npm - @noble/post-quantum - Versions diffs - 0.5.2 → 0.5.4 - Mend

@noble/post-quantum 0.5.2 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md CHANGED Viewed

@@ -5,11 +5,11 @@ Auditable & minimal JS implementation of post-quantum public-key cryptography.
 - 🔒 Auditable
 - 🔻 Tree-shakeable: unused code is excluded from your builds
 - 🔍 Reliable: tests ensure correctness
-- 🦾 ML-KEM & CRYSTALS-Kyber: lattice-based kem from FIPS-203
+- 🦾 ML-KEM & CRYSTALS-Kyber: lattice-based KEM from FIPS-203
 - 🔋 ML-DSA & CRYSTALS-Dilithium: lattice-based signatures from FIPS-204
 - 🐈 SLH-DSA & SPHINCS+: hash-based Winternitz signatures from FIPS-205
-- 🍡 Hybrid algorithms, combining classic & post-quantum
-- 🪶 16KB (gzipped) for everything, including bundled noble-hashes & noble-curves
+- 🍡 Hybrid algorithms, combining classic & post-quantum: Concrete, XWing, KitchenSink
+- 🪶 16KB (gzipped) for everything, including bundled hashes & curves
 Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-quantum/discussions) for questions and support.
@@ -33,8 +33,8 @@ Take a glance at [GitHub Discussions](https://github.com/paulmillr/noble-post-qu
   [post-quantum](https://github.com/paulmillr/noble-post-quantum),
   5kb [secp256k1](https://github.com/paulmillr/noble-secp256k1) /
   [ed25519](https://github.com/paulmillr/noble-ed25519)
-- [Check out homepage](https://paulmillr.com/noble/)
-  for reading resources, documentation and apps built with noble
+- [Check out the homepage](https://paulmillr.com/noble/)
+  for reading resources, documentation, and apps built with noble
 ## Usage
@@ -67,16 +67,16 @@ import {
   slh_dsa_shake_256s,
 } from '@noble/post-quantum/slh-dsa.js';
 import {
-  XWing,
-  KitchenSinkMLKEM768X25519,
-  QSFMLKEM768P256, QSFMLKEM1024P384
-} from '@noble/post-quantum/hybrids.js';
+  ml_kem768_x25519, ml_kem768_p256, ml_kem1024_p384,
+  KitchenSink_ml_kem768_x25519, XWing,
+  QSF_ml_kem768_p256, QSF_ml_kem1024_p384,
+} from '@noble/post-quantum/hybrid.js';
 ```
 - [ML-KEM / Kyber](#ml-kem--kyber-shared-secrets)
 - [ML-DSA / Dilithium](#ml-dsa--dilithium-signatures)
 - [SLH-DSA / SPHINCS+](#slh-dsa--sphincs-signatures)
-- [Hybrids: XWing, KitchenSink and others](#hybrids-xwing-kitchensink-and-others)
+- [hybrid: XWing, KitchenSink and others](#hybrid-xwing-kitchensink-and-others)
 - [What should I use?](#what-should-i-use)
 - [Security](#security)
 - [Speed](#speed)
@@ -129,8 +129,8 @@ import { randomBytes } from '@noble/post-quantum/utils.js';
 const seed = randomBytes(32); // seed is optional
 const keys = ml_dsa65.keygen(seed);
 const msg = new TextEncoder().encode('hello noble');
-const sig = ml_dsa65.sign(keys.secretKey, msg);
-const isValid = ml_dsa65.verify(keys.publicKey, msg, sig);
+const sig = ml_dsa65.sign(msg, keys.secretKey);
+const isValid = ml_dsa65.verify(sig, msg, keys.publicKey);
 ```
 Lattice-based digital signature algorithm, defined in [FIPS-204](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.pdf). See
@@ -142,7 +142,7 @@ The internals are similar to ML-KEM, but keys and params are different.
 ```ts
 import {
-  slh_dsa_sha2_128f,
+  slh_dsa_sha2_128f as sph,
   slh_dsa_sha2_128s,
   slh_dsa_sha2_192f,
   slh_dsa_sha2_192s,
@@ -158,8 +158,8 @@ import {
 const keys2 = sph.keygen();
 const msg2 = new TextEncoder().encode('hello noble');
-const sig2 = sph.sign(keys2.secretKey, msg2);
-const isValid2 = sph.verify(keys2.publicKey, msg2, sig2);
+const sig2 = sph.sign(msg2, keys2.secretKey);
+const isValid2 = sph.verify(sig2, msg2, keys2.publicKey);
 ```
 Hash-based digital signature algorithm, defined in [FIPS-205](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.205.pdf).
@@ -169,23 +169,31 @@ There are many different kinds,
 but basically `sha2` / `shake` indicate internal hash, `128` / `192` / `256` indicate security level, and `s` /`f` indicate trade-off (Small / Fast).
 SLH-DSA is slow: see [benchmarks](#speed) for key size & speed.
-### Hybrids: XWing, KitchenSink and others
+### hybrid: XWing, KitchenSink and others
 ```js
 import {
-  XWing,
-  KitchenSinkMLKEM768X25519,
-  QSFMLKEM768P256, QSFMLKEM1024P384
-} from '@noble/post-quantum/hybrids.js';
+  ml_kem768_x25519, ml_kem768_p256, ml_kem1024_p384,
+  KitchenSink_ml_kem768_x25519, XWing,
+  QSF_ml_kem768_p256, QSF_ml_kem1024_p384,
+} from '@noble/post-quantum/hybrid.js';
 ```
-XWing is x25519+mlkem768, just like kitchensink.
+Hybrid submodule combine post-quantum algorithms with elliptic curve cryptography:
+- `ml_kem768_x25519`: ML-KEM-768 + X25519 (CG Framework, same as XWing)
+- `ml_kem768_p256`: ML-KEM-768 + P-256 (CG Framework)
+- `ml_kem1024_p384`: ML-KEM-1024 + P-384 (CG Framework)
+- `KitchenSink_ml_kem768_x25519`: ML-KEM-768 + X25519 with HKDF-SHA256 combiner
+- `QSF_ml_kem768_p256`: ML-KEM-768 + P-256 (QSF construction)
+- `QSF_ml_kem1024_p384`: ML-KEM-1024 + P-384 (QSF construction)
 The following spec drafts are matched:
-- [irtf-cfrg-hybrid-kems](https://datatracker.ietf.org/doc/draft-irtf-cfrg-hybrid-kems/)
-- [connolly-cfrg-xwing-kem](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/)
-- [tls-westerbaan-xyber768d00](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/)
+- [irtf-cfrg-hybrid-kems-07](https://datatracker.ietf.org/doc/draft-irtf-cfrg-hybrid-kems/)
+- [irtf-cfrg-concrete-hybrid-kems-02](https://datatracker.ietf.org/doc/draft-irtf-cfrg-concrete-hybrid-kems/)
+- [connolly-cfrg-xwing-kem-09](https://datatracker.ietf.org/doc/draft-connolly-cfrg-xwing-kem/)
+- [tls-westerbaan-xyber768d00-03](https://datatracker.ietf.org/doc/draft-tls-westerbaan-xyber768d00/)
 ### What should I use?
@@ -202,11 +210,14 @@ We suggest to use ECC + ML-KEM for key agreement, ECC + SLH-DSA for signatures.
 ML-KEM and ML-DSA are lattice-based. SLH-DSA is hash-based, which means it is built on top of older, more conservative primitives. NIST guidance for security levels:
-- Category 3 (~AES-192): ML-KEM-768, ML-DSA-65, SLH-DSA-[SHA2/shake]-192[s/f]
-- Category 5 (~AES-256): ML-KEM-1024, ML-DSA-87, SLH-DSA-[SHA2/shake]-256[s/f]
+- Category 3 (~AES-192): ML-KEM-768, ML-DSA-65, SLH-DSA-192
+- Category 5 (~AES-256): ML-KEM-1024, ML-DSA-87, SLH-DSA-256
 NIST recommends to use cat-3+, while australian [ASD only allows cat-5 after 2030](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-cryptography).
+It's also useful to check out [NIST SP 800-131Ar3](https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar3.ipd.pdf)
+for "Transitioning the Use of Cryptographic Algorithms and Key Lengths".
 For [hashes](https://github.com/paulmillr/noble-hashes), use SHA512 or SHA3-512 (not SHA256); and for [ciphers](https://github.com/paulmillr/noble-ciphers) ensure AES-256 or ChaCha.
 ## Security
@@ -223,37 +234,33 @@ Keep in mind that even hardware versions ML-KEM [are vulnerable](https://eprint.
 ### Supply chain security
-- **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures
-- **Releases** are transparent and built on GitHub CI.
-  Check out [attested checksums of single-file builds](https://github.com/paulmillr/noble-post-quantum/attestations)
-  and [provenance logs](https://github.com/paulmillr/noble-post-quantum/actions/workflows/release.yml)
-- **Rare releasing** is followed to ensure less re-audit need for end-users
-- **Dependencies** are minimized and locked-down: any dependency could get hacked and users will be downloading malware with every install.
-  - We make sure to use as few dependencies as possible
-  - Automatic dep updates are prevented by locking-down version ranges; diffs are checked with `npm-diff`
-- **Dev Dependencies** are disabled for end-users; they are only used to develop / build the source code
+- **Commits** are signed with PGP keys to prevent forgery. Be sure to verify the commit signatures
+- **Releases** are made transparently through token-less GitHub CI and Trusted Publishing. Be sure to verify the [provenance logs](https://docs.npmjs.com/generating-provenance-statements) for authenticity.
+- **Rare releasing** is practiced to minimize the need for re-audits by end-users.
+- **Dependencies** are minimized and strictly pinned to reduce supply-chain risk.
+  - We use as few dependencies as possible.
+  - Version ranges are locked, and changes are checked with npm-diff.
+- **Dev dependencies** are excluded from end-user installs; they're only used for development and build steps.
 For this package, there is 1 dependency; and a few dev dependencies:
 - [noble-hashes](https://github.com/paulmillr/noble-hashes) provides cryptographic hashing functionality
-- micro-bmark, micro-should and jsbt are used for benchmarking / testing / build tooling and developed by the same author
-- prettier, fast-check and typescript are used for code quality / test generation / ts compilation. It's hard to audit their source code thoroughly and fully because of their size
+- jsbt is used for benchmarking / testing / build tooling and developed by the same author
+- prettier, fast-check and typescript are used for code quality / test generation / ts compilation
 ### Randomness
-We're deferring to built-in
-[crypto.getRandomValues](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues)
-which is considered cryptographically secure (CSPRNG).
+We rely on the built-in
+[`crypto.getRandomValues`](https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues),
+which is considered a cryptographically secure PRNG.
-In the past, browsers had bugs that made it weak: it may happen again.
-Implementing a userspace CSPRNG to get resilient to the weakness
-is even worse: there is no reliable userspace source of quality entropy.
+Browsers have had weaknesses in the past - and could again - but implementing a userspace CSPRNG is even worse, as there’s no reliable userspace source of high-quality entropy.
 ## Speed
-Noble is the fastest JS implementation of post-quantum algorithms.
-WASM libraries can be faster.
-For SLH-DSA, SHAKE slows everything down 8x, and -s versions do another 20-50x slowdown.
+> `npm run bench`
+Noble is the fastest JS implementation of post-quantum algorithms. WASM libraries can be faster.
 Benchmarks on Apple M4 (**higher is better**):
@@ -279,16 +286,18 @@ sign x 8 ops/sec @ 114ms/op
 verify x 169 ops/sec @ 5ms/op
 ```
-SLH-DSA (\_shake is 8x slower):
+SLH-DSA:
 |           | sig size | keygen | sign   | verify |
 | --------- | -------- | ------ | ------ | ------ |
 | sha2_128f | 18088    | 4ms    | 90ms   | 6ms    |
-| sha2_128s | 7856     | 260ms  | 2000ms | 2ms    |
 | sha2_192f | 35664    | 6ms    | 160ms  | 9ms    |
-| sha2_192s | 16224    | 380ms  | 3800ms | 3ms    |
 | sha2_256f | 49856    | 15ms   | 340ms  | 9ms    |
+| sha2_128s | 7856     | 260ms  | 2000ms | 2ms    |
+| sha2_192s | 16224    | 380ms  | 3800ms | 3ms    |
 | sha2_256s | 29792    | 250ms  | 3400ms | 4ms    |
+| shake_192f | 35664   | 21ms   | 553ms  | 29ms   |
+| shake_192s | 16224   | 260ms  | 2635ms | 2ms    |
 ## Contributing & testing

package/hybrid.d.ts CHANGED Viewed

@@ -80,8 +80,8 @@ import { type CHash, type CHashXOF } from '@noble/hashes/utils.js';
 import { type KEM, type Signer } from './utils.ts';
 type CurveECDH = ECDSA | MontgomeryECDH;
 type CurveSign = ECDSA | EdDSA;
-export declare const ecdhKem: (curve: CurveECDH, allowZeroKey?: boolean) => KEM;
-export declare const ecSigner: (curve: CurveSign, allowZeroKey?: boolean) => Signer;
+export declare function ecdhKem(curve: CurveECDH, allowZeroKey?: boolean): KEM;
+export declare function ecSigner(curve: CurveSign, allowZeroKey?: boolean): Signer;
 export type ExpandSeed = (seed: Uint8Array, len: number) => Uint8Array;
 type XOF = CHashXOF<any, {
     dkLen: number;
@@ -93,10 +93,19 @@ realMsgLen: number | undefined, // how much bytes combiner returns
 expandSeed: ExpandSeed, combiner: Combiner, ...kems: KEM[]): KEM;
 export declare function combineSigners(realSeedLen: number | undefined, expandSeed: ExpandSeed, ...signers: Signer[]): Signer;
 export declare function QSF(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, kdf: CHash): KEM;
+export declare const QSF_ml_kem768_p256: KEM;
+export declare const QSF_ml_kem1024_p384: KEM;
+export declare function createKitchenSink(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, hash: CHash): KEM;
+export declare const KitchenSink_ml_kem768_x25519: KEM;
+export declare const ml_kem768_x25519: KEM;
+export declare const ml_kem768_p256: KEM;
+export declare const ml_kem1024_p384: KEM;
+export declare const XWing: KEM;
+export declare const MLKEM768X25519: KEM;
+export declare const MLKEM768P256: KEM;
+export declare const MLKEM1024P384: KEM;
 export declare const QSFMLKEM768P256: KEM;
 export declare const QSFMLKEM1024P384: KEM;
-export declare function KitchenSink(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, hash: CHash): KEM;
 export declare const KitchenSinkMLKEM768X25519: KEM;
-export declare const XWing: KEM;
 export {};
 //# sourceMappingURL=hybrid.d.ts.map

package/hybrid.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,uCAAuC,CAAC;AAanE,OAAO,EAA0B,KAAK,KAAK,EAAE,KAAK,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE3F,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,MAAM,EACZ,MAAM,YAAY,CAAC;AAGpB,KAAK,SAAS,GAAG,KAAK,GAAG,cAAc,CAAC;AACxC,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,CAAC;AAyB/B,~~eAAO~~,~~MAAM,~~OAAO,~~GAAI~~,~~OAAO~~,SAAS,EAAE,~~eAAc~~,OAAe,~~KAAG~~,~~GAmBzE~~,~~CAAC~~;~~AAEF~~,~~eAAO~~,~~MAAM,~~QAAQ,~~GAAI~~,~~OAAO~~,SAAS,EAAE,~~eAAc~~,OAAe,~~KAAG~~,~~MAU1E~~,~~CAAC~~;~~AAeF~~,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,KAAK,UAAU,CAAC;AACvE,KAAK,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAG5C,wBAAgB,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,UAAU,CAElD;AAED,MAAM,MAAM,QAAQ,GAAG,CACrB,UAAU,EAAE,UAAU,EAAE,EACxB,WAAW,EAAE,UAAU,EAAE,EACzB,aAAa,EAAE,UAAU,EAAE,KACxB,UAAU,CAAC;AAsChB,wBAAgB,WAAW,CACzB,WAAW,EAAE,MAAM,GAAG,SAAS,EAAE,oCAAoC;AACrE,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,kCAAkC;AAClE,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,QAAQ,EAClB,GAAG,IAAI,EAAE,GAAG,EAAE,GACb,GAAG,CAoCL;AAGD,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,UAAU,EAAE,UAAU,EACtB,GAAG,OAAO,EAAE,MAAM,EAAE,GACnB,MAAM,CAwBR;AAED,wBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,GAAG,GAAG,CAWrF;AAED,eAAO,MAAM,~~eAAe~~,EAAE,~~GAM7B~~,CAAC;~~AAEF~~,eAAO,MAAM,~~gBAAgB~~,EAAE,~~GAM9B~~,CAAC;AAEF,wBAAgB,~~WAAW~~,~~CAAC~~,KAAK,EAAE,MAAM,~~EAAE~~,GAAG,EAAE,GAAG,~~EAAE~~,QAAQ,EAAE,GAAG,~~EAAE~~,GAAG,EAAE,GAAG,~~EAAE~~,IAAI,EAAE,KAAK,~~GAAG~~,GAAG,~~CAwB9F~~;AAGD,eAAO,MAAM,~~yBAAyB~~,EAAE,~~GAMvC~~,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,~~GAQnB~~,CAAC"}
1	+ {"version":3,"file":"hybrid.d.ts","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAE,KAAK,KAAK,EAAE,MAAM,uCAAuC,CAAC;AAanE,OAAO,EAA0B,KAAK,KAAK,EAAE,KAAK,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAE3F,OAAO,EAKL,KAAK,GAAG,EACR,KAAK,MAAM,EACZ,MAAM,YAAY,CAAC;AAGpB,KAAK,SAAS,GAAG,KAAK,GAAG,cAAc,CAAC;AACxC,KAAK,SAAS,GAAG,KAAK,GAAG,KAAK,CAAC;AAyB/B,wBAAgB,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,YAAY,GAAE,OAAe,GAAG,GAAG,CAmB5E;AAED,wBAAgB,QAAQ,CAAC,KAAK,EAAE,SAAS,EAAE,YAAY,GAAE,OAAe,GAAG,MAAM,CAUhF;AAeD,MAAM,MAAM,UAAU,GAAG,CAAC,IAAI,EAAE,UAAU,EAAE,GAAG,EAAE,MAAM,KAAK,UAAU,CAAC;AACvE,KAAK,GAAG,GAAG,QAAQ,CAAC,GAAG,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC;AAG5C,wBAAgB,aAAa,CAAC,GAAG,EAAE,GAAG,GAAG,UAAU,CAElD;AAED,MAAM,MAAM,QAAQ,GAAG,CACrB,UAAU,EAAE,UAAU,EAAE,EACxB,WAAW,EAAE,UAAU,EAAE,EACzB,aAAa,EAAE,UAAU,EAAE,KACxB,UAAU,CAAC;AAsChB,wBAAgB,WAAW,CACzB,WAAW,EAAE,MAAM,GAAG,SAAS,EAAE,oCAAoC;AACrE,UAAU,EAAE,MAAM,GAAG,SAAS,EAAE,kCAAkC;AAClE,UAAU,EAAE,UAAU,EACtB,QAAQ,EAAE,QAAQ,EAClB,GAAG,IAAI,EAAE,GAAG,EAAE,GACb,GAAG,CAoCL;AAGD,wBAAgB,cAAc,CAC5B,WAAW,EAAE,MAAM,GAAG,SAAS,EAC/B,UAAU,EAAE,UAAU,EACtB,GAAG,OAAO,EAAE,MAAM,EAAE,GACnB,MAAM,CAwBR;AAED,wBAAgB,GAAG,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,QAAQ,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,GAAG,GAAG,CAWrF;AAED,eAAO,MAAM,kBAAkB,EAAE,GAMhC,CAAC;AACF,eAAO,MAAM,mBAAmB,EAAE,GAMjC,CAAC;AAEF,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,MAAM,EACb,GAAG,EAAE,GAAG,EACR,QAAQ,EAAE,GAAG,EACb,GAAG,EAAE,GAAG,EACR,IAAI,EAAE,KAAK,GACV,GAAG,CAwBL;AAGD,eAAO,MAAM,4BAA4B,EAAE,GAM1C,CAAC;AAGF,eAAO,MAAM,gBAAgB,EAAE,GASzB,CAAC;AAsEP,eAAO,MAAM,cAAc,EAAE,GACgC,CAAC;AAE9D,eAAO,MAAM,eAAe,EAAE,GACgC,CAAC;AAG/D,eAAO,MAAM,KAAK,EAAE,GAAsB,CAAC;AAC3C,eAAO,MAAM,cAAc,EAAE,GAAsB,CAAC;AACpD,eAAO,MAAM,YAAY,EAAE,GAAoB,CAAC;AAChD,eAAO,MAAM,aAAa,EAAE,GAAqB,CAAC;AAClD,eAAO,MAAM,eAAe,EAAE,GAAwB,CAAC;AACvD,eAAO,MAAM,gBAAgB,EAAE,GAAyB,CAAC;AACzD,eAAO,MAAM,yBAAyB,EAAE,GAAkC,CAAC"}

package/hybrid.js CHANGED Viewed

@@ -108,7 +108,7 @@ function ecKeygen(curve, allowZeroKey = false) {
         getPublicKey: (secretKey) => curve.getPublicKey(secretKey),
     };
 }
-export const ecdhKem = (curve, allowZeroKey = false) => {
+export function ecdhKem(curve, allowZeroKey = false) {
     const kg = ecKeygen(curve, allowZeroKey);
     if (!curve.getSharedSecret)
         throw new Error('wrong curve'); // ed25519 doesn't have one!
@@ -116,7 +116,7 @@ export const ecdhKem = (curve, allowZeroKey = false) => {
         lengths: { ...kg.lengths, msg: kg.lengths.seed, cipherText: kg.lengths.publicKey },
         keygen: kg.keygen,
         getPublicKey: kg.getPublicKey,
-        encapsulate(publicKey, rand = randomBytes(curve.lengths.secretKey)) {
+        encapsulate(publicKey, rand = randomBytes(curve.lengths.seed)) {
             const ek = this.keygen(rand).secretKey;
             const sharedSecret = this.decapsulate(publicKey, ek);
             const cipherText = curve.getPublicKey(ek);
@@ -128,8 +128,8 @@ export const ecdhKem = (curve, allowZeroKey = false) => {
             return curve.lengths.publicKeyHasPrefix ? res.subarray(1) : res;
         },
     };
-};
-export const ecSigner = (curve, allowZeroKey = false) => {
+}
+export function ecSigner(curve, allowZeroKey = false) {
     const kg = ecKeygen(curve, allowZeroKey);
     if (!curve.sign || !curve.verify)
         throw new Error('wrong curve'); // ed25519 doesn't have one!
@@ -140,7 +140,7 @@ export const ecSigner = (curve, allowZeroKey = false) => {
         sign: (message, secretKey) => curve.sign(message, secretKey),
         verify: (signature, message, publicKey) => curve.verify(signature, message, publicKey),
     };
-};
+}
 function splitLengths(lst, name) {
     return splitCoder(name, ...lst.map((i) => {
         if (typeof i.lengths[name] !== 'number')
@@ -214,7 +214,7 @@ expandSeed, combiner, ...kems) {
                 sharedSecret: combiner(pks, cipherText, sharedSecret),
                 cipherText: ctCoder.encode(cipherText),
             };
-            cleanBytes(sharedSecret, cipherText, pks);
+            cleanBytes(sharedSecret, cipherText);
             return res;
         },
         decapsulate(ct, seed) {
@@ -258,9 +258,9 @@ export function QSF(label, pqc, curveKEM, xof, kdf) {
     ahash(kdf);
     return combineKEMS(32, 32, expandSeedXof(xof), (pk, ct, ss) => kdf(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes(label))), pqc, curveKEM);
 }
-export const QSFMLKEM768P256 = QSF('QSF-KEM(ML-KEM-768,P-256)-XOF(SHAKE256)-KDF(SHA3-256)', ml_kem768, ecdhKem(p256, true), shake256, sha3_256);
-export const QSFMLKEM1024P384 = QSF('QSF-KEM(ML-KEM-1024,P-384)-XOF(SHAKE256)-KDF(SHA3-256)', ml_kem1024, ecdhKem(p384, true), shake256, sha3_256);
-export function KitchenSink(label, pqc, curveKEM, xof, hash) {
+export const QSF_ml_kem768_p256 = QSF('QSF-KEM(ML-KEM-768,P-256)-XOF(SHAKE256)-KDF(SHA3-256)', ml_kem768, ecdhKem(p256, true), shake256, sha3_256);
+export const QSF_ml_kem1024_p384 = QSF('QSF-KEM(ML-KEM-1024,P-384)-XOF(SHAKE256)-KDF(SHA3-256)', ml_kem1024, ecdhKem(p384, true), shake256, sha3_256);
+export function createKitchenSink(label, pqc, curveKEM, xof, hash) {
     ahash(xof);
     ahash(hash);
     return combineKEMS(32, 32, expandSeedXof(xof), (pk, ct, ss) => {
@@ -275,9 +275,80 @@ export function KitchenSink(label, pqc, curveKEM, xof, hash) {
     }, pqc, curveKEM);
 }
 const x25519kem = ecdhKem(x25519);
-export const KitchenSinkMLKEM768X25519 = KitchenSink('KitchenSink-KEM(ML-KEM-768,X25519)-XOF(SHAKE256)-KDF(HKDF-SHA-256)', ml_kem768, x25519kem, shake256, sha256);
+export const KitchenSink_ml_kem768_x25519 = createKitchenSink('KitchenSink-KEM(ML-KEM-768,X25519)-XOF(SHAKE256)-KDF(HKDF-SHA-256)', ml_kem768, x25519kem, shake256, sha256);
 // Always X25519 and ML-KEM - 768, no point to export
-export const XWing = combineKEMS(32, 32, expandSeedXof(shake256),
+export const ml_kem768_x25519 = /* @__PURE__ */ (() => combineKEMS(32, 32, expandSeedXof(shake256),
 // Awesome label, so much escaping hell in a single line.
-(pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))), ml_kem768, x25519kem);
+(pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))), ml_kem768, x25519kem))();
+function nistCurveKem(curve, scalarLen, elemLen, nseed) {
+    const Fn = curve.Point.Fn;
+    if (!Fn)
+        throw new Error('no Point.Fn');
+    function rejectionSampling(seed) {
+        let sk;
+        for (let start = 0, end = scalarLen;; start = end, end += scalarLen) {
+            if (end > seed.length)
+                throw new Error('rejection sampling failed');
+            sk = Fn.fromBytes(seed.subarray(start, end), true);
+            if (Fn.isValidNot0(sk))
+                break;
+        }
+        const secretKey = Fn.toBytes(Fn.create(sk));
+        const publicKey = curve.getPublicKey(secretKey, false);
+        return { secretKey, publicKey };
+    }
+    return {
+        lengths: {
+            secretKey: scalarLen,
+            publicKey: elemLen,
+            seed: nseed,
+            msg: nseed,
+            cipherText: elemLen,
+        },
+        keygen(seed = randomBytes(nseed)) {
+            abytes(seed, nseed, 'seed');
+            return rejectionSampling(seed);
+        },
+        getPublicKey(secretKey) {
+            return curve.getPublicKey(secretKey, false);
+        },
+        encapsulate(publicKey, rand = randomBytes(nseed)) {
+            abytes(rand, nseed, 'rand');
+            const { secretKey: ek } = rejectionSampling(rand);
+            const sharedSecret = this.decapsulate(publicKey, ek);
+            const cipherText = curve.getPublicKey(ek, false);
+            cleanBytes(ek);
+            return { sharedSecret, cipherText };
+        },
+        decapsulate(cipherText, secretKey) {
+            const full = curve.getSharedSecret(secretKey, cipherText);
+            return full.subarray(1);
+        },
+    };
+}
+function concreteHybridKem(label, mlkem, curve, nseed) {
+    const { secretKey: scalarLen, publicKeyUncompressed: elemLen } = curve.lengths;
+    if (!scalarLen || !elemLen)
+        throw new Error('wrong curve');
+    const curveKem = nistCurveKem(curve, scalarLen, elemLen, nseed);
+    const mlkemSeedLen = 64;
+    const totalSeedLen = mlkemSeedLen + nseed;
+    return combineKEMS(32, 32, (seed) => {
+        abytes(seed, 32);
+        const expanded = shake256(seed, { dkLen: totalSeedLen });
+        const mlkemSeed = expanded.subarray(0, mlkemSeedLen);
+        const curveSeed = expanded.subarray(mlkemSeedLen, totalSeedLen);
+        return concatBytes(mlkemSeed, curveSeed);
+    }, (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes(label))), mlkem, curveKem);
+}
+export const ml_kem768_p256 = /* @__PURE__ */ (() => concreteHybridKem('MLKEM768-P256', ml_kem768, p256, 128))();
+export const ml_kem1024_p384 = /* @__PURE__ */ (() => concreteHybridKem('MLKEM1024-P384', ml_kem1024, p384, 48))();
+// Legacy aliases
+export const XWing = ml_kem768_x25519;
+export const MLKEM768X25519 = ml_kem768_x25519;
+export const MLKEM768P256 = ml_kem768_p256;
+export const MLKEM1024P384 = ml_kem1024_p384;
+export const QSFMLKEM768P256 = QSF_ml_kem768_p256;
+export const QSFMLKEM1024P384 = QSF_ml_kem1024_p384;
+export const KitchenSinkMLKEM768X25519 = KitchenSink_ml_kem768_x25519;
 //# sourceMappingURL=hybrid.js.map

package/hybrid.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"hybrid.js","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAc,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAuB,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAc,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAA6B,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EACL,UAAU,EACV,WAAW,EACX,UAAU,GAIX,MAAM,YAAY,CAAC;AAMpB,8FAA8F;AAC9F,SAAS,QAAQ,CAAC,KAAe,EAAE,eAAwB,KAAK;IAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC9B,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,IAAI,YAAY,EAAE,CAAC;QACjB,0DAA0D;QAC1D,MAAM,MAAM,GAAG,KAAoB,CAAC;QACpC,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,GAAG,CAAC,OAAmB,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE;YACxD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAK,EAAE,MAAM,CAAC,CAAC;YACpC,MAAM,UAAU,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kCAAkC;YACvF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,CAAC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;QAC3F,MAAM;QACN,YAAY,EAAE,CAAC,SAAqB,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC;KACvE,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,KAAgB,EAAE,eAAwB,KAAK,EAAO,EAAE;IAC9E,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,eAAe;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IACxF,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE;QAClF,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,WAAW,CAAC,SAAqB,EAAE,OAAmB,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC;YACxF,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;YACvC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAC1C,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,CAAC,UAAsB,EAAE,SAAqB;YACvD,MAAM,GAAG,GAAG,KAAK,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAClE,CAAC;KACF,CAAC;AACJ,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,KAAgB,EAAE,eAAwB,KAAK,EAAU,EAAE;IAClF,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IAC9F,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC3E,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,IAAI,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC;QAC5D,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC;KACvF,CAAC;AACJ,CAAC,CAAC;AAEF,SAAS,YAAY,CACnB,GAAQ,EACR,IAAO;IAEP,OAAO,UAAU,CACf,IAAI,EACJ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACf,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;QAClF,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAKD,qDAAqD;AACrD,MAAM,UAAU,aAAa,CAAC,GAAQ;IACpC,OAAO,CAAC,IAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AAC9E,CAAC;AAQD,SAAS,WAAW,CAClB,WAA+B,EAAE,oCAAoC;AACrE,UAAsB,EACtB,GAAG,EAAgB;IAEnB,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAC9C,2DAA2D;IAC3D,IAAI,WAAW,KAAK,SAAS;QAAE,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC;IAChE,OAAO,CAAC,WAAW,CAAC,CAAC;IACrB,SAAS,sBAAsB,CAAC,IAAgB;QAC9C,MAAM,CAAC,IAAI,EAAE,WAAY,CAAC,CAAC;QAC3B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IACD,OAAO;QACL,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE;QAC7F,YAAY,CAAC,SAAqB;YAChC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC;QAC1C,CAAC;QACD,MAAM,CAAC,OAAmB,WAAW,CAAC,WAAW,CAAC;YAChD,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACrC,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,UAAU,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxC,CAAC;QACD,sBAAsB;QACtB,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,WAAW,CACzB,WAA+B,EAAE,oCAAoC;AACrE,UAA8B,EAAE,kCAAkC;AAClE,UAAsB,EACtB,QAAkB,EAClB,GAAG,IAAW;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3C,IAAI,UAAU,KAAK,SAAS;QAAE,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC;IAC7D,OAAO,CAAC,UAAU,CAAC,CAAC;IACpB,OAAO;QACL,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO;YACpB,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,QAAQ;SAC7B;QACD,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,CAAC,EAAc,EAAE,aAAyB,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACjF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG;gBACV,YAAY,EAAE,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,YAAY,CAAC;gBACrD,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;aACvC,CAAC;YACF,UAAU,CAAC,YAAY,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;YAC1C,OAAO,GAAG,CAAC;QACb,CAAC;QACD,WAAW,CAAC,EAAc,EAAE,IAAgB;YAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7E,OAAO,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC;AACD,gDAAgD;AAChD,kDAAkD;AAClD,MAAM,UAAU,cAAc,CAC5B,WAA+B,EAC/B,UAAsB,EACtB,GAAG,OAAiB;IAEpB,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC5E,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,CAAC,OAAO,EAAE,IAAI;YAChB,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACxD,uEAAuE;YACvE,+DAA+D;YAC/D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,GAAU;IAC9E,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EACjF,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,eAAe,GAAQ,GAAG,CACrC,uDAAuD,EACvD,SAAS,EACT,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,CAAC,MAAM,gBAAgB,GAAQ,GAAG,CACtC,wDAAwD,EACxD,UAAU,EACV,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,IAAW;IACvF,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,IAAI,CAAC,CAAC;IACZ,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;QACb,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5F,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,WAAW,CACtB,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,EACvB,YAAY,CAAC,eAAe,CAAC,EAC7B,YAAY,CAAC,EAAE,CAAC,CACjB,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QACzC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,CAAC;IACb,CAAC,EACD,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,yBAAyB,GAAQ,WAAW,CACvD,oEAAoE,EACpE,SAAS,EACT,SAAS,EACT,QAAQ,EACR,MAAM,CACP,CAAC;AAEF,qDAAqD;AACrD,MAAM,CAAC,MAAM,KAAK,GAAQ,WAAW,CACnC,EAAE,EACF,EAAE,EACF,aAAa,CAAC,QAAQ,CAAC;AACvB,yDAAyD;AACzD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,EAC3F,SAAS,EACT,SAAS,CACV,CAAC"}
1	+ {"version":3,"file":"hybrid.js","sourceRoot":"","sources":["src/hybrid.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyEG;AACH,4EAA4E;AAC5E,OAAO,EAAc,MAAM,mCAAmC,CAAC;AAC/D,OAAO,EAAuB,MAAM,sCAAsC,CAAC;AAC3E,OAAO,EAAc,MAAM,uCAAuC,CAAC;AACnE,OAAO,EAAE,MAAM,EAAE,MAAM,0BAA0B,CAAC;AAClD,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,uBAAuB,CAAC;AACnD,OAAO,EACL,YAAY,EACZ,eAAe,EACf,eAAe,EACf,WAAW,EACX,eAAe,GAChB,MAAM,wBAAwB,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,MAAM,EAAE,MAAM,uBAAuB,CAAC;AAC/C,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,OAAO,EAA6B,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AACpD,OAAO,EACL,UAAU,EACV,WAAW,EACX,UAAU,GAIX,MAAM,YAAY,CAAC;AAMpB,8FAA8F;AAC9F,SAAS,QAAQ,CAAC,KAAe,EAAE,eAAwB,KAAK;IAC9D,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC;IAC9B,IAAI,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC;IAC1B,IAAI,YAAY,EAAE,CAAC;QACjB,0DAA0D;QAC1D,MAAM,MAAM,GAAG,KAAoB,CAAC;QACpC,MAAM,EAAE,GAAG,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC;QAC3B,IAAI,CAAC,EAAE;YAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;QACxC,MAAM,GAAG,CAAC,OAAmB,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE;YACxD,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,IAAK,EAAE,MAAM,CAAC,CAAC;YACpC,MAAM,UAAU,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;YAC3E,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,kCAAkC;YACvF,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;QACjE,CAAC,CAAC;IACJ,CAAC;IACD,OAAO;QACL,OAAO,EAAE,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE;QAC3F,MAAM;QACN,YAAY,EAAE,CAAC,SAAqB,EAAE,EAAE,CAAC,KAAK,CAAC,YAAY,CAAC,SAAS,CAAC;KACvE,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,OAAO,CAAC,KAAgB,EAAE,eAAwB,KAAK;IACrE,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,eAAe;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IACxF,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,UAAU,EAAE,EAAE,CAAC,OAAO,CAAC,SAAS,EAAE;QAClF,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,WAAW,CAAC,SAAqB,EAAE,OAAmB,WAAW,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC;YACnF,MAAM,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC;YACvC,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC;YAC1C,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,CAAC,UAAsB,EAAE,SAAqB;YACvD,MAAM,GAAG,GAAG,KAAK,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YACzD,OAAO,KAAK,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;QAClE,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,QAAQ,CAAC,KAAgB,EAAE,eAAwB,KAAK;IACtE,MAAM,EAAE,GAAG,QAAQ,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,4BAA4B;IAC9F,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,SAAS,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC3E,MAAM,EAAE,EAAE,CAAC,MAAM;QACjB,YAAY,EAAE,EAAE,CAAC,YAAY;QAC7B,IAAI,EAAE,CAAC,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC;QAC5D,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,CAAC;KACvF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CACnB,GAAQ,EACR,IAAO;IAEP,OAAO,UAAU,CACf,IAAI,EACJ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QACf,IAAI,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,QAAQ;YAAE,MAAM,IAAI,KAAK,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAAC;QAClF,OAAO,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,CAAC,CAAC,CACH,CAAC;AACJ,CAAC;AAKD,qDAAqD;AACrD,MAAM,UAAU,aAAa,CAAC,GAAQ;IACpC,OAAO,CAAC,IAAgB,EAAE,OAAe,EAAE,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;AAC9E,CAAC;AAQD,SAAS,WAAW,CAClB,WAA+B,EAAE,oCAAoC;AACrE,UAAsB,EACtB,GAAG,EAAgB;IAEnB,MAAM,SAAS,GAAG,YAAY,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,YAAY,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC;IAC9C,2DAA2D;IAC3D,IAAI,WAAW,KAAK,SAAS;QAAE,WAAW,GAAG,SAAS,CAAC,QAAQ,CAAC;IAChE,OAAO,CAAC,WAAW,CAAC,CAAC;IACrB,SAAS,sBAAsB,CAAC,IAAgB;QAC9C,MAAM,CAAC,IAAI,EAAE,WAAY,CAAC,CAAC;QAC3B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,CAAC,UAAU,CAAC,IAAI,EAAE,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC;QACxE,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;QAC/C,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IACD,OAAO;QACL,IAAI,EAAE,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,SAAS,EAAE,OAAO,CAAC,QAAQ,EAAE,SAAS,EAAE,WAAW,EAAE,EAAE;QAC7F,YAAY,CAAC,SAAqB;YAChC,OAAO,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,SAAS,CAAC;QAC1C,CAAC;QACD,MAAM,CAAC,OAAmB,WAAW,CAAC,WAAW,CAAC;YAChD,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;YAClE,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACrC,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,UAAU,CAAC,SAAS,CAAC,CAAC;YACtB,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;QACxC,CAAC;QACD,sBAAsB;QACtB,WAAW;KACZ,CAAC;AACJ,CAAC;AAED,oEAAoE;AACpE,MAAM,UAAU,WAAW,CACzB,WAA+B,EAAE,oCAAoC;AACrE,UAA8B,EAAE,kCAAkC;AAClE,UAAsB,EACtB,QAAkB,EAClB,GAAG,IAAW;IAEd,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC,CAAC;IAC3D,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;IACjD,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAChD,MAAM,QAAQ,GAAG,YAAY,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IAC3C,IAAI,UAAU,KAAK,SAAS;QAAE,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC;IAC7D,OAAO,CAAC,UAAU,CAAC,CAAC;IACpB,OAAO;QACL,OAAO,EAAE;YACP,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO;YACpB,GAAG,EAAE,UAAU;YACf,OAAO,EAAE,QAAQ,CAAC,QAAQ;YAC1B,UAAU,EAAE,OAAO,CAAC,QAAQ;SAC7B;QACD,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,WAAW,CAAC,EAAc,EAAE,aAAyB,WAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACjF,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YACzC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/D,MAAM,YAAY,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;YACpD,MAAM,UAAU,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;YAChD,MAAM,GAAG,GAAG;gBACV,YAAY,EAAE,QAAQ,CAAC,GAAG,EAAE,UAAU,EAAE,YAAY,CAAC;gBACrD,UAAU,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC;aACvC,CAAC;YACF,UAAU,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YACrC,OAAO,GAAG,CAAC;QACb,CAAC;QACD,WAAW,CAAC,EAAc,EAAE,IAAgB;YAC1C,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC/B,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACnE,MAAM,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC7E,OAAO,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QAChD,CAAC;KACF,CAAC;AACJ,CAAC;AACD,gDAAgD;AAChD,kDAAkD;AAClD,MAAM,UAAU,cAAc,CAC5B,WAA+B,EAC/B,UAAsB,EACtB,GAAG,OAAiB;IAEpB,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,EAAE,UAAU,EAAE,GAAG,OAAO,CAAC,CAAC;IAC9D,MAAM,QAAQ,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACpD,MAAM,OAAO,GAAG,YAAY,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACnD,OAAO;QACL,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,QAAQ,CAAC,QAAQ,EAAE,QAAQ,EAAE,CAAC,EAAE;QAC5E,YAAY,EAAE,IAAI,CAAC,YAAY;QAC/B,MAAM,EAAE,IAAI,CAAC,MAAM;QACnB,IAAI,CAAC,OAAO,EAAE,IAAI;YAChB,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC;YACxD,uEAAuE;YACvE,+DAA+D;YAC/D,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAClE,OAAO,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;QAC/B,CAAC;QACD,MAAM,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,EAAE;YACxC,MAAM,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;YACxC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACxC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,KAAK,CAAC;YACjE,CAAC;YACD,OAAO,IAAI,CAAC;QACd,CAAC;KACF,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAAG,CAAC,KAAa,EAAE,GAAQ,EAAE,QAAa,EAAE,GAAQ,EAAE,GAAU;IAC9E,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EACjF,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,kBAAkB,GAAQ,GAAG,CACxC,uDAAuD,EACvD,SAAS,EACT,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AACF,MAAM,CAAC,MAAM,mBAAmB,GAAQ,GAAG,CACzC,wDAAwD,EACxD,UAAU,EACV,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,EACnB,QAAQ,EACR,QAAQ,CACT,CAAC;AAEF,MAAM,UAAU,iBAAiB,CAC/B,KAAa,EACb,GAAQ,EACR,QAAa,EACb,GAAQ,EACR,IAAW;IAEX,KAAK,CAAC,GAAG,CAAC,CAAC;IACX,KAAK,CAAC,IAAI,CAAC,CAAC;IACZ,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,aAAa,CAAC,GAAG,CAAC,EAClB,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;QACb,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QAC5F,MAAM,GAAG,GAAG,EAAE,CAAC;QACf,MAAM,GAAG,GAAG,WAAW,CAAC,YAAY,CAAC,YAAY,CAAC,EAAE,QAAQ,CAAC,CAAC;QAC9D,MAAM,GAAG,GAAG,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC/B,MAAM,IAAI,GAAG,WAAW,CACtB,eAAe,CAAC,GAAG,EAAE,CAAC,CAAC,EACvB,YAAY,CAAC,eAAe,CAAC,EAC7B,YAAY,CAAC,EAAE,CAAC,CACjB,CAAC;QACF,MAAM,GAAG,GAAG,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC;QACzC,UAAU,CAAC,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;QACrC,OAAO,GAAG,CAAC;IACb,CAAC,EACD,GAAG,EACH,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;AAClC,MAAM,CAAC,MAAM,4BAA4B,GAAQ,iBAAiB,CAChE,oEAAoE,EACpE,SAAS,EACT,SAAS,EACT,QAAQ,EACR,MAAM,CACP,CAAC;AAEF,qDAAqD;AACrD,MAAM,CAAC,MAAM,gBAAgB,GAAQ,eAAe,CAAC,CAAC,GAAG,EAAE,CACzD,WAAW,CACT,EAAE,EACF,EAAE,EACF,aAAa,CAAC,QAAQ,CAAC;AACvB,yDAAyD;AACzD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,UAAU,CAAC,CAAC,CAAC,EAC3F,SAAS,EACT,SAAS,CACV,CAAC,EAAE,CAAC;AAEP,SAAS,YAAY,CAAC,KAAY,EAAE,SAAiB,EAAE,OAAe,EAAE,KAAa;IACnF,MAAM,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC,EAAE,CAAC;IAC1B,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;IACxC,SAAS,iBAAiB,CAAC,IAAgB;QACzC,IAAI,EAAU,CAAC;QACf,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,GAAG,GAAG,SAAS,GAAI,KAAK,GAAG,GAAG,EAAE,GAAG,IAAI,SAAS,EAAE,CAAC;YACrE,IAAI,GAAG,GAAG,IAAI,CAAC,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YACpE,EAAE,GAAG,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC;YACnD,IAAI,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC;gBAAE,MAAM;QAChC,CAAC;QACD,MAAM,SAAS,GAAG,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5C,MAAM,SAAS,GAAG,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QACvD,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;IAClC,CAAC;IAED,OAAO;QACL,OAAO,EAAE;YACP,SAAS,EAAE,SAAS;YACpB,SAAS,EAAE,OAAO;YAClB,IAAI,EAAE,KAAK;YACX,GAAG,EAAE,KAAK;YACV,UAAU,EAAE,OAAO;SACpB;QACD,MAAM,CAAC,OAAmB,WAAW,CAAC,KAAK,CAAC;YAC1C,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC5B,OAAO,iBAAiB,CAAC,IAAI,CAAC,CAAC;QACjC,CAAC;QACD,YAAY,CAAC,SAAqB;YAChC,OAAO,KAAK,CAAC,YAAY,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;QAC9C,CAAC;QACD,WAAW,CAAC,SAAqB,EAAE,OAAmB,WAAW,CAAC,KAAK,CAAC;YACtE,MAAM,CAAC,IAAI,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;YAC5B,MAAM,EAAE,SAAS,EAAE,EAAE,EAAE,GAAG,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC;YACrD,MAAM,UAAU,GAAG,KAAK,CAAC,YAAY,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC;YACjD,UAAU,CAAC,EAAE,CAAC,CAAC;YACf,OAAO,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QACtC,CAAC;QACD,WAAW,CAAC,UAAsB,EAAE,SAAqB;YACvD,MAAM,IAAI,GAAG,KAAK,CAAC,eAAe,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;YAC1D,OAAO,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;QAC1B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAa,EAAE,KAAU,EAAE,KAAY,EAAE,KAAa;IAC/E,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,qBAAqB,EAAE,OAAO,EAAE,GAAG,KAAK,CAAC,OAAO,CAAC;IAC/E,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC;IAC3D,MAAM,QAAQ,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IAChE,MAAM,YAAY,GAAG,EAAE,CAAC;IACxB,MAAM,YAAY,GAAG,YAAY,GAAG,KAAK,CAAC;IAE1C,OAAO,WAAW,CAChB,EAAE,EACF,EAAE,EACF,CAAC,IAAgB,EAAE,EAAE;QACnB,MAAM,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACjB,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QACzD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,QAAQ,CAAC,QAAQ,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QAChE,OAAO,WAAW,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC,EACD,CAAC,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC,EACtF,KAAK,EACL,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,MAAM,CAAC,MAAM,cAAc,GAAQ,eAAe,CAAC,CAAC,GAAG,EAAE,CACvD,iBAAiB,CAAC,eAAe,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC;AAE9D,MAAM,CAAC,MAAM,eAAe,GAAQ,eAAe,CAAC,CAAC,GAAG,EAAE,CACxD,iBAAiB,CAAC,gBAAgB,EAAE,UAAU,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC,EAAE,CAAC;AAE/D,iBAAiB;AACjB,MAAM,CAAC,MAAM,KAAK,GAAQ,gBAAgB,CAAC;AAC3C,MAAM,CAAC,MAAM,cAAc,GAAQ,gBAAgB,CAAC;AACpD,MAAM,CAAC,MAAM,YAAY,GAAQ,cAAc,CAAC;AAChD,MAAM,CAAC,MAAM,aAAa,GAAQ,eAAe,CAAC;AAClD,MAAM,CAAC,MAAM,eAAe,GAAQ,kBAAkB,CAAC;AACvD,MAAM,CAAC,MAAM,gBAAgB,GAAQ,mBAAmB,CAAC;AACzD,MAAM,CAAC,MAAM,yBAAyB,GAAQ,4BAA4B,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@noble/post-quantum",
-  "version": "0.5.2",
+  "version": "0.5.4",
   "description": "Auditable & minimal JS implementation of post-quantum cryptography: FIPS 203, 204, 205",
   "files": [
     "*.js",
@@ -14,7 +14,7 @@
     "@noble/hashes": "~2.0.0"
   },
   "devDependencies": {
-    "@paulmillr/jsbt": "0.4.4",
+    "@paulmillr/jsbt": "0.4.5",
     "@types/node": "24.2.1",
     "fast-check": "4.2.0",
     "prettier": "3.6.2",
@@ -30,7 +30,7 @@
     "test:bun": "bun test/index.ts",
     "test:deno": "deno --allow-env --allow-read test/index.ts",
     "test:node20": "cd test; npx tsc; node compiled/test/index.js",
-    "test:big": "SLOW_TESTS=1 node test/index.js"
+    "test:slow": "SLOW_TESTS=1 node test/index.ts"
   },
   "exports": {
     ".": "./index.js",

package/src/hybrid.ts CHANGED Viewed

@@ -126,14 +126,14 @@ function ecKeygen(curve: CurveAll, allowZeroKey: boolean = false) {
   };
 }
-export const ecdhKem = (curve: CurveECDH, allowZeroKey: boolean = false): KEM => {
+export function ecdhKem(curve: CurveECDH, allowZeroKey: boolean = false): KEM {
   const kg = ecKeygen(curve, allowZeroKey);
   if (!curve.getSharedSecret) throw new Error('wrong curve'); // ed25519 doesn't have one!
   return {
     lengths: { ...kg.lengths, msg: kg.lengths.seed, cipherText: kg.lengths.publicKey },
     keygen: kg.keygen,
     getPublicKey: kg.getPublicKey,
-    encapsulate(publicKey: Uint8Array, rand: Uint8Array = randomBytes(curve.lengths.secretKey)) {
+    encapsulate(publicKey: Uint8Array, rand: Uint8Array = randomBytes(curve.lengths.seed)) {
       const ek = this.keygen(rand).secretKey;
       const sharedSecret = this.decapsulate(publicKey, ek);
       const cipherText = curve.getPublicKey(ek);
@@ -145,9 +145,9 @@ export const ecdhKem = (curve: CurveECDH, allowZeroKey: boolean = false): KEM =>
       return curve.lengths.publicKeyHasPrefix ? res.subarray(1) : res;
     },
   };
-};
+}
-export const ecSigner = (curve: CurveSign, allowZeroKey: boolean = false): Signer => {
+export function ecSigner(curve: CurveSign, allowZeroKey: boolean = false): Signer {
   const kg = ecKeygen(curve, allowZeroKey);
   if (!curve.sign || !curve.verify) throw new Error('wrong curve'); // ed25519 doesn't have one!
   return {
@@ -157,7 +157,7 @@ export const ecSigner = (curve: CurveSign, allowZeroKey: boolean = false): Signe
     sign: (message, secretKey) => curve.sign(message, secretKey),
     verify: (signature, message, publicKey) => curve.verify(signature, message, publicKey),
   };
-};
+}
 function splitLengths<K extends string, T extends { lengths: Partial<Record<K, number>> }>(
   lst: T[],
@@ -254,7 +254,7 @@ export function combineKEMS(
         sharedSecret: combiner(pks, cipherText, sharedSecret),
         cipherText: ctCoder.encode(cipherText),
       };
-      cleanBytes(sharedSecret, cipherText, pks);
+      cleanBytes(sharedSecret, cipherText);
       return res;
     },
     decapsulate(ct: Uint8Array, seed: Uint8Array) {
@@ -310,15 +310,14 @@ export function QSF(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, kdf: CHash
   );
 }
-export const QSFMLKEM768P256: KEM = QSF(
+export const QSF_ml_kem768_p256: KEM = QSF(
   'QSF-KEM(ML-KEM-768,P-256)-XOF(SHAKE256)-KDF(SHA3-256)',
   ml_kem768,
   ecdhKem(p256, true),
   shake256,
   sha3_256
 );
-export const QSFMLKEM1024P384: KEM = QSF(
+export const QSF_ml_kem1024_p384: KEM = QSF(
   'QSF-KEM(ML-KEM-1024,P-384)-XOF(SHAKE256)-KDF(SHA3-256)',
   ml_kem1024,
   ecdhKem(p384, true),
@@ -326,7 +325,13 @@ export const QSFMLKEM1024P384: KEM = QSF(
   sha3_256
 );
-export function KitchenSink(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, hash: CHash): KEM {
+export function createKitchenSink(
+  label: string,
+  pqc: KEM,
+  curveKEM: KEM,
+  xof: XOF,
+  hash: CHash
+): KEM {
   ahash(xof);
   ahash(hash);
   return combineKEMS(
@@ -353,7 +358,7 @@ export function KitchenSink(label: string, pqc: KEM, curveKEM: KEM, xof: XOF, ha
 }
 const x25519kem = ecdhKem(x25519);
-export const KitchenSinkMLKEM768X25519: KEM = KitchenSink(
+export const KitchenSink_ml_kem768_x25519: KEM = createKitchenSink(
   'KitchenSink-KEM(ML-KEM-768,X25519)-XOF(SHAKE256)-KDF(HKDF-SHA-256)',
   ml_kem768,
   x25519kem,
@@ -362,12 +367,96 @@ export const KitchenSinkMLKEM768X25519: KEM = KitchenSink(
 );
 // Always X25519 and ML-KEM - 768, no point to export
-export const XWing: KEM = combineKEMS(
-  32,
-  32,
-  expandSeedXof(shake256),
-  // Awesome label, so much escaping hell in a single line.
-  (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))),
-  ml_kem768,
-  x25519kem
-);
+export const ml_kem768_x25519: KEM = /* @__PURE__ */ (() =>
+  combineKEMS(
+    32,
+    32,
+    expandSeedXof(shake256),
+    // Awesome label, so much escaping hell in a single line.
+    (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes('\\.//^\\'))),
+    ml_kem768,
+    x25519kem
+  ))();
+function nistCurveKem(curve: ECDSA, scalarLen: number, elemLen: number, nseed: number): KEM {
+  const Fn = curve.Point.Fn;
+  if (!Fn) throw new Error('no Point.Fn');
+  function rejectionSampling(seed: Uint8Array): { secretKey: Uint8Array; publicKey: Uint8Array } {
+    let sk: bigint;
+    for (let start = 0, end = scalarLen; ; start = end, end += scalarLen) {
+      if (end > seed.length) throw new Error('rejection sampling failed');
+      sk = Fn.fromBytes(seed.subarray(start, end), true);
+      if (Fn.isValidNot0(sk)) break;
+    }
+    const secretKey = Fn.toBytes(Fn.create(sk));
+    const publicKey = curve.getPublicKey(secretKey, false);
+    return { secretKey, publicKey };
+  }
+  return {
+    lengths: {
+      secretKey: scalarLen,
+      publicKey: elemLen,
+      seed: nseed,
+      msg: nseed,
+      cipherText: elemLen,
+    },
+    keygen(seed: Uint8Array = randomBytes(nseed)) {
+      abytes(seed, nseed, 'seed');
+      return rejectionSampling(seed);
+    },
+    getPublicKey(secretKey: Uint8Array) {
+      return curve.getPublicKey(secretKey, false);
+    },
+    encapsulate(publicKey: Uint8Array, rand: Uint8Array = randomBytes(nseed)) {
+      abytes(rand, nseed, 'rand');
+      const { secretKey: ek } = rejectionSampling(rand);
+      const sharedSecret = this.decapsulate(publicKey, ek);
+      const cipherText = curve.getPublicKey(ek, false);
+      cleanBytes(ek);
+      return { sharedSecret, cipherText };
+    },
+    decapsulate(cipherText: Uint8Array, secretKey: Uint8Array) {
+      const full = curve.getSharedSecret(secretKey, cipherText);
+      return full.subarray(1);
+    },
+  };
+}
+function concreteHybridKem(label: string, mlkem: KEM, curve: ECDSA, nseed: number): KEM {
+  const { secretKey: scalarLen, publicKeyUncompressed: elemLen } = curve.lengths;
+  if (!scalarLen || !elemLen) throw new Error('wrong curve');
+  const curveKem = nistCurveKem(curve, scalarLen, elemLen, nseed);
+  const mlkemSeedLen = 64;
+  const totalSeedLen = mlkemSeedLen + nseed;
+  return combineKEMS(
+    32,
+    32,
+    (seed: Uint8Array) => {
+      abytes(seed, 32);
+      const expanded = shake256(seed, { dkLen: totalSeedLen });
+      const mlkemSeed = expanded.subarray(0, mlkemSeedLen);
+      const curveSeed = expanded.subarray(mlkemSeedLen, totalSeedLen);
+      return concatBytes(mlkemSeed, curveSeed);
+    },
+    (pk, ct, ss) => sha3_256(concatBytes(ss[0], ss[1], ct[1], pk[1], asciiToBytes(label))),
+    mlkem,
+    curveKem
+  );
+}
+export const ml_kem768_p256: KEM = /* @__PURE__ */ (() =>
+  concreteHybridKem('MLKEM768-P256', ml_kem768, p256, 128))();
+export const ml_kem1024_p384: KEM = /* @__PURE__ */ (() =>
+  concreteHybridKem('MLKEM1024-P384', ml_kem1024, p384, 48))();
+// Legacy aliases
+export const XWing: KEM = ml_kem768_x25519;
+export const MLKEM768X25519: KEM = ml_kem768_x25519;
+export const MLKEM768P256: KEM = ml_kem768_p256;
+export const MLKEM1024P384: KEM = ml_kem1024_p384;
+export const QSFMLKEM768P256: KEM = QSF_ml_kem768_p256;
+export const QSFMLKEM1024P384: KEM = QSF_ml_kem1024_p384;
+export const KitchenSinkMLKEM768X25519: KEM = KitchenSink_ml_kem768_x25519;