Brandon Black

I believe committing `lib/index.js` and `lib/esm/index.js` both would let all npm/yarn users add a git version directly to their package.json and not have to wait for releases. I've just been...

Sorry if I oversold, it's still much slower than precomputed wNAF. About the same speed as the current `multiplyUnsafe`.

Yep, safe*. * In my implementation, the `Half` operation is either add-and-shift or shift, depending on the oddness of an intermediate value. There may be a more constant time way...

> Currently it takes ~same time to calculate private key for 2-bit value vs 255-bit value. So, we work around this rn. Could you test this with such values? Ah,...

```patch --- a/index.ts +++ b/index.ts @@ -392,7 +392,8 @@ export class BPSJ8 { if (scalar < _1n || scalar >= CURVE.P - _1n) throw new Error("Expecting scalar between 2 and...

Gotcha, thank you!

Ah, I did miss that -- the paper defines 1/0 as 0, and I didn't verify `noble-secp256k1`'s implementation matched behavior. Edit to add: Still some test failures though, which is...

https://eprint.iacr.org/2017/669.pdf (2017), Page 13 Oddly, that definition is not mentioned in the 2020 paper: https://www.aimsciences.org/article/exportPdf?id=5c293be6-723e-4b97-ae1d-ff359e261cdb

DuckDuckGo's search results for `some search phrase about fast constant time ec multiplication` :)

Yeah, not yet certain whether my implementation has a bug or the paper, especially since whatever the case is, it isn't often hit. Possibly something specific that comes up when...