Improve tree-shaking

Author: paulmillr

src/abstract/curve.ts

@@ -7,8 +7,8 @@
 import { bitLen, bitMask, type Signer } from '../utils.ts';
 import { Field, FpInvertBatch, validateField, type IField } from './modular.ts';
 
-const _0n = BigInt(0);
-const _1n = BigInt(1);
+const _0n = /* @__PURE__ */ BigInt(0);
+const _1n = /* @__PURE__ */ BigInt(1);
 
 export type AffinePoint<T> = {
   x: T;
@@ -592,7 +592,7 @@ function createField<T>(order: bigint, field?: IField<T>, isLE?: boolean): IFiel
 export type FpFn<T> = { Fp: IField<T>; Fn: IField<bigint> };
 
 /** Validates CURVE opts and creates fields */
-export function _createCurveFields<T>(
+export function createCurveFields<T>(
   type: 'weierstrass' | 'edwards',
   CURVE: ValidCurveParams<T>,
   curveOpts: Partial<FpFn<T>> = {},

src/abstract/edwards.ts

@@ -23,7 +23,7 @@ import {
   type Signer,
 } from '../utils.ts';
 import {
-  _createCurveFields,
+  createCurveFields,
   createKeygen,
   normalizeZ,
   wNAF,
@@ -185,7 +185,7 @@ function isEdValidXY(Fp: IField<bigint>, CURVE: EdwardsOpts, x: bigint, y: bigin
 }
 
 export function edwards(params: EdwardsOpts, extraOpts: EdwardsExtraOpts = {}): EdwardsPointCons {
-  const validated = _createCurveFields('edwards', params, extraOpts, extraOpts.FpFnLE);
+  const validated = createCurveFields('edwards', params, extraOpts, extraOpts.FpFnLE);
   const { Fp, Fn } = validated;
   let CURVE = validated.CURVE as EdwardsOpts;
   const { h: cofactor } = CURVE;

src/abstract/modular.ts

@@ -15,12 +15,14 @@ import {
   numberToBytesLE,
 } from '../utils.ts';
 
+// Numbers aren't used in x25519 / x448 builds
 // prettier-ignore
-const _0n = BigInt(0), _1n = /* @__PURE__ */ BigInt(1), _2n = /* @__PURE__ */ BigInt(2), _3n = /* @__PURE__ */ BigInt(3);
+const _0n = /* @__PURE__ */ BigInt(0), _1n = /* @__PURE__ */ BigInt(1), _2n = /* @__PURE__ */ BigInt(2);
 // prettier-ignore
-const _4n = /* @__PURE__ */ BigInt(4), _5n = /* @__PURE__ */ BigInt(5), _7n = /* @__PURE__ */ BigInt(7);
+const _3n = /* @__PURE__ */ BigInt(3), _4n = /* @__PURE__ */ BigInt(4), _5n = /* @__PURE__ */ BigInt(5);
 // prettier-ignore
-const _8n = /* @__PURE__ */ BigInt(8), _9n = /* @__PURE__ */ BigInt(9), _16n = /* @__PURE__ */ BigInt(16);
+const _7n = /* @__PURE__ */ BigInt(7), _8n = /* @__PURE__ */ BigInt(8), _9n = /* @__PURE__ */ BigInt(9);
+const _16n = /* @__PURE__ */ BigInt(16);
 
 // Calculates a modulo b
 export function mod(a: bigint, b: bigint): bigint {

src/abstract/weierstrass.ts

@@ -47,7 +47,7 @@ import {
   type Signer,
 } from '../utils.ts';
 import {
-  _createCurveFields,
+  createCurveFields,
   createKeygen,
   mulEndoUnsafe,
   negateCt,
@@ -444,7 +444,7 @@ export function weierstrass<T>(
   params: WeierstrassOpts<T>,
   extraOpts: WeierstrassExtraOpts<T> = {}
 ): WeierstrassPointCons<T> {
-  const validated = _createCurveFields('weierstrass', params, extraOpts);
+  const validated = createCurveFields('weierstrass', params, extraOpts);
   const { Fp, Fn } = validated;
   let CURVE = validated.CURVE as WeierstrassOpts<T>;
   const { h: cofactor, n: CURVE_ORDER } = CURVE;

src/ed25519.ts

@@ -40,7 +40,7 @@ import { createORPF, type OPRF } from './abstract/oprf.ts';
 import { asciiToBytes, bytesToNumberLE, equalBytes } from './utils.ts';
 
 // prettier-ignore
-const _0n = /* @__PURE__ */ BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3);
+const _0n = /* @__PURE__ */ BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _3n = /* @__PURE__ */ BigInt(3);
 // prettier-ignore
 const _5n = BigInt(5), _8n = BigInt(8);
 

src/ed448.ts

@@ -38,10 +38,11 @@ import { abytes, asciiToBytes, bytesToNumberLE, equalBytes } from './utils.ts';
 // Finite field 2n**448n - 2n**224n - 1n
 // Subgroup order
 // 2n**446n - 13818066809895115352007386748515426880336692474882178609894547503885n
-const ed448_CURVE: EdwardsOpts = {
-  p: BigInt(
-    '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
-  ),
+const ed448_CURVE_p = BigInt(
+  '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
+);
+const ed448_CURVE: EdwardsOpts = /* @__PURE__ */ (() => ({
+  p: ed448_CURVE_p,
   n: BigInt(
     '0x3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3'
   ),
@@ -56,36 +57,37 @@ const ed448_CURVE: EdwardsOpts = {
   Gy: BigInt(
     '0x693f46716eb6bc248876203756c9c7624bea73736ca3984087789c1e05a0c2d73ad3ff1ce67c39c4fdbd132c4ed7c8ad9808795bf230fa14'
   ),
-};
+}))();
 
 // E448 NIST curve is identical to edwards448, except for:
 // d = 39082/39081
 // Gx = 3/2
-const E448_CURVE: EdwardsOpts = Object.assign({}, ed448_CURVE, {
-  d: BigInt(
-    '0xd78b4bdc7f0daf19f24f38c29373a2ccad46157242a50f37809b1da3412a12e79ccc9c81264cfe9ad080997058fb61c4243cc32dbaa156b9'
-  ),
-  Gx: BigInt(
-    '0x79a70b2b70400553ae7c9df416c792c61128751ac92969240c25a07d728bdc93e21f7787ed6972249de732f38496cd11698713093e9c04fc'
-  ),
-  Gy: BigInt(
-    '0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000000000000000000000000000000000000000000000000001'
-  ),
-});
+const E448_CURVE: EdwardsOpts = /* @__PURE__ */ (() =>
+  Object.assign({}, ed448_CURVE, {
+    d: BigInt(
+      '0xd78b4bdc7f0daf19f24f38c29373a2ccad46157242a50f37809b1da3412a12e79ccc9c81264cfe9ad080997058fb61c4243cc32dbaa156b9'
+    ),
+    Gx: BigInt(
+      '0x79a70b2b70400553ae7c9df416c792c61128751ac92969240c25a07d728bdc93e21f7787ed6972249de732f38496cd11698713093e9c04fc'
+    ),
+    Gy: BigInt(
+      '0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000000000000000000000000000000000000000000000000001'
+    ),
+  }))();
 
 const shake256_114 = /* @__PURE__ */ wrapConstructor(() => shake256.create({ dkLen: 114 }));
 const shake256_64 = /* @__PURE__ */ wrapConstructor(() => shake256.create({ dkLen: 64 }));
 
 // prettier-ignore
-const _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);
+const _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = /* @__PURE__ */ BigInt(4), _11n = BigInt(11);
 // prettier-ignore
 const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);
 
 // powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.
 // Used for efficient square root calculation.
 // ((P-3)/4).toString(2) would produce bits [223x 1, 0, 222x 1]
 function ed448_pow_Pminus3div4(x: bigint): bigint {
-  const P = ed448_CURVE.p;
+  const P = ed448_CURVE_p;
   const b2 = (x * x * x) % P;
   const b3 = (b2 * b2 * x) % P;
   const b6 = (pow2(b3, _3n, P) * b3) % P;
@@ -114,7 +116,7 @@ function adjustScalarBytes(bytes: Uint8Array): Uint8Array {
 // Constant-time ratio of u to v. Allows to combine inversion and square root u/√v.
 // Uses algo from RFC8032 5.1.3.
 function uvRatio(u: bigint, v: bigint): { isValid: boolean; value: bigint } {
-  const P = ed448_CURVE.p;
+  const P = ed448_CURVE_p;
   // https://www.rfc-editor.org/rfc/rfc8032#section-5.2.3
   // To compute the square root of (u/v), the first step is to compute the
   //   candidate root x = (u/v)^((p+1)/4).  This can be done using the
@@ -137,10 +139,10 @@ function uvRatio(u: bigint, v: bigint): { isValid: boolean; value: bigint } {
 // The value fits in 448 bits, but we use 456-bit (57-byte) elements because of bitflags.
 // - ed25519 fits in 255 bits, allowing using last 1 byte for specifying bit flag of point negation.
 // - ed448 fits in 448 bits. We can't use last 1 byte: we can only use a bit 224 in the middle.
-const Fp = /* @__PURE__ */ (() => Field(ed448_CURVE.p, { BITS: 456, isLE: true }))();
+const Fp = /* @__PURE__ */ (() => Field(ed448_CURVE_p, { BITS: 456, isLE: true }))();
 const Fn = /* @__PURE__ */ (() => Field(ed448_CURVE.n, { BITS: 456, isLE: true }))();
 // decaf448 uses 448-bit (56-byte) keys
-const Fp448 = /* @__PURE__ */ (() => Field(ed448_CURVE.p, { BITS: 448, isLE: true }))();
+const Fp448 = /* @__PURE__ */ (() => Field(ed448_CURVE_p, { BITS: 448, isLE: true }))();
 const Fn448 = /* @__PURE__ */ (() => Field(ed448_CURVE.n, { BITS: 448, isLE: true }))();
 
 // SHAKE256(dom4(phflag,context)||x, 114)
@@ -154,7 +156,7 @@ function dom4(data: Uint8Array, ctx: Uint8Array, phflag: boolean) {
   );
 }
 const ed448_eddsa_opts = { adjustScalarBytes, domain: dom4 };
-const ed448_Point = edwards(ed448_CURVE, { Fp, Fn, uvRatio });
+const ed448_Point = /* @__PURE__ */ edwards(ed448_CURVE, { Fp, Fn, uvRatio });
 
 /**
  * ed448 EdDSA curve and methods.
@@ -168,20 +170,21 @@ const ed448_Point = edwards(ed448_CURVE, { Fp, Fn, uvRatio });
  * const isValid = ed448.verify(sig, msg, publicKey);
  * ```
  */
-export const ed448: EdDSA = eddsa(ed448_Point, shake256_114, ed448_eddsa_opts);
+export const ed448: EdDSA = /* @__PURE__ */ eddsa(ed448_Point, shake256_114, ed448_eddsa_opts);
 
 // There is no ed448ctx, since ed448 supports ctx by default
 /** Prehashed version of ed448. See {@link ed448} */
-export const ed448ph: EdDSA = /* @__PURE__ */ eddsa(ed448_Point, shake256_114, {
-  ...ed448_eddsa_opts,
-  prehash: shake256_64,
-});
+export const ed448ph: EdDSA = /* @__PURE__ */ (() =>
+  eddsa(ed448_Point, shake256_114, {
+    ...ed448_eddsa_opts,
+    prehash: shake256_64,
+  }))();
 
 /**
  * E448 (NIST) != edwards448 used in ed448.
  * E448 is birationally equivalent to edwards448.
  */
-export const E448: EdwardsPointCons = edwards(E448_CURVE);
+export const E448: EdwardsPointCons = /* @__PURE__ */ edwards(E448_CURVE);
 
 /**
  * ECDH using curve448 aka x448.
@@ -195,7 +198,7 @@ export const E448: EdwardsPointCons = edwards(E448_CURVE);
  * ```
  */
 export const x448: MontgomeryECDH = /* @__PURE__ */ (() => {
-  const P = ed448_CURVE.p;
+  const P = ed448_CURVE_p;
   return montgomery({
     P,
     type: 'x448',
@@ -209,7 +212,7 @@ export const x448: MontgomeryECDH = /* @__PURE__ */ (() => {
 })();
 
 // Hash To Curve Elligator2 Map
-const ELL2_C1 = /* @__PURE__ */ (() => (Fp.ORDER - BigInt(3)) / BigInt(4))(); // 1. c1 = (q - 3) / 4         # Integer arithmetic
+const ELL2_C1 = /* @__PURE__ */ (() => (ed448_CURVE_p - BigInt(3)) / BigInt(4))(); // 1. c1 = (q - 3) / 4         # Integer arithmetic
 const ELL2_J = /* @__PURE__ */ BigInt(156326);
 
 function map_to_curve_elligator2_curve448(u: bigint) {
@@ -290,7 +293,7 @@ export const ed448_hasher: H2CHasher<EdwardsPointCons> = /* @__PURE__ */ (() =>
   createHasher(ed448_Point, (scalars: bigint[]) => map_to_curve_elligator2_edwards448(scalars[0]), {
     DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',
     encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',
-    p: Fp.ORDER,
+    p: ed448_CURVE_p,
     m: 1,
     k: 224,
     expand: 'xof',
@@ -318,9 +321,8 @@ const invertSqrt = (number: bigint) => uvRatio(_1n, number);
  * and [RFC9496](https://www.rfc-editor.org/rfc/rfc9496#name-element-derivation-2).
  */
 function calcElligatorDecafMap(r0: bigint): EdwardsPoint {
-  const { d } = ed448_CURVE;
-  const P = Fp.ORDER;
-  const mod = (n: bigint) => Fp.create(n);
+  const { d, p: P } = ed448_CURVE;
+  const mod = (n: bigint) => Fp448.create(n);
 
   const r = mod(-(r0 * r0)); // 1
   const u0 = mod(d * (r - _1n)); // 2
@@ -386,8 +388,7 @@ class _DecafPoint extends PrimeEdwardsPoint<_DecafPoint> {
 
   static fromBytes(bytes: Uint8Array): _DecafPoint {
     abytes(bytes, 56);
-    const { d } = ed448_CURVE;
-    const P = Fp.ORDER;
+    const { d, p: P } = ed448_CURVE;
     const mod = (n: bigint) => Fp448.create(n);
     const s = Fp448.fromBytes(bytes);
 
@@ -429,8 +430,8 @@ class _DecafPoint extends PrimeEdwardsPoint<_DecafPoint> {
    */
   toBytes(): Uint8Array {
     const { X, Z, T } = this.ep;
-    const P = Fp.ORDER;
-    const mod = (n: bigint) => Fp.create(n);
+    const P = ed448_CURVE.p;
+    const mod = (n: bigint) => Fp448.create(n);
     const u1 = mod(mod(X + T) * mod(X - T)); // 1
     const x2 = mod(X * X);
     const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2
@@ -451,7 +452,7 @@ class _DecafPoint extends PrimeEdwardsPoint<_DecafPoint> {
     const { X: X1, Y: Y1 } = this.ep;
     const { X: X2, Y: Y2 } = other.ep;
     // (x1 * y2 == y1 * x2)
-    return Fp.create(X1 * Y2) === Fp.create(Y1 * X2);
+    return Fp448.create(X1 * Y2) === Fp448.create(Y1 * X2);
   }
 
   is0(): boolean {

src/nist.ts

@@ -19,18 +19,18 @@ import {
 
 // p = 2n**224n * (2n**32n-1n) + 2n**192n + 2n**96n - 1n
 // a = Fp256.create(BigInt('-3'));
-const p256_CURVE: WeierstrassOpts<bigint> = {
+const p256_CURVE: WeierstrassOpts<bigint> = /* @__PURE__ */ (() => ({
   p: BigInt('0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff'),
   n: BigInt('0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551'),
   h: BigInt(1),
   a: BigInt('0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc'),
   b: BigInt('0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b'),
   Gx: BigInt('0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296'),
   Gy: BigInt('0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5'),
-};
+}))();
 
 // p = 2n**384n - 2n**128n - 2n**96n + 2n**32n - 1n
-const p384_CURVE: WeierstrassOpts<bigint> = {
+const p384_CURVE: WeierstrassOpts<bigint> = /* @__PURE__ */ (() => ({
   p: BigInt(
     '0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff'
   ),
@@ -50,10 +50,10 @@ const p384_CURVE: WeierstrassOpts<bigint> = {
   Gy: BigInt(
     '0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f'
   ),
-};
+}))();
 
 // p = 2n**521n - 1n
-const p521_CURVE: WeierstrassOpts<bigint> = {
+const p521_CURVE: WeierstrassOpts<bigint> = /* @__PURE__ */ (() => ({
   p: BigInt(
     '0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff'
   ),
@@ -73,7 +73,7 @@ const p521_CURVE: WeierstrassOpts<bigint> = {
   Gy: BigInt(
     '0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650'
   ),
-};
+}))();
 
 type SwuOpts = {
   A: bigint;
@@ -155,7 +155,7 @@ export const p384_oprf: OPRF = /* @__PURE__ */ (() =>
     hashToScalar: p384_hasher.hashToScalar,
   }))();
 
-const Fn521 = /* @__PURE__ */ Field(p521_CURVE.n, { allowedLengths: [65, 66] });
+const Fn521 = /* @__PURE__ */ (() => Field(p521_CURVE.n, { allowedLengths: [65, 66] }))();
 const p521_Point = /* @__PURE__ */ weierstrass(p521_CURVE, { Fn: Fn521 });
 /** NIST P521 (aka secp521r1) curve, ECDSA and ECDH methods. */
 export const p521: ECDSA = /* @__PURE__ */ ecdsa(p521_Point, sha512);