@noble/curves 0.7.3 → 0.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +16 -17
- package/_shortw_utils.js +8 -13
- package/_shortw_utils.js.map +1 -1
- package/abstract/bls.js +12 -16
- package/abstract/bls.js.map +1 -1
- package/abstract/curve.js +7 -12
- package/abstract/curve.js.map +1 -1
- package/abstract/edwards.js +16 -20
- package/abstract/edwards.js.map +1 -1
- package/abstract/hash-to-curve.d.ts +5 -3
- package/abstract/hash-to-curve.d.ts.map +1 -1
- package/abstract/hash-to-curve.js +25 -33
- package/abstract/hash-to-curve.js.map +1 -1
- package/abstract/modular.d.ts.map +1 -1
- package/abstract/modular.js +25 -44
- package/abstract/modular.js.map +1 -1
- package/abstract/montgomery.js +11 -15
- package/abstract/montgomery.js.map +1 -1
- package/abstract/poseidon.js +6 -12
- package/abstract/poseidon.js.map +1 -1
- package/abstract/utils.js +19 -41
- package/abstract/utils.js.map +1 -1
- package/abstract/weierstrass.d.ts.map +1 -1
- package/abstract/weierstrass.js +25 -37
- package/abstract/weierstrass.js.map +1 -1
- package/bls12-381.js +63 -66
- package/bls12-381.js.map +1 -1
- package/bn.js +7 -10
- package/bn.js.map +1 -1
- package/ed25519.d.ts +3 -0
- package/ed25519.d.ts.map +1 -1
- package/ed25519.js +81 -74
- package/ed25519.js.map +1 -1
- package/ed448.js +37 -41
- package/ed448.js.map +1 -1
- package/esm/abstract/hash-to-curve.js +8 -8
- package/esm/abstract/hash-to-curve.js.map +1 -1
- package/esm/abstract/modular.js +1 -0
- package/esm/abstract/modular.js.map +1 -1
- package/esm/abstract/weierstrass.js +4 -9
- package/esm/abstract/weierstrass.js.map +1 -1
- package/esm/ed25519.js +13 -1
- package/esm/ed25519.js.map +1 -1
- package/esm/package.json +1 -1
- package/esm/secp256k1.js +6 -7
- package/esm/secp256k1.js.map +1 -1
- package/jubjub.js +17 -22
- package/jubjub.js.map +1 -1
- package/p256.js +13 -17
- package/p256.js.map +1 -1
- package/p384.js +13 -17
- package/p384.js.map +1 -1
- package/p521.js +13 -17
- package/p521.js.map +1 -1
- package/package.json +3 -7
- package/pasta.js +16 -19
- package/pasta.js.map +1 -1
- package/secp256k1.d.ts +0 -6
- package/secp256k1.d.ts.map +1 -1
- package/secp256k1.js +58 -63
- package/secp256k1.js.map +1 -1
- package/src/abstract/hash-to-curve.ts +13 -12
- package/src/abstract/modular.ts +1 -0
- package/src/abstract/weierstrass.ts +4 -10
- package/src/ed25519.ts +17 -1
- package/src/secp256k1.ts +7 -7
- package/esm/stark.js +0 -251
- package/esm/stark.js.map +0 -1
- package/src/stark.ts +0 -318
- package/stark.d.ts +0 -83
- package/stark.d.ts.map +0 -1
- package/stark.js +0 -273
- package/stark.js.map +0 -1
package/jubjub.js
CHANGED
|
@@ -1,24 +1,21 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
|
|
4
1
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
import { sha512 } from '@noble/hashes/sha512';
|
|
3
|
+
import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils';
|
|
4
|
+
import { twistedEdwards } from './abstract/edwards.js';
|
|
5
|
+
import { blake2s } from '@noble/hashes/blake2s';
|
|
6
|
+
import { Fp } from './abstract/modular.js';
|
|
10
7
|
/**
|
|
11
8
|
* jubjub Twisted Edwards curve.
|
|
12
9
|
* https://neuromancer.sk/std/other/JubJub
|
|
13
10
|
* jubjub does not use EdDSA, so `hash`/sha512 params are passed because interface expects them.
|
|
14
11
|
*/
|
|
15
|
-
|
|
12
|
+
export const jubjub = twistedEdwards({
|
|
16
13
|
// Params: a, d
|
|
17
14
|
a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
|
|
18
15
|
d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
|
|
19
16
|
// Finite field 𝔽p over which we'll do calculations
|
|
20
17
|
// Same value as bls12-381 Fr (not Fp)
|
|
21
|
-
Fp:
|
|
18
|
+
Fp: Fp(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
|
|
22
19
|
// Subgroup order: how many points curve has
|
|
23
20
|
n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
|
|
24
21
|
// Cofactor
|
|
@@ -26,26 +23,25 @@ exports.jubjub = (0, edwards_js_1.twistedEdwards)({
|
|
|
26
23
|
// Base point (x, y) aka generator point
|
|
27
24
|
Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
|
|
28
25
|
Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
|
|
29
|
-
hash:
|
|
30
|
-
randomBytes
|
|
26
|
+
hash: sha512,
|
|
27
|
+
randomBytes,
|
|
31
28
|
});
|
|
32
|
-
const GH_FIRST_BLOCK =
|
|
29
|
+
const GH_FIRST_BLOCK = utf8ToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
|
|
33
30
|
// Returns point at JubJub curve which is prime order and not zero
|
|
34
|
-
function groupHash(tag, personalization) {
|
|
35
|
-
const h =
|
|
31
|
+
export function groupHash(tag, personalization) {
|
|
32
|
+
const h = blake2s.create({ personalization, dkLen: 32 });
|
|
36
33
|
h.update(GH_FIRST_BLOCK);
|
|
37
34
|
h.update(tag);
|
|
38
35
|
// NOTE: returns ExtendedPoint, in case it will be multiplied later
|
|
39
|
-
let p =
|
|
36
|
+
let p = jubjub.ExtendedPoint.fromHex(h.digest());
|
|
40
37
|
// NOTE: cannot replace with isSmallOrder, returns Point*8
|
|
41
|
-
p = p.multiply(
|
|
42
|
-
if (p.equals(
|
|
38
|
+
p = p.multiply(jubjub.CURVE.h);
|
|
39
|
+
if (p.equals(jubjub.ExtendedPoint.ZERO))
|
|
43
40
|
throw new Error('Point has small order');
|
|
44
41
|
return p;
|
|
45
42
|
}
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0]));
|
|
43
|
+
export function findGroupHash(m, personalization) {
|
|
44
|
+
const tag = concatBytes(m, new Uint8Array([0]));
|
|
49
45
|
for (let i = 0; i < 256; i++) {
|
|
50
46
|
tag[tag.length - 1] = i;
|
|
51
47
|
try {
|
|
@@ -55,5 +51,4 @@ function findGroupHash(m, personalization) {
|
|
|
55
51
|
}
|
|
56
52
|
throw new Error('findGroupHash tag overflow');
|
|
57
53
|
}
|
|
58
|
-
exports.findGroupHash = findGroupHash;
|
|
59
54
|
//# sourceMappingURL=jubjub.js.map
|
package/jubjub.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jubjub.js","sourceRoot":"","sources":["src/jubjub.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"jubjub.js","sourceRoot":"","sources":["src/jubjub.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC5E,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,EAAE,EAAE,MAAM,uBAAuB,CAAC;AAE3C;;;;GAIG;AAEH,MAAM,CAAC,MAAM,MAAM,GAAG,cAAc,CAAC;IACnC,eAAe;IACf,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,oDAAoD;IACpD,sCAAsC;IACtC,EAAE,EAAE,EAAE,CAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC;IACpF,4CAA4C;IAC5C,CAAC,EAAE,MAAM,CAAC,mEAAmE,CAAC;IAC9E,WAAW;IACX,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,IAAI,EAAE,MAAM;IACZ,WAAW;CACH,CAAC,CAAC;AAEZ,MAAM,cAAc,GAAG,WAAW,CAChC,kEAAkE,CACnE,CAAC;AAEF,kEAAkE;AAClE,MAAM,UAAU,SAAS,CAAC,GAAe,EAAE,eAA2B;IACpE,MAAM,CAAC,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACzB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACd,mEAAmE;IACnE,IAAI,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,0DAA0D;IAC1D,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAClF,OAAO,CAAC,CAAC;AACX,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,CAAa,EAAE,eAA2B;IACtE,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE;QAC5B,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI;YACF,OAAO,SAAS,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;SACxC;QAAC,OAAO,CAAC,EAAE,GAAE;KACf;IACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;AAChD,CAAC"}
|
package/p256.js
CHANGED
|
@@ -1,24 +1,21 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.encodeToCurve = exports.hashToCurve = exports.secp256r1 = exports.P256 = void 0;
|
|
4
1
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
import { createCurve } from './_shortw_utils.js';
|
|
3
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
4
|
+
import { Fp as Field } from './abstract/modular.js';
|
|
5
|
+
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
|
|
6
|
+
import * as htf from './abstract/hash-to-curve.js';
|
|
10
7
|
// NIST secp256r1 aka P256
|
|
11
8
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256
|
|
12
9
|
// Field over which we'll do calculations; 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n
|
|
13
|
-
const Fp = (
|
|
10
|
+
const Fp = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
|
|
14
11
|
const CURVE_A = Fp.create(BigInt('-3'));
|
|
15
12
|
const CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');
|
|
16
|
-
const mapSWU =
|
|
13
|
+
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
17
14
|
A: CURVE_A,
|
|
18
15
|
B: CURVE_B,
|
|
19
16
|
Z: Fp.create(BigInt('-10')),
|
|
20
17
|
});
|
|
21
|
-
|
|
18
|
+
export const P256 = createCurve({
|
|
22
19
|
// Params: a, b
|
|
23
20
|
a: CURVE_A,
|
|
24
21
|
b: CURVE_B,
|
|
@@ -30,17 +27,16 @@ exports.P256 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
30
27
|
Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
|
|
31
28
|
h: BigInt(1),
|
|
32
29
|
lowS: false,
|
|
33
|
-
},
|
|
34
|
-
|
|
35
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(
|
|
30
|
+
}, sha256);
|
|
31
|
+
export const secp256r1 = P256;
|
|
32
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
36
33
|
DST: 'P256_XMD:SHA-256_SSWU_RO_',
|
|
37
34
|
encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
|
|
38
35
|
p: Fp.ORDER,
|
|
39
36
|
m: 1,
|
|
40
37
|
k: 128,
|
|
41
38
|
expand: 'xmd',
|
|
42
|
-
hash:
|
|
39
|
+
hash: sha256,
|
|
43
40
|
});
|
|
44
|
-
|
|
45
|
-
exports.encodeToCurve = encodeToCurve;
|
|
41
|
+
export { hashToCurve, encodeToCurve };
|
|
46
42
|
//# sourceMappingURL=p256.js.map
|
package/p256.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"p256.js","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"p256.js","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,EAAE,IAAI,KAAK,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,0FAA0F;AAC1F,MAAM,EAAE,GAAG,KAAK,CAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC,CAAC;AAC/F,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,MAAM,OAAO,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE7F,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,MAAM,CAAC,MAAM,IAAI,GAAG,WAAW,CAC7B;IACE,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,MAAM,CACP,CAAC;AACF,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,SAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
|
package/p384.js
CHANGED
|
@@ -1,28 +1,25 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.encodeToCurve = exports.hashToCurve = exports.secp384r1 = exports.P384 = void 0;
|
|
4
1
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
import { createCurve } from './_shortw_utils.js';
|
|
3
|
+
import { sha384 } from '@noble/hashes/sha512';
|
|
4
|
+
import { Fp as Field } from './abstract/modular.js';
|
|
5
|
+
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
|
|
6
|
+
import * as htf from './abstract/hash-to-curve.js';
|
|
10
7
|
// NIST secp384r1 aka P384
|
|
11
8
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384
|
|
12
9
|
// Field over which we'll do calculations. 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
|
|
13
10
|
// prettier-ignore
|
|
14
11
|
const P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');
|
|
15
|
-
const Fp = (
|
|
12
|
+
const Fp = Field(P);
|
|
16
13
|
const CURVE_A = Fp.create(BigInt('-3'));
|
|
17
14
|
// prettier-ignore
|
|
18
15
|
const CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');
|
|
19
|
-
const mapSWU =
|
|
16
|
+
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
20
17
|
A: CURVE_A,
|
|
21
18
|
B: CURVE_B,
|
|
22
19
|
Z: Fp.create(BigInt('-12')),
|
|
23
20
|
});
|
|
24
21
|
// prettier-ignore
|
|
25
|
-
|
|
22
|
+
export const P384 = createCurve({
|
|
26
23
|
// Params: a, b
|
|
27
24
|
a: CURVE_A,
|
|
28
25
|
b: CURVE_B,
|
|
@@ -35,17 +32,16 @@ exports.P384 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
35
32
|
Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),
|
|
36
33
|
h: BigInt(1),
|
|
37
34
|
lowS: false,
|
|
38
|
-
},
|
|
39
|
-
|
|
40
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(
|
|
35
|
+
}, sha384);
|
|
36
|
+
export const secp384r1 = P384;
|
|
37
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
41
38
|
DST: 'P384_XMD:SHA-384_SSWU_RO_',
|
|
42
39
|
encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
|
|
43
40
|
p: Fp.ORDER,
|
|
44
41
|
m: 1,
|
|
45
42
|
k: 192,
|
|
46
43
|
expand: 'xmd',
|
|
47
|
-
hash:
|
|
44
|
+
hash: sha384,
|
|
48
45
|
});
|
|
49
|
-
|
|
50
|
-
exports.encodeToCurve = encodeToCurve;
|
|
46
|
+
export { hashToCurve, encodeToCurve };
|
|
51
47
|
//# sourceMappingURL=p384.js.map
|
package/p384.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,EAAE,IAAI,KAAK,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,uFAAuF;AACvF,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AACvH,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AACpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AAE7H,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,kBAAkB;AAClB,MAAM,CAAC,MAAM,IAAI,GAAG,WAAW,CAAC;IAC5B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,uFAAuF;IACvF,EAAE;IACF,yDAAyD;IACzD,CAAC,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAC/G,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,MAAM,CACP,CAAC;AACF,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,SAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
|
package/p521.js
CHANGED
|
@@ -1,29 +1,26 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.encodeToCurve = exports.hashToCurve = exports.secp521r1 = exports.P521 = void 0;
|
|
4
1
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
2
|
+
import { createCurve } from './_shortw_utils.js';
|
|
3
|
+
import { sha512 } from '@noble/hashes/sha512';
|
|
4
|
+
import { Fp as Field } from './abstract/modular.js';
|
|
5
|
+
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
|
|
6
|
+
import * as htf from './abstract/hash-to-curve.js';
|
|
10
7
|
// NIST secp521r1 aka P521
|
|
11
8
|
// Note that it's 521, which differs from 512 of its hash function.
|
|
12
9
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521
|
|
13
10
|
// Field over which we'll do calculations; 2n**521n - 1n
|
|
14
11
|
// prettier-ignore
|
|
15
12
|
const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
|
|
16
|
-
const Fp = (
|
|
13
|
+
const Fp = Field(P);
|
|
17
14
|
const CURVE_A = Fp.create(BigInt('-3'));
|
|
18
15
|
// prettier-ignore
|
|
19
16
|
const CURVE_B = BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00');
|
|
20
|
-
const mapSWU =
|
|
17
|
+
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
21
18
|
A: CURVE_A,
|
|
22
19
|
B: CURVE_B,
|
|
23
20
|
Z: Fp.create(BigInt('-4')),
|
|
24
21
|
});
|
|
25
22
|
// prettier-ignore
|
|
26
|
-
|
|
23
|
+
export const P521 = createCurve({
|
|
27
24
|
// Params: a, b
|
|
28
25
|
a: CURVE_A,
|
|
29
26
|
b: CURVE_B,
|
|
@@ -36,17 +33,16 @@ exports.P521 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
36
33
|
h: BigInt(1),
|
|
37
34
|
lowS: false,
|
|
38
35
|
allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
|
|
39
|
-
},
|
|
40
|
-
|
|
41
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(
|
|
36
|
+
}, sha512);
|
|
37
|
+
export const secp521r1 = P521;
|
|
38
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
42
39
|
DST: 'P521_XMD:SHA-512_SSWU_RO_',
|
|
43
40
|
encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
|
|
44
41
|
p: Fp.ORDER,
|
|
45
42
|
m: 1,
|
|
46
43
|
k: 256,
|
|
47
44
|
expand: 'xmd',
|
|
48
|
-
hash:
|
|
45
|
+
hash: sha512,
|
|
49
46
|
});
|
|
50
|
-
|
|
51
|
-
exports.encodeToCurve = encodeToCurve;
|
|
47
|
+
export { hashToCurve, encodeToCurve };
|
|
52
48
|
//# sourceMappingURL=p521.js.map
|
package/p521.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,EAAE,IAAI,KAAK,EAAE,MAAM,uBAAuB,CAAC;AACpD,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,wDAAwD;AACxD,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,wIAAwI,CAAC,CAAC;AAEjK,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,kBAAkB;AAClB,MAAM,CAAC,MAAM,IAAI,GAAG,WAAW,CAAC;IAC9B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACnJ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,MAAM,CAAC,CAAC;AACpB,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,SAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@noble/curves",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.8.1",
|
|
4
4
|
"description": "Minimal, auditable JS implementation of elliptic curve cryptography",
|
|
5
5
|
"files": [
|
|
6
6
|
"abstract",
|
|
@@ -12,9 +12,10 @@
|
|
|
12
12
|
"*.d.ts.map"
|
|
13
13
|
],
|
|
14
14
|
"scripts": {
|
|
15
|
-
"bench": "cd benchmark; node secp256k1.js; node curves.js; node ecdh.js; node
|
|
15
|
+
"bench": "cd benchmark; node secp256k1.js; node curves.js; node ecdh.js; node hash-to-curve.js; node modular.js; node bls.js",
|
|
16
16
|
"build": "tsc && tsc -p tsconfig.esm.json",
|
|
17
17
|
"build:release": "rollup -c rollup.config.js",
|
|
18
|
+
"build:clean": "rm *.{js,d.ts,d.ts.map,js.map} esm/*.{js,d.ts,d.ts.map,js.map} 2> /dev/null",
|
|
18
19
|
"lint": "prettier --check 'src/**/*.{js,ts}' 'test/*.js'",
|
|
19
20
|
"format": "prettier --write 'src/**/*.{js,ts}' 'test/*.js'",
|
|
20
21
|
"test": "node test/index.test.js"
|
|
@@ -150,11 +151,6 @@
|
|
|
150
151
|
"types": "./secp256k1.d.ts",
|
|
151
152
|
"import": "./esm/secp256k1.js",
|
|
152
153
|
"default": "./secp256k1.js"
|
|
153
|
-
},
|
|
154
|
-
"./stark": {
|
|
155
|
-
"types": "./stark.d.ts",
|
|
156
|
-
"import": "./esm/stark.js",
|
|
157
|
-
"default": "./stark.js"
|
|
158
154
|
}
|
|
159
155
|
},
|
|
160
156
|
"keywords": [
|
package/pasta.js
CHANGED
|
@@ -1,33 +1,30 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.vesta = exports.pallas = exports.q = exports.p = void 0;
|
|
4
1
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
2
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
3
|
+
import { weierstrass } from './abstract/weierstrass.js';
|
|
4
|
+
import { getHash } from './_shortw_utils.js';
|
|
5
|
+
import * as mod from './abstract/modular.js';
|
|
6
|
+
export const p = BigInt('0x40000000000000000000000000000000224698fc094cf91b992d30ed00000001');
|
|
7
|
+
export const q = BigInt('0x40000000000000000000000000000000224698fc0994a8dd8c46eb2100000001');
|
|
11
8
|
// https://neuromancer.sk/std/other/Pallas
|
|
12
|
-
|
|
9
|
+
export const pallas = weierstrass({
|
|
13
10
|
a: BigInt(0),
|
|
14
11
|
b: BigInt(5),
|
|
15
|
-
Fp: mod.Fp(
|
|
16
|
-
n:
|
|
17
|
-
Gx: mod.mod(BigInt(-1),
|
|
12
|
+
Fp: mod.Fp(p),
|
|
13
|
+
n: q,
|
|
14
|
+
Gx: mod.mod(BigInt(-1), p),
|
|
18
15
|
Gy: BigInt(2),
|
|
19
16
|
h: BigInt(1),
|
|
20
|
-
...
|
|
17
|
+
...getHash(sha256),
|
|
21
18
|
});
|
|
22
19
|
// https://neuromancer.sk/std/other/Vesta
|
|
23
|
-
|
|
20
|
+
export const vesta = weierstrass({
|
|
24
21
|
a: BigInt(0),
|
|
25
22
|
b: BigInt(5),
|
|
26
|
-
Fp: mod.Fp(
|
|
27
|
-
n:
|
|
28
|
-
Gx: mod.mod(BigInt(-1),
|
|
23
|
+
Fp: mod.Fp(q),
|
|
24
|
+
n: p,
|
|
25
|
+
Gx: mod.mod(BigInt(-1), q),
|
|
29
26
|
Gy: BigInt(2),
|
|
30
27
|
h: BigInt(1),
|
|
31
|
-
...
|
|
28
|
+
...getHash(sha256),
|
|
32
29
|
});
|
|
33
30
|
//# sourceMappingURL=pasta.js.map
|
package/pasta.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"pasta.js","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"pasta.js","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,2BAA2B,CAAC;AACxD,OAAO,EAAE,OAAO,EAAE,MAAM,oBAAoB,CAAC;AAC7C,OAAO,KAAK,GAAG,MAAM,uBAAuB,CAAC;AAE7C,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAC9F,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE9F,0CAA0C;AAC1C,MAAM,CAAC,MAAM,MAAM,GAAG,WAAW,CAAC;IAChC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,CAAC;IACJ,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,OAAO,CAAC,MAAM,CAAC;CACnB,CAAC,CAAC;AACH,yCAAyC;AACzC,MAAM,CAAC,MAAM,KAAK,GAAG,WAAW,CAAC;IAC/B,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,CAAC;IACJ,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;IAC1B,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,OAAO,CAAC,MAAM,CAAC;CACnB,CAAC,CAAC"}
|
package/secp256k1.d.ts
CHANGED
|
@@ -54,11 +54,6 @@ export declare const secp256k1: Readonly<{
|
|
|
54
54
|
};
|
|
55
55
|
}>;
|
|
56
56
|
declare function taggedHash(tag: string, ...messages: Uint8Array[]): Uint8Array;
|
|
57
|
-
declare function schnorrGetExtPubKey(priv: PrivKey): {
|
|
58
|
-
point: PointType<bigint>;
|
|
59
|
-
scalar: bigint;
|
|
60
|
-
bytes: Uint8Array;
|
|
61
|
-
};
|
|
62
57
|
/**
|
|
63
58
|
* lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
|
|
64
59
|
* @returns valid point checked for being on-curve
|
|
@@ -84,7 +79,6 @@ export declare const schnorr: {
|
|
|
84
79
|
verify: typeof schnorrVerify;
|
|
85
80
|
utils: {
|
|
86
81
|
randomPrivateKey: () => Uint8Array;
|
|
87
|
-
getExtendedPublicKey: typeof schnorrGetExtPubKey;
|
|
88
82
|
lift_x: typeof lift_x;
|
|
89
83
|
pointToBytes: (point: PointType<bigint>) => Uint8Array;
|
|
90
84
|
numberToBytesBE: (n: bigint, len: number) => Uint8Array;
|
package/secp256k1.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAGA,OAAO,EAAe,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,aAAa,IAAI,SAAS,EAAuB,MAAM,2BAA2B,CAAC;AAC5F,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,eAAe,EAA6C,MAAM,qBAAqB,CAAC;AACjG,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAwCnD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CrB,CAAC;AASF,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;
|
|
1
|
+
{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAGA,OAAO,EAAe,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,aAAa,IAAI,SAAS,EAAuB,MAAM,2BAA2B,CAAC;AAC5F,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,eAAe,EAA6C,MAAM,qBAAqB,CAAC;AACjG,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAwCnD,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2CrB,CAAC;AASF,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;AAkBD;;;GAGG;AACH,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAS5C;AAQD;;GAEG;AACH,iBAAS,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAExD;AAED;;;GAGG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,GAAG,EACZ,UAAU,EAAE,OAAO,EACnB,OAAO,GAAE,GAAqB,GAC7B,UAAU,CAgBZ;AAED;;;GAGG;AACH,iBAAS,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,OAAO,CAiB5E;AAED,eAAO,MAAM,OAAO;;;;;;;8BA5FS,UAAU,MAAM,CAAC;;;;;;CAyG7C,CAAC;AAuCF,eAAO,MAAQ,WAAW,qFAAE,aAAa,mFAexC,CAAC"}
|