signEd25519WithScalar()
SIP Protocol API Reference v0.15.1
SIP Protocol API Reference / signEd25519WithScalar
Function: signEd25519WithScalar()
Section titled “Function: signEd25519WithScalar()”signEd25519WithScalar(
message,scalar,publicKeyBytes?):Uint8Array
Defined in: @sip-protocol/sdk/dist/index-GLbkPPho.d.ts:17629
Produce an RFC 8032 Ed25519 signature from a raw little-endian scalar.
Unlike Keypair/tweetnacl signing (which expects a 32-byte seed and re-derives the
scalar via SHA-512 + clamp), this signs directly with the provided scalar a whose
public key is A = a·G. The per-signature nonce is derived deterministically from a
hash of the scalar and the message (RFC 8032 structure): unique per message, never
reused across distinct messages.
Parameters
Section titled “Parameters”message
Section titled “message”Uint8Array
Exact bytes to sign (e.g. a compiled transaction message)
scalar
Section titled “scalar”Uint8Array
32-byte little-endian ed25519 scalar (the stealth private key)
publicKeyBytes?
Section titled “publicKeyBytes?”Uint8Array<ArrayBufferLike>
Optional 32-byte compressed public key A = a·G. When supplied,
it is used directly as A to skip one scalar multiplication per signature — a pure
performance shortcut for callers that already hold the public key (e.g.
deriveStealthSigner, which proves A equals the stealth address before signing).
It is NOT a second independent input: it MUST equal a·G. Supplying a wrong value does
not raise an error — it silently produces an invalid signature (A feeds the challenge
k = H(R‖A‖message)). When omitted, A is computed from a. Must be exactly 32 bytes.
Returns
Section titled “Returns”Uint8Array
64-byte signature (R ‖ S)
Throws
Section titled “Throws”If the scalar reduces to zero, or if publicKeyBytes is supplied but not 32 bytes