+// Calculates Legendre symbol: num^((P-1)/2)
+export function legendre(num, fieldPrime) {
+    return pow(num, (fieldPrime - _1n) / _2n, fieldPrime);
+}
+/**
+ * Calculates square root of a number in a finite field.
+ * Used to calculate y - the square root of y².
+ */
+export function sqrt(number, modulo) {
+    const n = number;
+    const P = modulo;
+    const p1div4 = (P + _1n) / _4n;
+    // P = 3 (mod 4)
+    // sqrt n = n^((P+1)/4)
+    if (P % _4n === _3n)
+        return pow(n, p1div4, P);
+    // P = 5 (mod 8)
+    if (P % _8n === _5n) {
+        const n2 = mod(n * _2n, P);
+        const v = pow(n2, (P - _5n) / _8n, P);
+        const nv = mod(n * v, P);
+        const i = mod(_2n * nv * v, P);
+        const r = mod(nv * (i - _1n), P);
+        return r;
+    }
+    // Other cases: Tonelli-Shanks algorithm
+    if (legendre(n, P) !== _1n)
+        throw new Error('Cannot find square root');
+    let q, s, z;
+    for (q = P - _1n, s = 0; q % _2n === _0n; q /= _2n, s++)
+        ;
+    if (s === 1)
+        return pow(n, p1div4, P);
+    for (z = _2n; z < P && legendre(z, P) !== P - _1n; z++)
+        ;
+    let c = pow(z, q, P);
+    let r = pow(n, (q + _1n) / _2n, P);
+    let t = pow(n, q, P);
+    let t2 = _0n;
+    while (mod(t - _1n, P) !== _0n) {
+        t2 = mod(t * t, P);
+        let i;
+        for (i = 1; i < s; i++) {
+            if (mod(t2 - _1n, P) === _0n)
+                break;
+            t2 = mod(t2 * t2, P);
+        }
+        let b = pow(c, BigInt(1 << (s - i - 1)), P);
+        r = mod(r * b, P);
+        c = mod(b * b, P);
+        t = mod(t * c, P);
+        s = i;
+    }
+    return r;
+}

package/lib/esm/package.json

@@ -0,0 +1,7 @@
+{
+  "type": "module",
+  "browser": {
+    "crypto": false,
+    "./crypto": "./esm/cryptoBrowser.js"
+  }
+}