noble-curves

noble-curves copied to clipboard

Access to Fp types and finalExponentiate method

1

Hi, I'm trying to access the finalExponentiate method from Fp12 (screenshot below) but i ran into a typescript error. I'm using typescript v5.4.5.   Do you have any ideas...

Wagalidoom

Support for bn254 G2

12

With support for bls12-381 being stagnant ([EIP-2537](https://eips.ethereum.org/EIPS/eip-2537)), to the best of my knowledge, using curve `alt_bn128` is currently the only way to have efficient pairings on Ethereum ([EIP-197](https://eips.ethereum.org/EIPS/eip-197)). Any plans...

matthiasgeihs

EdDSA: add validate-after-sign

3

https://github.com/openpgpjs/noble-curves/commit/559e53c4293d9f858e2fa74502c1c37fba6a90b5 @larabr a pr would be highly appreciated!

paulmillr

BLS threshold m-of-n signatures

4

It's said in readme that BLS can be used well for threshold signatures, with link to article that describes how it works cryptographically. However I couldn't find how to do...

angrymouse

Fp.fromBytes does not mod-reduce by default

2

Hi, Paul Consider the array derived set to Uint8Array(32) [ 239, 58, 3, 206, 5, 236, 79, 101, 215, 253, 95, 44, 114, 216, 108, 195, 191, 131, 86, 158,...

vincenzoiovino

ElligatorSwift: Schnorr-like x-only ECDH with public keys indistinguishable from uniformly random bytes. https://github.com/bitcoin/bips/blob/master/bip-0324.mediawiki, https://github.com/bitcoin/bitcoin/blob/master/src/secp256k1/doc/ellswift.md SwiftEC: Shallue-van de Woestijne Indifferentiable Function to Elliptic Curves. https://eprint.iacr.org/2022/759.pdf Curve25519 & P-521 are incompatible with...

paulmillr

Determine secure amount of private key modulo bias

15

For a curve like secp256k1, which has 32-byte (256-bit) $G$, we take 32+8 bytes (256+64 bits) from CSPRNG and mod-divide it by curve order $n$. This follows FIPS guidelines and...

paulmillr

v2: recoverPublicKey should return bytes

1

I tried to run the example from the README to recover the public key from a signature `sig.recoverPublicKey(msg) === pub; // public key recovery` which results actually as false. I...

rube-de

v2: Restrict ECDSA verify to compact or DER verification without flag

16

Per the comment here: https://github.com/paulmillr/noble-curves/blob/fb02e93ff66ecd7bc7257d8f76e6cdf88b54bfa9/src/abstract/weierstrass.ts#L1053-L1060 A signature of one type can be trivially transformed into the other (much like low-s vs high-s). Perhaps this is the intended behaviour - if...

DavidBuchanan314

Useful for ETH, which will use KZG proofs in danksharding. We don't need FFT: it is no longer used in KZG. * https://github.com/mitschabaude/montgomery * https://github.com/mratsim/constantine/pull/220 * Pippenger algorithm

paulmillr