UNPKG

@noble/curves

Version:

Audited & minimal JS implementation of elliptic curve cryptography

paulmillr.com/noble/

paulmillr/noble-curves

114 lines 4.44 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
import { type EdDSA, type EdwardsPoint } from './abstract/edwards.ts'; import { type ECDSA } from './abstract/weierstrass.ts'; import { type TArg } from './utils.ts'; /** * Generic EdDSA-over-Jubjub convenience wrapper with `sha512`. * This is not the Zcash RedJubjub / Sapling signature scheme. * @example * Generate one Jubjub keypair, sign a message, and verify it. * * ```ts * const { secretKey, publicKey } = jubjub.keygen(); * const msg = new TextEncoder().encode('hello noble'); * const sig = jubjub.sign(msg, secretKey); * const isValid = jubjub.verify(sig, msg, publicKey); * ``` */ export declare const jubjub: EdDSA; /** * Curve over scalar field of bn254. babyjubjub Fp = bn254 n * This is a working generic EdDSA-over-BabyJubJub wrapper that uses `blake512` for the 64-byte * secret expansion required by the shared EdDSA helper. * It is not the BabyJubJub stack used by iden3/circomlib, `babyjubjub-rs`, or * `@zk-kit/eddsa-poseidon`: those pair the subgroup base B/B8 with Blake-style secret expansion * plus dedicated Poseidon / MiMC / Pedersen transcript hashing. This wrapper stays generic and is * not meant as an interoperability target for those BabyJubJub signing stacks. * @example * Access the BabyJubJub base point and round-trip it through the point codec. * * ```ts * import { babyjubjub } from '@noble/curves/misc.js'; * const base = babyjubjub.Point.BASE; * const encoded = base.toBytes(); * const decoded = babyjubjub.Point.fromBytes(encoded); * ``` */ export declare const babyjubjub: EdDSA; /** * @param tag - Hash input. * @param personalization - BLAKE2 personalization bytes. * @returns Prime-order Jubjub point. * @throws If the digest does not decode to a Jubjub point, or if the * cofactor-cleared point has small order. {@link Error} * @example * Hash a tag into a prime-order Jubjub point. * * ```ts * import { jubjub_groupHash } from '@noble/curves/misc.js'; * import { asciiToBytes } from '@noble/curves/utils.js'; * const tag = Uint8Array.of(2); * const personalization = asciiToBytes('Zcash_G_'); * const point = jubjub_groupHash(tag, personalization); * ``` */ export declare function jubjub_groupHash(tag: TArg<Uint8Array>, personalization: TArg<Uint8Array>): EdwardsPoint; /** * No secret data is leaked here at all. * It operates over public data. * @param m - Message prefix. * @param personalization - 8-byte BLAKE2 personalization bytes. * @returns First non-zero group hash. * @throws If the personalization is invalid, or if no non-zero Jubjub group * hash can be found. {@link Error} * @example * Derive the first non-zero Jubjub group hash for one personalization tag. * * ```ts * import { jubjub_findGroupHash } from '@noble/curves/misc.js'; * import { asciiToBytes } from '@noble/curves/utils.js'; * const msg = Uint8Array.of(); * const personalization = asciiToBytes('Zcash_G_'); * const point = jubjub_findGroupHash(msg, personalization); * ``` */ export declare function jubjub_findGroupHash(m: TArg<Uint8Array>, personalization: TArg<Uint8Array>): EdwardsPoint; /** * Brainpool P256r1 with sha256, from RFC 5639. * @example * Generate one Brainpool P256r1 keypair, sign a message, and verify it. * * ```ts * const { secretKey, publicKey } = brainpoolP256r1.keygen(); * const msg = new TextEncoder().encode('hello noble'); * const sig = brainpoolP256r1.sign(msg, secretKey); * const isValid = brainpoolP256r1.verify(sig, msg, publicKey); * ``` */ export declare const brainpoolP256r1: ECDSA; /** * Brainpool P384r1 with sha384, from RFC 5639. * @example * Generate one Brainpool P384r1 keypair, sign a message, and verify it. * * ```ts * const { secretKey, publicKey } = brainpoolP384r1.keygen(); * const msg = new TextEncoder().encode('hello noble'); * const sig = brainpoolP384r1.sign(msg, secretKey); * const isValid = brainpoolP384r1.verify(sig, msg, publicKey); * ``` */ export declare const brainpoolP384r1: ECDSA; /** * Brainpool P512r1 with sha512, from RFC 5639. * @example * Generate one Brainpool P512r1 keypair, sign a message, and verify it. * * ```ts * const { secretKey, publicKey } = brainpoolP512r1.keygen(); * const msg = new TextEncoder().encode('hello noble'); * const sig = brainpoolP512r1.sign(msg, secretKey); * const isValid = brainpoolP512r1.verify(sig, msg, publicKey); * ``` */ export declare const brainpoolP512r1: ECDSA; //# sourceMappingURL=misc.d.ts.map