@noble/curves 0.7.0 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +118 -73
- package/_shortw_utils.d.ts +0 -1
- package/_shortw_utils.d.ts.map +1 -1
- package/abstract/bls.js +1 -1
- package/abstract/bls.js.map +1 -1
- package/abstract/montgomery.d.ts +7 -3
- package/abstract/montgomery.d.ts.map +1 -1
- package/abstract/montgomery.js +10 -7
- package/abstract/montgomery.js.map +1 -1
- package/abstract/weierstrass.d.ts +2 -3
- package/abstract/weierstrass.d.ts.map +1 -1
- package/abstract/weierstrass.js +29 -24
- package/abstract/weierstrass.js.map +1 -1
- package/ed25519.d.ts.map +1 -1
- package/ed25519.js +3 -2
- package/ed25519.js.map +1 -1
- package/ed448.d.ts.map +1 -1
- package/ed448.js +3 -2
- package/ed448.js.map +1 -1
- package/esm/abstract/bls.js +1 -1
- package/esm/abstract/bls.js.map +1 -1
- package/esm/abstract/montgomery.js +10 -7
- package/esm/abstract/montgomery.js.map +1 -1
- package/esm/abstract/weierstrass.js +29 -24
- package/esm/abstract/weierstrass.js.map +1 -1
- package/esm/ed25519.js +3 -2
- package/esm/ed25519.js.map +1 -1
- package/esm/ed448.js +3 -2
- package/esm/ed448.js.map +1 -1
- package/esm/secp256k1.js +11 -1
- package/esm/secp256k1.js.map +1 -1
- package/esm/stark.js +75 -114
- package/esm/stark.js.map +1 -1
- package/p256.d.ts +0 -2
- package/p256.d.ts.map +1 -1
- package/p384.d.ts +0 -2
- package/p384.d.ts.map +1 -1
- package/p521.d.ts +0 -2
- package/p521.d.ts.map +1 -1
- package/package.json +2 -12
- package/secp256k1.d.ts +5 -1
- package/secp256k1.d.ts.map +1 -1
- package/secp256k1.js +11 -1
- package/secp256k1.js.map +1 -1
- package/src/abstract/bls.ts +1 -1
- package/src/abstract/montgomery.ts +15 -10
- package/src/abstract/weierstrass.ts +30 -28
- package/src/ed25519.ts +3 -2
- package/src/ed448.ts +3 -2
- package/src/secp256k1.ts +11 -1
- package/src/stark.ts +92 -130
- package/stark.d.ts +12 -18
- package/stark.d.ts.map +1 -1
- package/stark.js +82 -123
- package/stark.js.map +1 -1
- package/esm/p192.js +0 -22
- package/esm/p192.js.map +0 -1
- package/esm/p224.js +0 -22
- package/esm/p224.js.map +0 -1
- package/p192.d.ts +0 -103
- package/p192.d.ts.map +0 -1
- package/p192.js +0 -25
- package/p192.js.map +0 -1
- package/p224.d.ts +0 -103
- package/p224.d.ts.map +0 -1
- package/p224.js +0 -25
- package/p224.js.map +0 -1
- package/src/p192.ts +0 -25
- package/src/p224.ts +0 -25
package/README.md
CHANGED
|
@@ -9,21 +9,21 @@ Audited & minimal JS implementation of elliptic curve cryptography.
|
|
|
9
9
|
for encoding or hashing an arbitrary string to an elliptic curve point
|
|
10
10
|
- 🧜♂️ [Poseidon](https://www.poseidon-hash.info) ZK-friendly hash
|
|
11
11
|
- 🏎 [Ultra-fast](#speed), hand-optimized for caveats of JS engines
|
|
12
|
-
- 🔍 Unique tests ensure correctness
|
|
12
|
+
- 🔍 Unique tests ensure correctness with Wycheproof vectors and [cryptofuzz](https://github.com/guidovranken/cryptofuzz) differential fuzzing
|
|
13
13
|
- 🔻 Tree-shaking-friendly: there is no entry point, which ensures small size of your app
|
|
14
14
|
|
|
15
15
|
Package consists of two parts:
|
|
16
16
|
|
|
17
17
|
1. [Abstract](#abstract-api), zero-dependency EC algorithms
|
|
18
18
|
2. [Implementations](#implementations), utilizing one dependency `@noble/hashes`, providing ready-to-use:
|
|
19
|
-
- NIST curves
|
|
19
|
+
- NIST curves secp256r1/P256, secp384r1/P384, secp521r1/P521
|
|
20
20
|
- SECG curve secp256k1
|
|
21
|
-
- ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448 RFC7748 / RFC8032 / ZIP215 stuff
|
|
21
|
+
- ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448 [RFC7748](https://www.rfc-editor.org/rfc/rfc7748) / [RFC8032](https://www.rfc-editor.org/rfc/rfc8032) / [ZIP215](https://zips.z.cash/zip-0215) stuff
|
|
22
22
|
- pairing-friendly curves bls12-381, bn254
|
|
23
23
|
|
|
24
24
|
Check out [Upgrading](#upgrading) if you've previously used single-feature noble packages
|
|
25
25
|
([secp256k1](https://github.com/paulmillr/noble-secp256k1), [ed25519](https://github.com/paulmillr/noble-ed25519)).
|
|
26
|
-
See [
|
|
26
|
+
See [Resources](#resources) for articles and real-world software that uses curves.
|
|
27
27
|
|
|
28
28
|
### This library belongs to _noble_ crypto
|
|
29
29
|
|
|
@@ -45,7 +45,7 @@ Use NPM for browser / node.js:
|
|
|
45
45
|
|
|
46
46
|
> npm install @noble/curves
|
|
47
47
|
|
|
48
|
-
For [Deno](https://deno.land), use it with npm specifier. In browser, you could also include the single file from
|
|
48
|
+
For [Deno](https://deno.land), use it with [npm specifier](https://deno.land/manual@v1.28.0/node/npm_specifiers). In browser, you could also include the single file from
|
|
49
49
|
[GitHub's releases page](https://github.com/paulmillr/noble-curves/releases).
|
|
50
50
|
|
|
51
51
|
The library is tree-shaking-friendly and does not expose root entry point as `import * from '@noble/curves'`.
|
|
@@ -64,12 +64,8 @@ const msg = new Uint8Array(32).fill(1);
|
|
|
64
64
|
const sig = secp256k1.sign(msg, priv);
|
|
65
65
|
secp256k1.verify(sig, msg, pub) === true;
|
|
66
66
|
|
|
67
|
-
const privHex = '46c930bc7bb4db7f55da20798697421b98c4175a52c630294d75a84b9c126236'
|
|
67
|
+
const privHex = '46c930bc7bb4db7f55da20798697421b98c4175a52c630294d75a84b9c126236';
|
|
68
68
|
const pub2 = secp256k1.getPublicKey(privHex); // keys & other inputs can be Uint8Array-s or hex strings
|
|
69
|
-
|
|
70
|
-
// Follows hash-to-curve specification to encode arbitrary hashes to EC points
|
|
71
|
-
import { hashToCurve, encodeToCurve } from '@noble/curves/secp256k1';
|
|
72
|
-
hashToCurve('0102abcd');
|
|
73
69
|
```
|
|
74
70
|
|
|
75
71
|
All curves:
|
|
@@ -125,7 +121,7 @@ import { ed25519ctx, ed25519ph } from '@noble/curves/ed25519';
|
|
|
125
121
|
import { x25519 } from '@noble/curves/ed25519';
|
|
126
122
|
const priv = 'a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4';
|
|
127
123
|
const pub = 'e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c';
|
|
128
|
-
x25519.getSharedSecret(priv, pub) === x25519.scalarMult(priv, pub);
|
|
124
|
+
x25519.getSharedSecret(priv, pub) === x25519.scalarMult(priv, pub); // aliases
|
|
129
125
|
x25519.getPublicKey(priv) === x25519.scalarMultBase(priv);
|
|
130
126
|
|
|
131
127
|
// hash-to-curve
|
|
@@ -180,9 +176,9 @@ const signatures3 = privateKeys.map((p, i) => bls.sign(messages[i], p));
|
|
|
180
176
|
const aggSignature3 = bls.aggregateSignatures(signatures3);
|
|
181
177
|
const isValid3 = bls.verifyBatch(aggSignature3, messages, publicKeys);
|
|
182
178
|
console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
|
|
179
|
+
// bls.pairing(PointG1, PointG2) // pairings
|
|
183
180
|
|
|
184
|
-
//
|
|
185
|
-
// bls.pairing(PointG1, PointG2)
|
|
181
|
+
// hash-to-curve examples can be seen below
|
|
186
182
|
```
|
|
187
183
|
|
|
188
184
|
## Abstract API
|
|
@@ -190,7 +186,7 @@ console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
|
|
|
190
186
|
Abstract API allows to define custom curves. All arithmetics is done with JS bigints over finite fields,
|
|
191
187
|
which is defined from `modular` sub-module. For scalar multiplication, we use [precomputed tables with w-ary non-adjacent form (wNAF)](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/).
|
|
192
188
|
Precomputes are enabled for weierstrass and edwards BASE points of a curve. You could precompute any
|
|
193
|
-
other point (e.g. for ECDH) using `utils.precompute()` method.
|
|
189
|
+
other point (e.g. for ECDH) using `utils.precompute()` method: check out examples.
|
|
194
190
|
|
|
195
191
|
There are following zero-dependency algorithms:
|
|
196
192
|
|
|
@@ -216,7 +212,7 @@ For this you will need `hmac` & `hash`, which in our implementations is provided
|
|
|
216
212
|
If you're using different hashing library, make sure to wrap it in the following interface:
|
|
217
213
|
|
|
218
214
|
```ts
|
|
219
|
-
|
|
215
|
+
type CHash = {
|
|
220
216
|
(message: Uint8Array): Uint8Array;
|
|
221
217
|
blockLen: number;
|
|
222
218
|
outputLen: number;
|
|
@@ -235,7 +231,7 @@ export type CHash = {
|
|
|
235
231
|
|
|
236
232
|
```ts
|
|
237
233
|
// T is usually bigint, but can be something else like complex numbers in BLS curves
|
|
238
|
-
|
|
234
|
+
interface ProjPointType<T> extends Group<ProjPointType<T>> {
|
|
239
235
|
readonly px: T;
|
|
240
236
|
readonly py: T;
|
|
241
237
|
readonly pz: T;
|
|
@@ -251,7 +247,7 @@ export interface ProjPointType<T> extends Group<ProjPointType<T>> {
|
|
|
251
247
|
toHex(isCompressed?: boolean): string;
|
|
252
248
|
}
|
|
253
249
|
// Static methods for 3d XYZ points
|
|
254
|
-
|
|
250
|
+
interface ProjConstructor<T> extends GroupConstructor<ProjPointType<T>> {
|
|
255
251
|
new (x: T, y: T, z: T): ProjPointType<T>;
|
|
256
252
|
fromAffine(p: AffinePoint<T>): ProjPointType<T>;
|
|
257
253
|
fromHex(hex: Hex): ProjPointType<T>;
|
|
@@ -262,7 +258,7 @@ export interface ProjConstructor<T> extends GroupConstructor<ProjPointType<T>> {
|
|
|
262
258
|
**ECDSA signatures** are represented by `Signature` instances and can be described by the interface:
|
|
263
259
|
|
|
264
260
|
```ts
|
|
265
|
-
|
|
261
|
+
interface SignatureType {
|
|
266
262
|
readonly r: bigint;
|
|
267
263
|
readonly s: bigint;
|
|
268
264
|
readonly recovery?: number;
|
|
@@ -274,9 +270,14 @@ export interface SignatureType {
|
|
|
274
270
|
toCompactRawBytes(): Uint8Array;
|
|
275
271
|
toCompactHex(): string;
|
|
276
272
|
// DER-encoded
|
|
277
|
-
toDERRawBytes(
|
|
278
|
-
toDERHex(
|
|
273
|
+
toDERRawBytes(): Uint8Array;
|
|
274
|
+
toDERHex(): string;
|
|
279
275
|
}
|
|
276
|
+
type SignatureConstructor = {
|
|
277
|
+
new (r: bigint, s: bigint): SignatureType;
|
|
278
|
+
fromCompact(hex: Hex): SignatureType;
|
|
279
|
+
fromDER(hex: Hex): SignatureType;
|
|
280
|
+
};
|
|
280
281
|
```
|
|
281
282
|
|
|
282
283
|
Example implementing [secq256k1](https://personaelabs.org/posts/spartan-ecdsa) (NOT secp256k1)
|
|
@@ -307,24 +308,30 @@ secq256k1.getPublicKey(priv); // Convert private key to public.
|
|
|
307
308
|
const sig = secq256k1.sign(msg, priv); // Sign msg with private key.
|
|
308
309
|
secq256k1.verify(sig, msg, priv); // Verify if sig is correct.
|
|
309
310
|
|
|
310
|
-
const
|
|
311
|
+
const Point = secq256k1.ProjectivePoint;
|
|
312
|
+
const point = Point.BASE; // Elliptic curve Point class and BASE point static var.
|
|
311
313
|
point.add(point).equals(point.double()); // add(), equals(), double() methods
|
|
312
|
-
point.subtract(point).equals(
|
|
314
|
+
point.subtract(point).equals(Point.ZERO); // subtract() method, ZERO static var
|
|
313
315
|
point.negate(); // Flips point over x/y coordinate.
|
|
314
316
|
point.multiply(31415n); // Multiplication of Point by scalar.
|
|
315
317
|
|
|
316
318
|
point.assertValidity(); // Checks for being on-curve
|
|
317
|
-
point.toAffine();
|
|
319
|
+
point.toAffine(); // Converts to 2d affine xy coordinates
|
|
318
320
|
|
|
319
321
|
secq256k1.CURVE.n;
|
|
320
322
|
secq256k1.CURVE.Fp.mod();
|
|
321
323
|
secq256k1.CURVE.hash();
|
|
324
|
+
|
|
325
|
+
// precomputes
|
|
326
|
+
const fast = secq256k1.utils.precompute(8, Point.fromHex(someonesPubKey));
|
|
327
|
+
fast.multiply(privKey); // much faster ECDH now
|
|
322
328
|
```
|
|
323
329
|
|
|
324
330
|
`weierstrass()` returns `CurveFn`:
|
|
325
331
|
|
|
326
332
|
```ts
|
|
327
|
-
|
|
333
|
+
type SignOpts = { lowS?: boolean; prehash?: boolean; extraEntropy: boolean | Uint8Array };
|
|
334
|
+
type CurveFn = {
|
|
328
335
|
CURVE: ReturnType<typeof validateOpts>;
|
|
329
336
|
getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;
|
|
330
337
|
getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array;
|
|
@@ -338,8 +345,10 @@ export type CurveFn = {
|
|
|
338
345
|
ProjectivePoint: ProjectivePointConstructor;
|
|
339
346
|
Signature: SignatureConstructor;
|
|
340
347
|
utils: {
|
|
341
|
-
|
|
348
|
+
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
349
|
+
isValidPrivateKey(key: PrivKey): boolean;
|
|
342
350
|
randomPrivateKey: () => Uint8Array;
|
|
351
|
+
precompute: (windowSize?: number, point?: ProjPointType<bigint>) => ProjPointType<bigint>;
|
|
343
352
|
};
|
|
344
353
|
};
|
|
345
354
|
```
|
|
@@ -362,7 +371,7 @@ For EdDSA signatures, `hash` param required. `adjustScalarBytes` which instructs
|
|
|
362
371
|
7. Have `isTorsionFree()`, `clearCofactor()` and `isSmallOrder()` utilities to handle torsions
|
|
363
372
|
|
|
364
373
|
```ts
|
|
365
|
-
|
|
374
|
+
interface ExtPointType extends Group<ExtPointType> {
|
|
366
375
|
readonly ex: bigint;
|
|
367
376
|
readonly ey: bigint;
|
|
368
377
|
readonly ez: bigint;
|
|
@@ -376,7 +385,7 @@ export interface ExtPointType extends Group<ExtPointType> {
|
|
|
376
385
|
toAffine(iz?: bigint): AffinePoint<bigint>;
|
|
377
386
|
}
|
|
378
387
|
// Static methods of Extended Point with coordinates in X, Y, Z, T
|
|
379
|
-
|
|
388
|
+
interface ExtPointConstructor extends GroupConstructor<ExtPointType> {
|
|
380
389
|
new (x: bigint, y: bigint, z: bigint, t: bigint): ExtPointType;
|
|
381
390
|
fromAffine(p: AffinePoint<bigint>): ExtPointType;
|
|
382
391
|
fromHex(hex: Hex): ExtPointType;
|
|
@@ -388,13 +397,14 @@ Example implementing edwards25519:
|
|
|
388
397
|
|
|
389
398
|
```ts
|
|
390
399
|
import { twistedEdwards } from '@noble/curves/abstract/edwards';
|
|
391
|
-
import { div } from '@noble/curves/abstract/modular';
|
|
400
|
+
import { Field, div } from '@noble/curves/abstract/modular';
|
|
392
401
|
import { sha512 } from '@noble/hashes/sha512';
|
|
393
402
|
|
|
403
|
+
const Fp = Field(2n ** 255n - 19n);
|
|
394
404
|
const ed25519 = twistedEdwards({
|
|
395
405
|
a: -1n,
|
|
396
|
-
d: div(-121665n, 121666n
|
|
397
|
-
|
|
406
|
+
d: Fp.div(-121665n, 121666n), // -121665n/121666n mod p
|
|
407
|
+
Fp,
|
|
398
408
|
n: 2n ** 252n + 27742317777372353535851937790883648493n,
|
|
399
409
|
h: 8n,
|
|
400
410
|
Gx: 15112221349535400772501151409588531511454012693041857206046113283949847762202n,
|
|
@@ -414,13 +424,12 @@ const ed25519 = twistedEdwards({
|
|
|
414
424
|
`twistedEdwards()` returns `CurveFn` of following type:
|
|
415
425
|
|
|
416
426
|
```ts
|
|
417
|
-
|
|
427
|
+
type CurveFn = {
|
|
418
428
|
CURVE: ReturnType<typeof validateOpts>;
|
|
419
|
-
getPublicKey: (privateKey:
|
|
420
|
-
sign: (message: Hex, privateKey: Hex) => Uint8Array;
|
|
421
|
-
verify: (sig: SigType, message: Hex, publicKey:
|
|
422
|
-
ExtendedPoint:
|
|
423
|
-
Signature: SignatureConstructor;
|
|
429
|
+
getPublicKey: (privateKey: Hex) => Uint8Array;
|
|
430
|
+
sign: (message: Hex, privateKey: Hex, context?: Hex) => Uint8Array;
|
|
431
|
+
verify: (sig: SigType, message: Hex, publicKey: Hex, context?: Hex) => boolean;
|
|
432
|
+
ExtendedPoint: ExtPointConstructor;
|
|
424
433
|
utils: {
|
|
425
434
|
randomPrivateKey: () => Uint8Array;
|
|
426
435
|
getExtendedPublicKey: (key: PrivKey) => {
|
|
@@ -438,22 +447,18 @@ export type CurveFn = {
|
|
|
438
447
|
|
|
439
448
|
The module contains methods for x-only ECDH on Curve25519 / Curve448 from RFC7748. Proper Elliptic Curve Points are not implemented yet.
|
|
440
449
|
|
|
441
|
-
You must specify curve
|
|
450
|
+
You must specify curve params `Fp`, `a`, `Gu` coordinate of u, `montgomeryBits` and `nByteLength`.
|
|
442
451
|
|
|
443
452
|
```typescript
|
|
444
453
|
import { montgomery } from '@noble/curves/abstract/montgomery';
|
|
445
454
|
|
|
446
455
|
const x25519 = montgomery({
|
|
447
|
-
|
|
448
|
-
|
|
456
|
+
Fp: Field(2n ** 255n - 19n),
|
|
457
|
+
a: 486662n,
|
|
458
|
+
Gu: 9n,
|
|
449
459
|
montgomeryBits: 255,
|
|
450
460
|
nByteLength: 32,
|
|
451
|
-
|
|
452
|
-
|
|
453
|
-
// Optional params
|
|
454
|
-
powPminus2: (x: bigint): bigint => {
|
|
455
|
-
return mod.pow(x, P - 2, P);
|
|
456
|
-
},
|
|
461
|
+
// Optional param
|
|
457
462
|
adjustScalarBytes(bytes) {
|
|
458
463
|
bytes[0] &= 248;
|
|
459
464
|
bytes[31] &= 127;
|
|
@@ -467,11 +472,39 @@ const x25519 = montgomery({
|
|
|
467
472
|
|
|
468
473
|
The module allows to hash arbitrary strings to elliptic curve points. Implements [hash-to-curve v11](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11).
|
|
469
474
|
|
|
475
|
+
Every curve has exported `hashToCurve` and `encodeToCurve` methods:
|
|
476
|
+
|
|
477
|
+
```ts
|
|
478
|
+
import { hashToCurve, encodeToCurve } from '@noble/curves/secp256k1';
|
|
479
|
+
import { randomBytes } from '@noble/hashes/utils';
|
|
480
|
+
hashToCurve('0102abcd');
|
|
481
|
+
console.log(hashToCurve(randomBytes()));
|
|
482
|
+
console.log(encodeToCurve(randomBytes()));
|
|
483
|
+
|
|
484
|
+
|
|
485
|
+
import { bls12_381 } from '@noble/curves/bls12-381';
|
|
486
|
+
bls12_381.G1.hashToCurve(randomBytes(), { DST: 'another' });
|
|
487
|
+
bls12_381.G2.hashToCurve(randomBytes(), { DST: 'custom' });
|
|
488
|
+
```
|
|
489
|
+
|
|
490
|
+
If you need low-level methods from spec:
|
|
491
|
+
|
|
470
492
|
`expand_message_xmd` [(spec)](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.4.1) produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
|
|
471
493
|
|
|
472
494
|
```ts
|
|
473
|
-
function expand_message_xmd(
|
|
474
|
-
|
|
495
|
+
function expand_message_xmd(
|
|
496
|
+
msg: Uint8Array,
|
|
497
|
+
DST: Uint8Array,
|
|
498
|
+
lenInBytes: number,
|
|
499
|
+
H: CHash
|
|
500
|
+
): Uint8Array;
|
|
501
|
+
function expand_message_xof(
|
|
502
|
+
msg: Uint8Array,
|
|
503
|
+
DST: Uint8Array,
|
|
504
|
+
lenInBytes: number,
|
|
505
|
+
k: number,
|
|
506
|
+
H: CHash
|
|
507
|
+
): Uint8Array;
|
|
475
508
|
```
|
|
476
509
|
|
|
477
510
|
`hash_to_field(msg, count, options)` [(spec)](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-11#section-5.3)
|
|
@@ -483,22 +516,6 @@ _ Returns `[u_0, ..., u_(count - 1)]`, a list of field elements.
|
|
|
483
516
|
|
|
484
517
|
```ts
|
|
485
518
|
function hash_to_field(msg: Uint8Array, count: number, options: htfOpts): bigint[][];
|
|
486
|
-
type htfOpts = {
|
|
487
|
-
DST: string; // a domain separation tag defined in section 2.2.5
|
|
488
|
-
// p: the characteristic of F
|
|
489
|
-
// where F is a finite field of characteristic p and order q = p^m
|
|
490
|
-
p: bigint;
|
|
491
|
-
// m: the extension degree of F, m >= 1
|
|
492
|
-
// where F is a finite field of characteristic p and order q = p^m
|
|
493
|
-
m: number;
|
|
494
|
-
k: number; // the target security level for the suite in bits defined in section 5.1
|
|
495
|
-
expand?: 'xmd' | 'xof'; // option to use a message that has already been processed by expand_message_xmd
|
|
496
|
-
// Hash functions for: expand_message_xmd is appropriate for use with a
|
|
497
|
-
// wide range of hash functions, including SHA-2, SHA-3, BLAKE2, and others.
|
|
498
|
-
// BBS+ uses blake2: https://github.com/hyperledger/aries-framework-go/issues/2247
|
|
499
|
-
// TODO: verify that hash is shake if expand==='xof' via types
|
|
500
|
-
hash: CHash;
|
|
501
|
-
};
|
|
502
519
|
```
|
|
503
520
|
|
|
504
521
|
### abstract/poseidon: Poseidon hash
|
|
@@ -532,10 +549,6 @@ and others with it.
|
|
|
532
549
|
|
|
533
550
|
### abstract/modular: Modular arithmetics utilities
|
|
534
551
|
|
|
535
|
-
The module also contains useful `hashToPrivateScalar` method which allows to create
|
|
536
|
-
scalars (e.g. private keys) with the modulo bias being neglible. It follows
|
|
537
|
-
FIPS 186 B.4.1. Requires at least 40 bytes of input for 32-byte private key.
|
|
538
|
-
|
|
539
552
|
```ts
|
|
540
553
|
import * as mod from '@noble/curves/abstract/modular';
|
|
541
554
|
const fp = mod.Field(2n ** 255n - 19n); // Finite field over 2^255-19
|
|
@@ -548,9 +561,32 @@ fp.sqrt(21n); // square root
|
|
|
548
561
|
mod.mod(21n, 10n); // 21 mod 10 == 1n; fixed version of 21 % 10
|
|
549
562
|
mod.invert(17n, 10n); // invert(17) mod 10; modular multiplicative inverse
|
|
550
563
|
mod.invertBatch([1n, 2n, 4n], 21n); // => [1n, 11n, 16n] in one inversion
|
|
551
|
-
mod.hashToPrivateScalar(sha512_of_something, secp256r1.n);
|
|
552
564
|
```
|
|
553
565
|
|
|
566
|
+
#### Creating private keys from hashes
|
|
567
|
+
|
|
568
|
+
Suppose you have `sha256(something)` (e.g. from HMAC) and you want to make a private key from it.
|
|
569
|
+
Even though p256 or secp256k1 may have 32-byte private keys,
|
|
570
|
+
and sha256 output is also 32-byte, you can't just use it and reduce it modulo `CURVE.n`.
|
|
571
|
+
|
|
572
|
+
Doing so will make the result key [biased](https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/).
|
|
573
|
+
|
|
574
|
+
To avoid the bias, we implement FIPS 186 B.4.1, which allows to take arbitrary
|
|
575
|
+
byte array and produce valid scalars / private keys with bias being neglible.
|
|
576
|
+
|
|
577
|
+
Use [hash-to-curve](#abstracthash-to-curve-hashing-strings-to-curve-points) if you need
|
|
578
|
+
hashing to **public keys**; the function in the module instead operates on **private keys**.
|
|
579
|
+
|
|
580
|
+
```ts
|
|
581
|
+
import { p256 } from '@noble/curves/p256';
|
|
582
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
583
|
+
import { hkdf } from '@noble/hashes/hkdf';
|
|
584
|
+
const someKey = new Uint8Array(32).fill(2); // Needs to actually be random, not .fill(2)
|
|
585
|
+
const derived = hkdf(sha256, someKey, undefined, 'application', 40); // 40 bytes
|
|
586
|
+
const validPrivateKey = mod.hashToPrivateScalar(derived, p256.CURVE.n);
|
|
587
|
+
```
|
|
588
|
+
|
|
589
|
+
|
|
554
590
|
### abstract/utils: General utilities
|
|
555
591
|
|
|
556
592
|
```ts
|
|
@@ -561,8 +597,8 @@ utils.hexToBytes('deadbeef');
|
|
|
561
597
|
utils.hexToNumber();
|
|
562
598
|
utils.bytesToNumberBE(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]));
|
|
563
599
|
utils.bytesToNumberLE(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]));
|
|
564
|
-
utils.numberToBytesBE(123n);
|
|
565
|
-
utils.numberToBytesLE(123n);
|
|
600
|
+
utils.numberToBytesBE(123n, 32);
|
|
601
|
+
utils.numberToBytesLE(123n, 64);
|
|
566
602
|
utils.numberToHexUnpadded(123n);
|
|
567
603
|
utils.concatBytes(Uint8Array.from([0xde, 0xad]), Uint8Array.from([0xbe, 0xef]));
|
|
568
604
|
utils.nLength(255n);
|
|
@@ -571,7 +607,7 @@ utils.equalBytes(Uint8Array.from([0xde]), Uint8Array.from([0xde]));
|
|
|
571
607
|
|
|
572
608
|
## Security
|
|
573
609
|
|
|
574
|
-
The library had no prior security audit.
|
|
610
|
+
The library had no prior security audit. The library has been fuzzed by [Guido Vranken's cryptofuzz](https://github.com/guidovranken/cryptofuzz): you can run the fuzzer by yourself to check it.
|
|
575
611
|
|
|
576
612
|
[Timing attack](https://en.wikipedia.org/wiki/Timing_attack) considerations: we are using non-CT bigints. However, _JIT-compiler_ and _Garbage Collector_ make "constant time" extremely hard to achieve in a scripting language. Which means _any other JS library can't have constant-timeness_. Even statically typed Rust, a language without GC, [makes it harder to achieve constant-time](https://www.chosenplaintext.ca/open-source/rust-timing-shield/security) for some cases. If your goal is absolute security, don't use any JS lib — including bindings to native ones. Use low-level libraries & languages. Nonetheless we're targetting algorithmic constant time.
|
|
577
613
|
|
|
@@ -635,6 +671,14 @@ pedersen x 884 ops/sec @ 1ms/op
|
|
|
635
671
|
poseidon x 8,598 ops/sec @ 116μs/op
|
|
636
672
|
verify x 528 ops/sec @ 1ms/op
|
|
637
673
|
|
|
674
|
+
ecdh
|
|
675
|
+
├─x25519 x 1,337 ops/sec @ 747μs/op
|
|
676
|
+
├─secp256k1 x 461 ops/sec @ 2ms/op
|
|
677
|
+
├─P256 x 441 ops/sec @ 2ms/op
|
|
678
|
+
├─P384 x 179 ops/sec @ 5ms/op
|
|
679
|
+
├─P521 x 93 ops/sec @ 10ms/op
|
|
680
|
+
└─x448 x 496 ops/sec @ 2ms/op
|
|
681
|
+
|
|
638
682
|
bls12-381
|
|
639
683
|
init x 32 ops/sec @ 30ms/op
|
|
640
684
|
getPublicKey 1-bit x 858 ops/sec @ 1ms/op
|
|
@@ -650,15 +694,16 @@ aggregateSignatures/32 x 11 ops/sec @ 84ms/op
|
|
|
650
694
|
aggregateSignatures/128 x 3 ops/sec @ 332ms/opp
|
|
651
695
|
```
|
|
652
696
|
|
|
653
|
-
##
|
|
697
|
+
## Resources
|
|
654
698
|
|
|
655
|
-
Elliptic curve calculator: [paulmillr.com/ecc](https://paulmillr.com/ecc)
|
|
699
|
+
Article about some of library's features: [Learning fast elliptic-curve cryptography](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/). Elliptic curve calculator: [paulmillr.com/ecc](https://paulmillr.com/ecc)
|
|
656
700
|
|
|
657
701
|
- secp256k1
|
|
658
702
|
- [btc-signer](https://github.com/paulmillr/micro-btc-signer), [eth-signer](https://github.com/paulmillr/micro-eth-signer)
|
|
659
703
|
- ed25519
|
|
660
704
|
- [sol-signer](https://github.com/paulmillr/micro-sol-signer)
|
|
661
705
|
- BLS12-381
|
|
706
|
+
- Check out `bls12-381.ts` for articles about the curve
|
|
662
707
|
- Threshold sigs demo [genthresh.com](https://genthresh.com)
|
|
663
708
|
- BBS signatures [github.com/Wind4Greg/BBS-Draft-Checks](https://github.com/Wind4Greg/BBS-Draft-Checks) following [draft-irtf-cfrg-bbs-signatures-latest](https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html)
|
|
664
709
|
|
package/_shortw_utils.d.ts
CHANGED
|
@@ -53,7 +53,6 @@ export declare function createCurve(curveDef: CurveDef, defHash: CHash): Readonl
|
|
|
53
53
|
utils: {
|
|
54
54
|
normPrivateKeyToScalar: (key: import("./abstract/utils.js").PrivKey) => bigint;
|
|
55
55
|
isValidPrivateKey(privateKey: import("./abstract/utils.js").PrivKey): boolean;
|
|
56
|
-
hashToPrivateKey: (hash: import("./abstract/utils.js").Hex) => Uint8Array;
|
|
57
56
|
randomPrivateKey: () => Uint8Array;
|
|
58
57
|
precompute: (windowSize?: number | undefined, point?: import("./abstract/weierstrass.js").ProjPointType<bigint> | undefined) => import("./abstract/weierstrass.js").ProjPointType<bigint>;
|
|
59
58
|
};
|
package/_shortw_utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"_shortw_utils.d.ts","sourceRoot":"","sources":["src/_shortw_utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAe,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAe,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAG5C,wBAAgB,OAAO,CAAC,IAAI,EAAE,KAAK;;gBAGnB,UAAU,WAAW,UAAU,EAAE;;EAGhD;AAED,aAAK,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC;AAC3E,wBAAgB,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK;mBACtC,KAAK
|
|
1
|
+
{"version":3,"file":"_shortw_utils.d.ts","sourceRoot":"","sources":["src/_shortw_utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAe,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAe,SAAS,EAAE,MAAM,2BAA2B,CAAC;AACnE,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAG5C,wBAAgB,OAAO,CAAC,IAAI,EAAE,KAAK;;gBAGnB,UAAU,WAAW,UAAU,EAAE;;EAGhD;AAED,aAAK,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC;AAC3E,wBAAgB,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK;mBACtC,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAE5B"}
|
package/abstract/bls.js
CHANGED
|
@@ -132,7 +132,7 @@ function bls(CURVE) {
|
|
|
132
132
|
function sign(message, privateKey, htfOpts) {
|
|
133
133
|
const msgPoint = normP2Hash(message, htfOpts);
|
|
134
134
|
msgPoint.assertValidity();
|
|
135
|
-
const sigPoint = msgPoint.multiply(G1.
|
|
135
|
+
const sigPoint = msgPoint.multiply(G1.normPrivateKeyToScalar(privateKey));
|
|
136
136
|
if (message instanceof G2.ProjectivePoint)
|
|
137
137
|
return sigPoint;
|
|
138
138
|
return Signature.encode(sigPoint);
|
package/abstract/bls.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bls.js","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":";;;AAcA,6CAA0D;AAC1D,yCAA8E;AAC9E,0CAA0C;AAC1C,qDAK0B;AAiF1B,SAAgB,GAAG,CACjB,KAAoC;IAEpC,oFAAoF;IACpF,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;IACzC,MAAM,SAAS,GAAG,IAAA,iBAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,qCAAqC;IAE1D,qDAAqD;IACrD,0EAA0E;IAC1E,SAAS,sBAAsB,CAAC,CAAmB;QACjD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QACnB,kBAAkB;QAClB,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC;QACnC,kBAAkB;QAClB,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;QAC9B,IAAI,SAAS,GAAsB,EAAE,CAAC;QACtC,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE;YACvC,SAAS;YACT,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM;YAC5B,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM;YAC5B,IAAI,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa;YACxD,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS;YACnC,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB;YACpF,SAAS,CAAC,IAAI,CAAC;gBACb,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC;gBACf,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxB,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,MAAM;aACpB,CAAC,CAAC;YACH,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,4BAA4B;YACzF,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,6BAA6B;YAC5G,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;YAChC,IAAI,IAAA,iBAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;gBACtB,WAAW;gBACX,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe;gBACtD,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe;gBACtD,SAAS,CAAC,IAAI,CAAC;oBACb,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;oBACzC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACX,EAAE,EAAE,KAAK;iBACV,CAAC,CAAC;gBACH,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM;gBAC5B,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;gBACpC,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;gBACpC,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yBAAyB;gBACnG,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;gBAChC,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;gBACxF,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;aACjC;SACF;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,SAAS,UAAU,CAAC,GAAsB,EAAE,EAAY;QACtD,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;QACpB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACjB,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;YACnD,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACjB,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAC1E,IAAI,IAAA,iBAAM,EAAC,CAAC,EAAE,CAAC,CAAC,EAAE;gBAChB,CAAC,IAAI,CAAC,CAAC;gBACP,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;gBACjB,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;aAC3E;YACD,IAAI,CAAC,KAAK,CAAC;gBAAE,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;SAClC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,gBAAgB,EAAE,GAAe,EAAE;YACjC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAA,gCAAmB,EAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,CAAC;KACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,GAAG,GAAG,IAAA,kCAAiB,EAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CACtB,GAAG,EACH,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE;QACzD,GAAG,KAAK,CAAC,WAAW;QACpB,GAAG,KAAK,CAAC,EAAE,CAAC,WAAW;KACxB,CAAC,CACH,CAAC;IAKF,SAAS,kBAAkB,CAAC,KAAS;QACnC,MAAM,CAAC,GAAG,KAAoC,CAAC;QAC/C,IAAI,CAAC,CAAC,aAAa;YAAE,OAAO,CAAC,CAAC,aAAa,CAAC;QAC5C,CAAC,CAAC,aAAa,GAAG,sBAAsB,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,CAAC,aAAa,CAAC;IACzB,CAAC;IAED,eAAe;IACf,gDAAgD;IAChD,oDAAoD;IACpD,iCAAiC;IACjC,IAAI;IAEJ,8DAA8D;IAC9D,MAAM,GAAG,GAAG,IAAA,kCAAiB,EAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CACtB,GAAG,EACH,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAA+C,EAAE,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE;QACzF,GAAG,KAAK,CAAC,WAAW;QACpB,GAAG,KAAK,CAAC,EAAE,CAAC,WAAW;KACxB,CAAC,CACH,CAAC;IAEF,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;IAE/B,8BAA8B;IAC9B,SAAS,OAAO,CAAC,CAAK,EAAE,CAAK,EAAE,oBAA6B,IAAI;QAC9D,IAAI,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC,CAAC,cAAc,EAAE,CAAC;QACnB,CAAC,CAAC,cAAc,EAAE,CAAC;QACnB,qDAAqD;QACrD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,OAAO,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACrE,CAAC;IAMD,SAAS,MAAM,CAAC,KAAY;QAC1B,OAAO,KAAK,YAAY,EAAE,CAAC,eAAe,CAAC,CAAC,CAAE,KAAY,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACjG,CAAC;IACD,SAAS,MAAM,CAAC,KAAY;QAC1B,OAAO,KAAK,YAAY,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/E,CAAC;IACD,SAAS,UAAU,CAAC,KAAY,EAAE,OAA0B;QAC1D,OAAO,KAAK,YAAY,EAAE,CAAC,eAAe;YACxC,CAAC,CAAC,KAAK;YACP,CAAC,CAAE,EAAE,CAAC,WAAW,CAAC,IAAA,sBAAW,EAAC,OAAO,EAAE,KAAK,CAAC,EAAE,OAAO,CAAQ,CAAC;IACnE,CAAC;IAED,uCAAuC;IACvC,aAAa;IACb,SAAS,YAAY,CAAC,UAAmB;QACvC,OAAO,EAAE,CAAC,eAAe,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACxE,CAAC;IAMD,SAAS,IAAI,CAAC,OAAc,EAAE,UAAmB,EAAE,OAA0B;QAC3E,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9C,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC;QACvE,IAAI,OAAO,YAAY,EAAE,CAAC,eAAe;YAAE,OAAO,QAAQ,CAAC;QAC3D,OAAO,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,uFAAuF;IACvF,wBAAwB;IACxB,SAAS,MAAM,CACb,SAAgB,EAChB,OAAc,EACd,SAAgB,EAChB,OAA0B;QAE1B,MAAM,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5B,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;QAClC,MAAM,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5B,wEAAwE;QACxE,6CAA6C;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAMD,SAAS,mBAAmB,CAAC,UAAmB;QAC9C,IAAI,CAAC,UAAU,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3F,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,cAAc;QACrC,IAAI,UAAU,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,eAAe,EAAE;YAC/C,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;SAClB;QACD,oCAAoC;QACpC,OAAO,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAKD,SAAS,mBAAmB,CAAC,UAAmB;QAC9C,IAAI,CAAC,UAAU,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3F,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,cAAc;QACrC,IAAI,UAAU,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,eAAe,EAAE;YAC/C,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;SAClB;QACD,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED,2EAA2E;IAC3E,gDAAgD;IAChD,SAAS,WAAW,CAClB,SAAgB,EAChB,QAAiB,EACjB,UAAmB,EACnB,OAA0B;QAE1B,aAAa;QACb,kGAAkG;QAElG,IAAI,CAAC,QAAQ,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC3E,IAAI,UAAU,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;YACvC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9B,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI;YACF,MAAM,MAAM,GAAG,EAAE,CAAC;YAClB,KAAK,MAAM,OAAO,IAAI,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE;gBACxC,MAAM,cAAc,GAAG,SAAS,CAAC,MAAM,CACrC,CAAC,cAAc,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,CAChC,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,EAC9E,EAAE,CAAC,eAAe,CAAC,IAAI,CACxB,CAAC;gBACF,yFAAyF;gBACzF,4EAA4E;gBAC5E,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;aACtD;YACD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YACnE,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAClE,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;SAChC;QAAC,MAAM;YACN,OAAO,KAAK,CAAC;SACd;IACH,CAAC;IAED,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IAE1C,OAAO;QACL,KAAK;QACL,EAAE;QACF,EAAE;QACF,GAAG;QACH,GAAG;QACH,IAAI;QACJ,EAAE;QACF,EAAE;QACF,SAAS;QACT,UAAU;QACV,sBAAsB;QACtB,OAAO;QACP,YAAY;QACZ,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,mBAAmB;QACnB,WAAW;QACX,KAAK;KACN,CAAC;AACJ,CAAC;AAhRD,kBAgRC"}
|
|
1
|
+
{"version":3,"file":"bls.js","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":";;;AAcA,6CAA0D;AAC1D,yCAA8E;AAC9E,0CAA0C;AAC1C,qDAK0B;AAiF1B,SAAgB,GAAG,CACjB,KAAoC;IAEpC,oFAAoF;IACpF,MAAM,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,KAAK,CAAC;IACzC,MAAM,SAAS,GAAG,IAAA,iBAAM,EAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,MAAM,QAAQ,GAAG,EAAE,CAAC,CAAC,qCAAqC;IAE1D,qDAAqD;IACrD,0EAA0E;IAC1E,SAAS,sBAAsB,CAAC,CAAmB;QACjD,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;QACnB,kBAAkB;QAClB,MAAM,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC;QACnC,kBAAkB;QAClB,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC;QAC9B,IAAI,SAAS,GAAsB,EAAE,CAAC;QACtC,KAAK,IAAI,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE;YACvC,SAAS;YACT,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM;YAC5B,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM;YAC5B,IAAI,EAAE,GAAG,GAAG,CAAC,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,aAAa;YACxD,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS;YACnC,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,uBAAuB;YACpF,SAAS,CAAC,IAAI,CAAC;gBACb,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC;gBACf,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxB,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,MAAM;aACpB,CAAC,CAAC;YACH,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,4BAA4B;YACzF,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,6BAA6B;YAC5G,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;YAChC,IAAI,IAAA,iBAAM,EAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE;gBACtB,WAAW;gBACX,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe;gBACtD,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,eAAe;gBACtD,SAAS,CAAC,IAAI,CAAC;oBACb,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;oBACzC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC;oBACX,EAAE,EAAE,KAAK;iBACV,CAAC,CAAC;gBACH,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,MAAM;gBAC5B,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;gBACpC,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;gBACpC,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yBAAyB;gBACnG,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;gBAChC,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,2BAA2B;gBACxF,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;aACjC;SACF;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,SAAS,UAAU,CAAC,GAAsB,EAAE,EAAY;QACtD,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;QACpB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACjB,IAAI,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE;YACnD,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;YACjB,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;YAC1E,IAAI,IAAA,iBAAM,EAAC,CAAC,EAAE,CAAC,CAAC,EAAE;gBAChB,CAAC,IAAI,CAAC,CAAC;gBACP,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;gBACjB,GAAG,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;aAC3E;YACD,IAAI,CAAC,KAAK,CAAC;gBAAE,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;SAClC;QACD,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC;IAED,MAAM,KAAK,GAAG;QACZ,gBAAgB,EAAE,GAAe,EAAE;YACjC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAA,gCAAmB,EAAC,KAAK,CAAC,WAAW,CAAC,QAAQ,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACnF,CAAC;KACF,CAAC;IAEF,4BAA4B;IAC5B,MAAM,GAAG,GAAG,IAAA,kCAAiB,EAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CACtB,GAAG,EACH,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE;QACzD,GAAG,KAAK,CAAC,WAAW;QACpB,GAAG,KAAK,CAAC,EAAE,CAAC,WAAW;KACxB,CAAC,CACH,CAAC;IAKF,SAAS,kBAAkB,CAAC,KAAS;QACnC,MAAM,CAAC,GAAG,KAAoC,CAAC;QAC/C,IAAI,CAAC,CAAC,aAAa;YAAE,OAAO,CAAC,CAAC,aAAa,CAAC;QAC5C,CAAC,CAAC,aAAa,GAAG,sBAAsB,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC3D,OAAO,CAAC,CAAC,aAAa,CAAC;IACzB,CAAC;IAED,eAAe;IACf,gDAAgD;IAChD,oDAAoD;IACpD,iCAAiC;IACjC,IAAI;IAEJ,8DAA8D;IAC9D,MAAM,GAAG,GAAG,IAAA,kCAAiB,EAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;IAC5D,MAAM,EAAE,GAAG,MAAM,CAAC,MAAM,CACtB,GAAG,EACH,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAA+C,EAAE,KAAK,CAAC,EAAE,CAAC,UAAU,EAAE;QACzF,GAAG,KAAK,CAAC,WAAW;QACpB,GAAG,KAAK,CAAC,EAAE,CAAC,WAAW;KACxB,CAAC,CACH,CAAC;IAEF,MAAM,EAAE,SAAS,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC;IAE/B,8BAA8B;IAC9B,SAAS,OAAO,CAAC,CAAK,EAAE,CAAK,EAAE,oBAA6B,IAAI;QAC9D,IAAI,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC,CAAC,cAAc,EAAE,CAAC;QACnB,CAAC,CAAC,cAAc,EAAE,CAAC;QACnB,qDAAqD;QACrD,MAAM,EAAE,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC;QACxB,MAAM,MAAM,GAAG,UAAU,CAAC,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAC/D,OAAO,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACrE,CAAC;IAMD,SAAS,MAAM,CAAC,KAAY;QAC1B,OAAO,KAAK,YAAY,EAAE,CAAC,eAAe,CAAC,CAAC,CAAE,KAAY,CAAC,CAAC,CAAC,EAAE,CAAC,eAAe,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IACjG,CAAC;IACD,SAAS,MAAM,CAAC,KAAY;QAC1B,OAAO,KAAK,YAAY,EAAE,CAAC,eAAe,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAC/E,CAAC;IACD,SAAS,UAAU,CAAC,KAAY,EAAE,OAA0B;QAC1D,OAAO,KAAK,YAAY,EAAE,CAAC,eAAe;YACxC,CAAC,CAAC,KAAK;YACP,CAAC,CAAE,EAAE,CAAC,WAAW,CAAC,IAAA,sBAAW,EAAC,OAAO,EAAE,KAAK,CAAC,EAAE,OAAO,CAAQ,CAAC;IACnE,CAAC;IAED,uCAAuC;IACvC,aAAa;IACb,SAAS,YAAY,CAAC,UAAmB;QACvC,OAAO,EAAE,CAAC,eAAe,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACxE,CAAC;IAMD,SAAS,IAAI,CAAC,OAAc,EAAE,UAAmB,EAAE,OAA0B;QAC3E,MAAM,QAAQ,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC9C,QAAQ,CAAC,cAAc,EAAE,CAAC;QAC1B,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,sBAAsB,CAAC,UAAU,CAAC,CAAC,CAAC;QAC1E,IAAI,OAAO,YAAY,EAAE,CAAC,eAAe;YAAE,OAAO,QAAQ,CAAC;QAC3D,OAAO,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACpC,CAAC;IAED,uFAAuF;IACvF,wBAAwB;IACxB,SAAS,MAAM,CACb,SAAgB,EAChB,OAAc,EACd,SAAgB,EAChB,OAA0B;QAE1B,MAAM,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5B,MAAM,EAAE,GAAG,UAAU,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACxC,MAAM,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC;QAClC,MAAM,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC5B,wEAAwE;QACxE,6CAA6C;QAC7C,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,EAAE,EAAE,KAAK,CAAC,CAAC;QAC5C,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,KAAK,CAAC,CAAC;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QACxD,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;IACjC,CAAC;IAMD,SAAS,mBAAmB,CAAC,UAAmB;QAC9C,IAAI,CAAC,UAAU,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3F,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,cAAc;QACrC,IAAI,UAAU,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,eAAe,EAAE;YAC/C,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;SAClB;QACD,oCAAoC;QACpC,OAAO,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACpC,CAAC;IAKD,SAAS,mBAAmB,CAAC,UAAmB;QAC9C,IAAI,CAAC,UAAU,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QACpE,MAAM,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;QAC3F,MAAM,SAAS,GAAG,GAAG,CAAC,CAAC,cAAc;QACrC,IAAI,UAAU,CAAC,CAAC,CAAC,YAAY,EAAE,CAAC,eAAe,EAAE;YAC/C,SAAS,CAAC,cAAc,EAAE,CAAC;YAC3B,OAAO,SAAS,CAAC;SAClB;QACD,OAAO,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,CAAC;IAED,2EAA2E;IAC3E,gDAAgD;IAChD,SAAS,WAAW,CAClB,SAAgB,EAChB,QAAiB,EACjB,UAAmB,EACnB,OAA0B;QAE1B,aAAa;QACb,kGAAkG;QAElG,IAAI,CAAC,QAAQ,CAAC,MAAM;YAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QAC3E,IAAI,UAAU,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;YACvC,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;QAC9B,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC3C,IAAI;YACF,MAAM,MAAM,GAAG,EAAE,CAAC;YAClB,KAAK,MAAM,OAAO,IAAI,IAAI,GAAG,CAAC,SAAS,CAAC,EAAE;gBACxC,MAAM,cAAc,GAAG,SAAS,CAAC,MAAM,CACrC,CAAC,cAAc,EAAE,UAAU,EAAE,CAAC,EAAE,EAAE,CAChC,UAAU,KAAK,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,cAAc,EAC9E,EAAE,CAAC,eAAe,CAAC,IAAI,CACxB,CAAC;gBACF,yFAAyF;gBACzF,4EAA4E;gBAC5E,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,cAAc,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC;aACtD;YACD,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;YACnE,MAAM,OAAO,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAClE,MAAM,GAAG,GAAG,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC5C,OAAO,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;SAChC;QAAC,MAAM;YACN,OAAO,KAAK,CAAC;SACd;IACH,CAAC;IAED,EAAE,CAAC,eAAe,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;IAE1C,OAAO;QACL,KAAK;QACL,EAAE;QACF,EAAE;QACF,GAAG;QACH,GAAG;QACH,IAAI;QACJ,EAAE;QACF,EAAE;QACF,SAAS;QACT,UAAU;QACV,sBAAsB;QACtB,OAAO;QACP,YAAY;QACZ,IAAI;QACJ,MAAM;QACN,mBAAmB;QACnB,mBAAmB;QACnB,WAAW;QACX,KAAK;KACN,CAAC;AACJ,CAAC;AAhRD,kBAgRC"}
|
package/abstract/montgomery.d.ts
CHANGED
|
@@ -4,18 +4,22 @@ export declare type CurveType = {
|
|
|
4
4
|
nByteLength: number;
|
|
5
5
|
adjustScalarBytes?: (bytes: Uint8Array) => Uint8Array;
|
|
6
6
|
domain?: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => Uint8Array;
|
|
7
|
-
|
|
7
|
+
a: bigint;
|
|
8
8
|
montgomeryBits: number;
|
|
9
9
|
powPminus2?: (x: bigint) => bigint;
|
|
10
10
|
xyToU?: (x: bigint, y: bigint) => bigint;
|
|
11
|
-
Gu:
|
|
11
|
+
Gu: bigint;
|
|
12
|
+
randomBytes?: (bytesLength?: number) => Uint8Array;
|
|
12
13
|
};
|
|
13
14
|
export declare type CurveFn = {
|
|
14
15
|
scalarMult: (scalar: Hex, u: Hex) => Uint8Array;
|
|
15
16
|
scalarMultBase: (scalar: Hex) => Uint8Array;
|
|
16
17
|
getSharedSecret: (privateKeyA: Hex, publicKeyB: Hex) => Uint8Array;
|
|
17
18
|
getPublicKey: (privateKey: Hex) => Uint8Array;
|
|
18
|
-
|
|
19
|
+
utils: {
|
|
20
|
+
randomPrivateKey: () => Uint8Array;
|
|
21
|
+
};
|
|
22
|
+
GuBytes: Uint8Array;
|
|
19
23
|
};
|
|
20
24
|
export declare function montgomery(curveDef: CurveType): CurveFn;
|
|
21
25
|
export {};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"montgomery.d.ts","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":"AAMA,aAAK,GAAG,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/B,oBAAY,SAAS,GAAG;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,CAAC;IACtD,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,KAAK,UAAU,CAAC;IAC5E,
|
|
1
|
+
{"version":3,"file":"montgomery.d.ts","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":"AAMA,aAAK,GAAG,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/B,oBAAY,SAAS,GAAG;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,WAAW,EAAE,MAAM,CAAC;IACpB,iBAAiB,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,CAAC;IACtD,MAAM,CAAC,EAAE,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,MAAM,EAAE,OAAO,KAAK,UAAU,CAAC;IAC5E,CAAC,EAAE,MAAM,CAAC;IACV,cAAc,EAAE,MAAM,CAAC;IACvB,UAAU,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IACnC,KAAK,CAAC,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IACzC,EAAE,EAAE,MAAM,CAAC;IACX,WAAW,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;CACpD,CAAC;AACF,oBAAY,OAAO,GAAG;IACpB,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK,UAAU,CAAC;IAChD,cAAc,EAAE,CAAC,MAAM,EAAE,GAAG,KAAK,UAAU,CAAC;IAC5C,eAAe,EAAE,CAAC,WAAW,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,KAAK,UAAU,CAAC;IACnE,YAAY,EAAE,CAAC,UAAU,EAAE,GAAG,KAAK,UAAU,CAAC;IAC9C,KAAK,EAAE;QAAE,gBAAgB,EAAE,MAAM,UAAU,CAAA;KAAE,CAAC;IAC9C,OAAO,EAAE,UAAU,CAAC;CACrB,CAAC;AAuBF,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,GAAG,OAAO,CA0IvD"}
|
package/abstract/montgomery.js
CHANGED
|
@@ -8,14 +8,14 @@ const _0n = BigInt(0);
|
|
|
8
8
|
const _1n = BigInt(1);
|
|
9
9
|
function validateOpts(curve) {
|
|
10
10
|
(0, utils_js_1.validateObject)(curve, {
|
|
11
|
-
|
|
11
|
+
a: 'bigint',
|
|
12
12
|
}, {
|
|
13
13
|
montgomeryBits: 'isSafeInteger',
|
|
14
14
|
nByteLength: 'isSafeInteger',
|
|
15
15
|
adjustScalarBytes: 'function',
|
|
16
16
|
domain: 'function',
|
|
17
17
|
powPminus2: 'function',
|
|
18
|
-
Gu: '
|
|
18
|
+
Gu: 'bigint',
|
|
19
19
|
});
|
|
20
20
|
// Set defaults
|
|
21
21
|
return Object.freeze({ ...curve });
|
|
@@ -25,7 +25,7 @@ function validateOpts(curve) {
|
|
|
25
25
|
function montgomery(curveDef) {
|
|
26
26
|
const CURVE = validateOpts(curveDef);
|
|
27
27
|
const { P } = CURVE;
|
|
28
|
-
const modP = (
|
|
28
|
+
const modP = (n) => (0, modular_js_1.mod)(n, P);
|
|
29
29
|
const montgomeryBits = CURVE.montgomeryBits;
|
|
30
30
|
const montgomeryBytes = Math.ceil(montgomeryBits / 8);
|
|
31
31
|
const fieldLen = CURVE.nByteLength;
|
|
@@ -47,12 +47,15 @@ function montgomery(curveDef) {
|
|
|
47
47
|
x_3 = modP(x_3 + dummy);
|
|
48
48
|
return [x_2, x_3];
|
|
49
49
|
}
|
|
50
|
+
// Accepts 0 as well
|
|
50
51
|
function assertFieldElement(n) {
|
|
51
52
|
if (typeof n === 'bigint' && _0n <= n && n < P)
|
|
52
53
|
return n;
|
|
53
54
|
throw new Error('Expected valid scalar 0 < scalar < CURVE.P');
|
|
54
55
|
}
|
|
55
56
|
// x25519 from 4
|
|
57
|
+
// The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519
|
|
58
|
+
const a24 = (CURVE.a - BigInt(2)) / BigInt(4);
|
|
56
59
|
/**
|
|
57
60
|
*
|
|
58
61
|
* @param pointU u coordinate (x) on Montgomery Curve 25519
|
|
@@ -64,8 +67,6 @@ function montgomery(curveDef) {
|
|
|
64
67
|
// Section 5: Implementations MUST accept non-canonical values and process them as
|
|
65
68
|
// if they had been reduced modulo the field prime.
|
|
66
69
|
const k = assertFieldElement(scalar);
|
|
67
|
-
// The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519
|
|
68
|
-
const a24 = CURVE.a24;
|
|
69
70
|
const x_1 = u;
|
|
70
71
|
let x_2 = _1n;
|
|
71
72
|
let z_2 = _0n;
|
|
@@ -143,15 +144,17 @@ function montgomery(curveDef) {
|
|
|
143
144
|
return encodeUCoordinate(pu);
|
|
144
145
|
}
|
|
145
146
|
// Computes public key from private. By doing scalar multiplication of base point.
|
|
147
|
+
const GuBytes = encodeUCoordinate(CURVE.Gu);
|
|
146
148
|
function scalarMultBase(scalar) {
|
|
147
|
-
return scalarMult(scalar,
|
|
149
|
+
return scalarMult(scalar, GuBytes);
|
|
148
150
|
}
|
|
149
151
|
return {
|
|
150
152
|
scalarMult,
|
|
151
153
|
scalarMultBase,
|
|
152
154
|
getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),
|
|
153
155
|
getPublicKey: (privateKey) => scalarMultBase(privateKey),
|
|
154
|
-
|
|
156
|
+
utils: { randomPrivateKey: () => CURVE.randomBytes(CURVE.nByteLength) },
|
|
157
|
+
GuBytes: GuBytes,
|
|
155
158
|
};
|
|
156
159
|
}
|
|
157
160
|
exports.montgomery = montgomery;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,6CAAwC;AACxC,yCAA2F;AAE3F,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,6CAAwC;AACxC,yCAA2F;AAE3F,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAwBtB,SAAS,YAAY,CAAC,KAAgB;IACpC,IAAA,yBAAc,EACZ,KAAK,EACL;QACE,CAAC,EAAE,QAAQ;KACZ,EACD;QACE,cAAc,EAAE,eAAe;QAC/B,WAAW,EAAE,eAAe;QAC5B,iBAAiB,EAAE,UAAU;QAC7B,MAAM,EAAE,UAAU;QAClB,UAAU,EAAE,UAAU;QACtB,EAAE,EAAE,QAAQ;KACb,CACF,CAAC;IACF,eAAe;IACf,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAW,CAAC,CAAC;AAC9C,CAAC;AAED,4IAA4I;AAC5I,0CAA0C;AAC1C,SAAgB,UAAU,CAAC,QAAmB;IAC5C,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;IACpB,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;IAC5C,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,GAAG,CAAC,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAG,KAAK,CAAC,WAAW,CAAC;IACnC,MAAM,iBAAiB,GAAG,KAAK,CAAC,iBAAiB,IAAI,CAAC,CAAC,KAAiB,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;IACpF,MAAM,UAAU,GAAG,KAAK,CAAC,UAAU,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAEjF,kDAAkD;IAClD;;;;;;;;MAQE;IACF,SAAS,KAAK,CAAC,IAAY,EAAE,GAAW,EAAE,GAAW;QACnD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QACvC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpB,CAAC;IAED,oBAAoB;IACpB,SAAS,kBAAkB,CAAC,CAAS;QACnC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC;YAAE,OAAO,CAAC,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,gBAAgB;IAChB,sEAAsE;IACtE,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAC9C;;;;;OAKG;IACH,SAAS,gBAAgB,CAAC,MAAc,EAAE,MAAc;QACtD,MAAM,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACrC,kFAAkF;QAClF,mDAAmD;QACnD,MAAM,CAAC,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,GAAG,GAAG,CAAC,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,IAAI,GAAG,GAAG,CAAC;QACf,IAAI,EAAoB,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE;YACtD,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;YAC3B,IAAI,IAAI,GAAG,CAAC;YACZ,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;YAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;YACZ,IAAI,GAAG,GAAG,CAAC;YAEX,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC;YACtC,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACpB,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;SACtC;QACD,qCAAqC;QACrC,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,qCAAqC;QACrC,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3B,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC;QACZ,cAAc;QACd,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;QAC3B,6BAA6B;QAC7B,OAAO,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC;IACxB,CAAC;IAED,SAAS,iBAAiB,CAAC,CAAS;QAClC,OAAO,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC;IACnD,CAAC;IAED,SAAS,iBAAiB,CAAC,IAAS;QAClC,qEAAqE;QACrE,wDAAwD;QACxD,6GAA6G;QAC7G,0DAA0D;QAC1D,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,cAAc,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC;QAC7D,wEAAwE;QACxE,IAAI,QAAQ,KAAK,eAAe;YAAE,CAAC,CAAC,QAAQ,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;QACxE,OAAO,IAAA,0BAAe,EAAC,CAAC,CAAC,CAAC;IAC5B,CAAC;IACD,SAAS,YAAY,CAAC,CAAM;QAC1B,MAAM,KAAK,GAAG,IAAA,sBAAW,EAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QACvC,IAAI,KAAK,CAAC,MAAM,KAAK,eAAe,IAAI,KAAK,CAAC,MAAM,KAAK,QAAQ;YAC/D,MAAM,IAAI,KAAK,CAAC,YAAY,eAAe,OAAO,QAAQ,eAAe,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3F,OAAO,IAAA,0BAAe,EAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC,CAAC;IACnD,CAAC;IACD,SAAS,UAAU,CAAC,MAAW,EAAE,CAAM;QACrC,MAAM,MAAM,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC;QACpC,MAAM,OAAO,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;QACrC,MAAM,EAAE,GAAG,gBAAgB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAC7C,kCAAkC;QAClC,sCAAsC;QACtC,IAAI,EAAE,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC1E,OAAO,iBAAiB,CAAC,EAAE,CAAC,CAAC;IAC/B,CAAC;IACD,kFAAkF;IAClF,MAAM,OAAO,GAAG,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC5C,SAAS,cAAc,CAAC,MAAW;QACjC,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,OAAO;QACL,UAAU;QACV,cAAc;QACd,eAAe,EAAE,CAAC,UAAe,EAAE,SAAc,EAAE,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,SAAS,CAAC;QACvF,YAAY,EAAE,CAAC,UAAe,EAAc,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;QACzE,KAAK,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,WAAY,CAAC,KAAK,CAAC,WAAW,CAAC,EAAE;QACxE,OAAO,EAAE,OAAO;KACjB,CAAC;AACJ,CAAC;AA1ID,gCA0IC"}
|
|
@@ -83,13 +83,13 @@ export declare type CurvePointsType<T> = BasicWCurve<T> & {
|
|
|
83
83
|
};
|
|
84
84
|
export declare type CurvePointsRes<T> = {
|
|
85
85
|
ProjectivePoint: ProjConstructor<T>;
|
|
86
|
-
|
|
86
|
+
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
87
87
|
weierstrassEquation: (x: T) => T;
|
|
88
88
|
isWithinCurveOrder: (num: bigint) => boolean;
|
|
89
89
|
};
|
|
90
90
|
export declare function weierstrassPoints<T>(opts: CurvePointsType<T>): {
|
|
91
91
|
ProjectivePoint: ProjConstructor<T>;
|
|
92
|
-
|
|
92
|
+
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
93
93
|
weierstrassEquation: (x: T) => T;
|
|
94
94
|
isWithinCurveOrder: (num: bigint) => boolean;
|
|
95
95
|
};
|
|
@@ -160,7 +160,6 @@ export declare type CurveFn = {
|
|
|
160
160
|
utils: {
|
|
161
161
|
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
162
162
|
isValidPrivateKey(privateKey: PrivKey): boolean;
|
|
163
|
-
hashToPrivateKey: (hash: Hex) => Uint8Array;
|
|
164
163
|
randomPrivateKey: () => Uint8Array;
|
|
165
164
|
precompute: (windowSize?: number, point?: ProjPointType<bigint>) => ProjPointType<bigint>;
|
|
166
165
|
};
|