@noble/curves 0.3.0 → 0.3.2

package/lib/crypto.js

@@ -1,8 +1,5 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.crypto = void 0;
-const nodeCrypto = require("crypto");
-exports.crypto = {
+import * as nodeCrypto from 'crypto';
+export const crypto = {
     node: nodeCrypto,
     web: undefined,
 };

package/lib/cryptoBrowser.js

@@ -1,7 +1,4 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.crypto = void 0;
-exports.crypto = {
+export const crypto = {
     node: undefined,
     web: typeof self === 'object' && 'crypto' in self ? self.crypto : undefined,
 };

package/lib/definitions/_shortw_utils.d.ts

@@ -1,11 +1,11 @@
-import { CurveType, CHash } from '../weierstrass';
+import { CurveType, CHash } from '../weierstrass.js';
 export declare function getHash(hash: CHash): {
     hash: CHash;
     hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => Uint8Array;
 };
 declare type CurveDef = Readonly<Omit<CurveType, 'hash' | 'hmac'>>;
 export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonly<{
-    create: (hash: CHash) => import("../weierstrass").CurveFn;
+    create: (hash: CHash) => import("../weierstrass.js").CurveFn;
     CURVE: Readonly<{
         readonly nBitLength: number;
         readonly nByteLength: number;
@@ -19,10 +19,10 @@ export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonl
         lowS: boolean;
         readonly hash: CHash;
         readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
-        randomBytes: typeof import("../utils").randomBytes;
+        randomBytes: typeof import("../utils.js").randomBytes;
         readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
         readonly sqrtMod?: ((n: bigint) => bigint) | undefined;
-        readonly normalizePrivateKey?: ((key: import("../utils").PrivKey) => import("../utils").PrivKey) | undefined;
+        readonly normalizePrivateKey?: ((key: import("../utils.js").PrivKey) => import("../utils.js").PrivKey) | undefined;
         readonly endo?: {
             beta: bigint;
             splitScalar: (k: bigint) => {
@@ -33,30 +33,30 @@ export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonl
             };
         } | undefined;
     }>;
-    getPublicKey: (privateKey: import("../utils").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
-    getSharedSecret: (privateA: import("../utils").PrivKey, publicB: import("../weierstrass").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("../utils").Hex, privKey: import("../utils").PrivKey, opts?: {
+    getPublicKey: (privateKey: import("../utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
+    getSharedSecret: (privateA: import("../utils.js").PrivKey, publicB: import("../weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
+    sign: (msgHash: import("../utils.js").Hex, privKey: import("../utils.js").PrivKey, opts?: {
         lowS?: boolean | undefined;
-        extraEntropy?: (true | import("../utils").Hex) | undefined;
-    } | undefined) => import("../weierstrass").SignatureType;
-    verify: (signature: import("../utils").Hex | import("../weierstrass").SignatureType, msgHash: import("../utils").Hex, publicKey: import("../weierstrass").PubKey, opts?: {
+        extraEntropy?: (true | import("../utils.js").Hex) | undefined;
+    } | undefined) => import("../weierstrass.js").SignatureType;
+    verify: (signature: import("../utils.js").Hex | import("../weierstrass.js").SignatureType, msgHash: import("../utils.js").Hex, publicKey: import("../weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
-    Point: import("../weierstrass").PointConstructor;
-    JacobianPoint: import("../weierstrass").JacobianPointConstructor;
-    Signature: import("../weierstrass").SignatureConstructor;
+    Point: import("../weierstrass.js").PointConstructor;
+    JacobianPoint: import("../weierstrass.js").JacobianPointConstructor;
+    Signature: import("../weierstrass.js").SignatureConstructor;
     utils: {
         mod: (a: bigint, b?: bigint | undefined) => bigint;
         invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
-        _normalizePrivateKey: (key: import("../utils").PrivKey) => bigint;
-        _normalizePublicKey: (publicKey: import("../weierstrass").PubKey) => import("../weierstrass").PointType;
+        _normalizePrivateKey: (key: import("../utils.js").PrivKey) => bigint;
+        _normalizePublicKey: (publicKey: import("../weierstrass.js").PubKey) => import("../weierstrass.js").PointType;
         _isWithinCurveOrder: (num: bigint) => boolean;
         _isValidFieldElement: (num: bigint) => boolean;
         _weierstrassEquation: (x: bigint) => bigint;
-        isValidPrivateKey(privateKey: import("../utils").PrivKey): boolean;
-        hashToPrivateKey: (hash: import("../utils").Hex) => Uint8Array;
+        isValidPrivateKey(privateKey: import("../utils.js").PrivKey): boolean;
+        hashToPrivateKey: (hash: import("../utils.js").Hex) => Uint8Array;
         randomPrivateKey: () => Uint8Array;
     };
 }>;

package/lib/definitions/_shortw_utils.js

@@ -1,18 +1,13 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createCurve = exports.getHash = void 0;
-const hmac_1 = require("@noble/hashes/hmac");
-const utils_1 = require("@noble/hashes/utils");
-const weierstrass_1 = require("../weierstrass");
-function getHash(hash) {
+import { hmac } from '@noble/hashes/hmac';
+import { concatBytes } from '@noble/hashes/utils';
+import { weierstrass } from '../weierstrass.js';
+export function getHash(hash) {
     return {
         hash,
-        hmac: (key, ...msgs) => (0, hmac_1.hmac)(hash, key, (0, utils_1.concatBytes)(...msgs)),
+        hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),
     };
 }
-exports.getHash = getHash;
-function createCurve(curveDef, defHash) {
-    const create = (hash) => (0, weierstrass_1.weierstrass)({ ...curveDef, ...getHash(hash) });
+export function createCurve(curveDef, defHash) {
+    const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
     return Object.freeze({ ...create(defHash), create });
 }
-exports.createCurve = createCurve;

package/lib/definitions/bn.d.ts

@@ -4,4 +4,4 @@
  * Recent research shown it's weaker, the naming has been adjusted to its prime bit count.
  * https://github.com/zcash/zcash/issues/2502
  */
-export declare const bn254: import("../weierstrass").CurveFn;
+export declare const bn254: import("../weierstrass.js").CurveFn;

package/lib/definitions/bn.js

@@ -1,17 +1,14 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.bn254 = void 0;
 /*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const weierstrass_1 = require("../weierstrass");
-const sha256_1 = require("@noble/hashes/sha256");
-const _shortw_utils_js_1 = require("./_shortw_utils.js");
+import { weierstrass } from '../weierstrass.js';
+import { sha256 } from '@noble/hashes/sha256';
+import { getHash } from './_shortw_utils.js';
 /**
  * bn254 pairing-friendly curve.
  * Previously known as alt_bn_128, when it had 128-bit security.
  * Recent research shown it's weaker, the naming has been adjusted to its prime bit count.
  * https://github.com/zcash/zcash/issues/2502
  */
-exports.bn254 = (0, weierstrass_1.weierstrass)({
+export const bn254 = weierstrass({
     a: BigInt(0),
     b: BigInt(3),
     P: BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47'),
@@ -19,5 +16,5 @@ exports.bn254 = (0, weierstrass_1.weierstrass)({
     Gx: BigInt(1),
     Gy: BigInt(2),
     h: BigInt(1),
-    ...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256),
+    ...getHash(sha256),
 });

package/lib/definitions/ed25519.d.ts

@@ -1,10 +1,10 @@
-import { ExtendedPointType } from '../edwards';
-import { Hex } from '../utils';
+import { ExtendedPointType } from '../edwards.js';
+import { Hex } from '../utils.js';
 export declare const ED25519_TORSION_SUBGROUP: string[];
-export declare const ed25519: import("../edwards").CurveFn;
-export declare const ed25519ctx: import("../edwards").CurveFn;
-export declare const ed25519ph: import("../edwards").CurveFn;
-export declare const x25519: import("../montgomery").CurveFn;
+export declare const ed25519: import("../edwards.js").CurveFn;
+export declare const ed25519ctx: import("../edwards.js").CurveFn;
+export declare const ed25519ph: import("../edwards.js").CurveFn;
+export declare const x25519: import("../montgomery.js").CurveFn;
 declare type ExtendedPoint = ExtendedPointType;
 /**
  * Each ed25519/ExtendedPoint has 8 different equivalent points. This can be

package/lib/definitions/ed25519.js

@@ -1,13 +1,10 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.RistrettoPoint = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0;
 /*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha512_1 = require("@noble/hashes/sha512");
-const utils_1 = require("@noble/hashes/utils");
-const edwards_1 = require("../edwards");
-const montgomery_1 = require("../montgomery");
-const modular_1 = require("../modular");
-const utils_2 = require("../utils");
+import { sha512 } from '@noble/hashes/sha512';
+import { concatBytes, utf8ToBytes } from '@noble/hashes/utils';
+import { twistedEdwards } from '../edwards.js';
+import { montgomery } from '../montgomery.js';
+import { mod, pow2, isNegativeLE } from '../modular.js';
+import { ensureBytes, equalBytes, bytesToHex, bytesToNumberLE, numberToBytesLE, } from '../utils.js';
 /**
  * ed25519 Twisted Edwards curve with following addons:
  * - X25519 ECDH
@@ -25,16 +22,16 @@ function ed25519_pow_2_252_3(x) {
     const P = ED25519_P;
     const x2 = (x * x) % P;
     const b2 = (x2 * x) % P; // x^3, 11
-    const b4 = ((0, modular_1.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111
-    const b5 = ((0, modular_1.pow2)(b4, _1n, P) * x) % P; // x^31
-    const b10 = ((0, modular_1.pow2)(b5, _5n, P) * b5) % P;
-    const b20 = ((0, modular_1.pow2)(b10, _10n, P) * b10) % P;
-    const b40 = ((0, modular_1.pow2)(b20, _20n, P) * b20) % P;
-    const b80 = ((0, modular_1.pow2)(b40, _40n, P) * b40) % P;
-    const b160 = ((0, modular_1.pow2)(b80, _80n, P) * b80) % P;
-    const b240 = ((0, modular_1.pow2)(b160, _80n, P) * b80) % P;
-    const b250 = ((0, modular_1.pow2)(b240, _10n, P) * b10) % P;
-    const pow_p_5_8 = ((0, modular_1.pow2)(b250, _2n, P) * x) % P;
+    const b4 = (pow2(b2, _2n, P) * b2) % P; // x^15, 1111
+    const b5 = (pow2(b4, _1n, P) * x) % P; // x^31
+    const b10 = (pow2(b5, _5n, P) * b5) % P;
+    const b20 = (pow2(b10, _10n, P) * b10) % P;
+    const b40 = (pow2(b20, _20n, P) * b20) % P;
+    const b80 = (pow2(b40, _40n, P) * b40) % P;
+    const b160 = (pow2(b80, _80n, P) * b80) % P;
+    const b240 = (pow2(b160, _80n, P) * b80) % P;
+    const b250 = (pow2(b240, _10n, P) * b10) % P;
+    const pow_p_5_8 = (pow2(b250, _2n, P) * x) % P;
     // ^ To pow to (p+3)/8, multiply it by x.
     return { pow_p_5_8, b2 };
 }
@@ -54,27 +51,27 @@ function adjustScalarBytes(bytes) {
 // sqrt(u/v)
 function uvRatio(u, v) {
     const P = ED25519_P;
-    const v3 = (0, modular_1.mod)(v * v * v, P); // v³
-    const v7 = (0, modular_1.mod)(v3 * v3 * v, P); // v⁷
+    const v3 = mod(v * v * v, P); // v³
+    const v7 = mod(v3 * v3 * v, P); // v⁷
     // (p+3)/8 and (p-5)/8
     const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;
-    let x = (0, modular_1.mod)(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
-    const vx2 = (0, modular_1.mod)(v * x * x, P); // vx²
+    let x = mod(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
+    const vx2 = mod(v * x * x, P); // vx²
     const root1 = x; // First root candidate
-    const root2 = (0, modular_1.mod)(x * ED25519_SQRT_M1, P); // Second root candidate
+    const root2 = mod(x * ED25519_SQRT_M1, P); // Second root candidate
     const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root
-    const useRoot2 = vx2 === (0, modular_1.mod)(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
-    const noRoot = vx2 === (0, modular_1.mod)(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
+    const useRoot2 = vx2 === mod(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
+    const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
     if (useRoot1)
         x = root1;
     if (useRoot2 || noRoot)
         x = root2; // We return root2 anyway, for const-time
-    if ((0, modular_1.isNegativeLE)(x, P))
-        x = (0, modular_1.mod)(-x, P);
+    if (isNegativeLE(x, P))
+        x = mod(-x, P);
     return { isValid: useRoot1 || useRoot2, value: x };
 }
 // Just in case
-exports.ED25519_TORSION_SUBGROUP = [
+export const ED25519_TORSION_SUBGROUP = [
     '0100000000000000000000000000000000000000000000000000000000000000',
     'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a',
     '0000000000000000000000000000000000000000000000000000000000000080',
@@ -100,26 +97,26 @@ const ED25519_DEF = {
     // Base point (x, y) aka generator point
     Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'),
     Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'),
-    hash: sha512_1.sha512,
+    hash: sha512,
     adjustScalarBytes,
     // dom2
     // Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3.
     // Constant-time, u/√v
     uvRatio,
 };
-exports.ed25519 = (0, edwards_1.twistedEdwards)(ED25519_DEF);
+export const ed25519 = twistedEdwards(ED25519_DEF);
 function ed25519_domain(data, ctx, phflag) {
     if (ctx.length > 255)
         throw new Error('Context is too big');
-    return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
+    return concatBytes(utf8ToBytes('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
 }
-exports.ed25519ctx = (0, edwards_1.twistedEdwards)({ ...ED25519_DEF, domain: ed25519_domain });
-exports.ed25519ph = (0, edwards_1.twistedEdwards)({
+export const ed25519ctx = twistedEdwards({ ...ED25519_DEF, domain: ed25519_domain });
+export const ed25519ph = twistedEdwards({
     ...ED25519_DEF,
     domain: ed25519_domain,
-    preHash: sha512_1.sha512,
+    preHash: sha512,
 });
-exports.x25519 = (0, montgomery_1.montgomery)({
+export const x25519 = montgomery({
     P: ED25519_P,
     a24: BigInt('121665'),
     montgomeryBits: 255,
@@ -129,7 +126,7 @@ exports.x25519 = (0, montgomery_1.montgomery)({
         const P = ED25519_P;
         // x^(p-2) aka x^(2^255-21)
         const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
-        return (0, modular_1.mod)((0, modular_1.pow2)(pow_p_5_8, BigInt(3), P) * b2, P);
+        return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P);
     },
     adjustScalarBytes,
 });
@@ -150,7 +147,7 @@ const D_MINUS_ONE_SQ = BigInt('4044083434630853685810104246932319082624839914623
 // Calculates 1/√(number)
 const invertSqrt = (number) => uvRatio(_1n, number);
 const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
-const bytes255ToNumberLE = (bytes) => exports.ed25519.utils.mod((0, utils_2.bytesToNumberLE)(bytes) & MAX_255B);
+const bytes255ToNumberLE = (bytes) => ed25519.utils.mod(bytesToNumberLE(bytes) & MAX_255B);
 /**
  * Each ed25519/ExtendedPoint has 8 different equivalent points. This can be
  * a source of bugs for protocols like ring signatures. Ristretto was created to solve this.
@@ -158,7 +155,7 @@ const bytes255ToNumberLE = (bytes) => exports.ed25519.utils.mod((0, utils_2.byte
  * but it should work in its own namespace: do not combine those two.
  * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448
  */
-class RistrettoPoint {
+export class RistrettoPoint {
     // Private property to discourage combining ExtendedPoint + RistrettoPoint
     // Always use Ristretto encoding/decoding instead.
     constructor(ep) {
@@ -167,15 +164,15 @@ class RistrettoPoint {
     // Computes Elligator map for Ristretto
     // https://ristretto.group/formulas/elligator.html
     static calcElligatorRistrettoMap(r0) {
-        const { d, P } = exports.ed25519.CURVE;
-        const { mod } = exports.ed25519.utils;
+        const { d, P } = ed25519.CURVE;
+        const { mod } = ed25519.utils;
         const r = mod(SQRT_M1 * r0 * r0); // 1
         const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2
         let c = BigInt(-1); // 3
         const D = mod((c - d * r) * mod(r + d)); // 4
         let { isValid: Ns_D_is_sq, value: s } = uvRatio(Ns, D); // 5
         let s_ = mod(s * r0); // 6
-        if (!(0, modular_1.isNegativeLE)(s_, P))
+        if (!isNegativeLE(s_, P))
             s_ = mod(-s_);
         if (!Ns_D_is_sq)
             s = s_; // 7
@@ -187,7 +184,7 @@ class RistrettoPoint {
         const W1 = mod(Nt * SQRT_AD_MINUS_ONE); // 11
         const W2 = mod(_1n - s2); // 12
         const W3 = mod(_1n + s2); // 13
-        return new exports.ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
+        return new ed25519.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
     }
     /**
      * Takes uniform output of 64-bit hash function like sha512 and converts it to `RistrettoPoint`.
@@ -197,7 +194,7 @@ class RistrettoPoint {
      * @param hex 64-bit output of a hash function
      */
     static hashToCurve(hex) {
-        hex = (0, utils_2.ensureBytes)(hex, 64);
+        hex = ensureBytes(hex, 64);
         const r1 = bytes255ToNumberLE(hex.slice(0, 32));
         const R1 = this.calcElligatorRistrettoMap(r1);
         const r2 = bytes255ToNumberLE(hex.slice(32, 64));
@@ -210,14 +207,14 @@ class RistrettoPoint {
      * @param hex Ristretto-encoded 32 bytes. Not every 32-byte string is valid ristretto encoding
      */
     static fromHex(hex) {
-        hex = (0, utils_2.ensureBytes)(hex, 32);
-        const { a, d, P } = exports.ed25519.CURVE;
-        const { mod } = exports.ed25519.utils;
+        hex = ensureBytes(hex, 32);
+        const { a, d, P } = ed25519.CURVE;
+        const { mod } = ed25519.utils;
         const emsg = 'RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint';
         const s = bytes255ToNumberLE(hex);
         // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.
         // 3. Check that s is non-negative, or else abort
-        if (!(0, utils_2.equalBytes)((0, utils_2.numberToBytesLE)(s, 32), hex) || (0, modular_1.isNegativeLE)(s, P))
+        if (!equalBytes(numberToBytesLE(s, 32), hex) || isNegativeLE(s, P))
             throw new Error(emsg);
         const s2 = mod(s * s);
         const u1 = mod(_1n + a * s2); // 4 (a is -1)
@@ -229,13 +226,13 @@ class RistrettoPoint {
         const Dx = mod(I * u2); // 8
         const Dy = mod(I * Dx * v); // 9
         let x = mod((s + s) * Dx); // 10
-        if ((0, modular_1.isNegativeLE)(x, P))
+        if (isNegativeLE(x, P))
             x = mod(-x); // 10
         const y = mod(u1 * Dy); // 11
         const t = mod(x * y); // 12
-        if (!isValid || (0, modular_1.isNegativeLE)(t, P) || y === _0n)
+        if (!isValid || isNegativeLE(t, P) || y === _0n)
             throw new Error(emsg);
-        return new RistrettoPoint(new exports.ed25519.ExtendedPoint(x, y, _1n, t));
+        return new RistrettoPoint(new ed25519.ExtendedPoint(x, y, _1n, t));
     }
     /**
      * Encodes ristretto point to Uint8Array.
@@ -243,8 +240,8 @@ class RistrettoPoint {
      */
     toRawBytes() {
         let { x, y, z, t } = this.ep;
-        const { P } = exports.ed25519.CURVE;
-        const { mod } = exports.ed25519.utils;
+        const { P } = ed25519.CURVE;
+        const { mod } = ed25519.utils;
         const u1 = mod(mod(z + y) * mod(z - y)); // 1
         const u2 = mod(x * y); // 2
         // Square root always exists
@@ -254,7 +251,7 @@ class RistrettoPoint {
         const D2 = mod(invsqrt * u2); // 5
         const zInv = mod(D1 * D2 * t); // 6
         let D; // 7
-        if ((0, modular_1.isNegativeLE)(t * zInv, P)) {
+        if (isNegativeLE(t * zInv, P)) {
             let _x = mod(y * SQRT_M1);
             let _y = mod(x * SQRT_M1);
             x = _x;
@@ -264,15 +261,15 @@ class RistrettoPoint {
         else {
             D = D2; // 8
         }
-        if ((0, modular_1.isNegativeLE)(x * zInv, P))
+        if (isNegativeLE(x * zInv, P))
             y = mod(-y); // 9
         let s = mod((z - y) * D); // 10 (check footer's note, no sqrt(-a))
-        if ((0, modular_1.isNegativeLE)(s, P))
+        if (isNegativeLE(s, P))
             s = mod(-s);
-        return (0, utils_2.numberToBytesLE)(s, 32); // 11
+        return numberToBytesLE(s, 32); // 11
     }
     toHex() {
-        return (0, utils_2.bytesToHex)(this.toRawBytes());
+        return bytesToHex(this.toRawBytes());
     }
     toString() {
         return this.toHex();
@@ -282,7 +279,7 @@ class RistrettoPoint {
         assertRstPoint(other);
         const a = this.ep;
         const b = other.ep;
-        const { mod } = exports.ed25519.utils;
+        const { mod } = ed25519.utils;
         // (x1 * y2 == y1 * x2) | (y1 * y2 == x1 * x2)
         const one = mod(a.x * b.y) === mod(a.y * b.x);
         const two = mod(a.y * b.y) === mod(a.x * b.x);
@@ -303,6 +300,5 @@ class RistrettoPoint {
         return new RistrettoPoint(this.ep.multiplyUnsafe(scalar));
     }
 }
-exports.RistrettoPoint = RistrettoPoint;
-RistrettoPoint.BASE = new RistrettoPoint(exports.ed25519.ExtendedPoint.BASE);
-RistrettoPoint.ZERO = new RistrettoPoint(exports.ed25519.ExtendedPoint.ZERO);
+RistrettoPoint.BASE = new RistrettoPoint(ed25519.ExtendedPoint.BASE);
+RistrettoPoint.ZERO = new RistrettoPoint(ed25519.ExtendedPoint.ZERO);

package/lib/definitions/ed448.d.ts

@@ -1,3 +1,3 @@
-export declare const ed448: import("../edwards").CurveFn;
-export declare const ed448ph: import("../edwards").CurveFn;
-export declare const x448: import("../montgomery").CurveFn;
+export declare const ed448: import("../edwards.js").CurveFn;
+export declare const ed448ph: import("../edwards.js").CurveFn;
+export declare const x448: import("../montgomery.js").CurveFn;

package/lib/definitions/ed448.js

@@ -1,19 +1,16 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.x448 = exports.ed448ph = exports.ed448 = void 0;
 /*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha3_1 = require("@noble/hashes/sha3");
-const utils_1 = require("@noble/hashes/utils");
-const edwards_1 = require("../edwards");
-const modular_1 = require("../modular");
-const montgomery_1 = require("../montgomery");
+import { shake256 } from '@noble/hashes/sha3';
+import { concatBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';
+import { twistedEdwards } from '../edwards.js';
+import { mod, pow2 } from '../modular.js';
+import { montgomery } from '../montgomery.js';
 /**
  * Edwards448 (not Ed448-Goldilocks) curve with following addons:
  * * X448 ECDH
  * Conforms to RFC 8032 https://www.rfc-editor.org/rfc/rfc8032.html#section-5.2
  */
-const shake256_114 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 114 }));
-const shake256_64 = (0, utils_1.wrapConstructor)(() => sha3_1.shake256.create({ dkLen: 64 }));
+const shake256_114 = wrapConstructor(() => shake256.create({ dkLen: 114 }));
+const shake256_64 = wrapConstructor(() => shake256.create({ dkLen: 64 }));
 const ed448P = BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439');
 // powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.
 function ed448_pow_Pminus3div4(x) {
@@ -25,17 +22,17 @@ function ed448_pow_Pminus3div4(x) {
     // [223 of 1, 0, 222 of 1], almost same as secp!
     const b2 = (x * x * x) % P;
     const b3 = (b2 * b2 * x) % P;
-    const b6 = ((0, modular_1.pow2)(b3, _3n, P) * b3) % P;
-    const b9 = ((0, modular_1.pow2)(b6, _3n, P) * b3) % P;
-    const b11 = ((0, modular_1.pow2)(b9, _2n, P) * b2) % P;
-    const b22 = ((0, modular_1.pow2)(b11, _11n, P) * b11) % P;
-    const b44 = ((0, modular_1.pow2)(b22, _22n, P) * b22) % P;
-    const b88 = ((0, modular_1.pow2)(b44, _44n, P) * b44) % P;
-    const b176 = ((0, modular_1.pow2)(b88, _88n, P) * b88) % P;
-    const b220 = ((0, modular_1.pow2)(b176, _44n, P) * b44) % P;
-    const b222 = ((0, modular_1.pow2)(b220, _2n, P) * b2) % P;
-    const b223 = ((0, modular_1.pow2)(b222, _1n, P) * x) % P;
-    return ((0, modular_1.pow2)(b223, _223n, P) * b222) % P;
+    const b6 = (pow2(b3, _3n, P) * b3) % P;
+    const b9 = (pow2(b6, _3n, P) * b3) % P;
+    const b11 = (pow2(b9, _2n, P) * b2) % P;
+    const b22 = (pow2(b11, _11n, P) * b11) % P;
+    const b44 = (pow2(b22, _22n, P) * b22) % P;
+    const b88 = (pow2(b44, _44n, P) * b44) % P;
+    const b176 = (pow2(b88, _88n, P) * b88) % P;
+    const b220 = (pow2(b176, _44n, P) * b44) % P;
+    const b222 = (pow2(b220, _2n, P) * b2) % P;
+    const b223 = (pow2(b222, _1n, P) * x) % P;
+    return (pow2(b223, _223n, P) * b222) % P;
 }
 function adjustScalarBytes(bytes) {
     // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0, and the most
@@ -69,7 +66,7 @@ const ED448_DEF = {
     domain: (data, ctx, phflag) => {
         if (ctx.length > 255)
             throw new Error(`Context is too big: ${ctx.length}`);
-        return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
+        return concatBytes(utf8ToBytes('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
     },
     // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.
     // Uses algo from RFC8032 5.1.3.
@@ -82,22 +79,22 @@ const ED448_DEF = {
         // inversion of v and the square root:
         //           (p+1)/4    3            (p-3)/4
         // x = (u/v)        = u  v (u^5 v^3)         (mod p)
-        const u2v = (0, modular_1.mod)(u * u * v, P);
-        const u3v = (0, modular_1.mod)(u2v * u, P); // u^2v
-        const u5v3 = (0, modular_1.mod)(u3v * u2v * v, P); // u^5v^3
+        const u2v = mod(u * u * v, P);
+        const u3v = mod(u2v * u, P); // u^2v
+        const u5v3 = mod(u3v * u2v * v, P); // u^5v^3
         const root = ed448_pow_Pminus3div4(u5v3);
-        const x = (0, modular_1.mod)(u3v * root, P);
+        const x = mod(u3v * root, P);
         // Verify that root is exists
-        const x2 = (0, modular_1.mod)(x * x, P); // x^2
+        const x2 = mod(x * x, P); // x^2
         // If v * x^2 = u, the recovered x-coordinate is x.  Otherwise, no
         // square root exists, and the decoding fails.
-        return { isValid: (0, modular_1.mod)(x2 * v, P) === u, value: x };
+        return { isValid: mod(x2 * v, P) === u, value: x };
     },
 };
-exports.ed448 = (0, edwards_1.twistedEdwards)(ED448_DEF);
+export const ed448 = twistedEdwards(ED448_DEF);
 // NOTE: there is no ed448ctx, since ed448 supports ctx by default
-exports.ed448ph = (0, edwards_1.twistedEdwards)({ ...ED448_DEF, preHash: shake256_64 });
-exports.x448 = (0, montgomery_1.montgomery)({
+export const ed448ph = twistedEdwards({ ...ED448_DEF, preHash: shake256_64 });
+export const x448 = montgomery({
     a24: BigInt(39081),
     montgomeryBits: 448,
     nByteLength: 57,
@@ -106,8 +103,8 @@ exports.x448 = (0, montgomery_1.montgomery)({
     powPminus2: (x) => {
         const P = ed448P;
         const Pminus3div4 = ed448_pow_Pminus3div4(x);
-        const Pminus3 = (0, modular_1.pow2)(Pminus3div4, BigInt(2), P);
-        return (0, modular_1.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2
+        const Pminus3 = pow2(Pminus3div4, BigInt(2), P);
+        return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2
     },
     adjustScalarBytes,
     // The 4-isogeny maps between the Montgomery curve and this Edwards

package/lib/definitions/jubjub.d.ts

@@ -2,6 +2,6 @@
  * jubjub Twisted Edwards curve.
  * https://neuromancer.sk/std/other/JubJub
  */
-export declare const jubjub: import("../edwards").CurveFn;
-export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType;
-export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards").ExtendedPointType;
+export declare const jubjub: import("../edwards.js").CurveFn;
+export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("../edwards.js").ExtendedPointType;
+export declare function findGroupHash(m: Uint8Array, personalization: Uint8Array): import("../edwards.js").ExtendedPointType;

package/lib/definitions/jubjub.js

@@ -1,16 +1,13 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
 /*! @noble/curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha256_1 = require("@noble/hashes/sha256");
-const utils_1 = require("@noble/hashes/utils");
-const edwards_1 = require("../edwards");
-const blake2s_1 = require("@noble/hashes/blake2s");
+import { sha256 } from '@noble/hashes/sha256';
+import { concatBytes, utf8ToBytes } from '@noble/hashes/utils';
+import { twistedEdwards } from '../edwards.js';
+import { blake2s } from '@noble/hashes/blake2s';
 /**
  * jubjub Twisted Edwards curve.
  * https://neuromancer.sk/std/other/JubJub
  */
-exports.jubjub = (0, edwards_1.twistedEdwards)({
+export const jubjub = twistedEdwards({
     // Params: a, d
     a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
     d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
@@ -24,25 +21,24 @@ exports.jubjub = (0, edwards_1.twistedEdwards)({
     // Base point (x, y) aka generator point
     Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
     Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
-    hash: sha256_1.sha256,
+    hash: sha256,
 });
-const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
+const GH_FIRST_BLOCK = utf8ToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
 // Returns point at JubJub curve which is prime order and not zero
-function groupHash(tag, personalization) {
-    const h = blake2s_1.blake2s.create({ personalization, dkLen: 32 });
+export function groupHash(tag, personalization) {
+    const h = blake2s.create({ personalization, dkLen: 32 });
     h.update(GH_FIRST_BLOCK);
     h.update(tag);
     // NOTE: returns ExtendedPoint, in case it will be multiplied later
-    let p = exports.jubjub.ExtendedPoint.fromAffine(exports.jubjub.Point.fromHex(h.digest()));
+    let p = jubjub.ExtendedPoint.fromAffine(jubjub.Point.fromHex(h.digest()));
     // NOTE: cannot replace with isSmallOrder, returns Point*8
-    p = p.multiply(exports.jubjub.CURVE.h);
-    if (p.equals(exports.jubjub.ExtendedPoint.ZERO))
+    p = p.multiply(jubjub.CURVE.h);
+    if (p.equals(jubjub.ExtendedPoint.ZERO))
         throw new Error('Point has small order');
     return p;
 }
-exports.groupHash = groupHash;
-function findGroupHash(m, personalization) {
-    const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0]));
+export function findGroupHash(m, personalization) {
+    const tag = concatBytes(m, new Uint8Array([0]));
     for (let i = 0; i < 256; i++) {
         tag[tag.length - 1] = i;
         try {
@@ -52,4 +48,3 @@ function findGroupHash(m, personalization) {
     }
     throw new Error('findGroupHash tag overflow');
 }
-exports.findGroupHash = findGroupHash;