ForeignCurve
Constructors
new ForeignCurve()
new ForeignCurve(g: {
"x": number | bigint | Field3 | AlmostForeignField;
"y": number | bigint | Field3 | AlmostForeignField;
}): ForeignCurve
Create a new ForeignCurve from an object representing the (affine) x and y coordinates.
Note: Inputs must be range checked if they originate from a different field with a different modulus or if they are not constants. Please refer to the ForeignField constructor comments for more details.
Parameters
• g
• g.x: number | bigint | Field3 | AlmostForeignField
• g.y: number | bigint | Field3 | AlmostForeignField
Returns
Example
let x = new ForeignCurve({ x: 1n, y: 1n });
Important: By design, there is no way for a ForeignCurve to represent the zero point.
Warning: This fails for a constant input which does not represent an actual point on the curve.
Source
lib/provable/crypto/foreign-curve.ts:49
Properties
x
x: AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:32
y
y: AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:33
_Bigint?
static optional _Bigint: {};
Source
lib/provable/crypto/foreign-curve.ts:362
_Field?
static optional _Field: typeof AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:363
_Scalar?
static optional _Scalar: typeof AlmostForeignField;
Source
lib/provable/crypto/foreign-curve.ts:364
_provable?
static optional _provable: ProvablePureExtended<ForeignCurve, {
"x": bigint;
"y": bigint;
}, {
"x": string;
"y": string;
}>;
Source
lib/provable/crypto/foreign-curve.ts:365
Accessors
Constructor
get Constructor(): typeof ForeignCurve
Returns
typeof ForeignCurve
Source
lib/provable/crypto/foreign-curve.ts:359
modulus
get modulus(): bigint
The size of the curve's base field.
Returns
bigint
Source
lib/provable/crypto/foreign-curve.ts:203
Bigint
get static Bigint(): {}
Curve arithmetic on JS bigints.
Returns
{}
Source
lib/provable/crypto/foreign-curve.ts:374
Field
get static Field(): typeof AlmostForeignField
The base field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Source
lib/provable/crypto/foreign-curve.ts:381
Scalar
get static Scalar(): typeof AlmostForeignField
The scalar field of this curve as a ForeignField.
Returns
typeof AlmostForeignField
Source
lib/provable/crypto/foreign-curve.ts:388
generator
get static generator(): ForeignCurve
The constant generator point.
Returns
Source
lib/provable/crypto/foreign-curve.ts:191
modulus
get static modulus(): bigint
The size of the curve's base field.
Returns
bigint
Source
lib/provable/crypto/foreign-curve.ts:197
provable
get static provable(): ProvablePureExtended<ForeignCurve, {
"x": bigint;
"y": bigint;
}, {
"x": string;
"y": string;
}>
Provable<ForeignCurve>
Returns
ProvablePureExtended\<ForeignCurve, {
"x": bigint;
"y": bigint;
}, {
"x": string;
"y": string;
}>
Source
lib/provable/crypto/foreign-curve.ts:395
Methods
add()
add(h: ForeignCurve | FlexiblePoint): ForeignCurve
Elliptic curve addition.
let r = p.add(q); // r = p + q
Important: this is incomplete addition and does not handle the degenerate cases:
- Inputs are equal,
g = h(where you would use double). In this case, the result of this method is garbage and can be manipulated arbitrarily by a malicious prover. - Inputs are inverses of each other,
g = -h, so that the result would be the zero point. In this case, the proof fails.
If you want guaranteed soundness regardless of the input, use addSafe instead.
Parameters
• h: ForeignCurve | FlexiblePoint
Returns
Throws
if the inputs are inverses of each other.
Source
lib/provable/crypto/foreign-curve.ts:243
addSafe()
addSafe(h: ForeignCurve | FlexiblePoint): ForeignCurve
Safe elliptic curve addition.
This is the same as add, but additionally proves that the inputs are not equal. Therefore, the method is guaranteed to either fail or return a valid addition result.
Beware: this is more expensive than add, and is still incomplete in that it does not succeed on equal or inverse inputs.
Parameters
• h: ForeignCurve | FlexiblePoint
Returns
Throws
if the inputs are equal or inverses of each other.
Source
lib/provable/crypto/foreign-curve.ts:261
assertInSubgroup()
assertInSubgroup(): void
Assert that this point lies in the subgroup defined by order*P = 0.
Note: this is a no-op if the curve has cofactor equal to 1. Otherwise
it performs the full scalar multiplication order*P and is expensive.
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:341
assertOnCurve()
assertOnCurve(): void
Assert that this point lies on the elliptic curve, which means it satisfies the equation
y^2 = x^3 + ax + b
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:325
double()
double(): ForeignCurve
Elliptic curve doubling.
Returns
Example
let r = p.double(); // r = 2 * p
Source
lib/provable/crypto/foreign-curve.ts:280
isConstant()
isConstant(): boolean
Checks whether this curve point is constant.
See FieldVar to understand constants vs variables.
Returns
boolean
Source
lib/provable/crypto/foreign-curve.ts:212
negate()
negate(): ForeignCurve
Elliptic curve negation.
Returns
Example
let r = p.negate(); // r = -p
Source
lib/provable/crypto/foreign-curve.ts:294
scale()
scale(scalar: number | bigint | AlmostForeignField): ForeignCurve
Elliptic curve scalar multiplication, where the scalar is represented as a ForeignField element.
Important: this proves that the result of the scalar multiplication is not the zero point.
Parameters
• scalar: number | bigint | AlmostForeignField
Returns
Throws
if the scalar multiplication results in the zero point; for example, if the scalar is zero.
Example
let r = p.scale(s); // r = s * p
Source
lib/provable/crypto/foreign-curve.ts:310
toBigint()
toBigint(): GroupAffine
Convert this curve point to a point with bigint coordinates.
Returns
GroupAffine
Source
lib/provable/crypto/foreign-curve.ts:219
assertInSubgroup()
static assertInSubgroup(g: ForeignCurve): void
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:329
assertOnCurve()
static assertOnCurve(g: ForeignCurve): void
Parameters
• g: ForeignCurve
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:317
check()
static check(g: ForeignCurveNotNeeded): void
Check that this is a valid element of the target subgroup of the curve:
- Check that the coordinates are valid field elements
- Use () to check that the point lies on the curve
- If the curve has cofactor unequal to 1, use ().
Parameters
• g: ForeignCurveNotNeeded
Returns
void
Source
lib/provable/crypto/foreign-curve.ts:351
from()
static from(g: ForeignCurve | FlexiblePoint): ForeignCurve
Coerce the input to a ForeignCurve.
Parameters
• g: ForeignCurve | FlexiblePoint
Returns
Source
lib/provable/crypto/foreign-curve.ts:65
fromEthers()
static fromEthers(hex: string): ForeignCurve
Create a new ForeignCurve instance from an Ethereum public key in hex format, which may be either compressed or uncompressed. This method is designed to handle the parsing of public keys as used by the ethers.js library.
The input should represent the affine x and y coordinates of the point, in hexadecimal format. Compressed keys are 33 bytes long and begin with 0x02 or 0x03, while uncompressed keys are 65 bytes long and begin with 0x04.
Warning: This method is specifically designed for use with the Secp256k1 curve. Using it with other curves may result in incorrect behavior or errors. Ensure that the curve setup matches Secp256k1, as shown in the example, to avoid unintended issues.
Parameters
• hex: string
The public key as a hexadecimal string (without the "0x" prefix).
Returns
A new instance of the curve representing the given public key.
Example
import { Wallet, Signature, getBytes } from 'ethers';
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
const wallet = Wallet.createRandom();
const publicKey = Secp256k1.fromEthers(wallet.publicKey.slice(2));
Source
lib/provable/crypto/foreign-curve.ts:143
fromHex()
static fromHex(hex: string): ForeignCurve
Parses a hexadecimal string representing an uncompressed elliptic curve point and coerces it into a ForeignCurve point.
The method extracts the x and y coordinates from the provided hex string and verifies that the resulting point lies on the curve.
Note: This method only supports uncompressed elliptic curve points, which are 65 bytes in total (1-byte prefix + 32 bytes for x + 32 bytes for y).
Parameters
• hex: string
The hexadecimal string representing the uncompressed elliptic curve point.
Returns
- A point on the foreign curve, parsed from the given hexadecimal string.
Throws
- Throws an error if the input is not a valid public key.
Example
class Secp256k1 extends createForeignCurve(Crypto.CurveParams.Secp256k1) {}
const publicKeyHex = '04f8b8db25c619d0c66b2dc9e97ecbafafae...'; // Example hex string for uncompressed point
const point = Secp256k1.fromHex(publicKeyHex);
Important: This method is only designed to handle uncompressed elliptic curve points in hex format.