@noble/curves 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +399 -247
- package/_shortw_utils.d.ts +1 -1
- package/abstract/bls.d.ts.map +1 -1
- package/abstract/bls.js +2 -2
- package/abstract/bls.js.map +1 -1
- package/abstract/edwards.d.ts +7 -2
- package/abstract/edwards.d.ts.map +1 -1
- package/abstract/edwards.js +7 -2
- package/abstract/edwards.js.map +1 -1
- package/abstract/hash-to-curve.d.ts +1 -1
- package/abstract/hash-to-curve.d.ts.map +1 -1
- package/abstract/hash-to-curve.js +14 -8
- package/abstract/hash-to-curve.js.map +1 -1
- package/abstract/modular.d.ts +55 -13
- package/abstract/modular.d.ts.map +1 -1
- package/abstract/modular.js +82 -22
- package/abstract/modular.js.map +1 -1
- package/abstract/poseidon.d.ts.map +1 -1
- package/abstract/poseidon.js +39 -41
- package/abstract/poseidon.js.map +1 -1
- package/abstract/utils.d.ts +43 -5
- package/abstract/utils.d.ts.map +1 -1
- package/abstract/utils.js +70 -26
- package/abstract/utils.js.map +1 -1
- package/abstract/weierstrass.d.ts +18 -2
- package/abstract/weierstrass.d.ts.map +1 -1
- package/abstract/weierstrass.js +40 -22
- package/abstract/weierstrass.js.map +1 -1
- package/bls12-381.d.ts.map +1 -1
- package/bls12-381.js +11 -11
- package/bls12-381.js.map +1 -1
- package/ed25519.d.ts +33 -20
- package/ed25519.d.ts.map +1 -1
- package/ed25519.js +60 -38
- package/ed25519.js.map +1 -1
- package/ed448.d.ts +53 -4
- package/ed448.d.ts.map +1 -1
- package/ed448.js +217 -38
- package/ed448.js.map +1 -1
- package/esm/abstract/bls.js +3 -3
- package/esm/abstract/bls.js.map +1 -1
- package/esm/abstract/edwards.js +7 -2
- package/esm/abstract/edwards.js.map +1 -1
- package/esm/abstract/hash-to-curve.js +14 -8
- package/esm/abstract/hash-to-curve.js.map +1 -1
- package/esm/abstract/modular.js +78 -21
- package/esm/abstract/modular.js.map +1 -1
- package/esm/abstract/poseidon.js +39 -41
- package/esm/abstract/poseidon.js.map +1 -1
- package/esm/abstract/utils.js +70 -26
- package/esm/abstract/utils.js.map +1 -1
- package/esm/abstract/weierstrass.js +40 -22
- package/esm/abstract/weierstrass.js.map +1 -1
- package/esm/bls12-381.js +11 -11
- package/esm/bls12-381.js.map +1 -1
- package/esm/ed25519.js +60 -38
- package/esm/ed25519.js.map +1 -1
- package/esm/ed448.js +217 -38
- package/esm/ed448.js.map +1 -1
- package/esm/jubjub.js +1 -1
- package/esm/jubjub.js.map +1 -1
- package/esm/p256.js +10 -9
- package/esm/p256.js.map +1 -1
- package/esm/p384.js +7 -6
- package/esm/p384.js.map +1 -1
- package/esm/p521.js +7 -6
- package/esm/p521.js.map +1 -1
- package/esm/package.json +1 -4
- package/esm/secp256k1.js +11 -9
- package/esm/secp256k1.js.map +1 -1
- package/jubjub.js.map +1 -1
- package/p256.d.ts +4 -5
- package/p256.d.ts.map +1 -1
- package/p256.js +10 -10
- package/p256.js.map +1 -1
- package/p384.d.ts +4 -5
- package/p384.d.ts.map +1 -1
- package/p384.js +7 -7
- package/p384.js.map +1 -1
- package/p521.d.ts +4 -5
- package/p521.d.ts.map +1 -1
- package/p521.js +7 -7
- package/p521.js.map +1 -1
- package/package.json +7 -9
- package/secp256k1.d.ts +5 -5
- package/secp256k1.d.ts.map +1 -1
- package/secp256k1.js +11 -10
- package/secp256k1.js.map +1 -1
- package/src/abstract/bls.ts +3 -3
- package/src/abstract/edwards.ts +13 -4
- package/src/abstract/hash-to-curve.ts +14 -8
- package/src/abstract/modular.ts +84 -27
- package/src/abstract/poseidon.ts +39 -40
- package/src/abstract/utils.ts +77 -33
- package/src/abstract/weierstrass.ts +51 -29
- package/src/bls12-381.ts +12 -17
- package/src/ed25519.ts +105 -75
- package/src/ed448.ts +286 -64
- package/src/jubjub.ts +1 -1
- package/src/p256.ts +13 -14
- package/src/p384.ts +12 -13
- package/src/p521.ts +12 -13
- package/src/secp256k1.ts +60 -55
package/abstract/utils.js
CHANGED
|
@@ -2,11 +2,18 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.validateObject = exports.createHmacDrbg = exports.bitMask = exports.bitSet = exports.bitGet = exports.bitLen = exports.utf8ToBytes = exports.equalBytes = exports.concatBytes = exports.ensureBytes = exports.numberToVarBytesBE = exports.numberToBytesLE = exports.numberToBytesBE = exports.bytesToNumberLE = exports.bytesToNumberBE = exports.hexToBytes = exports.hexToNumber = exports.numberToHexUnpadded = exports.bytesToHex = void 0;
|
|
4
4
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
|
+
// 100 lines of code in the file are duplicated from noble-hashes (utils).
|
|
6
|
+
// This is OK: `abstract` directory does not use noble-hashes.
|
|
7
|
+
// User may opt-in into using different hashing library. This way, noble-hashes
|
|
8
|
+
// won't be included into their bundle.
|
|
5
9
|
const _0n = BigInt(0);
|
|
6
10
|
const _1n = BigInt(1);
|
|
7
11
|
const _2n = BigInt(2);
|
|
8
12
|
const u8a = (a) => a instanceof Uint8Array;
|
|
9
|
-
const hexes = Array.from({ length: 256 }, (
|
|
13
|
+
const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
|
|
14
|
+
/**
|
|
15
|
+
* @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
|
|
16
|
+
*/
|
|
10
17
|
function bytesToHex(bytes) {
|
|
11
18
|
if (!u8a(bytes))
|
|
12
19
|
throw new Error('Uint8Array expected');
|
|
@@ -30,25 +37,28 @@ function hexToNumber(hex) {
|
|
|
30
37
|
return BigInt(hex === '' ? '0' : `0x${hex}`);
|
|
31
38
|
}
|
|
32
39
|
exports.hexToNumber = hexToNumber;
|
|
33
|
-
|
|
40
|
+
/**
|
|
41
|
+
* @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])
|
|
42
|
+
*/
|
|
34
43
|
function hexToBytes(hex) {
|
|
35
44
|
if (typeof hex !== 'string')
|
|
36
45
|
throw new Error('hex string expected, got ' + typeof hex);
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
46
|
+
const len = hex.length;
|
|
47
|
+
if (len % 2)
|
|
48
|
+
throw new Error('padded hex string expected, got unpadded hex of length ' + len);
|
|
49
|
+
const array = new Uint8Array(len / 2);
|
|
40
50
|
for (let i = 0; i < array.length; i++) {
|
|
41
51
|
const j = i * 2;
|
|
42
52
|
const hexByte = hex.slice(j, j + 2);
|
|
43
53
|
const byte = Number.parseInt(hexByte, 16);
|
|
44
54
|
if (Number.isNaN(byte) || byte < 0)
|
|
45
|
-
throw new Error('
|
|
55
|
+
throw new Error('Invalid byte sequence');
|
|
46
56
|
array[i] = byte;
|
|
47
57
|
}
|
|
48
58
|
return array;
|
|
49
59
|
}
|
|
50
60
|
exports.hexToBytes = hexToBytes;
|
|
51
|
-
// Big Endian
|
|
61
|
+
// BE: Big Endian, LE: Little Endian
|
|
52
62
|
function bytesToNumberBE(bytes) {
|
|
53
63
|
return hexToNumber(bytesToHex(bytes));
|
|
54
64
|
}
|
|
@@ -59,13 +69,28 @@ function bytesToNumberLE(bytes) {
|
|
|
59
69
|
return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
|
|
60
70
|
}
|
|
61
71
|
exports.bytesToNumberLE = bytesToNumberLE;
|
|
62
|
-
|
|
72
|
+
function numberToBytesBE(n, len) {
|
|
73
|
+
return hexToBytes(n.toString(16).padStart(len * 2, '0'));
|
|
74
|
+
}
|
|
63
75
|
exports.numberToBytesBE = numberToBytesBE;
|
|
64
|
-
|
|
76
|
+
function numberToBytesLE(n, len) {
|
|
77
|
+
return numberToBytesBE(n, len).reverse();
|
|
78
|
+
}
|
|
65
79
|
exports.numberToBytesLE = numberToBytesLE;
|
|
66
|
-
//
|
|
67
|
-
|
|
80
|
+
// Unpadded, rarely used
|
|
81
|
+
function numberToVarBytesBE(n) {
|
|
82
|
+
return hexToBytes(numberToHexUnpadded(n));
|
|
83
|
+
}
|
|
68
84
|
exports.numberToVarBytesBE = numberToVarBytesBE;
|
|
85
|
+
/**
|
|
86
|
+
* Takes hex string or Uint8Array, converts to Uint8Array.
|
|
87
|
+
* Validates output length.
|
|
88
|
+
* Will throw error for other types.
|
|
89
|
+
* @param title descriptive title for an error e.g. 'private key'
|
|
90
|
+
* @param hex hex string or Uint8Array
|
|
91
|
+
* @param expectedLength optional, will compare to result array's length
|
|
92
|
+
* @returns
|
|
93
|
+
*/
|
|
69
94
|
function ensureBytes(title, hex, expectedLength) {
|
|
70
95
|
let res;
|
|
71
96
|
if (typeof hex === 'string') {
|
|
@@ -90,11 +115,13 @@ function ensureBytes(title, hex, expectedLength) {
|
|
|
90
115
|
return res;
|
|
91
116
|
}
|
|
92
117
|
exports.ensureBytes = ensureBytes;
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
118
|
+
/**
|
|
119
|
+
* Copies several Uint8Arrays into one.
|
|
120
|
+
*/
|
|
121
|
+
function concatBytes(...arrays) {
|
|
122
|
+
const r = new Uint8Array(arrays.reduce((sum, a) => sum + a.length, 0));
|
|
96
123
|
let pad = 0; // walk through each item, ensure they have proper type
|
|
97
|
-
|
|
124
|
+
arrays.forEach((a) => {
|
|
98
125
|
if (!u8a(a))
|
|
99
126
|
throw new Error('Uint8Array expected');
|
|
100
127
|
r.set(a, pad);
|
|
@@ -113,15 +140,20 @@ function equalBytes(b1, b2) {
|
|
|
113
140
|
return true;
|
|
114
141
|
}
|
|
115
142
|
exports.equalBytes = equalBytes;
|
|
143
|
+
/**
|
|
144
|
+
* @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
|
|
145
|
+
*/
|
|
116
146
|
function utf8ToBytes(str) {
|
|
117
|
-
if (typeof str !== 'string')
|
|
147
|
+
if (typeof str !== 'string')
|
|
118
148
|
throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
|
|
119
|
-
|
|
120
|
-
return new TextEncoder().encode(str);
|
|
149
|
+
return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
|
|
121
150
|
}
|
|
122
151
|
exports.utf8ToBytes = utf8ToBytes;
|
|
123
152
|
// Bit operations
|
|
124
|
-
|
|
153
|
+
/**
|
|
154
|
+
* Calculates amount of bits in a bigint.
|
|
155
|
+
* Same as `n.toString(2).length`
|
|
156
|
+
*/
|
|
125
157
|
function bitLen(n) {
|
|
126
158
|
let len;
|
|
127
159
|
for (len = 0; n > _0n; n >>= _1n, len += 1)
|
|
@@ -129,15 +161,26 @@ function bitLen(n) {
|
|
|
129
161
|
return len;
|
|
130
162
|
}
|
|
131
163
|
exports.bitLen = bitLen;
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
164
|
+
/**
|
|
165
|
+
* Gets single bit at position.
|
|
166
|
+
* NOTE: first bit position is 0 (same as arrays)
|
|
167
|
+
* Same as `!!+Array.from(n.toString(2)).reverse()[pos]`
|
|
168
|
+
*/
|
|
169
|
+
function bitGet(n, pos) {
|
|
170
|
+
return (n >> BigInt(pos)) & _1n;
|
|
171
|
+
}
|
|
135
172
|
exports.bitGet = bitGet;
|
|
136
|
-
|
|
137
|
-
|
|
173
|
+
/**
|
|
174
|
+
* Sets single bit at position.
|
|
175
|
+
*/
|
|
176
|
+
const bitSet = (n, pos, value) => {
|
|
177
|
+
return n | ((value ? _1n : _0n) << BigInt(pos));
|
|
178
|
+
};
|
|
138
179
|
exports.bitSet = bitSet;
|
|
139
|
-
|
|
140
|
-
|
|
180
|
+
/**
|
|
181
|
+
* Calculate mask for N bits. Not using ** operator with bigints because of old engines.
|
|
182
|
+
* Same as BigInt(`0b${Array(i).fill('1').join('')}`)
|
|
183
|
+
*/
|
|
141
184
|
const bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
|
|
142
185
|
exports.bitMask = bitMask;
|
|
143
186
|
// DRBG
|
|
@@ -208,6 +251,7 @@ const validatorFns = {
|
|
|
208
251
|
function: (val) => typeof val === 'function',
|
|
209
252
|
boolean: (val) => typeof val === 'boolean',
|
|
210
253
|
string: (val) => typeof val === 'string',
|
|
254
|
+
stringOrUint8Array: (val) => typeof val === 'string' || val instanceof Uint8Array,
|
|
211
255
|
isSafeInteger: (val) => Number.isSafeInteger(val),
|
|
212
256
|
array: (val) => Array.isArray(val),
|
|
213
257
|
field: (val, object) => object.Fp.isValid(val),
|
package/abstract/utils.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/abstract/utils.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,CAAC,CAAM,EAAmB,EAAE,CAAC,CAAC,YAAY,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"utils.js","sourceRoot":"","sources":["../src/abstract/utils.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,0EAA0E;AAC1E,8DAA8D;AAC9D,+EAA+E;AAC/E,uCAAuC;AACvC,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,CAAC,CAAM,EAAmB,EAAE,CAAC,CAAC,YAAY,UAAU,CAAC;AAWjE,MAAM,KAAK,GAAG,eAAe,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACjE,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAChC,CAAC;AACF;;GAEG;AACH,SAAgB,UAAU,CAAC,KAAiB;IAC1C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACxD,oCAAoC;IACpC,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACrC,GAAG,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;KACxB;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AARD,gCAQC;AAED,SAAgB,mBAAmB,CAAC,GAAoB;IACtD,MAAM,GAAG,GAAG,GAAG,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC;IAC7B,OAAO,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC;AAC1C,CAAC;AAHD,kDAGC;AAED,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,GAAG,CAAC,CAAC;IACvF,aAAa;IACb,OAAO,MAAM,CAAC,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CAAC,CAAC;AAC/C,CAAC;AAJD,kCAIC;AAED;;GAEG;AACH,SAAgB,UAAU,CAAC,GAAW;IACpC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,OAAO,GAAG,CAAC,CAAC;IACvF,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,IAAI,GAAG,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,GAAG,GAAG,CAAC,CAAC;IAC9F,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;QACrC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,MAAM,OAAO,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACpC,MAAM,IAAI,GAAG,MAAM,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC;QAC1C,IAAI,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC7E,KAAK,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC;KACjB;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAbD,gCAaC;AAED,oCAAoC;AACpC,SAAgB,eAAe,CAAC,KAAiB;IAC/C,OAAO,WAAW,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;AACxC,CAAC;AAFD,0CAEC;AACD,SAAgB,eAAe,CAAC,KAAiB;IAC/C,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACxD,OAAO,WAAW,CAAC,UAAU,CAAC,UAAU,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;AACnE,CAAC;AAHD,0CAGC;AAED,SAAgB,eAAe,CAAC,CAAkB,EAAE,GAAW;IAC7D,OAAO,UAAU,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAFD,0CAEC;AACD,SAAgB,eAAe,CAAC,CAAkB,EAAE,GAAW;IAC7D,OAAO,eAAe,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,OAAO,EAAE,CAAC;AAC3C,CAAC;AAFD,0CAEC;AACD,wBAAwB;AACxB,SAAgB,kBAAkB,CAAC,CAAkB;IACnD,OAAO,UAAU,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5C,CAAC;AAFD,gDAEC;AAED;;;;;;;;GAQG;AACH,SAAgB,WAAW,CAAC,KAAa,EAAE,GAAQ,EAAE,cAAuB;IAC1E,IAAI,GAAe,CAAC;IACpB,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;QAC3B,IAAI;YACF,GAAG,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC;SACvB;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,mCAAmC,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;SACjF;KACF;SAAM,IAAI,GAAG,CAAC,GAAG,CAAC,EAAE;QACnB,mEAAmE;QACnE,sEAAsE;QACtE,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;KAC5B;SAAM;QACL,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,mCAAmC,CAAC,CAAC;KAC9D;IACD,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,IAAI,OAAO,cAAc,KAAK,QAAQ,IAAI,GAAG,KAAK,cAAc;QAC9D,MAAM,IAAI,KAAK,CAAC,GAAG,KAAK,aAAa,cAAc,eAAe,GAAG,EAAE,CAAC,CAAC;IAC3E,OAAO,GAAG,CAAC;AACb,CAAC;AAnBD,kCAmBC;AAED;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAG,MAAoB;IACjD,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC;IACvE,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,uDAAuD;IACpE,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE;QACnB,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;QACpD,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACd,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;IAClB,CAAC,CAAC,CAAC;IACH,OAAO,CAAC,CAAC;AACX,CAAC;AATD,kCASC;AAED,SAAgB,UAAU,CAAC,EAAc,EAAE,EAAc;IACvD,0CAA0C;IAC1C,IAAI,EAAE,CAAC,MAAM,KAAK,EAAE,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,IAAI,EAAE,CAAC,CAAC,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;YAAE,OAAO,KAAK,CAAC;IACtE,OAAO,IAAI,CAAC;AACd,CAAC;AALD,gCAKC;AAMD;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,OAAO,GAAG,EAAE,CAAC,CAAC;IAC/F,OAAO,IAAI,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,4BAA4B;AACpF,CAAC;AAHD,kCAGC;AAED,iBAAiB;AAEjB;;;GAGG;AACH,SAAgB,MAAM,CAAC,CAAS;IAC9B,IAAI,GAAG,CAAC;IACR,KAAK,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,KAAK,GAAG,EAAE,GAAG,IAAI,CAAC;QAAC,CAAC;IAC5C,OAAO,GAAG,CAAC;AACb,CAAC;AAJD,wBAIC;AAED;;;;GAIG;AACH,SAAgB,MAAM,CAAC,CAAS,EAAE,GAAW;IAC3C,OAAO,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC;AAClC,CAAC;AAFD,wBAEC;AAED;;GAEG;AACI,MAAM,MAAM,GAAG,CAAC,CAAS,EAAE,GAAW,EAAE,KAAc,EAAE,EAAE;IAC/D,OAAO,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAClD,CAAC,CAAC;AAFW,QAAA,MAAM,UAEjB;AAEF;;;GAGG;AACI,MAAM,OAAO,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;AAAtD,QAAA,OAAO,WAA+C;AAEnE,OAAO;AAEP,MAAM,GAAG,GAAG,CAAC,IAAU,EAAE,EAAE,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,qBAAqB;AACvE,MAAM,IAAI,GAAG,CAAC,GAAQ,EAAE,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,mBAAmB;AAEpE;;;;;;GAMG;AACH,SAAgB,cAAc,CAC5B,OAAe,EACf,QAAgB,EAChB,MAAkE;IAElE,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC5F,IAAI,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/F,IAAI,OAAO,MAAM,KAAK,UAAU;QAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/E,gDAAgD;IAChD,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qEAAqE;IAC3F,IAAI,CAAC,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,qEAAqE;IAC3F,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,gDAAgD;IAC3D,MAAM,KAAK,GAAG,GAAG,EAAE;QACjB,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACV,CAAC,GAAG,CAAC,CAAC;IACR,CAAC,CAAC;IACF,MAAM,CAAC,GAAG,CAAC,GAAG,CAAe,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC9E,MAAM,MAAM,GAAG,CAAC,IAAI,GAAG,GAAG,EAAE,EAAE,EAAE;QAC9B,yCAAyC;QACzC,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,mCAAmC;QAC9D,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,mBAAmB;QAC5B,IAAI,IAAI,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO;QAC9B,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,mCAAmC;QAC9D,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,mBAAmB;IAC9B,CAAC,CAAC;IACF,MAAM,GAAG,GAAG,GAAG,EAAE;QACf,gCAAgC;QAChC,IAAI,CAAC,EAAE,IAAI,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC5D,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,MAAM,GAAG,GAAiB,EAAE,CAAC;QAC7B,OAAO,GAAG,GAAG,QAAQ,EAAE;YACrB,CAAC,GAAG,CAAC,EAAE,CAAC;YACR,MAAM,EAAE,GAAG,CAAC,CAAC,KAAK,EAAE,CAAC;YACrB,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACb,GAAG,IAAI,CAAC,CAAC,MAAM,CAAC;SACjB;QACD,OAAO,WAAW,CAAC,GAAG,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC;IACF,MAAM,QAAQ,GAAG,CAAC,IAAgB,EAAE,IAAa,EAAK,EAAE;QACtD,KAAK,EAAE,CAAC;QACR,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,YAAY;QAC1B,IAAI,GAAG,GAAkB,SAAS,CAAC,CAAC,uCAAuC;QAC3E,OAAO,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;YAAE,MAAM,EAAE,CAAC;QACtC,KAAK,EAAE,CAAC;QACR,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;IACF,OAAO,QAAQ,CAAC;AAClB,CAAC;AAhDD,wCAgDC;AAED,+BAA+B;AAE/B,MAAM,YAAY,GAAG;IACnB,MAAM,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ;IAC7C,QAAQ,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,UAAU;IACjD,OAAO,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,SAAS;IAC/C,MAAM,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ;IAC7C,kBAAkB,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,YAAY,UAAU;IACtF,aAAa,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC;IACtD,KAAK,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;IACvC,KAAK,EAAE,CAAC,GAAQ,EAAE,MAAW,EAAE,EAAE,CAAE,MAAc,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC;IACjE,IAAI,EAAE,CAAC,GAAQ,EAAE,EAAE,CAAC,OAAO,GAAG,KAAK,UAAU,IAAI,MAAM,CAAC,aAAa,CAAC,GAAG,CAAC,SAAS,CAAC;CAC5E,CAAC;AAGX,wEAAwE;AAExE,SAAgB,cAAc,CAC5B,MAAS,EACT,UAAqB,EACrB,gBAA2B,EAAE;IAE7B,MAAM,UAAU,GAAG,CAAC,SAAkB,EAAE,IAAe,EAAE,UAAmB,EAAE,EAAE;QAC9E,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;QACpC,IAAI,OAAO,QAAQ,KAAK,UAAU;YAChC,MAAM,IAAI,KAAK,CAAC,sBAAsB,IAAI,sBAAsB,CAAC,CAAC;QAEpE,MAAM,GAAG,GAAG,MAAM,CAAC,SAAgC,CAAC,CAAC;QACrD,IAAI,UAAU,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO;QAC5C,IAAI,CAAC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC,EAAE;YAC1B,MAAM,IAAI,KAAK,CACb,iBAAiB,MAAM,CAAC,SAAS,CAAC,IAAI,GAAG,KAAK,OAAO,GAAG,eAAe,IAAI,EAAE,CAC9E,CAAC;SACH;IACH,CAAC,CAAC;IACF,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;QAAE,UAAU,CAAC,SAAS,EAAE,IAAK,EAAE,KAAK,CAAC,CAAC;IAChG,KAAK,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,aAAa,CAAC;QAAE,UAAU,CAAC,SAAS,EAAE,IAAK,EAAE,IAAI,CAAC,CAAC;IAClG,OAAO,MAAM,CAAC;AAChB,CAAC;AArBD,wCAqBC;AACD,sBAAsB;AACtB,uEAAuE;AACvE,gFAAgF;AAChF,4BAA4B;AAC5B,2DAA2D;AAC3D,qEAAqE;AACrE,+DAA+D;AAC/D,4DAA4D"}
|
|
@@ -142,7 +142,7 @@ export interface SignatureType {
|
|
|
142
142
|
readonly s: bigint;
|
|
143
143
|
readonly recovery?: number;
|
|
144
144
|
assertValidity(): void;
|
|
145
|
-
addRecoveryBit(recovery: number):
|
|
145
|
+
addRecoveryBit(recovery: number): RecoveredSignatureType;
|
|
146
146
|
hasHighS(): boolean;
|
|
147
147
|
normalizeS(): SignatureType;
|
|
148
148
|
recoverPublicKey(msgHash: Hex): ProjPointType<bigint>;
|
|
@@ -151,6 +151,9 @@ export interface SignatureType {
|
|
|
151
151
|
toDERRawBytes(isCompressed?: boolean): Uint8Array;
|
|
152
152
|
toDERHex(isCompressed?: boolean): string;
|
|
153
153
|
}
|
|
154
|
+
export type RecoveredSignatureType = SignatureType & {
|
|
155
|
+
readonly recovery: number;
|
|
156
|
+
};
|
|
154
157
|
export type SignatureConstructor = {
|
|
155
158
|
new (r: bigint, s: bigint): SignatureType;
|
|
156
159
|
fromCompact(hex: Hex): SignatureType;
|
|
@@ -198,7 +201,7 @@ export type CurveFn = {
|
|
|
198
201
|
CURVE: ReturnType<typeof validateOpts>;
|
|
199
202
|
getPublicKey: (privateKey: PrivKey, isCompressed?: boolean) => Uint8Array;
|
|
200
203
|
getSharedSecret: (privateA: PrivKey, publicB: Hex, isCompressed?: boolean) => Uint8Array;
|
|
201
|
-
sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) =>
|
|
204
|
+
sign: (msgHash: Hex, privKey: PrivKey, opts?: SignOpts) => RecoveredSignatureType;
|
|
202
205
|
verify: (signature: Hex | SignatureLike, msgHash: Hex, publicKey: Hex, opts?: VerOpts) => boolean;
|
|
203
206
|
ProjectivePoint: ProjConstructor<bigint>;
|
|
204
207
|
Signature: SignatureConstructor;
|
|
@@ -210,10 +213,23 @@ export type CurveFn = {
|
|
|
210
213
|
};
|
|
211
214
|
};
|
|
212
215
|
export declare function weierstrass(curveDef: CurveType): CurveFn;
|
|
216
|
+
/**
|
|
217
|
+
* Implementation of the Shallue and van de Woestijne method for any weierstrass curve.
|
|
218
|
+
* TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.
|
|
219
|
+
* b = True and y = sqrt(u / v) if (u / v) is square in F, and
|
|
220
|
+
* b = False and y = sqrt(Z * (u / v)) otherwise.
|
|
221
|
+
* @param Fp
|
|
222
|
+
* @param Z
|
|
223
|
+
* @returns
|
|
224
|
+
*/
|
|
213
225
|
export declare function SWUFpSqrtRatio<T>(Fp: mod.IField<T>, Z: T): (u: T, v: T) => {
|
|
214
226
|
isValid: boolean;
|
|
215
227
|
value: T;
|
|
216
228
|
};
|
|
229
|
+
/**
|
|
230
|
+
* Simplified Shallue-van de Woestijne-Ulas Method
|
|
231
|
+
* https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2
|
|
232
|
+
*/
|
|
217
233
|
export declare function mapToCurveSimpleSWU<T>(Fp: mod.IField<T>, opts: {
|
|
218
234
|
A: T;
|
|
219
235
|
B: T;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"weierstrass.d.ts","sourceRoot":"","sources":["../src/abstract/weierstrass.ts"],"names":[],"mappings":"AAAA,sEAAsE;AAEtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAe,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAQ,UAAU,EAAiB,WAAW,EAAE,MAAM,YAAY,CAAC;AAEnG,YAAY,EAAE,WAAW,EAAE,CAAC;AAC5B,KAAK,UAAU,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,KAAK,UAAU,CAAC;AAC7E,KAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,OAAO,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CACxF,CAAC;AACF,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,GAAG;IAE3C,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;IAGL,wBAAwB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,CAAC,EAAE,gBAAgB,CAAC;IAGxB,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC;IAE5E,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CACtF,CAAC;AAEF,KAAK,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC;AAC1B,MAAM,MAAM,QAAQ,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AACrF,MAAM,MAAM,OAAO,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE5D;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,MAAM,WAAW,aAAa,CAAC,CAAC,CAAE,SAAQ,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAC/D,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,IAAI,CAAC,IAAI,CAAC,CAAC;IACX,IAAI,CAAC,IAAI,CAAC,CAAC;IACX,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC3C,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IACjC,aAAa,IAAI,OAAO,CAAC;IACzB,aAAa,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;IAClC,cAAc,IAAI,IAAI,CAAC;IACvB,QAAQ,IAAI,OAAO,CAAC;IACpB,UAAU,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAC/C,KAAK,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAEtC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACjD,oBAAoB,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IAC9F,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,CAAE,SAAQ,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAC5E,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACzC,UAAU,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACpC,cAAc,CAAC,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACtD,UAAU,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;CAC5D;AAED,MAAM,MAAM,eAAe,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG;IAEhD,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC;IAClD,OAAO,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,KAAK,UAAU,CAAC;CACjG,CAAC;AAoCF,MAAM,MAAM,cAAc,CAAC,CAAC,IAAI;IAC9B,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IACpC,sBAAsB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IACjD,mBAAmB,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;IACjC,kBAAkB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;CAC9C,CAAC;AAIF,eAAO,MAAM,GAAG;;;;;;;;oBAOE,UAAU,GAAG;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,UAAU,CAAA;KAAE;eAe9C,MAAM,GAAG,UAAU;WAAQ,MAAM;WAAK,MAAM;;oBAavC;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;CAelD,CAAC;AAMF,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;kCA+CtB,OAAO,KAAG,MAAM;6BAtBrB,CAAC,KAAG,CAAC;8BAcJ,MAAM,KAAG,OAAO;
|
|
1
|
+
{"version":3,"file":"weierstrass.d.ts","sourceRoot":"","sources":["../src/abstract/weierstrass.ts"],"names":[],"mappings":"AAAA,sEAAsE;AAEtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AACpC,OAAO,KAAK,EAAE,MAAM,YAAY,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAe,MAAM,YAAY,CAAC;AAC9D,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAQ,UAAU,EAAiB,WAAW,EAAE,MAAM,YAAY,CAAC;AAEnG,YAAY,EAAE,WAAW,EAAE,CAAC;AAC5B,KAAK,UAAU,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,KAAK,UAAU,CAAC;AAC7E,KAAK,gBAAgB,GAAG;IACtB,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK;QAAE,KAAK,EAAE,OAAO,CAAC;QAAC,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,OAAO,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC;CACxF,CAAC;AACF,MAAM,MAAM,WAAW,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,GAAG;IAE3C,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;IAGL,wBAAwB,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;IAC7C,cAAc,CAAC,EAAE,OAAO,CAAC;IACzB,IAAI,CAAC,EAAE,gBAAgB,CAAC;IAGxB,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,OAAO,CAAC;IAE5E,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CACtF,CAAC;AAEF,KAAK,OAAO,GAAG,GAAG,GAAG,IAAI,CAAC;AAC1B,MAAM,MAAM,QAAQ,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,YAAY,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AACrF,MAAM,MAAM,OAAO,GAAG;IAAE,IAAI,CAAC,EAAE,OAAO,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,CAAC;AAE5D;;;;;;;;;;;;;;;;;;;;GAoBG;AAGH,MAAM,WAAW,aAAa,CAAC,CAAC,CAAE,SAAQ,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAC/D,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,QAAQ,CAAC,EAAE,EAAE,CAAC,CAAC;IACf,IAAI,CAAC,IAAI,CAAC,CAAC;IACX,IAAI,CAAC,IAAI,CAAC,CAAC;IACX,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC3C,QAAQ,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IACjC,aAAa,IAAI,OAAO,CAAC;IACzB,aAAa,IAAI,aAAa,CAAC,CAAC,CAAC,CAAC;IAClC,cAAc,IAAI,IAAI,CAAC;IACvB,QAAQ,IAAI,OAAO,CAAC;IACpB,UAAU,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAC/C,KAAK,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;IAEtC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACjD,oBAAoB,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;IAC9F,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1C;AAED,MAAM,WAAW,eAAe,CAAC,CAAC,CAAE,SAAQ,gBAAgB,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;IAC5E,KAAK,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACzC,UAAU,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACpC,cAAc,CAAC,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACtD,UAAU,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,EAAE,CAAC;CAC5D;AAED,MAAM,MAAM,eAAe,CAAC,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC,GAAG;IAEhD,SAAS,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC;IAClD,OAAO,CAAC,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,OAAO,KAAK,UAAU,CAAC;CACjG,CAAC;AAoCF,MAAM,MAAM,cAAc,CAAC,CAAC,IAAI;IAC9B,eAAe,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;IACpC,sBAAsB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;IACjD,mBAAmB,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;IACjC,kBAAkB,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC;CAC9C,CAAC;AAIF,eAAO,MAAM,GAAG;;;;;;;;oBAOE,UAAU,GAAG;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,UAAU,CAAA;KAAE;eAe9C,MAAM,GAAG,UAAU;WAAQ,MAAM;WAAK,MAAM;;oBAavC;QAAE,CAAC,EAAE,MAAM,CAAC;QAAC,CAAC,EAAE,MAAM,CAAA;KAAE,GAAG,MAAM;CAelD,CAAC;AAMF,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC;;;;;;;;;;;;;;;;;;;;;;;kCA+CtB,OAAO,KAAG,MAAM;6BAtBrB,CAAC,KAAG,CAAC;8BAcJ,MAAM,KAAG,OAAO;EAkYlD;AAGD,MAAM,WAAW,aAAa;IAC5B,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAC3B,cAAc,IAAI,IAAI,CAAC;IACvB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,sBAAsB,CAAC;IACzD,QAAQ,IAAI,OAAO,CAAC;IACpB,UAAU,IAAI,aAAa,CAAC;IAC5B,gBAAgB,CAAC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;IACtD,iBAAiB,IAAI,UAAU,CAAC;IAChC,YAAY,IAAI,MAAM,CAAC;IAEvB,aAAa,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,UAAU,CAAC;IAClD,QAAQ,CAAC,YAAY,CAAC,EAAE,OAAO,GAAG,MAAM,CAAC;CAC1C;AACD,MAAM,MAAM,sBAAsB,GAAG,aAAa,GAAG;IACnD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,oBAAoB,GAAG;IACjC,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,aAAa,CAAC;IAC1C,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC;IACrC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC;CAClC,CAAC;AACF,KAAK,aAAa,GAAG;IAAE,CAAC,EAAE,MAAM,CAAC;IAAC,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAE9C,MAAM,MAAM,MAAM,GAAG,GAAG,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC;AAEjD,MAAM,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,GAAG;IAC5C,IAAI,EAAE,KAAK,CAAC;IACZ,IAAI,EAAE,UAAU,CAAC;IACjB,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAClD,IAAI,CAAC,EAAE,OAAO,CAAC;IACf,QAAQ,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,MAAM,CAAC;IACzC,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,MAAM,CAAC;CAC/C,CAAC;AAEF,iBAAS,YAAY,CAAC,KAAK,EAAE,SAAS;;;;;;;;;;;;;;;;;;;;;;;;GAgBrC;AAED,MAAM,MAAM,OAAO,GAAG;IACpB,KAAK,EAAE,UAAU,CAAC,OAAO,YAAY,CAAC,CAAC;IACvC,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,UAAU,CAAC;IAC1E,eAAe,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,EAAE,YAAY,CAAC,EAAE,OAAO,KAAK,UAAU,CAAC;IACzF,IAAI,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,QAAQ,KAAK,sBAAsB,CAAC;IAClF,MAAM,EAAE,CAAC,SAAS,EAAE,GAAG,GAAG,aAAa,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,OAAO,CAAC;IAClG,eAAe,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;IACzC,SAAS,EAAE,oBAAoB,CAAC;IAChC,KAAK,EAAE;QACL,sBAAsB,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,CAAC;QACjD,iBAAiB,CAAC,UAAU,EAAE,OAAO,GAAG,OAAO,CAAC;QAChD,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,UAAU,EAAE,CAAC,UAAU,CAAC,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,KAAK,aAAa,CAAC,MAAM,CAAC,CAAC;KAC3F,CAAC;CACH,CAAC;AAEF,wBAAgB,WAAW,CAAC,QAAQ,EAAE,SAAS,GAAG,OAAO,CAqZxD;AAED;;;;;;;;GAQG;AACH,wBAAgB,cAAc,CAAC,CAAC,EAAE,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,OAgBnC,CAAC,KAAK,CAAC,KAAG;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,EAAE,CAAC,CAAA;CAAE,CAmD7D;AACD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EACnC,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,EACjB,IAAI,EAAE;IACJ,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;IACL,CAAC,EAAE,CAAC,CAAC;CACN,OASU,CAAC;OAAQ,CAAC;OAAK,CAAC;EA8B5B"}
|
package/abstract/weierstrass.js
CHANGED
|
@@ -101,7 +101,7 @@ function weierstrassPoints(opts) {
|
|
|
101
101
|
const CURVE = validatePointOpts(opts);
|
|
102
102
|
const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ
|
|
103
103
|
const toBytes = CURVE.toBytes ||
|
|
104
|
-
((
|
|
104
|
+
((_c, point, _isCompressed) => {
|
|
105
105
|
const a = point.toAffine();
|
|
106
106
|
return ut.concatBytes(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));
|
|
107
107
|
});
|
|
@@ -237,9 +237,11 @@ function weierstrassPoints(opts) {
|
|
|
237
237
|
}
|
|
238
238
|
// A point on curve is valid if it conforms to equation.
|
|
239
239
|
assertValidity() {
|
|
240
|
-
// Zero is valid point too!
|
|
241
240
|
if (this.is0()) {
|
|
242
|
-
|
|
241
|
+
// (0, 1, 0) aka ZERO is invalid in most contexts.
|
|
242
|
+
// In BLS, ZERO can be serialized, so we allow it.
|
|
243
|
+
// (0, 0, 0) is wrong representation of ZERO and is always invalid.
|
|
244
|
+
if (CURVE.allowInfinityPoint && !Fp.is0(this.py))
|
|
243
245
|
return;
|
|
244
246
|
throw new Error('bad point: ZERO');
|
|
245
247
|
}
|
|
@@ -552,7 +554,7 @@ function weierstrass(curveDef) {
|
|
|
552
554
|
}
|
|
553
555
|
const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints({
|
|
554
556
|
...CURVE,
|
|
555
|
-
toBytes(
|
|
557
|
+
toBytes(_c, point, isCompressed) {
|
|
556
558
|
const a = point.toAffine();
|
|
557
559
|
const x = Fp.toBytes(a.x);
|
|
558
560
|
const cat = ut.concatBytes;
|
|
@@ -686,13 +688,12 @@ function weierstrass(curveDef) {
|
|
|
686
688
|
},
|
|
687
689
|
normPrivateKeyToScalar: normPrivateKeyToScalar,
|
|
688
690
|
/**
|
|
689
|
-
* Produces cryptographically secure private key from random of size
|
|
690
|
-
*
|
|
691
|
+
* Produces cryptographically secure private key from random of size
|
|
692
|
+
* (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
|
|
691
693
|
*/
|
|
692
694
|
randomPrivateKey: () => {
|
|
693
|
-
const
|
|
694
|
-
|
|
695
|
-
return ut.numberToBytesBE(num, CURVE.nByteLength);
|
|
695
|
+
const length = mod.getMinHashLength(CURVE.n);
|
|
696
|
+
return mod.mapHashToField(CURVE.randomBytes(length), CURVE.n);
|
|
696
697
|
},
|
|
697
698
|
/**
|
|
698
699
|
* Creates precompute table for an arbitrary EC point. Makes point "cached".
|
|
@@ -804,7 +805,7 @@ function weierstrass(curveDef) {
|
|
|
804
805
|
if (ent != null) {
|
|
805
806
|
// K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
|
|
806
807
|
const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is
|
|
807
|
-
seedArgs.push((0, utils_js_1.ensureBytes)('extraEntropy', e
|
|
808
|
+
seedArgs.push((0, utils_js_1.ensureBytes)('extraEntropy', e)); // check for being bytes
|
|
808
809
|
}
|
|
809
810
|
const seed = ut.concatBytes(...seedArgs); // Step D of RFC6979 3.2
|
|
810
811
|
const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!
|
|
@@ -838,18 +839,22 @@ function weierstrass(curveDef) {
|
|
|
838
839
|
const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
|
|
839
840
|
const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
|
|
840
841
|
/**
|
|
841
|
-
* Signs message hash
|
|
842
|
+
* Signs message hash with a private key.
|
|
842
843
|
* ```
|
|
843
844
|
* sign(m, d, k) where
|
|
844
845
|
* (x, y) = G × k
|
|
845
846
|
* r = x mod n
|
|
846
847
|
* s = (m + dr)/k mod n
|
|
847
848
|
* ```
|
|
848
|
-
* @param
|
|
849
|
+
* @param msgHash NOT message. msg needs to be hashed to `msgHash`, or use `prehash`.
|
|
850
|
+
* @param privKey private key
|
|
851
|
+
* @param opts lowS for non-malleable sigs. extraEntropy for mixing randomness into k. prehash will hash first arg.
|
|
852
|
+
* @returns signature with recovery param
|
|
849
853
|
*/
|
|
850
854
|
function sign(msgHash, privKey, opts = defaultSigOpts) {
|
|
851
855
|
const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.
|
|
852
|
-
const
|
|
856
|
+
const C = CURVE;
|
|
857
|
+
const drbg = ut.createHmacDrbg(C.hash.outputLen, C.nByteLength, C.hmac);
|
|
853
858
|
return drbg(seed, k2sig); // Steps B, C, D, E, F, G
|
|
854
859
|
}
|
|
855
860
|
// Enable precomputes. Slows down first publicKey computation by 20ms.
|
|
@@ -931,10 +936,15 @@ function weierstrass(curveDef) {
|
|
|
931
936
|
};
|
|
932
937
|
}
|
|
933
938
|
exports.weierstrass = weierstrass;
|
|
934
|
-
|
|
935
|
-
|
|
936
|
-
|
|
937
|
-
|
|
939
|
+
/**
|
|
940
|
+
* Implementation of the Shallue and van de Woestijne method for any weierstrass curve.
|
|
941
|
+
* TODO: check if there is a way to merge this with uvRatio in Edwards; move to modular.
|
|
942
|
+
* b = True and y = sqrt(u / v) if (u / v) is square in F, and
|
|
943
|
+
* b = False and y = sqrt(Z * (u / v)) otherwise.
|
|
944
|
+
* @param Fp
|
|
945
|
+
* @param Z
|
|
946
|
+
* @returns
|
|
947
|
+
*/
|
|
938
948
|
function SWUFpSqrtRatio(Fp, Z) {
|
|
939
949
|
// Generic implementation
|
|
940
950
|
const q = Fp.ORDER;
|
|
@@ -942,10 +952,14 @@ function SWUFpSqrtRatio(Fp, Z) {
|
|
|
942
952
|
for (let o = q - _1n; o % _2n === _0n; o /= _2n)
|
|
943
953
|
l += _1n;
|
|
944
954
|
const c1 = l; // 1. c1, the largest integer such that 2^c1 divides q - 1.
|
|
945
|
-
|
|
955
|
+
// We need 2n ** c1 and 2n ** (c1-1). We can't use **; but we can use <<.
|
|
956
|
+
// 2n ** c1 == 2n << (c1-1)
|
|
957
|
+
const _2n_pow_c1_1 = _2n << (c1 - _1n - _1n);
|
|
958
|
+
const _2n_pow_c1 = _2n_pow_c1_1 * _2n;
|
|
959
|
+
const c2 = (q - _1n) / _2n_pow_c1; // 2. c2 = (q - 1) / (2^c1) # Integer arithmetic
|
|
946
960
|
const c3 = (c2 - _1n) / _2n; // 3. c3 = (c2 - 1) / 2 # Integer arithmetic
|
|
947
|
-
const c4 =
|
|
948
|
-
const c5 =
|
|
961
|
+
const c4 = _2n_pow_c1 - _1n; // 4. c4 = 2^c1 - 1 # Integer arithmetic
|
|
962
|
+
const c5 = _2n_pow_c1_1; // 5. c5 = 2^(c1 - 1) # Integer arithmetic
|
|
949
963
|
const c6 = Fp.pow(Z, c2); // 6. c6 = Z^c2
|
|
950
964
|
const c7 = Fp.pow(Z, (c2 + _1n) / _2n); // 7. c7 = Z^((c2 + 1) / 2)
|
|
951
965
|
let sqrtRatio = (u, v) => {
|
|
@@ -967,7 +981,8 @@ function SWUFpSqrtRatio(Fp, Z) {
|
|
|
967
981
|
tv4 = Fp.cmov(tv5, tv4, isQR); // 16. tv4 = CMOV(tv5, tv4, isQR)
|
|
968
982
|
// 17. for i in (c1, c1 - 1, ..., 2):
|
|
969
983
|
for (let i = c1; i > _1n; i--) {
|
|
970
|
-
let tv5 =
|
|
984
|
+
let tv5 = i - _2n; // 18. tv5 = i - 2
|
|
985
|
+
tv5 = _2n << (tv5 - _1n); // 19. tv5 = 2^tv5
|
|
971
986
|
let tvv5 = Fp.pow(tv4, tv5); // 20. tv5 = tv4^tv5
|
|
972
987
|
const e1 = Fp.eql(tvv5, Fp.ONE); // 21. e1 = tv5 == 1
|
|
973
988
|
tv2 = Fp.mul(tv3, tv1); // 22. tv2 = tv3 * tv1
|
|
@@ -1000,7 +1015,10 @@ function SWUFpSqrtRatio(Fp, Z) {
|
|
|
1000
1015
|
return sqrtRatio;
|
|
1001
1016
|
}
|
|
1002
1017
|
exports.SWUFpSqrtRatio = SWUFpSqrtRatio;
|
|
1003
|
-
|
|
1018
|
+
/**
|
|
1019
|
+
* Simplified Shallue-van de Woestijne-Ulas Method
|
|
1020
|
+
* https://www.rfc-editor.org/rfc/rfc9380#section-6.6.2
|
|
1021
|
+
*/
|
|
1004
1022
|
function mapToCurveSimpleSWU(Fp, opts) {
|
|
1005
1023
|
mod.validateField(Fp);
|
|
1006
1024
|
if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))
|