ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:30
Extended by
Constructors
new ForeignCurve()
new ForeignCurve(g: {
x: number | bigint | Field3 | AlmostForeignField;
y: number | bigint | Field3 | AlmostForeignField;
}): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:48
Create a new ForeignCurve from an object representing the (affine) x and y coordinates.
Note: Inputs must be range checked if they originate from a different field with a different modulus or if they are not constants. Please refer to the ForeignField constructor comments for more details.
Parameters
g
x
number
| bigint
| Field3
| AlmostForeignField
y
number
| bigint
| Field3
| AlmostForeignField
Returns
Example
let x = new ForeignCurve({ x: 1n, y: 1n });
Important: By design, there is no way for a ForeignCurve
to represent the zero point.
Warning: This fails for a constant input which does not represent an actual point on the curve.
Properties
x
x: AlmostForeignField;
Defined in: lib/provable/crypto/foreign-curve.ts:31
y
y: AlmostForeignField;
Defined in: lib/provable/crypto/foreign-curve.ts:32
_Bigint?
static optional _Bigint: {};
Defined in: lib/provable/crypto/foreign-curve.ts:360
_Field?
static optional _Field: typeof AlmostForeignField;
Defined in: lib/provable/crypto/foreign-curve.ts:361
_provable?
static optional _provable: ProvablePureExtended<ForeignCurve, {
x: bigint;
y: bigint;
}, {
x: string;
y: string;
}>;
Defined in: lib/provable/crypto/foreign-curve.ts:363
_Scalar?
static optional _Scalar: typeof AlmostForeignField;
Defined in: lib/provable/crypto/foreign-curve.ts:362
Accessors
Constructor
Get Signature
get Constructor(): typeof ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:357
Returns
typeof ForeignCurve
modulus
Get Signature
get modulus(): bigint
Defined in: lib/provable/crypto/foreign-curve.ts:200
The size of the curve's base field.
Returns
bigint
Bigint
Get Signature
get static Bigint(): {}
Defined in: lib/provable/crypto/foreign-curve.ts:372
Curve arithmetic on JS bigints.
Returns
{}
Field
Get Signature
get static Field(): typeof AlmostForeignField
Defined in: lib/provable/crypto/foreign-curve.ts:379
The base field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
generator
Get Signature
get static generator(): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:188
The constant generator point.
Returns
modulus
Get Signature
get static modulus(): bigint
Defined in: lib/provable/crypto/foreign-curve.ts:194
The size of the curve's base field.
Returns
bigint
provable
Get Signature
get static provable(): ProvablePureExtended<ForeignCurve, {
x: bigint;
y: bigint;
}, {
x: string;
y: string;
}>
Defined in: lib/provable/crypto/foreign-curve.ts:393
Provable<ForeignCurve>
Returns
ProvablePureExtended
<ForeignCurve
, {
x
: bigint
;
y
: bigint
;
}, {
x
: string
;
y
: string
;
}>
Scalar
Get Signature
get static Scalar(): typeof AlmostForeignField
Defined in: lib/provable/crypto/foreign-curve.ts:386
The scalar field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Methods
add()
add(h:
| ForeignCurve
| FlexiblePoint): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:241
Elliptic curve addition.
let r = p.add(q); // r = p + q
Important: this is incomplete addition and does not handle the degenerate cases:
- Inputs are equal,
g = h
(where you would use double). In this case, the result of this method is garbage and can be manipulated arbitrarily by a malicious prover. - Inputs are inverses of each other,
g = -h
, so that the result would be the zero point. In this case, the proof fails.
If you want guaranteed soundness regardless of the input, use addSafe instead.
Parameters
h
Returns
Throws
if the inputs are inverses of each other.
addSafe()
addSafe(h:
| ForeignCurve
| FlexiblePoint): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:259
Safe elliptic curve addition.
This is the same as add, but additionally proves that the inputs are not equal. Therefore, the method is guaranteed to either fail or return a valid addition result.
Beware: this is more expensive than add, and is still incomplete in that it does not succeed on equal or inverse inputs.
Parameters
h
Returns
Throws
if the inputs are equal or inverses of each other.
assertInSubgroup()
assertInSubgroup(): void
Defined in: lib/provable/crypto/foreign-curve.ts:339
Assert that this point lies in the subgroup defined by order*P = 0
.
Note: this is a no-op if the curve has cofactor equal to 1. Otherwise
it performs the full scalar multiplication order*P
and is expensive.
Returns
void
assertOnCurve()
assertOnCurve(): void
Defined in: lib/provable/crypto/foreign-curve.ts:323
Assert that this point lies on the elliptic curve, which means it satisfies the equation
y^2 = x^3 + ax + b
Returns
void
double()
double(): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:278
Elliptic curve doubling.
Returns
Example
let r = p.double(); // r = 2 * p
negate()
negate(): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:292
Elliptic curve negation.
Returns
Example
let r = p.negate(); // r = -p
scale()
scale(scalar: number | bigint | AlmostForeignField): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:308
Elliptic curve scalar multiplication, where the scalar is represented as a ForeignField element.
Important: this proves that the result of the scalar multiplication is not the zero point.
Parameters
scalar
number
| bigint
| AlmostForeignField
Returns
Throws
if the scalar multiplication results in the zero point; for example, if the scalar is zero.
Example
let r = p.scale(s); // r = s * p
toBigint()
toBigint(): GroupAffine
Defined in: lib/provable/crypto/foreign-curve.ts:217
Convert this curve point to a point with bigint coordinates.
Returns
GroupAffine
assertInSubgroup()
static assertInSubgroup(g: ForeignCurve): void
Defined in: lib/provable/crypto/foreign-curve.ts:327
Parameters
g
Returns
void
assertOnCurve()
static assertOnCurve(g: ForeignCurve): void
Defined in: lib/provable/crypto/foreign-curve.ts:315
Parameters
g
Returns
void
check()
static check(g: ForeignCurveNotNeeded): void
Defined in: lib/provable/crypto/foreign-curve.ts:349
Check that this is a valid element of the target subgroup of the curve:
- Check that the coordinates are valid field elements
- Use () to check that the point lies on the curve
- If the curve has cofactor unequal to 1, use ().
Parameters
g
Returns
void
from()
static from(g:
| ForeignCurve
| FlexiblePoint): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:64
Coerce the input to a ForeignCurve.
Parameters
g
Returns
fromEthers()
static fromEthers(hex: string): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:142
Create a new ForeignCurve instance from an Ethereum public key in hex format, which may be either compressed or uncompressed. This method is designed to handle the parsing of public keys as used by the ethers.js library.
The input should represent the affine x and y coordinates of the point, in hexadecimal format. Compressed keys are 33 bytes long and begin with 0x02 or 0x03, while uncompressed keys are 65 bytes long and begin with 0x04.
Warning: This method is specifically designed for use with the Secp256k1 curve. Using it with other curves may result in incorrect behavior or errors. Ensure that the curve setup matches Secp256k1, as shown in the example, to avoid unintended issues.
Parameters
hex
string
The public key as a hexadecimal string (without the "0x" prefix).
Returns
A new instance of the curve representing the given public key.
Example
import { Wallet, Signature, getBytes } from 'ethers';
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
const wallet = Wallet.createRandom();
const publicKey = Secp256k1.fromEthers(wallet.publicKey.slice(2));
fromHex()
static fromHex(hex: string): ForeignCurve
Defined in: lib/provable/crypto/foreign-curve.ts:91
Parses a hexadecimal string representing an uncompressed elliptic curve point and coerces it into a ForeignCurve point.
The method extracts the x and y coordinates from the provided hex string and verifies that the resulting point lies on the curve.
Note: This method only supports uncompressed elliptic curve points, which are 65 bytes in total (1-byte prefix + 32 bytes for x + 32 bytes for y).
Parameters
hex
string
The hexadecimal string representing the uncompressed elliptic curve point.
Returns
- A point on the foreign curve, parsed from the given hexadecimal string.
Throws
- Throws an error if the input is not a valid public key.
Example
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
const publicKeyHex = '04f8b8db25c619d0c66b2dc9e97ecbafafae...'; // Example hex string for uncompressed point
const point = Secp256k1.fromHex(publicKeyHex);
Important: This method is only designed to handle uncompressed elliptic curve points in hex format.