@noble/curves 0.5.2 → 0.6.0

package/lib/secp256k1.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.schnorr = exports.taggedHash = exports.secp256k1 = void 0;
+exports.encodeToCurve = exports.hashToCurve = exports.schnorr = exports.secp256k1 = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const sha256_1 = require("@noble/hashes/sha256");
 const modular_js_1 = require("./abstract/modular.js");
@@ -8,7 +8,7 @@ const _shortw_utils_js_1 = require("./_shortw_utils.js");
 const weierstrass_js_1 = require("./abstract/weierstrass.js");
 const utils_js_1 = require("./abstract/utils.js");
 const utils_1 = require("@noble/hashes/utils");
-const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js");
+const htf = require("./abstract/hash-to-curve.js");
 /**
  * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
  * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
@@ -22,10 +22,7 @@ const _1n = BigInt(1);
 const _2n = BigInt(2);
 const divNearest = (a, b) => (a + b / _2n) / b;
 /**
- * Allows to compute square root √y 2x faster.
- * To calculate √y, we need to exponentiate it to a very big number:
- * `y² = x³ + ax + b; y = y² ^ (p+1)/4`
- * We are unwrapping the loop and multiplying it bit-by-bit.
+ * √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.
  * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]
  */
 function sqrtMod(y) {
@@ -48,45 +45,11 @@ function sqrtMod(y) {
     const t1 = ((0, modular_js_1.pow2)(b223, _23n, P) * b22) % P;
     const t2 = ((0, modular_js_1.pow2)(t1, _6n, P) * b2) % P;
     const root = (0, modular_js_1.pow2)(t2, _2n, P);
-    if (!Fp.equals(Fp.square(root), y))
+    if (!Fp.eql(Fp.sqr(root), y))
         throw new Error('Cannot find square root');
     return root;
 }
 const Fp = (0, modular_js_1.Fp)(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
-const isoMap = (0, hash_to_curve_js_1.isogenyMap)(Fp, [
-    // xNum
-    [
-        '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',
-        '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',
-        '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',
-        '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',
-    ],
-    // xDen
-    [
-        '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',
-        '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',
-        '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1
-    ],
-    // yNum
-    [
-        '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',
-        '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',
-        '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',
-        '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',
-    ],
-    // yDen
-    [
-        '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',
-        '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',
-        '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',
-        '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1
-    ],
-].map((i) => i.map((j) => BigInt(j))));
-const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
-    A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),
-    B: BigInt('1771'),
-    Z: Fp.create(BigInt('-11')),
-});
 exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
     // Params: a, b
     // Seem to be rigid https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
@@ -129,51 +92,13 @@ exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
             return { k1neg, k1, k2neg, k2 };
         },
     },
-    mapToCurve: (scalars) => {
-        const { x, y } = mapSWU(Fp.create(scalars[0]));
-        return isoMap(x, y);
-    },
-    htfDefaults: {
-        DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',
-        p: Fp.ORDER,
-        m: 1,
-        k: 128,
-        expand: 'xmd',
-        hash: sha256_1.sha256,
-    },
 }, sha256_1.sha256);
-// Schnorr
+// Schnorr signatures are superior to ECDSA from above.
+// Below is Schnorr-specific code as per BIP0340.
+// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
 const _0n = BigInt(0);
-const numTo32b = exports.secp256k1.utils._bigintToBytes;
-const numTo32bStr = exports.secp256k1.utils._bigintToString;
-const normalizePrivateKey = exports.secp256k1.utils._normalizePrivateKey;
-// TODO: export?
-function normalizePublicKey(publicKey) {
-    if (publicKey instanceof exports.secp256k1.Point) {
-        publicKey.assertValidity();
-        return publicKey;
-    }
-    else {
-        const bytes = (0, utils_js_1.ensureBytes)(publicKey);
-        // Schnorr is 32 bytes
-        if (bytes.length !== 32)
-            throw new Error('Schnorr pubkeys must be 32 bytes');
-        const x = (0, utils_js_1.bytesToNumberBE)(bytes);
-        if (!isValidFieldElement(x))
-            throw new Error('Point is not on curve');
-        const y2 = exports.secp256k1.utils._weierstrassEquation(x); // y² = x³ + ax + b
-        let y = sqrtMod(y2); // y = y² ^ (p+1)/4
-        const isYOdd = (y & _1n) === _1n;
-        // Schnorr
-        if (isYOdd)
-            y = exports.secp256k1.CURVE.Fp.negate(y);
-        const point = new exports.secp256k1.Point(x, y);
-        point.assertValidity();
-        return point;
-    }
-}
-const isWithinCurveOrder = exports.secp256k1.utils._isWithinCurveOrder;
-const isValidFieldElement = exports.secp256k1.utils._isValidFieldElement;
+const fe = (x) => typeof x === 'bigint' && _0n < x && x < secp256k1P;
+const ge = (x) => typeof x === 'bigint' && _0n < x && x < secp256k1N;
 const TAGS = {
     challenge: 'BIP0340/challenge',
     aux: 'BIP0340/aux',
@@ -190,46 +115,38 @@ function taggedHash(tag, ...messages) {
     }
     return (0, sha256_1.sha256)((0, utils_js_1.concatBytes)(tagP, ...messages));
 }
-exports.taggedHash = taggedHash;
 const toRawX = (point) => point.toRawBytes(true).slice(1);
-// Schnorr signatures are superior to ECDSA from above.
-// Below is Schnorr-specific code as per BIP0340.
-function schnorrChallengeFinalize(ch) {
-    return (0, modular_js_1.mod)((0, utils_js_1.bytesToNumberBE)(ch), exports.secp256k1.CURVE.n);
-}
-// Do we need this at all for Schnorr?
-class SchnorrSignature {
-    constructor(r, s) {
-        this.r = r;
-        this.s = s;
-        this.assertValidity();
-    }
-    static fromHex(hex) {
-        const bytes = (0, utils_js_1.ensureBytes)(hex);
-        const len = 32; // group length
-        if (bytes.length !== 2 * len)
-            throw new TypeError(`SchnorrSignature.fromHex: expected ${2 * len} bytes, not ${bytes.length}`);
-        const r = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(0, len));
-        const s = (0, utils_js_1.bytesToNumberBE)(bytes.subarray(len, 2 * len));
-        return new SchnorrSignature(r, s);
-    }
-    assertValidity() {
-        const { r, s } = this;
-        if (!isValidFieldElement(r) || !isWithinCurveOrder(s))
-            throw new Error('Invalid signature');
-    }
-    toHex() {
-        return numTo32bStr(this.r) + numTo32bStr(this.s);
-    }
-    toRawBytes() {
-        return (0, utils_js_1.hexToBytes)(this.toHex());
-    }
-}
+const numTo32b = (n) => (0, utils_js_1.numberToBytesBE)(n, 32);
+const modN = (x) => (0, modular_js_1.mod)(x, secp256k1N);
+const _Point = exports.secp256k1.ProjectivePoint;
+const Gmul = (priv) => _Point.fromPrivateKey(priv);
+const GmulAdd = (Q, a, b) => _Point.BASE.multiplyAndAddUnsafe(Q, a, b);
 function schnorrGetScalar(priv) {
-    const point = exports.secp256k1.Point.fromPrivateKey(priv);
-    const scalar = point.hasEvenY() ? priv : exports.secp256k1.CURVE.n - priv;
+    // Let d' = int(sk)
+    // Fail if d' = 0 or d' ≥ n
+    // Let P = d'⋅G
+    // Let d = d' if has_even_y(P), otherwise let d = n - d' .
+    const point = Gmul(priv);
+    const scalar = point.hasEvenY() ? priv : modN(-priv);
     return { point, scalar, x: toRawX(point) };
 }
+function lift_x(x) {
+    if (!fe(x))
+        throw new Error('bad x: need 0 < x < p'); // Fail if x ≥ p.
+    const c = (0, modular_js_1.mod)(x * x * x + BigInt(7), secp256k1P); // Let c = x³ + 7 mod p.
+    let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
+    if (y % 2n !== 0n)
+        y = (0, modular_js_1.mod)(-y, secp256k1P); // Return the unique point P such that x(P) = x and
+    const p = new _Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
+    p.assertValidity();
+    return p;
+}
+function challenge(...args) {
+    return modN((0, utils_js_1.bytesToNumberBE)(taggedHash(TAGS.challenge, ...args)));
+}
+function schnorrGetPublicKey(privateKey) {
+    return toRawX(Gmul(privateKey)); // Let d' = int(sk). Fail if d' = 0 or d' ≥ n. Return bytes(d'⋅G)
+}
 /**
  * Synchronously creates Schnorr signature. Improved security: verifies itself before
  * producing an output.
@@ -239,23 +156,23 @@ function schnorrGetScalar(priv) {
  */
 function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)) {
     if (message == null)
-        throw new TypeError(`sign: Expected valid message, not "${message}"`);
+        throw new Error(`sign: Expected valid message, not "${message}"`);
     const m = (0, utils_js_1.ensureBytes)(message);
     // checks for isWithinCurveOrder
-    const { x: px, scalar: d } = schnorrGetScalar(normalizePrivateKey(privateKey));
-    const rand = (0, utils_js_1.ensureBytes)(auxRand);
-    if (rand.length !== 32)
-        throw new TypeError('sign: Expected 32 bytes of aux randomness');
-    const tag = taggedHash;
-    const t0h = tag(TAGS.aux, rand);
-    const t = numTo32b(d ^ (0, utils_js_1.bytesToNumberBE)(t0h));
-    const k0h = tag(TAGS.nonce, t, px, m);
-    const k0 = (0, modular_js_1.mod)((0, utils_js_1.bytesToNumberBE)(k0h), exports.secp256k1.CURVE.n);
-    if (k0 === _0n)
-        throw new Error('sign: Creation of signature failed. k is zero');
-    const { point: R, x: rx, scalar: k } = schnorrGetScalar(k0);
-    const e = schnorrChallengeFinalize(tag(TAGS.challenge, rx, px, m));
-    const sig = new SchnorrSignature(R.x, (0, modular_js_1.mod)(k + e * d, exports.secp256k1.CURVE.n)).toRawBytes();
+    const { x: px, scalar: d } = schnorrGetScalar((0, utils_js_1.bytesToNumberBE)((0, utils_js_1.ensureBytes)(privateKey, 32)));
+    const a = (0, utils_js_1.ensureBytes)(auxRand, 32); // Auxiliary random data a: a 32-byte array
+    // TODO: replace with proper xor?
+    const t = numTo32b(d ^ (0, utils_js_1.bytesToNumberBE)(taggedHash(TAGS.aux, a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+    const rand = taggedHash(TAGS.nonce, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
+    const k_ = modN((0, utils_js_1.bytesToNumberBE)(rand)); // Let k' = int(rand) mod n
+    if (k_ === _0n)
+        throw new Error('sign failed: k is zero'); // Fail if k' = 0.
+    const { point: R, x: rx, scalar: k } = schnorrGetScalar(k_); // Let R = k'⋅G.
+    const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
+    const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).
+    sig.set(numTo32b(R.px), 0);
+    sig.set(numTo32b(modN(k + e * d)), 32);
+    // If Verify(bytes(P), m, sig) (see below) returns failure, abort
     if (!schnorrVerify(sig, m, px))
         throw new Error('sign: Invalid signature produced');
     return sig;
@@ -265,30 +182,77 @@ function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)
  */
 function schnorrVerify(signature, message, publicKey) {
     try {
-        const raw = signature instanceof SchnorrSignature;
-        const sig = raw ? signature : SchnorrSignature.fromHex(signature);
-        if (raw)
-            sig.assertValidity(); // just in case
-        const { r, s } = sig;
-        const m = (0, utils_js_1.ensureBytes)(message);
-        const P = normalizePublicKey(publicKey);
-        const e = schnorrChallengeFinalize(taggedHash(TAGS.challenge, numTo32b(r), toRawX(P), m));
-        // Finalize
-        // R = s⋅G - e⋅P
-        // -eP == (n-e)P
-        const R = exports.secp256k1.Point.BASE.multiplyAndAddUnsafe(P, normalizePrivateKey(s), (0, modular_js_1.mod)(-e, exports.secp256k1.CURVE.n));
-        if (!R || !R.hasEvenY() || R.x !== r)
+        const P = lift_x((0, utils_js_1.bytesToNumberBE)((0, utils_js_1.ensureBytes)(publicKey, 32))); // P = lift_x(int(pk)); fail if that fails
+        const sig = (0, utils_js_1.ensureBytes)(signature, 64);
+        const r = (0, utils_js_1.bytesToNumberBE)(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
+        if (!fe(r))
+            return false;
+        const s = (0, utils_js_1.bytesToNumberBE)(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
+        if (!ge(s))
             return false;
-        return true;
+        const m = (0, utils_js_1.ensureBytes)(message);
+        const e = challenge(numTo32b(r), toRawX(P), m); // int(challenge(bytes(r)||bytes(P)||m)) mod n
+        const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P
+        if (!R || !R.hasEvenY() || R.toAffine().x !== r)
+            return false; // -eP == (n-e)P
+        return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.
     }
     catch (error) {
         return false;
     }
 }
 exports.schnorr = {
-    Signature: SchnorrSignature,
     // Schnorr's pubkey is just `x` of Point (BIP340)
-    getPublicKey: (privateKey) => toRawX(exports.secp256k1.Point.fromPrivateKey(privateKey)),
+    getPublicKey: schnorrGetPublicKey,
     sign: schnorrSign,
     verify: schnorrVerify,
+    utils: { lift_x, int: utils_js_1.bytesToNumberBE, taggedHash },
 };
+const isoMap = htf.isogenyMap(Fp, [
+    // xNum
+    [
+        '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',
+        '0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',
+        '0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',
+        '0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',
+    ],
+    // xDen
+    [
+        '0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',
+        '0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',
+        '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1
+    ],
+    // yNum
+    [
+        '0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',
+        '0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',
+        '0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',
+        '0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',
+    ],
+    // yDen
+    [
+        '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',
+        '0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',
+        '0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',
+        '0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1
+    ],
+].map((i) => i.map((j) => BigInt(j))));
+const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
+    A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),
+    B: BigInt('1771'),
+    Z: Fp.create(BigInt('-11')),
+});
+const { hashToCurve, encodeToCurve } = htf.hashToCurve(exports.secp256k1.ProjectivePoint, (scalars) => {
+    const { x, y } = mapSWU(Fp.create(scalars[0]));
+    return isoMap(x, y);
+}, {
+    DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',
+    encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',
+    p: Fp.ORDER,
+    m: 1,
+    k: 128,
+    expand: 'xmd',
+    hash: sha256_1.sha256,
+});
+exports.hashToCurve = hashToCurve;
+exports.encodeToCurve = encodeToCurve;

package/lib/stark.d.ts

@@ -1,6 +1,7 @@
-import { ProjectivePointType } from './abstract/weierstrass.js';
+import { ProjPointType } from './abstract/weierstrass.js';
 import * as cutils from './abstract/utils.js';
-declare type ProjectivePoint = ProjectivePointType<bigint>;
+import { Field } from './abstract/modular.js';
+declare type ProjectivePoint = ProjPointType<bigint>;
 export declare const starkCurve: import("./abstract/weierstrass.js").CurveFn;
 declare function getPublicKey0x(privKey: Hex, isCompressed?: boolean): Uint8Array;
 declare function getSharedSecret0x(privKeyA: Hex, pubKeyB: Hex): Uint8Array;
@@ -9,7 +10,7 @@ declare function verify0x(signature: Hex, msgHash: Hex, pubKey: Hex): boolean;
 declare const CURVE: Readonly<{
     readonly nBitLength: number;
     readonly nByteLength: number;
-    readonly Fp: import("./abstract/modular.js").Field<bigint>;
+    readonly Fp: Field<bigint>;
     readonly n: bigint;
     readonly h: bigint;
     readonly hEff?: bigint | undefined;
@@ -29,32 +30,22 @@ declare const CURVE: Readonly<{
             k2: bigint;
         };
     } | undefined;
-    readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => boolean) | undefined;
-    readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => ProjectivePointType<bigint>) | undefined;
-    readonly htfDefaults?: import("./abstract/hash-to-curve.js").htfOpts | undefined;
-    readonly mapToCurve?: ((scalar: bigint[]) => {
-        x: bigint;
-        y: bigint;
-    }) | undefined;
+    readonly isTorsionFree?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: ProjPointType<bigint>) => boolean) | undefined;
+    readonly clearCofactor?: ((c: import("./abstract/weierstrass.js").ProjConstructor<bigint>, point: ProjPointType<bigint>) => ProjPointType<bigint>) | undefined;
     lowS: boolean;
     readonly hash: cutils.CHash;
     readonly hmac: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
     readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
-    readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
-}>, Point: import("./abstract/weierstrass.js").PointConstructor<bigint>, ProjectivePoint: import("./abstract/weierstrass.js").ProjectiveConstructor<bigint>, Signature: import("./abstract/weierstrass.js").SignatureConstructor;
+    readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
+    readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
+}>, ProjectivePoint: import("./abstract/weierstrass.js").ProjConstructor<bigint>, Signature: import("./abstract/weierstrass.js").SignatureConstructor;
 export declare const utils: {
-    _bigintToBytes: (num: bigint) => Uint8Array;
-    _bigintToString: (num: bigint) => string;
     _normalizePrivateKey: (key: cutils.PrivKey) => bigint;
-    _normalizePublicKey: (publicKey: import("./abstract/weierstrass.js").PubKey) => import("./abstract/weierstrass.js").PointType<bigint>;
-    _isWithinCurveOrder: (num: bigint) => boolean;
-    _isValidFieldElement: (num: bigint) => boolean;
-    _weierstrassEquation: (x: bigint) => bigint;
     isValidPrivateKey(privateKey: cutils.PrivKey): boolean;
     hashToPrivateKey: (hash: cutils.Hex) => Uint8Array;
     randomPrivateKey: () => Uint8Array;
 };
-export { CURVE, Point, Signature, ProjectivePoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, };
+export { CURVE, Signature, ProjectivePoint, getPublicKey0x as getPublicKey, getSharedSecret0x as getSharedSecret, sign0x as sign, verify0x as verify, };
 export declare const bytesToHexEth: (uint8a: Uint8Array) => string;
 export declare const strip0x: (hex: string) => string;
 export declare const numberToHexEth: (num: bigint | number) => string;
@@ -68,3 +59,29 @@ export declare function pedersen(x: PedersenArg, y: PedersenArg): string;
 export declare function hashChain(data: PedersenArg[], fn?: typeof pedersen): PedersenArg;
 export declare const computeHashOnElements: (data: PedersenArg[], fn?: typeof pedersen) => PedersenArg;
 export declare const keccak: (data: Uint8Array) => bigint;
+export declare const Fp253: Readonly<Field<bigint> & Required<Pick<Field<bigint>, "isOdd">>>;
+export declare const Fp251: Readonly<Field<bigint> & Required<Pick<Field<bigint>, "isOdd">>>;
+export declare function _poseidonMDS(Fp: Field<bigint>, name: string, m: number, attempt?: number): bigint[][];
+export declare type PoseidonOpts = {
+    Fp: Field<bigint>;
+    rate: number;
+    capacity: number;
+    roundsFull: number;
+    roundsPartial: number;
+};
+export declare function poseidonBasic(opts: PoseidonOpts, mds: bigint[][]): {
+    (values: bigint[]): bigint[];
+    roundConstants: bigint[][];
+};
+export declare function poseidonCreate(opts: PoseidonOpts, mdsAttempt?: number): {
+    (values: bigint[]): bigint[];
+    roundConstants: bigint[][];
+};
+export declare const poseidonSmall: {
+    (values: bigint[]): bigint[];
+    roundConstants: bigint[][];
+};
+export declare function poseidonHash(x: bigint, y: bigint, fn?: {
+    (values: bigint[]): bigint[];
+    roundConstants: bigint[][];
+}): bigint;