@noble/curves 1.9.6 → 2.0.0-beta.1

package/abstract/bls.d.ts

@@ -1,42 +1,21 @@
-/**
- * BLS != BLS.
- * The file implements BLS (Boneh-Lynn-Shacham) signatures.
- * Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
- * families of pairing-friendly curves.
- * Consists of two curves: G1 and G2:
- * - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4.
- * - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1
- * - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in
- *   Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not.
- * Pairing is used to aggregate and verify signatures.
- * There are two modes of operation:
- * - Long signatures:  X-byte keys + 2X-byte sigs (G1 keys + G2 sigs).
- * - Short signatures: 2X-byte keys + X-byte sigs (G2 keys + G1 sigs).
- * @module
- **/
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type CHash, type Hex, type PrivKey } from '../utils.ts';
-import { type H2CHasher, type H2CHashOpts, type H2COpts, type htfBasicOpts, type MapToCurve } from './hash-to-curve.ts';
+import { type CurveLengths } from './curve.ts';
+import { type H2CHasher, type H2CHashOpts, type H2COpts, type MapToCurve } from './hash-to-curve.ts';
 import { type IField } from './modular.ts';
 import type { Fp12, Fp12Bls, Fp2, Fp2Bls, Fp6Bls } from './tower.ts';
-import { type CurvePointsRes, type CurvePointsType, type WeierstrassPoint, type WeierstrassPointCons } from './weierstrass.ts';
+import { type WeierstrassPoint, type WeierstrassPointCons } from './weierstrass.ts';
 type Fp = bigint;
 export type TwistType = 'multiplicative' | 'divisive';
 export type ShortSignatureCoder<Fp> = {
     fromBytes(bytes: Uint8Array): WeierstrassPoint<Fp>;
-    fromHex(hex: Hex): WeierstrassPoint<Fp>;
+    fromHex(hex: string): WeierstrassPoint<Fp>;
     toBytes(point: WeierstrassPoint<Fp>): Uint8Array;
     toHex(point: WeierstrassPoint<Fp>): string;
-    /** @deprecated use `toBytes` */
-    toRawBytes(point: WeierstrassPoint<Fp>): Uint8Array;
 };
-export type SignatureCoder<Fp> = {
+export type LongSignatureCoder<Fp> = {
     fromBytes(bytes: Uint8Array): WeierstrassPoint<Fp>;
-    fromHex(hex: Hex): WeierstrassPoint<Fp>;
+    fromHex(hex: string): WeierstrassPoint<Fp>;
     toBytes(point: WeierstrassPoint<Fp>): Uint8Array;
     toHex(point: WeierstrassPoint<Fp>): string;
-    /** @deprecated use `toBytes` */
-    toRawBytes(point: WeierstrassPoint<Fp>): Uint8Array;
 };
 export type BlsFields = {
     Fp: IField<Fp>;
@@ -52,6 +31,8 @@ export type PostPrecomputePointAddFn = (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy:
 };
 export type PostPrecomputeFn = (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy: Fp2, pointAdd: PostPrecomputePointAddFn) => void;
 export type BlsPairing = {
+    lengths: CurveLengths;
+    Fr: IField<bigint>;
     Fp12: Fp12Bls;
     calcPairingPrecomputes: (p: WeierstrassPoint<Fp2>) => Precompute;
     millerLoopBatch: (pairs: [Precompute, Fp, Fp][]) => Fp12;
@@ -60,35 +41,21 @@ export type BlsPairing = {
         g1: WeierstrassPoint<Fp>;
         g2: WeierstrassPoint<Fp2>;
     }[], withFinalExponent?: boolean) => Fp12;
+    randomSecretKey: (seed?: Uint8Array) => Uint8Array;
 };
 export type BlsPairingParams = {
     ateLoopSize: bigint;
     xNegative: boolean;
     twistType: TwistType;
+    randomBytes?: (len?: number) => Uint8Array;
     postPrecompute?: PostPrecomputeFn;
 };
-export type CurveType = {
-    G1: CurvePointsType<Fp> & {
-        ShortSignature: SignatureCoder<Fp>;
-        mapToCurve: MapToCurve<Fp>;
-        htfDefaults: H2COpts;
-    };
-    G2: CurvePointsType<Fp2> & {
-        Signature: SignatureCoder<Fp2>;
-        mapToCurve: MapToCurve<Fp2>;
-        htfDefaults: H2COpts;
-    };
-    fields: BlsFields;
-    params: {
-        ateLoopSize: BlsPairingParams['ateLoopSize'];
-        xNegative: BlsPairingParams['xNegative'];
-        r: bigint;
-        twistType: BlsPairingParams['twistType'];
-    };
-    htfDefaults: H2COpts;
-    hash: CHash;
-    randomBytes?: (bytesLength?: number) => Uint8Array;
-    postPrecompute?: PostPrecomputeFn;
+export type BlsHasherParams = {
+    mapToG1?: MapToCurve<Fp>;
+    mapToG2?: MapToCurve<Fp2>;
+    hasherOpts: H2COpts;
+    hasherOptsG1: H2COpts;
+    hasherOptsG2: H2COpts;
 };
 type PrecomputeSingle = [Fp2, Fp2, Fp2][];
 type Precompute = PrecomputeSingle[];
@@ -98,17 +65,16 @@ type Precompute = PrecomputeSingle[];
  * - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1
  */
 export interface BLSCurvePair {
-    longSignatures: BLSSigs<bigint, Fp2>;
-    shortSignatures: BLSSigs<Fp2, bigint>;
+    lengths: CurveLengths;
     millerLoopBatch: BlsPairing['millerLoopBatch'];
     pairing: BlsPairing['pairing'];
     pairingBatch: BlsPairing['pairingBatch'];
     G1: {
-        Point: WeierstrassPointCons<bigint>;
-    } & H2CHasher<Fp>;
+        Point: WeierstrassPointCons<Fp>;
+    };
     G2: {
         Point: WeierstrassPointCons<Fp2>;
-    } & H2CHasher<Fp2>;
+    };
     fields: {
         Fp: IField<Fp>;
         Fp2: Fp2Bls;
@@ -117,74 +83,46 @@ export interface BLSCurvePair {
         Fr: IField<bigint>;
     };
     utils: {
-        randomSecretKey: () => Uint8Array;
-        /** @deprecated use randomSecretKey */
-        randomPrivateKey: () => Uint8Array;
+        randomSecretKey: (seed?: Uint8Array) => Uint8Array;
         calcPairingPrecomputes: BlsPairing['calcPairingPrecomputes'];
     };
-}
-export type CurveFn = BLSCurvePair & {
-    /** @deprecated use `longSignatures.getPublicKey` */
-    getPublicKey: (secretKey: PrivKey) => Uint8Array;
-    /** @deprecated use `shortSignatures.getPublicKey` */
-    getPublicKeyForShortSignatures: (secretKey: PrivKey) => Uint8Array;
-    /** @deprecated use `longSignatures.sign` */
-    sign: {
-        (message: Hex, secretKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
-        (message: WeierstrassPoint<Fp2>, secretKey: PrivKey, htfOpts?: htfBasicOpts): WeierstrassPoint<Fp2>;
-    };
-    /** @deprecated use `shortSignatures.sign` */
-    signShortSignature: {
-        (message: Hex, secretKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
-        (message: WeierstrassPoint<Fp>, secretKey: PrivKey, htfOpts?: htfBasicOpts): WeierstrassPoint<Fp>;
-    };
-    /** @deprecated use `longSignatures.verify` */
-    verify: (signature: Hex | WeierstrassPoint<Fp2>, message: Hex | WeierstrassPoint<Fp2>, publicKey: Hex | WeierstrassPoint<Fp>, htfOpts?: htfBasicOpts) => boolean;
-    /** @deprecated use `shortSignatures.verify` */
-    verifyShortSignature: (signature: Hex | WeierstrassPoint<Fp>, message: Hex | WeierstrassPoint<Fp>, publicKey: Hex | WeierstrassPoint<Fp2>, htfOpts?: htfBasicOpts) => boolean;
-    verifyBatch: (signature: Hex | WeierstrassPoint<Fp2>, messages: (Hex | WeierstrassPoint<Fp2>)[], publicKeys: (Hex | WeierstrassPoint<Fp>)[], htfOpts?: htfBasicOpts) => boolean;
-    /** @deprecated use `longSignatures.aggregatePublicKeys` */
-    aggregatePublicKeys: {
-        (publicKeys: Hex[]): Uint8Array;
-        (publicKeys: WeierstrassPoint<Fp>[]): WeierstrassPoint<Fp>;
-    };
-    /** @deprecated use `longSignatures.aggregateSignatures` */
-    aggregateSignatures: {
-        (signatures: Hex[]): Uint8Array;
-        (signatures: WeierstrassPoint<Fp2>[]): WeierstrassPoint<Fp2>;
-    };
-    /** @deprecated use `shortSignatures.aggregateSignatures` */
-    aggregateShortSignatures: {
-        (signatures: Hex[]): Uint8Array;
-        (signatures: WeierstrassPoint<Fp>[]): WeierstrassPoint<Fp>;
-    };
-    G1: CurvePointsRes<Fp> & H2CHasher<Fp>;
-    G2: CurvePointsRes<Fp2> & H2CHasher<Fp2>;
-    /** @deprecated use `longSignatures.Signature` */
-    Signature: SignatureCoder<Fp2>;
-    /** @deprecated use `shortSignatures.Signature` */
-    ShortSignature: ShortSignatureCoder<Fp>;
     params: {
         ateLoopSize: bigint;
-        r: bigint;
         twistType: TwistType;
-        /** @deprecated */
-        G1b: bigint;
-        /** @deprecated */
-        G2b: Fp2;
     };
-};
-type BLSInput = Hex | Uint8Array;
+}
+export interface BlsCurvePairWithHashers extends BLSCurvePair {
+    G1: H2CHasher<WeierstrassPointCons<Fp>>;
+    G2: H2CHasher<WeierstrassPointCons<Fp2>>;
+}
+export interface BlsCurvePairWithSignatures extends BlsCurvePairWithHashers {
+    longSignatures: BLSSigs<bigint, Fp2>;
+    shortSignatures: BLSSigs<Fp2, bigint>;
+}
+type BLSInput = Uint8Array;
 export interface BLSSigs<P, S> {
-    getPublicKey(secretKey: PrivKey): WeierstrassPoint<P>;
-    sign(hashedMessage: WeierstrassPoint<S>, secretKey: PrivKey): WeierstrassPoint<S>;
+    lengths: CurveLengths;
+    keygen(seed?: Uint8Array): {
+        secretKey: Uint8Array;
+        publicKey: WeierstrassPoint<P>;
+    };
+    getPublicKey(secretKey: Uint8Array): WeierstrassPoint<P>;
+    sign(hashedMessage: WeierstrassPoint<S>, secretKey: Uint8Array): WeierstrassPoint<S>;
     verify(signature: WeierstrassPoint<S> | BLSInput, message: WeierstrassPoint<S>, publicKey: WeierstrassPoint<P> | BLSInput): boolean;
-    verifyBatch: (signature: WeierstrassPoint<S> | BLSInput, messages: WeierstrassPoint<S>[], publicKeys: (WeierstrassPoint<P> | BLSInput)[]) => boolean;
+    verifyBatch: (signature: WeierstrassPoint<S> | BLSInput, items: {
+        message: WeierstrassPoint<S>;
+        publicKey: WeierstrassPoint<P> | BLSInput;
+    }[]) => boolean;
     aggregatePublicKeys(publicKeys: (WeierstrassPoint<P> | BLSInput)[]): WeierstrassPoint<P>;
     aggregateSignatures(signatures: (WeierstrassPoint<S> | BLSInput)[]): WeierstrassPoint<S>;
     hash(message: Uint8Array, DST?: string | Uint8Array, hashOpts?: H2CHashOpts): WeierstrassPoint<S>;
-    Signature: SignatureCoder<S>;
+    Signature: LongSignatureCoder<S>;
 }
-export declare function bls(CURVE: CurveType): CurveFn;
+type BlsSignatureCoders = Partial<{
+    LongSignature: LongSignatureCoder<Fp2>;
+    ShortSignature: ShortSignatureCoder<Fp>;
+}>;
+export declare function blsBasic(fields: BlsFields, G1_Point: WeierstrassPointCons<Fp>, G2_Point: WeierstrassPointCons<Fp2>, params: BlsPairingParams): BLSCurvePair;
+export declare function bls(fields: BlsFields, G1_Point: WeierstrassPointCons<Fp>, G2_Point: WeierstrassPointCons<Fp2>, params: BlsPairingParams, hasherParams: BlsHasherParams, signatureCoders: BlsSignatureCoders): BlsCurvePairWithSignatures;
 export {};
 //# sourceMappingURL=bls.d.ts.map

package/abstract/bls.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;IAeI;AACJ,sEAAsE;AACtE,OAAO,EAKL,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,OAAO,EACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,WAAW,EAChB,KAAK,OAAO,EAEZ,KAAK,YAAY,EACjB,KAAK,UAAU,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAoC,KAAK,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EAC1B,MAAM,kBAAkB,CAAC;AAE1B,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAEtD,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;IAC3C,gCAAgC;IAChC,UAAU,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,cAAc,CAAC,EAAE,IAAI;IAC/B,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;IAC3C,gCAAgC;IAChC,UAAU,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,OAAO,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,CACrC,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,KACJ;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AACnC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,wBAAwB,KAC/B,IAAI,CAAC;AACV,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,sBAAsB,EAAE,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC;IACjE,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAClG,YAAY,EAAE,CACZ,KAAK,EAAE;QAAE,EAAE,EAAE,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAAC,EAAE,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAA;KAAE,EAAE,EAChE,iBAAiB,CAAC,EAAE,OAAO,KACxB,IAAI,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAI7B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IAErB,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AACF,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC,GAAG;QACxB,cAAc,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;QACzB,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE,SAAS,CAAC;IAClB,MAAM,EAAE;QAIN,WAAW,EAAE,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAC7C,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC;KAC1C,CAAC;IACF,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAEnD,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AAEF,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAC1C,KAAK,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAErC;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,EAAE,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC/C,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC;IAC/B,YAAY,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC;IACzC,EAAE,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAA;KAAE,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5D,EAAE,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,GAAG,CAAC,CAAA;KAAE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1D,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,OAAO,CAAC;QACd,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,eAAe,EAAE,MAAM,UAAU,CAAC;QAClC,sCAAsC;QACtC,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,UAAU,CAAC,wBAAwB,CAAC,CAAC;KAC9D,CAAC;CACH;AAED,MAAM,MAAM,OAAO,GAAG,YAAY,GAAG;IACnC,oDAAoD;IACpD,YAAY,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,UAAU,CAAC;IACjD,qDAAqD;IACrD,8BAA8B,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,UAAU,CAAC;IACnE,4CAA4C;IAC5C,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACvE,CACE,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAC9B,SAAS,EAAE,OAAO,EAClB,OAAO,CAAC,EAAE,YAAY,GACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC;KAC1B,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,EAAE;QAClB,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACvE,CACE,OAAO,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAC7B,SAAS,EAAE,OAAO,EAClB,OAAO,CAAC,EAAE,YAAY,GACrB,gBAAgB,CAAC,EAAE,CAAC,CAAC;KACzB,CAAC;IACF,8CAA8C;IAC9C,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACtC,OAAO,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACpC,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,EACrC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,+CAA+C;IAC/C,oBAAoB,EAAE,CACpB,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,EACrC,OAAO,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,EACnC,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACtC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACtC,QAAQ,EAAE,CAAC,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,EAAE,EACzC,UAAU,EAAE,CAAC,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC,EAAE,EAC1C,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,2DAA2D;IAC3D,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;KAC5D,CAAC;IACF,2DAA2D;IAC3D,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;KAC9D,CAAC;IACF,4DAA4D;IAC5D,wBAAwB,EAAE;QACxB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;KAC5D,CAAC;IACF,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IACvC,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IACzC,iDAAiD;IACjD,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,kDAAkD;IAClD,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,SAAS,CAAC;QACrB,kBAAkB;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,kBAAkB;QAClB,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;CACH,CAAC;AAEF,KAAK,QAAQ,GAAG,GAAG,GAAG,UAAU,CAAC;AACjC,MAAM,WAAW,OAAO,CAAC,CAAC,EAAE,CAAC;IAC3B,YAAY,CAAC,SAAS,EAAE,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACtD,IAAI,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClF,MAAM,CACJ,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,EACzC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC5B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,GACxC,OAAO,CAAC;IACX,WAAW,EAAE,CACX,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,EACzC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAC/B,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,KAC3C,OAAO,CAAC;IACb,mBAAmB,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzF,mBAAmB,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClG,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;CAC9B;AA6SD,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAiL7C"}
+{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../src/abstract/bls.ts"],"names":[],"mappings":"AAkBA,OAAO,EAAc,KAAK,YAAY,EAAE,MAAM,YAAY,CAAC;AAC3D,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,WAAW,EAEhB,KAAK,OAAO,EACZ,KAAK,UAAU,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAoC,KAAK,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAAE,KAAK,gBAAgB,EAAE,KAAK,oBAAoB,EAAE,MAAM,kBAAkB,CAAC;AAEpF,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAEtD,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CAC5C,CAAC;AAEF,MAAM,MAAM,kBAAkB,CAAC,EAAE,IAAI;IACnC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;CAC5C,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,OAAO,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,CACrC,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,KACJ;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AACnC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,wBAAwB,KAC/B,IAAI,CAAC;AACV,MAAM,MAAM,UAAU,GAAG;IACvB,OAAO,EAAE,YAAY,CAAC;IACtB,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,IAAI,EAAE,OAAO,CAAC;IACd,sBAAsB,EAAE,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC;IACjE,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAClG,YAAY,EAAE,CACZ,KAAK,EAAE;QAAE,EAAE,EAAE,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAAC,EAAE,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAA;KAAE,EAAE,EAChE,iBAAiB,CAAC,EAAE,OAAO,KACxB,IAAI,CAAC;IACV,eAAe,EAAE,CAAC,IAAI,CAAC,EAAE,UAAU,KAAK,UAAU,CAAC;CACpD,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAG7B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IACrB,WAAW,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAC3C,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AACF,MAAM,MAAM,eAAe,GAAG;IAC5B,OAAO,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;IACzB,OAAO,CAAC,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;IAC1B,UAAU,EAAE,OAAO,CAAC;IACpB,YAAY,EAAE,OAAO,CAAC;IACtB,YAAY,EAAE,OAAO,CAAC;CACvB,CAAC;AACF,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAC1C,KAAK,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAErC;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,YAAY,CAAC;IACtB,eAAe,EAAE,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC/C,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC;IAC/B,YAAY,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC;IACzC,EAAE,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,EAAE,CAAC,CAAA;KAAE,CAAC;IACxC,EAAE,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,GAAG,CAAC,CAAA;KAAE,CAAC;IACzC,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,OAAO,CAAC;QACd,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,eAAe,EAAE,CAAC,IAAI,CAAC,EAAE,UAAU,KAAK,UAAU,CAAC;QACnD,sBAAsB,EAAE,UAAU,CAAC,wBAAwB,CAAC,CAAC;KAC9D,CAAC;IACF,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,SAAS,EAAE,SAAS,CAAC;KACtB,CAAC;CACH;AAED,MAAM,WAAW,uBAAwB,SAAQ,YAAY;IAC3D,EAAE,EAAE,SAAS,CAAC,oBAAoB,CAAC,EAAE,CAAC,CAAC,CAAC;IACxC,EAAE,EAAE,SAAS,CAAC,oBAAoB,CAAC,GAAG,CAAC,CAAC,CAAC;CAC1C;AAED,MAAM,WAAW,0BAA2B,SAAQ,uBAAuB;IACzE,cAAc,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;CACvC;AAED,KAAK,QAAQ,GAAG,UAAU,CAAC;AAC3B,MAAM,WAAW,OAAO,CAAC,CAAC,EAAE,CAAC;IAC3B,OAAO,EAAE,YAAY,CAAC;IACtB,MAAM,CAAC,IAAI,CAAC,EAAE,UAAU,GAAG;QACzB,SAAS,EAAE,UAAU,CAAC;QACtB,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC;KAChC,CAAC;IACF,YAAY,CAAC,SAAS,EAAE,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzD,IAAI,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACrF,MAAM,CACJ,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,EACzC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC5B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,GACxC,OAAO,CAAC;IACX,WAAW,EAAE,CACX,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,EACzC,KAAK,EAAE;QAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,CAAC;QAAC,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAA;KAAE,EAAE,KACjF,OAAO,CAAC;IACb,mBAAmB,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzF,mBAAmB,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClG,SAAS,EAAE,kBAAkB,CAAC,CAAC,CAAC,CAAC;CAClC;AAqUD,KAAK,kBAAkB,GAAG,OAAO,CAAC;IAChC,aAAa,EAAE,kBAAkB,CAAC,GAAG,CAAC,CAAC;IACvC,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;CACzC,CAAC,CAAC;AAGH,wBAAgB,QAAQ,CACtB,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,oBAAoB,CAAC,EAAE,CAAC,EAClC,QAAQ,EAAE,oBAAoB,CAAC,GAAG,CAAC,EACnC,MAAM,EAAE,gBAAgB,GACvB,YAAY,CAqCd;AAwBD,wBAAgB,GAAG,CACjB,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,oBAAoB,CAAC,EAAE,CAAC,EAClC,QAAQ,EAAE,oBAAoB,CAAC,GAAG,CAAC,EACnC,MAAM,EAAE,gBAAgB,EACxB,YAAY,EAAE,eAAe,EAC7B,eAAe,EAAE,kBAAkB,GAClC,0BAA0B,CA0B5B"}

package/abstract/bls.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.bls = bls;
 /**
  * BLS != BLS.
  * The file implements BLS (Boneh-Lynn-Shacham) signatures.
@@ -18,11 +15,11 @@ exports.bls = bls;
  * @module
  **/
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const utils_ts_1 = require("../utils.js");
-const curve_ts_1 = require("./curve.js");
-const hash_to_curve_ts_1 = require("./hash-to-curve.js");
-const modular_ts_1 = require("./modular.js");
-const weierstrass_ts_1 = require("./weierstrass.js");
+import { abytes, memoized, notImplemented, randomBytes } from "../utils.js";
+import { normalizeZ } from "./curve.js";
+import { createHasher, } from "./hash-to-curve.js";
+import { getMinHashLength, mapHashToField } from "./modular.js";
+import {} from "./weierstrass.js";
 // prettier-ignore
 const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
 // Not used with BLS12-381 (no sequential `11` in X). Useful for other curves.
@@ -47,7 +44,7 @@ function aNonEmpty(arr) {
 }
 // This should be enough for bn254, no need to export full stuff?
 function createBlsPairing(fields, G1, G2, params) {
-    const { Fp2, Fp12 } = fields;
+    const { Fr, Fp2, Fp12 } = fields;
     const { twistType, ateLoopSize, xNegative, postPrecompute } = params;
     // Applies sparse multiplication as line function
     let lineFunction;
@@ -99,7 +96,7 @@ function createBlsPairing(fields, G1, G2, params) {
     // pointAdd happens only if bit set, so wNAF is reasonable. Unfortunately we cannot combine
     // add + double in windowed precomputes here, otherwise it would be single op (since X is static)
     const ATE_NAF = NAfDecomposition(ateLoopSize);
-    const calcPairingPrecomputes = (0, utils_ts_1.memoized)((point) => {
+    const calcPairingPrecomputes = memoized((point) => {
         const p = point;
         const { x, y } = p.toAffine();
         // prettier-ignore
@@ -142,8 +139,8 @@ function createBlsPairing(fields, G1, G2, params) {
     function pairingBatch(pairs, withFinalExponent = true) {
         const res = [];
         // Cache precomputed toAffine for all points
-        (0, curve_ts_1.normalizeZ)(G1, pairs.map(({ g1 }) => g1));
-        (0, curve_ts_1.normalizeZ)(G2, pairs.map(({ g2 }) => g2));
+        normalizeZ(G1, pairs.map(({ g1 }) => g1));
+        normalizeZ(G2, pairs.map(({ g2 }) => g2));
         for (const { g1, g2 } of pairs) {
             if (g1.is0() || g2.is0())
                 throw new Error('pairing is not available for ZERO point');
@@ -159,24 +156,43 @@ function createBlsPairing(fields, G1, G2, params) {
     function pairing(Q, P, withFinalExponent = true) {
         return pairingBatch([{ g1: Q, g2: P }], withFinalExponent);
     }
+    const lengths = {
+        seed: getMinHashLength(Fr.ORDER),
+    };
+    const rand = params.randomBytes || randomBytes;
+    const randomSecretKey = (seed = rand(lengths.seed)) => {
+        abytes(seed, lengths.seed, 'seed');
+        return mapHashToField(seed, Fr.ORDER);
+    };
     return {
+        lengths,
+        Fr,
         Fp12, // NOTE: we re-export Fp12 here because pairing results are Fp12!
         millerLoopBatch,
         pairing,
         pairingBatch,
         calcPairingPrecomputes,
+        randomSecretKey,
     };
 }
-function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
-    const { Fp12, pairingBatch } = blsPairing;
+function createBlsSig(blsPairing, PubPoint, SigPoint, isSigG1, hashToSigCurve, SignatureCoder) {
+    const { Fr, Fp12, pairingBatch, randomSecretKey, lengths } = blsPairing;
+    if (!SignatureCoder) {
+        SignatureCoder = {
+            fromBytes: notImplemented,
+            fromHex: notImplemented,
+            toBytes: notImplemented,
+            toHex: notImplemented,
+        };
+    }
     function normPub(point) {
-        return point instanceof PubCurve.Point ? point : PubCurve.Point.fromHex(point);
+        return point instanceof PubPoint ? point : PubPoint.fromBytes(point);
     }
     function normSig(point) {
-        return point instanceof SigCurve.Point ? point : SigCurve.Point.fromHex(point);
+        return point instanceof SigPoint ? point : SigPoint.fromBytes(point);
     }
     function amsg(m) {
-        if (!(m instanceof SigCurve.Point))
+        if (!(m instanceof SigPoint))
             throw new Error(`expected valid message hashed to ${!isSigG1 ? 'G2' : 'G1'} curve`);
         return m;
     }
@@ -184,21 +200,30 @@ function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
     const pair = !isSigG1
         ? (a, b) => ({ g1: a, g2: b })
         : (a, b) => ({ g1: b, g2: a });
-    return {
+    return Object.freeze({
+        lengths: { ...lengths, secretKey: Fr.BYTES },
+        keygen(seed) {
+            const secretKey = randomSecretKey(seed);
+            const publicKey = this.getPublicKey(secretKey);
+            return { secretKey, publicKey };
+        },
         // P = pk x G
         getPublicKey(secretKey) {
-            // TODO: replace with
-            // const sec = PubCurve.Point.Fn.fromBytes(secretKey);
-            const sec = (0, weierstrass_ts_1._normFnElement)(PubCurve.Point.Fn, secretKey);
-            return PubCurve.Point.BASE.multiply(sec);
+            let sec;
+            try {
+                sec = PubPoint.Fn.fromBytes(secretKey);
+            }
+            catch (error) {
+                // @ts-ignore
+                throw new Error('invalid private key: ' + typeof secretKey, { cause: error });
+            }
+            return PubPoint.BASE.multiply(sec);
         },
         // S = pk x H(m)
         sign(message, secretKey, unusedArg) {
             if (unusedArg != null)
                 throw new Error('sign() expects 2 arguments');
-            // TODO: replace with
-            // PubCurve.Point.Fn.fromBytes(secretKey)
-            const sec = (0, weierstrass_ts_1._normFnElement)(PubCurve.Point.Fn, secretKey);
+            const sec = PubPoint.Fn.fromBytes(secretKey);
             amsg(message).assertValidity();
             return message.multiply(sec);
         },
@@ -211,7 +236,7 @@ function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
             signature = normSig(signature);
             publicKey = normPub(publicKey);
             const P = publicKey.negate();
-            const G = PubCurve.Point.BASE;
+            const G = PubPoint.BASE;
             const Hm = amsg(message);
             const S = signature;
             // This code was changed in 1.9.x:
@@ -224,13 +249,11 @@ function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
         // https://ethresear.ch/t/fast-verification-of-multiple-bls-signatures/5407
         // e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))
         // TODO: maybe `{message: G2Hex, publicKey: G1Hex}[]` instead?
-        verifyBatch(signature, messages, publicKeys) {
-            aNonEmpty(messages);
-            if (publicKeys.length !== messages.length)
-                throw new Error('amount of public keys and messages should be equal');
+        verifyBatch(signature, items) {
+            aNonEmpty(items);
             const sig = normSig(signature);
-            const nMessages = messages;
-            const nPublicKeys = publicKeys.map(normPub);
+            const nMessages = items.map((i) => i.message);
+            const nPublicKeys = items.map((i) => normPub(i.publicKey));
             // NOTE: this works only for exact same object
             const messagePubKeyMap = new Map();
             for (let i = 0; i < nPublicKeys.length; i++) {
@@ -244,7 +267,7 @@ function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
                 keys.push(pub);
             }
             const paired = [];
-            const G = PubCurve.Point.BASE;
+            const G = PubPoint.BASE;
             try {
                 for (const [msg, keys] of messagePubKeyMap) {
                     const groupPublicKey = keys.reduce((acc, msg) => acc.add(msg));
@@ -262,7 +285,7 @@ function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
         aggregatePublicKeys(publicKeys) {
             aNonEmpty(publicKeys);
             publicKeys = publicKeys.map((pub) => normPub(pub));
-            const agg = publicKeys.reduce((sum, p) => sum.add(p), PubCurve.Point.ZERO);
+            const agg = publicKeys.reduce((sum, p) => sum.add(p), PubPoint.ZERO);
             agg.assertValidity();
             return agg;
         },
@@ -271,141 +294,74 @@ function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
         aggregateSignatures(signatures) {
             aNonEmpty(signatures);
             signatures = signatures.map((sig) => normSig(sig));
-            const agg = signatures.reduce((sum, s) => sum.add(s), SigCurve.Point.ZERO);
+            const agg = signatures.reduce((sum, s) => sum.add(s), SigPoint.ZERO);
             agg.assertValidity();
             return agg;
         },
         hash(messageBytes, DST) {
-            (0, utils_ts_1.abytes)(messageBytes);
+            abytes(messageBytes);
             const opts = DST ? { DST } : undefined;
-            return SigCurve.hashToCurve(messageBytes, opts);
+            return hashToSigCurve(messageBytes, opts);
         },
         Signature: SignatureCoder,
-    };
+    }) /*satisfies Signer */;
 }
-// G1_Point: ProjConstructor<bigint>, G2_Point: ProjConstructor<Fp2>,
-function bls(CURVE) {
+// NOTE: separate function instead of function override, so we don't depend on hasher in bn254.
+export function blsBasic(fields, G1_Point, G2_Point, params) {
     // Fields are specific for curve, so for now we'll need to pass them with opts
-    const { Fp, Fr, Fp2, Fp6, Fp12 } = CURVE.fields;
+    const { Fp, Fr, Fp2, Fp6, Fp12 } = fields;
     // Point on G1 curve: (x, y)
-    const G1_ = (0, weierstrass_ts_1.weierstrassPoints)(CURVE.G1);
-    const G1 = Object.assign(G1_, (0, hash_to_curve_ts_1.createHasher)(G1_.Point, CURVE.G1.mapToCurve, {
-        ...CURVE.htfDefaults,
-        ...CURVE.G1.htfDefaults,
-    }));
+    // const G1_Point = weierstrass(CURVE.G1, { Fn: Fr });
+    const G1 = { Point: G1_Point };
     // Point on G2 curve (complex numbers): (x₁, x₂+i), (y₁, y₂+i)
-    const G2_ = (0, weierstrass_ts_1.weierstrassPoints)(CURVE.G2);
-    const G2 = Object.assign(G2_, (0, hash_to_curve_ts_1.createHasher)(G2_.Point, CURVE.G2.mapToCurve, {
-        ...CURVE.htfDefaults,
-        ...CURVE.G2.htfDefaults,
-    }));
-    const pairingRes = createBlsPairing(CURVE.fields, G1.Point, G2.Point, {
-        ...CURVE.params,
-        postPrecompute: CURVE.postPrecompute,
-    });
-    const { millerLoopBatch, pairing, pairingBatch, calcPairingPrecomputes } = pairingRes;
-    const longSignatures = createBlsSig(pairingRes, G1, G2, CURVE.G2.Signature, false);
-    const shortSignatures = createBlsSig(pairingRes, G2, G1, CURVE.G1.ShortSignature, true);
-    const rand = CURVE.randomBytes || utils_ts_1.randomBytes;
-    const randomSecretKey = () => {
-        const length = (0, modular_ts_1.getMinHashLength)(Fr.ORDER);
-        return (0, modular_ts_1.mapHashToField)(rand(length), Fr.ORDER);
-    };
-    const utils = {
-        randomSecretKey,
-        randomPrivateKey: randomSecretKey,
-        calcPairingPrecomputes,
-    };
-    const { ShortSignature } = CURVE.G1;
-    const { Signature } = CURVE.G2;
-    function normP1Hash(point, htfOpts) {
-        return point instanceof G1.Point
-            ? point
-            : shortSignatures.hash((0, utils_ts_1.ensureBytes)('point', point), htfOpts?.DST);
-    }
-    function normP2Hash(point, htfOpts) {
-        return point instanceof G2.Point
-            ? point
-            : longSignatures.hash((0, utils_ts_1.ensureBytes)('point', point), htfOpts?.DST);
-    }
-    function getPublicKey(privateKey) {
-        return longSignatures.getPublicKey(privateKey).toBytes(true);
-    }
-    function getPublicKeyForShortSignatures(privateKey) {
-        return shortSignatures.getPublicKey(privateKey).toBytes(true);
-    }
-    function sign(message, privateKey, htfOpts) {
-        const Hm = normP2Hash(message, htfOpts);
-        const S = longSignatures.sign(Hm, privateKey);
-        return message instanceof G2.Point ? S : Signature.toBytes(S);
-    }
-    function signShortSignature(message, privateKey, htfOpts) {
-        const Hm = normP1Hash(message, htfOpts);
-        const S = shortSignatures.sign(Hm, privateKey);
-        return message instanceof G1.Point ? S : ShortSignature.toBytes(S);
-    }
-    function verify(signature, message, publicKey, htfOpts) {
-        const Hm = normP2Hash(message, htfOpts);
-        return longSignatures.verify(signature, Hm, publicKey);
-    }
-    function verifyShortSignature(signature, message, publicKey, htfOpts) {
-        const Hm = normP1Hash(message, htfOpts);
-        return shortSignatures.verify(signature, Hm, publicKey);
-    }
-    function aggregatePublicKeys(publicKeys) {
-        const agg = longSignatures.aggregatePublicKeys(publicKeys);
-        return publicKeys[0] instanceof G1.Point ? agg : agg.toBytes(true);
-    }
-    function aggregateSignatures(signatures) {
-        const agg = longSignatures.aggregateSignatures(signatures);
-        return signatures[0] instanceof G2.Point ? agg : Signature.toBytes(agg);
-    }
-    function aggregateShortSignatures(signatures) {
-        const agg = shortSignatures.aggregateSignatures(signatures);
-        return signatures[0] instanceof G1.Point ? agg : ShortSignature.toBytes(agg);
-    }
-    function verifyBatch(signature, messages, publicKeys, htfOpts) {
-        const Hm = messages.map((m) => normP2Hash(m, htfOpts));
-        return longSignatures.verifyBatch(signature, Hm, publicKeys);
-    }
+    const G2 = { Point: G2_Point };
+    const pairingRes = createBlsPairing(fields, G1_Point, G2_Point, params);
+    const { millerLoopBatch, pairing, pairingBatch, calcPairingPrecomputes, randomSecretKey, lengths, } = pairingRes;
     G1.Point.BASE.precompute(4);
-    return {
-        longSignatures,
-        shortSignatures,
+    return Object.freeze({
+        lengths,
         millerLoopBatch,
         pairing,
         pairingBatch,
-        verifyBatch,
-        fields: {
-            Fr,
-            Fp,
-            Fp2,
-            Fp6,
-            Fp12,
-        },
-        params: {
-            ateLoopSize: CURVE.params.ateLoopSize,
-            twistType: CURVE.params.twistType,
-            // deprecated
-            r: CURVE.params.r,
-            G1b: CURVE.G1.b,
-            G2b: CURVE.G2.b,
-        },
-        utils,
-        // deprecated
-        getPublicKey,
-        getPublicKeyForShortSignatures,
-        sign,
-        signShortSignature,
-        verify,
-        verifyShortSignature,
-        aggregatePublicKeys,
-        aggregateSignatures,
-        aggregateShortSignatures,
         G1,
         G2,
-        Signature,
-        ShortSignature,
+        fields: { Fr, Fp, Fp2, Fp6, Fp12 },
+        params: {
+            ateLoopSize: params.ateLoopSize,
+            twistType: params.twistType,
+        },
+        utils: {
+            randomSecretKey,
+            calcPairingPrecomputes,
+        },
+    });
+}
+// We can export this too, but seems there is not much reasons for now? If user wants hasher, they can just create hasher.
+function blsHashers(fields, G1_Point, G2_Point, params, hasherParams) {
+    const base = blsBasic(fields, G1_Point, G2_Point, params);
+    const G1Hasher = createHasher(G1_Point, hasherParams.mapToG1 || notImplemented, {
+        ...hasherParams.hasherOpts,
+        ...hasherParams.hasherOptsG1,
+    });
+    const G2Hasher = createHasher(G2_Point, hasherParams.mapToG2 || notImplemented, {
+        ...hasherParams.hasherOpts,
+        ...hasherParams.hasherOptsG2,
+    });
+    return Object.freeze({ ...base, G1: G1Hasher, G2: G2Hasher });
+}
+// G1_Point: ProjConstructor<bigint>, G2_Point: ProjConstructor<Fp2>,
+// Rename to blsSignatures?
+export function bls(fields, G1_Point, G2_Point, params, hasherParams, signatureCoders) {
+    const base = blsHashers(fields, G1_Point, G2_Point, params, hasherParams);
+    const pairingRes = {
+        ...base,
+        Fr: base.fields.Fr,
+        Fp12: base.fields.Fp12,
+        calcPairingPrecomputes: base.utils.calcPairingPrecomputes,
+        randomSecretKey: base.utils.randomSecretKey,
     };
+    const longSignatures = createBlsSig(pairingRes, G1_Point, G2_Point, false, base.G2.hashToCurve, signatureCoders?.LongSignature);
+    const shortSignatures = createBlsSig(pairingRes, G2_Point, G1_Point, true, base.G1.hashToCurve, signatureCoders?.ShortSignature);
+    return Object.freeze({ ...base, longSignatures, shortSignatures });
 }
 //# sourceMappingURL=bls.js.map