Skip to content

New ECDSA / EDDSA interfaces. Simplify, allow reuse #192

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 39 commits into from
May 29, 2025
Merged

New ECDSA / EDDSA interfaces. Simplify, allow reuse #192

merged 39 commits into from
May 29, 2025

Conversation

paulmillr
Copy link
Owner

@paulmillr paulmillr commented May 17, 2025
edited
Loading

  • New types, split by kind
    • Curve opts: EdwardsOpts, WeierstrassOpts: (a, b, d, p, n, h, Gx, Gy) (no more Fp)
    • Curve optional params: EdwardsExtraOpts, WeierstrassExtraOpts, containing e.g. redefined Fp, Fn, uvRatio, wrapPrivateKey, allowInfinityPoint, fromBytes, toBytes
    • Signing interfaces: ECDSA, EdDSA (getPublicKey, sign, verify)
    • Signing interface optional params: ECDSAOpts, EdDSAOpts hash, lowS, adjustScalarBytes
  • Every Point now has Fp and Fn static properties, similar to BASE & ZERO
  • Compatibility layer for old code until v2

Example usage of new interface:

const p256_Point = weierstrass({
  a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'),
  b: BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'),
  p: BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'),
  n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),
  Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),
  Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
  h: BigInt(1),
});
const p256 = ecdsa(p256_Point, { hash: sha256 });

@paulmillr
Copy link
Owner Author

cc @mahnunchik

@paulmillr paulmillr marked this pull request as ready for review May 20, 2025 18:18
@mahnunchik
Copy link
Contributor

Looks good! Are you going to release this changes before v2?

@paulmillr
Copy link
Owner Author

yes, last versions of v1 would be transitional: old APIs will become deprecated, new APIs will become available.

paulmillr added 23 commits May 21, 2025 10:38
@paulmillr
Range checks: Switch everywhere from modN to Fn etc.
477612b
@paulmillr
curve: add normalizeZ, mulEndo. Add more validation to wNAF.
1bfab71
@paulmillr
weierstrass: harden multiplyUnsafe, fix bugs. Deprecate some methods.
f7fadd6
@paulmillr
edwards: Use new methods
5ce2d1c
@paulmillr
bls: use new method
bee8c61
@paulmillr
secp256k1: use new methods in schnorr
5f5782a
@paulmillr
Remove logs
5d8179b
@paulmillr
weierstrass: new sig format "js"
742b127
@paulmillr
test: more test for multiplyUnsafe
b3006c7
@paulmillr
Fix tests
60d50be
@paulmillr
utils: move top-level, keep old module available for now
020041e
@paulmillr
Use randomBytes and hmac from noble-hashes by default
1fb56f8
@paulmillr
Field: new options order
13cf35d
@paulmillr
weierstrass: some deprecations
4e7c1b1
@paulmillr
curve definitions: switch to hex to reduce bundle size
f6232cd
@paulmillr
Switch from ProjectivePoint / ExtendedPoint to Point
5a8333c
@paulmillr
Deprecate ProjectivePoint, ExtendedPoint
d4ba864
@paulmillr
Switch all curves declarations to v2 format
bc9a110
@paulmillr
Lint ed
3c6a542
@paulmillr
Add types/node for dev
9545227
@paulmillr
readme: clarify memory dumping
7d6f6d4
@paulmillr
package.json: top-level utils.js
970d5b4
@paulmillr
utils: reuse noble-hashes
db50b5c
@paulmillr paulmillr merged commit b5e74d6 into main May 29, 2025
14 checks passed
@paulmillr paulmillr deleted the ecdsa-eddsa branch July 17, 2025 00:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@paulmillr @mahnunchik