From 2c434b7cf97908a7a1fba3c0f45902898de951d8 Mon Sep 17 00:00:00 2001
From: Paul Miller <paul@paulmillr.com>
Date: Wed, 5 Mar 2025 04:04:57 +0000
Subject: [PATCH] Add optional hedged signatures. Update noble deps. Closes
 gh-4885.

---
 package-lock.json            | 23 +++++++++++++----------
 package.json                 |  4 ++--
 src.ts/crypto/signing-key.ts | 10 ++++++----
 3 files changed, 21 insertions(+), 16 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index f567922f22..53929dba0c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -20,8 +20,8 @@
       "license": "MIT",
       "dependencies": {
         "@adraffy/ens-normalize": "1.10.1",
-        "@noble/curves": "1.2.0",
-        "@noble/hashes": "1.3.2",
+        "@noble/curves": "1.8.1",
+        "@noble/hashes": "1.7.1",
         "@types/node": "22.7.5",
         "aes-js": "4.0.0-beta.5",
         "tslib": "2.7.0",
@@ -94,24 +94,27 @@
       }
     },
     "node_modules/@noble/curves": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.2.0.tgz",
-      "integrity": "sha512-oYclrNgRaM9SsBUBVbb8M6DTV7ZHRTKugureoYEncY5c65HOmRzvSiTE3y5CYaPYJA/GVkrhXEoF0M3Ya9PMnw==",
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/@noble/curves/-/curves-1.8.1.tgz",
+      "integrity": "sha512-warwspo+UYUPep0Q+vtdVB4Ugn8GGQj8iyB3gnRWsztmUHTI3S1nhdiWNsPUGL0vud7JlRRk1XEu7Lq1KGTnMQ==",
       "license": "MIT",
       "dependencies": {
-        "@noble/hashes": "1.3.2"
+        "@noble/hashes": "1.7.1"
+      },
+      "engines": {
+        "node": "^14.21.3 || >=16"
       },
       "funding": {
         "url": "https://paulmillr.com/funding/"
       }
     },
     "node_modules/@noble/hashes": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.3.2.tgz",
-      "integrity": "sha512-MVC8EAQp7MvEcm30KWENFjgR+Mkmf+D189XJTkFIlwohU5hcBbn1ZkKq7KVTi2Hme3PMGF390DaL52beVrIihQ==",
+      "version": "1.7.1",
+      "resolved": "https://registry.npmjs.org/@noble/hashes/-/hashes-1.7.1.tgz",
+      "integrity": "sha512-B8XBPsn4vT/KJAGqDzbwztd+6Yte3P4V7iafm24bxgDe/mlRuK6xmWPuCNrKt2vDafZ8MfJLlchDG/vYafQEjQ==",
       "license": "MIT",
       "engines": {
-        "node": ">= 16"
+        "node": "^14.21.3 || >=16"
       },
       "funding": {
         "url": "https://paulmillr.com/funding/"
diff --git a/package.json b/package.json
index 96bd59807d..b3b9720128 100644
--- a/package.json
+++ b/package.json
@@ -10,8 +10,8 @@
   },
   "dependencies": {
     "@adraffy/ens-normalize": "1.10.1",
-    "@noble/curves": "1.2.0",
-    "@noble/hashes": "1.3.2",
+    "@noble/curves": "1.8.1",
+    "@noble/hashes": "1.7.1",
     "@types/node": "22.7.5",
     "aes-js": "4.0.0-beta.5",
     "tslib": "2.7.0",
diff --git a/src.ts/crypto/signing-key.ts b/src.ts/crypto/signing-key.ts
index 8ddd66fc18..2f34298a88 100644
--- a/src.ts/crypto/signing-key.ts
+++ b/src.ts/crypto/signing-key.ts
@@ -7,8 +7,8 @@
 import { secp256k1 } from "@noble/curves/secp256k1";
 
 import {
-    concat, dataLength, getBytes, getBytesCopy, hexlify, toBeHex,
-    assertArgument
+    assertArgument,
+    concat, dataLength, getBytes, getBytesCopy, hexlify, toBeHex
 } from "../utils/index.js";
 
 import { Signature } from "./signature.js";
@@ -58,11 +58,13 @@ export class SigningKey {
     /**
      *  Return the signature of the signed %%digest%%.
      */
-    sign(digest: BytesLike): Signature {
+    sign(digest: BytesLike, extraEntropy: boolean | BytesLike = false): Signature {
         assertArgument(dataLength(digest) === 32, "invalid digest length", "digest", digest);
+        if (extraEntropy && typeof extraEntropy !== 'boolean') extraEntropy = getBytesCopy(extraEntropy);
 
         const sig = secp256k1.sign(getBytesCopy(digest), getBytesCopy(this.#privateKey), {
-            lowS: true
+            lowS: true,
+            extraEntropy
         });
 
         return Signature.from({