@beraji/wallet-sdk/dist/sss/ectss.js

Beraji: Distributed Secret Sharing.

"use strict";
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
var _a, _b;
Object.defineProperty(exports, "__esModule", { value: true });
exports.ECTSS = exports.ECCurve = void 0;
const secp256k1_1 = require("@noble/secp256k1");
const secp256k1_2 = require("@noble/curves/secp256k1");
const sha3_1 = require("@noble/hashes/sha3");
const bn_js_1 = __importDefault(require("bn.js"));
const sss_1 = require("./sss");
const ff_1 = require("./ff");
const utils_1 = require("@noble/hashes/utils");
const utils_2 = require("./utils");
class ECCurve {
}
exports.ECCurve = ECCurve;
_a = ECCurve;
ECCurve.ff = ff_1.FiniteField.fromBigInt(secp256k1_2.secp256k1.CURVE.n, 'be');
ECCurve.ZERO = secp256k1_1.Point.ZERO.toRawBytes(true);
ECCurve.validate = (point) => {
    try {
        secp256k1_1.Point.fromHex(point);
        return true;
    }
    catch (er) {
        return false;
    }
};
ECCurve.baseMul = (r) => {
    if (_a.ff.ZERO.eq(_a.ff.encode(r)))
        return secp256k1_1.Point.ZERO.toRawBytes(true);
    const b = BigInt(new bn_js_1.default(r, 16, _a.ff.en).toString());
    return secp256k1_1.Point.BASE.multiply(b).toRawBytes(true);
};
ECCurve.negPoint = (point) => {
    const a = secp256k1_1.Point.fromHex(point);
    return a.negate().toRawBytes();
};
ECCurve.addPoint = (pointA, pointB) => {
    if ((0, utils_2.equal)([pointA, secp256k1_1.Point.ZERO.toRawBytes(true)]))
        return pointB;
    if ((0, utils_2.equal)([pointB, secp256k1_1.Point.ZERO.toRawBytes(true)]))
        return pointA;
    const a = secp256k1_1.Point.fromHex(pointA);
    const b = secp256k1_1.Point.fromHex(pointB);
    return a.add(b).toRawBytes(true);
};
ECCurve.mulScalar = (point, scalar) => {
    if ((0, utils_2.equal)([point, secp256k1_1.Point.ZERO.toRawBytes(true)]) ||
        _a.ff.ZERO.eq(_a.ff.encode(scalar)))
        return secp256k1_1.Point.ZERO.toRawBytes(true);
    const p = secp256k1_1.Point.fromHex(point);
    const s = BigInt(new bn_js_1.default(scalar, 16, _a.ff.en).toString());
    return p.multiply(s).toRawBytes(true);
};
ECCurve.getDerivedKey = (privateKey) => {
    return _a.ff.norm(privateKey);
};
ECCurve.getPublicKey = (privateKey, derived = false) => {
    if (!derived)
        privateKey = _a.getDerivedKey(privateKey);
    return secp256k1_2.secp256k1.getPublicKey(privateKey, true);
};
class ECTSS {
}
exports.ECTSS = ECTSS;
_b = ECTSS;
ECTSS.ff = ff_1.FiniteField.fromBigInt(secp256k1_2.secp256k1.CURVE.n, 'be');
ECTSS.signatureLength = 65;
ECTSS.randomnessLength = 32;
ECTSS.privateKeyLength = 32;
ECTSS.publicKeyLength = 33;
ECTSS.finalizeSig = (sig) => {
    if (sig.hasHighS())
        sig = sig.normalizeS();
    return sig.toCompactRawBytes();
};
ECTSS.recoveryBit = (R, sig) => {
    const q = secp256k1_1.Point.fromHex(R);
    let recovery = (q.x === sig.r ? 0 : 2) | Number(q.y & BigInt(1));
    if (sig.hasHighS()) {
        sig = sig.normalizeS();
        recovery ^= 1;
    }
    return recovery;
};
ECTSS.shareRandomness = (t, n, indice, seed) => {
    const r = _b.ff.norm(!seed ? (0, utils_1.randomBytes)(_b.randomnessLength) : (0, sha3_1.keccak_256)(seed));
    const x = _b.ff.norm((0, sha3_1.keccak_256)(r));
    const secretSharing = new sss_1.SecretSharing(_b.ff);
    const { shares, zkp } = secretSharing.share(x, t, n, {
        indice,
        ec: ECCurve,
    });
    const R = ECCurve.baseMul(r);
    return { shares, R, r, zkp };
};
ECTSS.addSig = (sigs, r) => {
    const x = _b.ff.norm((0, sha3_1.keccak_256)(r));
    const [R] = sigs.map((sig) => sig.subarray(0, 33));
    const Rx = _b.ff.norm(R.subarray(1));
    const ss = sigs.map((sig) => sig.subarray(33));
    const S = _b.ff.mul(_b.ff.inv(r), _b.ff.sub(ss.reduce((sum, s) => _b.ff.add(sum, s), _b.ff.decode(_b.ff.ZERO)), x));
    const sig = new secp256k1_1.Signature(BigInt(_b.ff.encode(Rx).toString()), BigInt(_b.ff.encode(S).toString()));
    const recovery = _b.recoveryBit(R, sig);
    return [_b.finalizeSig(sig), recovery];
};
ECTSS.sign = (h, R, x, derivedKey) => {
    if (x.length !== _b.randomnessLength)
        throw new Error('bad randomness size');
    if (derivedKey.length !== _b.privateKeyLength)
        throw new Error('bad private key size');
    const Rx = _b.ff.norm(R.subarray(1));
    const e = _b.ff.add(_b.ff.add(h, _b.ff.mul(Rx, derivedKey)), x);
    return (0, utils_1.concatBytes)(R, e);
};
ECTSS.verify = (h, R, index, sig, pzkp, xzkp) => {
    if (pzkp.length !== xzkp.length)
        throw new Error('bad proofs size');
    const x = _b.ff.decode(new bn_js_1.default(index, 8, _b.ff.en));
    const rG = sig.subarray(0, _b.publicKeyLength);
    const e = sig.subarray(_b.publicKeyLength, _b.signatureLength);
    if (!(0, utils_2.equal)([R, rG]))
        return false;
    const xG = xzkp.reduce((sum, co, i) => ECCurve.addPoint(sum, ECCurve.mulScalar(co, _b.ff.pow(x, i))), ECCurve.ZERO);
    const H = ECCurve.baseMul(_b.ff.norm(h));
    const Rx = _b.ff.norm(R.subarray(1));
    const eG = ECCurve.baseMul(e);
    const _eG = ECCurve.addPoint(xG, ECCurve.addPoint(H, ECCurve.mulScalar(pzkp.reduce((sum, co, i) => ECCurve.addPoint(sum, ECCurve.mulScalar(co, _b.ff.pow(x, i))), ECCurve.ZERO), Rx)));
    return (0, utils_2.equal)([_eG, eG]);
};
//# sourceMappingURL=ectss.js.map