@noble/post-quantum 0.5.2 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/README.md +41 -32
  2. package/hybrid.d.ts +5 -2
  3. package/hybrid.d.ts.map +1 -1
  4. package/hybrid.js +71 -7
  5. package/hybrid.js.map +1 -1
  6. package/package.json +3 -3
  7. package/src/hybrid.ts +91 -14
package/README.md CHANGED
@@ -5,11 +5,11 @@ Auditable & minimal JS implementation of post-quantum public-key cryptography.
5
5
  - 🔒 Auditable
6
6
  - ðŸ”ŧ Tree-shakeable: unused code is excluded from your builds
7
7
  - 🔍 Reliable: tests ensure correctness
8
- - ðŸĶū ML-KEM & CRYSTALS-Kyber: lattice-based kem from FIPS-203
8
+ - ðŸĶū ML-KEM & CRYSTALS-Kyber: lattice-based KEM from FIPS-203
9
9
  - 🔋 ML-DSA & CRYSTALS-Dilithium: lattice-based signatures from FIPS-204
10
10
  - 🐈 SLH-DSA & SPHINCS+: hash-based Winternitz signatures from FIPS-205
11
- - ðŸĄ Hybrid algorithms, combining classic & post-quantum
12
- - ðŸŠķ 16KB (gzipped) for everything, including bundled noble-hashes & noble-curves
11
+ - ðŸĄ Hybrid algorithms, combining classic & post-quantum: Concrete, XWing, KitchenSink
12
+ - ðŸŠķ 16KB (gzipped) for everything, including bundled hashes & curves
13
13
 
14
14
  Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-quantum/discussions) for questions and support.
15
15
 
@@ -33,8 +33,8 @@ Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-qu
33
33
  [post-quantum](https://github.com/paulmillr/noble-post-quantum),
34
34
  5kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
35
35
  [ed25519](https://github.com/paulmillr/noble-ed25519)
36
- - [Check out homepage](https://paulmillr.com/noble/)
37
- for reading resources, documentation and apps built with noble
36
+ - [Check out the homepage](https://paulmillr.com/noble/)
37
+ for reading resources, documentation, and apps built with noble
38
38
 
39
39
  ## Usage
40
40
 
@@ -69,7 +69,8 @@ import {
69
69
  import {
70
70
  XWing,
71
71
  KitchenSinkMLKEM768X25519,
72
- QSFMLKEM768P256, QSFMLKEM1024P384
72
+ QSFMLKEM768P256, QSFMLKEM1024P384,
73
+ MLKEM768P256, MLKEM768X25519, MLKEM1024P384,
73
74
  } from '@noble/post-quantum/hybrids.js';
74
75
  ```
75
76
 
@@ -129,8 +130,8 @@ import { randomBytes } from '@noble/post-quantum/utils.js';
129
130
  const seed = randomBytes(32); // seed is optional
130
131
  const keys = ml_dsa65.keygen(seed);
131
132
  const msg = new TextEncoder().encode('hello noble');
132
- const sig = ml_dsa65.sign(keys.secretKey, msg);
133
- const isValid = ml_dsa65.verify(keys.publicKey, msg, sig);
133
+ const sig = ml_dsa65.sign(msg, keys.secretKey);
134
+ const isValid = ml_dsa65.verify(sig, msg, keys.publicKey);
134
135
  ```
135
136
 
136
137
  Lattice-based digital signature algorithm, defined in [FIPS-204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf). See
@@ -142,7 +143,7 @@ The internals are similar to ML-KEM, but keys and params are different.
142
143
 
143
144
  ```ts
144
145
  import {
145
- slh_dsa_sha2_128f,
146
+ slh_dsa_sha2_128f as sph,
146
147
  slh_dsa_sha2_128s,
147
148
  slh_dsa_sha2_192f,
148
149
  slh_dsa_sha2_192s,
@@ -158,8 +159,8 @@ import {
158
159
 
159
160
  const keys2 = sph.keygen();
160
161
  const msg2 = new TextEncoder().encode('hello noble');
161
- const sig2 = sph.sign(keys2.secretKey, msg2);
162
- const isValid2 = sph.verify(keys2.publicKey, msg2, sig2);
162
+ const sig2 = sph.sign(msg2, keys2.secretKey);
163
+ const isValid2 = sph.verify(sig2, msg2, keys2.publicKey);
163
164
  ```
164
165
 
165
166
  Hash-based digital signature algorithm, defined in [FIPS-205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf).
@@ -175,15 +176,22 @@ SLH-DSA is slow: see [benchmarks](#speed) for key size & speed.
175
176
  import {
176
177
  XWing,
177
178
  KitchenSinkMLKEM768X25519,
178
- QSFMLKEM768P256, QSFMLKEM1024P384
179
+ QSFMLKEM768P256, QSFMLKEM1024P384,
180
+ MLKEM768P256, MLKEM768X25519, MLKEM1024P384,
179
181
  } from '@noble/post-quantum/hybrids.js';
180
182
  ```
181
183
 
182
- XWing is x25519+mlkem768, just like kitchensink.
184
+ - **XWing** / **MLKEM768X25519**: ML-KEM-768 + X25519 (CG Framework)
185
+ - **KitchenSinkMLKEM768X25519**: ML-KEM-768 + X25519 with HKDF-SHA256 combiner
186
+ - **QSFMLKEM768P256**: ML-KEM-768 + P-256 (QSF construction)
187
+ - **QSFMLKEM1024P384**: ML-KEM-1024 + P-384 (QSF construction)
188
+ - **MLKEM768P256**: ML-KEM-768 + P-256 (CG Framework)
189
+ - **MLKEM1024P384**: ML-KEM-1024 + P-384 (CG Framework)
183
190
 
184
191
  The following spec drafts are matched:
185
192
 
186
193
  - [irtf-cfrg-hybrid-kems](https://datatracker.ietf.org/doc/draft-irtf-cfrg-hybrid-kems/)
194
+ - [irtf-cfrg-concrete-hybrid-kems](https://datatracker.ietf.org/doc/draft-irtf-cfrg-concrete-hybrid-kems/)
187
195
  - [connolly-cfrg-xwing-kem](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/)
188
196
  - [tls-westerbaan-xyber768d00](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/)
189
197
 
@@ -202,11 +210,14 @@ We suggest to use ECC + ML-KEM for key agreement, ECC + SLH-DSA for signatures.
202
210
 
203
211
  ML-KEM and ML-DSA are lattice-based. SLH-DSA is hash-based, which means it is built on top of older, more conservative primitives. NIST guidance for security levels:
204
212
 
205
- - Category 3 (~AES-192): ML-KEM-768, ML-DSA-65, SLH-DSA-[SHA2/shake]-192[s/f]
206
- - Category 5 (~AES-256): ML-KEM-1024, ML-DSA-87, SLH-DSA-[SHA2/shake]-256[s/f]
213
+ - Category 3 (~AES-192): ML-KEM-768, ML-DSA-65, SLH-DSA-192
214
+ - Category 5 (~AES-256): ML-KEM-1024, ML-DSA-87, SLH-DSA-256
207
215
 
208
216
  NIST recommends to use cat-3+, while australian [ASD only allows cat-5 after 2030](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography).
209
217
 
218
+ It's also useful to check out [NIST SP 800-131Ar3](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf)
219
+ for "Transitioning the Use of Cryptographic Algorithms and Key Lengths".
220
+
210
221
  For [hashes](https://github.com/paulmillr/noble-hashes), use SHA512 or SHA3-512 (not SHA256); and for [ciphers](https://github.com/paulmillr/noble-ciphers) ensure AES-256 or ChaCha.
211
222
 
212
223
  ## Security
@@ -223,34 +234,32 @@ Keep in mind that even hardware versions ML-KEM [are vulnerable](https://eprint.
223
234
 
224
235
  ### Supply chain security
225
236
 
226
- - **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures
227
- - **Releases** are transparent and built on GitHub CI.
228
- Check out [attested checksums of single-file builds](https://github.com/paulmillr/noble-post-quantum/attestations)
229
- and [provenance logs](https://github.com/paulmillr/noble-post-quantum/actions/workflows/release.yml)
230
- - **Rare releasing** is followed to ensure less re-audit need for end-users
231
- - **Dependencies** are minimized and locked-down: any dependency could get hacked and users will be downloading malware with every install.
232
- - We make sure to use as few dependencies as possible
233
- - Automatic dep updates are prevented by locking-down version ranges; diffs are checked with `npm-diff`
234
- - **Dev Dependencies** are disabled for end-users; they are only used to develop / build the source code
237
+ - **Commits** are signed with PGP keys to prevent forgery. Be sure to verify the commit signatures
238
+ - **Releases** are made transparently through token-less GitHub CI and Trusted Publishing. Be sure to verify the [provenance logs](https://docs.npmjs.com/generating-provenance-statements) for authenticity.
239
+ - **Rare releasing** is practiced to minimize the need for re-audits by end-users.
240
+ - **Dependencies** are minimized and strictly pinned to reduce supply-chain risk.
241
+ - We use as few dependencies as possible.
242
+ - Version ranges are locked, and changes are checked with npm-diff.
243
+ - **Dev dependencies** are excluded from end-user installs; they're only used for development and build steps.
235
244
 
236
245
  For this package, there is 1 dependency; and a few dev dependencies:
237
246
 
238
247
  - [noble-hashes](https://github.com/paulmillr/noble-hashes) provides cryptographic hashing functionality
239
- - micro-bmark, micro-should and jsbt are used for benchmarking / testing / build tooling and developed by the same author
240
- - prettier, fast-check and typescript are used for code quality / test generation / ts compilation. It's hard to audit their source code thoroughly and fully because of their size
248
+ - jsbt is used for benchmarking / testing / build tooling and developed by the same author
249
+ - prettier, fast-check and typescript are used for code quality / test generation / ts compilation
241
250
 
242
251
  ### Randomness
243
252
 
244
- We're deferring to built-in
245
- [crypto.getRandomValues](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues)
246
- which is considered cryptographically secure (CSPRNG).
253
+ We rely on the built-in
254
+ [`crypto.getRandomValues`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues),
255
+ which is considered a cryptographically secure PRNG.
247
256
 
248
- In the past, browsers had bugs that made it weak: it may happen again.
249
- Implementing a userspace CSPRNG to get resilient to the weakness
250
- is even worse: there is no reliable userspace source of quality entropy.
257
+ Browsers have had weaknesses in the past - and could again - but implementing a userspace CSPRNG is even worse, as there’s no reliable userspace source of high-quality entropy.
251
258
 
252
259
  ## Speed
253
260
 
261
+ > `npm run bench`
262
+
254
263
  Noble is the fastest JS implementation of post-quantum algorithms.
255
264
  WASM libraries can be faster.
256
265
  For SLH-DSA, SHAKE slows everything down 8x, and -s versions do another 20-50x slowdown.
package/hybrid.d.ts CHANGED
@@ -80,8 +80,8 @@ import { type CHash, type CHashXOF } from '@noble/hashes/utils.js';
80
80
  import { type KEM, type Signer } from './utils.ts';
81
81
  type CurveECDH = ECDSA | MontgomeryECDH;
82
82
  type CurveSign = ECDSA | EdDSA;
83
- export declare const ecdhKem: (curve: CurveECDH, allowZeroKey?: boolean) => KEM;
84
- export declare const ecSigner: (curve: CurveSign, allowZeroKey?: boolean) => Signer;
83
+ export declare function ecdhKem(curve: CurveECDH, allowZeroKey?: boolean): KEM;
84
+ export declare function ecSigner(curve: CurveSign, allowZeroKey?: boolean): Signer;
85
85
  export type ExpandSeed = (seed: Uint8Array, len: number) => Uint8Array;
86
86
  type XOF = CHashXOF<any, {
87
87
  dkLen: number;
@@ -98,5 +98,8 @@ export declare const QSFMLKEM1024P384: KEM;
98
98
  export declare function KitchenSink(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, hash: CHash): KEM;
99
99
  export declare const KitchenSinkMLKEM768X25519: KEM;
100
100
  export declare const XWing: KEM;
101
+ export declare const MLKEM768X25519: KEM;
102
+ export declare const MLKEM768P256: KEM;
103
+ export declare const MLKEM1024P384: KEM;
101
104
  export {};
102
105
  //# sourceMappingURL=hybrid.d.ts.map
package/hybrid.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,uCAAuC,CAAC;AAanE,OAAO,EAA0B,KAAK,KAAK,EAAE,KAAK,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE3F,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,MAAM,EACZ,MAAM,YAAY,CAAC;AAGpB,KAAK,SAAS,GAAG,KAAK,GAAG,cAAc,CAAC;AACxC,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,CAAC;AAyB/B,eAAO,MAAM,OAAO,GAAI,OAAO,SAAS,EAAE,eAAc,OAAe,KAAG,GAmBzE,CAAC;AAEF,eAAO,MAAM,QAAQ,GAAI,OAAO,SAAS,EAAE,eAAc,OAAe,KAAG,MAU1E,CAAC;AAeF,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,KAAK,UAAU,CAAC;AACvE,KAAK,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAG5C,wBAAgB,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,UAAU,CAElD;AAED,MAAM,MAAM,QAAQ,GAAG,CACrB,UAAU,EAAE,UAAU,EAAE,EACxB,WAAW,EAAE,UAAU,EAAE,EACzB,aAAa,EAAE,UAAU,EAAE,KACxB,UAAU,CAAC;AAsChB,wBAAgB,WAAW,CACzB,WAAW,EAAE,MAAM,GAAG,SAAS,EAAE,oCAAoC;AACrE,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,kCAAkC;AAClE,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,QAAQ,EAClB,GAAG,IAAI,EAAE,GAAG,EAAE,GACb,GAAG,CAoCL;AAGD,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,UAAU,EAAE,UAAU,EACtB,GAAG,OAAO,EAAE,MAAM,EAAE,GACnB,MAAM,CAwBR;AAED,wBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,GAAG,GAAG,CAWrF;AAED,eAAO,MAAM,eAAe,EAAE,GAM7B,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,GAM9B,CAAC;AAEF,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,GAAG,GAAG,CAwB9F;AAGD,eAAO,MAAM,yBAAyB,EAAE,GAMvC,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,GAQnB,CAAC"}
1
+ {"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,uCAAuC,CAAC;AAanE,OAAO,EAA0B,KAAK,KAAK,EAAE,KAAK,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE3F,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,MAAM,EACZ,MAAM,YAAY,CAAC;AAGpB,KAAK,SAAS,GAAG,KAAK,GAAG,cAAc,CAAC;AACxC,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,CAAC;AAyB/B,wBAAgB,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,YAAY,GAAE,OAAe,GAAG,GAAG,CAmB5E;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,YAAY,GAAE,OAAe,GAAG,MAAM,CAUhF;AAeD,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,KAAK,UAAU,CAAC;AACvE,KAAK,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAG5C,wBAAgB,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,UAAU,CAElD;AAED,MAAM,MAAM,QAAQ,GAAG,CACrB,UAAU,EAAE,UAAU,EAAE,EACxB,WAAW,EAAE,UAAU,EAAE,EACzB,aAAa,EAAE,UAAU,EAAE,KACxB,UAAU,CAAC;AAsChB,wBAAgB,WAAW,CACzB,WAAW,EAAE,MAAM,GAAG,SAAS,EAAE,oCAAoC;AACrE,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,kCAAkC;AAClE,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,QAAQ,EAClB,GAAG,IAAI,EAAE,GAAG,EAAE,GACb,GAAG,CAoCL;AAGD,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,UAAU,EAAE,UAAU,EACtB,GAAG,OAAO,EAAE,MAAM,EAAE,GACnB,MAAM,CAwBR;AAED,wBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,GAAG,GAAG,CAWrF;AAED,eAAO,MAAM,eAAe,EAAE,GAM7B,CAAC;AAEF,eAAO,MAAM,gBAAgB,EAAE,GAM9B,CAAC;AAEF,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,KAAK,GAAG,GAAG,CAwB9F;AAGD,eAAO,MAAM,yBAAyB,EAAE,GAMvC,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,GASd,CAAC;AAEP,eAAO,MAAM,cAAc,EAAE,GAAW,CAAC;AAsEzC,eAAO,MAAM,YAAY,EAAE,GACkC,CAAC;AAE9D,eAAO,MAAM,aAAa,EAAE,GACkC,CAAC"}
package/hybrid.js CHANGED
@@ -108,7 +108,7 @@ function ecKeygen(curve, allowZeroKey = false) {
108
108
  getPublicKey: (secretKey) => curve.getPublicKey(secretKey),
109
109
  };
110
110
  }
111
- export const ecdhKem = (curve, allowZeroKey = false) => {
111
+ export function ecdhKem(curve, allowZeroKey = false) {
112
112
  const kg = ecKeygen(curve, allowZeroKey);
113
113
  if (!curve.getSharedSecret)
114
114
  throw new Error('wrong curve'); // ed25519 doesn't have one!
@@ -128,8 +128,8 @@ export const ecdhKem = (curve, allowZeroKey = false) => {
128
128
  return curve.lengths.publicKeyHasPrefix ? res.subarray(1) : res;
129
129
  },
130
130
  };
131
- };
132
- export const ecSigner = (curve, allowZeroKey = false) => {
131
+ }
132
+ export function ecSigner(curve, allowZeroKey = false) {
133
133
  const kg = ecKeygen(curve, allowZeroKey);
134
134
  if (!curve.sign || !curve.verify)
135
135
  throw new Error('wrong curve'); // ed25519 doesn't have one!
@@ -140,7 +140,7 @@ export const ecSigner = (curve, allowZeroKey = false) => {
140
140
  sign: (message, secretKey) => curve.sign(message, secretKey),
141
141
  verify: (signature, message, publicKey) => curve.verify(signature, message, publicKey),
142
142
  };
143
- };
143
+ }
144
144
  function splitLengths(lst, name) {
145
145
  return splitCoder(name, ...lst.map((i) => {
146
146
  if (typeof i.lengths[name] !== 'number')
@@ -214,7 +214,7 @@ expandSeed, combiner, ...kems) {
214
214
  sharedSecret: combiner(pks, cipherText, sharedSecret),
215
215
  cipherText: ctCoder.encode(cipherText),
216
216
  };
217
- cleanBytes(sharedSecret, cipherText, pks);
217
+ cleanBytes(sharedSecret, cipherText);
218
218
  return res;
219
219
  },
220
220
  decapsulate(ct, seed) {
@@ -277,7 +277,71 @@ export function KitchenSink(label, pqc, curveKEM, xof, hash) {
277
277
  const x25519kem = ecdhKem(x25519);
278
278
  export const KitchenSinkMLKEM768X25519 = KitchenSink('KitchenSink-KEM(ML-KEM-768,X25519)-XOF(SHAKE256)-KDF(HKDF-SHA-256)', ml_kem768, x25519kem, shake256, sha256);
279
279
  // Always X25519 and ML-KEM - 768, no point to export
280
- export const XWing = combineKEMS(32, 32, expandSeedXof(shake256),
280
+ export const XWing = /* @__PURE__ */ (() => combineKEMS(32, 32, expandSeedXof(shake256),
281
281
  // Awesome label, so much escaping hell in a single line.
282
- (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))), ml_kem768, x25519kem);
282
+ (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))), ml_kem768, x25519kem))();
283
+ export const MLKEM768X25519 = XWing;
284
+ function nistCurveKem(curve, scalarLen, elemLen, nseed) {
285
+ const Fn = curve.Point.Fn;
286
+ if (!Fn)
287
+ throw new Error('no Point.Fn');
288
+ function rejectionSampling(seed) {
289
+ let sk;
290
+ for (let start = 0, end = scalarLen;; start = end, end += scalarLen) {
291
+ if (end > seed.length)
292
+ throw new Error('rejection sampling failed');
293
+ sk = Fn.fromBytes(seed.subarray(start, end), true);
294
+ if (Fn.isValidNot0(sk))
295
+ break;
296
+ }
297
+ const secretKey = Fn.toBytes(Fn.create(sk));
298
+ const publicKey = curve.getPublicKey(secretKey, false);
299
+ return { secretKey, publicKey };
300
+ }
301
+ return {
302
+ lengths: {
303
+ secretKey: scalarLen,
304
+ publicKey: elemLen,
305
+ seed: nseed,
306
+ msg: nseed,
307
+ cipherText: elemLen,
308
+ },
309
+ keygen(seed = randomBytes(nseed)) {
310
+ abytes(seed, nseed, 'seed');
311
+ return rejectionSampling(seed);
312
+ },
313
+ getPublicKey(secretKey) {
314
+ return curve.getPublicKey(secretKey, false);
315
+ },
316
+ encapsulate(publicKey, rand = randomBytes(nseed)) {
317
+ abytes(rand, nseed, 'rand');
318
+ const { secretKey: ek } = rejectionSampling(rand);
319
+ const sharedSecret = this.decapsulate(publicKey, ek);
320
+ const cipherText = curve.getPublicKey(ek, false);
321
+ cleanBytes(ek);
322
+ return { sharedSecret, cipherText };
323
+ },
324
+ decapsulate(cipherText, secretKey) {
325
+ const full = curve.getSharedSecret(secretKey, cipherText);
326
+ return full.subarray(1);
327
+ },
328
+ };
329
+ }
330
+ function concreteHybridKem(label, mlkem, curve, nseed) {
331
+ const { secretKey: scalarLen, publicKeyUncompressed: elemLen } = curve.lengths;
332
+ if (!scalarLen || !elemLen)
333
+ throw new Error('wrong curve');
334
+ const curveKem = nistCurveKem(curve, scalarLen, elemLen, nseed);
335
+ const mlkemSeedLen = 64;
336
+ const totalSeedLen = mlkemSeedLen + nseed;
337
+ return combineKEMS(32, 32, (seed) => {
338
+ abytes(seed, 32);
339
+ const expanded = shake256(seed, { dkLen: totalSeedLen });
340
+ const mlkemSeed = expanded.subarray(0, mlkemSeedLen);
341
+ const curveSeed = expanded.subarray(mlkemSeedLen, totalSeedLen);
342
+ return concatBytes(mlkemSeed, curveSeed);
343
+ }, (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes(label))), mlkem, curveKem);
344
+ }
345
+ export const MLKEM768P256 = /* @__PURE__ */ (() => concreteHybridKem('MLKEM768-P256', ml_kem768, p256, 128))();
346
+ export const MLKEM1024P384 = /* @__PURE__ */ (() => concreteHybridKem('MLKEM1024-P384', ml_kem1024, p384, 48))();
283
347
  //# sourceMappingURL=hybrid.js.map
package/hybrid.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"hybrid.js","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAc,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAuB,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAc,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAA6B,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EACL,UAAU,EACV,WAAW,EACX,UAAU,GAIX,MAAM,YAAY,CAAC;AAMpB,8FAA8F;AAC9F,SAAS,QAAQ,CAAC,KAAe,EAAE,eAAwB,KAAK;IAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC9B,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,IAAI,YAAY,EAAE,CAAC;QACjB,0DAA0D;QAC1D,MAAM,MAAM,GAAG,KAAoB,CAAC;QACpC,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,GAAG,CAAC,OAAmB,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE;YACxD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAK,EAAE,MAAM,CAAC,CAAC;YACpC,MAAM,UAAU,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kCAAkC;YACvF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,CAAC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;QAC3F,MAAM;QACN,YAAY,EAAE,CAAC,SAAqB,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC;KACvE,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,KAAgB,EAAE,eAAwB,KAAK,EAAO,EAAE;IAC9E,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,eAAe;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IACxF,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE;QAClF,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,WAAW,CAAC,SAAqB,EAAE,OAAmB,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;YACxF,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;YACvC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAC1C,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,CAAC,UAAsB,EAAE,SAAqB;YACvD,MAAM,GAAG,GAAG,KAAK,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAClE,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,KAAgB,EAAE,eAAwB,KAAK,EAAU,EAAE;IAClF,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IAC9F,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC3E,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,IAAI,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC;QAC5D,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC;KACvF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,YAAY,CACnB,GAAQ,EACR,IAAO;IAEP,OAAO,UAAU,CACf,IAAI,EACJ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACf,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;QAClF,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAKD,qDAAqD;AACrD,MAAM,UAAU,aAAa,CAAC,GAAQ;IACpC,OAAO,CAAC,IAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AAC9E,CAAC;AAQD,SAAS,WAAW,CAClB,WAA+B,EAAE,oCAAoC;AACrE,UAAsB,EACtB,GAAG,EAAgB;IAEnB,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAC9C,2DAA2D;IAC3D,IAAI,WAAW,KAAK,SAAS;QAAE,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC;IAChE,OAAO,CAAC,WAAW,CAAC,CAAC;IACrB,SAAS,sBAAsB,CAAC,IAAgB;QAC9C,MAAM,CAAC,IAAI,EAAE,WAAY,CAAC,CAAC;QAC3B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IACD,OAAO;QACL,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE;QAC7F,YAAY,CAAC,SAAqB;YAChC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC;QAC1C,CAAC;QACD,MAAM,CAAC,OAAmB,WAAW,CAAC,WAAW,CAAC;YAChD,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACrC,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,UAAU,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxC,CAAC;QACD,sBAAsB;QACtB,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,WAAW,CACzB,WAA+B,EAAE,oCAAoC;AACrE,UAA8B,EAAE,kCAAkC;AAClE,UAAsB,EACtB,QAAkB,EAClB,GAAG,IAAW;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3C,IAAI,UAAU,KAAK,SAAS;QAAE,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC;IAC7D,OAAO,CAAC,UAAU,CAAC,CAAC;IACpB,OAAO;QACL,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO;YACpB,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,QAAQ;SAC7B;QACD,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,CAAC,EAAc,EAAE,aAAyB,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACjF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG;gBACV,YAAY,EAAE,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,YAAY,CAAC;gBACrD,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;aACvC,CAAC;YACF,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1C,OAAO,GAAG,CAAC;QACb,CAAC;QACD,WAAW,CAAC,EAAc,EAAE,IAAgB;YAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7E,OAAO,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC;AACD,gDAAgD;AAChD,kDAAkD;AAClD,MAAM,UAAU,cAAc,CAC5B,WAA+B,EAC/B,UAAsB,EACtB,GAAG,OAAiB;IAEpB,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC5E,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,CAAC,OAAO,EAAE,IAAI;YAChB,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACxD,uEAAuE;YACvE,+DAA+D;YAC/D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,GAAU;IAC9E,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EACjF,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAQ,GAAG,CACrC,uDAAuD,EACvD,SAAS,EACT,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAQ,GAAG,CACtC,wDAAwD,EACxD,UAAU,EACV,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,IAAW;IACvF,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,IAAI,CAAC,CAAC;IACZ,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;QACb,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5F,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,WAAW,CACtB,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,EACvB,YAAY,CAAC,eAAe,CAAC,EAC7B,YAAY,CAAC,EAAE,CAAC,CACjB,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QACzC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,CAAC;IACb,CAAC,EACD,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,yBAAyB,GAAQ,WAAW,CACvD,oEAAoE,EACpE,SAAS,EACT,SAAS,EACT,QAAQ,EACR,MAAM,CACP,CAAC;AAEF,qDAAqD;AACrD,MAAM,CAAC,MAAM,KAAK,GAAQ,WAAW,CACnC,EAAE,EACF,EAAE,EACF,aAAa,CAAC,QAAQ,CAAC;AACvB,yDAAyD;AACzD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,EAC3F,SAAS,EACT,SAAS,CACV,CAAC"}
1
+ {"version":3,"file":"hybrid.js","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAc,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAuB,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAc,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAA6B,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EACL,UAAU,EACV,WAAW,EACX,UAAU,GAIX,MAAM,YAAY,CAAC;AAMpB,8FAA8F;AAC9F,SAAS,QAAQ,CAAC,KAAe,EAAE,eAAwB,KAAK;IAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC9B,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,IAAI,YAAY,EAAE,CAAC;QACjB,0DAA0D;QAC1D,MAAM,MAAM,GAAG,KAAoB,CAAC;QACpC,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,GAAG,CAAC,OAAmB,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE;YACxD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAK,EAAE,MAAM,CAAC,CAAC;YACpC,MAAM,UAAU,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kCAAkC;YACvF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,CAAC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;QAC3F,MAAM;QACN,YAAY,EAAE,CAAC,SAAqB,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC;KACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,KAAgB,EAAE,eAAwB,KAAK;IACrE,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,eAAe;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IACxF,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE;QAClF,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,WAAW,CAAC,SAAqB,EAAE,OAAmB,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;YACxF,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;YACvC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAC1C,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,CAAC,UAAsB,EAAE,SAAqB;YACvD,MAAM,GAAG,GAAG,KAAK,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAClE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,KAAgB,EAAE,eAAwB,KAAK;IACtE,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IAC9F,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC3E,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,IAAI,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC;QAC5D,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC;KACvF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,GAAQ,EACR,IAAO;IAEP,OAAO,UAAU,CACf,IAAI,EACJ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACf,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;QAClF,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAKD,qDAAqD;AACrD,MAAM,UAAU,aAAa,CAAC,GAAQ;IACpC,OAAO,CAAC,IAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AAC9E,CAAC;AAQD,SAAS,WAAW,CAClB,WAA+B,EAAE,oCAAoC;AACrE,UAAsB,EACtB,GAAG,EAAgB;IAEnB,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAC9C,2DAA2D;IAC3D,IAAI,WAAW,KAAK,SAAS;QAAE,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC;IAChE,OAAO,CAAC,WAAW,CAAC,CAAC;IACrB,SAAS,sBAAsB,CAAC,IAAgB;QAC9C,MAAM,CAAC,IAAI,EAAE,WAAY,CAAC,CAAC;QAC3B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IACD,OAAO;QACL,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE;QAC7F,YAAY,CAAC,SAAqB;YAChC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC;QAC1C,CAAC;QACD,MAAM,CAAC,OAAmB,WAAW,CAAC,WAAW,CAAC;YAChD,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACrC,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,UAAU,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxC,CAAC;QACD,sBAAsB;QACtB,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,WAAW,CACzB,WAA+B,EAAE,oCAAoC;AACrE,UAA8B,EAAE,kCAAkC;AAClE,UAAsB,EACtB,QAAkB,EAClB,GAAG,IAAW;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3C,IAAI,UAAU,KAAK,SAAS;QAAE,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC;IAC7D,OAAO,CAAC,UAAU,CAAC,CAAC;IACpB,OAAO;QACL,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO;YACpB,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,QAAQ;SAC7B;QACD,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,CAAC,EAAc,EAAE,aAAyB,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACjF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG;gBACV,YAAY,EAAE,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,YAAY,CAAC;gBACrD,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;aACvC,CAAC;YACF,UAAU,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YACrC,OAAO,GAAG,CAAC;QACb,CAAC;QACD,WAAW,CAAC,EAAc,EAAE,IAAgB;YAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7E,OAAO,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC;AACD,gDAAgD;AAChD,kDAAkD;AAClD,MAAM,UAAU,cAAc,CAC5B,WAA+B,EAC/B,UAAsB,EACtB,GAAG,OAAiB;IAEpB,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC5E,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,CAAC,OAAO,EAAE,IAAI;YAChB,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACxD,uEAAuE;YACvE,+DAA+D;YAC/D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,GAAU;IAC9E,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EACjF,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAQ,GAAG,CACrC,uDAAuD,EACvD,SAAS,EACT,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAQ,GAAG,CACtC,wDAAwD,EACxD,UAAU,EACV,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,IAAW;IACvF,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,IAAI,CAAC,CAAC;IACZ,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;QACb,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5F,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,WAAW,CACtB,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,EACvB,YAAY,CAAC,eAAe,CAAC,EAC7B,YAAY,CAAC,EAAE,CAAC,CACjB,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QACzC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,CAAC;IACb,CAAC,EACD,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,yBAAyB,GAAQ,WAAW,CACvD,oEAAoE,EACpE,SAAS,EACT,SAAS,EACT,QAAQ,EACR,MAAM,CACP,CAAC;AAEF,qDAAqD;AACrD,MAAM,CAAC,MAAM,KAAK,GAAQ,eAAe,CAAC,CAAC,GAAG,EAAE,CAC9C,WAAW,CACT,EAAE,EACF,EAAE,EACF,aAAa,CAAC,QAAQ,CAAC;AACvB,yDAAyD;AACzD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,EAC3F,SAAS,EACT,SAAS,CACV,CAAC,EAAE,CAAC;AAEP,MAAM,CAAC,MAAM,cAAc,GAAQ,KAAK,CAAC;AAEzC,SAAS,YAAY,CAAC,KAAY,EAAE,SAAiB,EAAE,OAAe,EAAE,KAAa;IACnF,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;IAC1B,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,SAAS,iBAAiB,CAAC,IAAgB;QACzC,IAAI,EAAU,CAAC;QACf,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,GAAG,GAAG,SAAS,GAAI,KAAK,GAAG,GAAG,EAAE,GAAG,IAAI,SAAS,EAAE,CAAC;YACrE,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YACpE,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YACnD,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;gBAAE,MAAM;QAChC,CAAC;QACD,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACvD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IAED,OAAO;QACL,OAAO,EAAE;YACP,SAAS,EAAE,SAAS;YACpB,SAAS,EAAE,OAAO;YAClB,IAAI,EAAE,KAAK;YACX,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,OAAO;SACpB;QACD,MAAM,CAAC,OAAmB,WAAW,CAAC,KAAK,CAAC;YAC1C,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC5B,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QACD,YAAY,CAAC,SAAqB;YAChC,OAAO,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,CAAC;QACD,WAAW,CAAC,SAAqB,EAAE,OAAmB,WAAW,CAAC,KAAK,CAAC;YACtE,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC5B,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YACjD,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,CAAC,UAAsB,EAAE,SAAqB;YACvD,MAAM,IAAI,GAAG,KAAK,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa,EAAE,KAAU,EAAE,KAAY,EAAE,KAAa;IAC/E,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,qBAAqB,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC;IAC/E,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,EAAE,CAAC;IACxB,MAAM,YAAY,GAAG,YAAY,GAAG,KAAK,CAAC;IAE1C,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,CAAC,IAAgB,EAAE,EAAE;QACnB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAChE,OAAO,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC,EACD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EACtF,KAAK,EACL,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,YAAY,GAAQ,eAAe,CAAC,CAAC,GAAG,EAAE,CACrD,iBAAiB,CAAC,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;AAE9D,MAAM,CAAC,MAAM,aAAa,GAAQ,eAAe,CAAC,CAAC,GAAG,EAAE,CACtD,iBAAiB,CAAC,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@noble/post-quantum",
3
- "version": "0.5.2",
3
+ "version": "0.5.3",
4
4
  "description": "Auditable & minimal JS implementation of post-quantum cryptography: FIPS 203, 204, 205",
5
5
  "files": [
6
6
  "*.js",
@@ -14,7 +14,7 @@
14
14
  "@noble/hashes": "~2.0.0"
15
15
  },
16
16
  "devDependencies": {
17
- "@paulmillr/jsbt": "0.4.4",
17
+ "@paulmillr/jsbt": "0.4.5",
18
18
  "@types/node": "24.2.1",
19
19
  "fast-check": "4.2.0",
20
20
  "prettier": "3.6.2",
@@ -30,7 +30,7 @@
30
30
  "test:bun": "bun test/index.ts",
31
31
  "test:deno": "deno --allow-env --allow-read test/index.ts",
32
32
  "test:node20": "cd test; npx tsc; node compiled/test/index.js",
33
- "test:big": "SLOW_TESTS=1 node test/index.js"
33
+ "test:slow": "SLOW_TESTS=1 node test/index.ts"
34
34
  },
35
35
  "exports": {
36
36
  ".": "./index.js",
package/src/hybrid.ts CHANGED
@@ -126,7 +126,7 @@ function ecKeygen(curve: CurveAll, allowZeroKey: boolean = false) {
126
126
  };
127
127
  }
128
128
 
129
- export const ecdhKem = (curve: CurveECDH, allowZeroKey: boolean = false): KEM => {
129
+ export function ecdhKem(curve: CurveECDH, allowZeroKey: boolean = false): KEM {
130
130
  const kg = ecKeygen(curve, allowZeroKey);
131
131
  if (!curve.getSharedSecret) throw new Error('wrong curve'); // ed25519 doesn't have one!
132
132
  return {
@@ -145,9 +145,9 @@ export const ecdhKem = (curve: CurveECDH, allowZeroKey: boolean = false): KEM =>
145
145
  return curve.lengths.publicKeyHasPrefix ? res.subarray(1) : res;
146
146
  },
147
147
  };
148
- };
148
+ }
149
149
 
150
- export const ecSigner = (curve: CurveSign, allowZeroKey: boolean = false): Signer => {
150
+ export function ecSigner(curve: CurveSign, allowZeroKey: boolean = false): Signer {
151
151
  const kg = ecKeygen(curve, allowZeroKey);
152
152
  if (!curve.sign || !curve.verify) throw new Error('wrong curve'); // ed25519 doesn't have one!
153
153
  return {
@@ -157,7 +157,7 @@ export const ecSigner = (curve: CurveSign, allowZeroKey: boolean = false): Signe
157
157
  sign: (message, secretKey) => curve.sign(message, secretKey),
158
158
  verify: (signature, message, publicKey) => curve.verify(signature, message, publicKey),
159
159
  };
160
- };
160
+ }
161
161
 
162
162
  function splitLengths<K extends string, T extends { lengths: Partial<Record<K, number>> }>(
163
163
  lst: T[],
@@ -254,7 +254,7 @@ export function combineKEMS(
254
254
  sharedSecret: combiner(pks, cipherText, sharedSecret),
255
255
  cipherText: ctCoder.encode(cipherText),
256
256
  };
257
- cleanBytes(sharedSecret, cipherText, pks);
257
+ cleanBytes(sharedSecret, cipherText);
258
258
  return res;
259
259
  },
260
260
  decapsulate(ct: Uint8Array, seed: Uint8Array) {
@@ -362,12 +362,89 @@ export const KitchenSinkMLKEM768X25519: KEM = KitchenSink(
362
362
  );
363
363
 
364
364
  // Always X25519 and ML-KEM - 768, no point to export
365
- export const XWing: KEM = combineKEMS(
366
- 32,
367
- 32,
368
- expandSeedXof(shake256),
369
- // Awesome label, so much escaping hell in a single line.
370
- (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))),
371
- ml_kem768,
372
- x25519kem
373
- );
365
+ export const XWing: KEM = /* @__PURE__ */ (() =>
366
+ combineKEMS(
367
+ 32,
368
+ 32,
369
+ expandSeedXof(shake256),
370
+ // Awesome label, so much escaping hell in a single line.
371
+ (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))),
372
+ ml_kem768,
373
+ x25519kem
374
+ ))();
375
+
376
+ export const MLKEM768X25519: KEM = XWing;
377
+
378
+ function nistCurveKem(curve: ECDSA, scalarLen: number, elemLen: number, nseed: number): KEM {
379
+ const Fn = curve.Point.Fn;
380
+ if (!Fn) throw new Error('no Point.Fn');
381
+ function rejectionSampling(seed: Uint8Array): { secretKey: Uint8Array; publicKey: Uint8Array } {
382
+ let sk: bigint;
383
+ for (let start = 0, end = scalarLen; ; start = end, end += scalarLen) {
384
+ if (end > seed.length) throw new Error('rejection sampling failed');
385
+ sk = Fn.fromBytes(seed.subarray(start, end), true);
386
+ if (Fn.isValidNot0(sk)) break;
387
+ }
388
+ const secretKey = Fn.toBytes(Fn.create(sk));
389
+ const publicKey = curve.getPublicKey(secretKey, false);
390
+ return { secretKey, publicKey };
391
+ }
392
+
393
+ return {
394
+ lengths: {
395
+ secretKey: scalarLen,
396
+ publicKey: elemLen,
397
+ seed: nseed,
398
+ msg: nseed,
399
+ cipherText: elemLen,
400
+ },
401
+ keygen(seed: Uint8Array = randomBytes(nseed)) {
402
+ abytes(seed, nseed, 'seed');
403
+ return rejectionSampling(seed);
404
+ },
405
+ getPublicKey(secretKey: Uint8Array) {
406
+ return curve.getPublicKey(secretKey, false);
407
+ },
408
+ encapsulate(publicKey: Uint8Array, rand: Uint8Array = randomBytes(nseed)) {
409
+ abytes(rand, nseed, 'rand');
410
+ const { secretKey: ek } = rejectionSampling(rand);
411
+ const sharedSecret = this.decapsulate(publicKey, ek);
412
+ const cipherText = curve.getPublicKey(ek, false);
413
+ cleanBytes(ek);
414
+ return { sharedSecret, cipherText };
415
+ },
416
+ decapsulate(cipherText: Uint8Array, secretKey: Uint8Array) {
417
+ const full = curve.getSharedSecret(secretKey, cipherText);
418
+ return full.subarray(1);
419
+ },
420
+ };
421
+ }
422
+
423
+ function concreteHybridKem(label: string, mlkem: KEM, curve: ECDSA, nseed: number): KEM {
424
+ const { secretKey: scalarLen, publicKeyUncompressed: elemLen } = curve.lengths;
425
+ if (!scalarLen || !elemLen) throw new Error('wrong curve');
426
+ const curveKem = nistCurveKem(curve, scalarLen, elemLen, nseed);
427
+ const mlkemSeedLen = 64;
428
+ const totalSeedLen = mlkemSeedLen + nseed;
429
+
430
+ return combineKEMS(
431
+ 32,
432
+ 32,
433
+ (seed: Uint8Array) => {
434
+ abytes(seed, 32);
435
+ const expanded = shake256(seed, { dkLen: totalSeedLen });
436
+ const mlkemSeed = expanded.subarray(0, mlkemSeedLen);
437
+ const curveSeed = expanded.subarray(mlkemSeedLen, totalSeedLen);
438
+ return concatBytes(mlkemSeed, curveSeed);
439
+ },
440
+ (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes(label))),
441
+ mlkem,
442
+ curveKem
443
+ );
444
+ }
445
+
446
+ export const MLKEM768P256: KEM = /* @__PURE__ */ (() =>
447
+ concreteHybridKem('MLKEM768-P256', ml_kem768, p256, 128))();
448
+
449
+ export const MLKEM1024P384: KEM = /* @__PURE__ */ (() =>
450
+ concreteHybridKem('MLKEM1024-P384', ml_kem1024, p384, 48))();