@noble/curves 0.6.3 → 0.7.0

package/{lib/abstract → abstract}/montgomery.js

@@ -120,14 +120,14 @@ function montgomery(curveDef) {
         // MUST mask the most significant bit in the final byte.
         // This is very ugly way, but it works because fieldLen-1 is outside of bounds for X448, so this becomes NOOP
         // fieldLen - scalaryBytes = 1 for X448 and = 0 for X25519
-        const u = (0, utils_js_1.ensureBytes)(uEnc, montgomeryBytes);
+        const u = (0, utils_js_1.ensureBytes)('u coordinate', uEnc, montgomeryBytes);
         // u[fieldLen-1] crashes QuickJS (TypeError: out-of-bound numeric index)
         if (fieldLen === montgomeryBytes)
             u[fieldLen - 1] &= 127; // 0b0111_1111
         return (0, utils_js_1.bytesToNumberLE)(u);
     }
     function decodeScalar(n) {
-        const bytes = (0, utils_js_1.ensureBytes)(n);
+        const bytes = (0, utils_js_1.ensureBytes)('scalar', n);
         if (bytes.length !== montgomeryBytes && bytes.length !== fieldLen)
             throw new Error(`Expected ${montgomeryBytes} or ${fieldLen} bytes, got ${bytes.length}`);
         return (0, utils_js_1.bytesToNumberLE)(adjustScalarBytes(bytes));
@@ -155,3 +155,4 @@ function montgomery(curveDef) {
     };
 }
 exports.montgomery = montgomery;
+//# sourceMappingURL=montgomery.js.map

package/abstract/montgomery.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,6CAAwC;AACxC,yCAA2F;AAE3F,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAsBtB,SAAS,YAAY,CAAC,KAAgB;IACpC,IAAA,yBAAc,EACZ,KAAK,EACL;QACE,GAAG,EAAE,QAAQ;KACd,EACD;QACE,cAAc,EAAE,eAAe;QAC/B,WAAW,EAAE,eAAe;QAC5B,iBAAiB,EAAE,UAAU;QAC7B,MAAM,EAAE,UAAU;QAClB,UAAU,EAAE,UAAU;QACtB,EAAE,EAAE,QAAQ;KACb,CACF,CAAC;IACF,eAAe;IACf,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAW,CAAC,CAAC;AAC9C,CAAC;AAED,4IAA4I;AAC5I,0CAA0C;AAC1C,SAAgB,UAAU,CAAC,QAAmB;IAC5C,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;IAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC;IACnC,MAAM,iBAAiB,GAAG,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAC,KAAiB,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;IACpF,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjF,kDAAkD;IAClD;;;;;;;;MAQE;IACF,SAAS,KAAK,CAAC,IAAY,EAAE,GAAW,EAAE,GAAW;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QACvC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,CAAC;IAED,SAAS,kBAAkB,CAAC,CAAS;QACnC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,gBAAgB;IAChB;;;;;OAKG;IACH,SAAS,gBAAgB,CAAC,MAAc,EAAE,MAAc;QACtD,MAAM,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACrC,kFAAkF;QAClF,mDAAmD;QACnD,MAAM,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACrC,sEAAsE;QACtE,MAAM,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC;QACtB,MAAM,GAAG,GAAG,CAAC,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,IAAI,GAAG,GAAG,CAAC;QACf,IAAI,EAAoB,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE;YACtD,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;YAC3B,IAAI,IAAI,GAAG,CAAC;YACZ,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,IAAI,GAAG,GAAG,CAAC;YAEX,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC;YACtC,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACpB,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;SACtC;QACD,qCAAqC;QACrC,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,qCAAqC;QACrC,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,cAAc;QACd,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAC3B,6BAA6B;QAC7B,OAAO,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,SAAS,iBAAiB,CAAC,CAAS;QAClC,OAAO,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IACnD,CAAC;IAED,SAAS,iBAAiB,CAAC,IAAS;QAClC,qEAAqE;QACrE,wDAAwD;QACxD,6GAA6G;QAC7G,0DAA0D;QAC1D,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,cAAc,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC;QAC7D,wEAAwE;QACxE,IAAI,QAAQ,KAAK,eAAe;YAAE,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;QACxE,OAAO,IAAA,0BAAe,EAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,SAAS,YAAY,CAAC,CAAM;QAC1B,MAAM,KAAK,GAAG,IAAA,sBAAW,EAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,KAAK,eAAe,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ;YAC/D,MAAM,IAAI,KAAK,CAAC,YAAY,eAAe,OAAO,QAAQ,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3F,OAAO,IAAA,0BAAe,EAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;IACnD,CAAC;IACD,SAAS,UAAU,CAAC,MAAW,EAAE,CAAM;QACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC7C,kCAAkC;QAClC,sCAAsC;QACtC,IAAI,EAAE,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC1E,OAAO,iBAAiB,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IACD,kFAAkF;IAClF,SAAS,cAAc,CAAC,MAAW;QACjC,OAAO,UAAU,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC,CAAC;IACtC,CAAC;IAED,OAAO;QACL,UAAU;QACV,cAAc;QACd,eAAe,EAAE,CAAC,UAAe,EAAE,SAAc,EAAE,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,SAAS,CAAC;QACvF,YAAY,EAAE,CAAC,UAAe,EAAc,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;QACzE,EAAE,EAAE,KAAK,CAAC,EAAE;KACb,CAAC;AACJ,CAAC;AAvID,gCAuIC"}

package/{lib/abstract → abstract}/poseidon.d.ts

@@ -27,3 +27,4 @@ export declare function poseidon(opts: PoseidonOpts): {
     (values: bigint[]): bigint[];
     roundConstants: bigint[][];
 };
+//# sourceMappingURL=poseidon.d.ts.map

package/abstract/poseidon.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"poseidon.d.ts","sourceRoot":"","sources":["../src/abstract/poseidon.ts"],"names":[],"mappings":"AAAA,sEAAsE;AAEtE,OAAO,EAAE,KAAK,EAAwB,MAAM,cAAc,CAAC;AAG3D,oBAAY,YAAY,GAAG;IACzB,EAAE,EAAE,KAAK,CAAC,MAAM,CAAC,CAAC;IAClB,CAAC,EAAE,MAAM,CAAC;IACV,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;IAC/B,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;IAChB,cAAc,EAAE,MAAM,EAAE,EAAE,CAAC;CAC5B,CAAC;AAEF,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY;;gBAgB5B,MAAM;;;;;;;;;GAgCxB;AAED,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,cAarD;AAED,wBAAgB,QAAQ,CAAC,IAAI,EAAE,YAAY;aAeU,MAAM,EAAE;;EAsB5D"}

package/{lib/abstract → abstract}/poseidon.js

@@ -113,3 +113,4 @@ function poseidon(opts) {
     return poseidonHash;
 }
 exports.poseidon = poseidon;
+//# sourceMappingURL=poseidon.js.map

package/abstract/poseidon.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"poseidon.js","sourceRoot":"","sources":["../src/abstract/poseidon.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,sFAAsF;AACtF,6CAA2D;AAc3D,SAAgB,YAAY,CAAC,IAAkB;IAC7C,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IACpB,IAAA,0BAAa,EAAC,EAAE,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,EAAE,eAAe,CAAU,EAAE;QAC7D,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;KAClF;IACD,IAAI,IAAI,CAAC,oBAAoB,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,oBAAoB,KAAK,SAAS;QAC3F,MAAM,IAAI,KAAK,CAAC,gDAAgD,IAAI,CAAC,oBAAoB,EAAE,CAAC,CAAC;IAC/F,iDAAiD;IACjD,IAAI,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC;IAC/B,IAAI,SAAS,KAAK,SAAS;QAAE,SAAS,GAAG,CAAC,CAAC;IAC3C,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC;QACnE,MAAM,IAAI,KAAK,CAAC,4BAA4B,SAAS,EAAE,CAAC,CAAC;IAE3D,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,kBAAK,EAAC,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;IACrD,qDAAqD;IACrD,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;SAC9D,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjF,IAAI,IAAI,CAAC,UAAU,GAAG,CAAC,KAAK,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IACzE,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,aAAa,CAAC;IAEpD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,IAAI,CAAC,cAAc,CAAC,MAAM,KAAK,MAAM;QAC9E,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IACrD,MAAM,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QACpD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;YAC5C,MAAM,IAAI,KAAK,CAAC,mCAAmC,EAAE,EAAE,CAAC,CAAC;QAC3D,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAClB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBACzC,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,EAAE,CAAC,CAAC;YACxD,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,oBAAoB;IACpB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;QACxD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAChD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QAClC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,IAAI,CAAC,CAAC;YACpD,MAAM,IAAI,KAAK,CAAC,4BAA4B,MAAM,EAAE,CAAC,CAAC;QACxD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtB,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAC;YAC7E,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC;AACzE,CAAC;AAhDD,oCAgDC;AAED,SAAgB,cAAc,CAAC,EAAY,EAAE,CAAS;IACpD,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;IAC9E,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC7F,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QAClC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAChB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE;YACpB,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACd,GAAG,GAAG,EAAE,CAAC;SACV;KACF;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAbD,wCAaC;AAED,SAAgB,QAAQ,CAAC,IAAkB;IACzC,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,oBAAoB,EAAE,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC3E,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACvD,MAAM,UAAU,GAAG,oBAAoB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,aAAa,GAAG,CAAC,MAAgB,EAAE,MAAe,EAAE,GAAW,EAAE,EAAE;QACvE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEtE,IAAI,MAAM;YAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;;YAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QACrD,wBAAwB;QACxB,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1B,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CACrE,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,MAAM,YAAY,GAAG,SAAS,YAAY,CAAC,MAAgB;QACzD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,iEAAiE,CAAC,GAAG,CAAC,CAAC;QACzF,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACxB,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;YACvF,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;QACH,IAAI,KAAK,GAAG,CAAC,CAAC;QACd,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QACvF,4BAA4B;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAC5F,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAEvF,IAAI,KAAK,KAAK,MAAM;YAClB,MAAM,IAAI,KAAK,CAAC,gDAAgD,KAAK,WAAW,MAAM,EAAE,CAAC,CAAC;QAC5F,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,4BAA4B;IAC5B,YAAY,CAAC,cAAc,GAAG,IAAI,CAAC,cAAc,CAAC;IAClD,OAAO,YAAY,CAAC;AACtB,CAAC;AArCD,4BAqCC"}

package/{lib/abstract → abstract}/utils.d.ts

@@ -18,13 +18,23 @@ export declare function bytesToNumberLE(bytes: Uint8Array): bigint;
 export declare const numberToBytesBE: (n: bigint, len: number) => Uint8Array;
 export declare const numberToBytesLE: (n: bigint, len: number) => Uint8Array;
 export declare const numberToVarBytesBE: (n: bigint) => Uint8Array;
-export declare function ensureBytes(hex: Hex, expectedLength?: number): Uint8Array;
+export declare function ensureBytes(title: string, hex: Hex, expectedLength?: number): Uint8Array;
 export declare function concatBytes(...arrs: Uint8Array[]): Uint8Array;
 export declare function equalBytes(b1: Uint8Array, b2: Uint8Array): boolean;
+export declare function utf8ToBytes(str: string): Uint8Array;
 export declare function bitLen(n: bigint): number;
 export declare const bitGet: (n: bigint, pos: number) => bigint;
 export declare const bitSet: (n: bigint, pos: number, value: boolean) => bigint;
 export declare const bitMask: (n: number) => bigint;
+declare type Pred<T> = (v: Uint8Array) => T | undefined;
+/**
+ * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
+ * @returns function that will call DRBG until 2nd arg returns something meaningful
+ * @example
+ *   const drbg = createHmacDRBG<Key>(32, 32, hmac);
+ *   drbg(seed, bytesToKey); // bytesToKey must return Key or undefined
+ */
+export declare function createHmacDrbg<T>(hashLen: number, qByteLen: number, hmacFn: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array): (seed: Uint8Array, predicate: Pred<T>) => T;
 declare const validatorFns: {
     readonly bigint: (val: any) => boolean;
     readonly function: (val: any) => boolean;
@@ -41,3 +51,4 @@ declare type ValMap<T extends Record<string, any>> = {
 };
 export declare function validateObject<T extends Record<string, any>>(object: T, validators: ValMap<T>, optValidators?: ValMap<T>): T;
 export {};
+//# sourceMappingURL=utils.d.ts.map

package/abstract/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/abstract/utils.ts"],"names":[],"mappings":"AAOA,oBAAY,GAAG,GAAG,UAAU,GAAG,MAAM,CAAC;AAEtC,oBAAY,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC;AACnC,oBAAY,KAAK,GAAG;IAClB,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,GAAG,UAAU,CAAC;IAC3C,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,CAAC,IAAI,CAAC,EAAE;QAAE,KAAK,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,GAAG,CAAC;CACxC,CAAC;AACF,oBAAY,KAAK,GAAG,CAAC,OAAO,EAAE,UAAU,GAAG,MAAM,KAAK,UAAU,CAAC;AAGjE,wBAAgB,UAAU,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAQpD;AAED,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAGhE;AAED,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAI/C;AAGD,wBAAgB,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAYlD;AAGD,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAEzD;AACD,wBAAgB,eAAe,CAAC,KAAK,EAAE,UAAU,GAAG,MAAM,CAGzD;AAED,eAAO,MAAM,eAAe,MAAO,MAAM,OAAO,MAAM,eACH,CAAC;AACpD,eAAO,MAAM,eAAe,MAAO,MAAM,OAAO,MAAM,eAAsC,CAAC;AAE7F,eAAO,MAAM,kBAAkB,MAAO,MAAM,eAAuC,CAAC;AAEpF,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,cAAc,CAAC,EAAE,MAAM,GAAG,UAAU,CAmBxF;AAGD,wBAAgB,WAAW,CAAC,GAAG,IAAI,EAAE,UAAU,EAAE,GAAG,UAAU,CAS7D;AAED,wBAAgB,UAAU,CAAC,EAAE,EAAE,UAAU,EAAE,EAAE,EAAE,UAAU,WAKxD;AAKD,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,UAAU,CAKnD;AAKD,wBAAgB,MAAM,CAAC,CAAC,EAAE,MAAM,UAI/B;AAGD,eAAO,MAAM,MAAM,MAAO,MAAM,OAAO,MAAM,WAA4B,CAAC;AAE1E,eAAO,MAAM,MAAM,MAAO,MAAM,OAAO,MAAM,SAAS,OAAO,WACnB,CAAC;AAG3C,eAAO,MAAM,OAAO,MAAO,MAAM,WAAiC,CAAC;AAMnE,aAAK,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,UAAU,KAAK,CAAC,GAAG,SAAS,CAAC;AAChD;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAC9B,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,KAAK,UAAU,GACjE,CAAC,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CA4C7C;AAID,QAAA,MAAM,YAAY;2BACF,GAAG;6BACD,GAAG;4BACJ,GAAG;2BACJ,GAAG;kCACI,GAAG;0BACX,GAAG;0BACH,GAAG,UAAU,GAAG;yBACjB,GAAG;CACP,CAAC;AACX,aAAK,SAAS,GAAG,MAAM,OAAO,YAAY,CAAC;AAC3C,aAAK,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI;KAAG,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,SAAS;CAAE,CAAC;AAG5E,wBAAgB,cAAc,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC1D,MAAM,EAAE,CAAC,EACT,UAAU,EAAE,MAAM,CAAC,CAAC,CAAC,EACrB,aAAa,GAAE,MAAM,CAAC,CAAC,CAAM,KAkB9B"}

package/{lib/abstract → abstract}/utils.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateObject = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = void 0;
+exports.validateObject = exports.createHmacDrbg = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.utf8ToBytes = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const _0n = BigInt(0);
 const _1n = BigInt(1);
@@ -25,7 +25,7 @@ function numberToHexUnpadded(num) {
 exports.numberToHexUnpadded = numberToHexUnpadded;
 function hexToNumber(hex) {
     if (typeof hex !== 'string')
-        throw new Error('string expected, got ' + typeof hex);
+        throw new Error('hex string expected, got ' + typeof hex);
     // Big Endian
     return BigInt(hex === '' ? '0' : `0x${hex}`);
 }
@@ -33,7 +33,7 @@ exports.hexToNumber = hexToNumber;
 // Caching slows it down 2-3x
 function hexToBytes(hex) {
     if (typeof hex !== 'string')
-        throw new Error('string expected, got ' + typeof hex);
+        throw new Error('hex string expected, got ' + typeof hex);
     if (hex.length % 2)
         throw new Error('hex string is invalid: unpadded ' + hex.length);
     const array = new Uint8Array(hex.length / 2);
@@ -66,13 +66,28 @@ exports.numberToBytesLE = numberToBytesLE;
 // Returns variable number bytes (minimal bigint encoding?)
 const numberToVarBytesBE = (n) => hexToBytes(numberToHexUnpadded(n));
 exports.numberToVarBytesBE = numberToVarBytesBE;
-function ensureBytes(hex, expectedLength) {
-    // Uint8Array.from() instead of hash.slice() because node.js Buffer
-    // is instance of Uint8Array, and its slice() creates **mutable** copy
-    const bytes = u8a(hex) ? Uint8Array.from(hex) : hexToBytes(hex);
-    if (typeof expectedLength === 'number' && bytes.length !== expectedLength)
-        throw new Error(`Expected ${expectedLength} bytes`);
-    return bytes;
+function ensureBytes(title, hex, expectedLength) {
+    let res;
+    if (typeof hex === 'string') {
+        try {
+            res = hexToBytes(hex);
+        }
+        catch (e) {
+            throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
+        }
+    }
+    else if (u8a(hex)) {
+        // Uint8Array.from() instead of hash.slice() because node.js Buffer
+        // is instance of Uint8Array, and its slice() creates **mutable** copy
+        res = Uint8Array.from(hex);
+    }
+    else {
+        throw new Error(`${title} must be hex string or Uint8Array`);
+    }
+    const len = res.length;
+    if (typeof expectedLength === 'number' && len !== expectedLength)
+        throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
+    return res;
 }
 exports.ensureBytes = ensureBytes;
 // Copies several Uint8Arrays into one.
@@ -98,6 +113,13 @@ function equalBytes(b1, b2) {
     return true;
 }
 exports.equalBytes = equalBytes;
+function utf8ToBytes(str) {
+    if (typeof str !== 'string') {
+        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+    }
+    return new TextEncoder().encode(str);
+}
+exports.utf8ToBytes = utf8ToBytes;
 // Bit operations
 // Amount of bits inside bigint (Same as n.toString(2).length)
 function bitLen(n) {
@@ -118,6 +140,69 @@ exports.bitSet = bitSet;
 // Not using ** operator with bigints for old engines.
 const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
 exports.bitMask = bitMask;
+// DRBG
+const u8n = (data) => new Uint8Array(data); // creates Uint8Array
+const u8fr = (arr) => Uint8Array.from(arr); // another shortcut
+/**
+ * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
+ * @returns function that will call DRBG until 2nd arg returns something meaningful
+ * @example
+ *   const drbg = createHmacDRBG<Key>(32, 32, hmac);
+ *   drbg(seed, bytesToKey); // bytesToKey must return Key or undefined
+ */
+function createHmacDrbg(hashLen, qByteLen, hmacFn) {
+    if (typeof hashLen !== 'number' || hashLen < 2)
+        throw new Error('hashLen must be a number');
+    if (typeof qByteLen !== 'number' || qByteLen < 2)
+        throw new Error('qByteLen must be a number');
+    if (typeof hmacFn !== 'function')
+        throw new Error('hmacFn must be a function');
+    // Step B, Step C: set hashLen to 8*ceil(hlen/8)
+    let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
+    let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same
+    let i = 0; // Iterations counter, will throw when over 1000
+    const reset = () => {
+        v.fill(1);
+        k.fill(0);
+        i = 0;
+    };
+    const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)
+    const reseed = (seed = u8n()) => {
+        // HMAC-DRBG reseed() function. Steps D-G
+        k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)
+        v = h(); // v = hmac(k || v)
+        if (seed.length === 0)
+            return;
+        k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)
+        v = h(); // v = hmac(k || v)
+    };
+    const gen = () => {
+        // HMAC-DRBG generate() function
+        if (i++ >= 1000)
+            throw new Error('drbg: tried 1000 values');
+        let len = 0;
+        const out = [];
+        while (len < qByteLen) {
+            v = h();
+            const sl = v.slice();
+            out.push(sl);
+            len += v.length;
+        }
+        return concatBytes(...out);
+    };
+    const genUntil = (seed, pred) => {
+        reset();
+        reseed(seed); // Steps D-G
+        let res = undefined; // Step H: grind until k is in [1..n-1]
+        while (!(res = pred(gen())))
+            reseed();
+        reset();
+        return res;
+    };
+    return genUntil;
+}
+exports.createHmacDrbg = createHmacDrbg;
+// Validating curves and fields
 const validatorFns = {
     bigint: (val) => typeof val === 'bigint',
     function: (val) => typeof val === 'function',
@@ -156,3 +241,4 @@ exports.validateObject = validateObject;
 // const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });
 // const z3 = validateObject(o, { test: 'boolean', z: 'bug' });
 // const z4 = validateObject(o, { a: 'boolean', z: 'bug' });
+//# sourceMappingURL=utils.js.map

package/abstract/utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/abstract/utils.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,CAAC,CAAM,EAAmB,EAAE,CAAC,CAAC,YAAY,UAAU,CAAC;AAcjE,MAAM,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;AACrF,SAAgB,UAAU,CAAC,KAAiB;IAC1C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACxD,oCAAoC;IACpC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACrC,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;KACxB;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AARD,gCAQC;AAED,SAAgB,mBAAmB,CAAC,GAAoB;IACtD,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;AAC1C,CAAC;AAHD,kDAGC;AAED,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,GAAG,CAAC,CAAC;IACvF,aAAa;IACb,OAAO,MAAM,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;AAC/C,CAAC;AAJD,kCAIC;AAED,6BAA6B;AAC7B,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,GAAG,CAAC,CAAC;IACvF,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;IACrF,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACrC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC7E,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;KACjB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAZD,gCAYC;AAED,aAAa;AACb,SAAgB,eAAe,CAAC,KAAiB;IAC/C,OAAO,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AACxC,CAAC;AAFD,0CAEC;AACD,SAAgB,eAAe,CAAC,KAAiB;IAC/C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACxD,OAAO,WAAW,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;AACnE,CAAC;AAHD,0CAGC;AAEM,MAAM,eAAe,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE,CACxD,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;AADvC,QAAA,eAAe,mBACwB;AAC7C,MAAM,eAAe,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE,CAAC,IAAA,uBAAe,EAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;AAAhF,QAAA,eAAe,mBAAiE;AAC7F,2DAA2D;AACpD,MAAM,kBAAkB,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,UAAU,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;AAAvE,QAAA,kBAAkB,sBAAqD;AAEpF,SAAgB,WAAW,CAAC,KAAa,EAAE,GAAQ,EAAE,cAAuB;IAC1E,IAAI,GAAe,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,IAAI;YACF,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;SACvB;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,mCAAmC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;SACjF;KACF;SAAM,IAAI,GAAG,CAAC,GAAG,CAAC,EAAE;QACnB,mEAAmE;QACnE,sEAAsE;QACtE,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KAC5B;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,mCAAmC,CAAC,CAAC;KAC9D;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,GAAG,KAAK,cAAc;QAC9D,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,aAAa,cAAc,eAAe,GAAG,EAAE,CAAC,CAAC;IAC3E,OAAO,GAAG,CAAC;AACb,CAAC;AAnBD,kCAmBC;AAED,uCAAuC;AACvC,SAAgB,WAAW,CAAC,GAAG,IAAkB;IAC/C,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACrE,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,uDAAuD;IACpE,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;QACjB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACpD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACd,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAClB,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,CAAC;AACX,CAAC;AATD,kCASC;AAED,SAAgB,UAAU,CAAC,EAAc,EAAE,EAAc;IACvD,0CAA0C;IAC1C,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IACtE,OAAO,IAAI,CAAC;AACd,CAAC;AALD,gCAKC;AAKD,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,MAAM,IAAI,KAAK,CAAC,oCAAoC,OAAO,GAAG,EAAE,CAAC,CAAC;KACnE;IACD,OAAO,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;AACvC,CAAC;AALD,kCAKC;AAED,iBAAiB;AAEjB,8DAA8D;AAC9D,SAAgB,MAAM,CAAC,CAAS;IAC9B,IAAI,GAAG,CAAC;IACR,KAAK,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,GAAG,EAAE,GAAG,IAAI,CAAC;QAAC,CAAC;IAC3C,OAAO,GAAG,CAAC;AACb,CAAC;AAJD,wBAIC;AACD,8EAA8E;AAC9E,sDAAsD;AAC/C,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;AAA7D,QAAA,MAAM,UAAuD;AAC1E,8BAA8B;AACvB,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,KAAc,EAAE,EAAE,CAC/D,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAD9B,QAAA,MAAM,UACwB;AAC3C,8EAA8E;AAC9E,sDAAsD;AAC/C,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;AAAtD,QAAA,OAAO,WAA+C;AAEnE,OAAO;AAEP,MAAM,GAAG,GAAG,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,qBAAqB;AACvE,MAAM,IAAI,GAAG,CAAC,GAAQ,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;AAEpE;;;;;;GAMG;AACH,SAAgB,cAAc,CAC5B,OAAe,EACf,QAAgB,EAChB,MAAkE;IAElE,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC5F,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/F,IAAI,OAAO,MAAM,KAAK,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/E,gDAAgD;IAChD,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qEAAqE;IAC3F,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qEAAqE;IAC3F,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,gDAAgD;IAC3D,MAAM,KAAK,GAAG,GAAG,EAAE;QACjB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACV,CAAC,GAAG,CAAC,CAAC;IACR,CAAC,CAAC;IACF,MAAM,CAAC,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC9E,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,EAAE,EAAE;QAC9B,yCAAyC;QACzC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,mCAAmC;QAC9D,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,mBAAmB;QAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC9B,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,mCAAmC;QAC9D,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,mBAAmB;IAC9B,CAAC,CAAC;IACF,MAAM,GAAG,GAAG,GAAG,EAAE;QACf,gCAAgC;QAChC,IAAI,CAAC,EAAE,IAAI,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC5D,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,MAAM,GAAG,GAAiB,EAAE,CAAC;QAC7B,OAAO,GAAG,GAAG,QAAQ,EAAE;YACrB,CAAC,GAAG,CAAC,EAAE,CAAC;YACR,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;YACrB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACb,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;SACjB;QACD,OAAO,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC;IACF,MAAM,QAAQ,GAAG,CAAC,IAAgB,EAAE,IAAa,EAAK,EAAE;QACtD,KAAK,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY;QAC1B,IAAI,GAAG,GAAkB,SAAS,CAAC,CAAC,uCAAuC;QAC3E,OAAO,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAAE,MAAM,EAAE,CAAC;QACtC,KAAK,EAAE,CAAC;QACR,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAhDD,wCAgDC;AAED,+BAA+B;AAE/B,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ;IAC7C,QAAQ,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,UAAU;IACjD,OAAO,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,SAAS;IAC/C,MAAM,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ;IAC7C,aAAa,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC;IACtD,KAAK,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;IACvC,KAAK,EAAE,CAAC,GAAQ,EAAE,MAAW,EAAE,EAAE,CAAE,MAAc,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACjE,IAAI,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,UAAU,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC;CAC5E,CAAC;AAGX,wEAAwE;AAExE,SAAgB,cAAc,CAC5B,MAAS,EACT,UAAqB,EACrB,gBAA2B,EAAE;IAE7B,MAAM,UAAU,GAAG,CAAC,SAAkB,EAAE,IAAe,EAAE,UAAmB,EAAE,EAAE;QAC9E,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,OAAO,QAAQ,KAAK,UAAU;YAChC,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,MAAM,CAAC,SAAgC,CAAC,CAAC;QACrD,IAAI,UAAU,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO;QAC5C,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE;YAC1B,MAAM,IAAI,KAAK,CACb,iBAAiB,MAAM,CAAC,SAAS,CAAC,IAAI,GAAG,KAAK,OAAO,GAAG,eAAe,IAAI,EAAE,CAC9E,CAAC;SACH;IACH,CAAC,CAAC;IACF,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,UAAU,CAAC,SAAS,EAAE,IAAK,EAAE,KAAK,CAAC,CAAC;IAChG,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC;QAAE,UAAU,CAAC,SAAS,EAAE,IAAK,EAAE,IAAI,CAAC,CAAC;IAClG,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,wCAqBC;AACD,sBAAsB;AACtB,uEAAuE;AACvE,gFAAgF;AAChF,4BAA4B;AAC5B,2DAA2D;AAC3D,qEAAqE;AACrE,+DAA+D;AAC/D,4DAA4D"}

package/{lib/abstract → abstract}/weierstrass.d.ts

@@ -59,9 +59,6 @@ export interface ProjPointType<T> extends Group<ProjPointType<T>> {
     readonly py: T;
     readonly pz: T;
     multiply(scalar: bigint): ProjPointType<T>;
-    multiplyUnsafe(scalar: bigint): ProjPointType<T>;
-    multiplyAndAddUnsafe(Q: ProjPointType<T>, a: bigint, b: bigint): ProjPointType<T> | undefined;
-    _setWindowSize(windowSize: number): void;
     toAffine(iz?: T): AffinePoint<T>;
     isTorsionFree(): boolean;
     clearCofactor(): ProjPointType<T>;
@@ -69,6 +66,9 @@ export interface ProjPointType<T> extends Group<ProjPointType<T>> {
     hasEvenY(): boolean;
     toRawBytes(isCompressed?: boolean): Uint8Array;
     toHex(isCompressed?: boolean): string;
+    multiplyUnsafe(scalar: bigint): ProjPointType<T>;
+    multiplyAndAddUnsafe(Q: ProjPointType<T>, a: bigint, b: bigint): ProjPointType<T> | undefined;
+    _setWindowSize(windowSize: number): void;
 }
 export interface ProjConstructor<T> extends GroupConstructor<ProjPointType<T>> {
     new (x: T, y: T, z: T): ProjPointType<T>;
@@ -158,10 +158,11 @@ export declare type CurveFn = {
     ProjectivePoint: ProjConstructor<bigint>;
     Signature: SignatureConstructor;
     utils: {
-        _normalizePrivateKey: (key: PrivKey) => bigint;
+        normPrivateKeyToScalar: (key: PrivKey) => bigint;
         isValidPrivateKey(privateKey: PrivKey): boolean;
         hashToPrivateKey: (hash: Hex) => Uint8Array;
         randomPrivateKey: () => Uint8Array;
+        precompute: (windowSize?: number, point?: ProjPointType<bigint>) => ProjPointType<bigint>;
     };
 };
 export declare function weierstrass(curveDef: CurveType): CurveFn;
@@ -177,3 +178,4 @@ export declare function mapToCurveSimpleSWU<T>(Fp: mod.Field<T>, opts: {
     x: T;
     y: T;
 };
+//# sourceMappingURL=weierstrass.d.ts.map

package/abstract/weierstrass.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"weierstrass.d.ts","sourceRoot":"","sources":["../src/abstract/weierstrass.ts"],"names":[],"mappings":"AAAA,sEAAsE;AAEtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAe,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAQ,UAAU,EAAiB,WAAW,EAAE,MAAM,YAAY,CAAC;AAEnG,YAAY,EAAE,WAAW,EAAE,CAAC;AAC5B,aAAK,UAAU,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,KAAK,UAAU,CAAC;AAC7E,aAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,OAAO,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CACxF,CAAC;AACF,oBAAY,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,GAAG;IAE3C,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;IAGL,wBAAwB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,CAAC,EAAE,gBAAgB,CAAC;IAGxB,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC;IAE5E,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CACtF,CAAC;AAEF,aAAK,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC;AAC1B,oBAAY,QAAQ,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AACrF,oBAAY,OAAO,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE5D;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,MAAM,WAAW,aAAa,CAAC,CAAC,CAAE,SAAQ,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAC/D,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC3C,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IACjC,aAAa,IAAI,OAAO,CAAC;IACzB,aAAa,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;IAClC,cAAc,IAAI,IAAI,CAAC;IACvB,QAAQ,IAAI,OAAO,CAAC;IACpB,UAAU,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAC/C,KAAK,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAEtC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACjD,oBAAoB,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IAC9F,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,CAAE,SAAQ,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAC5E,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACzC,UAAU,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACpC,cAAc,CAAC,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACtD,UAAU,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;CAC5D;AAED,oBAAY,eAAe,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG;IAEhD,SAAS,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC;IACjD,OAAO,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;CAC9F,CAAC;AAoCF,oBAAY,cAAc,CAAC,CAAC,IAAI;IAC9B,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IACpC,mBAAmB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IAC9C,mBAAmB,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;IACjC,kBAAkB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;CAC9C,CAAC;AAuDF,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;;+BAwBzB,OAAO,KAAG,MAAM;6BAhBlB,CAAC,KAAG,CAAC;8BAQJ,MAAM,KAAG,OAAO;EA4XlD;AAGD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,IAAI,IAAI,CAAC;IACvB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,aAAa,CAAC;IAChD,QAAQ,IAAI,OAAO,CAAC;IACpB,UAAU,IAAI,aAAa,CAAC;IAC5B,gBAAgB,CAAC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtD,iBAAiB,IAAI,UAAU,CAAC;IAChC,YAAY,IAAI,MAAM,CAAC;IAEvB,aAAa,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAClD,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAC1C;AAED,oBAAY,oBAAoB,GAAG;IACjC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,aAAa,CAAC;IAC1C,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC;IACrC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC;CAClC,CAAC;AACF,aAAK,aAAa,GAAG;IAAE,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAE9C,oBAAY,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;AAEjD,oBAAY,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG;IAC5C,IAAI,EAAE,KAAK,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC;IACjB,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAClD,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,MAAM,CAAC;IACzC,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,MAAM,CAAC;CAC/C,CAAC;AAEF,iBAAS,YAAY,CAAC,KAAK,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;GAgBrC;AAED,oBAAY,OAAO,GAAG;IACpB,KAAK,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;IACvC,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,UAAU,CAAC;IAC1E,eAAe,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,UAAU,CAAC;IACzF,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,KAAK,aAAa,CAAC;IACzE,MAAM,EAAE,CAAC,SAAS,EAAE,GAAG,GAAG,aAAa,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC;IAClG,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IACzC,SAAS,EAAE,oBAAoB,CAAC;IAChC,KAAK,EAAE;QACL,sBAAsB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;QACjD,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,OAAO,CAAC;QAChD,gBAAgB,EAAE,CAAC,IAAI,EAAE,GAAG,KAAK,UAAU,CAAC;QAC5C,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,UAAU,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;KAC3F,CAAC;CACH,CAAC;AAEF,wBAAgB,WAAW,CAAC,QAAQ,EAAE,SAAS,GAAG,OAAO,CAwZxD;AAOD,wBAAgB,cAAc,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,OAYlC,CAAC,KAAK,CAAC,KAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,CAAC,CAAA;CAAE,CAkD7D;AAED,wBAAgB,mBAAmB,CAAC,CAAC,EACnC,EAAE,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAChB,IAAI,EAAE;IACJ,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;CACN,OASU,CAAC;OAAQ,CAAC;OAAK,CAAC;EA8B5B"}

package/{lib/abstract → abstract}/weierstrass.js

@@ -126,7 +126,10 @@ function weierstrassPoints(opts) {
         }
         let num;
         try {
-            num = typeof key === 'bigint' ? key : ut.bytesToNumberBE((0, utils_js_1.ensureBytes)(key, nByteLength));
+            num =
+                typeof key === 'bigint'
+                    ? key
+                    : ut.bytesToNumberBE((0, utils_js_1.ensureBytes)('private key', key, nByteLength));
         }
         catch (error) {
             throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
@@ -193,7 +196,7 @@ function weierstrassPoints(opts) {
          * @param hex short/long ECDSA hex
          */
         static fromHex(hex) {
-            const P = Point.fromAffine(CURVE.fromBytes((0, utils_js_1.ensureBytes)(hex)));
+            const P = Point.fromAffine(CURVE.fromBytes((0, utils_js_1.ensureBytes)('pointHex', hex)));
             P.assertValidity();
             return P;
         }
@@ -502,59 +505,6 @@ function validateOpts(curve) {
     });
     return Object.freeze({ lowS: true, ...opts });
 }
-const u8n = (data) => new Uint8Array(data); // creates Uint8Array
-const u8fr = (arr) => Uint8Array.from(arr); // another shortcut
-function hmacDrbg(hashLen, qByteLen, hmacFn) {
-    if (typeof hashLen !== 'number' || hashLen < 2)
-        throw new Error('hashLen must be a number');
-    if (typeof qByteLen !== 'number' || qByteLen < 2)
-        throw new Error('qByteLen must be a number');
-    if (typeof hmacFn !== 'function')
-        throw new Error('hmacFn must be a function');
-    // Step B, Step C: set hashLen to 8*ceil(hlen/8)
-    let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
-    let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same
-    let i = 0; // Iterations counter, will throw when over 1000
-    const reset = () => {
-        v.fill(1);
-        k.fill(0);
-        i = 0;
-    };
-    const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)
-    const reseed = (seed = u8n()) => {
-        // HMAC-DRBG reseed() function. Steps D-G
-        k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)
-        v = h(); // v = hmac(k || v)
-        if (seed.length === 0)
-            return;
-        k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)
-        v = h(); // v = hmac(k || v)
-    };
-    const gen = () => {
-        // HMAC-DRBG generate() function
-        if (i++ >= 1000)
-            throw new Error('drbg: tried 1000 values');
-        let len = 0;
-        const out = [];
-        while (len < qByteLen) {
-            v = h();
-            const sl = v.slice();
-            out.push(sl);
-            len += v.length;
-        }
-        return ut.concatBytes(...out);
-    };
-    const genUntil = (seed, pred) => {
-        reset();
-        reseed(seed); // Steps D-G
-        let res = undefined; // Step H: grind until k is in [1..n-1]
-        while (!(res = pred(gen())))
-            reseed();
-        reset();
-        return res;
-    };
-    return genUntil;
-}
 function weierstrass(curveDef) {
     const CURVE = validateOpts(curveDef);
     const CURVE_ORDER = CURVE.n;
@@ -634,35 +584,32 @@ function weierstrass(curveDef) {
         }
         // pair (bytes of r, bytes of s)
         static fromCompact(hex) {
-            const gl = CURVE.nByteLength;
-            hex = (0, utils_js_1.ensureBytes)(hex, gl * 2);
-            return new Signature(slcNum(hex, 0, gl), slcNum(hex, gl, 2 * gl));
+            const l = CURVE.nByteLength;
+            hex = (0, utils_js_1.ensureBytes)('compactSignature', hex, l * 2);
+            return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
         }
         // DER encoded ECDSA signature
         // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
         static fromDER(hex) {
-            if (typeof hex !== 'string' && !(hex instanceof Uint8Array))
-                throw new Error(`Signature.fromDER: Expected string or Uint8Array`);
-            const { r, s } = DER.toSig((0, utils_js_1.ensureBytes)(hex));
+            const { r, s } = DER.toSig((0, utils_js_1.ensureBytes)('DER', hex));
             return new Signature(r, s);
         }
         assertValidity() {
             // can use assertGE here
             if (!isWithinCurveOrder(this.r))
-                throw new Error('r must be 0 < r < n');
+                throw new Error('r must be 0 < r < CURVE.n');
             if (!isWithinCurveOrder(this.s))
-                throw new Error('s must be 0 < s < n');
+                throw new Error('s must be 0 < s < CURVE.n');
         }
         addRecoveryBit(recovery) {
             return new Signature(this.r, this.s, recovery);
         }
         recoverPublicKey(msgHash) {
-            const { n: N } = CURVE; // ECDSA public key recovery secg.org/sec1-v2.pdf 4.1.6
             const { r, s, recovery: rec } = this;
-            const h = bits2int_modN((0, utils_js_1.ensureBytes)(msgHash)); // Truncate hash
+            const h = bits2int_modN((0, utils_js_1.ensureBytes)('msgHash', msgHash)); // Truncate hash
             if (rec == null || ![0, 1, 2, 3].includes(rec))
                 throw new Error('recovery id invalid');
-            const radj = rec === 2 || rec === 3 ? r + N : r;
+            const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
             if (radj >= Fp.ORDER)
                 throw new Error('recovery id 2 or 3 invalid');
             const prefix = (rec & 1) === 0 ? '02' : '03';
@@ -708,7 +655,7 @@ function weierstrass(curveDef) {
                 return false;
             }
         },
-        _normalizePrivateKey: normalizePrivateKey,
+        normPrivateKeyToScalar: normalizePrivateKey,
         /**
          * Converts some bytes to a valid private key. Needs at least (nBitLength+64) bytes.
          */
@@ -781,8 +728,8 @@ function weierstrass(curveDef) {
         function (bytes) {
             // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)
             // for some cases, since bytes.length * 8 is not actual bitLength.
-            const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits
             const num = ut.bytesToNumberBE(bytes); // check for == u8 done here
+            const delta = bytes.length * 8 - CURVE.nBitLength; // truncate to nBitLength leftmost bits
             return delta > 0 ? num >> BigInt(delta) : num;
         };
     const bits2int_modN = CURVE.bits2int_modN ||
@@ -806,28 +753,26 @@ function weierstrass(curveDef) {
     // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.
     // Also it can be bigger for P224 + SHA256
     function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
-        const { hash, randomBytes } = CURVE;
-        if (msgHash == null)
-            throw new Error(`sign: expected valid message hash, not "${msgHash}"`);
         if (['recovered', 'canonical'].some((k) => k in opts))
-            // Ban legacy options
             throw new Error('sign() legacy options not supported');
+        const { hash, randomBytes } = CURVE;
         let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default
-        if (prehash)
-            msgHash = hash((0, utils_js_1.ensureBytes)(msgHash));
         if (lowS == null)
             lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash
+        msgHash = (0, utils_js_1.ensureBytes)('msgHash', msgHash);
+        if (prehash)
+            msgHash = (0, utils_js_1.ensureBytes)('prehashed msgHash', hash(msgHash));
         // We can't later call bits2octets, since nested bits2int is broken for curves
         // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.
         // const bits2octets = (bits) => int2octets(bits2int_modN(bits))
-        const h1int = bits2int_modN((0, utils_js_1.ensureBytes)(msgHash));
+        const h1int = bits2int_modN(msgHash);
         const d = normalizePrivateKey(privateKey); // validate private key, convert to bigint
         const seedArgs = [int2octets(d), int2octets(h1int)];
         // extraEntropy. RFC6979 3.6: additional k' (optional).
         if (ent != null) {
             // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
-            // Either pass as-is, or generate random bytes. Then validate for being ui8a of size BYTES
-            seedArgs.push((0, utils_js_1.ensureBytes)(ent === true ? randomBytes(Fp.BYTES) : ent, Fp.BYTES));
+            const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is
+            seedArgs.push((0, utils_js_1.ensureBytes)('extraEntropy', e, Fp.BYTES)); // check for being of size BYTES
         }
         const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2
         const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!
@@ -842,7 +787,15 @@ function weierstrass(curveDef) {
             const r = modN(q.x); // r = q.x mod n
             if (r === _0n)
                 return;
-            const s = modN(ik * modN(m + modN(d * r))); // s = k^-1(m + rd) mod n
+            // X blinding according to https://tches.iacr.org/index.php/TCHES/article/view/7337/6509
+            // b * m + b * r * d ∈ [0,q−1] exposed via side-channel, but d (private scalar) is not.
+            // NOTE: there is still probable some leak in multiplication, since it is not constant-time
+            const b = ut.bytesToNumberBE(utils.randomPrivateKey()); // random scalar, b ∈ [1,q−1]
+            const bi = invN(b); // b^-1
+            const bdr = modN(b * d * r); // b * d * r
+            const bm = modN(b * m); // b * m
+            const mrx = modN(bi * modN(bdr + bm)); // b^-1(bm + bdr) -> m + rd
+            const s = modN(ik * mrx); // s = k^-1(m + rd) mod n
             if (s === _0n)
                 return;
             let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n); // recovery bit (2 or 3, when q.x > n)
@@ -869,8 +822,8 @@ function weierstrass(curveDef) {
      */
     function sign(msgHash, privKey, opts = defaultSigOpts) {
         const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.
-        const genUntil = hmacDrbg(CURVE.hash.outputLen, CURVE.nByteLength, CURVE.hmac);
-        return genUntil(seed, k2sig); // Steps B, C, D, E, F, G
+        const drbg = ut.createHmacDrbg(CURVE.hash.outputLen, CURVE.nByteLength, CURVE.hmac);
+        return drbg(seed, k2sig); // Steps B, C, D, E, F, G
     }
     // Enable precomputes. Slows down first publicKey computation by 20ms.
     Point.BASE._setWindowSize(8);
@@ -889,36 +842,44 @@ function weierstrass(curveDef) {
      * ```
      */
     function verify(signature, msgHash, publicKey, opts = defaultVerOpts) {
-        let P;
+        const sg = signature;
+        msgHash = (0, utils_js_1.ensureBytes)('msgHash', msgHash);
+        publicKey = (0, utils_js_1.ensureBytes)('publicKey', publicKey);
+        if ('strict' in opts)
+            throw new Error('options.strict was renamed to lowS');
+        const { lowS, prehash } = opts;
         let _sig = undefined;
-        if (publicKey instanceof Point)
-            throw new Error('publicKey must be hex');
+        let P;
         try {
-            if (signature && typeof signature === 'object' && !(signature instanceof Uint8Array)) {
-                const { r, s } = signature;
-                _sig = new Signature(r, s); // assertValidity() is executed on creation
-            }
-            else {
+            if (typeof sg === 'string' || sg instanceof Uint8Array) {
                 // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).
                 // Since DER can also be 2*nByteLength bytes, we check for it first.
                 try {
-                    _sig = Signature.fromDER(signature);
+                    _sig = Signature.fromDER(sg);
                 }
                 catch (derError) {
                     if (!(derError instanceof DER.Err))
                         throw derError;
-                    _sig = Signature.fromCompact(signature);
+                    _sig = Signature.fromCompact(sg);
                 }
             }
-            msgHash = (0, utils_js_1.ensureBytes)(msgHash);
+            else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {
+                const { r, s } = sg;
+                _sig = new Signature(r, s);
+            }
+            else {
+                throw new Error('PARSE');
+            }
             P = Point.fromHex(publicKey);
         }
         catch (error) {
+            if (error.message === 'PARSE')
+                throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
             return false;
         }
-        if (opts.lowS && _sig.hasHighS())
+        if (lowS && _sig.hasHighS())
             return false;
-        if (opts.prehash)
+        if (prehash)
             msgHash = CURVE.hash(msgHash);
         const { r, s } = _sig;
         const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element
@@ -1054,3 +1015,4 @@ function mapToCurveSimpleSWU(Fp, opts) {
     };
 }
 exports.mapToCurveSimpleSWU = mapToCurveSimpleSWU;
+//# sourceMappingURL=weierstrass.js.map