@noble/curves 0.4.0 → 0.5.0

package/lib/stark.d.ts

@@ -0,0 +1,72 @@
+import { ProjectivePointType } from './abstract/weierstrass.js';
+import * as cutils from './abstract/utils.js';
+declare type ProjectivePoint = ProjectivePointType<bigint>;
+export declare const starkCurve: import("./abstract/weierstrass.js").CurveFn;
+declare function getPublicKey0x(privKey: Hex, isCompressed?: boolean): Uint8Array;
+declare function getSharedSecret0x(privKeyA: Hex, pubKeyB: Hex): Uint8Array;
+declare function sign0x(msgHash: Hex, privKey: Hex, opts: any): import("./abstract/weierstrass.js").SignatureType;
+declare function verify0x(signature: Hex, msgHash: Hex, pubKey: Hex): boolean;
+declare const CURVE: Readonly<{
+    readonly nBitLength: number;
+    readonly nByteLength: number;
+    readonly Fp: import("./abstract/modular.js").Field<bigint>;
+    readonly n: bigint;
+    readonly h: bigint;
+    readonly hEff?: bigint | undefined;
+    readonly Gx: bigint;
+    readonly Gy: bigint;
+    readonly wrapPrivateKey?: boolean | undefined;
+    readonly allowInfinityPoint?: boolean | undefined;
+    readonly a: bigint;
+    readonly b: bigint;
+    readonly normalizePrivateKey?: ((key: cutils.PrivKey) => cutils.PrivKey) | undefined;
+    readonly endo?: {
+        beta: bigint;
+        splitScalar: (k: bigint) => {
+            k1neg: boolean;
+            k1: bigint;
+            k2neg: boolean;
+            k2: bigint;
+        };
+    } | undefined;
+    readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => boolean) | undefined;
+    readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => ProjectivePointType<bigint>) | undefined;
+    readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
+    readonly mapToCurve?: ((scalar: bigint[]) => {
+        x: bigint;
+        y: bigint;
+    }) | undefined;
+    lowS: boolean;
+    readonly hash: cutils.CHash;
+    readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
+    readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
+    readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+}>, Point: import("./abstract/weierstrass.js").PointConstructor<bigint>, ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, Signature: import("./abstract/weierstrass.js").SignatureConstructor;
+export declare const utils: {
+    mod: (a: bigint, b?: bigint | undefined) => bigint;
+    invert: (number: bigint, modulo?: bigint | undefined) => bigint;
+    _bigintToBytes: (num: bigint) => Uint8Array;
+    _bigintToString: (num: bigint) => string;
+    _normalizePrivateKey: (key: cutils.PrivKey) => bigint;
+    _normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
+    _isWithinCurveOrder: (num: bigint) => boolean;
+    _isValidFieldElement: (num: bigint) => boolean;
+    _weierstrassEquation: (x: bigint) => bigint;
+    isValidPrivateKey(privateKey: cutils.PrivKey): boolean;
+    hashToPrivateKey: (hash: cutils.Hex) => Uint8Array;
+    randomPrivateKey: () => Uint8Array;
+};
+export { CURVE, Point, Signature, ProjectivePoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, };
+export declare const bytesToHexEth: (uint8a: Uint8Array) => string;
+export declare const strip0x: (hex: string) => string;
+export declare const numberToHexEth: (num: bigint | number) => string;
+declare type Hex = Uint8Array | string;
+export declare function grindKey(seed: Hex): string;
+export declare function getStarkKey(privateKey: Hex): string;
+export declare function ethSigToPrivate(signature: string): string;
+export declare function getAccountPath(layer: string, application: string, ethereumAddress: string, index: number): string;
+declare type PedersenArg = Hex | bigint | number;
+export declare function pedersen(x: PedersenArg, y: PedersenArg): string;
+export declare function hashChain(data: PedersenArg[], fn?: typeof pedersen): PedersenArg;
+export declare const computeHashOnElements: (data: PedersenArg[], fn?: typeof pedersen) => PedersenArg;
+export declare const keccak: (data: Uint8Array) => bigint;

package/lib/stark.js

@@ -0,0 +1,243 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.keccak = exports.computeHashOnElements = exports.hashChain = exports.pedersen = exports.getAccountPath = exports.ethSigToPrivate = exports.getStarkKey = exports.grindKey = exports.numberToHexEth = exports.strip0x = exports.bytesToHexEth = exports.verify = exports.sign = exports.getSharedSecret = exports.getPublicKey = exports.ProjectivePoint = exports.Signature = exports.Point = exports.CURVE = exports.utils = exports.starkCurve = void 0;
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const sha3_1 = require("@noble/hashes/sha3");
+const sha256_1 = require("@noble/hashes/sha256");
+const weierstrass_js_1 = require("./abstract/weierstrass.js");
+const cutils = require("./abstract/utils.js");
+const modular_js_1 = require("./abstract/modular.js");
+const _shortw_utils_js_1 = require("./_shortw_utils.js");
+// Stark-friendly elliptic curve
+// https://docs.starkware.co/starkex/stark-curve.html
+const CURVE_N = BigInt('3618502788666131213697322783095070105526743751716087489154079457884512865583');
+const nBitLength = 252;
+exports.starkCurve = (0, weierstrass_js_1.weierstrass)({
+    // Params: a, b
+    a: BigInt(1),
+    b: BigInt('3141592653589793238462643383279502884197169399375105820974944592307816406665'),
+    // Field over which we'll do calculations; 2n**251n + 17n * 2n**192n + 1n
+    // There is no efficient sqrt for field (P%4==1)
+    Fp: (0, modular_js_1.Fp)(BigInt('0x800000000000011000000000000000000000000000000000000000000000001')),
+    // Curve order, total count of valid points in the field.
+    n: CURVE_N,
+    nBitLength: nBitLength,
+    // Base point (x, y) aka generator point
+    Gx: BigInt('874739451078007766457464989774322083649278607533249481151382481072868806602'),
+    Gy: BigInt('152666792071518830868575557812948353041420400780739481342941381225525861407'),
+    h: BigInt(1),
+    // Default options
+    lowS: false,
+    ...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256),
+    truncateHash: (hash, truncateOnly = false) => {
+        // TODO: cleanup, ugly code
+        // Fix truncation
+        if (!truncateOnly) {
+            let hashS = bytesToNumber0x(hash).toString(16);
+            if (hashS.length === 63) {
+                hashS += '0';
+                hash = hexToBytes0x(hashS);
+            }
+        }
+        // Truncate zero bytes on left (compat with elliptic)
+        while (hash[0] === 0)
+            hash = hash.subarray(1);
+        const byteLength = hash.length;
+        const delta = byteLength * 8 - nBitLength; // size of curve.n (252 bits)
+        let h = hash.length ? bytesToNumber0x(hash) : 0n;
+        if (delta > 0)
+            h = h >> BigInt(delta);
+        if (!truncateOnly && h >= CURVE_N)
+            h -= CURVE_N;
+        return h;
+    },
+});
+// Custom Starknet type conversion functions that can handle 0x and unpadded hex
+function hexToBytes0x(hex) {
+    if (typeof hex !== 'string') {
+        throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
+    }
+    hex = (0, exports.strip0x)(hex);
+    if (hex.length & 1)
+        hex = '0' + hex; // padding
+    if (hex.length % 2)
+        throw new Error('hexToBytes: received invalid unpadded hex ' + hex.length);
+    const array = new Uint8Array(hex.length / 2);
+    for (let i = 0; i < array.length; i++) {
+        const j = i * 2;
+        const hexByte = hex.slice(j, j + 2);
+        const byte = Number.parseInt(hexByte, 16);
+        if (Number.isNaN(byte) || byte < 0)
+            throw new Error('Invalid byte sequence');
+        array[i] = byte;
+    }
+    return array;
+}
+function hexToNumber0x(hex) {
+    if (typeof hex !== 'string') {
+        throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
+    }
+    // Big Endian
+    // TODO: strip vs no strip?
+    return BigInt(`0x${(0, exports.strip0x)(hex)}`);
+}
+function bytesToNumber0x(bytes) {
+    return hexToNumber0x(cutils.bytesToHex(bytes));
+}
+function ensureBytes0x(hex) {
+    // Uint8Array.from() instead of hash.slice() because node.js Buffer
+    // is instance of Uint8Array, and its slice() creates **mutable** copy
+    return hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes0x(hex);
+}
+function normalizePrivateKey(privKey) {
+    return cutils.bytesToHex(ensureBytes0x(privKey)).padStart(32 * 2, '0');
+}
+function getPublicKey0x(privKey, isCompressed) {
+    return exports.starkCurve.getPublicKey(normalizePrivateKey(privKey), isCompressed);
+}
+exports.getPublicKey = getPublicKey0x;
+function getSharedSecret0x(privKeyA, pubKeyB) {
+    return exports.starkCurve.getSharedSecret(normalizePrivateKey(privKeyA), pubKeyB);
+}
+exports.getSharedSecret = getSharedSecret0x;
+function sign0x(msgHash, privKey, opts) {
+    if (typeof privKey === 'string')
+        privKey = (0, exports.strip0x)(privKey).padStart(64, '0');
+    return exports.starkCurve.sign(ensureBytes0x(msgHash), normalizePrivateKey(privKey), opts);
+}
+exports.sign = sign0x;
+function verify0x(signature, msgHash, pubKey) {
+    const sig = signature instanceof Signature ? signature : ensureBytes0x(signature);
+    return exports.starkCurve.verify(sig, ensureBytes0x(msgHash), ensureBytes0x(pubKey));
+}
+exports.verify = verify0x;
+const { CURVE, Point, ProjectivePoint, Signature } = exports.starkCurve;
+exports.CURVE = CURVE;
+exports.Point = Point;
+exports.ProjectivePoint = ProjectivePoint;
+exports.Signature = Signature;
+exports.utils = exports.starkCurve.utils;
+const stripLeadingZeros = (s) => s.replace(/^0+/gm, '');
+const bytesToHexEth = (uint8a) => `0x${stripLeadingZeros(cutils.bytesToHex(uint8a))}`;
+exports.bytesToHexEth = bytesToHexEth;
+const strip0x = (hex) => hex.replace(/^0x/i, '');
+exports.strip0x = strip0x;
+const numberToHexEth = (num) => `0x${num.toString(16)}`;
+exports.numberToHexEth = numberToHexEth;
+// 1. seed generation
+function hashKeyWithIndex(key, index) {
+    let indexHex = cutils.numberToHexUnpadded(index);
+    if (indexHex.length & 1)
+        indexHex = '0' + indexHex;
+    return bytesToNumber0x((0, sha256_1.sha256)(cutils.concatBytes(key, hexToBytes0x(indexHex))));
+}
+function grindKey(seed) {
+    const _seed = ensureBytes0x(seed);
+    const sha256mask = 2n ** 256n;
+    const limit = sha256mask - exports.starkCurve.utils.mod(sha256mask, exports.starkCurve.CURVE.n);
+    for (let i = 0;; i++) {
+        const key = hashKeyWithIndex(_seed, i);
+        // key should be in [0, limit)
+        if (key < limit)
+            return exports.starkCurve.utils.mod(key, exports.starkCurve.CURVE.n).toString(16);
+    }
+}
+exports.grindKey = grindKey;
+function getStarkKey(privateKey) {
+    return (0, exports.bytesToHexEth)(getPublicKey0x(privateKey, true).slice(1));
+}
+exports.getStarkKey = getStarkKey;
+function ethSigToPrivate(signature) {
+    signature = (0, exports.strip0x)(signature.replace(/^0x/, ''));
+    if (signature.length !== 130)
+        throw new Error('Wrong ethereum signature');
+    return grindKey(signature.substring(0, 64));
+}
+exports.ethSigToPrivate = ethSigToPrivate;
+const MASK_31 = 2n ** 31n - 1n;
+const int31 = (n) => Number(n & MASK_31);
+function getAccountPath(layer, application, ethereumAddress, index) {
+    const layerNum = int31(bytesToNumber0x((0, sha256_1.sha256)(layer)));
+    const applicationNum = int31(bytesToNumber0x((0, sha256_1.sha256)(application)));
+    const eth = hexToNumber0x(ethereumAddress);
+    return `m/2645'/${layerNum}'/${applicationNum}'/${int31(eth)}'/${int31(eth >> 31n)}'/${index}`;
+}
+exports.getAccountPath = getAccountPath;
+// https://docs.starkware.co/starkex/pedersen-hash-function.html
+const PEDERSEN_POINTS_AFFINE = [
+    new Point(2089986280348253421170679821480865132823066470938446095505822317253594081284n, 1713931329540660377023406109199410414810705867260802078187082345529207694986n),
+    new Point(996781205833008774514500082376783249102396023663454813447423147977397232763n, 1668503676786377725805489344771023921079126552019160156920634619255970485781n),
+    new Point(2251563274489750535117886426533222435294046428347329203627021249169616184184n, 1798716007562728905295480679789526322175868328062420237419143593021674992973n),
+    new Point(2138414695194151160943305727036575959195309218611738193261179310511854807447n, 113410276730064486255102093846540133784865286929052426931474106396135072156n),
+    new Point(2379962749567351885752724891227938183011949129833673362440656643086021394946n, 776496453633298175483985398648758586525933812536653089401905292063708816422n),
+];
+// for (const p of PEDERSEN_POINTS) p._setWindowSize(8);
+const PEDERSEN_POINTS = PEDERSEN_POINTS_AFFINE.map(ProjectivePoint.fromAffine);
+function pedersenPrecompute(p1, p2) {
+    const out = [];
+    let p = p1;
+    for (let i = 0; i < 248; i++) {
+        out.push(p);
+        p = p.double();
+    }
+    p = p2;
+    for (let i = 0; i < 4; i++) {
+        out.push(p);
+        p = p.double();
+    }
+    return out;
+}
+const PEDERSEN_POINTS1 = pedersenPrecompute(PEDERSEN_POINTS[1], PEDERSEN_POINTS[2]);
+const PEDERSEN_POINTS2 = pedersenPrecompute(PEDERSEN_POINTS[3], PEDERSEN_POINTS[4]);
+function pedersenArg(arg) {
+    let value;
+    if (typeof arg === 'bigint')
+        value = arg;
+    else if (typeof arg === 'number') {
+        if (!Number.isSafeInteger(arg))
+            throw new Error(`Invalid pedersenArg: ${arg}`);
+        value = BigInt(arg);
+    }
+    else
+        value = bytesToNumber0x(ensureBytes0x(arg));
+    // [0..Fp)
+    if (!(0n <= value && value < exports.starkCurve.CURVE.Fp.ORDER))
+        throw new Error(`PedersenArg should be 0 <= value < CURVE.P: ${value}`);
+    return value;
+}
+function pedersenSingle(point, value, constants) {
+    let x = pedersenArg(value);
+    for (let j = 0; j < 252; j++) {
+        const pt = constants[j];
+        if (pt.x === point.x)
+            throw new Error('Same point');
+        if ((x & 1n) !== 0n)
+            point = point.add(pt);
+        x >>= 1n;
+    }
+    return point;
+}
+// shift_point + x_low * P_0 + x_high * P1 + y_low * P2  + y_high * P3
+function pedersen(x, y) {
+    let point = PEDERSEN_POINTS[0];
+    point = pedersenSingle(point, x, PEDERSEN_POINTS1);
+    point = pedersenSingle(point, y, PEDERSEN_POINTS2);
+    return (0, exports.bytesToHexEth)(point.toAffine().toRawBytes(true).slice(1));
+}
+exports.pedersen = pedersen;
+function hashChain(data, fn = pedersen) {
+    if (!Array.isArray(data) || data.length < 1)
+        throw new Error('data should be array of at least 1 element');
+    if (data.length === 1)
+        return (0, exports.numberToHexEth)(pedersenArg(data[0]));
+    return Array.from(data)
+        .reverse()
+        .reduce((acc, i) => fn(i, acc));
+}
+exports.hashChain = hashChain;
+// Same as hashChain, but computes hash even for single element and order is not revesed
+const computeHashOnElements = (data, fn = pedersen) => [0, ...data, data.length].reduce((x, y) => fn(x, y));
+exports.computeHashOnElements = computeHashOnElements;
+const MASK_250 = 2n ** 250n - 1n;
+const keccak = (data) => bytesToNumber0x((0, sha3_1.keccak_256)(data)) & MASK_250;
+exports.keccak = keccak;

package/package.json

@@ -1,19 +1,17 @@
 {
   "name": "@noble/curves",
-  "version": "0.4.0",
-  "description": "Minimal, zero-dependency JS implementation of elliptic curve cryptography",
+  "version": "0.5.0",
+  "description": "Minimal, auditable JS implementation of elliptic curve cryptography",
   "files": [
-    "index.js",
-    "lib",
-    "lib/esm"
+    "lib"
   ],
   "scripts": {
-    "bench": "node curve-definitions/benchmark/index.js",
+    "bench": "node benchmark/index.js",
     "build": "tsc && tsc -p tsconfig.esm.json",
     "build:release": "rollup -c rollup.config.js",
-    "lint": "prettier --check 'src/**/*.{js,ts}' 'curve-definitions/src/**/*.{js,ts}'",
-    "format": "prettier --write 'src/**/*.{js,ts}' 'curve-definitions/src/**/*.{js,ts}'",
-    "test": "cd curve-definitions; node test/index.test.js"
+    "lint": "prettier --check 'src/**/*.{js,ts}' 'test/*.js'",
+    "format": "prettier --write 'src/**/*.{js,ts}' 'test/*.js'",
+    "test": "node test/index.test.js"
   },
   "author": "Paul Miller (https://paulmillr.com)",
   "homepage": "https://paulmillr.com/noble/",
@@ -22,8 +20,16 @@
     "url": "https://github.com/paulmillr/noble-curves.git"
   },
   "license": "MIT",
+  "dependencies": {
+    "@noble/hashes": "1.1.5"
+  },
   "devDependencies": {
     "@rollup/plugin-node-resolve": "13.3.0",
+    "@scure/base": "~1.1.1",
+    "@scure/bip32": "~1.1.1",
+    "@scure/bip39": "~1.1.0",
+    "@types/node": "18.11.3",
+    "fast-check": "3.0.0",
     "micro-bmark": "0.2.0",
     "micro-should": "0.2.0",
     "prettier": "2.6.2",
@@ -32,55 +38,145 @@
   },
   "main": "index.js",
   "exports": {
-    "./edwards": {
-      "types": "./lib/edwards.d.ts",
-      "import": "./lib/esm/edwards.js",
-      "default": "./lib/edwards.js"
-    },
-    "./modular": {
-      "types": "./lib/modular.d.ts",
-      "import": "./lib/esm/modular.js",
-      "default": "./lib/modular.js"
-    },
-    "./montgomery": {
-      "types": "./lib/montgomery.d.ts",
-      "import": "./lib/esm/montgomery.js",
-      "default": "./lib/montgomery.js"
-    },
-    "./weierstrass": {
-      "types": "./lib/weierstrass.d.ts",
-      "import": "./lib/esm/weierstrass.js",
-      "default": "./lib/weierstrass.js"
-    },
-    "./bls": {
-      "types": "./lib/bls.d.ts",
-      "import": "./lib/esm/bls.js",
-      "default": "./lib/bls.js"
-    },
-    "./hashToCurve": {
-      "types": "./lib/hashToCurve.d.ts",
-      "import": "./lib/esm/hashToCurve.js",
-      "default": "./lib/hashToCurve.js"
-    },
-    "./group": {
-      "types": "./lib/group.d.ts",
-      "import": "./lib/esm/group.js",
-      "default": "./lib/group.js"
-    },
-    "./utils": {
-      "types": "./lib/utils.d.ts",
-      "import": "./lib/esm/utils.js",
-      "default": "./lib/utils.js"
+    ".": {
+      "types": "./lib/index.d.ts",
+      "import": "./lib/esm/index.js",
+      "default": "./lib/index.js"
+    },
+    "./abstract/edwards": {
+      "types": "./lib/abstract/edwards.d.ts",
+      "import": "./lib/esm/abstract/edwards.js",
+      "default": "./lib/abstract/edwards.js"
+    },
+    "./abstract/modular": {
+      "types": "./lib/abstract/modular.d.ts",
+      "import": "./lib/esm/abstract/modular.js",
+      "default": "./lib/abstract/modular.js"
+    },
+    "./abstract/montgomery": {
+      "types": "./lib/abstract/montgomery.d.ts",
+      "import": "./lib/esm/abstract/montgomery.js",
+      "default": "./lib/abstract/montgomery.js"
+    },
+    "./abstract/weierstrass": {
+      "types": "./lib/abstract/weierstrass.d.ts",
+      "import": "./lib/esm/abstract/weierstrass.js",
+      "default": "./lib/abstract/weierstrass.js"
+    },
+    "./abstract/bls": {
+      "types": "./lib/abstract/bls.d.ts",
+      "import": "./lib/esm/abstract/bls.js",
+      "default": "./lib/abstract/bls.js"
+    },
+    "./abstract/hash-to-curve": {
+      "types": "./lib/abstract/hash-to-curve.d.ts",
+      "import": "./lib/esm/abstract/hash-to-curve.js",
+      "default": "./lib/abstract/hash-to-curve.js"
+    },
+    "./abstract/group": {
+      "types": "./lib/abstract/group.d.ts",
+      "import": "./lib/esm/abstract/group.js",
+      "default": "./lib/abstract/group.js"
+    },
+    "./abstract/utils": {
+      "types": "./lib/abstract/utils.d.ts",
+      "import": "./lib/esm/abstract/utils.js",
+      "default": "./lib/abstract/utils.js"
+    },
+    "./_shortw_utils": {
+      "types": "./lib/_shortw_utils.d.ts",
+      "import": "./lib/esm/_shortw_utils.js",
+      "default": "./lib/_shortw_utils.js"
+    },
+    "./bls12-381": {
+      "types": "./lib/bls12-381.d.ts",
+      "import": "./lib/esm/bls12-381.js",
+      "default": "./lib/bls12-381.js"
+    },
+    "./bn": {
+      "types": "./lib/bn.d.ts",
+      "import": "./lib/esm/bn.js",
+      "default": "./lib/bn.js"
+    },
+    "./ed25519": {
+      "types": "./lib/ed25519.d.ts",
+      "import": "./lib/esm/ed25519.js",
+      "default": "./lib/ed25519.js"
+    },
+    "./ed448": {
+      "types": "./lib/ed448.d.ts",
+      "import": "./lib/esm/ed448.js",
+      "default": "./lib/ed448.js"
+    },
+    "./index": {
+      "types": "./lib/index.d.ts",
+      "import": "./lib/esm/index.js",
+      "default": "./lib/index.js"
+    },
+    "./jubjub": {
+      "types": "./lib/jubjub.d.ts",
+      "import": "./lib/esm/jubjub.js",
+      "default": "./lib/jubjub.js"
+    },
+    "./p192": {
+      "types": "./lib/p192.d.ts",
+      "import": "./lib/esm/p192.js",
+      "default": "./lib/p192.js"
+    },
+    "./p224": {
+      "types": "./lib/p224.d.ts",
+      "import": "./lib/esm/p224.js",
+      "default": "./lib/p224.js"
+    },
+    "./p256": {
+      "types": "./lib/p256.d.ts",
+      "import": "./lib/esm/p256.js",
+      "default": "./lib/p256.js"
+    },
+    "./p384": {
+      "types": "./lib/p384.d.ts",
+      "import": "./lib/esm/p384.js",
+      "default": "./lib/p384.js"
+    },
+    "./p521": {
+      "types": "./lib/p521.d.ts",
+      "import": "./lib/esm/p521.js",
+      "default": "./lib/p521.js"
+    },
+    "./pasta": {
+      "types": "./lib/pasta.d.ts",
+      "import": "./lib/esm/pasta.js",
+      "default": "./lib/pasta.js"
+    },
+    "./secp256k1": {
+      "types": "./lib/secp256k1.d.ts",
+      "import": "./lib/esm/secp256k1.js",
+      "default": "./lib/secp256k1.js"
+    },
+    "./stark": {
+      "types": "./lib/stark.d.ts",
+      "import": "./lib/esm/stark.js",
+      "default": "./lib/stark.js"
     }
   },
   "keywords": [
     "elliptic",
     "curve",
     "cryptography",
-    "hyperelliptic",
+    "weierstrass",
+    "montgomery",
+    "edwards",
     "p256",
     "p384",
     "p521",
+    "secp256r1",
+    "secp256k1",
+    "ed25519",
+    "ed448",
+    "bls12-381",
+    "bn254",
+    "pasta",
+    "bls",
     "nist",
     "ecc",
     "ecdsa",
@@ -93,4 +189,4 @@
       "url": "https://paulmillr.com/funding/"
     }
   ]
-}
+}

package/index.js

@@ -1 +0,0 @@
-throw new Error('Incorrect usage. Import submodules instead');