@noble/curves 1.9.5 → 2.0.0-beta.1

package/src/nist.ts

@@ -5,11 +5,14 @@
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import { sha256, sha384, sha512 } from '@noble/hashes/sha2.js';
-import { createCurve, type CurveFnWithCreate } from './_shortw_utils.ts';
 import { createHasher, type H2CHasher } from './abstract/hash-to-curve.ts';
 import { Field } from './abstract/modular.ts';
+import { createORPF, type OPRF } from './abstract/oprf.ts';
 import {
+  ecdsa,
   mapToCurveSimpleSWU,
+  weierstrass,
+  type ECDSA,
   type WeierstrassOpts,
   type WeierstrassPointCons,
 } from './abstract/weierstrass.ts';
@@ -72,9 +75,6 @@ const p521_CURVE: WeierstrassOpts<bigint> = {
   ),
 };
 
-const Fp256 = Field(p256_CURVE.p);
-const Fp384 = Field(p384_CURVE.p);
-const Fp521 = Field(p521_CURVE.p);
 type SwuOpts = {
   A: bigint;
   B: bigint;
@@ -86,18 +86,17 @@ function createSWU(Point: WeierstrassPointCons<bigint>, opts: SwuOpts) {
 }
 
 /** NIST P256 (aka secp256r1, prime256v1) curve, ECDSA and ECDH methods. */
-export const p256: CurveFnWithCreate = createCurve(
-  { ...p256_CURVE, Fp: Fp256, lowS: false },
-  sha256
-);
+
+const p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
+export const p256: ECDSA = /* @__PURE__ */ ecdsa(p256_Point, sha256);
 /** Hashing / encoding to p256 points / field. RFC 9380 methods. */
-export const p256_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
+export const p256_hasher: H2CHasher<WeierstrassPointCons<bigint>> = /* @__PURE__ */ (() => {
   return createHasher(
-    p256.Point,
-    createSWU(p256.Point, {
+    p256_Point,
+    createSWU(p256_Point, {
       A: p256_CURVE.a,
       B: p256_CURVE.b,
-      Z: p256.Point.Fp.create(BigInt('-10')),
+      Z: p256_Point.Fp.create(BigInt('-10')),
     }),
     {
       DST: 'P256_XMD:SHA-256_SSWU_RO_',
@@ -111,27 +110,26 @@ export const p256_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
   );
 })();
 
-// export const p256_oprf: OPRF = createORPF({
-//   name: 'P256-SHA256',
-//   Point: p256.Point,
-//   hash: sha256,
-//   hashToGroup: p256_hasher.hashToCurve,
-//   hashToScalar: p256_hasher.hashToScalar,
-// });
+export const p256_oprf: OPRF = /* @__PURE__ */ (() =>
+  createORPF({
+    name: 'P256-SHA256',
+    Point: p256_Point,
+    hash: sha256,
+    hashToGroup: p256_hasher.hashToCurve,
+    hashToScalar: p256_hasher.hashToScalar,
+  }))();
 
+const p384_Point = /* @__PURE__ */ weierstrass(p384_CURVE);
 /** NIST P384 (aka secp384r1) curve, ECDSA and ECDH methods. */
-export const p384: CurveFnWithCreate = createCurve(
-  { ...p384_CURVE, Fp: Fp384, lowS: false },
-  sha384
-);
+export const p384: ECDSA = /* @__PURE__ */ ecdsa(p384_Point, sha384);
 /** Hashing / encoding to p384 points / field. RFC 9380 methods. */
-export const p384_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
+export const p384_hasher: H2CHasher<WeierstrassPointCons<bigint>> = /* @__PURE__ */ (() => {
   return createHasher(
-    p384.Point,
-    createSWU(p384.Point, {
+    p384_Point,
+    createSWU(p384_Point, {
       A: p384_CURVE.a,
       B: p384_CURVE.b,
-      Z: p384.Point.Fp.create(BigInt('-12')),
+      Z: p384_Point.Fp.create(BigInt('-12')),
     }),
     {
       DST: 'P384_XMD:SHA-384_SSWU_RO_',
@@ -145,36 +143,28 @@ export const p384_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
   );
 })();
 
-// export const p384_oprf: OPRF = createORPF({
-//   name: 'P384-SHA384',
-//   Point: p384.Point,
-//   hash: sha384,
-//   hashToGroup: p384_hasher.hashToCurve,
-//   hashToScalar: p384_hasher.hashToScalar,
-// });
+export const p384_oprf: OPRF = /* @__PURE__ */ (() =>
+  createORPF({
+    name: 'P384-SHA384',
+    Point: p384_Point,
+    hash: sha384,
+    hashToGroup: p384_hasher.hashToCurve,
+    hashToScalar: p384_hasher.hashToScalar,
+  }))();
 
-// const Fn521 = Field(p521_CURVE.n, { allowedScalarLengths: [65, 66] });
+const Fn521 = /* @__PURE__ */ Field(p521_CURVE.n, { allowedLengths: [65, 66] });
+const p521_Point = /* @__PURE__ */ weierstrass(p521_CURVE, { Fn: Fn521 });
 /** NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. */
-export const p521: CurveFnWithCreate = createCurve(
-  { ...p521_CURVE, Fp: Fp521, lowS: false, allowedPrivateKeyLengths: [130, 131, 132] },
-  sha512
-);
-
-/** @deprecated use `p256` for consistency with `p256_hasher` */
-export const secp256r1: typeof p256 = p256;
-/** @deprecated use `p384` for consistency with `p384_hasher` */
-export const secp384r1: typeof p384 = p384;
-/** @deprecated use `p521` for consistency with `p521_hasher` */
-export const secp521r1: typeof p521 = p521;
+export const p521: ECDSA = /* @__PURE__ */ ecdsa(p521_Point, sha512);
 
 /** Hashing / encoding to p521 points / field. RFC 9380 methods. */
-export const p521_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
+export const p521_hasher: H2CHasher<WeierstrassPointCons<bigint>> = /* @__PURE__ */ (() => {
   return createHasher(
-    p521.Point,
-    createSWU(p521.Point, {
+    p521_Point,
+    createSWU(p521_Point, {
       A: p521_CURVE.a,
       B: p521_CURVE.b,
-      Z: p521.Point.Fp.create(BigInt('-4')),
+      Z: p521_Point.Fp.create(BigInt('-4')),
     }),
     {
       DST: 'P521_XMD:SHA-512_SSWU_RO_',
@@ -188,10 +178,11 @@ export const p521_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() => {
   );
 })();
 
-// export const p521_oprf: OPRF = createORPF({
-//   name: 'P521-SHA512',
-//   Point: p521.Point,
-//   hash: sha512,
-//   hashToGroup: p521_hasher.hashToCurve,
-//   hashToScalar: p521_hasher.hashToScalar, // produces L=98 just like in RFC
-// });
+export const p521_oprf: OPRF = /* @__PURE__ */ (() =>
+  createORPF({
+    name: 'P521-SHA512',
+    Point: p521_Point,
+    hash: sha512,
+    hashToGroup: p521_hasher.hashToCurve,
+    hashToScalar: p521_hasher.hashToScalar, // produces L=98 just like in RFC
+  }))();

package/src/secp256k1.ts

@@ -8,36 +8,23 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import { sha256 } from '@noble/hashes/sha2.js';
 import { randomBytes } from '@noble/hashes/utils.js';
-import { createCurve, type CurveFnWithCreate } from './_shortw_utils.ts';
 import type { CurveLengths } from './abstract/curve.ts';
+import { createHasher, type H2CHasher, isogenyMap } from './abstract/hash-to-curve.ts';
+import { Field, mapHashToField, pow2 } from './abstract/modular.ts';
 import {
-  createHasher,
-  type H2CHasher,
-  type H2CMethod,
-  isogenyMap,
-} from './abstract/hash-to-curve.ts';
-import { Field, mapHashToField, mod, pow2 } from './abstract/modular.ts';
-import {
-  _normFnElement,
+  type ECDSA,
+  ecdsa,
   type EndomorphismOpts,
   mapToCurveSimpleSWU,
   type WeierstrassPoint as PointType,
+  weierstrass,
   type WeierstrassOpts,
   type WeierstrassPointCons,
 } from './abstract/weierstrass.ts';
-import type { Hex, PrivKey } from './utils.ts';
-import {
-  aInRange,
-  bytesToNumberBE,
-  concatBytes,
-  ensureBytes,
-  inRange,
-  numberToBytesBE,
-  utf8ToBytes,
-} from './utils.ts';
+import { abytes, asciiToBytes, bytesToNumberBE, concatBytes, inRange } from './utils.ts';
 
 // Seems like generator was produced from some seed:
-// `Point.BASE.multiply(Point.Fn.inv(2n, N)).toAffine().x`
+// `Pointk1.BASE.multiply(Pointk1.Fn.inv(2n, N)).toAffine().x`
 // // gives short x 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63n
 const secp256k1_CURVE: WeierstrassOpts<bigint> = {
   p: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
@@ -90,6 +77,10 @@ function sqrtMod(y: bigint): bigint {
 }
 
 const Fpk1 = Field(secp256k1_CURVE.p, { sqrt: sqrtMod });
+const Pointk1 = /* @__PURE__ */ weierstrass(secp256k1_CURVE, {
+  Fp: Fpk1,
+  endo: secp256k1_ENDO,
+});
 
 /**
  * secp256k1 curve, ECDSA and ECDH methods.
@@ -105,10 +96,8 @@ const Fpk1 = Field(secp256k1_CURVE.p, { sqrt: sqrtMod });
  * const isValid = secp256k1.verify(sig, msg, publicKey) === true;
  * ```
  */
-export const secp256k1: CurveFnWithCreate = createCurve(
-  { ...secp256k1_CURVE, Fp: Fpk1, lowS: true, endo: secp256k1_ENDO },
-  sha256
-);
+
+export const secp256k1: ECDSA = /* @__PURE__ */ ecdsa(Pointk1, sha256);
 
 // Schnorr signatures are superior to ECDSA from above. Below is Schnorr-specific BIP0340 code.
 // https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
@@ -117,7 +106,7 @@ const TAGGED_HASH_PREFIXES: { [tag: string]: Uint8Array } = {};
 function taggedHash(tag: string, ...messages: Uint8Array[]): Uint8Array {
   let tagP = TAGGED_HASH_PREFIXES[tag];
   if (tagP === undefined) {
-    const tagH = sha256(utf8ToBytes(tag));
+    const tagH = sha256(asciiToBytes(tag));
     tagP = concatBytes(tagH, tagH);
     TAGGED_HASH_PREFIXES[tag] = tagP;
   }
@@ -126,18 +115,14 @@ function taggedHash(tag: string, ...messages: Uint8Array[]): Uint8Array {
 
 // ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
 const pointToBytes = (point: PointType<bigint>) => point.toBytes(true).slice(1);
-const numTo32b = (n: bigint) => numberToBytesBE(n, 32);
-const modP = (x: bigint) => mod(x, secp256k1_CURVE.p);
-const modN = (x: bigint) => mod(x, secp256k1_CURVE.n);
-const Point = /* @__PURE__ */ (() => secp256k1.Point)();
 const hasEven = (y: bigint) => y % _2n === _0n;
 
 // Calculate point, scalar and bytes
-function schnorrGetExtPubKey(priv: PrivKey) {
-  // TODO: replace with Point.Fn.fromBytes(priv)
-  let d_ = _normFnElement(Point.Fn, priv);
-  let p = Point.BASE.multiply(d_); // P = d'⋅G; 0 < d' < n check is done inside
-  const scalar = hasEven(p.y) ? d_ : modN(-d_);
+function schnorrGetExtPubKey(priv: Uint8Array) {
+  const { Fn, BASE } = Pointk1;
+  const d_ = Fn.fromBytes(priv);
+  const p = BASE.multiply(d_); // P = d'⋅G; 0 < d' < n check is done inside
+  const scalar = hasEven(p.y) ? d_ : Fn.neg(d_);
   return { scalar, bytes: pointToBytes(p) };
 }
 /**
@@ -145,12 +130,15 @@ function schnorrGetExtPubKey(priv: PrivKey) {
  * @returns valid point checked for being on-curve
  */
 function lift_x(x: bigint): PointType<bigint> {
-  aInRange('x', x, _1n, secp256k1_CURVE.p); // Fail if x ≥ p.
-  const xx = modP(x * x);
-  const c = modP(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.
-  let y = sqrtMod(c); // Let y = c^(p+1)/4 mod p.
-  if (!hasEven(y)) y = modP(-y); // Return the unique point P such that x(P) = x and
-  const p = Point.fromAffine({ x, y }); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
+  const Fp = Fpk1;
+  if (!Fp.isValidNot0(x)) throw new Error('invalid x: Fail if x ≥ p');
+  const xx = Fp.create(x * x);
+  const c = Fp.create(xx * x + BigInt(7)); // Let c = x³ + 7 mod p.
+  let y = Fp.sqrt(c); // Let y = c^(p+1)/4 mod p. Same as sqrt().
+  // Return the unique point P such that x(P) = x and
+  // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
+  if (!hasEven(y)) y = Fp.neg(y);
+  const p = Pointk1.fromAffine({ x, y });
   p.assertValidity();
   return p;
 }
@@ -159,13 +147,13 @@ const num = bytesToNumberBE;
  * Create tagged hash, convert it to bigint, reduce modulo-n.
  */
 function challenge(...args: Uint8Array[]): bigint {
-  return modN(num(taggedHash('BIP0340/challenge', ...args)));
+  return Pointk1.Fn.create(num(taggedHash('BIP0340/challenge', ...args)));
 }
 
 /**
  * Schnorr public key is just `x` coordinate of Point as per BIP340.
  */
-function schnorrGetPublicKey(secretKey: Hex): Uint8Array {
+function schnorrGetPublicKey(secretKey: Uint8Array): Uint8Array {
   return schnorrGetExtPubKey(secretKey).bytes; // d'=int(sk). Fail if d'=0 or d'≥n. Ret bytes(d'⋅G)
 }
 
@@ -173,19 +161,23 @@ function schnorrGetPublicKey(secretKey: Hex): Uint8Array {
  * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
  * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.
  */
-function schnorrSign(message: Hex, secretKey: PrivKey, auxRand: Hex = randomBytes(32)): Uint8Array {
-  const m = ensureBytes('message', message);
+function schnorrSign(
+  message: Uint8Array,
+  secretKey: Uint8Array,
+  auxRand: Uint8Array = randomBytes(32)
+): Uint8Array {
+  const { Fn } = Pointk1;
+  const m = abytes(message, undefined, 'message');
   const { bytes: px, scalar: d } = schnorrGetExtPubKey(secretKey); // checks for isWithinCurveOrder
-  const a = ensureBytes('auxRand', auxRand, 32); // Auxiliary random data a: a 32-byte array
-  const t = numTo32b(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+  const a = abytes(auxRand, 32, 'auxRand'); // Auxiliary random data a: a 32-byte array
+  const t = Fn.toBytes(d ^ num(taggedHash('BIP0340/aux', a))); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
   const rand = taggedHash('BIP0340/nonce', t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
-  const k_ = modN(num(rand)); // Let k' = int(rand) mod n
-  if (k_ === _0n) throw new Error('sign failed: k is zero'); // Fail if k' = 0.
-  const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_); // Let R = k'⋅G.
+  // Let k' = int(rand) mod n. Fail if k' = 0. Let R = k'⋅G
+  const { bytes: rx, scalar: k } = schnorrGetExtPubKey(rand);
   const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
   const sig = new Uint8Array(64); // Let sig = bytes(R) || bytes((k + ed) mod n).
   sig.set(rx, 0);
-  sig.set(numTo32b(modN(k + e * d)), 32);
+  sig.set(Fn.toBytes(Fn.create(k + e * d)), 32);
   // If Verify(bytes(P), m, sig) (see below) returns failure, abort
   if (!schnorrVerify(sig, m, px)) throw new Error('sign: Invalid signature produced');
   return sig;
@@ -195,19 +187,20 @@ function schnorrSign(message: Hex, secretKey: PrivKey, auxRand: Hex = randomByte
  * Verifies Schnorr signature.
  * Will swallow errors & return false except for initial type validation of arguments.
  */
-function schnorrVerify(signature: Hex, message: Hex, publicKey: Hex): boolean {
-  const sig = ensureBytes('signature', signature, 64);
-  const m = ensureBytes('message', message);
-  const pub = ensureBytes('publicKey', publicKey, 32);
+function schnorrVerify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): boolean {
+  const { Fn, BASE } = Pointk1;
+  const sig = abytes(signature, 64, 'signature');
+  const m = abytes(message, undefined, 'message');
+  const pub = abytes(publicKey, 32, 'publicKey');
   try {
     const P = lift_x(num(pub)); // P = lift_x(int(pk)); fail if that fails
     const r = num(sig.subarray(0, 32)); // Let r = int(sig[0:32]); fail if r ≥ p.
     if (!inRange(r, _1n, secp256k1_CURVE.p)) return false;
     const s = num(sig.subarray(32, 64)); // Let s = int(sig[32:64]); fail if s ≥ n.
     if (!inRange(s, _1n, secp256k1_CURVE.n)) return false;
-    const e = challenge(numTo32b(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n
+    const e = challenge(Fn.toBytes(r), pointToBytes(P), m); // int(challenge(bytes(r)||bytes(P)||m))%n
     // R = s⋅G - e⋅P, where -eP == (n-e)P
-    const R = Point.BASE.multiplyUnsafe(s).add(P.multiplyUnsafe(modN(-e)));
+    const R = BASE.multiplyUnsafe(s).add(P.multiplyUnsafe(Fn.neg(e)));
     const { x, y } = R.toAffine();
     // Fail if is_infinite(R) / not has_even_y(R) / x(R) ≠ r.
     if (R.is0() || !hasEven(y) || x !== r) return false;
@@ -228,15 +221,6 @@ export type SecpSchnorr = {
     pointToBytes: (point: PointType<bigint>) => Uint8Array;
     lift_x: typeof lift_x;
     taggedHash: typeof taggedHash;
-
-    /** @deprecated use `randomSecretKey` */
-    randomPrivateKey: (seed?: Uint8Array) => Uint8Array;
-    /** @deprecated use `utils` */
-    numberToBytesBE: typeof numberToBytesBE;
-    /** @deprecated use `utils` */
-    bytesToNumberBE: typeof bytesToNumberBE;
-    /** @deprecated use `modular` */
-    mod: typeof mod;
   };
   lengths: CurveLengths;
 };
@@ -259,8 +243,6 @@ export const schnorr: SecpSchnorr = /* @__PURE__ */ (() => {
   const randomSecretKey = (seed = randomBytes(seedLength)): Uint8Array => {
     return mapHashToField(seed, secp256k1_CURVE.n);
   };
-  // TODO: remove
-  secp256k1.utils.randomSecretKey;
   function keygen(seed?: Uint8Array) {
     const secretKey = randomSecretKey(seed);
     return { secretKey, publicKey: schnorrGetPublicKey(secretKey) };
@@ -270,25 +252,19 @@ export const schnorr: SecpSchnorr = /* @__PURE__ */ (() => {
     getPublicKey: schnorrGetPublicKey,
     sign: schnorrSign,
     verify: schnorrVerify,
-    Point,
+    Point: Pointk1,
     utils: {
-      randomSecretKey: randomSecretKey,
-      randomPrivateKey: randomSecretKey,
+      randomSecretKey,
       taggedHash,
-
-      // TODO: remove
       lift_x,
       pointToBytes,
-      numberToBytesBE,
-      bytesToNumberBE,
-      mod,
     },
     lengths: {
-      secret: size,
-      public: size,
+      secretKey: size,
+      publicKey: size,
+      publicKeyHasPrefix: false,
       signature: size * 2,
       seed: seedLength,
-      publicKeyHasPrefix: false,
     },
   };
 })();
@@ -334,9 +310,9 @@ const mapSWU = /* @__PURE__ */ (() =>
   }))();
 
 /** Hashing / encoding to secp256k1 points / field. RFC 9380 methods. */
-export const secp256k1_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() =>
+export const secp256k1_hasher: H2CHasher<WeierstrassPointCons<bigint>> = /* @__PURE__ */ (() =>
   createHasher(
-    secp256k1.Point,
+    Pointk1,
     (scalars: bigint[]) => {
       const { x, y } = mapSWU(Fpk1.create(scalars[0]));
       return isoMap(x, y);
@@ -351,11 +327,3 @@ export const secp256k1_hasher: H2CHasher<bigint> = /* @__PURE__ */ (() =>
       hash: sha256,
     }
   ))();
-
-/** @deprecated use `import { secp256k1_hasher } from '@noble/curves/secp256k1.js';` */
-export const hashToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() =>
-  secp256k1_hasher.hashToCurve)();
-
-/** @deprecated use `import { secp256k1_hasher } from '@noble/curves/secp256k1.js';` */
-export const encodeToCurve: H2CMethod<bigint> = /* @__PURE__ */ (() =>
-  secp256k1_hasher.encodeToCurve)();

package/src/utils.ts

@@ -5,6 +5,7 @@
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import {
   abytes as abytes_,
+  anumber,
   bytesToHex as bytesToHex_,
   concatBytes as concatBytes_,
   hexToBytes as hexToBytes_,
@@ -19,26 +20,19 @@ export {
   hexToBytes,
   isBytes,
   randomBytes,
-  utf8ToBytes,
+  utf8ToBytes
 } from '@noble/hashes/utils.js';
 const _0n = /* @__PURE__ */ BigInt(0);
 const _1n = /* @__PURE__ */ BigInt(1);
-export type Hex = Uint8Array | string; // hex strings are accepted for simplicity
-export type PrivKey = Hex | bigint; // bigints are accepted to ease learning curve
+
 export type CHash = {
-  (message: Uint8Array | string): Uint8Array;
+  (message: Uint8Array): Uint8Array;
   blockLen: number;
   outputLen: number;
   create(opts?: { dkLen?: number }): any; // For shake
 };
-export type FHash = (message: Uint8Array | string) => Uint8Array;
-
-export function abool(title: string, value: boolean): void {
-  if (typeof value !== 'boolean') throw new Error(title + ' boolean expected, got ' + value);
-}
-
-// tmp name until v2
-export function _abool2(value: boolean, title: string = ''): boolean {
+export type FHash = (message: Uint8Array) => Uint8Array;
+export function abool(value: boolean, title: string = ''): boolean {
   if (typeof value !== 'boolean') {
     const prefix = title && `"${title}"`;
     throw new Error(prefix + 'expected boolean, got type=' + typeof value);
@@ -46,24 +40,16 @@ export function _abool2(value: boolean, title: string = ''): boolean {
   return value;
 }
 
-// tmp name until v2
-/** Asserts something is Uint8Array. */
-export function _abytes2(value: Uint8Array, length?: number, title: string = ''): Uint8Array {
-  const bytes = isBytes_(value);
-  const len = value?.length;
-  const needsLen = length !== undefined;
-  if (!bytes || (needsLen && len !== length)) {
-    const prefix = title && `"${title}"`;
-    const ofLen = needsLen ? ` of length ${length}` : '';
-    const got = bytes ? `length=${len}` : `type=${typeof value}`;
-    throw new Error(prefix + 'expected Uint8Array' + ofLen + ', got ' + got);
-  }
-  return value;
+// Used in weierstrass, der
+function abignumer(n: number | bigint) {
+  if (typeof n === 'bigint') {
+    if (!isPosBig(n)) throw new Error('positive bigint expected, got ' + n);
+  } else anumber(n);
+  return n;
 }
 
-// Used in weierstrass, der
 export function numberToHexUnpadded(num: number | bigint): string {
-  const hex = num.toString(16);
+  const hex = abignumer(num).toString(16);
   return hex.length & 1 ? '0' + hex : hex;
 }
 
@@ -77,49 +63,22 @@ export function bytesToNumberBE(bytes: Uint8Array): bigint {
   return hexToNumber(bytesToHex_(bytes));
 }
 export function bytesToNumberLE(bytes: Uint8Array): bigint {
-  abytes_(bytes);
-  return hexToNumber(bytesToHex_(Uint8Array.from(bytes).reverse()));
+  return hexToNumber(bytesToHex_(copyBytes(abytes_(bytes)).reverse()));
 }
 
 export function numberToBytesBE(n: number | bigint, len: number): Uint8Array {
-  return hexToBytes_(n.toString(16).padStart(len * 2, '0'));
+  anumber(len);
+  n = abignumer(n);
+  const res = hexToBytes_(n.toString(16).padStart(len * 2, '0'));
+  if (res.length !== len) throw new Error('number too large');
+  return res;
 }
 export function numberToBytesLE(n: number | bigint, len: number): Uint8Array {
   return numberToBytesBE(n, len).reverse();
 }
 // Unpadded, rarely used
 export function numberToVarBytesBE(n: number | bigint): Uint8Array {
-  return hexToBytes_(numberToHexUnpadded(n));
-}
-
-/**
- * Takes hex string or Uint8Array, converts to Uint8Array.
- * Validates output length.
- * Will throw error for other types.
- * @param title descriptive title for an error e.g. 'secret key'
- * @param hex hex string or Uint8Array
- * @param expectedLength optional, will compare to result array's length
- * @returns
- */
-export function ensureBytes(title: string, hex: Hex, expectedLength?: number): Uint8Array {
-  let res: Uint8Array;
-  if (typeof hex === 'string') {
-    try {
-      res = hexToBytes_(hex);
-    } catch (e) {
-      throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);
-    }
-  } else if (isBytes_(hex)) {
-    // Uint8Array.from() instead of hash.slice() because node.js Buffer
-    // is instance of Uint8Array, and its slice() creates **mutable** copy
-    res = Uint8Array.from(hex);
-  } else {
-    throw new Error(title + ' must be hex string or Uint8Array');
-  }
-  const len = res.length;
-  if (typeof expectedLength === 'number' && len !== expectedLength)
-    throw new Error(title + ' of length ' + expectedLength + ' expected, got ' + len);
-  return res;
+  return hexToBytes_(numberToHexUnpadded(abignumer(n)));
 }
 
 // Compares 2 u8a-s in kinda constant time
@@ -129,6 +88,7 @@ export function equalBytes(a: Uint8Array, b: Uint8Array): boolean {
   for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
   return diff === 0;
 }
+
 /**
  * Copies Uint8Array. We can't use u8a.slice(), because u8a can be Buffer,
  * and Buffer#slice creates mutable copy. Never use Buffers!
@@ -374,3 +334,23 @@ export function memoized<T extends object, R, O extends any[]>(
     return computed;
   };
 }
+
+export interface CryptoKeys {
+  lengths: { seed?: number; public?: number; secret?: number };
+  keygen: (seed?: Uint8Array) => { secretKey: Uint8Array; publicKey: Uint8Array };
+  getPublicKey: (secretKey: Uint8Array) => Uint8Array;
+}
+
+/** Generic interface for signatures. Has keygen, sign and verify. */
+export interface Signer extends CryptoKeys {
+  // Interfaces are fun. We cannot just add new fields without copying old ones.
+  lengths: {
+    seed?: number;
+    public?: number;
+    secret?: number;
+    signRand?: number;
+    signature?: number;
+  };
+  sign: (msg: Uint8Array, secretKey: Uint8Array) => Uint8Array;
+  verify: (sig: Uint8Array, msg: Uint8Array, publicKey: Uint8Array) => boolean;
+}