rename back coords

Author: paulmillr

index.ts

@@ -47,20 +47,20 @@ const frz = (o: Object) => Object.freeze(o);
 export interface AffinePoint { x: bigint, y: bigint }
 /** Point in 3d xyz projective coordinates. 3d takes less inversions than 2d. */
 class Point {
-  readonly X: bigint;
-  readonly Y: bigint;
-  readonly Z: bigint;
+  readonly px: bigint;
+  readonly py: bigint;
+  readonly pz: bigint;
   constructor(X: bigint, Y: bigint, Z: bigint) {
-    this.X = afield0(X);
-    this.Y = afield(Y); // y can't be 0 in 3d
-    this.Z = afield0(Z);
+    this.px = afield0(X);
+    this.py = afield(Y); // y can't be 0 in 3d
+    this.pz = afield0(Z);
     frz(this);
   }
   static from(bytes: Bytes): Point {
     au8(bytes);
     let p: Point | undefined = undefined;
     const head = bytes[0], tail = bytes.subarray(1);    // first byte is prefix, rest is data
-    const x = sliceNum(tail, 0, L), len = bytes.length;   // next 32 bytes are x coordinate
+    const x = slcNum(tail, 0, L), len = bytes.length;   // next 32 bytes are x coordinate
     if (len === (L + 1) && [0x02, 0x03].includes(head)) {    // compressed points: 33b, start
       // afield(x);                                        // with byte 0x02 or 0x03. check 1<=x<P.
       let y = lift(x);                           // x³ + ax + b is right side of equation
@@ -69,19 +69,19 @@ class Point {
       if (headOdd !== isYOdd) y = M(-y);                // determine proper solution
       p = new Point(x, y, _1);                          // create point
     }                                                   // Uncompressed points: 65b, start with 0x04
-    if (len === (L2 + 1) && head === 0x04) p = new Point(x, sliceNum(tail, L, L2), _1);
+    if (len === (L2 + 1) && head === 0x04) p = new Point(x, slcNum(tail, L, L2), _1);
     return p ? p.ok() : err('Point invalid: not on curve');   // Verify the result
   }
   /** Equality check: compare points P&Q. */
   eql(other: Point): boolean {
-    const { X: X1, Y: Y1, Z: Z1 } = this;
-    const { X: X2, Y: Y2, Z: Z2 } = apoint(other);   // isPoint() checks class equality
+    const { px: X1, py: Y1, pz: Z1 } = this;
+    const { px: X2, py: Y2, pz: Z2 } = apoint(other);   // isPoint() checks class equality
     const X1Z2 = M(X1 * Z2), X2Z1 = M(X2 * Z1);
     const Y1Z2 = M(Y1 * Z2), Y2Z1 = M(Y2 * Z1);
     return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
   }
   /** Flip point over y coordinate. */
-  neg(): Point { return new Point(this.X, M(-this.Y), this.Z); }
+  neg(): Point { return new Point(this.px, M(-this.py), this.pz); }
   /** Point doubling: P+P, complete formula. */
   dbl(): Point { return this.add(this); }
   /**
@@ -90,8 +90,8 @@ class Point {
    * Cost: 12M + 0S + 3*a + 3*b3 + 23add.
    */
   add(other: Point): Point {
-    const { X: X1, Y: Y1, Z: Z1 } = this;
-    const { X: X2, Y: Y2, Z: Z2 } = apoint(other);
+    const { px: X1, py: Y1, pz: Z1 } = this;
+    const { px: X2, py: Y2, pz: Z2 } = apoint(other);
     const a = _0, b = _b;
     // const { a, b } = CURVE;
     let X3 = _0, Y3 = _0, Z3 = _0;
@@ -127,7 +127,7 @@ class Point {
   }
   /** Convert point to 2d xy affine point. (x, y, z) ∋ (x=x/z, y=y/z) */
   aff(): AffinePoint {
-    const { X: x, Y: y, Z: z } = this;
+    const { px: x, py: y, pz: z } = this;
     if (this.eql(I)) return { x: _0, y: _0 };        // fast-path for zero point
     if (z === _1) return { x, y };                      // if z is 1, pass affine coordinates as-is
     const iz = inv(z, P);                               // z^-1: invert z
@@ -144,9 +144,13 @@ class Point {
   toBytes(isCompressed = true): Bytes {              // Encode point to Uint8Array.
     const { x, y } = this.ok().aff();                        // convert to 2d xy affine point
     const head = isCompressed ? (isEvenB(y) ? '02' : '03') : '04'; // 0x02, 0x03, 0x04 prefix
-    const hex = head + numberToHex(x) + (isCompressed ? '' : numberToHex(y));// prefix||x and ||y
+    const hex = head + n2h(x) + (isCompressed ? '' : n2h(y));// prefix||x and ||y
     return h2b(hex);
   }
+
+  // multiply(n: bigint): Point { return this.mul(n); }    // Aliases to compress code
+  // toAffine(): AffinePoint { return this.aff(); }
+  // assertValidity(): Point { return this.ok(); }
 }
 // const { G, I } = Point;                     // Generator, identity points
 const G = new Point(Gx, Gy, _1); /** Generator / base point */
@@ -178,11 +182,11 @@ const h2b = (hex: string): Bytes => {                   // hex to bytes
   }
   return array;
 };
-const bytesToNum = (b: Bytes): bigint => BigInt('0x' + (b2h(b) || '0')); // bytes to number
-const sliceNum = (b: Bytes, from: number, to: number) => bytesToNum(b.subarray(from, to)); // slice bytes num
+const b2n = (b: Bytes): bigint => BigInt('0x' + (b2h(b) || '0')); // bytes to number
+const slcNum = (b: Bytes, from: number, to: number) => b2n(b.subarray(from, to)); // slice bytes num
 const numTo32b = (n: bigint): Bytes => h2b(padh(arange(n, _0, B256), L2)); // number to 32b. Must be 0 <= num < B256
-const numberToHex = (num: bigint): string => b2h(numTo32b(num));     // number to 32b hex
-const concatBytes = (...arrs: Bytes[]): Bytes => {          // concatenate Uint8Array-s
+const n2h = (num: bigint): string => b2h(numTo32b(num));     // number to 32b hex
+const concatB = (...arrs: Bytes[]): Bytes => {          // concatenate Uint8Array-s
   const r = u8n(arrs.reduce((sum, a) => sum + au8(a).length, 0)); // create u8a of summed length
   let pad = 0;                                          // walk through each array,
   arrs.forEach(a => {r.set(a, pad); pad += a.length});  // ensure they have proper type
@@ -199,7 +203,7 @@ const inv = (num: bigint, md: bigint): bigint => {      // modular inversion
   return b === _1 ? M(x, md) : err('no inverse');       // b is gcd at this point
 };
 const scalar = (pr: Bytes): bigint => {               // normalize private key to bigint
-  let num = bytesToNum(au8(pr, L)); // convert to bigint when bytes
+  let num = b2n(au8(pr, L)); // convert to bigint when bytes
   return arange(num, _1, N, 'private key invalid 3');    // check if bigint is in range
 };
 const highS = (n: bigint): boolean => n > (N >> _1);     // if a number is bigger than CURVE.n/2
@@ -222,7 +226,7 @@ class Signature {
 const bits2int = (bytes: Bytes): bigint => {            // RFC6979: ensure ECDSA msg is X bytes.
   const delta = bytes.length * 8 - 256; // RFC suggests optional truncating via bits2octets
   if (delta > 1024) err('msg invalid');   // our CUSTOM check, "just-in-case"
-  const num = bytesToNum(bytes); // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which
+  const num = b2n(bytes); // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which
   return delta > 0 ? num >> BigInt(delta) : num; // matches bits2int. bits2int can produce res>N.
 };
 const bits2int_modN = (bytes: Bytes): bigint => {       // int2octets can't be used; pads small msgs
@@ -275,7 +279,7 @@ const prepSig = (msgh: Bytes, priv: Bytes, opts: OptS = optS): BC => {// prepare
     }
     return new Signature(r, normS, rec) as SignatureWithRecovery;       // use normS, not s
   };
-  return { seed: concatBytes(...seed), k2sig }
+  return { seed: concatB(...seed), k2sig }
 }
 type Pred<T> = (v: Uint8Array) => T | undefined;
 const hmacDrbg = <T>(asynchronous: boolean) => { // HMAC-DRBG async
@@ -374,7 +378,7 @@ const verify = (sig: Bytes, msgh: Bytes, pub: Bytes, opts: OptV = optV): boolean
   let { lowS } = opts;                                  // ECDSA signature verification
   if (lowS == null) lowS = true;                        // Default lowS=true
   let h: bigint, P: Point;             // secg.org/sec1-v2.pdf 4.1.4
-  let { r, s } = new Signature(sliceNum(sig, 0, L), sliceNum(sig, L, L2)) // throw error when DER is suspected now.
+  let { r, s } = new Signature(slcNum(sig, 0, L), slcNum(sig, L, L2)) // throw error when DER is suspected now.
   try {
     h = bits2int_modN(msgh);                      // Truncate hash
     P = Point.from(pub);                           // Validate public key
@@ -402,7 +406,7 @@ const recoverPublicKey = (point: SignatureWithRecovery, msgh: Bytes): Point => {
   const radj = rec === 2 || rec === 3 ? r + N : r;    // If rec was 2 or 3, q.x is bigger than n
   afield(radj);                                       // ensure q.x is still a field element
   const head = isEvenN(rec) ? '02' : '03';         // head is 0x02 or 0x03
-  const R = Point.from(h2b(head + numberToHex(radj)));          // concat head + hex repr of r
+  const R = Point.from(h2b(head + n2h(radj)));          // concat head + hex repr of r
   const ir = inv(radj, N);                            // r^-1
   const u1 = modN(-h * ir);                           // -hr^-1
   const u2 = modN(s * ir);                            // sr^-1
@@ -433,26 +437,26 @@ const etc = {
     const s = subtle();
     const name = 'HMAC';
     const k = await s.importKey('raw', key, {name,hash:{name:'SHA-256'}}, false, ['sign']);
-    return u8n(await s.sign(name, k, concatBytes(...msgs)));
+    return u8n(await s.sign(name, k, concatB(...msgs)));
   },
   hmacSha256Sync: undefined as HmacFnSync,              // For TypeScript. Actual logic is below
   sha256Async: async (...msgs: Bytes[]): Promise<Bytes> => {
-    return u8n(await subtle().digest("SHA-256", concatBytes(...msgs)));
+    return u8n(await subtle().digest("SHA-256", concatB(...msgs)));
   },
   sha256Sync: undefined as Sha256FnSync,
 };
 const etc2 = {
   hexToBytes: h2b as (hex: string) => Bytes,
   bytesToHex: b2h as (bytes: Bytes) => string,
-  concatBytes: concatBytes as (...arrs: Bytes[]) => Bytes,
-  bytesToNumberBE: bytesToNum as (a: Bytes) => bigint,
+  concatBytes: concatB as (...arrs: Bytes[]) => Bytes,
+  bytesToNumberBE: b2n as (a: Bytes) => bigint,
   numberToBytesBE: numTo32b as (n: bigint) => Bytes,
   mod: M as (a: bigint, md?: bigint) => bigint,
   invert: inv as (num: bigint, md?: bigint) => bigint,  // math utilities
   randomBytes: randomBytes as (len?: number) => Bytes,
 }
 const randomPrivateKey = (): Bytes => {
-  const num = M(bytesToNum(randomBytes(L + L / 2)), N - _1);      // takes n+8 bytes
+  const num = M(b2n(randomBytes(L + L / 2)), N - _1);      // takes n+8 bytes
   return numTo32b(num + _1);                                 // returns (hash mod n-1)+1
 }; // FIPS 186 B.4.1.
 /** Curve-specific utilities for private keys. */
@@ -513,12 +517,12 @@ const T_CHALLENGE = 'challenge';
 const taggedHash = (tag: string, ...messages: Bytes[]): Bytes => {
   const fn = callEtcFn('sha256Sync');
   const tagH = fn(getTag(tag));
-  return fn(concatBytes(tagH, tagH, ...messages));
+  return fn(concatB(tagH, tagH, ...messages));
 };
 const taggedHashAsync = async (tag: string, ...messages: Bytes[]): Promise<Bytes> => {.0
   const fn = etc.sha256Async;
   const tagH = await fn(getTag(tag));
-  return await fn(concatBytes(tagH, tagH, ...messages));
+  return await fn(concatB(tagH, tagH, ...messages));
 };
 
 // ECDSA compact points are 33-byte. Schnorr is 32: we strip first byte 0x02 or 0x03
@@ -541,9 +545,9 @@ const lift = (x: bigint) => { // // Fail if x ≥ p. Let c = x³ + 7 mod p.
   return M(r * r) === n ? r : err('sqrt invalid');      // check if result is valid
 }
 const challenge = (...args: Bytes[]): bigint =>
-  modN(bytesToNum(taggedHash(T_CHALLENGE, ...args)));
+  modN(b2n(taggedHash(T_CHALLENGE, ...args)));
 const challengeAsync = async (...args: Bytes[]): Promise<bigint> =>
-  modN(bytesToNum(await taggedHashAsync(T_CHALLENGE, ...args)));
+  modN(b2n(await taggedHashAsync(T_CHALLENGE, ...args)));
 
 /**
  * Schnorr public key is just `x` coordinate of Point as per BIP340.
@@ -559,7 +563,7 @@ const prepSigSchnorr = (message: Bytes, privateKey: Bytes, auxRand: Bytes) => {
 }
 
 const extractK = (rand: Bytes) => {
-  const k_ = modN(bytesToNum(rand)); // Let k' = int(rand) mod n
+  const k_ = modN(b2n(rand)); // Let k' = int(rand) mod n
   if (k_ === _0) err('sign failed: k is zero'); // Fail if k' = 0.
   const { px, d } = extpubSchnorr(numTo32b(k_)); // Let R = k'⋅G.
   return { rx: px, k: d }
@@ -585,7 +589,7 @@ const signSchnorr = (
 ): Bytes => {
   const { m, px, d, a } = prepSigSchnorr(message, privateKey, auxRand);
   const aux = taggedHash(T_AUX, a);
-  const t = numTo32b(d ^ bytesToNum(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+  const t = numTo32b(d ^ b2n(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
   const rand = taggedHash(T_NONCE, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
   const { rx, k } = extractK(rand);
   const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
@@ -596,7 +600,7 @@ const signSchnorr = (
 const signAsyncSchnorr = async (message: Bytes, privateKey: Bytes, auxRand: Bytes = randomBytes(L)): Promise<Bytes> => {
   const { m, px, d, a } = prepSigSchnorr(message, privateKey, auxRand);
   const aux = await taggedHashAsync(T_AUX, a);
-  const t = numTo32b(d ^ bytesToNum(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+  const t = numTo32b(d ^ b2n(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
   const rand = await taggedHashAsync(T_NONCE, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
   const { rx, k } = extractK(rand);
   const e = await challengeAsync(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
@@ -619,16 +623,16 @@ const verifSchnorr = (signature: Bytes, message: Bytes, publicKey: Bytes, sync =
     const pub = au8(publicKey, L);
     // lift_x from BIP340. Convert 32-byte x coordinate to elliptic curve point.
     // Fail if x ≥ p. Let c = x³ + 7 mod p.
-    const x = bytesToNum(pub);
+    const x = b2n(pub);
     const y = lift(x); // Let y = c^(p+1)/4 mod p.
     // Return the unique point P such that x(P) = x and
     const P_ = new Point(x, isEvenB(y) ? y : M(-y), _1).ok(); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
     // P = lift_x(int(pk)); fail if that fails
-    const r = sliceNum(sig, 0, L); // Let r = int(sig[0:32]); fail if r ≥ p.
+    const r = slcNum(sig, 0, L); // Let r = int(sig[0:32]); fail if r ≥ p.
     arange(r, _1, P);
-    const s = sliceNum(sig, L, L2); // Let s = int(sig[32:64]); fail if s ≥ n.
+    const s = slcNum(sig, L, L2); // Let s = int(sig[32:64]); fail if s ≥ n.
     arange(s, _1, N);
-    const i = concatBytes(numTo32b(r), pointToBytes(P_), msg);
+    const i = concatB(numTo32b(r), pointToBytes(P_), msg);
     if (sync) return finishVerif(P_, r, s, challenge(i)); // int(challenge(bytes(r)||bytes(P)||m))%n
     return challengeAsync(i).then(e => finishVerif(P_, r, s, e));
   } catch (error) {