@noble/curves 1.9.6 → 2.0.0-beta.1

package/esm/_shortw_utils.d.ts

@@ -1,19 +0,0 @@
-/**
- * Utilities for short weierstrass curves, combined with noble-hashes.
- * @module
- */
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type CurveFn, type CurveType } from './abstract/weierstrass.ts';
-import type { CHash } from './utils.ts';
-/** connects noble-curves to noble-hashes */
-export declare function getHash(hash: CHash): {
-    hash: CHash;
-};
-/** Same API as @noble/hashes, with ability to create curve with custom hash */
-export type CurveDef = Readonly<Omit<CurveType, 'hash'>>;
-export type CurveFnWithCreate = CurveFn & {
-    create: (hash: CHash) => CurveFn;
-};
-/** @deprecated use new `weierstrass()` and `ecdsa()` methods */
-export declare function createCurve(curveDef: CurveDef, defHash: CHash): CurveFnWithCreate;
-//# sourceMappingURL=_shortw_utils.d.ts.map

package/esm/_shortw_utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"_shortw_utils.d.ts","sourceRoot":"","sources":["../src/_shortw_utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,sEAAsE;AACtE,OAAO,EAAE,KAAK,OAAO,EAAE,KAAK,SAAS,EAAe,MAAM,2BAA2B,CAAC;AACtF,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAExC,4CAA4C;AAC5C,wBAAgB,OAAO,CAAC,IAAI,EAAE,KAAK,GAAG;IAAE,IAAI,EAAE,KAAK,CAAA;CAAE,CAEpD;AACD,+EAA+E;AAC/E,MAAM,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC;AACzD,MAAM,MAAM,iBAAiB,GAAG,OAAO,GAAG;IAAE,MAAM,EAAE,CAAC,IAAI,EAAE,KAAK,KAAK,OAAO,CAAA;CAAE,CAAC;AAE/E,gEAAgE;AAChE,wBAAgB,WAAW,CAAC,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,GAAG,iBAAiB,CAGjF"}

package/esm/_shortw_utils.js

@@ -1,16 +0,0 @@
-/**
- * Utilities for short weierstrass curves, combined with noble-hashes.
- * @module
- */
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { weierstrass } from "./abstract/weierstrass.js";
-/** connects noble-curves to noble-hashes */
-export function getHash(hash) {
-    return { hash };
-}
-/** @deprecated use new `weierstrass()` and `ecdsa()` methods */
-export function createCurve(curveDef, defHash) {
-    const create = (hash) => weierstrass({ ...curveDef, hash: hash });
-    return { ...create(defHash), create };
-}
-//# sourceMappingURL=_shortw_utils.js.map

package/esm/_shortw_utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"_shortw_utils.js","sourceRoot":"","sources":["../src/_shortw_utils.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,sEAAsE;AACtE,OAAO,EAAgC,WAAW,EAAE,MAAM,2BAA2B,CAAC;AAGtF,4CAA4C;AAC5C,MAAM,UAAU,OAAO,CAAC,IAAW;IACjC,OAAO,EAAE,IAAI,EAAE,CAAC;AAClB,CAAC;AAKD,gEAAgE;AAChE,MAAM,UAAU,WAAW,CAAC,QAAkB,EAAE,OAAc;IAC5D,MAAM,MAAM,GAAG,CAAC,IAAW,EAAW,EAAE,CAAC,WAAW,CAAC,EAAE,GAAG,QAAQ,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAClF,OAAO,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,CAAC;AACxC,CAAC"}

package/esm/abstract/bls.d.ts

@@ -1,190 +0,0 @@
-/**
- * BLS != BLS.
- * The file implements BLS (Boneh-Lynn-Shacham) signatures.
- * Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
- * families of pairing-friendly curves.
- * Consists of two curves: G1 and G2:
- * - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4.
- * - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1
- * - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in
- *   Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not.
- * Pairing is used to aggregate and verify signatures.
- * There are two modes of operation:
- * - Long signatures:  X-byte keys + 2X-byte sigs (G1 keys + G2 sigs).
- * - Short signatures: 2X-byte keys + X-byte sigs (G2 keys + G1 sigs).
- * @module
- **/
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { type CHash, type Hex, type PrivKey } from '../utils.ts';
-import { type H2CHasher, type H2CHashOpts, type H2COpts, type htfBasicOpts, type MapToCurve } from './hash-to-curve.ts';
-import { type IField } from './modular.ts';
-import type { Fp12, Fp12Bls, Fp2, Fp2Bls, Fp6Bls } from './tower.ts';
-import { type CurvePointsRes, type CurvePointsType, type WeierstrassPoint, type WeierstrassPointCons } from './weierstrass.ts';
-type Fp = bigint;
-export type TwistType = 'multiplicative' | 'divisive';
-export type ShortSignatureCoder<Fp> = {
-    fromBytes(bytes: Uint8Array): WeierstrassPoint<Fp>;
-    fromHex(hex: Hex): WeierstrassPoint<Fp>;
-    toBytes(point: WeierstrassPoint<Fp>): Uint8Array;
-    toHex(point: WeierstrassPoint<Fp>): string;
-    /** @deprecated use `toBytes` */
-    toRawBytes(point: WeierstrassPoint<Fp>): Uint8Array;
-};
-export type SignatureCoder<Fp> = {
-    fromBytes(bytes: Uint8Array): WeierstrassPoint<Fp>;
-    fromHex(hex: Hex): WeierstrassPoint<Fp>;
-    toBytes(point: WeierstrassPoint<Fp>): Uint8Array;
-    toHex(point: WeierstrassPoint<Fp>): string;
-    /** @deprecated use `toBytes` */
-    toRawBytes(point: WeierstrassPoint<Fp>): Uint8Array;
-};
-export type BlsFields = {
-    Fp: IField<Fp>;
-    Fr: IField<bigint>;
-    Fp2: Fp2Bls;
-    Fp6: Fp6Bls;
-    Fp12: Fp12Bls;
-};
-export type PostPrecomputePointAddFn = (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy: Fp2) => {
-    Rx: Fp2;
-    Ry: Fp2;
-    Rz: Fp2;
-};
-export type PostPrecomputeFn = (Rx: Fp2, Ry: Fp2, Rz: Fp2, Qx: Fp2, Qy: Fp2, pointAdd: PostPrecomputePointAddFn) => void;
-export type BlsPairing = {
-    Fp12: Fp12Bls;
-    calcPairingPrecomputes: (p: WeierstrassPoint<Fp2>) => Precompute;
-    millerLoopBatch: (pairs: [Precompute, Fp, Fp][]) => Fp12;
-    pairing: (P: WeierstrassPoint<Fp>, Q: WeierstrassPoint<Fp2>, withFinalExponent?: boolean) => Fp12;
-    pairingBatch: (pairs: {
-        g1: WeierstrassPoint<Fp>;
-        g2: WeierstrassPoint<Fp2>;
-    }[], withFinalExponent?: boolean) => Fp12;
-};
-export type BlsPairingParams = {
-    ateLoopSize: bigint;
-    xNegative: boolean;
-    twistType: TwistType;
-    postPrecompute?: PostPrecomputeFn;
-};
-export type CurveType = {
-    G1: CurvePointsType<Fp> & {
-        ShortSignature: SignatureCoder<Fp>;
-        mapToCurve: MapToCurve<Fp>;
-        htfDefaults: H2COpts;
-    };
-    G2: CurvePointsType<Fp2> & {
-        Signature: SignatureCoder<Fp2>;
-        mapToCurve: MapToCurve<Fp2>;
-        htfDefaults: H2COpts;
-    };
-    fields: BlsFields;
-    params: {
-        ateLoopSize: BlsPairingParams['ateLoopSize'];
-        xNegative: BlsPairingParams['xNegative'];
-        r: bigint;
-        twistType: BlsPairingParams['twistType'];
-    };
-    htfDefaults: H2COpts;
-    hash: CHash;
-    randomBytes?: (bytesLength?: number) => Uint8Array;
-    postPrecompute?: PostPrecomputeFn;
-};
-type PrecomputeSingle = [Fp2, Fp2, Fp2][];
-type Precompute = PrecomputeSingle[];
-/**
- * BLS consists of two curves: G1 and G2:
- * - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4.
- * - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1
- */
-export interface BLSCurvePair {
-    longSignatures: BLSSigs<bigint, Fp2>;
-    shortSignatures: BLSSigs<Fp2, bigint>;
-    millerLoopBatch: BlsPairing['millerLoopBatch'];
-    pairing: BlsPairing['pairing'];
-    pairingBatch: BlsPairing['pairingBatch'];
-    G1: {
-        Point: WeierstrassPointCons<bigint>;
-    } & H2CHasher<Fp>;
-    G2: {
-        Point: WeierstrassPointCons<Fp2>;
-    } & H2CHasher<Fp2>;
-    fields: {
-        Fp: IField<Fp>;
-        Fp2: Fp2Bls;
-        Fp6: Fp6Bls;
-        Fp12: Fp12Bls;
-        Fr: IField<bigint>;
-    };
-    utils: {
-        randomSecretKey: () => Uint8Array;
-        /** @deprecated use randomSecretKey */
-        randomPrivateKey: () => Uint8Array;
-        calcPairingPrecomputes: BlsPairing['calcPairingPrecomputes'];
-    };
-}
-export type CurveFn = BLSCurvePair & {
-    /** @deprecated use `longSignatures.getPublicKey` */
-    getPublicKey: (secretKey: PrivKey) => Uint8Array;
-    /** @deprecated use `shortSignatures.getPublicKey` */
-    getPublicKeyForShortSignatures: (secretKey: PrivKey) => Uint8Array;
-    /** @deprecated use `longSignatures.sign` */
-    sign: {
-        (message: Hex, secretKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
-        (message: WeierstrassPoint<Fp2>, secretKey: PrivKey, htfOpts?: htfBasicOpts): WeierstrassPoint<Fp2>;
-    };
-    /** @deprecated use `shortSignatures.sign` */
-    signShortSignature: {
-        (message: Hex, secretKey: PrivKey, htfOpts?: htfBasicOpts): Uint8Array;
-        (message: WeierstrassPoint<Fp>, secretKey: PrivKey, htfOpts?: htfBasicOpts): WeierstrassPoint<Fp>;
-    };
-    /** @deprecated use `longSignatures.verify` */
-    verify: (signature: Hex | WeierstrassPoint<Fp2>, message: Hex | WeierstrassPoint<Fp2>, publicKey: Hex | WeierstrassPoint<Fp>, htfOpts?: htfBasicOpts) => boolean;
-    /** @deprecated use `shortSignatures.verify` */
-    verifyShortSignature: (signature: Hex | WeierstrassPoint<Fp>, message: Hex | WeierstrassPoint<Fp>, publicKey: Hex | WeierstrassPoint<Fp2>, htfOpts?: htfBasicOpts) => boolean;
-    verifyBatch: (signature: Hex | WeierstrassPoint<Fp2>, messages: (Hex | WeierstrassPoint<Fp2>)[], publicKeys: (Hex | WeierstrassPoint<Fp>)[], htfOpts?: htfBasicOpts) => boolean;
-    /** @deprecated use `longSignatures.aggregatePublicKeys` */
-    aggregatePublicKeys: {
-        (publicKeys: Hex[]): Uint8Array;
-        (publicKeys: WeierstrassPoint<Fp>[]): WeierstrassPoint<Fp>;
-    };
-    /** @deprecated use `longSignatures.aggregateSignatures` */
-    aggregateSignatures: {
-        (signatures: Hex[]): Uint8Array;
-        (signatures: WeierstrassPoint<Fp2>[]): WeierstrassPoint<Fp2>;
-    };
-    /** @deprecated use `shortSignatures.aggregateSignatures` */
-    aggregateShortSignatures: {
-        (signatures: Hex[]): Uint8Array;
-        (signatures: WeierstrassPoint<Fp>[]): WeierstrassPoint<Fp>;
-    };
-    G1: CurvePointsRes<Fp> & H2CHasher<Fp>;
-    G2: CurvePointsRes<Fp2> & H2CHasher<Fp2>;
-    /** @deprecated use `longSignatures.Signature` */
-    Signature: SignatureCoder<Fp2>;
-    /** @deprecated use `shortSignatures.Signature` */
-    ShortSignature: ShortSignatureCoder<Fp>;
-    params: {
-        ateLoopSize: bigint;
-        r: bigint;
-        twistType: TwistType;
-        /** @deprecated */
-        G1b: bigint;
-        /** @deprecated */
-        G2b: Fp2;
-    };
-};
-type BLSInput = Hex | Uint8Array;
-export interface BLSSigs<P, S> {
-    getPublicKey(secretKey: PrivKey): WeierstrassPoint<P>;
-    sign(hashedMessage: WeierstrassPoint<S>, secretKey: PrivKey): WeierstrassPoint<S>;
-    verify(signature: WeierstrassPoint<S> | BLSInput, message: WeierstrassPoint<S>, publicKey: WeierstrassPoint<P> | BLSInput): boolean;
-    verifyBatch: (signature: WeierstrassPoint<S> | BLSInput, messages: WeierstrassPoint<S>[], publicKeys: (WeierstrassPoint<P> | BLSInput)[]) => boolean;
-    aggregatePublicKeys(publicKeys: (WeierstrassPoint<P> | BLSInput)[]): WeierstrassPoint<P>;
-    aggregateSignatures(signatures: (WeierstrassPoint<S> | BLSInput)[]): WeierstrassPoint<S>;
-    hash(message: Uint8Array, DST?: string | Uint8Array, hashOpts?: H2CHashOpts): WeierstrassPoint<S>;
-    Signature: SignatureCoder<S>;
-}
-export declare function bls(CURVE: CurveType): CurveFn;
-export {};
-//# sourceMappingURL=bls.d.ts.map

package/esm/abstract/bls.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"bls.d.ts","sourceRoot":"","sources":["../../src/abstract/bls.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;IAeI;AACJ,sEAAsE;AACtE,OAAO,EAKL,KAAK,KAAK,EACV,KAAK,GAAG,EACR,KAAK,OAAO,EACb,MAAM,aAAa,CAAC;AAErB,OAAO,EAEL,KAAK,SAAS,EACd,KAAK,WAAW,EAChB,KAAK,OAAO,EAEZ,KAAK,YAAY,EACjB,KAAK,UAAU,EAChB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAoC,KAAK,MAAM,EAAE,MAAM,cAAc,CAAC;AAC7E,OAAO,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACrE,OAAO,EAGL,KAAK,cAAc,EACnB,KAAK,eAAe,EACpB,KAAK,gBAAgB,EACrB,KAAK,oBAAoB,EAC1B,MAAM,kBAAkB,CAAC;AAE1B,KAAK,EAAE,GAAG,MAAM,CAAC;AAKjB,MAAM,MAAM,SAAS,GAAG,gBAAgB,GAAG,UAAU,CAAC;AAEtD,MAAM,MAAM,mBAAmB,CAAC,EAAE,IAAI;IACpC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;IAC3C,gCAAgC;IAChC,UAAU,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,cAAc,CAAC,EAAE,IAAI;IAC/B,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;IACxC,OAAO,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;IACjD,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC;IAC3C,gCAAgC;IAChC,UAAU,CAAC,KAAK,EAAE,gBAAgB,CAAC,EAAE,CAAC,GAAG,UAAU,CAAC;CACrD,CAAC;AAEF,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;IACf,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;IACnB,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,IAAI,EAAE,OAAO,CAAC;CACf,CAAC;AAEF,MAAM,MAAM,wBAAwB,GAAG,CACrC,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,KACJ;IAAE,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAC;IAAC,EAAE,EAAE,GAAG,CAAA;CAAE,CAAC;AACnC,MAAM,MAAM,gBAAgB,GAAG,CAC7B,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,EAAE,EAAE,GAAG,EACP,QAAQ,EAAE,wBAAwB,KAC/B,IAAI,CAAC;AACV,MAAM,MAAM,UAAU,GAAG;IACvB,IAAI,EAAE,OAAO,CAAC;IACd,sBAAsB,EAAE,CAAC,CAAC,EAAE,gBAAgB,CAAC,GAAG,CAAC,KAAK,UAAU,CAAC;IACjE,eAAe,EAAE,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,IAAI,CAAC;IACzD,OAAO,EAAE,CAAC,CAAC,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE,iBAAiB,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;IAClG,YAAY,EAAE,CACZ,KAAK,EAAE;QAAE,EAAE,EAAE,gBAAgB,CAAC,EAAE,CAAC,CAAC;QAAC,EAAE,EAAE,gBAAgB,CAAC,GAAG,CAAC,CAAA;KAAE,EAAE,EAChE,iBAAiB,CAAC,EAAE,OAAO,KACxB,IAAI,CAAC;CACX,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAG;IAI7B,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,OAAO,CAAC;IACnB,SAAS,EAAE,SAAS,CAAC;IAErB,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AACF,MAAM,MAAM,SAAS,GAAG;IACtB,EAAE,EAAE,eAAe,CAAC,EAAE,CAAC,GAAG;QACxB,cAAc,EAAE,cAAc,CAAC,EAAE,CAAC,CAAC;QACnC,UAAU,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC;QAC3B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,EAAE,EAAE,eAAe,CAAC,GAAG,CAAC,GAAG;QACzB,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;QAC/B,UAAU,EAAE,UAAU,CAAC,GAAG,CAAC,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC;KACtB,CAAC;IACF,MAAM,EAAE,SAAS,CAAC;IAClB,MAAM,EAAE;QAIN,WAAW,EAAE,gBAAgB,CAAC,aAAa,CAAC,CAAC;QAC7C,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,gBAAgB,CAAC,WAAW,CAAC,CAAC;KAC1C,CAAC;IACF,WAAW,EAAE,OAAO,CAAC;IACrB,IAAI,EAAE,KAAK,CAAC;IACZ,WAAW,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;IAEnD,cAAc,CAAC,EAAE,gBAAgB,CAAC;CACnC,CAAC;AAEF,KAAK,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC;AAC1C,KAAK,UAAU,GAAG,gBAAgB,EAAE,CAAC;AAErC;;;;GAIG;AACH,MAAM,WAAW,YAAY;IAC3B,cAAc,EAAE,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IACrC,eAAe,EAAE,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;IACtC,eAAe,EAAE,UAAU,CAAC,iBAAiB,CAAC,CAAC;IAC/C,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,CAAC;IAC/B,YAAY,EAAE,UAAU,CAAC,cAAc,CAAC,CAAC;IACzC,EAAE,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAA;KAAE,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IAC5D,EAAE,EAAE;QAAE,KAAK,EAAE,oBAAoB,CAAC,GAAG,CAAC,CAAA;KAAE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IAC1D,MAAM,EAAE;QACN,EAAE,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QACf,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,OAAO,CAAC;QACd,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC;KACpB,CAAC;IACF,KAAK,EAAE;QACL,eAAe,EAAE,MAAM,UAAU,CAAC;QAClC,sCAAsC;QACtC,gBAAgB,EAAE,MAAM,UAAU,CAAC;QACnC,sBAAsB,EAAE,UAAU,CAAC,wBAAwB,CAAC,CAAC;KAC9D,CAAC;CACH;AAED,MAAM,MAAM,OAAO,GAAG,YAAY,GAAG;IACnC,oDAAoD;IACpD,YAAY,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,UAAU,CAAC;IACjD,qDAAqD;IACrD,8BAA8B,EAAE,CAAC,SAAS,EAAE,OAAO,KAAK,UAAU,CAAC;IACnE,4CAA4C;IAC5C,IAAI,EAAE;QACJ,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACvE,CACE,OAAO,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAC9B,SAAS,EAAE,OAAO,EAClB,OAAO,CAAC,EAAE,YAAY,GACrB,gBAAgB,CAAC,GAAG,CAAC,CAAC;KAC1B,CAAC;IACF,6CAA6C;IAC7C,kBAAkB,EAAE;QAClB,CAAC,OAAO,EAAE,GAAG,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,YAAY,GAAG,UAAU,CAAC;QACvE,CACE,OAAO,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAC7B,SAAS,EAAE,OAAO,EAClB,OAAO,CAAC,EAAE,YAAY,GACrB,gBAAgB,CAAC,EAAE,CAAC,CAAC;KACzB,CAAC;IACF,8CAA8C;IAC9C,MAAM,EAAE,CACN,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACtC,OAAO,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACpC,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,EACrC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,+CAA+C;IAC/C,oBAAoB,EAAE,CACpB,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,EACrC,OAAO,EAAE,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,EACnC,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACtC,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,WAAW,EAAE,CACX,SAAS,EAAE,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,EACtC,QAAQ,EAAE,CAAC,GAAG,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC,EAAE,EACzC,UAAU,EAAE,CAAC,GAAG,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC,EAAE,EAC1C,OAAO,CAAC,EAAE,YAAY,KACnB,OAAO,CAAC;IACb,2DAA2D;IAC3D,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;KAC5D,CAAC;IACF,2DAA2D;IAC3D,mBAAmB,EAAE;QACnB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,gBAAgB,CAAC,GAAG,CAAC,EAAE,GAAG,gBAAgB,CAAC,GAAG,CAAC,CAAC;KAC9D,CAAC;IACF,4DAA4D;IAC5D,wBAAwB,EAAE;QACxB,CAAC,UAAU,EAAE,GAAG,EAAE,GAAG,UAAU,CAAC;QAChC,CAAC,UAAU,EAAE,gBAAgB,CAAC,EAAE,CAAC,EAAE,GAAG,gBAAgB,CAAC,EAAE,CAAC,CAAC;KAC5D,CAAC;IACF,EAAE,EAAE,cAAc,CAAC,EAAE,CAAC,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;IACvC,EAAE,EAAE,cAAc,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC;IACzC,iDAAiD;IACjD,SAAS,EAAE,cAAc,CAAC,GAAG,CAAC,CAAC;IAC/B,kDAAkD;IAClD,cAAc,EAAE,mBAAmB,CAAC,EAAE,CAAC,CAAC;IACxC,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,CAAC,EAAE,MAAM,CAAC;QACV,SAAS,EAAE,SAAS,CAAC;QACrB,kBAAkB;QAClB,GAAG,EAAE,MAAM,CAAC;QACZ,kBAAkB;QAClB,GAAG,EAAE,GAAG,CAAC;KACV,CAAC;CACH,CAAC;AAEF,KAAK,QAAQ,GAAG,GAAG,GAAG,UAAU,CAAC;AACjC,MAAM,WAAW,OAAO,CAAC,CAAC,EAAE,CAAC;IAC3B,YAAY,CAAC,SAAS,EAAE,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACtD,IAAI,CAAC,aAAa,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,OAAO,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClF,MAAM,CACJ,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,EACzC,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAC5B,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,GACxC,OAAO,CAAC;IACX,WAAW,EAAE,CACX,SAAS,EAAE,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,EACzC,QAAQ,EAAE,gBAAgB,CAAC,CAAC,CAAC,EAAE,EAC/B,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,KAC3C,OAAO,CAAC;IACb,mBAAmB,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzF,mBAAmB,CAAC,UAAU,EAAE,CAAC,gBAAgB,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,EAAE,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IACzF,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,EAAE,MAAM,GAAG,UAAU,EAAE,QAAQ,CAAC,EAAE,WAAW,GAAG,gBAAgB,CAAC,CAAC,CAAC,CAAC;IAClG,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC;CAC9B;AA6SD,wBAAgB,GAAG,CAAC,KAAK,EAAE,SAAS,GAAG,OAAO,CAiL7C"}

package/esm/abstract/bls.js

@@ -1,408 +0,0 @@
-/**
- * BLS != BLS.
- * The file implements BLS (Boneh-Lynn-Shacham) signatures.
- * Used in both BLS (Barreto-Lynn-Scott) and BN (Barreto-Naehrig)
- * families of pairing-friendly curves.
- * Consists of two curves: G1 and G2:
- * - G1 is a subgroup of (x, y) E(Fq) over y² = x³ + 4.
- * - G2 is a subgroup of ((x₁, x₂+i), (y₁, y₂+i)) E(Fq²) over y² = x³ + 4(1 + i) where i is √-1
- * - Gt, created by bilinear (ate) pairing e(G1, G2), consists of p-th roots of unity in
- *   Fq^k where k is embedding degree. Only degree 12 is currently supported, 24 is not.
- * Pairing is used to aggregate and verify signatures.
- * There are two modes of operation:
- * - Long signatures:  X-byte keys + 2X-byte sigs (G1 keys + G2 sigs).
- * - Short signatures: 2X-byte keys + X-byte sigs (G2 keys + G1 sigs).
- * @module
- **/
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { abytes, ensureBytes, memoized, randomBytes, } from "../utils.js";
-import { normalizeZ } from "./curve.js";
-import { createHasher, } from "./hash-to-curve.js";
-import { getMinHashLength, mapHashToField } from "./modular.js";
-import { _normFnElement, weierstrassPoints, } from "./weierstrass.js";
-// prettier-ignore
-const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
-// Not used with BLS12-381 (no sequential `11` in X). Useful for other curves.
-function NAfDecomposition(a) {
-    const res = [];
-    // a>1 because of marker bit
-    for (; a > _1n; a >>= _1n) {
-        if ((a & _1n) === _0n)
-            res.unshift(0);
-        else if ((a & _3n) === _3n) {
-            res.unshift(-1);
-            a += _1n;
-        }
-        else
-            res.unshift(1);
-    }
-    return res;
-}
-function aNonEmpty(arr) {
-    if (!Array.isArray(arr) || arr.length === 0)
-        throw new Error('expected non-empty array');
-}
-// This should be enough for bn254, no need to export full stuff?
-function createBlsPairing(fields, G1, G2, params) {
-    const { Fp2, Fp12 } = fields;
-    const { twistType, ateLoopSize, xNegative, postPrecompute } = params;
-    // Applies sparse multiplication as line function
-    let lineFunction;
-    if (twistType === 'multiplicative') {
-        lineFunction = (c0, c1, c2, f, Px, Py) => Fp12.mul014(f, c0, Fp2.mul(c1, Px), Fp2.mul(c2, Py));
-    }
-    else if (twistType === 'divisive') {
-        // NOTE: it should be [c0, c1, c2], but we use different order here to reduce complexity of
-        // precompute calculations.
-        lineFunction = (c0, c1, c2, f, Px, Py) => Fp12.mul034(f, Fp2.mul(c2, Py), Fp2.mul(c1, Px), c0);
-    }
-    else
-        throw new Error('bls: unknown twist type');
-    const Fp2div2 = Fp2.div(Fp2.ONE, Fp2.mul(Fp2.ONE, _2n));
-    function pointDouble(ell, Rx, Ry, Rz) {
-        const t0 = Fp2.sqr(Ry); // Ry²
-        const t1 = Fp2.sqr(Rz); // Rz²
-        const t2 = Fp2.mulByB(Fp2.mul(t1, _3n)); // 3 * T1 * B
-        const t3 = Fp2.mul(t2, _3n); // 3 * T2
-        const t4 = Fp2.sub(Fp2.sub(Fp2.sqr(Fp2.add(Ry, Rz)), t1), t0); // (Ry + Rz)² - T1 - T0
-        const c0 = Fp2.sub(t2, t0); // T2 - T0 (i)
-        const c1 = Fp2.mul(Fp2.sqr(Rx), _3n); // 3 * Rx²
-        const c2 = Fp2.neg(t4); // -T4 (-h)
-        ell.push([c0, c1, c2]);
-        Rx = Fp2.mul(Fp2.mul(Fp2.mul(Fp2.sub(t0, t3), Rx), Ry), Fp2div2); // ((T0 - T3) * Rx * Ry) / 2
-        Ry = Fp2.sub(Fp2.sqr(Fp2.mul(Fp2.add(t0, t3), Fp2div2)), Fp2.mul(Fp2.sqr(t2), _3n)); // ((T0 + T3) / 2)² - 3 * T2²
-        Rz = Fp2.mul(t0, t4); // T0 * T4
-        return { Rx, Ry, Rz };
-    }
-    function pointAdd(ell, Rx, Ry, Rz, Qx, Qy) {
-        // Addition
-        const t0 = Fp2.sub(Ry, Fp2.mul(Qy, Rz)); // Ry - Qy * Rz
-        const t1 = Fp2.sub(Rx, Fp2.mul(Qx, Rz)); // Rx - Qx * Rz
-        const c0 = Fp2.sub(Fp2.mul(t0, Qx), Fp2.mul(t1, Qy)); // T0 * Qx - T1 * Qy == Ry * Qx  - Rx * Qy
-        const c1 = Fp2.neg(t0); // -T0 == Qy * Rz - Ry
-        const c2 = t1; // == Rx - Qx * Rz
-        ell.push([c0, c1, c2]);
-        const t2 = Fp2.sqr(t1); // T1²
-        const t3 = Fp2.mul(t2, t1); // T2 * T1
-        const t4 = Fp2.mul(t2, Rx); // T2 * Rx
-        const t5 = Fp2.add(Fp2.sub(t3, Fp2.mul(t4, _2n)), Fp2.mul(Fp2.sqr(t0), Rz)); // T3 - 2 * T4 + T0² * Rz
-        Rx = Fp2.mul(t1, t5); // T1 * T5
-        Ry = Fp2.sub(Fp2.mul(Fp2.sub(t4, t5), t0), Fp2.mul(t3, Ry)); // (T4 - T5) * T0 - T3 * Ry
-        Rz = Fp2.mul(Rz, t3); // Rz * T3
-        return { Rx, Ry, Rz };
-    }
-    // Pre-compute coefficients for sparse multiplication
-    // Point addition and point double calculations is reused for coefficients
-    // pointAdd happens only if bit set, so wNAF is reasonable. Unfortunately we cannot combine
-    // add + double in windowed precomputes here, otherwise it would be single op (since X is static)
-    const ATE_NAF = NAfDecomposition(ateLoopSize);
-    const calcPairingPrecomputes = memoized((point) => {
-        const p = point;
-        const { x, y } = p.toAffine();
-        // prettier-ignore
-        const Qx = x, Qy = y, negQy = Fp2.neg(y);
-        // prettier-ignore
-        let Rx = Qx, Ry = Qy, Rz = Fp2.ONE;
-        const ell = [];
-        for (const bit of ATE_NAF) {
-            const cur = [];
-            ({ Rx, Ry, Rz } = pointDouble(cur, Rx, Ry, Rz));
-            if (bit)
-                ({ Rx, Ry, Rz } = pointAdd(cur, Rx, Ry, Rz, Qx, bit === -1 ? negQy : Qy));
-            ell.push(cur);
-        }
-        if (postPrecompute) {
-            const last = ell[ell.length - 1];
-            postPrecompute(Rx, Ry, Rz, Qx, Qy, pointAdd.bind(null, last));
-        }
-        return ell;
-    });
-    function millerLoopBatch(pairs, withFinalExponent = false) {
-        let f12 = Fp12.ONE;
-        if (pairs.length) {
-            const ellLen = pairs[0][0].length;
-            for (let i = 0; i < ellLen; i++) {
-                f12 = Fp12.sqr(f12); // This allows us to do sqr only one time for all pairings
-                // NOTE: we apply multiple pairings in parallel here
-                for (const [ell, Px, Py] of pairs) {
-                    for (const [c0, c1, c2] of ell[i])
-                        f12 = lineFunction(c0, c1, c2, f12, Px, Py);
-                }
-            }
-        }
-        if (xNegative)
-            f12 = Fp12.conjugate(f12);
-        return withFinalExponent ? Fp12.finalExponentiate(f12) : f12;
-    }
-    // Calculates product of multiple pairings
-    // This up to x2 faster than just `map(({g1, g2})=>pairing({g1,g2}))`
-    function pairingBatch(pairs, withFinalExponent = true) {
-        const res = [];
-        // Cache precomputed toAffine for all points
-        normalizeZ(G1, pairs.map(({ g1 }) => g1));
-        normalizeZ(G2, pairs.map(({ g2 }) => g2));
-        for (const { g1, g2 } of pairs) {
-            if (g1.is0() || g2.is0())
-                throw new Error('pairing is not available for ZERO point');
-            // This uses toAffine inside
-            g1.assertValidity();
-            g2.assertValidity();
-            const Qa = g1.toAffine();
-            res.push([calcPairingPrecomputes(g2), Qa.x, Qa.y]);
-        }
-        return millerLoopBatch(res, withFinalExponent);
-    }
-    // Calculates bilinear pairing
-    function pairing(Q, P, withFinalExponent = true) {
-        return pairingBatch([{ g1: Q, g2: P }], withFinalExponent);
-    }
-    return {
-        Fp12, // NOTE: we re-export Fp12 here because pairing results are Fp12!
-        millerLoopBatch,
-        pairing,
-        pairingBatch,
-        calcPairingPrecomputes,
-    };
-}
-function createBlsSig(blsPairing, PubCurve, SigCurve, SignatureCoder, isSigG1) {
-    const { Fp12, pairingBatch } = blsPairing;
-    function normPub(point) {
-        return point instanceof PubCurve.Point ? point : PubCurve.Point.fromHex(point);
-    }
-    function normSig(point) {
-        return point instanceof SigCurve.Point ? point : SigCurve.Point.fromHex(point);
-    }
-    function amsg(m) {
-        if (!(m instanceof SigCurve.Point))
-            throw new Error(`expected valid message hashed to ${!isSigG1 ? 'G2' : 'G1'} curve`);
-        return m;
-    }
-    // What matters here is what point pairing API accepts as G1 or G2, not actual size or names
-    const pair = !isSigG1
-        ? (a, b) => ({ g1: a, g2: b })
-        : (a, b) => ({ g1: b, g2: a });
-    return {
-        // P = pk x G
-        getPublicKey(secretKey) {
-            // TODO: replace with
-            // const sec = PubCurve.Point.Fn.fromBytes(secretKey);
-            const sec = _normFnElement(PubCurve.Point.Fn, secretKey);
-            return PubCurve.Point.BASE.multiply(sec);
-        },
-        // S = pk x H(m)
-        sign(message, secretKey, unusedArg) {
-            if (unusedArg != null)
-                throw new Error('sign() expects 2 arguments');
-            // TODO: replace with
-            // PubCurve.Point.Fn.fromBytes(secretKey)
-            const sec = _normFnElement(PubCurve.Point.Fn, secretKey);
-            amsg(message).assertValidity();
-            return message.multiply(sec);
-        },
-        // Checks if pairing of public key & hash is equal to pairing of generator & signature.
-        // e(P, H(m)) == e(G, S)
-        // e(S, G) == e(H(m), P)
-        verify(signature, message, publicKey, unusedArg) {
-            if (unusedArg != null)
-                throw new Error('verify() expects 3 arguments');
-            signature = normSig(signature);
-            publicKey = normPub(publicKey);
-            const P = publicKey.negate();
-            const G = PubCurve.Point.BASE;
-            const Hm = amsg(message);
-            const S = signature;
-            // This code was changed in 1.9.x:
-            // Before it was G.negate() in G2, now it's always pubKey.negate
-            // e(P, -Q)===e(-P, Q)==e(P, Q)^-1. Negate can be done anywhere (as long it is done once per pair).
-            // We just moving sign, but since pairing is multiplicative, we doing X * X^-1 = 1
-            const exp = pairingBatch([pair(P, Hm), pair(G, S)]);
-            return Fp12.eql(exp, Fp12.ONE);
-        },
-        // https://ethresear.ch/t/fast-verification-of-multiple-bls-signatures/5407
-        // e(G, S) = e(G, SUM(n)(Si)) = MUL(n)(e(G, Si))
-        // TODO: maybe `{message: G2Hex, publicKey: G1Hex}[]` instead?
-        verifyBatch(signature, messages, publicKeys) {
-            aNonEmpty(messages);
-            if (publicKeys.length !== messages.length)
-                throw new Error('amount of public keys and messages should be equal');
-            const sig = normSig(signature);
-            const nMessages = messages;
-            const nPublicKeys = publicKeys.map(normPub);
-            // NOTE: this works only for exact same object
-            const messagePubKeyMap = new Map();
-            for (let i = 0; i < nPublicKeys.length; i++) {
-                const pub = nPublicKeys[i];
-                const msg = nMessages[i];
-                let keys = messagePubKeyMap.get(msg);
-                if (keys === undefined) {
-                    keys = [];
-                    messagePubKeyMap.set(msg, keys);
-                }
-                keys.push(pub);
-            }
-            const paired = [];
-            const G = PubCurve.Point.BASE;
-            try {
-                for (const [msg, keys] of messagePubKeyMap) {
-                    const groupPublicKey = keys.reduce((acc, msg) => acc.add(msg));
-                    paired.push(pair(groupPublicKey, msg));
-                }
-                paired.push(pair(G.negate(), sig));
-                return Fp12.eql(pairingBatch(paired), Fp12.ONE);
-            }
-            catch {
-                return false;
-            }
-        },
-        // Adds a bunch of public key points together.
-        // pk1 + pk2 + pk3 = pkA
-        aggregatePublicKeys(publicKeys) {
-            aNonEmpty(publicKeys);
-            publicKeys = publicKeys.map((pub) => normPub(pub));
-            const agg = publicKeys.reduce((sum, p) => sum.add(p), PubCurve.Point.ZERO);
-            agg.assertValidity();
-            return agg;
-        },
-        // Adds a bunch of signature points together.
-        // pk1 + pk2 + pk3 = pkA
-        aggregateSignatures(signatures) {
-            aNonEmpty(signatures);
-            signatures = signatures.map((sig) => normSig(sig));
-            const agg = signatures.reduce((sum, s) => sum.add(s), SigCurve.Point.ZERO);
-            agg.assertValidity();
-            return agg;
-        },
-        hash(messageBytes, DST) {
-            abytes(messageBytes);
-            const opts = DST ? { DST } : undefined;
-            return SigCurve.hashToCurve(messageBytes, opts);
-        },
-        Signature: SignatureCoder,
-    };
-}
-// G1_Point: ProjConstructor<bigint>, G2_Point: ProjConstructor<Fp2>,
-export function bls(CURVE) {
-    // Fields are specific for curve, so for now we'll need to pass them with opts
-    const { Fp, Fr, Fp2, Fp6, Fp12 } = CURVE.fields;
-    // Point on G1 curve: (x, y)
-    const G1_ = weierstrassPoints(CURVE.G1);
-    const G1 = Object.assign(G1_, createHasher(G1_.Point, CURVE.G1.mapToCurve, {
-        ...CURVE.htfDefaults,
-        ...CURVE.G1.htfDefaults,
-    }));
-    // Point on G2 curve (complex numbers): (x₁, x₂+i), (y₁, y₂+i)
-    const G2_ = weierstrassPoints(CURVE.G2);
-    const G2 = Object.assign(G2_, createHasher(G2_.Point, CURVE.G2.mapToCurve, {
-        ...CURVE.htfDefaults,
-        ...CURVE.G2.htfDefaults,
-    }));
-    const pairingRes = createBlsPairing(CURVE.fields, G1.Point, G2.Point, {
-        ...CURVE.params,
-        postPrecompute: CURVE.postPrecompute,
-    });
-    const { millerLoopBatch, pairing, pairingBatch, calcPairingPrecomputes } = pairingRes;
-    const longSignatures = createBlsSig(pairingRes, G1, G2, CURVE.G2.Signature, false);
-    const shortSignatures = createBlsSig(pairingRes, G2, G1, CURVE.G1.ShortSignature, true);
-    const rand = CURVE.randomBytes || randomBytes;
-    const randomSecretKey = () => {
-        const length = getMinHashLength(Fr.ORDER);
-        return mapHashToField(rand(length), Fr.ORDER);
-    };
-    const utils = {
-        randomSecretKey,
-        randomPrivateKey: randomSecretKey,
-        calcPairingPrecomputes,
-    };
-    const { ShortSignature } = CURVE.G1;
-    const { Signature } = CURVE.G2;
-    function normP1Hash(point, htfOpts) {
-        return point instanceof G1.Point
-            ? point
-            : shortSignatures.hash(ensureBytes('point', point), htfOpts?.DST);
-    }
-    function normP2Hash(point, htfOpts) {
-        return point instanceof G2.Point
-            ? point
-            : longSignatures.hash(ensureBytes('point', point), htfOpts?.DST);
-    }
-    function getPublicKey(privateKey) {
-        return longSignatures.getPublicKey(privateKey).toBytes(true);
-    }
-    function getPublicKeyForShortSignatures(privateKey) {
-        return shortSignatures.getPublicKey(privateKey).toBytes(true);
-    }
-    function sign(message, privateKey, htfOpts) {
-        const Hm = normP2Hash(message, htfOpts);
-        const S = longSignatures.sign(Hm, privateKey);
-        return message instanceof G2.Point ? S : Signature.toBytes(S);
-    }
-    function signShortSignature(message, privateKey, htfOpts) {
-        const Hm = normP1Hash(message, htfOpts);
-        const S = shortSignatures.sign(Hm, privateKey);
-        return message instanceof G1.Point ? S : ShortSignature.toBytes(S);
-    }
-    function verify(signature, message, publicKey, htfOpts) {
-        const Hm = normP2Hash(message, htfOpts);
-        return longSignatures.verify(signature, Hm, publicKey);
-    }
-    function verifyShortSignature(signature, message, publicKey, htfOpts) {
-        const Hm = normP1Hash(message, htfOpts);
-        return shortSignatures.verify(signature, Hm, publicKey);
-    }
-    function aggregatePublicKeys(publicKeys) {
-        const agg = longSignatures.aggregatePublicKeys(publicKeys);
-        return publicKeys[0] instanceof G1.Point ? agg : agg.toBytes(true);
-    }
-    function aggregateSignatures(signatures) {
-        const agg = longSignatures.aggregateSignatures(signatures);
-        return signatures[0] instanceof G2.Point ? agg : Signature.toBytes(agg);
-    }
-    function aggregateShortSignatures(signatures) {
-        const agg = shortSignatures.aggregateSignatures(signatures);
-        return signatures[0] instanceof G1.Point ? agg : ShortSignature.toBytes(agg);
-    }
-    function verifyBatch(signature, messages, publicKeys, htfOpts) {
-        const Hm = messages.map((m) => normP2Hash(m, htfOpts));
-        return longSignatures.verifyBatch(signature, Hm, publicKeys);
-    }
-    G1.Point.BASE.precompute(4);
-    return {
-        longSignatures,
-        shortSignatures,
-        millerLoopBatch,
-        pairing,
-        pairingBatch,
-        verifyBatch,
-        fields: {
-            Fr,
-            Fp,
-            Fp2,
-            Fp6,
-            Fp12,
-        },
-        params: {
-            ateLoopSize: CURVE.params.ateLoopSize,
-            twistType: CURVE.params.twistType,
-            // deprecated
-            r: CURVE.params.r,
-            G1b: CURVE.G1.b,
-            G2b: CURVE.G2.b,
-        },
-        utils,
-        // deprecated
-        getPublicKey,
-        getPublicKeyForShortSignatures,
-        sign,
-        signShortSignature,
-        verify,
-        verifyShortSignature,
-        aggregatePublicKeys,
-        aggregateSignatures,
-        aggregateShortSignatures,
-        G1,
-        G2,
-        Signature,
-        ShortSignature,
-    };
-}
-//# sourceMappingURL=bls.js.map