@noble/curves 0.9.1 → 1.0.0

package/esm/p521.js

@@ -4,37 +4,41 @@ import { sha512 } from '@noble/hashes/sha512';
 import { Field } from './abstract/modular.js';
 import { mapToCurveSimpleSWU } from './abstract/weierstrass.js';
 import * as htf from './abstract/hash-to-curve.js';
-// NIST secp521r1 aka P521
+// NIST secp521r1 aka p521
 // Note that it's 521, which differs from 512 of its hash function.
 // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521
-// Field over which we'll do calculations; 2n**521n - 1n
+// Field over which we'll do calculations.
 // prettier-ignore
 const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
 const Fp = Field(P);
-const CURVE_A = Fp.create(BigInt('-3'));
-// prettier-ignore
-const CURVE_B = BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00');
-const mapSWU = mapToCurveSimpleSWU(Fp, {
-    A: CURVE_A,
-    B: CURVE_B,
-    Z: Fp.create(BigInt('-4')),
-});
-// prettier-ignore
-export const P521 = createCurve({
-    // Params: a, b
-    a: CURVE_A,
-    b: CURVE_B,
+const CURVE = {
+    a: Fp.create(BigInt('-3')),
+    b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),
     Fp,
-    // Curve order, total count of valid points in the field
     n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),
-    // Base point (x, y) aka generator point
     Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),
     Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),
     h: BigInt(1),
+};
+// prettier-ignore
+export const p521 = createCurve({
+    a: CURVE.a,
+    b: CURVE.b,
+    Fp,
+    // Curve order, total count of valid points in the field
+    n: CURVE.n,
+    Gx: CURVE.Gx,
+    Gy: CURVE.Gy,
+    h: CURVE.h,
     lowS: false,
     allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
 }, sha512);
-export const secp521r1 = P521;
+export const secp521r1 = p521;
+const mapSWU = mapToCurveSimpleSWU(Fp, {
+    A: CURVE.a,
+    B: CURVE.b,
+    Z: Fp.create(BigInt('-4')),
+});
 const { hashToCurve, encodeToCurve } = htf.createHasher(secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
     DST: 'P521_XMD:SHA-512_SSWU_RO_',
     encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',

package/esm/p521.js.map

@@ -1 +1 @@
-{"version":3,"file":"p521.js","sourceRoot":"","sources":["../src/p521.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,wDAAwD;AACxD,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,wIAAwI,CAAC,CAAC;AAEjK,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,kBAAkB;AAClB,MAAM,CAAC,MAAM,IAAI,GAAG,WAAW,CAAC;IAC9B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACnJ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,MAAM,CAAC,CAAC;AACpB,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,SAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"p521.js","sourceRoot":"","sources":["../src/p521.ts"],"names":[],"mappings":"AAAA,sEAAsE;AACtE,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC;AAC9C,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,mBAAmB,EAAE,MAAM,2BAA2B,CAAC;AAChE,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,0CAA0C;AAC1C,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,KAAK,GAAG;IACZ,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE;IACF,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;CACb,CAAC;AAEF,kBAAkB;AAClB,MAAM,CAAC,MAAM,IAAI,GAAG,WAAW,CAAC;IAC9B,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,EAAE,EAAE,KAAK,CAAC,EAAE;IACZ,EAAE,EAAE,KAAK,CAAC,EAAE;IACZ,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,MAAM,CAAC,CAAC;AACpB,MAAM,CAAC,MAAM,SAAS,GAAG,IAAI,CAAC;AAE9B,MAAM,MAAM,GAAG,mBAAmB,CAAC,EAAE,EAAE;IACrC,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,SAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,MAAM;CACb,CACF,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/p256.d.ts

@@ -1,5 +1,5 @@
 import * as htf from './abstract/hash-to-curve.js';
-export declare const P256: Readonly<{
+export declare const p256: Readonly<{
     create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
     CURVE: Readonly<{
         readonly nBitLength: number;

package/p256.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"p256.d.ts","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAgBnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAehB,CAAC;AACF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAE9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"p256.d.ts","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAgBnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWE,CAAC;AACpB,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAE9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/p256.js

@@ -1,15 +1,14 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encodeToCurve = exports.hashToCurve = exports.secp256r1 = exports.P256 = void 0;
+exports.encodeToCurve = exports.hashToCurve = exports.secp256r1 = exports.p256 = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const _shortw_utils_js_1 = require("./_shortw_utils.js");
 const sha256_1 = require("@noble/hashes/sha256");
 const modular_js_1 = require("./abstract/modular.js");
 const weierstrass_js_1 = require("./abstract/weierstrass.js");
 const htf = require("./abstract/hash-to-curve.js");
-// NIST secp256r1 aka P256
+// NIST secp256r1 aka p256
 // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-256
-// Field over which we'll do calculations; 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n
 const Fp = (0, modular_js_1.Field)(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
 const CURVE_A = Fp.create(BigInt('-3'));
 const CURVE_B = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');
@@ -18,20 +17,20 @@ const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
     B: CURVE_B,
     Z: Fp.create(BigInt('-10')),
 });
-exports.P256 = (0, _shortw_utils_js_1.createCurve)({
-    // Params: a, b
+// prettier-ignore
+exports.p256 = (0, _shortw_utils_js_1.createCurve)({
     a: CURVE_A,
     b: CURVE_B,
     Fp,
     // Curve order, total count of valid points in the field
     n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),
-    // Base point (x, y) aka generator point
+    // Base (generator) point (x, y)
     Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),
     Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
     h: BigInt(1),
     lowS: false,
 }, sha256_1.sha256);
-exports.secp256r1 = exports.P256;
+exports.secp256r1 = exports.p256;
 const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp256r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
     DST: 'P256_XMD:SHA-256_SSWU_RO_',
     encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',

package/p256.js.map

@@ -1 +1 @@
-{"version":3,"file":"p256.js","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAA8C;AAC9C,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,0FAA0F;AAC1F,MAAM,EAAE,GAAG,IAAA,kBAAK,EAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC,CAAC;AAC/F,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,MAAM,OAAO,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE7F,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEU,QAAA,IAAI,GAAG,IAAA,8BAAW,EAC7B;IACE,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,eAAM,CACP,CAAC;AACW,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
+{"version":3,"file":"p256.js","sourceRoot":"","sources":["src/p256.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAA8C;AAC9C,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,MAAM,EAAE,GAAG,IAAA,kBAAK,EAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC,CAAC;AAC/F,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,MAAM,OAAO,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE7F,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC9B,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EAAE,eAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}

package/p384.d.ts

@@ -1,5 +1,5 @@
 import * as htf from './abstract/hash-to-curve.js';
-export declare const P384: Readonly<{
+export declare const p384: Readonly<{
     create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
     CURVE: Readonly<{
         readonly nBitLength: number;

package/p384.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"p384.d.ts","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAoBnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAehB,CAAC;AACF,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAE9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"p384.d.ts","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAcnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWE,CAAC;AACpB,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAQ9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/p384.js

@@ -1,42 +1,40 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encodeToCurve = exports.hashToCurve = exports.secp384r1 = exports.P384 = void 0;
+exports.encodeToCurve = exports.hashToCurve = exports.secp384r1 = exports.p384 = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const _shortw_utils_js_1 = require("./_shortw_utils.js");
 const sha512_1 = require("@noble/hashes/sha512");
 const modular_js_1 = require("./abstract/modular.js");
 const weierstrass_js_1 = require("./abstract/weierstrass.js");
 const htf = require("./abstract/hash-to-curve.js");
-// NIST secp384r1 aka P384
+// NIST secp384r1 aka p384
 // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-384
-// Field over which we'll do calculations. 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
+// Field over which we'll do calculations.
 // prettier-ignore
 const P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff');
 const Fp = (0, modular_js_1.Field)(P);
 const CURVE_A = Fp.create(BigInt('-3'));
 // prettier-ignore
 const CURVE_B = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');
-const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
-    A: CURVE_A,
-    B: CURVE_B,
-    Z: Fp.create(BigInt('-12')),
-});
 // prettier-ignore
-exports.P384 = (0, _shortw_utils_js_1.createCurve)({
-    // Params: a, b
+exports.p384 = (0, _shortw_utils_js_1.createCurve)({
     a: CURVE_A,
     b: CURVE_B,
-    // Field over which we'll do calculations. 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
     Fp,
     // Curve order, total count of valid points in the field.
     n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),
-    // Base point (x, y) aka generator point
+    // Base (generator) point (x, y)
     Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),
     Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),
     h: BigInt(1),
     lowS: false,
 }, sha512_1.sha384);
-exports.secp384r1 = exports.P384;
+exports.secp384r1 = exports.p384;
+const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
+    A: CURVE_A,
+    B: CURVE_B,
+    Z: Fp.create(BigInt('-12')),
+});
 const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp384r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
     DST: 'P384_XMD:SHA-384_SSWU_RO_',
     encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',

package/p384.js.map

@@ -1 +1 @@
-{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAA8C;AAC9C,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,uFAAuF;AACvF,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AACvH,MAAM,EAAE,GAAG,IAAA,kBAAK,EAAC,CAAC,CAAC,CAAC;AACpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AAE7H,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC5B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,uFAAuF;IACvF,EAAE;IACF,yDAAyD;IACzD,CAAC,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAC/G,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EACV,eAAM,CACP,CAAC;AACW,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
+{"version":3,"file":"p384.js","sourceRoot":"","sources":["src/p384.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAA8C;AAC9C,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,0EAA0E;AAE1E,0CAA0C;AAC1C,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AACvH,MAAM,EAAE,GAAG,IAAA,kBAAK,EAAC,CAAC,CAAC,CAAC;AACpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AAE7H,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC9B,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,yDAAyD;IACzD,CAAC,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAC/G,gCAAgC;IAChC,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EAAE,eAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC5B,CAAC,CAAC;AAEH,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}

package/p521.d.ts

@@ -1,5 +1,5 @@
 import * as htf from './abstract/hash-to-curve.js';
-export declare const P521: Readonly<{
+export declare const p521: Readonly<{
     create: (hash: import("./abstract/utils.js").CHash) => import("./abstract/weierstrass.js").CurveFn;
     CURVE: Readonly<{
         readonly nBitLength: number;

package/p521.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"p521.d.ts","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AAsBnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAaE,CAAC;AACpB,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAE9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}
+{"version":3,"file":"p521.d.ts","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,GAAG,MAAM,6BAA6B,CAAC;AA8BnD,eAAO,MAAM,IAAI;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAWE,CAAC;AACpB,eAAO,MAAM,SAAS;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAAO,CAAC;AAQ9B,QAAA,MAAQ,WAAW,qFAAE,aAAa,mFAYjC,CAAC;AACF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC"}

package/p521.js

@@ -1,43 +1,47 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encodeToCurve = exports.hashToCurve = exports.secp521r1 = exports.P521 = void 0;
+exports.encodeToCurve = exports.hashToCurve = exports.secp521r1 = exports.p521 = void 0;
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const _shortw_utils_js_1 = require("./_shortw_utils.js");
 const sha512_1 = require("@noble/hashes/sha512");
 const modular_js_1 = require("./abstract/modular.js");
 const weierstrass_js_1 = require("./abstract/weierstrass.js");
 const htf = require("./abstract/hash-to-curve.js");
-// NIST secp521r1 aka P521
+// NIST secp521r1 aka p521
 // Note that it's 521, which differs from 512 of its hash function.
 // https://www.secg.org/sec2-v2.pdf, https://neuromancer.sk/std/nist/P-521
-// Field over which we'll do calculations; 2n**521n - 1n
+// Field over which we'll do calculations.
 // prettier-ignore
 const P = BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
 const Fp = (0, modular_js_1.Field)(P);
-const CURVE_A = Fp.create(BigInt('-3'));
-// prettier-ignore
-const CURVE_B = BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00');
-const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
-    A: CURVE_A,
-    B: CURVE_B,
-    Z: Fp.create(BigInt('-4')),
-});
-// prettier-ignore
-exports.P521 = (0, _shortw_utils_js_1.createCurve)({
-    // Params: a, b
-    a: CURVE_A,
-    b: CURVE_B,
+const CURVE = {
+    a: Fp.create(BigInt('-3')),
+    b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),
     Fp,
-    // Curve order, total count of valid points in the field
     n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),
-    // Base point (x, y) aka generator point
     Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),
     Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),
     h: BigInt(1),
+};
+// prettier-ignore
+exports.p521 = (0, _shortw_utils_js_1.createCurve)({
+    a: CURVE.a,
+    b: CURVE.b,
+    Fp,
+    // Curve order, total count of valid points in the field
+    n: CURVE.n,
+    Gx: CURVE.Gx,
+    Gy: CURVE.Gy,
+    h: CURVE.h,
     lowS: false,
     allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
 }, sha512_1.sha512);
-exports.secp521r1 = exports.P521;
+exports.secp521r1 = exports.p521;
+const mapSWU = (0, weierstrass_js_1.mapToCurveSimpleSWU)(Fp, {
+    A: CURVE.a,
+    B: CURVE.b,
+    Z: Fp.create(BigInt('-4')),
+});
 const { hashToCurve, encodeToCurve } = htf.createHasher(exports.secp521r1.ProjectivePoint, (scalars) => mapSWU(scalars[0]), {
     DST: 'P521_XMD:SHA-512_SSWU_RO_',
     encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',

package/p521.js.map

@@ -1 +1 @@
-{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAA8C;AAC9C,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,wDAAwD;AACxD,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,IAAA,kBAAK,EAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,OAAO,GAAG,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AACxC,kBAAkB;AAClB,MAAM,OAAO,GAAG,MAAM,CAAC,wIAAwI,CAAC,CAAC;AAEjK,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC9B,eAAe;IACf,CAAC,EAAE,OAAO;IACV,CAAC,EAAE,OAAO;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACnJ,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,EAAE,EAAE,MAAM,CAAC,wIAAwI,CAAC;IACpJ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,eAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}
+{"version":3,"file":"p521.js","sourceRoot":"","sources":["src/p521.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,yDAAiD;AACjD,iDAA8C;AAC9C,sDAA8C;AAC9C,8DAAgE;AAChE,mDAAmD;AAEnD,0BAA0B;AAC1B,mEAAmE;AACnE,0EAA0E;AAE1E,0CAA0C;AAC1C,kBAAkB;AAClB,MAAM,CAAC,GAAG,MAAM,CAAC,uIAAuI,CAAC,CAAC;AAC1J,MAAM,EAAE,GAAG,IAAA,kBAAK,EAAC,CAAC,CAAC,CAAC;AAEpB,MAAM,KAAK,GAAG;IACZ,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE;IACF,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;CACb,CAAC;AAEF,kBAAkB;AACL,QAAA,IAAI,GAAG,IAAA,8BAAW,EAAC;IAC9B,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,EAAE;IACF,wDAAwD;IACxD,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,EAAE,EAAE,KAAK,CAAC,EAAE;IACZ,EAAE,EAAE,KAAK,CAAC,EAAE;IACZ,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,eAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAG,YAAI,CAAC;AAE9B,MAAM,MAAM,GAAG,IAAA,oCAAmB,EAAC,EAAE,EAAE;IACrC,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,CAAC,EAAE,KAAK,CAAC,CAAC;IACV,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC,CAAC;AAEH,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,GAAG,GAAG,CAAC,YAAY,CACrD,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EACzC;IACE,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC;AACO,kCAAW;AAAE,sCAAa"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@noble/curves",
-  "version": "0.9.1",
+  "version": "1.0.0",
   "description": "Audited & minimal JS implementation of elliptic curve cryptography",
   "files": [
     "abstract",
@@ -31,9 +31,6 @@
     "@noble/hashes": "1.3.0"
   },
   "devDependencies": {
-    "@scure/bip32": "~1.2.0",
-    "@scure/bip39": "~1.2.0",
-    "@types/node": "18.11.18",
     "fast-check": "3.0.0",
     "micro-bmark": "0.3.1",
     "micro-should": "0.4.0",
@@ -102,10 +99,10 @@
       "import": "./esm/bls12-381.js",
       "default": "./bls12-381.js"
     },
-    "./bn": {
-      "types": "./bn.d.ts",
-      "import": "./esm/bn.js",
-      "default": "./bn.js"
+    "./bn254": {
+      "types": "./bn254.d.ts",
+      "import": "./esm/bn254.js",
+      "default": "./bn254.js"
     },
     "./ed25519": {
       "types": "./ed25519.d.ts",

package/src/abstract/bls.ts

@@ -24,13 +24,16 @@ import {
 
 type Fp = bigint; // Can be different field?
 
+// prettier-ignore
+const _2n = BigInt(2), _3n = BigInt(3);
+
 export type SignatureCoder<Fp2> = {
-  decode(hex: Hex): ProjPointType<Fp2>;
-  encode(point: ProjPointType<Fp2>): Uint8Array;
+  fromHex(hex: Hex): ProjPointType<Fp2>;
+  toRawBytes(point: ProjPointType<Fp2>): Uint8Array;
+  toHex(point: ProjPointType<Fp2>): string;
 };
 
 export type CurveType<Fp, Fp2, Fp6, Fp12> = {
-  r: bigint;
   G1: Omit<CurvePointsType<Fp>, 'n'> & {
     mapToCurve: htf.MapToCurve<Fp>;
     htfDefaults: htf.Opts;
@@ -40,20 +43,25 @@ export type CurveType<Fp, Fp2, Fp6, Fp12> = {
     mapToCurve: htf.MapToCurve<Fp2>;
     htfDefaults: htf.Opts;
   };
-  x: bigint;
-  Fp: IField<Fp>;
-  Fr: IField<bigint>;
-  Fp2: IField<Fp2> & {
-    reim: (num: Fp2) => { re: bigint; im: bigint };
-    multiplyByB: (num: Fp2) => Fp2;
-    frobeniusMap(num: Fp2, power: number): Fp2;
+  fields: {
+    Fp: IField<Fp>;
+    Fr: IField<bigint>;
+    Fp2: IField<Fp2> & {
+      reim: (num: Fp2) => { re: bigint; im: bigint };
+      multiplyByB: (num: Fp2) => Fp2;
+      frobeniusMap(num: Fp2, power: number): Fp2;
+    };
+    Fp6: IField<Fp6>;
+    Fp12: IField<Fp12> & {
+      frobeniusMap(num: Fp12, power: number): Fp12;
+      multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
+      conjugate(num: Fp12): Fp12;
+      finalExponentiate(num: Fp12): Fp12;
+    };
   };
-  Fp6: IField<Fp6>;
-  Fp12: IField<Fp12> & {
-    frobeniusMap(num: Fp12, power: number): Fp12;
-    multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
-    conjugate(num: Fp12): Fp12;
-    finalExponentiate(num: Fp12): Fp12;
+  params: {
+    x: bigint;
+    r: bigint;
   };
   htfDefaults: htf.Opts;
   hash: CHash; // Because we need outputLen for DRBG
@@ -61,18 +69,6 @@ export type CurveType<Fp, Fp2, Fp6, Fp12> = {
 };
 
 export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
-  CURVE: CurveType<Fp, Fp2, Fp6, Fp12>;
-  Fr: IField<bigint>;
-  Fp: IField<Fp>;
-  Fp2: IField<Fp2>;
-  Fp6: IField<Fp6>;
-  Fp12: IField<Fp12>;
-  G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
-  G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;
-  Signature: SignatureCoder<Fp2>;
-  millerLoop: (ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]) => Fp12;
-  calcPairingPrecomputes: (p: AffinePoint<Fp2>) => [Fp2, Fp2, Fp2][];
-  pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
   getPublicKey: (privateKey: PrivKey) => Uint8Array;
   sign: {
     (message: Hex, privateKey: PrivKey): Uint8Array;
@@ -83,6 +79,11 @@ export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
     message: Hex | ProjPointType<Fp2>,
     publicKey: Hex | ProjPointType<Fp>
   ) => boolean;
+  verifyBatch: (
+    signature: Hex | ProjPointType<Fp2>,
+    messages: (Hex | ProjPointType<Fp2>)[],
+    publicKeys: (Hex | ProjPointType<Fp>)[]
+  ) => boolean;
   aggregatePublicKeys: {
     (publicKeys: Hex[]): Uint8Array;
     (publicKeys: ProjPointType<Fp>[]): ProjPointType<Fp>;
@@ -91,22 +92,36 @@ export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
     (signatures: Hex[]): Uint8Array;
     (signatures: ProjPointType<Fp2>[]): ProjPointType<Fp2>;
   };
-  verifyBatch: (
-    signature: Hex | ProjPointType<Fp2>,
-    messages: (Hex | ProjPointType<Fp2>)[],
-    publicKeys: (Hex | ProjPointType<Fp>)[]
-  ) => boolean;
+  millerLoop: (ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]) => Fp12;
+  pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
+  G1: CurvePointsRes<Fp> & ReturnType<typeof htf.createHasher<Fp>>;
+  G2: CurvePointsRes<Fp2> & ReturnType<typeof htf.createHasher<Fp2>>;
+  Signature: SignatureCoder<Fp2>;
+  params: {
+    x: bigint;
+    r: bigint;
+    G1b: bigint;
+    G2b: Fp2;
+  };
+  fields: {
+    Fp: IField<Fp>;
+    Fp2: IField<Fp2>;
+    Fp6: IField<Fp6>;
+    Fp12: IField<Fp12>;
+    Fr: IField<bigint>;
+  };
   utils: {
     randomPrivateKey: () => Uint8Array;
+    calcPairingPrecomputes: (p: AffinePoint<Fp2>) => [Fp2, Fp2, Fp2][];
   };
 };
 
 export function bls<Fp2, Fp6, Fp12>(
   CURVE: CurveType<Fp, Fp2, Fp6, Fp12>
 ): CurveFn<Fp, Fp2, Fp6, Fp12> {
-  // Fields looks pretty specific for curve, so for now we need to pass them with opts
-  const { Fp, Fr, Fp2, Fp6, Fp12 } = CURVE;
-  const BLS_X_LEN = bitLen(CURVE.x);
+  // Fields are specific for curve, so for now we'll need to pass them with opts
+  const { Fp, Fr, Fp2, Fp6, Fp12 } = CURVE.fields;
+  const BLS_X_LEN = bitLen(CURVE.params.x);
   const groupLen = 32; // TODO: calculate; hardcoded for now
 
   // Pre-compute coefficients for sparse multiplication
@@ -122,18 +137,18 @@ export function bls<Fp2, Fp6, Fp12>(
       // Double
       let t0 = Fp2.sqr(Ry); // Ry²
       let t1 = Fp2.sqr(Rz); // Rz²
-      let t2 = Fp2.multiplyByB(Fp2.mul(t1, 3n)); // 3 * T1 * B
-      let t3 = Fp2.mul(t2, 3n); // 3 * T2
+      let t2 = Fp2.multiplyByB(Fp2.mul(t1, _3n)); // 3 * T1 * B
+      let t3 = Fp2.mul(t2, _3n); // 3 * T2
       let t4 = Fp2.sub(Fp2.sub(Fp2.sqr(Fp2.add(Ry, Rz)), t1), t0); // (Ry + Rz)² - T1 - T0
       ell_coeff.push([
         Fp2.sub(t2, t0), // T2 - T0
-        Fp2.mul(Fp2.sqr(Rx), 3n), // 3 * Rx²
+        Fp2.mul(Fp2.sqr(Rx), _3n), // 3 * Rx²
         Fp2.neg(t4), // -T4
       ]);
-      Rx = Fp2.div(Fp2.mul(Fp2.mul(Fp2.sub(t0, t3), Rx), Ry), 2n); // ((T0 - T3) * Rx * Ry) / 2
-      Ry = Fp2.sub(Fp2.sqr(Fp2.div(Fp2.add(t0, t3), 2n)), Fp2.mul(Fp2.sqr(t2), 3n)); // ((T0 + T3) / 2)² - 3 * T2²
+      Rx = Fp2.div(Fp2.mul(Fp2.mul(Fp2.sub(t0, t3), Rx), Ry), _2n); // ((T0 - T3) * Rx * Ry) / 2
+      Ry = Fp2.sub(Fp2.sqr(Fp2.div(Fp2.add(t0, t3), _2n)), Fp2.mul(Fp2.sqr(t2), _3n)); // ((T0 + T3) / 2)² - 3 * T2²
       Rz = Fp2.mul(t0, t4); // T0 * T4
-      if (bitGet(CURVE.x, i)) {
+      if (bitGet(CURVE.params.x, i)) {
         // Addition
         let t0 = Fp2.sub(Ry, Fp2.mul(Qy, Rz)); // Ry - Qy * Rz
         let t1 = Fp2.sub(Rx, Fp2.mul(Qx, Rz)); // Rx - Qx * Rz
@@ -145,7 +160,7 @@ export function bls<Fp2, Fp6, Fp12>(
         let t2 = Fp2.sqr(t1); // T1²
         let t3 = Fp2.mul(t2, t1); // T2 * T1
         let t4 = Fp2.mul(t2, Rx); // T2 * Rx
-        let t5 = Fp2.add(Fp2.sub(t3, Fp2.mul(t4, 2n)), Fp2.mul(Fp2.sqr(t0), Rz)); // T3 - 2 * T4 + T0² * Rz
+        let t5 = Fp2.add(Fp2.sub(t3, Fp2.mul(t4, _2n)), Fp2.mul(Fp2.sqr(t0), Rz)); // T3 - 2 * T4 + T0² * Rz
         Rx = Fp2.mul(t1, t5); // T1 * T5
         Ry = Fp2.sub(Fp2.mul(Fp2.sub(t4, t5), t0), Fp2.mul(t3, Ry)); // (T4 - T5) * T0 - T3 * Ry
         Rz = Fp2.mul(Rz, t3); // Rz * T3
@@ -155,7 +170,7 @@ export function bls<Fp2, Fp6, Fp12>(
   }
 
   function millerLoop(ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]): Fp12 {
-    const { x } = CURVE;
+    const { x } = CURVE.params;
     const Px = g1[0];
     const Py = g1[1];
     let f12 = Fp12.ONE;
@@ -174,8 +189,9 @@ export function bls<Fp2, Fp6, Fp12>(
 
   const utils = {
     randomPrivateKey: (): Uint8Array => {
-      return Fr.toBytes(hashToPrivateScalar(CURVE.randomBytes(groupLen + 8), CURVE.r));
+      return Fr.toBytes(hashToPrivateScalar(CURVE.randomBytes(groupLen + 8), CURVE.params.r));
     },
+    calcPairingPrecomputes,
   };
 
   // Point on G1 curve: (x, y)
@@ -236,7 +252,7 @@ export function bls<Fp2, Fp6, Fp12>(
     return point instanceof G1.ProjectivePoint ? (point as G1) : G1.ProjectivePoint.fromHex(point);
   }
   function normP2(point: G2Hex): G2 {
-    return point instanceof G2.ProjectivePoint ? point : Signature.decode(point);
+    return point instanceof G2.ProjectivePoint ? point : Signature.fromHex(point);
   }
   function normP2Hash(point: G2Hex, htfOpts?: htf.htfBasicOpts): G2 {
     return point instanceof G2.ProjectivePoint
@@ -259,7 +275,7 @@ export function bls<Fp2, Fp6, Fp12>(
     msgPoint.assertValidity();
     const sigPoint = msgPoint.multiply(G1.normPrivateKeyToScalar(privateKey));
     if (message instanceof G2.ProjectivePoint) return sigPoint;
-    return Signature.encode(sigPoint);
+    return Signature.toRawBytes(sigPoint);
   }
 
   // Checks if pairing of public key & hash is equal to pairing of generator & signature.
@@ -309,7 +325,7 @@ export function bls<Fp2, Fp6, Fp12>(
       aggAffine.assertValidity();
       return aggAffine;
     }
-    return Signature.encode(aggAffine);
+    return Signature.toRawBytes(aggAffine);
   }
 
   // https://ethresear.ch/t/fast-verification-of-multiple-bls-signatures/5407
@@ -353,24 +369,30 @@ export function bls<Fp2, Fp6, Fp12>(
   G1.ProjectivePoint.BASE._setWindowSize(4);
 
   return {
-    CURVE,
-    Fr,
-    Fp,
-    Fp2,
-    Fp6,
-    Fp12,
-    G1,
-    G2,
-    Signature,
-    millerLoop,
-    calcPairingPrecomputes,
-    pairing,
     getPublicKey,
     sign,
     verify,
+    verifyBatch,
     aggregatePublicKeys,
     aggregateSignatures,
-    verifyBatch,
+    millerLoop,
+    pairing,
+    G1,
+    G2,
+    Signature,
+    fields: {
+      Fr,
+      Fp,
+      Fp2,
+      Fp6,
+      Fp12,
+    },
+    params: {
+      x: CURVE.params.x,
+      r: CURVE.params.r,
+      G1b: CURVE.G1.b,
+      G2b: CURVE.G2.b,
+    },
     utils,
   };
 }