Rename back

Author: paulmillr

index.ts

@@ -60,7 +60,7 @@ class Point {
     au8(bytes);
     let p: Point | undefined = undefined;
     const head = bytes[0], tail = bytes.subarray(1);    // first byte is prefix, rest is data
-    const x = slcNum(tail, 0, L), len = bytes.length;   // next 32 bytes are x coordinate
+    const x = slc(tail, 0, L), len = bytes.length;   // next 32 bytes are x coordinate
     if (len === (L + 1) && [0x02, 0x03].includes(head)) {    // compressed points: 33b, start
       // afield(x);                                        // with byte 0x02 or 0x03. check 1<=x<P.
       let y = lift(x);                           // x³ + ax + b is right side of equation
@@ -69,7 +69,7 @@ class Point {
       if (headOdd !== isYOdd) y = M(-y);                // determine proper solution
       p = new Point(x, y, _1);                          // create point
     }                                                   // Uncompressed points: 65b, start with 0x04
-    if (len === (L2 + 1) && head === 0x04) p = new Point(x, slcNum(tail, L, L2), _1);
+    if (len === (L2 + 1) && head === 0x04) p = new Point(x, slc(tail, L, L2), _1);
     return p ? p.ok() : err('Point invalid: not on curve');   // Verify the result
   }
   /** Equality check: compare points P&Q. */
@@ -183,9 +183,9 @@ const h2b = (hex: string): Bytes => {                   // hex to bytes
   return array;
 };
 const b2n = (b: Bytes): bigint => BigInt('0x' + (b2h(b) || '0')); // bytes to number
-const slcNum = (b: Bytes, from: number, to: number) => b2n(b.subarray(from, to)); // slice bytes num
-const numTo32b = (n: bigint): Bytes => h2b(padh(arange(n, _0, B256), L2)); // number to 32b. Must be 0 <= num < B256
-const n2h = (num: bigint): string => b2h(numTo32b(num));     // number to 32b hex
+const slc = (b: Bytes, from: number, to: number) => b2n(b.subarray(from, to)); // slice bytes num
+const n2b = (n: bigint): Bytes => h2b(padh(arange(n, _0, B256), L2)); // number to 32b. Must be 0 <= num < B256
+const n2h = (num: bigint): string => b2h(n2b(num));     // number to 32b hex
 const concatB = (...arrs: Bytes[]): Bytes => {          // concatenate Uint8Array-s
   const r = u8n(arrs.reduce((sum, a) => sum + au8(a).length, 0)); // create u8a of summed length
   let pad = 0;                                          // walk through each array,
@@ -202,14 +202,14 @@ const inv = (num: bigint, md: bigint): bigint => {      // modular inversion
   }
   return b === _1 ? M(x, md) : err('no inverse');       // b is gcd at this point
 };
-const scalar = (pr: Bytes): bigint => {               // normalize private key to bigint
+const normPriv = (pr: Bytes): bigint => {               // normalize private key to bigint
   let num = b2n(au8(pr, L)); // convert to bigint when bytes
   return arange(num, _1, N, 'private key invalid 3');    // check if bigint is in range
 };
 const highS = (n: bigint): boolean => n > (N >> _1);     // if a number is bigger than CURVE.n/2
 /** Creates 33/65-byte public key from 32-byte private key. */
 const getPublicKey = (privKey: Bytes, isCompressed = true): Bytes => {
-  return G.mul(scalar(privKey)).toBytes(isCompressed);
+  return G.mul(normPriv(privKey)).toBytes(isCompressed);
 }
 /** ECDSA Signature class. Supports only compact 64-byte representation, not DER. */
 class Signature {
@@ -232,7 +232,7 @@ const bits2int = (bytes: Bytes): bigint => {            // RFC6979: ensure ECDSA
 const bits2int_modN = (bytes: Bytes): bigint => {       // int2octets can't be used; pads small msgs
   return modN(bits2int(au8(bytes)));                    // with 0: BAD for trunc as per RFC vectors
 };
-const i2o = (num: bigint): Bytes => numTo32b(num);           // int to octets
+const i2o = (num: bigint): Bytes => n2b(num);           // int to octets
 declare const globalThis: Record<string, any> | undefined; // Typescript symbol present in browsers
 const cr = () => // We support: 1) browsers 2) node.js 19+ 3) deno, other envs with crypto
   typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;
@@ -254,7 +254,7 @@ const prepSig = (msgh: Bytes, priv: Bytes, opts: OptS = optS): BC => {// prepare
   if (lowS == null) lowS = true;                        // RFC6979 3.2: we skip step A
   const h1i = bits2int_modN(msgh);                 // msg bigint
   const h1o = i2o(h1i);                                 // msg octets
-  const d = scalar(priv);                               // validate private key, convert to bigint
+  const d = normPriv(priv);                               // validate private key, convert to bigint
   const seed = [i2o(d), h1o];                           // Step D of RFC6979 3.2
   // RFC6979 3.6: additional k' (optional)
   if (extraEntropy) { // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
@@ -378,7 +378,7 @@ const verify = (sig: Bytes, msgh: Bytes, pub: Bytes, opts: OptV = optV): boolean
   let { lowS } = opts;                                  // ECDSA signature verification
   if (lowS == null) lowS = true;                        // Default lowS=true
   let h: bigint, P: Point;             // secg.org/sec1-v2.pdf 4.1.4
-  let { r, s } = new Signature(slcNum(sig, 0, L), slcNum(sig, L, L2)) // throw error when DER is suspected now.
+  let { r, s } = new Signature(slc(sig, 0, L), slc(sig, L, L2)) // throw error when DER is suspected now.
   try {
     h = bits2int_modN(msgh);                      // Truncate hash
     P = Point.from(pub);                           // Validate public key
@@ -423,7 +423,7 @@ const recoverPublicKey = (point: SignatureWithRecovery, msgh: Bytes): Point => {
  * @returns public key C
  */
 const getSharedSecret = (privA: Bytes, pubB: Bytes, isCompressed = true): Bytes => {
-  return Point.from(pubB).mul(scalar(privA)).toBytes(isCompressed); // ECDH
+  return Point.from(pubB).mul(normPriv(privA)).toBytes(isCompressed); // ECDH
 };
 const randomBytes = (len = L): Bytes => {                   // CSPRNG (random number generator)
   const crypto = cr(); // Must be shimmed in node.js <= 18 to prevent error. See README.
@@ -450,18 +450,18 @@ const etc2 = {
   bytesToHex: b2h as (bytes: Bytes) => string,
   concatBytes: concatB as (...arrs: Bytes[]) => Bytes,
   bytesToNumberBE: b2n as (a: Bytes) => bigint,
-  numberToBytesBE: numTo32b as (n: bigint) => Bytes,
+  numberToBytesBE: n2b as (n: bigint) => Bytes,
   mod: M as (a: bigint, md?: bigint) => bigint,
   invert: inv as (num: bigint, md?: bigint) => bigint,  // math utilities
   randomBytes: randomBytes as (len?: number) => Bytes,
 }
 const randomPrivateKey = (): Bytes => {
   const num = M(b2n(randomBytes(L + L / 2)), N - _1);      // takes n+8 bytes
-  return numTo32b(num + _1);                                 // returns (hash mod n-1)+1
+  return n2b(num + _1);                                 // returns (hash mod n-1)+1
 }; // FIPS 186 B.4.1.
 /** Curve-specific utilities for private keys. */
 const utils = {                                         // utilities
-  isValidPrivateKey: (key: Bytes): boolean => { try { return !!scalar(key); } catch (e) { return false; } },
+  isValidPrivateKey: (key: Bytes): boolean => { try { return !!normPriv(key); } catch (e) { return false; } },
   randomPrivateKey: randomPrivateKey as () => Bytes,
   // precompute: (w=8, p: Point = G): Point => { p.multiply(3n); w; return p; }, // no-op
 };
@@ -529,7 +529,7 @@ const taggedHashAsync = async (tag: string, ...messages: Bytes[]): Promise<Bytes
 const pointToBytes = (point: Point): Uint8Array<ArrayBuffer> => point.toBytes(true).slice(1);
 // Calculate point, scalar and bytes
 const extpubSchnorr = (priv: Bytes) => {
-  const d_ = scalar(priv); // same method executed in fromPrivateKey
+  const d_ = normPriv(priv); // same method executed in fromPrivateKey
   const p = G.mul(d_); // P = d'⋅G; 0 < d' < n check is done inside
   const d = isEvenB(p.aff().y) ? d_ : modN(-d_);
   const px = pointToBytes(p);
@@ -565,15 +565,15 @@ const prepSigSchnorr = (message: Bytes, privateKey: Bytes, auxRand: Bytes) => {
 const extractK = (rand: Bytes) => {
   const k_ = modN(b2n(rand)); // Let k' = int(rand) mod n
   if (k_ === _0) err('sign failed: k is zero'); // Fail if k' = 0.
-  const { px, d } = extpubSchnorr(numTo32b(k_)); // Let R = k'⋅G.
+  const { px, d } = extpubSchnorr(n2b(k_)); // Let R = k'⋅G.
   return { rx: px, k: d }
 }
 
 // Common signature creation helper
 const createSigSchnorr = (k: bigint, px: Bytes, e: bigint, d: bigint): Bytes => {
   const sig = u8n(L2);
   sig.set(px, 0);
-  sig.set(numTo32b(modN(k + e * d)), L);
+  sig.set(n2b(modN(k + e * d)), L);
   return sig;
 }
 
@@ -589,7 +589,7 @@ const signSchnorr = (
 ): Bytes => {
   const { m, px, d, a } = prepSigSchnorr(message, privateKey, auxRand);
   const aux = taggedHash(T_AUX, a);
-  const t = numTo32b(d ^ b2n(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+  const t = n2b(d ^ b2n(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
   const rand = taggedHash(T_NONCE, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
   const { rx, k } = extractK(rand);
   const e = challenge(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
@@ -600,7 +600,7 @@ const signSchnorr = (
 const signAsyncSchnorr = async (message: Bytes, privateKey: Bytes, auxRand: Bytes = randomBytes(L)): Promise<Bytes> => {
   const { m, px, d, a } = prepSigSchnorr(message, privateKey, auxRand);
   const aux = await taggedHashAsync(T_AUX, a);
-  const t = numTo32b(d ^ b2n(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
+  const t = n2b(d ^ b2n(aux)); // Let t be the byte-wise xor of bytes(d) and hash/aux(a)
   const rand = await taggedHashAsync(T_NONCE, t, px, m); // Let rand = hash/nonce(t || bytes(P) || m)
   const { rx, k } = extractK(rand);
   const e = await challengeAsync(rx, px, m); // Let e = int(hash/challenge(bytes(R) || bytes(P) || m)) mod n.
@@ -628,11 +628,11 @@ const verifSchnorr = (signature: Bytes, message: Bytes, publicKey: Bytes, sync =
     // Return the unique point P such that x(P) = x and
     const P_ = new Point(x, isEvenB(y) ? y : M(-y), _1).ok(); // y(P) = y if y mod 2 = 0 or y(P) = p-y otherwise.
     // P = lift_x(int(pk)); fail if that fails
-    const r = slcNum(sig, 0, L); // Let r = int(sig[0:32]); fail if r ≥ p.
+    const r = slc(sig, 0, L); // Let r = int(sig[0:32]); fail if r ≥ p.
     arange(r, _1, P);
-    const s = slcNum(sig, L, L2); // Let s = int(sig[32:64]); fail if s ≥ n.
+    const s = slc(sig, L, L2); // Let s = int(sig[32:64]); fail if s ≥ n.
     arange(s, _1, N);
-    const i = concatB(numTo32b(r), pointToBytes(P_), msg);
+    const i = concatB(n2b(r), pointToBytes(P_), msg);
     if (sync) return finishVerif(P_, r, s, challenge(i)); // int(challenge(bytes(r)||bytes(P)||m))%n
     return challengeAsync(i).then(e => finishVerif(P_, r, s, e));
   } catch (error) {