@noble/curves 0.5.1 → 0.5.2

package/lib/esm/bls12-381.js

@@ -1,4 +1,14 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// The pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to:
+// - Construct zk-SNARKs at the 128-bit security
+// - Use threshold signatures, which allows a user to sign lots of messages with one signature and verify them swiftly in a batch, using Boneh-Lynn-Shacham signature scheme.
+// Differences from @noble/bls12-381 1.4:
+// - PointG1 -> G1.Point
+// - PointG2 -> G2.Point
+// - PointG2.fromSignature -> Signature.decode
+// - PointG2.toSignature ->  Signature.encode
+// - Fixed Fp2 ORDER
+// - Points now have only two coordinates
 import { sha256 } from '@noble/hashes/sha256';
 import { randomBytes } from '@noble/hashes/utils';
 import { bls } from './abstract/bls.js';
@@ -7,13 +17,6 @@ import { concatBytes, ensureBytes, numberToBytesBE, bytesToNumberBE, bitLen, bit
 // Types
 import { mapToCurveSimpleSWU, } from './abstract/weierstrass.js';
 import { isogenyMap } from './abstract/hash-to-curve.js';
-// Differences from bls12-381:
-// - PointG1 -> G1.Point
-// - PointG2 -> G2.Point
-// - PointG2.fromSignature -> Signature.decode
-// - PointG2.toSignature ->  Signature.encode
-// - Fixed Fp2 ORDER
-// Points now have only two coordinates
 // CURVE FIELDS
 // Finite field over p.
 const Fp = mod.Fp(0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaabn);
@@ -97,6 +100,8 @@ const Fp2 = {
         return { c0: Fp.mul(factor, Fp.create(a)), c1: Fp.mul(factor, Fp.create(-b)) };
     },
     sqrt: (num) => {
+        if (Fp2.equals(num, Fp2.ZERO))
+            return Fp2.ZERO; // Algo doesn't handles this case
         // TODO: Optimize this line. It's extremely slow.
         // Speeding this up would boost aggregateSignatures.
         // https://eprint.iacr.org/2012/685.pdf applicable?

package/lib/esm/ed25519.js

@@ -222,13 +222,13 @@ const D_MINUS_ONE_SQ = BigInt('4044083434630853685810104246932319082624839914623
 // Calculates 1/√(number)
 const invertSqrt = (number) => uvRatio(_1n, number);
 const MAX_255B = BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
-const bytes255ToNumberLE = (bytes) => ed25519.utils.mod(bytesToNumberLE(bytes) & MAX_255B);
+const bytes255ToNumberLE = (bytes) => ed25519.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_255B);
 // Computes Elligator map for Ristretto
 // https://ristretto.group/formulas/elligator.html
 function calcElligatorRistrettoMap(r0) {
     const { d } = ed25519.CURVE;
     const P = ed25519.CURVE.Fp.ORDER;
-    const { mod } = ed25519.utils;
+    const mod = ed25519.CURVE.Fp.create;
     const r = mod(SQRT_M1 * r0 * r0); // 1
     const Ns = mod((r + _1n) * ONE_MINUS_D_SQ); // 2
     let c = BigInt(-1); // 3
@@ -286,7 +286,7 @@ export class RistrettoPoint {
         hex = ensureBytes(hex, 32);
         const { a, d } = ed25519.CURVE;
         const P = ed25519.CURVE.Fp.ORDER;
-        const { mod } = ed25519.utils;
+        const mod = ed25519.CURVE.Fp.create;
         const emsg = 'RistrettoPoint.fromHex: the hex is not valid encoding of RistrettoPoint';
         const s = bytes255ToNumberLE(hex);
         // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.
@@ -318,7 +318,7 @@ export class RistrettoPoint {
     toRawBytes() {
         let { x, y, z, t } = this.ep;
         const P = ed25519.CURVE.Fp.ORDER;
-        const { mod } = ed25519.utils;
+        const mod = ed25519.CURVE.Fp.create;
         const u1 = mod(mod(z + y) * mod(z - y)); // 1
         const u2 = mod(x * y); // 2
         // Square root always exists
@@ -356,7 +356,7 @@ export class RistrettoPoint {
         assertRstPoint(other);
         const a = this.ep;
         const b = other.ep;
-        const { mod } = ed25519.utils;
+        const mod = ed25519.CURVE.Fp.create;
         // (x1 * y2 == y1 * x2) | (y1 * y2 == x1 * x2)
         const one = mod(a.x * b.y) === mod(a.y * b.x);
         const two = mod(a.y * b.y) === mod(a.x * b.x);

package/lib/esm/ed448.js

@@ -126,7 +126,8 @@ const ED448_DEF = {
     d: BigInt('726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'),
     // Finite field 𝔽p over which we'll do calculations; 2n ** 448n - 2n ** 224n - 1n
     Fp,
-    // Subgroup order: how many points ed448 has; 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n
+    // Subgroup order: how many points curve has;
+    // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n
     n: BigInt('181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'),
     nBitLength: 456,
     // Cofactor

package/lib/esm/jubjub.js

@@ -1,5 +1,5 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { sha256 } from '@noble/hashes/sha256';
+import { sha512 } from '@noble/hashes/sha512';
 import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils';
 import { twistedEdwards } from './abstract/edwards.js';
 import { blake2s } from '@noble/hashes/blake2s';
@@ -7,22 +7,23 @@ import { Fp } from './abstract/modular.js';
 /**
  * jubjub Twisted Edwards curve.
  * https://neuromancer.sk/std/other/JubJub
+ * jubjub does not use EdDSA, so `hash`/sha512 params are passed because interface expects them.
  */
 export const jubjub = twistedEdwards({
     // Params: a, d
     a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
     d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
     // Finite field 𝔽p over which we'll do calculations
+    // Same value as bls12-381 Fr (not Fp)
     Fp: Fp(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
-    // Subgroup order: how many points ed25519 has
-    // 2n ** 252n + 27742317777372353535851937790883648493n;
+    // Subgroup order: how many points curve has
     n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
     // Cofactor
     h: BigInt(8),
     // Base point (x, y) aka generator point
     Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
     Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
-    hash: sha256,
+    hash: sha512,
     randomBytes,
 });
 const GH_FIRST_BLOCK = utf8ToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');

package/lib/esm/secp256k1.js

@@ -7,10 +7,8 @@ import { ensureBytes, concatBytes, hexToBytes, bytesToNumberBE, } from './abstra
 import { randomBytes } from '@noble/hashes/utils';
 import { isogenyMap } from './abstract/hash-to-curve.js';
 /**
- * secp256k1 belongs to Koblitz curves: it has
- * efficiently computable Frobenius endomorphism.
- * Endomorphism improves efficiency:
- * Uses 2x less RAM, speeds up precomputation by 2x and ECDH / sign key recovery by 20%.
+ * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
+ * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
  * Should always be used for Projective's double-and-add multiplication.
  * For affines cached multiplication, it trades off 1/2 init time & 1/3 ram for 20% perf hit.
  * https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
@@ -111,7 +109,7 @@ export const secp256k1 = createCurve({
             const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');
             const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');
             const b2 = a1;
-            const POW_2_128 = BigInt('0x100000000000000000000000000000000');
+            const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)
             const c1 = divNearest(b2 * k, n);
             const c2 = divNearest(-b1 * k, n);
             let k1 = mod(k - c1 * a1 - c2 * a2, n);
@@ -155,22 +153,20 @@ function normalizePublicKey(publicKey) {
     else {
         const bytes = ensureBytes(publicKey);
         // Schnorr is 32 bytes
-        if (bytes.length === 32) {
-            const x = bytesToNumberBE(bytes);
-            if (!isValidFieldElement(x))
-                throw new Error('Point is not on curve');
-            const y2 = secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
-            let y = sqrtMod(y2); // y = y² ^ (p+1)/4
-            const isYOdd = (y & _1n) === _1n;
-            // Schnorr
-            if (isYOdd)
-                y = secp256k1.CURVE.Fp.negate(y);
-            const point = new secp256k1.Point(x, y);
-            point.assertValidity();
-            return point;
-        }
-        // Do we need that in schnorr at all?
-        return secp256k1.Point.fromHex(publicKey);
+        if (bytes.length !== 32)
+            throw new Error('Schnorr pubkeys must be 32 bytes');
+        const x = bytesToNumberBE(bytes);
+        if (!isValidFieldElement(x))
+            throw new Error('Point is not on curve');
+        const y2 = secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
+        let y = sqrtMod(y2); // y = y² ^ (p+1)/4
+        const isYOdd = (y & _1n) === _1n;
+        // Schnorr
+        if (isYOdd)
+            y = secp256k1.CURVE.Fp.negate(y);
+        const point = new secp256k1.Point(x, y);
+        point.assertValidity();
+        return point;
     }
 }
 const isWithinCurveOrder = secp256k1.utils._isWithinCurveOrder;
@@ -206,10 +202,11 @@ class SchnorrSignature {
     }
     static fromHex(hex) {
         const bytes = ensureBytes(hex);
-        if (bytes.length !== 64)
-            throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${bytes.length}`);
-        const r = bytesToNumberBE(bytes.subarray(0, 32));
-        const s = bytesToNumberBE(bytes.subarray(32, 64));
+        const len = 32; // group length
+        if (bytes.length !== 2 * len)
+            throw new TypeError(`SchnorrSignature.fromHex: expected ${2 * len} bytes, not ${bytes.length}`);
+        const r = bytesToNumberBE(bytes.subarray(0, len));
+        const s = bytesToNumberBE(bytes.subarray(len, 2 * len));
         return new SchnorrSignature(r, s);
     }
     assertValidity() {

package/lib/esm/stark.js

@@ -121,12 +121,13 @@ function hashKeyWithIndex(key, index) {
 export function grindKey(seed) {
     const _seed = ensureBytes0x(seed);
     const sha256mask = 2n ** 256n;
-    const limit = sha256mask - starkCurve.utils.mod(sha256mask, starkCurve.CURVE.n);
+    const Fn = Fp(CURVE.n);
+    const limit = sha256mask - Fn.create(sha256mask);
     for (let i = 0;; i++) {
         const key = hashKeyWithIndex(_seed, i);
         // key should be in [0, limit)
         if (key < limit)
-            return starkCurve.utils.mod(key, starkCurve.CURVE.n).toString(16);
+            return Fn.create(key).toString(16);
     }
 }
 export function getStarkKey(privateKey) {

package/lib/jubjub.d.ts

@@ -1,6 +1,7 @@
 /**
  * jubjub Twisted Edwards curve.
  * https://neuromancer.sk/std/other/JubJub
+ * jubjub does not use EdDSA, so `hash`/sha512 params are passed because interface expects them.
  */
 export declare const jubjub: import("./abstract/edwards.js").CurveFn;
 export declare function groupHash(tag: Uint8Array, personalization: Uint8Array): import("./abstract/edwards.js").ExtendedPointType;

package/lib/jubjub.js

@@ -2,7 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha256_1 = require("@noble/hashes/sha256");
+const sha512_1 = require("@noble/hashes/sha512");
 const utils_1 = require("@noble/hashes/utils");
 const edwards_js_1 = require("./abstract/edwards.js");
 const blake2s_1 = require("@noble/hashes/blake2s");
@@ -10,22 +10,23 @@ const modular_js_1 = require("./abstract/modular.js");
 /**
  * jubjub Twisted Edwards curve.
  * https://neuromancer.sk/std/other/JubJub
+ * jubjub does not use EdDSA, so `hash`/sha512 params are passed because interface expects them.
  */
 exports.jubjub = (0, edwards_js_1.twistedEdwards)({
     // Params: a, d
     a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
     d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
     // Finite field 𝔽p over which we'll do calculations
+    // Same value as bls12-381 Fr (not Fp)
     Fp: (0, modular_js_1.Fp)(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
-    // Subgroup order: how many points ed25519 has
-    // 2n ** 252n + 27742317777372353535851937790883648493n;
+    // Subgroup order: how many points curve has
     n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
     // Cofactor
     h: BigInt(8),
     // Base point (x, y) aka generator point
     Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
     Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
-    hash: sha256_1.sha256,
+    hash: sha512_1.sha512,
     randomBytes: utils_1.randomBytes,
 });
 const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');

package/lib/p192.d.ts

@@ -38,10 +38,8 @@ export declare const P192: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -49,8 +47,6 @@ export declare const P192: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
@@ -103,10 +99,8 @@ export declare const secp192r1: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -114,8 +108,6 @@ export declare const secp192r1: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;

package/lib/p224.d.ts

@@ -38,10 +38,8 @@ export declare const P224: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -49,8 +47,6 @@ export declare const P224: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
@@ -103,10 +99,8 @@ export declare const secp224r1: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -114,8 +108,6 @@ export declare const secp224r1: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;

package/lib/p256.d.ts

@@ -38,10 +38,8 @@ export declare const P256: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -49,8 +47,6 @@ export declare const P256: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
@@ -103,10 +99,8 @@ export declare const secp256r1: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -114,8 +108,6 @@ export declare const secp256r1: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;

package/lib/p384.d.ts

@@ -38,10 +38,8 @@ export declare const P384: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -49,8 +47,6 @@ export declare const P384: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;
@@ -103,10 +99,8 @@ export declare const secp384r1: Readonly<{
     }>;
     getPublicKey: (privateKey: import("./abstract/utils.js").PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: import("./abstract/utils.js").PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: import("./abstract/utils.js").PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -114,8 +108,6 @@ export declare const secp384r1: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: import("./abstract/utils.js").PrivKey) => bigint;

package/lib/p521.d.ts

@@ -39,10 +39,8 @@ export declare const P521: Readonly<{
     }>;
     getPublicKey: (privateKey: PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -50,8 +48,6 @@ export declare const P521: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: PrivKey) => bigint;
@@ -104,10 +100,8 @@ export declare const secp521r1: Readonly<{
     }>;
     getPublicKey: (privateKey: PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | import("./abstract/utils.js").Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: import("./abstract/utils.js").Hex, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: import("./abstract/utils.js").Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: import("./abstract/utils.js").Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -115,8 +109,6 @@ export declare const secp521r1: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: PrivKey) => bigint;

package/lib/secp256k1.d.ts

@@ -40,10 +40,8 @@ export declare const secp256k1: Readonly<{
     }>;
     getPublicKey: (privateKey: PrivKey, isCompressed?: boolean | undefined) => Uint8Array;
     getSharedSecret: (privateA: PrivKey, publicB: import("./abstract/weierstrass.js").PubKey, isCompressed?: boolean | undefined) => Uint8Array;
-    sign: (msgHash: Hex, privKey: PrivKey, opts?: {
-        lowS?: boolean | undefined;
-        extraEntropy?: (true | Hex) | undefined;
-    } | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    sign: (msgHash: Hex, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
+    signUnhashed: (msg: Uint8Array, privKey: PrivKey, opts?: import("./abstract/weierstrass.js").SignOpts | undefined) => import("./abstract/weierstrass.js").SignatureType;
     verify: (signature: Hex | import("./abstract/weierstrass.js").SignatureType, msgHash: Hex, publicKey: import("./abstract/weierstrass.js").PubKey, opts?: {
         lowS?: boolean | undefined;
     } | undefined) => boolean;
@@ -51,8 +49,6 @@ export declare const secp256k1: Readonly<{
     ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>;
     Signature: import("./abstract/weierstrass.js").SignatureConstructor;
     utils: {
-        mod: (a: bigint, b?: bigint | undefined) => bigint;
-        invert: (number: bigint, modulo?: bigint | undefined) => bigint;
         _bigintToBytes: (num: bigint) => Uint8Array;
         _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: PrivKey) => bigint;

package/lib/secp256k1.js

@@ -10,10 +10,8 @@ const utils_js_1 = require("./abstract/utils.js");
 const utils_1 = require("@noble/hashes/utils");
 const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js");
 /**
- * secp256k1 belongs to Koblitz curves: it has
- * efficiently computable Frobenius endomorphism.
- * Endomorphism improves efficiency:
- * Uses 2x less RAM, speeds up precomputation by 2x and ECDH / sign key recovery by 20%.
+ * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
+ * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
  * Should always be used for Projective's double-and-add multiplication.
  * For affines cached multiplication, it trades off 1/2 init time & 1/3 ram for 20% perf hit.
  * https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
@@ -114,7 +112,7 @@ exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
             const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');
             const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');
             const b2 = a1;
-            const POW_2_128 = BigInt('0x100000000000000000000000000000000');
+            const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)
             const c1 = divNearest(b2 * k, n);
             const c2 = divNearest(-b1 * k, n);
             let k1 = (0, modular_js_1.mod)(k - c1 * a1 - c2 * a2, n);
@@ -158,22 +156,20 @@ function normalizePublicKey(publicKey) {
     else {
         const bytes = (0, utils_js_1.ensureBytes)(publicKey);
         // Schnorr is 32 bytes
-        if (bytes.length === 32) {
-            const x = (0, utils_js_1.bytesToNumberBE)(bytes);
-            if (!isValidFieldElement(x))
-                throw new Error('Point is not on curve');
-            const y2 = exports.secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
-            let y = sqrtMod(y2); // y = y² ^ (p+1)/4
-            const isYOdd = (y & _1n) === _1n;
-            // Schnorr
-            if (isYOdd)
-                y = exports.secp256k1.CURVE.Fp.negate(y);
-            const point = new exports.secp256k1.Point(x, y);
-            point.assertValidity();
-            return point;
-        }
-        // Do we need that in schnorr at all?
-        return exports.secp256k1.Point.fromHex(publicKey);
+        if (bytes.length !== 32)
+            throw new Error('Schnorr pubkeys must be 32 bytes');
+        const x = (0, utils_js_1.bytesToNumberBE)(bytes);
+        if (!isValidFieldElement(x))
+            throw new Error('Point is not on curve');
+        const y2 = exports.secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
+        let y = sqrtMod(y2); // y = y² ^ (p+1)/4
+        const isYOdd = (y & _1n) === _1n;
+        // Schnorr
+        if (isYOdd)
+            y = exports.secp256k1.CURVE.Fp.negate(y);
+        const point = new exports.secp256k1.Point(x, y);
+        point.assertValidity();
+        return point;
     }
 }
 const isWithinCurveOrder = exports.secp256k1.utils._isWithinCurveOrder;
@@ -210,10 +206,11 @@ class SchnorrSignature {
     }
     static fromHex(hex) {
         const bytes = (0, utils_js_1.ensureBytes)(hex);
-        if (bytes.length !== 64)
-            throw new TypeError(`SchnorrSignature.fromHex: expected 64 bytes, not ${bytes.length}`);
-        const r = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(0, 32));
-        const s = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(32, 64));
+        const len = 32; // group length
+        if (bytes.length !== 2 * len)
+            throw new TypeError(`SchnorrSignature.fromHex: expected ${2 * len} bytes, not ${bytes.length}`);
+        const r = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(0, len));
+        const s = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(len, 2 * len));
         return new SchnorrSignature(r, s);
     }
     assertValidity() {

package/lib/stark.d.ts

@@ -43,8 +43,6 @@ declare const CURVE: Readonly<{
     readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
 }>, Point: import("./abstract/weierstrass.js").PointConstructor<bigint>, ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, Signature: import("./abstract/weierstrass.js").SignatureConstructor;
 export declare const utils: {
-    mod: (a: bigint, b?: bigint | undefined) => bigint;
-    invert: (number: bigint, modulo?: bigint | undefined) => bigint;
     _bigintToBytes: (num: bigint) => Uint8Array;
     _bigintToString: (num: bigint) => string;
     _normalizePrivateKey: (key: cutils.PrivKey) => bigint;

package/lib/stark.js

@@ -134,12 +134,13 @@ function hashKeyWithIndex(key, index) {
 function grindKey(seed) {
     const _seed = ensureBytes0x(seed);
     const sha256mask = 2n ** 256n;
-    const limit = sha256mask - exports.starkCurve.utils.mod(sha256mask, exports.starkCurve.CURVE.n);
+    const Fn = (0, modular_js_1.Fp)(CURVE.n);
+    const limit = sha256mask - Fn.create(sha256mask);
     for (let i = 0;; i++) {
         const key = hashKeyWithIndex(_seed, i);
         // key should be in [0, limit)
         if (key < limit)
-            return exports.starkCurve.utils.mod(key, exports.starkCurve.CURVE.n).toString(16);
+            return Fn.create(key).toString(16);
     }
 }
 exports.grindKey = grindKey;