UNPKG

@noble/curves

Version:

Audited & minimal JS implementation of elliptic curve cryptography

paulmillr.com/noble/

paulmillr/noble-curves

137 lines 4.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
import { type FROST } from './abstract/frost.ts'; import { type H2CHasher } from './abstract/hash-to-curve.ts'; import { type OPRF } from './abstract/oprf.ts'; import { type ECDSA, type WeierstrassPointCons } from './abstract/weierstrass.ts'; import { type TRet } from './utils.ts'; /** * NIST P256 (aka secp256r1, prime256v1) curve, ECDSA and ECDH methods. * Hashes inputs with sha256 by default. * * @example * Generate one P-256 keypair, sign a message, and verify it. * * ```js * import { p256 } from '@noble/curves/nist.js'; * const { secretKey, publicKey } = p256.keygen(); * // const publicKey = p256.getPublicKey(secretKey); * const msg = new TextEncoder().encode('hello noble'); * const sig = p256.sign(msg, secretKey); * const isValid = p256.verify(sig, msg, publicKey); * // const sigKeccak = p256.sign(keccak256(msg), secretKey, { prehash: false }); * ``` */ export declare const p256: ECDSA; /** * Hashing / encoding to p256 points / field. RFC 9380 methods. * @example * Hash one message onto the P-256 curve. * * ```ts * const point = p256_hasher.hashToCurve(new TextEncoder().encode('hello noble')); * ``` */ export declare const p256_hasher: H2CHasher<WeierstrassPointCons<bigint>>; /** * p256 OPRF, defined in RFC 9497. * @example * Run one blind/evaluate/finalize OPRF round over P-256. * * ```ts * const input = new TextEncoder().encode('hello noble'); * const keys = p256_oprf.oprf.generateKeyPair(); * const blind = p256_oprf.oprf.blind(input); * const evaluated = p256_oprf.oprf.blindEvaluate(keys.secretKey, blind.blinded); * const output = p256_oprf.oprf.finalize(input, blind.blind, evaluated); * ``` */ export declare const p256_oprf: TRet<OPRF>; /** * FROST threshold signatures over p256. RFC 9591. * @example * Create one trusted-dealer package for 2-of-3 p256 signing. * * ```ts * const alice = p256_FROST.Identifier.derive('alice@example.com'); * const bob = p256_FROST.Identifier.derive('bob@example.com'); * const carol = p256_FROST.Identifier.derive('carol@example.com'); * const deal = p256_FROST.trustedDealer({ min: 2, max: 3 }, [alice, bob, carol]); * ``` */ export declare const p256_FROST: TRet<FROST>; /** * NIST P384 (aka secp384r1) curve, ECDSA and ECDH methods. Hashes inputs with sha384 by default. * @example * Generate one P-384 keypair, sign a message, and verify it. * * ```ts * const { secretKey, publicKey } = p384.keygen(); * const msg = new TextEncoder().encode('hello noble'); * const sig = p384.sign(msg, secretKey); * const isValid = p384.verify(sig, msg, publicKey); * ``` */ export declare const p384: ECDSA; /** * Hashing / encoding to p384 points / field. RFC 9380 methods. * @example * Hash one message onto the P-384 curve. * * ```ts * const point = p384_hasher.hashToCurve(new TextEncoder().encode('hello noble')); * ``` */ export declare const p384_hasher: H2CHasher<WeierstrassPointCons<bigint>>; /** * p384 OPRF, defined in RFC 9497. * @example * Run one blind/evaluate/finalize OPRF round over P-384. * * ```ts * const input = new TextEncoder().encode('hello noble'); * const keys = p384_oprf.oprf.generateKeyPair(); * const blind = p384_oprf.oprf.blind(input); * const evaluated = p384_oprf.oprf.blindEvaluate(keys.secretKey, blind.blinded); * const output = p384_oprf.oprf.finalize(input, blind.blind, evaluated); * ``` */ export declare const p384_oprf: TRet<OPRF>; /** * NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. Hashes inputs with sha512 by default. * Deterministic `keygen(seed)` expects 99 seed bytes here because the generic scalar-derivation * helper uses `getMinHashLength(n)`, not the 66-byte canonical secret-key width. * @example * Generate one P-521 keypair, sign a message, and verify it. * * ```ts * const { secretKey, publicKey } = p521.keygen(); * const msg = new TextEncoder().encode('hello noble'); * const sig = p521.sign(msg, secretKey); * const isValid = p521.verify(sig, msg, publicKey); * ``` */ export declare const p521: ECDSA; /** * Hashing / encoding to p521 points / field. RFC 9380 methods. * @example * Hash one message onto the P-521 curve. * * ```ts * const point = p521_hasher.hashToCurve(new TextEncoder().encode('hello noble')); * ``` */ export declare const p521_hasher: H2CHasher<WeierstrassPointCons<bigint>>; /** * p521 OPRF, defined in RFC 9497. * @example * Run one blind/evaluate/finalize OPRF round over P-521. * * ```ts * const input = new TextEncoder().encode('hello noble'); * const keys = p521_oprf.oprf.generateKeyPair(); * const blind = p521_oprf.oprf.blind(input); * const evaluated = p521_oprf.oprf.blindEvaluate(keys.secretKey, blind.blinded); * const output = p521_oprf.oprf.finalize(input, blind.blind, evaluated); * ``` */ export declare const p521_oprf: TRet<OPRF>; //# sourceMappingURL=nist.d.ts.map