@noble/curves 1.9.1 → 1.9.2

package/src/abstract/tower.ts

@@ -10,8 +10,8 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+import { bitLen, bitMask, concatBytes, notImplemented } from '../utils.ts';
 import * as mod from './modular.ts';
-import { bitLen, bitMask, concatBytes, notImplemented } from './utils.ts';
 import type { ProjConstructor, ProjPointType } from './weierstrass.ts';
 
 // Be friendly to bad ECMAScript parsers by not using bigint literals
@@ -34,19 +34,33 @@ export type BigintTwelve = [
 ];
 
 export type Fp2Bls = mod.IField<Fp2> & {
-  reim: (num: Fp2) => { re: Fp; im: Fp };
-  mulByB: (num: Fp2) => Fp2;
   frobeniusMap(num: Fp2, power: number): Fp2;
   fromBigTuple(num: [bigint, bigint]): Fp2;
+  mulByB: (num: Fp2) => Fp2;
+  mulByNonresidue: (num: Fp2) => Fp2;
+  reim: (num: Fp2) => { re: Fp; im: Fp };
+  NONRESIDUE: Fp2;
+};
+
+export type Fp6Bls = mod.IField<Fp6> & {
+  frobeniusMap(num: Fp6, power: number): Fp6;
+  fromBigSix: (tuple: BigintSix) => Fp6;
+  mul1(num: Fp6, b1: Fp2): Fp6;
+  mul01(num: Fp6, b0: Fp2, b1: Fp2): Fp6;
+  mulByFp2(lhs: Fp6, rhs: Fp2): Fp6;
+  mulByNonresidue: (num: Fp6) => Fp6;
 };
 
 export type Fp12Bls = mod.IField<Fp12> & {
   frobeniusMap(num: Fp12, power: number): Fp12;
+  fromBigTwelve: (t: BigintTwelve) => Fp12;
   mul014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
   mul034(num: Fp12, o0: Fp2, o3: Fp2, o4: Fp2): Fp12;
+  mulByFp2(lhs: Fp12, rhs: Fp2): Fp12;
   conjugate(num: Fp12): Fp12;
   finalExponentiate(num: Fp12): Fp12;
-  fromBigTwelve(num: BigintTwelve): Fp12;
+  _cyclotomicSquare(num: Fp12): Fp12;
+  _cyclotomicExp(num: Fp12, n: bigint): Fp12;
 };
 
 function calcFrobeniusCoefficients<T>(
@@ -134,34 +148,10 @@ export type Tower12Opts = {
 
 export function tower12(opts: Tower12Opts): {
   Fp: Readonly<mod.IField<bigint> & Required<Pick<mod.IField<bigint>, 'isOdd'>>>;
-  Fp2: mod.IField<Fp2> & {
-    NONRESIDUE: Fp2;
-    fromBigTuple: (tuple: BigintTuple | bigint[]) => Fp2;
-    reim: (num: Fp2) => { re: bigint; im: bigint };
-    mulByNonresidue: (num: Fp2) => Fp2;
-    mulByB: (num: Fp2) => Fp2;
-    frobeniusMap(num: Fp2, power: number): Fp2;
-  };
-  Fp6: mod.IField<Fp6> & {
-    fromBigSix: (tuple: BigintSix) => Fp6;
-    mulByNonresidue: (num: Fp6) => Fp6;
-    frobeniusMap(num: Fp6, power: number): Fp6;
-    mul1(num: Fp6, b1: Fp2): Fp6;
-    mul01(num: Fp6, b0: Fp2, b1: Fp2): Fp6;
-    mulByFp2(lhs: Fp6, rhs: Fp2): Fp6;
-  };
+  Fp2: Fp2Bls;
+  Fp6: Fp6Bls;
+  Fp12: Fp12Bls;
   Fp4Square: (a: Fp2, b: Fp2) => { first: Fp2; second: Fp2 };
-  Fp12: mod.IField<Fp12> & {
-    fromBigTwelve: (t: BigintTwelve) => Fp12;
-    frobeniusMap(num: Fp12, power: number): Fp12;
-    mul014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
-    mul034(num: Fp12, o0: Fp2, o3: Fp2, o4: Fp2): Fp12;
-    mulByFp2(lhs: Fp12, rhs: Fp2): Fp12;
-    conjugate(num: Fp12): Fp12;
-    finalExponentiate(num: Fp12): Fp12;
-    _cyclotomicSquare(num: Fp12): Fp12;
-    _cyclotomicExp(num: Fp12, n: bigint): Fp12;
-  };
 } {
   const { ORDER } = opts;
   // Fp
@@ -196,23 +186,19 @@ export function tower12(opts: Tower12Opts): {
     const c = Fp.add(c0, c0);
     return { c0: Fp.mul(a, b), c1: Fp.mul(c, c1) };
   };
-  type Fp2Utils = {
-    NONRESIDUE: Fp2;
-    fromBigTuple: (tuple: BigintTuple | bigint[]) => Fp2;
-    reim: (num: Fp2) => { re: bigint; im: bigint };
-    mulByNonresidue: (num: Fp2) => Fp2;
-    mulByB: (num: Fp2) => Fp2;
-    frobeniusMap(num: Fp2, power: number): Fp2;
-  };
   const Fp2fromBigTuple = (tuple: BigintTuple | bigint[]) => {
     if (tuple.length !== 2) throw new Error('invalid tuple');
     const fps = tuple.map((n) => Fp.create(n)) as [Fp, Fp];
     return { c0: fps[0], c1: fps[1] };
   };
 
+  function isValidC(num: bigint, ORDER: bigint) {
+    return typeof num === 'bigint' && _0n <= num && num < ORDER;
+  }
+
   const FP2_ORDER = ORDER * ORDER;
   const Fp2Nonresidue = Fp2fromBigTuple(opts.FP2_NONRESIDUE);
-  const Fp2: mod.IField<Fp2> & Fp2Utils = {
+  const Fp2: Fp2Bls = {
     ORDER: FP2_ORDER,
     isLE: Fp.isLE,
     NONRESIDUE: Fp2Nonresidue,
@@ -222,8 +208,9 @@ export function tower12(opts: Tower12Opts): {
     ZERO: { c0: Fp.ZERO, c1: Fp.ZERO },
     ONE: { c0: Fp.ONE, c1: Fp.ZERO },
     create: (num) => num,
-    isValid: ({ c0, c1 }) => typeof c0 === 'bigint' && typeof c1 === 'bigint',
+    isValid: ({ c0, c1 }) => isValidC(c0, FP2_ORDER) && isValidC(c1, FP2_ORDER),
     is0: ({ c0, c1 }) => Fp.is0(c0) && Fp.is0(c1),
+    isValidNot0: (num) => !Fp2.is0(num) && Fp2.isValid(num),
     eql: ({ c0, c1 }: Fp2, { c0: r0, c1: r1 }: Fp2) => Fp.eql(c0, r0) && Fp.eql(c1, r1),
     neg: ({ c0, c1 }) => ({ c0: Fp.neg(c0), c1: Fp.neg(c1) }),
     pow: (num, power) => mod.FpPow(Fp2, num, power),
@@ -361,15 +348,6 @@ export function tower12(opts: Tower12Opts): {
       c2: Fp2.sub(Fp2.sub(Fp2.add(Fp2.add(t1, Fp2.sqr(Fp2.add(Fp2.sub(c0, c1), c2))), t3), t0), t4),
     };
   };
-  type Fp6Utils = {
-    fromBigSix: (tuple: BigintSix) => Fp6;
-    mulByNonresidue: (num: Fp6) => Fp6;
-    frobeniusMap(num: Fp6, power: number): Fp6;
-    mul1(num: Fp6, b1: Fp2): Fp6;
-    mul01(num: Fp6, b0: Fp2, b1: Fp2): Fp6;
-    mulByFp2(lhs: Fp6, rhs: Fp2): Fp6;
-  };
-
   const [FP6_FROBENIUS_COEFFICIENTS_1, FP6_FROBENIUS_COEFFICIENTS_2] = calcFrobeniusCoefficients(
     Fp2,
     Fp2Nonresidue,
@@ -379,7 +357,7 @@ export function tower12(opts: Tower12Opts): {
     3
   );
 
-  const Fp6: mod.IField<Fp6> & Fp6Utils = {
+  const Fp6: Fp6Bls = {
     ORDER: Fp2.ORDER, // TODO: unused, but need to verify
     isLE: Fp2.isLE,
     BITS: 3 * Fp2.BITS,
@@ -390,6 +368,7 @@ export function tower12(opts: Tower12Opts): {
     create: (num) => num,
     isValid: ({ c0, c1, c2 }) => Fp2.isValid(c0) && Fp2.isValid(c1) && Fp2.isValid(c2),
     is0: ({ c0, c1, c2 }) => Fp2.is0(c0) && Fp2.is0(c1) && Fp2.is0(c2),
+    isValidNot0: (num) => !Fp6.is0(num) && Fp6.isValid(num),
     neg: ({ c0, c1, c2 }) => ({ c0: Fp2.neg(c0), c1: Fp2.neg(c1), c2: Fp2.neg(c2) }),
     eql: ({ c0, c1, c2 }, { c0: r0, c1: r1, c2: r2 }) =>
       Fp2.eql(c0, r0) && Fp2.eql(c1, r1) && Fp2.eql(c2, r2),
@@ -439,9 +418,9 @@ export function tower12(opts: Tower12Opts): {
     fromBigSix: (t: BigintSix): Fp6 => {
       if (!Array.isArray(t) || t.length !== 6) throw new Error('invalid Fp6 usage');
       return {
-        c0: Fp2.fromBigTuple(t.slice(0, 2)),
-        c1: Fp2.fromBigTuple(t.slice(2, 4)),
-        c2: Fp2.fromBigTuple(t.slice(4, 6)),
+        c0: Fp2.fromBigTuple(t.slice(0, 2) as BigintTuple),
+        c1: Fp2.fromBigTuple(t.slice(2, 4) as BigintTuple),
+        c2: Fp2.fromBigTuple(t.slice(4, 6) as BigintTuple),
       };
     },
     frobeniusMap: ({ c0, c1, c2 }, power: number) => ({
@@ -524,19 +503,8 @@ export function tower12(opts: Tower12Opts): {
       second: Fp2.sub(Fp2.sub(Fp2.sqr(Fp2.add(a, b)), a2), b2), // (a + b)² - a² - b²
     };
   }
-  type Fp12Utils = {
-    fromBigTwelve: (t: BigintTwelve) => Fp12;
-    frobeniusMap(num: Fp12, power: number): Fp12;
-    mul014(num: Fp12, o0: Fp2, o1: Fp2, o4: Fp2): Fp12;
-    mul034(num: Fp12, o0: Fp2, o3: Fp2, o4: Fp2): Fp12;
-    mulByFp2(lhs: Fp12, rhs: Fp2): Fp12;
-    conjugate(num: Fp12): Fp12;
-    finalExponentiate(num: Fp12): Fp12;
-    _cyclotomicSquare(num: Fp12): Fp12;
-    _cyclotomicExp(num: Fp12, n: bigint): Fp12;
-  };
 
-  const Fp12: mod.IField<Fp12> & Fp12Utils = {
+  const Fp12: Fp12Bls = {
     ORDER: Fp2.ORDER, // TODO: unused, but need to verify
     isLE: Fp6.isLE,
     BITS: 2 * Fp6.BITS,
@@ -547,6 +515,7 @@ export function tower12(opts: Tower12Opts): {
     create: (num) => num,
     isValid: ({ c0, c1 }) => Fp6.isValid(c0) && Fp6.isValid(c1),
     is0: ({ c0, c1 }) => Fp6.is0(c0) && Fp6.is0(c1),
+    isValidNot0: (num) => !Fp12.is0(num) && Fp12.isValid(num),
     neg: ({ c0, c1 }) => ({ c0: Fp6.neg(c0), c1: Fp6.neg(c1) }),
     eql: ({ c0, c1 }, { c0: r0, c1: r1 }) => Fp6.eql(c0, r0) && Fp6.eql(c1, r1),
     sqrt: notImplemented,
@@ -646,5 +615,5 @@ export function tower12(opts: Tower12Opts): {
     finalExponentiate: opts.Fp12finalExponentiate,
   };
 
-  return { Fp, Fp2, Fp6, Fp4Square, Fp12 };
+  return { Fp, Fp2, Fp6, Fp12, Fp4Square };
 }

package/src/abstract/utils.ts

@@ -1,382 +1,7 @@
 /**
- * Hex, bytes and number utilities.
  * @module
  */
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+export * from '../utils.ts';
 
-// 100 lines of code in the file are duplicated from noble-hashes (utils).
-// This is OK: `abstract` directory does not use noble-hashes.
-// User may opt-in into using different hashing library. This way, noble-hashes
-// won't be included into their bundle.
-const _0n = /* @__PURE__ */ BigInt(0);
-const _1n = /* @__PURE__ */ BigInt(1);
-export type Hex = Uint8Array | string; // hex strings are accepted for simplicity
-export type PrivKey = Hex | bigint; // bigints are accepted to ease learning curve
-export type CHash = {
-  (message: Uint8Array | string): Uint8Array;
-  blockLen: number;
-  outputLen: number;
-  create(opts?: { dkLen?: number }): any; // For shake
-};
-export type FHash = (message: Uint8Array | string) => Uint8Array;
-
-export function isBytes(a: unknown): a is Uint8Array {
-  return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
-}
-
-export function abytes(item: unknown): void {
-  if (!isBytes(item)) throw new Error('Uint8Array expected');
-}
-
-export function abool(title: string, value: boolean): void {
-  if (typeof value !== 'boolean') throw new Error(title + ' boolean expected, got ' + value);
-}
-
-// Used in weierstrass, der
-export function numberToHexUnpadded(num: number | bigint): string {
-  const hex = num.toString(16);
-  return hex.length & 1 ? '0' + hex : hex;
-}
-
-export function hexToNumber(hex: string): bigint {
-  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);
-  return hex === '' ? _0n : BigInt('0x' + hex); // Big Endian
-}
-
-// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex
-const hasHexBuiltin: boolean =
-  // @ts-ignore
-  typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function';
-
-// Array where index 0xf0 (240) is mapped to string 'f0'
-const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) =>
-  i.toString(16).padStart(2, '0')
-);
-
-/**
- * Convert byte array to hex string. Uses built-in function, when available.
- * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
- */
-export function bytesToHex(bytes: Uint8Array): string {
-  abytes(bytes);
-  // @ts-ignore
-  if (hasHexBuiltin) return bytes.toHex();
-  // pre-caching improves the speed 6x
-  let hex = '';
-  for (let i = 0; i < bytes.length; i++) {
-    hex += hexes[bytes[i]];
-  }
-  return hex;
-}
-
-// We use optimized technique to convert hex string to byte array
-const asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 } as const;
-function asciiToBase16(ch: number): number | undefined {
-  if (ch >= asciis._0 && ch <= asciis._9) return ch - asciis._0; // '2' => 50-48
-  if (ch >= asciis.A && ch <= asciis.F) return ch - (asciis.A - 10); // 'B' => 66-(65-10)
-  if (ch >= asciis.a && ch <= asciis.f) return ch - (asciis.a - 10); // 'b' => 98-(97-10)
-  return;
-}
-
-/**
- * Convert hex string to byte array. Uses built-in function, when available.
- * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])
- */
-export function hexToBytes(hex: string): Uint8Array {
-  if (typeof hex !== 'string') throw new Error('hex string expected, got ' + typeof hex);
-  // @ts-ignore
-  if (hasHexBuiltin) return Uint8Array.fromHex(hex);
-  const hl = hex.length;
-  const al = hl / 2;
-  if (hl % 2) throw new Error('hex string expected, got unpadded hex of length ' + hl);
-  const array = new Uint8Array(al);
-  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
-    const n1 = asciiToBase16(hex.charCodeAt(hi));
-    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
-    if (n1 === undefined || n2 === undefined) {
-      const char = hex[hi] + hex[hi + 1];
-      throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
-    }
-    array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163
-  }
-  return array;
-}
-
-// BE: Big Endian, LE: Little Endian
-export function bytesToNumberBE(bytes: Uint8Array): bigint {
-  return hexToNumber(bytesToHex(bytes));
-}
-export function bytesToNumberLE(bytes: Uint8Array): bigint {
-  abytes(bytes);
-  return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
-}
-
-export function numberToBytesBE(n: number | bigint, len: number): Uint8Array {
-  return hexToBytes(n.toString(16).padStart(len * 2, '0'));
-}
-export function numberToBytesLE(n: number | bigint, len: number): Uint8Array {
-  return numberToBytesBE(n, len).reverse();
-}
-// Unpadded, rarely used
-export function numberToVarBytesBE(n: number | bigint): Uint8Array {
-  return hexToBytes(numberToHexUnpadded(n));
-}
-
-/**
- * Takes hex string or Uint8Array, converts to Uint8Array.
- * Validates output length.
- * Will throw error for other types.
- * @param title descriptive title for an error e.g. 'private key'
- * @param hex hex string or Uint8Array
- * @param expectedLength optional, will compare to result array's length
- * @returns
- */
-export function ensureBytes(title: string, hex: Hex, expectedLength?: number): Uint8Array {
-  let res: Uint8Array;
-  if (typeof hex === 'string') {
-    try {
-      res = hexToBytes(hex);
-    } catch (e) {
-      throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);
-    }
-  } else if (isBytes(hex)) {
-    // Uint8Array.from() instead of hash.slice() because node.js Buffer
-    // is instance of Uint8Array, and its slice() creates **mutable** copy
-    res = Uint8Array.from(hex);
-  } else {
-    throw new Error(title + ' must be hex string or Uint8Array');
-  }
-  const len = res.length;
-  if (typeof expectedLength === 'number' && len !== expectedLength)
-    throw new Error(title + ' of length ' + expectedLength + ' expected, got ' + len);
-  return res;
-}
-
-/**
- * Copies several Uint8Arrays into one.
- */
-export function concatBytes(...arrays: Uint8Array[]): Uint8Array {
-  let sum = 0;
-  for (let i = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    abytes(a);
-    sum += a.length;
-  }
-  const res = new Uint8Array(sum);
-  for (let i = 0, pad = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    res.set(a, pad);
-    pad += a.length;
-  }
-  return res;
-}
-
-// Compares 2 u8a-s in kinda constant time
-export function equalBytes(a: Uint8Array, b: Uint8Array): boolean {
-  if (a.length !== b.length) return false;
-  let diff = 0;
-  for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
-  return diff === 0;
-}
-
-// Global symbols in both browsers and Node.js since v11
-// See https://github.com/microsoft/TypeScript/issues/31535
-declare const TextEncoder: any;
-
-/**
- * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
- */
-export function utf8ToBytes(str: string): Uint8Array {
-  if (typeof str !== 'string') throw new Error('string expected');
-  return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
-}
-
-// Is positive bigint
-const isPosBig = (n: bigint) => typeof n === 'bigint' && _0n <= n;
-
-export function inRange(n: bigint, min: bigint, max: bigint): boolean {
-  return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
-}
-
-/**
- * Asserts min <= n < max. NOTE: It's < max and not <= max.
- * @example
- * aInRange('x', x, 1n, 256n); // would assume x is in (1n..255n)
- */
-export function aInRange(title: string, n: bigint, min: bigint, max: bigint): void {
-  // Why min <= n < max and not a (min < n < max) OR b (min <= n <= max)?
-  // consider P=256n, min=0n, max=P
-  // - a for min=0 would require -1:          `inRange('x', x, -1n, P)`
-  // - b would commonly require subtraction:  `inRange('x', x, 0n, P - 1n)`
-  // - our way is the cleanest:               `inRange('x', x, 0n, P)
-  if (!inRange(n, min, max))
-    throw new Error('expected valid ' + title + ': ' + min + ' <= n < ' + max + ', got ' + n);
-}
-
-// Bit operations
-
-/**
- * Calculates amount of bits in a bigint.
- * Same as `n.toString(2).length`
- * TODO: merge with nLength in modular
- */
-export function bitLen(n: bigint): number {
-  let len;
-  for (len = 0; n > _0n; n >>= _1n, len += 1);
-  return len;
-}
-
-/**
- * Gets single bit at position.
- * NOTE: first bit position is 0 (same as arrays)
- * Same as `!!+Array.from(n.toString(2)).reverse()[pos]`
- */
-export function bitGet(n: bigint, pos: number): bigint {
-  return (n >> BigInt(pos)) & _1n;
-}
-
-/**
- * Sets single bit at position.
- */
-export function bitSet(n: bigint, pos: number, value: boolean): bigint {
-  return n | ((value ? _1n : _0n) << BigInt(pos));
-}
-
-/**
- * Calculate mask for N bits. Not using ** operator with bigints because of old engines.
- * Same as BigInt(`0b${Array(i).fill('1').join('')}`)
- */
-export const bitMask = (n: number): bigint => (_1n << BigInt(n)) - _1n;
-
-// DRBG
-
-const u8n = (len: number) => new Uint8Array(len); // creates Uint8Array
-const u8fr = (arr: ArrayLike<number>) => Uint8Array.from(arr); // another shortcut
-type Pred<T> = (v: Uint8Array) => T | undefined;
-/**
- * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
- * @returns function that will call DRBG until 2nd arg returns something meaningful
- * @example
- *   const drbg = createHmacDRBG<Key>(32, 32, hmac);
- *   drbg(seed, bytesToKey); // bytesToKey must return Key or undefined
- */
-export function createHmacDrbg<T>(
-  hashLen: number,
-  qByteLen: number,
-  hmacFn: (key: Uint8Array, ...messages: Uint8Array[]) => Uint8Array
-): (seed: Uint8Array, predicate: Pred<T>) => T {
-  if (typeof hashLen !== 'number' || hashLen < 2) throw new Error('hashLen must be a number');
-  if (typeof qByteLen !== 'number' || qByteLen < 2) throw new Error('qByteLen must be a number');
-  if (typeof hmacFn !== 'function') throw new Error('hmacFn must be a function');
-  // Step B, Step C: set hashLen to 8*ceil(hlen/8)
-  let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
-  let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same
-  let i = 0; // Iterations counter, will throw when over 1000
-  const reset = () => {
-    v.fill(1);
-    k.fill(0);
-    i = 0;
-  };
-  const h = (...b: Uint8Array[]) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)
-  const reseed = (seed = u8n(0)) => {
-    // HMAC-DRBG reseed() function. Steps D-G
-    k = h(u8fr([0x00]), seed); // k = hmac(k || v || 0x00 || seed)
-    v = h(); // v = hmac(k || v)
-    if (seed.length === 0) return;
-    k = h(u8fr([0x01]), seed); // k = hmac(k || v || 0x01 || seed)
-    v = h(); // v = hmac(k || v)
-  };
-  const gen = () => {
-    // HMAC-DRBG generate() function
-    if (i++ >= 1000) throw new Error('drbg: tried 1000 values');
-    let len = 0;
-    const out: Uint8Array[] = [];
-    while (len < qByteLen) {
-      v = h();
-      const sl = v.slice();
-      out.push(sl);
-      len += v.length;
-    }
-    return concatBytes(...out);
-  };
-  const genUntil = (seed: Uint8Array, pred: Pred<T>): T => {
-    reset();
-    reseed(seed); // Steps D-G
-    let res: T | undefined = undefined; // Step H: grind until k is in [1..n-1]
-    while (!(res = pred(gen()))) reseed();
-    reset();
-    return res;
-  };
-  return genUntil;
-}
-
-// Validating curves and fields
-
-const validatorFns = {
-  bigint: (val: any): boolean => typeof val === 'bigint',
-  function: (val: any): boolean => typeof val === 'function',
-  boolean: (val: any): boolean => typeof val === 'boolean',
-  string: (val: any): boolean => typeof val === 'string',
-  stringOrUint8Array: (val: any): boolean => typeof val === 'string' || isBytes(val),
-  isSafeInteger: (val: any): boolean => Number.isSafeInteger(val),
-  array: (val: any): boolean => Array.isArray(val),
-  field: (val: any, object: any): any => (object as any).Fp.isValid(val),
-  hash: (val: any): boolean => typeof val === 'function' && Number.isSafeInteger(val.outputLen),
-} as const;
-type Validator = keyof typeof validatorFns;
-type ValMap<T extends Record<string, any>> = { [K in keyof T]?: Validator };
-// type Record<K extends string | number | symbol, T> = { [P in K]: T; }
-
-export function validateObject<T extends Record<string, any>>(
-  object: T,
-  validators: ValMap<T>,
-  optValidators: ValMap<T> = {}
-): T {
-  const checkField = (fieldName: keyof T, type: Validator, isOptional: boolean) => {
-    const checkVal = validatorFns[type];
-    if (typeof checkVal !== 'function') throw new Error('invalid validator function');
-
-    const val = object[fieldName as keyof typeof object];
-    if (isOptional && val === undefined) return;
-    if (!checkVal(val, object)) {
-      throw new Error(
-        'param ' + String(fieldName) + ' is invalid. Expected ' + type + ', got ' + val
-      );
-    }
-  };
-  for (const [fieldName, type] of Object.entries(validators)) checkField(fieldName, type!, false);
-  for (const [fieldName, type] of Object.entries(optValidators)) checkField(fieldName, type!, true);
-  return object;
-}
-// validate type tests
-// const o: { a: number; b: number; c: number } = { a: 1, b: 5, c: 6 };
-// const z0 = validateObject(o, { a: 'isSafeInteger' }, { c: 'bigint' }); // Ok!
-// // Should fail type-check
-// const z1 = validateObject(o, { a: 'tmp' }, { c: 'zz' });
-// const z2 = validateObject(o, { a: 'isSafeInteger' }, { c: 'zz' });
-// const z3 = validateObject(o, { test: 'boolean', z: 'bug' });
-// const z4 = validateObject(o, { a: 'boolean', z: 'bug' });
-
-/**
- * throws not implemented error
- */
-export const notImplemented = (): never => {
-  throw new Error('not implemented');
-};
-
-/**
- * Memoizes (caches) computation result.
- * Uses WeakMap: the value is going auto-cleaned by GC after last reference is removed.
- */
-export function memoized<T extends object, R, O extends any[]>(
-  fn: (arg: T, ...args: O) => R
-): (arg: T, ...args: O) => R {
-  const map = new WeakMap<T, R>();
-  return (arg: T, ...args: O): R => {
-    const val = map.get(arg);
-    if (val !== undefined) return val;
-    const computed = fn(arg, ...args);
-    map.set(arg, computed);
-    return computed;
-  };
-}
+// TODO
+// @deprecated use `@noble/curves/utils.js`