@silvana-one/mina-curves 0.3.0

package/dist/node/curve/curve.js

@@ -0,0 +1,307 @@
+import { PallasConstants } from "./constants.js";
+export { Group, publicKeyToGroup, scale, sub, isEven, equal, power, add, mul, sqrt, dot, };
+const projectiveZero = { x: 1n, y: 1n, z: 0n };
+/**
+ * A non-zero point on the Pallas curve in affine form { x, y }
+ */
+const Group = {
+    toProjective({ x, y }) {
+        return projectiveFromAffine({ x, y, infinity: false });
+    },
+    /**
+     * Convert a projective point to a non-zero affine point.
+     * Throws an error if the point is zero / infinity, i.e. if z === 0
+     */
+    fromProjective(point) {
+        let { x, y, infinity } = projectiveToAffine(point);
+        if (infinity)
+            throw Error("Group.fromProjective: point is infinity");
+        return { x, y };
+    },
+};
+const { p, a, b, twoadicRoot, twoadicity, oddFactor } = PallasConstants;
+function mod(x, p) {
+    x = x % p;
+    if (x < 0)
+        return x + p;
+    return x;
+}
+function projectiveDoubleA0(g, p) {
+    if (g.z === 0n)
+        return g;
+    let X1 = g.x, Y1 = g.y, Z1 = g.z;
+    if (Y1 === 0n)
+        throw Error("projectiveDouble: unhandled case");
+    // http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#doubling-dbl-2009-l
+    // A = X1^2
+    let A = mod(X1 * X1, p);
+    // B = Y1^2
+    let B = mod(Y1 * Y1, p);
+    // C = B^2
+    let C = mod(B * B, p);
+    // D = 2*((X1+B)^2-A-C)
+    let D = mod(2n * ((X1 + B) * (X1 + B) - A - C), p);
+    // E = 3*A
+    let E = 3n * A;
+    // F = E^2
+    let F = mod(E * E, p);
+    // X3 = F-2*D
+    let X3 = mod(F - 2n * D, p);
+    // Y3 = E*(D-X3)-8*C
+    let Y3 = mod(E * (D - X3) - 8n * C, p);
+    // Z3 = 2*Y1*Z1
+    let Z3 = mod(2n * Y1 * Z1, p);
+    return { x: X3, y: Y3, z: Z3 };
+}
+function projectiveDoubleAminus3(g, p) {
+    if (g.z === 0n)
+        return g;
+    let X1 = g.x, Y1 = g.y, Z1 = g.z;
+    if (Y1 === 0n)
+        throw Error("projectiveDouble: unhandled case");
+    // http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-3.html#doubling-dbl-2001-b
+    // delta = Z1^2
+    let delta = mod(Z1 * Z1, p);
+    // gamma = Y1^2
+    let gamma = mod(Y1 * Y1, p);
+    // beta = X1*gamma
+    let beta = mod(X1 * gamma, p);
+    // alpha = 3*(X1-delta)*(X1+delta)
+    let alpha = mod((X1 - delta) * (X1 + delta), p);
+    alpha = alpha + alpha + alpha;
+    // X3 = alpha^2-8*beta
+    let X3 = mod(alpha * alpha - 8n * beta, p);
+    // Z3 = (Y1+Z1)^2-gamma-delta
+    let Z3 = mod((Y1 + Z1) * (Y1 + Z1) - gamma - delta, p);
+    // Y3 = alpha*(4*beta-X3)-8*gamma^2
+    let Y3 = mod(alpha * (4n * beta - X3) - 8n * gamma * gamma, p);
+    return { x: X3, y: Y3, z: Z3 };
+}
+function projectiveDouble(g, p, a) {
+    if (a === 0n)
+        return projectiveDoubleA0(g, p);
+    if (a + 3n === p)
+        return projectiveDoubleAminus3(g, p);
+    throw Error("Projective doubling is not implemented for general curve parameter a, only a = 0 and a = -3");
+}
+function projectiveNeg({ x, y, z }, p) {
+    return { x, y: y === 0n ? 0n : p - y, z };
+}
+function projectiveAdd(g, h, p, a) {
+    if (g.z === 0n)
+        return h;
+    if (h.z === 0n)
+        return g;
+    let X1 = g.x, Y1 = g.y, Z1 = g.z, X2 = h.x, Y2 = h.y, Z2 = h.z;
+    // http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian-0.html#addition-add-2007-bl
+    // Z1Z1 = Z1^2
+    let Z1Z1 = mod(Z1 * Z1, p);
+    // Z2Z2 = Z2^2
+    let Z2Z2 = mod(Z2 * Z2, p);
+    // U1 = X1*Z2Z2
+    let U1 = mod(X1 * Z2Z2, p);
+    // U2 = X2*Z1Z1
+    let U2 = mod(X2 * Z1Z1, p);
+    // S1 = Y1*Z2*Z2Z2
+    let S1 = mod(Y1 * Z2 * Z2Z2, p);
+    // S2 = Y2*Z1*Z1Z1
+    let S2 = mod(Y2 * Z1 * Z1Z1, p);
+    // H = U2-U1
+    let H = mod(U2 - U1, p);
+    // H = 0 <==> x1 = X1/Z1^2 = X2/Z2^2 = x2 <==> degenerate case (Z3 would become 0)
+    if (H === 0n) {
+        // if S1 = S2 <==> y1 = y2, the points are equal, so we double instead
+        if (S1 === S2)
+            return projectiveDouble(g, p, a);
+        // if S1 = -S2, the points are inverse, so return zero
+        if (mod(S1 + S2, p) === 0n)
+            return projectiveZero;
+        throw Error("projectiveAdd: invalid point");
+    }
+    // I = (2*H)^2
+    let I = mod((H * H) << 2n, p);
+    // J = H*I
+    let J = mod(H * I, p);
+    // r = 2*(S2-S1)
+    let r = 2n * (S2 - S1);
+    // V = U1*I
+    let V = mod(U1 * I, p);
+    // X3 = r^2-J-2*V
+    let X3 = mod(r * r - J - 2n * V, p);
+    // Y3 = r*(V-X3)-2*S1*J
+    let Y3 = mod(r * (V - X3) - 2n * S1 * J, p);
+    // Z3 = ((Z1+Z2)^2-Z1Z1-Z2Z2)*H
+    let Z3 = mod(((Z1 + Z2) * (Z1 + Z2) - Z1Z1 - Z2Z2) * H, p);
+    return { x: X3, y: Y3, z: Z3 };
+}
+function projectiveSub(g, h, p, a) {
+    return projectiveAdd(g, projectiveNeg(h, p), p, a);
+}
+function getProjectiveDouble(p, a) {
+    if (a === 0n)
+        return projectiveDoubleA0;
+    if (a + 3n === p)
+        return projectiveDoubleAminus3;
+    throw Error("Projective doubling is not implemented for general curve parameter a, only a = 0 and a = -3");
+}
+function bigIntToBits(x) {
+    if (x < 0n) {
+        throw Error(`bigIntToBits: negative numbers are not supported, got ${x}`);
+    }
+    let bits = [];
+    for (; x > 0n; x >>= 1n) {
+        let bit = !!(x & 1n);
+        bits.push(bit);
+    }
+    return bits;
+}
+function projectiveScale(g, x, p, a) {
+    let double = getProjectiveDouble(p, a);
+    let bits = typeof x === "bigint" ? bigIntToBits(x) : x;
+    let h = projectiveZero;
+    for (let bit of bits) {
+        if (bit)
+            h = projectiveAdd(h, g, p, a);
+        g = double(g, p);
+    }
+    return h;
+}
+function sub(g, h) {
+    return projectiveSub(g, h, p, PallasConstants.a);
+}
+function scale(g, s) {
+    return projectiveScale(g, s, p, PallasConstants.a);
+}
+function projectiveFromAffine({ x, y, infinity, }) {
+    if (infinity)
+        return projectiveZero;
+    return { x, y, z: 1n };
+}
+function projectiveToAffine(g) {
+    let z = g.z;
+    if (z === 0n) {
+        // infinity
+        return { x: 0n, y: 0n, infinity: true };
+    }
+    else if (z === 1n) {
+        // already normalized affine form
+        return { x: g.x, y: g.y, infinity: false };
+    }
+    else {
+        let zinv = inverse(z, p); // we checked for z === 0, so inverse exists
+        let zinv_squared = mod(zinv * zinv, p);
+        // x/z^2
+        let x = mod(g.x * zinv_squared, p);
+        // y/z^3
+        let y = mod(g.y * zinv * zinv_squared, p);
+        return { x: x, y: y, infinity: false };
+    }
+}
+// inverting with EGCD, 1/a in Z_p
+function inverse(a, p) {
+    a = mod(a, p);
+    if (a === 0n)
+        return undefined;
+    let b = p;
+    let x = 0n;
+    let y = 1n;
+    let u = 1n;
+    let v = 0n;
+    while (a !== 0n) {
+        let q = b / a;
+        let r = mod(b, a);
+        let m = x - u * q;
+        let n = y - v * q;
+        b = a;
+        a = r;
+        x = u;
+        y = v;
+        u = m;
+        v = n;
+    }
+    if (b !== 1n)
+        return undefined;
+    return mod(x, p);
+}
+function isEven(x) {
+    return !(mod(x, p) & 1n);
+}
+function equal(x, y) {
+    // We check if x and y are both in the range [0, p). If they are, can do a simple comparison. Otherwise, we need to reduce them to the proper canonical field range.
+    let x_ = x >= 0n && x < p ? x : mod(x, p);
+    let y_ = y >= 0n && y < p ? y : mod(y, p);
+    return x_ === y_;
+}
+// modular exponentiation, a^n % p
+function power(a, n) {
+    a = mod(a, p);
+    let x = 1n;
+    for (; n > 0n; n >>= 1n) {
+        if (n & 1n)
+            x = mod(x * a, p);
+        a = mod(a * a, p);
+    }
+    return x;
+}
+function add(x, y) {
+    return mod(x + y, p);
+}
+function mul(x, y) {
+    return mod(x * y, p);
+}
+function dot(x, y) {
+    let z = 0n;
+    let n = x.length;
+    for (let i = 0; i < n; i++) {
+        z += x[i] * y[i];
+    }
+    return mod(z, p);
+}
+function sqrt(n_, p, Q, c, M) {
+    // https://en.wikipedia.org/wiki/Tonelli-Shanks_algorithm#The_algorithm
+    // variable naming is the same as in that link ^
+    // Q is what we call `t` elsewhere - the odd factor in p - 1
+    // c is a known primitive root of unity
+    // M is the twoadicity = exponent of 2 in factorization of p - 1
+    const n = mod(n_, p);
+    if (n === 0n)
+        return 0n;
+    let t = power(n, (Q - 1n) >> 1n); // n^(Q - 1)/2
+    let R = mod(t * n, p); // n^((Q - 1)/2 + 1) = n^((Q + 1)/2)
+    t = mod(t * R, p); // n^((Q - 1)/2 + (Q + 1)/2) = n^Q
+    while (true) {
+        if (t === 1n)
+            return R;
+        // use repeated squaring to find the least i, 0 < i < M, such that t^(2^i) = 1
+        let i = 0n;
+        let s = t;
+        while (s !== 1n) {
+            s = mod(s * s, p);
+            i = i + 1n;
+        }
+        if (i === M)
+            return undefined; // no solution
+        let b = power(c, 1n << (M - i - 1n)); // c^(2^(M-i-1))
+        M = i;
+        c = mod(b * b, p);
+        t = mod(t * c, p);
+        R = mod(R * b, p);
+    }
+}
+function sqrt_internal(x) {
+    return sqrt(x, p, oddFactor, twoadicRoot, twoadicity);
+}
+function negate(x) {
+    return x === 0n ? 0n : mod(-x, p);
+}
+function publicKeyToGroup({ x, isOdd }) {
+    const ySquared = add(mul(x, mul(x, x)), b);
+    let y = sqrt_internal(ySquared);
+    if (y === undefined) {
+        throw Error("PublicKey.toGroup: not a valid group element");
+    }
+    if (isOdd !== !!(y & 1n))
+        y = negate(y);
+    return { x, y };
+}
+//# sourceMappingURL=curve.js.map

package/dist/node/curve/curve.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"curve.js","sourceRoot":"","sources":["../../../src/curve/curve.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,OAAO,EAML,KAAK,EACL,gBAAgB,EAChB,KAAK,EACL,GAAG,EACH,MAAM,EACN,KAAK,EACL,KAAK,EACL,GAAG,EACH,GAAG,EACH,IAAI,EACJ,GAAG,GACJ,CAAC;AAQF,MAAM,cAAc,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AAO/C;;GAEG;AACH,MAAM,KAAK,GAAG;IACZ,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC,EAAS;QAC1B,OAAO,oBAAoB,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IACzD,CAAC;IACD;;;OAGG;IACH,cAAc,CAAC,KAAsB;QACnC,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,GAAG,kBAAkB,CAAC,KAAK,CAAC,CAAC;QACnD,IAAI,QAAQ;YAAE,MAAM,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACrE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IAClB,CAAC;CACF,CAAC;AAEF,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,eAAe,CAAC;AAExE,SAAS,GAAG,CAAC,CAAS,EAAE,CAAS;IAC/B,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IACV,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IACxB,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAkB,EAAE,CAAS;IACvD,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE;QAAE,OAAO,CAAC,CAAC;IACzB,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EACV,EAAE,GAAG,CAAC,CAAC,CAAC,EACR,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACX,IAAI,EAAE,KAAK,EAAE;QAAE,MAAM,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAC/D,uFAAuF;IACvF,WAAW;IACX,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACxB,WAAW;IACX,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACxB,UAAU;IACV,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACtB,uBAAuB;IACvB,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnD,UAAU;IACV,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IACf,UAAU;IACV,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACtB,aAAa;IACb,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5B,oBAAoB;IACpB,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,eAAe;IACf,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9B,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,uBAAuB,CAAC,CAAkB,EAAE,CAAS;IAC5D,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE;QAAE,OAAO,CAAC,CAAC;IACzB,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EACV,EAAE,GAAG,CAAC,CAAC,CAAC,EACR,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACX,IAAI,EAAE,KAAK,EAAE;QAAE,MAAM,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAE/D,uFAAuF;IACvF,eAAe;IACf,IAAI,KAAK,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5B,eAAe;IACf,IAAI,KAAK,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5B,kBAAkB;IAClB,IAAI,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;IAC9B,kCAAkC;IAClC,IAAI,KAAK,GAAG,GAAG,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,GAAG,CAAC,EAAE,GAAG,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC;IAChD,KAAK,GAAG,KAAK,GAAG,KAAK,GAAG,KAAK,CAAC;IAC9B,sBAAsB;IACtB,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,GAAG,KAAK,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3C,6BAA6B;IAC7B,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,KAAK,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;IACvD,mCAAmC;IACnC,IAAI,EAAE,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC,EAAE,GAAG,IAAI,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,KAAK,EAAE,CAAC,CAAC,CAAC;IAC/D,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,gBAAgB,CAAC,CAAkB,EAAE,CAAS,EAAE,CAAS;IAChE,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,kBAAkB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC9C,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC;QAAE,OAAO,uBAAuB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvD,MAAM,KAAK,CACT,6FAA6F,CAC9F,CAAC;AACJ,CAAC;AAED,SAAS,aAAa,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAmB,EAAE,CAAS;IAC5D,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,CAAC;AAC5C,CAAC;AAED,SAAS,aAAa,CACpB,CAAkB,EAClB,CAAkB,EAClB,CAAS,EACT,CAAS;IAET,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE;QAAE,OAAO,CAAC,CAAC;IACzB,IAAI,CAAC,CAAC,CAAC,KAAK,EAAE;QAAE,OAAO,CAAC,CAAC;IACzB,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,EACV,EAAE,GAAG,CAAC,CAAC,CAAC,EACR,EAAE,GAAG,CAAC,CAAC,CAAC,EACR,EAAE,GAAG,CAAC,CAAC,CAAC,EACR,EAAE,GAAG,CAAC,CAAC,CAAC,EACR,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACX,wFAAwF;IACxF,cAAc;IACd,IAAI,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3B,cAAc;IACd,IAAI,IAAI,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IAC3B,eAAe;IACf,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3B,eAAe;IACf,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;IAC3B,kBAAkB;IAClB,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;IAChC,kBAAkB;IAClB,IAAI,EAAE,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;IAChC,YAAY;IACZ,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC;IACxB,kFAAkF;IAClF,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QACb,sEAAsE;QACtE,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QAChD,sDAAsD;QACtD,IAAI,GAAG,CAAC,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,KAAK,EAAE;YAAE,OAAO,cAAc,CAAC;QAClD,MAAM,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9C,CAAC;IACD,cAAc;IACd,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9B,UAAU;IACV,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACtB,gBAAgB;IAChB,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC;IACvB,WAAW;IACX,IAAI,CAAC,GAAG,GAAG,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACvB,iBAAiB;IACjB,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACpC,uBAAuB;IACvB,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC5C,+BAA+B;IAC/B,IAAI,EAAE,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,GAAG,EAAE,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3D,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AACjC,CAAC;AAED,SAAS,aAAa,CACpB,CAAkB,EAClB,CAAkB,EAClB,CAAS,EACT,CAAS;IAET,OAAO,aAAa,CAAC,CAAC,EAAE,aAAa,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,mBAAmB,CAAC,CAAS,EAAE,CAAS;IAC/C,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,kBAAkB,CAAC;IACxC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC;QAAE,OAAO,uBAAuB,CAAC;IACjD,MAAM,KAAK,CACT,6FAA6F,CAC9F,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,CAAS;IAC7B,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACX,MAAM,KAAK,CAAC,yDAAyD,CAAC,EAAE,CAAC,CAAC;IAC5E,CAAC;IACD,IAAI,IAAI,GAAc,EAAE,CAAC;IACzB,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC;QACxB,IAAI,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACjB,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,eAAe,CACtB,CAAkB,EAClB,CAAqB,EACrB,CAAS,EACT,CAAS;IAET,IAAI,MAAM,GAAG,mBAAmB,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,IAAI,IAAI,GAAG,OAAO,CAAC,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvD,IAAI,CAAC,GAAG,cAAc,CAAC;IACvB,KAAK,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QACrB,IAAI,GAAG;YAAE,CAAC,GAAG,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC;QACvC,CAAC,GAAG,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,GAAG,CAAC,CAAkB,EAAE,CAAkB;IACjD,OAAO,aAAa,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;AACnD,CAAC;AACD,SAAS,KAAK,CAAC,CAAkB,EAAE,CAAS;IAC1C,OAAO,eAAe,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,oBAAoB,CAAC,EAC5B,CAAC,EACD,CAAC,EACD,QAAQ,GACI;IACZ,IAAI,QAAQ;QAAE,OAAO,cAAc,CAAC;IACpC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC;AACzB,CAAC;AAED,SAAS,kBAAkB,CAAC,CAAkB;IAC5C,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;IACZ,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QACb,WAAW;QACX,OAAO,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;IAC1C,CAAC;SAAM,IAAI,CAAC,KAAK,EAAE,EAAE,CAAC;QACpB,iCAAiC;QACjC,OAAO,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IAC7C,CAAC;SAAM,CAAC;QACN,IAAI,IAAI,GAAG,OAAO,CAAC,CAAC,EAAE,CAAC,CAAE,CAAC,CAAC,4CAA4C;QACvE,IAAI,YAAY,GAAG,GAAG,CAAC,IAAI,GAAG,IAAI,EAAE,CAAC,CAAC,CAAC;QACvC,QAAQ;QACR,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,YAAY,EAAE,CAAC,CAAC,CAAC;QACnC,QAAQ;QACR,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,GAAG,YAAY,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC;IACzC,CAAC;AACH,CAAC;AAED,kCAAkC;AAClC,SAAS,OAAO,CAAC,CAAS,EAAE,CAAS;IACnC,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,SAAS,CAAC;IAC/B,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;QAChB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACd,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClB,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAClB,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,CAAC,CAAC;IACR,CAAC;IACD,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,SAAS,CAAC;IAC/B,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC;AAC3B,CAAC;AAED,SAAS,KAAK,CAAC,CAAS,EAAE,CAAS;IACjC,oKAAoK;IACpK,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1C,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC1C,OAAO,EAAE,KAAK,EAAE,CAAC;AACnB,CAAC;AAED,kCAAkC;AAClC,SAAS,KAAK,CAAC,CAAS,EAAE,CAAS;IACjC,CAAC,GAAG,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACd,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,OAAO,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC;QACxB,IAAI,CAAC,GAAG,EAAE;YAAE,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAC9B,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACpB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,GAAG,CAAC,CAAS,EAAE,CAAS;IAC/B,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,GAAG,CAAC,CAAS,EAAE,CAAS;IAC/B,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;AACvB,CAAC;AAED,SAAS,GAAG,CAAC,CAAW,EAAE,CAAW;IACnC,IAAI,CAAC,GAAG,EAAE,CAAC;IACX,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACnB,CAAC;IACD,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,IAAI,CAAC,EAAU,EAAE,CAAS,EAAE,CAAS,EAAE,CAAS,EAAE,CAAS;IAClE,uEAAuE;IACvE,gDAAgD;IAChD,4DAA4D;IAC5D,uCAAuC;IACvC,gEAAgE;IAChE,MAAM,CAAC,GAAG,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACrB,IAAI,CAAC,KAAK,EAAE;QAAE,OAAO,EAAE,CAAC;IACxB,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,cAAc;IAChD,IAAI,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,oCAAoC;IAC3D,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,kCAAkC;IACrD,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,CAAC,KAAK,EAAE;YAAE,OAAO,CAAC,CAAC;QACvB,8EAA8E;QAC9E,IAAI,CAAC,GAAG,EAAE,CAAC;QACX,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;YAChB,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;YAClB,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;QACb,CAAC;QACD,IAAI,CAAC,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC,CAAC,cAAc;QAC7C,IAAI,CAAC,GAAG,KAAK,CAAC,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB;QACtD,CAAC,GAAG,CAAC,CAAC;QACN,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAClB,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;QAClB,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACpB,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,CAAS;IAC9B,OAAO,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,SAAS,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;AACxD,CAAC;AAED,SAAS,MAAM,CAAC,CAAS;IACvB,OAAO,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,gBAAgB,CAAC,EAAE,CAAC,EAAE,KAAK,EAAa;IAC/C,MAAM,QAAQ,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3C,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,CAAC,CAAC;IAChC,IAAI,CAAC,KAAK,SAAS,EAAE,CAAC;QACpB,MAAM,KAAK,CAAC,8CAA8C,CAAC,CAAC;IAC9D,CAAC;IACD,IAAI,KAAK,KAAK,CAAC,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;QAAE,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IACxC,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;AAClB,CAAC"}

package/dist/node/curve/hash.d.ts

@@ -0,0 +1,6 @@
+import { Field, Scalar, Group } from "./curve.js";
+export declare function poseidonInitialState(): bigint[];
+export declare function poseidonUpdate([...state]: bigint[], input: bigint[]): bigint[];
+export declare function hashMessage(message: {
+    fields: bigint[];
+}, publicKey: Group, r: Field): Scalar;

package/dist/node/curve/hash.js

@@ -0,0 +1,89 @@
+import { add, power, dot } from "./curve.js";
+import { PoseidonConstants } from "./constants.js";
+export function poseidonInitialState() {
+    return Array(PoseidonConstants.stateSize).fill(0n);
+}
+export function poseidonUpdate([...state], input) {
+    // special case for empty input
+    const { rate } = PoseidonConstants;
+    if (input.length === 0) {
+        permutation(state);
+        return state;
+    }
+    // pad input with zeros so its length is a multiple of the rate
+    const n = Math.ceil(input.length / rate) * rate;
+    input = input.concat(Array(n - input.length).fill(0n));
+    // for every block of length `rate`, add block to the first `rate` elements of the state, and apply the permutation
+    for (let blockIndex = 0; blockIndex < n; blockIndex += rate) {
+        for (let i = 0; i < rate; i++) {
+            state[i] = add(state[i], input[blockIndex + i]);
+        }
+        permutation(state);
+    }
+    return state;
+}
+export function hashMessage(message, publicKey, r) {
+    let { x, y } = publicKey;
+    let input = append(message, { fields: [x, y, r] });
+    return hashWithPrefix(packToFields(input));
+}
+function append(input1, input2) {
+    return {
+        fields: (input1.fields ?? []).concat(input2.fields ?? []),
+        packed: (input1.packed ?? []).concat(input2.packed ?? []),
+    };
+}
+function packToFields({ fields = [], packed = [] }) {
+    if (packed.length === 0)
+        return fields;
+    const packedBits = [];
+    let currentPackedField = 0n;
+    let currentSize = 0;
+    for (let [field, size] of packed) {
+        currentSize += size;
+        if (currentSize < 255) {
+            currentPackedField = currentPackedField * (1n << BigInt(size)) + field;
+        }
+        else {
+            packedBits.push(currentPackedField);
+            currentSize = size;
+            currentPackedField = field;
+        }
+    }
+    packedBits.push(currentPackedField);
+    return fields.concat(packedBits);
+}
+//const signaturePrefix = "CodaSignature*******";
+const prefix = 240717916736854602989207148466022993262069182275n;
+function salt() {
+    return poseidonUpdate(poseidonInitialState(), [prefix]);
+}
+function hashWithPrefix(input) {
+    let init = salt();
+    return poseidonUpdate(init, input)[0];
+}
+function permutation(state) {
+    // special case: initial round constant
+    const { hasInitialRoundConstant, stateSize, roundConstants, fullRounds, power: power_, mds, } = PoseidonConstants;
+    let offset = 0;
+    if (hasInitialRoundConstant) {
+        for (let i = 0; i < stateSize; i++) {
+            state[i] = add(state[i], roundConstants[0][i]);
+        }
+        offset = 1;
+    }
+    for (let round = 0; round < fullRounds; round++) {
+        // raise to a power
+        for (let i = 0; i < stateSize; i++) {
+            state[i] = power(state[i], power_);
+        }
+        let oldState = [...state];
+        for (let i = 0; i < stateSize; i++) {
+            // multiply by mds matrix
+            state[i] = dot(mds[i], oldState);
+            // add round constants
+            state[i] = add(state[i], roundConstants[round + offset][i]);
+        }
+    }
+}
+//# sourceMappingURL=hash.js.map

package/dist/node/curve/hash.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hash.js","sourceRoot":"","sources":["../../../src/curve/hash.ts"],"names":[],"mappings":"AAAA,OAAO,EAAwB,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,MAAM,YAAY,CAAC;AACnE,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AAEnD,MAAM,UAAU,oBAAoB;IAClC,OAAO,KAAK,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AACrD,CAAC;AAED,MAAM,UAAU,cAAc,CAAC,CAAC,GAAG,KAAK,CAAW,EAAE,KAAe;IAClE,+BAA+B;IAC/B,MAAM,EAAE,IAAI,EAAE,GAAG,iBAAiB,CAAC;IACnC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACvB,WAAW,CAAC,KAAK,CAAC,CAAC;QACnB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,+DAA+D;IAC/D,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC;IAChD,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;IACvD,mHAAmH;IACnH,KAAK,IAAI,UAAU,GAAG,CAAC,EAAE,UAAU,GAAG,CAAC,EAAE,UAAU,IAAI,IAAI,EAAE,CAAC;QAC5D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC;YAC9B,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;QAClD,CAAC;QACD,WAAW,CAAC,KAAK,CAAC,CAAC;IACrB,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,MAAM,UAAU,WAAW,CACzB,OAA6B,EAC7B,SAAgB,EAChB,CAAQ;IAER,IAAI,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,SAAS,CAAC;IAEzB,IAAI,KAAK,GAAG,MAAM,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IACnD,OAAO,cAAc,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;AAC7C,CAAC;AAID,SAAS,MAAM,CAAC,MAAiB,EAAE,MAAiB;IAClD,OAAO;QACL,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;QACzD,MAAM,EAAE,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;KAC1D,CAAC;AACJ,CAAC;AAED,SAAS,YAAY,CAAC,EAAE,MAAM,GAAG,EAAE,EAAE,MAAM,GAAG,EAAE,EAAa;IAC3D,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,MAAM,CAAC;IACvC,MAAM,UAAU,GAAG,EAAE,CAAC;IACtB,IAAI,kBAAkB,GAAG,EAAE,CAAC;IAC5B,IAAI,WAAW,GAAG,CAAC,CAAC;IACpB,KAAK,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;QACjC,WAAW,IAAI,IAAI,CAAC;QACpB,IAAI,WAAW,GAAG,GAAG,EAAE,CAAC;YACtB,kBAAkB,GAAG,kBAAkB,GAAG,CAAC,EAAE,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,KAAK,CAAC;QACzE,CAAC;aAAM,CAAC;YACN,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;YACpC,WAAW,GAAG,IAAI,CAAC;YACnB,kBAAkB,GAAG,KAAK,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,UAAU,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC;IACpC,OAAO,MAAM,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;AACnC,CAAC;AAED,iDAAiD;AACjD,MAAM,MAAM,GAAG,iDAAiD,CAAC;AACjE,SAAS,IAAI;IACX,OAAO,cAAc,CAAC,oBAAoB,EAAE,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;AAC1D,CAAC;AAED,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,IAAI,GAAG,IAAI,EAAE,CAAC;IAClB,OAAO,cAAc,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AACxC,CAAC;AAED,SAAS,WAAW,CAAC,KAAe;IAClC,uCAAuC;IACvC,MAAM,EACJ,uBAAuB,EACvB,SAAS,EACT,cAAc,EACd,UAAU,EACV,KAAK,EAAE,MAAM,EACb,GAAG,GACJ,GAAG,iBAAiB,CAAC;IACtB,IAAI,MAAM,GAAG,CAAC,CAAC;IACf,IAAI,uBAAuB,EAAE,CAAC;QAC5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QACjD,CAAC;QACD,MAAM,GAAG,CAAC,CAAC;IACb,CAAC;IACD,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,KAAK,GAAG,UAAU,EAAE,KAAK,EAAE,EAAE,CAAC;QAChD,mBAAmB;QACnB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,KAAK,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;QACrC,CAAC;QACD,IAAI,QAAQ,GAAG,CAAC,GAAG,KAAK,CAAC,CAAC;QAC1B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,yBAAyB;YACzB,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;YACjC,sBAAsB;YACtB,KAAK,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,KAAK,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;AACH,CAAC"}

package/dist/node/curve/index.d.ts

@@ -0,0 +1,4 @@
+export * from "./constants.js";
+export * from "./verify.js";
+export * from "./curve.js";
+export * from "./hash.js";

package/dist/node/curve/index.js

@@ -0,0 +1,5 @@
+export * from "./constants.js";
+export * from "./verify.js";
+export * from "./curve.js";
+export * from "./hash.js";
+//# sourceMappingURL=index.js.map

package/dist/node/curve/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/curve/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,cAAc,aAAa,CAAC;AAC5B,cAAc,YAAY,CAAC;AAC3B,cAAc,WAAW,CAAC"}

package/dist/node/curve/verify.d.ts

@@ -0,0 +1,4 @@
+import { Signature, PublicKey } from "./curve.js";
+export declare function verify(signature: Signature, message: {
+    fields: bigint[];
+}, publicKey: PublicKey): boolean;

package/dist/node/curve/verify.js

@@ -0,0 +1,19 @@
+import { Group, publicKeyToGroup, sub, scale, isEven, equal, } from "./curve.js";
+import { hashMessage } from "./hash.js";
+import { PallasConstants } from "./constants.js";
+export function verify(signature, message, publicKey) {
+    const { r, s } = signature;
+    const pk = publicKeyToGroup(publicKey);
+    const e = hashMessage(message, pk, r);
+    const { one } = PallasConstants;
+    const R = sub(scale(one, s), scale(Group.toProjective(pk), e));
+    try {
+        // if `R` is infinity, Group.fromProjective throws an error, so `verify` returns false
+        const { x: rx, y: ry } = Group.fromProjective(R);
+        return isEven(ry) && equal(rx, r);
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=verify.js.map

package/dist/node/curve/verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"verify.js","sourceRoot":"","sources":["../../../src/curve/verify.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,EACL,gBAAgB,EAChB,GAAG,EACH,KAAK,EACL,MAAM,EACN,KAAK,GACN,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,WAAW,EAAE,MAAM,WAAW,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEjD,MAAM,UAAU,MAAM,CACpB,SAAoB,EACpB,OAA6B,EAC7B,SAAoB;IAEpB,MAAM,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,SAAS,CAAC;IAC3B,MAAM,EAAE,GAAG,gBAAgB,CAAC,SAAS,CAAC,CAAC;IACvC,MAAM,CAAC,GAAG,WAAW,CAAC,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,EAAE,GAAG,eAAe,CAAC;IAChC,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/D,IAAI,CAAC;QACH,sFAAsF;QACtF,MAAM,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,EAAE,GAAG,KAAK,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC;QACjD,OAAO,MAAM,CAAC,EAAE,CAAC,IAAI,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}