@noble/curves 0.6.4 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +429 -281
- package/{lib/_shortw_utils.d.ts → _shortw_utils.d.ts} +1 -0
- package/_shortw_utils.d.ts.map +1 -0
- package/{lib/_shortw_utils.js → _shortw_utils.js} +2 -0
- package/_shortw_utils.js.map +1 -0
- package/{lib/abstract → abstract}/bls.d.ts +4 -9
- package/abstract/bls.d.ts.map +1 -0
- package/{lib/abstract → abstract}/bls.js +12 -25
- package/abstract/bls.js.map +1 -0
- package/{lib/abstract → abstract}/curve.d.ts +1 -0
- package/abstract/curve.d.ts.map +1 -0
- package/{lib/abstract → abstract}/curve.js +1 -0
- package/abstract/curve.js.map +1 -0
- package/{lib/abstract → abstract}/edwards.d.ts +1 -0
- package/abstract/edwards.d.ts.map +1 -0
- package/{lib/abstract → abstract}/edwards.js +9 -15
- package/abstract/edwards.js.map +1 -0
- package/{lib/abstract → abstract}/hash-to-curve.d.ts +5 -5
- package/abstract/hash-to-curve.d.ts.map +1 -0
- package/{lib/abstract → abstract}/hash-to-curve.js +41 -38
- package/abstract/hash-to-curve.js.map +1 -0
- package/{lib/abstract → abstract}/modular.d.ts +1 -0
- package/abstract/modular.d.ts.map +1 -0
- package/{lib/abstract → abstract}/modular.js +2 -1
- package/abstract/modular.js.map +1 -0
- package/{lib/abstract → abstract}/montgomery.d.ts +1 -0
- package/abstract/montgomery.d.ts.map +1 -0
- package/{lib/abstract → abstract}/montgomery.js +3 -2
- package/abstract/montgomery.js.map +1 -0
- package/{lib/abstract → abstract}/poseidon.d.ts +1 -0
- package/abstract/poseidon.d.ts.map +1 -0
- package/{lib/abstract → abstract}/poseidon.js +1 -0
- package/abstract/poseidon.js.map +1 -0
- package/{lib/abstract → abstract}/utils.d.ts +12 -1
- package/abstract/utils.d.ts.map +1 -0
- package/{lib/abstract → abstract}/utils.js +96 -10
- package/abstract/utils.js.map +1 -0
- package/{lib/abstract → abstract}/weierstrass.d.ts +4 -3
- package/abstract/weierstrass.d.ts.map +1 -0
- package/{lib/abstract → abstract}/weierstrass.js +45 -91
- package/abstract/weierstrass.js.map +1 -0
- package/{lib/bls12-381.d.ts → bls12-381.d.ts} +1 -0
- package/bls12-381.d.ts.map +1 -0
- package/{lib/bls12-381.js → bls12-381.js} +41 -7
- package/bls12-381.js.map +1 -0
- package/{lib/bn.d.ts → bn.d.ts} +1 -0
- package/bn.d.ts.map +1 -0
- package/{lib/bn.js → bn.js} +1 -0
- package/bn.js.map +1 -0
- package/{lib/ed25519.d.ts → ed25519.d.ts} +2 -1
- package/ed25519.d.ts.map +1 -0
- package/{lib/ed25519.js → ed25519.js} +4 -3
- package/ed25519.js.map +1 -0
- package/{lib/ed448.d.ts → ed448.d.ts} +2 -1
- package/ed448.d.ts.map +1 -0
- package/{lib/ed448.js → ed448.js} +2 -1
- package/ed448.js.map +1 -0
- package/{lib/esm → esm}/_shortw_utils.js +2 -0
- package/esm/_shortw_utils.js.map +1 -0
- package/{lib/esm → esm}/abstract/bls.js +13 -26
- package/esm/abstract/bls.js.map +1 -0
- package/{lib/esm → esm}/abstract/curve.js +1 -0
- package/esm/abstract/curve.js.map +1 -0
- package/{lib/esm → esm}/abstract/edwards.js +9 -15
- package/esm/abstract/edwards.js.map +1 -0
- package/{lib/esm → esm}/abstract/hash-to-curve.js +40 -36
- package/esm/abstract/hash-to-curve.js.map +1 -0
- package/{lib/esm → esm}/abstract/modular.js +2 -1
- package/esm/abstract/modular.js.map +1 -0
- package/{lib/esm → esm}/abstract/montgomery.js +3 -2
- package/esm/abstract/montgomery.js.map +1 -0
- package/{lib/esm → esm}/abstract/poseidon.js +1 -0
- package/esm/abstract/poseidon.js.map +1 -0
- package/{lib/esm → esm}/abstract/utils.js +93 -9
- package/esm/abstract/utils.js.map +1 -0
- package/{lib/esm → esm}/abstract/weierstrass.js +45 -91
- package/esm/abstract/weierstrass.js.map +1 -0
- package/{lib/esm → esm}/bls12-381.js +41 -7
- package/esm/bls12-381.js.map +1 -0
- package/{lib/esm → esm}/bn.js +1 -0
- package/esm/bn.js.map +1 -0
- package/{lib/esm → esm}/ed25519.js +5 -4
- package/esm/ed25519.js.map +1 -0
- package/{lib/esm → esm}/ed448.js +2 -1
- package/esm/ed448.js.map +1 -0
- package/{lib → esm}/index.js +1 -0
- package/esm/index.js.map +1 -0
- package/{lib/esm → esm}/jubjub.js +1 -0
- package/esm/jubjub.js.map +1 -0
- package/{lib/esm → esm}/p192.js +1 -0
- package/esm/p192.js.map +1 -0
- package/{lib/esm → esm}/p224.js +1 -0
- package/esm/p224.js.map +1 -0
- package/{lib/esm → esm}/p256.js +2 -1
- package/esm/p256.js.map +1 -0
- package/{lib/esm → esm}/p384.js +2 -1
- package/esm/p384.js.map +1 -0
- package/{lib/esm → esm}/p521.js +2 -1
- package/esm/p521.js.map +1 -0
- package/{lib/esm → esm}/package.json +0 -0
- package/{lib/esm → esm}/pasta.js +1 -0
- package/esm/pasta.js.map +1 -0
- package/{lib/esm → esm}/secp256k1.js +41 -50
- package/esm/secp256k1.js.map +1 -0
- package/{lib/esm → esm}/stark.js +1 -0
- package/esm/stark.js.map +1 -0
- package/index.d.ts +1 -0
- package/index.d.ts.map +1 -0
- package/index.js +3 -0
- package/index.js.map +1 -0
- package/{lib/jubjub.d.ts → jubjub.d.ts} +1 -0
- package/jubjub.d.ts.map +1 -0
- package/{lib/jubjub.js → jubjub.js} +1 -0
- package/jubjub.js.map +1 -0
- package/{lib/p192.d.ts → p192.d.ts} +1 -0
- package/p192.d.ts.map +1 -0
- package/{lib/p192.js → p192.js} +1 -0
- package/p192.js.map +1 -0
- package/{lib/p224.d.ts → p224.d.ts} +1 -0
- package/p224.d.ts.map +1 -0
- package/{lib/p224.js → p224.js} +1 -0
- package/p224.js.map +1 -0
- package/{lib/p256.d.ts → p256.d.ts} +2 -1
- package/p256.d.ts.map +1 -0
- package/{lib/p256.js → p256.js} +2 -1
- package/p256.js.map +1 -0
- package/{lib/p384.d.ts → p384.d.ts} +2 -1
- package/p384.d.ts.map +1 -0
- package/{lib/p384.js → p384.js} +2 -1
- package/p384.js.map +1 -0
- package/{lib/p521.d.ts → p521.d.ts} +2 -1
- package/p521.d.ts.map +1 -0
- package/{lib/p521.js → p521.js} +2 -1
- package/p521.js.map +1 -0
- package/package.json +84 -79
- package/{lib/pasta.d.ts → pasta.d.ts} +1 -0
- package/pasta.d.ts.map +1 -0
- package/{lib/pasta.js → pasta.js} +1 -0
- package/pasta.js.map +1 -0
- package/{lib/secp256k1.d.ts → secp256k1.d.ts} +15 -5
- package/secp256k1.d.ts.map +1 -0
- package/{lib/secp256k1.js → secp256k1.js} +38 -47
- package/secp256k1.js.map +1 -0
- package/src/_shortw_utils.ts +20 -0
- package/src/abstract/bls.ts +376 -0
- package/src/abstract/curve.ts +199 -0
- package/src/abstract/edwards.ts +479 -0
- package/src/abstract/hash-to-curve.ts +220 -0
- package/src/abstract/modular.ts +417 -0
- package/src/abstract/montgomery.ts +184 -0
- package/src/abstract/poseidon.ts +119 -0
- package/src/abstract/utils.ts +246 -0
- package/src/abstract/weierstrass.ts +1175 -0
- package/src/bls12-381.ts +1274 -0
- package/src/bn.ts +21 -0
- package/src/ed25519.ts +428 -0
- package/src/ed448.ts +241 -0
- package/{lib/esm/index.js → src/index.ts} +0 -1
- package/src/jubjub.ts +58 -0
- package/src/p192.ts +25 -0
- package/src/p224.ts +25 -0
- package/src/p256.ts +53 -0
- package/src/p384.ts +57 -0
- package/src/p521.ts +57 -0
- package/src/pasta.ts +31 -0
- package/src/secp256k1.ts +260 -0
- package/src/stark.ts +356 -0
- package/{lib/stark.d.ts → stark.d.ts} +1 -0
- package/stark.d.ts.map +1 -0
- package/{lib/stark.js → stark.js} +1 -0
- package/stark.js.map +1 -0
- package/lib/index.d.ts +0 -0
package/{lib/p384.js → p384.js}
RENAMED
|
@@ -37,7 +37,7 @@ exports.P384 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
37
37
|
lowS: false,
|
|
38
38
|
}, sha512_1.sha384);
|
|
39
39
|
exports.secp384r1 = exports.P384;
|
|
40
|
-
const { hashToCurve, encodeToCurve } = htf.
|
|
40
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
41
41
|
DST: 'P384_XMD:SHA-384_SSWU_RO_',
|
|
42
42
|
encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
|
|
43
43
|
p: Fp.ORDER,
|
|
@@ -48,3 +48,4 @@ const { hashToCurve, encodeToCurve } = htf.hashToCurve(exports.secp384r1.Project
|
|
|
48
48
|
});
|
|
49
49
|
exports.hashToCurve = hashToCurve;
|
|
50
50
|
exports.encodeToCurve = encodeToCurve;
|
|
51
|
+
//# sourceMappingURL=p384.js.map
|
package/p384.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAAoD;AACpD,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,uFAAuF;AACvF,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AACvH,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,CAAC,CAAC,CAAC;AACpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AAE7H,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC5B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,uFAAuF;IACvF,EAAE;IACF,yDAAyD;IACzD,CAAC,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAC/G,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,eAAM,CACP,CAAC;AACW,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
|
|
@@ -101,5 +101,6 @@ export declare const secp521r1: Readonly<{
|
|
|
101
101
|
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>;
|
|
102
102
|
};
|
|
103
103
|
}>;
|
|
104
|
-
declare const hashToCurve: (msg:
|
|
104
|
+
declare const hashToCurve: (msg: Uint8Array, options?: htf.htfBasicOpts | undefined) => htf.H2CPoint<bigint>, encodeToCurve: (msg: Uint8Array, options?: htf.htfBasicOpts | undefined) => htf.H2CPoint<bigint>;
|
|
105
105
|
export { hashToCurve, encodeToCurve };
|
|
106
|
+
//# sourceMappingURL=p521.d.ts.map
|
package/p521.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"p521.d.ts","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAsBnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAaE,CAAC;AACpB,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAE9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
|
package/{lib/p521.js → p521.js}
RENAMED
|
@@ -38,7 +38,7 @@ exports.P521 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
38
38
|
allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
|
|
39
39
|
}, sha512_1.sha512);
|
|
40
40
|
exports.secp521r1 = exports.P521;
|
|
41
|
-
const { hashToCurve, encodeToCurve } = htf.
|
|
41
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
42
42
|
DST: 'P521_XMD:SHA-512_SSWU_RO_',
|
|
43
43
|
encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
|
|
44
44
|
p: Fp.ORDER,
|
|
@@ -49,3 +49,4 @@ const { hashToCurve, encodeToCurve } = htf.hashToCurve(exports.secp521r1.Project
|
|
|
49
49
|
});
|
|
50
50
|
exports.hashToCurve = hashToCurve;
|
|
51
51
|
exports.encodeToCurve = encodeToCurve;
|
|
52
|
+
//# sourceMappingURL=p521.js.map
|
package/p521.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAAoD;AACpD,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,wDAAwD;AACxD,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,wIAAwI,CAAC,CAAC;AAEjK,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC9B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACnJ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,eAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
|
package/package.json
CHANGED
|
@@ -1,9 +1,15 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@noble/curves",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"description": "Minimal, auditable JS implementation of elliptic curve cryptography",
|
|
5
5
|
"files": [
|
|
6
|
-
"
|
|
6
|
+
"abstract",
|
|
7
|
+
"esm",
|
|
8
|
+
"src",
|
|
9
|
+
"*.js",
|
|
10
|
+
"*.js.map",
|
|
11
|
+
"*.d.ts",
|
|
12
|
+
"*.d.ts.map"
|
|
7
13
|
],
|
|
8
14
|
"scripts": {
|
|
9
15
|
"bench": "cd benchmark; node secp256k1.js; node curves.js; node stark.js; node bls.js",
|
|
@@ -24,12 +30,11 @@
|
|
|
24
30
|
"@noble/hashes": "1.2.0"
|
|
25
31
|
},
|
|
26
32
|
"devDependencies": {
|
|
27
|
-
"@scure/base": "~1.1.1",
|
|
28
33
|
"@scure/bip32": "~1.1.5",
|
|
29
34
|
"@scure/bip39": "~1.1.1",
|
|
30
35
|
"@types/node": "18.11.3",
|
|
31
36
|
"fast-check": "3.0.0",
|
|
32
|
-
"micro-bmark": "0.3.
|
|
37
|
+
"micro-bmark": "0.3.1",
|
|
33
38
|
"micro-should": "0.4.0",
|
|
34
39
|
"prettier": "2.8.3",
|
|
35
40
|
"typescript": "4.7.3"
|
|
@@ -37,129 +42,129 @@
|
|
|
37
42
|
"main": "index.js",
|
|
38
43
|
"exports": {
|
|
39
44
|
".": {
|
|
40
|
-
"types": "./
|
|
41
|
-
"import": "./
|
|
42
|
-
"default": "./
|
|
45
|
+
"types": "./index.d.ts",
|
|
46
|
+
"import": "./esm/index.js",
|
|
47
|
+
"default": "./index.js"
|
|
43
48
|
},
|
|
44
49
|
"./abstract/edwards": {
|
|
45
|
-
"types": "./
|
|
46
|
-
"import": "./
|
|
47
|
-
"default": "./
|
|
50
|
+
"types": "./abstract/edwards.d.ts",
|
|
51
|
+
"import": "./esm/abstract/edwards.js",
|
|
52
|
+
"default": "./abstract/edwards.js"
|
|
48
53
|
},
|
|
49
54
|
"./abstract/modular": {
|
|
50
|
-
"types": "./
|
|
51
|
-
"import": "./
|
|
52
|
-
"default": "./
|
|
55
|
+
"types": "./abstract/modular.d.ts",
|
|
56
|
+
"import": "./esm/abstract/modular.js",
|
|
57
|
+
"default": "./abstract/modular.js"
|
|
53
58
|
},
|
|
54
59
|
"./abstract/montgomery": {
|
|
55
|
-
"types": "./
|
|
56
|
-
"import": "./
|
|
57
|
-
"default": "./
|
|
60
|
+
"types": "./abstract/montgomery.d.ts",
|
|
61
|
+
"import": "./esm/abstract/montgomery.js",
|
|
62
|
+
"default": "./abstract/montgomery.js"
|
|
58
63
|
},
|
|
59
64
|
"./abstract/weierstrass": {
|
|
60
|
-
"types": "./
|
|
61
|
-
"import": "./
|
|
62
|
-
"default": "./
|
|
65
|
+
"types": "./abstract/weierstrass.d.ts",
|
|
66
|
+
"import": "./esm/abstract/weierstrass.js",
|
|
67
|
+
"default": "./abstract/weierstrass.js"
|
|
63
68
|
},
|
|
64
69
|
"./abstract/bls": {
|
|
65
|
-
"types": "./
|
|
66
|
-
"import": "./
|
|
67
|
-
"default": "./
|
|
70
|
+
"types": "./abstract/bls.d.ts",
|
|
71
|
+
"import": "./esm/abstract/bls.js",
|
|
72
|
+
"default": "./abstract/bls.js"
|
|
68
73
|
},
|
|
69
74
|
"./abstract/hash-to-curve": {
|
|
70
|
-
"types": "./
|
|
71
|
-
"import": "./
|
|
72
|
-
"default": "./
|
|
75
|
+
"types": "./abstract/hash-to-curve.d.ts",
|
|
76
|
+
"import": "./esm/abstract/hash-to-curve.js",
|
|
77
|
+
"default": "./abstract/hash-to-curve.js"
|
|
73
78
|
},
|
|
74
79
|
"./abstract/curve": {
|
|
75
|
-
"types": "./
|
|
76
|
-
"import": "./
|
|
77
|
-
"default": "./
|
|
80
|
+
"types": "./abstract/curve.d.ts",
|
|
81
|
+
"import": "./esm/abstract/curve.js",
|
|
82
|
+
"default": "./abstract/curve.js"
|
|
78
83
|
},
|
|
79
84
|
"./abstract/utils": {
|
|
80
|
-
"types": "./
|
|
81
|
-
"import": "./
|
|
82
|
-
"default": "./
|
|
85
|
+
"types": "./abstract/utils.d.ts",
|
|
86
|
+
"import": "./esm/abstract/utils.js",
|
|
87
|
+
"default": "./abstract/utils.js"
|
|
83
88
|
},
|
|
84
89
|
"./abstract/poseidon": {
|
|
85
|
-
"types": "./
|
|
86
|
-
"import": "./
|
|
87
|
-
"default": "./
|
|
90
|
+
"types": "./abstract/poseidon.d.ts",
|
|
91
|
+
"import": "./esm/abstract/poseidon.js",
|
|
92
|
+
"default": "./abstract/poseidon.js"
|
|
88
93
|
},
|
|
89
94
|
"./_shortw_utils": {
|
|
90
|
-
"types": "./
|
|
91
|
-
"import": "./
|
|
92
|
-
"default": "./
|
|
95
|
+
"types": "./_shortw_utils.d.ts",
|
|
96
|
+
"import": "./esm/_shortw_utils.js",
|
|
97
|
+
"default": "./_shortw_utils.js"
|
|
93
98
|
},
|
|
94
99
|
"./bls12-381": {
|
|
95
|
-
"types": "./
|
|
96
|
-
"import": "./
|
|
97
|
-
"default": "./
|
|
100
|
+
"types": "./bls12-381.d.ts",
|
|
101
|
+
"import": "./esm/bls12-381.js",
|
|
102
|
+
"default": "./bls12-381.js"
|
|
98
103
|
},
|
|
99
104
|
"./bn": {
|
|
100
|
-
"types": "./
|
|
101
|
-
"import": "./
|
|
102
|
-
"default": "./
|
|
105
|
+
"types": "./bn.d.ts",
|
|
106
|
+
"import": "./esm/bn.js",
|
|
107
|
+
"default": "./bn.js"
|
|
103
108
|
},
|
|
104
109
|
"./ed25519": {
|
|
105
|
-
"types": "./
|
|
106
|
-
"import": "./
|
|
107
|
-
"default": "./
|
|
110
|
+
"types": "./ed25519.d.ts",
|
|
111
|
+
"import": "./esm/ed25519.js",
|
|
112
|
+
"default": "./ed25519.js"
|
|
108
113
|
},
|
|
109
114
|
"./ed448": {
|
|
110
|
-
"types": "./
|
|
111
|
-
"import": "./
|
|
112
|
-
"default": "./
|
|
115
|
+
"types": "./ed448.d.ts",
|
|
116
|
+
"import": "./esm/ed448.js",
|
|
117
|
+
"default": "./ed448.js"
|
|
113
118
|
},
|
|
114
119
|
"./index": {
|
|
115
|
-
"types": "./
|
|
116
|
-
"import": "./
|
|
117
|
-
"default": "./
|
|
120
|
+
"types": "./index.d.ts",
|
|
121
|
+
"import": "./esm/index.js",
|
|
122
|
+
"default": "./index.js"
|
|
118
123
|
},
|
|
119
124
|
"./jubjub": {
|
|
120
|
-
"types": "./
|
|
121
|
-
"import": "./
|
|
122
|
-
"default": "./
|
|
125
|
+
"types": "./jubjub.d.ts",
|
|
126
|
+
"import": "./esm/jubjub.js",
|
|
127
|
+
"default": "./jubjub.js"
|
|
123
128
|
},
|
|
124
129
|
"./p192": {
|
|
125
|
-
"types": "./
|
|
126
|
-
"import": "./
|
|
127
|
-
"default": "./
|
|
130
|
+
"types": "./p192.d.ts",
|
|
131
|
+
"import": "./esm/p192.js",
|
|
132
|
+
"default": "./p192.js"
|
|
128
133
|
},
|
|
129
134
|
"./p224": {
|
|
130
|
-
"types": "./
|
|
131
|
-
"import": "./
|
|
132
|
-
"default": "./
|
|
135
|
+
"types": "./p224.d.ts",
|
|
136
|
+
"import": "./esm/p224.js",
|
|
137
|
+
"default": "./p224.js"
|
|
133
138
|
},
|
|
134
139
|
"./p256": {
|
|
135
|
-
"types": "./
|
|
136
|
-
"import": "./
|
|
137
|
-
"default": "./
|
|
140
|
+
"types": "./p256.d.ts",
|
|
141
|
+
"import": "./esm/p256.js",
|
|
142
|
+
"default": "./p256.js"
|
|
138
143
|
},
|
|
139
144
|
"./p384": {
|
|
140
|
-
"types": "./
|
|
141
|
-
"import": "./
|
|
142
|
-
"default": "./
|
|
145
|
+
"types": "./p384.d.ts",
|
|
146
|
+
"import": "./esm/p384.js",
|
|
147
|
+
"default": "./p384.js"
|
|
143
148
|
},
|
|
144
149
|
"./p521": {
|
|
145
|
-
"types": "./
|
|
146
|
-
"import": "./
|
|
147
|
-
"default": "./
|
|
150
|
+
"types": "./p521.d.ts",
|
|
151
|
+
"import": "./esm/p521.js",
|
|
152
|
+
"default": "./p521.js"
|
|
148
153
|
},
|
|
149
154
|
"./pasta": {
|
|
150
|
-
"types": "./
|
|
151
|
-
"import": "./
|
|
152
|
-
"default": "./
|
|
155
|
+
"types": "./pasta.d.ts",
|
|
156
|
+
"import": "./esm/pasta.js",
|
|
157
|
+
"default": "./pasta.js"
|
|
153
158
|
},
|
|
154
159
|
"./secp256k1": {
|
|
155
|
-
"types": "./
|
|
156
|
-
"import": "./
|
|
157
|
-
"default": "./
|
|
160
|
+
"types": "./secp256k1.d.ts",
|
|
161
|
+
"import": "./esm/secp256k1.js",
|
|
162
|
+
"default": "./secp256k1.js"
|
|
158
163
|
},
|
|
159
164
|
"./stark": {
|
|
160
|
-
"types": "./
|
|
161
|
-
"import": "./
|
|
162
|
-
"default": "./
|
|
165
|
+
"types": "./stark.d.ts",
|
|
166
|
+
"import": "./esm/stark.js",
|
|
167
|
+
"default": "./stark.js"
|
|
163
168
|
}
|
|
164
169
|
},
|
|
165
170
|
"keywords": [
|
package/pasta.d.ts.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pasta.d.ts","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":"AAMA,eAAO,MAAM,CAAC,QAA+E,CAAC;AAC9F,eAAO,MAAM,CAAC,QAA+E,CAAC;AAG9F,eAAO,MAAM,MAAM,6CASjB,CAAC;AAEH,eAAO,MAAM,KAAK,6CAShB,CAAC"}
|
package/pasta.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"pasta.js","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,8DAAwD;AACxD,yDAA6C;AAC7C,6CAA6C;AAEhC,QAAA,CAAC,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AACjF,QAAA,CAAC,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE9F,0CAA0C;AAC7B,QAAA,MAAM,GAAG,IAAA,4BAAW,EAAC;IAChC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,SAAC,CAAC;IACb,CAAC,EAAE,SAAC;IACJ,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,SAAC,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,IAAA,0BAAO,EAAC,eAAM,CAAC;CACnB,CAAC,CAAC;AACH,yCAAyC;AAC5B,QAAA,KAAK,GAAG,IAAA,4BAAW,EAAC;IAC/B,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,SAAC,CAAC;IACb,CAAC,EAAE,SAAC;IACJ,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,SAAC,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,IAAA,0BAAO,EAAC,eAAM,CAAC;CACnB,CAAC,CAAC"}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { mod } from './abstract/modular.js';
|
|
2
2
|
import { ProjPointType as PointType } from './abstract/weierstrass.js';
|
|
3
|
-
import { Hex,
|
|
3
|
+
import type { Hex, PrivKey } from './abstract/utils.js';
|
|
4
|
+
import { bytesToNumberBE } from './abstract/utils.js';
|
|
4
5
|
import * as htf from './abstract/hash-to-curve.js';
|
|
5
6
|
export declare const secp256k1: Readonly<{
|
|
6
7
|
create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
|
|
@@ -60,10 +61,17 @@ declare function schnorrGetExtPubKey(priv: PrivKey): {
|
|
|
60
61
|
bytes: Uint8Array;
|
|
61
62
|
};
|
|
62
63
|
declare function lift_x(x: bigint): PointType<bigint>;
|
|
64
|
+
/**
|
|
65
|
+
* Schnorr public key is just `x` coordinate of Point as per BIP340.
|
|
66
|
+
*/
|
|
63
67
|
declare function schnorrGetPublicKey(privateKey: Hex): Uint8Array;
|
|
68
|
+
/**
|
|
69
|
+
* Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
|
|
70
|
+
* auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.
|
|
71
|
+
*/
|
|
64
72
|
declare function schnorrSign(message: Hex, privateKey: PrivKey, auxRand?: Hex): Uint8Array;
|
|
65
73
|
/**
|
|
66
|
-
* Verifies Schnorr signature
|
|
74
|
+
* Verifies Schnorr signature.
|
|
67
75
|
*/
|
|
68
76
|
declare function schnorrVerify(signature: Hex, message: Hex, publicKey: Hex): boolean;
|
|
69
77
|
export declare const schnorr: {
|
|
@@ -71,14 +79,16 @@ export declare const schnorr: {
|
|
|
71
79
|
sign: typeof schnorrSign;
|
|
72
80
|
verify: typeof schnorrVerify;
|
|
73
81
|
utils: {
|
|
82
|
+
randomPrivateKey: () => Uint8Array;
|
|
74
83
|
getExtendedPublicKey: typeof schnorrGetExtPubKey;
|
|
75
84
|
lift_x: typeof lift_x;
|
|
76
85
|
pointToBytes: (point: PointType<bigint>) => Uint8Array;
|
|
77
86
|
numberToBytesBE: (n: bigint, len: number) => Uint8Array;
|
|
78
|
-
bytesToNumberBE: typeof
|
|
87
|
+
bytesToNumberBE: typeof bytesToNumberBE;
|
|
79
88
|
taggedHash: typeof taggedHash;
|
|
80
89
|
mod: typeof mod;
|
|
81
90
|
};
|
|
82
91
|
};
|
|
83
|
-
declare const hashToCurve: (msg:
|
|
84
|
-
export {
|
|
92
|
+
export declare const hashToCurve: (msg: Uint8Array, options?: htf.htfBasicOpts | undefined) => htf.H2CPoint<bigint>, encodeToCurve: (msg: Uint8Array, options?: htf.htfBasicOpts | undefined) => htf.H2CPoint<bigint>;
|
|
93
|
+
export {};
|
|
94
|
+
//# sourceMappingURL=secp256k1.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAGA,OAAO,EAAe,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,aAAa,IAAI,SAAS,EAAuB,MAAM,2BAA2B,CAAC;AAC5F,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,eAAe,EAA6C,MAAM,qBAAqB,CAAC;AACjG,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAwCnD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CrB,CAAC;AASF,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;AASD,iBAAS,mBAAmB,CAAC,IAAI,EAAE,OAAO;;;;EAKzC;AACD,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAS5C;AAKD;;GAEG;AACH,iBAAS,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAExD;AAED;;;GAGG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,GAAG,EACZ,UAAU,EAAE,OAAO,EACnB,OAAO,GAAE,GAAqB,GAC7B,UAAU,CAgBZ;AAED;;GAEG;AACH,iBAAS,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,OAAO,CAiB5E;AAED,eAAO,MAAM,OAAO;;;;;;;;8BAlFS,UAAU,MAAM,CAAC;;;;;;CAgG7C,CAAC;AAuCF,eAAO,MAAQ,WAAW,qFAAE,aAAa,mFAexC,CAAC"}
|
|
@@ -1,21 +1,15 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var _a;
|
|
2
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
4
|
exports.encodeToCurve = exports.hashToCurve = exports.schnorr = exports.secp256k1 = void 0;
|
|
4
5
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
6
|
const sha256_1 = require("@noble/hashes/sha256");
|
|
7
|
+
const utils_1 = require("@noble/hashes/utils");
|
|
6
8
|
const modular_js_1 = require("./abstract/modular.js");
|
|
7
|
-
const _shortw_utils_js_1 = require("./_shortw_utils.js");
|
|
8
9
|
const weierstrass_js_1 = require("./abstract/weierstrass.js");
|
|
9
10
|
const utils_js_1 = require("./abstract/utils.js");
|
|
10
|
-
const utils_1 = require("@noble/hashes/utils");
|
|
11
11
|
const htf = require("./abstract/hash-to-curve.js");
|
|
12
|
-
|
|
13
|
-
* secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
|
|
14
|
-
* Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
|
|
15
|
-
* Should always be used for Projective's double-and-add multiplication.
|
|
16
|
-
* For affines cached multiplication, it trades off 1/2 init time & 1/3 ram for 20% perf hit.
|
|
17
|
-
* https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
|
|
18
|
-
*/
|
|
12
|
+
const _shortw_utils_js_1 = require("./_shortw_utils.js");
|
|
19
13
|
const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
|
|
20
14
|
const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');
|
|
21
15
|
const _1n = BigInt(1);
|
|
@@ -51,23 +45,22 @@ function sqrtMod(y) {
|
|
|
51
45
|
}
|
|
52
46
|
const Fp = (0, modular_js_1.Fp)(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
|
|
53
47
|
exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
|
|
54
|
-
// Params: a, b
|
|
55
|
-
// Seem to be rigid https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
|
|
56
48
|
a: BigInt(0),
|
|
57
49
|
b: BigInt(7),
|
|
58
|
-
// Field over which we'll do calculations;
|
|
59
|
-
// 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
|
|
60
50
|
Fp,
|
|
61
|
-
// Curve order, total count of valid points in the field
|
|
62
51
|
n: secp256k1N,
|
|
63
52
|
// Base point (x, y) aka generator point
|
|
64
53
|
Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
|
|
65
54
|
Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
|
|
66
55
|
h: BigInt(1),
|
|
67
|
-
// Alllow only low-S signatures by default in sign() and verify()
|
|
68
56
|
lowS: true,
|
|
57
|
+
/**
|
|
58
|
+
* secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
|
|
59
|
+
* Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
|
|
60
|
+
* For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
|
|
61
|
+
* Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
|
|
62
|
+
*/
|
|
69
63
|
endo: {
|
|
70
|
-
// Params taken from https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
|
|
71
64
|
beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
|
|
72
65
|
splitScalar: (k) => {
|
|
73
66
|
const n = secp256k1N;
|
|
@@ -93,17 +86,11 @@ exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
93
86
|
},
|
|
94
87
|
},
|
|
95
88
|
}, sha256_1.sha256);
|
|
96
|
-
// Schnorr signatures are superior to ECDSA from above.
|
|
97
|
-
// Below is Schnorr-specific code as per BIP0340.
|
|
89
|
+
// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.
|
|
98
90
|
// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
|
|
99
91
|
const _0n = BigInt(0);
|
|
100
92
|
const fe = (x) => typeof x === 'bigint' && _0n < x && x < secp256k1P;
|
|
101
93
|
const ge = (x) => typeof x === 'bigint' && _0n < x && x < secp256k1N;
|
|
102
|
-
const TAGS = {
|
|
103
|
-
challenge: 'BIP0340/challenge',
|
|
104
|
-
aux: 'BIP0340/aux',
|
|
105
|
-
nonce: 'BIP0340/nonce',
|
|
106
|
-
};
|
|
107
94
|
/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */
|
|
108
95
|
const TAGGED_HASH_PREFIXES = {};
|
|
109
96
|
function taggedHash(tag, ...messages) {
|
|
@@ -117,12 +104,12 @@ function taggedHash(tag, ...messages) {
|
|
|
117
104
|
}
|
|
118
105
|
const pointToBytes = (point) => point.toRawBytes(true).slice(1);
|
|
119
106
|
const numTo32b = (n) => (0, utils_js_1.numberToBytesBE)(n, 32);
|
|
107
|
+
const modP = (x) => (0, modular_js_1.mod)(x, secp256k1P);
|
|
120
108
|
const modN = (x) => (0, modular_js_1.mod)(x, secp256k1N);
|
|
121
109
|
const Point = exports.secp256k1.ProjectivePoint;
|
|
122
110
|
const GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
|
|
123
|
-
const hex32ToInt = (key) => (0, utils_js_1.bytesToNumberBE)((0, utils_js_1.ensureBytes)(key, 32));
|
|
124
111
|
function schnorrGetExtPubKey(priv) {
|
|
125
|
-
|
|
112
|
+
const d = exports.secp256k1.utils.normPrivateKeyToScalar(priv);
|
|
126
113
|
const point = Point.fromPrivateKey(d); // P = d'⋅G; 0 < d' < n check is done inside
|
|
127
114
|
const scalar = point.hasEvenY() ? d : modN(-d); // d = d' if has_even_y(P), otherwise d = n-d'
|
|
128
115
|
return { point, scalar, bytes: pointToBytes(point) };
|
|
@@ -130,31 +117,34 @@ function schnorrGetExtPubKey(priv) {
|
|
|
130
117
|
function lift_x(x) {
|
|
131
118
|
if (!fe(x))
|
|
132
119
|
throw new Error('bad x: need 0 < x < p'); // Fail if x ≥ p.
|
|
133
|
-
const
|
|
120
|
+
const xx = modP(x * x);
|
|
121
|
+
const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.
|
|
134
122
|
let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
|
|
135
123
|
if (y % 2n !== 0n)
|
|
136
|
-
y = (
|
|
124
|
+
y = modP(-y); // Return the unique point P such that x(P) = x and
|
|
137
125
|
const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
|
|
138
126
|
p.assertValidity();
|
|
139
127
|
return p;
|
|
140
128
|
}
|
|
141
129
|
function challenge(...args) {
|
|
142
|
-
return modN((0, utils_js_1.bytesToNumberBE)(taggedHash(
|
|
130
|
+
return modN((0, utils_js_1.bytesToNumberBE)(taggedHash('BIP0340/challenge', ...args)));
|
|
143
131
|
}
|
|
144
|
-
|
|
132
|
+
/**
|
|
133
|
+
* Schnorr public key is just `x` coordinate of Point as per BIP340.
|
|
134
|
+
*/
|
|
145
135
|
function schnorrGetPublicKey(privateKey) {
|
|
146
136
|
return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)
|
|
147
137
|
}
|
|
148
|
-
|
|
149
|
-
|
|
138
|
+
/**
|
|
139
|
+
* Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
|
|
140
|
+
* auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.
|
|
141
|
+
*/
|
|
150
142
|
function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)) {
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
const
|
|
154
|
-
const
|
|
155
|
-
const
|
|
156
|
-
const t = numTo32b(d ^ (0, utils_js_1.bytesToNumberBE)(taggedHash(TAGS.aux, a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
|
|
157
|
-
const rand = taggedHash(TAGS.nonce, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
|
|
143
|
+
const m = (0, utils_js_1.ensureBytes)('message', message);
|
|
144
|
+
const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder
|
|
145
|
+
const a = (0, utils_js_1.ensureBytes)('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array
|
|
146
|
+
const t = numTo32b(d ^ (0, utils_js_1.bytesToNumberBE)(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
|
|
147
|
+
const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
|
|
158
148
|
const k_ = modN((0, utils_js_1.bytesToNumberBE)(rand)); // Let k' = int(rand) mod n
|
|
159
149
|
if (k_ === _0n)
|
|
160
150
|
throw new Error('sign failed: k is zero'); // Fail if k' = 0.
|
|
@@ -169,20 +159,21 @@ function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)
|
|
|
169
159
|
return sig;
|
|
170
160
|
}
|
|
171
161
|
/**
|
|
172
|
-
* Verifies Schnorr signature
|
|
162
|
+
* Verifies Schnorr signature.
|
|
173
163
|
*/
|
|
174
164
|
function schnorrVerify(signature, message, publicKey) {
|
|
165
|
+
const sig = (0, utils_js_1.ensureBytes)('signature', signature, 64);
|
|
166
|
+
const m = (0, utils_js_1.ensureBytes)('message', message);
|
|
167
|
+
const pub = (0, utils_js_1.ensureBytes)('publicKey', publicKey, 32);
|
|
175
168
|
try {
|
|
176
|
-
const P = lift_x(
|
|
177
|
-
const sig = (0, utils_js_1.ensureBytes)(signature, 64);
|
|
169
|
+
const P = lift_x((0, utils_js_1.bytesToNumberBE)(pub)); // P = lift_x(int(pk)); fail if that fails
|
|
178
170
|
const r = (0, utils_js_1.bytesToNumberBE)(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
|
|
179
171
|
if (!fe(r))
|
|
180
172
|
return false;
|
|
181
173
|
const s = (0, utils_js_1.bytesToNumberBE)(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
|
|
182
174
|
if (!ge(s))
|
|
183
175
|
return false;
|
|
184
|
-
const
|
|
185
|
-
const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m)) mod n
|
|
176
|
+
const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n
|
|
186
177
|
const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P
|
|
187
178
|
if (!R || !R.hasEvenY() || R.toAffine().x !== r)
|
|
188
179
|
return false; // -eP == (n-e)P
|
|
@@ -197,6 +188,7 @@ exports.schnorr = {
|
|
|
197
188
|
sign: schnorrSign,
|
|
198
189
|
verify: schnorrVerify,
|
|
199
190
|
utils: {
|
|
191
|
+
randomPrivateKey: exports.secp256k1.utils.randomPrivateKey,
|
|
200
192
|
getExtendedPublicKey: schnorrGetExtPubKey,
|
|
201
193
|
lift_x,
|
|
202
194
|
pointToBytes,
|
|
@@ -240,7 +232,7 @@ const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
|
|
|
240
232
|
B: BigInt('1771'),
|
|
241
233
|
Z: Fp.create(BigInt('-11')),
|
|
242
234
|
});
|
|
243
|
-
|
|
235
|
+
_a = htf.createHasher(exports.secp256k1.ProjectivePoint, (scalars) => {
|
|
244
236
|
const { x, y } = mapSWU(Fp.create(scalars[0]));
|
|
245
237
|
return isoMap(x, y);
|
|
246
238
|
}, {
|
|
@@ -251,6 +243,5 @@ const { hashToCurve, encodeToCurve } = htf.hashToCurve(exports.secp256k1.Project
|
|
|
251
243
|
k: 128,
|
|
252
244
|
expand: 'xmd',
|
|
253
245
|
hash: sha256_1.sha256,
|
|
254
|
-
});
|
|
255
|
-
|
|
256
|
-
exports.encodeToCurve = encodeToCurve;
|
|
246
|
+
}), exports.hashToCurve = _a.hashToCurve, exports.encodeToCurve = _a.encodeToCurve;
|
|
247
|
+
//# sourceMappingURL=secp256k1.js.map
|
package/secp256k1.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":";;;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,+CAAkD;AAClD,sDAA+D;AAC/D,8DAA4F;AAE5F,kDAAiG;AACjG,mDAAmD;AACnD,yDAAiD;AAEjD,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,OAAO,CAAC,CAAS;IACxB,MAAM,CAAC,GAAG,UAAU,CAAC;IACrB,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACtC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;IACpC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAGzD,QAAA,SAAS,GAAG,IAAA,8BAAW,EAClC;IACE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,UAAU;IACb,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,IAAI;IACV;;;;;OAKG;IACH,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC,oEAAoE,CAAC;QAClF,WAAW,EAAE,CAAC,CAAS,EAAE,EAAE;YACzB,MAAM,CAAC,GAAG,UAAU,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACxD,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC;YACzD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC,0BAA0B;YAE3F,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACvC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,SAAS,EAAE;gBACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,CAAC,CAAC;aAC7D;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAClC,CAAC;KACF;CACF,EACD,eAAM,CACP,CAAC;AAEF,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,wFAAwF;AACxF,MAAM,oBAAoB,GAAkC,EAAE,CAAC;AAC/D,SAAS,UAAU,CAAC,GAAW,EAAE,GAAG,QAAsB;IACxD,IAAI,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,SAAS,EAAE;QACtB,MAAM,IAAI,GAAG,IAAA,eAAM,EAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAA,sBAAW,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/B,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;KAClC;IACD,OAAO,IAAA,eAAM,EAAC,IAAA,sBAAW,EAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,YAAY,GAAG,CAAC,KAAwB,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAG,iBAAS,CAAC,eAAe,CAAC;AACxC,MAAM,OAAO,GAAG,CAAC,CAAoB,EAAE,CAAS,EAAE,CAAS,EAAE,EAAE,CAC7D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3C,SAAS,mBAAmB,CAAC,IAAa;IACxC,MAAM,CAAC,GAAG,iBAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,4CAA4C;IACnF,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,8CAA8C;IAC9F,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;AACvD,CAAC;AACD,SAAS,MAAM,CAAC,CAAS;IACvB,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,iBAAiB;IACvE,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC5D,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC/C,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE;QAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;IACpF,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mDAAmD;IACnF,CAAC,CAAC,cAAc,EAAE,CAAC;IACnB,OAAO,CAAC,CAAC;AACX,CAAC;AACD,SAAS,SAAS,CAAC,GAAG,IAAkB;IACtC,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,UAAU,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,UAAe;IAC1C,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,oDAAoD;AACpG,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,OAAY,EACZ,UAAmB,EACnB,UAAe,IAAA,mBAAW,EAAC,EAAE,CAAC;IAE9B,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,gCAAgC;IAClG,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,2CAA2C;IAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,IAAA,0BAAe,EAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,yDAAyD;IAChI,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,4CAA4C;IAChG,MAAM,EAAE,GAAG,IAAI,CAAC,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACnE,IAAI,EAAE,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB;IAC7E,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB;IACpF,MAAM,CAAC,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gEAAgE;IAChG,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/E,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,iEAAiE;IACjE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACpF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,SAAc,EAAE,OAAY,EAAE,SAAc;IACjE,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,IAAI;QACF,MAAM,CAAC,GAAG,MAAM,CAAC,IAAA,0BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAClF,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;QACzF,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAC3F,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAChG,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACnD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;QAC/E,OAAO,IAAI,CAAC,CAAC,yDAAyD;KACvE;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAEY,QAAA,OAAO,GAAG;IACrB,YAAY,EAAE,mBAAmB;IACjC,IAAI,EAAE,WAAW;IACjB,MAAM,EAAE,aAAa;IACrB,KAAK,EAAE;QACL,gBAAgB,EAAE,iBAAS,CAAC,KAAK,CAAC,gBAAgB;QAClD,oBAAoB,EAAE,mBAAmB;QACzC,MAAM;QACN,YAAY;QACZ,eAAe,EAAf,0BAAe;QACf,eAAe,EAAf,0BAAe;QACf,UAAU;QACV,GAAG,EAAH,gBAAG;KACJ;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAC3B,EAAE,EACF;IACE,OAAO;IACP;QACE,oEAAoE;QACpE,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAA6B,CAClE,CAAC;AACF,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AACU,KAAiC,GAAG,CAAC,YAAY,CAC5D,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE;IACpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtB,CAAC,EACD;IACE,GAAG,EAAE,gCAAgC;IACrC,SAAS,EAAE,gCAAgC;IAC3C,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,EAfc,mBAAW,mBAAE,qBAAa,oBAevC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
+
import { hmac } from '@noble/hashes/hmac';
|
|
3
|
+
import { concatBytes, randomBytes } from '@noble/hashes/utils';
|
|
4
|
+
import { weierstrass, CurveType } from './abstract/weierstrass.js';
|
|
5
|
+
import { CHash } from './abstract/utils.js';
|
|
6
|
+
|
|
7
|
+
// connects noble-curves to noble-hashes
|
|
8
|
+
export function getHash(hash: CHash) {
|
|
9
|
+
return {
|
|
10
|
+
hash,
|
|
11
|
+
hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => hmac(hash, key, concatBytes(...msgs)),
|
|
12
|
+
randomBytes,
|
|
13
|
+
};
|
|
14
|
+
}
|
|
15
|
+
// Same API as @noble/hashes, with ability to create curve with custom hash
|
|
16
|
+
type CurveDef = Readonly<Omit<CurveType, 'hash' | 'hmac' | 'randomBytes'>>;
|
|
17
|
+
export function createCurve(curveDef: CurveDef, defHash: CHash) {
|
|
18
|
+
const create = (hash: CHash) => weierstrass({ ...curveDef, ...getHash(hash) });
|
|
19
|
+
return Object.freeze({ ...create(defHash), create });
|
|
20
|
+
}
|