Skip to content

signEd25519WithScalar()

SIP Protocol API Reference v0.15.1


SIP Protocol API Reference / signEd25519WithScalar

signEd25519WithScalar(message, scalar, publicKeyBytes?): Uint8Array

Defined in: @sip-protocol/sdk/dist/index-GLbkPPho.d.ts:17629

Produce an RFC 8032 Ed25519 signature from a raw little-endian scalar.

Unlike Keypair/tweetnacl signing (which expects a 32-byte seed and re-derives the scalar via SHA-512 + clamp), this signs directly with the provided scalar a whose public key is A = a·G. The per-signature nonce is derived deterministically from a hash of the scalar and the message (RFC 8032 structure): unique per message, never reused across distinct messages.

Uint8Array

Exact bytes to sign (e.g. a compiled transaction message)

Uint8Array

32-byte little-endian ed25519 scalar (the stealth private key)

Uint8Array<ArrayBufferLike>

Optional 32-byte compressed public key A = a·G. When supplied, it is used directly as A to skip one scalar multiplication per signature — a pure performance shortcut for callers that already hold the public key (e.g. deriveStealthSigner, which proves A equals the stealth address before signing). It is NOT a second independent input: it MUST equal a·G. Supplying a wrong value does not raise an error — it silently produces an invalid signature (A feeds the challenge k = H(R‖A‖message)). When omitted, A is computed from a. Must be exactly 32 bytes.

Uint8Array

64-byte signature (R ‖ S)

If the scalar reduces to zero, or if publicKeyBytes is supplied but not 32 bytes