@noble/curves 1.9.1 → 1.9.3

package/src/misc.ts

@@ -4,75 +4,78 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { blake256 } from '@noble/hashes/blake1';
-import { blake2s } from '@noble/hashes/blake2';
-import { sha256, sha512 } from '@noble/hashes/sha2';
-import { concatBytes, randomBytes, utf8ToBytes } from '@noble/hashes/utils';
-import { getHash } from './_shortw_utils.ts';
-import { type CurveFn, type ExtPointType, twistedEdwards } from './abstract/edwards.ts';
+import { blake256 } from '@noble/hashes/blake1.js';
+import { blake2s } from '@noble/hashes/blake2.js';
+import { sha256, sha512 } from '@noble/hashes/sha2.js';
+import { concatBytes, utf8ToBytes } from '@noble/hashes/utils.js';
+import {
+  twistedEdwards,
+  type CurveFn,
+  type EdwardsOpts,
+  type EdwardsPoint,
+} from './abstract/edwards.ts';
 import { Field, mod } from './abstract/modular.ts';
-import { type CurveFn as WCurveFn, weierstrass } from './abstract/weierstrass.ts';
+import { weierstrass, type CurveFn as WCurveFn } from './abstract/weierstrass.ts';
+import { bls12_381_Fr } from './bls12-381.ts';
+import { bn254_Fr } from './bn254.ts';
 
 // Jubjub curves have 𝔽p over scalar fields of other curves. They are friendly to ZK proofs.
 // jubjub Fp = bls n. babyjubjub Fp = bn254 n.
 // verify manually, check bls12-381.ts and bn254.ts.
-// https://neuromancer.sk/std/other/JubJub
-
-const bls12_381_Fr = Field(
-  BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001')
-);
-const bn254_Fr = Field(
-  BigInt('21888242871839275222246405745257275088548364400416034343698204186575808495617')
-);
-
-/** Curve over scalar field of bls12-381. jubjub Fp = bls n */
-export const jubjub: CurveFn = /* @__PURE__ */ twistedEdwards({
-  a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
-  d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
-  Fp: bls12_381_Fr,
+const jubjub_CURVE: EdwardsOpts = {
+  p: bls12_381_Fr.ORDER,
   n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
   h: BigInt(8),
+  a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
+  d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
   Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
   Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
+};
+/** Curve over scalar field of bls12-381. jubjub Fp = bls n */
+export const jubjub: CurveFn = /* @__PURE__ */ twistedEdwards({
+  ...jubjub_CURVE,
+  Fp: bls12_381_Fr,
   hash: sha512,
-  randomBytes,
-} as const);
+});
 
+const babyjubjub_CURVE: EdwardsOpts = {
+  p: bn254_Fr.ORDER,
+  n: BigInt('0x30644e72e131a029b85045b68181585d59f76dc1c90770533b94bee1c9093788'),
+  h: BigInt(8),
+  a: BigInt('168700'),
+  d: BigInt('168696'),
+  Gx: BigInt('0x23343e3445b673d38bcba38f25645adb494b1255b1162bb40f41a59f4d4b45e'),
+  Gy: BigInt('0xc19139cb84c680a6e14116da06056174a0cfa121e6e5c2450f87d64fc000001'),
+};
 /** Curve over scalar field of bn254. babyjubjub Fp = bn254 n */
 export const babyjubjub: CurveFn = /* @__PURE__ */ twistedEdwards({
-  a: BigInt(168700),
-  d: BigInt(168696),
+  ...babyjubjub_CURVE,
   Fp: bn254_Fr,
-  n: BigInt('21888242871839275222246405745257275088614511777268538073601725287587578984328'),
-  h: BigInt(8),
-  Gx: BigInt('995203441582195749578291179787384436505546430278305826713579947235728471134'),
-  Gy: BigInt('5472060717959818805561601436314318772137091100104008585924551046643952123905'),
   hash: blake256,
-  randomBytes,
-} as const);
+});
 
 const jubjub_gh_first_block = utf8ToBytes(
   '096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0'
 );
 
 // Returns point at JubJub curve which is prime order and not zero
-export function jubjub_groupHash(tag: Uint8Array, personalization: Uint8Array): ExtPointType {
+export function jubjub_groupHash(tag: Uint8Array, personalization: Uint8Array): EdwardsPoint {
   const h = blake2s.create({ personalization, dkLen: 32 });
   h.update(jubjub_gh_first_block);
   h.update(tag);
   // NOTE: returns ExtendedPoint, in case it will be multiplied later
-  let p = jubjub.ExtendedPoint.fromHex(h.digest());
+  let p = jubjub.Point.fromHex(h.digest());
   // NOTE: cannot replace with isSmallOrder, returns Point*8
   p = p.multiply(jubjub.CURVE.h);
-  if (p.equals(jubjub.ExtendedPoint.ZERO)) throw new Error('Point has small order');
+  if (p.equals(jubjub.Point.ZERO)) throw new Error('Point has small order');
   return p;
 }
 
 // No secret data is leaked here at all.
 // It operates over public data:
 // const G_SPEND = jubjub.findGroupHash(Uint8Array.of(), utf8ToBytes('Item_G_'));
-export function jubjub_findGroupHash(m: Uint8Array, personalization: Uint8Array): ExtPointType {
-  const tag = concatBytes(m, new Uint8Array([0]));
+export function jubjub_findGroupHash(m: Uint8Array, personalization: Uint8Array): EdwardsPoint {
+  const tag = concatBytes(m, Uint8Array.of(0));
   const hashes = [];
   for (let i = 0; i < 256; i++) {
     tag[tag.length - 1] = i;
@@ -94,7 +97,6 @@ export const pasta_q: bigint = BigInt(
 );
 
 /**
- * https://neuromancer.sk/std/other/Pallas
  * @deprecated
  */
 export const pallas: WCurveFn = weierstrass({
@@ -105,10 +107,9 @@ export const pallas: WCurveFn = weierstrass({
   Gx: mod(BigInt(-1), pasta_p),
   Gy: BigInt(2),
   h: BigInt(1),
-  ...getHash(sha256),
+  hash: sha256,
 });
 /**
- * https://neuromancer.sk/std/other/Vesta
  * @deprecated
  */
 export const vesta: WCurveFn = weierstrass({
@@ -119,5 +120,5 @@ export const vesta: WCurveFn = weierstrass({
   Gx: mod(BigInt(-1), pasta_q),
   Gy: BigInt(2),
   h: BigInt(1),
-  ...getHash(sha256),
+  hash: sha256,
 });

package/src/nist.ts

@@ -4,152 +4,187 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { sha256, sha384, sha512 } from '@noble/hashes/sha2';
+import { sha256, sha384, sha512 } from '@noble/hashes/sha2.js';
 import { createCurve, type CurveFnWithCreate } from './_shortw_utils.ts';
-import { createHasher, type Hasher } from './abstract/hash-to-curve.ts';
+import { createHasher, type H2CHasher } from './abstract/hash-to-curve.ts';
 import { Field } from './abstract/modular.ts';
-import { mapToCurveSimpleSWU } from './abstract/weierstrass.ts';
+import {
+  mapToCurveSimpleSWU,
+  type WeierstrassOpts,
+  type WeierstrassPointCons,
+} from './abstract/weierstrass.ts';
 
-const Fp256 = Field(BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'));
-const p256_a = Fp256.create(BigInt('-3'));
-const p256_b = BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b');
-
-/**
- * secp256r1 curve, ECDSA and ECDH methods.
- * Field: `2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n-1n`
- */
-// prettier-ignore
-export const p256: CurveFnWithCreate = createCurve({
-  a: p256_a,
-  b: p256_b,
-  Fp: Fp256,
+// p = 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n - 1n
+// a = Fp256.create(BigInt('-3'));
+const p256_CURVE: WeierstrassOpts<bigint> = {
+  p: BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'),
   n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),
+  h: BigInt(1),
+  a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'),
+  b: BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'),
   Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),
   Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
-  h: BigInt(1),
-  lowS: false
-} as const, sha256);
-/** Alias to p256. */
-export const secp256r1: CurveFnWithCreate = p256;
-
-const p256_mapSWU = /* @__PURE__ */ (() =>
-  mapToCurveSimpleSWU(Fp256, {
-    A: p256_a,
-    B: p256_b,
-    Z: Fp256.create(BigInt('-10')),
-  }))();
+};
 
-/** Hashing / encoding to p256 points / field. RFC 9380 methods. */
-export const p256_hasher: Hasher<bigint> = /* @__PURE__ */ (() =>
-  createHasher(secp256r1.ProjectivePoint, (scalars: bigint[]) => p256_mapSWU(scalars[0]), {
-    DST: 'P256_XMD:SHA-256_SSWU_RO_',
-    encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
-    p: Fp256.ORDER,
-    m: 1,
-    k: 128,
-    expand: 'xmd',
-    hash: sha256,
-  }))();
-
-// Field over which we'll do calculations.
-const Fp384 = Field(
-  BigInt(
+// p = 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
+const p384_CURVE: WeierstrassOpts<bigint> = {
+  p: BigInt(
     '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'
-  )
-);
-const p384_a = Fp384.create(BigInt('-3'));
-// prettier-ignore
-const p384_b = BigInt('0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef');
-
-/**
- * secp384r1 curve, ECDSA and ECDH methods.
- * Field: `2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n`.
- * */
-// prettier-ignore
-export const p384: CurveFnWithCreate = createCurve({
-  a: p384_a,
-  b: p384_b,
-  Fp: Fp384,
-  n: BigInt('0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'),
-  Gx: BigInt('0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'),
-  Gy: BigInt('0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'),
+  ),
+  n: BigInt(
+    '0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973'
+  ),
   h: BigInt(1),
-  lowS: false
-} as const, sha384);
-/** Alias to p384. */
-export const secp384r1: CurveFnWithCreate = p384;
-
-const p384_mapSWU = /* @__PURE__ */ (() =>
-  mapToCurveSimpleSWU(Fp384, {
-    A: p384_a,
-    B: p384_b,
-    Z: Fp384.create(BigInt('-12')),
-  }))();
-
-/** Hashing / encoding to p384 points / field. RFC 9380 methods. */
-export const p384_hasher: Hasher<bigint> = /* @__PURE__ */ (() =>
-  createHasher(secp384r1.ProjectivePoint, (scalars: bigint[]) => p384_mapSWU(scalars[0]), {
-    DST: 'P384_XMD:SHA-384_SSWU_RO_',
-    encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
-    p: Fp384.ORDER,
-    m: 1,
-    k: 192,
-    expand: 'xmd',
-    hash: sha384,
-  }))();
+  a: BigInt(
+    '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc'
+  ),
+  b: BigInt(
+    '0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef'
+  ),
+  Gx: BigInt(
+    '0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7'
+  ),
+  Gy: BigInt(
+    '0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'
+  ),
+};
 
-// Field over which we'll do calculations.
-const Fp521 = Field(
-  BigInt(
+// p = 2n**521n - 1n
+const p521_CURVE: WeierstrassOpts<bigint> = {
+  p: BigInt(
     '0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
-  )
-);
-
-const p521_a = Fp521.create(BigInt('-3'));
-const p521_b = BigInt(
-  '0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'
-);
-
-/**
- * NIST secp521r1 aka p521 curve, ECDSA and ECDH methods.
- * Field: `2n**521n - 1n`.
- */
-// prettier-ignore
-export const p521: CurveFnWithCreate = createCurve({
-  a: p521_a,
-  b: p521_b,
-  Fp: Fp521,
+  ),
   n: BigInt(
     '0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409'
   ),
+  h: BigInt(1),
+  a: BigInt(
+    '0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc'
+  ),
+  b: BigInt(
+    '0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00'
+  ),
   Gx: BigInt(
     '0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66'
   ),
   Gy: BigInt(
     '0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'
   ),
-  h: BigInt(1),
-  lowS: false,
-  allowedPrivateKeyLengths: [130, 131, 132] // P521 keys are variable-length. Normalize to 132b
-} as const, sha512);
-/** Alias to p521. */
-export const secp521r1: CurveFnWithCreate = p521;
+};
 
-const p521_mapSWU = /* @__PURE__ */ (() =>
-  mapToCurveSimpleSWU(Fp521, {
-    A: p521_a,
-    B: p521_b,
-    Z: Fp521.create(BigInt('-4')),
-  }))();
+const Fp256 = Field(p256_CURVE.p);
+const Fp384 = Field(p384_CURVE.p);
+const Fp521 = Field(p521_CURVE.p);
+type SwuOpts = {
+  A: bigint;
+  B: bigint;
+  Z: bigint;
+};
+function createSWU(Point: WeierstrassPointCons<bigint>, opts: SwuOpts) {
+  const map = mapToCurveSimpleSWU(Point.Fp, opts);
+  return (scalars: bigint[]) => map(scalars[0]);
+}
+
+/** NIST P256 (aka secp256r1, prime256v1) curve, ECDSA and ECDH methods. */
+export const p256: CurveFnWithCreate = createCurve(
+  { ...p256_CURVE, Fp: Fp256, lowS: false },
+  sha256
+);
+/** Hashing / encoding to p256 points / field. RFC 9380 methods. */
+export const p256_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
+  return createHasher(
+    p256.Point,
+    createSWU(p256.Point, {
+      A: p256_CURVE.a,
+      B: p256_CURVE.b,
+      Z: p256.Point.Fp.create(BigInt('-10')),
+    }),
+    {
+      DST: 'P256_XMD:SHA-256_SSWU_RO_',
+      encodeDST: 'P256_XMD:SHA-256_SSWU_NU_',
+      p: p256_CURVE.p,
+      m: 1,
+      k: 128,
+      expand: 'xmd',
+      hash: sha256,
+    }
+  );
+})();
+
+// export const p256_oprf: OPRF = createORPF({
+//   name: 'P256-SHA256',
+//   Point: p256.Point,
+//   hash: sha256,
+//   hashToGroup: p256_hasher.hashToCurve,
+//   hashToScalar: p256_hasher.hashToScalar,
+// });
+
+/** NIST P384 (aka secp384r1) curve, ECDSA and ECDH methods. */
+export const p384: CurveFnWithCreate = createCurve(
+  { ...p384_CURVE, Fp: Fp384, lowS: false },
+  sha384
+);
+/** Hashing / encoding to p384 points / field. RFC 9380 methods. */
+export const p384_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
+  return createHasher(
+    p384.Point,
+    createSWU(p384.Point, {
+      A: p384_CURVE.a,
+      B: p384_CURVE.b,
+      Z: p384.Point.Fp.create(BigInt('-12')),
+    }),
+    {
+      DST: 'P384_XMD:SHA-384_SSWU_RO_',
+      encodeDST: 'P384_XMD:SHA-384_SSWU_NU_',
+      p: p384_CURVE.p,
+      m: 1,
+      k: 192,
+      expand: 'xmd',
+      hash: sha384,
+    }
+  );
+})();
+
+// export const p384_oprf: OPRF = createORPF({
+//   name: 'P384-SHA384',
+//   Point: p384.Point,
+//   hash: sha384,
+//   hashToGroup: p384_hasher.hashToCurve,
+//   hashToScalar: p384_hasher.hashToScalar,
+// });
+
+// const Fn521 = Field(p521_CURVE.n, { allowedScalarLengths: [65, 66] });
+/** NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. */
+export const p521: CurveFnWithCreate = createCurve(
+  { ...p521_CURVE, Fp: Fp521, lowS: false, allowedPrivateKeyLengths: [130, 131, 132] },
+  sha512
+);
 
 /** Hashing / encoding to p521 points / field. RFC 9380 methods. */
-export const p521_hasher: Hasher<bigint> = /* @__PURE__ */ (() =>
-  createHasher(secp521r1.ProjectivePoint, (scalars: bigint[]) => p521_mapSWU(scalars[0]), {
-    DST: 'P521_XMD:SHA-512_SSWU_RO_',
-    encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
-    p: Fp521.ORDER,
-    m: 1,
-    k: 256,
-    expand: 'xmd',
-    hash: sha512,
-  }))();
+export const p521_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
+  return createHasher(
+    p521.Point,
+    createSWU(p521.Point, {
+      A: p521_CURVE.a,
+      B: p521_CURVE.b,
+      Z: p521.Point.Fp.create(BigInt('-4')),
+    }),
+    {
+      DST: 'P521_XMD:SHA-512_SSWU_RO_',
+      encodeDST: 'P521_XMD:SHA-512_SSWU_NU_',
+      p: p521_CURVE.p,
+      m: 1,
+      k: 256,
+      expand: 'xmd',
+      hash: sha512,
+    }
+  );
+})();
+
+// export const p521_oprf: OPRF = createORPF({
+//   name: 'P521-SHA512',
+//   Point: p521.Point,
+//   hash: sha512,
+//   hashToGroup: p521_hasher.hashToCurve,
+//   hashToScalar: p521_hasher.hashToScalar, // produces L=98 just like in RFC
+// });

package/src/p256.ts

@@ -3,9 +3,13 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CMethod } from './abstract/hash-to-curve.ts';
 import { p256_hasher, p256 as p256n } from './nist.ts';
+/** @deprecated use `import { p256 } from '@noble/curves/nist.js';` */
 export const p256: typeof p256n = p256n;
+/** @deprecated use `import { p256 } from '@noble/curves/nist.js';` */
 export const secp256r1: typeof p256n = p256n;
-export const hashToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => p256_hasher.hashToCurve)();
-export const encodeToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => p256_hasher.encodeToCurve)();
+/** @deprecated use `import { p256_hasher } from '@noble/curves/nist.js';` */
+export const hashToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => p256_hasher.hashToCurve)();
+/** @deprecated use `import { p256_hasher } from '@noble/curves/nist.js';` */
+export const encodeToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => p256_hasher.encodeToCurve)();

package/src/p384.ts

@@ -3,11 +3,13 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CMethod } from './abstract/hash-to-curve.ts';
 import { p384_hasher, p384 as p384n } from './nist.ts';
+/** @deprecated use `import { p384 } from '@noble/curves/nist.js';` */
 export const p384: typeof p384n = p384n;
+/** @deprecated use `import { p384 } from '@noble/curves/nist.js';` */
 export const secp384r1: typeof p384n = p384n;
-export const hashToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => p384_hasher.hashToCurve)();
-export const encodeToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => p384_hasher.encodeToCurve)();
-
-/** @deprecated Use `import { p384_hasher } from "@noble/curves/nist"` module. */
+/** @deprecated use `import { p384_hasher } from '@noble/curves/nist.js';` */
+export const hashToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => p384_hasher.hashToCurve)();
+/** @deprecated use `import { p384_hasher } from '@noble/curves/nist.js';` */
+export const encodeToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => p384_hasher.encodeToCurve)();

package/src/p521.ts

@@ -3,9 +3,13 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type HTFMethod } from './abstract/hash-to-curve.ts';
+import { type H2CMethod } from './abstract/hash-to-curve.ts';
 import { p521_hasher, p521 as p521n } from './nist.ts';
+/** @deprecated use `import { p521 } from '@noble/curves/nist.js';` */
 export const p521: typeof p521n = p521n;
+/** @deprecated use `import { p521 } from '@noble/curves/nist.js';` */
 export const secp521r1: typeof p521n = p521n;
-export const hashToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => p521_hasher.hashToCurve)();
-export const encodeToCurve: HTFMethod<bigint> = /* @__PURE__ */ (() => p521_hasher.encodeToCurve)();
+/** @deprecated use `import { p521_hasher } from '@noble/curves/nist.js';` */
+export const hashToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => p521_hasher.hashToCurve)();
+/** @deprecated use `import { p521_hasher } from '@noble/curves/nist.js';` */
+export const encodeToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() => p521_hasher.encodeToCurve)();