@noble/curves 1.9.0 → 1.9.2

package/esm/abstract/bls.d.ts

@@ -1,5 +1,4 @@
 /**
- * BLS (Barreto-Lynn-Scott) family of pairing-friendly curves.
  * BLS != BLS.
  * The file implements BLS (Boneh-Lynn-Shacham) signatures.
  * Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
@@ -10,26 +9,32 @@
  * - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in
  *   Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not.
  * Pairing is used to aggregate and verify signatures.
- * There are two main ways to use it:
- * 1. Fp for short private keys, Fp₂ for signatures
- * 2. Fp for short signatures, Fp₂ for private keys
+ * There are two modes of operation:
+ * - Long signatures:  X-byte keys + 2X-byte sigs (G1 keys + G2 sigs).
+ * - Short signatures: 2X-byte keys + X-byte sigs (G2 keys + G1 sigs).
  * @module
  **/
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type htfBasicOpts, type Opts as HTFOpts, type MapToCurve, createHasher } from './hash-to-curve.ts';
+import { type CHash, type Hex, type PrivKey } from '../utils.ts';
+import { type H2CHasher, type H2CHashOpts, type H2COpts, type htfBasicOpts, type MapToCurve } from './hash-to-curve.ts';
 import { type IField } from './modular.ts';
-import type { Fp12, Fp12Bls, Fp2, Fp2Bls, Fp6 } from './tower.ts';
-import { type CHash, type Hex, type PrivKey } from './utils.ts';
-import { type CurvePointsRes, type CurvePointsType, type ProjPointType } from './weierstrass.ts';
+import type { Fp12, Fp12Bls, Fp2, Fp2Bls, Fp6Bls } from './tower.ts';
+import { type CurvePointsRes, type CurvePointsType, type ProjConstructor, type ProjPointType } from './weierstrass.ts';
 type Fp = bigint;
 export type TwistType = 'multiplicative' | 'divisive';
 export type ShortSignatureCoder<Fp> = {
+    fromBytes(bytes: Uint8Array): ProjPointType<Fp>;
     fromHex(hex: Hex): ProjPointType<Fp>;
+    toBytes(point: ProjPointType<Fp>): Uint8Array;
+    /** @deprecated use `toBytes` */
     toRawBytes(point: ProjPointType<Fp>): Uint8Array;
     toHex(point: ProjPointType<Fp>): string;
 };
 export type SignatureCoder<Fp> = {
+    fromBytes(bytes: Uint8Array): ProjPointType<Fp>;
     fromHex(hex: Hex): ProjPointType<Fp>;
+    toBytes(point: ProjPointType<Fp>): Uint8Array;
+    /** @deprecated use `toBytes` */
     toRawBytes(point: ProjPointType<Fp>): Uint8Array;
     toHex(point: ProjPointType<Fp>): string;
 };
@@ -40,21 +45,21 @@ export type PostPrecomputePointAddFn = (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy:
 };
 export type PostPrecomputeFn = (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy: Fp2, pointAdd: PostPrecomputePointAddFn) => void;
 export type CurveType = {
-    G1: Omit<CurvePointsType<Fp>, 'n'> & {
+    G1: CurvePointsType<Fp> & {
         ShortSignature: SignatureCoder<Fp>;
         mapToCurve: MapToCurve<Fp>;
-        htfDefaults: HTFOpts;
+        htfDefaults: H2COpts;
     };
-    G2: Omit<CurvePointsType<Fp2>, 'n'> & {
+    G2: CurvePointsType<Fp2> & {
         Signature: SignatureCoder<Fp2>;
         mapToCurve: MapToCurve<Fp2>;
-        htfDefaults: HTFOpts;
+        htfDefaults: H2COpts;
     };
     fields: {
         Fp: IField<Fp>;
         Fr: IField<bigint>;
         Fp2: Fp2Bls;
-        Fp6: IField<Fp6>;
+        Fp6: Fp6Bls;
         Fp12: Fp12Bls;
     };
     params: {
@@ -63,59 +68,80 @@ export type CurveType = {
         r: bigint;
         twistType: TwistType;
     };
-    htfDefaults: HTFOpts;
+    htfDefaults: H2COpts;
     hash: CHash;
-    randomBytes: (bytesLength?: number) => Uint8Array;
+    randomBytes?: (bytesLength?: number) => Uint8Array;
     postPrecompute?: PostPrecomputeFn;
 };
 type PrecomputeSingle = [Fp2, Fp2, Fp2][];
 type Precompute = PrecomputeSingle[];
 export type CurveFn = {
+    longSignatures: BLSSigs<bigint, Fp2>;
+    shortSignatures: BLSSigs<Fp2, bigint>;
+    millerLoopBatch: (pairs: [Precompute, Fp, Fp][]) => Fp12;
+    pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
+    pairingBatch: (pairs: {
+        g1: ProjPointType<Fp>;
+        g2: ProjPointType<Fp2>;
+    }[], withFinalExponent?: boolean) => Fp12;
+    /** @deprecated use `longSignatures.getPublicKey` */
     getPublicKey: (privateKey: PrivKey) => Uint8Array;
+    /** @deprecated use `shortSignatures.getPublicKey` */
     getPublicKeyForShortSignatures: (privateKey: PrivKey) => Uint8Array;
+    /** @deprecated use `longSignatures.sign` */
     sign: {
         (message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
         (message: ProjPointType<Fp2>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp2>;
     };
+    /** @deprecated use `shortSignatures.sign` */
     signShortSignature: {
         (message: Hex, privateKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
         (message: ProjPointType<Fp>, privateKey: PrivKey, htfOpts?: htfBasicOpts): ProjPointType<Fp>;
     };
+    /** @deprecated use `longSignatures.verify` */
     verify: (signature: Hex | ProjPointType<Fp2>, message: Hex | ProjPointType<Fp2>, publicKey: Hex | ProjPointType<Fp>, htfOpts?: htfBasicOpts) => boolean;
+    /** @deprecated use `shortSignatures.verify` */
     verifyShortSignature: (signature: Hex | ProjPointType<Fp>, message: Hex | ProjPointType<Fp>, publicKey: Hex | ProjPointType<Fp2>, htfOpts?: htfBasicOpts) => boolean;
     verifyBatch: (signature: Hex | ProjPointType<Fp2>, messages: (Hex | ProjPointType<Fp2>)[], publicKeys: (Hex | ProjPointType<Fp>)[], htfOpts?: htfBasicOpts) => boolean;
+    /** @deprecated use `longSignatures.aggregatePublicKeys` */
     aggregatePublicKeys: {
         (publicKeys: Hex[]): Uint8Array;
         (publicKeys: ProjPointType<Fp>[]): ProjPointType<Fp>;
     };
+    /** @deprecated use `longSignatures.aggregateSignatures` */
     aggregateSignatures: {
         (signatures: Hex[]): Uint8Array;
         (signatures: ProjPointType<Fp2>[]): ProjPointType<Fp2>;
     };
+    /** @deprecated use `shortSignatures.aggregateSignatures` */
     aggregateShortSignatures: {
         (signatures: Hex[]): Uint8Array;
         (signatures: ProjPointType<Fp>[]): ProjPointType<Fp>;
     };
-    millerLoopBatch: (pairs: [Precompute, Fp, Fp][]) => Fp12;
-    pairing: (P: ProjPointType<Fp>, Q: ProjPointType<Fp2>, withFinalExponent?: boolean) => Fp12;
-    pairingBatch: (pairs: {
-        g1: ProjPointType<Fp>;
-        g2: ProjPointType<Fp2>;
-    }[], withFinalExponent?: boolean) => Fp12;
-    G1: CurvePointsRes<Fp> & ReturnType<typeof createHasher<Fp>>;
-    G2: CurvePointsRes<Fp2> & ReturnType<typeof createHasher<Fp2>>;
+    /** @deprecated use `curves.G1` and `curves.G2` */
+    G1: CurvePointsRes<Fp> & H2CHasher<Fp>;
+    G2: CurvePointsRes<Fp2> & H2CHasher<Fp2>;
+    /** @deprecated use `longSignatures.Signature` */
     Signature: SignatureCoder<Fp2>;
+    /** @deprecated use `shortSignatures.Signature` */
     ShortSignature: ShortSignatureCoder<Fp>;
     params: {
         ateLoopSize: bigint;
         r: bigint;
+        twistType: TwistType;
+        /** @deprecated */
         G1b: bigint;
+        /** @deprecated */
         G2b: Fp2;
     };
+    curves: {
+        G1: ProjConstructor<bigint>;
+        G2: ProjConstructor<Fp2>;
+    };
     fields: {
         Fp: IField<Fp>;
         Fp2: Fp2Bls;
-        Fp6: IField<Fp6>;
+        Fp6: Fp6Bls;
         Fp12: Fp12Bls;
         Fr: IField<bigint>;
     };
@@ -124,6 +150,16 @@ export type CurveFn = {
         calcPairingPrecomputes: (p: ProjPointType<Fp2>) => Precompute;
     };
 };
+type BLSInput = Hex | Uint8Array;
+export interface BLSSigs<P, S> {
+    getPublicKey(privateKey: PrivKey): ProjPointType<P>;
+    sign(hashedMessage: ProjPointType<S>, privateKey: PrivKey): ProjPointType<S>;
+    verify(signature: ProjPointType<S> | BLSInput, message: ProjPointType<S>, publicKey: ProjPointType<P> | BLSInput): boolean;
+    aggregatePublicKeys(publicKeys: (ProjPointType<P> | BLSInput)[]): ProjPointType<P>;
+    aggregateSignatures(signatures: (ProjPointType<S> | BLSInput)[]): ProjPointType<S>;
+    hash(message: Uint8Array, DST?: string | Uint8Array, hashOpts?: H2CHashOpts): ProjPointType<S>;
+    Signature: SignatureCoder<S>;
+}
 export declare function bls(CURVE: CurveType): CurveFn;
 export {};
 //# sourceMappingURL=bls.d.ts.map

package/esm/abstract/bls.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../../src/abstract/bls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;IAgBI;AACJ,sEAAsE;AAEtE,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,IAAI,IAAI,OAAO,EACpB,KAAK,UAAU,EACf,YAAY,EACb,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,KAAK,MAAM,EAAoC,MAAM,cAAc,CAAC;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AAClE,OAAO,EAAE,KAAK,KAAK,EAAE,KAAK,GAAG,EAAE,KAAK,OAAO,EAAyB,MAAM,YAAY,CAAC;AACvF,OAAO,EACL,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,aAAa,EAEnB,MAAM,kBAAkB,CAAC;AAE1B,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAEtD,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,cAAc,CAAC,EAAE,IAAI;IAC/B,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,CACrC,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,KACJ;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AACnC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,wBAAwB,KAC/B,IAAI,CAAC;AACV,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,GAAG;QACnC,cAAc,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,EAAE,EAAE,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,GAAG;QACpC,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC;KACf,CAAC;IACF,MAAM,EAAE;QAIN,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;QACnB,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,SAAS,CAAC;KACtB,CAAC;IACF,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAElD,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AAEF,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAC1C,KAAK,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAErC,MAAM,MAAM,OAAO,GAAG;IACpB,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IAClD,8BAA8B,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IACpE,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KAChG,CAAC;IACF,kBAAkB,EAAE;QAClB,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KAC9F,CAAC;IACF,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACjC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,oBAAoB,EAAE,CACpB,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAChC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,QAAQ,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EACtC,UAAU,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EACvC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxD,CAAC;IACF,wBAAwB,EAAE;QACxB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5F,YAAY,EAAE,CACZ,KAAK,EAAE;QAAE,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;QAAC,EAAE,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;KAAE,EAAE,EAC1D,iBAAiB,CAAC,EAAE,OAAO,KACxB,IAAI,CAAC;IACV,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,EAAE,CAAC,CAAC,CAAC;IAC7D,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;IAC/D,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,CAAC,EAAE,MAAM,CAAC;QACV,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QACjB,IAAI,EAAE,OAAO,CAAC;QACd,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC;KAC/D,CAAC;CACH,CAAC;AAgBF,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CA0X7C"}
+{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../../src/abstract/bls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;IAeI;AACJ,sEAAsE;AACtE,OAAO,EAKL,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,OAAO,EACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,WAAW,EAChB,KAAK,OAAO,EAEZ,KAAK,YAAY,EACjB,KAAK,UAAU,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAoC,KAAK,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAEL,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,eAAe,EACpB,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAC;AAE1B,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAEtD,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,OAAO,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IAC9C,gCAAgC;IAChC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,cAAc,CAAC,EAAE,IAAI;IAC/B,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;IACrC,OAAO,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IAC9C,gCAAgC;IAChC,UAAU,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,aAAa,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CACzC,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,CACrC,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,KACJ;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AACnC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,wBAAwB,KAC/B,IAAI,CAAC;AACV,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC,GAAG;QACxB,cAAc,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;QACzB,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;QACnB,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,OAAO,CAAC;KACf,CAAC;IACF,MAAM,EAAE;QAIN,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,OAAO,CAAC;QACnB,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,SAAS,CAAC;KACtB,CAAC;IACF,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAEnD,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AAEF,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAC1C,KAAK,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAErC,MAAM,MAAM,OAAO,GAAG;IACpB,cAAc,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IAEtC,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAC5F,YAAY,EAAE,CACZ,KAAK,EAAE;QAAE,EAAE,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;QAAC,EAAE,EAAE,aAAa,CAAC,GAAG,CAAC,CAAA;KAAE,EAAE,EAC1D,iBAAiB,CAAC,EAAE,OAAO,KACxB,IAAI,CAAC;IAEV,oDAAoD;IACpD,YAAY,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IAClD,qDAAqD;IACrD,8BAA8B,EAAE,CAAC,UAAU,EAAE,OAAO,KAAK,UAAU,CAAC;IACpE,4CAA4C;IAC5C,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KAChG,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,EAAE;QAClB,CAAC,OAAO,EAAE,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACxE,CAAC,OAAO,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,UAAU,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KAC9F,CAAC;IACF,8CAA8C;IAC9C,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACjC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,+CAA+C;IAC/C,oBAAoB,EAAE,CACpB,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAClC,OAAO,EAAE,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,EAChC,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,EACnC,QAAQ,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC,EAAE,EACtC,UAAU,EAAE,CAAC,GAAG,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC,EAAE,EACvC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,2DAA2D;IAC3D,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,2DAA2D;IAC3D,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,GAAG,CAAC,EAAE,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;KACxD,CAAC;IACF,4DAA4D;IAC5D,wBAAwB,EAAE;QACxB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,aAAa,CAAC,EAAE,CAAC,EAAE,GAAG,aAAa,CAAC,EAAE,CAAC,CAAC;KACtD,CAAC;IACF,kDAAkD;IAClD,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IACvC,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IACzC,iDAAiD;IACjD,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,kDAAkD;IAClD,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,SAAS,CAAC;QACrB,kBAAkB;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,kBAAkB;QAClB,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,eAAe,CAAC,MAAM,CAAC,CAAC;QAC5B,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC;KAC1B,CAAC;IACF,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,OAAO,CAAC;QACd,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,CAAC,CAAC,EAAE,aAAa,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC;KAC/D,CAAC;CACH,CAAC;AAEF,KAAK,QAAQ,GAAG,GAAG,GAAG,UAAU,CAAC;AACjC,MAAM,WAAW,OAAO,CAAC,CAAC,EAAE,CAAC;IAC3B,YAAY,CAAC,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACpD,IAAI,CAAC,aAAa,EAAE,aAAa,CAAC,CAAC,CAAC,EAAE,UAAU,EAAE,OAAO,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,CACJ,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,EACtC,OAAO,EAAE,aAAa,CAAC,CAAC,CAAC,EACzB,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,GACrC,OAAO,CAAC;IACX,mBAAmB,CAAC,UAAU,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACnF,mBAAmB,CAAC,UAAU,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IACnF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC/F,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;CAC9B;AAiBD,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAsb7C"}

package/esm/abstract/bls.js

@@ -1,5 +1,4 @@
 /**
- * BLS (Barreto-Lynn-Scott) family of pairing-friendly curves.
  * BLS != BLS.
  * The file implements BLS (Boneh-Lynn-Shacham) signatures.
  * Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
@@ -10,16 +9,16 @@
  * - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in
  *   Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not.
  * Pairing is used to aggregate and verify signatures.
- * There are two main ways to use it:
- * 1. Fp for short private keys, Fp₂ for signatures
- * 2. Fp for short signatures, Fp₂ for private keys
+ * There are two modes of operation:
+ * - Long signatures:  X-byte keys + 2X-byte sigs (G1 keys + G2 sigs).
+ * - Short signatures: 2X-byte keys + X-byte sigs (G2 keys + G1 sigs).
  * @module
  **/
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// TODO: import { AffinePoint } from './curve.ts';
+import { abytes, ensureBytes, memoized, randomBytes, } from "../utils.js";
+import { normalizeZ } from "./curve.js";
 import { createHasher, } from "./hash-to-curve.js";
 import { getMinHashLength, mapHashToField } from "./modular.js";
-import { ensureBytes, memoized } from "./utils.js";
 import { weierstrassPoints, } from "./weierstrass.js";
 // prettier-ignore
 const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
@@ -39,20 +38,21 @@ function NAfDecomposition(a) {
     }
     return res;
 }
+// G1_Point: ProjConstructor<bigint>, G2_Point: ProjConstructor<Fp2>,
 export function bls(CURVE) {
     // Fields are specific for curve, so for now we'll need to pass them with opts
     const { Fp, Fr, Fp2, Fp6, Fp12 } = CURVE.fields;
     const BLS_X_IS_NEGATIVE = CURVE.params.xNegative;
     const TWIST = CURVE.params.twistType;
     // Point on G1 curve: (x, y)
-    const G1_ = weierstrassPoints({ n: Fr.ORDER, ...CURVE.G1 });
-    const G1 = Object.assign(G1_, createHasher(G1_.ProjectivePoint, CURVE.G1.mapToCurve, {
+    const G1_ = weierstrassPoints(CURVE.G1);
+    const G1 = Object.assign(G1_, createHasher(G1_.Point, CURVE.G1.mapToCurve, {
         ...CURVE.htfDefaults,
         ...CURVE.G1.htfDefaults,
     }));
     // Point on G2 curve (complex numbers): (x₁, x₂+i), (y₁, y₂+i)
-    const G2_ = weierstrassPoints({ n: Fr.ORDER, ...CURVE.G2 });
-    const G2 = Object.assign(G2_, createHasher(G2_.ProjectivePoint, CURVE.G2.mapToCurve, {
+    const G2_ = weierstrassPoints(CURVE.G2);
+    const G2 = Object.assign(G2_, createHasher(G2_.Point, CURVE.G2.mapToCurve, {
         ...CURVE.htfDefaults,
         ...CURVE.G2.htfDefaults,
     }));
@@ -149,10 +149,10 @@ export function bls(CURVE) {
     function pairingBatch(pairs, withFinalExponent = true) {
         const res = [];
         // Cache precomputed toAffine for all points
-        G1.ProjectivePoint.normalizeZ(pairs.map(({ g1 }) => g1));
-        G2.ProjectivePoint.normalizeZ(pairs.map(({ g2 }) => g2));
+        normalizeZ(G1.Point, 'pz', pairs.map(({ g1 }) => g1));
+        normalizeZ(G2.Point, 'pz', pairs.map(({ g2 }) => g2));
         for (const { g1, g2 } of pairs) {
-            if (g1.equals(G1.ProjectivePoint.ZERO) || g2.equals(G2.ProjectivePoint.ZERO))
+            if (g1.is0() || g2.is0())
                 throw new Error('pairing is not available for ZERO point');
             // This uses toAffine inside
             g1.assertValidity();
@@ -166,123 +166,162 @@ export function bls(CURVE) {
     function pairing(Q, P, withFinalExponent = true) {
         return pairingBatch([{ g1: Q, g2: P }], withFinalExponent);
     }
+    const rand = CURVE.randomBytes || randomBytes;
     const utils = {
         randomPrivateKey: () => {
             const length = getMinHashLength(Fr.ORDER);
-            return mapHashToField(CURVE.randomBytes(length), Fr.ORDER);
+            return mapHashToField(rand(length), Fr.ORDER);
         },
         calcPairingPrecomputes,
     };
-    const { ShortSignature } = CURVE.G1;
-    const { Signature } = CURVE.G2;
+    function aNonEmpty(arr) {
+        if (!Array.isArray(arr) || arr.length === 0)
+            throw new Error('expected non-empty array');
+    }
     function normP1(point) {
-        return point instanceof G1.ProjectivePoint ? point : G1.ProjectivePoint.fromHex(point);
+        return point instanceof G1.Point ? point : G1.Point.fromHex(point);
+    }
+    function normP2(point) {
+        return point instanceof G2.Point ? point : Signature.fromHex(point);
     }
+    // TODO: add verifyBatch, fix types, Export Signature property,
+    // actually expose the generated APIs
+    function createBls(PubCurve, SigCurve) {
+        function normPub(point) {
+            return point instanceof PubCurve.Point ? point : PubCurve.Point.fromHex(point);
+        }
+        function normSig(point) {
+            return point instanceof SigCurve.Point ? point : SigCurve.Point.fromHex(point);
+        }
+        function amsg(m) {
+            if (!(m instanceof SigCurve.Point))
+                throw new Error(`expected valid message hashed to ${isLongSigs ? 'G2' : 'G1'} curve`);
+            return m;
+        }
+        // TODO: is this always ok?
+        const isLongSigs = SigCurve.Point.Fp.BYTES > PubCurve.Point.Fp.BYTES;
+        return {
+            // P = pk x G
+            getPublicKey(privateKey) {
+                return PubCurve.Point.fromPrivateKey(privateKey);
+            },
+            // S = pk x H(m)
+            sign(message, privateKey, unusedArg) {
+                if (unusedArg != null)
+                    throw new Error('sign() expects 2 arguments');
+                amsg(message).assertValidity();
+                return message.multiply(PubCurve.normPrivateKeyToScalar(privateKey));
+            },
+            // Checks if pairing of public key & hash is equal to pairing of generator & signature.
+            // e(P, H(m)) == e(G, S)
+            // e(S, G) == e(H(m), P)
+            verify(signature, message, publicKey, unusedArg) {
+                if (unusedArg != null)
+                    throw new Error('verify() expects 3 arguments');
+                signature = normSig(signature);
+                publicKey = normPub(publicKey);
+                const P = publicKey.negate();
+                const G = PubCurve.Point.BASE;
+                const Hm = amsg(message);
+                const S = signature;
+                // This code was changed in 1.9.x:
+                // Before it was G.negate() in G2, now it's always pubKey.negate
+                // TODO: understand if this is OK?
+                // prettier-ignore
+                const exp_ = isLongSigs ? [
+                    { g1: P, g2: Hm },
+                    { g1: G, g2: S }
+                ] : [
+                    { g1: Hm, g2: P },
+                    { g1: S, g2: G }
+                ];
+                // TODO
+                // @ts-ignore
+                const exp = pairingBatch(exp_);
+                return Fp12.eql(exp, Fp12.ONE);
+            },
+            // Adds a bunch of public key points together.
+            // pk1 + pk2 + pk3 = pkA
+            aggregatePublicKeys(publicKeys) {
+                aNonEmpty(publicKeys);
+                publicKeys = publicKeys.map((pub) => normPub(pub));
+                const agg = publicKeys.reduce((sum, p) => sum.add(p), PubCurve.Point.ZERO);
+                agg.assertValidity();
+                return agg;
+            },
+            // Adds a bunch of signature points together.
+            // pk1 + pk2 + pk3 = pkA
+            aggregateSignatures(signatures) {
+                aNonEmpty(signatures);
+                signatures = signatures.map((sig) => normSig(sig));
+                const agg = signatures.reduce((sum, s) => sum.add(s), SigCurve.Point.ZERO);
+                agg.assertValidity();
+                return agg;
+            },
+            hash(messageBytes, DST) {
+                abytes(messageBytes);
+                const opts = DST ? { DST } : undefined;
+                return SigCurve.hashToCurve(messageBytes, opts);
+            },
+            // @ts-ignore
+            Signature: isLongSigs ? CURVE.G2.Signature : CURVE.G1.ShortSignature,
+        };
+    }
+    const longSignatures = createBls(G1, G2);
+    const shortSignatures = createBls(G2, G1);
+    // LEGACY code
+    const { ShortSignature } = CURVE.G1;
+    const { Signature } = CURVE.G2;
     function normP1Hash(point, htfOpts) {
-        return point instanceof G1.ProjectivePoint
+        return point instanceof G1.Point
             ? point
-            : G1.hashToCurve(ensureBytes('point', point), htfOpts);
-    }
-    function normP2(point) {
-        return point instanceof G2.ProjectivePoint ? point : Signature.fromHex(point);
+            : shortSignatures.hash(ensureBytes('point', point), htfOpts?.DST);
     }
     function normP2Hash(point, htfOpts) {
-        return point instanceof G2.ProjectivePoint
+        return point instanceof G2.Point
             ? point
-            : G2.hashToCurve(ensureBytes('point', point), htfOpts);
+            : longSignatures.hash(ensureBytes('point', point), htfOpts?.DST);
     }
-    // Multiplies generator (G1) by private key.
-    // P = pk x G
     function getPublicKey(privateKey) {
-        return G1.ProjectivePoint.fromPrivateKey(privateKey).toRawBytes(true);
+        return longSignatures.getPublicKey(privateKey).toBytes(true);
     }
-    // Multiplies generator (G2) by private key.
-    // P = pk x G
     function getPublicKeyForShortSignatures(privateKey) {
-        return G2.ProjectivePoint.fromPrivateKey(privateKey).toRawBytes(true);
+        return shortSignatures.getPublicKey(privateKey).toBytes(true);
     }
     function sign(message, privateKey, htfOpts) {
-        const msgPoint = normP2Hash(message, htfOpts);
-        msgPoint.assertValidity();
-        const sigPoint = msgPoint.multiply(G1.normPrivateKeyToScalar(privateKey));
-        if (message instanceof G2.ProjectivePoint)
-            return sigPoint;
-        return Signature.toRawBytes(sigPoint);
+        const Hm = normP2Hash(message, htfOpts);
+        const S = longSignatures.sign(Hm, privateKey);
+        return message instanceof G2.Point ? S : Signature.toBytes(S);
     }
     function signShortSignature(message, privateKey, htfOpts) {
-        const msgPoint = normP1Hash(message, htfOpts);
-        msgPoint.assertValidity();
-        const sigPoint = msgPoint.multiply(G1.normPrivateKeyToScalar(privateKey));
-        if (message instanceof G1.ProjectivePoint)
-            return sigPoint;
-        return ShortSignature.toRawBytes(sigPoint);
+        const Hm = normP1Hash(message, htfOpts);
+        const S = shortSignatures.sign(Hm, privateKey);
+        return message instanceof G1.Point ? S : ShortSignature.toBytes(S);
     }
-    // Checks if pairing of public key & hash is equal to pairing of generator & signature.
-    // e(P, H(m)) == e(G, S)
     function verify(signature, message, publicKey, htfOpts) {
-        const P = normP1(publicKey);
         const Hm = normP2Hash(message, htfOpts);
-        const G = G1.ProjectivePoint.BASE;
-        const S = normP2(signature);
-        const exp = pairingBatch([
-            { g1: P.negate(), g2: Hm }, // ePHM = pairing(P.negate(), Hm, false);
-            { g1: G, g2: S }, // eGS = pairing(G, S, false);
-        ]);
-        return Fp12.eql(exp, Fp12.ONE);
+        return longSignatures.verify(signature, Hm, publicKey);
     }
-    // Checks if pairing of public key & hash is equal to pairing of generator & signature.
-    // e(S, G) == e(H(m), P)
     function verifyShortSignature(signature, message, publicKey, htfOpts) {
-        const P = normP2(publicKey);
         const Hm = normP1Hash(message, htfOpts);
-        const G = G2.ProjectivePoint.BASE;
-        const S = normP1(signature);
-        const exp = pairingBatch([
-            { g1: Hm, g2: P }, // eHmP = pairing(Hm, P, false);
-            { g1: S, g2: G.negate() }, // eSG = pairing(S, G.negate(), false);
-        ]);
-        return Fp12.eql(exp, Fp12.ONE);
-    }
-    function aNonEmpty(arr) {
-        if (!Array.isArray(arr) || arr.length === 0)
-            throw new Error('expected non-empty array');
+        return shortSignatures.verify(signature, Hm, publicKey);
     }
     function aggregatePublicKeys(publicKeys) {
-        aNonEmpty(publicKeys);
-        const agg = publicKeys.map(normP1).reduce((sum, p) => sum.add(p), G1.ProjectivePoint.ZERO);
-        const aggAffine = agg; //.toAffine();
-        if (publicKeys[0] instanceof G1.ProjectivePoint) {
-            aggAffine.assertValidity();
-            return aggAffine;
-        }
-        // toRawBytes ensures point validity
-        return aggAffine.toRawBytes(true);
+        const agg = longSignatures.aggregatePublicKeys(publicKeys);
+        return publicKeys[0] instanceof G1.Point ? agg : agg.toBytes(true);
     }
     function aggregateSignatures(signatures) {
-        aNonEmpty(signatures);
-        const agg = signatures.map(normP2).reduce((sum, s) => sum.add(s), G2.ProjectivePoint.ZERO);
-        const aggAffine = agg; //.toAffine();
-        if (signatures[0] instanceof G2.ProjectivePoint) {
-            aggAffine.assertValidity();
-            return aggAffine;
-        }
-        return Signature.toRawBytes(aggAffine);
+        const agg = longSignatures.aggregateSignatures(signatures);
+        return signatures[0] instanceof G2.Point ? agg : Signature.toBytes(agg);
     }
     function aggregateShortSignatures(signatures) {
-        aNonEmpty(signatures);
-        const agg = signatures.map(normP1).reduce((sum, s) => sum.add(s), G1.ProjectivePoint.ZERO);
-        const aggAffine = agg; //.toAffine();
-        if (signatures[0] instanceof G1.ProjectivePoint) {
-            aggAffine.assertValidity();
-            return aggAffine;
-        }
-        return ShortSignature.toRawBytes(aggAffine);
+        const agg = shortSignatures.aggregateSignatures(signatures);
+        return signatures[0] instanceof G1.Point ? agg : ShortSignature.toBytes(agg);
     }
     // https://ethresear.ch/t/fast-verification-of-multiple-bls-signatures/5407
     // e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))
-    function verifyBatch(signature, 
     // TODO: maybe `{message: G2Hex, publicKey: G1Hex}[]` instead?
-    messages, publicKeys, htfOpts) {
+    function verifyBatch(signature, messages, publicKeys, htfOpts) {
         aNonEmpty(messages);
         if (publicKeys.length !== messages.length)
             throw new Error('amount of public keys and messages should be equal');
@@ -307,32 +346,26 @@ export function bls(CURVE) {
                 const groupPublicKey = keys.reduce((acc, msg) => acc.add(msg));
                 paired.push({ g1: groupPublicKey, g2: msg });
             }
-            paired.push({ g1: G1.ProjectivePoint.BASE.negate(), g2: sig });
+            paired.push({ g1: G1.Point.BASE.negate(), g2: sig });
             return Fp12.eql(pairingBatch(paired), Fp12.ONE);
         }
         catch {
             return false;
         }
     }
-    G1.ProjectivePoint.BASE._setWindowSize(4);
+    G1.Point.BASE.precompute(4);
     return {
-        getPublicKey,
-        getPublicKeyForShortSignatures,
-        sign,
-        signShortSignature,
-        verify,
-        verifyBatch,
-        verifyShortSignature,
-        aggregatePublicKeys,
-        aggregateSignatures,
-        aggregateShortSignatures,
+        longSignatures,
+        shortSignatures,
         millerLoopBatch,
         pairing,
         pairingBatch,
-        G1,
-        G2,
-        Signature,
-        ShortSignature,
+        // TODO!!!
+        verifyBatch,
+        curves: {
+            G1: G1_.Point,
+            G2: G2_.Point,
+        },
         fields: {
             Fr,
             Fp,
@@ -342,11 +375,27 @@ export function bls(CURVE) {
         },
         params: {
             ateLoopSize: CURVE.params.ateLoopSize,
+            twistType: CURVE.params.twistType,
+            // deprecated
             r: CURVE.params.r,
             G1b: CURVE.G1.b,
             G2b: CURVE.G2.b,
         },
         utils,
+        // deprecated
+        getPublicKey,
+        getPublicKeyForShortSignatures,
+        sign,
+        signShortSignature,
+        verify,
+        verifyShortSignature,
+        aggregatePublicKeys,
+        aggregateSignatures,
+        aggregateShortSignatures,
+        G1,
+        G2,
+        Signature,
+        ShortSignature,
     };
 }
 //# sourceMappingURL=bls.js.map