@noble/curves 1.9.0 → 1.9.2

package/nist.js

@@ -7,117 +7,107 @@ exports.p521_hasher = exports.secp521r1 = exports.p521 = exports.p384_hasher = e
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha2_1 = require("@noble/hashes/sha2");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
 const _shortw_utils_ts_1 = require("./_shortw_utils.js");
 const hash_to_curve_ts_1 = require("./abstract/hash-to-curve.js");
 const modular_ts_1 = require("./abstract/modular.js");
 const weierstrass_ts_1 = require("./abstract/weierstrass.js");
-const Fp256 = (0, modular_ts_1.Field)(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
-const p256_a = Fp256.create(BigInt('-3'));
-const p256_b = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');
-/**
- * secp256r1 curve, ECDSA and ECDH methods.
- * Field: `2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n`
- */
-// prettier-ignore
-exports.p256 = (0, _shortw_utils_ts_1.createCurve)({
-    a: p256_a,
-    b: p256_b,
-    Fp: Fp256,
+// p = 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n - 1n
+// a = Fp256.create(BigInt('-3'));
+const p256_CURVE = {
+    p: BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'),
     n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),
+    h: BigInt(1),
+    a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'),
+    b: BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'),
     Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),
     Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
-    h: BigInt(1),
-    lowS: false
-}, sha2_1.sha256);
-/** Alias to p256. */
-exports.secp256r1 = exports.p256;
-const p256_mapSWU = /* @__PURE__ */ (() => (0, weierstrass_ts_1.mapToCurveSimpleSWU)(Fp256, {
-    A: p256_a,
-    B: p256_b,
-    Z: Fp256.create(BigInt('-10')),
-}))();
-/** Hashing / encoding to p256 points / field. RFC 9380 methods. */
-exports.p256_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.secp256r1.ProjectivePoint, (scalars) => p256_mapSWU(scalars[0]), {
-    DST: 'P256_XMD:SHA-256_SSWU_RO_',
-    encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
-    p: Fp256.ORDER,
-    m: 1,
-    k: 128,
-    expand: 'xmd',
-    hash: sha2_1.sha256,
-}))();
-// Field over which we'll do calculations.
-const Fp384 = (0, modular_ts_1.Field)(BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'));
-const p384_a = Fp384.create(BigInt('-3'));
-// prettier-ignore
-const p384_b = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');
-/**
- * secp384r1 curve, ECDSA and ECDH methods.
- * Field: `2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n`.
- * */
-// prettier-ignore
-exports.p384 = (0, _shortw_utils_ts_1.createCurve)({
-    a: p384_a,
-    b: p384_b,
-    Fp: Fp384,
+};
+// p = 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
+const p384_CURVE = {
+    p: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'),
     n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),
+    h: BigInt(1),
+    a: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc'),
+    b: BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'),
     Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),
     Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),
+};
+// p = 2n**521n - 1n
+const p521_CURVE = {
+    p: BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'),
+    n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),
     h: BigInt(1),
-    lowS: false
-}, sha2_1.sha384);
+    a: BigInt('0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc'),
+    b: BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'),
+    Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),
+    Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),
+};
+const Fp256 = (0, modular_ts_1.Field)(p256_CURVE.p);
+const Fp384 = (0, modular_ts_1.Field)(p384_CURVE.p);
+const Fp521 = (0, modular_ts_1.Field)(p521_CURVE.p);
+function createSWU(field, opts) {
+    const map = (0, weierstrass_ts_1.mapToCurveSimpleSWU)(field, opts);
+    return (scalars) => map(scalars[0]);
+}
+/** NIST P256 (aka secp256r1, prime256v1) curve, ECDSA and ECDH methods. */
+exports.p256 = (0, _shortw_utils_ts_1.createCurve)({ ...p256_CURVE, Fp: Fp256, lowS: false }, sha2_js_1.sha256);
+/** Alias to p256. */
+exports.secp256r1 = exports.p256;
+/** Hashing / encoding to p256 points / field. RFC 9380 methods. */
+exports.p256_hasher = (() => {
+    return (0, hash_to_curve_ts_1.createHasher)(exports.p256.Point, createSWU(Fp256, {
+        A: p256_CURVE.a,
+        B: p256_CURVE.b,
+        Z: Fp256.create(BigInt('-10')),
+    }), {
+        DST: 'P256_XMD:SHA-256_SSWU_RO_',
+        encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
+        p: p256_CURVE.p,
+        m: 1,
+        k: 128,
+        expand: 'xmd',
+        hash: sha2_js_1.sha256,
+    });
+})();
+/** NIST P384 (aka secp384r1) curve, ECDSA and ECDH methods. */
+exports.p384 = (0, _shortw_utils_ts_1.createCurve)({ ...p384_CURVE, Fp: Fp384, lowS: false }, sha2_js_1.sha384);
 /** Alias to p384. */
 exports.secp384r1 = exports.p384;
-const p384_mapSWU = /* @__PURE__ */ (() => (0, weierstrass_ts_1.mapToCurveSimpleSWU)(Fp384, {
-    A: p384_a,
-    B: p384_b,
-    Z: Fp384.create(BigInt('-12')),
-}))();
 /** Hashing / encoding to p384 points / field. RFC 9380 methods. */
-exports.p384_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.secp384r1.ProjectivePoint, (scalars) => p384_mapSWU(scalars[0]), {
-    DST: 'P384_XMD:SHA-384_SSWU_RO_',
-    encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
-    p: Fp384.ORDER,
-    m: 1,
-    k: 192,
-    expand: 'xmd',
-    hash: sha2_1.sha384,
-}))();
-// Field over which we'll do calculations.
-const Fp521 = (0, modular_ts_1.Field)(BigInt('0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'));
-const p521_a = Fp521.create(BigInt('-3'));
-const p521_b = BigInt('0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00');
-/**
- * NIST secp521r1 aka p521 curve, ECDSA and ECDH methods.
- * Field: `2n**521n - 1n`.
- */
-// prettier-ignore
-exports.p521 = (0, _shortw_utils_ts_1.createCurve)({
-    a: p521_a,
-    b: p521_b,
-    Fp: Fp521,
-    n: BigInt('0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'),
-    Gx: BigInt('0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'),
-    Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),
-    h: BigInt(1),
-    lowS: false,
-    allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
-}, sha2_1.sha512);
+exports.p384_hasher = (() => {
+    return (0, hash_to_curve_ts_1.createHasher)(exports.p384.Point, createSWU(Fp384, {
+        A: p384_CURVE.a,
+        B: p384_CURVE.b,
+        Z: Fp384.create(BigInt('-12')),
+    }), {
+        DST: 'P384_XMD:SHA-384_SSWU_RO_',
+        encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
+        p: p384_CURVE.p,
+        m: 1,
+        k: 192,
+        expand: 'xmd',
+        hash: sha2_js_1.sha384,
+    });
+})();
+/** NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. */
+exports.p521 = (0, _shortw_utils_ts_1.createCurve)({ ...p521_CURVE, Fp: Fp521, lowS: false, allowedPrivateKeyLengths: [130, 131, 132] }, sha2_js_1.sha512);
+/** Alias to p521. */
 exports.secp521r1 = exports.p521;
-const p521_mapSWU = /* @__PURE__ */ (() => (0, weierstrass_ts_1.mapToCurveSimpleSWU)(Fp521, {
-    A: p521_a,
-    B: p521_b,
-    Z: Fp521.create(BigInt('-4')),
-}))();
 /** Hashing / encoding to p521 points / field. RFC 9380 methods. */
-exports.p521_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.secp521r1.ProjectivePoint, (scalars) => p521_mapSWU(scalars[0]), {
-    DST: 'P521_XMD:SHA-512_SSWU_RO_',
-    encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
-    p: Fp521.ORDER,
-    m: 1,
-    k: 256,
-    expand: 'xmd',
-    hash: sha2_1.sha512,
-}))();
+exports.p521_hasher = (() => {
+    return (0, hash_to_curve_ts_1.createHasher)(exports.p521.Point, createSWU(Fp521, {
+        A: p521_CURVE.a,
+        B: p521_CURVE.b,
+        Z: Fp521.create(BigInt('-4')),
+    }), {
+        DST: 'P521_XMD:SHA-512_SSWU_RO_',
+        encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
+        p: p521_CURVE.p,
+        m: 1,
+        k: 256,
+        expand: 'xmd',
+        hash: sha2_js_1.sha512,
+    });
+})();
 //# sourceMappingURL=nist.js.map

package/nist.js.map

@@ -1 +1 @@
-{"version":3,"file":"nist.js","sourceRoot":"","sources":["src/nist.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,sEAAsE;AACtE,6CAA4D;AAC5D,yDAAyE;AACzE,kEAAwE;AACxE,sDAA8C;AAC9C,8DAAgE;AAEhE,MAAM,KAAK,GAAG,IAAA,kBAAK,EAAC,MAAM,CAAC,oEAAoE,CAAC,CAAC,CAAC;AAClG,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,MAAM,MAAM,GAAG,MAAM,CAAC,oEAAoE,CAAC,CAAC;AAE5F;;;GAGG;AACH,kBAAkB;AACL,QAAA,IAAI,GAAsB,IAAA,8BAAW,EAAC;IACjD,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,MAAM;IACT,EAAE,EAAE,KAAK;IACT,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EAAE,aAAM,CAAC,CAAC;AACpB,qBAAqB;AACR,QAAA,SAAS,GAAsB,YAAI,CAAC;AAEjD,MAAM,WAAW,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACxC,IAAA,oCAAmB,EAAC,KAAK,EAAE;IACzB,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC/B,CAAC,CAAC,EAAE,CAAC;AAER,mEAAmE;AACtD,QAAA,WAAW,GAAmC,CAAC,GAAG,EAAE,CAC/D,IAAA,+BAAY,EAAC,iBAAS,CAAC,eAAe,EAAE,CAAC,OAAiB,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;IACtF,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,KAAK,CAAC,KAAK;IACd,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,aAAM;CACb,CAAC,CAAC,EAAE,CAAC;AAER,0CAA0C;AAC1C,MAAM,KAAK,GAAG,IAAA,kBAAK,EACjB,MAAM,CACJ,oGAAoG,CACrG,CACF,CAAC;AACF,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,kBAAkB;AAClB,MAAM,MAAM,GAAG,MAAM,CAAC,oGAAoG,CAAC,CAAC;AAE5H;;;KAGK;AACL,kBAAkB;AACL,QAAA,IAAI,GAAsB,IAAA,8BAAW,EAAC;IACjD,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,MAAM;IACT,EAAE,EAAE,KAAK;IACT,CAAC,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAC/G,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,EAAE,EAAE,MAAM,CAAC,oGAAoG,CAAC;IAChH,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;CACH,EAAE,aAAM,CAAC,CAAC;AACpB,qBAAqB;AACR,QAAA,SAAS,GAAsB,YAAI,CAAC;AAEjD,MAAM,WAAW,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACxC,IAAA,oCAAmB,EAAC,KAAK,EAAE;IACzB,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;CAC/B,CAAC,CAAC,EAAE,CAAC;AAER,mEAAmE;AACtD,QAAA,WAAW,GAAmC,CAAC,GAAG,EAAE,CAC/D,IAAA,+BAAY,EAAC,iBAAS,CAAC,eAAe,EAAE,CAAC,OAAiB,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;IACtF,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,KAAK,CAAC,KAAK;IACd,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,aAAM;CACb,CAAC,CAAC,EAAE,CAAC;AAER,0CAA0C;AAC1C,MAAM,KAAK,GAAG,IAAA,kBAAK,EACjB,MAAM,CACJ,uIAAuI,CACxI,CACF,CAAC;AAEF,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1C,MAAM,MAAM,GAAG,MAAM,CACnB,wIAAwI,CACzI,CAAC;AAEF;;;GAGG;AACH,kBAAkB;AACL,QAAA,IAAI,GAAsB,IAAA,8BAAW,EAAC;IACjD,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,MAAM;IACT,EAAE,EAAE,KAAK;IACT,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,KAAK;IACX,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,CAAC,mDAAmD;CACrF,EAAE,aAAM,CAAC,CAAC;AACP,QAAA,SAAS,GAAsB,YAAI,CAAC;AAEjD,MAAM,WAAW,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CACxC,IAAA,oCAAmB,EAAC,KAAK,EAAE;IACzB,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,MAAM;IACT,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;CAC9B,CAAC,CAAC,EAAE,CAAC;AAER,mEAAmE;AACtD,QAAA,WAAW,GAAmC,CAAC,GAAG,EAAE,CAC/D,IAAA,+BAAY,EAAC,iBAAS,CAAC,eAAe,EAAE,CAAC,OAAiB,EAAE,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE;IACtF,GAAG,EAAE,2BAA2B;IAChC,SAAS,EAAE,2BAA2B;IACtC,CAAC,EAAE,KAAK,CAAC,KAAK;IACd,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,aAAM;CACb,CAAC,CAAC,EAAE,CAAC"}
+{"version":3,"file":"nist.js","sourceRoot":"","sources":["src/nist.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACH,sEAAsE;AACtE,mDAA+D;AAC/D,yDAAyE;AACzE,kEAA2E;AAC3E,sDAA2D;AAC3D,8DAAsF;AAEtF,wDAAwD;AACxD,kCAAkC;AAClC,MAAM,UAAU,GAA4B;IAC1C,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;CACjF,CAAC;AAEF,mDAAmD;AACnD,MAAM,UAAU,GAA4B;IAC1C,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,EAAE,EAAE,MAAM,CACR,oGAAoG,CACrG;IACD,EAAE,EAAE,MAAM,CACR,oGAAoG,CACrG;CACF,CAAC;AAEF,oBAAoB;AACpB,MAAM,UAAU,GAA4B;IAC1C,CAAC,EAAE,MAAM,CACP,uIAAuI,CACxI;IACD,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CACP,uIAAuI,CACxI;IACD,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;CACF,CAAC;AAEF,MAAM,KAAK,GAAG,IAAA,kBAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAClC,MAAM,KAAK,GAAG,IAAA,kBAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAClC,MAAM,KAAK,GAAG,IAAA,kBAAK,EAAC,UAAU,CAAC,CAAC,CAAC,CAAC;AAMlC,SAAS,SAAS,CAAC,KAAqB,EAAE,IAAa;IACrD,MAAM,GAAG,GAAG,IAAA,oCAAmB,EAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7C,OAAO,CAAC,OAAiB,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,2EAA2E;AAC9D,QAAA,IAAI,GAAsB,IAAA,8BAAW,EAChD,EAAE,GAAG,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EACzC,gBAAM,CACP,CAAC;AACF,qBAAqB;AACR,QAAA,SAAS,GAAsB,YAAI,CAAC;AACjD,mEAAmE;AACtD,QAAA,WAAW,GAAsC,CAAC,GAAG,EAAE;IAClE,OAAO,IAAA,+BAAY,EACjB,YAAI,CAAC,KAAK,EACV,SAAS,CAAC,KAAK,EAAE;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC/B,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,gBAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AAEL,+DAA+D;AAClD,QAAA,IAAI,GAAsB,IAAA,8BAAW,EAChD,EAAE,GAAG,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,EACzC,gBAAM,CACP,CAAC;AACF,qBAAqB;AACR,QAAA,SAAS,GAAsB,YAAI,CAAC;AACjD,mEAAmE;AACtD,QAAA,WAAW,GAAsC,CAAC,GAAG,EAAE;IAClE,OAAO,IAAA,+BAAY,EACjB,YAAI,CAAC,KAAK,EACV,SAAS,CAAC,KAAK,EAAE;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC/B,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,gBAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AAEL,+DAA+D;AAClD,QAAA,IAAI,GAAsB,IAAA,8BAAW,EAChD,EAAE,GAAG,UAAU,EAAE,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,EACpF,gBAAM,CACP,CAAC;AACF,qBAAqB;AACR,QAAA,SAAS,GAAsB,YAAI,CAAC;AACjD,mEAAmE;AACtD,QAAA,WAAW,GAAsC,CAAC,GAAG,EAAE;IAClE,OAAO,IAAA,+BAAY,EACjB,YAAI,CAAC,KAAK,EACV,SAAS,CAAC,KAAK,EAAE;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;KAC9B,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,gBAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC"}

package/p256.d.ts

@@ -3,10 +3,10 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CMethod } from './abstract/hash-to-curve.ts';
 import { p256 as p256n } from './nist.ts';
 export declare const p256: typeof p256n;
 export declare const secp256r1: typeof p256n;
-export declare const hashToCurve: HTFMethod<bigint>;
-export declare const encodeToCurve: HTFMethod<bigint>;
+export declare const hashToCurve: H2CMethod<bigint>;
+export declare const encodeToCurve: H2CMethod<bigint>;
 //# sourceMappingURL=p256.d.ts.map

package/p384.d.ts

@@ -3,11 +3,11 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CMethod } from './abstract/hash-to-curve.ts';
 import { p384 as p384n } from './nist.ts';
 export declare const p384: typeof p384n;
 export declare const secp384r1: typeof p384n;
-export declare const hashToCurve: HTFMethod<bigint>;
-export declare const encodeToCurve: HTFMethod<bigint>;
+export declare const hashToCurve: H2CMethod<bigint>;
+export declare const encodeToCurve: H2CMethod<bigint>;
 /** @deprecated Use `import { p384_hasher } from "@noble/curves/nist"` module. */
 //# sourceMappingURL=p384.d.ts.map

package/p521.d.ts

@@ -3,10 +3,10 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CMethod } from './abstract/hash-to-curve.ts';
 import { p521 as p521n } from './nist.ts';
 export declare const p521: typeof p521n;
 export declare const secp521r1: typeof p521n;
-export declare const hashToCurve: HTFMethod<bigint>;
-export declare const encodeToCurve: HTFMethod<bigint>;
+export declare const hashToCurve: H2CMethod<bigint>;
+export declare const encodeToCurve: H2CMethod<bigint>;
 //# sourceMappingURL=p521.d.ts.map

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@noble/curves",
-  "version": "1.9.0",
+  "version": "1.9.2",
   "description": "Audited & minimal JS implementation of elliptic curve cryptography",
   "files": [
     "*.js",
@@ -12,8 +12,8 @@
     "abstract"
   ],
   "scripts": {
-    "bench": "npm run bench:install; cd benchmark; node secp256k1.js; node curves.js; node utils.js; node bls.js",
-    "bench:install": "cd benchmark; npm install; npm install .. --install-links",
+    "bench": "npm run bench:install; cd test/benchmark; node secp256k1.js; node curves.js; node utils.js; node bls.js",
+    "bench:install": "cd test/benchmark; npm install; npm install ../.. --install-links",
     "build": "tsc && tsc -p tsconfig.cjs.json",
     "build:release": "npx jsbt esbuild test/build",
     "build:clean": "rm {.,esm,abstract,esm/abstract}/*.{js,d.ts,d.ts.map,js.map} 2> /dev/null",
@@ -35,10 +35,11 @@
     "@noble/hashes": "1.8.0"
   },
   "devDependencies": {
-    "@paulmillr/jsbt": "0.3.3",
-    "fast-check": "3.0.0",
-    "micro-bmark": "0.4.1",
-    "micro-should": "0.5.2",
+    "@paulmillr/jsbt": "0.4.0",
+    "@types/node": "22.15.21",
+    "fast-check": "4.1.1",
+    "micro-bmark": "0.4.2",
+    "micro-should": "0.5.3",
     "prettier": "3.5.3",
     "typescript": "5.8.3"
   },
@@ -89,6 +90,10 @@
       "import": "./esm/abstract/weierstrass.js",
       "require": "./abstract/weierstrass.js"
     },
+    "./abstract/fft": {
+      "import": "./esm/abstract/fft.js",
+      "require": "./abstract/fft.js"
+    },
     "./_shortw_utils": {
       "import": "./esm/_shortw_utils.js",
       "require": "./_shortw_utils.js"
@@ -145,6 +150,10 @@
       "import": "./esm/secp256k1.js",
       "require": "./secp256k1.js"
     },
+    "./utils": {
+      "import": "./esm/utils.js",
+      "require": "./utils.js"
+    },
     "./abstract/bls.js": {
       "import": "./esm/abstract/bls.js",
       "require": "./abstract/bls.js"
@@ -185,6 +194,10 @@
       "import": "./esm/abstract/weierstrass.js",
       "require": "./abstract/weierstrass.js"
     },
+    "./abstract/fft.js": {
+      "import": "./esm/abstract/fft.js",
+      "require": "./abstract/fft.js"
+    },
     "./_shortw_utils.js": {
       "import": "./esm/_shortw_utils.js",
       "require": "./_shortw_utils.js"
@@ -197,6 +210,10 @@
       "import": "./esm/bn254.js",
       "require": "./bn254.js"
     },
+    "./utils.js": {
+      "import": "./esm/utils.js",
+      "require": "./utils.js"
+    },
     "./ed448.js": {
       "import": "./esm/ed448.js",
       "require": "./ed448.js"
@@ -269,7 +286,8 @@
     "weierstrass",
     "montgomery",
     "edwards",
-    "schnorr"
+    "schnorr",
+    "fft"
   ],
   "funding": "https://paulmillr.com/funding/"
 }

package/pasta.d.ts

@@ -1,3 +1,7 @@
+/**
+ * @deprecated
+ * @module
+ */
 import { pallas as pn, vesta as vn } from './misc.ts';
 /** @deprecated */
 export declare const pallas: typeof pn;

package/pasta.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"pasta.d.ts","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,IAAI,EAAE,EAAE,MAAM,WAAW,CAAC;AACtD,kBAAkB;AAClB,eAAO,MAAM,MAAM,EAAE,OAAO,EAAO,CAAC;AACpC,kBAAkB;AAClB,eAAO,MAAM,KAAK,EAAE,OAAO,EAAO,CAAC"}
+{"version":3,"file":"pasta.d.ts","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,EAAE,MAAM,IAAI,EAAE,EAAE,KAAK,IAAI,EAAE,EAAE,MAAM,WAAW,CAAC;AACtD,kBAAkB;AAClB,eAAO,MAAM,MAAM,EAAE,OAAO,EAAO,CAAC;AACpC,kBAAkB;AAClB,eAAO,MAAM,KAAK,EAAE,OAAO,EAAO,CAAC"}

package/pasta.js

@@ -1,6 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.vesta = exports.pallas = void 0;
+/**
+ * @deprecated
+ * @module
+ */
 const misc_ts_1 = require("./misc.js");
 /** @deprecated */
 exports.pallas = misc_ts_1.pallas;

package/pasta.js.map

@@ -1 +1 @@
-{"version":3,"file":"pasta.js","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":";;;AAAA,uCAAsD;AACtD,kBAAkB;AACL,QAAA,MAAM,GAAc,gBAAE,CAAC;AACpC,kBAAkB;AACL,QAAA,KAAK,GAAc,eAAE,CAAC"}
+{"version":3,"file":"pasta.js","sourceRoot":"","sources":["src/pasta.ts"],"names":[],"mappings":";;;AAAA;;;GAGG;AACH,uCAAsD;AACtD,kBAAkB;AACL,QAAA,MAAM,GAAc,gBAAE,CAAC;AACpC,kBAAkB;AACL,QAAA,KAAK,GAAc,eAAE,CAAC"}

package/secp256k1.d.ts

@@ -1,9 +1,9 @@
 import { type CurveFnWithCreate } from './_shortw_utils.ts';
-import { type Hasher, type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CHasher, type H2CMethod } from './abstract/hash-to-curve.ts';
 import { mod } from './abstract/modular.ts';
-import type { Hex, PrivKey } from './abstract/utils.ts';
-import { bytesToNumberBE, numberToBytesBE } from './abstract/utils.ts';
 import { type ProjPointType as PointType } from './abstract/weierstrass.ts';
+import type { Hex, PrivKey } from './utils.ts';
+import { bytesToNumberBE, numberToBytesBE } from './utils.ts';
 /**
  * secp256k1 curve, ECDSA and ECDH methods.
  *
@@ -69,8 +69,8 @@ export type SecpSchnorr = {
  */
 export declare const schnorr: SecpSchnorr;
 /** Hashing / encoding to secp256k1 points / field. RFC 9380 methods. */
-export declare const secp256k1_hasher: Hasher<bigint>;
-export declare const hashToCurve: HTFMethod<bigint>;
-export declare const encodeToCurve: HTFMethod<bigint>;
+export declare const secp256k1_hasher: H2CHasher<bigint>;
+export declare const hashToCurve: H2CMethod<bigint>;
+export declare const encodeToCurve: H2CMethod<bigint>;
 export {};
 //# sourceMappingURL=secp256k1.d.ts.map

package/secp256k1.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAeA,OAAO,EAAe,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,EAAgB,KAAK,MAAM,EAAE,KAAK,SAAS,EAAc,MAAM,6BAA6B,CAAC;AACpG,OAAO,EAAS,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AACzD,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAEL,eAAe,EAIf,eAAe,EAChB,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAuB,KAAK,aAAa,IAAI,SAAS,EAAE,MAAM,2BAA2B,CAAC;AAsCjG;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,SAAS,EAAE,iBAqCvB,CAAC;AAOF,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;AAkBD;;;GAGG;AACH,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAS5C;AASD;;GAEG;AACH,iBAAS,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAExD;AAED;;;GAGG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,GAAG,EACZ,UAAU,EAAE,OAAO,EACnB,OAAO,GAAE,GAAqB,GAC7B,UAAU,CAgBZ;AAED;;;GAGG;AACH,iBAAS,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,OAAO,CAiB5E;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,YAAY,EAAE,OAAO,mBAAmB,CAAC;IACzC,IAAI,EAAE,OAAO,WAAW,CAAC;IACzB,MAAM,EAAE,OAAO,aAAa,CAAC;IAC7B,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,MAAM,EAAE,OAAO,MAAM,CAAC;QACtB,YAAY,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC;QACvD,eAAe,EAAE,OAAO,eAAe,CAAC;QACxC,eAAe,EAAE,OAAO,eAAe,CAAC;QACxC,UAAU,EAAE,OAAO,UAAU,CAAC;QAC9B,GAAG,EAAE,OAAO,GAAG,CAAC;KACjB,CAAC;CACH,CAAC;AACF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,OAAO,EAAE,WAajB,CAAC;AAyCN,wEAAwE;AACxE,eAAO,MAAM,gBAAgB,EAAE,MAAM,CAAC,MAAM,CAgBtC,CAAC;AAEP,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,MAAM,CACT,CAAC;AAElC,eAAO,MAAM,aAAa,EAAE,SAAS,CAAC,MAAM,CACT,CAAC"}
+{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAUA,OAAO,EAAe,KAAK,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,SAAS,EAEf,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAAS,GAAG,EAAQ,MAAM,uBAAuB,CAAC;AACzD,OAAO,EAGL,KAAK,aAAa,IAAI,SAAS,EAEhC,MAAM,2BAA2B,CAAC;AACnC,OAAO,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,MAAM,YAAY,CAAC;AAC/C,OAAO,EAEL,eAAe,EAIf,eAAe,EAChB,MAAM,YAAY,CAAC;AAiDpB;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,SAAS,EAAE,iBAgCvB,CAAC;AAMF,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;AAiBD;;;GAGG;AACH,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAS5C;AASD;;GAEG;AACH,iBAAS,mBAAmB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAExD;AAED;;;GAGG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,GAAG,EACZ,UAAU,EAAE,OAAO,EACnB,OAAO,GAAE,GAAqB,GAC7B,UAAU,CAgBZ;AAED;;;GAGG;AACH,iBAAS,aAAa,CAAC,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,GAAG,OAAO,CAoB5E;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,YAAY,EAAE,OAAO,mBAAmB,CAAC;IACzC,IAAI,EAAE,OAAO,WAAW,CAAC;IACzB,MAAM,EAAE,OAAO,aAAa,CAAC;IAC7B,KAAK,EAAE;QACL,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,MAAM,EAAE,OAAO,MAAM,CAAC;QACtB,YAAY,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC;QACvD,eAAe,EAAE,OAAO,eAAe,CAAC;QACxC,eAAe,EAAE,OAAO,eAAe,CAAC;QACxC,UAAU,EAAE,OAAO,UAAU,CAAC;QAC9B,GAAG,EAAE,OAAO,GAAG,CAAC;KACjB,CAAC;CACH,CAAC;AACF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,OAAO,EAAE,WAajB,CAAC;AAyCN,wEAAwE;AACxE,eAAO,MAAM,gBAAgB,EAAE,SAAS,CAAC,MAAM,CAgBzC,CAAC;AAEP,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,MAAM,CACT,CAAC;AAElC,eAAO,MAAM,aAAa,EAAE,SAAS,CAAC,MAAM,CACT,CAAC"}

package/secp256k1.js

@@ -2,27 +2,33 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.encodeToCurve = exports.hashToCurve = exports.secp256k1_hasher = exports.schnorr = exports.secp256k1 = void 0;
 /**
- * NIST secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
+ * SECG secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
  *
- * Seems to be rigid (not backdoored)
- * [as per discussion](https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975).
- *
- * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
- * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
- * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
- * [See explanation](https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066).
+ * Belongs to Koblitz curves: it has efficiently-computable GLV endomorphism ψ,
+ * check out {@link EndomorphismOpts}. Seems to be rigid (not backdoored).
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha2_1 = require("@noble/hashes/sha2");
-const utils_1 = require("@noble/hashes/utils");
+const sha2_js_1 = require("@noble/hashes/sha2.js");
+const utils_js_1 = require("@noble/hashes/utils.js");
 const _shortw_utils_ts_1 = require("./_shortw_utils.js");
 const hash_to_curve_ts_1 = require("./abstract/hash-to-curve.js");
 const modular_ts_1 = require("./abstract/modular.js");
-const utils_ts_1 = require("./abstract/utils.js");
 const weierstrass_ts_1 = require("./abstract/weierstrass.js");
-const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
-const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');
+const utils_ts_1 = require("./utils.js");
+// Seems like generator was produced from some seed:
+// `Point.BASE.multiply(Point.Fn.inv(2n, N)).toAffine().x`
+// // gives short x 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63n
+const secp256k1_CURVE = {
+    p: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
+    n: BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'),
+    h: BigInt(1),
+    a: BigInt(0),
+    b: BigInt(7),
+    Gx: BigInt('0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798'),
+    Gy: BigInt('0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8'),
+};
+const _0n = BigInt(0);
 const _1n = BigInt(1);
 const _2n = BigInt(2);
 const divNearest = (a, b) => (a + b / _2n) / b;
@@ -31,7 +37,7 @@ const divNearest = (a, b) => (a + b / _2n) / b;
  * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]
  */
 function sqrtMod(y) {
-    const P = secp256k1P;
+    const P = secp256k1_CURVE.p;
     // prettier-ignore
     const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
     // prettier-ignore
@@ -54,7 +60,7 @@ function sqrtMod(y) {
         throw new Error('Cannot find square root');
     return root;
 }
-const Fpk1 = (0, modular_ts_1.Field)(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
+const Fpk1 = (0, modular_ts_1.Field)(secp256k1_CURVE.p, undefined, undefined, { sqrt: sqrtMod });
 /**
  * secp256k1 curve, ECDSA and ECDH methods.
  *
@@ -71,19 +77,14 @@ const Fpk1 = (0, modular_ts_1.Field)(secp256k1P, undefined, undefined, { sqrt: s
  * ```
  */
 exports.secp256k1 = (0, _shortw_utils_ts_1.createCurve)({
-    a: BigInt(0),
-    b: BigInt(7),
+    ...secp256k1_CURVE,
     Fp: Fpk1,
-    n: secp256k1N,
-    Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
-    Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
-    h: BigInt(1),
     lowS: true, // Allow only low-S signatures by default in sign() and verify()
     endo: {
         // Endomorphism, see above
         beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
         splitScalar: (k) => {
-            const n = secp256k1N;
+            const n = secp256k1_CURVE.n;
             const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');
             const b1 = -_1n * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');
             const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');
@@ -105,33 +106,32 @@ exports.secp256k1 = (0, _shortw_utils_ts_1.createCurve)({
             return { k1neg, k1, k2neg, k2 };
         },
     },
-}, sha2_1.sha256);
+}, sha2_js_1.sha256);
 // Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.
 // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
-const _0n = BigInt(0);
 /** An object mapping tags to their tagged hash prefix of [SHA256(tag) | SHA256(tag)] */
 const TAGGED_HASH_PREFIXES = {};
 function taggedHash(tag, ...messages) {
     let tagP = TAGGED_HASH_PREFIXES[tag];
     if (tagP === undefined) {
-        const tagH = (0, sha2_1.sha256)(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
+        const tagH = (0, sha2_js_1.sha256)(Uint8Array.from(tag, (c) => c.charCodeAt(0)));
         tagP = (0, utils_ts_1.concatBytes)(tagH, tagH);
         TAGGED_HASH_PREFIXES[tag] = tagP;
     }
-    return (0, sha2_1.sha256)((0, utils_ts_1.concatBytes)(tagP, ...messages));
+    return (0, sha2_js_1.sha256)((0, utils_ts_1.concatBytes)(tagP, ...messages));
 }
 // ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
-const pointToBytes = (point) => point.toRawBytes(true).slice(1);
+const pointToBytes = (point) => point.toBytes(true).slice(1);
 const numTo32b = (n) => (0, utils_ts_1.numberToBytesBE)(n, 32);
-const modP = (x) => (0, modular_ts_1.mod)(x, secp256k1P);
-const modN = (x) => (0, modular_ts_1.mod)(x, secp256k1N);
-const Point = exports.secp256k1.ProjectivePoint;
-const GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
+const modP = (x) => (0, modular_ts_1.mod)(x, secp256k1_CURVE.p);
+const modN = (x) => (0, modular_ts_1.mod)(x, secp256k1_CURVE.n);
+const Point = /* @__PURE__ */ (() => exports.secp256k1.Point)();
+const hasEven = (y) => y % _2n === _0n;
 // Calculate point, scalar and bytes
 function schnorrGetExtPubKey(priv) {
     let d_ = exports.secp256k1.utils.normPrivateKeyToScalar(priv); // same method executed in fromPrivateKey
     let p = Point.fromPrivateKey(d_); // P = d'⋅G; 0 < d' < n check is done inside
-    const scalar = p.hasEvenY() ? d_ : modN(-d_);
+    const scalar = hasEven(p.y) ? d_ : modN(-d_);
     return { scalar: scalar, bytes: pointToBytes(p) };
 }
 /**
@@ -139,13 +139,13 @@ function schnorrGetExtPubKey(priv) {
  * @returns valid point checked for being on-curve
  */
 function lift_x(x) {
-    (0, utils_ts_1.aInRange)('x', x, _1n, secp256k1P); // Fail if x ≥ p.
+    (0, utils_ts_1.aInRange)('x', x, _1n, secp256k1_CURVE.p); // Fail if x ≥ p.
     const xx = modP(x * x);
     const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.
     let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
-    if (y % _2n !== _0n)
+    if (!hasEven(y))
         y = modP(-y); // Return the unique point P such that x(P) = x and
-    const p = new Point(x, y, _1n); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
+    const p = Point.fromAffine({ x, y }); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
     p.assertValidity();
     return p;
 }
@@ -166,7 +166,7 @@ function schnorrGetPublicKey(privateKey) {
  * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
  * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.
  */
-function schnorrSign(message, privateKey, auxRand = (0, utils_1.randomBytes)(32)) {
+function schnorrSign(message, privateKey, auxRand = (0, utils_js_1.randomBytes)(32)) {
     const m = (0, utils_ts_1.ensureBytes)('message', message);
     const { bytes: px, scalar: d } = schnorrGetExtPubKey(privateKey); // checks for isWithinCurveOrder
     const a = (0, utils_ts_1.ensureBytes)('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array
@@ -196,16 +196,19 @@ function schnorrVerify(signature, message, publicKey) {
     try {
         const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails
         const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
-        if (!(0, utils_ts_1.inRange)(r, _1n, secp256k1P))
+        if (!(0, utils_ts_1.inRange)(r, _1n, secp256k1_CURVE.p))
             return false;
         const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
-        if (!(0, utils_ts_1.inRange)(s, _1n, secp256k1N))
+        if (!(0, utils_ts_1.inRange)(s, _1n, secp256k1_CURVE.n))
             return false;
         const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n
-        const R = GmulAdd(P, s, modN(-e)); // R = s⋅G - e⋅P
-        if (!R || !R.hasEvenY() || R.toAffine().x !== r)
-            return false; // -eP == (n-e)P
-        return true; // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.
+        // R = s⋅G - e⋅P, where -eP == (n-e)P
+        const R = Point.BASE.multiplyUnsafe(s).add(P.multiplyUnsafe(modN(-e)));
+        const { x, y } = R.toAffine();
+        // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.
+        if (R.is0() || !hasEven(y) || x !== r)
+            return false;
+        return true;
     }
     catch (error) {
         return false;
@@ -273,7 +276,7 @@ const mapSWU = /* @__PURE__ */ (() => (0, weierstrass_ts_1.mapToCurveSimpleSWU)(
     Z: Fpk1.create(BigInt('-11')),
 }))();
 /** Hashing / encoding to secp256k1 points / field. RFC 9380 methods. */
-exports.secp256k1_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.secp256k1.ProjectivePoint, (scalars) => {
+exports.secp256k1_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.secp256k1.Point, (scalars) => {
     const { x, y } = mapSWU(Fpk1.create(scalars[0]));
     return isoMap(x, y);
 }, {
@@ -283,7 +286,7 @@ exports.secp256k1_hasher = (() => (0, hash_to_curve_ts_1.createHasher)(exports.s
     m: 1,
     k: 128,
     expand: 'xmd',
-    hash: sha2_1.sha256,
+    hash: sha2_js_1.sha256,
 }))();
 exports.hashToCurve = (() => exports.secp256k1_hasher.hashToCurve)();
 exports.encodeToCurve = (() => exports.secp256k1_hasher.encodeToCurve)();