tiamak/salvium-rs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
714721874e5ff23c4be543dbe8f686898c2572db
salvium-rs/node_modules/@noble/curves/misc.js
T
Matt Hess 2c128eb1c0 Add Bulletproofs+ range proof verification (pure JavaScript) 
- Implement BP+ verification using @noble/curves for Ed25519 ops
  - MSM 256 points in ~420ms - mobile-friendly, no WASM needed
  - Add verifyBulletproofPlus, verifyBulletproofPlusBatch, verifyRangeProof
  - Add generator initialization with caching (Gi, Hi points)
  - 24 new tests including performance benchmarks
  - Update exports in index.js and package.json
  - Bump version to 0.3.0
2026-01-15 02:09:51 +00:00

103 lines
5.8 KiB
JavaScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
/**
* Miscellaneous, rarely used curves.
* jubjub, babyjubjub, pallas, vesta.
* @module
*/
/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
import { blake256 } from '@noble/hashes/blake1.js';
import { blake2s } from '@noble/hashes/blake2.js';
import { sha256, sha384, sha512 } from '@noble/hashes/sha2.js';
import { concatBytes } from '@noble/hashes/utils.js';
import { eddsa, edwards, } from "./abstract/edwards.js";
import { ecdsa, weierstrass } from "./abstract/weierstrass.js";
import { asciiToBytes } from "./utils.js";
// Jubjub curves have 𝔽p over scalar fields of other curves. They are friendly to ZK proofs.
// jubjub p = bls n, verify in bls12-381.ts
const jubjub_CURVE = {
p: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001'),
n: BigInt('0xe7db4ea6533afa906673b0101343b00a6682093ccc81082d0970e5ed6f72cb7'),
h: BigInt(8),
a: BigInt('0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000000'),
d: BigInt('0x2a9318e74bfa2b48f5fd9207e6bd7fd4292d7f6d37579d2601065fd6d6343eb1'),
Gx: BigInt('0x11dafe5d23e1218086a365b99fbf3d3be72f6afd7d1f72623e6b071492d1122b'),
Gy: BigInt('0x1d523cf1ddab1a1793132e78c866c0c33e26ba5cc220fed7cc3f870e59d292aa'),
};
/** Curve over scalar field of bls12-381. jubjub Fp = bls n */
export const jubjub = /* @__PURE__ */ eddsa(edwards(jubjub_CURVE), sha512);
// babyjubjub p = bn254 n, verify in bn254.ts
const babyjubjub_CURVE = {
p: BigInt('0x30644e72e131a029b85045b68181585d2833e84879b9709143e1f593f0000001'),
n: BigInt('0x30644e72e131a029b85045b68181585d59f76dc1c90770533b94bee1c9093788'),
h: BigInt(8),
a: BigInt('168700'),
d: BigInt('168696'),
Gx: BigInt('0x23343e3445b673d38bcba38f25645adb494b1255b1162bb40f41a59f4d4b45e'),
Gy: BigInt('0xc19139cb84c680a6e14116da06056174a0cfa121e6e5c2450f87d64fc000001'),
};
/** Curve over scalar field of bn254. babyjubjub Fp = bn254 n */
export const babyjubjub = /* @__PURE__ */ eddsa(edwards(babyjubjub_CURVE), blake256);
const jubjub_gh_first_block = asciiToBytes('096b36a5804bfacef1691e173c366a47ff5ba84a44f26ddd7e8d9f79d5b42df0');
// Returns point at JubJub curve which is prime order and not zero
export function jubjub_groupHash(tag, personalization) {
const h = blake2s.create({ personalization, dkLen: 32 });
h.update(jubjub_gh_first_block);
h.update(tag);
// NOTE: returns EdwardsPoint, in case it will be multiplied later
let p = jubjub.Point.fromBytes(h.digest());
// NOTE: cannot replace with isSmallOrder, returns Point*8
p = p.multiply(jubjub_CURVE.h);
if (p.equals(jubjub.Point.ZERO))
throw new Error('Point has small order');
return p;
}
// No secret data is leaked here at all.
// It operates over public data:
// const G_SPEND = jubjub.findGroupHash(Uint8Array.of(), asciiToBytes('Item_G_'));
export function jubjub_findGroupHash(m, personalization) {
const tag = concatBytes(m, Uint8Array.of(0));
const hashes = [];
for (let i = 0; i < 256; i++) {
tag[tag.length - 1] = i;
try {
hashes.push(jubjub_groupHash(tag, personalization));
}
catch (e) { }
}
if (!hashes.length)
throw new Error('findGroupHash tag overflow');
return hashes[0];
}
const brainpoolP256r1_CURVE = {
p: BigInt('0xa9fb57dba1eea9bc3e660a909d838d726e3bf623d52620282013481d1f6e5377'),
a: BigInt('0x7d5a0975fc2c3057eef67530417affe7fb8055c126dc5c6ce94a4b44f330b5d9'),
b: BigInt('0x26dc5c6ce94a4b44f330b5d9bbd77cbf958416295cf7e1ce6bccdc18ff8c07b6'),
n: BigInt('0xa9fb57dba1eea9bc3e660a909d838d718c397aa3b561a6f7901e0e82974856a7'),
Gx: BigInt('0x8bd2aeb9cb7e57cb2c4b482ffc81b7afb9de27e1e3bd23c23a4453bd9ace3262'),
Gy: BigInt('0x547ef835c3dac4fd97f8461a14611dc9c27745132ded8e545c1d54c72f046997'),
h: BigInt(1),
};
/** Brainpool P256r1 with sha256, from RFC 5639. */
export const brainpoolP256r1 = ecdsa(weierstrass(brainpoolP256r1_CURVE), sha256);
const brainpoolP384r1_CURVE = {
p: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b412b1da197fb71123acd3a729901d1a71874700133107ec53'),
a: BigInt('0x7bc382c63d8c150c3c72080ace05afa0c2bea28e4fb22787139165efba91f90f8aa5814a503ad4eb04a8c7dd22ce2826'),
b: BigInt('0x04a8c7dd22ce28268b39b55416f0447c2fb77de107dcd2a62e880ea53eeb62d57cb4390295dbc9943ab78696fa504c11'),
n: BigInt('0x8cb91e82a3386d280f5d6f7e50e641df152f7109ed5456b31f166e6cac0425a7cf3ab6af6b7fc3103b883202e9046565'),
Gx: BigInt('0x1d1c64f068cf45ffa2a63a81b7c13f6b8847a3e77ef14fe3db7fcafe0cbd10e8e826e03436d646aaef87b2e247d4af1e'),
Gy: BigInt('0x8abe1d7520f9c2a45cb1eb8e95cfd55262b70b29feec5864e19c054ff99129280e4646217791811142820341263c5315'),
h: BigInt(1),
};
/** Brainpool P384r1 with sha384, from RFC 5639. */
export const brainpoolP384r1 = ecdsa(weierstrass(brainpoolP384r1_CURVE), sha384);
const brainpoolP512r1_CURVE = {
p: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca703308717d4d9b009bc66842aecda12ae6a380e62881ff2f2d82c68528aa6056583a48f3'),
a: BigInt('0x7830a3318b603b89e2327145ac234cc594cbdd8d3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94ca'),
b: BigInt('0x3df91610a83441caea9863bc2ded5d5aa8253aa10a2ef1c98b9ac8b57f1117a72bf2c7b9e7c1ac4d77fc94cadc083e67984050b75ebae5dd2809bd638016f723'),
n: BigInt('0xaadd9db8dbe9c48b3fd4e6ae33c9fc07cb308db3b3c9d20ed6639cca70330870553e5c414ca92619418661197fac10471db1d381085ddaddb58796829ca90069'),
Gx: BigInt('0x81aee4bdd82ed9645a21322e9c4c6a9385ed9f70b5d916c1b43b62eef4d0098eff3b1f78e2d0d48d50d1687b93b97d5f7c6d5047406a5e688b352209bcb9f822'),
Gy: BigInt('0x7dde385d566332ecc0eabfa9cf7822fdf209f70024a57b1aa000c55b881f8111b2dcde494a5f485e5bca4bd88a2763aed1ca2b2fa8f0540678cd1e0f3ad80892'),
h: BigInt(1),
};
/** Brainpool P521r1 with sha512, from RFC 5639. */
export const brainpoolP512r1 = ecdsa(weierstrass(brainpoolP512r1_CURVE), sha512);
//# sourceMappingURL=misc.js.map
Reference in New Issue View Git Blame Copy Permalink