@btc-vision/transaction 1.7.25 → 1.7.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (21) hide show
  1. package/browser/_version.d.ts +1 -1
  2. package/browser/btc-vision-bitcoin.js +12 -13
  3. package/browser/index.js +456 -443
  4. package/browser/noble-curves.js +1045 -1016
  5. package/browser/noble-hashes.js +918 -728
  6. package/browser/vendors.js +11418 -15799
  7. package/build/_version.d.ts +1 -1
  8. package/build/_version.js +1 -1
  9. package/build/tsconfig.build.tsbuildinfo +1 -1
  10. package/package.json +1 -1
  11. package/src/_version.ts +1 -1
  12. package/src/crypto/crypto-browser.js +9 -16
  13. package/vite.config.browser.ts +30 -29
  14. package/browser/bip39.js +0 -204
  15. package/browser/bitcoin-utils.js +0 -3172
  16. package/browser/btc-vision-bip32.js +0 -805
  17. package/browser/btc-vision-logger.js +0 -86
  18. package/browser/btc-vision-post-quantum.js +0 -542
  19. package/browser/polyfills.js +0 -4952
  20. package/browser/scure-base.js +0 -410
  21. package/webpack.config.js +0 -220
package/browser/noble-curves.js CHANGED
@@ -1,9 +1,36 @@
1
- import { c as We, e as ln, n as dn, o as Me, p as yt, q as Qe, t as hn, u as Ae, v as yn, w as mn, x as kt, y as bn, z as wn } from "./noble-hashes.js";
1
+ import { b as We, c as ln, d as dn, e as Me, i as yt, h as Qe, f as hn, g as Ae, j as yn, k as mn, l as kt, m as bn, n as wn } from "./noble-hashes.js";
2
+ function er(e) {
3
+ return e && e.__esModule && Object.prototype.hasOwnProperty.call(e, "default") ? e.default : e;
4
+ }
5
+ function tr(e) {
6
+ if (Object.prototype.hasOwnProperty.call(e, "__esModule")) return e;
7
+ var n = e.default;
8
+ if (typeof n == "function") {
9
+ var c = function t() {
10
+ var u = !1;
11
+ try {
12
+ u = this instanceof t;
13
+ } catch {
14
+ }
15
+ return u ? Reflect.construct(n, arguments, this.constructor) : n.apply(this, arguments);
16
+ };
17
+ c.prototype = n.prototype;
18
+ } else c = {};
19
+ return Object.defineProperty(c, "__esModule", { value: !0 }), Object.keys(e).forEach(function(t) {
20
+ var u = Object.getOwnPropertyDescriptor(e, t);
21
+ Object.defineProperty(c, t, u.get ? u : {
22
+ enumerable: !0,
23
+ get: function() {
24
+ return e[t];
25
+ }
26
+ });
27
+ }), c;
28
+ }
2
29
  var tt = {}, Ke = {}, nt = {}, rt = {}, _t;
3
30
  function Ce() {
4
31
  return _t || (_t = 1, (function(e) {
5
- Object.defineProperty(e, "__esModule", { value: !0 }), e.notImplemented = e.bitMask = e.utf8ToBytes = e.randomBytes = e.isBytes = e.hexToBytes = e.concatBytes = e.bytesToUtf8 = e.bytesToHex = e.anumber = e.abytes = void 0, e.abool = m, e._abool2 = g, e._abytes2 = p, e.numberToHexUnpadded = v, e.hexToNumber = U, e.bytesToNumberBE = H, e.bytesToNumberLE = V, e.numberToBytesBE = E, e.numberToBytesLE = b, e.numberToVarBytesBE = S, e.ensureBytes = A, e.equalBytes = M, e.copyBytes = Q, e.asciiToBytes = F, e.inRange = se, e.aInRange = ie, e.bitLen = j, e.bitGet = O, e.bitSet = L, e.createHmacDrbg = K, e.validateObject = z, e.isHash = d, e._validateObject = u, e.memoized = a;
6
- const r = /* @__PURE__ */ We();
32
+ Object.defineProperty(e, "__esModule", { value: !0 }), e.notImplemented = e.bitMask = e.utf8ToBytes = e.randomBytes = e.isBytes = e.hexToBytes = e.concatBytes = e.bytesToUtf8 = e.bytesToHex = e.anumber = e.abytes = void 0, e.abool = m, e._abool2 = g, e._abytes2 = p, e.numberToHexUnpadded = v, e.hexToNumber = U, e.bytesToNumberBE = H, e.bytesToNumberLE = V, e.numberToBytesBE = E, e.numberToBytesLE = b, e.numberToVarBytesBE = S, e.ensureBytes = A, e.equalBytes = M, e.copyBytes = Q, e.asciiToBytes = F, e.inRange = se, e.aInRange = ie, e.bitLen = j, e.bitGet = R, e.bitSet = L, e.createHmacDrbg = K, e.validateObject = D, e.isHash = d, e._validateObject = l, e.memoized = a;
33
+ const n = /* @__PURE__ */ We();
7
34
  var c = /* @__PURE__ */ We();
8
35
  Object.defineProperty(e, "abytes", { enumerable: !0, get: function() {
9
36
  return c.abytes;
@@ -24,7 +51,7 @@ function Ce() {
24
51
  } }), Object.defineProperty(e, "utf8ToBytes", { enumerable: !0, get: function() {
25
52
  return c.utf8ToBytes;
26
53
  } });
27
- const t = /* @__PURE__ */ BigInt(0), l = /* @__PURE__ */ BigInt(1);
54
+ const t = /* @__PURE__ */ BigInt(0), u = /* @__PURE__ */ BigInt(1);
28
55
  function m(i, o) {
29
56
  if (typeof o != "boolean")
30
57
  throw new Error(i + " boolean expected, got " + o);
@@ -37,10 +64,10 @@ function Ce() {
37
64
  return i;
38
65
  }
39
66
  function p(i, o, h = "") {
40
- const w = (0, r.isBytes)(i), s = i?.length, f = o !== void 0;
67
+ const w = (0, n.isBytes)(i), s = i?.length, f = o !== void 0;
41
68
  if (!w || f && s !== o) {
42
- const y = h && `"${h}" `, B = f ? ` of length ${o}` : "", T = w ? `length=${s}` : `type=${typeof i}`;
43
- throw new Error(y + "expected Uint8Array" + B + ", got " + T);
69
+ const y = h && `"${h}" `, B = f ? ` of length ${o}` : "", O = w ? `length=${s}` : `type=${typeof i}`;
70
+ throw new Error(y + "expected Uint8Array" + B + ", got " + O);
44
71
  }
45
72
  return i;
46
73
  }
@@ -54,29 +81,29 @@ function Ce() {
54
81
  return i === "" ? t : BigInt("0x" + i);
55
82
  }
56
83
  function H(i) {
57
- return U((0, r.bytesToHex)(i));
84
+ return U((0, n.bytesToHex)(i));
58
85
  }
59
86
  function V(i) {
60
- return (0, r.abytes)(i), U((0, r.bytesToHex)(Uint8Array.from(i).reverse()));
87
+ return (0, n.abytes)(i), U((0, n.bytesToHex)(Uint8Array.from(i).reverse()));
61
88
  }
62
89
  function E(i, o) {
63
- return (0, r.hexToBytes)(i.toString(16).padStart(o * 2, "0"));
90
+ return (0, n.hexToBytes)(i.toString(16).padStart(o * 2, "0"));
64
91
  }
65
92
  function b(i, o) {
66
93
  return E(i, o).reverse();
67
94
  }
68
95
  function S(i) {
69
- return (0, r.hexToBytes)(v(i));
96
+ return (0, n.hexToBytes)(v(i));
70
97
  }
71
98
  function A(i, o, h) {
72
99
  let w;
73
100
  if (typeof o == "string")
74
101
  try {
75
- w = (0, r.hexToBytes)(o);
102
+ w = (0, n.hexToBytes)(o);
76
103
  } catch (f) {
77
104
  throw new Error(i + " must be hex string or Uint8Array, cause: " + f);
78
105
  }
79
- else if ((0, r.isBytes)(o))
106
+ else if ((0, n.isBytes)(o))
80
107
  w = Uint8Array.from(o);
81
108
  else
82
109
  throw new Error(i + " must be hex string or Uint8Array");
@@ -114,17 +141,17 @@ function Ce() {
114
141
  }
115
142
  function j(i) {
116
143
  let o;
117
- for (o = 0; i > t; i >>= l, o += 1)
144
+ for (o = 0; i > t; i >>= u, o += 1)
118
145
  ;
119
146
  return o;
120
147
  }
121
- function O(i, o) {
122
- return i >> BigInt(o) & l;
148
+ function R(i, o) {
149
+ return i >> BigInt(o) & u;
123
150
  }
124
151
  function L(i, o, h) {
125
- return i | (h ? l : t) << BigInt(o);
152
+ return i | (h ? u : t) << BigInt(o);
126
153
  }
127
- const _ = (i) => (l << BigInt(i)) - l;
154
+ const _ = (i) => (u << BigInt(i)) - u;
128
155
  e.bitMask = _;
129
156
  function K(i, o, h) {
130
157
  if (typeof i != "number" || i < 2)
@@ -135,7 +162,7 @@ function Ce() {
135
162
  throw new Error("hmacFn must be a function");
136
163
  const w = (C) => new Uint8Array(C), s = (C) => Uint8Array.of(C);
137
164
  let f = w(i), y = w(i), B = 0;
138
- const T = () => {
165
+ const O = () => {
139
166
  f.fill(1), y.fill(0), B = 0;
140
167
  }, k = (...C) => h(y, f, ...C), Y = (C = w(0)) => {
141
168
  y = k(s(0), C), f = k(), C.length !== 0 && (y = k(s(1), C), f = k());
@@ -149,14 +176,14 @@ function Ce() {
149
176
  const $ = f.slice();
150
177
  te.push($), C += f.length;
151
178
  }
152
- return (0, r.concatBytes)(...te);
179
+ return (0, n.concatBytes)(...te);
153
180
  };
154
181
  return (C, te) => {
155
- T(), Y(C);
182
+ O(), Y(C);
156
183
  let $;
157
184
  for (; !($ = te(I())); )
158
185
  Y();
159
- return T(), $;
186
+ return O(), $;
160
187
  };
161
188
  }
162
189
  const W = {
@@ -164,20 +191,20 @@ function Ce() {
164
191
  function: (i) => typeof i == "function",
165
192
  boolean: (i) => typeof i == "boolean",
166
193
  string: (i) => typeof i == "string",
167
- stringOrUint8Array: (i) => typeof i == "string" || (0, r.isBytes)(i),
194
+ stringOrUint8Array: (i) => typeof i == "string" || (0, n.isBytes)(i),
168
195
  isSafeInteger: (i) => Number.isSafeInteger(i),
169
196
  array: (i) => Array.isArray(i),
170
197
  field: (i, o) => o.Fp.isValid(i),
171
198
  hash: (i) => typeof i == "function" && Number.isSafeInteger(i.outputLen)
172
199
  };
173
- function z(i, o, h = {}) {
200
+ function D(i, o, h = {}) {
174
201
  const w = (s, f, y) => {
175
202
  const B = W[f];
176
203
  if (typeof B != "function")
177
204
  throw new Error("invalid validator function");
178
- const T = i[s];
179
- if (!(y && T === void 0) && !B(T, i))
180
- throw new Error("param " + String(s) + " is invalid. Expected " + f + ", got " + T);
205
+ const O = i[s];
206
+ if (!(y && O === void 0) && !B(O, i))
207
+ throw new Error("param " + String(s) + " is invalid. Expected " + f + ", got " + O);
181
208
  };
182
209
  for (const [s, f] of Object.entries(o))
183
210
  w(s, f, !1);
@@ -188,23 +215,23 @@ function Ce() {
188
215
  function d(i) {
189
216
  return typeof i == "function" && Number.isSafeInteger(i.outputLen);
190
217
  }
191
- function u(i, o, h = {}) {
218
+ function l(i, o, h = {}) {
192
219
  if (!i || typeof i != "object")
193
220
  throw new Error("expected valid options object");
194
221
  function w(s, f, y) {
195
222
  const B = i[s];
196
223
  if (y && B === void 0)
197
224
  return;
198
- const T = typeof B;
199
- if (T !== f || B === null)
200
- throw new Error(`param "${s}" is invalid: expected ${f}, got ${T}`);
225
+ const O = typeof B;
226
+ if (O !== f || B === null)
227
+ throw new Error(`param "${s}" is invalid: expected ${f}, got ${O}`);
201
228
  }
202
229
  Object.entries(o).forEach(([s, f]) => w(s, f, !1)), Object.entries(h).forEach(([s, f]) => w(s, f, !0));
203
230
  }
204
- const n = () => {
231
+ const r = () => {
205
232
  throw new Error("not implemented");
206
233
  };
207
- e.notImplemented = n;
234
+ e.notImplemented = r;
208
235
  function a(i) {
209
236
  const o = /* @__PURE__ */ new WeakMap();
210
237
  return (h, ...w) => {
@@ -217,37 +244,37 @@ function Ce() {
217
244
  }
218
245
  })(rt)), rt;
219
246
  }
220
- var Oe = {}, he = {}, St;
247
+ var Re = {}, he = {}, St;
221
248
  function $e() {
222
249
  if (St) return he;
223
- St = 1, Object.defineProperty(he, "__esModule", { value: !0 }), he.isNegativeLE = void 0, he.mod = V, he.pow = E, he.pow2 = b, he.invert = S, he.tonelliShanks = G, he.FpSqrt = se, he.validateField = O, he.FpPow = L, he.FpInvertBatch = _, he.FpDiv = K, he.FpLegendre = W, he.FpIsSquare = z, he.nLength = d, he.Field = u, he.FpSqrtOdd = n, he.FpSqrtEven = a, he.hashToPrivateScalar = i, he.getFieldBytesLength = o, he.getMinHashLength = h, he.mapHashToField = w;
224
- const e = /* @__PURE__ */ Ce(), r = BigInt(0), c = BigInt(1), t = /* @__PURE__ */ BigInt(2), l = /* @__PURE__ */ BigInt(3), m = /* @__PURE__ */ BigInt(4), g = /* @__PURE__ */ BigInt(5), p = /* @__PURE__ */ BigInt(7), v = /* @__PURE__ */ BigInt(8), U = /* @__PURE__ */ BigInt(9), H = /* @__PURE__ */ BigInt(16);
250
+ St = 1, Object.defineProperty(he, "__esModule", { value: !0 }), he.isNegativeLE = void 0, he.mod = V, he.pow = E, he.pow2 = b, he.invert = S, he.tonelliShanks = G, he.FpSqrt = se, he.validateField = R, he.FpPow = L, he.FpInvertBatch = _, he.FpDiv = K, he.FpLegendre = W, he.FpIsSquare = D, he.nLength = d, he.Field = l, he.FpSqrtOdd = r, he.FpSqrtEven = a, he.hashToPrivateScalar = i, he.getFieldBytesLength = o, he.getMinHashLength = h, he.mapHashToField = w;
251
+ const e = /* @__PURE__ */ Ce(), n = BigInt(0), c = BigInt(1), t = /* @__PURE__ */ BigInt(2), u = /* @__PURE__ */ BigInt(3), m = /* @__PURE__ */ BigInt(4), g = /* @__PURE__ */ BigInt(5), p = /* @__PURE__ */ BigInt(7), v = /* @__PURE__ */ BigInt(8), U = /* @__PURE__ */ BigInt(9), H = /* @__PURE__ */ BigInt(16);
225
252
  function V(s, f) {
226
253
  const y = s % f;
227
- return y >= r ? y : f + y;
254
+ return y >= n ? y : f + y;
228
255
  }
229
256
  function E(s, f, y) {
230
- return L(u(y), s, f);
257
+ return L(l(y), s, f);
231
258
  }
232
259
  function b(s, f, y) {
233
260
  let B = s;
234
- for (; f-- > r; )
261
+ for (; f-- > n; )
235
262
  B *= B, B %= y;
236
263
  return B;
237
264
  }
238
265
  function S(s, f) {
239
- if (s === r)
266
+ if (s === n)
240
267
  throw new Error("invert: expected non-zero number");
241
- if (f <= r)
268
+ if (f <= n)
242
269
  throw new Error("invert: expected positive modulus, got " + f);
243
- let y = V(s, f), B = f, T = r, k = c;
244
- for (; y !== r; ) {
245
- const I = B / y, q = B % y, C = T - k * I;
246
- B = y, y = q, T = k, k = C;
270
+ let y = V(s, f), B = f, O = n, k = c;
271
+ for (; y !== n; ) {
272
+ const I = B / y, q = B % y, C = O - k * I;
273
+ B = y, y = q, O = k, k = C;
247
274
  }
248
275
  if (B !== c)
249
276
  throw new Error("invert: does not exist");
250
- return V(T, f);
277
+ return V(O, f);
251
278
  }
252
279
  function A(s, f, y) {
253
280
  if (!s.eql(s.sqr(f), y))
@@ -258,55 +285,55 @@ function $e() {
258
285
  return A(s, B, f), B;
259
286
  }
260
287
  function Q(s, f) {
261
- const y = (s.ORDER - g) / v, B = s.mul(f, t), T = s.pow(B, y), k = s.mul(f, T), Y = s.mul(s.mul(k, t), T), I = s.mul(k, s.sub(Y, s.ONE));
288
+ const y = (s.ORDER - g) / v, B = s.mul(f, t), O = s.pow(B, y), k = s.mul(f, O), Y = s.mul(s.mul(k, t), O), I = s.mul(k, s.sub(Y, s.ONE));
262
289
  return A(s, I, f), I;
263
290
  }
264
291
  function F(s) {
265
- const f = u(s), y = G(s), B = y(f, f.neg(f.ONE)), T = y(f, B), k = y(f, f.neg(B)), Y = (s + p) / H;
292
+ const f = l(s), y = G(s), B = y(f, f.neg(f.ONE)), O = y(f, B), k = y(f, f.neg(B)), Y = (s + p) / H;
266
293
  return (I, q) => {
267
294
  let C = I.pow(q, Y), te = I.mul(C, B);
268
- const $ = I.mul(C, T), x = I.mul(C, k), X = I.eql(I.sqr(te), q), ae = I.eql(I.sqr($), q);
269
- C = I.cmov(C, te, X), te = I.cmov(x, $, ae);
295
+ const $ = I.mul(C, O), T = I.mul(C, k), X = I.eql(I.sqr(te), q), ae = I.eql(I.sqr($), q);
296
+ C = I.cmov(C, te, X), te = I.cmov(T, $, ae);
270
297
  const ye = I.eql(I.sqr(te), q), pe = I.cmov(C, te, ye);
271
298
  return A(I, pe, q), pe;
272
299
  };
273
300
  }
274
301
  function G(s) {
275
- if (s < l)
302
+ if (s < u)
276
303
  throw new Error("sqrt is not defined for small field");
277
304
  let f = s - c, y = 0;
278
- for (; f % t === r; )
305
+ for (; f % t === n; )
279
306
  f /= t, y++;
280
307
  let B = t;
281
- const T = u(s);
282
- for (; W(T, B) === 1; )
308
+ const O = l(s);
309
+ for (; W(O, B) === 1; )
283
310
  if (B++ > 1e3)
284
311
  throw new Error("Cannot find square root: probably non-prime P");
285
312
  if (y === 1)
286
313
  return M;
287
- let k = T.pow(B, f);
314
+ let k = O.pow(B, f);
288
315
  const Y = (f + c) / t;
289
316
  return function(q, C) {
290
317
  if (q.is0(C))
291
318
  return C;
292
319
  if (W(q, C) !== 1)
293
320
  throw new Error("Cannot find square root");
294
- let te = y, $ = q.mul(q.ONE, k), x = q.pow(C, f), X = q.pow(C, Y);
295
- for (; !q.eql(x, q.ONE); ) {
296
- if (q.is0(x))
321
+ let te = y, $ = q.mul(q.ONE, k), T = q.pow(C, f), X = q.pow(C, Y);
322
+ for (; !q.eql(T, q.ONE); ) {
323
+ if (q.is0(T))
297
324
  return q.ZERO;
298
- let ae = 1, ye = q.sqr(x);
325
+ let ae = 1, ye = q.sqr(T);
299
326
  for (; !q.eql(ye, q.ONE); )
300
327
  if (ae++, ye = q.sqr(ye), ae === te)
301
328
  throw new Error("Cannot find square root");
302
329
  const pe = c << BigInt(te - ae - 1), ve = q.pow($, pe);
303
- te = ae, $ = q.sqr(ve), x = q.mul(x, $), X = q.mul(X, ve);
330
+ te = ae, $ = q.sqr(ve), T = q.mul(T, $), X = q.mul(X, ve);
304
331
  }
305
332
  return X;
306
333
  };
307
334
  }
308
335
  function se(s) {
309
- return s % m === l ? M : s % v === g ? Q : s % H === U ? F(s) : G(s);
336
+ return s % m === u ? M : s % v === g ? Q : s % H === U ? F(s) : G(s);
310
337
  }
311
338
  const ie = (s, f) => (V(s, f) & c) === c;
312
339
  he.isNegativeLE = ie;
@@ -329,41 +356,41 @@ function $e() {
329
356
  "mulN",
330
357
  "sqrN"
331
358
  ];
332
- function O(s) {
359
+ function R(s) {
333
360
  const f = {
334
361
  ORDER: "bigint",
335
362
  MASK: "bigint",
336
363
  BYTES: "number",
337
364
  BITS: "number"
338
- }, y = j.reduce((B, T) => (B[T] = "function", B), f);
365
+ }, y = j.reduce((B, O) => (B[O] = "function", B), f);
339
366
  return (0, e._validateObject)(s, y), s;
340
367
  }
341
368
  function L(s, f, y) {
342
- if (y < r)
369
+ if (y < n)
343
370
  throw new Error("invalid exponent, negatives unsupported");
344
- if (y === r)
371
+ if (y === n)
345
372
  return s.ONE;
346
373
  if (y === c)
347
374
  return f;
348
- let B = s.ONE, T = f;
349
- for (; y > r; )
350
- y & c && (B = s.mul(B, T)), T = s.sqr(T), y >>= c;
375
+ let B = s.ONE, O = f;
376
+ for (; y > n; )
377
+ y & c && (B = s.mul(B, O)), O = s.sqr(O), y >>= c;
351
378
  return B;
352
379
  }
353
380
  function _(s, f, y = !1) {
354
- const B = new Array(f.length).fill(y ? s.ZERO : void 0), T = f.reduce((Y, I, q) => s.is0(I) ? Y : (B[q] = Y, s.mul(Y, I)), s.ONE), k = s.inv(T);
381
+ const B = new Array(f.length).fill(y ? s.ZERO : void 0), O = f.reduce((Y, I, q) => s.is0(I) ? Y : (B[q] = Y, s.mul(Y, I)), s.ONE), k = s.inv(O);
355
382
  return f.reduceRight((Y, I, q) => s.is0(I) ? Y : (B[q] = s.mul(Y, B[q]), s.mul(Y, I)), k), B;
356
383
  }
357
384
  function K(s, f, y) {
358
385
  return s.mul(f, typeof y == "bigint" ? S(y, s.ORDER) : s.inv(y));
359
386
  }
360
387
  function W(s, f) {
361
- const y = (s.ORDER - c) / t, B = s.pow(f, y), T = s.eql(B, s.ONE), k = s.eql(B, s.ZERO), Y = s.eql(B, s.neg(s.ONE));
362
- if (!T && !k && !Y)
388
+ const y = (s.ORDER - c) / t, B = s.pow(f, y), O = s.eql(B, s.ONE), k = s.eql(B, s.ZERO), Y = s.eql(B, s.neg(s.ONE));
389
+ if (!O && !k && !Y)
363
390
  throw new Error("invalid Legendre symbol result");
364
- return T ? 1 : k ? 0 : -1;
391
+ return O ? 1 : k ? 0 : -1;
365
392
  }
366
- function z(s, f) {
393
+ function D(s, f) {
367
394
  return W(s, f) === 1;
368
395
  }
369
396
  function d(s, f) {
@@ -371,18 +398,18 @@ function $e() {
371
398
  const y = f !== void 0 ? f : s.toString(2).length, B = Math.ceil(y / 8);
372
399
  return { nBitLength: y, nByteLength: B };
373
400
  }
374
- function u(s, f, y = !1, B = {}) {
375
- if (s <= r)
401
+ function l(s, f, y = !1, B = {}) {
402
+ if (s <= n)
376
403
  throw new Error("invalid field: expected ORDER > 0, got " + s);
377
- let T, k, Y = !1, I;
404
+ let O, k, Y = !1, I;
378
405
  if (typeof f == "object" && f != null) {
379
406
  if (B.sqrt || y)
380
407
  throw new Error("cannot specify opts in two arguments");
381
- const x = f;
382
- x.BITS && (T = x.BITS), x.sqrt && (k = x.sqrt), typeof x.isLE == "boolean" && (y = x.isLE), typeof x.modFromBytes == "boolean" && (Y = x.modFromBytes), I = x.allowedLengths;
408
+ const T = f;
409
+ T.BITS && (O = T.BITS), T.sqrt && (k = T.sqrt), typeof T.isLE == "boolean" && (y = T.isLE), typeof T.modFromBytes == "boolean" && (Y = T.modFromBytes), I = T.allowedLengths;
383
410
  } else
384
- typeof f == "number" && (T = f), B.sqrt && (k = B.sqrt);
385
- const { nBitLength: q, nByteLength: C } = d(s, T);
411
+ typeof f == "number" && (O = f), B.sqrt && (k = B.sqrt);
412
+ const { nBitLength: q, nByteLength: C } = d(s, O);
386
413
  if (C > 2048)
387
414
  throw new Error("invalid field: expected ORDER of <= 2048 bytes");
388
415
  let te;
@@ -392,58 +419,58 @@ function $e() {
392
419
  BITS: q,
393
420
  BYTES: C,
394
421
  MASK: (0, e.bitMask)(q),
395
- ZERO: r,
422
+ ZERO: n,
396
423
  ONE: c,
397
424
  allowedLengths: I,
398
- create: (x) => V(x, s),
399
- isValid: (x) => {
400
- if (typeof x != "bigint")
401
- throw new Error("invalid field element: expected bigint, got " + typeof x);
402
- return r <= x && x < s;
425
+ create: (T) => V(T, s),
426
+ isValid: (T) => {
427
+ if (typeof T != "bigint")
428
+ throw new Error("invalid field element: expected bigint, got " + typeof T);
429
+ return n <= T && T < s;
403
430
  },
404
- is0: (x) => x === r,
431
+ is0: (T) => T === n,
405
432
  // is valid and invertible
406
- isValidNot0: (x) => !$.is0(x) && $.isValid(x),
407
- isOdd: (x) => (x & c) === c,
408
- neg: (x) => V(-x, s),
409
- eql: (x, X) => x === X,
410
- sqr: (x) => V(x * x, s),
411
- add: (x, X) => V(x + X, s),
412
- sub: (x, X) => V(x - X, s),
413
- mul: (x, X) => V(x * X, s),
414
- pow: (x, X) => L($, x, X),
415
- div: (x, X) => V(x * S(X, s), s),
433
+ isValidNot0: (T) => !$.is0(T) && $.isValid(T),
434
+ isOdd: (T) => (T & c) === c,
435
+ neg: (T) => V(-T, s),
436
+ eql: (T, X) => T === X,
437
+ sqr: (T) => V(T * T, s),
438
+ add: (T, X) => V(T + X, s),
439
+ sub: (T, X) => V(T - X, s),
440
+ mul: (T, X) => V(T * X, s),
441
+ pow: (T, X) => L($, T, X),
442
+ div: (T, X) => V(T * S(X, s), s),
416
443
  // Same as above, but doesn't normalize
417
- sqrN: (x) => x * x,
418
- addN: (x, X) => x + X,
419
- subN: (x, X) => x - X,
420
- mulN: (x, X) => x * X,
421
- inv: (x) => S(x, s),
422
- sqrt: k || ((x) => (te || (te = se(s)), te($, x))),
423
- toBytes: (x) => y ? (0, e.numberToBytesLE)(x, C) : (0, e.numberToBytesBE)(x, C),
424
- fromBytes: (x, X = !0) => {
444
+ sqrN: (T) => T * T,
445
+ addN: (T, X) => T + X,
446
+ subN: (T, X) => T - X,
447
+ mulN: (T, X) => T * X,
448
+ inv: (T) => S(T, s),
449
+ sqrt: k || ((T) => (te || (te = se(s)), te($, T))),
450
+ toBytes: (T) => y ? (0, e.numberToBytesLE)(T, C) : (0, e.numberToBytesBE)(T, C),
451
+ fromBytes: (T, X = !0) => {
425
452
  if (I) {
426
- if (!I.includes(x.length) || x.length > C)
427
- throw new Error("Field.fromBytes: expected " + I + " bytes, got " + x.length);
453
+ if (!I.includes(T.length) || T.length > C)
454
+ throw new Error("Field.fromBytes: expected " + I + " bytes, got " + T.length);
428
455
  const ye = new Uint8Array(C);
429
- ye.set(x, y ? 0 : ye.length - x.length), x = ye;
456
+ ye.set(T, y ? 0 : ye.length - T.length), T = ye;
430
457
  }
431
- if (x.length !== C)
432
- throw new Error("Field.fromBytes: expected " + C + " bytes, got " + x.length);
433
- let ae = y ? (0, e.bytesToNumberLE)(x) : (0, e.bytesToNumberBE)(x);
458
+ if (T.length !== C)
459
+ throw new Error("Field.fromBytes: expected " + C + " bytes, got " + T.length);
460
+ let ae = y ? (0, e.bytesToNumberLE)(T) : (0, e.bytesToNumberBE)(T);
434
461
  if (Y && (ae = V(ae, s)), !X && !$.isValid(ae))
435
462
  throw new Error("invalid field element: outside of range 0..ORDER");
436
463
  return ae;
437
464
  },
438
465
  // TODO: we don't need it here, move out to separate fn
439
- invertBatch: (x) => _($, x),
466
+ invertBatch: (T) => _($, T),
440
467
  // We can't move this out because Fp6, Fp12 implement it
441
468
  // and it's unclear what to return in there.
442
- cmov: (x, X, ae) => ae ? X : x
469
+ cmov: (T, X, ae) => ae ? X : T
443
470
  });
444
471
  return Object.freeze($);
445
472
  }
446
- function n(s, f) {
473
+ function r(s, f) {
447
474
  if (!s.isOdd)
448
475
  throw new Error("Field doesn't have isOdd");
449
476
  const y = s.sqrt(f);
@@ -457,9 +484,9 @@ function $e() {
457
484
  }
458
485
  function i(s, f, y = !1) {
459
486
  s = (0, e.ensureBytes)("privateHash", s);
460
- const B = s.length, T = d(f).nByteLength + 8;
461
- if (T < 24 || B < T || B > 1024)
462
- throw new Error("hashToPrivateScalar: expected " + T + "-1024 bytes of input, got " + B);
487
+ const B = s.length, O = d(f).nByteLength + 8;
488
+ if (O < 24 || B < O || B > 1024)
489
+ throw new Error("hashToPrivateScalar: expected " + O + "-1024 bytes of input, got " + B);
463
490
  const k = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s);
464
491
  return V(k, f - c) + c;
465
492
  }
@@ -474,56 +501,56 @@ function $e() {
474
501
  return f + Math.ceil(f / 2);
475
502
  }
476
503
  function w(s, f, y = !1) {
477
- const B = s.length, T = o(f), k = h(f);
504
+ const B = s.length, O = o(f), k = h(f);
478
505
  if (B < 16 || B < k || B > 1024)
479
506
  throw new Error("expected " + k + "-1024 bytes of input, got " + B);
480
507
  const Y = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s), I = V(Y, f - c) + c;
481
- return y ? (0, e.numberToBytesLE)(I, T) : (0, e.numberToBytesBE)(I, T);
508
+ return y ? (0, e.numberToBytesLE)(I, O) : (0, e.numberToBytesBE)(I, O);
482
509
  }
483
510
  return he;
484
511
  }
485
- var Tt;
512
+ var Ot;
486
513
  function gn() {
487
- if (Tt) return Oe;
488
- Tt = 1, Object.defineProperty(Oe, "__esModule", { value: !0 }), Oe.wNAF = void 0, Oe.negateCt = l, Oe.normalizeZ = m, Oe.mulEndoUnsafe = M, Oe.pippenger = Q, Oe.precomputeMSMUnsafe = F, Oe.validateBasic = G, Oe._createCurveFields = ie;
489
- const e = /* @__PURE__ */ Ce(), r = /* @__PURE__ */ $e(), c = BigInt(0), t = BigInt(1);
490
- function l(j, O) {
491
- const L = O.negate();
492
- return j ? L : O;
493
- }
494
- function m(j, O) {
495
- const L = (0, r.FpInvertBatch)(j.Fp, O.map((_) => _.Z));
496
- return O.map((_, K) => j.fromAffine(_.toAffine(L[K])));
497
- }
498
- function g(j, O) {
499
- if (!Number.isSafeInteger(j) || j <= 0 || j > O)
500
- throw new Error("invalid window size, expected [1.." + O + "], got W=" + j);
501
- }
502
- function p(j, O) {
503
- g(j, O);
504
- const L = Math.ceil(O / j) + 1, _ = 2 ** (j - 1), K = 2 ** j, W = (0, e.bitMask)(j), z = BigInt(j);
505
- return { windows: L, windowSize: _, mask: W, maxNumber: K, shiftBy: z };
506
- }
507
- function v(j, O, L) {
508
- const { windowSize: _, mask: K, maxNumber: W, shiftBy: z } = L;
509
- let d = Number(j & K), u = j >> z;
510
- d > _ && (d -= W, u += t);
511
- const n = O * _, a = n + Math.abs(d) - 1, i = d === 0, o = d < 0, h = O % 2 !== 0;
512
- return { nextN: u, offset: a, isZero: i, isNeg: o, isNegF: h, offsetF: n };
513
- }
514
- function U(j, O) {
514
+ if (Ot) return Re;
515
+ Ot = 1, Object.defineProperty(Re, "__esModule", { value: !0 }), Re.wNAF = void 0, Re.negateCt = u, Re.normalizeZ = m, Re.mulEndoUnsafe = M, Re.pippenger = Q, Re.precomputeMSMUnsafe = F, Re.validateBasic = G, Re._createCurveFields = ie;
516
+ const e = /* @__PURE__ */ Ce(), n = /* @__PURE__ */ $e(), c = BigInt(0), t = BigInt(1);
517
+ function u(j, R) {
518
+ const L = R.negate();
519
+ return j ? L : R;
520
+ }
521
+ function m(j, R) {
522
+ const L = (0, n.FpInvertBatch)(j.Fp, R.map((_) => _.Z));
523
+ return R.map((_, K) => j.fromAffine(_.toAffine(L[K])));
524
+ }
525
+ function g(j, R) {
526
+ if (!Number.isSafeInteger(j) || j <= 0 || j > R)
527
+ throw new Error("invalid window size, expected [1.." + R + "], got W=" + j);
528
+ }
529
+ function p(j, R) {
530
+ g(j, R);
531
+ const L = Math.ceil(R / j) + 1, _ = 2 ** (j - 1), K = 2 ** j, W = (0, e.bitMask)(j), D = BigInt(j);
532
+ return { windows: L, windowSize: _, mask: W, maxNumber: K, shiftBy: D };
533
+ }
534
+ function v(j, R, L) {
535
+ const { windowSize: _, mask: K, maxNumber: W, shiftBy: D } = L;
536
+ let d = Number(j & K), l = j >> D;
537
+ d > _ && (d -= W, l += t);
538
+ const r = R * _, a = r + Math.abs(d) - 1, i = d === 0, o = d < 0, h = R % 2 !== 0;
539
+ return { nextN: l, offset: a, isZero: i, isNeg: o, isNegF: h, offsetF: r };
540
+ }
541
+ function U(j, R) {
515
542
  if (!Array.isArray(j))
516
543
  throw new Error("array expected");
517
544
  j.forEach((L, _) => {
518
- if (!(L instanceof O))
545
+ if (!(L instanceof R))
519
546
  throw new Error("invalid point at index " + _);
520
547
  });
521
548
  }
522
- function H(j, O) {
549
+ function H(j, R) {
523
550
  if (!Array.isArray(j))
524
551
  throw new Error("array of scalars expected");
525
552
  j.forEach((L, _) => {
526
- if (!O.isValid(L))
553
+ if (!R.isValid(L))
527
554
  throw new Error("invalid scalar at index " + _);
528
555
  });
529
556
  }
@@ -537,12 +564,12 @@ function gn() {
537
564
  }
538
565
  class A {
539
566
  // Parametrized with a given Point class (not individual point)
540
- constructor(O, L) {
541
- this.BASE = O.BASE, this.ZERO = O.ZERO, this.Fn = O.Fn, this.bits = L;
567
+ constructor(R, L) {
568
+ this.BASE = R.BASE, this.ZERO = R.ZERO, this.Fn = R.Fn, this.bits = L;
542
569
  }
543
570
  // non-const time multiplication ladder
544
- _unsafeLadder(O, L, _ = this.ZERO) {
545
- let K = O;
571
+ _unsafeLadder(R, L, _ = this.ZERO) {
572
+ let K = R;
546
573
  for (; L > c; )
547
574
  L & t && (_ = _.add(K)), K = K.double(), L >>= t;
548
575
  return _;
@@ -559,14 +586,14 @@ function gn() {
559
586
  * @param W window size
560
587
  * @returns precomputed point tables flattened to a single array
561
588
  */
562
- precomputeWindow(O, L) {
589
+ precomputeWindow(R, L) {
563
590
  const { windows: _, windowSize: K } = p(L, this.bits), W = [];
564
- let z = O, d = z;
565
- for (let u = 0; u < _; u++) {
566
- d = z, W.push(d);
567
- for (let n = 1; n < K; n++)
568
- d = d.add(z), W.push(d);
569
- z = d.double();
591
+ let D = R, d = D;
592
+ for (let l = 0; l < _; l++) {
593
+ d = D, W.push(d);
594
+ for (let r = 1; r < K; r++)
595
+ d = d.add(D), W.push(d);
596
+ D = d.double();
570
597
  }
571
598
  return W;
572
599
  }
@@ -576,14 +603,14 @@ function gn() {
576
603
  * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
577
604
  * @returns real and fake (for const-time) points
578
605
  */
579
- wNAF(O, L, _) {
606
+ wNAF(R, L, _) {
580
607
  if (!this.Fn.isValid(_))
581
608
  throw new Error("invalid scalar");
582
609
  let K = this.ZERO, W = this.BASE;
583
- const z = p(O, this.bits);
584
- for (let d = 0; d < z.windows; d++) {
585
- const { nextN: u, offset: n, isZero: a, isNeg: i, isNegF: o, offsetF: h } = v(_, d, z);
586
- _ = u, a ? W = W.add(l(o, L[h])) : K = K.add(l(i, L[n]));
610
+ const D = p(R, this.bits);
611
+ for (let d = 0; d < D.windows; d++) {
612
+ const { nextN: l, offset: r, isZero: a, isNeg: i, isNegF: o, offsetF: h } = v(_, d, D);
613
+ _ = l, a ? W = W.add(u(o, L[h])) : K = K.add(u(i, L[r]));
587
614
  }
588
615
  return S(_), { p: K, f: W };
589
616
  }
@@ -592,98 +619,98 @@ function gn() {
592
619
  * @param acc accumulator point to add result of multiplication
593
620
  * @returns point
594
621
  */
595
- wNAFUnsafe(O, L, _, K = this.ZERO) {
596
- const W = p(O, this.bits);
597
- for (let z = 0; z < W.windows && _ !== c; z++) {
598
- const { nextN: d, offset: u, isZero: n, isNeg: a } = v(_, z, W);
599
- if (_ = d, !n) {
600
- const i = L[u];
622
+ wNAFUnsafe(R, L, _, K = this.ZERO) {
623
+ const W = p(R, this.bits);
624
+ for (let D = 0; D < W.windows && _ !== c; D++) {
625
+ const { nextN: d, offset: l, isZero: r, isNeg: a } = v(_, D, W);
626
+ if (_ = d, !r) {
627
+ const i = L[l];
601
628
  K = K.add(a ? i.negate() : i);
602
629
  }
603
630
  }
604
631
  return S(_), K;
605
632
  }
606
- getPrecomputes(O, L, _) {
633
+ getPrecomputes(R, L, _) {
607
634
  let K = V.get(L);
608
- return K || (K = this.precomputeWindow(L, O), O !== 1 && (typeof _ == "function" && (K = _(K)), V.set(L, K))), K;
635
+ return K || (K = this.precomputeWindow(L, R), R !== 1 && (typeof _ == "function" && (K = _(K)), V.set(L, K))), K;
609
636
  }
610
- cached(O, L, _) {
611
- const K = b(O);
612
- return this.wNAF(K, this.getPrecomputes(K, O, _), L);
637
+ cached(R, L, _) {
638
+ const K = b(R);
639
+ return this.wNAF(K, this.getPrecomputes(K, R, _), L);
613
640
  }
614
- unsafe(O, L, _, K) {
615
- const W = b(O);
616
- return W === 1 ? this._unsafeLadder(O, L, K) : this.wNAFUnsafe(W, this.getPrecomputes(W, O, _), L, K);
641
+ unsafe(R, L, _, K) {
642
+ const W = b(R);
643
+ return W === 1 ? this._unsafeLadder(R, L, K) : this.wNAFUnsafe(W, this.getPrecomputes(W, R, _), L, K);
617
644
  }
618
645
  // We calculate precomputes for elliptic curve point multiplication
619
646
  // using windowed method. This specifies window size and
620
647
  // stores precomputed values. Usually only base point would be precomputed.
621
- createCache(O, L) {
622
- g(L, this.bits), E.set(O, L), V.delete(O);
648
+ createCache(R, L) {
649
+ g(L, this.bits), E.set(R, L), V.delete(R);
623
650
  }
624
- hasCache(O) {
625
- return b(O) !== 1;
651
+ hasCache(R) {
652
+ return b(R) !== 1;
626
653
  }
627
654
  }
628
- Oe.wNAF = A;
629
- function M(j, O, L, _) {
630
- let K = O, W = j.ZERO, z = j.ZERO;
655
+ Re.wNAF = A;
656
+ function M(j, R, L, _) {
657
+ let K = R, W = j.ZERO, D = j.ZERO;
631
658
  for (; L > c || _ > c; )
632
- L & t && (W = W.add(K)), _ & t && (z = z.add(K)), K = K.double(), L >>= t, _ >>= t;
633
- return { p1: W, p2: z };
659
+ L & t && (W = W.add(K)), _ & t && (D = D.add(K)), K = K.double(), L >>= t, _ >>= t;
660
+ return { p1: W, p2: D };
634
661
  }
635
- function Q(j, O, L, _) {
636
- U(L, j), H(_, O);
662
+ function Q(j, R, L, _) {
663
+ U(L, j), H(_, R);
637
664
  const K = L.length, W = _.length;
638
665
  if (K !== W)
639
666
  throw new Error("arrays of points and scalars must have equal length");
640
- const z = j.ZERO, d = (0, e.bitLen)(BigInt(K));
641
- let u = 1;
642
- d > 12 ? u = d - 3 : d > 4 ? u = d - 2 : d > 0 && (u = 2);
643
- const n = (0, e.bitMask)(u), a = new Array(Number(n) + 1).fill(z), i = Math.floor((O.BITS - 1) / u) * u;
644
- let o = z;
645
- for (let h = i; h >= 0; h -= u) {
646
- a.fill(z);
667
+ const D = j.ZERO, d = (0, e.bitLen)(BigInt(K));
668
+ let l = 1;
669
+ d > 12 ? l = d - 3 : d > 4 ? l = d - 2 : d > 0 && (l = 2);
670
+ const r = (0, e.bitMask)(l), a = new Array(Number(r) + 1).fill(D), i = Math.floor((R.BITS - 1) / l) * l;
671
+ let o = D;
672
+ for (let h = i; h >= 0; h -= l) {
673
+ a.fill(D);
647
674
  for (let s = 0; s < W; s++) {
648
- const f = _[s], y = Number(f >> BigInt(h) & n);
675
+ const f = _[s], y = Number(f >> BigInt(h) & r);
649
676
  a[y] = a[y].add(L[s]);
650
677
  }
651
- let w = z;
652
- for (let s = a.length - 1, f = z; s > 0; s--)
678
+ let w = D;
679
+ for (let s = a.length - 1, f = D; s > 0; s--)
653
680
  f = f.add(a[s]), w = w.add(f);
654
681
  if (o = o.add(w), h !== 0)
655
- for (let s = 0; s < u; s++)
682
+ for (let s = 0; s < l; s++)
656
683
  o = o.double();
657
684
  }
658
685
  return o;
659
686
  }
660
- function F(j, O, L, _) {
661
- g(_, O.BITS), U(L, j);
662
- const K = j.ZERO, W = 2 ** _ - 1, z = Math.ceil(O.BITS / _), d = (0, e.bitMask)(_), u = L.map((n) => {
687
+ function F(j, R, L, _) {
688
+ g(_, R.BITS), U(L, j);
689
+ const K = j.ZERO, W = 2 ** _ - 1, D = Math.ceil(R.BITS / _), d = (0, e.bitMask)(_), l = L.map((r) => {
663
690
  const a = [];
664
- for (let i = 0, o = n; i < W; i++)
665
- a.push(o), o = o.add(n);
691
+ for (let i = 0, o = r; i < W; i++)
692
+ a.push(o), o = o.add(r);
666
693
  return a;
667
694
  });
668
- return (n) => {
669
- if (H(n, O), n.length > L.length)
695
+ return (r) => {
696
+ if (H(r, R), r.length > L.length)
670
697
  throw new Error("array of scalars must be smaller than array of points");
671
698
  let a = K;
672
- for (let i = 0; i < z; i++) {
699
+ for (let i = 0; i < D; i++) {
673
700
  if (a !== K)
674
701
  for (let h = 0; h < _; h++)
675
702
  a = a.double();
676
- const o = BigInt(z * _ - (i + 1) * _);
677
- for (let h = 0; h < n.length; h++) {
678
- const w = n[h], s = Number(w >> o & d);
679
- s && (a = a.add(u[h][s - 1]));
703
+ const o = BigInt(D * _ - (i + 1) * _);
704
+ for (let h = 0; h < r.length; h++) {
705
+ const w = r[h], s = Number(w >> o & d);
706
+ s && (a = a.add(l[h][s - 1]));
680
707
  }
681
708
  }
682
709
  return a;
683
710
  };
684
711
  }
685
712
  function G(j) {
686
- return (0, r.validateField)(j.Fp), (0, e.validateObject)(j, {
713
+ return (0, n.validateField)(j.Fp), (0, e.validateObject)(j, {
687
714
  n: "bigint",
688
715
  h: "bigint",
689
716
  Gx: "field",
@@ -692,59 +719,59 @@ function gn() {
692
719
  nBitLength: "isSafeInteger",
693
720
  nByteLength: "isSafeInteger"
694
721
  }), Object.freeze({
695
- ...(0, r.nLength)(j.n, j.nBitLength),
722
+ ...(0, n.nLength)(j.n, j.nBitLength),
696
723
  ...j,
697
724
  p: j.Fp.ORDER
698
725
  });
699
726
  }
700
- function se(j, O, L) {
701
- if (O) {
702
- if (O.ORDER !== j)
727
+ function se(j, R, L) {
728
+ if (R) {
729
+ if (R.ORDER !== j)
703
730
  throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
704
- return (0, r.validateField)(O), O;
731
+ return (0, n.validateField)(R), R;
705
732
  } else
706
- return (0, r.Field)(j, { isLE: L });
733
+ return (0, n.Field)(j, { isLE: L });
707
734
  }
708
- function ie(j, O, L = {}, _) {
709
- if (_ === void 0 && (_ = j === "edwards"), !O || typeof O != "object")
735
+ function ie(j, R, L = {}, _) {
736
+ if (_ === void 0 && (_ = j === "edwards"), !R || typeof R != "object")
710
737
  throw new Error(`expected valid ${j} CURVE object`);
711
- for (const u of ["p", "n", "h"]) {
712
- const n = O[u];
713
- if (!(typeof n == "bigint" && n > c))
714
- throw new Error(`CURVE.${u} must be positive bigint`);
738
+ for (const l of ["p", "n", "h"]) {
739
+ const r = R[l];
740
+ if (!(typeof r == "bigint" && r > c))
741
+ throw new Error(`CURVE.${l} must be positive bigint`);
715
742
  }
716
- const K = se(O.p, L.Fp, _), W = se(O.n, L.Fn, _), d = ["Gx", "Gy", "a", j === "weierstrass" ? "b" : "d"];
717
- for (const u of d)
718
- if (!K.isValid(O[u]))
719
- throw new Error(`CURVE.${u} must be valid field element of CURVE.Fp`);
720
- return O = Object.freeze(Object.assign({}, O)), { CURVE: O, Fp: K, Fn: W };
743
+ const K = se(R.p, L.Fp, _), W = se(R.n, L.Fn, _), d = ["Gx", "Gy", "a", j === "weierstrass" ? "b" : "d"];
744
+ for (const l of d)
745
+ if (!K.isValid(R[l]))
746
+ throw new Error(`CURVE.${l} must be valid field element of CURVE.Fp`);
747
+ return R = Object.freeze(Object.assign({}, R)), { CURVE: R, Fp: K, Fn: W };
721
748
  }
722
- return Oe;
749
+ return Re;
723
750
  }
724
- var xt;
751
+ var Tt;
725
752
  function Ct() {
726
- return xt || (xt = 1, (function(e) {
727
- Object.defineProperty(e, "__esModule", { value: !0 }), e.DER = e.DERErr = void 0, e._splitEndoScalar = p, e._normFnElement = M, e.weierstrassN = Q, e.SWUFpSqrtRatio = G, e.mapToCurveSimpleSWU = se, e.ecdh = j, e.ecdsa = O, e.weierstrassPoints = L, e._legacyHelperEquat = W, e.weierstrass = u;
728
- const r = /* @__PURE__ */ ln(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ Ce(), l = /* @__PURE__ */ gn(), m = /* @__PURE__ */ $e(), g = (n, a) => (n + (n >= 0 ? a : -a) / b) / a;
729
- function p(n, a, i) {
730
- const [[o, h], [w, s]] = a, f = g(s * n, i), y = g(-h * n, i);
731
- let B = n - f * o - y * w, T = -f * h - y * s;
732
- const k = B < V, Y = T < V;
733
- k && (B = -B), Y && (T = -T);
753
+ return Tt || (Tt = 1, (function(e) {
754
+ Object.defineProperty(e, "__esModule", { value: !0 }), e.DER = e.DERErr = void 0, e._splitEndoScalar = p, e._normFnElement = M, e.weierstrassN = Q, e.SWUFpSqrtRatio = G, e.mapToCurveSimpleSWU = se, e.ecdh = j, e.ecdsa = R, e.weierstrassPoints = L, e._legacyHelperEquat = W, e.weierstrass = l;
755
+ const n = /* @__PURE__ */ ln(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ Ce(), u = /* @__PURE__ */ gn(), m = /* @__PURE__ */ $e(), g = (r, a) => (r + (r >= 0 ? a : -a) / b) / a;
756
+ function p(r, a, i) {
757
+ const [[o, h], [w, s]] = a, f = g(s * r, i), y = g(-h * r, i);
758
+ let B = r - f * o - y * w, O = -f * h - y * s;
759
+ const k = B < V, Y = O < V;
760
+ k && (B = -B), Y && (O = -O);
734
761
  const I = (0, t.bitMask)(Math.ceil((0, t.bitLen)(i) / 2)) + E;
735
- if (B < V || B >= I || T < V || T >= I)
736
- throw new Error("splitScalar (endomorphism): failed, k=" + n);
737
- return { k1neg: k, k1: B, k2neg: Y, k2: T };
762
+ if (B < V || B >= I || O < V || O >= I)
763
+ throw new Error("splitScalar (endomorphism): failed, k=" + r);
764
+ return { k1neg: k, k1: B, k2neg: Y, k2: O };
738
765
  }
739
- function v(n) {
740
- if (!["compact", "recovered", "der"].includes(n))
766
+ function v(r) {
767
+ if (!["compact", "recovered", "der"].includes(r))
741
768
  throw new Error('Signature format must be "compact", "recovered", or "der"');
742
- return n;
769
+ return r;
743
770
  }
744
- function U(n, a) {
771
+ function U(r, a) {
745
772
  const i = {};
746
773
  for (let o of Object.keys(a))
747
- i[o] = n[o] === void 0 ? a[o] : n[o];
774
+ i[o] = r[o] === void 0 ? a[o] : r[o];
748
775
  return (0, t._abool2)(i.lowS, "lowS"), (0, t._abool2)(i.prehash, "prehash"), i.format !== void 0 && v(i.format), i;
749
776
  }
750
777
  class H extends Error {
@@ -757,9 +784,9 @@ function Ct() {
757
784
  Err: H,
758
785
  // Basic building block is TLV (Tag-Length-Value)
759
786
  _tlv: {
760
- encode: (n, a) => {
787
+ encode: (r, a) => {
761
788
  const { Err: i } = e.DER;
762
- if (n < 0 || n > 256)
789
+ if (r < 0 || r > 256)
763
790
  throw new i("tlv.encode: wrong tag");
764
791
  if (a.length & 1)
765
792
  throw new i("tlv.encode: unpadded data");
@@ -767,15 +794,15 @@ function Ct() {
767
794
  if (h.length / 2 & 128)
768
795
  throw new i("tlv.encode: long form length too big");
769
796
  const w = o > 127 ? (0, t.numberToHexUnpadded)(h.length / 2 | 128) : "";
770
- return (0, t.numberToHexUnpadded)(n) + w + h + a;
797
+ return (0, t.numberToHexUnpadded)(r) + w + h + a;
771
798
  },
772
799
  // v - value, l - left bytes (unparsed)
773
- decode(n, a) {
800
+ decode(r, a) {
774
801
  const { Err: i } = e.DER;
775
802
  let o = 0;
776
- if (n < 0 || n > 256)
803
+ if (r < 0 || r > 256)
777
804
  throw new i("tlv.encode: wrong tag");
778
- if (a.length < 2 || a[o++] !== n)
805
+ if (a.length < 2 || a[o++] !== r)
779
806
  throw new i("tlv.decode: wrong tlv");
780
807
  const h = a[o++], w = !!(h & 128);
781
808
  let s = 0;
@@ -792,8 +819,8 @@ function Ct() {
792
819
  throw new i("tlv.decode: length bytes not complete");
793
820
  if (B[0] === 0)
794
821
  throw new i("tlv.decode(long): zero leftmost byte");
795
- for (const T of B)
796
- s = s << 8 | T;
822
+ for (const O of B)
823
+ s = s << 8 | O;
797
824
  if (o += y, s < 128)
798
825
  throw new i("tlv.decode(long): not minimal encoding");
799
826
  }
@@ -808,58 +835,58 @@ function Ct() {
808
835
  // - add zero byte if exists
809
836
  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
810
837
  _int: {
811
- encode(n) {
838
+ encode(r) {
812
839
  const { Err: a } = e.DER;
813
- if (n < V)
840
+ if (r < V)
814
841
  throw new a("integer: negative integers are not allowed");
815
- let i = (0, t.numberToHexUnpadded)(n);
842
+ let i = (0, t.numberToHexUnpadded)(r);
816
843
  if (Number.parseInt(i[0], 16) & 8 && (i = "00" + i), i.length & 1)
817
844
  throw new a("unexpected DER parsing assertion: unpadded hex");
818
845
  return i;
819
846
  },
820
- decode(n) {
847
+ decode(r) {
821
848
  const { Err: a } = e.DER;
822
- if (n[0] & 128)
849
+ if (r[0] & 128)
823
850
  throw new a("invalid signature integer: negative");
824
- if (n[0] === 0 && !(n[1] & 128))
851
+ if (r[0] === 0 && !(r[1] & 128))
825
852
  throw new a("invalid signature integer: unnecessary leading zero");
826
- return (0, t.bytesToNumberBE)(n);
853
+ return (0, t.bytesToNumberBE)(r);
827
854
  }
828
855
  },
829
- toSig(n) {
830
- const { Err: a, _int: i, _tlv: o } = e.DER, h = (0, t.ensureBytes)("signature", n), { v: w, l: s } = o.decode(48, h);
856
+ toSig(r) {
857
+ const { Err: a, _int: i, _tlv: o } = e.DER, h = (0, t.ensureBytes)("signature", r), { v: w, l: s } = o.decode(48, h);
831
858
  if (s.length)
832
859
  throw new a("invalid signature: left bytes after parsing");
833
- const { v: f, l: y } = o.decode(2, w), { v: B, l: T } = o.decode(2, y);
834
- if (T.length)
860
+ const { v: f, l: y } = o.decode(2, w), { v: B, l: O } = o.decode(2, y);
861
+ if (O.length)
835
862
  throw new a("invalid signature: left bytes after parsing");
836
863
  return { r: i.decode(f), s: i.decode(B) };
837
864
  },
838
- hexFromSig(n) {
839
- const { _tlv: a, _int: i } = e.DER, o = a.encode(2, i.encode(n.r)), h = a.encode(2, i.encode(n.s)), w = o + h;
865
+ hexFromSig(r) {
866
+ const { _tlv: a, _int: i } = e.DER, o = a.encode(2, i.encode(r.r)), h = a.encode(2, i.encode(r.s)), w = o + h;
840
867
  return a.encode(48, w);
841
868
  }
842
869
  };
843
870
  const V = BigInt(0), E = BigInt(1), b = BigInt(2), S = BigInt(3), A = BigInt(4);
844
- function M(n, a) {
845
- const { BYTES: i } = n;
871
+ function M(r, a) {
872
+ const { BYTES: i } = r;
846
873
  let o;
847
874
  if (typeof a == "bigint")
848
875
  o = a;
849
876
  else {
850
877
  let h = (0, t.ensureBytes)("private key", a);
851
878
  try {
852
- o = n.fromBytes(h);
879
+ o = r.fromBytes(h);
853
880
  } catch {
854
881
  throw new Error(`invalid private key: expected ui8a of size ${i}, got ${typeof a}`);
855
882
  }
856
883
  }
857
- if (!n.isValidNot0(o))
884
+ if (!r.isValidNot0(o))
858
885
  throw new Error("invalid private key: out of range [1..N-1]");
859
886
  return o;
860
887
  }
861
- function Q(n, a = {}) {
862
- const i = (0, l._createCurveFields)("weierstrass", n, a), { Fp: o, Fn: h } = i;
888
+ function Q(r, a = {}) {
889
+ const i = (0, u._createCurveFields)("weierstrass", r, a), { Fp: o, Fn: h } = i;
863
890
  let w = i.CURVE;
864
891
  const { h: s, n: f } = w;
865
892
  (0, t._validateObject)(a, {}, {
@@ -875,23 +902,23 @@ function Ct() {
875
902
  if (y && (!o.is0(w.a) || typeof y.beta != "bigint" || !Array.isArray(y.basises)))
876
903
  throw new Error('invalid endo: expected "beta": bigint and "basises": array');
877
904
  const B = ie(o, h);
878
- function T() {
905
+ function O() {
879
906
  if (!o.isOdd)
880
907
  throw new Error("compression is not supported: Field does not have .isOdd()");
881
908
  }
882
909
  function k(le, Z, N) {
883
- const { x: R, y: D } = Z.toAffine(), J = o.toBytes(R);
910
+ const { x, y: z } = Z.toAffine(), J = o.toBytes(x);
884
911
  if ((0, t._abool2)(N, "isCompressed"), N) {
885
- T();
886
- const re = !o.isOdd(D);
912
+ O();
913
+ const re = !o.isOdd(z);
887
914
  return (0, t.concatBytes)(F(re), J);
888
915
  } else
889
- return (0, t.concatBytes)(Uint8Array.of(4), J, o.toBytes(D));
916
+ return (0, t.concatBytes)(Uint8Array.of(4), J, o.toBytes(z));
890
917
  }
891
918
  function Y(le) {
892
919
  (0, t._abytes2)(le, void 0, "Point");
893
- const { publicKey: Z, publicKeyUncompressed: N } = B, R = le.length, D = le[0], J = le.subarray(1);
894
- if (R === Z && (D === 2 || D === 3)) {
920
+ const { publicKey: Z, publicKeyUncompressed: N } = B, x = le.length, z = le[0], J = le.subarray(1);
921
+ if (x === Z && (z === 2 || z === 3)) {
895
922
  const re = o.fromBytes(J);
896
923
  if (!o.isValid(re))
897
924
  throw new Error("bad point: is not on curve, wrong x");
@@ -903,16 +930,16 @@ function Ct() {
903
930
  const de = we instanceof Error ? ": " + we.message : "";
904
931
  throw new Error("bad point: is not on curve, sqrt error" + de);
905
932
  }
906
- T();
933
+ O();
907
934
  const oe = o.isOdd(ee);
908
- return (D & 1) === 1 !== oe && (ee = o.neg(ee)), { x: re, y: ee };
909
- } else if (R === N && D === 4) {
935
+ return (z & 1) === 1 !== oe && (ee = o.neg(ee)), { x: re, y: ee };
936
+ } else if (x === N && z === 4) {
910
937
  const re = o.BYTES, ne = o.fromBytes(J.subarray(0, re)), ee = o.fromBytes(J.subarray(re, re * 2));
911
938
  if (!te(ne, ee))
912
939
  throw new Error("bad point: is not on curve");
913
940
  return { x: ne, y: ee };
914
941
  } else
915
- throw new Error(`bad point: got length ${R}, expected compressed=${Z} or uncompressed=${N}`);
942
+ throw new Error(`bad point: got length ${x}, expected compressed=${Z} or uncompressed=${N}`);
916
943
  }
917
944
  const I = a.toBytes || k, q = a.fromBytes || Y;
918
945
  function C(le) {
@@ -920,13 +947,13 @@ function Ct() {
920
947
  return o.add(o.add(N, o.mul(le, w.a)), w.b);
921
948
  }
922
949
  function te(le, Z) {
923
- const N = o.sqr(Z), R = C(le);
924
- return o.eql(N, R);
950
+ const N = o.sqr(Z), x = C(le);
951
+ return o.eql(N, x);
925
952
  }
926
953
  if (!te(w.Gx, w.Gy))
927
954
  throw new Error("bad curve params: generator point");
928
- const $ = o.mul(o.pow(w.a, S), A), x = o.mul(o.sqr(w.b), BigInt(27));
929
- if (o.is0(o.add($, x)))
955
+ const $ = o.mul(o.pow(w.a, S), A), T = o.mul(o.sqr(w.b), BigInt(27));
956
+ if (o.is0(o.add($, T)))
930
957
  throw new Error("bad curve params: a or b");
931
958
  function X(le, Z, N = !1) {
932
959
  if (!o.isValid(Z) || N && o.is0(Z))
@@ -943,12 +970,12 @@ function Ct() {
943
970
  return p(le, y.basises, h.ORDER);
944
971
  }
945
972
  const pe = (0, t.memoized)((le, Z) => {
946
- const { X: N, Y: R, Z: D } = le;
947
- if (o.eql(D, o.ONE))
948
- return { x: N, y: R };
973
+ const { X: N, Y: x, Z: z } = le;
974
+ if (o.eql(z, o.ONE))
975
+ return { x: N, y: x };
949
976
  const J = le.is0();
950
- Z == null && (Z = J ? o.ONE : o.inv(D));
951
- const re = o.mul(N, Z), ne = o.mul(R, Z), ee = o.mul(D, Z);
977
+ Z == null && (Z = J ? o.ONE : o.inv(z));
978
+ const re = o.mul(N, Z), ne = o.mul(x, Z), ee = o.mul(z, Z);
952
979
  if (J)
953
980
  return { x: o.ZERO, y: o.ZERO };
954
981
  if (!o.eql(ee, o.ONE))
@@ -969,25 +996,25 @@ function Ct() {
969
996
  throw new Error("bad point: not in prime-order subgroup");
970
997
  return !0;
971
998
  });
972
- function xe(le, Z, N, R, D) {
973
- return N = new fe(o.mul(N.X, le), N.Y, N.Z), Z = (0, l.negateCt)(R, Z), N = (0, l.negateCt)(D, N), Z.add(N);
999
+ function Te(le, Z, N, x, z) {
1000
+ return N = new fe(o.mul(N.X, le), N.Y, N.Z), Z = (0, u.negateCt)(x, Z), N = (0, u.negateCt)(z, N), Z.add(N);
974
1001
  }
975
1002
  class fe {
976
1003
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
977
- constructor(Z, N, R) {
978
- this.X = X("x", Z), this.Y = X("y", N, !0), this.Z = X("z", R), Object.freeze(this);
1004
+ constructor(Z, N, x) {
1005
+ this.X = X("x", Z), this.Y = X("y", N, !0), this.Z = X("z", x), Object.freeze(this);
979
1006
  }
980
1007
  static CURVE() {
981
1008
  return w;
982
1009
  }
983
1010
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
984
1011
  static fromAffine(Z) {
985
- const { x: N, y: R } = Z || {};
986
- if (!Z || !o.isValid(N) || !o.isValid(R))
1012
+ const { x: N, y: x } = Z || {};
1013
+ if (!Z || !o.isValid(N) || !o.isValid(x))
987
1014
  throw new Error("invalid affine point");
988
1015
  if (Z instanceof fe)
989
1016
  throw new Error("projective point not allowed");
990
- return o.is0(N) && o.is0(R) ? fe.ZERO : new fe(N, R, o.ONE);
1017
+ return o.is0(N) && o.is0(x) ? fe.ZERO : new fe(N, x, o.ONE);
991
1018
  }
992
1019
  static fromBytes(Z) {
993
1020
  const N = fe.fromAffine(q((0, t._abytes2)(Z, void 0, "point")));
@@ -1025,7 +1052,7 @@ function Ct() {
1025
1052
  /** Compare one point to another. */
1026
1053
  equals(Z) {
1027
1054
  ae(Z);
1028
- const { X: N, Y: R, Z: D } = this, { X: J, Y: re, Z: ne } = Z, ee = o.eql(o.mul(N, ne), o.mul(J, D)), oe = o.eql(o.mul(R, ne), o.mul(re, D));
1055
+ const { X: N, Y: x, Z: z } = this, { X: J, Y: re, Z: ne } = Z, ee = o.eql(o.mul(N, ne), o.mul(J, z)), oe = o.eql(o.mul(x, ne), o.mul(re, z));
1029
1056
  return ee && oe;
1030
1057
  }
1031
1058
  /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
@@ -1037,9 +1064,9 @@ function Ct() {
1037
1064
  // https://eprint.iacr.org/2015/1060, algorithm 3
1038
1065
  // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
1039
1066
  double() {
1040
- const { a: Z, b: N } = w, R = o.mul(N, S), { X: D, Y: J, Z: re } = this;
1041
- let ne = o.ZERO, ee = o.ZERO, oe = o.ZERO, ce = o.mul(D, D), we = o.mul(J, J), de = o.mul(re, re), ue = o.mul(D, J);
1042
- return ue = o.add(ue, ue), oe = o.mul(D, re), oe = o.add(oe, oe), ne = o.mul(Z, oe), ee = o.mul(R, de), ee = o.add(ne, ee), ne = o.sub(we, ee), ee = o.add(we, ee), ee = o.mul(ne, ee), ne = o.mul(ue, ne), oe = o.mul(R, oe), de = o.mul(Z, de), ue = o.sub(ce, de), ue = o.mul(Z, ue), ue = o.add(ue, oe), oe = o.add(ce, ce), ce = o.add(oe, ce), ce = o.add(ce, de), ce = o.mul(ce, ue), ee = o.add(ee, ce), de = o.mul(J, re), de = o.add(de, de), ce = o.mul(de, ue), ne = o.sub(ne, ce), oe = o.mul(de, we), oe = o.add(oe, oe), oe = o.add(oe, oe), new fe(ne, ee, oe);
1067
+ const { a: Z, b: N } = w, x = o.mul(N, S), { X: z, Y: J, Z: re } = this;
1068
+ let ne = o.ZERO, ee = o.ZERO, oe = o.ZERO, ce = o.mul(z, z), we = o.mul(J, J), de = o.mul(re, re), ue = o.mul(z, J);
1069
+ return ue = o.add(ue, ue), oe = o.mul(z, re), oe = o.add(oe, oe), ne = o.mul(Z, oe), ee = o.mul(x, de), ee = o.add(ne, ee), ne = o.sub(we, ee), ee = o.add(we, ee), ee = o.mul(ne, ee), ne = o.mul(ue, ne), oe = o.mul(x, oe), de = o.mul(Z, de), ue = o.sub(ce, de), ue = o.mul(Z, ue), ue = o.add(ue, oe), oe = o.add(ce, ce), ce = o.add(oe, ce), ce = o.add(ce, de), ce = o.mul(ce, ue), ee = o.add(ee, ce), de = o.mul(J, re), de = o.add(de, de), ce = o.mul(de, ue), ne = o.sub(ne, ce), oe = o.mul(de, we), oe = o.add(oe, oe), oe = o.add(oe, oe), new fe(ne, ee, oe);
1043
1070
  }
1044
1071
  // Renes-Costello-Batina exception-free addition formula.
1045
1072
  // There is 30% faster Jacobian formula, but it is not complete.
@@ -1047,13 +1074,13 @@ function Ct() {
1047
1074
  // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
1048
1075
  add(Z) {
1049
1076
  ae(Z);
1050
- const { X: N, Y: R, Z: D } = this, { X: J, Y: re, Z: ne } = Z;
1077
+ const { X: N, Y: x, Z: z } = this, { X: J, Y: re, Z: ne } = Z;
1051
1078
  let ee = o.ZERO, oe = o.ZERO, ce = o.ZERO;
1052
1079
  const we = w.a, de = o.mul(w.b, S);
1053
- let ue = o.mul(N, J), me = o.mul(R, re), ge = o.mul(D, ne), _e = o.add(N, R), be = o.add(J, re);
1054
- _e = o.mul(_e, be), be = o.add(ue, me), _e = o.sub(_e, be), be = o.add(N, D);
1080
+ let ue = o.mul(N, J), me = o.mul(x, re), ge = o.mul(z, ne), _e = o.add(N, x), be = o.add(J, re);
1081
+ _e = o.mul(_e, be), be = o.add(ue, me), _e = o.sub(_e, be), be = o.add(N, z);
1055
1082
  let Ee = o.add(J, ne);
1056
- return be = o.mul(be, Ee), Ee = o.add(ue, ge), be = o.sub(be, Ee), Ee = o.add(R, D), ee = o.add(re, ne), Ee = o.mul(Ee, ee), ee = o.add(me, ge), Ee = o.sub(Ee, ee), ce = o.mul(we, be), ee = o.mul(de, ge), ce = o.add(ee, ce), ee = o.sub(me, ce), ce = o.add(me, ce), oe = o.mul(ee, ce), me = o.add(ue, ue), me = o.add(me, ue), ge = o.mul(we, ge), be = o.mul(de, be), me = o.add(me, ge), ge = o.sub(ue, ge), ge = o.mul(we, ge), be = o.add(be, ge), ue = o.mul(me, be), oe = o.add(oe, ue), ue = o.mul(Ee, be), ee = o.mul(_e, ee), ee = o.sub(ee, ue), ue = o.mul(_e, me), ce = o.mul(Ee, ce), ce = o.add(ce, ue), new fe(ee, oe, ce);
1083
+ return be = o.mul(be, Ee), Ee = o.add(ue, ge), be = o.sub(be, Ee), Ee = o.add(x, z), ee = o.add(re, ne), Ee = o.mul(Ee, ee), ee = o.add(me, ge), Ee = o.sub(Ee, ee), ce = o.mul(we, be), ee = o.mul(de, ge), ce = o.add(ee, ce), ee = o.sub(me, ce), ce = o.add(me, ce), oe = o.mul(ee, ce), me = o.add(ue, ue), me = o.add(me, ue), ge = o.mul(we, ge), be = o.mul(de, be), me = o.add(me, ge), ge = o.sub(ue, ge), ge = o.mul(we, ge), be = o.add(be, ge), ue = o.mul(me, be), oe = o.add(oe, ue), ue = o.mul(Ee, be), ee = o.mul(_e, ee), ee = o.sub(ee, ue), ue = o.mul(_e, me), ce = o.mul(Ee, ce), ce = o.add(ce, ue), new fe(ee, oe, ce);
1057
1084
  }
1058
1085
  subtract(Z) {
1059
1086
  return this.add(Z.negate());
@@ -1074,16 +1101,16 @@ function Ct() {
1074
1101
  const { endo: N } = a;
1075
1102
  if (!h.isValidNot0(Z))
1076
1103
  throw new Error("invalid scalar: out of range");
1077
- let R, D;
1078
- const J = (re) => Ue.cached(this, re, (ne) => (0, l.normalizeZ)(fe, ne));
1104
+ let x, z;
1105
+ const J = (re) => Ue.cached(this, re, (ne) => (0, u.normalizeZ)(fe, ne));
1079
1106
  if (N) {
1080
1107
  const { k1neg: re, k1: ne, k2neg: ee, k2: oe } = ye(Z), { p: ce, f: we } = J(ne), { p: de, f: ue } = J(oe);
1081
- D = we.add(ue), R = xe(N.beta, ce, de, re, ee);
1108
+ z = we.add(ue), x = Te(N.beta, ce, de, re, ee);
1082
1109
  } else {
1083
1110
  const { p: re, f: ne } = J(Z);
1084
- R = re, D = ne;
1111
+ x = re, z = ne;
1085
1112
  }
1086
- return (0, l.normalizeZ)(fe, [R, D])[0];
1113
+ return (0, u.normalizeZ)(fe, [x, z])[0];
1087
1114
  }
1088
1115
  /**
1089
1116
  * Non-constant-time multiplication. Uses double-and-add algorithm.
@@ -1091,24 +1118,24 @@ function Ct() {
1091
1118
  * an exposed secret key e.g. sig verification, which works over *public* keys.
1092
1119
  */
1093
1120
  multiplyUnsafe(Z) {
1094
- const { endo: N } = a, R = this;
1121
+ const { endo: N } = a, x = this;
1095
1122
  if (!h.isValid(Z))
1096
1123
  throw new Error("invalid scalar: out of range");
1097
- if (Z === V || R.is0())
1124
+ if (Z === V || x.is0())
1098
1125
  return fe.ZERO;
1099
1126
  if (Z === E)
1100
- return R;
1127
+ return x;
1101
1128
  if (Ue.hasCache(this))
1102
1129
  return this.multiply(Z);
1103
1130
  if (N) {
1104
- const { k1neg: D, k1: J, k2neg: re, k2: ne } = ye(Z), { p1: ee, p2: oe } = (0, l.mulEndoUnsafe)(fe, R, J, ne);
1105
- return xe(N.beta, ee, oe, D, re);
1131
+ const { k1neg: z, k1: J, k2neg: re, k2: ne } = ye(Z), { p1: ee, p2: oe } = (0, u.mulEndoUnsafe)(fe, x, J, ne);
1132
+ return Te(N.beta, ee, oe, z, re);
1106
1133
  } else
1107
- return Ue.unsafe(R, Z);
1134
+ return Ue.unsafe(x, Z);
1108
1135
  }
1109
- multiplyAndAddUnsafe(Z, N, R) {
1110
- const D = this.multiplyUnsafe(N).add(Z.multiplyUnsafe(R));
1111
- return D.is0() ? void 0 : D;
1136
+ multiplyAndAddUnsafe(Z, N, x) {
1137
+ const z = this.multiplyUnsafe(N).add(Z.multiplyUnsafe(x));
1138
+ return z.is0() ? void 0 : z;
1112
1139
  }
1113
1140
  /**
1114
1141
  * Converts Projective point to affine (x, y) coordinates.
@@ -1158,91 +1185,91 @@ function Ct() {
1158
1185
  this.precompute(Z);
1159
1186
  }
1160
1187
  static normalizeZ(Z) {
1161
- return (0, l.normalizeZ)(fe, Z);
1188
+ return (0, u.normalizeZ)(fe, Z);
1162
1189
  }
1163
1190
  static msm(Z, N) {
1164
- return (0, l.pippenger)(fe, h, Z, N);
1191
+ return (0, u.pippenger)(fe, h, Z, N);
1165
1192
  }
1166
1193
  static fromPrivateKey(Z) {
1167
1194
  return fe.BASE.multiply(M(h, Z));
1168
1195
  }
1169
1196
  }
1170
1197
  fe.BASE = new fe(w.Gx, w.Gy, o.ONE), fe.ZERO = new fe(o.ZERO, o.ONE, o.ZERO), fe.Fp = o, fe.Fn = h;
1171
- const Ye = h.BITS, Ue = new l.wNAF(fe, a.endo ? Math.ceil(Ye / 2) : Ye);
1198
+ const Ye = h.BITS, Ue = new u.wNAF(fe, a.endo ? Math.ceil(Ye / 2) : Ye);
1172
1199
  return fe.BASE.precompute(8), fe;
1173
1200
  }
1174
- function F(n) {
1175
- return Uint8Array.of(n ? 2 : 3);
1201
+ function F(r) {
1202
+ return Uint8Array.of(r ? 2 : 3);
1176
1203
  }
1177
- function G(n, a) {
1178
- const i = n.ORDER;
1204
+ function G(r, a) {
1205
+ const i = r.ORDER;
1179
1206
  let o = V;
1180
1207
  for (let q = i - E; q % b === V; q /= b)
1181
1208
  o += E;
1182
- const h = o, w = b << h - E - E, s = w * b, f = (i - E) / s, y = (f - E) / b, B = s - E, T = w, k = n.pow(a, f), Y = n.pow(a, (f + E) / b);
1209
+ const h = o, w = b << h - E - E, s = w * b, f = (i - E) / s, y = (f - E) / b, B = s - E, O = w, k = r.pow(a, f), Y = r.pow(a, (f + E) / b);
1183
1210
  let I = (q, C) => {
1184
- let te = k, $ = n.pow(C, B), x = n.sqr($);
1185
- x = n.mul(x, C);
1186
- let X = n.mul(q, x);
1187
- X = n.pow(X, y), X = n.mul(X, $), $ = n.mul(X, C), x = n.mul(X, q);
1188
- let ae = n.mul(x, $);
1189
- X = n.pow(ae, T);
1190
- let ye = n.eql(X, n.ONE);
1191
- $ = n.mul(x, Y), X = n.mul(ae, te), x = n.cmov($, x, ye), ae = n.cmov(X, ae, ye);
1211
+ let te = k, $ = r.pow(C, B), T = r.sqr($);
1212
+ T = r.mul(T, C);
1213
+ let X = r.mul(q, T);
1214
+ X = r.pow(X, y), X = r.mul(X, $), $ = r.mul(X, C), T = r.mul(X, q);
1215
+ let ae = r.mul(T, $);
1216
+ X = r.pow(ae, O);
1217
+ let ye = r.eql(X, r.ONE);
1218
+ $ = r.mul(T, Y), X = r.mul(ae, te), T = r.cmov($, T, ye), ae = r.cmov(X, ae, ye);
1192
1219
  for (let pe = h; pe > E; pe--) {
1193
1220
  let ve = pe - b;
1194
1221
  ve = b << ve - E;
1195
- let xe = n.pow(ae, ve);
1196
- const fe = n.eql(xe, n.ONE);
1197
- $ = n.mul(x, te), te = n.mul(te, te), xe = n.mul(ae, te), x = n.cmov($, x, fe), ae = n.cmov(xe, ae, fe);
1222
+ let Te = r.pow(ae, ve);
1223
+ const fe = r.eql(Te, r.ONE);
1224
+ $ = r.mul(T, te), te = r.mul(te, te), Te = r.mul(ae, te), T = r.cmov($, T, fe), ae = r.cmov(Te, ae, fe);
1198
1225
  }
1199
- return { isValid: ye, value: x };
1226
+ return { isValid: ye, value: T };
1200
1227
  };
1201
- if (n.ORDER % A === S) {
1202
- const q = (n.ORDER - S) / A, C = n.sqrt(n.neg(a));
1228
+ if (r.ORDER % A === S) {
1229
+ const q = (r.ORDER - S) / A, C = r.sqrt(r.neg(a));
1203
1230
  I = (te, $) => {
1204
- let x = n.sqr($);
1205
- const X = n.mul(te, $);
1206
- x = n.mul(x, X);
1207
- let ae = n.pow(x, q);
1208
- ae = n.mul(ae, X);
1209
- const ye = n.mul(ae, C), pe = n.mul(n.sqr(ae), $), ve = n.eql(pe, te);
1210
- let xe = n.cmov(ye, ae, ve);
1211
- return { isValid: ve, value: xe };
1231
+ let T = r.sqr($);
1232
+ const X = r.mul(te, $);
1233
+ T = r.mul(T, X);
1234
+ let ae = r.pow(T, q);
1235
+ ae = r.mul(ae, X);
1236
+ const ye = r.mul(ae, C), pe = r.mul(r.sqr(ae), $), ve = r.eql(pe, te);
1237
+ let Te = r.cmov(ye, ae, ve);
1238
+ return { isValid: ve, value: Te };
1212
1239
  };
1213
1240
  }
1214
1241
  return I;
1215
1242
  }
1216
- function se(n, a) {
1217
- (0, m.validateField)(n);
1243
+ function se(r, a) {
1244
+ (0, m.validateField)(r);
1218
1245
  const { A: i, B: o, Z: h } = a;
1219
- if (!n.isValid(i) || !n.isValid(o) || !n.isValid(h))
1246
+ if (!r.isValid(i) || !r.isValid(o) || !r.isValid(h))
1220
1247
  throw new Error("mapToCurveSimpleSWU: invalid opts");
1221
- const w = G(n, h);
1222
- if (!n.isOdd)
1248
+ const w = G(r, h);
1249
+ if (!r.isOdd)
1223
1250
  throw new Error("Field does not have .isOdd()");
1224
1251
  return (s) => {
1225
- let f, y, B, T, k, Y, I, q;
1226
- f = n.sqr(s), f = n.mul(f, h), y = n.sqr(f), y = n.add(y, f), B = n.add(y, n.ONE), B = n.mul(B, o), T = n.cmov(h, n.neg(y), !n.eql(y, n.ZERO)), T = n.mul(T, i), y = n.sqr(B), Y = n.sqr(T), k = n.mul(Y, i), y = n.add(y, k), y = n.mul(y, B), Y = n.mul(Y, T), k = n.mul(Y, o), y = n.add(y, k), I = n.mul(f, B);
1252
+ let f, y, B, O, k, Y, I, q;
1253
+ f = r.sqr(s), f = r.mul(f, h), y = r.sqr(f), y = r.add(y, f), B = r.add(y, r.ONE), B = r.mul(B, o), O = r.cmov(h, r.neg(y), !r.eql(y, r.ZERO)), O = r.mul(O, i), y = r.sqr(B), Y = r.sqr(O), k = r.mul(Y, i), y = r.add(y, k), y = r.mul(y, B), Y = r.mul(Y, O), k = r.mul(Y, o), y = r.add(y, k), I = r.mul(f, B);
1227
1254
  const { isValid: C, value: te } = w(y, Y);
1228
- q = n.mul(f, s), q = n.mul(q, te), I = n.cmov(I, B, C), q = n.cmov(q, te, C);
1229
- const $ = n.isOdd(s) === n.isOdd(q);
1230
- q = n.cmov(n.neg(q), q, $);
1231
- const x = (0, m.FpInvertBatch)(n, [T], !0)[0];
1232
- return I = n.mul(I, x), { x: I, y: q };
1255
+ q = r.mul(f, s), q = r.mul(q, te), I = r.cmov(I, B, C), q = r.cmov(q, te, C);
1256
+ const $ = r.isOdd(s) === r.isOdd(q);
1257
+ q = r.cmov(r.neg(q), q, $);
1258
+ const T = (0, m.FpInvertBatch)(r, [O], !0)[0];
1259
+ return I = r.mul(I, T), { x: I, y: q };
1233
1260
  };
1234
1261
  }
1235
- function ie(n, a) {
1262
+ function ie(r, a) {
1236
1263
  return {
1237
1264
  secretKey: a.BYTES,
1238
- publicKey: 1 + n.BYTES,
1239
- publicKeyUncompressed: 1 + 2 * n.BYTES,
1265
+ publicKey: 1 + r.BYTES,
1266
+ publicKeyUncompressed: 1 + 2 * r.BYTES,
1240
1267
  publicKeyHasPrefix: !0,
1241
1268
  signature: 2 * a.BYTES
1242
1269
  };
1243
1270
  }
1244
- function j(n, a = {}) {
1245
- const { Fn: i } = n, o = a.randomBytes || t.randomBytes, h = Object.assign(ie(n.Fp, i), { seed: (0, m.getMinHashLength)(i.ORDER) });
1271
+ function j(r, a = {}) {
1272
+ const { Fn: i } = r, o = a.randomBytes || t.randomBytes, h = Object.assign(ie(r.Fp, i), { seed: (0, m.getMinHashLength)(i.ORDER) });
1246
1273
  function w(I) {
1247
1274
  try {
1248
1275
  return !!M(i, I);
@@ -1254,7 +1281,7 @@ function Ct() {
1254
1281
  const { publicKey: C, publicKeyUncompressed: te } = h;
1255
1282
  try {
1256
1283
  const $ = I.length;
1257
- return q === !0 && $ !== C || q === !1 && $ !== te ? !1 : !!n.fromBytes(I);
1284
+ return q === !0 && $ !== C || q === !1 && $ !== te ? !1 : !!r.fromBytes(I);
1258
1285
  } catch {
1259
1286
  return !1;
1260
1287
  }
@@ -1263,16 +1290,16 @@ function Ct() {
1263
1290
  return (0, m.mapHashToField)((0, t._abytes2)(I, h.seed, "seed"), i.ORDER);
1264
1291
  }
1265
1292
  function y(I, q = !0) {
1266
- return n.BASE.multiply(M(i, I)).toBytes(q);
1293
+ return r.BASE.multiply(M(i, I)).toBytes(q);
1267
1294
  }
1268
1295
  function B(I) {
1269
1296
  const q = f(I);
1270
1297
  return { secretKey: q, publicKey: y(q) };
1271
1298
  }
1272
- function T(I) {
1299
+ function O(I) {
1273
1300
  if (typeof I == "bigint")
1274
1301
  return !1;
1275
- if (I instanceof n)
1302
+ if (I instanceof r)
1276
1303
  return !0;
1277
1304
  const { secretKey: q, publicKey: C, publicKeyUncompressed: te } = h;
1278
1305
  if (i.allowedLengths || q === C)
@@ -1281,14 +1308,14 @@ function Ct() {
1281
1308
  return $ === C || $ === te;
1282
1309
  }
1283
1310
  function k(I, q, C = !0) {
1284
- if (T(I) === !0)
1311
+ if (O(I) === !0)
1285
1312
  throw new Error("first arg must be private key");
1286
- if (T(q) === !1)
1313
+ if (O(q) === !1)
1287
1314
  throw new Error("second arg must be public key");
1288
1315
  const te = M(i, I);
1289
- return n.fromHex(q).multiply(te).toBytes(C);
1316
+ return r.fromHex(q).multiply(te).toBytes(C);
1290
1317
  }
1291
- return Object.freeze({ getPublicKey: y, getSharedSecret: k, keygen: B, Point: n, utils: {
1318
+ return Object.freeze({ getPublicKey: y, getSharedSecret: k, keygen: B, Point: r, utils: {
1292
1319
  isValidSecretKey: w,
1293
1320
  isValidPublicKey: s,
1294
1321
  randomSecretKey: f,
@@ -1296,12 +1323,12 @@ function Ct() {
1296
1323
  isValidPrivateKey: w,
1297
1324
  randomPrivateKey: f,
1298
1325
  normPrivateKeyToScalar: (I) => M(i, I),
1299
- precompute(I = 8, q = n.BASE) {
1326
+ precompute(I = 8, q = r.BASE) {
1300
1327
  return q.precompute(I, !1);
1301
1328
  }
1302
1329
  }, lengths: h });
1303
1330
  }
1304
- function O(n, a, i = {}) {
1331
+ function R(r, a, i = {}) {
1305
1332
  (0, c.ahash)(a), (0, t._validateObject)(i, {}, {
1306
1333
  hmac: "function",
1307
1334
  lowS: "boolean",
@@ -1309,7 +1336,7 @@ function Ct() {
1309
1336
  bits2int: "function",
1310
1337
  bits2int_modN: "function"
1311
1338
  });
1312
- const o = i.randomBytes || t.randomBytes, h = i.hmac || ((N, ...R) => (0, r.hmac)(a, N, (0, t.concatBytes)(...R))), { Fp: w, Fn: s } = n, { ORDER: f, BITS: y } = s, { keygen: B, getPublicKey: T, getSharedSecret: k, utils: Y, lengths: I } = j(n, i), q = {
1339
+ const o = i.randomBytes || t.randomBytes, h = i.hmac || ((N, ...x) => (0, n.hmac)(a, N, (0, t.concatBytes)(...x))), { Fp: w, Fn: s } = r, { ORDER: f, BITS: y } = s, { keygen: B, getPublicKey: O, getSharedSecret: k, utils: Y, lengths: I } = j(r, i), q = {
1313
1340
  prehash: !1,
1314
1341
  lowS: typeof i.lowS == "boolean" ? i.lowS : !1,
1315
1342
  format: void 0,
@@ -1317,50 +1344,50 @@ function Ct() {
1317
1344
  extraEntropy: !1
1318
1345
  }, C = "compact";
1319
1346
  function te(N) {
1320
- const R = f >> E;
1321
- return N > R;
1347
+ const x = f >> E;
1348
+ return N > x;
1322
1349
  }
1323
- function $(N, R) {
1324
- if (!s.isValidNot0(R))
1350
+ function $(N, x) {
1351
+ if (!s.isValidNot0(x))
1325
1352
  throw new Error(`invalid signature ${N}: out of range 1..Point.Fn.ORDER`);
1326
- return R;
1353
+ return x;
1327
1354
  }
1328
- function x(N, R) {
1329
- v(R);
1330
- const D = I.signature, J = R === "compact" ? D : R === "recovered" ? D + 1 : void 0;
1331
- return (0, t._abytes2)(N, J, `${R} signature`);
1355
+ function T(N, x) {
1356
+ v(x);
1357
+ const z = I.signature, J = x === "compact" ? z : x === "recovered" ? z + 1 : void 0;
1358
+ return (0, t._abytes2)(N, J, `${x} signature`);
1332
1359
  }
1333
1360
  class X {
1334
- constructor(R, D, J) {
1335
- this.r = $("r", R), this.s = $("s", D), J != null && (this.recovery = J), Object.freeze(this);
1361
+ constructor(x, z, J) {
1362
+ this.r = $("r", x), this.s = $("s", z), J != null && (this.recovery = J), Object.freeze(this);
1336
1363
  }
1337
- static fromBytes(R, D = C) {
1338
- x(R, D);
1364
+ static fromBytes(x, z = C) {
1365
+ T(x, z);
1339
1366
  let J;
1340
- if (D === "der") {
1341
- const { r: oe, s: ce } = e.DER.toSig((0, t._abytes2)(R));
1367
+ if (z === "der") {
1368
+ const { r: oe, s: ce } = e.DER.toSig((0, t._abytes2)(x));
1342
1369
  return new X(oe, ce);
1343
1370
  }
1344
- D === "recovered" && (J = R[0], D = "compact", R = R.subarray(1));
1345
- const re = s.BYTES, ne = R.subarray(0, re), ee = R.subarray(re, re * 2);
1371
+ z === "recovered" && (J = x[0], z = "compact", x = x.subarray(1));
1372
+ const re = s.BYTES, ne = x.subarray(0, re), ee = x.subarray(re, re * 2);
1346
1373
  return new X(s.fromBytes(ne), s.fromBytes(ee), J);
1347
1374
  }
1348
- static fromHex(R, D) {
1349
- return this.fromBytes((0, t.hexToBytes)(R), D);
1375
+ static fromHex(x, z) {
1376
+ return this.fromBytes((0, t.hexToBytes)(x), z);
1350
1377
  }
1351
- addRecoveryBit(R) {
1352
- return new X(this.r, this.s, R);
1378
+ addRecoveryBit(x) {
1379
+ return new X(this.r, this.s, x);
1353
1380
  }
1354
- recoverPublicKey(R) {
1355
- const D = w.ORDER, { r: J, s: re, recovery: ne } = this;
1381
+ recoverPublicKey(x) {
1382
+ const z = w.ORDER, { r: J, s: re, recovery: ne } = this;
1356
1383
  if (ne == null || ![0, 1, 2, 3].includes(ne))
1357
1384
  throw new Error("recovery id invalid");
1358
- if (f * b < D && ne > 1)
1385
+ if (f * b < z && ne > 1)
1359
1386
  throw new Error("recovery id is ambiguous for h>1 curve");
1360
1387
  const oe = ne === 2 || ne === 3 ? J + f : J;
1361
1388
  if (!w.isValid(oe))
1362
1389
  throw new Error("recovery id 2 or 3 invalid");
1363
- const ce = w.toBytes(oe), we = n.fromBytes((0, t.concatBytes)(F((ne & 1) === 0), ce)), de = s.inv(oe), ue = ye((0, t.ensureBytes)("msgHash", R)), me = s.create(-ue * de), ge = s.create(re * de), _e = n.BASE.multiplyUnsafe(me).add(we.multiplyUnsafe(ge));
1390
+ const ce = w.toBytes(oe), we = r.fromBytes((0, t.concatBytes)(F((ne & 1) === 0), ce)), de = s.inv(oe), ue = ye((0, t.ensureBytes)("msgHash", x)), me = s.create(-ue * de), ge = s.create(re * de), _e = r.BASE.multiplyUnsafe(me).add(we.multiplyUnsafe(ge));
1364
1391
  if (_e.is0())
1365
1392
  throw new Error("point at infinify");
1366
1393
  return _e.assertValidity(), _e;
@@ -1369,28 +1396,28 @@ function Ct() {
1369
1396
  hasHighS() {
1370
1397
  return te(this.s);
1371
1398
  }
1372
- toBytes(R = C) {
1373
- if (v(R), R === "der")
1399
+ toBytes(x = C) {
1400
+ if (v(x), x === "der")
1374
1401
  return (0, t.hexToBytes)(e.DER.hexFromSig(this));
1375
- const D = s.toBytes(this.r), J = s.toBytes(this.s);
1376
- if (R === "recovered") {
1402
+ const z = s.toBytes(this.r), J = s.toBytes(this.s);
1403
+ if (x === "recovered") {
1377
1404
  if (this.recovery == null)
1378
1405
  throw new Error("recovery bit must be present");
1379
- return (0, t.concatBytes)(Uint8Array.of(this.recovery), D, J);
1406
+ return (0, t.concatBytes)(Uint8Array.of(this.recovery), z, J);
1380
1407
  }
1381
- return (0, t.concatBytes)(D, J);
1408
+ return (0, t.concatBytes)(z, J);
1382
1409
  }
1383
- toHex(R) {
1384
- return (0, t.bytesToHex)(this.toBytes(R));
1410
+ toHex(x) {
1411
+ return (0, t.bytesToHex)(this.toBytes(x));
1385
1412
  }
1386
1413
  // TODO: remove
1387
1414
  assertValidity() {
1388
1415
  }
1389
- static fromCompact(R) {
1390
- return X.fromBytes((0, t.ensureBytes)("sig", R), "compact");
1416
+ static fromCompact(x) {
1417
+ return X.fromBytes((0, t.ensureBytes)("sig", x), "compact");
1391
1418
  }
1392
- static fromDER(R) {
1393
- return X.fromBytes((0, t.ensureBytes)("sig", R), "der");
1419
+ static fromDER(x) {
1420
+ return X.fromBytes((0, t.ensureBytes)("sig", x), "der");
1394
1421
  }
1395
1422
  normalizeS() {
1396
1423
  return this.hasHighS() ? new X(this.r, s.neg(this.s), this.recovery) : this;
@@ -1408,26 +1435,26 @@ function Ct() {
1408
1435
  return (0, t.bytesToHex)(this.toBytes("compact"));
1409
1436
  }
1410
1437
  }
1411
- const ae = i.bits2int || function(R) {
1412
- if (R.length > 8192)
1438
+ const ae = i.bits2int || function(x) {
1439
+ if (x.length > 8192)
1413
1440
  throw new Error("input is too large");
1414
- const D = (0, t.bytesToNumberBE)(R), J = R.length * 8 - y;
1415
- return J > 0 ? D >> BigInt(J) : D;
1416
- }, ye = i.bits2int_modN || function(R) {
1417
- return s.create(ae(R));
1441
+ const z = (0, t.bytesToNumberBE)(x), J = x.length * 8 - y;
1442
+ return J > 0 ? z >> BigInt(J) : z;
1443
+ }, ye = i.bits2int_modN || function(x) {
1444
+ return s.create(ae(x));
1418
1445
  }, pe = (0, t.bitMask)(y);
1419
1446
  function ve(N) {
1420
1447
  return (0, t.aInRange)("num < 2^" + y, N, V, pe), s.toBytes(N);
1421
1448
  }
1422
- function xe(N, R) {
1423
- return (0, t._abytes2)(N, void 0, "message"), R ? (0, t._abytes2)(a(N), void 0, "prehashed message") : N;
1449
+ function Te(N, x) {
1450
+ return (0, t._abytes2)(N, void 0, "message"), x ? (0, t._abytes2)(a(N), void 0, "prehashed message") : N;
1424
1451
  }
1425
- function fe(N, R, D) {
1426
- if (["recovered", "canonical"].some((me) => me in D))
1452
+ function fe(N, x, z) {
1453
+ if (["recovered", "canonical"].some((me) => me in z))
1427
1454
  throw new Error("sign() legacy options not supported");
1428
- const { lowS: J, prehash: re, extraEntropy: ne } = U(D, q);
1429
- N = xe(N, re);
1430
- const ee = ye(N), oe = M(s, R), ce = [ve(oe), ve(ee)];
1455
+ const { lowS: J, prehash: re, extraEntropy: ne } = U(z, q);
1456
+ N = Te(N, re);
1457
+ const ee = ye(N), oe = M(s, x), ce = [ve(oe), ve(ee)];
1431
1458
  if (ne != null && ne !== !1) {
1432
1459
  const me = ne === !0 ? o(I.secretKey) : ne;
1433
1460
  ce.push((0, t.ensureBytes)("extraEntropy", me));
@@ -1437,7 +1464,7 @@ function Ct() {
1437
1464
  const ge = ae(me);
1438
1465
  if (!s.isValidNot0(ge))
1439
1466
  return;
1440
- const _e = s.inv(ge), be = n.BASE.multiply(ge).toAffine(), Ee = s.create(be.x);
1467
+ const _e = s.inv(ge), be = r.BASE.multiply(ge).toAffine(), Ee = s.create(be.x);
1441
1468
  if (Ee === V)
1442
1469
  return;
1443
1470
  const Pe = s.create(_e * s.create(de + Ee * oe));
@@ -1448,62 +1475,62 @@ function Ct() {
1448
1475
  }
1449
1476
  return { seed: we, k2sig: ue };
1450
1477
  }
1451
- function Ye(N, R, D = {}) {
1478
+ function Ye(N, x, z = {}) {
1452
1479
  N = (0, t.ensureBytes)("message", N);
1453
- const { seed: J, k2sig: re } = fe(N, R, D);
1480
+ const { seed: J, k2sig: re } = fe(N, x, z);
1454
1481
  return (0, t.createHmacDrbg)(a.outputLen, s.BYTES, h)(J, re);
1455
1482
  }
1456
1483
  function Ue(N) {
1457
- let R;
1458
- const D = typeof N == "string" || (0, t.isBytes)(N), J = !D && N !== null && typeof N == "object" && typeof N.r == "bigint" && typeof N.s == "bigint";
1459
- if (!D && !J)
1484
+ let x;
1485
+ const z = typeof N == "string" || (0, t.isBytes)(N), J = !z && N !== null && typeof N == "object" && typeof N.r == "bigint" && typeof N.s == "bigint";
1486
+ if (!z && !J)
1460
1487
  throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
1461
1488
  if (J)
1462
- R = new X(N.r, N.s);
1463
- else if (D) {
1489
+ x = new X(N.r, N.s);
1490
+ else if (z) {
1464
1491
  try {
1465
- R = X.fromBytes((0, t.ensureBytes)("sig", N), "der");
1492
+ x = X.fromBytes((0, t.ensureBytes)("sig", N), "der");
1466
1493
  } catch (re) {
1467
1494
  if (!(re instanceof e.DER.Err))
1468
1495
  throw re;
1469
1496
  }
1470
- if (!R)
1497
+ if (!x)
1471
1498
  try {
1472
- R = X.fromBytes((0, t.ensureBytes)("sig", N), "compact");
1499
+ x = X.fromBytes((0, t.ensureBytes)("sig", N), "compact");
1473
1500
  } catch {
1474
1501
  return !1;
1475
1502
  }
1476
1503
  }
1477
- return R || !1;
1504
+ return x || !1;
1478
1505
  }
1479
- function le(N, R, D, J = {}) {
1506
+ function le(N, x, z, J = {}) {
1480
1507
  const { lowS: re, prehash: ne, format: ee } = U(J, q);
1481
- if (D = (0, t.ensureBytes)("publicKey", D), R = xe((0, t.ensureBytes)("message", R), ne), "strict" in J)
1508
+ if (z = (0, t.ensureBytes)("publicKey", z), x = Te((0, t.ensureBytes)("message", x), ne), "strict" in J)
1482
1509
  throw new Error("options.strict was renamed to lowS");
1483
1510
  const oe = ee === void 0 ? Ue(N) : X.fromBytes((0, t.ensureBytes)("sig", N), ee);
1484
1511
  if (oe === !1)
1485
1512
  return !1;
1486
1513
  try {
1487
- const ce = n.fromBytes(D);
1514
+ const ce = r.fromBytes(z);
1488
1515
  if (re && oe.hasHighS())
1489
1516
  return !1;
1490
- const { r: we, s: de } = oe, ue = ye(R), me = s.inv(de), ge = s.create(ue * me), _e = s.create(we * me), be = n.BASE.multiplyUnsafe(ge).add(ce.multiplyUnsafe(_e));
1517
+ const { r: we, s: de } = oe, ue = ye(x), me = s.inv(de), ge = s.create(ue * me), _e = s.create(we * me), be = r.BASE.multiplyUnsafe(ge).add(ce.multiplyUnsafe(_e));
1491
1518
  return be.is0() ? !1 : s.create(be.x) === we;
1492
1519
  } catch {
1493
1520
  return !1;
1494
1521
  }
1495
1522
  }
1496
- function Z(N, R, D = {}) {
1497
- const { prehash: J } = U(D, q);
1498
- return R = xe(R, J), X.fromBytes(N, "recovered").recoverPublicKey(R).toBytes();
1523
+ function Z(N, x, z = {}) {
1524
+ const { prehash: J } = U(z, q);
1525
+ return x = Te(x, J), X.fromBytes(N, "recovered").recoverPublicKey(x).toBytes();
1499
1526
  }
1500
1527
  return Object.freeze({
1501
1528
  keygen: B,
1502
- getPublicKey: T,
1529
+ getPublicKey: O,
1503
1530
  getSharedSecret: k,
1504
1531
  utils: Y,
1505
1532
  lengths: I,
1506
- Point: n,
1533
+ Point: r,
1507
1534
  sign: Ye,
1508
1535
  verify: le,
1509
1536
  recoverPublicKey: Z,
@@ -1511,62 +1538,62 @@ function Ct() {
1511
1538
  hash: a
1512
1539
  });
1513
1540
  }
1514
- function L(n) {
1515
- const { CURVE: a, curveOpts: i } = _(n), o = Q(a, i);
1516
- return z(n, o);
1541
+ function L(r) {
1542
+ const { CURVE: a, curveOpts: i } = _(r), o = Q(a, i);
1543
+ return D(r, o);
1517
1544
  }
1518
- function _(n) {
1545
+ function _(r) {
1519
1546
  const a = {
1520
- a: n.a,
1521
- b: n.b,
1522
- p: n.Fp.ORDER,
1523
- n: n.n,
1524
- h: n.h,
1525
- Gx: n.Gx,
1526
- Gy: n.Gy
1527
- }, i = n.Fp;
1528
- let o = n.allowedPrivateKeyLengths ? Array.from(new Set(n.allowedPrivateKeyLengths.map((s) => Math.ceil(s / 2)))) : void 0;
1547
+ a: r.a,
1548
+ b: r.b,
1549
+ p: r.Fp.ORDER,
1550
+ n: r.n,
1551
+ h: r.h,
1552
+ Gx: r.Gx,
1553
+ Gy: r.Gy
1554
+ }, i = r.Fp;
1555
+ let o = r.allowedPrivateKeyLengths ? Array.from(new Set(r.allowedPrivateKeyLengths.map((s) => Math.ceil(s / 2)))) : void 0;
1529
1556
  const h = (0, m.Field)(a.n, {
1530
- BITS: n.nBitLength,
1557
+ BITS: r.nBitLength,
1531
1558
  allowedLengths: o,
1532
- modFromBytes: n.wrapPrivateKey
1559
+ modFromBytes: r.wrapPrivateKey
1533
1560
  }), w = {
1534
1561
  Fp: i,
1535
1562
  Fn: h,
1536
- allowInfinityPoint: n.allowInfinityPoint,
1537
- endo: n.endo,
1538
- isTorsionFree: n.isTorsionFree,
1539
- clearCofactor: n.clearCofactor,
1540
- fromBytes: n.fromBytes,
1541
- toBytes: n.toBytes
1563
+ allowInfinityPoint: r.allowInfinityPoint,
1564
+ endo: r.endo,
1565
+ isTorsionFree: r.isTorsionFree,
1566
+ clearCofactor: r.clearCofactor,
1567
+ fromBytes: r.fromBytes,
1568
+ toBytes: r.toBytes
1542
1569
  };
1543
1570
  return { CURVE: a, curveOpts: w };
1544
1571
  }
1545
- function K(n) {
1546
- const { CURVE: a, curveOpts: i } = _(n), o = {
1547
- hmac: n.hmac,
1548
- randomBytes: n.randomBytes,
1549
- lowS: n.lowS,
1550
- bits2int: n.bits2int,
1551
- bits2int_modN: n.bits2int_modN
1572
+ function K(r) {
1573
+ const { CURVE: a, curveOpts: i } = _(r), o = {
1574
+ hmac: r.hmac,
1575
+ randomBytes: r.randomBytes,
1576
+ lowS: r.lowS,
1577
+ bits2int: r.bits2int,
1578
+ bits2int_modN: r.bits2int_modN
1552
1579
  };
1553
- return { CURVE: a, curveOpts: i, hash: n.hash, ecdsaOpts: o };
1580
+ return { CURVE: a, curveOpts: i, hash: r.hash, ecdsaOpts: o };
1554
1581
  }
1555
- function W(n, a, i) {
1582
+ function W(r, a, i) {
1556
1583
  function o(h) {
1557
- const w = n.sqr(h), s = n.mul(w, h);
1558
- return n.add(n.add(s, n.mul(h, a)), i);
1584
+ const w = r.sqr(h), s = r.mul(w, h);
1585
+ return r.add(r.add(s, r.mul(h, a)), i);
1559
1586
  }
1560
1587
  return o;
1561
1588
  }
1562
- function z(n, a) {
1589
+ function D(r, a) {
1563
1590
  const { Fp: i, Fn: o } = a;
1564
1591
  function h(s) {
1565
1592
  return (0, t.inRange)(s, E, o.ORDER);
1566
1593
  }
1567
- const w = W(i, n.a, n.b);
1594
+ const w = W(i, r.a, r.b);
1568
1595
  return Object.assign({}, {
1569
- CURVE: n,
1596
+ CURVE: r,
1570
1597
  Point: a,
1571
1598
  ProjectivePoint: a,
1572
1599
  normPrivateKeyToScalar: (s) => M(o, s),
@@ -1574,39 +1601,39 @@ function Ct() {
1574
1601
  isWithinCurveOrder: h
1575
1602
  });
1576
1603
  }
1577
- function d(n, a) {
1604
+ function d(r, a) {
1578
1605
  const i = a.Point;
1579
1606
  return Object.assign({}, a, {
1580
1607
  ProjectivePoint: i,
1581
- CURVE: Object.assign({}, n, (0, m.nLength)(i.Fn.ORDER, i.Fn.BITS))
1608
+ CURVE: Object.assign({}, r, (0, m.nLength)(i.Fn.ORDER, i.Fn.BITS))
1582
1609
  });
1583
1610
  }
1584
- function u(n) {
1585
- const { CURVE: a, curveOpts: i, hash: o, ecdsaOpts: h } = K(n), w = Q(a, i), s = O(w, o, h);
1586
- return d(n, s);
1611
+ function l(r) {
1612
+ const { CURVE: a, curveOpts: i, hash: o, ecdsaOpts: h } = K(r), w = Q(a, i), s = R(w, o, h);
1613
+ return d(r, s);
1587
1614
  }
1588
1615
  })(nt)), nt;
1589
1616
  }
1590
- var Ot;
1617
+ var Rt;
1591
1618
  function En() {
1592
- if (Ot) return Ke;
1593
- Ot = 1, Object.defineProperty(Ke, "__esModule", { value: !0 }), Ke.getHash = r, Ke.createCurve = c;
1619
+ if (Rt) return Ke;
1620
+ Rt = 1, Object.defineProperty(Ke, "__esModule", { value: !0 }), Ke.getHash = n, Ke.createCurve = c;
1594
1621
  const e = /* @__PURE__ */ Ct();
1595
- function r(t) {
1622
+ function n(t) {
1596
1623
  return { hash: t };
1597
1624
  }
1598
- function c(t, l) {
1625
+ function c(t, u) {
1599
1626
  const m = (g) => (0, e.weierstrass)({ ...t, hash: g });
1600
- return { ...m(l), create: m };
1627
+ return { ...m(u), create: m };
1601
1628
  }
1602
1629
  return Ke;
1603
1630
  }
1604
- var ot = {}, Rt;
1631
+ var ot = {}, xt;
1605
1632
  function Bn() {
1606
- return Rt || (Rt = 1, (function(e) {
1633
+ return xt || (xt = 1, (function(e) {
1607
1634
  Object.defineProperty(e, "__esModule", { value: !0 }), e._DST_scalar = void 0, e.expand_message_xmd = v, e.expand_message_xof = U, e.hash_to_field = H, e.isogenyMap = V, e.createHasher = E;
1608
- const r = /* @__PURE__ */ Ce(), c = /* @__PURE__ */ $e(), t = r.bytesToNumberBE;
1609
- function l(b, S) {
1635
+ const n = /* @__PURE__ */ Ce(), c = /* @__PURE__ */ $e(), t = n.bytesToNumberBE;
1636
+ function u(b, S) {
1610
1637
  if (g(b), g(S), b < 0 || b >= 1 << 8 * S)
1611
1638
  throw new Error("invalid I2OSP input: " + b);
1612
1639
  const A = Array.from({ length: S }).fill(0);
@@ -1625,44 +1652,44 @@ function Bn() {
1625
1652
  throw new Error("number expected");
1626
1653
  }
1627
1654
  function p(b) {
1628
- if (!(0, r.isBytes)(b) && typeof b != "string")
1655
+ if (!(0, n.isBytes)(b) && typeof b != "string")
1629
1656
  throw new Error("DST must be Uint8Array or string");
1630
- return typeof b == "string" ? (0, r.utf8ToBytes)(b) : b;
1657
+ return typeof b == "string" ? (0, n.utf8ToBytes)(b) : b;
1631
1658
  }
1632
1659
  function v(b, S, A, M) {
1633
- (0, r.abytes)(b), g(A), S = p(S), S.length > 255 && (S = M((0, r.concatBytes)((0, r.utf8ToBytes)("H2C-OVERSIZE-DST-"), S)));
1660
+ (0, n.abytes)(b), g(A), S = p(S), S.length > 255 && (S = M((0, n.concatBytes)((0, n.utf8ToBytes)("H2C-OVERSIZE-DST-"), S)));
1634
1661
  const { outputLen: Q, blockLen: F } = M, G = Math.ceil(A / Q);
1635
1662
  if (A > 65535 || G > 255)
1636
1663
  throw new Error("expand_message_xmd: invalid lenInBytes");
1637
- const se = (0, r.concatBytes)(S, l(S.length, 1)), ie = l(0, F), j = l(A, 2), O = new Array(G), L = M((0, r.concatBytes)(ie, b, j, l(0, 1), se));
1638
- O[0] = M((0, r.concatBytes)(L, l(1, 1), se));
1664
+ const se = (0, n.concatBytes)(S, u(S.length, 1)), ie = u(0, F), j = u(A, 2), R = new Array(G), L = M((0, n.concatBytes)(ie, b, j, u(0, 1), se));
1665
+ R[0] = M((0, n.concatBytes)(L, u(1, 1), se));
1639
1666
  for (let K = 1; K <= G; K++) {
1640
- const W = [m(L, O[K - 1]), l(K + 1, 1), se];
1641
- O[K] = M((0, r.concatBytes)(...W));
1667
+ const W = [m(L, R[K - 1]), u(K + 1, 1), se];
1668
+ R[K] = M((0, n.concatBytes)(...W));
1642
1669
  }
1643
- return (0, r.concatBytes)(...O).slice(0, A);
1670
+ return (0, n.concatBytes)(...R).slice(0, A);
1644
1671
  }
1645
1672
  function U(b, S, A, M, Q) {
1646
- if ((0, r.abytes)(b), g(A), S = p(S), S.length > 255) {
1673
+ if ((0, n.abytes)(b), g(A), S = p(S), S.length > 255) {
1647
1674
  const F = Math.ceil(2 * M / 8);
1648
- S = Q.create({ dkLen: F }).update((0, r.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(S).digest();
1675
+ S = Q.create({ dkLen: F }).update((0, n.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(S).digest();
1649
1676
  }
1650
1677
  if (A > 65535 || S.length > 255)
1651
1678
  throw new Error("expand_message_xof: invalid lenInBytes");
1652
- return Q.create({ dkLen: A }).update(b).update(l(A, 2)).update(S).update(l(S.length, 1)).digest();
1679
+ return Q.create({ dkLen: A }).update(b).update(u(A, 2)).update(S).update(u(S.length, 1)).digest();
1653
1680
  }
1654
1681
  function H(b, S, A) {
1655
- (0, r._validateObject)(A, {
1682
+ (0, n._validateObject)(A, {
1656
1683
  p: "bigint",
1657
1684
  m: "number",
1658
1685
  k: "number",
1659
1686
  hash: "function"
1660
1687
  });
1661
1688
  const { p: M, k: Q, m: F, hash: G, expand: se, DST: ie } = A;
1662
- if (!(0, r.isHash)(A.hash))
1689
+ if (!(0, n.isHash)(A.hash))
1663
1690
  throw new Error("expected valid hash");
1664
- (0, r.abytes)(b), g(S);
1665
- const j = M.toString(2).length, O = Math.ceil((j + Q) / 8), L = S * F * O;
1691
+ (0, n.abytes)(b), g(S);
1692
+ const j = M.toString(2).length, R = Math.ceil((j + Q) / 8), L = S * F * R;
1666
1693
  let _;
1667
1694
  if (se === "xmd")
1668
1695
  _ = v(b, ie, L, G);
@@ -1674,23 +1701,23 @@ function Bn() {
1674
1701
  throw new Error('expand must be "xmd" or "xof"');
1675
1702
  const K = new Array(S);
1676
1703
  for (let W = 0; W < S; W++) {
1677
- const z = new Array(F);
1704
+ const D = new Array(F);
1678
1705
  for (let d = 0; d < F; d++) {
1679
- const u = O * (d + W * F), n = _.subarray(u, u + O);
1680
- z[d] = (0, c.mod)(t(n), M);
1706
+ const l = R * (d + W * F), r = _.subarray(l, l + R);
1707
+ D[d] = (0, c.mod)(t(r), M);
1681
1708
  }
1682
- K[W] = z;
1709
+ K[W] = D;
1683
1710
  }
1684
1711
  return K;
1685
1712
  }
1686
1713
  function V(b, S) {
1687
1714
  const A = S.map((M) => Array.from(M).reverse());
1688
1715
  return (M, Q) => {
1689
- const [F, G, se, ie] = A.map((L) => L.reduce((_, K) => b.add(b.mul(_, M), K))), [j, O] = (0, c.FpInvertBatch)(b, [G, ie], !0);
1690
- return M = b.mul(F, j), Q = b.mul(Q, b.mul(se, O)), { x: M, y: Q };
1716
+ const [F, G, se, ie] = A.map((L) => L.reduce((_, K) => b.add(b.mul(_, M), K))), [j, R] = (0, c.FpInvertBatch)(b, [G, ie], !0);
1717
+ return M = b.mul(F, j), Q = b.mul(Q, b.mul(se, R)), { x: M, y: Q };
1691
1718
  };
1692
1719
  }
1693
- e._DST_scalar = (0, r.utf8ToBytes)("HashToScalar-");
1720
+ e._DST_scalar = (0, n.utf8ToBytes)("HashToScalar-");
1694
1721
  function E(b, S, A) {
1695
1722
  if (typeof S != "function")
1696
1723
  throw new Error("mapToCurve() must be defined");
@@ -1704,12 +1731,12 @@ function Bn() {
1704
1731
  return {
1705
1732
  defaults: A,
1706
1733
  hashToCurve(F, G) {
1707
- const se = Object.assign({}, A, G), ie = H(F, 2, se), j = M(ie[0]), O = M(ie[1]);
1708
- return Q(j.add(O));
1734
+ const se = Object.assign({}, A, G), ie = H(F, 2, se), j = M(ie[0]), R = M(ie[1]);
1735
+ return Q(j.add(R));
1709
1736
  },
1710
1737
  encodeToCurve(F, G) {
1711
- const se = A.encodeDST ? { DST: A.encodeDST } : {}, ie = Object.assign({}, A, se, G), j = H(F, 1, ie), O = M(j[0]);
1712
- return Q(O);
1738
+ const se = A.encodeDST ? { DST: A.encodeDST } : {}, ie = Object.assign({}, A, se, G), j = H(F, 1, ie), R = M(j[0]);
1739
+ return Q(R);
1713
1740
  },
1714
1741
  /** See {@link H2CHasher} */
1715
1742
  mapToCurve(F) {
@@ -1731,10 +1758,10 @@ function Bn() {
1731
1758
  })(ot)), ot;
1732
1759
  }
1733
1760
  var qt;
1734
- function er() {
1761
+ function nr() {
1735
1762
  return qt || (qt = 1, (function(e) {
1736
1763
  Object.defineProperty(e, "__esModule", { value: !0 }), e.encodeToCurve = e.hashToCurve = e.secp256k1_hasher = e.schnorr = e.secp256k1 = void 0;
1737
- const r = /* @__PURE__ */ dn(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ En(), l = /* @__PURE__ */ Bn(), m = /* @__PURE__ */ $e(), g = /* @__PURE__ */ Ct(), p = /* @__PURE__ */ Ce(), v = {
1764
+ const n = /* @__PURE__ */ dn(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ En(), u = /* @__PURE__ */ Bn(), m = /* @__PURE__ */ $e(), g = /* @__PURE__ */ Ct(), p = /* @__PURE__ */ Ce(), v = {
1738
1765
  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
1739
1766
  n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
1740
1767
  h: BigInt(1),
@@ -1750,52 +1777,52 @@ function er() {
1750
1777
  ]
1751
1778
  }, H = /* @__PURE__ */ BigInt(0), V = /* @__PURE__ */ BigInt(1), E = /* @__PURE__ */ BigInt(2);
1752
1779
  function b(d) {
1753
- const u = v.p, n = BigInt(3), a = BigInt(6), i = BigInt(11), o = BigInt(22), h = BigInt(23), w = BigInt(44), s = BigInt(88), f = d * d * d % u, y = f * f * d % u, B = (0, m.pow2)(y, n, u) * y % u, T = (0, m.pow2)(B, n, u) * y % u, k = (0, m.pow2)(T, E, u) * f % u, Y = (0, m.pow2)(k, i, u) * k % u, I = (0, m.pow2)(Y, o, u) * Y % u, q = (0, m.pow2)(I, w, u) * I % u, C = (0, m.pow2)(q, s, u) * q % u, te = (0, m.pow2)(C, w, u) * I % u, $ = (0, m.pow2)(te, n, u) * y % u, x = (0, m.pow2)($, h, u) * Y % u, X = (0, m.pow2)(x, a, u) * f % u, ae = (0, m.pow2)(X, E, u);
1780
+ const l = v.p, r = BigInt(3), a = BigInt(6), i = BigInt(11), o = BigInt(22), h = BigInt(23), w = BigInt(44), s = BigInt(88), f = d * d * d % l, y = f * f * d % l, B = (0, m.pow2)(y, r, l) * y % l, O = (0, m.pow2)(B, r, l) * y % l, k = (0, m.pow2)(O, E, l) * f % l, Y = (0, m.pow2)(k, i, l) * k % l, I = (0, m.pow2)(Y, o, l) * Y % l, q = (0, m.pow2)(I, w, l) * I % l, C = (0, m.pow2)(q, s, l) * q % l, te = (0, m.pow2)(C, w, l) * I % l, $ = (0, m.pow2)(te, r, l) * y % l, T = (0, m.pow2)($, h, l) * Y % l, X = (0, m.pow2)(T, a, l) * f % l, ae = (0, m.pow2)(X, E, l);
1754
1781
  if (!S.eql(S.sqr(ae), d))
1755
1782
  throw new Error("Cannot find square root");
1756
1783
  return ae;
1757
1784
  }
1758
1785
  const S = (0, m.Field)(v.p, { sqrt: b });
1759
- e.secp256k1 = (0, t.createCurve)({ ...v, Fp: S, lowS: !0, endo: U }, r.sha256);
1786
+ e.secp256k1 = (0, t.createCurve)({ ...v, Fp: S, lowS: !0, endo: U }, n.sha256);
1760
1787
  const A = {};
1761
- function M(d, ...u) {
1762
- let n = A[d];
1763
- if (n === void 0) {
1764
- const a = (0, r.sha256)((0, p.utf8ToBytes)(d));
1765
- n = (0, p.concatBytes)(a, a), A[d] = n;
1788
+ function M(d, ...l) {
1789
+ let r = A[d];
1790
+ if (r === void 0) {
1791
+ const a = (0, n.sha256)((0, p.utf8ToBytes)(d));
1792
+ r = (0, p.concatBytes)(a, a), A[d] = r;
1766
1793
  }
1767
- return (0, r.sha256)((0, p.concatBytes)(n, ...u));
1794
+ return (0, n.sha256)((0, p.concatBytes)(r, ...l));
1768
1795
  }
1769
1796
  const Q = (d) => d.toBytes(!0).slice(1), F = e.secp256k1.Point, G = (d) => d % E === H;
1770
1797
  function se(d) {
1771
- const { Fn: u, BASE: n } = F, a = (0, g._normFnElement)(u, d), i = n.multiply(a);
1772
- return { scalar: G(i.y) ? a : u.neg(a), bytes: Q(i) };
1798
+ const { Fn: l, BASE: r } = F, a = (0, g._normFnElement)(l, d), i = r.multiply(a);
1799
+ return { scalar: G(i.y) ? a : l.neg(a), bytes: Q(i) };
1773
1800
  }
1774
1801
  function ie(d) {
1775
- const u = S;
1776
- if (!u.isValidNot0(d))
1802
+ const l = S;
1803
+ if (!l.isValidNot0(d))
1777
1804
  throw new Error("invalid x: Fail if x ≥ p");
1778
- const n = u.create(d * d), a = u.create(n * d + BigInt(7));
1779
- let i = u.sqrt(a);
1780
- G(i) || (i = u.neg(i));
1805
+ const r = l.create(d * d), a = l.create(r * d + BigInt(7));
1806
+ let i = l.sqrt(a);
1807
+ G(i) || (i = l.neg(i));
1781
1808
  const o = F.fromAffine({ x: d, y: i });
1782
1809
  return o.assertValidity(), o;
1783
1810
  }
1784
1811
  const j = p.bytesToNumberBE;
1785
- function O(...d) {
1812
+ function R(...d) {
1786
1813
  return F.Fn.create(j(M("BIP0340/challenge", ...d)));
1787
1814
  }
1788
1815
  function L(d) {
1789
1816
  return se(d).bytes;
1790
1817
  }
1791
- function _(d, u, n = (0, c.randomBytes)(32)) {
1792
- const { Fn: a } = F, i = (0, p.ensureBytes)("message", d), { bytes: o, scalar: h } = se(u), w = (0, p.ensureBytes)("auxRand", n, 32), s = a.toBytes(h ^ j(M("BIP0340/aux", w))), f = M("BIP0340/nonce", s, o, i), { bytes: y, scalar: B } = se(f), T = O(y, o, i), k = new Uint8Array(64);
1793
- if (k.set(y, 0), k.set(a.toBytes(a.create(B + T * h)), 32), !K(k, i, o))
1818
+ function _(d, l, r = (0, c.randomBytes)(32)) {
1819
+ const { Fn: a } = F, i = (0, p.ensureBytes)("message", d), { bytes: o, scalar: h } = se(l), w = (0, p.ensureBytes)("auxRand", r, 32), s = a.toBytes(h ^ j(M("BIP0340/aux", w))), f = M("BIP0340/nonce", s, o, i), { bytes: y, scalar: B } = se(f), O = R(y, o, i), k = new Uint8Array(64);
1820
+ if (k.set(y, 0), k.set(a.toBytes(a.create(B + O * h)), 32), !K(k, i, o))
1794
1821
  throw new Error("sign: Invalid signature produced");
1795
1822
  return k;
1796
1823
  }
1797
- function K(d, u, n) {
1798
- const { Fn: a, BASE: i } = F, o = (0, p.ensureBytes)("signature", d, 64), h = (0, p.ensureBytes)("message", u), w = (0, p.ensureBytes)("publicKey", n, 32);
1824
+ function K(d, l, r) {
1825
+ const { Fn: a, BASE: i } = F, o = (0, p.ensureBytes)("signature", d, 64), h = (0, p.ensureBytes)("message", l), w = (0, p.ensureBytes)("publicKey", r, 32);
1799
1826
  try {
1800
1827
  const s = ie(j(w)), f = j(o.subarray(0, 32));
1801
1828
  if (!(0, p.inRange)(f, V, v.p))
@@ -1803,17 +1830,17 @@ function er() {
1803
1830
  const y = j(o.subarray(32, 64));
1804
1831
  if (!(0, p.inRange)(y, V, v.n))
1805
1832
  return !1;
1806
- const B = O(a.toBytes(f), Q(s), h), T = i.multiplyUnsafe(y).add(s.multiplyUnsafe(a.neg(B))), { x: k, y: Y } = T.toAffine();
1807
- return !(T.is0() || !G(Y) || k !== f);
1833
+ const B = R(a.toBytes(f), Q(s), h), O = i.multiplyUnsafe(y).add(s.multiplyUnsafe(a.neg(B))), { x: k, y: Y } = O.toAffine();
1834
+ return !(O.is0() || !G(Y) || k !== f);
1808
1835
  } catch {
1809
1836
  return !1;
1810
1837
  }
1811
1838
  }
1812
1839
  e.schnorr = (() => {
1813
- const n = (i = (0, c.randomBytes)(48)) => (0, m.mapHashToField)(i, v.n);
1840
+ const r = (i = (0, c.randomBytes)(48)) => (0, m.mapHashToField)(i, v.n);
1814
1841
  e.secp256k1.utils.randomSecretKey;
1815
1842
  function a(i) {
1816
- const o = n(i);
1843
+ const o = r(i);
1817
1844
  return { secretKey: o, publicKey: L(o) };
1818
1845
  }
1819
1846
  return {
@@ -1823,8 +1850,8 @@ function er() {
1823
1850
  verify: K,
1824
1851
  Point: F,
1825
1852
  utils: {
1826
- randomSecretKey: n,
1827
- randomPrivateKey: n,
1853
+ randomSecretKey: r,
1854
+ randomPrivateKey: r,
1828
1855
  taggedHash: M,
1829
1856
  // TODO: remove
1830
1857
  lift_x: ie,
@@ -1842,7 +1869,7 @@ function er() {
1842
1869
  }
1843
1870
  };
1844
1871
  })();
1845
- const W = (0, l.isogenyMap)(S, [
1872
+ const W = (0, u.isogenyMap)(S, [
1846
1873
  // xNum
1847
1874
  [
1848
1875
  "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7",
@@ -1872,14 +1899,14 @@ function er() {
1872
1899
  "0x0000000000000000000000000000000000000000000000000000000000000001"
1873
1900
  // LAST 1
1874
1901
  ]
1875
- ].map((d) => d.map((u) => BigInt(u)))), z = (0, g.mapToCurveSimpleSWU)(S, {
1902
+ ].map((d) => d.map((l) => BigInt(l)))), D = (0, g.mapToCurveSimpleSWU)(S, {
1876
1903
  A: BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),
1877
1904
  B: BigInt("1771"),
1878
1905
  Z: S.create(BigInt("-11"))
1879
1906
  });
1880
- e.secp256k1_hasher = (0, l.createHasher)(e.secp256k1.Point, (d) => {
1881
- const { x: u, y: n } = z(S.create(d[0]));
1882
- return W(u, n);
1907
+ e.secp256k1_hasher = (0, u.createHasher)(e.secp256k1.Point, (d) => {
1908
+ const { x: l, y: r } = D(S.create(d[0]));
1909
+ return W(l, r);
1883
1910
  }, {
1884
1911
  DST: "secp256k1_XMD:SHA-256_SSWU_RO_",
1885
1912
  encodeDST: "secp256k1_XMD:SHA-256_SSWU_NU_",
@@ -1887,20 +1914,20 @@ function er() {
1887
1914
  m: 1,
1888
1915
  k: 128,
1889
1916
  expand: "xmd",
1890
- hash: r.sha256
1917
+ hash: n.sha256
1891
1918
  }), e.hashToCurve = e.secp256k1_hasher.hashToCurve, e.encodeToCurve = e.secp256k1_hasher.encodeToCurve;
1892
1919
  })(tt)), tt;
1893
1920
  }
1894
1921
  var P = {}, It;
1895
- function tr() {
1922
+ function rr() {
1896
1923
  if (It) return P;
1897
1924
  It = 1, Object.defineProperty(P, "__esModule", { value: !0 }), P.isHash = P.validateObject = P.memoized = P.notImplemented = P.createHmacDrbg = P.bitMask = P.bitSet = P.bitGet = P.bitLen = P.aInRange = P.inRange = P.asciiToBytes = P.copyBytes = P.equalBytes = P.ensureBytes = P.numberToVarBytesBE = P.numberToBytesLE = P.numberToBytesBE = P.bytesToNumberLE = P.bytesToNumberBE = P.hexToNumber = P.numberToHexUnpadded = P.abool = P.utf8ToBytes = P.randomBytes = P.isBytes = P.hexToBytes = P.concatBytes = P.bytesToUtf8 = P.bytesToHex = P.anumber = P.abytes = void 0;
1898
1925
  const e = /* @__PURE__ */ Ce();
1899
1926
  return P.abytes = e.abytes, P.anumber = e.anumber, P.bytesToHex = e.bytesToHex, P.bytesToUtf8 = e.bytesToUtf8, P.concatBytes = e.concatBytes, P.hexToBytes = e.hexToBytes, P.isBytes = e.isBytes, P.randomBytes = e.randomBytes, P.utf8ToBytes = e.utf8ToBytes, P.abool = e.abool, P.numberToHexUnpadded = e.numberToHexUnpadded, P.hexToNumber = e.hexToNumber, P.bytesToNumberBE = e.bytesToNumberBE, P.bytesToNumberLE = e.bytesToNumberLE, P.numberToBytesBE = e.numberToBytesBE, P.numberToBytesLE = e.numberToBytesLE, P.numberToVarBytesBE = e.numberToVarBytesBE, P.ensureBytes = e.ensureBytes, P.equalBytes = e.equalBytes, P.copyBytes = e.copyBytes, P.asciiToBytes = e.asciiToBytes, P.inRange = e.inRange, P.aInRange = e.aInRange, P.bitLen = e.bitLen, P.bitGet = e.bitGet, P.bitSet = e.bitSet, P.bitMask = e.bitMask, P.createHmacDrbg = e.createHmacDrbg, P.notImplemented = e.notImplemented, P.memoized = e.memoized, P.validateObject = e.validateObject, P.isHash = e.isHash, P;
1900
1927
  }
1901
- function nr(e, r = "") {
1928
+ function or(e, n = "") {
1902
1929
  if (typeof e != "boolean") {
1903
- const c = r && `"${r}" `;
1930
+ const c = n && `"${n}" `;
1904
1931
  throw new Error(c + "expected boolean, got type=" + typeof e);
1905
1932
  }
1906
1933
  return e;
@@ -1913,138 +1940,138 @@ function mt(e) {
1913
1940
  function Kt(e) {
1914
1941
  return mt(e), (e & e - 1) === 0 && e !== 0;
1915
1942
  }
1916
- function pn(e, r) {
1943
+ function pn(e, n) {
1917
1944
  mt(e);
1918
1945
  let c = 0;
1919
- for (let t = 0; t < r; t++, e >>>= 1)
1946
+ for (let t = 0; t < n; t++, e >>>= 1)
1920
1947
  c = c << 1 | e & 1;
1921
1948
  return c;
1922
1949
  }
1923
- function zt(e) {
1950
+ function Dt(e) {
1924
1951
  return mt(e), 31 - Math.clz32(e);
1925
1952
  }
1926
1953
  function Nt(e) {
1927
- const r = e.length;
1928
- if (r < 2 || !Kt(r))
1929
- throw new Error("n must be a power of 2 and greater than 1. Got " + r);
1930
- const c = zt(r);
1931
- for (let t = 0; t < r; t++) {
1932
- const l = pn(t, c);
1933
- if (t < l) {
1954
+ const n = e.length;
1955
+ if (n < 2 || !Kt(n))
1956
+ throw new Error("n must be a power of 2 and greater than 1. Got " + n);
1957
+ const c = Dt(n);
1958
+ for (let t = 0; t < n; t++) {
1959
+ const u = pn(t, c);
1960
+ if (t < u) {
1934
1961
  const m = e[t];
1935
- e[t] = e[l], e[l] = m;
1962
+ e[t] = e[u], e[u] = m;
1936
1963
  }
1937
1964
  }
1938
1965
  return e;
1939
1966
  }
1940
- const rr = (e, r) => {
1941
- const { N: c, roots: t, dit: l, invertButterflies: m = !1, skipStages: g = 0, brp: p = !0 } = r, v = zt(c);
1967
+ const sr = (e, n) => {
1968
+ const { N: c, roots: t, dit: u, invertButterflies: m = !1, skipStages: g = 0, brp: p = !0 } = n, v = Dt(c);
1942
1969
  if (!Kt(c))
1943
1970
  throw new Error("FFT: Polynomial size should be power of two");
1944
- const U = l !== m;
1971
+ const U = u !== m;
1945
1972
  return (H) => {
1946
1973
  if (H.length !== c)
1947
1974
  throw new Error("FFT: wrong Polynomial length");
1948
- l && p && Nt(H);
1975
+ u && p && Nt(H);
1949
1976
  for (let V = 0, E = 1; V < v - g; V++) {
1950
- const b = l ? V + 1 + g : v - V, S = 1 << b, A = S >> 1, M = c >> b;
1977
+ const b = u ? V + 1 + g : v - V, S = 1 << b, A = S >> 1, M = c >> b;
1951
1978
  for (let Q = 0; Q < c; Q += S)
1952
1979
  for (let F = 0, G = E++; F < A; F++) {
1953
- const se = m ? l ? c - G : G : F * M, ie = Q + F, j = Q + F + A, O = t[se], L = H[j], _ = H[ie];
1980
+ const se = m ? u ? c - G : G : F * M, ie = Q + F, j = Q + F + A, R = t[se], L = H[j], _ = H[ie];
1954
1981
  if (U) {
1955
- const K = e.mul(L, O);
1982
+ const K = e.mul(L, R);
1956
1983
  H[ie] = e.add(_, K), H[j] = e.sub(_, K);
1957
- } else m ? (H[ie] = e.add(L, _), H[j] = e.mul(e.sub(L, _), O)) : (H[ie] = e.add(_, L), H[j] = e.mul(e.sub(_, L), O));
1984
+ } else m ? (H[ie] = e.add(L, _), H[j] = e.mul(e.sub(L, _), R)) : (H[ie] = e.add(_, L), H[j] = e.mul(e.sub(_, L), R));
1958
1985
  }
1959
1986
  }
1960
- return !l && p && Nt(H), H;
1987
+ return !u && p && Nt(H), H;
1961
1988
  };
1962
1989
  };
1963
1990
  const bt = /* @__PURE__ */ BigInt(0), lt = /* @__PURE__ */ BigInt(1);
1964
- function Je(e, r = "") {
1991
+ function Je(e, n = "") {
1965
1992
  if (typeof e != "boolean") {
1966
- const c = r && `"${r}"`;
1993
+ const c = n && `"${n}"`;
1967
1994
  throw new Error(c + "expected boolean, got type=" + typeof e);
1968
1995
  }
1969
1996
  return e;
1970
1997
  }
1971
- function Ze(e, r, c = "") {
1972
- const t = yt(e), l = e?.length, m = r !== void 0;
1973
- if (!t || m && l !== r) {
1974
- const g = c && `"${c}" `, p = m ? ` of length ${r}` : "", v = t ? `length=${l}` : `type=${typeof e}`;
1998
+ function Ze(e, n, c = "") {
1999
+ const t = yt(e), u = e?.length, m = n !== void 0;
2000
+ if (!t || m && u !== n) {
2001
+ const g = c && `"${c}" `, p = m ? ` of length ${n}` : "", v = t ? `length=${u}` : `type=${typeof e}`;
1975
2002
  throw new Error(g + "expected Uint8Array" + p + ", got " + v);
1976
2003
  }
1977
2004
  return e;
1978
2005
  }
1979
2006
  function Xe(e) {
1980
- const r = e.toString(16);
1981
- return r.length & 1 ? "0" + r : r;
2007
+ const n = e.toString(16);
2008
+ return n.length & 1 ? "0" + n : n;
1982
2009
  }
1983
- function Dt(e) {
2010
+ function zt(e) {
1984
2011
  if (typeof e != "string")
1985
2012
  throw new Error("hex string expected, got " + typeof e);
1986
2013
  return e === "" ? bt : BigInt("0x" + e);
1987
2014
  }
1988
2015
  function et(e) {
1989
- return Dt(Me(e));
2016
+ return zt(Me(e));
1990
2017
  }
1991
2018
  function Yt(e) {
1992
- return hn(e), Dt(Me(Uint8Array.from(e).reverse()));
2019
+ return hn(e), zt(Me(Uint8Array.from(e).reverse()));
1993
2020
  }
1994
- function wt(e, r) {
1995
- return Qe(e.toString(16).padStart(r * 2, "0"));
2021
+ function wt(e, n) {
2022
+ return Qe(e.toString(16).padStart(n * 2, "0"));
1996
2023
  }
1997
- function Pt(e, r) {
1998
- return wt(e, r).reverse();
2024
+ function Pt(e, n) {
2025
+ return wt(e, n).reverse();
1999
2026
  }
2000
- function Se(e, r, c) {
2027
+ function Se(e, n, c) {
2001
2028
  let t;
2002
- if (typeof r == "string")
2029
+ if (typeof n == "string")
2003
2030
  try {
2004
- t = Qe(r);
2005
- } catch (l) {
2006
- throw new Error(e + " must be hex string or Uint8Array, cause: " + l);
2031
+ t = Qe(n);
2032
+ } catch (u) {
2033
+ throw new Error(e + " must be hex string or Uint8Array, cause: " + u);
2007
2034
  }
2008
- else if (yt(r))
2009
- t = Uint8Array.from(r);
2035
+ else if (yt(n))
2036
+ t = Uint8Array.from(n);
2010
2037
  else
2011
2038
  throw new Error(e + " must be hex string or Uint8Array");
2012
2039
  return t.length, t;
2013
2040
  }
2014
2041
  const st = (e) => typeof e == "bigint" && bt <= e;
2015
- function vn(e, r, c) {
2016
- return st(e) && st(r) && st(c) && r <= e && e < c;
2042
+ function vn(e, n, c) {
2043
+ return st(e) && st(n) && st(c) && n <= e && e < c;
2017
2044
  }
2018
- function _n(e, r, c, t) {
2019
- if (!vn(r, c, t))
2020
- throw new Error("expected valid " + e + ": " + c + " <= n < " + t + ", got " + r);
2045
+ function _n(e, n, c, t) {
2046
+ if (!vn(n, c, t))
2047
+ throw new Error("expected valid " + e + ": " + c + " <= n < " + t + ", got " + n);
2021
2048
  }
2022
2049
  function Xt(e) {
2023
- let r;
2024
- for (r = 0; e > bt; e >>= lt, r += 1)
2050
+ let n;
2051
+ for (n = 0; e > bt; e >>= lt, n += 1)
2025
2052
  ;
2026
- return r;
2053
+ return n;
2027
2054
  }
2028
- const ze = (e) => (lt << BigInt(e)) - lt;
2029
- function Sn(e, r, c) {
2055
+ const De = (e) => (lt << BigInt(e)) - lt;
2056
+ function Sn(e, n, c) {
2030
2057
  if (typeof e != "number" || e < 2)
2031
2058
  throw new Error("hashLen must be a number");
2032
- if (typeof r != "number" || r < 2)
2059
+ if (typeof n != "number" || n < 2)
2033
2060
  throw new Error("qByteLen must be a number");
2034
2061
  if (typeof c != "function")
2035
2062
  throw new Error("hmacFn must be a function");
2036
- const t = (b) => new Uint8Array(b), l = (b) => Uint8Array.of(b);
2063
+ const t = (b) => new Uint8Array(b), u = (b) => Uint8Array.of(b);
2037
2064
  let m = t(e), g = t(e), p = 0;
2038
2065
  const v = () => {
2039
2066
  m.fill(1), g.fill(0), p = 0;
2040
2067
  }, U = (...b) => c(g, m, ...b), H = (b = t(0)) => {
2041
- g = U(l(0), b), m = U(), b.length !== 0 && (g = U(l(1), b), m = U());
2068
+ g = U(u(0), b), m = U(), b.length !== 0 && (g = U(u(1), b), m = U());
2042
2069
  }, V = () => {
2043
2070
  if (p++ >= 1e3)
2044
2071
  throw new Error("drbg: tried 1000 values");
2045
2072
  let b = 0;
2046
2073
  const S = [];
2047
- for (; b < r; ) {
2074
+ for (; b < n; ) {
2048
2075
  m = U();
2049
2076
  const A = m.slice();
2050
2077
  S.push(A), b += m.length;
@@ -2059,71 +2086,71 @@ function Sn(e, r, c) {
2059
2086
  return v(), A;
2060
2087
  };
2061
2088
  }
2062
- function gt(e, r, c = {}) {
2089
+ function gt(e, n, c = {}) {
2063
2090
  if (!e || typeof e != "object")
2064
2091
  throw new Error("expected valid options object");
2065
- function t(l, m, g) {
2066
- const p = e[l];
2092
+ function t(u, m, g) {
2093
+ const p = e[u];
2067
2094
  if (g && p === void 0)
2068
2095
  return;
2069
2096
  const v = typeof p;
2070
2097
  if (v !== m || p === null)
2071
- throw new Error(`param "${l}" is invalid: expected ${m}, got ${v}`);
2098
+ throw new Error(`param "${u}" is invalid: expected ${m}, got ${v}`);
2072
2099
  }
2073
- Object.entries(r).forEach(([l, m]) => t(l, m, !1)), Object.entries(c).forEach(([l, m]) => t(l, m, !0));
2100
+ Object.entries(n).forEach(([u, m]) => t(u, m, !1)), Object.entries(c).forEach(([u, m]) => t(u, m, !0));
2074
2101
  }
2075
2102
  function At(e) {
2076
- const r = /* @__PURE__ */ new WeakMap();
2103
+ const n = /* @__PURE__ */ new WeakMap();
2077
2104
  return (c, ...t) => {
2078
- const l = r.get(c);
2079
- if (l !== void 0)
2080
- return l;
2105
+ const u = n.get(c);
2106
+ if (u !== void 0)
2107
+ return u;
2081
2108
  const m = e(c, ...t);
2082
- return r.set(c, m), m;
2109
+ return n.set(c, m), m;
2083
2110
  };
2084
2111
  }
2085
- const Te = BigInt(0), Be = BigInt(1), je = /* @__PURE__ */ BigInt(2), Gt = /* @__PURE__ */ BigInt(3), Wt = /* @__PURE__ */ BigInt(4), Qt = /* @__PURE__ */ BigInt(5), Tn = /* @__PURE__ */ BigInt(7), Jt = /* @__PURE__ */ BigInt(8), xn = /* @__PURE__ */ BigInt(9), Ft = /* @__PURE__ */ BigInt(16);
2086
- function qe(e, r) {
2087
- const c = e % r;
2088
- return c >= Te ? c : r + c;
2112
+ const Oe = BigInt(0), Be = BigInt(1), je = /* @__PURE__ */ BigInt(2), Gt = /* @__PURE__ */ BigInt(3), Wt = /* @__PURE__ */ BigInt(4), Qt = /* @__PURE__ */ BigInt(5), On = /* @__PURE__ */ BigInt(7), Jt = /* @__PURE__ */ BigInt(8), Tn = /* @__PURE__ */ BigInt(9), Ft = /* @__PURE__ */ BigInt(16);
2113
+ function qe(e, n) {
2114
+ const c = e % n;
2115
+ return c >= Oe ? c : n + c;
2089
2116
  }
2090
- function Re(e, r, c) {
2117
+ function xe(e, n, c) {
2091
2118
  let t = e;
2092
- for (; r-- > Te; )
2119
+ for (; n-- > Oe; )
2093
2120
  t *= t, t %= c;
2094
2121
  return t;
2095
2122
  }
2096
- function Ut(e, r) {
2097
- if (e === Te)
2123
+ function Ut(e, n) {
2124
+ if (e === Oe)
2098
2125
  throw new Error("invert: expected non-zero number");
2099
- if (r <= Te)
2100
- throw new Error("invert: expected positive modulus, got " + r);
2101
- let c = qe(e, r), t = r, l = Te, m = Be;
2102
- for (; c !== Te; ) {
2103
- const p = t / c, v = t % c, U = l - m * p;
2104
- t = c, c = v, l = m, m = U;
2126
+ if (n <= Oe)
2127
+ throw new Error("invert: expected positive modulus, got " + n);
2128
+ let c = qe(e, n), t = n, u = Oe, m = Be;
2129
+ for (; c !== Oe; ) {
2130
+ const p = t / c, v = t % c, U = u - m * p;
2131
+ t = c, c = v, u = m, m = U;
2105
2132
  }
2106
2133
  if (t !== Be)
2107
2134
  throw new Error("invert: does not exist");
2108
- return qe(l, r);
2135
+ return qe(u, n);
2109
2136
  }
2110
- function Et(e, r, c) {
2111
- if (!e.eql(e.sqr(r), c))
2137
+ function Et(e, n, c) {
2138
+ if (!e.eql(e.sqr(n), c))
2112
2139
  throw new Error("Cannot find square root");
2113
2140
  }
2114
- function $t(e, r) {
2115
- const c = (e.ORDER + Be) / Wt, t = e.pow(r, c);
2116
- return Et(e, t, r), t;
2141
+ function $t(e, n) {
2142
+ const c = (e.ORDER + Be) / Wt, t = e.pow(n, c);
2143
+ return Et(e, t, n), t;
2117
2144
  }
2118
- function On(e, r) {
2119
- const c = (e.ORDER - Qt) / Jt, t = e.mul(r, je), l = e.pow(t, c), m = e.mul(r, l), g = e.mul(e.mul(m, je), l), p = e.mul(m, e.sub(g, e.ONE));
2120
- return Et(e, p, r), p;
2145
+ function Rn(e, n) {
2146
+ const c = (e.ORDER - Qt) / Jt, t = e.mul(n, je), u = e.pow(t, c), m = e.mul(n, u), g = e.mul(e.mul(m, je), u), p = e.mul(m, e.sub(g, e.ONE));
2147
+ return Et(e, p, n), p;
2121
2148
  }
2122
- function Rn(e) {
2123
- const r = De(e), c = en(e), t = c(r, r.neg(r.ONE)), l = c(r, t), m = c(r, r.neg(t)), g = (e + Tn) / Ft;
2149
+ function xn(e) {
2150
+ const n = ze(e), c = en(e), t = c(n, n.neg(n.ONE)), u = c(n, t), m = c(n, n.neg(t)), g = (e + On) / Ft;
2124
2151
  return (p, v) => {
2125
2152
  let U = p.pow(v, g), H = p.mul(U, t);
2126
- const V = p.mul(U, l), E = p.mul(U, m), b = p.eql(p.sqr(H), v), S = p.eql(p.sqr(V), v);
2153
+ const V = p.mul(U, u), E = p.mul(U, m), b = p.eql(p.sqr(H), v), S = p.eql(p.sqr(V), v);
2127
2154
  U = p.cmov(U, H, b), H = p.cmov(E, V, S);
2128
2155
  const A = p.eql(p.sqr(H), v), M = p.cmov(U, H, A);
2129
2156
  return Et(p, M, v), M;
@@ -2132,24 +2159,24 @@ function Rn(e) {
2132
2159
  function en(e) {
2133
2160
  if (e < Gt)
2134
2161
  throw new Error("sqrt is not defined for small field");
2135
- let r = e - Be, c = 0;
2136
- for (; r % je === Te; )
2137
- r /= je, c++;
2162
+ let n = e - Be, c = 0;
2163
+ for (; n % je === Oe; )
2164
+ n /= je, c++;
2138
2165
  let t = je;
2139
- const l = De(e);
2140
- for (; Zt(l, t) === 1; )
2166
+ const u = ze(e);
2167
+ for (; Zt(u, t) === 1; )
2141
2168
  if (t++ > 1e3)
2142
2169
  throw new Error("Cannot find square root: probably non-prime P");
2143
2170
  if (c === 1)
2144
2171
  return $t;
2145
- let m = l.pow(t, r);
2146
- const g = (r + Be) / je;
2172
+ let m = u.pow(t, n);
2173
+ const g = (n + Be) / je;
2147
2174
  return function(v, U) {
2148
2175
  if (v.is0(U))
2149
2176
  return U;
2150
2177
  if (Zt(v, U) !== 1)
2151
2178
  throw new Error("Cannot find square root");
2152
- let H = c, V = v.mul(v.ONE, m), E = v.pow(U, r), b = v.pow(U, g);
2179
+ let H = c, V = v.mul(v.ONE, m), E = v.pow(U, n), b = v.pow(U, g);
2153
2180
  for (; !v.eql(E, v.ONE); ) {
2154
2181
  if (v.is0(E))
2155
2182
  return v.ZERO;
@@ -2164,7 +2191,7 @@ function en(e) {
2164
2191
  };
2165
2192
  }
2166
2193
  function qn(e) {
2167
- return e % Wt === Gt ? $t : e % Jt === Qt ? On : e % Ft === xn ? Rn(e) : en(e);
2194
+ return e % Wt === Gt ? $t : e % Jt === Qt ? Rn : e % Ft === Tn ? xn(e) : en(e);
2168
2195
  }
2169
2196
  const In = [
2170
2197
  "create",
@@ -2186,53 +2213,53 @@ const In = [
2186
2213
  "sqrN"
2187
2214
  ];
2188
2215
  function Nn(e) {
2189
- const r = {
2216
+ const n = {
2190
2217
  ORDER: "bigint",
2191
2218
  MASK: "bigint",
2192
2219
  BYTES: "number",
2193
2220
  BITS: "number"
2194
- }, c = In.reduce((t, l) => (t[l] = "function", t), r);
2221
+ }, c = In.reduce((t, u) => (t[u] = "function", t), n);
2195
2222
  return gt(e, c), e;
2196
2223
  }
2197
- function An(e, r, c) {
2198
- if (c < Te)
2224
+ function An(e, n, c) {
2225
+ if (c < Oe)
2199
2226
  throw new Error("invalid exponent, negatives unsupported");
2200
- if (c === Te)
2227
+ if (c === Oe)
2201
2228
  return e.ONE;
2202
2229
  if (c === Be)
2203
- return r;
2204
- let t = e.ONE, l = r;
2205
- for (; c > Te; )
2206
- c & Be && (t = e.mul(t, l)), l = e.sqr(l), c >>= Be;
2230
+ return n;
2231
+ let t = e.ONE, u = n;
2232
+ for (; c > Oe; )
2233
+ c & Be && (t = e.mul(t, u)), u = e.sqr(u), c >>= Be;
2207
2234
  return t;
2208
2235
  }
2209
- function tn(e, r, c = !1) {
2210
- const t = new Array(r.length).fill(c ? e.ZERO : void 0), l = r.reduce((g, p, v) => e.is0(p) ? g : (t[v] = g, e.mul(g, p)), e.ONE), m = e.inv(l);
2211
- return r.reduceRight((g, p, v) => e.is0(p) ? g : (t[v] = e.mul(g, t[v]), e.mul(g, p)), m), t;
2236
+ function tn(e, n, c = !1) {
2237
+ const t = new Array(n.length).fill(c ? e.ZERO : void 0), u = n.reduce((g, p, v) => e.is0(p) ? g : (t[v] = g, e.mul(g, p)), e.ONE), m = e.inv(u);
2238
+ return n.reduceRight((g, p, v) => e.is0(p) ? g : (t[v] = e.mul(g, t[v]), e.mul(g, p)), m), t;
2212
2239
  }
2213
- function Zt(e, r) {
2214
- const c = (e.ORDER - Be) / je, t = e.pow(r, c), l = e.eql(t, e.ONE), m = e.eql(t, e.ZERO), g = e.eql(t, e.neg(e.ONE));
2215
- if (!l && !m && !g)
2240
+ function Zt(e, n) {
2241
+ const c = (e.ORDER - Be) / je, t = e.pow(n, c), u = e.eql(t, e.ONE), m = e.eql(t, e.ZERO), g = e.eql(t, e.neg(e.ONE));
2242
+ if (!u && !m && !g)
2216
2243
  throw new Error("invalid Legendre symbol result");
2217
- return l ? 1 : m ? 0 : -1;
2244
+ return u ? 1 : m ? 0 : -1;
2218
2245
  }
2219
- function nn(e, r) {
2220
- r !== void 0 && yn(r);
2221
- const c = r !== void 0 ? r : e.toString(2).length, t = Math.ceil(c / 8);
2246
+ function nn(e, n) {
2247
+ n !== void 0 && yn(n);
2248
+ const c = n !== void 0 ? n : e.toString(2).length, t = Math.ceil(c / 8);
2222
2249
  return { nBitLength: c, nByteLength: t };
2223
2250
  }
2224
- function De(e, r, c = !1, t = {}) {
2225
- if (e <= Te)
2251
+ function ze(e, n, c = !1, t = {}) {
2252
+ if (e <= Oe)
2226
2253
  throw new Error("invalid field: expected ORDER > 0, got " + e);
2227
- let l, m, g = !1, p;
2228
- if (typeof r == "object" && r != null) {
2254
+ let u, m, g = !1, p;
2255
+ if (typeof n == "object" && n != null) {
2229
2256
  if (t.sqrt || c)
2230
2257
  throw new Error("cannot specify opts in two arguments");
2231
- const E = r;
2232
- E.BITS && (l = E.BITS), E.sqrt && (m = E.sqrt), typeof E.isLE == "boolean" && (c = E.isLE), typeof E.modFromBytes == "boolean" && (g = E.modFromBytes), p = E.allowedLengths;
2258
+ const E = n;
2259
+ E.BITS && (u = E.BITS), E.sqrt && (m = E.sqrt), typeof E.isLE == "boolean" && (c = E.isLE), typeof E.modFromBytes == "boolean" && (g = E.modFromBytes), p = E.allowedLengths;
2233
2260
  } else
2234
- typeof r == "number" && (l = r), t.sqrt && (m = t.sqrt);
2235
- const { nBitLength: v, nByteLength: U } = nn(e, l);
2261
+ typeof n == "number" && (u = n), t.sqrt && (m = t.sqrt);
2262
+ const { nBitLength: v, nByteLength: U } = nn(e, u);
2236
2263
  if (U > 2048)
2237
2264
  throw new Error("invalid field: expected ORDER of <= 2048 bytes");
2238
2265
  let H;
@@ -2241,17 +2268,17 @@ function De(e, r, c = !1, t = {}) {
2241
2268
  isLE: c,
2242
2269
  BITS: v,
2243
2270
  BYTES: U,
2244
- MASK: ze(v),
2245
- ZERO: Te,
2271
+ MASK: De(v),
2272
+ ZERO: Oe,
2246
2273
  ONE: Be,
2247
2274
  allowedLengths: p,
2248
2275
  create: (E) => qe(E, e),
2249
2276
  isValid: (E) => {
2250
2277
  if (typeof E != "bigint")
2251
2278
  throw new Error("invalid field element: expected bigint, got " + typeof E);
2252
- return Te <= E && E < e;
2279
+ return Oe <= E && E < e;
2253
2280
  },
2254
- is0: (E) => E === Te,
2281
+ is0: (E) => E === Oe,
2255
2282
  // is valid and invertible
2256
2283
  isValidNot0: (E) => !V.is0(E) && V.isValid(E),
2257
2284
  isOdd: (E) => (E & Be) === Be,
@@ -2296,58 +2323,58 @@ function De(e, r, c = !1, t = {}) {
2296
2323
  function rn(e) {
2297
2324
  if (typeof e != "bigint")
2298
2325
  throw new Error("field order must be bigint");
2299
- const r = e.toString(2).length;
2300
- return Math.ceil(r / 8);
2326
+ const n = e.toString(2).length;
2327
+ return Math.ceil(n / 8);
2301
2328
  }
2302
2329
  function on(e) {
2303
- const r = rn(e);
2304
- return r + Math.ceil(r / 2);
2330
+ const n = rn(e);
2331
+ return n + Math.ceil(n / 2);
2305
2332
  }
2306
- function Un(e, r, c = !1) {
2307
- const t = e.length, l = rn(r), m = on(r);
2333
+ function Un(e, n, c = !1) {
2334
+ const t = e.length, u = rn(n), m = on(n);
2308
2335
  if (t < 16 || t < m || t > 1024)
2309
2336
  throw new Error("expected " + m + "-1024 bytes of input, got " + t);
2310
- const g = c ? Yt(e) : et(e), p = qe(g, r - Be) + Be;
2311
- return c ? Pt(p, l) : wt(p, l);
2337
+ const g = c ? Yt(e) : et(e), p = qe(g, n - Be) + Be;
2338
+ return c ? Pt(p, u) : wt(p, u);
2312
2339
  }
2313
2340
  const ke = BigInt(0), Le = BigInt(1);
2314
- function Fe(e, r) {
2315
- const c = r.negate();
2316
- return e ? c : r;
2317
- }
2318
- function it(e, r) {
2319
- const c = tn(e.Fp, r.map((t) => t.Z));
2320
- return r.map((t, l) => e.fromAffine(t.toAffine(c[l])));
2321
- }
2322
- function sn(e, r) {
2323
- if (!Number.isSafeInteger(e) || e <= 0 || e > r)
2324
- throw new Error("invalid window size, expected [1.." + r + "], got W=" + e);
2325
- }
2326
- function ct(e, r) {
2327
- sn(e, r);
2328
- const c = Math.ceil(r / e) + 1, t = 2 ** (e - 1), l = 2 ** e, m = ze(e), g = BigInt(e);
2329
- return { windows: c, windowSize: t, mask: m, maxNumber: l, shiftBy: g };
2330
- }
2331
- function jt(e, r, c) {
2332
- const { windowSize: t, mask: l, maxNumber: m, shiftBy: g } = c;
2333
- let p = Number(e & l), v = e >> g;
2341
+ function Fe(e, n) {
2342
+ const c = n.negate();
2343
+ return e ? c : n;
2344
+ }
2345
+ function it(e, n) {
2346
+ const c = tn(e.Fp, n.map((t) => t.Z));
2347
+ return n.map((t, u) => e.fromAffine(t.toAffine(c[u])));
2348
+ }
2349
+ function sn(e, n) {
2350
+ if (!Number.isSafeInteger(e) || e <= 0 || e > n)
2351
+ throw new Error("invalid window size, expected [1.." + n + "], got W=" + e);
2352
+ }
2353
+ function ct(e, n) {
2354
+ sn(e, n);
2355
+ const c = Math.ceil(n / e) + 1, t = 2 ** (e - 1), u = 2 ** e, m = De(e), g = BigInt(e);
2356
+ return { windows: c, windowSize: t, mask: m, maxNumber: u, shiftBy: g };
2357
+ }
2358
+ function jt(e, n, c) {
2359
+ const { windowSize: t, mask: u, maxNumber: m, shiftBy: g } = c;
2360
+ let p = Number(e & u), v = e >> g;
2334
2361
  p > t && (p -= m, v += Le);
2335
- const U = r * t, H = U + Math.abs(p) - 1, V = p === 0, E = p < 0, b = r % 2 !== 0;
2362
+ const U = n * t, H = U + Math.abs(p) - 1, V = p === 0, E = p < 0, b = n % 2 !== 0;
2336
2363
  return { nextN: v, offset: H, isZero: V, isNeg: E, isNegF: b, offsetF: U };
2337
2364
  }
2338
- function Zn(e, r) {
2365
+ function Zn(e, n) {
2339
2366
  if (!Array.isArray(e))
2340
2367
  throw new Error("array expected");
2341
2368
  e.forEach((c, t) => {
2342
- if (!(c instanceof r))
2369
+ if (!(c instanceof n))
2343
2370
  throw new Error("invalid point at index " + t);
2344
2371
  });
2345
2372
  }
2346
- function jn(e, r) {
2373
+ function jn(e, n) {
2347
2374
  if (!Array.isArray(e))
2348
2375
  throw new Error("array of scalars expected");
2349
2376
  e.forEach((c, t) => {
2350
- if (!r.isValid(c))
2377
+ if (!n.isValid(c))
2351
2378
  throw new Error("invalid scalar at index " + t);
2352
2379
  });
2353
2380
  }
@@ -2361,14 +2388,14 @@ function Lt(e) {
2361
2388
  }
2362
2389
  class Ln {
2363
2390
  // Parametrized with a given Point class (not individual point)
2364
- constructor(r, c) {
2365
- this.BASE = r.BASE, this.ZERO = r.ZERO, this.Fn = r.Fn, this.bits = c;
2391
+ constructor(n, c) {
2392
+ this.BASE = n.BASE, this.ZERO = n.ZERO, this.Fn = n.Fn, this.bits = c;
2366
2393
  }
2367
2394
  // non-const time multiplication ladder
2368
- _unsafeLadder(r, c, t = this.ZERO) {
2369
- let l = r;
2395
+ _unsafeLadder(n, c, t = this.ZERO) {
2396
+ let u = n;
2370
2397
  for (; c > ke; )
2371
- c & Le && (t = t.add(l)), l = l.double(), c >>= Le;
2398
+ c & Le && (t = t.add(u)), u = u.double(), c >>= Le;
2372
2399
  return t;
2373
2400
  }
2374
2401
  /**
@@ -2383,12 +2410,12 @@ class Ln {
2383
2410
  * @param W window size
2384
2411
  * @returns precomputed point tables flattened to a single array
2385
2412
  */
2386
- precomputeWindow(r, c) {
2387
- const { windows: t, windowSize: l } = ct(c, this.bits), m = [];
2388
- let g = r, p = g;
2413
+ precomputeWindow(n, c) {
2414
+ const { windows: t, windowSize: u } = ct(c, this.bits), m = [];
2415
+ let g = n, p = g;
2389
2416
  for (let v = 0; v < t; v++) {
2390
2417
  p = g, m.push(p);
2391
- for (let U = 1; U < l; U++)
2418
+ for (let U = 1; U < u; U++)
2392
2419
  p = p.add(g), m.push(p);
2393
2420
  g = p.double();
2394
2421
  }
@@ -2400,70 +2427,70 @@ class Ln {
2400
2427
  * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
2401
2428
  * @returns real and fake (for const-time) points
2402
2429
  */
2403
- wNAF(r, c, t) {
2430
+ wNAF(n, c, t) {
2404
2431
  if (!this.Fn.isValid(t))
2405
2432
  throw new Error("invalid scalar");
2406
- let l = this.ZERO, m = this.BASE;
2407
- const g = ct(r, this.bits);
2433
+ let u = this.ZERO, m = this.BASE;
2434
+ const g = ct(n, this.bits);
2408
2435
  for (let p = 0; p < g.windows; p++) {
2409
2436
  const { nextN: v, offset: U, isZero: H, isNeg: V, isNegF: E, offsetF: b } = jt(t, p, g);
2410
- t = v, H ? m = m.add(Fe(E, c[b])) : l = l.add(Fe(V, c[U]));
2437
+ t = v, H ? m = m.add(Fe(E, c[b])) : u = u.add(Fe(V, c[U]));
2411
2438
  }
2412
- return Lt(t), { p: l, f: m };
2439
+ return Lt(t), { p: u, f: m };
2413
2440
  }
2414
2441
  /**
2415
2442
  * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
2416
2443
  * @param acc accumulator point to add result of multiplication
2417
2444
  * @returns point
2418
2445
  */
2419
- wNAFUnsafe(r, c, t, l = this.ZERO) {
2420
- const m = ct(r, this.bits);
2446
+ wNAFUnsafe(n, c, t, u = this.ZERO) {
2447
+ const m = ct(n, this.bits);
2421
2448
  for (let g = 0; g < m.windows && t !== ke; g++) {
2422
2449
  const { nextN: p, offset: v, isZero: U, isNeg: H } = jt(t, g, m);
2423
2450
  if (t = p, !U) {
2424
2451
  const V = c[v];
2425
- l = l.add(H ? V.negate() : V);
2452
+ u = u.add(H ? V.negate() : V);
2426
2453
  }
2427
2454
  }
2428
- return Lt(t), l;
2455
+ return Lt(t), u;
2429
2456
  }
2430
- getPrecomputes(r, c, t) {
2431
- let l = at.get(c);
2432
- return l || (l = this.precomputeWindow(c, r), r !== 1 && (typeof t == "function" && (l = t(l)), at.set(c, l))), l;
2457
+ getPrecomputes(n, c, t) {
2458
+ let u = at.get(c);
2459
+ return u || (u = this.precomputeWindow(c, n), n !== 1 && (typeof t == "function" && (u = t(u)), at.set(c, u))), u;
2433
2460
  }
2434
- cached(r, c, t) {
2435
- const l = ft(r);
2436
- return this.wNAF(l, this.getPrecomputes(l, r, t), c);
2461
+ cached(n, c, t) {
2462
+ const u = ft(n);
2463
+ return this.wNAF(u, this.getPrecomputes(u, n, t), c);
2437
2464
  }
2438
- unsafe(r, c, t, l) {
2439
- const m = ft(r);
2440
- return m === 1 ? this._unsafeLadder(r, c, l) : this.wNAFUnsafe(m, this.getPrecomputes(m, r, t), c, l);
2465
+ unsafe(n, c, t, u) {
2466
+ const m = ft(n);
2467
+ return m === 1 ? this._unsafeLadder(n, c, u) : this.wNAFUnsafe(m, this.getPrecomputes(m, n, t), c, u);
2441
2468
  }
2442
2469
  // We calculate precomputes for elliptic curve point multiplication
2443
2470
  // using windowed method. This specifies window size and
2444
2471
  // stores precomputed values. Usually only base point would be precomputed.
2445
- createCache(r, c) {
2446
- sn(c, this.bits), cn.set(r, c), at.delete(r);
2472
+ createCache(n, c) {
2473
+ sn(c, this.bits), cn.set(n, c), at.delete(n);
2447
2474
  }
2448
- hasCache(r) {
2449
- return ft(r) !== 1;
2475
+ hasCache(n) {
2476
+ return ft(n) !== 1;
2450
2477
  }
2451
2478
  }
2452
- function Hn(e, r, c, t) {
2453
- let l = r, m = e.ZERO, g = e.ZERO;
2479
+ function Hn(e, n, c, t) {
2480
+ let u = n, m = e.ZERO, g = e.ZERO;
2454
2481
  for (; c > ke || t > ke; )
2455
- c & Le && (m = m.add(l)), t & Le && (g = g.add(l)), l = l.double(), c >>= Le, t >>= Le;
2482
+ c & Le && (m = m.add(u)), t & Le && (g = g.add(u)), u = u.double(), c >>= Le, t >>= Le;
2456
2483
  return { p1: m, p2: g };
2457
2484
  }
2458
- function Mn(e, r, c, t) {
2459
- Zn(c, e), jn(t, r);
2460
- const l = c.length, m = t.length;
2461
- if (l !== m)
2485
+ function Mn(e, n, c, t) {
2486
+ Zn(c, e), jn(t, n);
2487
+ const u = c.length, m = t.length;
2488
+ if (u !== m)
2462
2489
  throw new Error("arrays of points and scalars must have equal length");
2463
- const g = e.ZERO, p = Xt(BigInt(l));
2490
+ const g = e.ZERO, p = Xt(BigInt(u));
2464
2491
  let v = 1;
2465
2492
  p > 12 ? v = p - 3 : p > 4 ? v = p - 2 : p > 0 && (v = 2);
2466
- const U = ze(v), H = new Array(Number(U) + 1).fill(g), V = Math.floor((r.BITS - 1) / v) * v;
2493
+ const U = De(v), H = new Array(Number(U) + 1).fill(g), V = Math.floor((n.BITS - 1) / v) * v;
2467
2494
  let E = g;
2468
2495
  for (let b = V; b >= 0; b -= v) {
2469
2496
  H.fill(g);
@@ -2480,35 +2507,35 @@ function Mn(e, r, c, t) {
2480
2507
  }
2481
2508
  return E;
2482
2509
  }
2483
- function Ht(e, r, c) {
2484
- if (r) {
2485
- if (r.ORDER !== e)
2510
+ function Ht(e, n, c) {
2511
+ if (n) {
2512
+ if (n.ORDER !== e)
2486
2513
  throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
2487
- return Nn(r), r;
2514
+ return Nn(n), n;
2488
2515
  } else
2489
- return De(e, { isLE: c });
2516
+ return ze(e, { isLE: c });
2490
2517
  }
2491
- function Vn(e, r, c = {}, t) {
2492
- if (t === void 0 && (t = e === "edwards"), !r || typeof r != "object")
2518
+ function Vn(e, n, c = {}, t) {
2519
+ if (t === void 0 && (t = e === "edwards"), !n || typeof n != "object")
2493
2520
  throw new Error(`expected valid ${e} CURVE object`);
2494
2521
  for (const v of ["p", "n", "h"]) {
2495
- const U = r[v];
2522
+ const U = n[v];
2496
2523
  if (!(typeof U == "bigint" && U > ke))
2497
2524
  throw new Error(`CURVE.${v} must be positive bigint`);
2498
2525
  }
2499
- const l = Ht(r.p, c.Fp, t), m = Ht(r.n, c.Fn, t), p = ["Gx", "Gy", "a", "b"];
2526
+ const u = Ht(n.p, c.Fp, t), m = Ht(n.n, c.Fn, t), p = ["Gx", "Gy", "a", "b"];
2500
2527
  for (const v of p)
2501
- if (!l.isValid(r[v]))
2528
+ if (!u.isValid(n[v]))
2502
2529
  throw new Error(`CURVE.${v} must be valid field element of CURVE.Fp`);
2503
- return r = Object.freeze(Object.assign({}, r)), { CURVE: r, Fp: l, Fn: m };
2530
+ return n = Object.freeze(Object.assign({}, n)), { CURVE: n, Fp: u, Fn: m };
2504
2531
  }
2505
- const Mt = (e, r) => (e + (e >= 0 ? r : -r) / an) / r;
2506
- function kn(e, r, c) {
2507
- const [[t, l], [m, g]] = r, p = Mt(g * e, c), v = Mt(-l * e, c);
2508
- let U = e - p * t - v * m, H = -p * l - v * g;
2532
+ const Mt = (e, n) => (e + (e >= 0 ? n : -n) / an) / n;
2533
+ function kn(e, n, c) {
2534
+ const [[t, u], [m, g]] = n, p = Mt(g * e, c), v = Mt(-u * e, c);
2535
+ let U = e - p * t - v * m, H = -p * u - v * g;
2509
2536
  const V = U < Ne, E = H < Ne;
2510
2537
  V && (U = -U), E && (H = -H);
2511
- const b = ze(Math.ceil(Xt(c) / 2)) + Ve;
2538
+ const b = De(Math.ceil(Xt(c) / 2)) + Ve;
2512
2539
  if (U < Ne || U >= b || H < Ne || H >= b)
2513
2540
  throw new Error("splitScalar (endomorphism): failed, k=" + e);
2514
2541
  return { k1neg: V, k1: U, k2neg: E, k2: H };
@@ -2518,15 +2545,15 @@ function dt(e) {
2518
2545
  throw new Error('Signature format must be "compact", "recovered", or "der"');
2519
2546
  return e;
2520
2547
  }
2521
- function ut(e, r) {
2548
+ function ut(e, n) {
2522
2549
  const c = {};
2523
- for (let t of Object.keys(r))
2524
- c[t] = e[t] === void 0 ? r[t] : e[t];
2550
+ for (let t of Object.keys(n))
2551
+ c[t] = e[t] === void 0 ? n[t] : e[t];
2525
2552
  return Je(c.lowS, "lowS"), Je(c.prehash, "prehash"), c.format !== void 0 && dt(c.format), c;
2526
2553
  }
2527
2554
  class Cn extends Error {
2528
- constructor(r = "") {
2529
- super(r);
2555
+ constructor(n = "") {
2556
+ super(n);
2530
2557
  }
2531
2558
  }
2532
2559
  const Ie = {
@@ -2534,37 +2561,37 @@ const Ie = {
2534
2561
  Err: Cn,
2535
2562
  // Basic building block is TLV (Tag-Length-Value)
2536
2563
  _tlv: {
2537
- encode: (e, r) => {
2564
+ encode: (e, n) => {
2538
2565
  const { Err: c } = Ie;
2539
2566
  if (e < 0 || e > 256)
2540
2567
  throw new c("tlv.encode: wrong tag");
2541
- if (r.length & 1)
2568
+ if (n.length & 1)
2542
2569
  throw new c("tlv.encode: unpadded data");
2543
- const t = r.length / 2, l = Xe(t);
2544
- if (l.length / 2 & 128)
2570
+ const t = n.length / 2, u = Xe(t);
2571
+ if (u.length / 2 & 128)
2545
2572
  throw new c("tlv.encode: long form length too big");
2546
- const m = t > 127 ? Xe(l.length / 2 | 128) : "";
2547
- return Xe(e) + m + l + r;
2573
+ const m = t > 127 ? Xe(u.length / 2 | 128) : "";
2574
+ return Xe(e) + m + u + n;
2548
2575
  },
2549
2576
  // v - value, l - left bytes (unparsed)
2550
- decode(e, r) {
2577
+ decode(e, n) {
2551
2578
  const { Err: c } = Ie;
2552
2579
  let t = 0;
2553
2580
  if (e < 0 || e > 256)
2554
2581
  throw new c("tlv.encode: wrong tag");
2555
- if (r.length < 2 || r[t++] !== e)
2582
+ if (n.length < 2 || n[t++] !== e)
2556
2583
  throw new c("tlv.decode: wrong tlv");
2557
- const l = r[t++], m = !!(l & 128);
2584
+ const u = n[t++], m = !!(u & 128);
2558
2585
  let g = 0;
2559
2586
  if (!m)
2560
- g = l;
2587
+ g = u;
2561
2588
  else {
2562
- const v = l & 127;
2589
+ const v = u & 127;
2563
2590
  if (!v)
2564
2591
  throw new c("tlv.decode(long): indefinite length not supported");
2565
2592
  if (v > 4)
2566
2593
  throw new c("tlv.decode(long): byte length is too big");
2567
- const U = r.subarray(t, t + v);
2594
+ const U = n.subarray(t, t + v);
2568
2595
  if (U.length !== v)
2569
2596
  throw new c("tlv.decode: length bytes not complete");
2570
2597
  if (U[0] === 0)
@@ -2574,10 +2601,10 @@ const Ie = {
2574
2601
  if (t += v, g < 128)
2575
2602
  throw new c("tlv.decode(long): not minimal encoding");
2576
2603
  }
2577
- const p = r.subarray(t, t + g);
2604
+ const p = n.subarray(t, t + g);
2578
2605
  if (p.length !== g)
2579
2606
  throw new c("tlv.decode: wrong value length");
2580
- return { v: p, l: r.subarray(t + g) };
2607
+ return { v: p, l: n.subarray(t + g) };
2581
2608
  }
2582
2609
  },
2583
2610
  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
@@ -2586,59 +2613,59 @@ const Ie = {
2586
2613
  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
2587
2614
  _int: {
2588
2615
  encode(e) {
2589
- const { Err: r } = Ie;
2616
+ const { Err: n } = Ie;
2590
2617
  if (e < Ne)
2591
- throw new r("integer: negative integers are not allowed");
2618
+ throw new n("integer: negative integers are not allowed");
2592
2619
  let c = Xe(e);
2593
2620
  if (Number.parseInt(c[0], 16) & 8 && (c = "00" + c), c.length & 1)
2594
- throw new r("unexpected DER parsing assertion: unpadded hex");
2621
+ throw new n("unexpected DER parsing assertion: unpadded hex");
2595
2622
  return c;
2596
2623
  },
2597
2624
  decode(e) {
2598
- const { Err: r } = Ie;
2625
+ const { Err: n } = Ie;
2599
2626
  if (e[0] & 128)
2600
- throw new r("invalid signature integer: negative");
2627
+ throw new n("invalid signature integer: negative");
2601
2628
  if (e[0] === 0 && !(e[1] & 128))
2602
- throw new r("invalid signature integer: unnecessary leading zero");
2629
+ throw new n("invalid signature integer: unnecessary leading zero");
2603
2630
  return et(e);
2604
2631
  }
2605
2632
  },
2606
2633
  toSig(e) {
2607
- const { Err: r, _int: c, _tlv: t } = Ie, l = Se("signature", e), { v: m, l: g } = t.decode(48, l);
2634
+ const { Err: n, _int: c, _tlv: t } = Ie, u = Se("signature", e), { v: m, l: g } = t.decode(48, u);
2608
2635
  if (g.length)
2609
- throw new r("invalid signature: left bytes after parsing");
2636
+ throw new n("invalid signature: left bytes after parsing");
2610
2637
  const { v: p, l: v } = t.decode(2, m), { v: U, l: H } = t.decode(2, v);
2611
2638
  if (H.length)
2612
- throw new r("invalid signature: left bytes after parsing");
2639
+ throw new n("invalid signature: left bytes after parsing");
2613
2640
  return { r: c.decode(p), s: c.decode(U) };
2614
2641
  },
2615
2642
  hexFromSig(e) {
2616
- const { _tlv: r, _int: c } = Ie, t = r.encode(2, c.encode(e.r)), l = r.encode(2, c.encode(e.s)), m = t + l;
2617
- return r.encode(48, m);
2643
+ const { _tlv: n, _int: c } = Ie, t = n.encode(2, c.encode(e.r)), u = n.encode(2, c.encode(e.s)), m = t + u;
2644
+ return n.encode(48, m);
2618
2645
  }
2619
2646
  }, Ne = BigInt(0), Ve = BigInt(1), an = BigInt(2), Ge = BigInt(3), Kn = BigInt(4);
2620
- function He(e, r) {
2647
+ function He(e, n) {
2621
2648
  const { BYTES: c } = e;
2622
2649
  let t;
2623
- if (typeof r == "bigint")
2624
- t = r;
2650
+ if (typeof n == "bigint")
2651
+ t = n;
2625
2652
  else {
2626
- let l = Se("private key", r);
2653
+ let u = Se("private key", n);
2627
2654
  try {
2628
- t = e.fromBytes(l);
2655
+ t = e.fromBytes(u);
2629
2656
  } catch {
2630
- throw new Error(`invalid private key: expected ui8a of size ${c}, got ${typeof r}`);
2657
+ throw new Error(`invalid private key: expected ui8a of size ${c}, got ${typeof n}`);
2631
2658
  }
2632
2659
  }
2633
2660
  if (!e.isValidNot0(t))
2634
2661
  throw new Error("invalid private key: out of range [1..N-1]");
2635
2662
  return t;
2636
2663
  }
2637
- function zn(e, r = {}) {
2638
- const c = Vn("weierstrass", e, r), { Fp: t, Fn: l } = c;
2664
+ function Dn(e, n = {}) {
2665
+ const c = Vn("weierstrass", e, n), { Fp: t, Fn: u } = c;
2639
2666
  let m = c.CURVE;
2640
2667
  const { h: g, n: p } = m;
2641
- gt(r, {}, {
2668
+ gt(n, {}, {
2642
2669
  allowInfinityPoint: "boolean",
2643
2670
  clearCofactor: "function",
2644
2671
  isTorsionFree: "function",
@@ -2647,27 +2674,27 @@ function zn(e, r = {}) {
2647
2674
  endo: "object",
2648
2675
  wrapPrivateKey: "boolean"
2649
2676
  });
2650
- const { endo: v } = r;
2677
+ const { endo: v } = n;
2651
2678
  if (v && (!t.is0(m.a) || typeof v.beta != "bigint" || !Array.isArray(v.basises)))
2652
2679
  throw new Error('invalid endo: expected "beta": bigint and "basises": array');
2653
- const U = un(t, l);
2680
+ const U = un(t, u);
2654
2681
  function H() {
2655
2682
  if (!t.isOdd)
2656
2683
  throw new Error("compression is not supported: Field does not have .isOdd()");
2657
2684
  }
2658
- function V(z, d, u) {
2659
- const { x: n, y: a } = d.toAffine(), i = t.toBytes(n);
2660
- if (Je(u, "isCompressed"), u) {
2685
+ function V(D, d, l) {
2686
+ const { x: r, y: a } = d.toAffine(), i = t.toBytes(r);
2687
+ if (Je(l, "isCompressed"), l) {
2661
2688
  H();
2662
2689
  const o = !t.isOdd(a);
2663
2690
  return Ae(fn(o), i);
2664
2691
  } else
2665
2692
  return Ae(Uint8Array.of(4), i, t.toBytes(a));
2666
2693
  }
2667
- function E(z) {
2668
- Ze(z, void 0, "Point");
2669
- const { publicKey: d, publicKeyUncompressed: u } = U, n = z.length, a = z[0], i = z.subarray(1);
2670
- if (n === d && (a === 2 || a === 3)) {
2694
+ function E(D) {
2695
+ Ze(D, void 0, "Point");
2696
+ const { publicKey: d, publicKeyUncompressed: l } = U, r = D.length, a = D[0], i = D.subarray(1);
2697
+ if (r === d && (a === 2 || a === 3)) {
2671
2698
  const o = t.fromBytes(i);
2672
2699
  if (!t.isValid(o))
2673
2700
  throw new Error("bad point: is not on curve, wrong x");
@@ -2682,92 +2709,92 @@ function zn(e, r = {}) {
2682
2709
  H();
2683
2710
  const s = t.isOdd(w);
2684
2711
  return (a & 1) === 1 !== s && (w = t.neg(w)), { x: o, y: w };
2685
- } else if (n === u && a === 4) {
2712
+ } else if (r === l && a === 4) {
2686
2713
  const o = t.BYTES, h = t.fromBytes(i.subarray(0, o)), w = t.fromBytes(i.subarray(o, o * 2));
2687
2714
  if (!M(h, w))
2688
2715
  throw new Error("bad point: is not on curve");
2689
2716
  return { x: h, y: w };
2690
2717
  } else
2691
- throw new Error(`bad point: got length ${n}, expected compressed=${d} or uncompressed=${u}`);
2718
+ throw new Error(`bad point: got length ${r}, expected compressed=${d} or uncompressed=${l}`);
2692
2719
  }
2693
- const b = r.toBytes || V, S = r.fromBytes || E;
2694
- function A(z) {
2695
- const d = t.sqr(z), u = t.mul(d, z);
2696
- return t.add(t.add(u, t.mul(z, m.a)), m.b);
2720
+ const b = n.toBytes || V, S = n.fromBytes || E;
2721
+ function A(D) {
2722
+ const d = t.sqr(D), l = t.mul(d, D);
2723
+ return t.add(t.add(l, t.mul(D, m.a)), m.b);
2697
2724
  }
2698
- function M(z, d) {
2699
- const u = t.sqr(d), n = A(z);
2700
- return t.eql(u, n);
2725
+ function M(D, d) {
2726
+ const l = t.sqr(d), r = A(D);
2727
+ return t.eql(l, r);
2701
2728
  }
2702
2729
  if (!M(m.Gx, m.Gy))
2703
2730
  throw new Error("bad curve params: generator point");
2704
2731
  const Q = t.mul(t.pow(m.a, Ge), Kn), F = t.mul(t.sqr(m.b), BigInt(27));
2705
2732
  if (t.is0(t.add(Q, F)))
2706
2733
  throw new Error("bad curve params: a or b");
2707
- function G(z, d, u = !1) {
2708
- if (!t.isValid(d) || u && t.is0(d))
2709
- throw new Error(`bad point coordinate ${z}`);
2734
+ function G(D, d, l = !1) {
2735
+ if (!t.isValid(d) || l && t.is0(d))
2736
+ throw new Error(`bad point coordinate ${D}`);
2710
2737
  return d;
2711
2738
  }
2712
- function se(z) {
2713
- if (!(z instanceof _))
2739
+ function se(D) {
2740
+ if (!(D instanceof _))
2714
2741
  throw new Error("ProjectivePoint expected");
2715
2742
  }
2716
- function ie(z) {
2743
+ function ie(D) {
2717
2744
  if (!v || !v.basises)
2718
2745
  throw new Error("no endo");
2719
- return kn(z, v.basises, l.ORDER);
2746
+ return kn(D, v.basises, u.ORDER);
2720
2747
  }
2721
- const j = At((z, d) => {
2722
- const { X: u, Y: n, Z: a } = z;
2748
+ const j = At((D, d) => {
2749
+ const { X: l, Y: r, Z: a } = D;
2723
2750
  if (t.eql(a, t.ONE))
2724
- return { x: u, y: n };
2725
- const i = z.is0();
2751
+ return { x: l, y: r };
2752
+ const i = D.is0();
2726
2753
  d == null && (d = i ? t.ONE : t.inv(a));
2727
- const o = t.mul(u, d), h = t.mul(n, d), w = t.mul(a, d);
2754
+ const o = t.mul(l, d), h = t.mul(r, d), w = t.mul(a, d);
2728
2755
  if (i)
2729
2756
  return { x: t.ZERO, y: t.ZERO };
2730
2757
  if (!t.eql(w, t.ONE))
2731
2758
  throw new Error("invZ was invalid");
2732
2759
  return { x: o, y: h };
2733
- }), O = At((z) => {
2734
- if (z.is0()) {
2735
- if (r.allowInfinityPoint && !t.is0(z.Y))
2760
+ }), R = At((D) => {
2761
+ if (D.is0()) {
2762
+ if (n.allowInfinityPoint && !t.is0(D.Y))
2736
2763
  return;
2737
2764
  throw new Error("bad point: ZERO");
2738
2765
  }
2739
- const { x: d, y: u } = z.toAffine();
2740
- if (!t.isValid(d) || !t.isValid(u))
2766
+ const { x: d, y: l } = D.toAffine();
2767
+ if (!t.isValid(d) || !t.isValid(l))
2741
2768
  throw new Error("bad point: x or y not field elements");
2742
- if (!M(d, u))
2769
+ if (!M(d, l))
2743
2770
  throw new Error("bad point: equation left != right");
2744
- if (!z.isTorsionFree())
2771
+ if (!D.isTorsionFree())
2745
2772
  throw new Error("bad point: not in prime-order subgroup");
2746
2773
  return !0;
2747
2774
  });
2748
- function L(z, d, u, n, a) {
2749
- return u = new _(t.mul(u.X, z), u.Y, u.Z), d = Fe(n, d), u = Fe(a, u), d.add(u);
2775
+ function L(D, d, l, r, a) {
2776
+ return l = new _(t.mul(l.X, D), l.Y, l.Z), d = Fe(r, d), l = Fe(a, l), d.add(l);
2750
2777
  }
2751
2778
  class _ {
2752
2779
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
2753
- constructor(d, u, n) {
2754
- this.X = G("x", d), this.Y = G("y", u, !0), this.Z = G("z", n), Object.freeze(this);
2780
+ constructor(d, l, r) {
2781
+ this.X = G("x", d), this.Y = G("y", l, !0), this.Z = G("z", r), Object.freeze(this);
2755
2782
  }
2756
2783
  static CURVE() {
2757
2784
  return m;
2758
2785
  }
2759
2786
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
2760
2787
  static fromAffine(d) {
2761
- const { x: u, y: n } = d || {};
2762
- if (!d || !t.isValid(u) || !t.isValid(n))
2788
+ const { x: l, y: r } = d || {};
2789
+ if (!d || !t.isValid(l) || !t.isValid(r))
2763
2790
  throw new Error("invalid affine point");
2764
2791
  if (d instanceof _)
2765
2792
  throw new Error("projective point not allowed");
2766
- return t.is0(u) && t.is0(n) ? _.ZERO : new _(u, n, t.ONE);
2793
+ return t.is0(l) && t.is0(r) ? _.ZERO : new _(l, r, t.ONE);
2767
2794
  }
2768
2795
  static fromBytes(d) {
2769
- const u = _.fromAffine(S(Ze(d, void 0, "point")));
2770
- return u.assertValidity(), u;
2796
+ const l = _.fromAffine(S(Ze(d, void 0, "point")));
2797
+ return l.assertValidity(), l;
2771
2798
  }
2772
2799
  static fromHex(d) {
2773
2800
  return _.fromBytes(Se("pointHex", d));
@@ -2784,13 +2811,13 @@ function zn(e, r = {}) {
2784
2811
  * @param isLazy true will defer table computation until the first multiplication
2785
2812
  * @returns
2786
2813
  */
2787
- precompute(d = 8, u = !0) {
2788
- return W.createCache(this, d), u || this.multiply(Ge), this;
2814
+ precompute(d = 8, l = !0) {
2815
+ return W.createCache(this, d), l || this.multiply(Ge), this;
2789
2816
  }
2790
2817
  // TODO: return `this`
2791
2818
  /** A point on curve is valid if it conforms to equation. */
2792
2819
  assertValidity() {
2793
- O(this);
2820
+ R(this);
2794
2821
  }
2795
2822
  hasEvenY() {
2796
2823
  const { y: d } = this.toAffine();
@@ -2801,7 +2828,7 @@ function zn(e, r = {}) {
2801
2828
  /** Compare one point to another. */
2802
2829
  equals(d) {
2803
2830
  se(d);
2804
- const { X: u, Y: n, Z: a } = this, { X: i, Y: o, Z: h } = d, w = t.eql(t.mul(u, h), t.mul(i, a)), s = t.eql(t.mul(n, h), t.mul(o, a));
2831
+ const { X: l, Y: r, Z: a } = this, { X: i, Y: o, Z: h } = d, w = t.eql(t.mul(l, h), t.mul(i, a)), s = t.eql(t.mul(r, h), t.mul(o, a));
2805
2832
  return w && s;
2806
2833
  }
2807
2834
  /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
@@ -2813,9 +2840,9 @@ function zn(e, r = {}) {
2813
2840
  // https://eprint.iacr.org/2015/1060, algorithm 3
2814
2841
  // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
2815
2842
  double() {
2816
- const { a: d, b: u } = m, n = t.mul(u, Ge), { X: a, Y: i, Z: o } = this;
2817
- let h = t.ZERO, w = t.ZERO, s = t.ZERO, f = t.mul(a, a), y = t.mul(i, i), B = t.mul(o, o), T = t.mul(a, i);
2818
- return T = t.add(T, T), s = t.mul(a, o), s = t.add(s, s), h = t.mul(d, s), w = t.mul(n, B), w = t.add(h, w), h = t.sub(y, w), w = t.add(y, w), w = t.mul(h, w), h = t.mul(T, h), s = t.mul(n, s), B = t.mul(d, B), T = t.sub(f, B), T = t.mul(d, T), T = t.add(T, s), s = t.add(f, f), f = t.add(s, f), f = t.add(f, B), f = t.mul(f, T), w = t.add(w, f), B = t.mul(i, o), B = t.add(B, B), f = t.mul(B, T), h = t.sub(h, f), s = t.mul(B, y), s = t.add(s, s), s = t.add(s, s), new _(h, w, s);
2843
+ const { a: d, b: l } = m, r = t.mul(l, Ge), { X: a, Y: i, Z: o } = this;
2844
+ let h = t.ZERO, w = t.ZERO, s = t.ZERO, f = t.mul(a, a), y = t.mul(i, i), B = t.mul(o, o), O = t.mul(a, i);
2845
+ return O = t.add(O, O), s = t.mul(a, o), s = t.add(s, s), h = t.mul(d, s), w = t.mul(r, B), w = t.add(h, w), h = t.sub(y, w), w = t.add(y, w), w = t.mul(h, w), h = t.mul(O, h), s = t.mul(r, s), B = t.mul(d, B), O = t.sub(f, B), O = t.mul(d, O), O = t.add(O, s), s = t.add(f, f), f = t.add(s, f), f = t.add(f, B), f = t.mul(f, O), w = t.add(w, f), B = t.mul(i, o), B = t.add(B, B), f = t.mul(B, O), h = t.sub(h, f), s = t.mul(B, y), s = t.add(s, s), s = t.add(s, s), new _(h, w, s);
2819
2846
  }
2820
2847
  // Renes-Costello-Batina exception-free addition formula.
2821
2848
  // There is 30% faster Jacobian formula, but it is not complete.
@@ -2823,13 +2850,13 @@ function zn(e, r = {}) {
2823
2850
  // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
2824
2851
  add(d) {
2825
2852
  se(d);
2826
- const { X: u, Y: n, Z: a } = this, { X: i, Y: o, Z: h } = d;
2853
+ const { X: l, Y: r, Z: a } = this, { X: i, Y: o, Z: h } = d;
2827
2854
  let w = t.ZERO, s = t.ZERO, f = t.ZERO;
2828
2855
  const y = m.a, B = t.mul(m.b, Ge);
2829
- let T = t.mul(u, i), k = t.mul(n, o), Y = t.mul(a, h), I = t.add(u, n), q = t.add(i, o);
2830
- I = t.mul(I, q), q = t.add(T, k), I = t.sub(I, q), q = t.add(u, a);
2856
+ let O = t.mul(l, i), k = t.mul(r, o), Y = t.mul(a, h), I = t.add(l, r), q = t.add(i, o);
2857
+ I = t.mul(I, q), q = t.add(O, k), I = t.sub(I, q), q = t.add(l, a);
2831
2858
  let C = t.add(i, h);
2832
- return q = t.mul(q, C), C = t.add(T, Y), q = t.sub(q, C), C = t.add(n, a), w = t.add(o, h), C = t.mul(C, w), w = t.add(k, Y), C = t.sub(C, w), f = t.mul(y, q), w = t.mul(B, Y), f = t.add(w, f), w = t.sub(k, f), f = t.add(k, f), s = t.mul(w, f), k = t.add(T, T), k = t.add(k, T), Y = t.mul(y, Y), q = t.mul(B, q), k = t.add(k, Y), Y = t.sub(T, Y), Y = t.mul(y, Y), q = t.add(q, Y), T = t.mul(k, q), s = t.add(s, T), T = t.mul(C, q), w = t.mul(I, w), w = t.sub(w, T), T = t.mul(I, k), f = t.mul(C, f), f = t.add(f, T), new _(w, s, f);
2859
+ return q = t.mul(q, C), C = t.add(O, Y), q = t.sub(q, C), C = t.add(r, a), w = t.add(o, h), C = t.mul(C, w), w = t.add(k, Y), C = t.sub(C, w), f = t.mul(y, q), w = t.mul(B, Y), f = t.add(w, f), w = t.sub(k, f), f = t.add(k, f), s = t.mul(w, f), k = t.add(O, O), k = t.add(k, O), Y = t.mul(y, Y), q = t.mul(B, q), k = t.add(k, Y), Y = t.sub(O, Y), Y = t.mul(y, Y), q = t.add(q, Y), O = t.mul(k, q), s = t.add(s, O), O = t.mul(C, q), w = t.mul(I, w), w = t.sub(w, O), O = t.mul(I, k), f = t.mul(C, f), f = t.add(f, O), new _(w, s, f);
2833
2860
  }
2834
2861
  subtract(d) {
2835
2862
  return this.add(d.negate());
@@ -2847,19 +2874,19 @@ function zn(e, r = {}) {
2847
2874
  * @returns New point
2848
2875
  */
2849
2876
  multiply(d) {
2850
- const { endo: u } = r;
2851
- if (!l.isValidNot0(d))
2877
+ const { endo: l } = n;
2878
+ if (!u.isValidNot0(d))
2852
2879
  throw new Error("invalid scalar: out of range");
2853
- let n, a;
2880
+ let r, a;
2854
2881
  const i = (o) => W.cached(this, o, (h) => it(_, h));
2855
- if (u) {
2856
- const { k1neg: o, k1: h, k2neg: w, k2: s } = ie(d), { p: f, f: y } = i(h), { p: B, f: T } = i(s);
2857
- a = y.add(T), n = L(u.beta, f, B, o, w);
2882
+ if (l) {
2883
+ const { k1neg: o, k1: h, k2neg: w, k2: s } = ie(d), { p: f, f: y } = i(h), { p: B, f: O } = i(s);
2884
+ a = y.add(O), r = L(l.beta, f, B, o, w);
2858
2885
  } else {
2859
2886
  const { p: o, f: h } = i(d);
2860
- n = o, a = h;
2887
+ r = o, a = h;
2861
2888
  }
2862
- return it(_, [n, a])[0];
2889
+ return it(_, [r, a])[0];
2863
2890
  }
2864
2891
  /**
2865
2892
  * Non-constant-time multiplication. Uses double-and-add algorithm.
@@ -2867,23 +2894,23 @@ function zn(e, r = {}) {
2867
2894
  * an exposed secret key e.g. sig verification, which works over *public* keys.
2868
2895
  */
2869
2896
  multiplyUnsafe(d) {
2870
- const { endo: u } = r, n = this;
2871
- if (!l.isValid(d))
2897
+ const { endo: l } = n, r = this;
2898
+ if (!u.isValid(d))
2872
2899
  throw new Error("invalid scalar: out of range");
2873
- if (d === Ne || n.is0())
2900
+ if (d === Ne || r.is0())
2874
2901
  return _.ZERO;
2875
2902
  if (d === Ve)
2876
- return n;
2903
+ return r;
2877
2904
  if (W.hasCache(this))
2878
2905
  return this.multiply(d);
2879
- if (u) {
2880
- const { k1neg: a, k1: i, k2neg: o, k2: h } = ie(d), { p1: w, p2: s } = Hn(_, n, i, h);
2881
- return L(u.beta, w, s, a, o);
2906
+ if (l) {
2907
+ const { k1neg: a, k1: i, k2neg: o, k2: h } = ie(d), { p1: w, p2: s } = Hn(_, r, i, h);
2908
+ return L(l.beta, w, s, a, o);
2882
2909
  } else
2883
- return W.unsafe(n, d);
2910
+ return W.unsafe(r, d);
2884
2911
  }
2885
- multiplyAndAddUnsafe(d, u, n) {
2886
- const a = this.multiplyUnsafe(u).add(d.multiplyUnsafe(n));
2912
+ multiplyAndAddUnsafe(d, l, r) {
2913
+ const a = this.multiplyUnsafe(l).add(d.multiplyUnsafe(r));
2887
2914
  return a.is0() ? void 0 : a;
2888
2915
  }
2889
2916
  /**
@@ -2898,11 +2925,11 @@ function zn(e, r = {}) {
2898
2925
  * Always torsion-free for cofactor=1 curves.
2899
2926
  */
2900
2927
  isTorsionFree() {
2901
- const { isTorsionFree: d } = r;
2928
+ const { isTorsionFree: d } = n;
2902
2929
  return g === Ve ? !0 : d ? d(_, this) : W.unsafe(this, p).is0();
2903
2930
  }
2904
2931
  clearCofactor() {
2905
- const { clearCofactor: d } = r;
2932
+ const { clearCofactor: d } = n;
2906
2933
  return g === Ve ? this : d ? d(_, this) : this.multiplyUnsafe(g);
2907
2934
  }
2908
2935
  isSmallOrder() {
@@ -2936,31 +2963,31 @@ function zn(e, r = {}) {
2936
2963
  static normalizeZ(d) {
2937
2964
  return it(_, d);
2938
2965
  }
2939
- static msm(d, u) {
2940
- return Mn(_, l, d, u);
2966
+ static msm(d, l) {
2967
+ return Mn(_, u, d, l);
2941
2968
  }
2942
2969
  static fromPrivateKey(d) {
2943
- return _.BASE.multiply(He(l, d));
2970
+ return _.BASE.multiply(He(u, d));
2944
2971
  }
2945
2972
  }
2946
- _.BASE = new _(m.Gx, m.Gy, t.ONE), _.ZERO = new _(t.ZERO, t.ONE, t.ZERO), _.Fp = t, _.Fn = l;
2947
- const K = l.BITS, W = new Ln(_, r.endo ? Math.ceil(K / 2) : K);
2973
+ _.BASE = new _(m.Gx, m.Gy, t.ONE), _.ZERO = new _(t.ZERO, t.ONE, t.ZERO), _.Fp = t, _.Fn = u;
2974
+ const K = u.BITS, W = new Ln(_, n.endo ? Math.ceil(K / 2) : K);
2948
2975
  return _.BASE.precompute(8), _;
2949
2976
  }
2950
2977
  function fn(e) {
2951
2978
  return Uint8Array.of(e ? 2 : 3);
2952
2979
  }
2953
- function un(e, r) {
2980
+ function un(e, n) {
2954
2981
  return {
2955
- secretKey: r.BYTES,
2982
+ secretKey: n.BYTES,
2956
2983
  publicKey: 1 + e.BYTES,
2957
2984
  publicKeyUncompressed: 1 + 2 * e.BYTES,
2958
2985
  publicKeyHasPrefix: !0,
2959
- signature: 2 * r.BYTES
2986
+ signature: 2 * n.BYTES
2960
2987
  };
2961
2988
  }
2962
- function Dn(e, r = {}) {
2963
- const { Fn: c } = e, t = r.randomBytes || kt, l = Object.assign(un(e.Fp, c), { seed: on(c.ORDER) });
2989
+ function zn(e, n = {}) {
2990
+ const { Fn: c } = e, t = n.randomBytes || kt, u = Object.assign(un(e.Fp, c), { seed: on(c.ORDER) });
2964
2991
  function m(b) {
2965
2992
  try {
2966
2993
  return !!He(c, b);
@@ -2969,7 +2996,7 @@ function Dn(e, r = {}) {
2969
2996
  }
2970
2997
  }
2971
2998
  function g(b, S) {
2972
- const { publicKey: A, publicKeyUncompressed: M } = l;
2999
+ const { publicKey: A, publicKeyUncompressed: M } = u;
2973
3000
  try {
2974
3001
  const Q = b.length;
2975
3002
  return S === !0 && Q !== A || S === !1 && Q !== M ? !1 : !!e.fromBytes(b);
@@ -2977,8 +3004,8 @@ function Dn(e, r = {}) {
2977
3004
  return !1;
2978
3005
  }
2979
3006
  }
2980
- function p(b = t(l.seed)) {
2981
- return Un(Ze(b, l.seed, "seed"), c.ORDER);
3007
+ function p(b = t(u.seed)) {
3008
+ return Un(Ze(b, u.seed, "seed"), c.ORDER);
2982
3009
  }
2983
3010
  function v(b, S = !0) {
2984
3011
  return e.BASE.multiply(He(c, b)).toBytes(S);
@@ -2992,7 +3019,7 @@ function Dn(e, r = {}) {
2992
3019
  return !1;
2993
3020
  if (b instanceof e)
2994
3021
  return !0;
2995
- const { secretKey: S, publicKey: A, publicKeyUncompressed: M } = l;
3022
+ const { secretKey: S, publicKey: A, publicKeyUncompressed: M } = u;
2996
3023
  if (c.allowedLengths || S === A)
2997
3024
  return;
2998
3025
  const Q = Se("key", b).length;
@@ -3017,59 +3044,59 @@ function Dn(e, r = {}) {
3017
3044
  precompute(b = 8, S = e.BASE) {
3018
3045
  return S.precompute(b, !1);
3019
3046
  }
3020
- }, lengths: l });
3047
+ }, lengths: u });
3021
3048
  }
3022
- function Yn(e, r, c = {}) {
3023
- mn(r), gt(c, {}, {
3049
+ function Yn(e, n, c = {}) {
3050
+ mn(n), gt(c, {}, {
3024
3051
  hmac: "function",
3025
3052
  lowS: "boolean",
3026
3053
  randomBytes: "function",
3027
3054
  bits2int: "function",
3028
3055
  bits2int_modN: "function"
3029
3056
  });
3030
- const t = c.randomBytes || kt, l = c.hmac || ((u, ...n) => bn(r, u, Ae(...n))), { Fp: m, Fn: g } = e, { ORDER: p, BITS: v } = g, { keygen: U, getPublicKey: H, getSharedSecret: V, utils: E, lengths: b } = Dn(e, c), S = {
3057
+ const t = c.randomBytes || kt, u = c.hmac || ((l, ...r) => bn(n, l, Ae(...r))), { Fp: m, Fn: g } = e, { ORDER: p, BITS: v } = g, { keygen: U, getPublicKey: H, getSharedSecret: V, utils: E, lengths: b } = zn(e, c), S = {
3031
3058
  prehash: !1,
3032
3059
  lowS: typeof c.lowS == "boolean" ? c.lowS : !1,
3033
3060
  format: void 0,
3034
3061
  //'compact' as ECDSASigFormat,
3035
3062
  extraEntropy: !1
3036
3063
  }, A = "compact";
3037
- function M(u) {
3038
- const n = p >> Ve;
3039
- return u > n;
3064
+ function M(l) {
3065
+ const r = p >> Ve;
3066
+ return l > r;
3040
3067
  }
3041
- function Q(u, n) {
3042
- if (!g.isValidNot0(n))
3043
- throw new Error(`invalid signature ${u}: out of range 1..Point.Fn.ORDER`);
3044
- return n;
3068
+ function Q(l, r) {
3069
+ if (!g.isValidNot0(r))
3070
+ throw new Error(`invalid signature ${l}: out of range 1..Point.Fn.ORDER`);
3071
+ return r;
3045
3072
  }
3046
- function F(u, n) {
3047
- dt(n);
3048
- const a = b.signature, i = n === "compact" ? a : n === "recovered" ? a + 1 : void 0;
3049
- return Ze(u, i, `${n} signature`);
3073
+ function F(l, r) {
3074
+ dt(r);
3075
+ const a = b.signature, i = r === "compact" ? a : r === "recovered" ? a + 1 : void 0;
3076
+ return Ze(l, i, `${r} signature`);
3050
3077
  }
3051
3078
  class G {
3052
- constructor(n, a, i) {
3053
- this.r = Q("r", n), this.s = Q("s", a), i != null && (this.recovery = i), Object.freeze(this);
3079
+ constructor(r, a, i) {
3080
+ this.r = Q("r", r), this.s = Q("s", a), i != null && (this.recovery = i), Object.freeze(this);
3054
3081
  }
3055
- static fromBytes(n, a = A) {
3056
- F(n, a);
3082
+ static fromBytes(r, a = A) {
3083
+ F(r, a);
3057
3084
  let i;
3058
3085
  if (a === "der") {
3059
- const { r: s, s: f } = Ie.toSig(Ze(n));
3086
+ const { r: s, s: f } = Ie.toSig(Ze(r));
3060
3087
  return new G(s, f);
3061
3088
  }
3062
- a === "recovered" && (i = n[0], a = "compact", n = n.subarray(1));
3063
- const o = g.BYTES, h = n.subarray(0, o), w = n.subarray(o, o * 2);
3089
+ a === "recovered" && (i = r[0], a = "compact", r = r.subarray(1));
3090
+ const o = g.BYTES, h = r.subarray(0, o), w = r.subarray(o, o * 2);
3064
3091
  return new G(g.fromBytes(h), g.fromBytes(w), i);
3065
3092
  }
3066
- static fromHex(n, a) {
3067
- return this.fromBytes(Qe(n), a);
3093
+ static fromHex(r, a) {
3094
+ return this.fromBytes(Qe(r), a);
3068
3095
  }
3069
- addRecoveryBit(n) {
3070
- return new G(this.r, this.s, n);
3096
+ addRecoveryBit(r) {
3097
+ return new G(this.r, this.s, r);
3071
3098
  }
3072
- recoverPublicKey(n) {
3099
+ recoverPublicKey(r) {
3073
3100
  const a = m.ORDER, { r: i, s: o, recovery: h } = this;
3074
3101
  if (h == null || ![0, 1, 2, 3].includes(h))
3075
3102
  throw new Error("recovery id invalid");
@@ -3078,7 +3105,7 @@ function Yn(e, r, c = {}) {
3078
3105
  const s = h === 2 || h === 3 ? i + p : i;
3079
3106
  if (!m.isValid(s))
3080
3107
  throw new Error("recovery id 2 or 3 invalid");
3081
- const f = m.toBytes(s), y = e.fromBytes(Ae(fn((h & 1) === 0), f)), B = g.inv(s), T = ie(Se("msgHash", n)), k = g.create(-T * B), Y = g.create(o * B), I = e.BASE.multiplyUnsafe(k).add(y.multiplyUnsafe(Y));
3108
+ const f = m.toBytes(s), y = e.fromBytes(Ae(fn((h & 1) === 0), f)), B = g.inv(s), O = ie(Se("msgHash", r)), k = g.create(-O * B), Y = g.create(o * B), I = e.BASE.multiplyUnsafe(k).add(y.multiplyUnsafe(Y));
3082
3109
  if (I.is0())
3083
3110
  throw new Error("point at infinify");
3084
3111
  return I.assertValidity(), I;
@@ -3087,28 +3114,28 @@ function Yn(e, r, c = {}) {
3087
3114
  hasHighS() {
3088
3115
  return M(this.s);
3089
3116
  }
3090
- toBytes(n = A) {
3091
- if (dt(n), n === "der")
3117
+ toBytes(r = A) {
3118
+ if (dt(r), r === "der")
3092
3119
  return Qe(Ie.hexFromSig(this));
3093
3120
  const a = g.toBytes(this.r), i = g.toBytes(this.s);
3094
- if (n === "recovered") {
3121
+ if (r === "recovered") {
3095
3122
  if (this.recovery == null)
3096
3123
  throw new Error("recovery bit must be present");
3097
3124
  return Ae(Uint8Array.of(this.recovery), a, i);
3098
3125
  }
3099
3126
  return Ae(a, i);
3100
3127
  }
3101
- toHex(n) {
3102
- return Me(this.toBytes(n));
3128
+ toHex(r) {
3129
+ return Me(this.toBytes(r));
3103
3130
  }
3104
3131
  // TODO: remove
3105
3132
  assertValidity() {
3106
3133
  }
3107
- static fromCompact(n) {
3108
- return G.fromBytes(Se("sig", n), "compact");
3134
+ static fromCompact(r) {
3135
+ return G.fromBytes(Se("sig", r), "compact");
3109
3136
  }
3110
- static fromDER(n) {
3111
- return G.fromBytes(Se("sig", n), "der");
3137
+ static fromDER(r) {
3138
+ return G.fromBytes(Se("sig", r), "der");
3112
3139
  }
3113
3140
  normalizeS() {
3114
3141
  return this.hasHighS() ? new G(this.r, g.neg(this.s), this.recovery) : this;
@@ -3126,32 +3153,32 @@ function Yn(e, r, c = {}) {
3126
3153
  return Me(this.toBytes("compact"));
3127
3154
  }
3128
3155
  }
3129
- const se = c.bits2int || function(n) {
3130
- if (n.length > 8192)
3156
+ const se = c.bits2int || function(r) {
3157
+ if (r.length > 8192)
3131
3158
  throw new Error("input is too large");
3132
- const a = et(n), i = n.length * 8 - v;
3159
+ const a = et(r), i = r.length * 8 - v;
3133
3160
  return i > 0 ? a >> BigInt(i) : a;
3134
- }, ie = c.bits2int_modN || function(n) {
3135
- return g.create(se(n));
3136
- }, j = ze(v);
3137
- function O(u) {
3138
- return _n("num < 2^" + v, u, Ne, j), g.toBytes(u);
3161
+ }, ie = c.bits2int_modN || function(r) {
3162
+ return g.create(se(r));
3163
+ }, j = De(v);
3164
+ function R(l) {
3165
+ return _n("num < 2^" + v, l, Ne, j), g.toBytes(l);
3139
3166
  }
3140
- function L(u, n) {
3141
- return Ze(u, void 0, "message"), n ? Ze(r(u), void 0, "prehashed message") : u;
3167
+ function L(l, r) {
3168
+ return Ze(l, void 0, "message"), r ? Ze(n(l), void 0, "prehashed message") : l;
3142
3169
  }
3143
- function _(u, n, a) {
3170
+ function _(l, r, a) {
3144
3171
  if (["recovered", "canonical"].some((k) => k in a))
3145
3172
  throw new Error("sign() legacy options not supported");
3146
3173
  const { lowS: i, prehash: o, extraEntropy: h } = ut(a, S);
3147
- u = L(u, o);
3148
- const w = ie(u), s = He(g, n), f = [O(s), O(w)];
3174
+ l = L(l, o);
3175
+ const w = ie(l), s = He(g, r), f = [R(s), R(w)];
3149
3176
  if (h != null && h !== !1) {
3150
3177
  const k = h === !0 ? t(b.secretKey) : h;
3151
3178
  f.push(Se("extraEntropy", k));
3152
3179
  }
3153
3180
  const y = Ae(...f), B = w;
3154
- function T(k) {
3181
+ function O(k) {
3155
3182
  const Y = se(k);
3156
3183
  if (!g.isValidNot0(Y))
3157
3184
  return;
@@ -3161,59 +3188,59 @@ function Yn(e, r, c = {}) {
3161
3188
  const te = g.create(I * g.create(B + C * s));
3162
3189
  if (te === Ne)
3163
3190
  return;
3164
- let $ = (q.x === C ? 0 : 2) | Number(q.y & Ve), x = te;
3165
- return i && M(te) && (x = g.neg(te), $ ^= 1), new G(C, x, $);
3191
+ let $ = (q.x === C ? 0 : 2) | Number(q.y & Ve), T = te;
3192
+ return i && M(te) && (T = g.neg(te), $ ^= 1), new G(C, T, $);
3166
3193
  }
3167
- return { seed: y, k2sig: T };
3194
+ return { seed: y, k2sig: O };
3168
3195
  }
3169
- function K(u, n, a = {}) {
3170
- u = Se("message", u);
3171
- const { seed: i, k2sig: o } = _(u, n, a);
3172
- return Sn(r.outputLen, g.BYTES, l)(i, o);
3196
+ function K(l, r, a = {}) {
3197
+ l = Se("message", l);
3198
+ const { seed: i, k2sig: o } = _(l, r, a);
3199
+ return Sn(n.outputLen, g.BYTES, u)(i, o);
3173
3200
  }
3174
- function W(u) {
3175
- let n;
3176
- const a = typeof u == "string" || yt(u), i = !a && u !== null && typeof u == "object" && typeof u.r == "bigint" && typeof u.s == "bigint";
3201
+ function W(l) {
3202
+ let r;
3203
+ const a = typeof l == "string" || yt(l), i = !a && l !== null && typeof l == "object" && typeof l.r == "bigint" && typeof l.s == "bigint";
3177
3204
  if (!a && !i)
3178
3205
  throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
3179
3206
  if (i)
3180
- n = new G(u.r, u.s);
3207
+ r = new G(l.r, l.s);
3181
3208
  else if (a) {
3182
3209
  try {
3183
- n = G.fromBytes(Se("sig", u), "der");
3210
+ r = G.fromBytes(Se("sig", l), "der");
3184
3211
  } catch (o) {
3185
3212
  if (!(o instanceof Ie.Err))
3186
3213
  throw o;
3187
3214
  }
3188
- if (!n)
3215
+ if (!r)
3189
3216
  try {
3190
- n = G.fromBytes(Se("sig", u), "compact");
3217
+ r = G.fromBytes(Se("sig", l), "compact");
3191
3218
  } catch {
3192
3219
  return !1;
3193
3220
  }
3194
3221
  }
3195
- return n || !1;
3222
+ return r || !1;
3196
3223
  }
3197
- function z(u, n, a, i = {}) {
3224
+ function D(l, r, a, i = {}) {
3198
3225
  const { lowS: o, prehash: h, format: w } = ut(i, S);
3199
- if (a = Se("publicKey", a), n = L(Se("message", n), h), "strict" in i)
3226
+ if (a = Se("publicKey", a), r = L(Se("message", r), h), "strict" in i)
3200
3227
  throw new Error("options.strict was renamed to lowS");
3201
- const s = w === void 0 ? W(u) : G.fromBytes(Se("sig", u), w);
3228
+ const s = w === void 0 ? W(l) : G.fromBytes(Se("sig", l), w);
3202
3229
  if (s === !1)
3203
3230
  return !1;
3204
3231
  try {
3205
3232
  const f = e.fromBytes(a);
3206
3233
  if (o && s.hasHighS())
3207
3234
  return !1;
3208
- const { r: y, s: B } = s, T = ie(n), k = g.inv(B), Y = g.create(T * k), I = g.create(y * k), q = e.BASE.multiplyUnsafe(Y).add(f.multiplyUnsafe(I));
3235
+ const { r: y, s: B } = s, O = ie(r), k = g.inv(B), Y = g.create(O * k), I = g.create(y * k), q = e.BASE.multiplyUnsafe(Y).add(f.multiplyUnsafe(I));
3209
3236
  return q.is0() ? !1 : g.create(q.x) === y;
3210
3237
  } catch {
3211
3238
  return !1;
3212
3239
  }
3213
3240
  }
3214
- function d(u, n, a = {}) {
3241
+ function d(l, r, a = {}) {
3215
3242
  const { prehash: i } = ut(a, S);
3216
- return n = L(n, i), G.fromBytes(u, "recovered").recoverPublicKey(n).toBytes();
3243
+ return r = L(r, i), G.fromBytes(l, "recovered").recoverPublicKey(r).toBytes();
3217
3244
  }
3218
3245
  return Object.freeze({
3219
3246
  keygen: U,
@@ -3223,14 +3250,14 @@ function Yn(e, r, c = {}) {
3223
3250
  lengths: b,
3224
3251
  Point: e,
3225
3252
  sign: K,
3226
- verify: z,
3253
+ verify: D,
3227
3254
  recoverPublicKey: d,
3228
3255
  Signature: G,
3229
- hash: r
3256
+ hash: n
3230
3257
  });
3231
3258
  }
3232
3259
  function Pn(e) {
3233
- const r = {
3260
+ const n = {
3234
3261
  a: e.a,
3235
3262
  b: e.b,
3236
3263
  p: e.Fp.ORDER,
@@ -3240,13 +3267,13 @@ function Pn(e) {
3240
3267
  Gy: e.Gy
3241
3268
  }, c = e.Fp;
3242
3269
  let t = e.allowedPrivateKeyLengths ? Array.from(new Set(e.allowedPrivateKeyLengths.map((g) => Math.ceil(g / 2)))) : void 0;
3243
- const l = De(r.n, {
3270
+ const u = ze(n.n, {
3244
3271
  BITS: e.nBitLength,
3245
3272
  allowedLengths: t,
3246
3273
  modFromBytes: e.wrapPrivateKey
3247
3274
  }), m = {
3248
3275
  Fp: c,
3249
- Fn: l,
3276
+ Fn: u,
3250
3277
  allowInfinityPoint: e.allowInfinityPoint,
3251
3278
  endo: e.endo,
3252
3279
  isTorsionFree: e.isTorsionFree,
@@ -3254,32 +3281,32 @@ function Pn(e) {
3254
3281
  fromBytes: e.fromBytes,
3255
3282
  toBytes: e.toBytes
3256
3283
  };
3257
- return { CURVE: r, curveOpts: m };
3284
+ return { CURVE: n, curveOpts: m };
3258
3285
  }
3259
3286
  function Xn(e) {
3260
- const { CURVE: r, curveOpts: c } = Pn(e), t = {
3287
+ const { CURVE: n, curveOpts: c } = Pn(e), t = {
3261
3288
  hmac: e.hmac,
3262
3289
  randomBytes: e.randomBytes,
3263
3290
  lowS: e.lowS,
3264
3291
  bits2int: e.bits2int,
3265
3292
  bits2int_modN: e.bits2int_modN
3266
3293
  };
3267
- return { CURVE: r, curveOpts: c, hash: e.hash, ecdsaOpts: t };
3294
+ return { CURVE: n, curveOpts: c, hash: e.hash, ecdsaOpts: t };
3268
3295
  }
3269
- function Gn(e, r) {
3270
- const c = r.Point;
3271
- return Object.assign({}, r, {
3296
+ function Gn(e, n) {
3297
+ const c = n.Point;
3298
+ return Object.assign({}, n, {
3272
3299
  ProjectivePoint: c,
3273
3300
  CURVE: Object.assign({}, e, nn(c.Fn.ORDER, c.Fn.BITS))
3274
3301
  });
3275
3302
  }
3276
3303
  function Wn(e) {
3277
- const { CURVE: r, curveOpts: c, hash: t, ecdsaOpts: l } = Xn(e), m = zn(r, c), g = Yn(m, t, l);
3304
+ const { CURVE: n, curveOpts: c, hash: t, ecdsaOpts: u } = Xn(e), m = Dn(n, c), g = Yn(m, t, u);
3278
3305
  return Gn(e, g);
3279
3306
  }
3280
- function Qn(e, r) {
3307
+ function Qn(e, n) {
3281
3308
  const c = (t) => Wn({ ...e, hash: t });
3282
- return { ...c(r), create: c };
3309
+ return { ...c(n), create: c };
3283
3310
  }
3284
3311
  const Bt = {
3285
3312
  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
@@ -3297,20 +3324,22 @@ const Bt = {
3297
3324
  ]
3298
3325
  }, Vt = /* @__PURE__ */ BigInt(2);
3299
3326
  function Fn(e) {
3300
- const r = Bt.p, c = BigInt(3), t = BigInt(6), l = BigInt(11), m = BigInt(22), g = BigInt(23), p = BigInt(44), v = BigInt(88), U = e * e * e % r, H = U * U * e % r, V = Re(H, c, r) * H % r, E = Re(V, c, r) * H % r, b = Re(E, Vt, r) * U % r, S = Re(b, l, r) * b % r, A = Re(S, m, r) * S % r, M = Re(A, p, r) * A % r, Q = Re(M, v, r) * M % r, F = Re(Q, p, r) * A % r, G = Re(F, c, r) * H % r, se = Re(G, g, r) * S % r, ie = Re(se, t, r) * U % r, j = Re(ie, Vt, r);
3327
+ const n = Bt.p, c = BigInt(3), t = BigInt(6), u = BigInt(11), m = BigInt(22), g = BigInt(23), p = BigInt(44), v = BigInt(88), U = e * e * e % n, H = U * U * e % n, V = xe(H, c, n) * H % n, E = xe(V, c, n) * H % n, b = xe(E, Vt, n) * U % n, S = xe(b, u, n) * b % n, A = xe(S, m, n) * S % n, M = xe(A, p, n) * A % n, Q = xe(M, v, n) * M % n, F = xe(Q, p, n) * A % n, G = xe(F, c, n) * H % n, se = xe(G, g, n) * S % n, ie = xe(se, t, n) * U % n, j = xe(ie, Vt, n);
3301
3328
  if (!ht.eql(ht.sqr(j), e))
3302
3329
  throw new Error("Cannot find square root");
3303
3330
  return j;
3304
3331
  }
3305
- const ht = De(Bt.p, { sqrt: Fn }), or = Qn({ ...Bt, Fp: ht, lowS: !0, endo: Jn }, wn);
3332
+ const ht = ze(Bt.p, { sqrt: Fn }), ir = Qn({ ...Bt, Fp: ht, lowS: !0, endo: Jn }, wn);
3306
3333
  export {
3307
- rr as F,
3308
- tr as a,
3334
+ sr as F,
3335
+ rr as a,
3309
3336
  $e as b,
3310
- pn as c,
3311
- nr as d,
3312
- et as e,
3337
+ tr as c,
3338
+ pn as d,
3339
+ or as e,
3340
+ et as f,
3341
+ er as g,
3313
3342
  qe as m,
3314
- er as r,
3315
- or as s
3343
+ nr as r,
3344
+ ir as s
3316
3345
  };