tornadocontrib/noble-curves
1
0
Fork 0
forked from tornado-packages/noble-curves
Code Pull Requests Activity

weierstrass, edwards: make points expose typescript x, y

Browse Source
This commit is contained in:
Paul Miller 2023-03-30 07:20:35 +00:00
parent 4244f97d38
commit d0c3bee4de
No known key found for this signature in database
GPG Key ID: 697079DA6878B89B
2 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/abstract/edwards.ts
View File

@ -49,6 +49,8 @@ export interface ExtPointType extends Group<ExtPointType> {
readonly ey: bigint; readonly ey: bigint;
readonly ez: bigint; readonly ez: bigint;
readonly et: bigint; readonly et: bigint;
get x(): bigint;
get y(): bigint;
assertValidity(): void; assertValidity(): void;
multiply(scalar: bigint): ExtPointType; multiply(scalar: bigint): ExtPointType;
multiplyUnsafe(scalar: bigint): ExtPointType; multiplyUnsafe(scalar: bigint): ExtPointType;
@ -297,8 +299,9 @@ export function twistedEdwards(curveDef: CurveType): CurveFn {
// Non-constant-time multiplication. Uses double-and-add algorithm. // Non-constant-time multiplication. Uses double-and-add algorithm.
// It's faster, but should only be used when you don't care about // It's faster, but should only be used when you don't care about
// an exposed private key e.g. sig verification. // an exposed private key e.g. sig verification.
// Does NOT allow scalars higher than CURVE.n.
multiplyUnsafe(scalar: bigint): Point { multiplyUnsafe(scalar: bigint): Point {
let n = assertGE0(scalar); let n = assertGE0(scalar); // 0 <= scalar < CURVE.n
if (n === _0n) return I; if (n === _0n) return I;
if (this.equals(I) || n === _1n) return this; if (this.equals(I) || n === _1n) return this;
if (this.equals(G)) return this.wNAF(n).p; if (this.equals(G)) return this.wNAF(n).p;
@ -440,8 +443,8 @@ export function twistedEdwards(curveDef: CurveType): CurveFn {
if (preHash) msg = preHash(msg); // for ed25519ph, etc if (preHash) msg = preHash(msg); // for ed25519ph, etc
const A = Point.fromHex(publicKey, false); // Check for s bounds, hex validity const A = Point.fromHex(publicKey, false); // Check for s bounds, hex validity
const R = Point.fromHex(sig.slice(0, len), false); // 0 <= R < 2^256: ZIP215 R can be >= P const R = Point.fromHex(sig.slice(0, len), false); // 0 <= R < 2^256: ZIP215 R can be >= P
const s = ut.bytesToNumberLE(sig.slice(len, 2 * len)); // 0 <= s < l const s = ut.bytesToNumberLE(sig.slice(len, 2 * len));
const SB = G.multiplyUnsafe(s); const SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside
const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg); const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);
const RkA = R.add(A.multiplyUnsafe(k)); const RkA = R.add(A.multiplyUnsafe(k));
// [8][S]B = [8]R + [8][k]A' // [8][S]B = [8]R + [8][k]A'

2
src/abstract/weierstrass.ts
View File

@ -58,6 +58,8 @@ export interface ProjPointType<T> extends Group<ProjPointType<T>> {
readonly px: T; readonly px: T;
readonly py: T; readonly py: T;
readonly pz: T; readonly pz: T;
get x(): T;
get y(): T;
multiply(scalar: bigint): ProjPointType<T>; multiply(scalar: bigint): ProjPointType<T>;
toAffine(iz?: T): AffinePoint<T>; toAffine(iz?: T): AffinePoint<T>;
isTorsionFree(): boolean; isTorsionFree(): boolean;