@noble/curves 1.7.0 → 1.8.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -21
- package/_shortw_utils.d.ts +9 -55
- package/_shortw_utils.d.ts.map +1 -1
- package/_shortw_utils.js +6 -2
- package/_shortw_utils.js.map +1 -1
- package/abstract/bls.d.ts +8 -6
- package/abstract/bls.d.ts.map +1 -1
- package/abstract/bls.js +17 -1
- package/abstract/bls.js.map +1 -1
- package/abstract/curve.d.ts +27 -32
- package/abstract/curve.d.ts.map +1 -1
- package/abstract/curve.js +19 -12
- package/abstract/curve.js.map +1 -1
- package/abstract/edwards.d.ts +14 -25
- package/abstract/edwards.d.ts.map +1 -1
- package/abstract/edwards.js +5 -1
- package/abstract/edwards.js.map +1 -1
- package/abstract/hash-to-curve.d.ts +29 -9
- package/abstract/hash-to-curve.d.ts.map +1 -1
- package/abstract/hash-to-curve.js +15 -10
- package/abstract/hash-to-curve.js.map +1 -1
- package/abstract/modular.d.ts +30 -5
- package/abstract/modular.d.ts.map +1 -1
- package/abstract/modular.js +36 -16
- package/abstract/modular.js.map +1 -1
- package/abstract/montgomery.d.ts.map +1 -1
- package/abstract/montgomery.js +6 -1
- package/abstract/montgomery.js.map +1 -1
- package/abstract/poseidon.d.ts +10 -1
- package/abstract/poseidon.d.ts.map +1 -1
- package/abstract/poseidon.js +9 -1
- package/abstract/poseidon.js.map +1 -1
- package/abstract/tower.d.ts +12 -1
- package/abstract/tower.d.ts.map +1 -1
- package/abstract/tower.js +14 -11
- package/abstract/tower.js.map +1 -1
- package/abstract/utils.d.ts +10 -5
- package/abstract/utils.d.ts.map +1 -1
- package/abstract/utils.js +5 -1
- package/abstract/utils.js.map +1 -1
- package/abstract/weierstrass.d.ts +51 -85
- package/abstract/weierstrass.d.ts.map +1 -1
- package/abstract/weierstrass.js +42 -15
- package/abstract/weierstrass.js.map +1 -1
- package/bls12-381.d.ts +12 -1
- package/bls12-381.d.ts.map +1 -1
- package/bls12-381.js +72 -60
- package/bls12-381.js.map +1 -1
- package/bn254.d.ts +4 -3
- package/bn254.d.ts.map +1 -1
- package/bn254.js +23 -20
- package/bn254.js.map +1 -1
- package/ed25519.d.ts +27 -7
- package/ed25519.d.ts.map +1 -1
- package/ed25519.js +30 -6
- package/ed25519.js.map +1 -1
- package/ed448.d.ts +25 -10
- package/ed448.d.ts.map +1 -1
- package/ed448.js +30 -8
- package/ed448.js.map +1 -1
- package/esm/_shortw_utils.d.ts +9 -55
- package/esm/_shortw_utils.d.ts.map +1 -1
- package/esm/_shortw_utils.js +6 -2
- package/esm/_shortw_utils.js.map +1 -1
- package/esm/abstract/bls.d.ts +8 -6
- package/esm/abstract/bls.d.ts.map +1 -1
- package/esm/abstract/bls.js +17 -1
- package/esm/abstract/bls.js.map +1 -1
- package/esm/abstract/curve.d.ts +27 -32
- package/esm/abstract/curve.d.ts.map +1 -1
- package/esm/abstract/curve.js +21 -14
- package/esm/abstract/curve.js.map +1 -1
- package/esm/abstract/edwards.d.ts +14 -25
- package/esm/abstract/edwards.d.ts.map +1 -1
- package/esm/abstract/edwards.js +8 -4
- package/esm/abstract/edwards.js.map +1 -1
- package/esm/abstract/hash-to-curve.d.ts +29 -9
- package/esm/abstract/hash-to-curve.d.ts.map +1 -1
- package/esm/abstract/hash-to-curve.js +15 -10
- package/esm/abstract/hash-to-curve.js.map +1 -1
- package/esm/abstract/modular.d.ts +30 -5
- package/esm/abstract/modular.d.ts.map +1 -1
- package/esm/abstract/modular.js +36 -16
- package/esm/abstract/modular.js.map +1 -1
- package/esm/abstract/montgomery.d.ts.map +1 -1
- package/esm/abstract/montgomery.js +6 -1
- package/esm/abstract/montgomery.js.map +1 -1
- package/esm/abstract/poseidon.d.ts +10 -1
- package/esm/abstract/poseidon.d.ts.map +1 -1
- package/esm/abstract/poseidon.js +9 -1
- package/esm/abstract/poseidon.js.map +1 -1
- package/esm/abstract/tower.d.ts +12 -1
- package/esm/abstract/tower.d.ts.map +1 -1
- package/esm/abstract/tower.js +14 -11
- package/esm/abstract/tower.js.map +1 -1
- package/esm/abstract/utils.d.ts +10 -5
- package/esm/abstract/utils.d.ts.map +1 -1
- package/esm/abstract/utils.js +4 -0
- package/esm/abstract/utils.js.map +1 -1
- package/esm/abstract/weierstrass.d.ts +51 -85
- package/esm/abstract/weierstrass.d.ts.map +1 -1
- package/esm/abstract/weierstrass.js +42 -16
- package/esm/abstract/weierstrass.js.map +1 -1
- package/esm/bls12-381.d.ts +12 -1
- package/esm/bls12-381.d.ts.map +1 -1
- package/esm/bls12-381.js +73 -61
- package/esm/bls12-381.js.map +1 -1
- package/esm/bn254.d.ts +4 -3
- package/esm/bn254.d.ts.map +1 -1
- package/esm/bn254.js +23 -20
- package/esm/bn254.js.map +1 -1
- package/esm/ed25519.d.ts +27 -7
- package/esm/ed25519.d.ts.map +1 -1
- package/esm/ed25519.js +31 -7
- package/esm/ed25519.js.map +1 -1
- package/esm/ed448.d.ts +25 -10
- package/esm/ed448.d.ts.map +1 -1
- package/esm/ed448.js +31 -9
- package/esm/ed448.js.map +1 -1
- package/esm/index.js +16 -0
- package/esm/index.js.map +1 -1
- package/esm/jubjub.d.ts +4 -8
- package/esm/jubjub.d.ts.map +1 -1
- package/esm/jubjub.js +6 -5
- package/esm/jubjub.js.map +1 -1
- package/esm/p256.d.ts +10 -104
- package/esm/p256.d.ts.map +1 -1
- package/esm/p256.js +9 -2
- package/esm/p256.js.map +1 -1
- package/esm/p384.d.ts +10 -104
- package/esm/p384.d.ts.map +1 -1
- package/esm/p384.js +9 -2
- package/esm/p384.js.map +1 -1
- package/esm/p521.d.ts +11 -104
- package/esm/p521.d.ts.map +1 -1
- package/esm/p521.js +11 -3
- package/esm/p521.js.map +1 -1
- package/esm/pasta.d.ts +5 -2
- package/esm/pasta.d.ts.map +1 -1
- package/esm/pasta.js +6 -2
- package/esm/pasta.js.map +1 -1
- package/esm/secp256k1.d.ts +30 -58
- package/esm/secp256k1.d.ts.map +1 -1
- package/esm/secp256k1.js +34 -8
- package/esm/secp256k1.js.map +1 -1
- package/index.js +16 -0
- package/index.js.map +1 -1
- package/jubjub.d.ts +4 -8
- package/jubjub.d.ts.map +1 -1
- package/jubjub.js +6 -5
- package/jubjub.js.map +1 -1
- package/p256.d.ts +10 -104
- package/p256.d.ts.map +1 -1
- package/p256.js +9 -2
- package/p256.js.map +1 -1
- package/p384.d.ts +10 -104
- package/p384.d.ts.map +1 -1
- package/p384.js +9 -2
- package/p384.js.map +1 -1
- package/p521.d.ts +11 -104
- package/p521.d.ts.map +1 -1
- package/p521.js +11 -3
- package/p521.js.map +1 -1
- package/package.json +16 -13
- package/pasta.d.ts +5 -2
- package/pasta.d.ts.map +1 -1
- package/pasta.js +6 -2
- package/pasta.js.map +1 -1
- package/secp256k1.d.ts +30 -58
- package/secp256k1.d.ts.map +1 -1
- package/secp256k1.js +33 -7
- package/secp256k1.js.map +1 -1
- package/src/_shortw_utils.ts +19 -9
- package/src/abstract/bls.ts +20 -18
- package/src/abstract/curve.ts +52 -19
- package/src/abstract/edwards.ts +18 -12
- package/src/abstract/hash-to-curve.ts +42 -17
- package/src/abstract/modular.ts +55 -27
- package/src/abstract/montgomery.ts +7 -1
- package/src/abstract/poseidon.ts +29 -7
- package/src/abstract/tower.ts +59 -14
- package/src/abstract/utils.ts +26 -19
- package/src/abstract/weierstrass.ts +91 -50
- package/src/bls12-381.ts +80 -66
- package/src/bn254.ts +30 -24
- package/src/ed25519.ts +52 -23
- package/src/ed448.ts +50 -23
- package/src/index.ts +16 -0
- package/src/jubjub.ts +10 -10
- package/src/p256.ts +15 -9
- package/src/p384.ts +15 -9
- package/src/p521.ts +17 -10
- package/src/pasta.ts +15 -7
- package/src/secp256k1.ts +57 -15
package/secp256k1.js
CHANGED
|
@@ -1,6 +1,18 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.encodeToCurve = exports.hashToCurve = exports.schnorr = exports.secp256k1 = void 0;
|
|
4
|
+
/**
|
|
5
|
+
* NIST secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
|
|
6
|
+
*
|
|
7
|
+
* Seems to be rigid (not backdoored)
|
|
8
|
+
* [as per discussion](https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975).
|
|
9
|
+
*
|
|
10
|
+
* secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
|
|
11
|
+
* Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
|
|
12
|
+
* For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
|
|
13
|
+
* [See explanation](https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066).
|
|
14
|
+
* @module
|
|
15
|
+
*/
|
|
4
16
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
5
17
|
const sha256_1 = require("@noble/hashes/sha256");
|
|
6
18
|
const utils_1 = require("@noble/hashes/utils");
|
|
@@ -45,10 +57,19 @@ function sqrtMod(y) {
|
|
|
45
57
|
const Fpk1 = (0, modular_js_1.Field)(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
|
|
46
58
|
/**
|
|
47
59
|
* secp256k1 short weierstrass curve and ECDSA signatures over it.
|
|
60
|
+
*
|
|
61
|
+
* @example
|
|
62
|
+
* import { secp256k1 } from '@noble/curves/secp256k1';
|
|
63
|
+
*
|
|
64
|
+
* const priv = secp256k1.utils.randomPrivateKey();
|
|
65
|
+
* const pub = secp256k1.getPublicKey(priv);
|
|
66
|
+
* const msg = new Uint8Array(32).fill(1); // message hash (not message) in ecdsa
|
|
67
|
+
* const sig = secp256k1.sign(msg, priv); // `{prehash: true}` option is available
|
|
68
|
+
* const isValid = secp256k1.verify(sig, msg, pub) === true;
|
|
48
69
|
*/
|
|
49
70
|
exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
|
|
50
71
|
a: BigInt(0), // equation params: a, b
|
|
51
|
-
b: BigInt(7),
|
|
72
|
+
b: BigInt(7),
|
|
52
73
|
Fp: Fpk1, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
|
|
53
74
|
n: secp256k1N, // Curve order, total count of valid points in the field
|
|
54
75
|
// Base point (x, y) aka generator point
|
|
@@ -56,13 +77,8 @@ exports.secp256k1 = (0, _shortw_utils_js_1.createCurve)({
|
|
|
56
77
|
Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
|
|
57
78
|
h: BigInt(1), // Cofactor
|
|
58
79
|
lowS: true, // Allow only low-S signatures by default in sign() and verify()
|
|
59
|
-
/**
|
|
60
|
-
* secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
|
|
61
|
-
* Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
|
|
62
|
-
* For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
|
|
63
|
-
* Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
|
|
64
|
-
*/
|
|
65
80
|
endo: {
|
|
81
|
+
// Endomorphism, see above
|
|
66
82
|
beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
|
|
67
83
|
splitScalar: (k) => {
|
|
68
84
|
const n = secp256k1N;
|
|
@@ -195,6 +211,14 @@ function schnorrVerify(signature, message, publicKey) {
|
|
|
195
211
|
}
|
|
196
212
|
/**
|
|
197
213
|
* Schnorr signatures over secp256k1.
|
|
214
|
+
* https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
|
|
215
|
+
* @example
|
|
216
|
+
* import { schnorr } from '@noble/curves/secp256k1';
|
|
217
|
+
* const priv = schnorr.utils.randomPrivateKey();
|
|
218
|
+
* const pub = schnorr.getPublicKey(priv);
|
|
219
|
+
* const msg = new TextEncoder().encode('hello');
|
|
220
|
+
* const sig = schnorr.sign(msg, priv);
|
|
221
|
+
* const isValid = schnorr.verify(sig, msg, pub);
|
|
198
222
|
*/
|
|
199
223
|
exports.schnorr = (() => ({
|
|
200
224
|
getPublicKey: schnorrGetPublicKey,
|
|
@@ -256,6 +280,8 @@ const htf = /* @__PURE__ */ (() => (0, hash_to_curve_js_1.createHasher)(exports.
|
|
|
256
280
|
expand: 'xmd',
|
|
257
281
|
hash: sha256_1.sha256,
|
|
258
282
|
}))();
|
|
283
|
+
/** secp256k1 hash-to-curve from [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). */
|
|
259
284
|
exports.hashToCurve = (() => htf.hashToCurve)();
|
|
285
|
+
/** secp256k1 encode-to-curve from [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380). */
|
|
260
286
|
exports.encodeToCurve = (() => htf.encodeToCurve)();
|
|
261
287
|
//# sourceMappingURL=secp256k1.js.map
|
package/secp256k1.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":";;;AAAA,sEAAsE;AACtE,iDAA8C;AAC9C,+CAAkD;AAClD,yDAAiD;AACjD,kEAAuE;AACvE,sDAAyD;AAEzD,kDAO6B;AAC7B,8DAA4F;AAE5F,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,OAAO,CAAC,CAAS;IACxB,MAAM,CAAC,GAAG,UAAU,CAAC;IACrB,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACtC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;IACpC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,IAAI,GAAG,IAAA,kBAAK,EAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAExE;;GAEG;AACU,QAAA,SAAS,GAAG,IAAA,8BAAW,EAClC;IACE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,wBAAwB;IACtC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,iFAAiF;IAC/F,EAAE,EAAE,IAAI,EAAE,sFAAsF;IAChG,CAAC,EAAE,UAAU,EAAE,wDAAwD;IACvE,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,WAAW;IACzB,IAAI,EAAE,IAAI,EAAE,gEAAgE;IAC5E;;;;;OAKG;IACH,IAAI,EAAE;QACJ,IAAI,EAAE,MAAM,CAAC,oEAAoE,CAAC;QAClF,WAAW,EAAE,CAAC,CAAS,EAAE,EAAE;YACzB,MAAM,CAAC,GAAG,UAAU,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACxD,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC;YACzD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC,0BAA0B;YAE3F,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACvC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,SAAS,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAClC,CAAC;KACF;CACF,EACD,eAAM,CACP,CAAC;AAEF,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,wFAAwF;AACxF,MAAM,oBAAoB,GAAkC,EAAE,CAAC;AAC/D,SAAS,UAAU,CAAC,GAAW,EAAE,GAAG,QAAsB;IACxD,IAAI,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,IAAA,eAAM,EAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAA,sBAAW,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/B,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;IACnC,CAAC;IACD,OAAO,IAAA,eAAM,EAAC,IAAA,sBAAW,EAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,oFAAoF;AACpF,MAAM,YAAY,GAAG,CAAC,KAAwB,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAG,iBAAS,CAAC,eAAe,CAAC;AACxC,MAAM,OAAO,GAAG,CAAC,CAAoB,EAAE,CAAS,EAAE,CAAS,EAAE,EAAE,CAC7D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAE3C,oCAAoC;AACpC,SAAS,mBAAmB,CAAC,IAAa;IACxC,IAAI,EAAE,GAAG,iBAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,yCAAyC;IAChG,IAAI,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,4CAA4C;IAC9E,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;AACpD,CAAC;AACD;;;GAGG;AACH,SAAS,MAAM,CAAC,CAAS;IACvB,IAAA,mBAAQ,EAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,iBAAiB;IACpD,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC5D,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC/C,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG;QAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;IACtF,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mDAAmD;IACnF,CAAC,CAAC,cAAc,EAAE,CAAC;IACnB,OAAO,CAAC,CAAC;AACX,CAAC;AACD,MAAM,GAAG,GAAG,0BAAe,CAAC;AAC5B;;GAEG;AACH,SAAS,SAAS,CAAC,GAAG,IAAkB;IACtC,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,UAAe;IAC1C,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,oDAAoD;AACpG,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,OAAY,EACZ,UAAmB,EACnB,UAAe,IAAA,mBAAW,EAAC,EAAE,CAAC;IAE9B,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,gCAAgC;IAClG,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,2CAA2C;IAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,yDAAyD;IACpH,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,4CAA4C;IAChG,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACvD,IAAI,EAAE,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB;IAC7E,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB;IAC1E,MAAM,CAAC,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gEAAgE;IAChG,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/E,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACf,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,iEAAiE;IACjE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACpF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,SAAc,EAAE,OAAY,EAAE,SAAc;IACjE,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAA0C;QACtE,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;QAC7E,IAAI,CAAC,IAAA,kBAAO,EAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAC/E,IAAI,CAAC,IAAA,kBAAO,EAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAChG,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACnD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;QAC/E,OAAO,IAAI,CAAC,CAAC,yDAAyD;IACxE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACU,QAAA,OAAO,GAAmB,CAAC,GAAG,EAAE,CAAC,CAAC;IAC7C,YAAY,EAAE,mBAAmB;IACjC,IAAI,EAAE,WAAW;IACjB,MAAM,EAAE,aAAa;IACrB,KAAK,EAAE;QACL,gBAAgB,EAAE,iBAAS,CAAC,KAAK,CAAC,gBAAgB;QAClD,MAAM;QACN,YAAY;QACZ,eAAe,EAAf,0BAAe;QACf,eAAe,EAAf,0BAAe;QACf,UAAU;QACV,GAAG,EAAH,gBAAG;KACJ;CACF,CAAC,CAAC,EAAE,CAAC;AAEN,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACnC,IAAA,6BAAU,EACR,IAAI,EACJ;IACE,OAAO;IACP;QACE,oEAAoE;QACpE,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAA6C,CAClF,CAAC,EAAE,CAAC;AACP,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACnC,IAAA,oCAAmB,EAAC,IAAI,EAAE;IACxB,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC9B,CAAC,CAAC,EAAE,CAAC;AACR,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CAChC,IAAA,+BAAY,EACV,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE;IACpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtB,CAAC,EACD;IACE,GAAG,EAAE,gCAAgC;IACrC,SAAS,EAAE,gCAAgC;IAC3C,CAAC,EAAE,IAAI,CAAC,KAAK;IACb,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC,EAAE,CAAC;AACM,QAAA,WAAW,GAAmB,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;AACxD,QAAA,aAAa,GAAmB,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC"}
|
|
1
|
+
{"version":3,"file":"secp256k1.js","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;GAWG;AACH,sEAAsE;AACtE,iDAA8C;AAC9C,+CAAkD;AAClD,yDAAyE;AACzE,kEAAuF;AACvF,sDAAyD;AAEzD,kDAO6B;AAC7B,8DAAiG;AAEjG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,UAAU,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAChG,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;AAE/D;;;GAGG;AACH,SAAS,OAAO,CAAC,CAAS;IACxB,MAAM,CAAC,GAAG,UAAU,CAAC;IACrB,kBAAkB;IAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC7E,kBAAkB;IAClB,MAAM,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,EAAE,IAAI,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;IAC9D,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,UAAU;IACtC,MAAM,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;IACpC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACxC,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,GAAG,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC5C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,IAAI,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,CAAC,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC;IACvC,MAAM,IAAI,GAAG,IAAA,iBAAI,EAAC,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;IAC9B,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7E,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,IAAI,GAAG,IAAA,kBAAK,EAAC,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;AAExE;;;;;;;;;;;GAWG;AACU,QAAA,SAAS,GAAsB,IAAA,8BAAW,EACrD;IACE,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,wBAAwB;IACtC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE,EAAE,IAAI,EAAE,sFAAsF;IAChG,CAAC,EAAE,UAAU,EAAE,wDAAwD;IACvE,wCAAwC;IACxC,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,EAAE,WAAW;IACzB,IAAI,EAAE,IAAI,EAAE,gEAAgE;IAC5E,IAAI,EAAE;QACJ,0BAA0B;QAC1B,IAAI,EAAE,MAAM,CAAC,oEAAoE,CAAC;QAClF,WAAW,EAAE,CAAC,CAAS,EAAE,EAAE;YACzB,MAAM,CAAC,GAAG,UAAU,CAAC;YACrB,MAAM,EAAE,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YACxD,MAAM,EAAE,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,oCAAoC,CAAC,CAAC;YAC/D,MAAM,EAAE,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC;YACzD,MAAM,EAAE,GAAG,EAAE,CAAC;YACd,MAAM,SAAS,GAAG,MAAM,CAAC,qCAAqC,CAAC,CAAC,CAAC,0BAA0B;YAE3F,MAAM,EAAE,GAAG,UAAU,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YACjC,MAAM,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACvC,IAAI,EAAE,GAAG,IAAA,gBAAG,EAAC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;YACpC,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,MAAM,KAAK,GAAG,EAAE,GAAG,SAAS,CAAC;YAC7B,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,KAAK;gBAAE,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;YACvB,IAAI,EAAE,GAAG,SAAS,IAAI,EAAE,GAAG,SAAS,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,CAAC,CAAC;YAC9D,CAAC;YACD,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;QAClC,CAAC;KACF;CACF,EACD,eAAM,CACP,CAAC;AAEF,+FAA+F;AAC/F,iEAAiE;AACjE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,wFAAwF;AACxF,MAAM,oBAAoB,GAAkC,EAAE,CAAC;AAC/D,SAAS,UAAU,CAAC,GAAW,EAAE,GAAG,QAAsB;IACxD,IAAI,IAAI,GAAG,oBAAoB,CAAC,GAAG,CAAC,CAAC;IACrC,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,IAAA,eAAM,EAAC,UAAU,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAClE,IAAI,GAAG,IAAA,sBAAW,EAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QAC/B,oBAAoB,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC;IACnC,CAAC;IACD,OAAO,IAAA,eAAM,EAAC,IAAA,sBAAW,EAAC,IAAI,EAAE,GAAG,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,oFAAoF;AACpF,MAAM,YAAY,GAAG,CAAC,KAAwB,EAAE,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACnF,MAAM,QAAQ,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,0BAAe,EAAC,CAAC,EAAE,EAAE,CAAC,CAAC;AACvD,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,UAAU,CAAC,CAAC;AAC/C,MAAM,KAAK,GAAG,iBAAS,CAAC,eAAe,CAAC;AACxC,MAAM,OAAO,GAAG,CAAC,CAAoB,EAAE,CAAS,EAAE,CAAS,EAAE,EAAE,CAC7D,KAAK,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AAE3C,oCAAoC;AACpC,SAAS,mBAAmB,CAAC,IAAa;IACxC,IAAI,EAAE,GAAG,iBAAS,CAAC,KAAK,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,CAAC,yCAAyC;IAChG,IAAI,CAAC,GAAG,KAAK,CAAC,cAAc,CAAC,EAAE,CAAC,CAAC,CAAC,4CAA4C;IAC9E,MAAM,MAAM,GAAG,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,CAAC;IAC7C,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;AACpD,CAAC;AACD;;;GAGG;AACH,SAAS,MAAM,CAAC,CAAS;IACvB,IAAA,mBAAQ,EAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC,CAAC,iBAAiB;IACpD,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,MAAM,CAAC,GAAG,IAAI,CAAC,EAAE,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,wBAAwB;IAC5D,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,2BAA2B;IAC/C,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG;QAAE,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,mDAAmD;IACtF,MAAM,CAAC,GAAG,IAAI,KAAK,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,mDAAmD;IACnF,CAAC,CAAC,cAAc,EAAE,CAAC;IACnB,OAAO,CAAC,CAAC;AACX,CAAC;AACD,MAAM,GAAG,GAAG,0BAAe,CAAC;AAC5B;;GAEG;AACH,SAAS,SAAS,CAAC,GAAG,IAAkB;IACtC,OAAO,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;AAC7D,CAAC;AAED;;GAEG;AACH,SAAS,mBAAmB,CAAC,UAAe;IAC1C,OAAO,mBAAmB,CAAC,UAAU,CAAC,CAAC,KAAK,CAAC,CAAC,oDAAoD;AACpG,CAAC;AAED;;;GAGG;AACH,SAAS,WAAW,CAClB,OAAY,EACZ,UAAmB,EACnB,UAAe,IAAA,mBAAW,EAAC,EAAE,CAAC;IAE9B,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC,CAAC,gCAAgC;IAClG,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC,2CAA2C;IAC1F,MAAM,CAAC,GAAG,QAAQ,CAAC,CAAC,GAAG,GAAG,CAAC,UAAU,CAAC,aAAa,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,yDAAyD;IACpH,MAAM,IAAI,GAAG,UAAU,CAAC,eAAe,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,4CAA4C;IAChG,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,2BAA2B;IACvD,IAAI,EAAE,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,kBAAkB;IAC7E,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,mBAAmB,CAAC,EAAE,CAAC,CAAC,CAAC,gBAAgB;IAC1E,MAAM,CAAC,GAAG,SAAS,CAAC,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gEAAgE;IAChG,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC,+CAA+C;IAC/E,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACf,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACvC,iEAAiE;IACjE,IAAI,CAAC,aAAa,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACpF,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,SAAS,aAAa,CAAC,SAAc,EAAE,OAAY,EAAE,SAAc;IACjE,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,MAAM,CAAC,GAAG,IAAA,sBAAW,EAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IAC1C,MAAM,GAAG,GAAG,IAAA,sBAAW,EAAC,WAAW,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;IACpD,IAAI,CAAC;QACH,MAAM,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,0CAA0C;QACtE,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,yCAAyC;QAC7E,IAAI,CAAC,IAAA,kBAAO,EAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAC/E,IAAI,CAAC,IAAA,kBAAO,EAAC,CAAC,EAAE,GAAG,EAAE,UAAU,CAAC;YAAE,OAAO,KAAK,CAAC;QAC/C,MAAM,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,0CAA0C;QAChG,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACnD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC,CAAC,gBAAgB;QAC/E,OAAO,IAAI,CAAC,CAAC,yDAAyD;IACxE,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAgBD;;;;;;;;;;GAUG;AACU,QAAA,OAAO,GAAgC,CAAC,GAAG,EAAE,CAAC,CAAC;IAC1D,YAAY,EAAE,mBAAmB;IACjC,IAAI,EAAE,WAAW;IACjB,MAAM,EAAE,aAAa;IACrB,KAAK,EAAE;QACL,gBAAgB,EAAE,iBAAS,CAAC,KAAK,CAAC,gBAAgB;QAClD,MAAM;QACN,YAAY;QACZ,eAAe,EAAf,0BAAe;QACf,eAAe,EAAf,0BAAe;QACf,UAAU;QACV,GAAG,EAAH,gBAAG;KACJ;CACF,CAAC,CAAC,EAAE,CAAC;AAEN,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACnC,IAAA,6BAAU,EACR,IAAI,EACJ;IACE,OAAO;IACP;QACE,oEAAoE;QACpE,mEAAmE;QACnE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;KACrE;IACD,OAAO;IACP;QACE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE;QACpE,oEAAoE,EAAE,SAAS;KAChF;CACF,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAA6C,CAClF,CAAC,EAAE,CAAC;AACP,MAAM,MAAM,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACnC,IAAA,oCAAmB,EAAC,IAAI,EAAE;IACxB,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,MAAM,CAAC;IACjB,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC9B,CAAC,CAAC,EAAE,CAAC;AACR,MAAM,GAAG,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CAChC,IAAA,+BAAY,EACV,iBAAS,CAAC,eAAe,EACzB,CAAC,OAAiB,EAAE,EAAE;IACpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,OAAO,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACtB,CAAC,EACD;IACE,GAAG,EAAE,gCAAgC;IACrC,SAAS,EAAE,gCAAgC;IAC3C,CAAC,EAAE,IAAI,CAAC,KAAK;IACb,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACb,CACF,CAAC,EAAE,CAAC;AAEP,uFAAuF;AAC1E,QAAA,WAAW,GAAsC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;AAExF,yFAAyF;AAC5E,QAAA,aAAa,GAAsC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC"}
|
package/src/_shortw_utils.ts
CHANGED
|
@@ -1,20 +1,30 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Utilities for short weierstrass curves, combined with noble-hashes.
|
|
3
|
+
* @module
|
|
4
|
+
*/
|
|
1
5
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
6
|
import { hmac } from '@noble/hashes/hmac';
|
|
3
7
|
import { concatBytes, randomBytes } from '@noble/hashes/utils';
|
|
4
|
-
import { CHash } from './abstract/utils.js';
|
|
5
|
-
import { CurveType, weierstrass } from './abstract/weierstrass.js';
|
|
8
|
+
import type { CHash } from './abstract/utils.js';
|
|
9
|
+
import { type CurveFn, type CurveType, weierstrass } from './abstract/weierstrass.js';
|
|
6
10
|
|
|
7
|
-
|
|
8
|
-
export function getHash(hash: CHash) {
|
|
11
|
+
/** connects noble-curves to noble-hashes */
|
|
12
|
+
export function getHash(hash: CHash): {
|
|
13
|
+
hash: CHash;
|
|
14
|
+
hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => Uint8Array;
|
|
15
|
+
randomBytes: typeof randomBytes;
|
|
16
|
+
} {
|
|
9
17
|
return {
|
|
10
18
|
hash,
|
|
11
19
|
hmac: (key: Uint8Array, ...msgs: Uint8Array[]) => hmac(hash, key, concatBytes(...msgs)),
|
|
12
20
|
randomBytes,
|
|
13
21
|
};
|
|
14
22
|
}
|
|
15
|
-
|
|
16
|
-
type CurveDef = Readonly<Omit<CurveType, 'hash' | 'hmac' | 'randomBytes'>>;
|
|
17
|
-
export
|
|
18
|
-
|
|
19
|
-
|
|
23
|
+
/** Same API as @noble/hashes, with ability to create curve with custom hash */
|
|
24
|
+
export type CurveDef = Readonly<Omit<CurveType, 'hash' | 'hmac' | 'randomBytes'>>;
|
|
25
|
+
export type CurveFnWithCreate = CurveFn & { create: (hash: CHash) => CurveFn };
|
|
26
|
+
|
|
27
|
+
export function createCurve(curveDef: CurveDef, defHash: CHash): CurveFnWithCreate {
|
|
28
|
+
const create = (hash: CHash): CurveFn => weierstrass({ ...curveDef, ...getHash(hash) });
|
|
29
|
+
return { ...create(defHash), create };
|
|
20
30
|
}
|
package/src/abstract/bls.ts
CHANGED
|
@@ -1,22 +1,5 @@
|
|
|
1
|
-
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
// BLS (Barreto-Lynn-Scott) family of pairing-friendly curves.
|
|
3
|
-
// TODO: import { AffinePoint } from './curve.js';
|
|
4
|
-
import { IField, getMinHashLength, mapHashToField } from './modular.js';
|
|
5
|
-
import { Hex, PrivKey, CHash, ensureBytes, memoized } from './utils.js';
|
|
6
|
-
// prettier-ignore
|
|
7
|
-
import {
|
|
8
|
-
MapToCurve, Opts as HTFOpts, H2CPointConstructor, htfBasicOpts,
|
|
9
|
-
createHasher
|
|
10
|
-
} from './hash-to-curve.js';
|
|
11
|
-
import {
|
|
12
|
-
CurvePointsType,
|
|
13
|
-
ProjPointType as ProjPointType,
|
|
14
|
-
CurvePointsRes,
|
|
15
|
-
weierstrassPoints,
|
|
16
|
-
} from './weierstrass.js';
|
|
17
|
-
import type { Fp2, Fp6, Fp12, Fp2Bls, Fp12Bls } from './tower.js';
|
|
18
|
-
|
|
19
1
|
/**
|
|
2
|
+
* BLS (Barreto-Lynn-Scott) family of pairing-friendly curves.
|
|
20
3
|
* BLS != BLS.
|
|
21
4
|
* The file implements BLS (Boneh-Lynn-Shacham) signatures.
|
|
22
5
|
* Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
|
|
@@ -30,7 +13,26 @@ import type { Fp2, Fp6, Fp12, Fp2Bls, Fp12Bls } from './tower.js';
|
|
|
30
13
|
* There are two main ways to use it:
|
|
31
14
|
* 1. Fp for short private keys, Fp₂ for signatures
|
|
32
15
|
* 2. Fp for short signatures, Fp₂ for private keys
|
|
16
|
+
* @module
|
|
33
17
|
**/
|
|
18
|
+
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
19
|
+
// TODO: import { AffinePoint } from './curve.js';
|
|
20
|
+
import { type IField, getMinHashLength, mapHashToField } from './modular.js';
|
|
21
|
+
import { type CHash, type Hex, type PrivKey, ensureBytes, memoized } from './utils.js';
|
|
22
|
+
// prettier-ignore
|
|
23
|
+
import {
|
|
24
|
+
type H2CPointConstructor, type htfBasicOpts,
|
|
25
|
+
type Opts as HTFOpts,
|
|
26
|
+
type MapToCurve,
|
|
27
|
+
createHasher
|
|
28
|
+
} from './hash-to-curve.js';
|
|
29
|
+
import type { Fp12, Fp12Bls, Fp2, Fp2Bls, Fp6 } from './tower.js';
|
|
30
|
+
import {
|
|
31
|
+
type CurvePointsRes,
|
|
32
|
+
type CurvePointsType,
|
|
33
|
+
type ProjPointType,
|
|
34
|
+
weierstrassPoints,
|
|
35
|
+
} from './weierstrass.js';
|
|
34
36
|
|
|
35
37
|
type Fp = bigint; // Can be different field?
|
|
36
38
|
|
package/src/abstract/curve.ts
CHANGED
|
@@ -1,7 +1,12 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Methods for elliptic curve multiplication by scalars.
|
|
3
|
+
* Contains wNAF, pippenger
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
1
6
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
|
|
3
|
-
import {
|
|
4
|
-
|
|
7
|
+
import { type IField, nLength, validateField } from './modular.js';
|
|
8
|
+
import { bitLen, validateObject } from './utils.js';
|
|
9
|
+
|
|
5
10
|
const _0n = BigInt(0);
|
|
6
11
|
const _1n = BigInt(1);
|
|
7
12
|
|
|
@@ -64,18 +69,34 @@ function getW(P: any): number {
|
|
|
64
69
|
return pointWindowSizes.get(P) || 1;
|
|
65
70
|
}
|
|
66
71
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
72
|
+
export type IWNAF<T extends Group<T>> = {
|
|
73
|
+
constTimeNegate: <T extends Group<T>>(condition: boolean, item: T) => T;
|
|
74
|
+
hasPrecomputes(elm: T): boolean;
|
|
75
|
+
unsafeLadder(elm: T, n: bigint, p?: T): T;
|
|
76
|
+
precomputeWindow(elm: T, W: number): Group<T>[];
|
|
77
|
+
wNAF(W: number, precomputes: T[], n: bigint): { p: T; f: T };
|
|
78
|
+
wNAFUnsafe(W: number, precomputes: T[], n: bigint, acc?: T): T;
|
|
79
|
+
getPrecomputes(W: number, P: T, transform: Mapper<T>): T[];
|
|
80
|
+
wNAFCached(P: T, n: bigint, transform: Mapper<T>): { p: T; f: T };
|
|
81
|
+
wNAFCachedUnsafe(P: T, n: bigint, transform: Mapper<T>, prev?: T): T;
|
|
82
|
+
setWindowSize(P: T, W: number): void;
|
|
83
|
+
};
|
|
84
|
+
|
|
85
|
+
/**
|
|
86
|
+
* Elliptic curve multiplication of Point by scalar. Fragile.
|
|
87
|
+
* Scalars should always be less than curve order: this should be checked inside of a curve itself.
|
|
88
|
+
* Creates precomputation tables for fast multiplication:
|
|
89
|
+
* - private scalar is split by fixed size windows of W bits
|
|
90
|
+
* - every window point is collected from window's table & added to accumulator
|
|
91
|
+
* - since windows are different, same point inside tables won't be accessed more than once per calc
|
|
92
|
+
* - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
|
|
93
|
+
* - +1 window is neccessary for wNAF
|
|
94
|
+
* - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
|
|
95
|
+
*
|
|
96
|
+
* @todo Research returning 2d JS array of windows, instead of a single window.
|
|
97
|
+
* This would allow windows to be in different memory locations
|
|
98
|
+
*/
|
|
99
|
+
export function wNAF<T extends Group<T>>(c: GroupConstructor<T>, bits: number): IWNAF<T> {
|
|
79
100
|
return {
|
|
80
101
|
constTimeNegate,
|
|
81
102
|
|
|
@@ -316,7 +337,7 @@ export function precomputeMSMUnsafe<T extends Group<T>>(
|
|
|
316
337
|
fieldN: IField<bigint>,
|
|
317
338
|
points: T[],
|
|
318
339
|
windowSize: number
|
|
319
|
-
) {
|
|
340
|
+
): (scalars: bigint[]) => T {
|
|
320
341
|
/**
|
|
321
342
|
* Performance Analysis of Window-based Precomputation
|
|
322
343
|
*
|
|
@@ -386,8 +407,10 @@ export function precomputeMSMUnsafe<T extends Group<T>>(
|
|
|
386
407
|
};
|
|
387
408
|
}
|
|
388
409
|
|
|
389
|
-
|
|
390
|
-
|
|
410
|
+
/**
|
|
411
|
+
* Generic BasicCurve interface: works even for polynomial fields (BLS): P, n, h would be ok.
|
|
412
|
+
* Though generator can be different (Fp2 / Fp6 for BLS).
|
|
413
|
+
*/
|
|
391
414
|
export type BasicCurve<T> = {
|
|
392
415
|
Fp: IField<T>; // Field over which we'll do calculations (Fp)
|
|
393
416
|
n: bigint; // Curve order, total count of valid points in the field
|
|
@@ -400,7 +423,17 @@ export type BasicCurve<T> = {
|
|
|
400
423
|
allowInfinityPoint?: boolean; // bls12-381 requires it. ZERO point is valid, but invalid pubkey
|
|
401
424
|
};
|
|
402
425
|
|
|
403
|
-
export function validateBasic<FP, T>(
|
|
426
|
+
export function validateBasic<FP, T>(
|
|
427
|
+
curve: BasicCurve<FP> & T
|
|
428
|
+
): Readonly<
|
|
429
|
+
{
|
|
430
|
+
readonly nBitLength: number;
|
|
431
|
+
readonly nByteLength: number;
|
|
432
|
+
} & BasicCurve<FP> &
|
|
433
|
+
T & {
|
|
434
|
+
p: bigint;
|
|
435
|
+
}
|
|
436
|
+
> {
|
|
404
437
|
validateField(curve.Fp);
|
|
405
438
|
validateObject(
|
|
406
439
|
curve,
|
package/src/abstract/edwards.ts
CHANGED
|
@@ -1,23 +1,27 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y².
|
|
3
|
+
* For design rationale of types / exports, see weierstrass module documentation.
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
1
6
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
|
-
// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²
|
|
3
7
|
import {
|
|
4
|
-
AffinePoint,
|
|
5
|
-
BasicCurve,
|
|
6
|
-
Group,
|
|
7
|
-
GroupConstructor,
|
|
8
|
+
type AffinePoint,
|
|
9
|
+
type BasicCurve,
|
|
10
|
+
type Group,
|
|
11
|
+
type GroupConstructor,
|
|
12
|
+
pippenger,
|
|
8
13
|
validateBasic,
|
|
9
14
|
wNAF,
|
|
10
|
-
pippenger,
|
|
11
15
|
} from './curve.js';
|
|
12
|
-
import {
|
|
16
|
+
import { Field, mod } from './modular.js';
|
|
13
17
|
import * as ut from './utils.js';
|
|
14
|
-
import { ensureBytes, FHash, Hex, memoized
|
|
18
|
+
import { abool, ensureBytes, type FHash, type Hex, memoized } from './utils.js';
|
|
15
19
|
|
|
16
20
|
// Be friendly to bad ECMAScript parsers by not using bigint literals
|
|
17
21
|
// prettier-ignore
|
|
18
22
|
const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);
|
|
19
23
|
|
|
20
|
-
|
|
24
|
+
/** Edwards curves must declare params a & d. */
|
|
21
25
|
export type CurveType = BasicCurve<bigint> & {
|
|
22
26
|
a: bigint; // curve param a
|
|
23
27
|
d: bigint; // curve param d
|
|
@@ -30,10 +34,12 @@ export type CurveType = BasicCurve<bigint> & {
|
|
|
30
34
|
mapToCurve?: (scalar: bigint[]) => AffinePoint<bigint>; // for hash-to-curve standard
|
|
31
35
|
};
|
|
32
36
|
|
|
37
|
+
export type CurveTypeWithLength = Readonly<CurveType & { nByteLength: number; nBitLength: number }>;
|
|
38
|
+
|
|
33
39
|
// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:
|
|
34
40
|
const VERIFY_DEFAULT = { zip215: true };
|
|
35
41
|
|
|
36
|
-
function validateOpts(curve: CurveType) {
|
|
42
|
+
function validateOpts(curve: CurveType): CurveTypeWithLength {
|
|
37
43
|
const opts = validateBasic(curve);
|
|
38
44
|
ut.validateObject(
|
|
39
45
|
curve,
|
|
@@ -54,7 +60,7 @@ function validateOpts(curve: CurveType) {
|
|
|
54
60
|
return Object.freeze({ ...opts } as const);
|
|
55
61
|
}
|
|
56
62
|
|
|
57
|
-
|
|
63
|
+
/** Instance of Extended Point with coordinates in X, Y, Z, T. */
|
|
58
64
|
export interface ExtPointType extends Group<ExtPointType> {
|
|
59
65
|
readonly ex: bigint;
|
|
60
66
|
readonly ey: bigint;
|
|
@@ -73,7 +79,7 @@ export interface ExtPointType extends Group<ExtPointType> {
|
|
|
73
79
|
toHex(isCompressed?: boolean): string;
|
|
74
80
|
_setWindowSize(windowSize: number): void;
|
|
75
81
|
}
|
|
76
|
-
|
|
82
|
+
/** Static methods of Extended Point with coordinates in X, Y, Z, T. */
|
|
77
83
|
export interface ExtPointConstructor extends GroupConstructor<ExtPointType> {
|
|
78
84
|
new (x: bigint, y: bigint, z: bigint, t: bigint): ExtPointType;
|
|
79
85
|
fromAffine(p: AffinePoint<bigint>): ExtPointType;
|
|
@@ -1,9 +1,16 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* hash-to-curve from [RFC 9380](https://www.rfc-editor.org/rfc/rfc9380).
|
|
3
|
+
* Hashes arbitrary-length byte strings to a list of one or more elements of a finite field F.
|
|
4
|
+
* @module
|
|
5
|
+
*/
|
|
1
6
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
2
7
|
import type { AffinePoint, Group, GroupConstructor } from './curve.js';
|
|
3
|
-
import { IField, mod } from './modular.js';
|
|
8
|
+
import { type IField, mod } from './modular.js';
|
|
4
9
|
import type { CHash } from './utils.js';
|
|
5
10
|
import { abytes, bytesToNumberBE, concatBytes, utf8ToBytes, validateObject } from './utils.js';
|
|
6
11
|
|
|
12
|
+
export type UnicodeOrBytes = string | Uint8Array;
|
|
13
|
+
|
|
7
14
|
/**
|
|
8
15
|
* * `DST` is a domain separation tag, defined in section 2.2.5
|
|
9
16
|
* * `p` characteristic of F, where F is a finite field of characteristic p and order q = p^m
|
|
@@ -12,7 +19,6 @@ import { abytes, bytesToNumberBE, concatBytes, utf8ToBytes, validateObject } fro
|
|
|
12
19
|
* * `expand` is `xmd` (SHA2, SHA3, BLAKE) or `xof` (SHAKE, BLAKE-XOF)
|
|
13
20
|
* * `hash` conforming to `utils.CHash` interface, with `outputLen` / `blockLen` props
|
|
14
21
|
*/
|
|
15
|
-
type UnicodeOrBytes = string | Uint8Array;
|
|
16
22
|
export type Opts = {
|
|
17
23
|
DST: UnicodeOrBytes;
|
|
18
24
|
p: bigint;
|
|
@@ -50,8 +56,10 @@ function anum(item: unknown): void {
|
|
|
50
56
|
if (!Number.isSafeInteger(item)) throw new Error('number expected');
|
|
51
57
|
}
|
|
52
58
|
|
|
53
|
-
|
|
54
|
-
|
|
59
|
+
/**
|
|
60
|
+
* Produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
|
|
61
|
+
* [RFC 9380 5.3.1](https://www.rfc-editor.org/rfc/rfc9380#section-5.3.1).
|
|
62
|
+
*/
|
|
55
63
|
export function expand_message_xmd(
|
|
56
64
|
msg: Uint8Array,
|
|
57
65
|
DST: Uint8Array,
|
|
@@ -80,11 +88,13 @@ export function expand_message_xmd(
|
|
|
80
88
|
return pseudo_random_bytes.slice(0, lenInBytes);
|
|
81
89
|
}
|
|
82
90
|
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
91
|
+
/**
|
|
92
|
+
* Produces a uniformly random byte string using an extendable-output function (XOF) H.
|
|
93
|
+
* 1. The collision resistance of H MUST be at least k bits.
|
|
94
|
+
* 2. H MUST be an XOF that has been proved indifferentiable from
|
|
95
|
+
* a random oracle under a reasonable cryptographic assumption.
|
|
96
|
+
* [RFC 9380 5.3.2](https://www.rfc-editor.org/rfc/rfc9380#section-5.3.2).
|
|
97
|
+
*/
|
|
88
98
|
export function expand_message_xof(
|
|
89
99
|
msg: Uint8Array,
|
|
90
100
|
DST: Uint8Array,
|
|
@@ -115,8 +125,8 @@ export function expand_message_xof(
|
|
|
115
125
|
}
|
|
116
126
|
|
|
117
127
|
/**
|
|
118
|
-
* Hashes arbitrary-length byte strings to a list of one or more elements of a finite field F
|
|
119
|
-
* https://www.rfc-editor.org/rfc/rfc9380#section-5.2
|
|
128
|
+
* Hashes arbitrary-length byte strings to a list of one or more elements of a finite field F.
|
|
129
|
+
* [RFC 9380 5.2](https://www.rfc-editor.org/rfc/rfc9380#section-5.2).
|
|
120
130
|
* @param msg a byte string containing the message to hash
|
|
121
131
|
* @param count the number of elements of F to output
|
|
122
132
|
* @param options `{DST: string, p: bigint, m: number, k: number, expand: 'xmd' | 'xof', hash: H}`, see above
|
|
@@ -161,7 +171,14 @@ export function hash_to_field(msg: Uint8Array, count: number, options: Opts): bi
|
|
|
161
171
|
return u;
|
|
162
172
|
}
|
|
163
173
|
|
|
164
|
-
export
|
|
174
|
+
export type XY<T> = (
|
|
175
|
+
x: T,
|
|
176
|
+
y: T
|
|
177
|
+
) => {
|
|
178
|
+
x: T;
|
|
179
|
+
y: T;
|
|
180
|
+
};
|
|
181
|
+
export function isogenyMap<T, F extends IField<T>>(field: F, map: [T[], T[], T[], T[]]): XY<T> {
|
|
165
182
|
// Make same order as in spec
|
|
166
183
|
const COEFF = map.map((i) => Array.from(i).reverse());
|
|
167
184
|
return (x: T, y: T) => {
|
|
@@ -170,10 +187,11 @@ export function isogenyMap<T, F extends IField<T>>(field: F, map: [T[], T[], T[]
|
|
|
170
187
|
);
|
|
171
188
|
x = field.div(xNum, xDen); // xNum / xDen
|
|
172
189
|
y = field.mul(y, field.div(yNum, yDen)); // y * (yNum / yDev)
|
|
173
|
-
return { x, y };
|
|
190
|
+
return { x: x, y: y };
|
|
174
191
|
};
|
|
175
192
|
}
|
|
176
193
|
|
|
194
|
+
/** Point interface, which curves must implement to work correctly with the module. */
|
|
177
195
|
export interface H2CPoint<T> extends Group<H2CPoint<T>> {
|
|
178
196
|
add(rhs: H2CPoint<T>): H2CPoint<T>;
|
|
179
197
|
toAffine(iz?: bigint): AffinePoint<T>;
|
|
@@ -190,17 +208,24 @@ export type MapToCurve<T> = (scalar: bigint[]) => AffinePoint<T>;
|
|
|
190
208
|
// Separated from initialization opts, so users won't accidentally change per-curve parameters
|
|
191
209
|
// (changing DST is ok!)
|
|
192
210
|
export type htfBasicOpts = { DST: UnicodeOrBytes };
|
|
211
|
+
export type HTFMethod<T> = (msg: Uint8Array, options?: htfBasicOpts) => H2CPoint<T>;
|
|
212
|
+
export type MapMethod<T> = (scalars: bigint[]) => H2CPoint<T>;
|
|
193
213
|
|
|
214
|
+
/** Creates hash-to-curve methods from EC Point and mapToCurve function. */
|
|
194
215
|
export function createHasher<T>(
|
|
195
216
|
Point: H2CPointConstructor<T>,
|
|
196
217
|
mapToCurve: MapToCurve<T>,
|
|
197
218
|
def: Opts & { encodeDST?: UnicodeOrBytes }
|
|
198
|
-
) {
|
|
219
|
+
): {
|
|
220
|
+
hashToCurve: HTFMethod<T>;
|
|
221
|
+
encodeToCurve: HTFMethod<T>;
|
|
222
|
+
mapToCurve: MapMethod<T>;
|
|
223
|
+
} {
|
|
199
224
|
if (typeof mapToCurve !== 'function') throw new Error('mapToCurve() must be defined');
|
|
200
225
|
return {
|
|
201
226
|
// Encodes byte string to elliptic curve.
|
|
202
227
|
// hash_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
|
|
203
|
-
hashToCurve(msg: Uint8Array, options?: htfBasicOpts) {
|
|
228
|
+
hashToCurve(msg: Uint8Array, options?: htfBasicOpts): H2CPoint<T> {
|
|
204
229
|
const u = hash_to_field(msg, 2, { ...def, DST: def.DST, ...options } as Opts);
|
|
205
230
|
const u0 = Point.fromAffine(mapToCurve(u[0]));
|
|
206
231
|
const u1 = Point.fromAffine(mapToCurve(u[1]));
|
|
@@ -211,14 +236,14 @@ export function createHasher<T>(
|
|
|
211
236
|
|
|
212
237
|
// Encodes byte string to elliptic curve.
|
|
213
238
|
// encode_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
|
|
214
|
-
encodeToCurve(msg: Uint8Array, options?: htfBasicOpts) {
|
|
239
|
+
encodeToCurve(msg: Uint8Array, options?: htfBasicOpts): H2CPoint<T> {
|
|
215
240
|
const u = hash_to_field(msg, 1, { ...def, DST: def.encodeDST, ...options } as Opts);
|
|
216
241
|
const P = Point.fromAffine(mapToCurve(u[0])).clearCofactor();
|
|
217
242
|
P.assertValidity();
|
|
218
243
|
return P;
|
|
219
244
|
},
|
|
220
245
|
// Same as encodeToCurve, but without hash
|
|
221
|
-
mapToCurve(scalars: bigint[]) {
|
|
246
|
+
mapToCurve(scalars: bigint[]): H2CPoint<T> {
|
|
222
247
|
if (!Array.isArray(scalars)) throw new Error('mapToCurve: expected array of bigints');
|
|
223
248
|
for (const i of scalars)
|
|
224
249
|
if (typeof i !== 'bigint') throw new Error('mapToCurve: expected array of bigints');
|