chore: upgrade noble curves (#4179)

gabrocheleau · ScottyPoi · holgerd77 · web-flow · commit a8d3faa8d94c · 2025-11-20T17:00:26.000+01:00
* chore: upgrade noble curves

* chore: upgrade noble hashes

* chore: fix type issue for cjs

* chore: attempt to fix import issues

* fix: lint issue

* evm: fix p256 import

* evm: use updated p256 API

* evm: use updated Point api

* chore: attempt to fix tests

* chore: attempt higher timeout

* chore: attempt to fix

* chore: add prehash to cspell

* chore: attempt noble fix

* Add lowS: false to p256.sign() and p256.verify()

* Add prehash: false to p256.verify/sign methods

* Attempted Noble bn254 mul fix (modulus is embedded in the create() method)

---------

Co-authored-by: ScottyPoi &lt;scott.simpson@ethereum.org&gt;
Co-authored-by: Holger Drewes &lt;Holger.Drewes@gmail.com&gt;
diff --git a/config/cspell-ts.json b/config/cspell-ts.json
@@ -24,6 +24,7 @@
     }
   ],
   "words": [
+    "prehash",
     "viem",
     "immediates",
     "unerasable",
@@ -644,4 +645,4 @@
     "Damgård",
     "viem"
   ]
-}
+}
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/evm/README.md b/packages/evm/README.md
@@ -382,7 +382,7 @@ const pointY = bigIntToHex(pointPubKey.Y)
 
 // Message (hash) / signature
 const msg = new TextEncoder().encode('Hello Fusaka!')
-const sig = p256.sign(msg, secretKey)
+const sig = p256.sign(msg, secretKey, { lowS: false, prehash: false })
 const msgHash = bytesToHex(sha256(msg))
 const sigR = bytesToHex(sig).substring(2, 64 + 2)
 const sigS = bytesToHex(sig).substring(64 + 2)
diff --git a/packages/evm/examples/precompiles/100-p256verify.ts b/packages/evm/examples/precompiles/100-p256verify.ts
@@ -1,6 +1,12 @@
 import { Hardfork } from '@ethereumjs/common'
-import { type PrefixedHexString, bytesToHex, randomBytes, utf8ToBytes } from '@ethereumjs/util'
-import { p256 } from '@noble/curves/p256'
+import {
+  type PrefixedHexString,
+  bytesToHex,
+  bytesToUnprefixedHex,
+  randomBytes,
+  utf8ToBytes,
+} from '@ethereumjs/util'
+import { p256 } from '@noble/curves/nist.js'
 import { sha256 } from 'ethereum-cryptography/sha256.js'
 import { runPrecompile } from './util.ts'
 
@@ -18,18 +24,19 @@ const main = async () => {
   const message = 'ethereumjs-evm-p256verify-example'
   const messageHash = sha256(utf8ToBytes(message))
 
-  const privateKey = randomBytes(32)
-  const publicKey = p256.ProjectivePoint.fromPrivateKey(privateKey).toAffine()
+  const privateKey = p256.utils.randomSecretKey()
+  const publicKey = p256.getPublicKey(privateKey, false) // Get uncompressed public key
 
-  const signature = p256.sign(messageHash, privateKey)
+  const signatureBytes = p256.sign(messageHash, privateKey, { lowS: false, prehash: false })
+  const signature = p256.Signature.fromBytes(signatureBytes)
 
   const padHex = (value: bigint) => value.toString(16).padStart(64, '0')
 
   const msgHashHex = bytesToHex(messageHash)
   const rHex = padHex(signature.r)
   const sHex = padHex(signature.s)
-  const qxHex = padHex(publicKey.x)
-  const qyHex = padHex(publicKey.y)
+  const qxHex = bytesToUnprefixedHex(publicKey.slice(1, 33)).padStart(64, '0')
+  const qyHex = bytesToUnprefixedHex(publicKey.slice(33, 65)).padStart(64, '0')
 
   const data: PrefixedHexString = `${msgHashHex}${rHex}${sHex}${qxHex}${qyHex}`
 
diff --git a/packages/evm/package.json b/packages/evm/package.json
@@ -58,7 +58,7 @@
     "@ethereumjs/common": "^10.1.0",
     "@ethereumjs/statemanager": "^10.1.0",
     "@ethereumjs/util": "^10.1.0",
-    "@noble/curves": "^1.9.0",
+    "@noble/curves": "^2.0.1",
     "debug": "^4.4.0",
     "ethereum-cryptography": "^3.2.0",
     "eventemitter3": "^5.0.1"
diff --git a/packages/evm/src/precompiles/100-p256verify.ts b/packages/evm/src/precompiles/100-p256verify.ts
@@ -1,5 +1,5 @@
 import { bytesToBigInt, bytesToHex, setLengthLeft } from '@ethereumjs/util'
-import { p256 } from '@noble/curves/p256'
+import { p256 } from '@noble/curves/nist.js'
 
 import { OOGResult } from '../evm.ts'
 
@@ -103,7 +103,7 @@ export function precompile100(opts: PrecompileInput): ExecResult {
 
   try {
     // Create public key point
-    const publicKey = p256.ProjectivePoint.fromAffine({
+    const publicKey = p256.Point.fromAffine({
       x: qxBigInt,
       y: qyBigInt,
     })
@@ -115,10 +115,13 @@ export function precompile100(opts: PrecompileInput): ExecResult {
     signatureBytes.set(rBytes, 0)
     signatureBytes.set(sBytes, 32)
 
-    const signature = p256.Signature.fromCompact(signatureBytes)
+    const signature = p256.Signature.fromBytes(signatureBytes).toBytes()
 
     // Verify signature
-    const isValid = p256.verify(signature, msgHash, publicKey.toRawBytes(false))
+    const isValid = p256.verify(signature, msgHash, publicKey.toBytes(false), {
+      lowS: false,
+      prehash: false,
+    })
 
     if (isValid) {
       if (opts._debug !== undefined) {
diff --git a/packages/evm/src/precompiles/bls12_381/noble.ts b/packages/evm/src/precompiles/bls12_381/noble.ts
@@ -6,7 +6,7 @@ import {
   equalsBytes,
   setLengthLeft,
 } from '@ethereumjs/util'
-import { bls12_381 } from '@noble/curves/bls12-381'
+import { bls12_381 } from '@noble/curves/bls12-381.js'
 
 import { EVMError } from '../../errors.ts'
 
@@ -20,12 +20,14 @@ import {
   BLS_ZERO_BUFFER,
 } from './constants.ts'
 
-import type { Fp2 } from '@noble/curves/abstract/tower'
-import type { AffinePoint } from '@noble/curves/abstract/weierstrass'
+import type { Fp2 } from '@noble/curves/abstract/tower.js'
+import type { AffinePoint } from '@noble/curves/abstract/weierstrass.js'
 import type { EVMBLSInterface } from '../../types.ts'
 
-const G1_ZERO = bls12_381.G1.ProjectivePoint.ZERO
-const G2_ZERO = bls12_381.G2.ProjectivePoint.ZERO
+// @ts-ignore - @noble/curves v2 is ESM-only, TypeScript's moduleResolution: "node" doesn't properly resolve types for CJS build
+const G1_ZERO = bls12_381.G1.Point.ZERO
+// @ts-ignore - @noble/curves v2 is ESM-only, TypeScript's moduleResolution: "node" doesn't properly resolve types for CJS build
+const G2_ZERO = bls12_381.G2.Point.ZERO
 
 function BLS12_381_ToFp2Point(fpXCoordinate: Uint8Array, fpYCoordinate: Uint8Array) {
   // check if the coordinates are in the field
@@ -56,7 +58,8 @@ function BLS12_381_ToG1Point(input: Uint8Array, verifyOrder = true) {
   const x = bytesToBigInt(input.subarray(16, BLS_G1_POINT_BYTE_LENGTH / 2))
   const y = bytesToBigInt(input.subarray(80, BLS_G1_POINT_BYTE_LENGTH))
 
-  const G1 = bls12_381.G1.ProjectivePoint.fromAffine({
+  // @ts-ignore - @noble/curves v2 is ESM-only, TypeScript's moduleResolution: "node" doesn't properly resolve types for CJS build
+  const G1 = bls12_381.G1.Point.fromAffine({
     x,
     y,
   })
@@ -99,7 +102,8 @@ function BLS12_381_ToG2Point(input: Uint8Array, verifyOrder = true) {
   const Fp2X = BLS12_381_ToFp2Point(p_x_1, p_x_2)
   const Fp2Y = BLS12_381_ToFp2Point(p_y_1, p_y_2)
 
-  const pG2 = bls12_381.G2.ProjectivePoint.fromAffine({
+  // @ts-ignore - @noble/curves v2 is ESM-only, TypeScript's moduleResolution: "node" doesn't properly resolve types for CJS build
+  const pG2 = bls12_381.G2.Point.fromAffine({
     x: Fp2X,
     y: Fp2Y,
   })
@@ -130,26 +134,9 @@ function BLS12_381_FromG2Point(input: AffinePoint<Fp2>): Uint8Array {
 
 function BLS12_381_ToFrPoint(input: Uint8Array): bigint {
   const Fr = bls12_381.fields.Fr.fromBytes(input)
-
-  // TODO: This fixes the following two failing tests:
-  // bls_g1mul_random*g1_unnormalized_scalar
-  // bls_g1mul_random*p1_unnormalized_scalar
-  // It should be nevertheless validated if this is (fully) correct,
-  // especially if ">" or ">=" should be applied.
-  //
-  // Unfortunately the scalar in both test vectors is significantly
-  // greater than the ORDER threshold, here are th values from both tests:
-  //
-  // Scalar / Order
-  // 69732848789442042582239751384143889712113271203482973843852656394296700715236n
-  // 52435875175126190479447740508185965837690552500527637822603658699938581184513n
-  //
-  // There should be 4 test cases added to the official test suite:
-  // 1. bls_g1mul_random*g1_unnormalized_scalar within threshold (ORDER (?))
-  // 2. bls_g1mul_random*g1_unnormalized_scalar outside threshold (ORDER + 1 (?))
-  // 3. bls_g1mul_random*p1_unnormalized_scalar within threshold (ORDER (?))
-  // 4. bls_g1mul_random*p1_unnormalized_scalar outside threshold (ORDER + 1 (?))
-  //
+  if (Fr >= bls12_381.fields.Fr.ORDER) {
+    return bls12_381.fields.Fr.create(Fr % bls12_381.fields.Fr.ORDER)
+  }
   return bls12_381.fields.Fr.create(Fr)
 }
 
@@ -180,7 +167,7 @@ export class NobleBLS implements EVMBLSInterface {
     )
 
     const p = p1.add(p2)
-    const result = BLS12_381_FromG1Point(p)
+    const result = BLS12_381_FromG1Point(p.toAffine())
 
     return result
   }
@@ -194,7 +181,7 @@ export class NobleBLS implements EVMBLSInterface {
       return BLS_G1_INFINITY_POINT_BYTES
     }
     const result = p.multiplyUnsafe(scalar)
-    return BLS12_381_FromG1Point(result)
+    return BLS12_381_FromG1Point(result.toAffine())
   }
 
   addG2(input: Uint8Array): Uint8Array {
@@ -204,7 +191,7 @@ export class NobleBLS implements EVMBLSInterface {
       false,
     )
     const p = p1.add(p2)
-    const result = BLS12_381_FromG2Point(p)
+    const result = BLS12_381_FromG2Point(p.toAffine())
 
     return result
   }
@@ -218,20 +205,22 @@ export class NobleBLS implements EVMBLSInterface {
       return BLS_G2_INFINITY_POINT_BYTES
     }
     const result = p.multiplyUnsafe(scalar)
-    return BLS12_381_FromG2Point(result)
+    return BLS12_381_FromG2Point(result.toAffine())
   }
 
   mapFPtoG1(input: Uint8Array): Uint8Array {
     // convert input to Fp1 point
     const FP = BLS12_381_ToFpPoint(input.subarray(0, 64))
-    const result = bls12_381.G1.mapToCurve([FP]).toAffine()
+    // @ts-ignore - @noble/curves v2 is ESM-only, TypeScript's moduleResolution: "node" doesn't properly resolve types for CJS build
+    const result = bls12_381.G1.mapToCurve(FP).toAffine()
     const resultBytes = BLS12_381_FromG1Point(result)
     return resultBytes
   }
 
   mapFP2toG2(input: Uint8Array): Uint8Array {
     // convert input to Fp2 point
     const Fp2Point = BLS12_381_ToFp2Point(input.subarray(0, 64), input.subarray(64, 128))
+    // @ts-ignore - @noble/curves v2 is ESM-only, TypeScript's moduleResolution: "node" doesn't properly resolve types for CJS build
     const result = bls12_381.G2.mapToCurve([Fp2Point.c0, Fp2Point.c1]).toAffine()
     const resultBytes = BLS12_381_FromG2Point(result)
     return resultBytes
@@ -266,7 +255,7 @@ export class NobleBLS implements EVMBLSInterface {
       pRes = pRes.add(pMul)
     }
 
-    return BLS12_381_FromG1Point(pRes)
+    return BLS12_381_FromG1Point(pRes.toAffine())
   }
 
   msmG2(input: Uint8Array): Uint8Array {
@@ -298,7 +287,7 @@ export class NobleBLS implements EVMBLSInterface {
       pRes = pRes.add(pMul)
     }
 
-    return BLS12_381_FromG2Point(pRes)
+    return BLS12_381_FromG2Point(pRes.toAffine())
   }
 
   pairingCheck(input: Uint8Array): Uint8Array {
@@ -319,7 +308,7 @@ export class NobleBLS implements EVMBLSInterface {
 
     // Filter out infinity pairs
     const filteredPairs = pairs.filter(
-      (pair) => !pair.g1.equals(G1_ZERO) && !pair.g2.equals(G2_ZERO),
+      (pair) => pair.g1.equals(G1_ZERO) === false && pair.g2.equals(G2_ZERO) === false,
     )
 
     const FP12 = bls12_381.pairingBatch(filteredPairs, true)
diff --git a/packages/evm/src/precompiles/bn254/noble.ts b/packages/evm/src/precompiles/bn254/noble.ts
diff --git a/packages/evm/test/precompiles/100-p256verify.spec.ts b/packages/evm/test/precompiles/100-p256verify.spec.ts

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@`
`24`	`24`	`}`
`25`	`25`	`],`
`26`	`26`	`"words": [`
	`27`	`+ "prehash",`
`27`	`28`	`"viem",`
`28`	`29`	`"immediates",`
`29`	`30`	`"unerasable",`
`@@ -644,4 +645,4 @@`
`644`	`645`	`"Damgård",`
`645`	`646`	`"viem"`
`646`	`647`	`]`
`647`		`-}`
	`648`	`+}`