@noble/curves 0.5.2 → 0.6.1

package/lib/abstract/poseidon.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.poseidon = exports.splitConstants = exports.validateOpts = void 0;
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// Poseidon Hash: https://eprint.iacr.org/2019/458.pdf, https://www.poseidon-hash.info
+const modular_js_1 = require("./modular.js");
+function validateOpts(opts) {
+    const { Fp } = opts;
+    (0, modular_js_1.validateField)(Fp);
+    for (const i of ['t', 'roundsFull', 'roundsPartial']) {
+        if (typeof opts[i] !== 'number' || !Number.isSafeInteger(opts[i]))
+            throw new Error(`Poseidon: invalid param ${i}=${opts[i]} (${typeof opts[i]})`);
+    }
+    if (opts.reversePartialPowIdx !== undefined && typeof opts.reversePartialPowIdx !== 'boolean')
+        throw new Error(`Poseidon: invalid param reversePartialPowIdx=${opts.reversePartialPowIdx}`);
+    // Default is 5, but by some reasons stark uses 3
+    let sboxPower = opts.sboxPower;
+    if (sboxPower === undefined)
+        sboxPower = 5;
+    if (typeof sboxPower !== 'number' || !Number.isSafeInteger(sboxPower))
+        throw new Error(`Poseidon wrong sboxPower=${sboxPower}`);
+    const _sboxPower = BigInt(sboxPower);
+    let sboxFn = (n) => (0, modular_js_1.FpPow)(Fp, n, _sboxPower);
+    // Unwrapped sbox power for common cases (195->142μs)
+    if (sboxPower === 3)
+        sboxFn = (n) => Fp.mul(Fp.sqrN(n), n);
+    else if (sboxPower === 5)
+        sboxFn = (n) => Fp.mul(Fp.sqrN(Fp.sqrN(n)), n);
+    if (opts.roundsFull % 2 !== 0)
+        throw new Error(`Poseidon roundsFull is not even: ${opts.roundsFull}`);
+    const rounds = opts.roundsFull + opts.roundsPartial;
+    if (!Array.isArray(opts.roundConstants) || opts.roundConstants.length !== rounds)
+        throw new Error('Poseidon: wrong round constants');
+    const roundConstants = opts.roundConstants.map((rc) => {
+        if (!Array.isArray(rc) || rc.length !== opts.t)
+            throw new Error(`Poseidon wrong round constants: ${rc}`);
+        return rc.map((i) => {
+            if (typeof i !== 'bigint' || !Fp.isValid(i))
+                throw new Error(`Poseidon wrong round constant=${i}`);
+            return Fp.create(i);
+        });
+    });
+    // MDS is TxT matrix
+    if (!Array.isArray(opts.mds) || opts.mds.length !== opts.t)
+        throw new Error('Poseidon: wrong MDS matrix');
+    const mds = opts.mds.map((mdsRow) => {
+        if (!Array.isArray(mdsRow) || mdsRow.length !== opts.t)
+            throw new Error(`Poseidon MDS matrix row: ${mdsRow}`);
+        return mdsRow.map((i) => {
+            if (typeof i !== 'bigint')
+                throw new Error(`Poseidon MDS matrix value=${i}`);
+            return Fp.create(i);
+        });
+    });
+    return Object.freeze({ ...opts, rounds, sboxFn, roundConstants, mds });
+}
+exports.validateOpts = validateOpts;
+function splitConstants(rc, t) {
+    if (typeof t !== 'number')
+        throw new Error('poseidonSplitConstants: wrong t');
+    if (!Array.isArray(rc) || rc.length % t)
+        throw new Error('poseidonSplitConstants: wrong rc');
+    const res = [];
+    let tmp = [];
+    for (let i = 0; i < rc.length; i++) {
+        tmp.push(rc[i]);
+        if (tmp.length === t) {
+            res.push(tmp);
+            tmp = [];
+        }
+    }
+    return res;
+}
+exports.splitConstants = splitConstants;
+function poseidon(opts) {
+    const { t, Fp, rounds, sboxFn, reversePartialPowIdx } = validateOpts(opts);
+    const halfRoundsFull = Math.floor(opts.roundsFull / 2);
+    const partialIdx = reversePartialPowIdx ? t - 1 : 0;
+    const poseidonRound = (values, isFull, idx) => {
+        values = values.map((i, j) => Fp.add(i, opts.roundConstants[idx][j]));
+        if (isFull)
+            values = values.map((i) => sboxFn(i));
+        else
+            values[partialIdx] = sboxFn(values[partialIdx]);
+        // Matrix multiplication
+        values = opts.mds.map((i) => i.reduce((acc, i, j) => Fp.add(acc, Fp.mulN(i, values[j])), Fp.ZERO));
+        return values;
+    };
+    const poseidonHash = function poseidonHash(values) {
+        if (!Array.isArray(values) || values.length !== t)
+            throw new Error(`Poseidon: wrong values (expected array of bigints with length ${t})`);
+        values = values.map((i) => {
+            if (typeof i !== 'bigint')
+                throw new Error(`Poseidon: wrong value=${i} (${typeof i})`);
+            return Fp.create(i);
+        });
+        let round = 0;
+        // Apply r_f/2 full rounds.
+        for (let i = 0; i < halfRoundsFull; i++)
+            values = poseidonRound(values, true, round++);
+        // Apply r_p partial rounds.
+        for (let i = 0; i < opts.roundsPartial; i++)
+            values = poseidonRound(values, false, round++);
+        // Apply r_f/2 full rounds.
+        for (let i = 0; i < halfRoundsFull; i++)
+            values = poseidonRound(values, true, round++);
+        if (round !== rounds)
+            throw new Error(`Poseidon: wrong number of rounds: last round=${round}, total=${rounds}`);
+        return values;
+    };
+    // For verification in tests
+    poseidonHash.roundConstants = opts.roundConstants;
+    return poseidonHash;
+}
+exports.poseidon = poseidon;

package/lib/abstract/utils.d.ts

@@ -1,7 +1,5 @@
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import * as mod from './modular.js';
 export declare type Hex = Uint8Array | string;
-export declare type PrivKey = Hex | bigint | number;
+export declare type PrivKey = Hex | bigint;
 export declare type CHash = {
     (message: Uint8Array | string): Uint8Array;
     blockLen: number;
@@ -10,49 +8,23 @@ export declare type CHash = {
         dkLen?: number;
     }): any;
 };
-export declare type BasicCurve<T> = {
-    Fp: mod.Field<T>;
-    n: bigint;
-    nBitLength?: number;
-    nByteLength?: number;
-    h: bigint;
-    hEff?: bigint;
-    Gx: T;
-    Gy: T;
-    wrapPrivateKey?: boolean;
-    allowInfinityPoint?: boolean;
-};
-export declare function isPositiveInt(num: any): num is number;
-export declare function validateOpts<FP, T>(curve: BasicCurve<FP> & T): Readonly<{
-    readonly nBitLength: number;
-    readonly nByteLength: number;
-} & BasicCurve<FP> & T>;
-export declare function bytesToHex(uint8a: Uint8Array): string;
+export declare type FHash = (message: Uint8Array | string) => Uint8Array;
+export declare function bytesToHex(bytes: Uint8Array): string;
 export declare function numberToHexUnpadded(num: number | bigint): string;
 export declare function hexToNumber(hex: string): bigint;
 export declare function hexToBytes(hex: string): Uint8Array;
 export declare function bytesToNumberBE(bytes: Uint8Array): bigint;
-export declare function bytesToNumberLE(uint8a: Uint8Array): bigint;
+export declare function bytesToNumberLE(bytes: Uint8Array): bigint;
 export declare const numberToBytesBE: (n: bigint, len: number) => Uint8Array;
 export declare const numberToBytesLE: (n: bigint, len: number) => Uint8Array;
+export declare const numberToVarBytesBE: (n: bigint) => Uint8Array;
 export declare function ensureBytes(hex: Hex, expectedLength?: number): Uint8Array;
-export declare function concatBytes(...arrays: Uint8Array[]): Uint8Array;
-export declare function nLength(n: bigint, nBitLength?: number): {
-    nBitLength: number;
-    nByteLength: number;
-};
-/**
- * FIPS 186 B.4.1-compliant "constant-time" private key generation utility.
- * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF
- * and convert them into private scalar, with the modulo bias being neglible.
- * Needs at least 40 bytes of input for 32-byte private key.
- * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
- * @param hash hash output from SHA3 or a similar function
- * @returns valid private scalar
- */
-export declare function hashToPrivateScalar(hash: Hex, groupOrder: bigint, isLE?: boolean): bigint;
+export declare function concatBytes(...arrs: Uint8Array[]): Uint8Array;
 export declare function equalBytes(b1: Uint8Array, b2: Uint8Array): boolean;
 export declare function bitLen(n: bigint): number;
 export declare const bitGet: (n: bigint, pos: number) => bigint;
 export declare const bitSet: (n: bigint, pos: number, value: boolean) => bigint;
 export declare const bitMask: (n: number) => bigint;
+declare type ValMap = Record<string, string>;
+export declare function validateObject(object: object, validators: ValMap, optValidators?: ValMap): object;
+export {};

package/lib/abstract/utils.js

@@ -1,46 +1,19 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.equalBytes = exports.hashToPrivateScalar = exports.nLength = exports.concatBytes = exports.ensureBytes = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = exports.validateOpts = exports.isPositiveInt = void 0;
+exports.validateObject = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const mod = require("./modular.js");
 const _0n = BigInt(0);
 const _1n = BigInt(1);
 const _2n = BigInt(2);
-// Bans floats and integers above 2^53-1
-function isPositiveInt(num) {
-    return typeof num === 'number' && Number.isSafeInteger(num) && num > 0;
-}
-exports.isPositiveInt = isPositiveInt;
-function validateOpts(curve) {
-    mod.validateField(curve.Fp);
-    for (const i of ['n', 'h']) {
-        const val = curve[i];
-        if (typeof val !== 'bigint')
-            throw new Error(`Invalid curve param ${i}=${val} (${typeof val})`);
-    }
-    if (!curve.Fp.isValid(curve.Gx))
-        throw new Error('Invalid generator X coordinate Fp element');
-    if (!curve.Fp.isValid(curve.Gy))
-        throw new Error('Invalid generator Y coordinate Fp element');
-    for (const i of ['nBitLength', 'nByteLength']) {
-        const val = curve[i];
-        if (val === undefined)
-            continue; // Optional
-        if (!isPositiveInt(val))
-            throw new Error(`Invalid curve param ${i}=${val} (${typeof val})`);
-    }
-    // Set defaults
-    return Object.freeze({ ...nLength(curve.n, curve.nBitLength), ...curve });
-}
-exports.validateOpts = validateOpts;
+const u8a = (a) => a instanceof Uint8Array;
 const hexes = Array.from({ length: 256 }, (v, i) => i.toString(16).padStart(2, '0'));
-function bytesToHex(uint8a) {
-    if (!(uint8a instanceof Uint8Array))
-        throw new Error('Expected Uint8Array');
+function bytesToHex(bytes) {
+    if (!u8a(bytes))
+        throw new Error('Uint8Array expected');
     // pre-caching improves the speed 6x
     let hex = '';
-    for (let i = 0; i < uint8a.length; i++) {
-        hex += hexes[uint8a[i]];
+    for (let i = 0; i < bytes.length; i++) {
+        hex += hexes[bytes[i]];
     }
     return hex;
 }
@@ -51,27 +24,25 @@ function numberToHexUnpadded(num) {
 }
 exports.numberToHexUnpadded = numberToHexUnpadded;
 function hexToNumber(hex) {
-    if (typeof hex !== 'string') {
-        throw new TypeError('hexToNumber: expected string, got ' + typeof hex);
-    }
+    if (typeof hex !== 'string')
+        throw new Error('string expected, got ' + typeof hex);
     // Big Endian
     return BigInt(`0x${hex}`);
 }
 exports.hexToNumber = hexToNumber;
 // Caching slows it down 2-3x
 function hexToBytes(hex) {
-    if (typeof hex !== 'string') {
-        throw new TypeError('hexToBytes: expected string, got ' + typeof hex);
-    }
+    if (typeof hex !== 'string')
+        throw new Error('string expected, got ' + typeof hex);
     if (hex.length % 2)
-        throw new Error('hexToBytes: received invalid unpadded hex ' + hex.length);
+        throw new Error('hex string is invalid: unpadded ' + hex.length);
     const array = new Uint8Array(hex.length / 2);
     for (let i = 0; i < array.length; i++) {
         const j = i * 2;
         const hexByte = hex.slice(j, j + 2);
         const byte = Number.parseInt(hexByte, 16);
         if (Number.isNaN(byte) || byte < 0)
-            throw new Error('Invalid byte sequence');
+            throw new Error('invalid byte sequence');
         array[i] = byte;
     }
     return array;
@@ -82,68 +53,41 @@ function bytesToNumberBE(bytes) {
     return hexToNumber(bytesToHex(bytes));
 }
 exports.bytesToNumberBE = bytesToNumberBE;
-function bytesToNumberLE(uint8a) {
-    if (!(uint8a instanceof Uint8Array))
-        throw new Error('Expected Uint8Array');
-    return BigInt('0x' + bytesToHex(Uint8Array.from(uint8a).reverse()));
+function bytesToNumberLE(bytes) {
+    if (!u8a(bytes))
+        throw new Error('Uint8Array expected');
+    return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
 }
 exports.bytesToNumberLE = bytesToNumberLE;
 const numberToBytesBE = (n, len) => hexToBytes(n.toString(16).padStart(len * 2, '0'));
 exports.numberToBytesBE = numberToBytesBE;
 const numberToBytesLE = (n, len) => (0, exports.numberToBytesBE)(n, len).reverse();
 exports.numberToBytesLE = numberToBytesLE;
+// Returns variable number bytes (minimal bigint encoding?)
+const numberToVarBytesBE = (n) => hexToBytes(numberToHexUnpadded(n));
+exports.numberToVarBytesBE = numberToVarBytesBE;
 function ensureBytes(hex, expectedLength) {
     // Uint8Array.from() instead of hash.slice() because node.js Buffer
     // is instance of Uint8Array, and its slice() creates **mutable** copy
-    const bytes = hex instanceof Uint8Array ? Uint8Array.from(hex) : hexToBytes(hex);
+    const bytes = u8a(hex) ? Uint8Array.from(hex) : hexToBytes(hex);
     if (typeof expectedLength === 'number' && bytes.length !== expectedLength)
         throw new Error(`Expected ${expectedLength} bytes`);
     return bytes;
 }
 exports.ensureBytes = ensureBytes;
 // Copies several Uint8Arrays into one.
-function concatBytes(...arrays) {
-    if (!arrays.every((b) => b instanceof Uint8Array))
-        throw new Error('Uint8Array list expected');
-    if (arrays.length === 1)
-        return arrays[0];
-    const length = arrays.reduce((a, arr) => a + arr.length, 0);
-    const result = new Uint8Array(length);
-    for (let i = 0, pad = 0; i < arrays.length; i++) {
-        const arr = arrays[i];
-        result.set(arr, pad);
-        pad += arr.length;
-    }
-    return result;
+function concatBytes(...arrs) {
+    const r = new Uint8Array(arrs.reduce((sum, a) => sum + a.length, 0));
+    let pad = 0; // walk through each item, ensure they have proper type
+    arrs.forEach((a) => {
+        if (!u8a(a))
+            throw new Error('Uint8Array expected');
+        r.set(a, pad);
+        pad += a.length;
+    });
+    return r;
 }
 exports.concatBytes = concatBytes;
-// CURVE.n lengths
-function nLength(n, nBitLength) {
-    // Bit size, byte size of CURVE.n
-    const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;
-    const nByteLength = Math.ceil(_nBitLength / 8);
-    return { nBitLength: _nBitLength, nByteLength };
-}
-exports.nLength = nLength;
-/**
- * FIPS 186 B.4.1-compliant "constant-time" private key generation utility.
- * Can take (n+8) or more bytes of uniform input e.g. from CSPRNG or KDF
- * and convert them into private scalar, with the modulo bias being neglible.
- * Needs at least 40 bytes of input for 32-byte private key.
- * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
- * @param hash hash output from SHA3 or a similar function
- * @returns valid private scalar
- */
-function hashToPrivateScalar(hash, groupOrder, isLE = false) {
-    hash = ensureBytes(hash);
-    const hashLen = hash.length;
-    const minLen = nLength(groupOrder).nByteLength + 8;
-    if (minLen < 24 || hashLen < minLen || hashLen > 1024)
-        throw new Error(`hashToPrivateScalar: expected ${minLen}-1024 bytes of input, got ${hashLen}`);
-    const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);
-    return mod.mod(num, groupOrder - _1n) + _1n;
-}
-exports.hashToPrivateScalar = hashToPrivateScalar;
 function equalBytes(b1, b2) {
     // We don't care about timing attacks here
     if (b1.length !== b2.length)
@@ -174,3 +118,33 @@ exports.bitSet = bitSet;
 // Not using ** operator with bigints for old engines.
 const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
 exports.bitMask = bitMask;
+function validateObject(object, validators, optValidators = {}) {
+    const validatorFns = {
+        bigint: (val) => typeof val === 'bigint',
+        function: (val) => typeof val === 'function',
+        boolean: (val) => typeof val === 'boolean',
+        string: (val) => typeof val === 'string',
+        isSafeInteger: (val) => Number.isSafeInteger(val),
+        array: (val) => Array.isArray(val),
+        field: (val) => object.Fp.isValid(val),
+        hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),
+    };
+    // type Key = keyof typeof validators;
+    const checkField = (fieldName, type, isOptional) => {
+        const checkVal = validatorFns[type];
+        if (typeof checkVal !== 'function')
+            throw new Error(`Invalid validator "${type}", expected function`);
+        const val = object[fieldName];
+        if (isOptional && val === undefined)
+            return;
+        if (!checkVal(val)) {
+            throw new Error(`Invalid param ${fieldName}=${val} (${typeof val}), expected ${type}`);
+        }
+    };
+    for (let [fieldName, type] of Object.entries(validators))
+        checkField(fieldName, type, false);
+    for (let [fieldName, type] of Object.entries(optValidators))
+        checkField(fieldName, type, true);
+    return object;
+}
+exports.validateObject = validateObject;

package/lib/abstract/weierstrass.d.ts

@@ -1,9 +1,9 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import * as mod from './modular.js';
 import * as ut from './utils.js';
-import { Hex, PrivKey } from './utils.js';
-import { htfOpts } from './hash-to-curve.js';
-import { Group, GroupConstructor } from './group.js';
+import { CHash, Hex, PrivKey } from './utils.js';
+import { Group, GroupConstructor, BasicCurve, AffinePoint } from './curve.js';
+export type { AffinePoint };
 declare type HmacFnSync = (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array;
 declare type EndomorphismOpts = {
     beta: bigint;
@@ -14,24 +14,24 @@ declare type EndomorphismOpts = {
         k2: bigint;
     };
 };
-export declare type BasicCurve<T> = ut.BasicCurve<T> & {
+export declare type BasicWCurve<T> = BasicCurve<T> & {
     a: T;
     b: T;
-    normalizePrivateKey?: (key: PrivKey) => PrivKey;
+    allowedPrivateKeyLengths?: readonly number[];
     wrapPrivateKey?: boolean;
     endo?: EndomorphismOpts;
-    isTorsionFree?: (c: ProjectiveConstructor<T>, point: ProjectivePointType<T>) => boolean;
-    clearCofactor?: (c: ProjectiveConstructor<T>, point: ProjectivePointType<T>) => ProjectivePointType<T>;
-    htfDefaults?: htfOpts;
-    mapToCurve?: (scalar: bigint[]) => {
-        x: T;
-        y: T;
-    };
+    isTorsionFree?: (c: ProjConstructor<T>, point: ProjPointType<T>) => boolean;
+    clearCofactor?: (c: ProjConstructor<T>, point: ProjPointType<T>) => ProjPointType<T>;
 };
 declare type Entropy = Hex | true;
 export declare type SignOpts = {
     lowS?: boolean;
     extraEntropy?: Entropy;
+    prehash?: boolean;
+};
+export declare type VerOpts = {
+    lowS?: boolean;
+    prehash?: boolean;
 };
 /**
  * ### Design rationale for types
@@ -54,54 +54,41 @@ export declare type SignOpts = {
  *
  * TODO: https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#unique-symbol
  */
-export interface ProjectivePointType<T> extends Group<ProjectivePointType<T>> {
-    readonly x: T;
-    readonly y: T;
-    readonly z: T;
-    multiply(scalar: number | bigint, affinePoint?: PointType<T>): ProjectivePointType<T>;
-    multiplyUnsafe(scalar: bigint): ProjectivePointType<T>;
-    toAffine(invZ?: T): PointType<T>;
-}
-export interface ProjectiveConstructor<T> extends GroupConstructor<ProjectivePointType<T>> {
-    new (x: T, y: T, z: T): ProjectivePointType<T>;
-    fromAffine(p: PointType<T>): ProjectivePointType<T>;
-    toAffineBatch(points: ProjectivePointType<T>[]): PointType<T>[];
-    normalizeZ(points: ProjectivePointType<T>[]): ProjectivePointType<T>[];
-}
-export interface PointType<T> extends Group<PointType<T>> {
-    readonly x: T;
-    readonly y: T;
+export interface ProjPointType<T> extends Group<ProjPointType<T>> {
+    readonly px: T;
+    readonly py: T;
+    readonly pz: T;
+    multiply(scalar: bigint): ProjPointType<T>;
+    multiplyUnsafe(scalar: bigint): ProjPointType<T>;
+    multiplyAndAddUnsafe(Q: ProjPointType<T>, a: bigint, b: bigint): ProjPointType<T> | undefined;
     _setWindowSize(windowSize: number): void;
+    toAffine(iz?: T): AffinePoint<T>;
+    isTorsionFree(): boolean;
+    clearCofactor(): ProjPointType<T>;
+    assertValidity(): void;
     hasEvenY(): boolean;
     toRawBytes(isCompressed?: boolean): Uint8Array;
     toHex(isCompressed?: boolean): string;
-    assertValidity(): void;
-    multiplyAndAddUnsafe(Q: PointType<T>, a: bigint, b: bigint): PointType<T> | undefined;
 }
-export interface PointConstructor<T> extends GroupConstructor<PointType<T>> {
-    new (x: T, y: T): PointType<T>;
-    fromHex(hex: Hex): PointType<T>;
-    fromPrivateKey(privateKey: PrivKey): PointType<T>;
-    hashToCurve(msg: Hex, options?: Partial<htfOpts>): PointType<T>;
-    encodeToCurve(msg: Hex, options?: Partial<htfOpts>): PointType<T>;
+export interface ProjConstructor<T> extends GroupConstructor<ProjPointType<T>> {
+    new (x: T, y: T, z: T): ProjPointType<T>;
+    fromAffine(p: AffinePoint<T>): ProjPointType<T>;
+    fromHex(hex: Hex): ProjPointType<T>;
+    fromPrivateKey(privateKey: PrivKey): ProjPointType<T>;
+    normalizeZ(points: ProjPointType<T>[]): ProjPointType<T>[];
 }
-export declare type CurvePointsType<T> = BasicCurve<T> & {
-    fromBytes: (bytes: Uint8Array) => {
-        x: T;
-        y: T;
-    };
-    toBytes: (c: PointConstructor<T>, point: PointType<T>, compressed: boolean) => Uint8Array;
+export declare type CurvePointsType<T> = BasicWCurve<T> & {
+    fromBytes: (bytes: Uint8Array) => AffinePoint<T>;
+    toBytes: (c: ProjConstructor<T>, point: ProjPointType<T>, compressed: boolean) => Uint8Array;
 };
 export declare type CurvePointsRes<T> = {
-    Point: PointConstructor<T>;
-    ProjectivePoint: ProjectiveConstructor<T>;
+    ProjectivePoint: ProjConstructor<T>;
     normalizePrivateKey: (key: PrivKey) => bigint;
     weierstrassEquation: (x: T) => T;
     isWithinCurveOrder: (num: bigint) => boolean;
 };
 export declare function weierstrassPoints<T>(opts: CurvePointsType<T>): {
-    Point: PointConstructor<T>;
-    ProjectivePoint: ProjectiveConstructor<T>;
+    ProjectivePoint: ProjConstructor<T>;
     normalizePrivateKey: (key: PrivKey) => bigint;
     weierstrassEquation: (x: T) => T;
     isWithinCurveOrder: (num: bigint) => boolean;
@@ -111,27 +98,32 @@ export interface SignatureType {
     readonly s: bigint;
     readonly recovery?: number;
     assertValidity(): void;
-    copyWithRecoveryBit(recovery: number): SignatureType;
+    addRecoveryBit(recovery: number): SignatureType;
     hasHighS(): boolean;
     normalizeS(): SignatureType;
-    recoverPublicKey(msgHash: Hex): PointType<bigint>;
-    toDERRawBytes(isCompressed?: boolean): Uint8Array;
-    toDERHex(isCompressed?: boolean): string;
+    recoverPublicKey(msgHash: Hex): ProjPointType<bigint>;
     toCompactRawBytes(): Uint8Array;
     toCompactHex(): string;
+    toDERRawBytes(isCompressed?: boolean): Uint8Array;
+    toDERHex(isCompressed?: boolean): string;
 }
 export declare type SignatureConstructor = {
     new (r: bigint, s: bigint): SignatureType;
     fromCompact(hex: Hex): SignatureType;
     fromDER(hex: Hex): SignatureType;
 };
-export declare type PubKey = Hex | PointType<bigint>;
-export declare type CurveType = BasicCurve<bigint> & {
-    lowS?: boolean;
-    hash: ut.CHash;
+declare type SignatureLike = {
+    r: bigint;
+    s: bigint;
+};
+export declare type PubKey = Hex | ProjPointType<bigint>;
+export declare type CurveType = BasicWCurve<bigint> & {
+    hash: CHash;
     hmac: HmacFnSync;
     randomBytes: (bytesLength?: number) => Uint8Array;
-    truncateHash?: (hash: Uint8Array, truncateOnly?: boolean) => bigint;
+    lowS?: boolean;
+    bits2int?: (bytes: Uint8Array) => bigint;
+    bits2int_modN?: (bytes: Uint8Array) => bigint;
 };
 declare function validateOpts(curve: CurveType): Readonly<{
     readonly nBitLength: number;
@@ -142,45 +134,31 @@ declare function validateOpts(curve: CurveType): Readonly<{
     readonly hEff?: bigint | undefined;
     readonly Gx: bigint;
     readonly Gy: bigint;
-    readonly wrapPrivateKey?: boolean | undefined;
     readonly allowInfinityPoint?: boolean | undefined;
     readonly a: bigint;
     readonly b: bigint;
-    readonly normalizePrivateKey?: ((key: ut.PrivKey) => ut.PrivKey) | undefined;
+    readonly allowedPrivateKeyLengths?: readonly number[] | undefined;
+    readonly wrapPrivateKey?: boolean | undefined;
     readonly endo?: EndomorphismOpts | undefined;
-    readonly isTorsionFree?: ((c: ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => boolean) | undefined;
-    readonly clearCofactor?: ((c: ProjectiveConstructor<bigint>, point: ProjectivePointType<bigint>) => ProjectivePointType<bigint>) | undefined;
-    readonly htfDefaults?: htfOpts | undefined;
-    readonly mapToCurve?: ((scalar: bigint[]) => {
-        x: bigint;
-        y: bigint;
-    }) | undefined;
-    lowS: boolean;
+    readonly isTorsionFree?: ((c: ProjConstructor<bigint>, point: ProjPointType<bigint>) => boolean) | undefined;
+    readonly clearCofactor?: ((c: ProjConstructor<bigint>, point: ProjPointType<bigint>) => ProjPointType<bigint>) | undefined;
     readonly hash: ut.CHash;
     readonly hmac: HmacFnSync;
     readonly randomBytes: (bytesLength?: number | undefined) => Uint8Array;
-    readonly truncateHash?: ((hash: Uint8Array, truncateOnly?: boolean | undefined) => bigint) | undefined;
+    lowS: boolean;
+    readonly bits2int?: ((bytes: Uint8Array) => bigint) | undefined;
+    readonly bits2int_modN?: ((bytes: Uint8Array) => bigint) | undefined;
 }>;
 export declare type CurveFn = {
     CURVE: ReturnType<typeof validateOpts>;
     getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;
-    getSharedSecret: (privateA: PrivKey, publicB: PubKey, isCompressed?: boolean) => Uint8Array;
+    getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array;
     sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) => SignatureType;
-    signUnhashed: (msg: Uint8Array, privKey: PrivKey, opts?: SignOpts) => SignatureType;
-    verify: (signature: Hex | SignatureType, msgHash: Hex, publicKey: PubKey, opts?: {
-        lowS?: boolean;
-    }) => boolean;
-    Point: PointConstructor<bigint>;
-    ProjectivePoint: ProjectiveConstructor<bigint>;
+    verify: (signature: Hex | SignatureLike, msgHash: Hex, publicKey: Hex, opts?: VerOpts) => boolean;
+    ProjectivePoint: ProjConstructor<bigint>;
     Signature: SignatureConstructor;
     utils: {
-        _bigintToBytes: (num: bigint) => Uint8Array;
-        _bigintToString: (num: bigint) => string;
         _normalizePrivateKey: (key: PrivKey) => bigint;
-        _normalizePublicKey: (publicKey: PubKey) => PointType<bigint>;
-        _isWithinCurveOrder: (num: bigint) => boolean;
-        _isValidFieldElement: (num: bigint) => boolean;
-        _weierstrassEquation: (x: bigint) => bigint;
         isValidPrivateKey(privateKey: PrivKey): boolean;
         hashToPrivateKey: (hash: Hex) => Uint8Array;
         randomPrivateKey: () => Uint8Array;
@@ -199,4 +177,3 @@ export declare function mapToCurveSimpleSWU<T>(Fp: mod.Field<T>, opts: {
     x: T;
     y: T;
 };
-export {};