@noble/curves 2.0.0 → 2.2.0

package/nist.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"nist.d.ts","sourceRoot":"","sources":["src/nist.ts"],"names":[],"mappings":"AAOA,OAAO,EAAgB,KAAK,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAE3E,OAAO,EAAc,KAAK,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAIL,KAAK,KAAK,EAEV,KAAK,oBAAoB,EAC1B,MAAM,2BAA2B,CAAC;AAyEnC;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,IAAI,EAAE,KAAiD,CAAC;AACrE,mEAAmE;AACnE,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAkB5D,CAAC;AACL,sCAAsC;AACtC,eAAO,MAAM,SAAS,EAAE,IAOjB,CAAC;AAIR,qGAAqG;AACrG,eAAO,MAAM,IAAI,EAAE,KAAiD,CAAC;AACrE,mEAAmE;AACnE,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAkB5D,CAAC;AACL,sCAAsC;AACtC,eAAO,MAAM,SAAS,EAAE,IAOjB,CAAC;AAKR,qGAAqG;AACrG,eAAO,MAAM,IAAI,EAAE,KAAiD,CAAC;AACrE,mEAAmE;AACnE,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAkB5D,CAAC;AACL,sCAAsC;AACtC,eAAO,MAAM,SAAS,EAAE,IAOjB,CAAC"}
+{"version":3,"file":"nist.d.ts","sourceRoot":"","sources":["src/nist.ts"],"names":[],"mappings":"AAOA,OAAO,EAAe,KAAK,KAAK,EAAE,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAgB,KAAK,SAAS,EAAE,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAc,KAAK,IAAI,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EAIL,KAAK,KAAK,EAEV,KAAK,oBAAoB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAE,KAAK,IAAI,EAAE,MAAM,YAAY,CAAC;AA4EvC;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,IAAI,EAAE,KAAiD,CAAC;AACrE;;;;;;;;GAQG;AACH,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAkB5D,CAAC;AACL;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,IAAI,CAO1B,CAAC;AACR;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,UAAU,EAAE,IAAI,CAAC,KAAK,CAM5B,CAAC;AAIR;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,IAAI,EAAE,KAAiD,CAAC;AACrE;;;;;;;;GAQG;AACH,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAkB5D,CAAC;AACL;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,IAAI,CAO1B,CAAC;AAmBR;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,EAAE,KAAiD,CAAC;AACrE;;;;;;;;GAQG;AACH,eAAO,MAAM,WAAW,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAkB5D,CAAC;AACL;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,SAAS,EAAE,IAAI,CAAC,IAAI,CAO1B,CAAC"}

package/nist.js

@@ -5,10 +5,11 @@
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 import { sha256, sha384, sha512 } from '@noble/hashes/sha2.js';
+import { createFROST } from "./abstract/frost.js";
 import { createHasher } from "./abstract/hash-to-curve.js";
-import { Field } from "./abstract/modular.js";
-import { createORPF } from "./abstract/oprf.js";
+import { createOPRF } from "./abstract/oprf.js";
 import { ecdsa, mapToCurveSimpleSWU, weierstrass, } from "./abstract/weierstrass.js";
+import {} from "./utils.js";
 // p = 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n - 1n
 // a = Fp256.create(BigInt('-3'));
 const p256_CURVE = /* @__PURE__ */ (() => ({
@@ -41,8 +42,11 @@ const p521_CURVE = /* @__PURE__ */ (() => ({
     Gy: BigInt('0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'),
 }))();
 function createSWU(Point, opts) {
-    const map = mapToCurveSimpleSWU(Point.Fp, opts);
-    return (scalars) => map(scalars[0]);
+    let map;
+    // RFC 9380's NIST suites here all use m = 1, so createHasher passes one field element per map.
+    // Building the SWU sqrt-ratio helper eagerly adds noticeable `nist.js` import cost, so defer it
+    // to first use; after that the cached mapper is reused directly.
+    return (scalars) => (map || (map = mapToCurveSimpleSWU(Point.Fp, opts)))(scalars[0]);
 }
 // NIST P256
 const p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
@@ -51,6 +55,8 @@ const p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
  * Hashes inputs with sha256 by default.
  *
  * @example
+ * Generate one P-256 keypair, sign a message, and verify it.
+ *
  * ```js
  * import { p256 } from '@noble/curves/nist.js';
  * const { secretKey, publicKey } = p256.keygen();
@@ -62,7 +68,15 @@ const p256_Point = /* @__PURE__ */ weierstrass(p256_CURVE);
  * ```
  */
 export const p256 = /* @__PURE__ */ ecdsa(p256_Point, sha256);
-/** Hashing / encoding to p256 points / field. RFC 9380 methods. */
+/**
+ * Hashing / encoding to p256 points / field. RFC 9380 methods.
+ * @example
+ * Hash one message onto the P-256 curve.
+ *
+ * ```ts
+ * const point = p256_hasher.hashToCurve(new TextEncoder().encode('hello noble'));
+ * ```
+ */
 export const p256_hasher = /* @__PURE__ */ (() => {
     return createHasher(p256_Point, createSWU(p256_Point, {
         A: p256_CURVE.a,
@@ -78,19 +92,68 @@ export const p256_hasher = /* @__PURE__ */ (() => {
         hash: sha256,
     });
 })();
-/** p256 OPRF, defined in RFC 9497. */
-export const p256_oprf = /* @__PURE__ */ (() => createORPF({
+/**
+ * p256 OPRF, defined in RFC 9497.
+ * @example
+ * Run one blind/evaluate/finalize OPRF round over P-256.
+ *
+ * ```ts
+ * const input = new TextEncoder().encode('hello noble');
+ * const keys = p256_oprf.oprf.generateKeyPair();
+ * const blind = p256_oprf.oprf.blind(input);
+ * const evaluated = p256_oprf.oprf.blindEvaluate(keys.secretKey, blind.blinded);
+ * const output = p256_oprf.oprf.finalize(input, blind.blind, evaluated);
+ * ```
+ */
+export const p256_oprf = /* @__PURE__ */ (() => createOPRF({
     name: 'P256-SHA256',
     Point: p256_Point,
     hash: sha256,
     hashToGroup: p256_hasher.hashToCurve,
     hashToScalar: p256_hasher.hashToScalar,
 }))();
+/**
+ * FROST threshold signatures over p256. RFC 9591.
+ * @example
+ * Create one trusted-dealer package for 2-of-3 p256 signing.
+ *
+ * ```ts
+ * const alice = p256_FROST.Identifier.derive('alice@example.com');
+ * const bob = p256_FROST.Identifier.derive('bob@example.com');
+ * const carol = p256_FROST.Identifier.derive('carol@example.com');
+ * const deal = p256_FROST.trustedDealer({ min: 2, max: 3 }, [alice, bob, carol]);
+ * ```
+ */
+export const p256_FROST = /* @__PURE__ */ (() => createFROST({
+    name: 'FROST-P256-SHA256-v1',
+    Point: p256_Point,
+    hashToScalar: p256_hasher.hashToScalar,
+    hash: sha256,
+}))();
 // NIST P384
 const p384_Point = /* @__PURE__ */ weierstrass(p384_CURVE);
-/** NIST P384 (aka secp384r1) curve, ECDSA and ECDH methods. Hashes inputs with sha384 by default. */
+/**
+ * NIST P384 (aka secp384r1) curve, ECDSA and ECDH methods. Hashes inputs with sha384 by default.
+ * @example
+ * Generate one P-384 keypair, sign a message, and verify it.
+ *
+ * ```ts
+ * const { secretKey, publicKey } = p384.keygen();
+ * const msg = new TextEncoder().encode('hello noble');
+ * const sig = p384.sign(msg, secretKey);
+ * const isValid = p384.verify(sig, msg, publicKey);
+ * ```
+ */
 export const p384 = /* @__PURE__ */ ecdsa(p384_Point, sha384);
-/** Hashing / encoding to p384 points / field. RFC 9380 methods. */
+/**
+ * Hashing / encoding to p384 points / field. RFC 9380 methods.
+ * @example
+ * Hash one message onto the P-384 curve.
+ *
+ * ```ts
+ * const point = p384_hasher.hashToCurve(new TextEncoder().encode('hello noble'));
+ * ```
+ */
 export const p384_hasher = /* @__PURE__ */ (() => {
     return createHasher(p384_Point, createSWU(p384_Point, {
         A: p384_CURVE.a,
@@ -106,8 +169,20 @@ export const p384_hasher = /* @__PURE__ */ (() => {
         hash: sha384,
     });
 })();
-/** p384 OPRF, defined in RFC 9497. */
-export const p384_oprf = /* @__PURE__ */ (() => createORPF({
+/**
+ * p384 OPRF, defined in RFC 9497.
+ * @example
+ * Run one blind/evaluate/finalize OPRF round over P-384.
+ *
+ * ```ts
+ * const input = new TextEncoder().encode('hello noble');
+ * const keys = p384_oprf.oprf.generateKeyPair();
+ * const blind = p384_oprf.oprf.blind(input);
+ * const evaluated = p384_oprf.oprf.blindEvaluate(keys.secretKey, blind.blinded);
+ * const output = p384_oprf.oprf.finalize(input, blind.blind, evaluated);
+ * ```
+ */
+export const p384_oprf = /* @__PURE__ */ (() => createOPRF({
     name: 'P384-SHA384',
     Point: p384_Point,
     hash: sha384,
@@ -115,11 +190,46 @@ export const p384_oprf = /* @__PURE__ */ (() => createORPF({
     hashToScalar: p384_hasher.hashToScalar,
 }))();
 // NIST P521
-const Fn521 = /* @__PURE__ */ (() => Field(p521_CURVE.n, { allowedLengths: [65, 66] }))();
-const p521_Point = /* @__PURE__ */ weierstrass(p521_CURVE, { Fn: Fn521 });
-/** NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. Hashes inputs with sha512 by default. */
+// RFC 7518 fixes the canonical JWK/JOSE width at 66 bytes:
+// - Section 3.4 says ECDSA octet strings must not omit leading zero octets
+// - Sections 6.2.1.2/6.2.1.3 say P-521 coordinates "x"/"y" must be 66 octets
+// - Section 6.2.2.1 says private scalar "d" must be ceil(log2(n)/8) octets, i.e. 66 for P-521
+// NIST FIPS 186-5 Appendix A.3.3 also routes deterministic ECDSA private keys through Appendix
+// B.2.3, whose Integer-to-Octet-String output has explicit fixed length L; for P-521 that is the
+// same 66-byte order width.
+// RFC 6979 matches that width too: private key x is an integer, while `int2octets(x)` uses
+// rlen = 8 * ceil(qlen/8); for P-521, qlen = 521 so the canonical octet width is 66 bytes.
+// Wycheproof ECDH stores private values as integers, not fixed-width scalar bytes, so it does not
+// require a dedicated 65-byte parser path; the repo tests now normalize those integer fixtures to
+// the canonical 66-byte width before use. There is no good standards or oracle reason to accept
+// exactly 65 bytes here: the coherent choices are canonical 66 only, or a broader integer-style
+// parser across many widths. Since this field parser is fixed-width, keep it canonical and use the
+// default exact-66-byte scalar field path.
+const p521_Point = /* @__PURE__ */ weierstrass(p521_CURVE);
+/**
+ * NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. Hashes inputs with sha512 by default.
+ * Deterministic `keygen(seed)` expects 99 seed bytes here because the generic scalar-derivation
+ * helper uses `getMinHashLength(n)`, not the 66-byte canonical secret-key width.
+ * @example
+ * Generate one P-521 keypair, sign a message, and verify it.
+ *
+ * ```ts
+ * const { secretKey, publicKey } = p521.keygen();
+ * const msg = new TextEncoder().encode('hello noble');
+ * const sig = p521.sign(msg, secretKey);
+ * const isValid = p521.verify(sig, msg, publicKey);
+ * ```
+ */
 export const p521 = /* @__PURE__ */ ecdsa(p521_Point, sha512);
-/** Hashing / encoding to p521 points / field. RFC 9380 methods. */
+/**
+ * Hashing / encoding to p521 points / field. RFC 9380 methods.
+ * @example
+ * Hash one message onto the P-521 curve.
+ *
+ * ```ts
+ * const point = p521_hasher.hashToCurve(new TextEncoder().encode('hello noble'));
+ * ```
+ */
 export const p521_hasher = /* @__PURE__ */ (() => {
     return createHasher(p521_Point, createSWU(p521_Point, {
         A: p521_CURVE.a,
@@ -135,8 +245,20 @@ export const p521_hasher = /* @__PURE__ */ (() => {
         hash: sha512,
     });
 })();
-/** p521 OPRF, defined in RFC 9497. */
-export const p521_oprf = /* @__PURE__ */ (() => createORPF({
+/**
+ * p521 OPRF, defined in RFC 9497.
+ * @example
+ * Run one blind/evaluate/finalize OPRF round over P-521.
+ *
+ * ```ts
+ * const input = new TextEncoder().encode('hello noble');
+ * const keys = p521_oprf.oprf.generateKeyPair();
+ * const blind = p521_oprf.oprf.blind(input);
+ * const evaluated = p521_oprf.oprf.blindEvaluate(keys.secretKey, blind.blinded);
+ * const output = p521_oprf.oprf.finalize(input, blind.blind, evaluated);
+ * ```
+ */
+export const p521_oprf = /* @__PURE__ */ (() => createOPRF({
     name: 'P521-SHA512',
     Point: p521_Point,
     hash: sha512,

package/nist.js.map

@@ -1 +1 @@
-{"version":3,"file":"nist.js","sourceRoot":"","sources":["src/nist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,sEAAsE;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAkB,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,KAAK,EAAE,MAAM,uBAAuB,CAAC;AAC9C,OAAO,EAAE,UAAU,EAAa,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EACL,KAAK,EACL,mBAAmB,EACnB,WAAW,GAIZ,MAAM,2BAA2B,CAAC;AAEnC,wDAAwD;AACxD,kCAAkC;AAClC,MAAM,UAAU,GAA4B,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;CACjF,CAAC,CAAC,EAAE,CAAC;AAEN,mDAAmD;AACnD,MAAM,UAAU,GAA4B,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,EAAE,EAAE,MAAM,CACR,oGAAoG,CACrG;IACD,EAAE,EAAE,MAAM,CACR,oGAAoG,CACrG;CACF,CAAC,CAAC,EAAE,CAAC;AAEN,oBAAoB;AACpB,MAAM,UAAU,GAA4B,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,CAAC,EAAE,MAAM,CACP,uIAAuI,CACxI;IACD,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CACP,uIAAuI,CACxI;IACD,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;CACF,CAAC,CAAC,EAAE,CAAC;AAQN,SAAS,SAAS,CAAC,KAAmC,EAAE,IAAa;IACnE,MAAM,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;IAChD,OAAO,CAAC,OAAiB,EAAE,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,YAAY;AACZ,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC3D;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,MAAM,IAAI,GAAU,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACrE,mEAAmE;AACnE,MAAM,CAAC,MAAM,WAAW,GAA4C,eAAe,CAAC,CAAC,GAAG,EAAE;IACxF,OAAO,YAAY,CACjB,UAAU,EACV,SAAS,CAAC,UAAU,EAAE;QACpB,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KACvC,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AACL,sCAAsC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAS,eAAe,CAAC,CAAC,GAAG,EAAE,CACnD,UAAU,CAAC;IACT,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,WAAW,CAAC,WAAW;IACpC,YAAY,EAAE,WAAW,CAAC,YAAY;CACvC,CAAC,CAAC,EAAE,CAAC;AAER,YAAY;AACZ,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC3D,qGAAqG;AACrG,MAAM,CAAC,MAAM,IAAI,GAAU,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACrE,mEAAmE;AACnE,MAAM,CAAC,MAAM,WAAW,GAA4C,eAAe,CAAC,CAAC,GAAG,EAAE;IACxF,OAAO,YAAY,CACjB,UAAU,EACV,SAAS,CAAC,UAAU,EAAE;QACpB,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KACvC,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AACL,sCAAsC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAS,eAAe,CAAC,CAAC,GAAG,EAAE,CACnD,UAAU,CAAC;IACT,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,WAAW,CAAC,WAAW;IACpC,YAAY,EAAE,WAAW,CAAC,YAAY;CACvC,CAAC,CAAC,EAAE,CAAC;AAER,YAAY;AACZ,MAAM,KAAK,GAAG,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,EAAE,EAAE,cAAc,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAC1F,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;AAC1E,qGAAqG;AACrG,MAAM,CAAC,MAAM,IAAI,GAAU,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACrE,mEAAmE;AACnE,MAAM,CAAC,MAAM,WAAW,GAA4C,eAAe,CAAC,CAAC,GAAG,EAAE;IACxF,OAAO,YAAY,CACjB,UAAU,EACV,SAAS,CAAC,UAAU,EAAE;QACpB,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;KACtC,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AACL,sCAAsC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAS,eAAe,CAAC,CAAC,GAAG,EAAE,CACnD,UAAU,CAAC;IACT,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,WAAW,CAAC,WAAW;IACpC,YAAY,EAAE,WAAW,CAAC,YAAY,EAAE,iCAAiC;CAC1E,CAAC,CAAC,EAAE,CAAC"}
+{"version":3,"file":"nist.js","sourceRoot":"","sources":["src/nist.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,sEAAsE;AACtE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAc,MAAM,qBAAqB,CAAC;AAC9D,OAAO,EAAE,YAAY,EAAkB,MAAM,6BAA6B,CAAC;AAC3E,OAAO,EAAE,UAAU,EAAa,MAAM,oBAAoB,CAAC;AAC3D,OAAO,EACL,KAAK,EACL,mBAAmB,EACnB,WAAW,GAIZ,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAAa,MAAM,YAAY,CAAC;AAEvC,wDAAwD;AACxD,kCAAkC;AAClC,MAAM,UAAU,GAA4B,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,CAAC,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAC/E,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;IAChF,EAAE,EAAE,MAAM,CAAC,oEAAoE,CAAC;CACjF,CAAC,CAAC,EAAE,CAAC;AAEN,mDAAmD;AACnD,MAAM,UAAU,GAA4B,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,CAAC,EAAE,MAAM,CACP,oGAAoG,CACrG;IACD,EAAE,EAAE,MAAM,CACR,oGAAoG,CACrG;IACD,EAAE,EAAE,MAAM,CACR,oGAAoG,CACrG;CACF,CAAC,CAAC,EAAE,CAAC;AAEN,oBAAoB;AACpB,MAAM,UAAU,GAA4B,eAAe,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;IAClE,CAAC,EAAE,MAAM,CACP,uIAAuI,CACxI;IACD,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC;IACZ,CAAC,EAAE,MAAM,CACP,uIAAuI,CACxI;IACD,CAAC,EAAE,MAAM,CACP,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;IACD,EAAE,EAAE,MAAM,CACR,wIAAwI,CACzI;CACF,CAAC,CAAC,EAAE,CAAC;AAQN,SAAS,SAAS,CAAC,KAAmC,EAAE,IAAa;IACnE,IAAI,GAA0D,CAAC;IAC/D,+FAA+F;IAC/F,gGAAgG;IAChG,iEAAiE;IACjE,OAAO,CAAC,OAAiB,EAAE,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,GAAG,mBAAmB,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC;AACjG,CAAC;AAED,YAAY;AACZ,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC3D;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,CAAC,MAAM,IAAI,GAAU,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACrE;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,WAAW,GAA4C,eAAe,CAAC,CAAC,GAAG,EAAE;IACxF,OAAO,YAAY,CACjB,UAAU,EACV,SAAS,CAAC,UAAU,EAAE;QACpB,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KACvC,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AACL;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,SAAS,GAAe,eAAe,CAAC,CAAC,GAAG,EAAE,CACzD,UAAU,CAAC;IACT,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,WAAW,CAAC,WAAW;IACpC,YAAY,EAAE,WAAW,CAAC,YAAY;CACvC,CAAC,CAAC,EAAE,CAAC;AACR;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,UAAU,GAAgB,eAAe,CAAC,CAAC,GAAG,EAAE,CAC3D,WAAW,CAAC;IACV,IAAI,EAAE,sBAAsB;IAC5B,KAAK,EAAE,UAAU;IACjB,YAAY,EAAE,WAAW,CAAC,YAAY;IACtC,IAAI,EAAE,MAAM;CACb,CAAC,CAAC,EAAE,CAAC;AAER,YAAY;AACZ,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC3D;;;;;;;;;;;GAWG;AACH,MAAM,CAAC,MAAM,IAAI,GAAU,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACrE;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,WAAW,GAA4C,eAAe,CAAC,CAAC,GAAG,EAAE;IACxF,OAAO,YAAY,CACjB,UAAU,EACV,SAAS,CAAC,UAAU,EAAE;QACpB,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KACvC,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AACL;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,SAAS,GAAe,eAAe,CAAC,CAAC,GAAG,EAAE,CACzD,UAAU,CAAC;IACT,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,WAAW,CAAC,WAAW;IACpC,YAAY,EAAE,WAAW,CAAC,YAAY;CACvC,CAAC,CAAC,EAAE,CAAC;AAER,YAAY;AACZ,2DAA2D;AAC3D,2EAA2E;AAC3E,6EAA6E;AAC7E,8FAA8F;AAC9F,+FAA+F;AAC/F,iGAAiG;AACjG,4BAA4B;AAC5B,2FAA2F;AAC3F,2FAA2F;AAC3F,kGAAkG;AAClG,kGAAkG;AAClG,gGAAgG;AAChG,gGAAgG;AAChG,mGAAmG;AACnG,2CAA2C;AAC3C,MAAM,UAAU,GAAG,eAAe,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;AAC3D;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,IAAI,GAAU,eAAe,CAAC,KAAK,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;AACrE;;;;;;;;GAQG;AACH,MAAM,CAAC,MAAM,WAAW,GAA4C,eAAe,CAAC,CAAC,GAAG,EAAE;IACxF,OAAO,YAAY,CACjB,UAAU,EACV,SAAS,CAAC,UAAU,EAAE;QACpB,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,UAAU,CAAC,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;KACtC,CAAC,EACF;QACE,GAAG,EAAE,2BAA2B;QAChC,SAAS,EAAE,2BAA2B;QACtC,CAAC,EAAE,UAAU,CAAC,CAAC;QACf,CAAC,EAAE,CAAC;QACJ,CAAC,EAAE,GAAG;QACN,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,MAAM;KACb,CACF,CAAC;AACJ,CAAC,CAAC,EAAE,CAAC;AACL;;;;;;;;;;;;GAYG;AACH,MAAM,CAAC,MAAM,SAAS,GAAe,eAAe,CAAC,CAAC,GAAG,EAAE,CACzD,UAAU,CAAC;IACT,IAAI,EAAE,aAAa;IACnB,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,MAAM;IACZ,WAAW,EAAE,WAAW,CAAC,WAAW;IACpC,YAAY,EAAE,WAAW,CAAC,YAAY,EAAE,iCAAiC;CAC1E,CAAC,CAAC,EAAE,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@noble/curves",
-  "version": "2.0.0",
+  "version": "2.2.0",
   "description": "Audited & minimal JS implementation of elliptic curve cryptography",
   "files": [
     "*.js",
@@ -11,28 +11,56 @@
     "src"
   ],
   "dependencies": {
-    "@noble/hashes": "2.0.0"
+    "@noble/hashes": "2.2.0"
   },
   "devDependencies": {
-    "@paulmillr/jsbt": "0.4.4",
-    "@types/node": "24.2.1",
+    "@paulmillr/jsbt": "0.5.0",
+    "@types/node": "25.3.0",
     "fast-check": "4.2.0",
     "prettier": "3.6.2",
-    "typescript": "5.9.2"
+    "typescript": "6.0.2"
   },
   "scripts": {
     "bench": "cd test/benchmark; node secp256k1.ts; node curves.ts; node utils.ts; node bls.ts",
     "bench:install": "cd test/benchmark; npm install; npm install ../.. --install-links",
     "build": "tsc",
     "build:release": "npx --no @paulmillr/jsbt esbuild test/build",
+    "check": "npm run check:readme && npm run check:treeshake && npm run check:jsdoc",
+    "check:readme": "npx --no @paulmillr/jsbt readme package.json",
+    "check:treeshake": "npx --no @paulmillr/jsbt treeshake package.json test/build/out-treeshake",
+    "check:jsdoc": "npx --no @paulmillr/jsbt tsdoc package.json",
     "build:clean": "rm {.,abstract}/*.{js,d.ts,d.ts.map,js.map} 2> /dev/null",
     "format": "prettier --write 'src/**/*.{js,ts}' 'test/*.{js,ts}'",
-    "test": "node --experimental-strip-types --disable-warning=ExperimentalWarning test/index.ts",
+    "test": "node test/index.ts",
     "test:bun": "bun test/index.ts",
     "test:deno": "deno --allow-env --allow-read test/index.ts",
     "test:node20": "cd test; npx tsc; node compiled/test/index.js",
     "test:coverage": "npm install --no-save c8@10.1.2 && npx c8 npm test"
   },
+  "exports": {
+    ".": "./index.js",
+    "./abstract/bls.js": "./abstract/bls.js",
+    "./abstract/curve.js": "./abstract/curve.js",
+    "./abstract/edwards.js": "./abstract/edwards.js",
+    "./abstract/fft.js": "./abstract/fft.js",
+    "./abstract/frost.js": "./abstract/frost.js",
+    "./abstract/hash-to-curve.js": "./abstract/hash-to-curve.js",
+    "./abstract/modular.js": "./abstract/modular.js",
+    "./abstract/montgomery.js": "./abstract/montgomery.js",
+    "./abstract/oprf.js": "./abstract/oprf.js",
+    "./abstract/poseidon.js": "./abstract/poseidon.js",
+    "./abstract/tower.js": "./abstract/tower.js",
+    "./abstract/weierstrass.js": "./abstract/weierstrass.js",
+    "./bls12-381.js": "./bls12-381.js",
+    "./bn254.js": "./bn254.js",
+    "./ed448.js": "./ed448.js",
+    "./ed25519.js": "./ed25519.js",
+    "./misc.js": "./misc.js",
+    "./nist.js": "./nist.js",
+    "./secp256k1.js": "./secp256k1.js",
+    "./utils.js": "./utils.js",
+    "./webcrypto.js": "./webcrypto.js"
+  },
   "engines": {
     "node": ">= 20.19.0"
   },

package/secp256k1.d.ts

@@ -1,6 +1,8 @@
 import { type CurveLengths } from './abstract/curve.ts';
+import { type FROST } from './abstract/frost.ts';
 import { type H2CHasher } from './abstract/hash-to-curve.ts';
 import { type ECDSA, type WeierstrassPoint as PointType, type WeierstrassPointCons } from './abstract/weierstrass.ts';
+import { type TArg, type TRet } from './utils.ts';
 /**
  * secp256k1 curve: ECDSA and ECDH methods.
  *
@@ -8,6 +10,8 @@ import { type ECDSA, type WeierstrassPoint as PointType, type WeierstrassPointCo
  * pass `{ prehash: false }` to sign / verify.
  *
  * @example
+ * Generate one secp256k1 keypair, sign a message, and verify it.
+ *
  * ```js
  * import { secp256k1 } from '@noble/curves/secp256k1.js';
  * const { secretKey, publicKey } = secp256k1.keygen();
@@ -19,47 +23,84 @@ import { type ECDSA, type WeierstrassPoint as PointType, type WeierstrassPointCo
  * ```
  */
 export declare const secp256k1: ECDSA;
-declare function taggedHash(tag: string, ...messages: Uint8Array[]): Uint8Array;
+declare function taggedHash(tag: string, ...messages: TArg<Uint8Array[]>): TRet<Uint8Array>;
 /**
  * lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
  * @returns valid point checked for being on-curve
  */
 declare function lift_x(x: bigint): PointType<bigint>;
-/**
- * Schnorr public key is just `x` coordinate of Point as per BIP340.
- */
-declare function schnorrGetPublicKey(secretKey: Uint8Array): Uint8Array;
+/** Schnorr public key is just `x` coordinate of Point as per BIP340. */
+declare function schnorrGetPublicKey(secretKey: TArg<Uint8Array>): TRet<Uint8Array>;
 /**
  * Creates Schnorr signature as per BIP340. Verifies itself before returning anything.
- * auxRand is optional and is not the sole source of k generation: bad CSPRNG won't be dangerous.
+ * `auxRand` is optional and is not the sole source of `k` generation: bad CSPRNG output will not
+ * be catastrophic, but BIP-340 still recommends fresh auxiliary randomness when available to harden
+ * deterministic signing against side-channel and fault-injection attacks.
  */
-declare function schnorrSign(message: Uint8Array, secretKey: Uint8Array, auxRand?: Uint8Array): Uint8Array;
+declare function schnorrSign(message: TArg<Uint8Array>, secretKey: TArg<Uint8Array>, auxRand?: TArg<Uint8Array>): TRet<Uint8Array>;
 /**
  * Verifies Schnorr signature.
  * Will swallow errors & return false except for initial type validation of arguments.
  */
-declare function schnorrVerify(signature: Uint8Array, message: Uint8Array, publicKey: Uint8Array): boolean;
+declare function schnorrVerify(signature: TArg<Uint8Array>, message: TArg<Uint8Array>, publicKey: TArg<Uint8Array>): boolean;
+export declare const __TEST: {
+    lift_x: typeof lift_x;
+};
+/** Schnorr-specific secp256k1 API from BIP340. */
 export type SecpSchnorr = {
-    keygen: (seed?: Uint8Array) => {
-        secretKey: Uint8Array;
-        publicKey: Uint8Array;
+    /**
+     * Generate one Schnorr secret/public keypair.
+     * @param seed - Optional seed for deterministic testing or custom randomness.
+     * @returns Fresh secret/public keypair.
+     */
+    keygen: (seed?: TArg<Uint8Array>) => {
+        secretKey: TRet<Uint8Array>;
+        publicKey: TRet<Uint8Array>;
     };
+    /**
+     * Derive the x-only public key from a secret key.
+     * @param secretKey - Secret key bytes.
+     * @returns X-only public key bytes.
+     */
     getPublicKey: typeof schnorrGetPublicKey;
+    /**
+     * Create one BIP340 Schnorr signature.
+     * @param message - Message bytes to sign.
+     * @param secretKey - Secret key bytes.
+     * @param auxRand - Optional auxiliary randomness.
+     * @returns Compact Schnorr signature bytes.
+     */
     sign: typeof schnorrSign;
+    /**
+     * Verify one BIP340 Schnorr signature.
+     * @param signature - Compact signature bytes.
+     * @param message - Signed message bytes.
+     * @param publicKey - X-only public key bytes.
+     * @returns `true` when the signature is valid.
+     */
     verify: typeof schnorrVerify;
+    /** Underlying secp256k1 point constructor. */
     Point: WeierstrassPointCons<bigint>;
+    /** Helper utilities for Schnorr-specific key handling and tagged hashing. */
     utils: {
-        randomSecretKey: (seed?: Uint8Array) => Uint8Array;
-        pointToBytes: (point: PointType<bigint>) => Uint8Array;
+        /** Generate one Schnorr secret key. */
+        randomSecretKey: (seed?: TArg<Uint8Array>) => TRet<Uint8Array>;
+        /** Convert one point into its x-only BIP340 byte encoding. */
+        pointToBytes: (point: TArg<PointType<bigint>>) => TRet<Uint8Array>;
+        /** Lift one x coordinate into the unique even-Y point. */
         lift_x: typeof lift_x;
+        /** Compute a BIP340 tagged hash. */
         taggedHash: typeof taggedHash;
     };
+    /** Public byte lengths for keys, signatures, and seeds. */
     lengths: CurveLengths;
 };
 /**
  * Schnorr signatures over secp256k1.
- * https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki
+ * See {@link https://github.com/bitcoin/bips/blob/master/bip-0340.mediawiki | BIP 340}.
  * @example
+ * Generate one BIP340 Schnorr keypair, sign a message, and verify it.
+ *
  * ```js
  * import { schnorr } from '@noble/curves/secp256k1.js';
  * const { secretKey, publicKey } = schnorr.keygen();
@@ -70,7 +111,43 @@ export type SecpSchnorr = {
  * ```
  */
 export declare const schnorr: SecpSchnorr;
-/** Hashing / encoding to secp256k1 points / field. RFC 9380 methods. */
+/**
+ * Hashing / encoding to secp256k1 points / field. RFC 9380 methods.
+ * @example
+ * Hash one message onto secp256k1.
+ *
+ * ```ts
+ * const point = secp256k1_hasher.hashToCurve(new TextEncoder().encode('hello noble'));
+ * ```
+ */
 export declare const secp256k1_hasher: H2CHasher<WeierstrassPointCons<bigint>>;
+/**
+ * FROST threshold signatures over secp256k1. RFC 9591.
+ * @example
+ * Create one trusted-dealer package for 2-of-3 secp256k1 signing.
+ *
+ * ```ts
+ * const alice = secp256k1_FROST.Identifier.derive('alice@example.com');
+ * const bob = secp256k1_FROST.Identifier.derive('bob@example.com');
+ * const carol = secp256k1_FROST.Identifier.derive('carol@example.com');
+ * const deal = secp256k1_FROST.trustedDealer({ min: 2, max: 3 }, [alice, bob, carol]);
+ * ```
+ */
+export declare const secp256k1_FROST: TRet<FROST>;
+/**
+ * FROST threshold signatures over secp256k1-schnorr-taproot. RFC 9591.
+ * DKG outputs are auto-tweaked with the empty Taproot merkle root for compatibility, while
+ * `trustedDealer()` outputs stay untweaked unless callers apply the Taproot tweak themselves.
+ * @example
+ * Create one trusted-dealer package for Taproot-compatible FROST signing.
+ *
+ * ```ts
+ * const alice = schnorr_FROST.Identifier.derive('alice@example.com');
+ * const bob = schnorr_FROST.Identifier.derive('bob@example.com');
+ * const carol = schnorr_FROST.Identifier.derive('carol@example.com');
+ * const deal = schnorr_FROST.trustedDealer({ min: 2, max: 3 }, [alice, bob, carol]);
+ * ```
+ */
+export declare const schnorr_FROST: TRet<FROST>;
 export {};
 //# sourceMappingURL=secp256k1.d.ts.map

package/secp256k1.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAUA,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAAgB,KAAK,SAAS,EAAc,MAAM,6BAA6B,CAAC;AAEvF,OAAO,EACL,KAAK,KAAK,EAIV,KAAK,gBAAgB,IAAI,SAAS,EAGlC,KAAK,oBAAoB,EAC1B,MAAM,2BAA2B,CAAC;AA6DnC;;;;;;;;;;;;;;;;GAgBG;AACH,eAAO,MAAM,SAAS,EAAE,KAA8C,CAAC;AAMvE,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,UAAU,EAAE,GAAG,UAAU,CAQtE;AAcD;;;GAGG;AACH,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAY5C;AASD;;GAEG;AACH,iBAAS,mBAAmB,CAAC,SAAS,EAAE,UAAU,GAAG,UAAU,CAE9D;AAED;;;GAGG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,UAAU,EACnB,SAAS,EAAE,UAAU,EACrB,OAAO,GAAE,UAA4B,GACpC,UAAU,CAgBZ;AAED;;;GAGG;AACH,iBAAS,aAAa,CAAC,SAAS,EAAE,UAAU,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,UAAU,GAAG,OAAO,CAsBjG;AAED,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,UAAU,KAAK;QAAE,SAAS,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,UAAU,CAAA;KAAE,CAAC;IAChF,YAAY,EAAE,OAAO,mBAAmB,CAAC;IACzC,IAAI,EAAE,OAAO,WAAW,CAAC;IACzB,MAAM,EAAE,OAAO,aAAa,CAAC;IAC7B,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACpC,KAAK,EAAE;QACL,eAAe,EAAE,CAAC,IAAI,CAAC,EAAE,UAAU,KAAK,UAAU,CAAC;QACnD,YAAY,EAAE,CAAC,KAAK,EAAE,SAAS,CAAC,MAAM,CAAC,KAAK,UAAU,CAAC;QACvD,MAAM,EAAE,OAAO,MAAM,CAAC;QACtB,UAAU,EAAE,OAAO,UAAU,CAAC;KAC/B,CAAC;IACF,OAAO,EAAE,YAAY,CAAC;CACvB,CAAC;AACF;;;;;;;;;;;;GAYG;AACH,eAAO,MAAM,OAAO,EAAE,WA0BlB,CAAC;AA0CL,wEAAwE;AACxE,eAAO,MAAM,gBAAgB,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAgB/D,CAAC"}
+{"version":3,"file":"secp256k1.d.ts","sourceRoot":"","sources":["src/secp256k1.ts"],"names":[],"mappings":"AAUA,OAAO,EAAgB,KAAK,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACtE,OAAO,EAEL,KAAK,KAAK,EAIX,MAAM,qBAAqB,CAAC;AAC7B,OAAO,EAAgB,KAAK,SAAS,EAAc,MAAM,6BAA6B,CAAC;AAEvF,OAAO,EACL,KAAK,KAAK,EAIV,KAAK,gBAAgB,IAAI,SAAS,EAGlC,KAAK,oBAAoB,EAC1B,MAAM,2BAA2B,CAAC;AACnC,OAAO,EAKL,KAAK,IAAI,EACT,KAAK,IAAI,EACV,MAAM,YAAY,CAAC;AA4DpB;;;;;;;;;;;;;;;;;;GAkBG;AACH,eAAO,MAAM,SAAS,EAAE,KAA8C,CAAC;AAOvE,iBAAS,UAAU,CAAC,GAAG,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,IAAI,CAAC,UAAU,EAAE,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAQlF;AAeD;;;GAGG;AACH,iBAAS,MAAM,CAAC,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC,MAAM,CAAC,CAY5C;AASD,wEAAwE;AACxE,iBAAS,mBAAmB,CAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,CAE1E;AAED;;;;;GAKG;AACH,iBAAS,WAAW,CAClB,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,EACzB,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,EAC3B,OAAO,GAAE,IAAI,CAAC,UAAU,CAAmB,GAC1C,IAAI,CAAC,UAAU,CAAC,CAwBlB;AAED;;;GAGG;AACH,iBAAS,aAAa,CACpB,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,EAC3B,OAAO,EAAE,IAAI,CAAC,UAAU,CAAC,EACzB,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,GAC1B,OAAO,CA0BT;AAED,eAAO,MAAM,MAAM,EAAE;IAAE,MAAM,EAAE,OAAO,MAAM,CAAA;CAA8C,CAAC;AAE3F,kDAAkD;AAClD,MAAM,MAAM,WAAW,GAAG;IACxB;;;;OAIG;IACH,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK;QAAE,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,CAAC;QAAC,SAAS,EAAE,IAAI,CAAC,UAAU,CAAC,CAAA;KAAE,CAAC;IAClG;;;;OAIG;IACH,YAAY,EAAE,OAAO,mBAAmB,CAAC;IACzC;;;;;;OAMG;IACH,IAAI,EAAE,OAAO,WAAW,CAAC;IACzB;;;;;;OAMG;IACH,MAAM,EAAE,OAAO,aAAa,CAAC;IAC7B,8CAA8C;IAC9C,KAAK,EAAE,oBAAoB,CAAC,MAAM,CAAC,CAAC;IACpC,6EAA6E;IAC7E,KAAK,EAAE;QACL,uCAAuC;QACvC,eAAe,EAAE,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,UAAU,CAAC,KAAK,IAAI,CAAC,UAAU,CAAC,CAAC;QAC/D,8DAA8D;QAC9D,YAAY,EAAE,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,IAAI,CAAC,UAAU,CAAC,CAAC;QACnE,0DAA0D;QAC1D,MAAM,EAAE,OAAO,MAAM,CAAC;QACtB,oCAAoC;QACpC,UAAU,EAAE,OAAO,UAAU,CAAC;KAC/B,CAAC;IACF,2DAA2D;IAC3D,OAAO,EAAE,YAAY,CAAC;CACvB,CAAC;AACF;;;;;;;;;;;;;;GAcG;AACH,eAAO,MAAM,OAAO,EAAE,WA2BlB,CAAC;AAiDL;;;;;;;;GAQG;AACH,eAAO,MAAM,gBAAgB,EAAE,SAAS,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAgB/D,CAAC;AACP;;;;;;;;;;;GAWG;AACH,eAAO,MAAM,eAAe,EAAE,IAAI,CAAC,KAAK,CAMjC,CAAC;AAqFR;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,aAAa,EAAE,IAAI,CAAC,KAAK,CAuC/B,CAAC"}