Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ideas for v2 #142

Open
paulmillr opened this issue Jun 6, 2024 · 39 comments
Open

Ideas for v2 #142

paulmillr opened this issue Jun 6, 2024 · 39 comments

Comments

@paulmillr
Copy link
Owner

paulmillr commented Jun 6, 2024

  • consider creating "addons" or "others" module
    • move jubjub and pasta curves into "others" file
    • research other curves that can be included
      • brainpool? something else?
  • Mirror module system related changes from v2 noble-hashes
@holgerd77
Copy link

We are currently looking into replacing our rustbn-wasm build with this library for the bn254 (bn128) ADD, MUL, PAIRING precompiles from EIP-196 and EIP-197, so I agree that adding support for "bn254 g2, bn254 pairing" would be great idea! (respectively pretty valuable to us)

@holgerd77
Copy link

(side question: do you think we could use Noble for the BLS precompiles (so https://eips.ethereum.org/EIPS/eip-2537 ?)

@paulmillr
Copy link
Owner Author

Yes, bls precompiles are ok.

bn254 will need to be added

@paulmillr
Copy link
Owner Author

paulmillr commented Jun 21, 2024

@holgerd77 the performance would be decreased compared to wasm. For example, bls12 does 100 pairings/sec on fast mac. For comparison, ETH can do 4000 signatures/sec on the same cpu. Your current rustbn wasm solution is likely several times faster.

How constrained are you in terms of performance?

@holgerd77
Copy link

Cool!

For BLS I've compiled down the following list of potential function mappings, if you have something to add:

mcl.add -> bls12_381.fields.Fp.add
mcl.mul -> bls12_381.fields.Fp.mul
mcl.mulVec -> ? (bls12_381.fields.Fp.mulN ?)
mcl.millerLoop -> bls12_381.millerLoop
mcl.finalExp -> ?
mcl.G1/G2  -> bls12_381.G1/G2
mcl.Fp(2) -> bls12_381.fields.Fp (2)
mcl.verifyOrderG1/G2 -> bls12_381.G1.isWithinCurveOrder

We will go our "classic" route here, and provide the JS implementation as default and then let people opt-in (dependency-inect) WASM if they want to.

Actually with the pairing and if we could replace bn254 we would be completely "WASM free" for the EVM which would be a pretty big deal! 🤩

@paulmillr
Copy link
Owner Author

I will make it a priority then.

@holgerd77
Copy link

Great to hear (if you need financial support for this let me know)! 🙏 🤩

@paulmillr
Copy link
Owner Author

bn254 pairings have been added.

@holgerd77
Copy link

Ok, I am on it, see above PR!

Have now created a new build here https://github.com/holgerd77/noble-curves/tree/build-3ed792f . When building our EVM code I am getting two BLS related errors now, not sure if something to fix on your or on our side, will look into it:

grafik

@holgerd77
Copy link

Update: think this is just because of conflicting noble versions (now having noble from my branch + noble from ethereum-cryptography in). Can solve this with any annotation and remove later.

@holgerd77
Copy link

grafik

toHex() on the point seems not implemented (throws with "not implemeneted")

@holgerd77
Copy link

Same with toRawBytes()

@holgerd77
Copy link

Ok, first Noble usage for multiplication seems to be (at least partially) working https://github.com/ethereumjs/ethereumjs-monorepo/pull/3564/files#diff-d8e4e56024eab6bc6446b026499696dcfcc4cbb9b6bdfe6c9fd35e983052d026 🙂.

Replaced the rustbn.js WASM code and this locally passes some ec_mul tests (ecmul_7827-6598_9_21000_128) from the official ethereum/tests test suite.

@paulmillr
Copy link
Owner Author

seems not implemented

Reason: there is no standard, everyone does different things. I will look at what you're doing here and maybe make tohex the same.

@holgerd77
Copy link

In between state: I have now got multiplication and addition working. This should be tested enough, there are 100s (~1000 or so?) tests in the official ethereum/tests which all pass now. Will now move over to pairing.

@holgerd77
Copy link

Hi Paul,
I am currently trying to create a valid G2 point, which is not working yet. Can you have a look at the following code, guess you will spot quickly what is wrong?

import { hexToBytes } from '@ethereumjs/util'
import { bn254 } from '@noble/curves/bn254'

// From ecpairing_two_point_match_1 test
/* const input =
  '0x00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa000000000000000000000000000000000000000000000000000000000000000130644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd45198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa' */
console.log('test')

const inputG2 =
  '0x198e9393920d483a7260bfb731fb5d25f1aa493335a9e71297e485b7aef312c21800deef121f1e76426a00665e5c4479674322d4f75edadd46debd5cd992f6ed090689d0585ff075ec9e99ad690c3395bc4b313370b38ef355acdadcd122975b12c85ea5db8c6deb4aab71808dcb408fe3d1e7690c43d37b4ce6cc0166fa7daa'

const inputG2Bytes = hexToBytes(inputG2)
console.log(inputG2Bytes.length)

const pFP1 = bn254.fields.Fp2.fromBytes(inputG2Bytes.slice(0, 64))
const pFP2 = bn254.fields.Fp2.fromBytes(inputG2Bytes.slice(64, 128))

const pG2 = bn254.G2.ProjectivePoint.fromAffine({
  x: pFP1,
  y: pFP2,
})
pG2.assertValidity()

So this is the test input from one of the tests, input is the full input passed to the precompile and inputG2 the part I am using for G2 (obviously contained in input).

I am trying to get a positive assertValidity() check. Atm it is always throwing there.

@holgerd77
Copy link

grafik

Ok, I think I've found the respective code parts in your tests, will try to take it from there.

@holgerd77
Copy link

Ok, all official tests passing (I basically did the same as you did in your EVM setup just not in elegant 😂).
ethereumjs/ethereumjs-monorepo#3564

Think this should be enough for a release, at least from my side! So the test suite from ethereum/tests should really be complete, since the EIPs are out for years.

The only thing which irritated me mildy is that I had to flip the elements for the G2 point creation, see:
https://github.com/ethereumjs/ethereumjs-monorepo/pull/3564/files#diff-d8e4e56024eab6bc6446b026499696dcfcc4cbb9b6bdfe6c9fd35e983052d026R83

Not sure if this is an inconsistency in your library or in the EIP or otherwise has some reason I do not understand. If this is something to be adjusted on your side you can simply do along release I guess without another testing round.

Again, thanks a lot for all the work on this as well as this thorough EVM-specific test setup! 🙏 🎉

@paulmillr
Copy link
Owner Author

It's the same issue as in with toHex: there is no standard for this. Someone can serialize imaginary part of the complex number (G2) first, someone does the opposite.

For comparison, BLS was specced with hash-to-curve, so it's much better.

I will see what can be improved for your cases and prepare new release today/tomorrow.

@paulmillr
Copy link
Owner Author

There would be no serialization by default for now. Reasoning:

  • Some libraries do LE (little-endian), some do BE (big-endian, byte-swapped)
  • Some libraries add flags while serializing points (similar to BLS), some don't
  • Some libraries use imaginary part last in G2, some use it first

EVM picked: BE, no-flag, imag-first. Which is not compatible with something like ZEC and less feature-full. For example, no one else does BE.

I will add it to the readme. The community can then figure out the optional path of moving forward.

@paulmillr
Copy link
Owner Author

paulmillr commented Aug 7, 2024

1.5.0 is out.

Do you need a new release of eth-cryptography today? 1.5.0 can be used as-is, but will be duplicated in your dep tree for a few weeks.

After the audit, I will include bn254 into eth-cryptography (all packages there are audited).

@holgerd77
Copy link

Cool, will test! 🤩

Not including yet into eth-cryptography might counterbalance some of our tree shaking efforts for the moment (not fully sure), since we then might get double code parts from the different versions in.

Guess nevertheless makes sense (not to include yet). So, as you said, audit is not so far away, right?

@paulmillr
Copy link
Owner Author

Audit is this month. So even if you do major releases today, you can do x.y.1 patch to improve tree-shaking later this month.

@holgerd77
Copy link

Ah, that’s great, no no, we are still a month away from releases

@legobeat
Copy link
Contributor

In preparation for incorporation into ethereum-cryptograhy: paulmillr/scure-bip32#17

@alexandrius
Copy link

@paulmillr Do you think this library will be able to be compiled with Static Hermes?

@paulmillr
Copy link
Owner Author

I’m not sure what are the constraints. AFAIK, many people use it with react native.

@alexandrius
Copy link

I’m not sure what are the constraints

Sound types

AFAIK, many people use it with react native.

Static Hermes isn't released yet. Static Hermes compiles JS to native instructions ahead of time.

Here is some context:

https://tmikov.blogspot.com/2023/09/how-to-speed-up-micro-benchmark-300x.html
https://speakerdeck.com/tmikov2023/static-hermes-react-native-eu-2023-announcement
https://x.com/tmikov/status/1700353858763911570?s=20

Basically noble will be THE fastest cryptography library on React Native without native code

@paulmillr
Copy link
Owner Author

What's "sound types" and how does one detect which types are unsound? Is there automatic tool?

@alexandrius
Copy link

@paulmillr

What's "sound types" and how does one detect which types are unsound? Is there automatic tool?

Essentially if you have type number annotation on a variable in JS runtime it can become undefined or string or whatever. Instead of silently failing or basically continuing to work Static Hermes will throw just like in any strongly typed language. So if the noble depends on JS looseness it must be refactored.

@paulmillr
Copy link
Owner Author

I'm open to a speed up, but there should be some simple tool to check all files for "sound type" errors.

@alexandrius
Copy link

alexandrius commented Sep 17, 2024

@paulmillr that's a good point. I assume there will be something like that. I'm gonna try to find out

@alexandrius
Copy link

alexandrius commented Sep 18, 2024

@paulmillr Ok I went ahead and tried to compile https://github.com/paulmillr/noble-secp256k1/blob/main/index.js . I chose secp256k1 because I'm already familiar with the lib.

Here are steps to try it out:

Step 1: Clone Hermes and checkout to static_h

mkdir hermes_build
cd hermes_build
git clone https://github.com/facebook/hermes

Step 2: Build Hermes

Taken from: https://github.com/facebook/hermes/blob/static_h/doc/BuildingAndRunning.md

cmake -S hermes -B build -G Ninja
cmake --build ./build

To build release:

cmake -S hermes -B build_release -G Ninja -DCMAKE_BUILD_TYPE=Release
cmake --build ./build_release

Step 3: Run the index.js with Hermes

  • Remove (or refactor to module.exports) the last 2 export lines since Hermes doesn't support ES6 for now
  • Run the file with Hermes
build/bin/shermes --typed -exec ../noble-secp256k1/index.js

The --typed instruction will try to compile the file. That's essentially how you verify if you have sound or unsound types. More info about that

I got bunch 13 errors after removing the `export` instruction. Click to expand
../noble-secp256k1/index.js:516:1: error: 'export' statement requires module mode
export { getPublicKey, sign, signAsync, verify, CURVE, // Remove the export to easily use in REPL
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:517:39: warning: the variable "ProjectivePoint" was not declared in anonymous function
getSharedSecret, etc, utils, Point as ProjectivePoint, Signature }; // envs like browser console
                                      ^~~~~~~~~~~~~~~
Emitted 1 errors. exiting.
➜  hermes_build build/bin/shermes --typed -exec ../noble-secp256k1/index.js
../noble-secp256k1/index.js:9:20: warning: local variable may be used prior to declaration, assuming 'any'
const crv = (x) => mod(mod(x * x) * x + CURVE.b); // x³ + ax + b weierstrass formula; a=0
../noble-secp256k1/index.js:9:24: warning: local variable may be used prior to declaration, assuming 'any'
const crv = (x) => mod(mod(x * x) * x + CURVE.b); // x³ + ax + b weierstrass formula; a=0
../noble-secp256k1/index.js:10:14: warning: ft: typing of pattern parameters not implemented, :any assumed
const err = (m = '') => { throw new Error(m); }; // error helper, messes-up stack trace
             ^~~~~~
../noble-secp256k1/index.js:21:39: warning: local variable may be used prior to declaration, assuming 'any'
const toU8 = (a, len) => au8(str(a) ? h2b(a) : u8n(au8(a)), len); // norm(hex/u8a) to u8a
                                      ^~~
../noble-secp256k1/index.js:22:17: warning: ft: typing of pattern parameters not implemented, :any assumed
const mod = (a, b = P) => { let r = a % b; return r >= 0n ? r : b + r; }; // mod division
                ^~~~~
../noble-secp256k1/index.js:22:41: warning: local variable may be used prior to declaration, assuming 'any'
const mod = (a, b = P) => { let r = a % b; return r >= 0n ? r : b + r; }; // mod division
                                        ^
../noble-secp256k1/index.js:22:65: warning: local variable may be used prior to declaration, assuming 'any'
const mod = (a, b = P) => { let r = a % b; return r >= 0n ? r : b + r; }; // mod division
                                                                ^
../noble-secp256k1/index.js:30:5: error: ft: static/async/generator methods unsupported
    static fromAffine(p) {
    ^
../noble-secp256k1/index.js:33:5: error: ft: static/async/generator methods unsupported
    static fromHex(hex) {
    ^
../noble-secp256k1/index.js:52:5: error: ft: static/async/generator methods unsupported
    static fromPrivateKey(k) { return G.mul(toPriv(k)); } // Create point from a private key.
    ^
../noble-secp256k1/index.js:109:12: warning: ft: typing of pattern parameters not implemented, :any assumed
    mul(n, safe = true) {
           ^~~~~~~~~~~
../noble-secp256k1/index.js:149:11: warning: ft: typing of pattern parameters not implemented, :any assumed
    toHex(isCompressed = true) {
          ^~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:154:16: warning: ft: typing of pattern parameters not implemented, :any assumed
    toRawBytes(isCompressed = true) {
               ^~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:160:7: warning: ft: typing of object declarators not implemented, :any assumed
const { BASE: G, ZERO: I } = Point; // Generator, identity points
      ^~~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:178:27: error: ft: incompatible binary operation: + cannot be applied to string and union
const b2n = (b) => BigInt('0x' + (b2h(b) || '0')); // bytes to number
                          ^~~~~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:184:18: warning: ft: typing of pattern parameters not implemented, :any assumed
const concatB = (...arrs) => {
                 ^~~~~~~
../noble-secp256k1/index.js:185:19: warning: local variable may be used prior to declaration, assuming 'any'
    const r = u8n(arrs.reduce((sum, a) => sum + au8(a).length, 0)); // create u8a of summed length
                  ^~~~
../noble-secp256k1/index.js:187:5: warning: local variable may be used prior to declaration, assuming 'any'
    arrs.forEach(a => { r.set(a, pad); pad += a.length; }); // ensure they have proper type
    ^~~~
../noble-secp256k1/index.js:190:19: warning: ft: typing of pattern parameters not implemented, :any assumed
const inv = (num, md = P) => {
                  ^~~~~~
../noble-secp256k1/index.js:191:23: warning: local variable may be used prior to declaration, assuming 'any'
    if (num === 0n || md <= 0n)
                      ^~
../noble-secp256k1/index.js:192:47: warning: local variable may be used prior to declaration, assuming 'any'
        err('no inverse n=' + num + ' mod=' + md); // no neg exponent for now
                                              ^~
../noble-secp256k1/index.js:193:22: warning: local variable may be used prior to declaration, assuming 'any'
    let a = mod(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;
                     ^~
../noble-secp256k1/index.js:193:31: warning: local variable may be used prior to declaration, assuming 'any'
    let a = mod(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;
                              ^~
../noble-secp256k1/index.js:199:30: warning: local variable may be used prior to declaration, assuming 'any'
    return b === 1n ? mod(x, md) : err('no inverse'); // b is gcd at this point
                             ^~
../noble-secp256k1/index.js:216:32: warning: ft: typing of pattern parameters not implemented, :any assumed
const getPublicKey = (privKey, isCompressed = true) => {
                               ^~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:217:18: error: ft: named property access only allowed on objects, found class constructor
    return Point.fromPrivateKey(privKey).toRawBytes(isCompressed); // 33b or 65b output
                 ^~~~~~~~~~~~~~
../noble-secp256k1/index.js:217:53: warning: local variable may be used prior to declaration, assuming 'any'
    return Point.fromPrivateKey(privKey).toRawBytes(isCompressed); // 33b or 65b output
                                                    ^~~~~~~~~~~~
../noble-secp256k1/index.js:226:5: error: ft: static/async/generator methods unsupported
    static fromCompact(hex) {
    ^
../noble-secp256k1/index.js:270:30: warning: ft: typing of pattern parameters not implemented, :any assumed
const prepSig = (msgh, priv, opts = optS) => {
                             ^~~~~~~~~~~
../noble-secp256k1/index.js:271:43: error: ft: unknown array property
    if (['der', 'recovered', 'canonical'].some(k => k in opts)) // Ban legacy options
                                          ^~~~
../noble-secp256k1/index.js:271:58: warning: local variable may be used prior to declaration, assuming 'any'
    if (['der', 'recovered', 'canonical'].some(k => k in opts)) // Ban legacy options
                                                         ^~~~
../noble-secp256k1/index.js:273:9: warning: ft: typing of object declarators not implemented, :any assumed
    let { lowS } = opts; // generates low-s sigs by default
        ^~~~~~~~
../noble-secp256k1/index.js:273:20: warning: local variable may be used prior to declaration, assuming 'any'
    let { lowS } = opts; // generates low-s sigs by default
                   ^~~~
../noble-secp256k1/index.js:274:9: warning: local variable may be used prior to declaration, assuming 'any'
    if (lowS == null)
        ^~~~
../noble-secp256k1/index.js:275:9: warning: local variable may be used prior to declaration, assuming 'any'
        lowS = true; // RFC6979 3.2: we skip step A
        ^~~~
../noble-secp256k1/index.js:280:15: warning: local variable may be used prior to declaration, assuming 'any'
    let ent = opts.extraEntropy; // RFC6979 3.6: additional k' (optional)
              ^~~~
../noble-secp256k1/index.js:283:19: warning: local variable may be used prior to declaration, assuming 'any'
            ent = etc.randomBytes(fLen); // if true, use CSPRNG to generate data
                  ^~~
../noble-secp256k1/index.js:295:19: warning: local variable may be used prior to declaration, assuming 'any'
        const q = G.mul(k).aff(); // q = Gk
                  ^
../noble-secp256k1/index.js:304:13: warning: local variable may be used prior to declaration, assuming 'any'
        if (lowS && moreThanHalfN(s)) { // if lowS was passed, ensure s is always
            ^~~~
../noble-secp256k1/index.js:377:38: warning: ft: typing of pattern parameters not implemented, :any assumed
const signAsync = async (msgh, priv, opts = optS) => {
                                     ^~~~~~~~~~~
../noble-secp256k1/index.js:378:11: warning: ft: typing of object declarators not implemented, :any assumed
    const { seed, k2sig } = prepSig(msgh, priv, opts); // Extract arguments for hmac-drbg
          ^~~~~~~~~~~~~~~
../noble-secp256k1/index.js:378:49: warning: local variable may be used prior to declaration, assuming 'any'
    const { seed, k2sig } = prepSig(msgh, priv, opts); // Extract arguments for hmac-drbg
                                                ^~~~
../noble-secp256k1/index.js:379:27: warning: local variable may be used prior to declaration, assuming 'any'
    return hmacDrbg(true)(seed, k2sig); // Re-run drbg until k2sig returns ok
                          ^~~~
../noble-secp256k1/index.js:379:33: warning: local variable may be used prior to declaration, assuming 'any'
    return hmacDrbg(true)(seed, k2sig); // Re-run drbg until k2sig returns ok
                                ^~~~~
../noble-secp256k1/index.js:381:27: warning: ft: typing of pattern parameters not implemented, :any assumed
const sign = (msgh, priv, opts = optS) => {
                          ^~~~~~~~~~~
../noble-secp256k1/index.js:382:11: warning: ft: typing of object declarators not implemented, :any assumed
    const { seed, k2sig } = prepSig(msgh, priv, opts); // Extract arguments for hmac-drbg
          ^~~~~~~~~~~~~~~
../noble-secp256k1/index.js:382:49: warning: local variable may be used prior to declaration, assuming 'any'
    const { seed, k2sig } = prepSig(msgh, priv, opts); // Extract arguments for hmac-drbg
                                                ^~~~
../noble-secp256k1/index.js:383:28: warning: local variable may be used prior to declaration, assuming 'any'
    return hmacDrbg(false)(seed, k2sig); // Re-run drbg until k2sig returns ok
                           ^~~~
../noble-secp256k1/index.js:383:34: warning: local variable may be used prior to declaration, assuming 'any'
    return hmacDrbg(false)(seed, k2sig); // Re-run drbg until k2sig returns ok
                                 ^~~~~
../noble-secp256k1/index.js:385:33: warning: ft: typing of pattern parameters not implemented, :any assumed
const verify = (sig, msgh, pub, opts = optV) => {
                                ^~~~~~~~~~~
../noble-secp256k1/index.js:386:9: warning: ft: typing of object declarators not implemented, :any assumed
    let { lowS } = opts; // ECDSA signature verification
        ^~~~~~~~
../noble-secp256k1/index.js:386:20: warning: local variable may be used prior to declaration, assuming 'any'
    let { lowS } = opts; // ECDSA signature verification
                   ^~~~
../noble-secp256k1/index.js:387:9: warning: local variable may be used prior to declaration, assuming 'any'
    if (lowS == null)
        ^~~~
../noble-secp256k1/index.js:388:9: warning: local variable may be used prior to declaration, assuming 'any'
        lowS = true; // Default lowS=true
        ^~~~
../noble-secp256k1/index.js:389:21: warning: local variable may be used prior to declaration, assuming 'any'
    if ('strict' in opts)
                    ^~~~
../noble-secp256k1/index.js:396:21: error: ft: class Signature constructor expects 3 arguments, but 2 supplied
        sig_ = rs ? new Signature(sig.r, sig.s).assertValidity() : Signature.fromCompact(sig);
                    ^~~~~~~~~~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:396:78: error: ft: named property access only allowed on objects, found class constructor
        sig_ = rs ? new Signature(sig.r, sig.s).assertValidity() : Signature.fromCompact(sig);
                                                                             ^~~~~~~~~~~
../noble-secp256k1/index.js:398:53: error: ft: named property access only allowed on objects, found class constructor
        P = pub instanceof Point ? pub.ok() : Point.fromHex(pub); // Validate public key
                                                    ^~~~~~~
../noble-secp256k1/index.js:405:11: warning: ft: typing of object declarators not implemented, :any assumed
    const { r, s } = sig_;
          ^~~~~~~~
../noble-secp256k1/index.js:406:9: warning: local variable may be used prior to declaration, assuming 'any'
    if (lowS && moreThanHalfN(s))
        ^~~~
../noble-secp256k1/index.js:406:31: warning: local variable may be used prior to declaration, assuming 'any'
    if (lowS && moreThanHalfN(s))
                              ^
../noble-secp256k1/index.js:410:24: warning: local variable may be used prior to declaration, assuming 'any'
        const is = inv(s, N); // s^-1
                       ^
../noble-secp256k1/index.js:412:24: warning: local variable may be used prior to declaration, assuming 'any'
        const u2 = mod(r * is, N); // u2 = rs^-1 mod n
                       ^
../noble-secp256k1/index.js:413:13: warning: local variable may be used prior to declaration, assuming 'any'
        R = G.mulAddQUns(P, u1, u2).aff(); // R = u1⋅G + u2⋅P
../noble-secp256k1/index.js:421:18: warning: local variable may be used prior to declaration, assuming 'any'
    return v === r; // mod(R.x, n) == r
                 ^
../noble-secp256k1/index.js:423:39: warning: ft: typing of pattern parameters not implemented, :any assumed
const getSharedSecret = (privA, pubB, isCompressed = true) => {
                                      ^~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:424:18: error: ft: named property access only allowed on objects, found class constructor
    return Point.fromHex(pubB).mul(toPriv(privA)).toRawBytes(isCompressed); // ECDH
                 ^~~~~~~
../noble-secp256k1/index.js:424:62: warning: local variable may be used prior to declaration, assuming 'any'
    return Point.fromHex(pubB).mul(toPriv(privA)).toRawBytes(isCompressed); // ECDH
                                                             ^~~~~~~~~~~~
../noble-secp256k1/index.js:438:34: warning: ft: typing of pattern parameters not implemented, :any assumed
    hmacSha256Async: async (key, ...msgs) => {
                                 ^~~~~~~
../noble-secp256k1/index.js:444:55: warning: local variable may be used prior to declaration, assuming 'any'
        return u8n(await s.sign('HMAC', k, concatB(...msgs)));
                                                      ^~~~
../noble-secp256k1/index.js:448:19: warning: ft: typing of pattern parameters not implemented, :any assumed
    randomBytes: (len = 32) => {
                  ^~~~~~~~
../noble-secp256k1/index.js:452:43: warning: local variable may be used prior to declaration, assuming 'any'
        return crypto.getRandomValues(u8n(len));
                                          ^~~
../noble-secp256k1/index.js:464:5: warning: ft: unsupported property for typed object, assuming 'any'
    precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../noble-secp256k1/index.js:464:16: warning: ft: typing of pattern parameters not implemented, :any assumed
    precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
               ^~~~~
../noble-secp256k1/index.js:464:23: warning: ft: typing of pattern parameters not implemented, :any assumed
    precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
                      ^~~~~
../noble-secp256k1/index.js:464:32: warning: local variable may be used prior to declaration, assuming 'any'
    precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
                               ^
../noble-secp256k1/index.js:464:48: warning: local variable may be used prior to declaration, assuming 'any'
    precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
                                               ^
../noble-secp256k1/index.js:464:58: warning: local variable may be used prior to declaration, assuming 'any'
    precompute(w = 8, p = G) { p.multiply(3n); w; return p; }, // no-op
                                                         ^
../noble-secp256k1/index.js:472:20: warning: ft: empty array with no context, assuming 'any' array
    const points = []; // 10x sign(), 2x verify(). To achieve this,
                   ^~
../noble-secp256k1/index.js:474:13: warning: local variable may be used prior to declaration, assuming 'any'
    let p = G, b = p; // a lot of points related to base point G.
            ^
../noble-secp256k1/index.js:491:13: warning: local variable may be used prior to declaration, assuming 'any'
    let p = I, f = G; // f must be G, or could become I in the end
            ^
../noble-secp256k1/index.js:491:20: warning: local variable may be used prior to declaration, assuming 'any'
    let p = I, f = G; // f must be G, or could become I in the end
                   ^
../noble-secp256k1/index.js:508:38: error: ft: indexed access only allowed on array and tuple, found void
            f = f.add(neg(cnd1, comp[off1])); // bits are 0: add garbage to fake point
                                     ^~~~
../noble-secp256k1/index.js:511:38: error: ft: indexed access only allowed on array and tuple, found void
            p = p.add(neg(cnd2, comp[off2])); // bits are 1: add to result point
                                     ^~~~
Emitted 13 errors. exiting.

@alexandrius
Copy link

@paulmillr have you had a chance to check static hermes out?

@paulmillr
Copy link
Owner Author

paulmillr commented Nov 19, 2024

@alexandrius the build commands do not produce any shermes file and with hermes --static flag does not work

@alexandrius
Copy link

@paulmillr did you checkout to static_h branch? I missed the part in the command

@paulmillr
Copy link
Owner Author

paulmillr commented Nov 19, 2024

I have removed all initial errors (see https://gist.github.com/paulmillr/d9d5fdf8d8c9d7c954e9f26fdd30bc9d) but then compiler emitted 20 more errors.

Seems like it's unreasonably complex for now.

There are no docs or guidelines or example how to fix stuff. For example I have property s not defined in class Signature - but it's clearly specified in constructor. ETc.

@paulmillr
Copy link
Owner Author

I've wrote a bunch of formulas to fit everything in 100 lines. Even this code doesn't work and is constantly segfaulting. https://gist.github.com/paulmillr/8002c140bec8ea64fd3b5efcf867eaf1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants