@noble/curves 1.9.1 → 1.9.2

package/src/ed448.ts

@@ -7,17 +7,29 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { shake256 } from '@noble/hashes/sha3';
-import { concatBytes, randomBytes, utf8ToBytes, wrapConstructor } from '@noble/hashes/utils';
+import { shake256 } from '@noble/hashes/sha3.js';
+import {
+  abytes,
+  concatBytes,
+  utf8ToBytes,
+  createHasher as wrapConstructor,
+} from '@noble/hashes/utils.js';
 import type { AffinePoint, Group } from './abstract/curve.ts';
 import { pippenger } from './abstract/curve.ts';
-import { type CurveFn, type ExtPointType, twistedEdwards } from './abstract/edwards.ts';
+import {
+  type CurveFn,
+  edwards,
+  type EdwardsOpts,
+  type ExtPointConstructor,
+  type ExtPointType,
+  twistedEdwards,
+} from './abstract/edwards.ts';
 import {
   createHasher,
   expand_message_xof,
-  type Hasher,
+  type H2CHasher,
+  type H2CMethod,
   type htfBasicOpts,
-  type HTFMethod,
 } from './abstract/hash-to-curve.ts';
 import { Field, FpInvertBatch, isNegativeLE, mod, pow2 } from './abstract/modular.ts';
 import { montgomery, type CurveFn as XCurveFn } from './abstract/montgomery.ts';
@@ -28,13 +40,53 @@ import {
   equalBytes,
   type Hex,
   numberToBytesLE,
-} from './abstract/utils.ts';
+} from './utils.ts';
+
+// a = 1n
+// d = Fp.neg(39081n)
+// Finite field 2n**448n - 2n**224n - 1n
+// Subgroup order
+// 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n
+const ed448_CURVE: EdwardsOpts = {
+  p: BigInt(
+    '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
+  ),
+  n: BigInt(
+    '0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3'
+  ),
+  h: BigInt(4),
+  a: BigInt(1),
+  d: BigInt(
+    '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffff6756'
+  ),
+  Gx: BigInt(
+    '0x4f1970c66bed0ded221d15a622bf36da9e146570470f1767ea6de324a3d3a46412ae1af72ab66511433b80e18b00938e2626a82bc70cc05e'
+  ),
+  Gy: BigInt(
+    '0x693f46716eb6bc248876203756c9c7624bea73736ca3984087789c1e05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14'
+  ),
+};
+
+// E448 != Edwards448 used in ed448
+// E448 is defined by NIST
+// It's birationally equivalent to edwards448
+// d = 39082/39081
+// Gx = 3/2
+const E448_CURVE: EdwardsOpts = Object.assign({}, ed448_CURVE, {
+  d: BigInt(
+    '0xd78b4bdc7f0daf19f24f38c29373a2ccad46157242a50f37809b1da3412a12e79ccc9c81264cfe9ad080997058fb61c4243cc32dbaa156b9'
+  ),
+  Gx: BigInt(
+    '0x79a70b2b70400553ae7c9df416c792c61128751ac92969240c25a07d728bdc93e21f7787ed6972249de732f38496cd11698713093e9c04fc'
+  ),
+  Gy: BigInt(
+    '0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000000000000000000000000000000000000000000000000001'
+  ),
+});
+export const E448: ExtPointConstructor = edwards(E448_CURVE);
 
 const shake256_114 = /* @__PURE__ */ wrapConstructor(() => shake256.create({ dkLen: 114 }));
 const shake256_64 = /* @__PURE__ */ wrapConstructor(() => shake256.create({ dkLen: 64 }));
-const ed448P = BigInt(
-  '726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018365439'
-);
 
 // prettier-ignore
 const _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);
@@ -45,7 +97,7 @@ const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(22
 // Used for efficient square root calculation.
 // ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]
 function ed448_pow_Pminus3div4(x: bigint): bigint {
-  const P = ed448P;
+  const P = ed448_CURVE.p;
   const b2 = (x * x * x) % P;
   const b3 = (b2 * b2 * x) % P;
   const b6 = (pow2(b3, _3n, P) * b3) % P;
@@ -75,7 +127,7 @@ function adjustScalarBytes(bytes: Uint8Array): Uint8Array {
 // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.
 // Uses algo from RFC8032 5.1.3.
 function uvRatio(u: bigint, v: bigint): { isValid: boolean; value: bigint } {
-  const P = ed448P;
+  const P = ed448_CURVE.p;
   // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3
   // To compute the square root of (u/v), the first step is to compute the
   //   candidate root x = (u/v)^((p+1)/4).  This can be done using the
@@ -95,48 +147,27 @@ function uvRatio(u: bigint, v: bigint): { isValid: boolean; value: bigint } {
 }
 
 // Finite field 2n**448n - 2n**224n - 1n
-const Fp = /* @__PURE__ */ (() => Field(ed448P, 456, true))();
-
-const ED448_DEF = /* @__PURE__ */ (() =>
-  ({
-    // Param: a
-    a: BigInt(1),
-    // -39081 a.k.a. Fp.neg(39081)
-    d: BigInt(
-      '726838724295606890549323807888004534353641360687318060281490199180612328166730772686396383698676545930088884461843637361053498018326358'
-    ),
-    // Finite field 2n**448n - 2n**224n - 1n
-    Fp,
-    // Subgroup order
-    // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n
-    n: BigInt(
-      '181709681073901722637330951972001133588410340171829515070372549795146003961539585716195755291692375963310293709091662304773755859649779'
-    ),
-    // RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys
-    nBitLength: 456,
-    h: BigInt(4),
-    Gx: BigInt(
-      '224580040295924300187604334099896036246789641632564134246125461686950415467406032909029192869357953282578032075146446173674602635247710'
-    ),
-    Gy: BigInt(
-      '298819210078481492676017930443930673437544040154080242095928241372331506189835876003536878655418784733982303233503462500531545062832660'
-    ),
-    // SHAKE256(dom4(phflag,context)||x, 114)
-    hash: shake256_114,
-    randomBytes,
-    adjustScalarBytes,
-    // dom4
-    domain: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => {
-      if (ctx.length > 255) throw new Error('context must be smaller than 255, got: ' + ctx.length);
-      return concatBytes(
-        utf8ToBytes('SigEd448'),
-        new Uint8Array([phflag ? 1 : 0, ctx.length]),
-        ctx,
-        data
-      );
-    },
-    uvRatio,
-  }) as const)();
+const Fp = /* @__PURE__ */ (() => Field(ed448_CURVE.p, 456, true))();
+// RFC 7748 has 56-byte keys, RFC 8032 has 57-byte keys
+// SHAKE256(dom4(phflag,context)||x, 114)
+const ED448_DEF = /* @__PURE__ */ (() => ({
+  ...ed448_CURVE,
+  Fp,
+  nBitLength: 456,
+  hash: shake256_114,
+  adjustScalarBytes,
+  // dom4
+  domain: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => {
+    if (ctx.length > 255) throw new Error('context must be smaller than 255, got: ' + ctx.length);
+    return concatBytes(
+      utf8ToBytes('SigEd448'),
+      new Uint8Array([phflag ? 1 : 0, ctx.length]),
+      ctx,
+      data
+    );
+  },
+  uvRatio,
+}))();
 
 /**
  * ed448 EdDSA curve and methods.
@@ -161,19 +192,19 @@ export const ed448ph: CurveFn = /* @__PURE__ */ (() =>
  * x448 has 56-byte keys as per RFC 7748, while
  * ed448 has 57-byte keys as per RFC 8032.
  */
-export const x448: XCurveFn = /* @__PURE__ */ (() =>
-  montgomery({
-    P: ed448P,
+export const x448: XCurveFn = /* @__PURE__ */ (() => {
+  const P = ed448_CURVE.p;
+  return montgomery({
+    P,
     type: 'x448',
     powPminus2: (x: bigint): bigint => {
-      const P = ed448P;
       const Pminus3div4 = ed448_pow_Pminus3div4(x);
       const Pminus3 = pow2(Pminus3div4, _2n, P);
       return mod(Pminus3 * x, P); // Pminus3 * x = Pminus2
     },
     adjustScalarBytes,
-    randomBytes,
-  }))();
+  });
+})();
 
 /**
  * Converts edwards448 public key to x448 public key. Uses formula:
@@ -184,7 +215,8 @@ export const x448: XCurveFn = /* @__PURE__ */ (() =>
  *   x448.getSharedSecret(edwardsToMontgomery(aPub), edwardsToMontgomery(someonesPub))
  */
 export function edwardsToMontgomeryPub(edwardsPub: string | Uint8Array): Uint8Array {
-  const { y } = ed448.ExtendedPoint.fromHex(edwardsPub);
+  const bpub = ensureBytes('pub', edwardsPub);
+  const { y } = ed448.Point.fromHex(bpub);
   const _1n = BigInt(1);
   return Fp.toBytes(Fp.create((y - _1n) * Fp.inv(y + _1n)));
 }
@@ -269,22 +301,18 @@ function map_to_curve_elligator2_edwards448(u: bigint) {
   return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)
 }
 
-export const ed448_hasher: Hasher<bigint> = /* @__PURE__ */ (() =>
-  createHasher(
-    ed448.ExtendedPoint,
-    (scalars: bigint[]) => map_to_curve_elligator2_edwards448(scalars[0]),
-    {
-      DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',
-      encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',
-      p: Fp.ORDER,
-      m: 1,
-      k: 224,
-      expand: 'xof',
-      hash: shake256,
-    }
-  ))();
-export const hashToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => ed448_hasher.hashToCurve)();
-export const encodeToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() =>
+export const ed448_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() =>
+  createHasher(ed448.Point, (scalars: bigint[]) => map_to_curve_elligator2_edwards448(scalars[0]), {
+    DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',
+    encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',
+    p: Fp.ORDER,
+    m: 1,
+    k: 224,
+    expand: 'xof',
+    hash: shake256,
+  }))();
+export const hashToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => ed448_hasher.hashToCurve)();
+export const encodeToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() =>
   ed448_hasher.encodeToCurve)();
 
 function adecafp(other: unknown) {
@@ -309,8 +337,7 @@ const invertSqrt = (number: bigint) => uvRatio(_1n, number);
 const MAX_448B = /* @__PURE__ */ BigInt(
   '0xffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
 );
-const bytes448ToNumberLE = (bytes: Uint8Array) =>
-  ed448.CURVE.Fp.create(bytesToNumberLE(bytes) & MAX_448B);
+const bytes448ToNumberLE = (bytes: Uint8Array) => Fp.create(bytesToNumberLE(bytes) & MAX_448B);
 
 type ExtendedPoint = ExtPointType;
 
@@ -321,8 +348,8 @@ type ExtendedPoint = ExtPointType;
  */
 function calcElligatorDecafMap(r0: bigint): ExtendedPoint {
   const { d } = ed448.CURVE;
-  const P = ed448.CURVE.Fp.ORDER;
-  const mod = ed448.CURVE.Fp.create;
+  const P = Fp.ORDER;
+  const mod = Fp.create;
 
   const r = mod(-(r0 * r0)); // 1
   const u0 = mod(d * (r - _1n)); // 2
@@ -345,7 +372,7 @@ function calcElligatorDecafMap(r0: bigint): ExtendedPoint {
   const W1 = mod(s2 + _1n); // 9
   const W2 = mod(s2 - _1n); // 10
   const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11
-  return new ed448.ExtendedPoint(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
+  return new ed448.Point(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
 }
 
 /**
@@ -366,7 +393,7 @@ class DcfPoint implements Group<DcfPoint> {
   }
 
   static fromAffine(ap: AffinePoint<bigint>): DcfPoint {
-    return new DcfPoint(ed448.ExtendedPoint.fromAffine(ap));
+    return new DcfPoint(ed448.Point.fromAffine(ap));
   }
 
   /**
@@ -386,6 +413,11 @@ class DcfPoint implements Group<DcfPoint> {
     return new DcfPoint(R1.add(R2));
   }
 
+  static fromBytes(bytes: Uint8Array): DcfPoint {
+    abytes(bytes);
+    return this.fromHex(bytes);
+  }
+
   /**
    * Converts decaf-encoded string to decaf point.
    * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-decode-2).
@@ -394,8 +426,8 @@ class DcfPoint implements Group<DcfPoint> {
   static fromHex(hex: Hex): DcfPoint {
     hex = ensureBytes('decafHex', hex, 56);
     const { d } = ed448.CURVE;
-    const P = ed448.CURVE.Fp.ORDER;
-    const mod = ed448.CURVE.Fp.create;
+    const P = Fp.ORDER;
+    const mod = Fp.create;
     const emsg = 'DecafPoint.fromHex: the hex is not valid encoding of DecafPoint';
     const s = bytes448ToNumberLE(hex);
 
@@ -418,7 +450,7 @@ class DcfPoint implements Group<DcfPoint> {
     const t = mod(x * y); // 8
 
     if (!isValid) throw new Error(emsg);
-    return new DcfPoint(new ed448.ExtendedPoint(x, y, _1n, t));
+    return new DcfPoint(new ed448.Point(x, y, _1n, t));
   }
 
   static msm(points: DcfPoint[], scalars: bigint[]): DcfPoint {
@@ -430,10 +462,10 @@ class DcfPoint implements Group<DcfPoint> {
    * Encodes decaf point to Uint8Array.
    * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-encode-2).
    */
-  toRawBytes(): Uint8Array {
+  toBytes(): Uint8Array {
     let { ex: x, ey: _y, ez: z, et: t } = this.ep;
-    const P = ed448.CURVE.Fp.ORDER;
-    const mod = ed448.CURVE.Fp.create;
+    const P = Fp.ORDER;
+    const mod = Fp.create;
 
     const u1 = mod(mod(x + t) * mod(x - t)); // 1
     const x2 = mod(x * x);
@@ -450,8 +482,13 @@ class DcfPoint implements Group<DcfPoint> {
     return numberToBytesLE(s, 56);
   }
 
+  /** @deprecated use `toBytes` */
+  toRawBytes(): Uint8Array {
+    return this.toBytes();
+  }
+
   toHex(): string {
-    return bytesToHex(this.toRawBytes());
+    return bytesToHex(this.toBytes());
   }
 
   toString(): string {
@@ -466,7 +503,7 @@ class DcfPoint implements Group<DcfPoint> {
     adecafp(other);
     const { ex: X1, ey: Y1 } = this.ep;
     const { ex: X2, ey: Y2 } = other.ep;
-    const mod = ed448.CURVE.Fp.create;
+    const mod = Fp.create;
     // (x1 * y2 == y1 * x2)
     return mod(X1 * Y2) === mod(Y1 * X2);
   }
@@ -505,8 +542,8 @@ class DcfPoint implements Group<DcfPoint> {
 export const DecafPoint: typeof DcfPoint = /* @__PURE__ */ (() => {
   // decaf448 base point is ed448 base x 2
   // https://github.com/dalek-cryptography/curve25519-dalek/blob/59837c6ecff02b77b9d5ff84dbc239d0cf33ef90/vendor/ristretto.sage#L699
-  if (!DcfPoint.BASE) DcfPoint.BASE = new DcfPoint(ed448.ExtendedPoint.BASE).multiply(_2n);
-  if (!DcfPoint.ZERO) DcfPoint.ZERO = new DcfPoint(ed448.ExtendedPoint.ZERO);
+  if (!DcfPoint.BASE) DcfPoint.BASE = new DcfPoint(ed448.Point.BASE).multiply(_2n);
+  if (!DcfPoint.ZERO) DcfPoint.ZERO = new DcfPoint(ed448.Point.ZERO);
   return DcfPoint;
 })();
 

package/src/misc.ts

@@ -4,52 +4,57 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { blake256 } from '@noble/hashes/blake1';
-import { blake2s } from '@noble/hashes/blake2';
-import { sha256, sha512 } from '@noble/hashes/sha2';
-import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils';
-import { getHash } from './_shortw_utils.ts';
-import { type CurveFn, type ExtPointType, twistedEdwards } from './abstract/edwards.ts';
+import { blake256 } from '@noble/hashes/blake1.js';
+import { blake2s } from '@noble/hashes/blake2.js';
+import { sha256, sha512 } from '@noble/hashes/sha2.js';
+import { concatBytes, utf8ToBytes } from '@noble/hashes/utils.js';
+import {
+  twistedEdwards,
+  type CurveFn,
+  type EdwardsOpts,
+  type ExtPointType,
+} from './abstract/edwards.ts';
 import { Field, mod } from './abstract/modular.ts';
-import { type CurveFn as WCurveFn, weierstrass } from './abstract/weierstrass.ts';
+import { weierstrass, type CurveFn as WCurveFn } from './abstract/weierstrass.ts';
+import { bls12_381_Fr } from './bls12-381.ts';
+import { bn254_Fr } from './bn254.ts';
 
 // Jubjub curves have 𝔽p over scalar fields of other curves. They are friendly to ZK proofs.
 // jubjub Fp = bls n. babyjubjub Fp = bn254 n.
 // verify manually, check bls12-381.ts and bn254.ts.
 // https://neuromancer.sk/std/other/JubJub
 
-const bls12_381_Fr = Field(
-  BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')
-);
-const bn254_Fr = Field(
-  BigInt('21888242871839275222246405745257275088548364400416034343698204186575808495617')
-);
-
-/** Curve over scalar field of bls12-381. jubjub Fp = bls n */
-export const jubjub: CurveFn = /* @__PURE__ */ twistedEdwards({
-  a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
-  d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
-  Fp: bls12_381_Fr,
+const jubjub_CURVE: EdwardsOpts = {
+  p: bls12_381_Fr.ORDER,
   n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
   h: BigInt(8),
+  a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
+  d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
   Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
   Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
+};
+/** Curve over scalar field of bls12-381. jubjub Fp = bls n */
+export const jubjub: CurveFn = /* @__PURE__ */ twistedEdwards({
+  ...jubjub_CURVE,
+  Fp: bls12_381_Fr,
   hash: sha512,
-  randomBytes,
-} as const);
+});
 
+const babyjubjub_CURVE: EdwardsOpts = {
+  p: bn254_Fr.ORDER,
+  n: BigInt('0x30644e72e131a029b85045b68181585d59f76dc1c90770533b94bee1c9093788'),
+  h: BigInt(8),
+  a: BigInt('168700'),
+  d: BigInt('168696'),
+  Gx: BigInt('0x23343e3445b673d38bcba38f25645adb494b1255b1162bb40f41a59f4d4b45e'),
+  Gy: BigInt('0xc19139cb84c680a6e14116da06056174a0cfa121e6e5c2450f87d64fc000001'),
+};
 /** Curve over scalar field of bn254. babyjubjub Fp = bn254 n */
 export const babyjubjub: CurveFn = /* @__PURE__ */ twistedEdwards({
-  a: BigInt(168700),
-  d: BigInt(168696),
+  ...babyjubjub_CURVE,
   Fp: bn254_Fr,
-  n: BigInt('21888242871839275222246405745257275088614511777268538073601725287587578984328'),
-  h: BigInt(8),
-  Gx: BigInt('995203441582195749578291179787384436505546430278305826713579947235728471134'),
-  Gy: BigInt('5472060717959818805561601436314318772137091100104008585924551046643952123905'),
   hash: blake256,
-  randomBytes,
-} as const);
+});
 
 const jubjub_gh_first_block = utf8ToBytes(
   '096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0'
@@ -61,10 +66,10 @@ export function jubjub_groupHash(tag: Uint8Array, personalization: Uint8Array):
   h.update(jubjub_gh_first_block);
   h.update(tag);
   // NOTE: returns ExtendedPoint, in case it will be multiplied later
-  let p = jubjub.ExtendedPoint.fromHex(h.digest());
+  let p = jubjub.Point.fromHex(h.digest());
   // NOTE: cannot replace with isSmallOrder, returns Point*8
   p = p.multiply(jubjub.CURVE.h);
-  if (p.equals(jubjub.ExtendedPoint.ZERO)) throw new Error('Point has small order');
+  if (p.equals(jubjub.Point.ZERO)) throw new Error('Point has small order');
   return p;
 }
 
@@ -72,7 +77,7 @@ export function jubjub_groupHash(tag: Uint8Array, personalization: Uint8Array):
 // It operates over public data:
 // const G_SPEND = jubjub.findGroupHash(Uint8Array.of(), utf8ToBytes('Item_G_'));
 export function jubjub_findGroupHash(m: Uint8Array, personalization: Uint8Array): ExtPointType {
-  const tag = concatBytes(m, new Uint8Array([0]));
+  const tag = concatBytes(m, Uint8Array.of(0));
   const hashes = [];
   for (let i = 0; i < 256; i++) {
     tag[tag.length - 1] = i;
@@ -105,7 +110,7 @@ export const pallas: WCurveFn = weierstrass({
   Gx: mod(BigInt(-1), pasta_p),
   Gy: BigInt(2),
   h: BigInt(1),
-  ...getHash(sha256),
+  hash: sha256,
 });
 /**
  * https://neuromancer.sk/std/other/Vesta
@@ -119,5 +124,5 @@ export const vesta: WCurveFn = weierstrass({
   Gx: mod(BigInt(-1), pasta_q),
   Gy: BigInt(2),
   h: BigInt(1),
-  ...getHash(sha256),
+  hash: sha256,
 });