@noble/curves 1.8.1 → 1.9.0

package/bn254.js

@@ -16,6 +16,15 @@ There are huge compatibility issues in the ecosystem:
    https://github.com/scipr-lab/libff/blob/a44f482e18b8ac04d034c193bd9d7df7817ad73f/libff/algebra/curves/bn128/bn128_init.cpp#L166-L169
 3. halo2curves bn256 is also incompatible and returns different outputs
 
+We don't implement Point methods toHex / toRawBytes.
+To work around this limitation, has to initialize points on their own from BigInts.
+Reason it's not implemented is because [there is no standard](https://github.com/privacy-scaling-explorations/halo2curves/issues/109).
+Points of divergence:
+
+- Endianness: LE vs BE (byte-swapped)
+- Flags as first hex bits (similar to BLS) vs no-flags
+- Imaginary part last in G2 vs first (c0, c1 vs c1, c0)
+
 The goal of our implementation is to support "Ethereum" variant of the curve,
 because it at least has specs:
 
@@ -48,28 +57,28 @@ Ate loop size: 6x+2
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha256_1 = require("@noble/hashes/sha256");
+const sha2_1 = require("@noble/hashes/sha2");
 const utils_1 = require("@noble/hashes/utils");
-const _shortw_utils_js_1 = require("./_shortw_utils.js");
-const bls_js_1 = require("./abstract/bls.js");
-const modular_js_1 = require("./abstract/modular.js");
-const tower_js_1 = require("./abstract/tower.js");
-const utils_js_1 = require("./abstract/utils.js");
-const weierstrass_js_1 = require("./abstract/weierstrass.js");
+const _shortw_utils_ts_1 = require("./_shortw_utils.js");
+const bls_ts_1 = require("./abstract/bls.js");
+const modular_ts_1 = require("./abstract/modular.js");
+const tower_ts_1 = require("./abstract/tower.js");
+const utils_ts_1 = require("./abstract/utils.js");
+const weierstrass_ts_1 = require("./abstract/weierstrass.js");
 // prettier-ignore
 const _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
 const _6n = BigInt(6);
 const BN_X = BigInt('4965661367192848881');
-const BN_X_LEN = (0, utils_js_1.bitLen)(BN_X);
+const BN_X_LEN = (0, utils_ts_1.bitLen)(BN_X);
 const SIX_X_SQUARED = _6n * BN_X ** _2n;
 // Finite field over r. It's for convenience and is not used in the code below.
-const Fr = (0, modular_js_1.Field)(BigInt('21888242871839275222246405745257275088548364400416034343698204186575808495617'));
+const Fr = (0, modular_ts_1.Field)(BigInt('21888242871839275222246405745257275088548364400416034343698204186575808495617'));
 // Fp2.div(Fp2.mul(Fp2.ONE, _3n), Fp2.NONRESIDUE)
 const Fp2B = {
     c0: BigInt('19485874751759354771024239261021720505790618469301721065564631296452457478373'),
     c1: BigInt('266929791119991161246907387137283842545076965332900288569378510910307636690'),
 };
-const { Fp, Fp2, Fp6, Fp4Square, Fp12 } = (0, tower_js_1.tower12)({
+const { Fp, Fp2, Fp6, Fp4Square, Fp12 } = (0, tower_ts_1.tower12)({
     ORDER: BigInt('21888242871839275222246405745257275088696311157297823662689037894645226208583'),
     FP2_NONRESIDUE: [BigInt(9), _1n],
     Fp2mulByB: (num) => Fp2.mul(num, Fp2B),
@@ -99,7 +108,7 @@ const { Fp, Fp2, Fp6, Fp4Square, Fp12 } = (0, tower_js_1.tower12)({
         let z = Fp12.ONE;
         for (let i = BN_X_LEN - 1; i >= 0; i--) {
             z = Fp12._cyclotomicSquare(z);
-            if ((0, utils_js_1.bitGet)(n, i))
+            if ((0, utils_ts_1.bitGet)(n, i))
                 z = Fp12.mul(z, num);
         }
         return z;
@@ -120,7 +129,7 @@ const { Fp, Fp2, Fp6, Fp4Square, Fp12 } = (0, tower_js_1.tower12)({
     },
 });
 // END OF CURVE FIELDS
-const { G2psi, psi } = (0, tower_js_1.psiFrobenius)(Fp, Fp2, Fp2.NONRESIDUE);
+const { G2psi, psi } = (0, tower_ts_1.psiFrobenius)(Fp, Fp2, Fp2.NONRESIDUE);
 /*
 No hashToCurve for now (and signatures):
 
@@ -136,7 +145,7 @@ const htfDefaults = Object.freeze({
     m: 2,
     k: 128,
     expand: 'xmd',
-    hash: sha256_1.sha256,
+    hash: sha2_1.sha256,
 });
 const _postPrecompute = (Rx, Ry, Rz, Qx, Qy, pointAdd) => {
     const q = psi(Qx, Qy);
@@ -149,7 +158,7 @@ exports._postPrecompute = _postPrecompute;
  * bn254 (a.k.a. alt_bn128) pairing-friendly curve.
  * Contains G1 / G2 operations and pairings.
  */
-exports.bn254 = (0, bls_js_1.bls)({
+exports.bn254 = (0, bls_ts_1.bls)({
     // Fields
     fields: { Fp, Fp2, Fp6, Fp12, Fr },
     G1: {
@@ -162,13 +171,13 @@ exports.bn254 = (0, bls_js_1.bls)({
         htfDefaults: { ...htfDefaults, m: 1, DST: 'BN254G2_XMD:SHA-256_SVDW_RO_' },
         wrapPrivateKey: true,
         allowInfinityPoint: true,
-        mapToCurve: utils_js_1.notImplemented,
-        fromBytes: utils_js_1.notImplemented,
-        toBytes: utils_js_1.notImplemented,
+        mapToCurve: utils_ts_1.notImplemented,
+        fromBytes: utils_ts_1.notImplemented,
+        toBytes: utils_ts_1.notImplemented,
         ShortSignature: {
-            fromHex: utils_js_1.notImplemented,
-            toRawBytes: utils_js_1.notImplemented,
-            toHex: utils_js_1.notImplemented,
+            fromHex: utils_ts_1.notImplemented,
+            toRawBytes: utils_ts_1.notImplemented,
+            toHex: utils_ts_1.notImplemented,
         },
     },
     G2: {
@@ -190,13 +199,13 @@ exports.bn254 = (0, bls_js_1.bls)({
         wrapPrivateKey: true,
         allowInfinityPoint: true,
         isTorsionFree: (c, P) => P.multiplyUnsafe(SIX_X_SQUARED).equals(G2psi(c, P)), // [p]P = [6X^2]P
-        mapToCurve: utils_js_1.notImplemented,
-        fromBytes: utils_js_1.notImplemented,
-        toBytes: utils_js_1.notImplemented,
+        mapToCurve: utils_ts_1.notImplemented,
+        fromBytes: utils_ts_1.notImplemented,
+        toBytes: utils_ts_1.notImplemented,
         Signature: {
-            fromHex: utils_js_1.notImplemented,
-            toRawBytes: utils_js_1.notImplemented,
-            toHex: utils_js_1.notImplemented,
+            fromHex: utils_ts_1.notImplemented,
+            toRawBytes: utils_ts_1.notImplemented,
+            toHex: utils_ts_1.notImplemented,
         },
     },
     params: {
@@ -206,7 +215,7 @@ exports.bn254 = (0, bls_js_1.bls)({
         twistType: 'divisive',
     },
     htfDefaults,
-    hash: sha256_1.sha256,
+    hash: sha2_1.sha256,
     randomBytes: utils_1.randomBytes,
     postPrecompute: exports._postPrecompute,
 });
@@ -214,8 +223,9 @@ exports.bn254 = (0, bls_js_1.bls)({
  * bn254 weierstrass curve with ECDSA.
  * This is very rare and probably not used anywhere.
  * Instead, you should use G1 / G2, defined above.
+ * @deprecated
  */
-exports.bn254_weierstrass = (0, weierstrass_js_1.weierstrass)({
+exports.bn254_weierstrass = (0, weierstrass_ts_1.weierstrass)({
     a: BigInt(0),
     b: BigInt(3),
     Fp,
@@ -223,6 +233,6 @@ exports.bn254_weierstrass = (0, weierstrass_js_1.weierstrass)({
     Gx: BigInt(1),
     Gy: BigInt(2),
     h: BigInt(1),
-    ...(0, _shortw_utils_js_1.getHash)(sha256_1.sha256),
+    ...(0, _shortw_utils_ts_1.getHash)(sha2_1.sha256),
 });
 //# sourceMappingURL=bn254.js.map

package/bn254.js.map

@@ -1 +1 @@
-{"version":3,"file":"bn254.js","sourceRoot":"","sources":["src/bn254.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6CG;AACH,sEAAsE;AACtE,iDAA8C;AAC9C,+CAAkD;AAClD,yDAA6C;AAC7C,8CAK2B;AAC3B,sDAA8C;AAE9C,kDAA4D;AAC5D,kDAAqE;AACrE,8DAAsE;AACtE,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACxD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAC3C,MAAM,QAAQ,GAAG,IAAA,iBAAM,EAAC,IAAI,CAAC,CAAC;AAC9B,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC;AAExC,+EAA+E;AAC/E,MAAM,EAAE,GAAG,IAAA,kBAAK,EACd,MAAM,CAAC,+EAA+E,CAAC,CACxF,CAAC;AACF,iDAAiD;AACjD,MAAM,IAAI,GAAG;IACX,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,6EAA6E,CAAC;CAC1F,CAAC;AAEF,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAO,EAAC;IAChD,KAAK,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC9F,cAAc,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;IAChC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC;IACtC,wDAAwD;IACxD,uCAAuC;IACvC,oBAAoB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAQ,EAAE;QACzC,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAC5C,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAC5C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,IAAI,EAAE,GAAG,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe;QACjD,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC;gBACb,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,wBAAwB;gBAC1E,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,wBAAwB;gBAC1E,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;aACjD,CAAC,EAAE,wBAAwB;YAC5B,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC;gBACb,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,uBAAuB;gBACzE,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,uBAAuB;gBACzE,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;aACjD,CAAC;SACH,CAAC,CAAC,uBAAuB;IAC5B,CAAC;IACD,iBAAiB,CAAC,GAAG,EAAE,CAAC;QACtB,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,IAAA,iBAAM,EAAC,CAAC,EAAE,CAAC,CAAC;gBAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IACD,uCAAuC;IACvC,uCAAuC;IACvC,qBAAqB,EAAE,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,SAAS,GAAG,CAAC,GAAS,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,GAAG,CACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,EACrD,IAAI,CAAC,GAAG,CACN,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAClE,CACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,sBAAsB;AACtB,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,IAAA,uBAAY,EAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;AAE7D;;;;;;EAME;AACF,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;IAChC,wDAAwD;IACxD,GAAG,EAAE,8BAA8B;IACnC,SAAS,EAAE,8BAA8B;IACzC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,eAAM;CACJ,CAAC,CAAC;AAEL,MAAM,eAAe,GAAqB,CAC/C,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,QAAkC,EAClC,EAAE;IACF,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC,CAAC;AAZW,QAAA,eAAe,mBAY1B;AAEF;;;GAGG;AACU,QAAA,KAAK,GAAe,IAAA,YAAG,EAAC;IACnC,SAAS;IACT,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;IAClC,EAAE,EAAE;QACF,EAAE;QACF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;QACZ,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;QACb,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,IAAI;QACV,CAAC,EAAE,GAAG;QACN,WAAW,EAAE,EAAE,GAAG,WAAW,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,8BAA8B,EAAE;QAC1E,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;QACxB,UAAU,EAAE,yBAAc;QAC1B,SAAS,EAAE,yBAAc;QACzB,OAAO,EAAE,yBAAc;QACvB,cAAc,EAAE;YACd,OAAO,EAAE,yBAAc;YACvB,UAAU,EAAE,yBAAc;YAC1B,KAAK,EAAE,yBAAc;SACtB;KACF;IACD,EAAE,EAAE;QACF,EAAE,EAAE,GAAG;QACP,2DAA2D;QAC3D,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;QAC1F,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;YACnB,MAAM,CAAC,+EAA+E,CAAC;YACvF,MAAM,CAAC,+EAA+E,CAAC;SACxF,CAAC;QACF,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;YACnB,MAAM,CAAC,8EAA8E,CAAC;YACtF,MAAM,CAAC,8EAA8E,CAAC;SACvF,CAAC;QACF,CAAC,EAAE,GAAG,CAAC,IAAI;QACX,CAAC,EAAE,IAAI;QACP,IAAI,EAAE,MAAM,CAAC,+EAA+E,CAAC;QAC7F,WAAW,EAAE,EAAE,GAAG,WAAW,EAAE;QAC/B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;QACxB,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,iBAAiB;QAC/F,UAAU,EAAE,yBAAc;QAC1B,SAAS,EAAE,yBAAc;QACzB,OAAO,EAAE,yBAAc;QACvB,SAAS,EAAE;YACT,OAAO,EAAE,yBAAc;YACvB,UAAU,EAAE,yBAAc;YAC1B,KAAK,EAAE,yBAAc;SACtB;KACF;IACD,MAAM,EAAE;QACN,WAAW,EAAE,IAAI,GAAG,GAAG,GAAG,GAAG;QAC7B,CAAC,EAAE,EAAE,CAAC,KAAK;QACX,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,UAAU;KACtB;IACD,WAAW;IACX,IAAI,EAAE,eAAM;IACZ,WAAW,EAAX,mBAAW;IAEX,cAAc,EAAE,uBAAe;CAChC,CAAC,CAAC;AAEH;;;;GAIG;AACU,QAAA,iBAAiB,GAAY,IAAA,4BAAW,EAAC;IACpD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC1F,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,IAAA,0BAAO,EAAC,eAAM,CAAC;CACnB,CAAC,CAAC"}
+{"version":3,"file":"bn254.js","sourceRoot":"","sources":["src/bn254.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,sEAAsE;AACtE,6CAA4C;AAC5C,+CAAkD;AAClD,yDAA6C;AAC7C,8CAK2B;AAC3B,sDAA8C;AAE9C,kDAA4D;AAC5D,kDAAqE;AACrE,8DAAsE;AACtE,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACxD,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAC3C,MAAM,QAAQ,GAAG,IAAA,iBAAM,EAAC,IAAI,CAAC,CAAC;AAC9B,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC;AAExC,+EAA+E;AAC/E,MAAM,EAAE,GAAG,IAAA,kBAAK,EACd,MAAM,CAAC,+EAA+E,CAAC,CACxF,CAAC;AACF,iDAAiD;AACjD,MAAM,IAAI,GAAG;IACX,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,6EAA6E,CAAC;CAC1F,CAAC;AAEF,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAO,EAAC;IAChD,KAAK,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC9F,cAAc,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;IAChC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC;IACtC,wDAAwD;IACxD,uCAAuC;IACvC,oBAAoB,EAAE,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAQ,EAAE;QACzC,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAC5C,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;QAC5C,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,MAAM,EAAE,KAAK,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,GAAG,SAAS,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;QACxD,IAAI,EAAE,GAAG,GAAG,CAAC,eAAe,CAAC,EAAE,CAAC,CAAC,CAAC,eAAe;QACjD,OAAO;YACL,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC;gBACb,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,wBAAwB;gBAC1E,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,wBAAwB;gBAC1E,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;aACjD,CAAC,EAAE,wBAAwB;YAC5B,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC;gBACb,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,uBAAuB;gBACzE,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC,EAAE,uBAAuB;gBACzE,EAAE,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,EAAE,IAAI,CAAC,EAAE,GAAG,CAAC,EAAE,EAAE,CAAC;aACjD,CAAC;SACH,CAAC,CAAC,uBAAuB;IAC5B,CAAC;IACD,iBAAiB,CAAC,GAAG,EAAE,CAAC;QACtB,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YACvC,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC;YAC9B,IAAI,IAAA,iBAAM,EAAC,CAAC,EAAE,CAAC,CAAC;gBAAE,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACzC,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC;IACD,uCAAuC;IACvC,uCAAuC;IACvC,qBAAqB,EAAE,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,SAAS,GAAG,CAAC,GAAS,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,GAAG,CACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,EACrD,IAAI,CAAC,GAAG,CACN,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAClE,CACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,sBAAsB;AACtB,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,IAAA,uBAAY,EAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;AAE7D;;;;;;EAME;AACF,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;IAChC,wDAAwD;IACxD,GAAG,EAAE,8BAA8B;IACnC,SAAS,EAAE,8BAA8B;IACzC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,aAAM;CACJ,CAAC,CAAC;AAEL,MAAM,eAAe,GAAqB,CAC/C,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,QAAkC,EAClC,EAAE;IACF,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC,CAAC;AAZW,QAAA,eAAe,mBAY1B;AAEF;;;GAGG;AACU,QAAA,KAAK,GAAe,IAAA,YAAG,EAAC;IACnC,SAAS;IACT,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE;IAClC,EAAE,EAAE;QACF,EAAE;QACF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;QACZ,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;QACb,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;QACb,CAAC,EAAE,EAAE,CAAC,IAAI;QACV,CAAC,EAAE,GAAG;QACN,WAAW,EAAE,EAAE,GAAG,WAAW,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,8BAA8B,EAAE;QAC1E,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;QACxB,UAAU,EAAE,yBAAc;QAC1B,SAAS,EAAE,yBAAc;QACzB,OAAO,EAAE,yBAAc;QACvB,cAAc,EAAE;YACd,OAAO,EAAE,yBAAc;YACvB,UAAU,EAAE,yBAAc;YAC1B,KAAK,EAAE,yBAAc;SACtB;KACF;IACD,EAAE,EAAE;QACF,EAAE,EAAE,GAAG;QACP,2DAA2D;QAC3D,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;QAC1F,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;YACnB,MAAM,CAAC,+EAA+E,CAAC;YACvF,MAAM,CAAC,+EAA+E,CAAC;SACxF,CAAC;QACF,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;YACnB,MAAM,CAAC,8EAA8E,CAAC;YACtF,MAAM,CAAC,8EAA8E,CAAC;SACvF,CAAC;QACF,CAAC,EAAE,GAAG,CAAC,IAAI;QACX,CAAC,EAAE,IAAI;QACP,IAAI,EAAE,MAAM,CAAC,+EAA+E,CAAC;QAC7F,WAAW,EAAE,EAAE,GAAG,WAAW,EAAE;QAC/B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;QACxB,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,iBAAiB;QAC/F,UAAU,EAAE,yBAAc;QAC1B,SAAS,EAAE,yBAAc;QACzB,OAAO,EAAE,yBAAc;QACvB,SAAS,EAAE;YACT,OAAO,EAAE,yBAAc;YACvB,UAAU,EAAE,yBAAc;YAC1B,KAAK,EAAE,yBAAc;SACtB;KACF;IACD,MAAM,EAAE;QACN,WAAW,EAAE,IAAI,GAAG,GAAG,GAAG,GAAG;QAC7B,CAAC,EAAE,EAAE,CAAC,KAAK;QACX,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,UAAU;KACtB;IACD,WAAW;IACX,IAAI,EAAE,aAAM;IACZ,WAAW,EAAX,mBAAW;IAEX,cAAc,EAAE,uBAAe;CAChC,CAAC,CAAC;AAEH;;;;;GAKG;AACU,QAAA,iBAAiB,GAAY,IAAA,4BAAW,EAAC;IACpD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC1F,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,GAAG,IAAA,0BAAO,EAAC,aAAM,CAAC;CACnB,CAAC,CAAC"}

package/ed25519.d.ts

@@ -1,8 +1,9 @@
-import { type AffinePoint, type Group } from './abstract/curve.js';
-import { type CurveFn, type ExtPointType } from './abstract/edwards.js';
-import { type htfBasicOpts, type HTFMethod } from './abstract/hash-to-curve.js';
-import { type CurveFn as XCurveFn } from './abstract/montgomery.js';
-import { type Hex } from './abstract/utils.js';
+import { type AffinePoint, type Group } from './abstract/curve.ts';
+import { type CurveFn, type ExtPointType } from './abstract/edwards.ts';
+import { type Hasher, type htfBasicOpts, type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type CurveFn as XCurveFn } from './abstract/montgomery.ts';
+import { type Hex } from './abstract/utils.ts';
+/** Weird / bogus points, useful for debugging. */
 export declare const ED25519_TORSION_SUBGROUP: string[];
 /**
  * ed25519 curve with EdDSA signatures.
@@ -48,6 +49,7 @@ export declare const edwardsToMontgomery: typeof edwardsToMontgomeryPub;
  *   x25519.getSharedSecret(edwardsToMontgomeryPriv(aPriv), someonesPub)
  */
 export declare function edwardsToMontgomeryPriv(edwardsPriv: Uint8Array): Uint8Array;
+export declare const ed25519_hasher: Hasher<bigint>;
 export declare const hashToCurve: HTFMethod<bigint>;
 export declare const encodeToCurve: HTFMethod<bigint>;
 type ExtendedPoint = ExtPointType;
@@ -59,9 +61,9 @@ type ExtendedPoint = ExtPointType;
  * https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-ristretto255-decaf448
  */
 declare class RistPoint implements Group<RistPoint> {
-    private readonly ep;
     static BASE: RistPoint;
     static ZERO: RistPoint;
+    private readonly ep;
     constructor(ep: ExtendedPoint);
     static fromAffine(ap: AffinePoint<bigint>): RistPoint;
     /**
@@ -96,6 +98,7 @@ declare class RistPoint implements Group<RistPoint> {
 }
 export declare const RistrettoPoint: typeof RistPoint;
 export declare const hashToRistretto255: (msg: Uint8Array, options: htfBasicOpts) => RistPoint;
+/** @deprecated */
 export declare const hash_to_ristretto255: (msg: Uint8Array, options: htfBasicOpts) => RistPoint;
 export {};
 //# sourceMappingURL=ed25519.d.ts.map

package/ed25519.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["src/ed25519.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,KAAK,WAAW,EAAE,KAAK,KAAK,EAAa,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,YAAY,EAAkB,MAAM,uBAAuB,CAAC;AACxF,OAAO,EAGL,KAAK,YAAY,EACjB,KAAK,SAAS,EACf,MAAM,6BAA6B,CAAC;AAErC,OAAO,EAAc,KAAK,OAAO,IAAI,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAKL,KAAK,GAAG,EAET,MAAM,qBAAqB,CAAC;AAmE7B,eAAO,MAAM,wBAAwB,EAAE,MAAM,EAS5C,CAAC;AA8BF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,OAAO,EAAE,OAAmE,CAAC;AAY1F,eAAO,MAAM,UAAU,EAAE,OAIlB,CAAC;AACR,eAAO,MAAM,SAAS,EAAE,OAMlB,CAAC;AAEP;;;;;;;;;GASG;AACH,eAAO,MAAM,MAAM,EAAE,QAed,CAAC;AAER;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAIlE;AACD,eAAO,MAAM,mBAAmB,EAAE,OAAO,sBAA+C,CAAC;AAEzF;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,CAG3E;AA0FD,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,MAAM,CAA6C,CAAC;AACxF,eAAO,MAAM,aAAa,EAAE,SAAS,CAAC,MAAM,CAA+C,CAAC;AAiC5F,KAAK,aAAa,GAAG,YAAY,CAAC;AA0BlC;;;;;;GAMG;AACH,cAAM,SAAU,YAAW,KAAK,CAAC,SAAS,CAAC;IAK7B,OAAO,CAAC,QAAQ,CAAC,EAAE;IAJ/B,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC;IACvB,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC;gBAGM,EAAE,EAAE,aAAa;IAE9C,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,SAAS;IAIrD;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS;IASvC;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS;IA2BnC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,SAAS;IAK7D;;;OAGG;IACH,UAAU,IAAI,UAAU;IA4BxB,KAAK,IAAI,MAAM;IAIf,QAAQ,IAAI,MAAM;IAKlB,MAAM,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO;IAWjC,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS;IAKhC,QAAQ,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS;IAKrC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS;IAInC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS;IAIzC,MAAM,IAAI,SAAS;IAInB,MAAM,IAAI,SAAS;CAGpB;AACD,eAAO,MAAM,cAAc,EAAE,OAAO,SAIhC,CAAC;AAGL,eAAO,MAAM,kBAAkB,QAAS,UAAU,WAAW,YAAY,KAAG,SAM3E,CAAC;AACF,eAAO,MAAM,oBAAoB,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,KAAK,SAC3D,CAAC"}
+{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["src/ed25519.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,KAAK,WAAW,EAAE,KAAK,KAAK,EAAa,MAAM,qBAAqB,CAAC;AAC9E,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,YAAY,EAAkB,MAAM,uBAAuB,CAAC;AACxF,OAAO,EAGL,KAAK,MAAM,EACX,KAAK,YAAY,EACjB,KAAK,SAAS,EACf,MAAM,6BAA6B,CAAC;AAErC,OAAO,EAAc,KAAK,OAAO,IAAI,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AAChF,OAAO,EAKL,KAAK,GAAG,EAET,MAAM,qBAAqB,CAAC;AAoE7B,kDAAkD;AAClD,eAAO,MAAM,wBAAwB,EAAE,MAAM,EAS5C,CAAC;AA0BF;;;;;;;;;;GAUG;AACH,eAAO,MAAM,OAAO,EAAE,OAAmE,CAAC;AAY1F,eAAO,MAAM,UAAU,EAAE,OAIlB,CAAC;AACR,eAAO,MAAM,SAAS,EAAE,OAMlB,CAAC;AAEP;;;;;;;;;GASG;AACH,eAAO,MAAM,MAAM,EAAE,QAed,CAAC;AAER;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAIlE;AACD,eAAO,MAAM,mBAAmB,EAAE,OAAO,sBAA+C,CAAC;AAEzF;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,CAG3E;AA2ED,eAAO,MAAM,cAAc,EAAE,MAAM,CAAC,MAAM,CAapC,CAAC;AACP,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,MAAM,CAAwD,CAAC;AACnG,eAAO,MAAM,aAAa,EAAE,SAAS,CAAC,MAAM,CACX,CAAC;AAiClC,KAAK,aAAa,GAAG,YAAY,CAAC;AA0BlC;;;;;;GAMG;AACH,cAAM,SAAU,YAAW,KAAK,CAAC,SAAS,CAAC;IACzC,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC;IACvB,MAAM,CAAC,IAAI,EAAE,SAAS,CAAC;IACvB,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAgB;gBAGvB,EAAE,EAAE,aAAa;IAI7B,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,SAAS;IAIrD;;;;;;OAMG;IACH,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS;IASvC;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,SAAS;IA2BnC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,SAAS,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,SAAS;IAK7D;;;OAGG;IACH,UAAU,IAAI,UAAU;IA4BxB,KAAK,IAAI,MAAM;IAIf,QAAQ,IAAI,MAAM;IAKlB,MAAM,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO;IAWjC,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS;IAKhC,QAAQ,CAAC,KAAK,EAAE,SAAS,GAAG,SAAS;IAKrC,QAAQ,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS;IAInC,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,SAAS;IAIzC,MAAM,IAAI,SAAS;IAInB,MAAM,IAAI,SAAS;CAGpB;AACD,eAAO,MAAM,cAAc,EAAE,OAAO,SAIhC,CAAC;AAGL,eAAO,MAAM,kBAAkB,GAAI,KAAK,UAAU,EAAE,SAAS,YAAY,KAAG,SAM3E,CAAC;AACF,kBAAkB;AAClB,eAAO,MAAM,oBAAoB,EAAE,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,KAAK,SAC3D,CAAC"}

package/ed25519.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.hash_to_ristretto255 = exports.hashToRistretto255 = exports.RistrettoPoint = exports.encodeToCurve = exports.hashToCurve = exports.edwardsToMontgomery = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0;
+exports.hash_to_ristretto255 = exports.hashToRistretto255 = exports.RistrettoPoint = exports.encodeToCurve = exports.hashToCurve = exports.ed25519_hasher = exports.edwardsToMontgomery = exports.x25519 = exports.ed25519ph = exports.ed25519ctx = exports.ed25519 = exports.ED25519_TORSION_SUBGROUP = void 0;
 exports.edwardsToMontgomeryPub = edwardsToMontgomeryPub;
 exports.edwardsToMontgomeryPriv = edwardsToMontgomeryPriv;
 /**
@@ -11,16 +11,18 @@ exports.edwardsToMontgomeryPriv = edwardsToMontgomeryPriv;
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha512_1 = require("@noble/hashes/sha512");
+const sha2_1 = require("@noble/hashes/sha2");
 const utils_1 = require("@noble/hashes/utils");
-const curve_js_1 = require("./abstract/curve.js");
-const edwards_js_1 = require("./abstract/edwards.js");
-const hash_to_curve_js_1 = require("./abstract/hash-to-curve.js");
-const modular_js_1 = require("./abstract/modular.js");
-const montgomery_js_1 = require("./abstract/montgomery.js");
-const utils_js_1 = require("./abstract/utils.js");
+const curve_ts_1 = require("./abstract/curve.js");
+const edwards_ts_1 = require("./abstract/edwards.js");
+const hash_to_curve_ts_1 = require("./abstract/hash-to-curve.js");
+const modular_ts_1 = require("./abstract/modular.js");
+const montgomery_ts_1 = require("./abstract/montgomery.js");
+const utils_ts_1 = require("./abstract/utils.js");
+// 2n**255n - 19n
 const ED25519_P = BigInt('57896044618658097711785492504343953926634992332820282019728792003956564819949');
 // √(-1) aka √(a) aka 2^((p-1)/4)
+// Fp.sqrt(Fp.neg(1))
 const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752');
 // prettier-ignore
 const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
@@ -32,16 +34,16 @@ function ed25519_pow_2_252_3(x) {
     const P = ED25519_P;
     const x2 = (x * x) % P;
     const b2 = (x2 * x) % P; // x^3, 11
-    const b4 = ((0, modular_js_1.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111
-    const b5 = ((0, modular_js_1.pow2)(b4, _1n, P) * x) % P; // x^31
-    const b10 = ((0, modular_js_1.pow2)(b5, _5n, P) * b5) % P;
-    const b20 = ((0, modular_js_1.pow2)(b10, _10n, P) * b10) % P;
-    const b40 = ((0, modular_js_1.pow2)(b20, _20n, P) * b20) % P;
-    const b80 = ((0, modular_js_1.pow2)(b40, _40n, P) * b40) % P;
-    const b160 = ((0, modular_js_1.pow2)(b80, _80n, P) * b80) % P;
-    const b240 = ((0, modular_js_1.pow2)(b160, _80n, P) * b80) % P;
-    const b250 = ((0, modular_js_1.pow2)(b240, _10n, P) * b10) % P;
-    const pow_p_5_8 = ((0, modular_js_1.pow2)(b250, _2n, P) * x) % P;
+    const b4 = ((0, modular_ts_1.pow2)(b2, _2n, P) * b2) % P; // x^15, 1111
+    const b5 = ((0, modular_ts_1.pow2)(b4, _1n, P) * x) % P; // x^31
+    const b10 = ((0, modular_ts_1.pow2)(b5, _5n, P) * b5) % P;
+    const b20 = ((0, modular_ts_1.pow2)(b10, _10n, P) * b10) % P;
+    const b40 = ((0, modular_ts_1.pow2)(b20, _20n, P) * b20) % P;
+    const b80 = ((0, modular_ts_1.pow2)(b40, _40n, P) * b40) % P;
+    const b160 = ((0, modular_ts_1.pow2)(b80, _80n, P) * b80) % P;
+    const b240 = ((0, modular_ts_1.pow2)(b160, _80n, P) * b80) % P;
+    const b250 = ((0, modular_ts_1.pow2)(b240, _10n, P) * b10) % P;
+    const pow_p_5_8 = ((0, modular_ts_1.pow2)(b250, _2n, P) * x) % P;
     // ^ To pow to (p+3)/8, multiply it by x.
     return { pow_p_5_8, b2 };
 }
@@ -58,26 +60,26 @@ function adjustScalarBytes(bytes) {
 // sqrt(u/v)
 function uvRatio(u, v) {
     const P = ED25519_P;
-    const v3 = (0, modular_js_1.mod)(v * v * v, P); // v³
-    const v7 = (0, modular_js_1.mod)(v3 * v3 * v, P); // v⁷
+    const v3 = (0, modular_ts_1.mod)(v * v * v, P); // v³
+    const v7 = (0, modular_ts_1.mod)(v3 * v3 * v, P); // v⁷
     // (p+3)/8 and (p-5)/8
     const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;
-    let x = (0, modular_js_1.mod)(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
-    const vx2 = (0, modular_js_1.mod)(v * x * x, P); // vx²
+    let x = (0, modular_ts_1.mod)(u * v3 * pow, P); // (uv³)(uv⁷)^(p-5)/8
+    const vx2 = (0, modular_ts_1.mod)(v * x * x, P); // vx²
     const root1 = x; // First root candidate
-    const root2 = (0, modular_js_1.mod)(x * ED25519_SQRT_M1, P); // Second root candidate
+    const root2 = (0, modular_ts_1.mod)(x * ED25519_SQRT_M1, P); // Second root candidate
     const useRoot1 = vx2 === u; // If vx² = u (mod p), x is a square root
-    const useRoot2 = vx2 === (0, modular_js_1.mod)(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
-    const noRoot = vx2 === (0, modular_js_1.mod)(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
+    const useRoot2 = vx2 === (0, modular_ts_1.mod)(-u, P); // If vx² = -u, set x <-- x * 2^((p-1)/4)
+    const noRoot = vx2 === (0, modular_ts_1.mod)(-u * ED25519_SQRT_M1, P); // There is no valid root, vx² = -u√(-1)
     if (useRoot1)
         x = root1;
     if (useRoot2 || noRoot)
         x = root2; // We return root2 anyway, for const-time
-    if ((0, modular_js_1.isNegativeLE)(x, P))
-        x = (0, modular_js_1.mod)(-x, P);
+    if ((0, modular_ts_1.isNegativeLE)(x, P))
+        x = (0, modular_ts_1.mod)(-x, P);
     return { isValid: useRoot1 || useRoot2, value: x };
 }
-// Just in case
+/** Weird / bogus points, useful for debugging. */
 exports.ED25519_TORSION_SUBGROUP = [
     '0100000000000000000000000000000000000000000000000000000000000000',
     'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac037a',
@@ -88,24 +90,20 @@ exports.ED25519_TORSION_SUBGROUP = [
     '0000000000000000000000000000000000000000000000000000000000000000',
     'c7176a703d4dd84fba3c0b760d10670f2a2053fa2c39ccc64ec7fd7792ac03fa',
 ];
-const Fp = /* @__PURE__ */ (() => (0, modular_js_1.Field)(ED25519_P, undefined, true))();
+const Fp = /* @__PURE__ */ (() => (0, modular_ts_1.Field)(ED25519_P, undefined, true))();
 const ed25519Defaults = /* @__PURE__ */ (() => ({
-    // Param: a
-    a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster
-    // d is equal to -121665/121666 over finite field.
-    // Negative number is P - number, and division is invert(number, P)
+    // Removing Fp.create() will still work, and is 10% faster on sign
+    a: Fp.create(BigInt(-1)),
+    // d is -121665/121666 a.k.a. Fp.neg(121665 * Fp.inv(121666))
     d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'),
-    // Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n
+    // Finite field 2n**255n - 19n
     Fp,
-    // Subgroup order: how many points curve has
-    // 2n**252n + 27742317777372353535851937790883648493n;
+    // Subgroup order 2n**252n + 27742317777372353535851937790883648493n;
     n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'),
-    // Cofactor
     h: _8n,
-    // Base point (x, y) aka generator point
     Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'),
     Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'),
-    hash: sha512_1.sha512,
+    hash: sha2_1.sha512,
     randomBytes: utils_1.randomBytes,
     adjustScalarBytes,
     // dom2
@@ -124,19 +122,19 @@ const ed25519Defaults = /* @__PURE__ */ (() => ({
  * ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215
  * ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5
  */
-exports.ed25519 = (() => (0, edwards_js_1.twistedEdwards)(ed25519Defaults))();
+exports.ed25519 = (() => (0, edwards_ts_1.twistedEdwards)(ed25519Defaults))();
 function ed25519_domain(data, ctx, phflag) {
     if (ctx.length > 255)
         throw new Error('Context is too big');
     return (0, utils_1.concatBytes)((0, utils_1.utf8ToBytes)('SigEd25519 no Ed25519 collisions'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
 }
-exports.ed25519ctx = (() => (0, edwards_js_1.twistedEdwards)({
+exports.ed25519ctx = (() => (0, edwards_ts_1.twistedEdwards)({
     ...ed25519Defaults,
     domain: ed25519_domain,
 }))();
-exports.ed25519ph = (() => (0, edwards_js_1.twistedEdwards)(Object.assign({}, ed25519Defaults, {
+exports.ed25519ph = (() => (0, edwards_ts_1.twistedEdwards)(Object.assign({}, ed25519Defaults, {
     domain: ed25519_domain,
-    prehash: sha512_1.sha512,
+    prehash: sha2_1.sha512,
 })))();
 /**
  * ECDH using curve25519 aka x25519.
@@ -148,7 +146,7 @@ exports.ed25519ph = (() => (0, edwards_js_1.twistedEdwards)(Object.assign({}, ed
  * x25519.getPublicKey(priv) === x25519.scalarMultBase(priv);
  * x25519.getPublicKey(x25519.utils.randomPrivateKey());
  */
-exports.x25519 = (() => (0, montgomery_js_1.montgomery)({
+exports.x25519 = (() => (0, montgomery_ts_1.montgomery)({
     P: ED25519_P,
     a: BigInt(486662),
     montgomeryBits: 255, // n is 253 bits
@@ -158,7 +156,7 @@ exports.x25519 = (() => (0, montgomery_js_1.montgomery)({
         const P = ED25519_P;
         // x^(p-2) aka x^(2^255-21)
         const { pow_p_5_8, b2 } = ed25519_pow_2_252_3(x);
-        return (0, modular_js_1.mod)((0, modular_js_1.pow2)(pow_p_5_8, _3n, P) * b2, P);
+        return (0, modular_ts_1.mod)((0, modular_ts_1.pow2)(pow_p_5_8, _3n, P) * b2, P);
     },
     adjustScalarBytes,
     randomBytes: utils_1.randomBytes,
@@ -239,7 +237,7 @@ function map_to_curve_elligator2_curve25519(u) {
     y = Fp.cmov(y, Fp.neg(y), e3 !== e4); //  38.   y = CMOV(y, -y, e3 XOR e4)
     return { xMn: xn, xMd: xd, yMn: y, yMd: _1n }; //  39. return (xn, xd, y, 1)
 }
-const ELL2_C1_EDWARDS = /* @__PURE__ */ (() => (0, modular_js_1.FpSqrtEven)(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0
+const ELL2_C1_EDWARDS = /* @__PURE__ */ (() => (0, modular_ts_1.FpSqrtEven)(Fp, Fp.neg(BigInt(486664))))(); // sgn0(c1) MUST equal 0
 function map_to_curve_elligator2_edwards25519(u) {
     const { xMn, xMd, yMn, yMd } = map_to_curve_elligator2_curve25519(u); //  1.  (xMn, xMd, yMn, yMd) =
     // map_to_curve_elligator2_curve25519(u)
@@ -254,21 +252,21 @@ function map_to_curve_elligator2_edwards25519(u) {
     xd = Fp.cmov(xd, Fp.ONE, e); //  10. xd = CMOV(xd, 1, e)
     yn = Fp.cmov(yn, Fp.ONE, e); //  11. yn = CMOV(yn, 1, e)
     yd = Fp.cmov(yd, Fp.ONE, e); //  12. yd = CMOV(yd, 1, e)
-    const inv = Fp.invertBatch([xd, yd]); // batch division
-    return { x: Fp.mul(xn, inv[0]), y: Fp.mul(yn, inv[1]) }; //  13. return (xn, xd, yn, yd)
+    const [xd_inv, yd_inv] = (0, modular_ts_1.FpInvertBatch)(Fp, [xd, yd], true); // batch division
+    return { x: Fp.mul(xn, xd_inv), y: Fp.mul(yn, yd_inv) }; //  13. return (xn, xd, yn, yd)
 }
-const htf = /* @__PURE__ */ (() => (0, hash_to_curve_js_1.createHasher)(exports.ed25519.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards25519(scalars[0]), {
+exports.ed25519_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.ed25519.ExtendedPoint, (scalars) => map_to_curve_elligator2_edwards25519(scalars[0]), {
     DST: 'edwards25519_XMD:SHA-512_ELL2_RO_',
     encodeDST: 'edwards25519_XMD:SHA-512_ELL2_NU_',
     p: Fp.ORDER,
     m: 1,
     k: 128,
     expand: 'xmd',
-    hash: sha512_1.sha512,
+    hash: sha2_1.sha512,
 }))();
-exports.hashToCurve = (() => htf.hashToCurve)();
-exports.encodeToCurve = (() => htf.encodeToCurve)();
-function assertRstPoint(other) {
+exports.hashToCurve = (() => exports.ed25519_hasher.hashToCurve)();
+exports.encodeToCurve = (() => exports.ed25519_hasher.encodeToCurve)();
+function aristp(other) {
     if (!(other instanceof RistPoint))
         throw new Error('RistrettoPoint expected');
 }
@@ -285,7 +283,7 @@ const D_MINUS_ONE_SQ = /* @__PURE__ */ BigInt('404408343463085368581010424693231
 // Calculates 1/√(number)
 const invertSqrt = (number) => uvRatio(_1n, number);
 const MAX_255B = /* @__PURE__ */ BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff');
-const bytes255ToNumberLE = (bytes) => exports.ed25519.CURVE.Fp.create((0, utils_js_1.bytesToNumberLE)(bytes) & MAX_255B);
+const bytes255ToNumberLE = (bytes) => exports.ed25519.CURVE.Fp.create((0, utils_ts_1.bytesToNumberLE)(bytes) & MAX_255B);
 // Computes Elligator map for Ristretto
 // https://ristretto.group/formulas/elligator.html
 function calcElligatorRistrettoMap(r0) {
@@ -298,7 +296,7 @@ function calcElligatorRistrettoMap(r0) {
     const D = mod((c - d * r) * mod(r + d)); // 4
     let { isValid: Ns_D_is_sq, value: s } = uvRatio(Ns, D); // 5
     let s_ = mod(s * r0); // 6
-    if (!(0, modular_js_1.isNegativeLE)(s_, P))
+    if (!(0, modular_ts_1.isNegativeLE)(s_, P))
         s_ = mod(-s_);
     if (!Ns_D_is_sq)
         s = s_; // 7
@@ -336,7 +334,7 @@ class RistPoint {
      * @param hex 64-byte output of a hash function
      */
     static hashToCurve(hex) {
-        hex = (0, utils_js_1.ensureBytes)('ristrettoHash', hex, 64);
+        hex = (0, utils_ts_1.ensureBytes)('ristrettoHash', hex, 64);
         const r1 = bytes255ToNumberLE(hex.slice(0, 32));
         const R1 = calcElligatorRistrettoMap(r1);
         const r2 = bytes255ToNumberLE(hex.slice(32, 64));
@@ -349,7 +347,7 @@ class RistPoint {
      * @param hex Ristretto-encoded 32 bytes. Not every 32-byte string is valid ristretto encoding
      */
     static fromHex(hex) {
-        hex = (0, utils_js_1.ensureBytes)('ristrettoHex', hex, 32);
+        hex = (0, utils_ts_1.ensureBytes)('ristrettoHex', hex, 32);
         const { a, d } = exports.ed25519.CURVE;
         const P = exports.ed25519.CURVE.Fp.ORDER;
         const mod = exports.ed25519.CURVE.Fp.create;
@@ -357,7 +355,7 @@ class RistPoint {
         const s = bytes255ToNumberLE(hex);
         // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.
         // 3. Check that s is non-negative, or else abort
-        if (!(0, utils_js_1.equalBytes)((0, utils_js_1.numberToBytesLE)(s, 32), hex) || (0, modular_js_1.isNegativeLE)(s, P))
+        if (!(0, utils_ts_1.equalBytes)((0, utils_ts_1.numberToBytesLE)(s, 32), hex) || (0, modular_ts_1.isNegativeLE)(s, P))
             throw new Error(emsg);
         const s2 = mod(s * s);
         const u1 = mod(_1n + a * s2); // 4 (a is -1)
@@ -369,17 +367,17 @@ class RistPoint {
         const Dx = mod(I * u2); // 8
         const Dy = mod(I * Dx * v); // 9
         let x = mod((s + s) * Dx); // 10
-        if ((0, modular_js_1.isNegativeLE)(x, P))
+        if ((0, modular_ts_1.isNegativeLE)(x, P))
             x = mod(-x); // 10
         const y = mod(u1 * Dy); // 11
         const t = mod(x * y); // 12
-        if (!isValid || (0, modular_js_1.isNegativeLE)(t, P) || y === _0n)
+        if (!isValid || (0, modular_ts_1.isNegativeLE)(t, P) || y === _0n)
             throw new Error(emsg);
         return new RistPoint(new exports.ed25519.ExtendedPoint(x, y, _1n, t));
     }
     static msm(points, scalars) {
-        const Fn = (0, modular_js_1.Field)(exports.ed25519.CURVE.n, exports.ed25519.CURVE.nBitLength);
-        return (0, curve_js_1.pippenger)(RistPoint, Fn, points, scalars);
+        const Fn = (0, modular_ts_1.Field)(exports.ed25519.CURVE.n, exports.ed25519.CURVE.nBitLength);
+        return (0, curve_ts_1.pippenger)(RistPoint, Fn, points, scalars);
     }
     /**
      * Encodes ristretto point to Uint8Array.
@@ -398,7 +396,7 @@ class RistPoint {
         const D2 = mod(invsqrt * u2); // 5
         const zInv = mod(D1 * D2 * t); // 6
         let D; // 7
-        if ((0, modular_js_1.isNegativeLE)(t * zInv, P)) {
+        if ((0, modular_ts_1.isNegativeLE)(t * zInv, P)) {
             let _x = mod(y * SQRT_M1);
             let _y = mod(x * SQRT_M1);
             x = _x;
@@ -408,22 +406,22 @@ class RistPoint {
         else {
             D = D2; // 8
         }
-        if ((0, modular_js_1.isNegativeLE)(x * zInv, P))
+        if ((0, modular_ts_1.isNegativeLE)(x * zInv, P))
             y = mod(-y); // 9
         let s = mod((z - y) * D); // 10 (check footer's note, no sqrt(-a))
-        if ((0, modular_js_1.isNegativeLE)(s, P))
+        if ((0, modular_ts_1.isNegativeLE)(s, P))
             s = mod(-s);
-        return (0, utils_js_1.numberToBytesLE)(s, 32); // 11
+        return (0, utils_ts_1.numberToBytesLE)(s, 32); // 11
     }
     toHex() {
-        return (0, utils_js_1.bytesToHex)(this.toRawBytes());
+        return (0, utils_ts_1.bytesToHex)(this.toRawBytes());
     }
     toString() {
         return this.toHex();
     }
     // Compare one point to another.
     equals(other) {
-        assertRstPoint(other);
+        aristp(other);
         const { ex: X1, ey: Y1 } = this.ep;
         const { ex: X2, ey: Y2 } = other.ep;
         const mod = exports.ed25519.CURVE.Fp.create;
@@ -433,11 +431,11 @@ class RistPoint {
         return one || two;
     }
     add(other) {
-        assertRstPoint(other);
+        aristp(other);
         return new RistPoint(this.ep.add(other.ep));
     }
     subtract(other) {
-        assertRstPoint(other);
+        aristp(other);
         return new RistPoint(this.ep.subtract(other.ep));
     }
     multiply(scalar) {
@@ -464,10 +462,11 @@ exports.RistrettoPoint = (() => {
 const hashToRistretto255 = (msg, options) => {
     const d = options.DST;
     const DST = typeof d === 'string' ? (0, utils_1.utf8ToBytes)(d) : d;
-    const uniform_bytes = (0, hash_to_curve_js_1.expand_message_xmd)(msg, DST, 64, sha512_1.sha512);
+    const uniform_bytes = (0, hash_to_curve_ts_1.expand_message_xmd)(msg, DST, 64, sha2_1.sha512);
     const P = RistPoint.hashToCurve(uniform_bytes);
     return P;
 };
 exports.hashToRistretto255 = hashToRistretto255;
+/** @deprecated */
 exports.hash_to_ristretto255 = exports.hashToRistretto255; // legacy
 //# sourceMappingURL=ed25519.js.map