@noble/curves 0.7.0 → 0.7.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +118 -73
- package/_shortw_utils.d.ts +0 -1
- package/_shortw_utils.d.ts.map +1 -1
- package/abstract/bls.js +1 -1
- package/abstract/bls.js.map +1 -1
- package/abstract/montgomery.d.ts +7 -3
- package/abstract/montgomery.d.ts.map +1 -1
- package/abstract/montgomery.js +10 -7
- package/abstract/montgomery.js.map +1 -1
- package/abstract/weierstrass.d.ts +2 -3
- package/abstract/weierstrass.d.ts.map +1 -1
- package/abstract/weierstrass.js +29 -24
- package/abstract/weierstrass.js.map +1 -1
- package/ed25519.d.ts.map +1 -1
- package/ed25519.js +3 -2
- package/ed25519.js.map +1 -1
- package/ed448.d.ts.map +1 -1
- package/ed448.js +3 -2
- package/ed448.js.map +1 -1
- package/esm/abstract/bls.js +1 -1
- package/esm/abstract/bls.js.map +1 -1
- package/esm/abstract/montgomery.js +10 -7
- package/esm/abstract/montgomery.js.map +1 -1
- package/esm/abstract/weierstrass.js +29 -24
- package/esm/abstract/weierstrass.js.map +1 -1
- package/esm/ed25519.js +3 -2
- package/esm/ed25519.js.map +1 -1
- package/esm/ed448.js +3 -2
- package/esm/ed448.js.map +1 -1
- package/esm/secp256k1.js +11 -1
- package/esm/secp256k1.js.map +1 -1
- package/esm/stark.js +75 -114
- package/esm/stark.js.map +1 -1
- package/p256.d.ts +0 -2
- package/p256.d.ts.map +1 -1
- package/p384.d.ts +0 -2
- package/p384.d.ts.map +1 -1
- package/p521.d.ts +0 -2
- package/p521.d.ts.map +1 -1
- package/package.json +2 -12
- package/secp256k1.d.ts +5 -1
- package/secp256k1.d.ts.map +1 -1
- package/secp256k1.js +11 -1
- package/secp256k1.js.map +1 -1
- package/src/abstract/bls.ts +1 -1
- package/src/abstract/montgomery.ts +15 -10
- package/src/abstract/weierstrass.ts +30 -28
- package/src/ed25519.ts +3 -2
- package/src/ed448.ts +3 -2
- package/src/secp256k1.ts +11 -1
- package/src/stark.ts +92 -130
- package/stark.d.ts +12 -18
- package/stark.d.ts.map +1 -1
- package/stark.js +82 -123
- package/stark.js.map +1 -1
- package/esm/p192.js +0 -22
- package/esm/p192.js.map +0 -1
- package/esm/p224.js +0 -22
- package/esm/p224.js.map +0 -1
- package/p192.d.ts +0 -103
- package/p192.d.ts.map +0 -1
- package/p192.js +0 -25
- package/p192.js.map +0 -1
- package/p224.d.ts +0 -103
- package/p224.d.ts.map +0 -1
- package/p224.js +0 -25
- package/p224.js.map +0 -1
- package/src/p192.ts +0 -25
- package/src/p224.ts +0 -25
package/secp256k1.d.ts
CHANGED
|
@@ -49,7 +49,6 @@ export declare const secp256k1: Readonly<{
|
|
|
49
49
|
utils: {
|
|
50
50
|
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
51
51
|
isValidPrivateKey(privateKey: PrivKey): boolean;
|
|
52
|
-
hashToPrivateKey: (hash: Hex) => Uint8Array;
|
|
53
52
|
randomPrivateKey: () => Uint8Array;
|
|
54
53
|
precompute: (windowSize?: number | undefined, point?: PointType<bigint> | undefined) => PointType<bigint>;
|
|
55
54
|
};
|
|
@@ -60,6 +59,10 @@ declare function schnorrGetExtPubKey(priv: PrivKey): {
|
|
|
60
59
|
scalar: bigint;
|
|
61
60
|
bytes: Uint8Array;
|
|
62
61
|
};
|
|
62
|
+
/**
|
|
63
|
+
* lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
|
|
64
|
+
* @returns valid point checked for being on-curve
|
|
65
|
+
*/
|
|
63
66
|
declare function lift_x(x: bigint): PointType<bigint>;
|
|
64
67
|
/**
|
|
65
68
|
* Schnorr public key is just `x` coordinate of Point as per BIP340.
|
|
@@ -72,6 +75,7 @@ declare function schnorrGetPublicKey(privateKey: Hex): Uint8Array;
|
|
|
72
75
|
declare function schnorrSign(message: Hex, privateKey: PrivKey, auxRand?: Hex): Uint8Array;
|
|
73
76
|
/**
|
|
74
77
|
* Verifies Schnorr signature.
|
|
78
|
+
* Will swallow errors & return false except for initial type validation of arguments.
|
|
75
79
|
*/
|
|
76
80
|
declare function schnorrVerify(signature: Hex, message: Hex, publicKey: Hex): boolean;
|
|
77
81
|
export declare const schnorr: {
|
package/secp256k1.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAGA,OAAO,EAAe,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,aAAa,IAAI,SAAS,EAAuB,MAAM,2BAA2B,CAAC;AAC5F,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,eAAe,EAA6C,MAAM,qBAAqB,CAAC;AACjG,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAwCnD,eAAO,MAAM,SAAS
|
|
1
|
+
{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAGA,OAAO,EAAe,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,aAAa,IAAI,SAAS,EAAuB,MAAM,2BAA2B,CAAC;AAC5F,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,eAAe,EAA6C,MAAM,qBAAqB,CAAC;AACjG,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAwCnD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CrB,CAAC;AASF,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;AAWD,iBAAS,mBAAmB,CAAC,IAAI,EAAE,OAAO;;;;EAKzC;AACD;;;GAGG;AACH,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAS5C;AAQD;;GAEG;AACH,iBAAS,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAExD;AAED;;;GAGG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,GAAG,EACZ,UAAU,EAAE,OAAO,EACnB,OAAO,GAAE,GAAqB,GAC7B,UAAU,CAgBZ;AAED;;;GAGG;AACH,iBAAS,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,OAAO,CAiB5E;AAED,eAAO,MAAM,OAAO;;;;;;;;8BA3FS,UAAU,MAAM,CAAC;;;;;;CAyG7C,CAAC;AAuCF,eAAO,MAAQ,WAAW,qFAAE,aAAa,mFAexC,CAAC"}
|
package/secp256k1.js
CHANGED
|
@@ -102,18 +102,24 @@ function taggedHash(tag, ...messages) {
|
|
|
102
102
|
}
|
|
103
103
|
return (0, sha256_1.sha256)((0, utils_js_1.concatBytes)(tagP, ...messages));
|
|
104
104
|
}
|
|
105
|
+
// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
|
|
105
106
|
const pointToBytes = (point) => point.toRawBytes(true).slice(1);
|
|
106
107
|
const numTo32b = (n) => (0, utils_js_1.numberToBytesBE)(n, 32);
|
|
107
108
|
const modP = (x) => (0, modular_js_1.mod)(x, secp256k1P);
|
|
108
109
|
const modN = (x) => (0, modular_js_1.mod)(x, secp256k1N);
|
|
109
110
|
const Point = exports.secp256k1.ProjectivePoint;
|
|
110
111
|
const GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
|
|
112
|
+
// Calculate point, scalar and bytes
|
|
111
113
|
function schnorrGetExtPubKey(priv) {
|
|
112
|
-
const d = exports.secp256k1.utils.normPrivateKeyToScalar(priv);
|
|
114
|
+
const d = exports.secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey
|
|
113
115
|
const point = Point.fromPrivateKey(d); // P = d'⋅G; 0 < d' < n check is done inside
|
|
114
116
|
const scalar = point.hasEvenY() ? d : modN(-d); // d = d' if has_even_y(P), otherwise d = n-d'
|
|
115
117
|
return { point, scalar, bytes: pointToBytes(point) };
|
|
116
118
|
}
|
|
119
|
+
/**
|
|
120
|
+
* lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
|
|
121
|
+
* @returns valid point checked for being on-curve
|
|
122
|
+
*/
|
|
117
123
|
function lift_x(x) {
|
|
118
124
|
if (!fe(x))
|
|
119
125
|
throw new Error('bad x: need 0 < x < p'); // Fail if x ≥ p.
|
|
@@ -126,6 +132,9 @@ function lift_x(x) {
|
|
|
126
132
|
p.assertValidity();
|
|
127
133
|
return p;
|
|
128
134
|
}
|
|
135
|
+
/**
|
|
136
|
+
* Create tagged hash, convert it to bigint, reduce modulo-n.
|
|
137
|
+
*/
|
|
129
138
|
function challenge(...args) {
|
|
130
139
|
return modN((0, utils_js_1.bytesToNumberBE)(taggedHash('BIP0340/challenge', ...args)));
|
|
131
140
|
}
|
|
@@ -160,6 +169,7 @@ function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)
|
|
|
160
169
|
}
|
|
161
170
|
/**
|
|
162
171
|
* Verifies Schnorr signature.
|
|
172
|
+
* Will swallow errors & return false except for initial type validation of arguments.
|
|
163
173
|
*/
|
|
164
174
|
function schnorrVerify(signature, message, publicKey) {
|
|
165
175
|
const sig = (0, utils_js_1.ensureBytes)('signature', signature, 64);
|
package/secp256k1.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":";;;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,+CAAkD;AAClD,sDAA+D;AAC/D,8DAA4F;AAE5F,kDAAiG;AACjG,mDAAmD;AACnD,yDAAiD;AAEjD,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,OAAO,CAAC,CAAS;IACxB,MAAM,CAAC,GAAG,UAAU,CAAC;IACrB,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACtC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;IACpC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAGzD,QAAA,SAAS,GAAG,IAAA,8BAAW,EAClC;IACE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,UAAU;IACb,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,IAAI;IACV;;;;;OAKG;IACH,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC,oEAAoE,CAAC;QAClF,WAAW,EAAE,CAAC,CAAS,EAAE,EAAE;YACzB,MAAM,CAAC,GAAG,UAAU,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACxD,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC;YACzD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC,0BAA0B;YAE3F,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACvC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,SAAS,EAAE;gBACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,CAAC,CAAC;aAC7D;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAClC,CAAC;KACF;CACF,EACD,eAAM,CACP,CAAC;AAEF,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,wFAAwF;AACxF,MAAM,oBAAoB,GAAkC,EAAE,CAAC;AAC/D,SAAS,UAAU,CAAC,GAAW,EAAE,GAAG,QAAsB;IACxD,IAAI,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,SAAS,EAAE;QACtB,MAAM,IAAI,GAAG,IAAA,eAAM,EAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAA,sBAAW,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/B,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;KAClC;IACD,OAAO,IAAA,eAAM,EAAC,IAAA,sBAAW,EAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,MAAM,YAAY,GAAG,CAAC,KAAwB,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAG,iBAAS,CAAC,eAAe,CAAC;AACxC,MAAM,OAAO,GAAG,CAAC,CAAoB,EAAE,CAAS,EAAE,CAAS,EAAE,EAAE,CAC7D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3C,SAAS,mBAAmB,CAAC,IAAa;IACxC,MAAM,CAAC,GAAG,iBAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;IACvD,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,4CAA4C;IACnF,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,8CAA8C;IAC9F,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;AACvD,CAAC;AACD,SAAS,MAAM,CAAC,CAAS;IACvB,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,iBAAiB;IACvE,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC5D,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC/C,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE;QAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;IACpF,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mDAAmD;IACnF,CAAC,CAAC,cAAc,EAAE,CAAC;IACnB,OAAO,CAAC,CAAC;AACX,CAAC;AACD,SAAS,SAAS,CAAC,GAAG,IAAkB;IACtC,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,UAAU,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,UAAe;IAC1C,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,oDAAoD;AACpG,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,OAAY,EACZ,UAAmB,EACnB,UAAe,IAAA,mBAAW,EAAC,EAAE,CAAC;IAE9B,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,gCAAgC;IAClG,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,2CAA2C;IAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,IAAA,0BAAe,EAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,yDAAyD;IAChI,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,4CAA4C;IAChG,MAAM,EAAE,GAAG,IAAI,CAAC,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACnE,IAAI,EAAE,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB;IAC7E,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB;IACpF,MAAM,CAAC,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gEAAgE;IAChG,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/E,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,iEAAiE;IACjE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACpF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,SAAc,EAAE,OAAY,EAAE,SAAc;IACjE,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,IAAI;QACF,MAAM,CAAC,GAAG,MAAM,CAAC,IAAA,0BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAClF,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;QACzF,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAC3F,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAChG,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACnD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;QAC/E,OAAO,IAAI,CAAC,CAAC,yDAAyD;KACvE;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAEY,QAAA,OAAO,GAAG;IACrB,YAAY,EAAE,mBAAmB;IACjC,IAAI,EAAE,WAAW;IACjB,MAAM,EAAE,aAAa;IACrB,KAAK,EAAE;QACL,gBAAgB,EAAE,iBAAS,CAAC,KAAK,CAAC,gBAAgB;QAClD,oBAAoB,EAAE,mBAAmB;QACzC,MAAM;QACN,YAAY;QACZ,eAAe,EAAf,0BAAe;QACf,eAAe,EAAf,0BAAe;QACf,UAAU;QACV,GAAG,EAAH,gBAAG;KACJ;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAC3B,EAAE,EACF;IACE,OAAO;IACP;QACE,oEAAoE;QACpE,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAA6B,CAClE,CAAC;AACF,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AACU,KAAiC,GAAG,CAAC,YAAY,CAC5D,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE;IACpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtB,CAAC,EACD;IACE,GAAG,EAAE,gCAAgC;IACrC,SAAS,EAAE,gCAAgC;IAC3C,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,EAfc,mBAAW,mBAAE,qBAAa,oBAevC"}
|
|
1
|
+
{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":";;;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,+CAAkD;AAClD,sDAA+D;AAC/D,8DAA4F;AAE5F,kDAAiG;AACjG,mDAAmD;AACnD,yDAAiD;AAEjD,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,OAAO,CAAC,CAAS;IACxB,MAAM,CAAC,GAAG,UAAU,CAAC;IACrB,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACtC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;IACpC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAGzD,QAAA,SAAS,GAAG,IAAA,8BAAW,EAClC;IACE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,UAAU;IACb,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,IAAI;IACV;;;;;OAKG;IACH,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC,oEAAoE,CAAC;QAClF,WAAW,EAAE,CAAC,CAAS,EAAE,EAAE;YACzB,MAAM,CAAC,GAAG,UAAU,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACxD,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC;YACzD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC,0BAA0B;YAE3F,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACvC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,SAAS,EAAE;gBACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,CAAC,CAAC;aAC7D;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAClC,CAAC;KACF;CACF,EACD,eAAM,CACP,CAAC;AAEF,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,wFAAwF;AACxF,MAAM,oBAAoB,GAAkC,EAAE,CAAC;AAC/D,SAAS,UAAU,CAAC,GAAW,EAAE,GAAG,QAAsB;IACxD,IAAI,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,SAAS,EAAE;QACtB,MAAM,IAAI,GAAG,IAAA,eAAM,EAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAA,sBAAW,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/B,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;KAClC;IACD,OAAO,IAAA,eAAM,EAAC,IAAA,sBAAW,EAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,oFAAoF;AACpF,MAAM,YAAY,GAAG,CAAC,KAAwB,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAG,iBAAS,CAAC,eAAe,CAAC;AACxC,MAAM,OAAO,GAAG,CAAC,CAAoB,EAAE,CAAS,EAAE,CAAS,EAAE,EAAE,CAC7D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAC3C,oCAAoC;AACpC,SAAS,mBAAmB,CAAC,IAAa;IACxC,MAAM,CAAC,GAAG,iBAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,yCAAyC;IACjG,MAAM,KAAK,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,4CAA4C;IACnF,MAAM,MAAM,GAAG,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,8CAA8C;IAC9F,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,KAAK,CAAC,EAAE,CAAC;AACvD,CAAC;AACD;;;GAGG;AACH,SAAS,MAAM,CAAC,CAAS;IACvB,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,iBAAiB;IACvE,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC5D,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC/C,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE;QAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;IACpF,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mDAAmD;IACnF,CAAC,CAAC,cAAc,EAAE,CAAC;IACnB,OAAO,CAAC,CAAC;AACX,CAAC;AACD;;GAEG;AACH,SAAS,SAAS,CAAC,GAAG,IAAkB;IACtC,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,UAAU,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,UAAe;IAC1C,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,oDAAoD;AACpG,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,OAAY,EACZ,UAAmB,EACnB,UAAe,IAAA,mBAAW,EAAC,EAAE,CAAC;IAE9B,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,gCAAgC;IAClG,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,2CAA2C;IAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,IAAA,0BAAe,EAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,yDAAyD;IAChI,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,4CAA4C;IAChG,MAAM,EAAE,GAAG,IAAI,CAAC,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACnE,IAAI,EAAE,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB;IAC7E,MAAM,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB;IACpF,MAAM,CAAC,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gEAAgE;IAChG,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/E,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3B,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,iEAAiE;IACjE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACpF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,SAAc,EAAE,OAAY,EAAE,SAAc;IACjE,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,IAAI;QACF,MAAM,CAAC,GAAG,MAAM,CAAC,IAAA,0BAAe,EAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAClF,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;QACzF,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,IAAA,0BAAe,EAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAC3F,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAChG,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACnD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;QAC/E,OAAO,IAAI,CAAC,CAAC,yDAAyD;KACvE;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAEY,QAAA,OAAO,GAAG;IACrB,YAAY,EAAE,mBAAmB;IACjC,IAAI,EAAE,WAAW;IACjB,MAAM,EAAE,aAAa;IACrB,KAAK,EAAE;QACL,gBAAgB,EAAE,iBAAS,CAAC,KAAK,CAAC,gBAAgB;QAClD,oBAAoB,EAAE,mBAAmB;QACzC,MAAM;QACN,YAAY;QACZ,eAAe,EAAf,0BAAe;QACf,eAAe,EAAf,0BAAe;QACf,UAAU;QACV,GAAG,EAAH,gBAAG;KACJ;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAC3B,EAAE,EACF;IACE,OAAO;IACP;QACE,oEAAoE;QACpE,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAA6B,CAClE,CAAC;AACF,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AACU,KAAiC,GAAG,CAAC,YAAY,CAC5D,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE;IACpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtB,CAAC,EACD;IACE,GAAG,EAAE,gCAAgC;IACrC,SAAS,EAAE,gCAAgC;IAC3C,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,EAfc,mBAAW,mBAAE,qBAAa,oBAevC"}
|
package/src/abstract/bls.ts
CHANGED
|
@@ -257,7 +257,7 @@ export function bls<Fp2, Fp6, Fp12>(
|
|
|
257
257
|
function sign(message: G2Hex, privateKey: PrivKey, htfOpts?: htf.htfBasicOpts): Uint8Array | G2 {
|
|
258
258
|
const msgPoint = normP2Hash(message, htfOpts);
|
|
259
259
|
msgPoint.assertValidity();
|
|
260
|
-
const sigPoint = msgPoint.multiply(G1.
|
|
260
|
+
const sigPoint = msgPoint.multiply(G1.normPrivateKeyToScalar(privateKey));
|
|
261
261
|
if (message instanceof G2.ProjectivePoint) return sigPoint;
|
|
262
262
|
return Signature.encode(sigPoint);
|
|
263
263
|
}
|
|
@@ -11,25 +11,27 @@ export type CurveType = {
|
|
|
11
11
|
nByteLength: number;
|
|
12
12
|
adjustScalarBytes?: (bytes: Uint8Array) => Uint8Array;
|
|
13
13
|
domain?: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => Uint8Array;
|
|
14
|
-
|
|
14
|
+
a: bigint;
|
|
15
15
|
montgomeryBits: number;
|
|
16
16
|
powPminus2?: (x: bigint) => bigint;
|
|
17
17
|
xyToU?: (x: bigint, y: bigint) => bigint;
|
|
18
|
-
Gu:
|
|
18
|
+
Gu: bigint;
|
|
19
|
+
randomBytes?: (bytesLength?: number) => Uint8Array;
|
|
19
20
|
};
|
|
20
21
|
export type CurveFn = {
|
|
21
22
|
scalarMult: (scalar: Hex, u: Hex) => Uint8Array;
|
|
22
23
|
scalarMultBase: (scalar: Hex) => Uint8Array;
|
|
23
24
|
getSharedSecret: (privateKeyA: Hex, publicKeyB: Hex) => Uint8Array;
|
|
24
25
|
getPublicKey: (privateKey: Hex) => Uint8Array;
|
|
25
|
-
|
|
26
|
+
utils: { randomPrivateKey: () => Uint8Array };
|
|
27
|
+
GuBytes: Uint8Array;
|
|
26
28
|
};
|
|
27
29
|
|
|
28
30
|
function validateOpts(curve: CurveType) {
|
|
29
31
|
validateObject(
|
|
30
32
|
curve,
|
|
31
33
|
{
|
|
32
|
-
|
|
34
|
+
a: 'bigint',
|
|
33
35
|
},
|
|
34
36
|
{
|
|
35
37
|
montgomeryBits: 'isSafeInteger',
|
|
@@ -37,7 +39,7 @@ function validateOpts(curve: CurveType) {
|
|
|
37
39
|
adjustScalarBytes: 'function',
|
|
38
40
|
domain: 'function',
|
|
39
41
|
powPminus2: 'function',
|
|
40
|
-
Gu: '
|
|
42
|
+
Gu: 'bigint',
|
|
41
43
|
}
|
|
42
44
|
);
|
|
43
45
|
// Set defaults
|
|
@@ -49,7 +51,7 @@ function validateOpts(curve: CurveType) {
|
|
|
49
51
|
export function montgomery(curveDef: CurveType): CurveFn {
|
|
50
52
|
const CURVE = validateOpts(curveDef);
|
|
51
53
|
const { P } = CURVE;
|
|
52
|
-
const modP = (
|
|
54
|
+
const modP = (n: bigint) => mod(n, P);
|
|
53
55
|
const montgomeryBits = CURVE.montgomeryBits;
|
|
54
56
|
const montgomeryBytes = Math.ceil(montgomeryBits / 8);
|
|
55
57
|
const fieldLen = CURVE.nByteLength;
|
|
@@ -73,12 +75,15 @@ export function montgomery(curveDef: CurveType): CurveFn {
|
|
|
73
75
|
return [x_2, x_3];
|
|
74
76
|
}
|
|
75
77
|
|
|
78
|
+
// Accepts 0 as well
|
|
76
79
|
function assertFieldElement(n: bigint): bigint {
|
|
77
80
|
if (typeof n === 'bigint' && _0n <= n && n < P) return n;
|
|
78
81
|
throw new Error('Expected valid scalar 0 < scalar < CURVE.P');
|
|
79
82
|
}
|
|
80
83
|
|
|
81
84
|
// x25519 from 4
|
|
85
|
+
// The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519
|
|
86
|
+
const a24 = (CURVE.a - BigInt(2)) / BigInt(4);
|
|
82
87
|
/**
|
|
83
88
|
*
|
|
84
89
|
* @param pointU u coordinate (x) on Montgomery Curve 25519
|
|
@@ -90,8 +95,6 @@ export function montgomery(curveDef: CurveType): CurveFn {
|
|
|
90
95
|
// Section 5: Implementations MUST accept non-canonical values and process them as
|
|
91
96
|
// if they had been reduced modulo the field prime.
|
|
92
97
|
const k = assertFieldElement(scalar);
|
|
93
|
-
// The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519
|
|
94
|
-
const a24 = CURVE.a24;
|
|
95
98
|
const x_1 = u;
|
|
96
99
|
let x_2 = _1n;
|
|
97
100
|
let z_2 = _0n;
|
|
@@ -170,8 +173,9 @@ export function montgomery(curveDef: CurveType): CurveFn {
|
|
|
170
173
|
return encodeUCoordinate(pu);
|
|
171
174
|
}
|
|
172
175
|
// Computes public key from private. By doing scalar multiplication of base point.
|
|
176
|
+
const GuBytes = encodeUCoordinate(CURVE.Gu);
|
|
173
177
|
function scalarMultBase(scalar: Hex): Uint8Array {
|
|
174
|
-
return scalarMult(scalar,
|
|
178
|
+
return scalarMult(scalar, GuBytes);
|
|
175
179
|
}
|
|
176
180
|
|
|
177
181
|
return {
|
|
@@ -179,6 +183,7 @@ export function montgomery(curveDef: CurveType): CurveFn {
|
|
|
179
183
|
scalarMultBase,
|
|
180
184
|
getSharedSecret: (privateKey: Hex, publicKey: Hex) => scalarMult(privateKey, publicKey),
|
|
181
185
|
getPublicKey: (privateKey: Hex): Uint8Array => scalarMultBase(privateKey),
|
|
182
|
-
|
|
186
|
+
utils: { randomPrivateKey: () => CURVE.randomBytes!(CURVE.nByteLength) },
|
|
187
|
+
GuBytes: GuBytes,
|
|
183
188
|
};
|
|
184
189
|
}
|
|
@@ -122,7 +122,7 @@ function validatePointOpts<T>(curve: CurvePointsType<T>) {
|
|
|
122
122
|
|
|
123
123
|
export type CurvePointsRes<T> = {
|
|
124
124
|
ProjectivePoint: ProjConstructor<T>;
|
|
125
|
-
|
|
125
|
+
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
126
126
|
weierstrassEquation: (x: T) => T;
|
|
127
127
|
isWithinCurveOrder: (num: bigint) => boolean;
|
|
128
128
|
};
|
|
@@ -203,8 +203,8 @@ export function weierstrassPoints<T>(opts: CurvePointsType<T>) {
|
|
|
203
203
|
if (!isWithinCurveOrder(num)) throw new Error('Expected valid bigint: 0 < bigint < curve.n');
|
|
204
204
|
}
|
|
205
205
|
// Validates if priv key is valid and converts it to bigint.
|
|
206
|
-
// Supports options
|
|
207
|
-
function
|
|
206
|
+
// Supports options allowedPrivateKeyLengths and wrapPrivateKey.
|
|
207
|
+
function normPrivateKeyToScalar(key: PrivKey): bigint {
|
|
208
208
|
const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n } = CURVE;
|
|
209
209
|
if (lengths && typeof key !== 'bigint') {
|
|
210
210
|
if (key instanceof Uint8Array) key = ut.bytesToHex(key);
|
|
@@ -287,7 +287,7 @@ export function weierstrassPoints<T>(opts: CurvePointsType<T>) {
|
|
|
287
287
|
|
|
288
288
|
// Multiplies generator point by privateKey.
|
|
289
289
|
static fromPrivateKey(privateKey: PrivKey) {
|
|
290
|
-
return Point.BASE.multiply(
|
|
290
|
+
return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));
|
|
291
291
|
}
|
|
292
292
|
|
|
293
293
|
// We calculate precomputes for elliptic curve point multiplication
|
|
@@ -488,8 +488,9 @@ export function weierstrassPoints<T>(opts: CurvePointsType<T>) {
|
|
|
488
488
|
* Constant time multiplication.
|
|
489
489
|
* Uses wNAF method. Windowed method may be 10% faster,
|
|
490
490
|
* but takes 2x longer to generate and consumes 2x memory.
|
|
491
|
+
* Uses precomputes when available.
|
|
492
|
+
* Uses endomorphism for Koblitz curves.
|
|
491
493
|
* @param scalar by which the point would be multiplied
|
|
492
|
-
* @param affinePoint optional point ot save cached precompute windows on it
|
|
493
494
|
* @returns New point
|
|
494
495
|
*/
|
|
495
496
|
multiply(scalar: bigint): Point {
|
|
@@ -517,6 +518,8 @@ export function weierstrassPoints<T>(opts: CurvePointsType<T>) {
|
|
|
517
518
|
|
|
518
519
|
/**
|
|
519
520
|
* Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.
|
|
521
|
+
* Not using Strauss-Shamir trick: precomputation tables are faster.
|
|
522
|
+
* The trick could be useful if both P and Q are not G (not in our case).
|
|
520
523
|
* @returns non-zero affine point
|
|
521
524
|
*/
|
|
522
525
|
multiplyAndAddUnsafe(Q: Point, a: bigint, b: bigint): Point | undefined {
|
|
@@ -572,7 +575,7 @@ export function weierstrassPoints<T>(opts: CurvePointsType<T>) {
|
|
|
572
575
|
|
|
573
576
|
return {
|
|
574
577
|
ProjectivePoint: Point as ProjConstructor<T>,
|
|
575
|
-
|
|
578
|
+
normPrivateKeyToScalar,
|
|
576
579
|
weierstrassEquation,
|
|
577
580
|
isWithinCurveOrder,
|
|
578
581
|
};
|
|
@@ -642,7 +645,6 @@ export type CurveFn = {
|
|
|
642
645
|
utils: {
|
|
643
646
|
normPrivateKeyToScalar: (key: PrivKey) => bigint;
|
|
644
647
|
isValidPrivateKey(privateKey: PrivKey): boolean;
|
|
645
|
-
hashToPrivateKey: (hash: Hex) => Uint8Array;
|
|
646
648
|
randomPrivateKey: () => Uint8Array;
|
|
647
649
|
precompute: (windowSize?: number, point?: ProjPointType<bigint>) => ProjPointType<bigint>;
|
|
648
650
|
};
|
|
@@ -667,7 +669,7 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
667
669
|
|
|
668
670
|
const {
|
|
669
671
|
ProjectivePoint: Point,
|
|
670
|
-
|
|
672
|
+
normPrivateKeyToScalar,
|
|
671
673
|
weierstrassEquation,
|
|
672
674
|
isWithinCurveOrder,
|
|
673
675
|
} = weierstrassPoints({
|
|
@@ -677,7 +679,6 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
677
679
|
const x = Fp.toBytes(a.x);
|
|
678
680
|
const cat = ut.concatBytes;
|
|
679
681
|
if (isCompressed) {
|
|
680
|
-
// TODO: hasEvenY
|
|
681
682
|
return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);
|
|
682
683
|
} else {
|
|
683
684
|
return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));
|
|
@@ -801,37 +802,35 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
801
802
|
const utils = {
|
|
802
803
|
isValidPrivateKey(privateKey: PrivKey) {
|
|
803
804
|
try {
|
|
804
|
-
|
|
805
|
+
normPrivateKeyToScalar(privateKey);
|
|
805
806
|
return true;
|
|
806
807
|
} catch (error) {
|
|
807
808
|
return false;
|
|
808
809
|
}
|
|
809
810
|
},
|
|
810
|
-
normPrivateKeyToScalar:
|
|
811
|
-
|
|
812
|
-
/**
|
|
813
|
-
* Converts some bytes to a valid private key. Needs at least (nBitLength+64) bytes.
|
|
814
|
-
*/
|
|
815
|
-
hashToPrivateKey: (hash: Hex): Uint8Array =>
|
|
816
|
-
ut.numberToBytesBE(mod.hashToPrivateScalar(hash, CURVE_ORDER), CURVE.nByteLength),
|
|
811
|
+
normPrivateKeyToScalar: normPrivateKeyToScalar,
|
|
817
812
|
|
|
818
813
|
/**
|
|
819
814
|
* Produces cryptographically secure private key from random of size (nBitLength+64)
|
|
820
815
|
* as per FIPS 186 B.4.1 with modulo bias being neglible.
|
|
821
816
|
*/
|
|
822
|
-
randomPrivateKey: (): Uint8Array =>
|
|
817
|
+
randomPrivateKey: (): Uint8Array => {
|
|
818
|
+
const rand = CURVE.randomBytes(Fp.BYTES + 8);
|
|
819
|
+
const num = mod.hashToPrivateScalar(rand, CURVE_ORDER);
|
|
820
|
+
return ut.numberToBytesBE(num, CURVE.nByteLength);
|
|
821
|
+
},
|
|
823
822
|
|
|
824
823
|
/**
|
|
825
|
-
*
|
|
826
|
-
*
|
|
827
|
-
* If you want your first getPublicKey to take 0.16ms instead of 20ms, make sure to call
|
|
828
|
-
* utils.precompute() somewhere without arguments first.
|
|
829
|
-
* @param windowSize 2, 4, 8, 16
|
|
824
|
+
* Creates precompute table for an arbitrary EC point. Makes point "cached".
|
|
825
|
+
* Allows to massively speed-up `point.multiply(scalar)`.
|
|
830
826
|
* @returns cached point
|
|
827
|
+
* @example
|
|
828
|
+
* const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));
|
|
829
|
+
* fast.multiply(privKey); // much faster ECDH now
|
|
831
830
|
*/
|
|
832
831
|
precompute(windowSize = 8, point = Point.BASE): typeof Point.BASE {
|
|
833
832
|
point._setWindowSize(windowSize);
|
|
834
|
-
point.multiply(BigInt(3));
|
|
833
|
+
point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here
|
|
835
834
|
return point;
|
|
836
835
|
},
|
|
837
836
|
};
|
|
@@ -862,7 +861,8 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
862
861
|
/**
|
|
863
862
|
* ECDH (Elliptic Curve Diffie Hellman).
|
|
864
863
|
* Computes shared public key from private key and public key.
|
|
865
|
-
* Checks: 1) private key validity 2) shared key is on-curve
|
|
864
|
+
* Checks: 1) private key validity 2) shared key is on-curve.
|
|
865
|
+
* Does NOT hash the result.
|
|
866
866
|
* @param privateA private key
|
|
867
867
|
* @param publicB different public key
|
|
868
868
|
* @param isCompressed whether to return compact (default), or full key
|
|
@@ -872,7 +872,7 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
872
872
|
if (isProbPub(privateA)) throw new Error('first arg must be private key');
|
|
873
873
|
if (!isProbPub(publicB)) throw new Error('second arg must be public key');
|
|
874
874
|
const b = Point.fromHex(publicB); // check for being on-curve
|
|
875
|
-
return b.multiply(
|
|
875
|
+
return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
|
|
876
876
|
}
|
|
877
877
|
|
|
878
878
|
// RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.
|
|
@@ -895,10 +895,12 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
895
895
|
};
|
|
896
896
|
// NOTE: pads output with zero as per spec
|
|
897
897
|
const ORDER_MASK = ut.bitMask(CURVE.nBitLength);
|
|
898
|
+
/**
|
|
899
|
+
* Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.
|
|
900
|
+
*/
|
|
898
901
|
function int2octets(num: bigint): Uint8Array {
|
|
899
902
|
if (typeof num !== 'bigint') throw new Error('bigint expected');
|
|
900
903
|
if (!(_0n <= num && num < ORDER_MASK))
|
|
901
|
-
// n in [0..ORDER_MASK-1]
|
|
902
904
|
throw new Error(`bigint expected < 2^${CURVE.nBitLength}`);
|
|
903
905
|
// works with order, can have different size than numToField!
|
|
904
906
|
return ut.numberToBytesBE(num, CURVE.nByteLength);
|
|
@@ -922,7 +924,7 @@ export function weierstrass(curveDef: CurveType): CurveFn {
|
|
|
922
924
|
// with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.
|
|
923
925
|
// const bits2octets = (bits) => int2octets(bits2int_modN(bits))
|
|
924
926
|
const h1int = bits2int_modN(msgHash);
|
|
925
|
-
const d =
|
|
927
|
+
const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint
|
|
926
928
|
const seedArgs = [int2octets(d), int2octets(h1int)];
|
|
927
929
|
// extraEntropy. RFC6979 3.6: additional k' (optional).
|
|
928
930
|
if (ent != null) {
|
package/src/ed25519.ts
CHANGED
|
@@ -138,10 +138,10 @@ export const ed25519ph = twistedEdwards({
|
|
|
138
138
|
|
|
139
139
|
export const x25519 = montgomery({
|
|
140
140
|
P: ED25519_P,
|
|
141
|
-
|
|
141
|
+
a: BigInt(486662),
|
|
142
142
|
montgomeryBits: 255, // n is 253 bits
|
|
143
143
|
nByteLength: 32,
|
|
144
|
-
Gu:
|
|
144
|
+
Gu: BigInt(9),
|
|
145
145
|
powPminus2: (x: bigint): bigint => {
|
|
146
146
|
const P = ED25519_P;
|
|
147
147
|
// x^(p-2) aka x^(2^255-21)
|
|
@@ -149,6 +149,7 @@ export const x25519 = montgomery({
|
|
|
149
149
|
return mod(pow2(pow_p_5_8, BigInt(3), P) * b2, P);
|
|
150
150
|
},
|
|
151
151
|
adjustScalarBytes,
|
|
152
|
+
randomBytes,
|
|
152
153
|
});
|
|
153
154
|
|
|
154
155
|
// Hash To Curve Elligator2 Map (NOTE: different from ristretto255 elligator)
|
package/src/ed448.ts
CHANGED
|
@@ -122,11 +122,11 @@ export const ed448 = twistedEdwards(ED448_DEF);
|
|
|
122
122
|
export const ed448ph = twistedEdwards({ ...ED448_DEF, preHash: shake256_64 });
|
|
123
123
|
|
|
124
124
|
export const x448 = montgomery({
|
|
125
|
-
|
|
125
|
+
a: BigInt(156326),
|
|
126
126
|
montgomeryBits: 448,
|
|
127
127
|
nByteLength: 57,
|
|
128
128
|
P: ed448P,
|
|
129
|
-
Gu:
|
|
129
|
+
Gu: BigInt(5),
|
|
130
130
|
powPminus2: (x: bigint): bigint => {
|
|
131
131
|
const P = ed448P;
|
|
132
132
|
const Pminus3div4 = ed448_pow_Pminus3div4(x);
|
|
@@ -134,6 +134,7 @@ export const x448 = montgomery({
|
|
|
134
134
|
return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2
|
|
135
135
|
},
|
|
136
136
|
adjustScalarBytes,
|
|
137
|
+
randomBytes,
|
|
137
138
|
// The 4-isogeny maps between the Montgomery curve and this Edwards
|
|
138
139
|
// curve are:
|
|
139
140
|
// (u, v) = (y^2/x^2, (2 - x^2 - y^2)*y/x^3)
|
package/src/secp256k1.ts
CHANGED
|
@@ -107,6 +107,7 @@ function taggedHash(tag: string, ...messages: Uint8Array[]): Uint8Array {
|
|
|
107
107
|
return sha256(concatBytes(tagP, ...messages));
|
|
108
108
|
}
|
|
109
109
|
|
|
110
|
+
// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
|
|
110
111
|
const pointToBytes = (point: PointType<bigint>) => point.toRawBytes(true).slice(1);
|
|
111
112
|
const numTo32b = (n: bigint) => numberToBytesBE(n, 32);
|
|
112
113
|
const modP = (x: bigint) => mod(x, secp256k1P);
|
|
@@ -114,12 +115,17 @@ const modN = (x: bigint) => mod(x, secp256k1N);
|
|
|
114
115
|
const Point = secp256k1.ProjectivePoint;
|
|
115
116
|
const GmulAdd = (Q: PointType<bigint>, a: bigint, b: bigint) =>
|
|
116
117
|
Point.BASE.multiplyAndAddUnsafe(Q, a, b);
|
|
118
|
+
// Calculate point, scalar and bytes
|
|
117
119
|
function schnorrGetExtPubKey(priv: PrivKey) {
|
|
118
|
-
const d = secp256k1.utils.normPrivateKeyToScalar(priv);
|
|
120
|
+
const d = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey
|
|
119
121
|
const point = Point.fromPrivateKey(d); // P = d'⋅G; 0 < d' < n check is done inside
|
|
120
122
|
const scalar = point.hasEvenY() ? d : modN(-d); // d = d' if has_even_y(P), otherwise d = n-d'
|
|
121
123
|
return { point, scalar, bytes: pointToBytes(point) };
|
|
122
124
|
}
|
|
125
|
+
/**
|
|
126
|
+
* lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
|
|
127
|
+
* @returns valid point checked for being on-curve
|
|
128
|
+
*/
|
|
123
129
|
function lift_x(x: bigint): PointType<bigint> {
|
|
124
130
|
if (!fe(x)) throw new Error('bad x: need 0 < x < p'); // Fail if x ≥ p.
|
|
125
131
|
const xx = modP(x * x);
|
|
@@ -130,6 +136,9 @@ function lift_x(x: bigint): PointType<bigint> {
|
|
|
130
136
|
p.assertValidity();
|
|
131
137
|
return p;
|
|
132
138
|
}
|
|
139
|
+
/**
|
|
140
|
+
* Create tagged hash, convert it to bigint, reduce modulo-n.
|
|
141
|
+
*/
|
|
133
142
|
function challenge(...args: Uint8Array[]): bigint {
|
|
134
143
|
return modN(bytesToNumberBE(taggedHash('BIP0340/challenge', ...args)));
|
|
135
144
|
}
|
|
@@ -169,6 +178,7 @@ function schnorrSign(
|
|
|
169
178
|
|
|
170
179
|
/**
|
|
171
180
|
* Verifies Schnorr signature.
|
|
181
|
+
* Will swallow errors & return false except for initial type validation of arguments.
|
|
172
182
|
*/
|
|
173
183
|
function schnorrVerify(signature: Hex, message: Hex, publicKey: Hex): boolean {
|
|
174
184
|
const sig = ensureBytes('signature', signature, 64);
|