@noble/curves 0.8.0 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -17
- package/_shortw_utils.js +13 -8
- package/_shortw_utils.js.map +1 -1
- package/abstract/bls.js +16 -12
- package/abstract/bls.js.map +1 -1
- package/abstract/curve.js +12 -7
- package/abstract/curve.js.map +1 -1
- package/abstract/edwards.js +20 -16
- package/abstract/edwards.js.map +1 -1
- package/abstract/hash-to-curve.js +26 -18
- package/abstract/hash-to-curve.js.map +1 -1
- package/abstract/modular.js +44 -24
- package/abstract/modular.js.map +1 -1
- package/abstract/montgomery.js +15 -11
- package/abstract/montgomery.js.map +1 -1
- package/abstract/poseidon.js +12 -6
- package/abstract/poseidon.js.map +1 -1
- package/abstract/utils.js +41 -19
- package/abstract/utils.js.map +1 -1
- package/abstract/weierstrass.js +28 -21
- package/abstract/weierstrass.js.map +1 -1
- package/bls12-381.js +66 -63
- package/bls12-381.js.map +1 -1
- package/bn.js +10 -7
- package/bn.js.map +1 -1
- package/ed25519.js +78 -72
- package/ed25519.js.map +1 -1
- package/ed448.js +41 -37
- package/ed448.js.map +1 -1
- package/esm/_shortw_utils.js +17 -0
- package/esm/_shortw_utils.js.map +1 -0
- package/esm/abstract/bls.js +226 -0
- package/esm/abstract/bls.js.map +1 -0
- package/esm/abstract/curve.js +152 -0
- package/esm/abstract/curve.js.map +1 -0
- package/esm/abstract/edwards.js +409 -0
- package/esm/abstract/edwards.js.map +1 -0
- package/esm/abstract/hash-to-curve.js +166 -0
- package/esm/abstract/hash-to-curve.js.map +1 -0
- package/esm/abstract/modular.js +346 -0
- package/esm/abstract/modular.js.map +1 -0
- package/esm/abstract/montgomery.js +157 -0
- package/esm/abstract/montgomery.js.map +1 -0
- package/esm/abstract/poseidon.js +110 -0
- package/esm/abstract/poseidon.js.map +1 -0
- package/esm/abstract/utils.js +222 -0
- package/esm/abstract/utils.js.map +1 -0
- package/esm/abstract/weierstrass.js +1011 -0
- package/esm/abstract/weierstrass.js.map +1 -0
- package/esm/bls12-381.js +1173 -0
- package/esm/bls12-381.js.map +1 -0
- package/esm/bn.js +22 -0
- package/esm/bn.js.map +1 -0
- package/esm/ed25519.js +397 -0
- package/esm/ed25519.js.map +1 -0
- package/esm/ed448.js +213 -0
- package/esm/ed448.js.map +1 -0
- package/esm/index.js +3 -0
- package/esm/index.js.map +1 -0
- package/esm/jubjub.js +54 -0
- package/esm/jubjub.js.map +1 -0
- package/esm/p256.js +42 -0
- package/esm/p256.js.map +1 -0
- package/esm/p384.js +47 -0
- package/esm/p384.js.map +1 -0
- package/esm/p521.js +48 -0
- package/esm/p521.js.map +1 -0
- package/esm/package.json +7 -0
- package/esm/pasta.js +30 -0
- package/esm/pasta.js.map +1 -0
- package/esm/secp256k1.js +252 -0
- package/esm/secp256k1.js.map +1 -0
- package/jubjub.js +22 -17
- package/jubjub.js.map +1 -1
- package/p256.js +17 -13
- package/p256.js.map +1 -1
- package/p384.js +17 -13
- package/p384.js.map +1 -1
- package/p521.js +17 -13
- package/p521.js.map +1 -1
- package/package.json +27 -9
- package/pasta.js +19 -16
- package/pasta.js.map +1 -1
- package/secp256k1.js +57 -53
- package/secp256k1.js.map +1 -1
- package/src/stark.ts +0 -341
- package/stark.d.ts +0 -81
- package/stark.d.ts.map +0 -1
- package/stark.js +0 -277
- package/stark.js.map +0 -1
package/esm/secp256k1.js
ADDED
|
@@ -0,0 +1,252 @@
|
|
|
1
|
+
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
+
import { sha256 } from '@noble/hashes/sha256';
|
|
3
|
+
import { randomBytes } from '@noble/hashes/utils';
|
|
4
|
+
import { Fp as Field, mod, pow2 } from './abstract/modular.js';
|
|
5
|
+
import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
|
|
6
|
+
import { bytesToNumberBE, concatBytes, ensureBytes, numberToBytesBE } from './abstract/utils.js';
|
|
7
|
+
import * as htf from './abstract/hash-to-curve.js';
|
|
8
|
+
import { createCurve } from './_shortw_utils.js';
|
|
9
|
+
const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
|
|
10
|
+
const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');
|
|
11
|
+
const _1n = BigInt(1);
|
|
12
|
+
const _2n = BigInt(2);
|
|
13
|
+
const divNearest = (a, b) => (a + b / _2n) / b;
|
|
14
|
+
/**
|
|
15
|
+
* √n = n^((p+1)/4) for fields p = 3 mod 4. We unwrap the loop and multiply bit-by-bit.
|
|
16
|
+
* (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]
|
|
17
|
+
*/
|
|
18
|
+
function sqrtMod(y) {
|
|
19
|
+
const P = secp256k1P;
|
|
20
|
+
// prettier-ignore
|
|
21
|
+
const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
|
|
22
|
+
// prettier-ignore
|
|
23
|
+
const _23n = BigInt(23), _44n = BigInt(44), _88n = BigInt(88);
|
|
24
|
+
const b2 = (y * y * y) % P; // x^3, 11
|
|
25
|
+
const b3 = (b2 * b2 * y) % P; // x^7
|
|
26
|
+
const b6 = (pow2(b3, _3n, P) * b3) % P;
|
|
27
|
+
const b9 = (pow2(b6, _3n, P) * b3) % P;
|
|
28
|
+
const b11 = (pow2(b9, _2n, P) * b2) % P;
|
|
29
|
+
const b22 = (pow2(b11, _11n, P) * b11) % P;
|
|
30
|
+
const b44 = (pow2(b22, _22n, P) * b22) % P;
|
|
31
|
+
const b88 = (pow2(b44, _44n, P) * b44) % P;
|
|
32
|
+
const b176 = (pow2(b88, _88n, P) * b88) % P;
|
|
33
|
+
const b220 = (pow2(b176, _44n, P) * b44) % P;
|
|
34
|
+
const b223 = (pow2(b220, _3n, P) * b3) % P;
|
|
35
|
+
const t1 = (pow2(b223, _23n, P) * b22) % P;
|
|
36
|
+
const t2 = (pow2(t1, _6n, P) * b2) % P;
|
|
37
|
+
const root = pow2(t2, _2n, P);
|
|
38
|
+
if (!Fp.eql(Fp.sqr(root), y))
|
|
39
|
+
throw new Error('Cannot find square root');
|
|
40
|
+
return root;
|
|
41
|
+
}
|
|
42
|
+
const Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
|
|
43
|
+
export const secp256k1 = createCurve({
|
|
44
|
+
a: BigInt(0),
|
|
45
|
+
b: BigInt(7),
|
|
46
|
+
Fp,
|
|
47
|
+
n: secp256k1N,
|
|
48
|
+
// Base point (x, y) aka generator point
|
|
49
|
+
Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
|
|
50
|
+
Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
|
|
51
|
+
h: BigInt(1),
|
|
52
|
+
lowS: true,
|
|
53
|
+
/**
|
|
54
|
+
* secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
|
|
55
|
+
* Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
|
|
56
|
+
* For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
|
|
57
|
+
* Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
|
|
58
|
+
*/
|
|
59
|
+
endo: {
|
|
60
|
+
beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
|
|
61
|
+
splitScalar: (k) => {
|
|
62
|
+
const n = secp256k1N;
|
|
63
|
+
const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');
|
|
64
|
+
const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');
|
|
65
|
+
const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');
|
|
66
|
+
const b2 = a1;
|
|
67
|
+
const POW_2_128 = BigInt('0x100000000000000000000000000000000'); // (2n**128n).toString(16)
|
|
68
|
+
const c1 = divNearest(b2 * k, n);
|
|
69
|
+
const c2 = divNearest(-b1 * k, n);
|
|
70
|
+
let k1 = mod(k - c1 * a1 - c2 * a2, n);
|
|
71
|
+
let k2 = mod(-c1 * b1 - c2 * b2, n);
|
|
72
|
+
const k1neg = k1 > POW_2_128;
|
|
73
|
+
const k2neg = k2 > POW_2_128;
|
|
74
|
+
if (k1neg)
|
|
75
|
+
k1 = n - k1;
|
|
76
|
+
if (k2neg)
|
|
77
|
+
k2 = n - k2;
|
|
78
|
+
if (k1 > POW_2_128 || k2 > POW_2_128) {
|
|
79
|
+
throw new Error('splitScalar: Endomorphism failed, k=' + k);
|
|
80
|
+
}
|
|
81
|
+
return { k1neg, k1, k2neg, k2 };
|
|
82
|
+
},
|
|
83
|
+
},
|
|
84
|
+
}, sha256);
|
|
85
|
+
// Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.
|
|
86
|
+
// https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
|
|
87
|
+
const _0n = BigInt(0);
|
|
88
|
+
const fe = (x) => typeof x === 'bigint' && _0n < x && x < secp256k1P;
|
|
89
|
+
const ge = (x) => typeof x === 'bigint' && _0n < x && x < secp256k1N;
|
|
90
|
+
/** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */
|
|
91
|
+
const TAGGED_HASH_PREFIXES = {};
|
|
92
|
+
function taggedHash(tag, ...messages) {
|
|
93
|
+
let tagP = TAGGED_HASH_PREFIXES[tag];
|
|
94
|
+
if (tagP === undefined) {
|
|
95
|
+
const tagH = sha256(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
|
|
96
|
+
tagP = concatBytes(tagH, tagH);
|
|
97
|
+
TAGGED_HASH_PREFIXES[tag] = tagP;
|
|
98
|
+
}
|
|
99
|
+
return sha256(concatBytes(tagP, ...messages));
|
|
100
|
+
}
|
|
101
|
+
// ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
|
|
102
|
+
const pointToBytes = (point) => point.toRawBytes(true).slice(1);
|
|
103
|
+
const numTo32b = (n) => numberToBytesBE(n, 32);
|
|
104
|
+
const modP = (x) => mod(x, secp256k1P);
|
|
105
|
+
const modN = (x) => mod(x, secp256k1N);
|
|
106
|
+
const Point = secp256k1.ProjectivePoint;
|
|
107
|
+
const GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
|
|
108
|
+
// Calculate point, scalar and bytes
|
|
109
|
+
function schnorrGetExtPubKey(priv) {
|
|
110
|
+
let d_ = secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey
|
|
111
|
+
let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside
|
|
112
|
+
const scalar = p.hasEvenY() ? d_ : modN(-d_);
|
|
113
|
+
return { scalar: scalar, bytes: pointToBytes(p) };
|
|
114
|
+
}
|
|
115
|
+
/**
|
|
116
|
+
* lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
|
|
117
|
+
* @returns valid point checked for being on-curve
|
|
118
|
+
*/
|
|
119
|
+
function lift_x(x) {
|
|
120
|
+
if (!fe(x))
|
|
121
|
+
throw new Error('bad x: need 0 < x < p'); // Fail if x ≥ p.
|
|
122
|
+
const xx = modP(x * x);
|
|
123
|
+
const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.
|
|
124
|
+
let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
|
|
125
|
+
if (y % 2n !== 0n)
|
|
126
|
+
y = modP(-y); // Return the unique point P such that x(P) = x and
|
|
127
|
+
const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
|
|
128
|
+
p.assertValidity();
|
|
129
|
+
return p;
|
|
130
|
+
}
|
|
131
|
+
/**
|
|
132
|
+
* Create tagged hash, convert it to bigint, reduce modulo-n.
|
|
133
|
+
*/
|
|
134
|
+
function challenge(...args) {
|
|
135
|
+
return modN(bytesToNumberBE(taggedHash('BIP0340/challenge', ...args)));
|
|
136
|
+
}
|
|
137
|
+
/**
|
|
138
|
+
* Schnorr public key is just `x` coordinate of Point as per BIP340.
|
|
139
|
+
*/
|
|
140
|
+
function schnorrGetPublicKey(privateKey) {
|
|
141
|
+
return schnorrGetExtPubKey(privateKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)
|
|
142
|
+
}
|
|
143
|
+
/**
|
|
144
|
+
* Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
|
|
145
|
+
* auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.
|
|
146
|
+
*/
|
|
147
|
+
function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
|
|
148
|
+
const m = ensureBytes('message', message);
|
|
149
|
+
const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder
|
|
150
|
+
const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array
|
|
151
|
+
const t = numTo32b(d ^ bytesToNumberBE(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
|
|
152
|
+
const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
|
|
153
|
+
const k_ = modN(bytesToNumberBE(rand)); // Let k' = int(rand) mod n
|
|
154
|
+
if (k_ === _0n)
|
|
155
|
+
throw new Error('sign failed: k is zero'); // Fail if k' = 0.
|
|
156
|
+
const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.
|
|
157
|
+
const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
|
|
158
|
+
const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).
|
|
159
|
+
sig.set(rx, 0);
|
|
160
|
+
sig.set(numTo32b(modN(k + e * d)), 32);
|
|
161
|
+
// If Verify(bytes(P), m, sig) (see below) returns failure, abort
|
|
162
|
+
if (!schnorrVerify(sig, m, px))
|
|
163
|
+
throw new Error('sign: Invalid signature produced');
|
|
164
|
+
return sig;
|
|
165
|
+
}
|
|
166
|
+
/**
|
|
167
|
+
* Verifies Schnorr signature.
|
|
168
|
+
* Will swallow errors & return false except for initial type validation of arguments.
|
|
169
|
+
*/
|
|
170
|
+
function schnorrVerify(signature, message, publicKey) {
|
|
171
|
+
const sig = ensureBytes('signature', signature, 64);
|
|
172
|
+
const m = ensureBytes('message', message);
|
|
173
|
+
const pub = ensureBytes('publicKey', publicKey, 32);
|
|
174
|
+
try {
|
|
175
|
+
const P = lift_x(bytesToNumberBE(pub)); // P = lift_x(int(pk)); fail if that fails
|
|
176
|
+
const r = bytesToNumberBE(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
|
|
177
|
+
if (!fe(r))
|
|
178
|
+
return false;
|
|
179
|
+
const s = bytesToNumberBE(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
|
|
180
|
+
if (!ge(s))
|
|
181
|
+
return false;
|
|
182
|
+
const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n
|
|
183
|
+
const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P
|
|
184
|
+
if (!R || !R.hasEvenY() || R.toAffine().x !== r)
|
|
185
|
+
return false; // -eP == (n-e)P
|
|
186
|
+
return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.
|
|
187
|
+
}
|
|
188
|
+
catch (error) {
|
|
189
|
+
return false;
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
export const schnorr = {
|
|
193
|
+
getPublicKey: schnorrGetPublicKey,
|
|
194
|
+
sign: schnorrSign,
|
|
195
|
+
verify: schnorrVerify,
|
|
196
|
+
utils: {
|
|
197
|
+
randomPrivateKey: secp256k1.utils.randomPrivateKey,
|
|
198
|
+
lift_x,
|
|
199
|
+
pointToBytes,
|
|
200
|
+
numberToBytesBE,
|
|
201
|
+
bytesToNumberBE,
|
|
202
|
+
taggedHash,
|
|
203
|
+
mod,
|
|
204
|
+
},
|
|
205
|
+
};
|
|
206
|
+
const isoMap = htf.isogenyMap(Fp, [
|
|
207
|
+
// xNum
|
|
208
|
+
[
|
|
209
|
+
'0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7',
|
|
210
|
+
'0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581',
|
|
211
|
+
'0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262',
|
|
212
|
+
'0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c',
|
|
213
|
+
],
|
|
214
|
+
// xDen
|
|
215
|
+
[
|
|
216
|
+
'0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b',
|
|
217
|
+
'0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14',
|
|
218
|
+
'0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1
|
|
219
|
+
],
|
|
220
|
+
// yNum
|
|
221
|
+
[
|
|
222
|
+
'0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c',
|
|
223
|
+
'0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3',
|
|
224
|
+
'0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931',
|
|
225
|
+
'0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84',
|
|
226
|
+
],
|
|
227
|
+
// yDen
|
|
228
|
+
[
|
|
229
|
+
'0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b',
|
|
230
|
+
'0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573',
|
|
231
|
+
'0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f',
|
|
232
|
+
'0x0000000000000000000000000000000000000000000000000000000000000001', // LAST 1
|
|
233
|
+
],
|
|
234
|
+
].map((i) => i.map((j) => BigInt(j))));
|
|
235
|
+
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
236
|
+
A: BigInt('0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533'),
|
|
237
|
+
B: BigInt('1771'),
|
|
238
|
+
Z: Fp.create(BigInt('-11')),
|
|
239
|
+
});
|
|
240
|
+
export const { hashToCurve, encodeToCurve } = htf.createHasher(secp256k1.ProjectivePoint, (scalars) => {
|
|
241
|
+
const { x, y } = mapSWU(Fp.create(scalars[0]));
|
|
242
|
+
return isoMap(x, y);
|
|
243
|
+
}, {
|
|
244
|
+
DST: 'secp256k1_XMD:SHA-256_SSWU_RO_',
|
|
245
|
+
encodeDST: 'secp256k1_XMD:SHA-256_SSWU_NU_',
|
|
246
|
+
p: Fp.ORDER,
|
|
247
|
+
m: 1,
|
|
248
|
+
k: 128,
|
|
249
|
+
expand: 'xmd',
|
|
250
|
+
hash: sha256,
|
|
251
|
+
});
|
|
252
|
+
//# sourceMappingURL=secp256k1.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["../src/secp256k1.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClD,OAAO,EAAE,EAAE,IAAI,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAA8B,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAE5F,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACjG,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AACnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEjD,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,OAAO,CAAC,CAAS;IACxB,MAAM,CAAC,GAAG,UAAU,CAAC;IACrB,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACtC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;IACpC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,EAAE,GAAG,KAAK,CAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAGtE,MAAM,CAAC,MAAM,SAAS,GAAG,WAAW,CAClC;IACE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,UAAU;IACb,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,IAAI;IACV;;;;;OAKG;IACH,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC,oEAAoE,CAAC;QAClF,WAAW,EAAE,CAAC,CAAS,EAAE,EAAE;YACzB,MAAM,CAAC,GAAG,UAAU,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACxD,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC;YACzD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC,0BAA0B;YAE3F,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACvC,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,SAAS,EAAE;gBACpC,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,CAAC,CAAC;aAC7D;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAClC,CAAC;KACF;CACF,EACD,MAAM,CACP,CAAC;AAEF,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,MAAM,EAAE,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,OAAO,CAAC,KAAK,QAAQ,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC;AAC7E,wFAAwF;AACxF,MAAM,oBAAoB,GAAkC,EAAE,CAAC;AAC/D,SAAS,UAAU,CAAC,GAAW,EAAE,GAAG,QAAsB;IACxD,IAAI,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,SAAS,EAAE;QACtB,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,WAAW,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/B,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;KAClC;IACD,OAAO,MAAM,CAAC,WAAW,CAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,oFAAoF;AACpF,MAAM,YAAY,GAAG,CAAC,KAAwB,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,eAAe,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAG,SAAS,CAAC,eAAe,CAAC;AACxC,MAAM,OAAO,GAAG,CAAC,CAAoB,EAAE,CAAS,EAAE,CAAS,EAAE,EAAE,CAC7D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAE3C,oCAAoC;AACpC,SAAS,mBAAmB,CAAC,IAAa;IACxC,IAAI,EAAE,GAAG,SAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,yCAAyC;IAChG,IAAI,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,4CAA4C;IAC9E,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;AACpD,CAAC;AACD;;;GAGG;AACH,SAAS,MAAM,CAAC,CAAS;IACvB,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,iBAAiB;IACvE,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC5D,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC/C,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE;QAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;IACpF,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mDAAmD;IACnF,CAAC,CAAC,cAAc,EAAE,CAAC;IACnB,OAAO,CAAC,CAAC;AACX,CAAC;AACD;;GAEG;AACH,SAAS,SAAS,CAAC,GAAG,IAAkB;IACtC,OAAO,IAAI,CAAC,eAAe,CAAC,UAAU,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AACzE,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,UAAe;IAC1C,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,oDAAoD;AACpG,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,OAAY,EACZ,UAAmB,EACnB,UAAe,WAAW,CAAC,EAAE,CAAC;IAE9B,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,gCAAgC;IAClG,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,2CAA2C;IAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,eAAe,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,yDAAyD;IAChI,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,4CAA4C;IAChG,MAAM,EAAE,GAAG,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACnE,IAAI,EAAE,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB;IAC7E,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB;IAC1E,MAAM,CAAC,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gEAAgE;IAChG,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/E,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACf,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,iEAAiE;IACjE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACpF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,SAAc,EAAE,OAAY,EAAE,SAAc;IACjE,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,WAAW,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,WAAW,CAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,IAAI;QACF,MAAM,CAAC,GAAG,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAClF,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;QACzF,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAC3F,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;QACzB,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAChG,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACnD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;QAC/E,OAAO,IAAI,CAAC,CAAC,yDAAyD;KACvE;IAAC,OAAO,KAAK,EAAE;QACd,OAAO,KAAK,CAAC;KACd;AACH,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAG;IACrB,YAAY,EAAE,mBAAmB;IACjC,IAAI,EAAE,WAAW;IACjB,MAAM,EAAE,aAAa;IACrB,KAAK,EAAE;QACL,gBAAgB,EAAE,SAAS,CAAC,KAAK,CAAC,gBAAgB;QAClD,MAAM;QACN,YAAY;QACZ,eAAe;QACf,eAAe;QACf,UAAU;QACV,GAAG;KACJ;CACF,CAAC;AAEF,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,CAC3B,EAAE,EACF;IACE,OAAO;IACP;QACE,oEAAoE;QACpE,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAA6B,CAClE,CAAC;AACF,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,EAAE;IACrC,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AACH,MAAM,CAAC,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CAC5D,SAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE;IACpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtB,CAAC,EACD;IACE,GAAG,EAAE,gCAAgC;IACrC,SAAS,EAAE,gCAAgC;IAC3C,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC"}
|
package/jubjub.js
CHANGED
|
@@ -1,21 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.findGroupHash = exports.groupHash = exports.jubjub = void 0;
|
|
1
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
const sha512_1 = require("@noble/hashes/sha512");
|
|
6
|
+
const utils_1 = require("@noble/hashes/utils");
|
|
7
|
+
const edwards_js_1 = require("./abstract/edwards.js");
|
|
8
|
+
const blake2s_1 = require("@noble/hashes/blake2s");
|
|
9
|
+
const modular_js_1 = require("./abstract/modular.js");
|
|
7
10
|
/**
|
|
8
11
|
* jubjub Twisted Edwards curve.
|
|
9
12
|
* https://neuromancer.sk/std/other/JubJub
|
|
10
13
|
* jubjub does not use EdDSA, so `hash`/sha512 params are passed because interface expects them.
|
|
11
14
|
*/
|
|
12
|
-
|
|
15
|
+
exports.jubjub = (0, edwards_js_1.twistedEdwards)({
|
|
13
16
|
// Params: a, d
|
|
14
17
|
a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
|
|
15
18
|
d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
|
|
16
19
|
// Finite field 𝔽p over which we'll do calculations
|
|
17
20
|
// Same value as bls12-381 Fr (not Fp)
|
|
18
|
-
Fp: Fp(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
|
|
21
|
+
Fp: (0, modular_js_1.Fp)(BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')),
|
|
19
22
|
// Subgroup order: how many points curve has
|
|
20
23
|
n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
|
|
21
24
|
// Cofactor
|
|
@@ -23,25 +26,26 @@ export const jubjub = twistedEdwards({
|
|
|
23
26
|
// Base point (x, y) aka generator point
|
|
24
27
|
Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
|
|
25
28
|
Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
|
|
26
|
-
hash: sha512,
|
|
27
|
-
randomBytes,
|
|
29
|
+
hash: sha512_1.sha512,
|
|
30
|
+
randomBytes: utils_1.randomBytes,
|
|
28
31
|
});
|
|
29
|
-
const GH_FIRST_BLOCK = utf8ToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
|
|
32
|
+
const GH_FIRST_BLOCK = (0, utils_1.utf8ToBytes)('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
|
|
30
33
|
// Returns point at JubJub curve which is prime order and not zero
|
|
31
|
-
|
|
32
|
-
const h = blake2s.create({ personalization, dkLen: 32 });
|
|
34
|
+
function groupHash(tag, personalization) {
|
|
35
|
+
const h = blake2s_1.blake2s.create({ personalization, dkLen: 32 });
|
|
33
36
|
h.update(GH_FIRST_BLOCK);
|
|
34
37
|
h.update(tag);
|
|
35
38
|
// NOTE: returns ExtendedPoint, in case it will be multiplied later
|
|
36
|
-
let p = jubjub.ExtendedPoint.fromHex(h.digest());
|
|
39
|
+
let p = exports.jubjub.ExtendedPoint.fromHex(h.digest());
|
|
37
40
|
// NOTE: cannot replace with isSmallOrder, returns Point*8
|
|
38
|
-
p = p.multiply(jubjub.CURVE.h);
|
|
39
|
-
if (p.equals(jubjub.ExtendedPoint.ZERO))
|
|
41
|
+
p = p.multiply(exports.jubjub.CURVE.h);
|
|
42
|
+
if (p.equals(exports.jubjub.ExtendedPoint.ZERO))
|
|
40
43
|
throw new Error('Point has small order');
|
|
41
44
|
return p;
|
|
42
45
|
}
|
|
43
|
-
|
|
44
|
-
|
|
46
|
+
exports.groupHash = groupHash;
|
|
47
|
+
function findGroupHash(m, personalization) {
|
|
48
|
+
const tag = (0, utils_1.concatBytes)(m, new Uint8Array([0]));
|
|
45
49
|
for (let i = 0; i < 256; i++) {
|
|
46
50
|
tag[tag.length - 1] = i;
|
|
47
51
|
try {
|
|
@@ -51,4 +55,5 @@ export function findGroupHash(m, personalization) {
|
|
|
51
55
|
}
|
|
52
56
|
throw new Error('findGroupHash tag overflow');
|
|
53
57
|
}
|
|
58
|
+
exports.findGroupHash = findGroupHash;
|
|
54
59
|
//# sourceMappingURL=jubjub.js.map
|
package/jubjub.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"jubjub.js","sourceRoot":"","sources":["src/jubjub.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"jubjub.js","sourceRoot":"","sources":["src/jubjub.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,+CAA4E;AAC5E,sDAAuD;AACvD,mDAAgD;AAChD,sDAA2C;AAE3C;;;;GAIG;AAEU,QAAA,MAAM,GAAG,IAAA,2BAAc,EAAC;IACnC,eAAe;IACf,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,oDAAoD;IACpD,sCAAsC;IACtC,EAAE,EAAE,IAAA,eAAE,EAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC;IACpF,4CAA4C;IAC5C,CAAC,EAAE,MAAM,CAAC,mEAAmE,CAAC;IAC9E,WAAW;IACX,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,IAAI,EAAE,eAAM;IACZ,WAAW,EAAX,mBAAW;CACH,CAAC,CAAC;AAEZ,MAAM,cAAc,GAAG,IAAA,mBAAW,EAChC,kEAAkE,CACnE,CAAC;AAEF,kEAAkE;AAClE,SAAgB,SAAS,CAAC,GAAe,EAAE,eAA2B;IACpE,MAAM,CAAC,GAAG,iBAAO,CAAC,MAAM,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;IACzB,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACd,mEAAmE;IACnE,IAAI,CAAC,GAAG,cAAM,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,0DAA0D;IAC1D,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,cAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC/B,IAAI,CAAC,CAAC,MAAM,CAAC,cAAM,CAAC,aAAa,CAAC,IAAI,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAClF,OAAO,CAAC,CAAC;AACX,CAAC;AAVD,8BAUC;AAED,SAAgB,aAAa,CAAC,CAAa,EAAE,eAA2B;IACtE,MAAM,GAAG,GAAG,IAAA,mBAAW,EAAC,CAAC,EAAE,IAAI,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAChD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE;QAC5B,GAAG,CAAC,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;QACxB,IAAI;YACF,OAAO,SAAS,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;SACxC;QAAC,OAAO,CAAC,EAAE,GAAE;KACf;IACD,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;AAChD,CAAC;AATD,sCASC"}
|
package/p256.js
CHANGED
|
@@ -1,21 +1,24 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.encodeToCurve = exports.hashToCurve = exports.secp256r1 = exports.P256 = void 0;
|
|
1
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
const _shortw_utils_js_1 = require("./_shortw_utils.js");
|
|
6
|
+
const sha256_1 = require("@noble/hashes/sha256");
|
|
7
|
+
const modular_js_1 = require("./abstract/modular.js");
|
|
8
|
+
const weierstrass_js_1 = require("./abstract/weierstrass.js");
|
|
9
|
+
const htf = require("./abstract/hash-to-curve.js");
|
|
7
10
|
// NIST secp256r1 aka P256
|
|
8
11
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256
|
|
9
12
|
// Field over which we'll do calculations; 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n
|
|
10
|
-
const Fp =
|
|
13
|
+
const Fp = (0, modular_js_1.Fp)(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
|
|
11
14
|
const CURVE_A = Fp.create(BigInt('-3'));
|
|
12
15
|
const CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');
|
|
13
|
-
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
16
|
+
const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
|
|
14
17
|
A: CURVE_A,
|
|
15
18
|
B: CURVE_B,
|
|
16
19
|
Z: Fp.create(BigInt('-10')),
|
|
17
20
|
});
|
|
18
|
-
|
|
21
|
+
exports.P256 = (0, _shortw_utils_js_1.createCurve)({
|
|
19
22
|
// Params: a, b
|
|
20
23
|
a: CURVE_A,
|
|
21
24
|
b: CURVE_B,
|
|
@@ -27,16 +30,17 @@ export const P256 = createCurve({
|
|
|
27
30
|
Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
|
|
28
31
|
h: BigInt(1),
|
|
29
32
|
lowS: false,
|
|
30
|
-
}, sha256);
|
|
31
|
-
|
|
32
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
33
|
+
}, sha256_1.sha256);
|
|
34
|
+
exports.secp256r1 = exports.P256;
|
|
35
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
33
36
|
DST: 'P256_XMD:SHA-256_SSWU_RO_',
|
|
34
37
|
encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
|
|
35
38
|
p: Fp.ORDER,
|
|
36
39
|
m: 1,
|
|
37
40
|
k: 128,
|
|
38
41
|
expand: 'xmd',
|
|
39
|
-
hash: sha256,
|
|
42
|
+
hash: sha256_1.sha256,
|
|
40
43
|
});
|
|
41
|
-
|
|
44
|
+
exports.hashToCurve = hashToCurve;
|
|
45
|
+
exports.encodeToCurve = encodeToCurve;
|
|
42
46
|
//# sourceMappingURL=p256.js.map
|
package/p256.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"p256.js","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"p256.js","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAAoD;AACpD,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,0FAA0F;AAC1F,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC,CAAC;AAC/F,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,MAAM,OAAO,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE7F,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEU,QAAA,IAAI,GAAG,IAAA,8BAAW,EAC7B;IACE,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,eAAM,CACP,CAAC;AACW,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
|
package/p384.js
CHANGED
|
@@ -1,25 +1,28 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.encodeToCurve = exports.hashToCurve = exports.secp384r1 = exports.P384 = void 0;
|
|
1
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
const _shortw_utils_js_1 = require("./_shortw_utils.js");
|
|
6
|
+
const sha512_1 = require("@noble/hashes/sha512");
|
|
7
|
+
const modular_js_1 = require("./abstract/modular.js");
|
|
8
|
+
const weierstrass_js_1 = require("./abstract/weierstrass.js");
|
|
9
|
+
const htf = require("./abstract/hash-to-curve.js");
|
|
7
10
|
// NIST secp384r1 aka P384
|
|
8
11
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384
|
|
9
12
|
// Field over which we'll do calculations. 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
|
|
10
13
|
// prettier-ignore
|
|
11
14
|
const P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');
|
|
12
|
-
const Fp =
|
|
15
|
+
const Fp = (0, modular_js_1.Fp)(P);
|
|
13
16
|
const CURVE_A = Fp.create(BigInt('-3'));
|
|
14
17
|
// prettier-ignore
|
|
15
18
|
const CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');
|
|
16
|
-
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
19
|
+
const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
|
|
17
20
|
A: CURVE_A,
|
|
18
21
|
B: CURVE_B,
|
|
19
22
|
Z: Fp.create(BigInt('-12')),
|
|
20
23
|
});
|
|
21
24
|
// prettier-ignore
|
|
22
|
-
|
|
25
|
+
exports.P384 = (0, _shortw_utils_js_1.createCurve)({
|
|
23
26
|
// Params: a, b
|
|
24
27
|
a: CURVE_A,
|
|
25
28
|
b: CURVE_B,
|
|
@@ -32,16 +35,17 @@ export const P384 = createCurve({
|
|
|
32
35
|
Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),
|
|
33
36
|
h: BigInt(1),
|
|
34
37
|
lowS: false,
|
|
35
|
-
}, sha384);
|
|
36
|
-
|
|
37
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
38
|
+
}, sha512_1.sha384);
|
|
39
|
+
exports.secp384r1 = exports.P384;
|
|
40
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
38
41
|
DST: 'P384_XMD:SHA-384_SSWU_RO_',
|
|
39
42
|
encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
|
|
40
43
|
p: Fp.ORDER,
|
|
41
44
|
m: 1,
|
|
42
45
|
k: 192,
|
|
43
46
|
expand: 'xmd',
|
|
44
|
-
hash: sha384,
|
|
47
|
+
hash: sha512_1.sha384,
|
|
45
48
|
});
|
|
46
|
-
|
|
49
|
+
exports.hashToCurve = hashToCurve;
|
|
50
|
+
exports.encodeToCurve = encodeToCurve;
|
|
47
51
|
//# sourceMappingURL=p384.js.map
|
package/p384.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAAoD;AACpD,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,uFAAuF;AACvF,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AACvH,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,CAAC,CAAC,CAAC;AACpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AAE7H,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC5B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,uFAAuF;IACvF,EAAE;IACF,yDAAyD;IACzD,CAAC,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAC/G,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,eAAM,CACP,CAAC;AACW,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
|
package/p521.js
CHANGED
|
@@ -1,26 +1,29 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.encodeToCurve = exports.hashToCurve = exports.secp521r1 = exports.P521 = void 0;
|
|
1
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
const _shortw_utils_js_1 = require("./_shortw_utils.js");
|
|
6
|
+
const sha512_1 = require("@noble/hashes/sha512");
|
|
7
|
+
const modular_js_1 = require("./abstract/modular.js");
|
|
8
|
+
const weierstrass_js_1 = require("./abstract/weierstrass.js");
|
|
9
|
+
const htf = require("./abstract/hash-to-curve.js");
|
|
7
10
|
// NIST secp521r1 aka P521
|
|
8
11
|
// Note that it's 521, which differs from 512 of its hash function.
|
|
9
12
|
// https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521
|
|
10
13
|
// Field over which we'll do calculations; 2n**521n - 1n
|
|
11
14
|
// prettier-ignore
|
|
12
15
|
const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
|
|
13
|
-
const Fp =
|
|
16
|
+
const Fp = (0, modular_js_1.Fp)(P);
|
|
14
17
|
const CURVE_A = Fp.create(BigInt('-3'));
|
|
15
18
|
// prettier-ignore
|
|
16
19
|
const CURVE_B = BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00');
|
|
17
|
-
const mapSWU = mapToCurveSimpleSWU(Fp, {
|
|
20
|
+
const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
|
|
18
21
|
A: CURVE_A,
|
|
19
22
|
B: CURVE_B,
|
|
20
23
|
Z: Fp.create(BigInt('-4')),
|
|
21
24
|
});
|
|
22
25
|
// prettier-ignore
|
|
23
|
-
|
|
26
|
+
exports.P521 = (0, _shortw_utils_js_1.createCurve)({
|
|
24
27
|
// Params: a, b
|
|
25
28
|
a: CURVE_A,
|
|
26
29
|
b: CURVE_B,
|
|
@@ -33,16 +36,17 @@ export const P521 = createCurve({
|
|
|
33
36
|
h: BigInt(1),
|
|
34
37
|
lowS: false,
|
|
35
38
|
allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
|
|
36
|
-
}, sha512);
|
|
37
|
-
|
|
38
|
-
const { hashToCurve, encodeToCurve } = htf.createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
39
|
+
}, sha512_1.sha512);
|
|
40
|
+
exports.secp521r1 = exports.P521;
|
|
41
|
+
const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
|
|
39
42
|
DST: 'P521_XMD:SHA-512_SSWU_RO_',
|
|
40
43
|
encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
|
|
41
44
|
p: Fp.ORDER,
|
|
42
45
|
m: 1,
|
|
43
46
|
k: 256,
|
|
44
47
|
expand: 'xmd',
|
|
45
|
-
hash: sha512,
|
|
48
|
+
hash: sha512_1.sha512,
|
|
46
49
|
});
|
|
47
|
-
|
|
50
|
+
exports.hashToCurve = hashToCurve;
|
|
51
|
+
exports.encodeToCurve = encodeToCurve;
|
|
48
52
|
//# sourceMappingURL=p521.js.map
|
package/p521.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,
|
|
1
|
+
{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAAoD;AACpD,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,wDAAwD;AACxD,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,IAAA,eAAK,EAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,wIAAwI,CAAC,CAAC;AAEjK,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC9B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACnJ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,eAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
|