@noble/curves 1.9.7 → 2.0.0-beta.2

package/bn254.d.ts

@@ -1,18 +1,66 @@
-import { type CurveFn as BLSCurveFn, type PostPrecomputeFn } from './abstract/bls.ts';
+/**
+ * bn254, previously known as alt_bn_128, when it had 128-bit security.
+
+Barbulescu-Duquesne 2017 shown it's weaker: just about 100 bits,
+so the naming has been adjusted to its prime bit count:
+https://hal.science/hal-01534101/file/main.pdf.
+Compatible with EIP-196 and EIP-197.
+
+There are huge compatibility issues in the ecosystem:
+
+1. Different libraries call it in different ways: "bn254", "bn256", "alt_bn128", "bn128".
+2. libff has bn128, but it's a different curve with different G2:
+   https://github.com/scipr-lab/libff/blob/a44f482e18b8ac04d034c193bd9d7df7817ad73f/libff/algebra/curves/bn128/bn128_init.cpp#L166-L169
+3. halo2curves bn256 is also incompatible and returns different outputs
+
+We don't implement Point methods toHex / toBytes.
+To work around this limitation, has to initialize points on their own from BigInts.
+Reason it's not implemented is because [there is no standard](https://github.com/privacy-scaling-explorations/halo2curves/issues/109).
+Points of divergence:
+
+- Endianness: LE vs BE (byte-swapped)
+- Flags as first hex bits (similar to BLS) vs no-flags
+- Imaginary part last in G2 vs first (c0, c1 vs c1, c0)
+
+The goal of our implementation is to support "Ethereum" variant of the curve,
+because it at least has specs:
+
+- EIP196 (https://eips.ethereum.org/EIPS/eip-196) describes bn254 ECADD and ECMUL opcodes for EVM
+- EIP197 (https://eips.ethereum.org/EIPS/eip-197) describes bn254 pairings
+- It's hard: EIPs don't have proper tests. EIP-197 returns boolean output instead of Fp12
+- The existing implementations are bad. Some are deprecated:
+    - https://github.com/paritytech/bn (old version)
+    - https://github.com/ewasm/ethereum-bn128.rs (uses paritytech/bn)
+    - https://github.com/zcash-hackworks/bn
+    - https://github.com/arkworks-rs/curves/blob/master/bn254/src/lib.rs
+- Python implementations use different towers and produce different Fp12 outputs:
+    - https://github.com/ethereum/py_pairing
+    - https://github.com/ethereum/execution-specs/blob/master/src/ethereum/crypto/alt_bn128.py
+- Points are encoded differently in different implementations
+
+### Params
+Seed (X): 4965661367192848881
+Fr: (36x⁴+36x³+18x²+6x+1)
+Fp: (36x⁴+36x³+24x²+6x+1)
+(E  / Fp ): Y² = X³+3
+(Et / Fp²): Y² = X³+3/(u+9) (D-type twist)
+Ate loop size: 6x+2
+
+### Towers
+- Fp²[u] = Fp/u²+1
+- Fp⁶[v] = Fp²/v³-9-u
+- Fp¹²[w] = Fp⁶/w²-v
+
+ * @module
+ */
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+import { type BlsCurvePair, type BlsPostPrecomputeFn } from './abstract/bls.ts';
 import { type IField } from './abstract/modular.ts';
-import { type CurveFn } from './abstract/weierstrass.ts';
 export declare const bn254_Fr: IField<bigint>;
-export declare const _postPrecompute: PostPrecomputeFn;
+export declare const _postPrecompute: BlsPostPrecomputeFn;
 /**
  * bn254 (a.k.a. alt_bn128) pairing-friendly curve.
  * Contains G1 / G2 operations and pairings.
  */
-export declare const bn254: BLSCurveFn;
-/**
- * bn254 weierstrass curve with ECDSA.
- * This is very rare and probably not used anywhere.
- * Instead, you should use G1 / G2, defined above.
- * @deprecated
- */
-export declare const bn254_weierstrass: CurveFn;
+export declare const bn254: BlsCurvePair;
 //# sourceMappingURL=bn254.d.ts.map

package/bn254.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bn254.d.ts","sourceRoot":"","sources":["src/bn254.ts"],"names":[],"mappings":"AAyDA,OAAO,EAEL,KAAK,OAAO,IAAI,UAAU,EAC1B,KAAK,gBAAgB,EAEtB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAS,KAAK,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAG3D,OAAO,EAAE,KAAK,OAAO,EAAqC,MAAM,2BAA2B,CAAC;AAsB5F,eAAO,MAAM,QAAQ,EAAE,MAAM,CAAC,MAAM,CAA2B,CAAC;AAsDhE,eAAO,MAAM,eAAe,EAAE,gBAY7B,CAAC;AAmBF;;;GAGG;AACH,eAAO,MAAM,KAAK,EAAE,UAgDlB,CAAC;AAEH;;;;;GAKG;AACH,eAAO,MAAM,iBAAiB,EAAE,OAS9B,CAAC"}
+{"version":3,"file":"bn254.d.ts","sourceRoot":"","sources":["src/bn254.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,sEAAsE;AACtE,OAAO,EAEL,KAAK,YAAY,EACjB,KAAK,mBAAmB,EAEzB,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAS,KAAK,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAyB3D,eAAO,MAAM,QAAQ,EAAE,MAAM,CAAC,MAAM,CAA2B,CAAC;AAoChE,eAAO,MAAM,eAAe,EAAE,mBAY7B,CAAC;AA8EF;;;GAGG;AAEH,eAAO,MAAM,KAAK,EAAE,YAAiE,CAAC"}

package/bn254.js

@@ -1,6 +1,3 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.bn254_weierstrass = exports.bn254 = exports._postPrecompute = exports.bn254_Fr = void 0;
 /**
  * bn254, previously known as alt_bn_128, when it had 128-bit security.
 
@@ -57,17 +54,16 @@ Ate loop size: 6x+2
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const sha2_js_1 = require("@noble/hashes/sha2.js");
-const bls_ts_1 = require("./abstract/bls.js");
-const modular_ts_1 = require("./abstract/modular.js");
-const tower_ts_1 = require("./abstract/tower.js");
-const weierstrass_ts_1 = require("./abstract/weierstrass.js");
-const utils_ts_1 = require("./utils.js");
+import { blsBasic, } from "./abstract/bls.js";
+import { Field } from "./abstract/modular.js";
+import { psiFrobenius, tower12 } from "./abstract/tower.js";
+import { weierstrass } from "./abstract/weierstrass.js";
+import { bitLen } from "./utils.js";
 // prettier-ignore
 const _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
 const _6n = BigInt(6);
 const BN_X = BigInt('4965661367192848881');
-const BN_X_LEN = (0, utils_ts_1.bitLen)(BN_X);
+const BN_X_LEN = bitLen(BN_X);
 const SIX_X_SQUARED = _6n * BN_X ** _2n;
 const bn254_G1_CURVE = {
     p: BigInt('0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47'),
@@ -80,13 +76,13 @@ const bn254_G1_CURVE = {
 };
 // r == n
 // Finite field over r. It's for convenience and is not used in the code below.
-exports.bn254_Fr = (0, modular_ts_1.Field)(bn254_G1_CURVE.n);
+export const bn254_Fr = Field(bn254_G1_CURVE.n);
 // Fp2.div(Fp2.mul(Fp2.ONE, _3n), Fp2.NONRESIDUE)
 const Fp2B = {
     c0: BigInt('19485874751759354771024239261021720505790618469301721065564631296452457478373'),
     c1: BigInt('266929791119991161246907387137283842545076965332900288569378510910307636690'),
 };
-const { Fp, Fp2, Fp6, Fp12 } = (0, tower_ts_1.tower12)({
+const { Fp, Fp2, Fp6, Fp12 } = tower12({
     ORDER: bn254_G1_CURVE.p,
     X_LEN: BN_X_LEN,
     FP2_NONRESIDUE: [BigInt(9), _1n],
@@ -105,31 +101,13 @@ const { Fp, Fp2, Fp6, Fp12 } = (0, tower_ts_1.tower12)({
     },
 });
 // END OF CURVE FIELDS
-const { G2psi, psi } = (0, tower_ts_1.psiFrobenius)(Fp, Fp2, Fp2.NONRESIDUE);
-/*
-No hashToCurve for now (and signatures):
-
-- RFC 9380 doesn't mention bn254 and doesn't provide test vectors
-- Overall seems like nobody is using BLS signatures on top of bn254
-- Seems like it can utilize SVDW, which is not implemented yet
-*/
-const htfDefaults = Object.freeze({
-    // DST: a domain separation tag defined in section 2.2.5
-    DST: 'BN254G2_XMD:SHA-256_SVDW_RO_',
-    encodeDST: 'BN254G2_XMD:SHA-256_SVDW_RO_',
-    p: Fp.ORDER,
-    m: 2,
-    k: 128,
-    expand: 'xmd',
-    hash: sha2_js_1.sha256,
-});
-const _postPrecompute = (Rx, Ry, Rz, Qx, Qy, pointAdd) => {
+const { G2psi, psi } = psiFrobenius(Fp, Fp2, Fp2.NONRESIDUE);
+export const _postPrecompute = (Rx, Ry, Rz, Qx, Qy, pointAdd) => {
     const q = psi(Qx, Qy);
     ({ Rx, Ry, Rz } = pointAdd(Rx, Ry, Rz, q[0], q[1]));
     const q2 = psi(q[0], q[1]);
     pointAdd(Rx, Ry, Rz, q2[0], Fp2.neg(q2[1]));
 };
-exports._postPrecompute = _postPrecompute;
 // cofactor: (36 * X^4) + (36 * X^3) + (30 * X^2) + 6*X + 1
 const bn254_G2_CURVE = {
     p: Fp2.ORDER,
@@ -146,73 +124,67 @@ const bn254_G2_CURVE = {
         BigInt('4082367875863433681332203403145435568316851327593401208105741076214120093531'),
     ]),
 };
+const fields = { Fp, Fp2, Fp6, Fp12, Fr: bn254_Fr };
+const bn254_G1 = weierstrass(bn254_G1_CURVE, {
+    Fp,
+    Fn: bn254_Fr,
+    allowInfinityPoint: true,
+});
+const bn254_G2 = weierstrass(bn254_G2_CURVE, {
+    Fp: Fp2,
+    Fn: bn254_Fr,
+    allowInfinityPoint: true,
+    isTorsionFree: (c, P) => P.multiplyUnsafe(SIX_X_SQUARED).equals(G2psi(c, P)), // [p]P = [6X^2]P
+});
+/*
+No hashToCurve for now (and signatures):
+
+- RFC 9380 doesn't mention bn254 and doesn't provide test vectors
+- Overall seems like nobody is using BLS signatures on top of bn254
+- Seems like it can utilize SVDW, which is not implemented yet
+*/
+// const htfDefaults = Object.freeze({
+//   // DST: a domain separation tag defined in section 2.2.5
+//   DST: 'BN254G2_XMD:SHA-256_SVDW_RO_',
+//   encodeDST: 'BN254G2_XMD:SHA-256_SVDW_RO_',
+//   p: Fp.ORDER,
+//   m: 2,
+//   k: 128,
+//   expand: 'xmd',
+//   hash: sha256,
+// });
+// const hasherOpts = {
+//   { ...htfDefaults, m: 1, DST: 'BN254G2_XMD:SHA-256_SVDW_RO_' }
+// };
+const bn254_params = {
+    ateLoopSize: BN_X * _6n + _2n,
+    r: bn254_Fr.ORDER,
+    xNegative: false,
+    twistType: 'divisive',
+    postPrecompute: _postPrecompute,
+};
+// const bn254_hasher = {
+//   hasherOpts: htfDefaults,
+//   hasherOptsG1: { m: 1, DST: 'BN254G2_XMD:SHA-256_SVDW_RO_' },
+//   hasherOptsG2: htfDefaults
+// };
+// G2_heff     hEff: BigInt('21888242871839275222246405745257275088844257914179612981679871602714643921549'),
+// fromBytes: notImplemented,
+// toBytes: notImplemented,
+// mapToCurve: notImplemented,
+// fromBytes: notImplemented,
+// toBytes: notImplemented,
+// ShortSignature: {
+//   fromBytes: notImplemented,
+//   fromHex: notImplemented,
+//   toBytes: notImplemented,
+//   toRawBytes: notImplemented,
+//   toHex: notImplemented,
+// },
 /**
  * bn254 (a.k.a. alt_bn128) pairing-friendly curve.
  * Contains G1 / G2 operations and pairings.
  */
-exports.bn254 = (0, bls_ts_1.bls)({
-    // Fields
-    fields: { Fp, Fp2, Fp6, Fp12, Fr: exports.bn254_Fr },
-    G1: {
-        ...bn254_G1_CURVE,
-        Fp,
-        htfDefaults: { ...htfDefaults, m: 1, DST: 'BN254G2_XMD:SHA-256_SVDW_RO_' },
-        wrapPrivateKey: true,
-        allowInfinityPoint: true,
-        mapToCurve: utils_ts_1.notImplemented,
-        fromBytes: utils_ts_1.notImplemented,
-        toBytes: utils_ts_1.notImplemented,
-        ShortSignature: {
-            fromBytes: utils_ts_1.notImplemented,
-            fromHex: utils_ts_1.notImplemented,
-            toBytes: utils_ts_1.notImplemented,
-            toRawBytes: utils_ts_1.notImplemented,
-            toHex: utils_ts_1.notImplemented,
-        },
-    },
-    G2: {
-        ...bn254_G2_CURVE,
-        Fp: Fp2,
-        hEff: BigInt('21888242871839275222246405745257275088844257914179612981679871602714643921549'),
-        htfDefaults: { ...htfDefaults },
-        wrapPrivateKey: true,
-        allowInfinityPoint: true,
-        isTorsionFree: (c, P) => P.multiplyUnsafe(SIX_X_SQUARED).equals(G2psi(c, P)), // [p]P = [6X^2]P
-        mapToCurve: utils_ts_1.notImplemented,
-        fromBytes: utils_ts_1.notImplemented,
-        toBytes: utils_ts_1.notImplemented,
-        Signature: {
-            fromBytes: utils_ts_1.notImplemented,
-            fromHex: utils_ts_1.notImplemented,
-            toBytes: utils_ts_1.notImplemented,
-            toRawBytes: utils_ts_1.notImplemented,
-            toHex: utils_ts_1.notImplemented,
-        },
-    },
-    params: {
-        ateLoopSize: BN_X * _6n + _2n,
-        r: exports.bn254_Fr.ORDER,
-        xNegative: false,
-        twistType: 'divisive',
-    },
-    htfDefaults,
-    hash: sha2_js_1.sha256,
-    postPrecompute: exports._postPrecompute,
-});
-/**
- * bn254 weierstrass curve with ECDSA.
- * This is very rare and probably not used anywhere.
- * Instead, you should use G1 / G2, defined above.
- * @deprecated
- */
-exports.bn254_weierstrass = (0, weierstrass_ts_1.weierstrass)({
-    a: BigInt(0),
-    b: BigInt(3),
-    Fp,
-    n: BigInt('21888242871839275222246405745257275088548364400416034343698204186575808495617'),
-    Gx: BigInt(1),
-    Gy: BigInt(2),
-    h: BigInt(1),
-    hash: sha2_js_1.sha256,
-});
+// bn254_hasher
+export const bn254 = blsBasic(fields, bn254_G1, bn254_G2, bn254_params);
 //# sourceMappingURL=bn254.js.map

package/bn254.js.map

@@ -1 +1 @@
-{"version":3,"file":"bn254.js","sourceRoot":"","sources":["src/bn254.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,sEAAsE;AACtE,mDAA+C;AAC/C,8CAK2B;AAC3B,sDAA2D;AAE3D,kDAA4D;AAC5D,8DAA4F;AAC5F,yCAAoD;AACpD,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACzE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAC3C,MAAM,QAAQ,GAAG,IAAA,iBAAM,EAAC,IAAI,CAAC,CAAC;AAC9B,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC;AAExC,MAAM,cAAc,GAA4B;IAC9C,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG;IACN,EAAE,EAAE,GAAG;IACP,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;CACd,CAAC;AAEF,SAAS;AACT,+EAA+E;AAClE,QAAA,QAAQ,GAAmB,IAAA,kBAAK,EAAC,cAAc,CAAC,CAAC,CAAC,CAAC;AAEhE,iDAAiD;AACjD,MAAM,IAAI,GAAG;IACX,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,6EAA6E,CAAC;CAC1F,CAAC;AAEF,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,IAAA,kBAAO,EAAC;IACrC,KAAK,EAAE,cAAc,CAAC,CAAC;IACvB,KAAK,EAAE,QAAQ;IACf,cAAc,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;IAChC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC;IACtC,qBAAqB,EAAE,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,SAAS,GAAG,CAAC,GAAS,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,GAAG,CACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,EACrD,IAAI,CAAC,GAAG,CACN,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAClE,CACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,sBAAsB;AACtB,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,IAAA,uBAAY,EAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;AAE7D;;;;;;EAME;AACF,MAAM,WAAW,GAAG,MAAM,CAAC,MAAM,CAAC;IAChC,wDAAwD;IACxD,GAAG,EAAE,8BAA8B;IACnC,SAAS,EAAE,8BAA8B;IACzC,CAAC,EAAE,EAAE,CAAC,KAAK;IACX,CAAC,EAAE,CAAC;IACJ,CAAC,EAAE,GAAG;IACN,MAAM,EAAE,KAAK;IACb,IAAI,EAAE,gBAAM;CACb,CAAC,CAAC;AAEI,MAAM,eAAe,GAAqB,CAC/C,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,QAAkC,EAClC,EAAE;IACF,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC,CAAC;AAZW,QAAA,eAAe,mBAY1B;AAEF,2DAA2D;AAC3D,MAAM,cAAc,GAAyB;IAC3C,CAAC,EAAE,GAAG,CAAC,KAAK;IACZ,CAAC,EAAE,cAAc,CAAC,CAAC;IACnB,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,GAAG,CAAC,IAAI;IACX,CAAC,EAAE,IAAI;IACP,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;QACnB,MAAM,CAAC,+EAA+E,CAAC;QACvF,MAAM,CAAC,+EAA+E,CAAC;KACxF,CAAC;IACF,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;QACnB,MAAM,CAAC,8EAA8E,CAAC;QACtF,MAAM,CAAC,8EAA8E,CAAC;KACvF,CAAC;CACH,CAAC;AAEF;;;GAGG;AACU,QAAA,KAAK,GAAe,IAAA,YAAG,EAAC;IACnC,SAAS;IACT,MAAM,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,gBAAQ,EAAE;IAC5C,EAAE,EAAE;QACF,GAAG,cAAc;QACjB,EAAE;QACF,WAAW,EAAE,EAAE,GAAG,WAAW,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,8BAA8B,EAAE;QAC1E,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;QACxB,UAAU,EAAE,yBAAc;QAC1B,SAAS,EAAE,yBAAc;QACzB,OAAO,EAAE,yBAAc;QACvB,cAAc,EAAE;YACd,SAAS,EAAE,yBAAc;YACzB,OAAO,EAAE,yBAAc;YACvB,OAAO,EAAE,yBAAc;YACvB,UAAU,EAAE,yBAAc;YAC1B,KAAK,EAAE,yBAAc;SACtB;KACF;IACD,EAAE,EAAE;QACF,GAAG,cAAc;QACjB,EAAE,EAAE,GAAG;QACP,IAAI,EAAE,MAAM,CAAC,+EAA+E,CAAC;QAC7F,WAAW,EAAE,EAAE,GAAG,WAAW,EAAE;QAC/B,cAAc,EAAE,IAAI;QACpB,kBAAkB,EAAE,IAAI;QACxB,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,iBAAiB;QAC/F,UAAU,EAAE,yBAAc;QAC1B,SAAS,EAAE,yBAAc;QACzB,OAAO,EAAE,yBAAc;QACvB,SAAS,EAAE;YACT,SAAS,EAAE,yBAAc;YACzB,OAAO,EAAE,yBAAc;YACvB,OAAO,EAAE,yBAAc;YACvB,UAAU,EAAE,yBAAc;YAC1B,KAAK,EAAE,yBAAc;SACtB;KACF;IACD,MAAM,EAAE;QACN,WAAW,EAAE,IAAI,GAAG,GAAG,GAAG,GAAG;QAC7B,CAAC,EAAE,gBAAQ,CAAC,KAAK;QACjB,SAAS,EAAE,KAAK;QAChB,SAAS,EAAE,UAAU;KACtB;IACD,WAAW;IACX,IAAI,EAAE,gBAAM;IACZ,cAAc,EAAE,uBAAe;CAChC,CAAC,CAAC;AAEH;;;;;GAKG;AACU,QAAA,iBAAiB,GAAY,IAAA,4BAAW,EAAC;IACpD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,EAAE;IACF,CAAC,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC1F,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;IACb,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,IAAI,EAAE,gBAAM;CACb,CAAC,CAAC"}
+{"version":3,"file":"bn254.js","sourceRoot":"","sources":["src/bn254.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAsDG;AACH,sEAAsE;AACtE,OAAO,EACL,QAAQ,GAIT,MAAM,mBAAmB,CAAC;AAC3B,OAAO,EAAE,KAAK,EAAe,MAAM,uBAAuB,CAAC;AAE3D,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAC5D,OAAO,EAAE,WAAW,EAAwB,MAAM,2BAA2B,CAAC;AAC9E,OAAO,EAAE,MAAM,EAAE,MAAM,YAAY,CAAC;AACpC,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AACzE,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;AAEtB,MAAM,IAAI,GAAG,MAAM,CAAC,qBAAqB,CAAC,CAAC;AAC3C,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC;AAC9B,MAAM,aAAa,GAAG,GAAG,GAAG,IAAI,IAAI,GAAG,CAAC;AAExC,MAAM,cAAc,GAA4B;IAC9C,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG;IACN,CAAC,EAAE,GAAG;IACN,EAAE,EAAE,GAAG;IACP,EAAE,EAAE,MAAM,CAAC,CAAC,CAAC;CACd,CAAC;AAEF,SAAS;AACT,+EAA+E;AAC/E,MAAM,CAAC,MAAM,QAAQ,GAAmB,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;AAEhE,iDAAiD;AACjD,MAAM,IAAI,GAAG;IACX,EAAE,EAAE,MAAM,CAAC,+EAA+E,CAAC;IAC3F,EAAE,EAAE,MAAM,CAAC,6EAA6E,CAAC;CAC1F,CAAC;AAEF,MAAM,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IACrC,KAAK,EAAE,cAAc,CAAC,CAAC;IACvB,KAAK,EAAE,QAAQ;IACf,cAAc,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC;IAChC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC;IACtC,qBAAqB,EAAE,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,SAAS,GAAG,CAAC,GAAS,EAAE,EAAE,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;QAChF,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;QACxD,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;QAChD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;QACpD,MAAM,EAAE,GAAG,SAAS,CAAC,EAAE,CAAC,CAAC;QACzB,MAAM,EAAE,GAAG,SAAS,CAAC,IAAI,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC;QACjD,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC,GAAG,CACb,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,EACrD,IAAI,CAAC,GAAG,CACN,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAClE,CACF,CAAC;IACJ,CAAC;CACF,CAAC,CAAC;AAEH,sBAAsB;AACtB,MAAM,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,YAAY,CAAC,EAAE,EAAE,GAAG,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC;AAE7D,MAAM,CAAC,MAAM,eAAe,GAAwB,CAClD,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,EAAO,EACP,QAAqC,EACrC,EAAE;IACF,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;IACtB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,GAAG,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACpD,MAAM,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9C,CAAC,CAAC;AAEF,2DAA2D;AAC3D,MAAM,cAAc,GAAyB;IAC3C,CAAC,EAAE,GAAG,CAAC,KAAK;IACZ,CAAC,EAAE,cAAc,CAAC,CAAC;IACnB,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,GAAG,CAAC,IAAI;IACX,CAAC,EAAE,IAAI;IACP,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;QACnB,MAAM,CAAC,+EAA+E,CAAC;QACvF,MAAM,CAAC,+EAA+E,CAAC;KACxF,CAAC;IACF,EAAE,EAAE,GAAG,CAAC,YAAY,CAAC;QACnB,MAAM,CAAC,8EAA8E,CAAC;QACtF,MAAM,CAAC,8EAA8E,CAAC;KACvF,CAAC;CACH,CAAC;AAEF,MAAM,MAAM,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,QAAQ,EAAE,CAAC;AACpD,MAAM,QAAQ,GAAG,WAAW,CAAC,cAAc,EAAE;IAC3C,EAAE;IACF,EAAE,EAAE,QAAQ;IACZ,kBAAkB,EAAE,IAAI;CACzB,CAAC,CAAC;AACH,MAAM,QAAQ,GAAG,WAAW,CAAC,cAAc,EAAE;IAC3C,EAAE,EAAE,GAAG;IACP,EAAE,EAAE,QAAQ;IACZ,kBAAkB,EAAE,IAAI;IACxB,aAAa,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,iBAAiB;CAChG,CAAC,CAAC;AACH;;;;;;EAME;AACF,sCAAsC;AACtC,6DAA6D;AAC7D,yCAAyC;AACzC,+CAA+C;AAC/C,iBAAiB;AACjB,UAAU;AACV,YAAY;AACZ,mBAAmB;AACnB,kBAAkB;AAClB,MAAM;AACN,uBAAuB;AACvB,kEAAkE;AAClE,KAAK;AACL,MAAM,YAAY,GAAG;IACnB,WAAW,EAAE,IAAI,GAAG,GAAG,GAAG,GAAG;IAC7B,CAAC,EAAE,QAAQ,CAAC,KAAK;IACjB,SAAS,EAAE,KAAK;IAChB,SAAS,EAAE,UAAmB;IAC9B,cAAc,EAAE,eAAe;CAChC,CAAC;AACF,yBAAyB;AACzB,6BAA6B;AAC7B,iEAAiE;AACjE,8BAA8B;AAC9B,KAAK;AACL,6GAA6G;AAC7G,6BAA6B;AAC7B,2BAA2B;AAE3B,8BAA8B;AAC9B,6BAA6B;AAC7B,2BAA2B;AAC3B,oBAAoB;AACpB,+BAA+B;AAC/B,6BAA6B;AAC7B,6BAA6B;AAC7B,gCAAgC;AAChC,2BAA2B;AAC3B,KAAK;AAEL;;;GAGG;AACH,eAAe;AACf,MAAM,CAAC,MAAM,KAAK,GAAiB,QAAQ,CAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,YAAY,CAAC,CAAC"}

package/ed25519.d.ts

@@ -1,44 +1,47 @@
 import { type AffinePoint } from './abstract/curve.ts';
-import { PrimeEdwardsPoint, type CurveFn, type EdwardsPoint } from './abstract/edwards.ts';
-import { type H2CHasher, type H2CHasherBase, type H2CMethod, type htfBasicOpts } from './abstract/hash-to-curve.ts';
+import { PrimeEdwardsPoint, type EdDSA, type EdwardsPoint, type EdwardsPointCons } from './abstract/edwards.ts';
+import { type H2CHasher, type H2CHasherBase } from './abstract/hash-to-curve.ts';
 import { type IField } from './abstract/modular.ts';
-import { type MontgomeryECDH as XCurveFn } from './abstract/montgomery.ts';
-import { type Hex } from './utils.ts';
+import { type MontgomeryECDH } from './abstract/montgomery.ts';
+import { type OPRF } from './abstract/oprf.ts';
 /**
  * ed25519 curve with EdDSA signatures.
  * @example
- * import { ed25519 } from '@noble/curves/ed25519';
+ * ```js
+ * import { ed25519 } from '@noble/curves/ed25519.js';
  * const { secretKey, publicKey } = ed25519.keygen();
- * const msg = new TextEncoder().encode('hello');
- * const sig = ed25519.sign(msg, priv);
- * ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215
- * ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5
+ * // const publicKey = ed25519.getPublicKey(secretKey);
+ * const msg = new TextEncoder().encode('hello noble');
+ * const sig = ed25519.sign(msg, secretKey);
+ * const isValid = ed25519.verify(sig, msg, pub); // ZIP215
+ * // RFC8032 / FIPS 186-5
+ * const isValid2 = ed25519.verify(sig, msg, pub, { zip215: false });
+ * ```
  */
-export declare const ed25519: CurveFn;
-/** Context of ed25519. Uses context for domain separation. */
-export declare const ed25519ctx: CurveFn;
-/** Prehashed version of ed25519. Accepts already-hashed messages in sign() and verify(). */
-export declare const ed25519ph: CurveFn;
+export declare const ed25519: EdDSA;
+/** Context version of ed25519 (ctx for domain separation). See {@link ed25519} */
+export declare const ed25519ctx: EdDSA;
+/** Prehashed version of ed25519. See {@link ed25519} */
+export declare const ed25519ph: EdDSA;
 /**
  * ECDH using curve25519 aka x25519.
  * @example
- * import { x25519 } from '@noble/curves/ed25519';
- * const priv = 'a546e36bf0527c9d3b16154b82465edd62144c0ac1fc5a18506a2244ba449ac4';
- * const pub = 'e6db6867583030db3594c1a424b15f7c726624ec26b3353b10a903a6d0ab1c4c';
- * x25519.getSharedSecret(priv, pub) === x25519.scalarMult(priv, pub); // aliases
- * x25519.getPublicKey(priv) === x25519.scalarMultBase(priv);
- * x25519.getPublicKey(x25519.utils.randomSecretKey());
+ * ```js
+ * import { x25519 } from '@noble/curves/ed25519.js';
+ * const alice = x25519.keygen();
+ * const bob = x25519.keygen();
+ * const shared = x25519.getSharedSecret(alice.secretKey, bob.publicKey);
+ * ```
  */
-export declare const x25519: XCurveFn;
+export declare const x25519: MontgomeryECDH;
 /** Hashing to ed25519 points / field. RFC 9380 methods. */
-export declare const ed25519_hasher: H2CHasher<bigint>;
-type ExtendedPoint = EdwardsPoint;
+export declare const ed25519_hasher: H2CHasher<EdwardsPointCons>;
 /**
  * Wrapper over Edwards Point for ristretto255.
  *
- * Each ed25519/ExtendedPoint has 8 different equivalent points. This can be
+ * Each ed25519/EdwardsPoint has 8 different equivalent points. This can be
  * a source of bugs for protocols like ring signatures. Ristretto was created to solve this.
- * Ristretto point operates in X:Y:Z:T extended coordinates like ExtendedPoint,
+ * Ristretto point operates in X:Y:Z:T extended coordinates like EdwardsPoint,
  * but it should work in its own namespace: do not combine those two.
  * See [RFC9496](https://www.rfc-editor.org/rfc/rfc9496).
  */
@@ -47,20 +50,17 @@ declare class _RistrettoPoint extends PrimeEdwardsPoint<_RistrettoPoint> {
     static ZERO: _RistrettoPoint;
     static Fp: IField<bigint>;
     static Fn: IField<bigint>;
-    constructor(ep: ExtendedPoint);
+    constructor(ep: EdwardsPoint);
     static fromAffine(ap: AffinePoint<bigint>): _RistrettoPoint;
     protected assertSame(other: _RistrettoPoint): void;
     protected init(ep: EdwardsPoint): _RistrettoPoint;
-    /** @deprecated use `import { ristretto255_hasher } from '@noble/curves/ed25519.js';` */
-    static hashToCurve(hex: Hex): _RistrettoPoint;
     static fromBytes(bytes: Uint8Array): _RistrettoPoint;
     /**
      * Converts ristretto-encoded string to ristretto point.
      * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-decode).
      * @param hex Ristretto-encoded 32 bytes. Not every 32-byte string is valid ristretto encoding
      */
-    static fromHex(hex: Hex): _RistrettoPoint;
-    static msm(points: _RistrettoPoint[], scalars: bigint[]): _RistrettoPoint;
+    static fromHex(hex: string): _RistrettoPoint;
     /**
      * Encodes ristretto point to Uint8Array.
      * Described in [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-encode).
@@ -77,7 +77,9 @@ export declare const ristretto255: {
     Point: typeof _RistrettoPoint;
 };
 /** Hashing to ristretto255 points / field. RFC 9380 methods. */
-export declare const ristretto255_hasher: H2CHasherBase<bigint>;
+export declare const ristretto255_hasher: H2CHasherBase<typeof _RistrettoPoint>;
+/** ristretto255 OPRF, defined in RFC 9497. */
+export declare const ristretto255_oprf: OPRF;
 /**
  * Weird / bogus points, useful for debugging.
  * All 8 ed25519 points of 8-torsion subgroup can be generated from the point
@@ -85,22 +87,5 @@ export declare const ristretto255_hasher: H2CHasherBase<bigint>;
  * ⟨T⟩ = { O, T, 2T, 3T, 4T, 5T, 6T, 7T }
  */
 export declare const ED25519_TORSION_SUBGROUP: string[];
-/** @deprecated use `ed25519.utils.toMontgomery` */
-export declare function edwardsToMontgomeryPub(edwardsPub: Hex): Uint8Array;
-/** @deprecated use `ed25519.utils.toMontgomery` */
-export declare const edwardsToMontgomery: typeof edwardsToMontgomeryPub;
-/** @deprecated use `ed25519.utils.toMontgomerySecret` */
-export declare function edwardsToMontgomeryPriv(edwardsPriv: Uint8Array): Uint8Array;
-/** @deprecated use `ristretto255.Point` */
-export declare const RistrettoPoint: typeof _RistrettoPoint;
-/** @deprecated use `import { ed25519_hasher } from '@noble/curves/ed25519.js';` */
-export declare const hashToCurve: H2CMethod<bigint>;
-/** @deprecated use `import { ed25519_hasher } from '@noble/curves/ed25519.js';` */
-export declare const encodeToCurve: H2CMethod<bigint>;
-type RistHasher = (msg: Uint8Array, options: htfBasicOpts) => _RistrettoPoint;
-/** @deprecated use `import { ristretto255_hasher } from '@noble/curves/ed25519.js';` */
-export declare const hashToRistretto255: RistHasher;
-/** @deprecated use `import { ristretto255_hasher } from '@noble/curves/ed25519.js';` */
-export declare const hash_to_ristretto255: RistHasher;
 export {};
 //# sourceMappingURL=ed25519.d.ts.map

package/ed25519.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["src/ed25519.ts"],"names":[],"mappings":"AAUA,OAAO,EAAa,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAClE,OAAO,EACL,iBAAiB,EAEjB,KAAK,OAAO,EAEZ,KAAK,YAAY,EAClB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAIL,KAAK,SAAS,EACd,KAAK,aAAa,EAClB,KAAK,SAAS,EACd,KAAK,YAAY,EAClB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAOL,KAAK,MAAM,EACZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAc,KAAK,cAAc,IAAI,QAAQ,EAAE,MAAM,0BAA0B,CAAC;AACvF,OAAO,EAA4C,KAAK,GAAG,EAAE,MAAM,YAAY,CAAC;AA+FhF;;;;;;;;;GASG;AACH,eAAO,MAAM,OAAO,EAAE,OAAmE,CAAC;AAY1F,8DAA8D;AAC9D,eAAO,MAAM,UAAU,EAAE,OAIlB,CAAC;AAER,4FAA4F;AAC5F,eAAO,MAAM,SAAS,EAAE,OAMlB,CAAC;AAEP;;;;;;;;;GASG;AACH,eAAO,MAAM,MAAM,EAAE,QAYjB,CAAC;AA0EL,2DAA2D;AAC3D,eAAO,MAAM,cAAc,EAAE,SAAS,CAAC,MAAM,CAavC,CAAC;AA6BP,KAAK,aAAa,GAAG,YAAY,CAAC;AAsClC;;;;;;;;GAQG;AACH,cAAM,eAAgB,SAAQ,iBAAiB,CAAC,eAAe,CAAC;IAI9D,MAAM,CAAC,IAAI,EAAE,eAAe,CACwC;IAEpE,MAAM,CAAC,IAAI,EAAE,eAAe,CACwC;IAEpE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CACM;IAE/B,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CACM;gBAEnB,EAAE,EAAE,aAAa;IAI7B,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,eAAe;IAI3D,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI;IAIlD,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,GAAG,eAAe;IAIjD,wFAAwF;IACxF,MAAM,CAAC,WAAW,CAAC,GAAG,EAAE,GAAG,GAAG,eAAe;IAI7C,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,eAAe;IA4BpD;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,GAAG,GAAG,eAAe;IAIzC,MAAM,CAAC,GAAG,CAAC,MAAM,EAAE,eAAe,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,eAAe;IAIzE;;;OAGG;IACH,OAAO,IAAI,UAAU;IA4BrB;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO;IAWvC,GAAG,IAAI,OAAO;CAGf;AAED,eAAO,MAAM,YAAY,EAAE;IACzB,KAAK,EAAE,OAAO,eAAe,CAAC;CACF,CAAC;AAE/B,gEAAgE;AAChE,eAAO,MAAM,mBAAmB,EAAE,aAAa,CAAC,MAAM,CAUrD,CAAC;AAUF;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,EAS5C,CAAC;AAEF,mDAAmD;AACnD,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,GAAG,GAAG,UAAU,CAElE;AACD,mDAAmD;AACnD,eAAO,MAAM,mBAAmB,EAAE,OAAO,sBAA+C,CAAC;AAEzF,yDAAyD;AACzD,wBAAgB,uBAAuB,CAAC,WAAW,EAAE,UAAU,GAAG,UAAU,CAE3E;AAED,2CAA2C;AAC3C,eAAO,MAAM,cAAc,EAAE,OAAO,eAAiC,CAAC;AACtE,mFAAmF;AACnF,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,MAAM,CAAwD,CAAC;AACnG,mFAAmF;AACnF,eAAO,MAAM,aAAa,EAAE,SAAS,CAAC,MAAM,CACX,CAAC;AAClC,KAAK,UAAU,GAAG,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,EAAE,YAAY,KAAK,eAAe,CAAC;AAC9E,wFAAwF;AACxF,eAAO,MAAM,kBAAkB,EAAE,UACiB,CAAC;AACnD,wFAAwF;AACxF,eAAO,MAAM,oBAAoB,EAAE,UACe,CAAC"}
+{"version":3,"file":"ed25519.d.ts","sourceRoot":"","sources":["src/ed25519.ts"],"names":[],"mappings":"AAUA,OAAO,EAAE,KAAK,WAAW,EAAE,MAAM,qBAAqB,CAAC;AACvD,OAAO,EAGL,iBAAiB,EACjB,KAAK,KAAK,EAGV,KAAK,YAAY,EACjB,KAAK,gBAAgB,EACtB,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAKL,KAAK,SAAS,EACd,KAAK,aAAa,EACnB,MAAM,6BAA6B,CAAC;AACrC,OAAO,EAML,KAAK,MAAM,EACZ,MAAM,uBAAuB,CAAC;AAC/B,OAAO,EAAc,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAC3E,OAAO,EAAc,KAAK,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAmG3D;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,OAAO,EAAE,KAA8B,CAAC;AACrD,kFAAkF;AAClF,eAAO,MAAM,UAAU,EAAE,KAAsD,CAAC;AAChF,wDAAwD;AACxD,eAAO,MAAM,SAAS,EAAE,KAAuE,CAAC;AAEhG;;;;;;;;;GASG;AACH,eAAO,MAAM,MAAM,EAAE,cAYjB,CAAC;AA0EL,2DAA2D;AAC3D,eAAO,MAAM,cAAc,EAAE,SAAS,CAAC,gBAAgB,CAajD,CAAC;AAuDP;;;;;;;;GAQG;AACH,cAAM,eAAgB,SAAQ,iBAAiB,CAAC,eAAe,CAAC;IAI9D,MAAM,CAAC,IAAI,EAAE,eAAe,CACwC;IAEpE,MAAM,CAAC,IAAI,EAAE,eAAe,CACwC;IAEpE,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CACM;IAE/B,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,MAAM,CAAC,CACM;gBAEnB,EAAE,EAAE,YAAY;IAI5B,MAAM,CAAC,UAAU,CAAC,EAAE,EAAE,WAAW,CAAC,MAAM,CAAC,GAAG,eAAe;IAI3D,SAAS,CAAC,UAAU,CAAC,KAAK,EAAE,eAAe,GAAG,IAAI;IAIlD,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,YAAY,GAAG,eAAe;IAIjD,MAAM,CAAC,SAAS,CAAC,KAAK,EAAE,UAAU,GAAG,eAAe;IA4BpD;;;;OAIG;IACH,MAAM,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe;IAI5C;;;OAGG;IACH,OAAO,IAAI,UAAU;IA4BrB;;;OAGG;IACH,MAAM,CAAC,KAAK,EAAE,eAAe,GAAG,OAAO;IAWvC,GAAG,IAAI,OAAO;CAGf;AAED,eAAO,MAAM,YAAY,EAAE;IACzB,KAAK,EAAE,OAAO,eAAe,CAAC;CACF,CAAC;AAE/B,gEAAgE;AAChE,eAAO,MAAM,mBAAmB,EAAE,aAAa,CAAC,OAAO,eAAe,CA0CrE,CAAC;AAEF,8CAA8C;AAC9C,eAAO,MAAM,iBAAiB,EAAE,IAOzB,CAAC;AAER;;;;;GAKG;AACH,eAAO,MAAM,wBAAwB,EAAE,MAAM,EAS5C,CAAC"}