@noble/curves 0.9.0 → 1.0.0

package/README.md

@@ -2,21 +2,18 @@
 
 Audited & minimal JS implementation of elliptic curve cryptography.
 
-- Short Weierstrass, Edwards, Montgomery curves
-- ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement
 - 🔒 [**Audited**](#security) by an independent security firm
-- #️⃣ [hash to curve](#abstracthash-to-curve-hashing-strings-to-curve-points)
-  for encoding or hashing an arbitrary string to an elliptic curve point
-- 🧜‍♂️ [Poseidon](https://www.poseidon-hash.info) ZK-friendly hash
-- 🏎 [Ultra-fast](#speed), hand-optimized for caveats of JS engines
-- 🔍 Unique tests ensure correctness with Wycheproof vectors and
-  [cryptofuzz](https://github.com/guidovranken/cryptofuzz) differential fuzzing
 - 🔻 Tree-shaking-friendly: use only what's necessary, other code won't be included
+- 🏎 Ultra-fast, hand-optimized for caveats of JS engines
+- 🔍 Unique tests ensure correctness: property-based, cross-library and Wycheproof vectors, fuzzing 
+- ➰ Short Weierstrass, Edwards, Montgomery curves
+- ✍️ ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement
+- #️⃣ Hash-to-curve
+  for encoding or hashing an arbitrary string to an elliptic curve point
+- 🧜‍♂️ Poseidon ZK-friendly hash
 
 Check out [Upgrading](#upgrading) if you've previously used single-feature noble
-packages ([secp256k1](https://github.com/paulmillr/noble-secp256k1),
-[ed25519](https://github.com/paulmillr/noble-ed25519)).
-See [Resources](#resources) for articles and real-world software that uses curves.
+packages. See [Resources](#resources) for articles and real-world software that uses curves.
 
 ### This library belongs to _noble_ crypto
 
@@ -43,22 +40,25 @@ For [Deno](https://deno.land), use it with
 In browser, you could also include the single file from
 [GitHub's releases page](https://github.com/paulmillr/noble-curves/releases).
 
-The library is tree-shaking-friendly and does not expose root entry point as
-`import * from '@noble/curves'`. Instead, you need to import specific primitives.
+The library is tree-shaking-friendly and does NOT expose root entry point as
+`import c from '@noble/curves'`. Instead, you need to import specific primitives.
 This is done to ensure small size of your apps.
 
 Package consists of two parts:
 
-1. [Implementations](#implementations), utilizing one dependency `@noble/hashes`,
+1. [Implementations](#implementations), utilizing one dependency [noble-hashes](https://github.com/paulmillr/noble-hashes),
    providing ready-to-use:
-   - NIST curves secp256r1/P256, secp384r1/P384, secp521r1/P521
+   - NIST curves secp256r1 / p256, secp384r1 / p384, secp521r1 / p521
    - SECG curve secp256k1
-   - ed25519/curve25519/x25519/ristretto255, edwards448/curve448/x448
+   - ed25519 / curve25519 / x25519 / ristretto255,
+     edwards448 / curve448 / x448
      implementing
      [RFC7748](https://www.rfc-editor.org/rfc/rfc7748) /
      [RFC8032](https://www.rfc-editor.org/rfc/rfc8032) /
+     [FIPS 186-5](https://csrc.nist.gov/publications/detail/fips/186/5/final) /
      [ZIP215](https://zips.z.cash/zip-0215) standards
    - pairing-friendly curves bls12-381, bn254
+   - [pasta](https://electriccoin.co/blog/the-pasta-curves-for-halo-2-and-beyond/) curves
 2. [Abstract](#abstract-api), zero-dependency EC algorithms
 
 ### Implementations
@@ -72,7 +72,7 @@ const priv = secp256k1.utils.randomPrivateKey();
 const pub = secp256k1.getPublicKey(priv);
 const msg = new Uint8Array(32).fill(1);
 const sig = secp256k1.sign(msg, priv);
-secp256k1.verify(sig, msg, pub) === true;
+const isValid = secp256k1.verify(sig, msg, pub) === true;
 
 // hex strings are also supported besides Uint8Arrays:
 const privHex = '46c930bc7bb4db7f55da20798697421b98c4175a52c630294d75a84b9c126236';
@@ -90,11 +90,11 @@ import { p384 } from '@noble/curves/p384';
 import { p521 } from '@noble/curves/p521';
 import { pallas, vesta } from '@noble/curves/pasta';
 import { bls12_381 } from '@noble/curves/bls12-381';
-import { bn254 } from '@noble/curves/bn';
+import { bn254 } from '@noble/curves/bn254';
 import { jubjub } from '@noble/curves/jubjub';
 ```
 
-Weierstrass curves feature recovering public keys from signatures and ECDH key agreement:
+Recovering public keys from weierstrass ECDSA signatures; using ECDH:
 
 ```ts
 // extraEntropy https://moderncrypto.org/mail-archive/curves/2017/000925.html
@@ -104,7 +104,7 @@ const someonesPub = secp256k1.getPublicKey(secp256k1.utils.randomPrivateKey());
 const shared = secp256k1.getSharedSecret(priv, someonesPub); // ECDH
 ```
 
-secp256k1 has schnorr signature implementation which follows
+Schnorr signatures over secp256k1 following
 [BIP340](https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki):
 
 ```ts
@@ -118,10 +118,19 @@ const isValid = schnorr.verify(sig, msg, pub);
 
 ed25519 module has ed25519ctx / ed25519ph variants,
 x25519 ECDH and [ristretto255](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448).
-It follows [ZIP215](https://zips.z.cash/zip-0215) and [can be used in consensus-critical applications](https://hdevalence.ca/blog/2020-10-04-its-25519am):
+
+Default `verify` behavior follows [ZIP215](https://zips.z.cash/zip-0215) and
+[can be used in consensus-critical applications](https://hdevalence.ca/blog/2020-10-04-its-25519am).
+`zip215: false` option switches verification criteria to RFC8032 / FIPS 186-5.
 
 ```ts
 import { ed25519 } from '@noble/curves/ed25519';
+const priv = ed25519.utils.randomPrivateKey();
+const pub = ed25519.getPublicKey(priv);
+const msg = new TextEncoder().encode('hello');
+const sig = ed25519.sign(msg, priv);
+ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215
+ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5
 
 // Variants from RFC8032: with context, prehashed
 import { ed25519ctx, ed25519ph } from '@noble/curves/ed25519';
@@ -152,53 +161,13 @@ import { hashToCurve, encodeToCurve } from '@noble/curves/ed448';
 ed448.getPublicKey(ed448.utils.randomPrivateKey());
 ```
 
-Every curve has params:
+Every curve has `CURVE` object that contains its parameters, field, and others:
 
 ```ts
 import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
 console.log(secp256k1.CURVE.p, secp256k1.CURVE.n, secp256k1.CURVE.a, secp256k1.CURVE.b);
 ```
 
-BLS12-381 pairing-friendly Barreto-Lynn-Scott elliptic curve construction allows to
-construct [zk-SNARKs](https://z.cash/technology/zksnarks/) at the 128-bit security
-and use aggregated, batch-verifiable
-[threshold signatures](https://medium.com/snigirev.stepan/bls-signatures-better-than-schnorr-5a7fe30ea716),
-using Boneh-Lynn-Shacham signature scheme. Compatible with ETH and others,
-just make sure to provide correct DST (domain separation tag argument).
-
-```ts
-import { bls12_381 as bls } from '@noble/curves/bls12-381';
-const privateKey = '67d53f170b908cabb9eb326c3c337762d59289a8fec79f7bc9254b584b73265c';
-const message = '64726e3da8';
-const publicKey = bls.getPublicKey(privateKey);
-const signature = bls.sign(message, privateKey);
-const isValid = bls.verify(signature, message, publicKey);
-console.log({ publicKey, signature, isValid });
-
-// Sign 1 msg with 3 keys
-const privateKeys = [
-  '18f020b98eb798752a50ed0563b079c125b0db5dd0b1060d1c1b47d4a193e1e4',
-  'ed69a8c50cf8c9836be3b67c7eeff416612d45ba39a5c099d48fa668bf558c9c',
-  '16ae669f3be7a2121e17d0c68c05a8f3d6bef21ec0f2315f1d7aec12484e4cf5',
-];
-const messages = ['d2', '0d98', '05caf3'];
-const publicKeys = privateKeys.map(bls.getPublicKey);
-const signatures2 = privateKeys.map((p) => bls.sign(message, p));
-const aggPubKey2 = bls.aggregatePublicKeys(publicKeys);
-const aggSignature2 = bls.aggregateSignatures(signatures2);
-const isValid2 = bls.verify(aggSignature2, message, aggPubKey2);
-console.log({ signatures2, aggSignature2, isValid2 });
-
-// Sign 3 msgs with 3 keys
-const signatures3 = privateKeys.map((p, i) => bls.sign(messages[i], p));
-const aggSignature3 = bls.aggregateSignatures(signatures3);
-const isValid3 = bls.verifyBatch(aggSignature3, messages, publicKeys);
-console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
-// bls.pairing(PointG1, PointG2) // pairings
-
-// hash-to-curve examples can be seen below
-```
-
 ## Abstract API
 
 Abstract API allows to define custom curves. All arithmetics is done with JS
@@ -214,6 +183,7 @@ There are following zero-dependency algorithms:
 - [abstract/weierstrass: Short Weierstrass curve](#abstractweierstrass-short-weierstrass-curve)
 - [abstract/edwards: Twisted Edwards curve](#abstractedwards-twisted-edwards-curve)
 - [abstract/montgomery: Montgomery curve](#abstractmontgomery-montgomery-curve)
+- [abstract/bls: Barreto-Lynn-Scott curves](#abstractbls-barreto-lynn-scott-curves)
 - [abstract/hash-to-curve: Hashing strings to curve points](#abstracthash-to-curve-hashing-strings-to-curve-points)
 - [abstract/poseidon: Poseidon hash](#abstractposeidon-poseidon-hash)
 - [abstract/modular: Modular arithmetics utilities](#abstractmodular-modular-arithmetics-utilities)
@@ -242,7 +212,7 @@ const secq256k1 = weierstrass({
   randomBytes,
 });
 
-// weierstrassPoints can also be used if you don't need ECDSA, hash, hmac, randomBytes
+// Replace weierstrass with weierstrassPoints if you don't need ECDSA, hash, hmac, randomBytes
 ```
 
 Short Weierstrass curve's formula is `y² = x³ + ax + b`. `weierstrass`
@@ -303,6 +273,8 @@ interface ProjPointType<T> extends Group<ProjPointType<T>> {
   readonly px: T;
   readonly py: T;
   readonly pz: T;
+  get x(): bigint;
+  get y(): bigint;
   multiply(scalar: bigint): ProjPointType<T>;
   multiplyUnsafe(scalar: bigint): ProjPointType<T>;
   multiplyAndAddUnsafe(Q: ProjPointType<T>, a: bigint, b: bigint): ProjPointType<T> | undefined;
@@ -388,7 +360,7 @@ import { randomBytes } from '@noble/hashes/utils';
 
 const Fp = Field(2n ** 255n - 19n);
 const ed25519 = twistedEdwards({
-  a: -1n,
+  a: Fp.create(-1n),
   d: Fp.div(-121665n, 121666n), // -121665n/121666n mod p
   Fp: Fp,
   n: 2n ** 252n + 27742317777372353535851937790883648493n,
@@ -447,6 +419,8 @@ interface ExtPointType extends Group<ExtPointType> {
   readonly ey: bigint;
   readonly ez: bigint;
   readonly et: bigint;
+  get x(): bigint;
+  get y(): bigint;
   assertValidity(): void;
   multiply(scalar: bigint): ExtPointType;
   multiplyUnsafe(scalar: bigint): ExtPointType;
@@ -454,6 +428,8 @@ interface ExtPointType extends Group<ExtPointType> {
   isTorsionFree(): boolean;
   clearCofactor(): ExtPointType;
   toAffine(iz?: bigint): AffinePoint<bigint>;
+  toRawBytes(isCompressed?: boolean): Uint8Array;
+  toHex(isCompressed?: boolean): string;
 }
 // Static methods of Extended Point with coordinates in X, Y, Z, T
 interface ExtPointConstructor extends GroupConstructor<ExtPointType> {
@@ -491,6 +467,114 @@ Proper Elliptic Curve Points are not implemented yet.
 
 You must specify curve params `Fp`, `a`, `Gu` coordinate of u, `montgomeryBits` and `nByteLength`.
 
+### abstract/bls: Barreto-Lynn-Scott curves
+
+The module abstracts BLS (Barreto-Lynn-Scott) pairing-friendly elliptic curve construction.
+They allow to construct [zk-SNARKs](https://z.cash/technology/zksnarks/) and
+use aggregated, batch-verifiable
+[threshold signatures](https://medium.com/snigirev.stepan/bls-signatures-better-than-schnorr-5a7fe30ea716),
+using Boneh-Lynn-Shacham signature scheme.
+
+Main methods and properties are:
+
+- `getPublicKey(privateKey)`
+- `sign(message, privateKey)`
+- `verify(signature, message, publicKey)`
+- `aggregatePublicKeys(publicKeys)`
+- `aggregateSignatures(signatures)`
+- `G1` and `G2` curves containing `CURVE` and `ProjectivePoint`
+- `Signature` property with `fromHex`, `toHex` methods
+- `fields` containing `Fp`, `Fp2`, `Fp6`, `Fp12`, `Fr`
+
+Right now we only implement BLS12-381 (compatible with ETH and others),
+but in theory defining BLS12-377, BLS24 should be straightforward. An example:
+
+```ts
+import { bls12_381 as bls } from '@noble/curves/bls12-381';
+const privateKey = '67d53f170b908cabb9eb326c3c337762d59289a8fec79f7bc9254b584b73265c';
+const message = '64726e3da8';
+const publicKey = bls.getPublicKey(privateKey);
+const signature = bls.sign(message, privateKey);
+const isValid = bls.verify(signature, message, publicKey);
+console.log({ publicKey, signature, isValid });
+
+// Sign 1 msg with 3 keys
+const privateKeys = [
+  '18f020b98eb798752a50ed0563b079c125b0db5dd0b1060d1c1b47d4a193e1e4',
+  'ed69a8c50cf8c9836be3b67c7eeff416612d45ba39a5c099d48fa668bf558c9c',
+  '16ae669f3be7a2121e17d0c68c05a8f3d6bef21ec0f2315f1d7aec12484e4cf5',
+];
+const messages = ['d2', '0d98', '05caf3'];
+const publicKeys = privateKeys.map(bls.getPublicKey);
+const signatures2 = privateKeys.map((p) => bls.sign(message, p));
+const aggPubKey2 = bls.aggregatePublicKeys(publicKeys);
+const aggSignature2 = bls.aggregateSignatures(signatures2);
+const isValid2 = bls.verify(aggSignature2, message, aggPubKey2);
+console.log({ signatures2, aggSignature2, isValid2 });
+
+// Sign 3 msgs with 3 keys
+const signatures3 = privateKeys.map((p, i) => bls.sign(messages[i], p));
+const aggSignature3 = bls.aggregateSignatures(signatures3);
+const isValid3 = bls.verifyBatch(aggSignature3, messages, publicKeys);
+console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
+
+// bls.pairing(PointG1, PointG2) // pairings
+// bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE
+// bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr
+
+// hash-to-curve examples can be seen below
+```
+
+Full types:
+
+```ts
+getPublicKey: (privateKey: PrivKey) => Uint8Array;
+sign: {
+  (message: Hex, privateKey: PrivKey): Uint8Array;
+  (message: ProjPointType<Fp2>, privateKey: PrivKey): ProjPointType<Fp2>;
+};
+verify: (
+  signature: Hex | ProjPointType<Fp2>,
+  message: Hex | ProjPointType<Fp2>,
+  publicKey: Hex | ProjPointType<Fp>
+) => boolean;
+verifyBatch: (
+  signature: Hex | ProjPointType<Fp2>,
+  messages: (Hex | ProjPointType<Fp2>)[],
+  publicKeys: (Hex | ProjPointType<Fp>)[]
+) => boolean;
+aggregatePublicKeys: {
+  (publicKeys: Hex[]): Uint8Array;
+  (publicKeys: ProjPointType<Fp>[]): ProjPointType<Fp>;
+};
+aggregateSignatures: {
+  (signatures: Hex[]): Uint8Array;
+  (signatures: ProjPointType<Fp2>[]): ProjPointType<Fp2>;
+};
+millerLoop: (ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]) => Fp12;
+pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
+G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
+G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;  
+Signature: SignatureCoder<Fp2>;
+params: {
+  x: bigint;
+  r: bigint;
+  G1b: bigint;
+  G2b: Fp2;
+};
+fields: {
+  Fp: IField<Fp>;
+  Fp2: IField<Fp2>;
+  Fp6: IField<Fp6>;
+  Fp12: IField<Fp12>;
+  Fr: IField<bigint>;  
+};
+utils: {
+  randomPrivateKey: () => Uint8Array;
+  calcPairingPrecomputes: (p: AffinePoint<Fp2>) => [Fp2, Fp2, Fp2][];
+};
+```
+
 ### abstract/hash-to-curve: Hashing strings to curve points
 
 The module allows to hash arbitrary strings to elliptic curve points. Implements [hash-to-curve v16](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hash-to-curve-16).
@@ -589,11 +673,6 @@ type PoseidonOpts = {
 const instance = poseidon(opts: PoseidonOpts);
 ```
 
-### abstract/bls
-
-The module abstracts BLS (Barreto-Lynn-Scott) primitives. In theory you should be able to write BLS12-377, BLS24,
-and others with it.
-
 ### abstract/modular: Modular arithmetics utilities
 
 ```ts
@@ -640,12 +719,14 @@ import * as utils from '@noble/curves/abstract/utils';
 
 utils.bytesToHex(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]));
 utils.hexToBytes('deadbeef');
+utils.numberToHexUnpadded(123n);
 utils.hexToNumber();
+
 utils.bytesToNumberBE(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]));
 utils.bytesToNumberLE(Uint8Array.from([0xde, 0xad, 0xbe, 0xef]));
 utils.numberToBytesBE(123n, 32);
 utils.numberToBytesLE(123n, 64);
-utils.numberToHexUnpadded(123n);
+
 utils.concatBytes(Uint8Array.from([0xde, 0xad]), Uint8Array.from([0xbe, 0xef]));
 utils.nLength(255n);
 utils.equalBytes(Uint8Array.from([0xde]), Uint8Array.from([0xde]));
@@ -676,7 +757,7 @@ Benchmark results on Apple M2 with node v19:
 secp256k1
 init x 58 ops/sec @ 17ms/op
 getPublicKey x 5,640 ops/sec @ 177μs/op
-sign x 3,909 ops/sec @ 255μs/op
+sign x 4,471 ops/sec @ 223μs/op
 verify x 780 ops/sec @ 1ms/op
 getSharedSecret x 465 ops/sec @ 2ms/op
 recoverPublicKey x 740 ops/sec @ 1ms/op
@@ -686,19 +767,19 @@ schnorr.verify x 775 ops/sec @ 1ms/op
 P256
 init x 31 ops/sec @ 31ms/op
 getPublicKey x 5,607 ops/sec @ 178μs/op
-sign x 3,930 ops/sec @ 254μs/op
+sign x 4,583 ops/sec @ 218μs/op
 verify x 540 ops/sec @ 1ms/op
 
 P384
 init x 15 ops/sec @ 63ms/op
 getPublicKey x 2,622 ops/sec @ 381μs/op
-sign x 1,913 ops/sec @ 522μs/op
+sign x 2,106 ops/sec @ 474μs/op
 verify x 222 ops/sec @ 4ms/op
 
 P521
 init x 8 ops/sec @ 119ms/op
 getPublicKey x 1,371 ops/sec @ 729μs/op
-sign x 1,090 ops/sec @ 917μs/op
+sign x 1,164 ops/sec @ 858μs/op
 verify x 118 ops/sec @ 8ms/op
 
 ed25519
@@ -737,13 +818,12 @@ aggregateSignatures/128 x 3 ops/sec @ 332ms/opp
 
 hash-to-curve
 hash_to_field x 850,340 ops/sec @ 1μs/op
-hashToCurve
-├─secp256k1 x 1,850 ops/sec @ 540μs/op
-├─P256 x 3,352 ops/sec @ 298μs/op
-├─P384 x 1,367 ops/sec @ 731μs/op
-├─P521 x 691 ops/sec @ 1ms/op
-├─ed25519 x 2,492 ops/sec @ 401μs/op
-└─ed448 x 1,045 ops/sec @ 956μs/op
+secp256k1 x 2,143 ops/sec @ 466μs/op
+P256 x 3,861 ops/sec @ 258μs/op
+P384 x 1,526 ops/sec @ 655μs/op
+P521 x 748 ops/sec @ 1ms/op
+ed25519 x 2,772 ops/sec @ 360μs/op
+ed448 x 1,146 ops/sec @ 871μs/op
 ```
 
 ## Contributing & testing
@@ -753,24 +833,6 @@ hashToCurve
 3. `npm run build` to compile TypeScript code
 4. `npm run test` will execute all main tests
 
-## Resources
-
-Article about some of library's features: [Learning fast elliptic-curve cryptography](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/)
-
-Projects using the library:
-
-- secp256k1
-  - [btc-signer](https://github.com/paulmillr/scure-btc-signer), [eth-signer](https://github.com/paulmillr/micro-eth-signer)
-- ed25519
-  - [sol-signer](https://github.com/paulmillr/micro-sol-signer)
-- BLS12-381
-  - Check out `bls12-381.ts` for articles about the curve
-  - Threshold sigs demo [genthresh.com](https://genthresh.com)
-  - BBS signatures [github.com/Wind4Greg/BBS-Draft-Checks](https://github.com/Wind4Greg/BBS-Draft-Checks) following [draft-irtf-cfrg-bbs-signatures-latest](https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html)
-- Others
-  - All curves demo: Elliptic curve calculator [paulmillr.com/noble](https://paulmillr.com/noble)
-  - [micro-starknet](https://github.com/paulmillr/micro-starknet) for stark-friendly elliptic curve.
-
 ## Upgrading
 
 Previously, the library was split into single-feature packages
@@ -778,6 +840,8 @@ noble-secp256k1 and noble-ed25519. curves can be thought as a continuation of th
 original work. The libraries now changed their direction towards providing
 minimal 4kb implementations of cryptography and are not as feature-complete.
 
+Upgrading from @noble/secp256k1 2.0 or @noble/ed25519 2.0: no changes, libraries are compatible.
+
 Upgrading from [@noble/secp256k1](https://github.com/paulmillr/noble-secp256k1) 1.7:
 
 - `getPublicKey`
@@ -815,6 +879,40 @@ Upgrading from [@noble/ed25519](https://github.com/paulmillr/noble-ed25519) 1.7:
   `etc` (`sha512Sync` and others)
 - `getSharedSecret` was moved to `x25519` module
 
+Upgrading from [@noble/bls12-381](https://github.com/paulmillr/noble-bls12-381):
+
+- Methods and classes were renamed:
+    - PointG1 -> G1.Point, PointG2 -> G2.Point
+    - PointG2.fromSignature -> Signature.decode, PointG2.toSignature ->  Signature.encode
+- Fp2 ORDER was corrected
+
+## Resources
+
+Useful articles about the library or its primitives:
+
+- [Learning fast elliptic-curve cryptography](https://paulmillr.com/posts/noble-secp256k1-fast-ecc/)
+- Pairings and BLS
+    - [BLS12-381 for the rest of us](https://hackmd.io/@benjaminion/bls12-381)
+    - [Key concepts of pairings](https://medium.com/@alonmuroch_65570/bls-signatures-part-2-key-concepts-of-pairings-27a8a9533d0c)
+    - Pairing over bls12-381:
+      [part 1](https://research.nccgroup.com/2020/07/06/pairing-over-bls12-381-part-1-fields/),
+      [part 2](https://research.nccgroup.com/2020/07/13/pairing-over-bls12-381-part-2-curves/),
+      [part 3](https://research.nccgroup.com/2020/08/13/pairing-over-bls12-381-part-3-pairing/)
+    - [Estimating the bit security of pairing-friendly curves](https://research.nccgroup.com/2022/02/03/estimating-the-bit-security-of-pairing-friendly-curves/)
+
+Real-world software that uses curves:
+
+- [Elliptic Curve Calculator](https://paulmillr.com/noble) online demo: add / multiply points, sign messages
+- Signers for web3 projects:
+  [btc-signer](https://github.com/paulmillr/scure-btc-signer), [eth-signer](https://github.com/paulmillr/micro-eth-signer),
+  [sol-signer](https://github.com/paulmillr/micro-sol-signer) for Solana
+- [scure-bip32](https://github.com/paulmillr/scure-bip32) and separate [bip32](https://github.com/bitcoinjs/bip32) HDkey libraries
+- [ed25519-keygen](https://github.com/paulmillr/ed25519-keygen) SSH, PGP, TOR key generation
+- [micro-starknet](https://github.com/paulmillr/micro-starknet) stark-friendly elliptic curve algorithms.
+- BLS threshold sigs demo [genthresh.com](https://genthresh.com)
+- BLS BBS signatures [github.com/Wind4Greg/BBS-Draft-Checks](https://github.com/Wind4Greg/BBS-Draft-Checks) following [draft-irtf-cfrg-bbs-signatures-latest](https://identity.foundation/bbs-signature/draft-irtf-cfrg-bbs-signatures.html)
+- [KZG trusted setup ceremony](https://github.com/dsrvlabs/czg-keremony)
+
 ## License
 
 The MIT License (MIT)

package/abstract/bls.d.ts

@@ -18,11 +18,11 @@ import * as htf from './hash-to-curve.js';
 import { CurvePointsType, ProjPointType as ProjPointType, CurvePointsRes } from './weierstrass.js';
 type Fp = bigint;
 export type SignatureCoder<Fp2> = {
-    decode(hex: Hex): ProjPointType<Fp2>;
-    encode(point: ProjPointType<Fp2>): Uint8Array;
+    fromHex(hex: Hex): ProjPointType<Fp2>;
+    toRawBytes(point: ProjPointType<Fp2>): Uint8Array;
+    toHex(point: ProjPointType<Fp2>): string;
 };
 export type CurveType<Fp, Fp2, Fp6, Fp12> = {
-    r: bigint;
     G1: Omit<CurvePointsType<Fp>, 'n'> & {
         mapToCurve: htf.MapToCurve<Fp>;
         htfDefaults: htf.Opts;
@@ -32,47 +32,41 @@ export type CurveType<Fp, Fp2, Fp6, Fp12> = {
         mapToCurve: htf.MapToCurve<Fp2>;
         htfDefaults: htf.Opts;
     };
-    x: bigint;
-    Fp: IField<Fp>;
-    Fr: IField<bigint>;
-    Fp2: IField<Fp2> & {
-        reim: (num: Fp2) => {
-            re: bigint;
-            im: bigint;
+    fields: {
+        Fp: IField<Fp>;
+        Fr: IField<bigint>;
+        Fp2: IField<Fp2> & {
+            reim: (num: Fp2) => {
+                re: bigint;
+                im: bigint;
+            };
+            multiplyByB: (num: Fp2) => Fp2;
+            frobeniusMap(num: Fp2, power: number): Fp2;
+        };
+        Fp6: IField<Fp6>;
+        Fp12: IField<Fp12> & {
+            frobeniusMap(num: Fp12, power: number): Fp12;
+            multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
+            conjugate(num: Fp12): Fp12;
+            finalExponentiate(num: Fp12): Fp12;
         };
-        multiplyByB: (num: Fp2) => Fp2;
-        frobeniusMap(num: Fp2, power: number): Fp2;
     };
-    Fp6: IField<Fp6>;
-    Fp12: IField<Fp12> & {
-        frobeniusMap(num: Fp12, power: number): Fp12;
-        multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
-        conjugate(num: Fp12): Fp12;
-        finalExponentiate(num: Fp12): Fp12;
+    params: {
+        x: bigint;
+        r: bigint;
     };
     htfDefaults: htf.Opts;
     hash: CHash;
     randomBytes: (bytesLength?: number) => Uint8Array;
 };
 export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
-    CURVE: CurveType<Fp, Fp2, Fp6, Fp12>;
-    Fr: IField<bigint>;
-    Fp: IField<Fp>;
-    Fp2: IField<Fp2>;
-    Fp6: IField<Fp6>;
-    Fp12: IField<Fp12>;
-    G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
-    G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;
-    Signature: SignatureCoder<Fp2>;
-    millerLoop: (ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]) => Fp12;
-    calcPairingPrecomputes: (p: AffinePoint<Fp2>) => [Fp2, Fp2, Fp2][];
-    pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
     getPublicKey: (privateKey: PrivKey) => Uint8Array;
     sign: {
         (message: Hex, privateKey: PrivKey): Uint8Array;
         (message: ProjPointType<Fp2>, privateKey: PrivKey): ProjPointType<Fp2>;
     };
     verify: (signature: Hex | ProjPointType<Fp2>, message: Hex | ProjPointType<Fp2>, publicKey: Hex | ProjPointType<Fp>) => boolean;
+    verifyBatch: (signature: Hex | ProjPointType<Fp2>, messages: (Hex | ProjPointType<Fp2>)[], publicKeys: (Hex | ProjPointType<Fp>)[]) => boolean;
     aggregatePublicKeys: {
         (publicKeys: Hex[]): Uint8Array;
         (publicKeys: ProjPointType<Fp>[]): ProjPointType<Fp>;
@@ -81,9 +75,27 @@ export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
         (signatures: Hex[]): Uint8Array;
         (signatures: ProjPointType<Fp2>[]): ProjPointType<Fp2>;
     };
-    verifyBatch: (signature: Hex | ProjPointType<Fp2>, messages: (Hex | ProjPointType<Fp2>)[], publicKeys: (Hex | ProjPointType<Fp>)[]) => boolean;
+    millerLoop: (ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]) => Fp12;
+    pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
+    G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
+    G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;
+    Signature: SignatureCoder<Fp2>;
+    params: {
+        x: bigint;
+        r: bigint;
+        G1b: bigint;
+        G2b: Fp2;
+    };
+    fields: {
+        Fp: IField<Fp>;
+        Fp2: IField<Fp2>;
+        Fp6: IField<Fp6>;
+        Fp12: IField<Fp12>;
+        Fr: IField<bigint>;
+    };
     utils: {
         randomPrivateKey: () => Uint8Array;
+        calcPairingPrecomputes: (p: AffinePoint<Fp2>) => [Fp2, Fp2, Fp2][];
     };
 };
 export declare function bls<Fp2, Fp6, Fp12>(CURVE: CurveType<Fp, Fp2, Fp6, Fp12>): CurveFn<Fp, Fp2, Fp6, Fp12>;

package/abstract/bls.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE;;;;;;;;;;;GAWG;AACH,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAA+B,MAAM,YAAY,CAAC;AAC9E,OAAO,KAAK,GAAG,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EACL,eAAe,EACf,aAAa,IAAI,aAAa,EAC9B,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAE1B,KAAK,EAAE,GAAG,MAAM,CAAC;AAEjB,MAAM,MAAM,cAAc,CAAC,GAAG,IAAI;IAChC,MAAM,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACrC,MAAM,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;CAC/C,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,IAAI;IAC1C,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG;QACnC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC;KACvB,CAAC;IACF,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG;QACpC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAChC,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC;KACvB,CAAC;IACF,CAAC,EAAE,MAAM,CAAC;IACV,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACjB,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/C,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QAC/B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;KAC5C,CAAC;IACF,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG;QACnB,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7C,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;QAC1D,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;KACpC,CAAC;IACF,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;CACnD,CAAC;AAEF,MAAM,MAAM,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,IAAI;IACxC,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACrC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACjB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IACnB,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,OAAO,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IACnE,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,UAAU,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC;IAC3D,sBAAsB,EAAE,CAAC,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;IACnE,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5F,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IAClD,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,GAAG,UAAU,CAAC;QAChD,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxE,CAAC;IACF,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACjC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,KAC/B,OAAO,CAAC;IACb,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxD,CAAC;IACF,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,QAAQ,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EACtC,UAAU,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,KACpC,OAAO,CAAC;IACb,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;KACpC,CAAC;CACH,CAAC;AAEF,wBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAChC,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GACnC,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CA8Q7B"}
+{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE;;;;;;;;;;;GAWG;AACH,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,MAAM,EAAuB,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAA+B,MAAM,YAAY,CAAC;AAC9E,OAAO,KAAK,GAAG,MAAM,oBAAoB,CAAC;AAC1C,OAAO,EACL,eAAe,EACf,aAAa,IAAI,aAAa,EAC9B,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAE1B,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,cAAc,CAAC,GAAG,IAAI;IAChC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;IAClD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;CAC1C,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,IAAI;IAC1C,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG;QACnC,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;QAC/B,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC;KACvB,CAAC;IACF,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG;QACpC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QAChC,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC;KACvB,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;YACjB,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;gBAAE,EAAE,EAAE,MAAM,CAAC;gBAAC,EAAE,EAAE,MAAM,CAAA;aAAE,CAAC;YAC/C,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;YAC/B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;SAC5C,CAAC;QACF,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG;YACnB,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;YAC7C,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;YAC1D,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;YAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;SACpC,CAAC;KACH,CAAC;IACF,MAAM,EAAE;QACN,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;KACX,CAAC;IACF,WAAW,EAAE,GAAG,CAAC,IAAI,CAAC;IACtB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;CACnD,CAAC;AAEF,MAAM,MAAM,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,IAAI;IACxC,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IAClD,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,GAAG,UAAU,CAAC;QAChD,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxE,CAAC;IACF,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACjC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,KAC/B,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,QAAQ,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EACtC,UAAU,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,KACpC,OAAO,CAAC;IACb,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxD,CAAC;IACF,UAAU,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC;IAC3D,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5F,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,OAAO,GAAG,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IACjE,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IACnE,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,MAAM,EAAE;QACN,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QACnB,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,CAAC,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;KACpE,CAAC;CACH,CAAC;AAEF,wBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAChC,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GACnC,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAqR7B"}