ForeignCurve
Class: ForeignCurve
Table of contents
Constructors
Properties
Accessors
Methods
- add
- addSafe
- assertInSubgroup
- assertOnCurve
- double
- isConstant
- negate
- scale
- toBigint
- assertInSubgroup
- assertOnCurve
- check
- from
Constructors
constructor
• new ForeignCurve(g)
Create a new ForeignCurve from an object representing the (affine) x and y coordinates.
Parameters
| Name | Type |
|---|---|
g | Object |
g.x | number | bigint | Field3 | AlmostForeignField |
g.y | number | bigint | Field3 | AlmostForeignField |
Example
let x = new ForeignCurve({ x: 1n, y: 1n });
Important: By design, there is no way for a ForeignCurve to represent the zero point.
Warning: This fails for a constant input which does not represent an actual point on the curve.
Defined in
Properties
x
• x: AlmostForeignField
Defined in
y
• y: AlmostForeignField
Defined in
_Bigint
▪ Static Optional _Bigint: Object
Type declaration
| Name | Type |
|---|---|
Field | { M: bigint = twoadicity; modulus: bigint = p; sizeInBits: number ; t: bigint = oddFactor; twoadicRoot: bigint ; add: (x: bigint, y: bigint) => bigint ; div: (x: bigint, y: bigint) => undefined | bigint ; dot: (x: bigint[], y: bigint[]) => bigint ; equal: (x: bigint, y: bigint) => boolean ; fromBigint: (x: bigint) => bigint ; fromNumber: (x: number) => bigint ; inverse: (x: bigint) => undefined | bigint ; isEven: (x: bigint) => boolean ; isSquare: (x: bigint) => boolean ; leftShift: (x: bigint, bits: number, maxBitSize: number) => bigint ; mod: (x: bigint) => bigint ; mul: (x: bigint, y: bigint) => bigint ; negate: (x: bigint) => bigint ; not: (x: bigint, bits: number) => bigint ; power: (x: bigint, n: bigint) => bigint ; random: () => bigint ; rightShift: (x: bigint, bits: number) => bigint ; rot: (x: bigint, bits: bigint, direction: "left" | "right", maxBits: bigint) => bigint ; sqrt: (x: bigint) => undefined | bigint ; square: (x: bigint) => bigint ; sub: (x: bigint, y: bigint) => bigint } |
Field.M | bigint |
Field.modulus | bigint |
Field.sizeInBits | number |
Field.t | bigint |
Field.twoadicRoot | bigint |
Field.add | [object Object] |
Field.div | [object Object] |
Field.dot | [object Object] |
Field.equal | [object Object] |
Field.fromBigint | [object Object] |
Field.fromNumber | [object Object] |
Field.inverse | [object Object] |
Field.isEven | [object Object] |
Field.isSquare | [object Object] |
Field.leftShift | [object Object] |
Field.mod | [object Object] |
Field.mul | [object Object] |
Field.negate | [object Object] |
Field.not | [object Object] |
Field.power | [object Object] |
Field.random | [object Object] |
Field.rightShift | [object Object] |
Field.rot | [object Object] |
Field.sqrt | [object Object] |
Field.square | [object Object] |
Field.sub | [object Object] |
Scalar | { M: bigint = twoadicity; modulus: bigint = p; sizeInBits: number ; t: bigint = oddFactor; twoadicRoot: bigint ; add: (x: bigint, y: bigint) => bigint ; div: (x: bigint, y: bigint) => undefined | bigint ; dot: (x: bigint[], y: bigint[]) => bigint ; equal: (x: bigint, y: bigint) => boolean ; fromBigint: (x: bigint) => bigint ; fromNumber: (x: number) => bigint ; inverse: (x: bigint) => undefined | bigint ; isEven: (x: bigint) => boolean ; isSquare: (x: bigint) => boolean ; leftShift: (x: bigint, bits: number, maxBitSize: number) => bigint ; mod: (x: bigint) => bigint ; mul: (x: bigint, y: bigint) => bigint ; negate: (x: bigint) => bigint ; not: (x: bigint, bits: number) => bigint ; power: (x: bigint, n: bigint) => bigint ; random: () => bigint ; rightShift: (x: bigint, bits: number) => bigint ; rot: (x: bigint, bits: bigint, direction: "left" | "right", maxBits: bigint) => bigint ; sqrt: (x: bigint) => undefined | bigint ; square: (x: bigint) => bigint ; sub: (x: bigint, y: bigint) => bigint } |
Scalar.M | bigint |
Scalar.modulus | bigint |
Scalar.sizeInBits | number |
Scalar.t | bigint |
Scalar.twoadicRoot | bigint |
Scalar.add | [object Object] |
Scalar.div | [object Object] |
Scalar.dot | [object Object] |
Scalar.equal | [object Object] |
Scalar.fromBigint | [object Object] |
Scalar.fromNumber | [object Object] |
Scalar.inverse | [object Object] |
Scalar.isEven | [object Object] |
Scalar.isSquare | [object Object] |
Scalar.leftShift | [object Object] |
Scalar.mod | [object Object] |
Scalar.mul | [object Object] |
Scalar.negate | [object Object] |
Scalar.not | [object Object] |
Scalar.power | [object Object] |
Scalar.random | [object Object] |
Scalar.rightShift | [object Object] |
Scalar.rot | [object Object] |
Scalar.sqrt | [object Object] |
Scalar.square | [object Object] |
Scalar.sub | [object Object] |
a | bigint |
b | bigint |
cofactor | undefined | bigint |
hasCofactor | boolean |
hasEndomorphism | boolean |
modulus | bigint |
name | string |
one | { infinity: boolean = false; x: bigint ; y: bigint } |
one.infinity | boolean |
one.x | bigint |
one.y | bigint |
order | bigint |
zero | GroupAffine |
get Endo() | { base: bigint = endoBase; decomposeMaxBits: number = glvData.maxBits; scalar: bigint = endoScalar; decompose: (s: bigint) => readonly [{ abs: bigint ; isNegative: boolean ; value: bigint = s0 }, { abs: bigint ; isNegative: boolean ; value: bigint = s1 }] ; endomorphism: (P: GroupAffine) => { x: bigint ; y: bigint = P.y } ; scale: (g: GroupAffine, s: bigint) => GroupAffine ; scaleProjective: (g: GroupProjective, s: bigint) => { x: bigint ; y: bigint ; z: bigint } } |
add | (g: GroupAffine, h: GroupAffine) => GroupAffine |
double | (g: GroupAffine) => GroupAffine |
equal | (g: GroupAffine, h: GroupAffine) => boolean |
from | (g: { x: bigint ; y: bigint }) => GroupAffine |
fromNonzero | (g: { x: bigint ; y: bigint }) => GroupAffine |
isInSubgroup | (g: GroupAffine) => boolean |
isOnCurve | (g: GroupAffine) => boolean |
negate | (g: GroupAffine) => GroupAffine |
scale | (g: GroupAffine, s: bigint | boolean[]) => GroupAffine |
sub | (g: GroupAffine, h: GroupAffine) => GroupAffine |
Defined in
_Field
▪ Static Optional _Field: typeof AlmostForeignField
Defined in
_Scalar
▪ Static Optional _Scalar: typeof AlmostForeignField
Defined in
_provable
▪ Static Optional _provable: ProvablePureExtended\<ForeignCurve, { x: string ; y: string }>
Defined in
Accessors
Constructor
• get Constructor(): typeof ForeignCurve
Returns
typeof ForeignCurve
Defined in
modulus
• get modulus(): bigint
The size of the curve's base field.
Returns
bigint
Defined in
Bigint
• Static get Bigint(): Object
Curve arithmetic on JS bigints.
Returns
Object
| Name | Type |
|---|---|
Field | { M: bigint = twoadicity; modulus: bigint = p; sizeInBits: number ; t: bigint = oddFactor; twoadicRoot: bigint ; add: (x: bigint, y: bigint) => bigint ; div: (x: bigint, y: bigint) => undefined | bigint ; dot: (x: bigint[], y: bigint[]) => bigint ; equal: (x: bigint, y: bigint) => boolean ; fromBigint: (x: bigint) => bigint ; fromNumber: (x: number) => bigint ; inverse: (x: bigint) => undefined | bigint ; isEven: (x: bigint) => boolean ; isSquare: (x: bigint) => boolean ; leftShift: (x: bigint, bits: number, maxBitSize: number) => bigint ; mod: (x: bigint) => bigint ; mul: (x: bigint, y: bigint) => bigint ; negate: (x: bigint) => bigint ; not: (x: bigint, bits: number) => bigint ; power: (x: bigint, n: bigint) => bigint ; random: () => bigint ; rightShift: (x: bigint, bits: number) => bigint ; rot: (x: bigint, bits: bigint, direction: "left" | "right", maxBits: bigint) => bigint ; sqrt: (x: bigint) => undefined | bigint ; square: (x: bigint) => bigint ; sub: (x: bigint, y: bigint) => bigint } |
Field.M | bigint |
Field.modulus | bigint |
Field.sizeInBits | number |
Field.t | bigint |
Field.twoadicRoot | bigint |
Field.add | [object Object] |
Field.div | [object Object] |
Field.dot | [object Object] |
Field.equal | [object Object] |
Field.fromBigint | [object Object] |
Field.fromNumber | [object Object] |
Field.inverse | [object Object] |
Field.isEven | [object Object] |
Field.isSquare | [object Object] |
Field.leftShift | [object Object] |
Field.mod | [object Object] |
Field.mul | [object Object] |
Field.negate | [object Object] |
Field.not | [object Object] |
Field.power | [object Object] |
Field.random | [object Object] |
Field.rightShift | [object Object] |
Field.rot | [object Object] |
Field.sqrt | [object Object] |
Field.square | [object Object] |
Field.sub | [object Object] |
Scalar | { M: bigint = twoadicity; modulus: bigint = p; sizeInBits: number ; t: bigint = oddFactor; twoadicRoot: bigint ; add: (x: bigint, y: bigint) => bigint ; div: (x: bigint, y: bigint) => undefined | bigint ; dot: (x: bigint[], y: bigint[]) => bigint ; equal: (x: bigint, y: bigint) => boolean ; fromBigint: (x: bigint) => bigint ; fromNumber: (x: number) => bigint ; inverse: (x: bigint) => undefined | bigint ; isEven: (x: bigint) => boolean ; isSquare: (x: bigint) => boolean ; leftShift: (x: bigint, bits: number, maxBitSize: number) => bigint ; mod: (x: bigint) => bigint ; mul: (x: bigint, y: bigint) => bigint ; negate: (x: bigint) => bigint ; not: (x: bigint, bits: number) => bigint ; power: (x: bigint, n: bigint) => bigint ; random: () => bigint ; rightShift: (x: bigint, bits: number) => bigint ; rot: (x: bigint, bits: bigint, direction: "left" | "right", maxBits: bigint) => bigint ; sqrt: (x: bigint) => undefined | bigint ; square: (x: bigint) => bigint ; sub: (x: bigint, y: bigint) => bigint } |
Scalar.M | bigint |
Scalar.modulus | bigint |
Scalar.sizeInBits | number |
Scalar.t | bigint |
Scalar.twoadicRoot | bigint |
Scalar.add | [object Object] |
Scalar.div | [object Object] |
Scalar.dot | [object Object] |
Scalar.equal | [object Object] |
Scalar.fromBigint | [object Object] |
Scalar.fromNumber | [object Object] |
Scalar.inverse | [object Object] |
Scalar.isEven | [object Object] |
Scalar.isSquare | [object Object] |
Scalar.leftShift | [object Object] |
Scalar.mod | [object Object] |
Scalar.mul | [object Object] |
Scalar.negate | [object Object] |
Scalar.not | [object Object] |
Scalar.power | [object Object] |
Scalar.random | [object Object] |
Scalar.rightShift | [object Object] |
Scalar.rot | [object Object] |
Scalar.sqrt | [object Object] |
Scalar.square | [object Object] |
Scalar.sub | [object Object] |
a | bigint |
b | bigint |
cofactor | undefined | bigint |
hasCofactor | boolean |
hasEndomorphism | boolean |
modulus | bigint |
name | string |
one | { infinity: boolean = false; x: bigint ; y: bigint } |
one.infinity | boolean |
one.x | bigint |
one.y | bigint |
order | bigint |
zero | GroupAffine |
get Endo() | { base: bigint = endoBase; decomposeMaxBits: number = glvData.maxBits; scalar: bigint = endoScalar; decompose: (s: bigint) => readonly [{ abs: bigint ; isNegative: boolean ; value: bigint = s0 }, { abs: bigint ; isNegative: boolean ; value: bigint = s1 }] ; endomorphism: (P: GroupAffine) => { x: bigint ; y: bigint = P.y } ; scale: (g: GroupAffine, s: bigint) => GroupAffine ; scaleProjective: (g: GroupProjective, s: bigint) => { x: bigint ; y: bigint ; z: bigint } } |
add | (g: GroupAffine, h: GroupAffine) => GroupAffine |
double | (g: GroupAffine) => GroupAffine |
equal | (g: GroupAffine, h: GroupAffine) => boolean |
from | (g: { x: bigint ; y: bigint }) => GroupAffine |
fromNonzero | (g: { x: bigint ; y: bigint }) => GroupAffine |
isInSubgroup | (g: GroupAffine) => boolean |
isOnCurve | (g: GroupAffine) => boolean |
negate | (g: GroupAffine) => GroupAffine |
scale | (g: GroupAffine, s: bigint | boolean[]) => GroupAffine |
sub | (g: GroupAffine, h: GroupAffine) => GroupAffine |
Defined in
Field
• Static get Field(): typeof AlmostForeignField
The base field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Defined in
Scalar
• Static get Scalar(): typeof AlmostForeignField
The scalar field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Defined in
generator
• Static get generator(): ForeignCurve
The constant generator point.
Returns
Defined in
modulus
• Static get modulus(): bigint
The size of the curve's base field.
Returns
bigint
Defined in
provable
• Static get provable(): ProvablePureExtended\<ForeignCurve, { x: string ; y: string }>
Provable<ForeignCurve>
Returns
ProvablePureExtended\<ForeignCurve, { x: string ; y: string }>
Defined in
Methods
add
▸ add(h): ForeignCurve
Elliptic curve addition.
let r = p.add(q); // r = p + q
Important: this is incomplete addition and does not handle the degenerate cases:
- Inputs are equal,
g = h(where you would use double). In this case, the result of this method is garbage and can be manipulated arbitrarily by a malicious prover. - Inputs are inverses of each other,
g = -h, so that the result would be the zero point. In this case, the proof fails.
If you want guaranteed soundness regardless of the input, use addSafe instead.
Parameters
| Name | Type |
|---|---|
h | ForeignCurve | FlexiblePoint |
Returns
Throws
if the inputs are inverses of each other.
Defined in
addSafe
▸ addSafe(h): ForeignCurve
Safe elliptic curve addition.
This is the same as add, but additionally proves that the inputs are not equal. Therefore, the method is guaranteed to either fail or return a valid addition result.
Beware: this is more expensive than add, and is still incomplete in that it does not succeed on equal or inverse inputs.
Parameters
| Name | Type |
|---|---|
h | ForeignCurve | FlexiblePoint |
Returns
Throws
if the inputs are equal or inverses of each other.
Defined in
assertInSubgroup
▸ assertInSubgroup(): void
Assert that this point lies in the subgroup defined by order*P = 0.
Note: this is a no-op if the curve has cofactor equal to 1. Otherwise
it performs the full scalar multiplication order*P and is expensive.
Returns
void
Defined in
assertOnCurve
▸ assertOnCurve(): void
Assert that this point lies on the elliptic curve, which means it satisfies the equation
y^2 = x^3 + ax + b
Returns
void
Defined in
double
▸ double(): ForeignCurve
Elliptic curve doubling.
Returns
Example
let r = p.double(); // r = 2 * p
Defined in
isConstant
▸ isConstant(): boolean
Checks whether this curve point is constant.
See FieldVar to understand constants vs variables.
Returns
boolean
Defined in
negate
▸ negate(): ForeignCurve
Elliptic curve negation.
Returns
Example
let r = p.negate(); // r = -p
Defined in
scale
▸ scale(scalar): ForeignCurve
Elliptic curve scalar multiplication, where the scalar is represented as a ForeignField element.
Important: this proves that the result of the scalar multiplication is not the zero point.
Parameters
| Name | Type |
|---|---|
scalar | number | bigint | AlmostForeignField |
Returns
Throws
if the scalar multiplication results in the zero point; for example, if the scalar is zero.
Example
let r = p.scale(s); // r = s * p
Defined in
toBigint
▸ toBigint(): GroupAffine
Convert this curve point to a point with bigint coordinates.
Returns
GroupAffine
Defined in
assertInSubgroup
▸ Static assertInSubgroup(g): void
Parameters
| Name | Type |
|---|---|
g | ForeignCurve |
Returns
void
Defined in
assertOnCurve
▸ Static assertOnCurve(g): void
Parameters
| Name | Type |
|---|---|
g | ForeignCurve |
Returns
void
Defined in
check
▸ Static check(g): void
Check that this is a valid element of the target subgroup of the curve:
- Check that the coordinates are valid field elements
- Use () to check that the point lies on the curve
- If the curve has cofactor unequal to 1, use ().
Parameters
| Name | Type |
|---|---|
g | ForeignCurve |
Returns
void
Defined in
from
▸ Static from(g): ForeignCurve
Coerce the input to a ForeignCurve.
Parameters
| Name | Type |
|---|---|
g | ForeignCurve | FlexiblePoint |