npm - @noble/post-quantum - Versions diffs - 0.4.1 → 0.5.0 - Mend

@noble/post-quantum 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (62) hide show

package/README.md CHANGED Viewed

@@ -8,7 +8,8 @@ Auditable & minimal JS implementation of post-quantum public-key cryptography.
 - 🦾 ML-KEM & CRYSTALS-Kyber: lattice-based kem from FIPS-203
 - 🔋 ML-DSA & CRYSTALS-Dilithium: lattice-based signatures from FIPS-204
 - 🐈 SLH-DSA & SPHINCS+: hash-based Winternitz signatures from FIPS-205
-- 🪶 37KB (15KB gzipped) for everything with bundled hashes
+- 🍡 Hybrid algorithms, combining classic & post-quantum
+- 🪶 16KB (gzipped) for everything, including bundled noble-hashes & noble-curves
 Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-quantum/discussions) for questions and support.
@@ -30,7 +31,7 @@ Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-qu
   [curves](https://github.com/paulmillr/noble-curves),
   [hashes](https://github.com/paulmillr/noble-hashes),
   [post-quantum](https://github.com/paulmillr/noble-post-quantum),
-  4kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
+  5kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
   [ed25519](https://github.com/paulmillr/noble-ed25519)
 - [Check out homepage](https://paulmillr.com/noble/)
   for reading resources, documentation and apps built with noble
@@ -41,8 +42,6 @@ Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-qu
 > `deno add jsr:@noble/post-quantum`
-> `deno doc jsr:@noble/post-quantum` # command-line documentation
 We support all major platforms and runtimes.
 For React Native, you may need a
 [polyfill for getRandomValues](https://github.com/LinusU/react-native-get-random-values).
@@ -51,8 +50,8 @@ A standalone file
 ```js
 // import * from '@noble/post-quantum'; // Error: use sub-imports instead
-import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem';
-import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa';
+import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem.js';
+import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa.js';
 import {
   slh_dsa_sha2_128f,
   slh_dsa_sha2_128s,
@@ -66,12 +65,13 @@ import {
   slh_dsa_shake_192s,
   slh_dsa_shake_256f,
   slh_dsa_shake_256s,
-} from '@noble/post-quantum/slh-dsa';
+} from '@noble/post-quantum/slh-dsa.js';
 ```
 - [ML-KEM / Kyber](#ml-kem--kyber-shared-secrets)
 - [ML-DSA / Dilithium](#ml-dsa--dilithium-signatures)
 - [SLH-DSA / SPHINCS+](#slh-dsa--sphincs-signatures)
+- [Hybrids: XWing, KitchenSink and others](#hybrids-xwing-kitchensink-and-others)
 - [What should I use?](#what-should-i-use)
 - [Security](#security)
 - [Speed](#speed)
@@ -81,30 +81,28 @@ import {
 ### ML-KEM / Kyber shared secrets
 ```ts
-import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem';
-import { randomBytes } from '@noble/post-quantum/utils';
-// 1. [Alice] generates secret & public keys, then sends publicKey to Bob
+import { ml_kem512, ml_kem768, ml_kem1024 } from '@noble/post-quantum/ml-kem.js';
+import { randomBytes } from '@noble/post-quantum/utils.js';
 const seed = randomBytes(64); // seed is optional
 const aliceKeys = ml_kem768.keygen(seed);
-// 2. [Bob] generates shared secret for Alice publicKey
-// bobShared never leaves [Bob] system and is unknown to other parties
 const { cipherText, sharedSecret: bobShared } = ml_kem768.encapsulate(aliceKeys.publicKey);
-// 3. [Alice] gets and decrypts cipherText from Bob
 const aliceShared = ml_kem768.decapsulate(cipherText, aliceKeys.secretKey);
-// Now, both Alice and Bob have same sharedSecret key
-// without exchanging in plainText: aliceShared == bobShared
 // Warning: Can be MITM-ed
-const carolKeys = kyber1024.keygen();
-const carolShared = kyber1024.decapsulate(cipherText, carolKeys.secretKey); // No error!
-notDeepStrictEqual(aliceShared, carolShared); // Different key!
+const malloryKeys = ml_kem768.keygen();
+const malloryShared = ml_kem768.decapsulate(cipherText, malloryKeys.secretKey); // No error!
+notDeepStrictEqual(aliceShared, malloryShared); // Different key!
 ```
 Lattice-based key encapsulation mechanism, defined in [FIPS-203](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.203.pdf).
+Can be used as follows:
+1. *Alice* generates secret & public keys, then sends publicKey to *Bob*
+2. *Bob* generates shared secret for Alice publicKey.
+  bobShared never leaves *Bob* system and is unknown to other parties
+3. *Alice* gets and decrypts cipherText from Bob
+  Now, both Alice and Bob have same sharedSecret key
+  without exchanging in plainText: aliceShared == bobShared.
 See [website](https://www.pq-crystals.org/kyber/resources.shtml) and [repo](https://github.com/pq-crystals/kyber).
 There are some concerns with regards to security: see
@@ -121,11 +119,11 @@ Old, incompatible version (Kyber) is not provided. Open an issue if you need it.
 ### ML-DSA / Dilithium signatures
 ```ts
-import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa';
-import { utf8ToBytes, randomBytes } from '@noble/post-quantum/utils';
+import { ml_dsa44, ml_dsa65, ml_dsa87 } from '@noble/post-quantum/ml-dsa.js';
+import { randomBytes } from '@noble/post-quantum/utils.js';
 const seed = randomBytes(32); // seed is optional
 const keys = ml_dsa65.keygen(seed);
-const msg = utf8ToBytes('hello noble');
+const msg = new TextEncoder().encode('hello noble');
 const sig = ml_dsa65.sign(keys.secretKey, msg);
 const isValid = ml_dsa65.verify(keys.publicKey, msg, sig);
 ```
@@ -151,11 +149,10 @@ import {
   slh_dsa_shake_192s,
   slh_dsa_shake_256f,
   slh_dsa_shake_256s,
-} from '@noble/post-quantum/slh-dsa';
-import { utf8ToBytes } from '@noble/post-quantum/utils';
+} from '@noble/post-quantum/slh-dsa.js';
 const keys2 = sph.keygen();
-const msg2 = utf8ToBytes('hello noble');
+const msg2 = new TextEncoder().encode('hello noble');
 const sig2 = sph.sign(keys2.secretKey, msg2);
 const isValid2 = sph.verify(keys2.publicKey, msg2, sig2);
 ```
@@ -167,6 +164,24 @@ There are many different kinds,
 but basically `sha2` / `shake` indicate internal hash, `128` / `192` / `256` indicate security level, and `s` /`f` indicate trade-off (Small / Fast).
 SLH-DSA is slow: see [benchmarks](#speed) for key size & speed.
+### Hybrids: XWing, KitchenSink and others
+```js
+import {
+  XWing,
+  KitchenSinkMLKEM768X25519,
+  QSFMLKEM768P256, QSFMLKEM1024P384
+} from '@noble/post-quantum/hybrids.js';
+```
+XWing is x25519+mlkem768, just like kitchensink.
+The following spec drafts are matched:
+- [irtf-cfrg-hybrid-kems](https://datatracker.ietf.org/doc/draft-irtf-cfrg-hybrid-kems/)
+- [connolly-cfrg-xwing-kem](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/)
+- [tls-westerbaan-xyber768d00](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/)
 ### What should I use?
 |         | Speed  | Key size    | Sig size    | Created in | Popularized in | Post-quantum? |
@@ -204,9 +219,9 @@ Keep in mind that even hardware versions ML-KEM [are vulnerable](https://eprint.
 ### Supply chain security
 - **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures
-- **Releases** are transparent and built on GitHub CI. Make sure to verify [provenance](https://docs.npmjs.com/generating-provenance-statements) logs
-  - Use GitHub CLI to verify single-file builds:
-    `gh attestation verify --owner paulmillr noble-post-quantum.js`
+- **Releases** are transparent and built on GitHub CI.
+  Check out [attested checksums of single-file builds](https://github.com/paulmillr/noble-post-quantum/attestations)
+  and [provenance logs](https://github.com/paulmillr/noble-post-quantum/actions/workflows/release.yml)
 - **Rare releasing** is followed to ensure less re-audit need for end-users
 - **Dependencies** are minimized and locked-down: any dependency could get hacked and users will be downloading malware with every install.
   - We make sure to use as few dependencies as possible
@@ -235,7 +250,7 @@ Noble is the fastest JS implementation of post-quantum algorithms.
 WASM libraries can be faster.
 For SLH-DSA, SHAKE slows everything down 8x, and -s versions do another 20-50x slowdown.
-Benchmarks on Apple M4:
+Benchmarks on Apple M4 (**higher is better**):
 | OPs/sec           | Keygen | Signing | Verification | Shared secret |
 | ----------------- | ------ | ------- | ------------ | ------------- |

package/_crystals.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { TypedArray } from '@noble/hashes/utils';
+import type { TypedArray } from '@noble/hashes/utils.js';
 import { type BytesCoderLen, type Coder } from './utils.ts';
 export type XOF = (seed: Uint8Array, blockLen?: number) => {
     stats: () => {

package/_crystals.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"_crystals.d.ts","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"~~AAMA~~,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,~~qBAAqB~~,CAAC;~~AACtD~~,OAAO,EAAE,KAAK,aAAa,~~EAAE~~,KAAK,KAAK,EAAW,MAAM,YAAY,CAAC;~~AAErE~~,MAAM,MAAM,GAAG,GAAG,CAChB,IAAI,EAAE,UAAU,EAChB,QAAQ,CAAC,EAAE,MAAM,KACd;IACH,KAAK,EAAE,MAAM;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7C,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,MAAM,UAAU,CAAC;IAChD,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AAEF,wCAAwC;AACxC,MAAM,MAAM,WAAW,CAAC,CAAC,SAAS,UAAU,IAAI;IAC9C,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,CAAC;~~AAU~~/D,eAAO,MAAM,WAAW,GAAI,CAAC,SAAS,UAAU,EAC9C,MAAM,WAAW,CAAC,CAAC,CAAC,KACnB;IACD,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAC5C,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAC7C,QAAQ,EAAE,CAAC,CAAC;IACZ,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QACpB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;KACrB,CAAC;IACF,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;~~CA0FtE~~,CAAC;~~AAuCF~~,eAAO,MAAM,MAAM,EAAE,GAA8C,CAAC;AACpE,eAAO,MAAM,MAAM,EAAE,GAA8C,CAAC"}
1	+ {"version":3,"file":"_crystals.d.ts","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,KAAK,aAAa,EAAc,KAAK,KAAK,EAAW,MAAM,YAAY,CAAC;AAEjF,MAAM,MAAM,GAAG,GAAG,CAChB,IAAI,EAAE,UAAU,EAChB,QAAQ,CAAC,EAAE,MAAM,KACd;IACH,KAAK,EAAE,MAAM;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7C,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,KAAK,MAAM,UAAU,CAAC;IAChD,KAAK,EAAE,MAAM,IAAI,CAAC;CACnB,CAAC;AAEF,wCAAwC;AACxC,MAAM,MAAM,WAAW,CAAC,CAAC,SAAS,UAAU,IAAI;IAC9C,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,MAAM,CAAC;IAChB,OAAO,EAAE,OAAO,CAAC;CAClB,CAAC;AAEF,MAAM,MAAM,SAAS,CAAC,CAAC,SAAS,UAAU,IAAI,CAAC,CAAC,EAAE,MAAM,KAAK,CAAC,CAAC;AAE/D,eAAO,MAAM,WAAW,GAAI,CAAC,SAAS,UAAU,EAC9C,MAAM,WAAW,CAAC,CAAC,CAAC,KACnB;IACD,GAAG,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAC5C,IAAI,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAC7C,QAAQ,EAAE,CAAC,CAAC;IACZ,GAAG,EAAE;QACH,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;QACpB,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC;KACrB,CAAC;IACF,SAAS,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,KAAK,CAAC,MAAM,EAAE,MAAM,CAAC,KAAK,aAAa,CAAC,CAAC,CAAC,CAAC;CAuFtE,CAAC;AAsCF,eAAO,MAAM,MAAM,EAAE,GAA8C,CAAC;AACpE,eAAO,MAAM,MAAM,EAAE,GAA8C,CAAC"}

package/_crystals.js CHANGED Viewed

@@ -1,21 +1,12 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.XOF256 = exports.XOF128 = exports.genCrystals = void 0;
 /**
  * Internal methods for lattice-based ML-KEM and ML-DSA.
  * @module
  */
 /*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
-const sha3_1 = require("@noble/hashes/sha3");
-const utils_ts_1 = require("./utils.js");
-// TODO: benchmark
-function bitReversal(n, bits = 8) {
-    const padded = n.toString(2).padStart(8, '0');
-    const sliced = padded.slice(-bits).padStart(7, '0');
-    const revrsd = sliced.split('').reverse().join('');
-    return Number.parseInt(revrsd, 2);
-}
-const genCrystals = (opts) => {
+import { FFTCore, reverseBits } from '@noble/curves/abstract/fft.js';
+import { shake128, shake256 } from '@noble/hashes/sha3.js';
+import { cleanBytes, getMask } from "./utils.js";
+export const genCrystals = (opts) => {
     // isKyber: true means Kyber, false means Dilithium
     const { newPoly, N, Q, F, ROOT_OF_UNITY, brvBits, isKyber } = opts;
     const mod = (a, modulo = Q) => {
@@ -27,11 +18,11 @@ const genCrystals = (opts) => {
         const r = mod(a, modulo) | 0;
         return (r > modulo >> 1 ? (r - modulo) | 0 : r) | 0;
     };
-    // Generate zettas
+    // Generate zettas (different from roots of unity, negacyclic uses phi, where acyclic uses omega)
     function getZettas() {
         const out = newPoly(N);
         for (let i = 0; i < N; i++) {
-            const b = bitReversal(i, brvBits);
+            const b = reverseBits(i, brvBits);
             const p = BigInt(ROOT_OF_UNITY) ** BigInt(b) % BigInt(Q);
             out[i] = Number(p) | 0;
         }
@@ -42,34 +33,30 @@ const genCrystals = (opts) => {
     // Explained: https://electricdusk.com/ntt.html
     // Kyber has slightly different params, since there is no 512th primitive root of unity mod q,
     // only 256th primitive root of unity mod. Which also complicates MultiplyNTT.
-    // TODO: there should be less ugly way to define this.
-    const LEN1 = isKyber ? 128 : N;
-    const LEN2 = isKyber ? 1 : 0;
+    const field = {
+        add: (a, b) => mod((a | 0) + (b | 0)) | 0,
+        sub: (a, b) => mod((a | 0) - (b | 0)) | 0,
+        mul: (a, b) => mod((a | 0) * (b | 0)) | 0,
+        inv: (_a) => {
+            throw new Error('not implemented');
+        },
+    };
+    const nttOpts = {
+        N,
+        roots: nttZetas,
+        invertButterflies: true,
+        skipStages: isKyber ? 1 : 0,
+        brp: false,
+    };
+    const dif = FFTCore(field, { dit: false, ...nttOpts });
+    const dit = FFTCore(field, { dit: true, ...nttOpts });
     const NTT = {
         encode: (r) => {
-            for (let k = 1, len = 128; len > LEN2; len >>= 1) {
-                for (let start = 0; start < N; start += 2 * len) {
-                    const zeta = nttZetas[k++];
-                    for (let j = start; j < start + len; j++) {
-                        const t = mod(zeta * r[j + len]);
-                        r[j + len] = mod(r[j] - t) | 0;
-                        r[j] = mod(r[j] + t) | 0;
-                    }
-                }
-            }
-            return r;
+            return dif(r);
         },
         decode: (r) => {
-            for (let k = LEN1 - 1, len = 1 + LEN2; len < LEN1 + LEN2; len <<= 1) {
-                for (let start = 0; start < N; start += 2 * len) {
-                    const zeta = nttZetas[k--];
-                    for (let j = start; j < start + len; j++) {
-                        const t = r[j];
-                        r[j] = mod(t + r[j + len]);
-                        r[j + len] = mod(zeta * (r[j + len] - t));
-                    }
-                }
-            }
+            dit(r);
+            // kyber uses 128 here, because brv && stuff
             for (let i = 0; i < r.length; i++)
                 r[i] = mod(F * r[i]);
             return r;
@@ -77,7 +64,7 @@ const genCrystals = (opts) => {
     };
     // Encode polynominal as bits
     const bitsCoder = (d, c) => {
-        const mask = (0, utils_ts_1.getMask)(d);
+        const mask = getMask(d);
         const bytesLen = d * (N / 8);
         return {
             bytesLen,
@@ -87,7 +74,7 @@ const genCrystals = (opts) => {
                     buf |= (c.encode(poly[i]) & mask) << bufLen;
                     bufLen += d;
                     for (; bufLen >= 8; bufLen -= 8, buf >>= 8)
-                        r[pos++] = buf & (0, utils_ts_1.getMask)(bufLen);
+                        r[pos++] = buf & getMask(bufLen);
                 }
                 return r;
             },
@@ -105,7 +92,6 @@ const genCrystals = (opts) => {
     };
     return { mod, smod, nttZetas, NTT, bitsCoder };
 };
-exports.genCrystals = genCrystals;
 const createXofShake = (shake) => (seed, blockLen) => {
     if (!blockLen)
         blockLen = shake.blockLen;
@@ -135,11 +121,10 @@ const createXofShake = (shake) => (seed, blockLen) => {
         },
         clean: () => {
             h.destroy();
-            buf.fill(0);
-            _seed.fill(0);
+            cleanBytes(buf, _seed);
         },
     };
 };
-exports.XOF128 = createXofShake(sha3_1.shake128);
-exports.XOF256 = createXofShake(sha3_1.shake256);
+export const XOF128 = /* @__PURE__ */ createXofShake(shake128);
+export const XOF256 = /* @__PURE__ */ createXofShake(shake256);
 //# sourceMappingURL=_crystals.js.map

package/_crystals.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"_crystals.js","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"~~;;;~~AAAA;;;GAGG;AACH,4EAA4E;AAC5E,~~6CAAwD;AAExD~~,~~yCAAqE;AAwBrE~~,~~kBAAkB;AAClB~~,~~SAAS~~,WAAW,~~CAAC,CAAS,~~EAAE,~~OAAe~~,CAAC;~~IAC9C~~,~~MAAM~~,~~MAAM~~,~~GAAG,CAAC,CAAC,~~QAAQ,~~CAAC~~,~~CAAC,CAAC,CAAC,~~QAAQ,~~CAAC,CAAC,~~EAAE,~~GAAG,CAAC,CAAC;IAC9C,~~MAAM,~~MAAM~~,~~GAAG,MAAM,~~CAAC~~,KAAK,CAAC,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC~~;~~IACpD~~,~~MAAM~~,~~MAAM~~,~~GAAG~~,~~MAAM~~,~~CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,~~OAAO,EAAE,~~CAAC~~,~~IAAI~~,CAAC~~,EAAE,CAAC,CAAC~~;~~IACnD~~,~~OAAO,~~MAAM,CAAC,~~QAAQ,CAAC,~~MAAM,~~EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAEM,MAAM,~~WAAW,GAAG,CACzB,IAAoB,EAUpB,EAAE;IACF,mDAAmD;IACnD,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC5C,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC9B,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IACF,0BAA0B;IAC1B,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC,CAAC;IACF,~~kBAAkB~~;~~IAClB~~,SAAS,SAAS;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACzD,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;IAE7B,6BAA6B;IAC7B,+CAA+C;IAE/C,8FAA8F;IAC9F,8EAA8E;~~IAC9E~~,~~sDAAsD;IACtD,~~MAAM,~~IAAI~~,GAAG,~~OAAO~~,~~CAAC~~,CAAC,~~CAAC~~,~~GAAG~~,~~CAAC~~,~~CAAC~~,~~CAAC~~,CAAC,~~CAAC;IAC/B,MAAM,IAAI,~~GAAG,~~OAAO,~~CAAC,CAAC,CAAC,~~CAAC~~,CAAC,CAAC,~~CAAC~~,CAAC,CAAC~~;IAC7B~~,~~MAAM,~~GAAG,~~GAAG;QACV~~,~~MAAM,EAAE,~~CAAC,~~CAAI,EAAE,EAAE;YACf,KAAK,IAAI,~~CAAC,GAAG,CAAC,~~EAAE,~~GAAG,~~GAAG,GAAG,~~EAAE,~~GAAG~~,~~GAAG~~,~~IAAI,~~EAAE,~~GAAG~~,~~KAAK~~,~~CAAC,~~EAAE,CAAC~~;gBACjD~~,~~KAAK,IAAI,KAAK,~~GAAG,CAAC,~~EAAE~~,~~KAAK~~,GAAG,CAAC,~~EAAE,KAAK,IAAI,~~CAAC,GAAG,~~GAAG~~,~~EAAE,~~CAAC~~;oBAChD~~,~~MAAM,IAAI,~~GAAG,~~QAAQ~~,CAAC,CAAC,~~EAAE~~,CAAC~~,CAAC~~;~~oBAC3B~~,~~KAAK,IAAI,CAAC,~~GAAG,~~KAAK,~~EAAE,CAAC,~~GAAG~~,~~KAAK,GAAG,GAAG,~~EAAE,~~CAAC~~,EAAE,EAAE,CAAC~~;wBACzC~~,~~MAAM,CAAC,~~GAAG,~~GAAG,~~CAAC,~~IAAI,GAAG,~~CAAC,CAAC,~~CAAC,~~GAAG,~~GAAG,~~CAAC,CAAC,~~CAAC;wBACjC~~,CAAC,CAAC,~~CAAC,~~GAAG,~~GAAG,~~CAAC,~~GAAG,GAAG,~~CAAC,CAAC,~~CAAC,CAAC,CAAC,~~GAAG,CAAC~~,CAAC,GAAG,CAAC,CAAC~~;~~wBAC/B~~,~~CAAC,CAAC,CAAC,CAAC,~~GAAG,~~GAAG~~,CAAC,~~CAAC~~,~~CAAC~~,~~CAAC~~,~~CAAC~~,~~GAAG~~,~~CAAC~~,CAAC,~~GAAG~~,CAAC,CAAC;~~oBAC3B~~,CAAC;~~gBACH~~,CAAC;~~YACH~~,~~CAAC;YACD~~,OAAO,~~CAAC,CAAC~~;~~QACX~~,CAAC;QACD,~~MAAM~~,EAAE,~~CAAC~~,~~CAAI~~,EAAE,~~EAAE~~;~~YACf~~,~~KAAK~~,~~IAAI~~,CAAC,~~GAAG~~,~~IAAI~~,~~GAAG~~,CAAC,~~EAAE~~,~~GAAG~~,~~GAAG,~~CAAC,GAAG,~~IAAI,~~EAAE,~~GAAG~~,~~GAAG~~,~~IAAI~~,GAAG,~~IAAI,EAAE,~~GAAG,~~KAAK~~,CAAC,~~EAAE,CAAC;gBACpE,~~KAAK,~~IAAI~~,~~KAAK~~,GAAG,~~CAAC,~~EAAE,KAAK,~~GAAG,CAAC,~~EAAE,~~KAAK,IAAI,CAAC,~~GAAG,~~GAAG~~,EAAE,CAAC;~~oBAChD~~,MAAM,~~IAAI~~,GAAG,~~QAAQ~~,CAAC,~~CAAC~~,EAAE,~~CAAC~~,~~CAAC;oBAC3B~~,~~KAAK~~,IAAI,~~CAAC,GAAG,KAAK,~~EAAE,~~CAAC,~~GAAG,~~KAAK~~,~~GAAG,GAAG,~~EAAE,CAAC,~~EAAE,EAAE,~~CAAC;~~wBACzC~~,MAAM,~~CAAC~~,GAAG~~,CAAC,CAAC,CAAC,CAAC,CAAC~~;~~wBACf~~,~~CAAC~~,~~CAAC~~,CAAC,~~CAAC~~,~~GAAG~~,~~GAAG~~,~~CAAC~~,~~CAAC,~~GAAG,CAAC,CAAC,~~CAAC~~,~~GAAG,GAAG,~~CAAC,CAAC~~,CAAC~~;~~wBAC3B~~,~~CAAC~~,~~CAAC~~,CAAC,~~GAAG~~,~~GAAG~~,~~CAAC~~,GAAG,~~GAAG,~~CAAC,~~IAAI~~,~~GAAG,~~CAAC,CAAC~~,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC~~;~~oBAC5C~~,~~CAAC~~;~~gBACH~~,~~CAAC;YACH,CAAC;YACD,~~KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;IACF,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,CAAwB,EAAoB,EAAE;QAC1E,MAAM,IAAI,GAAG,~~IAAA~~,~~kBAAO~~,~~EAAC,~~CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,CAAC,IAAO,EAAc,EAAE;gBAC9B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACnE,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,MAAM,CAAC;oBAC5C,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,GAAG,~~IAAA~~,~~kBAAO~~,~~EAAC,~~MAAM,CAAC,CAAC;gBAC/E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,EAAE,CAAC,KAAiB,EAAK,EAAE;gBAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACpE,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;oBAC1B,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;AACjD,CAAC,CAAC;~~AApGW,QAAA,WAAW,eAoGtB;~~AAEF,MAAM,cAAc,GAClB,CAAC,KAAsB,EAAO,EAAE,CAChC,CAAC,IAAgB,EAAE,QAAiB,EAAE,EAAE;IACtC,IAAI,CAAC,QAAQ;QAAE,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IACzC,kCAAkC;IAClC,gEAAgE;IAChE,iDAAiD;IAEjD,8DAA8D;IAC9D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,uBAAuB;IAC7D,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9B,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YAC5B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnC,KAAK,EAAE,CAAC;YACR,OAAO,GAAG,EAAE;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,~~GAAG~~,CAAC,~~IAAI~~,~~CAAC~~,~~CAAC,CAAC,CAAC;YACZ,~~KAAK,CAAC,~~IAAI,~~CAAC~~,CAAC,CAAC,CAAC~~;~~QAChB~~,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;~~AAES~~,~~QAAA~~,MAAM,~~GAAwB~~,cAAc,CAAC,~~eAAQ~~,CAAC,CAAC;~~AACvD~~,~~QAAA~~,MAAM,~~GAAwB~~,cAAc,CAAC,~~eAAQ~~,CAAC,CAAC"}
1	+ {"version":3,"file":"_crystals.js","sourceRoot":"","sources":["src/_crystals.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,4EAA4E;AAC5E,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,MAAM,+BAA+B,CAAC;AACrE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAE3D,OAAO,EAAsB,UAAU,EAAc,OAAO,EAAE,MAAM,YAAY,CAAC;AAwBjF,MAAM,CAAC,MAAM,WAAW,GAAG,CACzB,IAAoB,EAUpB,EAAE;IACF,mDAAmD;IACnD,MAAM,EAAE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC;IACnE,MAAM,GAAG,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC5C,MAAM,MAAM,GAAG,CAAC,GAAG,MAAM,GAAG,CAAC,CAAC;QAC9B,OAAO,CAAC,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;IAChE,CAAC,CAAC;IACF,0BAA0B;IAC1B,MAAM,IAAI,GAAG,CAAC,CAAS,EAAE,MAAM,GAAG,CAAC,EAAU,EAAE;QAC7C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC;QAC7B,OAAO,CAAC,CAAC,GAAG,MAAM,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACtD,CAAC,CAAC;IACF,iGAAiG;IACjG,SAAS,SAAS;QAChB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACvB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;YAC3B,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;YAClC,MAAM,CAAC,GAAG,MAAM,CAAC,aAAa,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACzD,GAAG,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACzB,CAAC;QACD,OAAO,GAAG,CAAC;IACb,CAAC;IACD,MAAM,QAAQ,GAAG,SAAS,EAAE,CAAC;IAE7B,6BAA6B;IAC7B,+CAA+C;IAE/C,8FAA8F;IAC9F,8EAA8E;IAE9E,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACzD,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACzD,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;QACzD,GAAG,EAAE,CAAC,EAAU,EAAE,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;QACrC,CAAC;KACF,CAAC;IACF,MAAM,OAAO,GAAG;QACd,CAAC;QACD,KAAK,EAAE,QAAe;QACtB,iBAAiB,EAAE,IAAI;QACvB,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC3B,GAAG,EAAE,KAAK;KACX,CAAC;IACF,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACvD,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IACtD,MAAM,GAAG,GAAG;QACV,MAAM,EAAE,CAAC,CAAI,EAAK,EAAE;YAClB,OAAO,GAAG,CAAC,CAAC,CAAQ,CAAC;QACvB,CAAC;QACD,MAAM,EAAE,CAAC,CAAI,EAAK,EAAE;YAClB,GAAG,CAAC,CAAQ,CAAC,CAAC;YACd,4CAA4C;YAC5C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACxD,OAAO,CAAC,CAAC;QACX,CAAC;KACF,CAAC;IACF,6BAA6B;IAC7B,MAAM,SAAS,GAAG,CAAC,CAAS,EAAE,CAAwB,EAAoB,EAAE;QAC1E,MAAM,IAAI,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;QACxB,MAAM,QAAQ,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC7B,OAAO;YACL,QAAQ;YACR,MAAM,EAAE,CAAC,IAAO,EAAc,EAAE;gBAC9B,MAAM,CAAC,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC;gBACnC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACnE,GAAG,IAAI,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,MAAM,CAAC;oBAC5C,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC/E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;YACD,MAAM,EAAE,CAAC,KAAiB,EAAK,EAAE;gBAC/B,MAAM,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,MAAM,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;oBACpE,GAAG,IAAI,KAAK,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC;oBAC1B,MAAM,IAAI,CAAC,CAAC;oBACZ,OAAO,MAAM,IAAI,CAAC,EAAE,MAAM,IAAI,CAAC,EAAE,GAAG,KAAK,CAAC;wBAAE,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC;gBAC9E,CAAC;gBACD,OAAO,CAAC,CAAC;YACX,CAAC;SACF,CAAC;IACJ,CAAC,CAAC;IAEF,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;AACjD,CAAC,CAAC;AAEF,MAAM,cAAc,GAClB,CAAC,KAAsB,EAAO,EAAE,CAChC,CAAC,IAAgB,EAAE,QAAiB,EAAE,EAAE;IACtC,IAAI,CAAC,QAAQ;QAAE,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC;IACzC,kCAAkC;IAClC,gEAAgE;IAChE,iDAAiD;IAEjD,8DAA8D;IAC9D,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC9C,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAChB,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC5B,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,uBAAuB;IAC7D,IAAI,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;IACzB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,OAAO;QACL,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;QAC9B,GAAG,EAAE,CAAC,CAAS,EAAE,CAAS,EAAE,EAAE;YAC5B,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,KAAK,CAAC,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC;YACvB,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACnC,KAAK,EAAE,CAAC;YACR,OAAO,GAAG,EAAE;gBACV,IAAI,EAAE,CAAC;gBACP,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;YACxB,CAAC,CAAC;QACJ,CAAC;QACD,KAAK,EAAE,GAAG,EAAE;YACV,CAAC,CAAC,OAAO,EAAE,CAAC;YACZ,UAAU,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACzB,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEJ,MAAM,CAAC,MAAM,MAAM,GAAQ,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC;AACpE,MAAM,CAAC,MAAM,MAAM,GAAQ,eAAe,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC"}

package/hybrid.d.ts ADDED Viewed

@@ -0,0 +1,102 @@
+/**
+ * Post-Quantum Hybrid Cryptography
+ *
+ * The current implementation is flawed and likely redundant. We should offer
+ * a small, generic API to compose hybrid schemes instead of reimplementing
+ * protocol-specific logic (SSH, GPG, etc.) with ad hoc encodings.
+ *
+ * 1. Core Issues
+ *    - sign/verify: implemented as two separate operations with different keys.
+ *    - EC getSharedSecret: could be refactored into a proper KEM.
+ *    - Multiple calls: keys, signatures, and shared secrets could be
+ *      concatenated to reduce the number of API invocations.
+ *    - Reinvention: most libraries add strange domain separations and
+ *      encodings instead of simple byte concatenation.
+ *
+ * 2. API Goals
+ *    - Provide primitives to build hybrids generically.
+ *    - Avoid embedding SSH- or GPG-specific formats in the core API.
+ *
+ * 3. Edge Cases
+ *    • Variable-length signatures:
+ *      - DER-encoded (Weierstrass curves).
+ *      - Falcon (unpadded).
+ *      - Concatenation works only if length is fixed; otherwise a length
+ *        prefix is required (but that breaks compatibility).
+ *
+ *    • getSharedSecret:
+ *      - Default: non-KEM (authenticated ECDH).
+ *      - KEM conversion: generate a random SK to remove implicit auth.
+ *
+ * 4. Common Pitfalls
+ *    - Seed expansion:
+ *      • Expanding a small seed into multiple keys reduces entropy.
+ *      • API should allow identity mapping (no expansion).
+ *
+ *    - Skipping full point encoding:
+ *      • Some omit the compression byte (parity) for WebCrypto compatibility.
+ *      • Better: hash the raw secret; coordinate output is already non-uniform.
+ *      • Some curves (e.g., X448) produce secrets that must be re-hashed to match
+ *        symmetric-key lengths.
+ *
+ *    - Combiner inconsistencies:
+ *      • Different domain separations and encodings across libraries.
+ *      • Should live at the application layer, since key lengths vary.
+ *
+ * 5. Protocol Examples
+ *    - SSH:
+ *      • Concatenate keys.
+ *      • Combiner: SHA-512.
+ *
+ *    - GPG:
+ *      • Concatenate keys.
+ *      • Combiner: SHA3-256(kemShare || ecdhShare || ciphertext || pubKey || algId || domSep || len(domSep))
+ *
+ *    - TLS:
+ *      • Transcript-based derivation (HKDF).
+ *
+ * 6. Relevant Specs & Implementations
+ *    - IETF Hybrid KEM drafts:
+ *      • draft-irtf-cfrg-hybrid-kems
+ *      • draft-connolly-cfrg-xwing-kem
+ *      • draft-westerbaan-tls-xyber768d00
+ *
+ *    - PQC Libraries:
+ *      • superdilithium (cyph/pqcrypto.js) – low adoption.
+ *      • hybrid-pqc (DogeProtocol, quantumcoinproject) – complex encodings.
+ *
+ * 7. Signatures
+ *    - Ed25519: fixed-size, easy to support.
+ *    - Variable-size: introduces custom format requirements; best left to
+ *      higher-level code.
+ *
+ * @module
+ */
+/*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) */
+import { type EdDSA } from '@noble/curves/abstract/edwards.js';
+import { type MontgomeryECDH } from '@noble/curves/abstract/montgomery.js';
+import { type ECDSA } from '@noble/curves/abstract/weierstrass.js';
+import { type CHash, type CHashXOF } from '@noble/hashes/utils.js';
+import { type KEM, type Signer } from './utils.ts';
+type CurveECDH = ECDSA | MontgomeryECDH;
+type CurveSign = ECDSA | EdDSA;
+export declare const ecdhKem: (curve: CurveECDH, allowZeroKey?: boolean) => KEM;
+export declare const ecSigner: (curve: CurveSign, allowZeroKey?: boolean) => Signer;
+export type ExpandSeed = (seed: Uint8Array, len: number) => Uint8Array;
+type XOF = CHashXOF<any, {
+    dkLen: number;
+}>;
+export declare function expandSeedXof(xof: XOF): ExpandSeed;
+export type Combiner = (publicKeys: Uint8Array[], cipherTexts: Uint8Array[], sharedSecrets: Uint8Array[]) => Uint8Array;
+export declare function combineKEMS(realSeedLen: number | undefined, // how much bytes expandSeed expects
+realMsgLen: number | undefined, // how much bytes combiner returns
+expandSeed: ExpandSeed, combiner: Combiner, ...kems: KEM[]): KEM;
+export declare function combineSigners(realSeedLen: number | undefined, expandSeed: ExpandSeed, ...signers: Signer[]): Signer;
+export declare function QSF(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, kdf: CHash): KEM;
+export declare const QSFMLKEM768P256: KEM;
+export declare const QSFMLKEM1024P384: KEM;
+export declare function KitchenSink(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, hash: CHash): KEM;
+export declare const KitchenSinkMLKEM768X25519: KEM;
+export declare const XWing: KEM;
+export {};
+//# sourceMappingURL=hybrid.d.ts.map

package/hybrid.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,uCAAuC,CAAC;AAanE,OAAO,EAA0B,KAAK,KAAK,EAAE,KAAK,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE3F,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,MAAM,EACZ,MAAM,YAAY,CAAC;AAGpB,KAAK,SAAS,GAAG,KAAK,GAAG,cAAc,CAAC;AACxC,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,CAAC;AAyB/B,eAAO,MAAM,OAAO,GAAI,OAAO,SAAS,EAAE,eAAc,OAAe,KAAG,GAmBzE,CAAC;AAEF,eAAO,MAAM,QAAQ,GAAI,OAAO,SAAS,EAAE,eAAc,OAAe,KAAG,MAU1E,CAAC;AAcF,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,KAAK,UAAU,CAAC;AACvE,KAAK,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAG5C,wBAAgB,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,UAAU,CAElD;AAED,MAAM,MAAM,QAAQ,GAAG,CACrB,UAAU,EAAE,UAAU,EAAE,EACxB,WAAW,EAAE,UAAU,EAAE,EACzB,aAAa,EAAE,UAAU,EAAE,KACxB,UAAU,CAAC;AAsChB,wBAAgB,WAAW,CACzB,WAAW,EAAE,MAAM,GAAG,SAAS,EAAE,oCAAoC;AACrE,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,kCAAkC;AAClE,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,QAAQ,EAClB,GAAG,IAAI,EAAE,GAAG,EAAE,GACb,GAAG,CAoCL;AAGD,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,UAAU,EAAE,UAAU,EACtB,GAAG,OAAO,EAAE,MAAM,EAAE,GACnB,MAAM,CAwBR;AAED,wBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,GAAG,GAAG,CAWrF;AAED,eAAO,MAAM,eAAe,EAAE,GAM7B,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,GAM9B,CAAC;AAEF,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,GAAG,GAAG,CAwB9F;AAGD,eAAO,MAAM,yBAAyB,EAAE,GAMvC,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,GAQnB,CAAC"}