/** * Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y². * For design rationale of types / exports, see weierstrass module documentation. * Untwisted Edwards curves exist, but they aren't used in real-world protocols. * @module */ /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */ import { type FHash, type Hex } from '../utils.ts'; import { type AffinePoint, type BasicCurve, type CurveLengths, type CurvePoint, type CurvePointCons } from './curve.ts'; import { type IField, type NLength } from './modular.ts'; export type UVRatio = (u: bigint, v: bigint) => { isValid: boolean; value: bigint; }; /** Instance of Extended Point with coordinates in X, Y, Z, T. */ export interface EdwardsPoint extends CurvePoint { /** extended X coordinate. Different from affine x. */ readonly X: bigint; /** extended Y coordinate. Different from affine y. */ readonly Y: bigint; /** extended Z coordinate */ readonly Z: bigint; /** extended T coordinate */ readonly T: bigint; /** @deprecated use `toBytes` */ toRawBytes(): Uint8Array; /** @deprecated use `p.precompute(windowSize)` */ _setWindowSize(windowSize: number): void; /** @deprecated use .X */ readonly ex: bigint; /** @deprecated use .Y */ readonly ey: bigint; /** @deprecated use .Z */ readonly ez: bigint; /** @deprecated use .T */ readonly et: bigint; } /** Static methods of Extended Point with coordinates in X, Y, Z, T. */ export interface EdwardsPointCons extends CurvePointCons { new (X: bigint, Y: bigint, Z: bigint, T: bigint): EdwardsPoint; CURVE(): EdwardsOpts; fromBytes(bytes: Uint8Array, zip215?: boolean): EdwardsPoint; fromHex(hex: Hex, zip215?: boolean): EdwardsPoint; /** @deprecated use `import { pippenger } from '@noble/curves/abstract/curve.js';` */ msm(points: EdwardsPoint[], scalars: bigint[]): EdwardsPoint; } /** @deprecated use EdwardsPoint */ export type ExtPointType = EdwardsPoint; /** @deprecated use EdwardsPointCons */ export type ExtPointConstructor = EdwardsPointCons; /** * Twisted Edwards curve options. * * * a: formula param * * d: formula param * * p: prime characteristic (order) of finite field, in which arithmetics is done * * n: order of prime subgroup a.k.a total amount of valid curve points * * h: cofactor. h*n is group order; n is subgroup order * * Gx: x coordinate of generator point a.k.a. base point * * Gy: y coordinate of generator point */ export type EdwardsOpts = Readonly<{ p: bigint; n: bigint; h: bigint; a: bigint; d: bigint; Gx: bigint; Gy: bigint; }>; /** * Extra curve options for Twisted Edwards. * * * Fp: redefined Field over curve.p * * Fn: redefined Field over curve.n * * uvRatio: helper function for decompression, calculating √(u/v) */ export type EdwardsExtraOpts = Partial<{ Fp: IField; Fn: IField; FpFnLE: boolean; uvRatio: (u: bigint, v: bigint) => { isValid: boolean; value: bigint; }; }>; /** * EdDSA (Edwards Digital Signature algorithm) options. * * * hash: hash function used to hash secret keys and messages * * adjustScalarBytes: clears bits to get valid field element * * domain: Used for hashing * * mapToCurve: for hash-to-curve standard * * prehash: RFC 8032 pre-hashing of messages to sign() / verify() * * randomBytes: function generating random bytes, used for randomSecretKey */ export type EdDSAOpts = Partial<{ adjustScalarBytes: (bytes: Uint8Array) => Uint8Array; domain: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => Uint8Array; mapToCurve: (scalar: bigint[]) => AffinePoint; prehash: FHash; randomBytes: (bytesLength?: number) => Uint8Array; }>; /** * EdDSA (Edwards Digital Signature algorithm) interface. * * Allows to create and verify signatures, create public and secret keys. */ export interface EdDSA { keygen: (seed?: Uint8Array) => { secretKey: Uint8Array; publicKey: Uint8Array; }; getPublicKey: (secretKey: Hex) => Uint8Array; sign: (message: Hex, secretKey: Hex, options?: { context?: Hex; }) => Uint8Array; verify: (sig: Hex, message: Hex, publicKey: Hex, options?: { context?: Hex; zip215: boolean; }) => boolean; Point: EdwardsPointCons; utils: { randomSecretKey: (seed?: Uint8Array) => Uint8Array; isValidSecretKey: (secretKey: Uint8Array) => boolean; isValidPublicKey: (publicKey: Uint8Array, zip215?: boolean) => boolean; /** * Converts ed public key to x public key. * * There is NO `fromMontgomery`: * - There are 2 valid ed25519 points for every x25519, with flipped coordinate * - Sometimes there are 0 valid ed25519 points, because x25519 *additionally* * accepts inputs on the quadratic twist, which can't be moved to ed25519 * * @example * ```js * const someonesPub = ed25519.getPublicKey(ed25519.utils.randomSecretKey()); * const aPriv = x25519.utils.randomSecretKey(); * x25519.getSharedSecret(aPriv, ed25519.utils.toMontgomery(someonesPub)) * ``` */ toMontgomery: (publicKey: Uint8Array) => Uint8Array; /** * Converts ed secret key to x secret key. * @example * ```js * const someonesPub = x25519.getPublicKey(x25519.utils.randomSecretKey()); * const aPriv = ed25519.utils.randomSecretKey(); * x25519.getSharedSecret(ed25519.utils.toMontgomerySecret(aPriv), someonesPub) * ``` */ toMontgomerySecret: (privateKey: Uint8Array) => Uint8Array; getExtendedPublicKey: (key: Hex) => { head: Uint8Array; prefix: Uint8Array; scalar: bigint; point: EdwardsPoint; pointBytes: Uint8Array; }; /** @deprecated use `randomSecretKey` */ randomPrivateKey: (seed?: Uint8Array) => Uint8Array; /** @deprecated use `point.precompute()` */ precompute: (windowSize?: number, point?: EdwardsPoint) => EdwardsPoint; }; lengths: CurveLengths; } export declare function edwards(params: EdwardsOpts, extraOpts?: EdwardsExtraOpts): EdwardsPointCons; /** * Base class for prime-order points like Ristretto255 and Decaf448. * These points eliminate cofactor issues by representing equivalence classes * of Edwards curve points. */ export declare abstract class PrimeEdwardsPoint> implements CurvePoint { static BASE: PrimeEdwardsPoint; static ZERO: PrimeEdwardsPoint; static Fp: IField; static Fn: IField; protected readonly ep: EdwardsPoint; constructor(ep: EdwardsPoint); abstract toBytes(): Uint8Array; abstract equals(other: T): boolean; static fromBytes(_bytes: Uint8Array): any; static fromHex(_hex: Hex): any; get x(): bigint; get y(): bigint; clearCofactor(): T; assertValidity(): void; toAffine(invertedZ?: bigint): AffinePoint; toHex(): string; toString(): string; isTorsionFree(): boolean; isSmallOrder(): boolean; add(other: T): T; subtract(other: T): T; multiply(scalar: bigint): T; multiplyUnsafe(scalar: bigint): T; double(): T; negate(): T; precompute(windowSize?: number, isLazy?: boolean): T; abstract is0(): boolean; protected abstract assertSame(other: T): void; protected abstract init(ep: EdwardsPoint): T; /** @deprecated use `toBytes` */ toRawBytes(): Uint8Array; } /** * Initializes EdDSA signatures over given Edwards curve. */ export declare function eddsa(Point: EdwardsPointCons, cHash: FHash, eddsaOpts?: EdDSAOpts): EdDSA; export type CurveType = BasicCurve & { a: bigint; d: bigint; /** @deprecated the property will be removed in next release */ hash: FHash; randomBytes?: (bytesLength?: number) => Uint8Array; adjustScalarBytes?: (bytes: Uint8Array) => Uint8Array; domain?: (data: Uint8Array, ctx: Uint8Array, phflag: boolean) => Uint8Array; uvRatio?: UVRatio; prehash?: FHash; mapToCurve?: (scalar: bigint[]) => AffinePoint; }; export type CurveTypeWithLength = Readonly>; export type CurveFn = { /** @deprecated the property will be removed in next release */ CURVE: CurveType; keygen: EdDSA['keygen']; getPublicKey: EdDSA['getPublicKey']; sign: EdDSA['sign']; verify: EdDSA['verify']; Point: EdwardsPointCons; /** @deprecated use `Point` */ ExtendedPoint: EdwardsPointCons; utils: EdDSA['utils']; lengths: CurveLengths; }; export type EdComposed = { CURVE: EdwardsOpts; curveOpts: EdwardsExtraOpts; hash: FHash; eddsaOpts: EdDSAOpts; }; export declare function twistedEdwards(c: CurveTypeWithLength): CurveFn; //# sourceMappingURL=edwards.d.ts.map