.github/funding.yml

@@ -1,2 +1 @@
 github: paulmillr
-# custom: https://paulmillr.com/funding/

.github/workflows/nodejs.yml

@@ -1,4 +1,4 @@
-name: Node CI
+name: Run node.js tests
 on:
   - push
   - pull_request
@@ -11,6 +11,7 @@ jobs:
         node:
           - 18
           - 20
+          - 22
     steps:
       - uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2 # v4
       - name: Use Node.js ${{ matrix.node }}

.github/workflows/publish-npm.yml

@@ -1,4 +1,4 @@
-name: Publish Package to npm
+name: Publish package to npm
 on:
   release:
     types: [created]

.github/workflows/upload-release.yml

@@ -15,13 +15,14 @@ jobs:
           node-version: 20
           registry-url: 'https://registry.npmjs.org'
           cache: npm
+      - run: npm install -g npm
+      - run: npm ci
+      - run: npm run build
       - run: |
-          npm install -g npm
-          npm ci
-          npm run build
           cd build
           npm ci
-          npm run build
-          gh release upload ${{ github.event.release.tag_name }} noble-curves.js
+          npm run build:release
+          cd ..
+      - run: gh release upload ${{ github.event.release.tag_name }} build/`npx jsbt outfile`
         env:
           GH_TOKEN: ${{ github.token }}

README.md

@@ -2,15 +2,15 @@
 
 Audited & minimal JS implementation of elliptic curve cryptography.
 
-- 🔒 [**Audited**](#security) by independent security firms
-- 🔻 Tree-shaking-friendly: use only what's necessary, other code won't be included
-- 🏎 Ultra-fast, hand-optimized for caveats of JS engines
-- 🔍 Unique tests ensure correctness: property-based, cross-library and Wycheproof vectors, fuzzing
+- 🔒 [**Audited**](#security) by an independent security firms
+- 🔻 Tree-shakeable: unused code is excluded from your builds
+- 🏎 Fast: hand-optimized for caveats of JS engines
+- 🔍 Reliable: property-based / cross-library / wycheproof tests and fuzzing ensure correctness
 - ➰ Short Weierstrass, Edwards, Montgomery curves
 - ✍️ ECDSA, EdDSA, Schnorr, BLS signature schemes, ECDH key agreement, hashing to curves
 - 🔖 SUF-CMA, SBS (non-repudiation), ZIP215 (consensus friendliness) features for ed25519
 - 🧜‍♂️ Poseidon ZK-friendly hash
-- 🪶 178KB for everything, 25KB for single-curve build
+- 🪶 178KB (87KB gzipped) for everything including bundled hashes, 22KB (10KB gzipped) for single-curve build
 
 For discussions, questions and support, visit
 [GitHub Discussions](https://github.com/paulmillr/noble-curves/discussions)
@@ -146,7 +146,7 @@ Default `verify` behavior follows [ZIP215](https://zips.z.cash/zip-0215) and
 It has SUF-CMA (strong unforgeability under chosen message attacks).
 `zip215: false` option switches verification criteria to strict
 [RFC8032](https://www.rfc-editor.org/rfc/rfc8032) / [FIPS 186-5](https://csrc.nist.gov/publications/detail/fips/186/5/final)
-and additionally provides non-repudiation with SBS [(Strongly Binding Signatures)](https://eprint.iacr.org/2020/1244).
+and additionally provides [non-repudiation with SBS](#edwards-twisted-edwards-curve).
 
 X25519 follows [RFC7748](https://www.rfc-editor.org/rfc/rfc7748).
 
@@ -329,7 +329,9 @@ type CHash = {
 };
 
 // example
-function sha256(message: Uint8Array) { return _internal_lowlvl(message) }
+function sha256(message: Uint8Array) {
+  return _internal_lowlvl(message);
+}
 sha256.outputLen = 32; // 32 bytes of output for sha2-256
 ```
 
@@ -490,6 +492,12 @@ and coordinates `Gx`, `Gy` of generator point.
 
 For EdDSA signatures, `hash` param required. `adjustScalarBytes` which instructs how to change private scalars could be specified.
 
+We support [non-repudiation](https://eprint.iacr.org/2020/1244), which help in following scenarios:
+
+- Contract Signing: if A signed an agreement with B using key that allows repudiation, it can later claim that it signed a different contract
+- E-voting: malicious voters may pick keys that allow repudiation in order to deny results
+- Blockchains: transaction of amount X might also be valid for a different amount Y
+
 **Edwards points:**
 
 1. Exported as `ExtendedPoint`
@@ -555,7 +563,7 @@ import { Field } from '@noble/curves/abstract/modular';
 const x25519 = montgomery({
   a: 486662n,
   Gu: 9n,
-  Fp: Field(2n ** 255n - 19n),
+  P: 2n ** 255n - 19n,
   montgomeryBits: 255,
   nByteLength: 32,
   // Optional param
@@ -614,7 +622,7 @@ const isValid = bls.verify(signature, message, publicKey);
 console.log({ publicKey, signature, isValid });
 
 // Use custom DST, e.g. for Ethereum consensus layer
-const htfEthereum = {DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_'};
+const htfEthereum = { DST: 'BLS_SIG_BLS12381G2_XMD:SHA-256_SSWU_RO_POP_' };
 const signatureEth = bls.sign(message, privateKey, htfEthereum);
 const isValidEth = bls.verify(signature, message, publicKey, htfEthereum);
 console.log({ signatureEth, isValidEth });
@@ -645,9 +653,9 @@ bls.pairing(PointG1, PointG2, false);
 bls.fields.Fp12.finalExponentiate(bls.fields.Fp12.mul(PointG1, PointG2));
 
 // Others
-bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE
-bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr
-bls.params.x, bls.params.r, bls.params.G1b, bls.params.G2b
+bls.G1.ProjectivePoint.BASE, bls.G2.ProjectivePoint.BASE;
+bls.fields.Fp, bls.fields.Fp2, bls.fields.Fp12, bls.fields.Fr;
+bls.params.x, bls.params.r, bls.params.G1b, bls.params.G2b;
 
 // hash-to-curve examples can be seen below
 ```
@@ -839,17 +847,17 @@ Use low-level libraries & languages. Nonetheless we're targetting algorithmic co
 
 ### Supply chain security
 
-* **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures.
-* **Releases** are transparent and built on GitHub CI. Make sure to verify [provenance](https://docs.npmjs.com/generating-provenance-statements) logs
-* **Rare releasing** is followed to ensure less re-audit need for end-users
-* **Dependencies** are minimized and locked-down:
-   - If your app has 500 dependencies, any dep could get hacked and you'll be downloading
-     malware with every install. We make sure to use as few dependencies as possible
-   - We prevent automatic dependency updates by locking-down version ranges. Every update is checked with `npm-diff`
-   - One dependency [noble-hashes](https://github.com/paulmillr/noble-hashes) is used, by the same author, to provide hashing functionality
-* **Dev Dependencies** are only used if you want to contribute to the repo. They are disabled for end-users:
-   - scure-base, scure-bip32, scure-bip39, micro-bmark and micro-should are developed by the same author and follow identical security practices
-   - prettier (linter), fast-check (property-based testing) and typescript are used for code quality, vector generation and ts compilation. The packages are big, which makes it hard to audit their source code thoroughly and fully
+- **Commits** are signed with PGP keys, to prevent forgery. Make sure to verify commit signatures.
+- **Releases** are transparent and built on GitHub CI. Make sure to verify [provenance](https://docs.npmjs.com/generating-provenance-statements) logs
+- **Rare releasing** is followed to ensure less re-audit need for end-users
+- **Dependencies** are minimized and locked-down:
+  - If your app has 500 dependencies, any dep could get hacked and you'll be downloading
+    malware with every install. We make sure to use as few dependencies as possible
+  - We prevent automatic dependency updates by locking-down version ranges. Every update is checked with `npm-diff`
+  - One dependency [noble-hashes](https://github.com/paulmillr/noble-hashes) is used, by the same author, to provide hashing functionality
+- **Dev Dependencies** are only used if you want to contribute to the repo. They are disabled for end-users:
+  - scure-base, scure-bip32, scure-bip39, micro-bmark and micro-should are developed by the same author and follow identical security practices
+  - prettier (linter), fast-check (property-based testing) and typescript are used for code quality, vector generation and ts compilation. The packages are big, which makes it hard to audit their source code thoroughly and fully
 
 ### Randomness
 

build/README.md

@@ -1,7 +1,7 @@
 # build
 
-The directory is used to build a single file `noble-curves.js` which contains everything.
+The directory is used to build a single file which contains everything.
 
-The output file uses iife wrapper and can be used in browsers as-is.
+The single file uses iife wrapper and can be used in browsers as-is.
 
 Don't use it unless you can't use NPM/ESM, which support tree shaking.

build/package.json

@@ -2,17 +2,14 @@
   "name": "build",
   "private": true,
   "version": "1.0.0",
-  "description": "Used to build a single file",
   "main": "input.js",
-  "keywords": [],
   "type": "module",
-  "author": "",
-  "license": "MIT",
   "devDependencies": {
     "@noble/curves": "file:..",
     "esbuild": "0.20.1"
   },
   "scripts": {
-    "build": "npx esbuild --bundle input.js --outfile=noble-curves.js --global-name=nobleCurves"
+    "build:release": "npx esbuild --bundle input.js --outfile=`npx jsbt outfile` --global-name=`npx jsbt global`",
+    "build:min": "npx esbuild --bundle input.js --minify --outfile=`npx jsbt outfile` --global-name=`npx jsbt global`; gzip -9 `npx jsbt outfile`"
   }
 }