@noble/curves 1.4.2 → 1.6.0

package/README.md

@@ -2,7 +2,7 @@
 
 Audited & minimal JS implementation of elliptic curve cryptography.
 
-- 🔒 [**Audited**](#security) by an independent security firms
+- 🔒 [**Audited**](#security) by independent security firms
 - 🔻 Tree-shakeable: unused code is excluded from your builds
 - 🏎 Fast: hand-optimized for caveats of JS engines
 - 🔍 Reliable: property-based / cross-library / wycheproof tests and fuzzing ensure correctness
@@ -10,11 +10,9 @@ Audited & minimal JS implementation of elliptic curve cryptography.
 - ✍️ ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement, hashing to curves
 - 🔖 SUF-CMA, SBS (non-repudiation), ZIP215 (consensus friendliness) features for ed25519
 - 🧜‍♂️ Poseidon ZK-friendly hash
-- 🪶 178KB (87KB gzipped) for everything including bundled hashes, 22KB (10KB gzipped) for single-curve build
+- 🪶 190KB (92KB gzipped) for everything with hashes, 22KB (10KB gzipped) for single-curve build
 
-For discussions, questions and support, visit
-[GitHub Discussions](https://github.com/paulmillr/noble-curves/discussions)
-section of the repository.
+Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-curves/discussions) for questions and support.
 
 ### This library belongs to _noble_ cryptography
 
@@ -45,17 +43,19 @@ A standalone file [noble-curves.js](https://github.com/paulmillr/noble-curves/re
 ```js
 // import * from '@noble/curves'; // Error: use sub-imports, to ensure small app size
 import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
-// import { secp256k1 } from 'npm:@noble/curves@1.4.0/secp256k1'; // Deno
+// import { secp256k1 } from 'npm:@noble/curves@1.6.0/secp256k1'; // Deno
 ```
 
 - [Implementations](#implementations)
-  - [ECDSA signature scheme](#ecdsa-signature-scheme)
+  - [ECDSA signatures over secp256k1 and others](#ecdsa-signatures-over-secp256k1-and-others)
   - [ECDSA public key recovery & extra entropy](#ecdsa-public-key-recovery--extra-entropy)
   - [ECDH: Elliptic Curve Diffie-Hellman](#ecdh-elliptic-curve-diffie-hellman)
   - [Schnorr signatures over secp256k1, BIP340](#schnorr-signatures-over-secp256k1-bip340)
   - [ed25519, X25519, ristretto255](#ed25519-x25519-ristretto255)
   - [ed448, X448, decaf448](#ed448-x448-decaf448)
   - [bls12-381](#bls12-381)
+  - [bn254 aka alt_bn128](#bn254-aka-alt_bn128)
+  - [Multi-scalar-multiplication](#multi-scalar-multiplication)
   - [All available imports](#all-available-imports)
   - [Accessing a curve's variables](#accessing-a-curves-variables)
 - [Abstract API](#abstract-api)
@@ -79,24 +79,24 @@ import { secp256k1 } from '@noble/curves/secp256k1'; // ESM and Common.js
 Implementations use [noble-hashes](https://github.com/paulmillr/noble-hashes).
 If you want to use a different hashing library, [abstract API](#abstract-api) doesn't depend on them.
 
-#### ECDSA signature scheme
-
-Generic example that works for all curves, shown for secp256k1:
+#### ECDSA signatures over secp256k1 and others
 
 ```ts
 import { secp256k1 } from '@noble/curves/secp256k1';
+// import { p256 } from '@noble/curves/p256'; // or p384 / p521
+
 const priv = secp256k1.utils.randomPrivateKey();
 const pub = secp256k1.getPublicKey(priv);
 const msg = new Uint8Array(32).fill(1); // message hash (not message) in ecdsa
 const sig = secp256k1.sign(msg, priv); // `{prehash: true}` option is available
 const isValid = secp256k1.verify(sig, msg, pub) === true;
 
-// hex strings are also supported besides Uint8Arrays:
+// hex strings are also supported besides Uint8Array-s:
 const privHex = '46c930bc7bb4db7f55da20798697421b98c4175a52c630294d75a84b9c126236';
 const pub2 = secp256k1.getPublicKey(privHex);
 ```
 
-We support P256 (secp256r1), P384 (secp384r1), P521 (secp521r1).
+The same code would work for NIST P256 (secp256r1), P384 (secp384r1) & P521 (secp521r1).
 
 #### ECDSA public key recovery & extra entropy
 
@@ -246,7 +246,82 @@ Same RFC7748 / RFC8032 / IRTF draft are followed.
 
 #### bls12-381
 
+```ts
+import { bls12_381 as bls } from '@noble/curves/bls12-381';
+
+// G1 keys, G2 signatures
+const privateKey = '67d53f170b908cabb9eb326c3c337762d59289a8fec79f7bc9254b584b73265c';
+const message = '64726e3da8';
+const publicKey = bls.getPublicKey(privateKey);
+const signature = bls.sign(message, privateKey);
+const isValid = bls.verify(signature, message, publicKey);
+console.log({ publicKey, signature, isValid });
+
+// G2 signatures, G1 keys
+// getPublicKeyForShortSignatures(privateKey)
+// signShortSignature(message, privateKey)
+// verifyShortSignature(signature, message, publicKey)
+// aggregateShortSignatures(signatures)
+
+// Custom DST
+const htfEthereum = { DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_' };
+const signatureEth = bls.sign(message, privateKey, htfEthereum);
+const isValidEth = bls.verify(signature, message, publicKey, htfEthereum);
+
+// Aggregation
+const aggregatedKey = bls.aggregatePublicKeys([bls.utils.randomPrivateKey(), bls.utils.randomPrivateKey()])
+// const aggregatedSig = bls.aggregateSignatures(sigs)
+
+// Pairings, with and without final exponentiation
+// bls.pairing(PointG1, PointG2);
+// bls.pairing(PointG1, PointG2, false);
+// bls.fields.Fp12.finalExponentiate(bls.fields.Fp12.mul(PointG1, PointG2));
+
+// Others
+// bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE;
+// bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr;
+```
+
 See [abstract/bls](#bls-barreto-lynn-scott-curves).
+For example usage, check out [the implementation of BLS EVM precompiles](https://github.com/ethereumjs/ethereumjs-monorepo/blob/361f4edbc239e795a411ac2da7e5567298b9e7e5/packages/evm/src/precompiles/bls12_381/noble.ts).
+
+#### bn254 aka alt_bn128
+
+```ts
+import { bn254 } from '@noble/curves/bn254';
+
+console.log(
+  bn254.G1,
+  bn254.G2,
+  bn254.pairing
+)
+```
+
+The API mirrors [BLS](#bls12-381). The curve was previously called alt_bn128.
+The implementation is compatible with [EIP-196](https://eips.ethereum.org/EIPS/eip-196) and
+[EIP-197](https://eips.ethereum.org/EIPS/eip-197).
+
+Keep in mind that we don't implement Point methods toHex / toRawBytes. It's because
+different implementations of bn254 do it differently - there is no standard. Points of divergence:
+
+- Endianness: LE vs BE (byte-swapped)
+- Flags as first hex bits (similar to BLS) vs no-flags
+- Imaginary part last in G2 vs first (c0, c1 vs c1, c0)
+
+For example usage, check out [the implementation of bn254 EVM precompiles](https://github.com/paulmillr/noble-curves/blob/3ed792f8ad9932765b84d1064afea8663a255457/test/bn254.test.js#L697).
+
+#### Multi-scalar-multiplication
+
+```ts
+import { secp256k1 } from '@noble/curves/secp256k1';
+const p = secp256k1.ProjectivePoint;
+const points = [p.BASE, p.BASE.multiply(2n), p.BASE.multiply(4n), p.BASE.multiply(8n)];
+p.msm(points, [3n, 5n, 7n, 11n]).equals(p.BASE.multiply(129n)); // 129*G
+```
+
+Pippenger algorithm is used underneath.
+Multi-scalar-multiplication (MSM) is basically `(Pa + Qb + Rc + ...)`.
+It's 10-30x faster vs naive addition for large amount of points.
 
 #### All available imports
 
@@ -399,6 +474,7 @@ interface ProjConstructor<T> extends GroupConstructor<ProjPointType<T>> {
   fromAffine(p: AffinePoint<T>): ProjPointType<T>;
   fromHex(hex: Hex): ProjPointType<T>;
   fromPrivateKey(privateKey: PrivKey): ProjPointType<T>;
+  msm(points: ProjPointType[], scalars: bigint[]): ProjPointType<T>;
 }
 ```
 
@@ -551,6 +627,7 @@ interface ExtPointConstructor extends GroupConstructor<ExtPointType> {
   fromAffine(p: AffinePoint<bigint>): ExtPointType;
   fromHex(hex: Hex): ExtPointType;
   fromPrivateKey(privateKey: Hex): ExtPointType;
+  msm(points: ExtPointType[], scalars: bigint[]): ExtPointType;
 }
 ```
 
@@ -590,75 +667,11 @@ use aggregated, batch-verifiable
 using Boneh-Lynn-Shacham signature scheme.
 
 The module doesn't expose `CURVE` property: use `G1.CURVE`, `G2.CURVE` instead.
-Only BLS12-381 is implemented currently.
+Only BLS12-381 is currently implemented.
 Defining BLS12-377 and BLS24 should be straightforward.
 
-Main methods and properties are:
-
-- `getPublicKey(privateKey)`
-- `sign(message, privateKey)`
-- `verify(signature, message, publicKey)`
-- `aggregatePublicKeys(publicKeys)`
-- `aggregateSignatures(signatures)`
-- `G1` and `G2` curves containing `CURVE` and `ProjectivePoint`
-- `Signature` property with `fromHex`, `toHex` methods
-- `fields` containing `Fp`, `Fp2`, `Fp6`, `Fp12`, `Fr`
-
 The default BLS uses short public keys (with public keys in G1 and signatures in G2).
-Short signatures (public keys in G2 and signatures in G1) is also supported, using:
-
-- `getPublicKeyForShortSignatures(privateKey)`
-- `signShortSignature(message, privateKey)`
-- `verifyShortSignature(signature, message, publicKey)`
-- `aggregateShortSignatures(signatures)`
-
-```ts
-import { bls12_381 as bls } from '@noble/curves/bls12-381';
-const privateKey = '67d53f170b908cabb9eb326c3c337762d59289a8fec79f7bc9254b584b73265c';
-const message = '64726e3da8';
-const publicKey = bls.getPublicKey(privateKey);
-const signature = bls.sign(message, privateKey);
-const isValid = bls.verify(signature, message, publicKey);
-console.log({ publicKey, signature, isValid });
-
-// Use custom DST, e.g. for Ethereum consensus layer
-const htfEthereum = { DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_' };
-const signatureEth = bls.sign(message, privateKey, htfEthereum);
-const isValidEth = bls.verify(signature, message, publicKey, htfEthereum);
-console.log({ signatureEth, isValidEth });
-
-// Sign 1 msg with 3 keys
-const privateKeys = [
-  '18f020b98eb798752a50ed0563b079c125b0db5dd0b1060d1c1b47d4a193e1e4',
-  'ed69a8c50cf8c9836be3b67c7eeff416612d45ba39a5c099d48fa668bf558c9c',
-  '16ae669f3be7a2121e17d0c68c05a8f3d6bef21ec0f2315f1d7aec12484e4cf5',
-];
-const messages = ['d2', '0d98', '05caf3'];
-const publicKeys = privateKeys.map(bls.getPublicKey);
-const signatures2 = privateKeys.map((p) => bls.sign(message, p));
-const aggPubKey2 = bls.aggregatePublicKeys(publicKeys);
-const aggSignature2 = bls.aggregateSignatures(signatures2);
-const isValid2 = bls.verify(aggSignature2, message, aggPubKey2);
-console.log({ signatures2, aggSignature2, isValid2 });
-
-// Sign 3 msgs with 3 keys
-const signatures3 = privateKeys.map((p, i) => bls.sign(messages[i], p));
-const aggSignature3 = bls.aggregateSignatures(signatures3);
-const isValid3 = bls.verifyBatch(aggSignature3, messages, publicKeys);
-console.log({ publicKeys, signatures3, aggSignature3, isValid3 });
-
-// Pairings, with and without final exponentiation
-bls.pairing(PointG1, PointG2);
-bls.pairing(PointG1, PointG2, false);
-bls.fields.Fp12.finalExponentiate(bls.fields.Fp12.mul(PointG1, PointG2));
-
-// Others
-bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE;
-bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr;
-bls.params.x, bls.params.r, bls.params.G1b, bls.params.G2b;
-
-// hash-to-curve examples can be seen below
-```
+Short signatures (public keys in G2 and signatures in G1) are also supported.
 
 ### hash-to-curve: Hashing strings to curve points
 
@@ -816,6 +829,11 @@ utils.equalBytes(Uint8Array.from([0xde]), Uint8Array.from([0xde]));
 
 The library has been independently audited:
 
+- at version 1.6.0, in Sep 2024, by [cure53](https://cure53.de)
+  - PDFs: [in-repo](./audit/2024-09-cure53-audit-nbl4.pdf)
+  - [Changes since audit](https://github.com/paulmillr/noble-curves/compare/1.6.0..main)
+  - Scope: ed25519, ed448, their add-ons, bls12-381, bn254,
+    hash-to-curve, low-level primitives bls, tower, edwards, montgomery etc.
 - at version 1.2.0, in Sep 2023, by [Kudelski Security](https://kudelskisecurity.com)
   - PDFs: [offline](./audit/2023-09-kudelski-audit-starknet.pdf)
   - [Changes since audit](https://github.com/paulmillr/noble-curves/compare/1.2.0..main)
@@ -871,74 +889,87 @@ is even worse: there is no reliable userspace source of quality entropy.
 
 ## Speed
 
-Benchmark results on Apple M2 with node v20:
+Benchmark results on Apple M2 with node v22:
 
 ```
 secp256k1
 init x 68 ops/sec @ 14ms/op
-getPublicKey x 6,750 ops/sec @ 148μs/op
-sign x 5,206 ops/sec @ 192μs/op
-verify x 880 ops/sec @ 1ms/op
-getSharedSecret x 536 ops/sec @ 1ms/op
-recoverPublicKey x 852 ops/sec @ 1ms/op
-schnorr.sign x 685 ops/sec @ 1ms/op
-schnorr.verify x 908 ops/sec @ 1ms/op
+getPublicKey x 6,839 ops/sec @ 146μs/op
+sign x 5,226 ops/sec @ 191μs/op
+verify x 893 ops/sec @ 1ms/op
+getSharedSecret x 538 ops/sec @ 1ms/op
+recoverPublicKey x 923 ops/sec @ 1ms/op
+schnorr.sign x 700 ops/sec @ 1ms/op
+schnorr.verify x 919 ops/sec @ 1ms/op
+
+ed25519
+init x 51 ops/sec @ 19ms/op
+getPublicKey x 9,809 ops/sec @ 101μs/op
+sign x 4,976 ops/sec @ 200μs/op
+verify x 1,018 ops/sec @ 981μs/op
+
+ed448
+init x 19 ops/sec @ 50ms/op
+getPublicKey x 3,723 ops/sec @ 268μs/op
+sign x 1,759 ops/sec @ 568μs/op
+verify x 344 ops/sec @ 2ms/op
 
 p256
-init x 38 ops/sec @ 26ms/op
-getPublicKey x 6,530 ops/sec @ 153μs/op
-sign x 5,074 ops/sec @ 197μs/op
-verify x 626 ops/sec @ 1ms/op
+init x 39 ops/sec @ 25ms/op
+getPublicKey x 6,518 ops/sec @ 153μs/op
+sign x 5,148 ops/sec @ 194μs/op
+verify x 609 ops/sec @ 1ms/op
 
 p384
 init x 17 ops/sec @ 57ms/op
-getPublicKey x 2,883 ops/sec @ 346μs/op
-sign x 2,358 ops/sec @ 424μs/op
-verify x 245 ops/sec @ 4ms/op
+getPublicKey x 2,933 ops/sec @ 340μs/op
+sign x 2,327 ops/sec @ 429μs/op
+verify x 244 ops/sec @ 4ms/op
 
 p521
-init x 9 ops/sec @ 109ms/op
-getPublicKey x 1,516 ops/sec @ 659μs/op
-sign x 1,271 ops/sec @ 786μs/op
-verify x 123 ops/sec @ 8ms/op
-
-ed25519
-init x 54 ops/sec @ 18ms/op
-getPublicKey x 10,269 ops/sec @ 97μs/op
-sign x 5,110 ops/sec @ 195μs/op
-verify x 1,049 ops/sec @ 952μs/op
-
-ed448
-init x 19 ops/sec @ 51ms/op
-getPublicKey x 3,775 ops/sec @ 264μs/op
-sign x 1,771 ops/sec @ 564μs/op
-verify x 351 ops/sec @ 2ms/op
+init x 8 ops/sec @ 112ms/op
+getPublicKey x 1,484 ops/sec @ 673μs/op
+sign x 1,264 ops/sec @ 790μs/op
+verify x 124 ops/sec @ 8ms/op
+
+ristretto255
+add x 680,735 ops/sec @ 1μs/op
+multiply x 10,766 ops/sec @ 92μs/op
+encode x 15,835 ops/sec @ 63μs/op
+decode x 15,972 ops/sec @ 62μs/op
+
+decaf448
+add x 345,303 ops/sec @ 2μs/op
+multiply x 300 ops/sec @ 3ms/op
+encode x 5,987 ops/sec @ 167μs/op
+decode x 5,892 ops/sec @ 169μs/op
 
 ecdh
-├─x25519 x 1,466 ops/sec @ 682μs/op
-├─secp256k1 x 539 ops/sec @ 1ms/op
-├─p256 x 511 ops/sec @ 1ms/op
-├─p384 x 199 ops/sec @ 5ms/op
-├─p521 x 103 ops/sec @ 9ms/op
-└─x448 x 548 ops/sec @ 1ms/op
+├─x25519 x 1,477 ops/sec @ 676μs/op
+├─secp256k1 x 537 ops/sec @ 1ms/op
+├─p256 x 512 ops/sec @ 1ms/op
+├─p384 x 198 ops/sec @ 5ms/op
+├─p521 x 99 ops/sec @ 10ms/op
+└─x448 x 504 ops/sec @ 1ms/op
 
 bls12-381
 init x 36 ops/sec @ 27ms/op
-getPublicKey 1-bit x 973 ops/sec @ 1ms/op
-getPublicKey x 970 ops/sec @ 1ms/op
-sign x 55 ops/sec @ 17ms/op
-verify x 39 ops/sec @ 25ms/op
-pairing x 106 ops/sec @ 9ms/op
+getPublicKey x 960 ops/sec @ 1ms/op
+sign x 60 ops/sec @ 16ms/op
+verify x 47 ops/sec @ 21ms/op
+pairing x 125 ops/sec @ 7ms/op
+pairing10 x 40 ops/sec @ 24ms/op ± 23.27% (min: 21ms, max: 48ms)
+MSM 4096 scalars x points x 0 ops/sec @ 4655ms/op
 aggregatePublicKeys/8 x 129 ops/sec @ 7ms/op
 aggregatePublicKeys/32 x 34 ops/sec @ 28ms/op
-aggregatePublicKeys/128 x 8 ops/sec @ 112ms/op
-aggregatePublicKeys/512 x 2 ops/sec @ 446ms/op
-aggregatePublicKeys/2048 x 0 ops/sec @ 1778ms/op
-aggregateSignatures/8 x 50 ops/sec @ 19ms/op
-aggregateSignatures/32 x 13 ops/sec @ 74ms/op
-aggregateSignatures/128 x 3 ops/sec @ 296ms/op
-aggregateSignatures/512 x 0 ops/sec @ 1180ms/op
-aggregateSignatures/2048 x 0 ops/sec @ 4715ms/op
+aggregatePublicKeys/128 x 8 ops/sec @ 113ms/op
+aggregatePublicKeys/512 x 2 ops/sec @ 449ms/op
+aggregatePublicKeys/2048 x 0 ops/sec @ 1792ms/op
+aggregateSignatures/8 x 62 ops/sec @ 15ms/op
+aggregateSignatures/32 x 16 ops/sec @ 60ms/op
+aggregateSignatures/128 x 4 ops/sec @ 238ms/op
+aggregateSignatures/512 x 1 ops/sec @ 946ms/op
+aggregateSignatures/2048 x 0 ops/sec @ 3774ms/op
 
 hash-to-curve
 hash_to_field x 91,600 ops/sec @ 10μs/op

package/_shortw_utils.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"_shortw_utils.d.ts","sourceRoot":"","sources":["src/_shortw_utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAe,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAe,MAAM,2BAA2B,CAAC;AAGnE,wBAAgB,OAAO,CAAC,IAAI,EAAE,KAAK;;gBAGnB,UAAU,WAAW,UAAU,EAAE;;EAGhD;AAED,KAAK,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC;AAC3E,wBAAgB,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK;mBACtC,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;0CAG+nuB,CAAC;;;;;;kFAAwmB,CAAC;+HAA2F,CAAC;2GAAuE,CAAC;;;;qGAAoH,CAAC;;;;;;;+BAA+R,CAAC,eAAe,CAAC;;GAD90wB"}
+{"version":3,"file":"_shortw_utils.d.ts","sourceRoot":"","sources":["src/_shortw_utils.ts"],"names":[],"mappings":"AAEA,OAAO,EAAe,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAC/D,OAAO,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC5C,OAAO,EAAE,SAAS,EAAe,MAAM,2BAA2B,CAAC;AAGnE,wBAAgB,OAAO,CAAC,IAAI,EAAE,KAAK;;gBAGnB,UAAU,WAAW,UAAU,EAAE;;EAGhD;AAED,KAAK,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,CAAC,CAAC,CAAC;AAC3E,wBAAgB,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK;mBACtC,KAAK;;;;;;;;;;;;;;;;;;;;;;;;;;;;0CAG01zB,CAAC;;;;;;kFAAwmB,CAAC;+HAA2F,CAAC;2GAAuE,CAAC;;;;qGAAoH,CAAC;;;;;;;+BAA+R,CAAC,eAAe,CAAC;;GADzi2B"}

package/abstract/bls.d.ts

@@ -1,47 +1,37 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { AffinePoint } from './curve.js';
 import { IField } from './modular.js';
 import { Hex, PrivKey, CHash } from './utils.js';
 import { MapToCurve, Opts as HTFOpts, htfBasicOpts, createHasher } from './hash-to-curve.js';
 import { CurvePointsType, ProjPointType as ProjPointType, CurvePointsRes } from './weierstrass.js';
+import type { Fp2, Fp6, Fp12, Fp2Bls, Fp12Bls } from './tower.js';
 /**
- * BLS (Barreto-Lynn-Scott) family of pairing-friendly curves.
- * Implements BLS (Boneh-Lynn-Shacham) signatures.
+ * BLS != BLS.
+ * The file implements BLS (Boneh-Lynn-Shacham) signatures.
+ * Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
+ * families of pairing-friendly curves.
  * Consists of two curves: G1 and G2:
  * - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4.
  * - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1
  * - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in
  *   Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not.
  * Pairing is used to aggregate and verify signatures.
- * We are using Fp for private keys (shorter) and Fp₂ for signatures (longer).
- * Some projects may prefer to swap this relation, it is not supported for now.
+ * There are two main ways to use it:
+ * 1. Fp for short private keys, Fp₂ for signatures
+ * 2. Fp for short signatures, Fp₂ for private keys
  **/
 type Fp = bigint;
+export type TwistType = 'multiplicative' | 'divisive';
 export type ShortSignatureCoder<Fp> = {
     fromHex(hex: Hex): ProjPointType<Fp>;
     toRawBytes(point: ProjPointType<Fp>): Uint8Array;
     toHex(point: ProjPointType<Fp>): string;
 };
-export type SignatureCoder<Fp2> = {
-    fromHex(hex: Hex): ProjPointType<Fp2>;
-    toRawBytes(point: ProjPointType<Fp2>): Uint8Array;
-    toHex(point: ProjPointType<Fp2>): string;
-};
-type Fp2Bls<Fp, Fp2> = IField<Fp2> & {
-    reim: (num: Fp2) => {
-        re: Fp;
-        im: Fp;
-    };
-    multiplyByB: (num: Fp2) => Fp2;
-    frobeniusMap(num: Fp2, power: number): Fp2;
-};
-type Fp12Bls<Fp2, Fp12> = IField<Fp12> & {
-    frobeniusMap(num: Fp12, power: number): Fp12;
-    multiplyBy014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
-    conjugate(num: Fp12): Fp12;
-    finalExponentiate(num: Fp12): Fp12;
+export type SignatureCoder<Fp> = {
+    fromHex(hex: Hex): ProjPointType<Fp>;
+    toRawBytes(point: ProjPointType<Fp>): Uint8Array;
+    toHex(point: ProjPointType<Fp>): string;
 };
-export type CurveType<Fp, Fp2, Fp6, Fp12> = {
+export type CurveType = {
     G1: Omit<CurvePointsType<Fp>, 'n'> & {
         ShortSignature: SignatureCoder<Fp>;
         mapToCurve: MapToCurve<Fp>;
@@ -55,19 +45,28 @@ export type CurveType<Fp, Fp2, Fp6, Fp12> = {
     fields: {
         Fp: IField<Fp>;
         Fr: IField<bigint>;
-        Fp2: Fp2Bls<Fp, Fp2>;
+        Fp2: Fp2Bls;
         Fp6: IField<Fp6>;
-        Fp12: Fp12Bls<Fp2, Fp12>;
+        Fp12: Fp12Bls;
     };
     params: {
-        x: bigint;
+        ateLoopSize: bigint;
+        xNegative: boolean;
         r: bigint;
+        twistType: TwistType;
     };
     htfDefaults: HTFOpts;
     hash: CHash;
     randomBytes: (bytesLength?: number) => Uint8Array;
+    postPrecompute?: (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy: Fp2, pointAdd: (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy: Fp2) => {
+        Rx: Fp2;
+        Ry: Fp2;
+        Rz: Fp2;
+    }) => void;
 };
-export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
+type PrecomputeSingle = [Fp2, Fp2, Fp2][];
+type Precompute = PrecomputeSingle[];
+export type CurveFn = {
     getPublicKey: (privateKey: PrivKey) => Uint8Array;
     getPublicKeyForShortSignatures: (privateKey: PrivKey) => Uint8Array;
     sign: {
@@ -93,30 +92,34 @@ export type CurveFn<Fp, Fp2, Fp6, Fp12> = {
         (signatures: Hex[]): Uint8Array;
         (signatures: ProjPointType<Fp>[]): ProjPointType<Fp>;
     };
-    millerLoop: (ell: [Fp2, Fp2, Fp2][], g1: [Fp, Fp]) => Fp12;
+    millerLoopBatch: (pairs: [Precompute, Fp, Fp][]) => Fp12;
     pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
+    pairingBatch: (pairs: {
+        g1: ProjPointType<Fp>;
+        g2: ProjPointType<Fp2>;
+    }[], withFinalExponent?: boolean) => Fp12;
     G1: CurvePointsRes<Fp> & ReturnType<typeof createHasher<Fp>>;
     G2: CurvePointsRes<Fp2> & ReturnType<typeof createHasher<Fp2>>;
     Signature: SignatureCoder<Fp2>;
     ShortSignature: ShortSignatureCoder<Fp>;
     params: {
-        x: bigint;
+        ateLoopSize: bigint;
         r: bigint;
         G1b: bigint;
         G2b: Fp2;
     };
     fields: {
         Fp: IField<Fp>;
-        Fp2: Fp2Bls<Fp, Fp2>;
+        Fp2: Fp2Bls;
         Fp6: IField<Fp6>;
-        Fp12: Fp12Bls<Fp2, Fp12>;
+        Fp12: Fp12Bls;
         Fr: IField<bigint>;
     };
     utils: {
         randomPrivateKey: () => Uint8Array;
-        calcPairingPrecomputes: (p: AffinePoint<Fp2>) => [Fp2, Fp2, Fp2][];
+        calcPairingPrecomputes: (p: ProjPointType<Fp2>) => Precompute;
     };
 };
-export declare function bls<Fp2, Fp6, Fp12>(CURVE: CurveType<Fp, Fp2, Fp6, Fp12>): CurveFn<Fp, Fp2, Fp6, Fp12>;
+export declare function bls(CURVE: CurveType): CurveFn;
 export {};
 //# sourceMappingURL=bls.d.ts.map

package/abstract/bls.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":"AAAA,sEAAsE;AAEtE,OAAO,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACzC,OAAO,EAAE,MAAM,EAAoC,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAA+B,MAAM,YAAY,CAAC;AAE9E,OAAO,EACL,UAAU,EAAE,IAAI,IAAI,OAAO,EAAuB,YAAY,EAC9D,YAAY,EACb,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,eAAe,EACf,aAAa,IAAI,aAAa,EAC9B,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAE1B;;;;;;;;;;;IAWI;AAEJ,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,cAAc,CAAC,GAAG,IAAI;IAChC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;IACtC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;IAClD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,GAAG,CAAC,GAAG,MAAM,CAAC;CAC1C,CAAC;AAEF,KAAK,MAAM,CAAC,EAAE,EAAE,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG;IACnC,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;QAAE,EAAE,EAAE,EAAE,CAAC;QAAC,EAAE,EAAE,EAAE,CAAA;KAAE,CAAC;IACvC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAC/B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;CAC5C,CAAC;AAEF,KAAK,OAAO,CAAC,GAAG,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,GAAG;IACvC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7C,aAAa,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IAC1D,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;IAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;CACpC,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,IAAI;IAC1C,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG;QACnC,cAAc,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG;QACpC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACrB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;KAC1B,CAAC;IACF,MAAM,EAAE;QACN,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;KACX,CAAC;IACF,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;CACnD,CAAC;AAEF,MAAM,MAAM,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,IAAI;IACxC,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IAClD,8BAA8B,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IACpE,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KAChG,CAAC;IACF,kBAAkB,EAAE;QAClB,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KAC9F,CAAC;IACF,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACjC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,oBAAoB,EAAE,CACpB,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAChC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,QAAQ,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EACtC,UAAU,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EACvC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxD,CAAC;IACF,wBAAwB,EAAE;QACxB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,UAAU,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,IAAI,CAAC;IAC3D,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5F,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7D,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE;QACN,CAAC,EAAE,MAAM,CAAC;QACV,CAAC,EAAE,MAAM,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QACrB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QACzB,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,CAAC,CAAC,EAAE,WAAW,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;KACpE,CAAC;CACH,CAAC;AAEF,wBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAChC,KAAK,EAAE,SAAS,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,GACnC,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CA0V7B"}
+{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":"AAAA,sEAAsE;AAGtE,OAAO,EAAE,MAAM,EAAoC,MAAM,cAAc,CAAC;AACxE,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,KAAK,EAAyB,MAAM,YAAY,CAAC;AAExE,OAAO,EACL,UAAU,EAAE,IAAI,IAAI,OAAO,EAAuB,YAAY,EAC9D,YAAY,EACb,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EACL,eAAe,EACf,aAAa,IAAI,aAAa,EAC9B,cAAc,EAEf,MAAM,kBAAkB,CAAC;AAC1B,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAElE;;;;;;;;;;;;;;IAcI;AAEJ,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAEtD,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,cAAc,CAAC,EAAE,IAAI;IAC/B,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG;QACnC,cAAc,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG;QACpC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC;KACf,CAAC;IACF,MAAM,EAAE;QAIN,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;QACnB,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,SAAS,CAAC;KACtB,CAAC;IACF,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAElD,cAAc,CAAC,EAAE,CACf,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,KAAK;QAAE,EAAE,EAAE,GAAG,CAAC;QAAC,EAAE,EAAE,GAAG,CAAC;QAAC,EAAE,EAAE,GAAG,CAAA;KAAE,KACrF,IAAI,CAAC;CACX,CAAC;AAEF,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAC1C,KAAK,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAErC,MAAM,MAAM,OAAO,GAAG;IACpB,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IAClD,8BAA8B,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IACpE,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KAChG,CAAC;IACF,kBAAkB,EAAE;QAClB,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KAC9F,CAAC;IACF,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACjC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,oBAAoB,EAAE,CACpB,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAChC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,QAAQ,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EACtC,UAAU,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EACvC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxD,CAAC;IACF,wBAAwB,EAAE;QACxB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5F,YAAY,EAAE,CACZ,KAAK,EAAE;QAAE,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;QAAC,EAAE,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;KAAE,EAAE,EAC1D,iBAAiB,CAAC,EAAE,OAAO,KACxB,IAAI,CAAC;IACV,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7D,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,CAAC,EAAE,MAAM,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC;QACd,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC;KAC/D,CAAC;CACH,CAAC;AAgBF,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAsX7C"}