@noble/curves 1.8.2 → 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +49 -24
- package/abstract/bls.js +1 -1
- package/abstract/bls.js.map +1 -1
- package/abstract/curve.d.ts +1 -1
- package/abstract/curve.d.ts.map +1 -1
- package/abstract/curve.js +13 -4
- package/abstract/curve.js.map +1 -1
- package/abstract/edwards.d.ts.map +1 -1
- package/abstract/edwards.js +17 -3
- package/abstract/edwards.js.map +1 -1
- package/abstract/fft.d.ts +120 -0
- package/abstract/fft.d.ts.map +1 -0
- package/abstract/fft.js +439 -0
- package/abstract/fft.js.map +1 -0
- package/abstract/hash-to-curve.d.ts +10 -5
- package/abstract/hash-to-curve.d.ts.map +1 -1
- package/abstract/hash-to-curve.js +31 -23
- package/abstract/hash-to-curve.js.map +1 -1
- package/abstract/modular.d.ts +13 -12
- package/abstract/modular.d.ts.map +1 -1
- package/abstract/modular.js +158 -158
- package/abstract/modular.js.map +1 -1
- package/abstract/montgomery.d.ts +4 -9
- package/abstract/montgomery.d.ts.map +1 -1
- package/abstract/montgomery.js +70 -90
- package/abstract/montgomery.js.map +1 -1
- package/abstract/poseidon.d.ts +39 -2
- package/abstract/poseidon.d.ts.map +1 -1
- package/abstract/poseidon.js +183 -4
- package/abstract/poseidon.js.map +1 -1
- package/abstract/tower.d.ts.map +1 -1
- package/abstract/tower.js +4 -5
- package/abstract/tower.js.map +1 -1
- package/abstract/utils.d.ts +1 -0
- package/abstract/utils.d.ts.map +1 -1
- package/abstract/utils.js +2 -0
- package/abstract/utils.js.map +1 -1
- package/abstract/weierstrass.d.ts +31 -9
- package/abstract/weierstrass.d.ts.map +1 -1
- package/abstract/weierstrass.js +67 -48
- package/abstract/weierstrass.js.map +1 -1
- package/bls12-381.d.ts.map +1 -1
- package/bls12-381.js +9 -23
- package/bls12-381.js.map +1 -1
- package/bn254.d.ts +1 -0
- package/bn254.d.ts.map +1 -1
- package/bn254.js +10 -0
- package/bn254.js.map +1 -1
- package/ed25519.d.ts +19 -5
- package/ed25519.d.ts.map +1 -1
- package/ed25519.js +29 -18
- package/ed25519.js.map +1 -1
- package/ed448.d.ts +21 -5
- package/ed448.d.ts.map +1 -1
- package/ed448.js +46 -34
- package/ed448.js.map +1 -1
- package/esm/abstract/bls.js +1 -1
- package/esm/abstract/bls.js.map +1 -1
- package/esm/abstract/curve.d.ts +1 -1
- package/esm/abstract/curve.d.ts.map +1 -1
- package/esm/abstract/curve.js +13 -4
- package/esm/abstract/curve.js.map +1 -1
- package/esm/abstract/edwards.d.ts.map +1 -1
- package/esm/abstract/edwards.js +19 -5
- package/esm/abstract/edwards.js.map +1 -1
- package/esm/abstract/fft.d.ts +120 -0
- package/esm/abstract/fft.d.ts.map +1 -0
- package/esm/abstract/fft.js +426 -0
- package/esm/abstract/fft.js.map +1 -0
- package/esm/abstract/hash-to-curve.d.ts +10 -5
- package/esm/abstract/hash-to-curve.d.ts.map +1 -1
- package/esm/abstract/hash-to-curve.js +32 -24
- package/esm/abstract/hash-to-curve.js.map +1 -1
- package/esm/abstract/modular.d.ts +13 -12
- package/esm/abstract/modular.d.ts.map +1 -1
- package/esm/abstract/modular.js +158 -158
- package/esm/abstract/modular.js.map +1 -1
- package/esm/abstract/montgomery.d.ts +4 -9
- package/esm/abstract/montgomery.d.ts.map +1 -1
- package/esm/abstract/montgomery.js +71 -91
- package/esm/abstract/montgomery.js.map +1 -1
- package/esm/abstract/poseidon.d.ts +39 -2
- package/esm/abstract/poseidon.d.ts.map +1 -1
- package/esm/abstract/poseidon.js +180 -5
- package/esm/abstract/poseidon.js.map +1 -1
- package/esm/abstract/tower.d.ts.map +1 -1
- package/esm/abstract/tower.js +4 -5
- package/esm/abstract/tower.js.map +1 -1
- package/esm/abstract/utils.d.ts +1 -0
- package/esm/abstract/utils.d.ts.map +1 -1
- package/esm/abstract/utils.js +2 -0
- package/esm/abstract/utils.js.map +1 -1
- package/esm/abstract/weierstrass.d.ts +31 -9
- package/esm/abstract/weierstrass.d.ts.map +1 -1
- package/esm/abstract/weierstrass.js +69 -50
- package/esm/abstract/weierstrass.js.map +1 -1
- package/esm/bls12-381.d.ts.map +1 -1
- package/esm/bls12-381.js +9 -23
- package/esm/bls12-381.js.map +1 -1
- package/esm/bn254.d.ts +1 -0
- package/esm/bn254.d.ts.map +1 -1
- package/esm/bn254.js +10 -0
- package/esm/bn254.js.map +1 -1
- package/esm/ed25519.d.ts +19 -5
- package/esm/ed25519.d.ts.map +1 -1
- package/esm/ed25519.js +29 -18
- package/esm/ed25519.js.map +1 -1
- package/esm/ed448.d.ts +21 -5
- package/esm/ed448.d.ts.map +1 -1
- package/esm/ed448.js +47 -35
- package/esm/ed448.js.map +1 -1
- package/esm/jubjub.d.ts +11 -1
- package/esm/jubjub.d.ts.map +1 -1
- package/esm/jubjub.js +11 -1
- package/esm/jubjub.js.map +1 -1
- package/esm/misc.d.ts +8 -2
- package/esm/misc.d.ts.map +1 -1
- package/esm/misc.js +10 -4
- package/esm/misc.js.map +1 -1
- package/esm/nist.d.ts +30 -0
- package/esm/nist.d.ts.map +1 -0
- package/esm/nist.js +121 -0
- package/esm/nist.js.map +1 -0
- package/esm/p256.d.ts +7 -9
- package/esm/p256.d.ts.map +1 -1
- package/esm/p256.js +6 -44
- package/esm/p256.js.map +1 -1
- package/esm/p384.d.ts +9 -10
- package/esm/p384.d.ts.map +1 -1
- package/esm/p384.js +7 -46
- package/esm/p384.js.map +1 -1
- package/esm/p521.d.ts +7 -8
- package/esm/p521.d.ts.map +1 -1
- package/esm/p521.js +6 -46
- package/esm/p521.js.map +1 -1
- package/esm/pasta.d.ts +9 -1
- package/esm/pasta.d.ts.map +1 -1
- package/esm/pasta.js +9 -1
- package/esm/pasta.js.map +1 -1
- package/esm/secp256k1.d.ts +3 -3
- package/esm/secp256k1.d.ts.map +1 -1
- package/esm/secp256k1.js +8 -9
- package/esm/secp256k1.js.map +1 -1
- package/jubjub.d.ts +11 -1
- package/jubjub.d.ts.map +1 -1
- package/jubjub.js +12 -5
- package/jubjub.js.map +1 -1
- package/misc.d.ts +8 -2
- package/misc.d.ts.map +1 -1
- package/misc.js +11 -5
- package/misc.js.map +1 -1
- package/nist.d.ts +30 -0
- package/nist.d.ts.map +1 -0
- package/nist.js +124 -0
- package/nist.js.map +1 -0
- package/p256.d.ts +7 -9
- package/p256.d.ts.map +1 -1
- package/p256.js +5 -49
- package/p256.js.map +1 -1
- package/p384.d.ts +9 -10
- package/p384.d.ts.map +1 -1
- package/p384.js +6 -51
- package/p384.js.map +1 -1
- package/p521.d.ts +7 -8
- package/p521.d.ts.map +1 -1
- package/p521.js +5 -51
- package/p521.js.map +1 -1
- package/package.json +117 -8
- package/pasta.d.ts +9 -1
- package/pasta.d.ts.map +1 -1
- package/pasta.js +9 -3
- package/pasta.js.map +1 -1
- package/secp256k1.d.ts +3 -3
- package/secp256k1.d.ts.map +1 -1
- package/secp256k1.js +9 -10
- package/secp256k1.js.map +1 -1
- package/src/abstract/bls.ts +1 -1
- package/src/abstract/curve.ts +11 -6
- package/src/abstract/edwards.ts +26 -12
- package/src/abstract/fft.ts +508 -0
- package/src/abstract/hash-to-curve.ts +44 -36
- package/src/abstract/modular.ts +154 -153
- package/src/abstract/montgomery.ts +78 -109
- package/src/abstract/poseidon.ts +208 -13
- package/src/abstract/tower.ts +4 -5
- package/src/abstract/utils.ts +2 -0
- package/src/abstract/weierstrass.ts +109 -61
- package/src/bls12-381.ts +11 -27
- package/src/bn254.ts +10 -0
- package/src/ed25519.ts +32 -19
- package/src/ed448.ts +91 -75
- package/src/jubjub.ts +12 -5
- package/src/misc.ts +10 -4
- package/src/nist.ts +155 -0
- package/src/p256.ts +6 -50
- package/src/p384.ts +8 -56
- package/src/p521.ts +6 -65
- package/src/pasta.ts +9 -1
- package/src/secp256k1.ts +12 -11
package/abstract/montgomery.js
CHANGED
|
@@ -12,60 +12,88 @@ const modular_ts_1 = require("./modular.js");
|
|
|
12
12
|
const utils_ts_1 = require("./utils.js");
|
|
13
13
|
const _0n = BigInt(0);
|
|
14
14
|
const _1n = BigInt(1);
|
|
15
|
+
const _2n = BigInt(2);
|
|
15
16
|
function validateOpts(curve) {
|
|
16
17
|
(0, utils_ts_1.validateObject)(curve, {
|
|
17
|
-
a: 'bigint',
|
|
18
|
-
}, {
|
|
19
|
-
montgomeryBits: 'isSafeInteger',
|
|
20
|
-
nByteLength: 'isSafeInteger',
|
|
21
18
|
adjustScalarBytes: 'function',
|
|
22
|
-
domain: 'function',
|
|
23
19
|
powPminus2: 'function',
|
|
24
|
-
Gu: 'bigint',
|
|
25
20
|
});
|
|
26
|
-
// Set defaults
|
|
27
21
|
return Object.freeze({ ...curve });
|
|
28
22
|
}
|
|
29
|
-
// Uses only one coordinate instead of two
|
|
30
23
|
function montgomery(curveDef) {
|
|
31
24
|
const CURVE = validateOpts(curveDef);
|
|
32
|
-
const { P } = CURVE;
|
|
25
|
+
const { P, type, adjustScalarBytes, powPminus2 } = CURVE;
|
|
26
|
+
const is25519 = type === 'x25519';
|
|
27
|
+
if (!is25519 && type !== 'x448')
|
|
28
|
+
throw new Error('invalid type');
|
|
29
|
+
const montgomeryBits = is25519 ? 255 : 448;
|
|
30
|
+
const fieldLen = is25519 ? 32 : 56;
|
|
31
|
+
const Gu = is25519 ? BigInt(9) : BigInt(5);
|
|
32
|
+
// RFC 7748 #5:
|
|
33
|
+
// The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519 and
|
|
34
|
+
// (156326 - 2) / 4 = 39081 for curve448/X448
|
|
35
|
+
// const a = is25519 ? 156326n : 486662n;
|
|
36
|
+
const a24 = is25519 ? BigInt(121665) : BigInt(39081);
|
|
37
|
+
// RFC: x25519 "the resulting integer is of the form 2^254 plus
|
|
38
|
+
// eight times a value between 0 and 2^251 - 1 (inclusive)"
|
|
39
|
+
// x448: "2^447 plus four times a value between 0 and 2^445 - 1 (inclusive)"
|
|
40
|
+
const minScalar = is25519 ? _2n ** BigInt(254) : _2n ** BigInt(447);
|
|
41
|
+
const maxAdded = is25519
|
|
42
|
+
? BigInt(8) * _2n ** BigInt(251) - _1n
|
|
43
|
+
: BigInt(4) * _2n ** BigInt(445) - _1n;
|
|
44
|
+
const maxScalar = minScalar + maxAdded + _1n; // (inclusive)
|
|
33
45
|
const modP = (n) => (0, modular_ts_1.mod)(n, P);
|
|
34
|
-
const
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
46
|
+
const GuBytes = encodeU(Gu);
|
|
47
|
+
function encodeU(u) {
|
|
48
|
+
return (0, utils_ts_1.numberToBytesLE)(modP(u), fieldLen);
|
|
49
|
+
}
|
|
50
|
+
function decodeU(u) {
|
|
51
|
+
const _u = (0, utils_ts_1.ensureBytes)('u coordinate', u, fieldLen);
|
|
52
|
+
// RFC: When receiving such an array, implementations of X25519
|
|
53
|
+
// (but not X448) MUST mask the most significant bit in the final byte.
|
|
54
|
+
if (is25519)
|
|
55
|
+
_u[31] &= 127; // 0b0111_1111
|
|
56
|
+
// RFC: Implementations MUST accept non-canonical values and process them as
|
|
57
|
+
// if they had been reduced modulo the field prime. The non-canonical
|
|
58
|
+
// values are 2^255 - 19 through 2^255 - 1 for X25519 and 2^448 - 2^224
|
|
59
|
+
// - 1 through 2^448 - 1 for X448.
|
|
60
|
+
return modP((0, utils_ts_1.bytesToNumberLE)(_u));
|
|
61
|
+
}
|
|
62
|
+
function decodeScalar(scalar) {
|
|
63
|
+
return (0, utils_ts_1.bytesToNumberLE)(adjustScalarBytes((0, utils_ts_1.ensureBytes)('scalar', scalar, fieldLen)));
|
|
64
|
+
}
|
|
65
|
+
function scalarMult(scalar, u) {
|
|
66
|
+
const pu = montgomeryLadder(decodeU(u), decodeScalar(scalar));
|
|
67
|
+
// Some public keys are useless, of low-order. Curve author doesn't think
|
|
68
|
+
// it needs to be validated, but we do it nonetheless.
|
|
69
|
+
// https://cr.yp.to/ecdh.html#validate
|
|
70
|
+
if (pu === _0n)
|
|
71
|
+
throw new Error('invalid private or public key received');
|
|
72
|
+
return encodeU(pu);
|
|
73
|
+
}
|
|
74
|
+
// Computes public key from private. By doing scalar multiplication of base point.
|
|
75
|
+
function scalarMultBase(scalar) {
|
|
76
|
+
return scalarMult(scalar, GuBytes);
|
|
77
|
+
}
|
|
78
|
+
// cswap from RFC7748 "example code"
|
|
49
79
|
function cswap(swap, x_2, x_3) {
|
|
80
|
+
// dummy = mask(swap) AND (x_2 XOR x_3)
|
|
81
|
+
// Where mask(swap) is the all-1 or all-0 word of the same length as x_2
|
|
82
|
+
// and x_3, computed, e.g., as mask(swap) = 0 - swap.
|
|
50
83
|
const dummy = modP(swap * (x_2 - x_3));
|
|
51
|
-
x_2 = modP(x_2 - dummy);
|
|
52
|
-
x_3 = modP(x_3 + dummy);
|
|
53
|
-
return
|
|
84
|
+
x_2 = modP(x_2 - dummy); // x_2 = x_2 XOR dummy
|
|
85
|
+
x_3 = modP(x_3 + dummy); // x_3 = x_3 XOR dummy
|
|
86
|
+
return { x_2, x_3 };
|
|
54
87
|
}
|
|
55
|
-
// x25519 from 4
|
|
56
|
-
// The constant a24 is (486662 - 2) / 4 = 121665 for curve25519/X25519
|
|
57
|
-
const a24 = (CURVE.a - BigInt(2)) / BigInt(4);
|
|
58
88
|
/**
|
|
59
|
-
*
|
|
89
|
+
* Montgomery x-only multiplication ladder.
|
|
60
90
|
* @param pointU u coordinate (x) on Montgomery Curve 25519
|
|
61
91
|
* @param scalar by which the point would be multiplied
|
|
62
92
|
* @returns new Point on Montgomery curve
|
|
63
93
|
*/
|
|
64
94
|
function montgomeryLadder(u, scalar) {
|
|
65
95
|
(0, utils_ts_1.aInRange)('u', u, _0n, P);
|
|
66
|
-
(0, utils_ts_1.aInRange)('scalar', scalar,
|
|
67
|
-
// Section 5: Implementations MUST accept non-canonical values and process them as
|
|
68
|
-
// if they had been reduced modulo the field prime.
|
|
96
|
+
(0, utils_ts_1.aInRange)('scalar', scalar, minScalar, maxScalar);
|
|
69
97
|
const k = scalar;
|
|
70
98
|
const x_1 = u;
|
|
71
99
|
let x_2 = _1n;
|
|
@@ -73,16 +101,11 @@ function montgomery(curveDef) {
|
|
|
73
101
|
let x_3 = u;
|
|
74
102
|
let z_3 = _1n;
|
|
75
103
|
let swap = _0n;
|
|
76
|
-
let sw;
|
|
77
104
|
for (let t = BigInt(montgomeryBits - 1); t >= _0n; t--) {
|
|
78
105
|
const k_t = (k >> t) & _1n;
|
|
79
106
|
swap ^= k_t;
|
|
80
|
-
|
|
81
|
-
x_2 =
|
|
82
|
-
x_3 = sw[1];
|
|
83
|
-
sw = cswap(swap, z_2, z_3);
|
|
84
|
-
z_2 = sw[0];
|
|
85
|
-
z_3 = sw[1];
|
|
107
|
+
({ x_2, x_3 } = cswap(swap, x_2, x_3));
|
|
108
|
+
({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
|
|
86
109
|
swap = k_t;
|
|
87
110
|
const A = x_2 + z_2;
|
|
88
111
|
const AA = modP(A * A);
|
|
@@ -100,61 +123,18 @@ function montgomery(curveDef) {
|
|
|
100
123
|
x_2 = modP(AA * BB);
|
|
101
124
|
z_2 = modP(E * (AA + modP(a24 * E)));
|
|
102
125
|
}
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
|
|
107
|
-
// (z_2, z_3) = cswap(swap, z_2, z_3)
|
|
108
|
-
sw = cswap(swap, z_2, z_3);
|
|
109
|
-
z_2 = sw[0];
|
|
110
|
-
z_3 = sw[1];
|
|
111
|
-
// z_2^(p - 2)
|
|
112
|
-
const z2 = powPminus2(z_2);
|
|
113
|
-
// Return x_2 * (z_2^(p - 2))
|
|
114
|
-
return modP(x_2 * z2);
|
|
115
|
-
}
|
|
116
|
-
function encodeUCoordinate(u) {
|
|
117
|
-
return (0, utils_ts_1.numberToBytesLE)(modP(u), montgomeryBytes);
|
|
118
|
-
}
|
|
119
|
-
function decodeUCoordinate(uEnc) {
|
|
120
|
-
// Section 5: When receiving such an array, implementations of X25519
|
|
121
|
-
// MUST mask the most significant bit in the final byte.
|
|
122
|
-
const u = (0, utils_ts_1.ensureBytes)('u coordinate', uEnc, montgomeryBytes);
|
|
123
|
-
if (fieldLen === 32)
|
|
124
|
-
u[31] &= 127; // 0b0111_1111
|
|
125
|
-
return (0, utils_ts_1.bytesToNumberLE)(u);
|
|
126
|
-
}
|
|
127
|
-
function decodeScalar(n) {
|
|
128
|
-
const bytes = (0, utils_ts_1.ensureBytes)('scalar', n);
|
|
129
|
-
const len = bytes.length;
|
|
130
|
-
if (len !== montgomeryBytes && len !== fieldLen) {
|
|
131
|
-
let valid = '' + montgomeryBytes + ' or ' + fieldLen;
|
|
132
|
-
throw new Error('invalid scalar, expected ' + valid + ' bytes, got ' + len);
|
|
133
|
-
}
|
|
134
|
-
return (0, utils_ts_1.bytesToNumberLE)(adjustScalarBytes(bytes));
|
|
135
|
-
}
|
|
136
|
-
function scalarMult(scalar, u) {
|
|
137
|
-
const pointU = decodeUCoordinate(u);
|
|
138
|
-
const _scalar = decodeScalar(scalar);
|
|
139
|
-
const pu = montgomeryLadder(pointU, _scalar);
|
|
140
|
-
// The result was not contributory
|
|
141
|
-
// https://cr.yp.to/ecdh.html#validate
|
|
142
|
-
if (pu === _0n)
|
|
143
|
-
throw new Error('invalid private or public key received');
|
|
144
|
-
return encodeUCoordinate(pu);
|
|
145
|
-
}
|
|
146
|
-
// Computes public key from private. By doing scalar multiplication of base point.
|
|
147
|
-
const GuBytes = encodeUCoordinate(CURVE.Gu);
|
|
148
|
-
function scalarMultBase(scalar) {
|
|
149
|
-
return scalarMult(scalar, GuBytes);
|
|
126
|
+
({ x_2, x_3 } = cswap(swap, x_2, x_3));
|
|
127
|
+
({ x_2: z_2, x_3: z_3 } = cswap(swap, z_2, z_3));
|
|
128
|
+
const z2 = powPminus2(z_2); // `Fp.pow(x, P - _2n)` is much slower equivalent
|
|
129
|
+
return modP(x_2 * z2); // Return x_2 * (z_2^(p - 2))
|
|
150
130
|
}
|
|
151
131
|
return {
|
|
152
132
|
scalarMult,
|
|
153
133
|
scalarMultBase,
|
|
154
134
|
getSharedSecret: (privateKey, publicKey) => scalarMult(privateKey, publicKey),
|
|
155
135
|
getPublicKey: (privateKey) => scalarMultBase(privateKey),
|
|
156
|
-
utils: { randomPrivateKey: () => CURVE.randomBytes(
|
|
157
|
-
GuBytes: GuBytes,
|
|
136
|
+
utils: { randomPrivateKey: () => CURVE.randomBytes(fieldLen) },
|
|
137
|
+
GuBytes: GuBytes.slice(),
|
|
158
138
|
};
|
|
159
139
|
}
|
|
160
140
|
//# sourceMappingURL=montgomery.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"montgomery.js","sourceRoot":"","sources":["../src/abstract/montgomery.ts"],"names":[],"mappings":";;AA8CA,gCAsHC;AApKD;;;;;GAKG;AACH,sEAAsE;AACtE,6CAAmC;AACnC,yCAMoB;AAEpB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAoBtB,SAAS,YAAY,CAAC,KAAgB;IACpC,IAAA,yBAAc,EAAC,KAAK,EAAE;QACpB,iBAAiB,EAAE,UAAU;QAC7B,UAAU,EAAE,UAAU;KACvB,CAAC,CAAC;IACH,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,EAAW,CAAC,CAAC;AAC9C,CAAC;AAED,SAAgB,UAAU,CAAC,QAAmB;IAC5C,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACrC,MAAM,EAAE,CAAC,EAAE,IAAI,EAAE,iBAAiB,EAAE,UAAU,EAAE,GAAG,KAAK,CAAC;IACzD,MAAM,OAAO,GAAG,IAAI,KAAK,QAAQ,CAAC;IAClC,IAAI,CAAC,OAAO,IAAI,IAAI,KAAK,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IAEjE,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;IAC3C,MAAM,QAAQ,GAAG,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;IACnC,MAAM,EAAE,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC3C,eAAe;IACf,0EAA0E;IAC1E,6CAA6C;IAC7C,yCAAyC;IACzC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACrD,+DAA+D;IAC/D,2DAA2D;IAC3D,4EAA4E;IAC5E,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC;IACpE,MAAM,QAAQ,GAAG,OAAO;QACtB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG;QACtC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IACzC,MAAM,SAAS,GAAG,SAAS,GAAG,QAAQ,GAAG,GAAG,CAAC,CAAC,cAAc;IAC5D,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,gBAAG,EAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,OAAO,CAAC,EAAE,CAAC,CAAC;IAC5B,SAAS,OAAO,CAAC,CAAS;QACxB,OAAO,IAAA,0BAAe,EAAC,IAAI,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IACD,SAAS,OAAO,CAAC,CAAM;QACrB,MAAM,EAAE,GAAG,IAAA,sBAAW,EAAC,cAAc,EAAE,CAAC,EAAE,QAAQ,CAAC,CAAC;QACpD,+DAA+D;QAC/D,uEAAuE;QACvE,IAAI,OAAO;YAAE,EAAE,CAAC,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,cAAc;QAC1C,4EAA4E;QAC5E,sEAAsE;QACtE,uEAAuE;QACvE,kCAAkC;QAClC,OAAO,IAAI,CAAC,IAAA,0BAAe,EAAC,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC;IACD,SAAS,YAAY,CAAC,MAAW;QAC/B,OAAO,IAAA,0BAAe,EAAC,iBAAiB,CAAC,IAAA,sBAAW,EAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;IACrF,CAAC;IACD,SAAS,UAAU,CAAC,MAAW,EAAE,CAAM;QACrC,MAAM,EAAE,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC;QAC9D,yEAAyE;QACzE,sDAAsD;QACtD,sCAAsC;QACtC,IAAI,EAAE,KAAK,GAAG;YAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC1E,OAAO,OAAO,CAAC,EAAE,CAAC,CAAC;IACrB,CAAC;IACD,kFAAkF;IAClF,SAAS,cAAc,CAAC,MAAW;QACjC,OAAO,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,CAAC;IAED,oCAAoC;IACpC,SAAS,KAAK,CAAC,IAAY,EAAE,GAAW,EAAE,GAAW;QACnD,uCAAuC;QACvC,wEAAwE;QACxE,qDAAqD;QACrD,MAAM,KAAK,GAAG,IAAI,CAAC,IAAI,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,CAAC;QACvC,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB;QAC/C,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,sBAAsB;QAC/C,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;IACtB,CAAC;IAED;;;;;OAKG;IACH,SAAS,gBAAgB,CAAC,CAAS,EAAE,MAAc;QACjD,IAAA,mBAAQ,EAAC,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;QACzB,IAAA,mBAAQ,EAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACjD,MAAM,CAAC,GAAG,MAAM,CAAC;QACjB,MAAM,GAAG,GAAG,CAAC,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,GAAG,GAAG,CAAC,CAAC;QACZ,IAAI,GAAG,GAAG,GAAG,CAAC;QACd,IAAI,IAAI,GAAG,GAAG,CAAC;QACf,KAAK,IAAI,CAAC,GAAG,MAAM,CAAC,cAAc,GAAG,CAAC,CAAC,EAAE,CAAC,IAAI,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;YACvD,MAAM,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;YAC3B,IAAI,IAAI,GAAG,CAAC;YACZ,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YACvC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;YACjD,IAAI,GAAG,GAAG,CAAC;YAEX,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC;YAClB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,CAAC;YACpB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,EAAE,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;YACvB,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,CAAC;YACrB,MAAM,KAAK,GAAG,EAAE,GAAG,EAAE,CAAC;YACtB,GAAG,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC;YACxB,GAAG,GAAG,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC;YACtC,GAAG,GAAG,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;YACpB,GAAG,GAAG,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,CAAC;QACD,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACvC,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,iDAAiD;QAC7E,OAAO,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,CAAC,CAAC,6BAA6B;IACtD,CAAC;IAED,OAAO;QACL,UAAU;QACV,cAAc;QACd,eAAe,EAAE,CAAC,UAAe,EAAE,SAAc,EAAE,EAAE,CAAC,UAAU,CAAC,UAAU,EAAE,SAAS,CAAC;QACvF,YAAY,EAAE,CAAC,UAAe,EAAc,EAAE,CAAC,cAAc,CAAC,UAAU,CAAC;QACzE,KAAK,EAAE,EAAE,gBAAgB,EAAE,GAAG,EAAE,CAAC,KAAK,CAAC,WAAY,CAAC,QAAQ,CAAC,EAAE;QAC/D,OAAO,EAAE,OAAO,CAAC,KAAK,EAAE;KACzB,CAAC;AACJ,CAAC"}
|
package/abstract/poseidon.d.ts
CHANGED
|
@@ -8,16 +8,25 @@
|
|
|
8
8
|
*/
|
|
9
9
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
10
10
|
import { type IField } from './modular.ts';
|
|
11
|
-
export type
|
|
11
|
+
export type PoseidonBasicOpts = {
|
|
12
12
|
Fp: IField<bigint>;
|
|
13
13
|
t: number;
|
|
14
14
|
roundsFull: number;
|
|
15
15
|
roundsPartial: number;
|
|
16
|
+
isSboxInverse?: boolean;
|
|
17
|
+
};
|
|
18
|
+
export type PoseidonGrainOpts = PoseidonBasicOpts & {
|
|
16
19
|
sboxPower?: number;
|
|
17
|
-
|
|
20
|
+
};
|
|
21
|
+
type PoseidonConstants = {
|
|
18
22
|
mds: bigint[][];
|
|
19
23
|
roundConstants: bigint[][];
|
|
20
24
|
};
|
|
25
|
+
export declare function grainGenConstants(opts: PoseidonGrainOpts, skipMDS?: number): PoseidonConstants;
|
|
26
|
+
export type PoseidonOpts = PoseidonBasicOpts & PoseidonConstants & {
|
|
27
|
+
sboxPower?: number;
|
|
28
|
+
reversePartialPowIdx?: boolean;
|
|
29
|
+
};
|
|
21
30
|
export declare function validateOpts(opts: PoseidonOpts): Readonly<{
|
|
22
31
|
rounds: number;
|
|
23
32
|
sboxFn: (n: bigint) => bigint;
|
|
@@ -36,4 +45,32 @@ export declare function poseidon(opts: PoseidonOpts): {
|
|
|
36
45
|
(values: bigint[]): bigint[];
|
|
37
46
|
roundConstants: bigint[][];
|
|
38
47
|
};
|
|
48
|
+
export declare class PoseidonSponge {
|
|
49
|
+
private Fp;
|
|
50
|
+
readonly rate: number;
|
|
51
|
+
readonly capacity: number;
|
|
52
|
+
readonly hash: ReturnType<typeof poseidon>;
|
|
53
|
+
private state;
|
|
54
|
+
private pos;
|
|
55
|
+
private isAbsorbing;
|
|
56
|
+
constructor(Fp: IField<bigint>, rate: number, capacity: number, hash: ReturnType<typeof poseidon>);
|
|
57
|
+
private process;
|
|
58
|
+
absorb(input: bigint[]): void;
|
|
59
|
+
squeeze(count: number): bigint[];
|
|
60
|
+
clean(): void;
|
|
61
|
+
clone(): PoseidonSponge;
|
|
62
|
+
}
|
|
63
|
+
export type PoseidonSpongeOpts = Omit<PoseidonOpts, 't'> & {
|
|
64
|
+
rate: number;
|
|
65
|
+
capacity: number;
|
|
66
|
+
};
|
|
67
|
+
/**
|
|
68
|
+
* The method is not defined in spec, but nevertheless used often.
|
|
69
|
+
* Check carefully for compatibility: there are many edge cases, like absorbing an empty array.
|
|
70
|
+
* We cross-test against:
|
|
71
|
+
* - https://github.com/ProvableHQ/snarkVM/tree/staging/algorithms
|
|
72
|
+
* - https://github.com/arkworks-rs/crypto-primitives/tree/main
|
|
73
|
+
*/
|
|
74
|
+
export declare function poseidonSponge(opts: PoseidonSpongeOpts): () => PoseidonSponge;
|
|
75
|
+
export {};
|
|
39
76
|
//# sourceMappingURL=poseidon.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"poseidon.d.ts","sourceRoot":"","sources":["../src/abstract/poseidon.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,sEAAsE;AACtE,OAAO,
|
|
1
|
+
{"version":3,"file":"poseidon.d.ts","sourceRoot":"","sources":["../src/abstract/poseidon.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,sEAAsE;AACtE,OAAO,EAAwB,KAAK,MAAM,EAAiB,MAAM,cAAc,CAAC;AA0BhF,MAAM,MAAM,iBAAiB,GAAG;IAC9B,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC,EAAE,MAAM,CAAC;IACV,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,OAAO,CAAC;CACzB,CAAC;AAkDF,MAAM,MAAM,iBAAiB,GAAG,iBAAiB,GAAG;IAClD,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC;AAEF,KAAK,iBAAiB,GAAG;IAAE,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;IAAC,cAAc,EAAE,MAAM,EAAE,EAAE,CAAA;CAAE,CAAC;AAIzE,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,iBAAiB,EAAE,OAAO,GAAE,MAAU,GAAG,iBAAiB,CAuBjG;AAED,MAAM,MAAM,YAAY,GAAG,iBAAiB,GAC1C,iBAAiB,GAAG;IAClB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC;AAEJ,wBAAgB,YAAY,CAAC,IAAI,EAAE,YAAY,GAAG,QAAQ,CAAC;IACzD,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAC9B,cAAc,EAAE,MAAM,EAAE,EAAE,CAAC;IAC3B,GAAG,EAAE,MAAM,EAAE,EAAE,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC,EAAE,MAAM,CAAC;IACV,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,oBAAoB,CAAC,EAAE,OAAO,CAAC;CAChC,CAAC,CAwCD;AAED,wBAAgB,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,EAAE,CAalE;AAED,kCAAkC;AAClC,wBAAgB,QAAQ,CAAC,IAAI,EAAE,YAAY,GAAG;IAC5C,CAAC,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;IAE7B,cAAc,EAAE,MAAM,EAAE,EAAE,CAAC;CAC5B,CAmCA;AAED,qBAAa,cAAc;IACzB,OAAO,CAAC,EAAE,CAAiB;IAC3B,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,IAAI,EAAE,UAAU,CAAC,OAAO,QAAQ,CAAC,CAAC;IAC3C,OAAO,CAAC,KAAK,CAAW;IACxB,OAAO,CAAC,GAAG,CAAK;IAChB,OAAO,CAAC,WAAW,CAAQ;gBAGzB,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,EAClB,IAAI,EAAE,MAAM,EACZ,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,UAAU,CAAC,OAAO,QAAQ,CAAC;IASnC,OAAO,CAAC,OAAO;IAGf,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,IAAI;IAgB7B,OAAO,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE;IAahC,KAAK,IAAI,IAAI;IAKb,KAAK,IAAI,cAAc;CAMxB;AAED,MAAM,MAAM,kBAAkB,GAAG,IAAI,CAAC,YAAY,EAAE,GAAG,CAAC,GAAG;IACzD,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;CAClB,CAAC;AAEF;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,kBAAkB,GAAG,MAAM,cAAc,CAW7E"}
|
package/abstract/poseidon.js
CHANGED
|
@@ -1,8 +1,11 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.PoseidonSponge = void 0;
|
|
4
|
+
exports.grainGenConstants = grainGenConstants;
|
|
3
5
|
exports.validateOpts = validateOpts;
|
|
4
6
|
exports.splitConstants = splitConstants;
|
|
5
7
|
exports.poseidon = poseidon;
|
|
8
|
+
exports.poseidonSponge = poseidonSponge;
|
|
6
9
|
/**
|
|
7
10
|
* Implements [Poseidon](https://www.poseidon-hash.info) ZK-friendly hash.
|
|
8
11
|
*
|
|
@@ -13,14 +16,113 @@ exports.poseidon = poseidon;
|
|
|
13
16
|
*/
|
|
14
17
|
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
|
|
15
18
|
const modular_ts_1 = require("./modular.js");
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
+
const utils_ts_1 = require("./utils.js");
|
|
20
|
+
// Grain LFSR (Linear-Feedback Shift Register): https://eprint.iacr.org/2009/109.pdf
|
|
21
|
+
function grainLFSR(state) {
|
|
22
|
+
let pos = 0;
|
|
23
|
+
if (state.length !== 80)
|
|
24
|
+
throw new Error('grainLFRS: wrong state length, should be 80 bits');
|
|
25
|
+
const getBit = () => {
|
|
26
|
+
const r = (offset) => state[(pos + offset) % 80];
|
|
27
|
+
const bit = r(62) ^ r(51) ^ r(38) ^ r(23) ^ r(13) ^ r(0);
|
|
28
|
+
state[pos] = bit;
|
|
29
|
+
pos = ++pos % 80;
|
|
30
|
+
return !!bit;
|
|
31
|
+
};
|
|
32
|
+
for (let i = 0; i < 160; i++)
|
|
33
|
+
getBit();
|
|
34
|
+
return () => {
|
|
35
|
+
// https://en.wikipedia.org/wiki/Shrinking_generator
|
|
36
|
+
while (true) {
|
|
37
|
+
const b1 = getBit();
|
|
38
|
+
const b2 = getBit();
|
|
39
|
+
if (!b1)
|
|
40
|
+
continue;
|
|
41
|
+
return b2;
|
|
42
|
+
}
|
|
43
|
+
};
|
|
44
|
+
}
|
|
45
|
+
function validateBasicOpts(opts) {
|
|
46
|
+
const { Fp, roundsFull } = opts;
|
|
19
47
|
(0, modular_ts_1.validateField)(Fp);
|
|
20
48
|
for (const i of ['t', 'roundsFull', 'roundsPartial']) {
|
|
21
49
|
if (typeof opts[i] !== 'number' || !Number.isSafeInteger(opts[i]))
|
|
22
50
|
throw new Error('invalid number ' + i);
|
|
23
51
|
}
|
|
52
|
+
if (opts.isSboxInverse !== undefined && typeof opts.isSboxInverse !== 'boolean')
|
|
53
|
+
throw new Error(`Poseidon: invalid param isSboxInverse=${opts.isSboxInverse}`);
|
|
54
|
+
if (roundsFull & 1)
|
|
55
|
+
throw new Error('roundsFull is not even' + roundsFull);
|
|
56
|
+
}
|
|
57
|
+
function poseidonGrain(opts) {
|
|
58
|
+
validateBasicOpts(opts);
|
|
59
|
+
const { Fp } = opts;
|
|
60
|
+
const state = Array(80).fill(1);
|
|
61
|
+
let pos = 0;
|
|
62
|
+
const writeBits = (value, bitCount) => {
|
|
63
|
+
for (let i = bitCount - 1; i >= 0; i--)
|
|
64
|
+
state[pos++] = Number((0, utils_ts_1.bitGet)(value, i));
|
|
65
|
+
};
|
|
66
|
+
const _0n = BigInt(0);
|
|
67
|
+
const _1n = BigInt(1);
|
|
68
|
+
writeBits(_1n, 2); // prime field
|
|
69
|
+
writeBits(opts.isSboxInverse ? _1n : _0n, 4); // b2..b5
|
|
70
|
+
writeBits(BigInt(Fp.BITS), 12); // b6..b17
|
|
71
|
+
writeBits(BigInt(opts.t), 12); // b18..b29
|
|
72
|
+
writeBits(BigInt(opts.roundsFull), 10); // b30..b39
|
|
73
|
+
writeBits(BigInt(opts.roundsPartial), 10); // b40..b49
|
|
74
|
+
const getBit = grainLFSR(state);
|
|
75
|
+
return (count, reject) => {
|
|
76
|
+
const res = [];
|
|
77
|
+
for (let i = 0; i < count; i++) {
|
|
78
|
+
while (true) {
|
|
79
|
+
let num = _0n;
|
|
80
|
+
for (let i = 0; i < Fp.BITS; i++) {
|
|
81
|
+
num <<= _1n;
|
|
82
|
+
if (getBit())
|
|
83
|
+
num |= _1n;
|
|
84
|
+
}
|
|
85
|
+
if (reject && num >= Fp.ORDER)
|
|
86
|
+
continue; // rejection sampling
|
|
87
|
+
res.push(Fp.create(num));
|
|
88
|
+
break;
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
return res;
|
|
92
|
+
};
|
|
93
|
+
}
|
|
94
|
+
// NOTE: this is not standard but used often for constant generation for poseidon
|
|
95
|
+
// (grain LFRS-like structure)
|
|
96
|
+
function grainGenConstants(opts, skipMDS = 0) {
|
|
97
|
+
const { Fp, t, roundsFull, roundsPartial } = opts;
|
|
98
|
+
const rounds = roundsFull + roundsPartial;
|
|
99
|
+
const sample = poseidonGrain(opts);
|
|
100
|
+
const roundConstants = [];
|
|
101
|
+
for (let r = 0; r < rounds; r++)
|
|
102
|
+
roundConstants.push(sample(t, true));
|
|
103
|
+
if (skipMDS > 0)
|
|
104
|
+
for (let i = 0; i < skipMDS; i++)
|
|
105
|
+
sample(2 * t, false);
|
|
106
|
+
const xs = sample(t, false);
|
|
107
|
+
const ys = sample(t, false);
|
|
108
|
+
// Construct MDS Matrix M[i][j] = 1 / (xs[i] + ys[j])
|
|
109
|
+
const mds = [];
|
|
110
|
+
for (let i = 0; i < t; i++) {
|
|
111
|
+
const row = [];
|
|
112
|
+
for (let j = 0; j < t; j++) {
|
|
113
|
+
const xy = Fp.add(xs[i], ys[j]);
|
|
114
|
+
if (Fp.is0(xy))
|
|
115
|
+
throw new Error(`Error generating MDS matrix: xs[${i}] + ys[${j}] resulted in zero.`);
|
|
116
|
+
row.push(xy);
|
|
117
|
+
}
|
|
118
|
+
mds.push((0, modular_ts_1.FpInvertBatch)(Fp, row));
|
|
119
|
+
}
|
|
120
|
+
return { roundConstants, mds };
|
|
121
|
+
}
|
|
122
|
+
function validateOpts(opts) {
|
|
123
|
+
validateBasicOpts(opts);
|
|
124
|
+
const { Fp, mds, reversePartialPowIdx: rev, roundConstants: rc } = opts;
|
|
125
|
+
const { roundsFull, roundsPartial, sboxPower, t } = opts;
|
|
24
126
|
// MDS is TxT matrix
|
|
25
127
|
if (!Array.isArray(mds) || mds.length !== t)
|
|
26
128
|
throw new Error('Poseidon: invalid MDS matrix');
|
|
@@ -49,7 +151,7 @@ function validateOpts(opts) {
|
|
|
49
151
|
return Fp.create(i);
|
|
50
152
|
});
|
|
51
153
|
});
|
|
52
|
-
if (!sboxPower || ![3, 5, 7].includes(sboxPower))
|
|
154
|
+
if (!sboxPower || ![3, 5, 7, 17].includes(sboxPower))
|
|
53
155
|
throw new Error('invalid sboxPower');
|
|
54
156
|
const _sboxPower = BigInt(sboxPower);
|
|
55
157
|
let sboxFn = (n) => (0, modular_ts_1.FpPow)(Fp, n, _sboxPower);
|
|
@@ -118,4 +220,81 @@ function poseidon(opts) {
|
|
|
118
220
|
poseidonHash.roundConstants = roundConstants;
|
|
119
221
|
return poseidonHash;
|
|
120
222
|
}
|
|
223
|
+
class PoseidonSponge {
|
|
224
|
+
constructor(Fp, rate, capacity, hash) {
|
|
225
|
+
this.pos = 0;
|
|
226
|
+
this.isAbsorbing = true;
|
|
227
|
+
this.Fp = Fp;
|
|
228
|
+
this.hash = hash;
|
|
229
|
+
this.rate = rate;
|
|
230
|
+
this.capacity = capacity;
|
|
231
|
+
this.state = new Array(rate + capacity);
|
|
232
|
+
this.clean();
|
|
233
|
+
}
|
|
234
|
+
process() {
|
|
235
|
+
this.state = this.hash(this.state);
|
|
236
|
+
}
|
|
237
|
+
absorb(input) {
|
|
238
|
+
for (const i of input)
|
|
239
|
+
if (typeof i !== 'bigint' || !this.Fp.isValid(i))
|
|
240
|
+
throw new Error('invalid input: ' + i);
|
|
241
|
+
for (let i = 0; i < input.length;) {
|
|
242
|
+
if (!this.isAbsorbing || this.pos === this.rate) {
|
|
243
|
+
this.process();
|
|
244
|
+
this.pos = 0;
|
|
245
|
+
this.isAbsorbing = true;
|
|
246
|
+
}
|
|
247
|
+
const chunk = Math.min(this.rate - this.pos, input.length - i);
|
|
248
|
+
for (let j = 0; j < chunk; j++) {
|
|
249
|
+
const idx = this.capacity + this.pos++;
|
|
250
|
+
this.state[idx] = this.Fp.add(this.state[idx], input[i++]);
|
|
251
|
+
}
|
|
252
|
+
}
|
|
253
|
+
}
|
|
254
|
+
squeeze(count) {
|
|
255
|
+
const res = [];
|
|
256
|
+
while (res.length < count) {
|
|
257
|
+
if (this.isAbsorbing || this.pos === this.rate) {
|
|
258
|
+
this.process();
|
|
259
|
+
this.pos = 0;
|
|
260
|
+
this.isAbsorbing = false;
|
|
261
|
+
}
|
|
262
|
+
const chunk = Math.min(this.rate - this.pos, count - res.length);
|
|
263
|
+
for (let i = 0; i < chunk; i++)
|
|
264
|
+
res.push(this.state[this.capacity + this.pos++]);
|
|
265
|
+
}
|
|
266
|
+
return res;
|
|
267
|
+
}
|
|
268
|
+
clean() {
|
|
269
|
+
this.state.fill(this.Fp.ZERO);
|
|
270
|
+
this.isAbsorbing = true;
|
|
271
|
+
this.pos = 0;
|
|
272
|
+
}
|
|
273
|
+
clone() {
|
|
274
|
+
const c = new PoseidonSponge(this.Fp, this.rate, this.capacity, this.hash);
|
|
275
|
+
c.pos = this.pos;
|
|
276
|
+
c.state = [...this.state];
|
|
277
|
+
return c;
|
|
278
|
+
}
|
|
279
|
+
}
|
|
280
|
+
exports.PoseidonSponge = PoseidonSponge;
|
|
281
|
+
/**
|
|
282
|
+
* The method is not defined in spec, but nevertheless used often.
|
|
283
|
+
* Check carefully for compatibility: there are many edge cases, like absorbing an empty array.
|
|
284
|
+
* We cross-test against:
|
|
285
|
+
* - https://github.com/ProvableHQ/snarkVM/tree/staging/algorithms
|
|
286
|
+
* - https://github.com/arkworks-rs/crypto-primitives/tree/main
|
|
287
|
+
*/
|
|
288
|
+
function poseidonSponge(opts) {
|
|
289
|
+
for (const i of ['rate', 'capacity']) {
|
|
290
|
+
if (typeof opts[i] !== 'number' || !Number.isSafeInteger(opts[i]))
|
|
291
|
+
throw new Error('invalid number ' + i);
|
|
292
|
+
}
|
|
293
|
+
const { rate, capacity } = opts;
|
|
294
|
+
const t = opts.rate + opts.capacity;
|
|
295
|
+
// Re-use hash instance between multiple instances
|
|
296
|
+
const hash = poseidon({ ...opts, t });
|
|
297
|
+
const { Fp } = opts;
|
|
298
|
+
return () => new PoseidonSponge(Fp, rate, capacity, hash);
|
|
299
|
+
}
|
|
121
300
|
//# sourceMappingURL=poseidon.js.map
|
package/abstract/poseidon.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"poseidon.js","sourceRoot":"","sources":["../src/abstract/poseidon.ts"],"names":[],"mappings":";;AAsBA,oCAwDC;AAED,wCAaC;AAGD,4BAuCC;AAvID;;;;;;;GAOG;AACH,sEAAsE;AACtE,6CAAiE;AAajE,SAAgB,YAAY,CAAC,IAAkB;IAY7C,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,oBAAoB,EAAE,GAAG,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IACxE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC;IAEzD,IAAA,0BAAa,EAAC,EAAE,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,EAAE,eAAe,CAAU,EAAE,CAAC;QAC9D,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC;IAED,oBAAoB;IACpB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC7F,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,MAAM,CAAC,CAAC;QACvD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtB,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,CAAC,CAAC;YAC9E,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,SAAS;QAC/C,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,GAAG,CAAC,CAAC;IAE/D,IAAI,UAAU,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,UAAU,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;IAE1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM;QAC5C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QACnC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACtF,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAClB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACvF,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IACvF,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,kBAAK,EAAC,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;IACrD,qDAAqD;IACrD,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;SAC9D,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjF,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAgB,cAAc,CAAC,EAAY,EAAE,CAAS;IACpD,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAChF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAC/F,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAChB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACd,GAAG,GAAG,EAAE,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kCAAkC;AAClC,SAAgB,QAAQ,CAAC,IAAkB;IAKzC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;IACzF,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,CAAC,MAAgB,EAAE,MAAe,EAAE,GAAW,EAAE,EAAE;QACvE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,IAAI,MAAM;YAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;;YAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QACrD,wBAAwB;QACxB,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9F,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,MAAM,YAAY,GAAG,SAAS,YAAY,CAAC,MAAgB;QACzD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,wDAAwD,GAAG,CAAC,CAAC,CAAC;QAChF,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACxB,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;YAClE,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;QACH,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3F,4BAA4B;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3F,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAE3F,IAAI,SAAS,KAAK,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC3E,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,4BAA4B;IAC5B,YAAY,CAAC,cAAc,GAAG,cAAc,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC"}
|
|
1
|
+
{"version":3,"file":"poseidon.js","sourceRoot":"","sources":["../src/abstract/poseidon.ts"],"names":[],"mappings":";;;AAmGA,8CAuBC;AAQD,oCAmDC;AAED,wCAaC;AAGD,4BAuCC;AAiFD,wCAWC;AA1UD;;;;;;;GAOG;AACH,sEAAsE;AACtE,6CAAgF;AAChF,yCAAoC;AAEpC,oFAAoF;AACpF,SAAS,SAAS,CAAC,KAAe;IAChC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,IAAI,KAAK,CAAC,MAAM,KAAK,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IAC7F,MAAM,MAAM,GAAG,GAAY,EAAE;QAC3B,MAAM,CAAC,GAAG,CAAC,MAAc,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;QACzD,MAAM,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACzD,KAAK,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;QACjB,GAAG,GAAG,EAAE,GAAG,GAAG,EAAE,CAAC;QACjB,OAAO,CAAC,CAAC,GAAG,CAAC;IACf,CAAC,CAAC;IACF,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE;QAAE,MAAM,EAAE,CAAC;IACvC,OAAO,GAAG,EAAE;QACV,oDAAoD;QACpD,OAAO,IAAI,EAAE,CAAC;YACZ,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,MAAM,EAAE,GAAG,MAAM,EAAE,CAAC;YACpB,IAAI,CAAC,EAAE;gBAAE,SAAS;YAClB,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAUD,SAAS,iBAAiB,CAAC,IAAuB;IAChD,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;IAChC,IAAA,0BAAa,EAAC,EAAE,CAAC,CAAC;IAClB,KAAK,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,YAAY,EAAE,eAAe,CAAU,EAAE,CAAC;QAC9D,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,IAAI,IAAI,CAAC,aAAa,KAAK,SAAS,IAAI,OAAO,IAAI,CAAC,aAAa,KAAK,SAAS;QAC7E,MAAM,IAAI,KAAK,CAAC,yCAAyC,IAAI,CAAC,aAAa,EAAE,CAAC,CAAC;IACjF,IAAI,UAAU,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,UAAU,CAAC,CAAC;AAC7E,CAAC;AAED,SAAS,aAAa,CAAC,IAAuB;IAC5C,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACxB,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IACpB,MAAM,KAAK,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAChC,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,MAAM,SAAS,GAAG,CAAC,KAAa,EAAE,QAAgB,EAAE,EAAE;QACpD,KAAK,IAAI,CAAC,GAAG,QAAQ,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;YAAE,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,MAAM,CAAC,IAAA,iBAAM,EAAC,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;IAClF,CAAC,CAAC;IACF,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACtB,SAAS,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,cAAc;IACjC,SAAS,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;IACvD,SAAS,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU;IAC1C,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW;IAC1C,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW;IACnD,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW;IAEtD,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAChC,OAAO,CAAC,KAAa,EAAE,MAAe,EAAY,EAAE;QAClD,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;YAC/B,OAAO,IAAI,EAAE,CAAC;gBACZ,IAAI,GAAG,GAAG,GAAG,CAAC;gBACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;oBACjC,GAAG,KAAK,GAAG,CAAC;oBACZ,IAAI,MAAM,EAAE;wBAAE,GAAG,IAAI,GAAG,CAAC;gBAC3B,CAAC;gBACD,IAAI,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC,KAAK;oBAAE,SAAS,CAAC,qBAAqB;gBAC9D,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBACzB,MAAM;YACR,CAAC;QACH,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC,CAAC;AACJ,CAAC;AAQD,iFAAiF;AACjF,8BAA8B;AAC9B,SAAgB,iBAAiB,CAAC,IAAuB,EAAE,UAAkB,CAAC;IAC5E,MAAM,EAAE,EAAE,EAAE,CAAC,EAAE,UAAU,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC;IAClD,MAAM,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;IAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IACnC,MAAM,cAAc,GAAe,EAAE,CAAC;IACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,MAAM,EAAE,CAAC,EAAE;QAAE,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC;IACtE,IAAI,OAAO,GAAG,CAAC;QAAE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,EAAE,CAAC,EAAE;YAAE,MAAM,CAAC,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC;IACxE,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;IAC5B,qDAAqD;IACrD,MAAM,GAAG,GAAe,EAAE,CAAC;IAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;YAChC,IAAI,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;gBACZ,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,UAAU,CAAC,qBAAqB,CAAC,CAAC;YACxF,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACf,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,IAAA,0BAAa,EAAC,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;IACnC,CAAC;IAED,OAAO,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC;AACjC,CAAC;AAQD,SAAgB,YAAY,CAAC,IAAkB;IAY7C,iBAAiB,CAAC,IAAI,CAAC,CAAC;IACxB,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,oBAAoB,EAAE,GAAG,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IACxE,MAAM,EAAE,UAAU,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC;IAEzD,oBAAoB;IACpB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC7F,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QAC9B,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,MAAM,CAAC,CAAC;QACvD,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACtB,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,GAAG,CAAC,CAAC,CAAC;YAC9E,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,GAAG,KAAK,SAAS,IAAI,OAAO,GAAG,KAAK,SAAS;QAC/C,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,GAAG,CAAC,CAAC;IAE/D,IAAI,UAAU,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,UAAU,CAAC,CAAC;IAC3E,MAAM,MAAM,GAAG,UAAU,GAAG,aAAa,CAAC;IAE1C,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,MAAM;QAC5C,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACvD,MAAM,cAAc,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE;QACnC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QACtF,OAAO,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YAClB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;YACvF,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAC3F,MAAM,UAAU,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IACrC,IAAI,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,IAAA,kBAAK,EAAC,EAAE,EAAE,CAAC,EAAE,UAAU,CAAC,CAAC;IACrD,qDAAqD;IACrD,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;SAC9D,IAAI,SAAS,KAAK,CAAC;QAAE,MAAM,GAAG,CAAC,CAAS,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAEjF,OAAO,MAAM,CAAC,MAAM,CAAC,EAAE,GAAG,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,cAAc,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC;AAC/E,CAAC;AAED,SAAgB,cAAc,CAAC,EAAY,EAAE,CAAS;IACpD,IAAI,OAAO,CAAC,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;IAChF,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;IAC/F,MAAM,GAAG,GAAG,EAAE,CAAC;IACf,IAAI,GAAG,GAAG,EAAE,CAAC;IACb,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACnC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC;QAChB,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACrB,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACd,GAAG,GAAG,EAAE,CAAC;QACX,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED,kCAAkC;AAClC,SAAgB,QAAQ,CAAC,IAAkB;IAKzC,MAAM,KAAK,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,cAAc,EAAE,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC;IACzF,MAAM,cAAc,GAAG,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC;IAC5C,MAAM,UAAU,GAAG,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1D,MAAM,aAAa,GAAG,CAAC,MAAgB,EAAE,MAAe,EAAE,GAAW,EAAE,EAAE;QACvE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAEjE,IAAI,MAAM;YAAE,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;;YAC7C,MAAM,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;QACrD,wBAAwB;QACxB,MAAM,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;QAC9F,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,MAAM,YAAY,GAAG,SAAS,YAAY,CAAC,MAAgB;QACzD,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,wDAAwD,GAAG,CAAC,CAAC,CAAC;QAChF,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;YACxB,IAAI,OAAO,CAAC,KAAK,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;YAClE,OAAO,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC,CAAC,CAAC;QACH,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3F,4BAA4B;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,aAAa,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC,CAAC;QAC3F,2BAA2B;QAC3B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,cAAc,EAAE,CAAC,EAAE;YAAE,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QAE3F,IAAI,SAAS,KAAK,WAAW;YAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;QAC3E,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;IACF,4BAA4B;IAC5B,YAAY,CAAC,cAAc,GAAG,cAAc,CAAC;IAC7C,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,MAAa,cAAc;IASzB,YACE,EAAkB,EAClB,IAAY,EACZ,QAAgB,EAChB,IAAiC;QAP3B,QAAG,GAAG,CAAC,CAAC;QACR,gBAAW,GAAG,IAAI,CAAC;QAQzB,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,IAAI,KAAK,CAAC,IAAI,GAAG,QAAQ,CAAC,CAAC;QACxC,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IACO,OAAO;QACb,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IACD,MAAM,CAAC,KAAe;QACpB,KAAK,MAAM,CAAC,IAAI,KAAK;YACnB,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;QAC3F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,GAAI,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;gBAChD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;gBACb,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;YAC1B,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YAC/D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;gBACvC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC7D,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,CAAC,KAAa;QACnB,MAAM,GAAG,GAAa,EAAE,CAAC;QACzB,OAAO,GAAG,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;YAC1B,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,KAAK,IAAI,CAAC,IAAI,EAAE,CAAC;gBAC/C,IAAI,CAAC,OAAO,EAAE,CAAC;gBACf,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;gBACb,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;YAC3B,CAAC;YACD,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC;YACjE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QAC9B,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC;QACxB,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC;IACf,CAAC;IACD,KAAK;QACH,MAAM,CAAC,GAAG,IAAI,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC3E,CAAC,CAAC,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC;QACjB,CAAC,CAAC,KAAK,GAAG,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1B,OAAO,CAAC,CAAC;IACX,CAAC;CACF;AAjED,wCAiEC;AAOD;;;;;;GAMG;AACH,SAAgB,cAAc,CAAC,IAAwB;IACrD,KAAK,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAU,EAAE,CAAC;QAC9C,IAAI,OAAO,IAAI,CAAC,CAAC,CAAC,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,IAAI,KAAK,CAAC,iBAAiB,GAAG,CAAC,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAChC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC;IACpC,kDAAkD;IAClD,MAAM,IAAI,GAAG,QAAQ,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;IACtC,MAAM,EAAE,EAAE,EAAE,GAAG,IAAI,CAAC;IACpB,OAAO,GAAG,EAAE,CAAC,IAAI,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,CAAC,CAAC;AAC5D,CAAC"}
|
package/abstract/tower.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tower.d.ts","sourceRoot":"","sources":["../src/abstract/tower.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,sEAAsE;AACtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AAEpC,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAOvE,MAAM,MAAM,WAAW,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3C,MAAM,MAAM,EAAE,GAAG,MAAM,CAAC;AAGxB,MAAM,MAAM,GAAG,GAAG;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC;AAC7C,MAAM,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AACzE,MAAM,MAAM,GAAG,GAAG;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AAChD,MAAM,MAAM,IAAI,GAAG;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AAExC,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAC9C,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;CAC/C,CAAC;AAEF,MAAM,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;IACrC,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;QAAE,EAAE,EAAE,EAAE,CAAC;QAAC,EAAE,EAAE,EAAE,CAAA;KAAE,CAAC;IACvC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;IAC3C,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC;CAC1C,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;IACvC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7C,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IACnD,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IACnD,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;IAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;IACnC,aAAa,CAAC,GAAG,EAAE,YAAY,GAAG,IAAI,CAAC;CACxC,CAAC;AA2BF,wBAAgB,YAAY,CAC1B,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAClB,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,GAAG,GACR;IACD,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpC,IAAI,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrC,KAAK,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,GAAG,CAAC,CAAC;IAC9E,MAAM,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,GAAG,CAAC,CAAC;IAC/E,KAAK,EAAE,GAAG,CAAC;IACX,KAAK,EAAE,GAAG,CAAC;IACX,MAAM,EAAE,GAAG,CAAC;IACZ,MAAM,EAAE,GAAG,CAAC;CACb,CA8BA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,EAAE,CAAC;IAEhB,cAAc,EAAE,WAAW,CAAC;IAC5B,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAC5B,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAE7B,oBAAoB,EAAE,CAAC,GAAG,EAAE,IAAI,KAAK,IAAI,CAAC;IAC1C,iBAAiB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IAClD,qBAAqB,EAAE,CAAC,GAAG,EAAE,IAAI,KAAK,IAAI,CAAC;CAC5C,CAAC;AAEF,wBAAgB,OAAO,CAAC,IAAI,EAAE,WAAW,GAAG;IAC1C,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IAC/E,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;QACrB,UAAU,EAAE,GAAG,CAAC;QAChB,YAAY,EAAE,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,EAAE,KAAK,GAAG,CAAC;QACrD,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/C,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QACnC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QAC1B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;KAC5C,CAAC;IACF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;QACrB,UAAU,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,GAAG,CAAC;QACtC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QACnC,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;QAC3C,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,CAAC;QAC7B,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,CAAC;QACvC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,GAAG,CAAC;KACnC,CAAC;IACF,SAAS,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK;QAAE,KAAK,EAAE,GAAG,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,CAAC;IAC3D,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;QACvB,aAAa,EAAE,CAAC,CAAC,EAAE,YAAY,KAAK,IAAI,CAAC;QACzC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7C,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;QACnD,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;QACnD,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,GAAG,IAAI,CAAC;QACpC,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QACnC,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QACnC,cAAc,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KAC5C,CAAC;CACH,
|
|
1
|
+
{"version":3,"file":"tower.d.ts","sourceRoot":"","sources":["../src/abstract/tower.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,sEAAsE;AACtE,OAAO,KAAK,GAAG,MAAM,cAAc,CAAC;AAEpC,OAAO,KAAK,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AAOvE,MAAM,MAAM,WAAW,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC3C,MAAM,MAAM,EAAE,GAAG,MAAM,CAAC;AAGxB,MAAM,MAAM,GAAG,GAAG;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,EAAE,EAAE,MAAM,CAAA;CAAE,CAAC;AAC7C,MAAM,MAAM,SAAS,GAAG,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;AACzE,MAAM,MAAM,GAAG,GAAG;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AAChD,MAAM,MAAM,IAAI,GAAG;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AAExC,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAC9C,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;IAAE,MAAM;CAC/C,CAAC;AAEF,MAAM,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;IACrC,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;QAAE,EAAE,EAAE,EAAE,CAAC;QAAC,EAAE,EAAE,EAAE,CAAA;KAAE,CAAC;IACvC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAC1B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;IAC3C,YAAY,CAAC,GAAG,EAAE,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC;CAC1C,CAAC;AAEF,MAAM,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;IACvC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7C,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IACnD,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;IACnD,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;IAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;IACnC,aAAa,CAAC,GAAG,EAAE,YAAY,GAAG,IAAI,CAAC;CACxC,CAAC;AA2BF,wBAAgB,YAAY,CAC1B,EAAE,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,EAClB,GAAG,EAAE,MAAM,EACX,IAAI,EAAE,GAAG,GACR;IACD,GAAG,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACpC,IAAI,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACrC,KAAK,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,GAAG,CAAC,CAAC;IAC9E,MAAM,EAAE,CAAC,CAAC,EAAE,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,aAAa,CAAC,GAAG,CAAC,CAAC;IAC/E,KAAK,EAAE,GAAG,CAAC;IACX,KAAK,EAAE,GAAG,CAAC;IACX,MAAM,EAAE,GAAG,CAAC;IACZ,MAAM,EAAE,GAAG,CAAC;CACb,CA8BA;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,CAAC,EAAE,EAAE,CAAC;IAEhB,cAAc,EAAE,WAAW,CAAC;IAC5B,OAAO,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAC5B,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;IAE7B,oBAAoB,EAAE,CAAC,GAAG,EAAE,IAAI,KAAK,IAAI,CAAC;IAC1C,iBAAiB,EAAE,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,KAAK,IAAI,CAAC;IAClD,qBAAqB,EAAE,CAAC,GAAG,EAAE,IAAI,KAAK,IAAI,CAAC;CAC5C,CAAC;AAEF,wBAAgB,OAAO,CAAC,IAAI,EAAE,WAAW,GAAG;IAC1C,EAAE,EAAE,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC;IAC/E,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;QACrB,UAAU,EAAE,GAAG,CAAC;QAChB,YAAY,EAAE,CAAC,KAAK,EAAE,WAAW,GAAG,MAAM,EAAE,KAAK,GAAG,CAAC;QACrD,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK;YAAE,EAAE,EAAE,MAAM,CAAC;YAAC,EAAE,EAAE,MAAM,CAAA;SAAE,CAAC;QAC/C,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QACnC,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QAC1B,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;KAC5C,CAAC;IACF,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG;QACrB,UAAU,EAAE,CAAC,KAAK,EAAE,SAAS,KAAK,GAAG,CAAC;QACtC,eAAe,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,CAAC;QACnC,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,MAAM,GAAG,GAAG,CAAC;QAC3C,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,CAAC;QAC7B,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,GAAG,CAAC;QACvC,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,GAAG,GAAG,CAAC;KACnC,CAAC;IACF,SAAS,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK;QAAE,KAAK,EAAE,GAAG,CAAC;QAAC,MAAM,EAAE,GAAG,CAAA;KAAE,CAAC;IAC3D,IAAI,EAAE,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG;QACvB,aAAa,EAAE,CAAC,CAAC,EAAE,YAAY,KAAK,IAAI,CAAC;QACzC,YAAY,CAAC,GAAG,EAAE,IAAI,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7C,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;QACnD,MAAM,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,GAAG,IAAI,CAAC;QACnD,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,GAAG,GAAG,IAAI,CAAC;QACpC,SAAS,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QAC3B,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QACnC,iBAAiB,CAAC,GAAG,EAAE,IAAI,GAAG,IAAI,CAAC;QACnC,cAAc,CAAC,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;KAC5C,CAAC;CACH,CAqeA"}
|
package/abstract/tower.js
CHANGED
|
@@ -37,7 +37,7 @@ function calcFrobeniusCoefficients(Fp, nonResidue, modulus, degree, num = 1, div
|
|
|
37
37
|
}
|
|
38
38
|
// This works same at least for bls12-381, bn254 and bls12-377
|
|
39
39
|
function psiFrobenius(Fp, Fp2, base) {
|
|
40
|
-
//
|
|
40
|
+
// GLV endomorphism Ψ(P)
|
|
41
41
|
const PSI_X = Fp2.pow(base, (Fp.ORDER - _1n) / _3n); // u^((p-1)/3)
|
|
42
42
|
const PSI_Y = Fp2.pow(base, (Fp.ORDER - _1n) / _2n); // u^((p-1)/2)
|
|
43
43
|
function psi(x, y) {
|
|
@@ -71,7 +71,6 @@ function tower12(opts) {
|
|
|
71
71
|
// Fp
|
|
72
72
|
const Fp = mod.Field(ORDER);
|
|
73
73
|
const FpNONRESIDUE = Fp.create(opts.NONRESIDUE || BigInt(-1));
|
|
74
|
-
const FpLegendre = mod.FpLegendre(ORDER);
|
|
75
74
|
const Fpdiv2 = Fp.div(Fp.ONE, _2n); // 1/2
|
|
76
75
|
// Fp2
|
|
77
76
|
const FP2_FROBENIUS_COEFFICIENTS = calcFrobeniusCoefficients(Fp, FpNONRESIDUE, Fp.ORDER, 2)[0];
|
|
@@ -161,16 +160,16 @@ function tower12(opts) {
|
|
|
161
160
|
const { c0, c1 } = num;
|
|
162
161
|
if (Fp.is0(c1)) {
|
|
163
162
|
// if c0 is quadratic residue
|
|
164
|
-
if (
|
|
163
|
+
if (mod.FpLegendre(Fp, c0) === 1)
|
|
165
164
|
return Fp2.create({ c0: Fp.sqrt(c0), c1: Fp.ZERO });
|
|
166
165
|
else
|
|
167
166
|
return Fp2.create({ c0: Fp.ZERO, c1: Fp.sqrt(Fp.div(c0, FpNONRESIDUE)) });
|
|
168
167
|
}
|
|
169
168
|
const a = Fp.sqrt(Fp.sub(Fp.sqr(c0), Fp.mul(Fp.sqr(c1), FpNONRESIDUE)));
|
|
170
169
|
let d = Fp.mul(Fp.add(a, c0), Fpdiv2);
|
|
171
|
-
const legendre = FpLegendre(Fp, d);
|
|
170
|
+
const legendre = mod.FpLegendre(Fp, d);
|
|
172
171
|
// -1, Quadratic non residue
|
|
173
|
-
if (
|
|
172
|
+
if (legendre === -1)
|
|
174
173
|
d = Fp.sub(d, a);
|
|
175
174
|
const a0 = Fp.sqrt(d);
|
|
176
175
|
const candidateSqrt = Fp2.create({ c0: a0, c1: Fp.div(Fp.mul(c1, Fpdiv2), a0) });
|