ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:30

Extended by

• ForeignCurveNotNeeded

Constructors

new ForeignCurve()

new ForeignCurve(g: {
  x: number | bigint | Field3 | AlmostForeignField;
  y: number | bigint | Field3 | AlmostForeignField;
 }): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:48

Create a new ForeignCurve from an object representing the (affine) x and y coordinates.

Note: Inputs must be range checked if they originate from a different field with a different modulus or if they are not constants. Please refer to the ForeignField constructor comments for more details.

Parameters

g

x

number | bigint | Field3 | AlmostForeignField

y

number | bigint | Field3 | AlmostForeignField

Returns

ForeignCurve

Example

let x = new ForeignCurve({ x: 1n, y: 1n });

Important: By design, there is no way for a ForeignCurve to represent the zero point.

Warning: This fails for a constant input which does not represent an actual point on the curve.

Properties

x

x: AlmostForeignField;

Defined in: lib/provable/crypto/foreign-curve.ts:31

---

y

y: AlmostForeignField;

Defined in: lib/provable/crypto/foreign-curve.ts:32

---

_Bigint?

static optional _Bigint: {};

Defined in: lib/provable/crypto/foreign-curve.ts:360

---

_Field?

static optional _Field: typeof AlmostForeignField;

Defined in: lib/provable/crypto/foreign-curve.ts:361

---

_provable?

static optional _provable: ProvablePureExtended<ForeignCurve, {
  x: bigint;
  y: bigint;
 }, {
  x: string;
  y: string;
}>;

Defined in: lib/provable/crypto/foreign-curve.ts:363

---

_Scalar?

static optional _Scalar: typeof AlmostForeignField;

Defined in: lib/provable/crypto/foreign-curve.ts:362

Accessors

Constructor

Get Signature

get Constructor(): typeof ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:357

Returns

typeof ForeignCurve

---

modulus

Get Signature

get modulus(): bigint

Defined in: lib/provable/crypto/foreign-curve.ts:200

The size of the curve's base field.

Returns

bigint

---

Bigint

Get Signature

get static Bigint(): {}

Defined in: lib/provable/crypto/foreign-curve.ts:372

Curve arithmetic on JS bigints.

Returns

{}

---

Field

Get Signature

get static Field(): typeof AlmostForeignField

Defined in: lib/provable/crypto/foreign-curve.ts:379

The base field of this curve as a ForeignField.

Returns

typeof AlmostForeignField

---

generator

Get Signature

get static generator(): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:188

The constant generator point.

Returns

ForeignCurve

---

modulus

Get Signature

get static modulus(): bigint

Defined in: lib/provable/crypto/foreign-curve.ts:194

The size of the curve's base field.

Returns

bigint

---

provable

Get Signature

get static provable(): ProvablePureExtended<ForeignCurve, {
  x: bigint;
  y: bigint;
 }, {
  x: string;
  y: string;
}>

Defined in: lib/provable/crypto/foreign-curve.ts:393

Provable<ForeignCurve>

Returns

ProvablePureExtended<ForeignCurve, { x: bigint; y: bigint; }, { x: string; y: string; }>

---

Scalar

Get Signature

get static Scalar(): typeof AlmostForeignField

Defined in: lib/provable/crypto/foreign-curve.ts:386

The scalar field of this curve as a ForeignField.

Returns

typeof AlmostForeignField

Methods

add()

add(h: 
  | ForeignCurve
  | FlexiblePoint): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:241

Elliptic curve addition.

let r = p.add(q); // r = p + q

Important: this is incomplete addition and does not handle the degenerate cases:

• Inputs are equal, g = h (where you would use double). In this case, the result of this method is garbage and can be manipulated arbitrarily by a malicious prover.
• Inputs are inverses of each other, g = -h, so that the result would be the zero point. In this case, the proof fails.

If you want guaranteed soundness regardless of the input, use addSafe instead.

Parameters

h

ForeignCurve | FlexiblePoint

Returns

ForeignCurve

Throws

if the inputs are inverses of each other.

---

addSafe()

addSafe(h: 
  | ForeignCurve
  | FlexiblePoint): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:259

Safe elliptic curve addition.

This is the same as add, but additionally proves that the inputs are not equal. Therefore, the method is guaranteed to either fail or return a valid addition result.

Beware: this is more expensive than add, and is still incomplete in that it does not succeed on equal or inverse inputs.

Parameters

h

ForeignCurve | FlexiblePoint

Returns

ForeignCurve

Throws

if the inputs are equal or inverses of each other.

---

assertInSubgroup()

assertInSubgroup(): void

Defined in: lib/provable/crypto/foreign-curve.ts:339

Assert that this point lies in the subgroup defined by order*P = 0.

Note: this is a no-op if the curve has cofactor equal to 1. Otherwise it performs the full scalar multiplication order*P and is expensive.

Returns

void

---

assertOnCurve()

assertOnCurve(): void

Defined in: lib/provable/crypto/foreign-curve.ts:323

Assert that this point lies on the elliptic curve, which means it satisfies the equation y^2 = x^3 + ax + b

Returns

void

---

double()

double(): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:278

Elliptic curve doubling.

Returns

ForeignCurve

Example

let r = p.double(); // r = 2 * p

---

negate()

negate(): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:292

Elliptic curve negation.

Returns

ForeignCurve

Example

let r = p.negate(); // r = -p

---

scale()

scale(scalar: number | bigint | AlmostForeignField): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:308

Elliptic curve scalar multiplication, where the scalar is represented as a ForeignField element.

Important: this proves that the result of the scalar multiplication is not the zero point.

Parameters

scalar

number | bigint | AlmostForeignField

Returns

ForeignCurve

Throws

if the scalar multiplication results in the zero point; for example, if the scalar is zero.

Example

let r = p.scale(s); // r = s * p

---

toBigint()

toBigint(): GroupAffine

Defined in: lib/provable/crypto/foreign-curve.ts:217

Convert this curve point to a point with bigint coordinates.

Returns

GroupAffine

---

assertInSubgroup()

static assertInSubgroup(g: ForeignCurve): void

Defined in: lib/provable/crypto/foreign-curve.ts:327

Parameters

g

ForeignCurve

Returns

void

---

assertOnCurve()

static assertOnCurve(g: ForeignCurve): void

Defined in: lib/provable/crypto/foreign-curve.ts:315

Parameters

g

ForeignCurve

Returns

void

---

check()

static check(g: ForeignCurveNotNeeded): void

Defined in: lib/provable/crypto/foreign-curve.ts:349

Check that this is a valid element of the target subgroup of the curve:

• Check that the coordinates are valid field elements
• Use () to check that the point lies on the curve
• If the curve has cofactor unequal to 1, use ().

Parameters

g

ForeignCurveNotNeeded

Returns

void

---

from()

static from(g: 
  | ForeignCurve
  | FlexiblePoint): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:64

Coerce the input to a ForeignCurve.

Parameters

g

ForeignCurve | FlexiblePoint

Returns

ForeignCurve

---

fromEthers()

static fromEthers(hex: string): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:142

Create a new ForeignCurve instance from an Ethereum public key in hex format, which may be either compressed or uncompressed. This method is designed to handle the parsing of public keys as used by the ethers.js library.

The input should represent the affine x and y coordinates of the point, in hexadecimal format. Compressed keys are 33 bytes long and begin with 0x02 or 0x03, while uncompressed keys are 65 bytes long and begin with 0x04.

Warning: This method is specifically designed for use with the Secp256k1 curve. Using it with other curves may result in incorrect behavior or errors. Ensure that the curve setup matches Secp256k1, as shown in the example, to avoid unintended issues.

Parameters

hex

string

The public key as a hexadecimal string (without the "0x" prefix).

Returns

ForeignCurve

A new instance of the curve representing the given public key.

Example

import { Wallet, Signature, getBytes } from 'ethers';

class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}

const wallet = Wallet.createRandom();

const publicKey = Secp256k1.fromEthers(wallet.publicKey.slice(2));

---

fromHex()

static fromHex(hex: string): ForeignCurve

Defined in: lib/provable/crypto/foreign-curve.ts:91

Parses a hexadecimal string representing an uncompressed elliptic curve point and coerces it into a ForeignCurve point.

The method extracts the x and y coordinates from the provided hex string and verifies that the resulting point lies on the curve.

Note: This method only supports uncompressed elliptic curve points, which are 65 bytes in total (1-byte prefix + 32 bytes for x + 32 bytes for y).

Parameters

hex

string

The hexadecimal string representing the uncompressed elliptic curve point.

Returns

ForeignCurve

• A point on the foreign curve, parsed from the given hexadecimal string.

Throws

• Throws an error if the input is not a valid public key.

Example

class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}

const publicKeyHex = '04f8b8db25c619d0c66b2dc9e97ecbafafae...'; // Example hex string for uncompressed point
const point = Secp256k1.fromHex(publicKeyHex);

Important: This method is only designed to handle uncompressed elliptic curve points in hex format.