@btc-vision/transaction 1.7.31 → 1.8.0-alpha.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (36) hide show
  1. package/AUDIT/README.md +9 -0
  2. package/CHANGELOG.md +5 -0
  3. package/README.md +62 -18
  4. package/SECURITY.md +71 -0
  5. package/browser/deterministic/ExtendedAddressMap.d.ts +17 -0
  6. package/browser/index.js +448 -362
  7. package/browser/keypair/Address.d.ts +3 -1
  8. package/browser/mnemonic/Mnemonic.d.ts +1 -1
  9. package/browser/noble-curves.js +1087 -1116
  10. package/browser/noble-hashes.js +25 -25
  11. package/browser/opnet.d.ts +1 -0
  12. package/browser/transaction/browser/WalletNetworks.d.ts +3 -3
  13. package/browser/transaction/browser/types/Unisat.d.ts +2 -2
  14. package/browser/vendors.js +950 -911
  15. package/build/deterministic/ExtendedAddressMap.d.ts +17 -0
  16. package/build/deterministic/ExtendedAddressMap.js +60 -0
  17. package/build/keypair/Address.d.ts +3 -1
  18. package/build/keypair/Address.js +30 -10
  19. package/build/mnemonic/Mnemonic.d.ts +1 -1
  20. package/build/mnemonic/Mnemonic.js +2 -2
  21. package/build/opnet.d.ts +1 -0
  22. package/build/opnet.js +1 -0
  23. package/build/transaction/browser/WalletNetworks.d.ts +3 -3
  24. package/build/transaction/browser/WalletNetworks.js +3 -3
  25. package/build/transaction/browser/extensions/UnisatSigner.js +3 -3
  26. package/build/transaction/browser/types/Unisat.d.ts +2 -2
  27. package/build/tsconfig.build.tsbuildinfo +1 -1
  28. package/package.json +13 -13
  29. package/src/deterministic/ExtendedAddressMap.ts +83 -0
  30. package/src/keypair/Address.ts +53 -9
  31. package/src/mnemonic/Mnemonic.ts +2 -2
  32. package/src/opnet.ts +1 -0
  33. package/src/transaction/browser/WalletNetworks.ts +3 -3
  34. package/src/transaction/browser/extensions/UnisatSigner.ts +3 -3
  35. package/src/transaction/browser/types/Unisat.ts +2 -2
  36. package/test/derivePath.test.ts +30 -29
package/browser/noble-curves.js CHANGED
@@ -1,36 +1,9 @@
1
- import { r as We, a as ln, b as dn, c as Me, i as yt, h as Qe, d as hn, e as Ae, f as yn, g as mn, j as kt, k as bn, s as wn } from "./noble-hashes.js";
2
- function er(e) {
3
- return e && e.__esModule && Object.prototype.hasOwnProperty.call(e, "default") ? e.default : e;
4
- }
5
- function tr(e) {
6
- if (Object.prototype.hasOwnProperty.call(e, "__esModule")) return e;
7
- var n = e.default;
8
- if (typeof n == "function") {
9
- var c = function t() {
10
- var u = !1;
11
- try {
12
- u = this instanceof t;
13
- } catch {
14
- }
15
- return u ? Reflect.construct(n, arguments, this.constructor) : n.apply(this, arguments);
16
- };
17
- c.prototype = n.prototype;
18
- } else c = {};
19
- return Object.defineProperty(c, "__esModule", { value: !0 }), Object.keys(e).forEach(function(t) {
20
- var u = Object.getOwnPropertyDescriptor(e, t);
21
- Object.defineProperty(c, t, u.get ? u : {
22
- enumerable: !0,
23
- get: function() {
24
- return e[t];
25
- }
26
- });
27
- }), c;
28
- }
1
+ import { m as We, b as ln, n as dn, o as Me, q as yt, t as Qe, u as hn, v as Ae, w as yn, x as mn, y as Vt, k as bn, z as wn } from "./noble-hashes.js";
29
2
  var tt = {}, Ke = {}, nt = {}, rt = {}, _t;
30
3
  function Ce() {
31
4
  return _t || (_t = 1, (function(e) {
32
- Object.defineProperty(e, "__esModule", { value: !0 }), e.notImplemented = e.bitMask = e.utf8ToBytes = e.randomBytes = e.isBytes = e.hexToBytes = e.concatBytes = e.bytesToUtf8 = e.bytesToHex = e.anumber = e.abytes = void 0, e.abool = m, e._abool2 = g, e._abytes2 = p, e.numberToHexUnpadded = v, e.hexToNumber = U, e.bytesToNumberBE = H, e.bytesToNumberLE = V, e.numberToBytesBE = E, e.numberToBytesLE = b, e.numberToVarBytesBE = S, e.ensureBytes = A, e.equalBytes = M, e.copyBytes = Q, e.asciiToBytes = F, e.inRange = se, e.aInRange = ie, e.bitLen = j, e.bitGet = R, e.bitSet = L, e.createHmacDrbg = K, e.validateObject = D, e.isHash = d, e._validateObject = l, e.memoized = a;
33
- const n = /* @__PURE__ */ We();
5
+ Object.defineProperty(e, "__esModule", { value: !0 }), e.notImplemented = e.bitMask = e.utf8ToBytes = e.randomBytes = e.isBytes = e.hexToBytes = e.concatBytes = e.bytesToUtf8 = e.bytesToHex = e.anumber = e.abytes = void 0, e.abool = m, e._abool2 = g, e._abytes2 = p, e.numberToHexUnpadded = v, e.hexToNumber = U, e.bytesToNumberBE = H, e.bytesToNumberLE = k, e.numberToBytesBE = E, e.numberToBytesLE = b, e.numberToVarBytesBE = S, e.ensureBytes = A, e.equalBytes = M, e.copyBytes = Q, e.asciiToBytes = F, e.inRange = se, e.aInRange = ie, e.bitLen = j, e.bitGet = O, e.bitSet = L, e.createHmacDrbg = K, e.validateObject = z, e.isHash = d, e._validateObject = u, e.memoized = a;
6
+ const r = /* @__PURE__ */ We();
34
7
  var c = /* @__PURE__ */ We();
35
8
  Object.defineProperty(e, "abytes", { enumerable: !0, get: function() {
36
9
  return c.abytes;
@@ -51,7 +24,7 @@ function Ce() {
51
24
  } }), Object.defineProperty(e, "utf8ToBytes", { enumerable: !0, get: function() {
52
25
  return c.utf8ToBytes;
53
26
  } });
54
- const t = /* @__PURE__ */ BigInt(0), u = /* @__PURE__ */ BigInt(1);
27
+ const t = /* @__PURE__ */ BigInt(0), l = /* @__PURE__ */ BigInt(1);
55
28
  function m(i, o) {
56
29
  if (typeof o != "boolean")
57
30
  throw new Error(i + " boolean expected, got " + o);
@@ -64,10 +37,10 @@ function Ce() {
64
37
  return i;
65
38
  }
66
39
  function p(i, o, h = "") {
67
- const w = (0, n.isBytes)(i), s = i?.length, f = o !== void 0;
40
+ const w = (0, r.isBytes)(i), s = i?.length, f = o !== void 0;
68
41
  if (!w || f && s !== o) {
69
- const y = h && `"${h}" `, B = f ? ` of length ${o}` : "", O = w ? `length=${s}` : `type=${typeof i}`;
70
- throw new Error(y + "expected Uint8Array" + B + ", got " + O);
42
+ const y = h && `"${h}" `, B = f ? ` of length ${o}` : "", T = w ? `length=${s}` : `type=${typeof i}`;
43
+ throw new Error(y + "expected Uint8Array" + B + ", got " + T);
71
44
  }
72
45
  return i;
73
46
  }
@@ -81,29 +54,29 @@ function Ce() {
81
54
  return i === "" ? t : BigInt("0x" + i);
82
55
  }
83
56
  function H(i) {
84
- return U((0, n.bytesToHex)(i));
57
+ return U((0, r.bytesToHex)(i));
85
58
  }
86
- function V(i) {
87
- return (0, n.abytes)(i), U((0, n.bytesToHex)(Uint8Array.from(i).reverse()));
59
+ function k(i) {
60
+ return (0, r.abytes)(i), U((0, r.bytesToHex)(Uint8Array.from(i).reverse()));
88
61
  }
89
62
  function E(i, o) {
90
- return (0, n.hexToBytes)(i.toString(16).padStart(o * 2, "0"));
63
+ return (0, r.hexToBytes)(i.toString(16).padStart(o * 2, "0"));
91
64
  }
92
65
  function b(i, o) {
93
66
  return E(i, o).reverse();
94
67
  }
95
68
  function S(i) {
96
- return (0, n.hexToBytes)(v(i));
69
+ return (0, r.hexToBytes)(v(i));
97
70
  }
98
71
  function A(i, o, h) {
99
72
  let w;
100
73
  if (typeof o == "string")
101
74
  try {
102
- w = (0, n.hexToBytes)(o);
75
+ w = (0, r.hexToBytes)(o);
103
76
  } catch (f) {
104
77
  throw new Error(i + " must be hex string or Uint8Array, cause: " + f);
105
78
  }
106
- else if ((0, n.isBytes)(o))
79
+ else if ((0, r.isBytes)(o))
107
80
  w = Uint8Array.from(o);
108
81
  else
109
82
  throw new Error(i + " must be hex string or Uint8Array");
@@ -141,17 +114,17 @@ function Ce() {
141
114
  }
142
115
  function j(i) {
143
116
  let o;
144
- for (o = 0; i > t; i >>= u, o += 1)
117
+ for (o = 0; i > t; i >>= l, o += 1)
145
118
  ;
146
119
  return o;
147
120
  }
148
- function R(i, o) {
149
- return i >> BigInt(o) & u;
121
+ function O(i, o) {
122
+ return i >> BigInt(o) & l;
150
123
  }
151
124
  function L(i, o, h) {
152
- return i | (h ? u : t) << BigInt(o);
125
+ return i | (h ? l : t) << BigInt(o);
153
126
  }
154
- const _ = (i) => (u << BigInt(i)) - u;
127
+ const _ = (i) => (l << BigInt(i)) - l;
155
128
  e.bitMask = _;
156
129
  function K(i, o, h) {
157
130
  if (typeof i != "number" || i < 2)
@@ -162,28 +135,28 @@ function Ce() {
162
135
  throw new Error("hmacFn must be a function");
163
136
  const w = (C) => new Uint8Array(C), s = (C) => Uint8Array.of(C);
164
137
  let f = w(i), y = w(i), B = 0;
165
- const O = () => {
138
+ const T = () => {
166
139
  f.fill(1), y.fill(0), B = 0;
167
- }, k = (...C) => h(y, f, ...C), Y = (C = w(0)) => {
168
- y = k(s(0), C), f = k(), C.length !== 0 && (y = k(s(1), C), f = k());
140
+ }, V = (...C) => h(y, f, ...C), Y = (C = w(0)) => {
141
+ y = V(s(0), C), f = V(), C.length !== 0 && (y = V(s(1), C), f = V());
169
142
  }, I = () => {
170
143
  if (B++ >= 1e3)
171
144
  throw new Error("drbg: tried 1000 values");
172
145
  let C = 0;
173
146
  const te = [];
174
147
  for (; C < o; ) {
175
- f = k();
148
+ f = V();
176
149
  const $ = f.slice();
177
150
  te.push($), C += f.length;
178
151
  }
179
- return (0, n.concatBytes)(...te);
152
+ return (0, r.concatBytes)(...te);
180
153
  };
181
154
  return (C, te) => {
182
- O(), Y(C);
155
+ T(), Y(C);
183
156
  let $;
184
157
  for (; !($ = te(I())); )
185
158
  Y();
186
- return O(), $;
159
+ return T(), $;
187
160
  };
188
161
  }
189
162
  const W = {
@@ -191,20 +164,20 @@ function Ce() {
191
164
  function: (i) => typeof i == "function",
192
165
  boolean: (i) => typeof i == "boolean",
193
166
  string: (i) => typeof i == "string",
194
- stringOrUint8Array: (i) => typeof i == "string" || (0, n.isBytes)(i),
167
+ stringOrUint8Array: (i) => typeof i == "string" || (0, r.isBytes)(i),
195
168
  isSafeInteger: (i) => Number.isSafeInteger(i),
196
169
  array: (i) => Array.isArray(i),
197
170
  field: (i, o) => o.Fp.isValid(i),
198
171
  hash: (i) => typeof i == "function" && Number.isSafeInteger(i.outputLen)
199
172
  };
200
- function D(i, o, h = {}) {
173
+ function z(i, o, h = {}) {
201
174
  const w = (s, f, y) => {
202
175
  const B = W[f];
203
176
  if (typeof B != "function")
204
177
  throw new Error("invalid validator function");
205
- const O = i[s];
206
- if (!(y && O === void 0) && !B(O, i))
207
- throw new Error("param " + String(s) + " is invalid. Expected " + f + ", got " + O);
178
+ const T = i[s];
179
+ if (!(y && T === void 0) && !B(T, i))
180
+ throw new Error("param " + String(s) + " is invalid. Expected " + f + ", got " + T);
208
181
  };
209
182
  for (const [s, f] of Object.entries(o))
210
183
  w(s, f, !1);
@@ -215,23 +188,23 @@ function Ce() {
215
188
  function d(i) {
216
189
  return typeof i == "function" && Number.isSafeInteger(i.outputLen);
217
190
  }
218
- function l(i, o, h = {}) {
191
+ function u(i, o, h = {}) {
219
192
  if (!i || typeof i != "object")
220
193
  throw new Error("expected valid options object");
221
194
  function w(s, f, y) {
222
195
  const B = i[s];
223
196
  if (y && B === void 0)
224
197
  return;
225
- const O = typeof B;
226
- if (O !== f || B === null)
227
- throw new Error(`param "${s}" is invalid: expected ${f}, got ${O}`);
198
+ const T = typeof B;
199
+ if (T !== f || B === null)
200
+ throw new Error(`param "${s}" is invalid: expected ${f}, got ${T}`);
228
201
  }
229
202
  Object.entries(o).forEach(([s, f]) => w(s, f, !1)), Object.entries(h).forEach(([s, f]) => w(s, f, !0));
230
203
  }
231
- const r = () => {
204
+ const n = () => {
232
205
  throw new Error("not implemented");
233
206
  };
234
- e.notImplemented = r;
207
+ e.notImplemented = n;
235
208
  function a(i) {
236
209
  const o = /* @__PURE__ */ new WeakMap();
237
210
  return (h, ...w) => {
@@ -244,37 +217,37 @@ function Ce() {
244
217
  }
245
218
  })(rt)), rt;
246
219
  }
247
- var Re = {}, he = {}, St;
220
+ var Oe = {}, he = {}, St;
248
221
  function $e() {
249
222
  if (St) return he;
250
- St = 1, Object.defineProperty(he, "__esModule", { value: !0 }), he.isNegativeLE = void 0, he.mod = V, he.pow = E, he.pow2 = b, he.invert = S, he.tonelliShanks = G, he.FpSqrt = se, he.validateField = R, he.FpPow = L, he.FpInvertBatch = _, he.FpDiv = K, he.FpLegendre = W, he.FpIsSquare = D, he.nLength = d, he.Field = l, he.FpSqrtOdd = r, he.FpSqrtEven = a, he.hashToPrivateScalar = i, he.getFieldBytesLength = o, he.getMinHashLength = h, he.mapHashToField = w;
251
- const e = /* @__PURE__ */ Ce(), n = BigInt(0), c = BigInt(1), t = /* @__PURE__ */ BigInt(2), u = /* @__PURE__ */ BigInt(3), m = /* @__PURE__ */ BigInt(4), g = /* @__PURE__ */ BigInt(5), p = /* @__PURE__ */ BigInt(7), v = /* @__PURE__ */ BigInt(8), U = /* @__PURE__ */ BigInt(9), H = /* @__PURE__ */ BigInt(16);
252
- function V(s, f) {
223
+ St = 1, Object.defineProperty(he, "__esModule", { value: !0 }), he.isNegativeLE = void 0, he.mod = k, he.pow = E, he.pow2 = b, he.invert = S, he.tonelliShanks = G, he.FpSqrt = se, he.validateField = O, he.FpPow = L, he.FpInvertBatch = _, he.FpDiv = K, he.FpLegendre = W, he.FpIsSquare = z, he.nLength = d, he.Field = u, he.FpSqrtOdd = n, he.FpSqrtEven = a, he.hashToPrivateScalar = i, he.getFieldBytesLength = o, he.getMinHashLength = h, he.mapHashToField = w;
224
+ const e = /* @__PURE__ */ Ce(), r = BigInt(0), c = BigInt(1), t = /* @__PURE__ */ BigInt(2), l = /* @__PURE__ */ BigInt(3), m = /* @__PURE__ */ BigInt(4), g = /* @__PURE__ */ BigInt(5), p = /* @__PURE__ */ BigInt(7), v = /* @__PURE__ */ BigInt(8), U = /* @__PURE__ */ BigInt(9), H = /* @__PURE__ */ BigInt(16);
225
+ function k(s, f) {
253
226
  const y = s % f;
254
- return y >= n ? y : f + y;
227
+ return y >= r ? y : f + y;
255
228
  }
256
229
  function E(s, f, y) {
257
- return L(l(y), s, f);
230
+ return L(u(y), s, f);
258
231
  }
259
232
  function b(s, f, y) {
260
233
  let B = s;
261
- for (; f-- > n; )
234
+ for (; f-- > r; )
262
235
  B *= B, B %= y;
263
236
  return B;
264
237
  }
265
238
  function S(s, f) {
266
- if (s === n)
239
+ if (s === r)
267
240
  throw new Error("invert: expected non-zero number");
268
- if (f <= n)
241
+ if (f <= r)
269
242
  throw new Error("invert: expected positive modulus, got " + f);
270
- let y = V(s, f), B = f, O = n, k = c;
271
- for (; y !== n; ) {
272
- const I = B / y, q = B % y, C = O - k * I;
273
- B = y, y = q, O = k, k = C;
243
+ let y = k(s, f), B = f, T = r, V = c;
244
+ for (; y !== r; ) {
245
+ const I = B / y, q = B % y, C = T - V * I;
246
+ B = y, y = q, T = V, V = C;
274
247
  }
275
248
  if (B !== c)
276
249
  throw new Error("invert: does not exist");
277
- return V(O, f);
250
+ return k(T, f);
278
251
  }
279
252
  function A(s, f, y) {
280
253
  if (!s.eql(s.sqr(f), y))
@@ -285,57 +258,57 @@ function $e() {
285
258
  return A(s, B, f), B;
286
259
  }
287
260
  function Q(s, f) {
288
- const y = (s.ORDER - g) / v, B = s.mul(f, t), O = s.pow(B, y), k = s.mul(f, O), Y = s.mul(s.mul(k, t), O), I = s.mul(k, s.sub(Y, s.ONE));
261
+ const y = (s.ORDER - g) / v, B = s.mul(f, t), T = s.pow(B, y), V = s.mul(f, T), Y = s.mul(s.mul(V, t), T), I = s.mul(V, s.sub(Y, s.ONE));
289
262
  return A(s, I, f), I;
290
263
  }
291
264
  function F(s) {
292
- const f = l(s), y = G(s), B = y(f, f.neg(f.ONE)), O = y(f, B), k = y(f, f.neg(B)), Y = (s + p) / H;
265
+ const f = u(s), y = G(s), B = y(f, f.neg(f.ONE)), T = y(f, B), V = y(f, f.neg(B)), Y = (s + p) / H;
293
266
  return (I, q) => {
294
267
  let C = I.pow(q, Y), te = I.mul(C, B);
295
- const $ = I.mul(C, O), T = I.mul(C, k), X = I.eql(I.sqr(te), q), ae = I.eql(I.sqr($), q);
296
- C = I.cmov(C, te, X), te = I.cmov(T, $, ae);
268
+ const $ = I.mul(C, T), x = I.mul(C, V), X = I.eql(I.sqr(te), q), ae = I.eql(I.sqr($), q);
269
+ C = I.cmov(C, te, X), te = I.cmov(x, $, ae);
297
270
  const ye = I.eql(I.sqr(te), q), pe = I.cmov(C, te, ye);
298
271
  return A(I, pe, q), pe;
299
272
  };
300
273
  }
301
274
  function G(s) {
302
- if (s < u)
275
+ if (s < l)
303
276
  throw new Error("sqrt is not defined for small field");
304
277
  let f = s - c, y = 0;
305
- for (; f % t === n; )
278
+ for (; f % t === r; )
306
279
  f /= t, y++;
307
280
  let B = t;
308
- const O = l(s);
309
- for (; W(O, B) === 1; )
281
+ const T = u(s);
282
+ for (; W(T, B) === 1; )
310
283
  if (B++ > 1e3)
311
284
  throw new Error("Cannot find square root: probably non-prime P");
312
285
  if (y === 1)
313
286
  return M;
314
- let k = O.pow(B, f);
287
+ let V = T.pow(B, f);
315
288
  const Y = (f + c) / t;
316
289
  return function(q, C) {
317
290
  if (q.is0(C))
318
291
  return C;
319
292
  if (W(q, C) !== 1)
320
293
  throw new Error("Cannot find square root");
321
- let te = y, $ = q.mul(q.ONE, k), T = q.pow(C, f), X = q.pow(C, Y);
322
- for (; !q.eql(T, q.ONE); ) {
323
- if (q.is0(T))
294
+ let te = y, $ = q.mul(q.ONE, V), x = q.pow(C, f), X = q.pow(C, Y);
295
+ for (; !q.eql(x, q.ONE); ) {
296
+ if (q.is0(x))
324
297
  return q.ZERO;
325
- let ae = 1, ye = q.sqr(T);
298
+ let ae = 1, ye = q.sqr(x);
326
299
  for (; !q.eql(ye, q.ONE); )
327
300
  if (ae++, ye = q.sqr(ye), ae === te)
328
301
  throw new Error("Cannot find square root");
329
302
  const pe = c << BigInt(te - ae - 1), ve = q.pow($, pe);
330
- te = ae, $ = q.sqr(ve), T = q.mul(T, $), X = q.mul(X, ve);
303
+ te = ae, $ = q.sqr(ve), x = q.mul(x, $), X = q.mul(X, ve);
331
304
  }
332
305
  return X;
333
306
  };
334
307
  }
335
308
  function se(s) {
336
- return s % m === u ? M : s % v === g ? Q : s % H === U ? F(s) : G(s);
309
+ return s % m === l ? M : s % v === g ? Q : s % H === U ? F(s) : G(s);
337
310
  }
338
- const ie = (s, f) => (V(s, f) & c) === c;
311
+ const ie = (s, f) => (k(s, f) & c) === c;
339
312
  he.isNegativeLE = ie;
340
313
  const j = [
341
314
  "create",
@@ -356,41 +329,41 @@ function $e() {
356
329
  "mulN",
357
330
  "sqrN"
358
331
  ];
359
- function R(s) {
332
+ function O(s) {
360
333
  const f = {
361
334
  ORDER: "bigint",
362
335
  MASK: "bigint",
363
336
  BYTES: "number",
364
337
  BITS: "number"
365
- }, y = j.reduce((B, O) => (B[O] = "function", B), f);
338
+ }, y = j.reduce((B, T) => (B[T] = "function", B), f);
366
339
  return (0, e._validateObject)(s, y), s;
367
340
  }
368
341
  function L(s, f, y) {
369
- if (y < n)
342
+ if (y < r)
370
343
  throw new Error("invalid exponent, negatives unsupported");
371
- if (y === n)
344
+ if (y === r)
372
345
  return s.ONE;
373
346
  if (y === c)
374
347
  return f;
375
- let B = s.ONE, O = f;
376
- for (; y > n; )
377
- y & c && (B = s.mul(B, O)), O = s.sqr(O), y >>= c;
348
+ let B = s.ONE, T = f;
349
+ for (; y > r; )
350
+ y & c && (B = s.mul(B, T)), T = s.sqr(T), y >>= c;
378
351
  return B;
379
352
  }
380
353
  function _(s, f, y = !1) {
381
- const B = new Array(f.length).fill(y ? s.ZERO : void 0), O = f.reduce((Y, I, q) => s.is0(I) ? Y : (B[q] = Y, s.mul(Y, I)), s.ONE), k = s.inv(O);
382
- return f.reduceRight((Y, I, q) => s.is0(I) ? Y : (B[q] = s.mul(Y, B[q]), s.mul(Y, I)), k), B;
354
+ const B = new Array(f.length).fill(y ? s.ZERO : void 0), T = f.reduce((Y, I, q) => s.is0(I) ? Y : (B[q] = Y, s.mul(Y, I)), s.ONE), V = s.inv(T);
355
+ return f.reduceRight((Y, I, q) => s.is0(I) ? Y : (B[q] = s.mul(Y, B[q]), s.mul(Y, I)), V), B;
383
356
  }
384
357
  function K(s, f, y) {
385
358
  return s.mul(f, typeof y == "bigint" ? S(y, s.ORDER) : s.inv(y));
386
359
  }
387
360
  function W(s, f) {
388
- const y = (s.ORDER - c) / t, B = s.pow(f, y), O = s.eql(B, s.ONE), k = s.eql(B, s.ZERO), Y = s.eql(B, s.neg(s.ONE));
389
- if (!O && !k && !Y)
361
+ const y = (s.ORDER - c) / t, B = s.pow(f, y), T = s.eql(B, s.ONE), V = s.eql(B, s.ZERO), Y = s.eql(B, s.neg(s.ONE));
362
+ if (!T && !V && !Y)
390
363
  throw new Error("invalid Legendre symbol result");
391
- return O ? 1 : k ? 0 : -1;
364
+ return T ? 1 : V ? 0 : -1;
392
365
  }
393
- function D(s, f) {
366
+ function z(s, f) {
394
367
  return W(s, f) === 1;
395
368
  }
396
369
  function d(s, f) {
@@ -398,18 +371,18 @@ function $e() {
398
371
  const y = f !== void 0 ? f : s.toString(2).length, B = Math.ceil(y / 8);
399
372
  return { nBitLength: y, nByteLength: B };
400
373
  }
401
- function l(s, f, y = !1, B = {}) {
402
- if (s <= n)
374
+ function u(s, f, y = !1, B = {}) {
375
+ if (s <= r)
403
376
  throw new Error("invalid field: expected ORDER > 0, got " + s);
404
- let O, k, Y = !1, I;
377
+ let T, V, Y = !1, I;
405
378
  if (typeof f == "object" && f != null) {
406
379
  if (B.sqrt || y)
407
380
  throw new Error("cannot specify opts in two arguments");
408
- const T = f;
409
- T.BITS && (O = T.BITS), T.sqrt && (k = T.sqrt), typeof T.isLE == "boolean" && (y = T.isLE), typeof T.modFromBytes == "boolean" && (Y = T.modFromBytes), I = T.allowedLengths;
381
+ const x = f;
382
+ x.BITS && (T = x.BITS), x.sqrt && (V = x.sqrt), typeof x.isLE == "boolean" && (y = x.isLE), typeof x.modFromBytes == "boolean" && (Y = x.modFromBytes), I = x.allowedLengths;
410
383
  } else
411
- typeof f == "number" && (O = f), B.sqrt && (k = B.sqrt);
412
- const { nBitLength: q, nByteLength: C } = d(s, O);
384
+ typeof f == "number" && (T = f), B.sqrt && (V = B.sqrt);
385
+ const { nBitLength: q, nByteLength: C } = d(s, T);
413
386
  if (C > 2048)
414
387
  throw new Error("invalid field: expected ORDER of <= 2048 bytes");
415
388
  let te;
@@ -419,58 +392,58 @@ function $e() {
419
392
  BITS: q,
420
393
  BYTES: C,
421
394
  MASK: (0, e.bitMask)(q),
422
- ZERO: n,
395
+ ZERO: r,
423
396
  ONE: c,
424
397
  allowedLengths: I,
425
- create: (T) => V(T, s),
426
- isValid: (T) => {
427
- if (typeof T != "bigint")
428
- throw new Error("invalid field element: expected bigint, got " + typeof T);
429
- return n <= T && T < s;
398
+ create: (x) => k(x, s),
399
+ isValid: (x) => {
400
+ if (typeof x != "bigint")
401
+ throw new Error("invalid field element: expected bigint, got " + typeof x);
402
+ return r <= x && x < s;
430
403
  },
431
- is0: (T) => T === n,
404
+ is0: (x) => x === r,
432
405
  // is valid and invertible
433
- isValidNot0: (T) => !$.is0(T) && $.isValid(T),
434
- isOdd: (T) => (T & c) === c,
435
- neg: (T) => V(-T, s),
436
- eql: (T, X) => T === X,
437
- sqr: (T) => V(T * T, s),
438
- add: (T, X) => V(T + X, s),
439
- sub: (T, X) => V(T - X, s),
440
- mul: (T, X) => V(T * X, s),
441
- pow: (T, X) => L($, T, X),
442
- div: (T, X) => V(T * S(X, s), s),
406
+ isValidNot0: (x) => !$.is0(x) && $.isValid(x),
407
+ isOdd: (x) => (x & c) === c,
408
+ neg: (x) => k(-x, s),
409
+ eql: (x, X) => x === X,
410
+ sqr: (x) => k(x * x, s),
411
+ add: (x, X) => k(x + X, s),
412
+ sub: (x, X) => k(x - X, s),
413
+ mul: (x, X) => k(x * X, s),
414
+ pow: (x, X) => L($, x, X),
415
+ div: (x, X) => k(x * S(X, s), s),
443
416
  // Same as above, but doesn't normalize
444
- sqrN: (T) => T * T,
445
- addN: (T, X) => T + X,
446
- subN: (T, X) => T - X,
447
- mulN: (T, X) => T * X,
448
- inv: (T) => S(T, s),
449
- sqrt: k || ((T) => (te || (te = se(s)), te($, T))),
450
- toBytes: (T) => y ? (0, e.numberToBytesLE)(T, C) : (0, e.numberToBytesBE)(T, C),
451
- fromBytes: (T, X = !0) => {
417
+ sqrN: (x) => x * x,
418
+ addN: (x, X) => x + X,
419
+ subN: (x, X) => x - X,
420
+ mulN: (x, X) => x * X,
421
+ inv: (x) => S(x, s),
422
+ sqrt: V || ((x) => (te || (te = se(s)), te($, x))),
423
+ toBytes: (x) => y ? (0, e.numberToBytesLE)(x, C) : (0, e.numberToBytesBE)(x, C),
424
+ fromBytes: (x, X = !0) => {
452
425
  if (I) {
453
- if (!I.includes(T.length) || T.length > C)
454
- throw new Error("Field.fromBytes: expected " + I + " bytes, got " + T.length);
426
+ if (!I.includes(x.length) || x.length > C)
427
+ throw new Error("Field.fromBytes: expected " + I + " bytes, got " + x.length);
455
428
  const ye = new Uint8Array(C);
456
- ye.set(T, y ? 0 : ye.length - T.length), T = ye;
429
+ ye.set(x, y ? 0 : ye.length - x.length), x = ye;
457
430
  }
458
- if (T.length !== C)
459
- throw new Error("Field.fromBytes: expected " + C + " bytes, got " + T.length);
460
- let ae = y ? (0, e.bytesToNumberLE)(T) : (0, e.bytesToNumberBE)(T);
461
- if (Y && (ae = V(ae, s)), !X && !$.isValid(ae))
431
+ if (x.length !== C)
432
+ throw new Error("Field.fromBytes: expected " + C + " bytes, got " + x.length);
433
+ let ae = y ? (0, e.bytesToNumberLE)(x) : (0, e.bytesToNumberBE)(x);
434
+ if (Y && (ae = k(ae, s)), !X && !$.isValid(ae))
462
435
  throw new Error("invalid field element: outside of range 0..ORDER");
463
436
  return ae;
464
437
  },
465
438
  // TODO: we don't need it here, move out to separate fn
466
- invertBatch: (T) => _($, T),
439
+ invertBatch: (x) => _($, x),
467
440
  // We can't move this out because Fp6, Fp12 implement it
468
441
  // and it's unclear what to return in there.
469
- cmov: (T, X, ae) => ae ? X : T
442
+ cmov: (x, X, ae) => ae ? X : x
470
443
  });
471
444
  return Object.freeze($);
472
445
  }
473
- function r(s, f) {
446
+ function n(s, f) {
474
447
  if (!s.isOdd)
475
448
  throw new Error("Field doesn't have isOdd");
476
449
  const y = s.sqrt(f);
@@ -484,11 +457,11 @@ function $e() {
484
457
  }
485
458
  function i(s, f, y = !1) {
486
459
  s = (0, e.ensureBytes)("privateHash", s);
487
- const B = s.length, O = d(f).nByteLength + 8;
488
- if (O < 24 || B < O || B > 1024)
489
- throw new Error("hashToPrivateScalar: expected " + O + "-1024 bytes of input, got " + B);
490
- const k = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s);
491
- return V(k, f - c) + c;
460
+ const B = s.length, T = d(f).nByteLength + 8;
461
+ if (T < 24 || B < T || B > 1024)
462
+ throw new Error("hashToPrivateScalar: expected " + T + "-1024 bytes of input, got " + B);
463
+ const V = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s);
464
+ return k(V, f - c) + c;
492
465
  }
493
466
  function o(s) {
494
467
  if (typeof s != "bigint")
@@ -501,60 +474,60 @@ function $e() {
501
474
  return f + Math.ceil(f / 2);
502
475
  }
503
476
  function w(s, f, y = !1) {
504
- const B = s.length, O = o(f), k = h(f);
505
- if (B < 16 || B < k || B > 1024)
506
- throw new Error("expected " + k + "-1024 bytes of input, got " + B);
507
- const Y = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s), I = V(Y, f - c) + c;
508
- return y ? (0, e.numberToBytesLE)(I, O) : (0, e.numberToBytesBE)(I, O);
477
+ const B = s.length, T = o(f), V = h(f);
478
+ if (B < 16 || B < V || B > 1024)
479
+ throw new Error("expected " + V + "-1024 bytes of input, got " + B);
480
+ const Y = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s), I = k(Y, f - c) + c;
481
+ return y ? (0, e.numberToBytesLE)(I, T) : (0, e.numberToBytesBE)(I, T);
509
482
  }
510
483
  return he;
511
484
  }
512
- var Ot;
485
+ var Tt;
513
486
  function gn() {
514
- if (Ot) return Re;
515
- Ot = 1, Object.defineProperty(Re, "__esModule", { value: !0 }), Re.wNAF = void 0, Re.negateCt = u, Re.normalizeZ = m, Re.mulEndoUnsafe = M, Re.pippenger = Q, Re.precomputeMSMUnsafe = F, Re.validateBasic = G, Re._createCurveFields = ie;
516
- const e = /* @__PURE__ */ Ce(), n = /* @__PURE__ */ $e(), c = BigInt(0), t = BigInt(1);
517
- function u(j, R) {
518
- const L = R.negate();
519
- return j ? L : R;
520
- }
521
- function m(j, R) {
522
- const L = (0, n.FpInvertBatch)(j.Fp, R.map((_) => _.Z));
523
- return R.map((_, K) => j.fromAffine(_.toAffine(L[K])));
524
- }
525
- function g(j, R) {
526
- if (!Number.isSafeInteger(j) || j <= 0 || j > R)
527
- throw new Error("invalid window size, expected [1.." + R + "], got W=" + j);
528
- }
529
- function p(j, R) {
530
- g(j, R);
531
- const L = Math.ceil(R / j) + 1, _ = 2 ** (j - 1), K = 2 ** j, W = (0, e.bitMask)(j), D = BigInt(j);
532
- return { windows: L, windowSize: _, mask: W, maxNumber: K, shiftBy: D };
533
- }
534
- function v(j, R, L) {
535
- const { windowSize: _, mask: K, maxNumber: W, shiftBy: D } = L;
536
- let d = Number(j & K), l = j >> D;
537
- d > _ && (d -= W, l += t);
538
- const r = R * _, a = r + Math.abs(d) - 1, i = d === 0, o = d < 0, h = R % 2 !== 0;
539
- return { nextN: l, offset: a, isZero: i, isNeg: o, isNegF: h, offsetF: r };
540
- }
541
- function U(j, R) {
487
+ if (Tt) return Oe;
488
+ Tt = 1, Object.defineProperty(Oe, "__esModule", { value: !0 }), Oe.wNAF = void 0, Oe.negateCt = l, Oe.normalizeZ = m, Oe.mulEndoUnsafe = M, Oe.pippenger = Q, Oe.precomputeMSMUnsafe = F, Oe.validateBasic = G, Oe._createCurveFields = ie;
489
+ const e = /* @__PURE__ */ Ce(), r = /* @__PURE__ */ $e(), c = BigInt(0), t = BigInt(1);
490
+ function l(j, O) {
491
+ const L = O.negate();
492
+ return j ? L : O;
493
+ }
494
+ function m(j, O) {
495
+ const L = (0, r.FpInvertBatch)(j.Fp, O.map((_) => _.Z));
496
+ return O.map((_, K) => j.fromAffine(_.toAffine(L[K])));
497
+ }
498
+ function g(j, O) {
499
+ if (!Number.isSafeInteger(j) || j <= 0 || j > O)
500
+ throw new Error("invalid window size, expected [1.." + O + "], got W=" + j);
501
+ }
502
+ function p(j, O) {
503
+ g(j, O);
504
+ const L = Math.ceil(O / j) + 1, _ = 2 ** (j - 1), K = 2 ** j, W = (0, e.bitMask)(j), z = BigInt(j);
505
+ return { windows: L, windowSize: _, mask: W, maxNumber: K, shiftBy: z };
506
+ }
507
+ function v(j, O, L) {
508
+ const { windowSize: _, mask: K, maxNumber: W, shiftBy: z } = L;
509
+ let d = Number(j & K), u = j >> z;
510
+ d > _ && (d -= W, u += t);
511
+ const n = O * _, a = n + Math.abs(d) - 1, i = d === 0, o = d < 0, h = O % 2 !== 0;
512
+ return { nextN: u, offset: a, isZero: i, isNeg: o, isNegF: h, offsetF: n };
513
+ }
514
+ function U(j, O) {
542
515
  if (!Array.isArray(j))
543
516
  throw new Error("array expected");
544
517
  j.forEach((L, _) => {
545
- if (!(L instanceof R))
518
+ if (!(L instanceof O))
546
519
  throw new Error("invalid point at index " + _);
547
520
  });
548
521
  }
549
- function H(j, R) {
522
+ function H(j, O) {
550
523
  if (!Array.isArray(j))
551
524
  throw new Error("array of scalars expected");
552
525
  j.forEach((L, _) => {
553
- if (!R.isValid(L))
526
+ if (!O.isValid(L))
554
527
  throw new Error("invalid scalar at index " + _);
555
528
  });
556
529
  }
557
- const V = /* @__PURE__ */ new WeakMap(), E = /* @__PURE__ */ new WeakMap();
530
+ const k = /* @__PURE__ */ new WeakMap(), E = /* @__PURE__ */ new WeakMap();
558
531
  function b(j) {
559
532
  return E.get(j) || 1;
560
533
  }
@@ -564,12 +537,12 @@ function gn() {
564
537
  }
565
538
  class A {
566
539
  // Parametrized with a given Point class (not individual point)
567
- constructor(R, L) {
568
- this.BASE = R.BASE, this.ZERO = R.ZERO, this.Fn = R.Fn, this.bits = L;
540
+ constructor(O, L) {
541
+ this.BASE = O.BASE, this.ZERO = O.ZERO, this.Fn = O.Fn, this.bits = L;
569
542
  }
570
543
  // non-const time multiplication ladder
571
- _unsafeLadder(R, L, _ = this.ZERO) {
572
- let K = R;
544
+ _unsafeLadder(O, L, _ = this.ZERO) {
545
+ let K = O;
573
546
  for (; L > c; )
574
547
  L & t && (_ = _.add(K)), K = K.double(), L >>= t;
575
548
  return _;
@@ -586,14 +559,14 @@ function gn() {
586
559
  * @param W window size
587
560
  * @returns precomputed point tables flattened to a single array
588
561
  */
589
- precomputeWindow(R, L) {
562
+ precomputeWindow(O, L) {
590
563
  const { windows: _, windowSize: K } = p(L, this.bits), W = [];
591
- let D = R, d = D;
592
- for (let l = 0; l < _; l++) {
593
- d = D, W.push(d);
594
- for (let r = 1; r < K; r++)
595
- d = d.add(D), W.push(d);
596
- D = d.double();
564
+ let z = O, d = z;
565
+ for (let u = 0; u < _; u++) {
566
+ d = z, W.push(d);
567
+ for (let n = 1; n < K; n++)
568
+ d = d.add(z), W.push(d);
569
+ z = d.double();
597
570
  }
598
571
  return W;
599
572
  }
@@ -603,14 +576,14 @@ function gn() {
603
576
  * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
604
577
  * @returns real and fake (for const-time) points
605
578
  */
606
- wNAF(R, L, _) {
579
+ wNAF(O, L, _) {
607
580
  if (!this.Fn.isValid(_))
608
581
  throw new Error("invalid scalar");
609
582
  let K = this.ZERO, W = this.BASE;
610
- const D = p(R, this.bits);
611
- for (let d = 0; d < D.windows; d++) {
612
- const { nextN: l, offset: r, isZero: a, isNeg: i, isNegF: o, offsetF: h } = v(_, d, D);
613
- _ = l, a ? W = W.add(u(o, L[h])) : K = K.add(u(i, L[r]));
583
+ const z = p(O, this.bits);
584
+ for (let d = 0; d < z.windows; d++) {
585
+ const { nextN: u, offset: n, isZero: a, isNeg: i, isNegF: o, offsetF: h } = v(_, d, z);
586
+ _ = u, a ? W = W.add(l(o, L[h])) : K = K.add(l(i, L[n]));
614
587
  }
615
588
  return S(_), { p: K, f: W };
616
589
  }
@@ -619,98 +592,98 @@ function gn() {
619
592
  * @param acc accumulator point to add result of multiplication
620
593
  * @returns point
621
594
  */
622
- wNAFUnsafe(R, L, _, K = this.ZERO) {
623
- const W = p(R, this.bits);
624
- for (let D = 0; D < W.windows && _ !== c; D++) {
625
- const { nextN: d, offset: l, isZero: r, isNeg: a } = v(_, D, W);
626
- if (_ = d, !r) {
627
- const i = L[l];
595
+ wNAFUnsafe(O, L, _, K = this.ZERO) {
596
+ const W = p(O, this.bits);
597
+ for (let z = 0; z < W.windows && _ !== c; z++) {
598
+ const { nextN: d, offset: u, isZero: n, isNeg: a } = v(_, z, W);
599
+ if (_ = d, !n) {
600
+ const i = L[u];
628
601
  K = K.add(a ? i.negate() : i);
629
602
  }
630
603
  }
631
604
  return S(_), K;
632
605
  }
633
- getPrecomputes(R, L, _) {
634
- let K = V.get(L);
635
- return K || (K = this.precomputeWindow(L, R), R !== 1 && (typeof _ == "function" && (K = _(K)), V.set(L, K))), K;
606
+ getPrecomputes(O, L, _) {
607
+ let K = k.get(L);
608
+ return K || (K = this.precomputeWindow(L, O), O !== 1 && (typeof _ == "function" && (K = _(K)), k.set(L, K))), K;
636
609
  }
637
- cached(R, L, _) {
638
- const K = b(R);
639
- return this.wNAF(K, this.getPrecomputes(K, R, _), L);
610
+ cached(O, L, _) {
611
+ const K = b(O);
612
+ return this.wNAF(K, this.getPrecomputes(K, O, _), L);
640
613
  }
641
- unsafe(R, L, _, K) {
642
- const W = b(R);
643
- return W === 1 ? this._unsafeLadder(R, L, K) : this.wNAFUnsafe(W, this.getPrecomputes(W, R, _), L, K);
614
+ unsafe(O, L, _, K) {
615
+ const W = b(O);
616
+ return W === 1 ? this._unsafeLadder(O, L, K) : this.wNAFUnsafe(W, this.getPrecomputes(W, O, _), L, K);
644
617
  }
645
618
  // We calculate precomputes for elliptic curve point multiplication
646
619
  // using windowed method. This specifies window size and
647
620
  // stores precomputed values. Usually only base point would be precomputed.
648
- createCache(R, L) {
649
- g(L, this.bits), E.set(R, L), V.delete(R);
621
+ createCache(O, L) {
622
+ g(L, this.bits), E.set(O, L), k.delete(O);
650
623
  }
651
- hasCache(R) {
652
- return b(R) !== 1;
624
+ hasCache(O) {
625
+ return b(O) !== 1;
653
626
  }
654
627
  }
655
- Re.wNAF = A;
656
- function M(j, R, L, _) {
657
- let K = R, W = j.ZERO, D = j.ZERO;
628
+ Oe.wNAF = A;
629
+ function M(j, O, L, _) {
630
+ let K = O, W = j.ZERO, z = j.ZERO;
658
631
  for (; L > c || _ > c; )
659
- L & t && (W = W.add(K)), _ & t && (D = D.add(K)), K = K.double(), L >>= t, _ >>= t;
660
- return { p1: W, p2: D };
632
+ L & t && (W = W.add(K)), _ & t && (z = z.add(K)), K = K.double(), L >>= t, _ >>= t;
633
+ return { p1: W, p2: z };
661
634
  }
662
- function Q(j, R, L, _) {
663
- U(L, j), H(_, R);
635
+ function Q(j, O, L, _) {
636
+ U(L, j), H(_, O);
664
637
  const K = L.length, W = _.length;
665
638
  if (K !== W)
666
639
  throw new Error("arrays of points and scalars must have equal length");
667
- const D = j.ZERO, d = (0, e.bitLen)(BigInt(K));
668
- let l = 1;
669
- d > 12 ? l = d - 3 : d > 4 ? l = d - 2 : d > 0 && (l = 2);
670
- const r = (0, e.bitMask)(l), a = new Array(Number(r) + 1).fill(D), i = Math.floor((R.BITS - 1) / l) * l;
671
- let o = D;
672
- for (let h = i; h >= 0; h -= l) {
673
- a.fill(D);
640
+ const z = j.ZERO, d = (0, e.bitLen)(BigInt(K));
641
+ let u = 1;
642
+ d > 12 ? u = d - 3 : d > 4 ? u = d - 2 : d > 0 && (u = 2);
643
+ const n = (0, e.bitMask)(u), a = new Array(Number(n) + 1).fill(z), i = Math.floor((O.BITS - 1) / u) * u;
644
+ let o = z;
645
+ for (let h = i; h >= 0; h -= u) {
646
+ a.fill(z);
674
647
  for (let s = 0; s < W; s++) {
675
- const f = _[s], y = Number(f >> BigInt(h) & r);
648
+ const f = _[s], y = Number(f >> BigInt(h) & n);
676
649
  a[y] = a[y].add(L[s]);
677
650
  }
678
- let w = D;
679
- for (let s = a.length - 1, f = D; s > 0; s--)
651
+ let w = z;
652
+ for (let s = a.length - 1, f = z; s > 0; s--)
680
653
  f = f.add(a[s]), w = w.add(f);
681
654
  if (o = o.add(w), h !== 0)
682
- for (let s = 0; s < l; s++)
655
+ for (let s = 0; s < u; s++)
683
656
  o = o.double();
684
657
  }
685
658
  return o;
686
659
  }
687
- function F(j, R, L, _) {
688
- g(_, R.BITS), U(L, j);
689
- const K = j.ZERO, W = 2 ** _ - 1, D = Math.ceil(R.BITS / _), d = (0, e.bitMask)(_), l = L.map((r) => {
660
+ function F(j, O, L, _) {
661
+ g(_, O.BITS), U(L, j);
662
+ const K = j.ZERO, W = 2 ** _ - 1, z = Math.ceil(O.BITS / _), d = (0, e.bitMask)(_), u = L.map((n) => {
690
663
  const a = [];
691
- for (let i = 0, o = r; i < W; i++)
692
- a.push(o), o = o.add(r);
664
+ for (let i = 0, o = n; i < W; i++)
665
+ a.push(o), o = o.add(n);
693
666
  return a;
694
667
  });
695
- return (r) => {
696
- if (H(r, R), r.length > L.length)
668
+ return (n) => {
669
+ if (H(n, O), n.length > L.length)
697
670
  throw new Error("array of scalars must be smaller than array of points");
698
671
  let a = K;
699
- for (let i = 0; i < D; i++) {
672
+ for (let i = 0; i < z; i++) {
700
673
  if (a !== K)
701
674
  for (let h = 0; h < _; h++)
702
675
  a = a.double();
703
- const o = BigInt(D * _ - (i + 1) * _);
704
- for (let h = 0; h < r.length; h++) {
705
- const w = r[h], s = Number(w >> o & d);
706
- s && (a = a.add(l[h][s - 1]));
676
+ const o = BigInt(z * _ - (i + 1) * _);
677
+ for (let h = 0; h < n.length; h++) {
678
+ const w = n[h], s = Number(w >> o & d);
679
+ s && (a = a.add(u[h][s - 1]));
707
680
  }
708
681
  }
709
682
  return a;
710
683
  };
711
684
  }
712
685
  function G(j) {
713
- return (0, n.validateField)(j.Fp), (0, e.validateObject)(j, {
686
+ return (0, r.validateField)(j.Fp), (0, e.validateObject)(j, {
714
687
  n: "bigint",
715
688
  h: "bigint",
716
689
  Gx: "field",
@@ -719,59 +692,59 @@ function gn() {
719
692
  nBitLength: "isSafeInteger",
720
693
  nByteLength: "isSafeInteger"
721
694
  }), Object.freeze({
722
- ...(0, n.nLength)(j.n, j.nBitLength),
695
+ ...(0, r.nLength)(j.n, j.nBitLength),
723
696
  ...j,
724
697
  p: j.Fp.ORDER
725
698
  });
726
699
  }
727
- function se(j, R, L) {
728
- if (R) {
729
- if (R.ORDER !== j)
700
+ function se(j, O, L) {
701
+ if (O) {
702
+ if (O.ORDER !== j)
730
703
  throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
731
- return (0, n.validateField)(R), R;
704
+ return (0, r.validateField)(O), O;
732
705
  } else
733
- return (0, n.Field)(j, { isLE: L });
706
+ return (0, r.Field)(j, { isLE: L });
734
707
  }
735
- function ie(j, R, L = {}, _) {
736
- if (_ === void 0 && (_ = j === "edwards"), !R || typeof R != "object")
708
+ function ie(j, O, L = {}, _) {
709
+ if (_ === void 0 && (_ = j === "edwards"), !O || typeof O != "object")
737
710
  throw new Error(`expected valid ${j} CURVE object`);
738
- for (const l of ["p", "n", "h"]) {
739
- const r = R[l];
740
- if (!(typeof r == "bigint" && r > c))
741
- throw new Error(`CURVE.${l} must be positive bigint`);
711
+ for (const u of ["p", "n", "h"]) {
712
+ const n = O[u];
713
+ if (!(typeof n == "bigint" && n > c))
714
+ throw new Error(`CURVE.${u} must be positive bigint`);
742
715
  }
743
- const K = se(R.p, L.Fp, _), W = se(R.n, L.Fn, _), d = ["Gx", "Gy", "a", j === "weierstrass" ? "b" : "d"];
744
- for (const l of d)
745
- if (!K.isValid(R[l]))
746
- throw new Error(`CURVE.${l} must be valid field element of CURVE.Fp`);
747
- return R = Object.freeze(Object.assign({}, R)), { CURVE: R, Fp: K, Fn: W };
716
+ const K = se(O.p, L.Fp, _), W = se(O.n, L.Fn, _), d = ["Gx", "Gy", "a", j === "weierstrass" ? "b" : "d"];
717
+ for (const u of d)
718
+ if (!K.isValid(O[u]))
719
+ throw new Error(`CURVE.${u} must be valid field element of CURVE.Fp`);
720
+ return O = Object.freeze(Object.assign({}, O)), { CURVE: O, Fp: K, Fn: W };
748
721
  }
749
- return Re;
722
+ return Oe;
750
723
  }
751
- var Tt;
724
+ var xt;
752
725
  function Ct() {
753
- return Tt || (Tt = 1, (function(e) {
754
- Object.defineProperty(e, "__esModule", { value: !0 }), e.DER = e.DERErr = void 0, e._splitEndoScalar = p, e._normFnElement = M, e.weierstrassN = Q, e.SWUFpSqrtRatio = G, e.mapToCurveSimpleSWU = se, e.ecdh = j, e.ecdsa = R, e.weierstrassPoints = L, e._legacyHelperEquat = W, e.weierstrass = l;
755
- const n = /* @__PURE__ */ ln(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ Ce(), u = /* @__PURE__ */ gn(), m = /* @__PURE__ */ $e(), g = (r, a) => (r + (r >= 0 ? a : -a) / b) / a;
756
- function p(r, a, i) {
757
- const [[o, h], [w, s]] = a, f = g(s * r, i), y = g(-h * r, i);
758
- let B = r - f * o - y * w, O = -f * h - y * s;
759
- const k = B < V, Y = O < V;
760
- k && (B = -B), Y && (O = -O);
726
+ return xt || (xt = 1, (function(e) {
727
+ Object.defineProperty(e, "__esModule", { value: !0 }), e.DER = e.DERErr = void 0, e._splitEndoScalar = p, e._normFnElement = M, e.weierstrassN = Q, e.SWUFpSqrtRatio = G, e.mapToCurveSimpleSWU = se, e.ecdh = j, e.ecdsa = O, e.weierstrassPoints = L, e._legacyHelperEquat = W, e.weierstrass = u;
728
+ const r = /* @__PURE__ */ ln(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ Ce(), l = /* @__PURE__ */ gn(), m = /* @__PURE__ */ $e(), g = (n, a) => (n + (n >= 0 ? a : -a) / b) / a;
729
+ function p(n, a, i) {
730
+ const [[o, h], [w, s]] = a, f = g(s * n, i), y = g(-h * n, i);
731
+ let B = n - f * o - y * w, T = -f * h - y * s;
732
+ const V = B < k, Y = T < k;
733
+ V && (B = -B), Y && (T = -T);
761
734
  const I = (0, t.bitMask)(Math.ceil((0, t.bitLen)(i) / 2)) + E;
762
- if (B < V || B >= I || O < V || O >= I)
763
- throw new Error("splitScalar (endomorphism): failed, k=" + r);
764
- return { k1neg: k, k1: B, k2neg: Y, k2: O };
735
+ if (B < k || B >= I || T < k || T >= I)
736
+ throw new Error("splitScalar (endomorphism): failed, k=" + n);
737
+ return { k1neg: V, k1: B, k2neg: Y, k2: T };
765
738
  }
766
- function v(r) {
767
- if (!["compact", "recovered", "der"].includes(r))
739
+ function v(n) {
740
+ if (!["compact", "recovered", "der"].includes(n))
768
741
  throw new Error('Signature format must be "compact", "recovered", or "der"');
769
- return r;
742
+ return n;
770
743
  }
771
- function U(r, a) {
744
+ function U(n, a) {
772
745
  const i = {};
773
746
  for (let o of Object.keys(a))
774
- i[o] = r[o] === void 0 ? a[o] : r[o];
747
+ i[o] = n[o] === void 0 ? a[o] : n[o];
775
748
  return (0, t._abool2)(i.lowS, "lowS"), (0, t._abool2)(i.prehash, "prehash"), i.format !== void 0 && v(i.format), i;
776
749
  }
777
750
  class H extends Error {
@@ -784,9 +757,9 @@ function Ct() {
784
757
  Err: H,
785
758
  // Basic building block is TLV (Tag-Length-Value)
786
759
  _tlv: {
787
- encode: (r, a) => {
760
+ encode: (n, a) => {
788
761
  const { Err: i } = e.DER;
789
- if (r < 0 || r > 256)
762
+ if (n < 0 || n > 256)
790
763
  throw new i("tlv.encode: wrong tag");
791
764
  if (a.length & 1)
792
765
  throw new i("tlv.encode: unpadded data");
@@ -794,15 +767,15 @@ function Ct() {
794
767
  if (h.length / 2 & 128)
795
768
  throw new i("tlv.encode: long form length too big");
796
769
  const w = o > 127 ? (0, t.numberToHexUnpadded)(h.length / 2 | 128) : "";
797
- return (0, t.numberToHexUnpadded)(r) + w + h + a;
770
+ return (0, t.numberToHexUnpadded)(n) + w + h + a;
798
771
  },
799
772
  // v - value, l - left bytes (unparsed)
800
- decode(r, a) {
773
+ decode(n, a) {
801
774
  const { Err: i } = e.DER;
802
775
  let o = 0;
803
- if (r < 0 || r > 256)
776
+ if (n < 0 || n > 256)
804
777
  throw new i("tlv.encode: wrong tag");
805
- if (a.length < 2 || a[o++] !== r)
778
+ if (a.length < 2 || a[o++] !== n)
806
779
  throw new i("tlv.decode: wrong tlv");
807
780
  const h = a[o++], w = !!(h & 128);
808
781
  let s = 0;
@@ -819,8 +792,8 @@ function Ct() {
819
792
  throw new i("tlv.decode: length bytes not complete");
820
793
  if (B[0] === 0)
821
794
  throw new i("tlv.decode(long): zero leftmost byte");
822
- for (const O of B)
823
- s = s << 8 | O;
795
+ for (const T of B)
796
+ s = s << 8 | T;
824
797
  if (o += y, s < 128)
825
798
  throw new i("tlv.decode(long): not minimal encoding");
826
799
  }
@@ -835,58 +808,58 @@ function Ct() {
835
808
  // - add zero byte if exists
836
809
  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
837
810
  _int: {
838
- encode(r) {
811
+ encode(n) {
839
812
  const { Err: a } = e.DER;
840
- if (r < V)
813
+ if (n < k)
841
814
  throw new a("integer: negative integers are not allowed");
842
- let i = (0, t.numberToHexUnpadded)(r);
815
+ let i = (0, t.numberToHexUnpadded)(n);
843
816
  if (Number.parseInt(i[0], 16) & 8 && (i = "00" + i), i.length & 1)
844
817
  throw new a("unexpected DER parsing assertion: unpadded hex");
845
818
  return i;
846
819
  },
847
- decode(r) {
820
+ decode(n) {
848
821
  const { Err: a } = e.DER;
849
- if (r[0] & 128)
822
+ if (n[0] & 128)
850
823
  throw new a("invalid signature integer: negative");
851
- if (r[0] === 0 && !(r[1] & 128))
824
+ if (n[0] === 0 && !(n[1] & 128))
852
825
  throw new a("invalid signature integer: unnecessary leading zero");
853
- return (0, t.bytesToNumberBE)(r);
826
+ return (0, t.bytesToNumberBE)(n);
854
827
  }
855
828
  },
856
- toSig(r) {
857
- const { Err: a, _int: i, _tlv: o } = e.DER, h = (0, t.ensureBytes)("signature", r), { v: w, l: s } = o.decode(48, h);
829
+ toSig(n) {
830
+ const { Err: a, _int: i, _tlv: o } = e.DER, h = (0, t.ensureBytes)("signature", n), { v: w, l: s } = o.decode(48, h);
858
831
  if (s.length)
859
832
  throw new a("invalid signature: left bytes after parsing");
860
- const { v: f, l: y } = o.decode(2, w), { v: B, l: O } = o.decode(2, y);
861
- if (O.length)
833
+ const { v: f, l: y } = o.decode(2, w), { v: B, l: T } = o.decode(2, y);
834
+ if (T.length)
862
835
  throw new a("invalid signature: left bytes after parsing");
863
836
  return { r: i.decode(f), s: i.decode(B) };
864
837
  },
865
- hexFromSig(r) {
866
- const { _tlv: a, _int: i } = e.DER, o = a.encode(2, i.encode(r.r)), h = a.encode(2, i.encode(r.s)), w = o + h;
838
+ hexFromSig(n) {
839
+ const { _tlv: a, _int: i } = e.DER, o = a.encode(2, i.encode(n.r)), h = a.encode(2, i.encode(n.s)), w = o + h;
867
840
  return a.encode(48, w);
868
841
  }
869
842
  };
870
- const V = BigInt(0), E = BigInt(1), b = BigInt(2), S = BigInt(3), A = BigInt(4);
871
- function M(r, a) {
872
- const { BYTES: i } = r;
843
+ const k = BigInt(0), E = BigInt(1), b = BigInt(2), S = BigInt(3), A = BigInt(4);
844
+ function M(n, a) {
845
+ const { BYTES: i } = n;
873
846
  let o;
874
847
  if (typeof a == "bigint")
875
848
  o = a;
876
849
  else {
877
850
  let h = (0, t.ensureBytes)("private key", a);
878
851
  try {
879
- o = r.fromBytes(h);
852
+ o = n.fromBytes(h);
880
853
  } catch {
881
854
  throw new Error(`invalid private key: expected ui8a of size ${i}, got ${typeof a}`);
882
855
  }
883
856
  }
884
- if (!r.isValidNot0(o))
857
+ if (!n.isValidNot0(o))
885
858
  throw new Error("invalid private key: out of range [1..N-1]");
886
859
  return o;
887
860
  }
888
- function Q(r, a = {}) {
889
- const i = (0, u._createCurveFields)("weierstrass", r, a), { Fp: o, Fn: h } = i;
861
+ function Q(n, a = {}) {
862
+ const i = (0, l._createCurveFields)("weierstrass", n, a), { Fp: o, Fn: h } = i;
890
863
  let w = i.CURVE;
891
864
  const { h: s, n: f } = w;
892
865
  (0, t._validateObject)(a, {}, {
@@ -902,23 +875,23 @@ function Ct() {
902
875
  if (y && (!o.is0(w.a) || typeof y.beta != "bigint" || !Array.isArray(y.basises)))
903
876
  throw new Error('invalid endo: expected "beta": bigint and "basises": array');
904
877
  const B = ie(o, h);
905
- function O() {
878
+ function T() {
906
879
  if (!o.isOdd)
907
880
  throw new Error("compression is not supported: Field does not have .isOdd()");
908
881
  }
909
- function k(le, Z, N) {
910
- const { x, y: z } = Z.toAffine(), J = o.toBytes(x);
882
+ function V(le, Z, N) {
883
+ const { x: R, y: D } = Z.toAffine(), J = o.toBytes(R);
911
884
  if ((0, t._abool2)(N, "isCompressed"), N) {
912
- O();
913
- const re = !o.isOdd(z);
885
+ T();
886
+ const re = !o.isOdd(D);
914
887
  return (0, t.concatBytes)(F(re), J);
915
888
  } else
916
- return (0, t.concatBytes)(Uint8Array.of(4), J, o.toBytes(z));
889
+ return (0, t.concatBytes)(Uint8Array.of(4), J, o.toBytes(D));
917
890
  }
918
891
  function Y(le) {
919
892
  (0, t._abytes2)(le, void 0, "Point");
920
- const { publicKey: Z, publicKeyUncompressed: N } = B, x = le.length, z = le[0], J = le.subarray(1);
921
- if (x === Z && (z === 2 || z === 3)) {
893
+ const { publicKey: Z, publicKeyUncompressed: N } = B, R = le.length, D = le[0], J = le.subarray(1);
894
+ if (R === Z && (D === 2 || D === 3)) {
922
895
  const re = o.fromBytes(J);
923
896
  if (!o.isValid(re))
924
897
  throw new Error("bad point: is not on curve, wrong x");
@@ -930,30 +903,30 @@ function Ct() {
930
903
  const de = we instanceof Error ? ": " + we.message : "";
931
904
  throw new Error("bad point: is not on curve, sqrt error" + de);
932
905
  }
933
- O();
906
+ T();
934
907
  const oe = o.isOdd(ee);
935
- return (z & 1) === 1 !== oe && (ee = o.neg(ee)), { x: re, y: ee };
936
- } else if (x === N && z === 4) {
908
+ return (D & 1) === 1 !== oe && (ee = o.neg(ee)), { x: re, y: ee };
909
+ } else if (R === N && D === 4) {
937
910
  const re = o.BYTES, ne = o.fromBytes(J.subarray(0, re)), ee = o.fromBytes(J.subarray(re, re * 2));
938
911
  if (!te(ne, ee))
939
912
  throw new Error("bad point: is not on curve");
940
913
  return { x: ne, y: ee };
941
914
  } else
942
- throw new Error(`bad point: got length ${x}, expected compressed=${Z} or uncompressed=${N}`);
915
+ throw new Error(`bad point: got length ${R}, expected compressed=${Z} or uncompressed=${N}`);
943
916
  }
944
- const I = a.toBytes || k, q = a.fromBytes || Y;
917
+ const I = a.toBytes || V, q = a.fromBytes || Y;
945
918
  function C(le) {
946
919
  const Z = o.sqr(le), N = o.mul(Z, le);
947
920
  return o.add(o.add(N, o.mul(le, w.a)), w.b);
948
921
  }
949
922
  function te(le, Z) {
950
- const N = o.sqr(Z), x = C(le);
951
- return o.eql(N, x);
923
+ const N = o.sqr(Z), R = C(le);
924
+ return o.eql(N, R);
952
925
  }
953
926
  if (!te(w.Gx, w.Gy))
954
927
  throw new Error("bad curve params: generator point");
955
- const $ = o.mul(o.pow(w.a, S), A), T = o.mul(o.sqr(w.b), BigInt(27));
956
- if (o.is0(o.add($, T)))
928
+ const $ = o.mul(o.pow(w.a, S), A), x = o.mul(o.sqr(w.b), BigInt(27));
929
+ if (o.is0(o.add($, x)))
957
930
  throw new Error("bad curve params: a or b");
958
931
  function X(le, Z, N = !1) {
959
932
  if (!o.isValid(Z) || N && o.is0(Z))
@@ -970,12 +943,12 @@ function Ct() {
970
943
  return p(le, y.basises, h.ORDER);
971
944
  }
972
945
  const pe = (0, t.memoized)((le, Z) => {
973
- const { X: N, Y: x, Z: z } = le;
974
- if (o.eql(z, o.ONE))
975
- return { x: N, y: x };
946
+ const { X: N, Y: R, Z: D } = le;
947
+ if (o.eql(D, o.ONE))
948
+ return { x: N, y: R };
976
949
  const J = le.is0();
977
- Z == null && (Z = J ? o.ONE : o.inv(z));
978
- const re = o.mul(N, Z), ne = o.mul(x, Z), ee = o.mul(z, Z);
950
+ Z == null && (Z = J ? o.ONE : o.inv(D));
951
+ const re = o.mul(N, Z), ne = o.mul(R, Z), ee = o.mul(D, Z);
979
952
  if (J)
980
953
  return { x: o.ZERO, y: o.ZERO };
981
954
  if (!o.eql(ee, o.ONE))
@@ -996,25 +969,25 @@ function Ct() {
996
969
  throw new Error("bad point: not in prime-order subgroup");
997
970
  return !0;
998
971
  });
999
- function Te(le, Z, N, x, z) {
1000
- return N = new fe(o.mul(N.X, le), N.Y, N.Z), Z = (0, u.negateCt)(x, Z), N = (0, u.negateCt)(z, N), Z.add(N);
972
+ function xe(le, Z, N, R, D) {
973
+ return N = new fe(o.mul(N.X, le), N.Y, N.Z), Z = (0, l.negateCt)(R, Z), N = (0, l.negateCt)(D, N), Z.add(N);
1001
974
  }
1002
975
  class fe {
1003
976
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
1004
- constructor(Z, N, x) {
1005
- this.X = X("x", Z), this.Y = X("y", N, !0), this.Z = X("z", x), Object.freeze(this);
977
+ constructor(Z, N, R) {
978
+ this.X = X("x", Z), this.Y = X("y", N, !0), this.Z = X("z", R), Object.freeze(this);
1006
979
  }
1007
980
  static CURVE() {
1008
981
  return w;
1009
982
  }
1010
983
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
1011
984
  static fromAffine(Z) {
1012
- const { x: N, y: x } = Z || {};
1013
- if (!Z || !o.isValid(N) || !o.isValid(x))
985
+ const { x: N, y: R } = Z || {};
986
+ if (!Z || !o.isValid(N) || !o.isValid(R))
1014
987
  throw new Error("invalid affine point");
1015
988
  if (Z instanceof fe)
1016
989
  throw new Error("projective point not allowed");
1017
- return o.is0(N) && o.is0(x) ? fe.ZERO : new fe(N, x, o.ONE);
990
+ return o.is0(N) && o.is0(R) ? fe.ZERO : new fe(N, R, o.ONE);
1018
991
  }
1019
992
  static fromBytes(Z) {
1020
993
  const N = fe.fromAffine(q((0, t._abytes2)(Z, void 0, "point")));
@@ -1052,7 +1025,7 @@ function Ct() {
1052
1025
  /** Compare one point to another. */
1053
1026
  equals(Z) {
1054
1027
  ae(Z);
1055
- const { X: N, Y: x, Z: z } = this, { X: J, Y: re, Z: ne } = Z, ee = o.eql(o.mul(N, ne), o.mul(J, z)), oe = o.eql(o.mul(x, ne), o.mul(re, z));
1028
+ const { X: N, Y: R, Z: D } = this, { X: J, Y: re, Z: ne } = Z, ee = o.eql(o.mul(N, ne), o.mul(J, D)), oe = o.eql(o.mul(R, ne), o.mul(re, D));
1056
1029
  return ee && oe;
1057
1030
  }
1058
1031
  /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
@@ -1064,9 +1037,9 @@ function Ct() {
1064
1037
  // https://eprint.iacr.org/2015/1060, algorithm 3
1065
1038
  // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
1066
1039
  double() {
1067
- const { a: Z, b: N } = w, x = o.mul(N, S), { X: z, Y: J, Z: re } = this;
1068
- let ne = o.ZERO, ee = o.ZERO, oe = o.ZERO, ce = o.mul(z, z), we = o.mul(J, J), de = o.mul(re, re), ue = o.mul(z, J);
1069
- return ue = o.add(ue, ue), oe = o.mul(z, re), oe = o.add(oe, oe), ne = o.mul(Z, oe), ee = o.mul(x, de), ee = o.add(ne, ee), ne = o.sub(we, ee), ee = o.add(we, ee), ee = o.mul(ne, ee), ne = o.mul(ue, ne), oe = o.mul(x, oe), de = o.mul(Z, de), ue = o.sub(ce, de), ue = o.mul(Z, ue), ue = o.add(ue, oe), oe = o.add(ce, ce), ce = o.add(oe, ce), ce = o.add(ce, de), ce = o.mul(ce, ue), ee = o.add(ee, ce), de = o.mul(J, re), de = o.add(de, de), ce = o.mul(de, ue), ne = o.sub(ne, ce), oe = o.mul(de, we), oe = o.add(oe, oe), oe = o.add(oe, oe), new fe(ne, ee, oe);
1040
+ const { a: Z, b: N } = w, R = o.mul(N, S), { X: D, Y: J, Z: re } = this;
1041
+ let ne = o.ZERO, ee = o.ZERO, oe = o.ZERO, ce = o.mul(D, D), we = o.mul(J, J), de = o.mul(re, re), ue = o.mul(D, J);
1042
+ return ue = o.add(ue, ue), oe = o.mul(D, re), oe = o.add(oe, oe), ne = o.mul(Z, oe), ee = o.mul(R, de), ee = o.add(ne, ee), ne = o.sub(we, ee), ee = o.add(we, ee), ee = o.mul(ne, ee), ne = o.mul(ue, ne), oe = o.mul(R, oe), de = o.mul(Z, de), ue = o.sub(ce, de), ue = o.mul(Z, ue), ue = o.add(ue, oe), oe = o.add(ce, ce), ce = o.add(oe, ce), ce = o.add(ce, de), ce = o.mul(ce, ue), ee = o.add(ee, ce), de = o.mul(J, re), de = o.add(de, de), ce = o.mul(de, ue), ne = o.sub(ne, ce), oe = o.mul(de, we), oe = o.add(oe, oe), oe = o.add(oe, oe), new fe(ne, ee, oe);
1070
1043
  }
1071
1044
  // Renes-Costello-Batina exception-free addition formula.
1072
1045
  // There is 30% faster Jacobian formula, but it is not complete.
@@ -1074,13 +1047,13 @@ function Ct() {
1074
1047
  // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
1075
1048
  add(Z) {
1076
1049
  ae(Z);
1077
- const { X: N, Y: x, Z: z } = this, { X: J, Y: re, Z: ne } = Z;
1050
+ const { X: N, Y: R, Z: D } = this, { X: J, Y: re, Z: ne } = Z;
1078
1051
  let ee = o.ZERO, oe = o.ZERO, ce = o.ZERO;
1079
1052
  const we = w.a, de = o.mul(w.b, S);
1080
- let ue = o.mul(N, J), me = o.mul(x, re), ge = o.mul(z, ne), _e = o.add(N, x), be = o.add(J, re);
1081
- _e = o.mul(_e, be), be = o.add(ue, me), _e = o.sub(_e, be), be = o.add(N, z);
1053
+ let ue = o.mul(N, J), me = o.mul(R, re), ge = o.mul(D, ne), _e = o.add(N, R), be = o.add(J, re);
1054
+ _e = o.mul(_e, be), be = o.add(ue, me), _e = o.sub(_e, be), be = o.add(N, D);
1082
1055
  let Ee = o.add(J, ne);
1083
- return be = o.mul(be, Ee), Ee = o.add(ue, ge), be = o.sub(be, Ee), Ee = o.add(x, z), ee = o.add(re, ne), Ee = o.mul(Ee, ee), ee = o.add(me, ge), Ee = o.sub(Ee, ee), ce = o.mul(we, be), ee = o.mul(de, ge), ce = o.add(ee, ce), ee = o.sub(me, ce), ce = o.add(me, ce), oe = o.mul(ee, ce), me = o.add(ue, ue), me = o.add(me, ue), ge = o.mul(we, ge), be = o.mul(de, be), me = o.add(me, ge), ge = o.sub(ue, ge), ge = o.mul(we, ge), be = o.add(be, ge), ue = o.mul(me, be), oe = o.add(oe, ue), ue = o.mul(Ee, be), ee = o.mul(_e, ee), ee = o.sub(ee, ue), ue = o.mul(_e, me), ce = o.mul(Ee, ce), ce = o.add(ce, ue), new fe(ee, oe, ce);
1056
+ return be = o.mul(be, Ee), Ee = o.add(ue, ge), be = o.sub(be, Ee), Ee = o.add(R, D), ee = o.add(re, ne), Ee = o.mul(Ee, ee), ee = o.add(me, ge), Ee = o.sub(Ee, ee), ce = o.mul(we, be), ee = o.mul(de, ge), ce = o.add(ee, ce), ee = o.sub(me, ce), ce = o.add(me, ce), oe = o.mul(ee, ce), me = o.add(ue, ue), me = o.add(me, ue), ge = o.mul(we, ge), be = o.mul(de, be), me = o.add(me, ge), ge = o.sub(ue, ge), ge = o.mul(we, ge), be = o.add(be, ge), ue = o.mul(me, be), oe = o.add(oe, ue), ue = o.mul(Ee, be), ee = o.mul(_e, ee), ee = o.sub(ee, ue), ue = o.mul(_e, me), ce = o.mul(Ee, ce), ce = o.add(ce, ue), new fe(ee, oe, ce);
1084
1057
  }
1085
1058
  subtract(Z) {
1086
1059
  return this.add(Z.negate());
@@ -1101,16 +1074,16 @@ function Ct() {
1101
1074
  const { endo: N } = a;
1102
1075
  if (!h.isValidNot0(Z))
1103
1076
  throw new Error("invalid scalar: out of range");
1104
- let x, z;
1105
- const J = (re) => Ue.cached(this, re, (ne) => (0, u.normalizeZ)(fe, ne));
1077
+ let R, D;
1078
+ const J = (re) => Ue.cached(this, re, (ne) => (0, l.normalizeZ)(fe, ne));
1106
1079
  if (N) {
1107
1080
  const { k1neg: re, k1: ne, k2neg: ee, k2: oe } = ye(Z), { p: ce, f: we } = J(ne), { p: de, f: ue } = J(oe);
1108
- z = we.add(ue), x = Te(N.beta, ce, de, re, ee);
1081
+ D = we.add(ue), R = xe(N.beta, ce, de, re, ee);
1109
1082
  } else {
1110
1083
  const { p: re, f: ne } = J(Z);
1111
- x = re, z = ne;
1084
+ R = re, D = ne;
1112
1085
  }
1113
- return (0, u.normalizeZ)(fe, [x, z])[0];
1086
+ return (0, l.normalizeZ)(fe, [R, D])[0];
1114
1087
  }
1115
1088
  /**
1116
1089
  * Non-constant-time multiplication. Uses double-and-add algorithm.
@@ -1118,24 +1091,24 @@ function Ct() {
1118
1091
  * an exposed secret key e.g. sig verification, which works over *public* keys.
1119
1092
  */
1120
1093
  multiplyUnsafe(Z) {
1121
- const { endo: N } = a, x = this;
1094
+ const { endo: N } = a, R = this;
1122
1095
  if (!h.isValid(Z))
1123
1096
  throw new Error("invalid scalar: out of range");
1124
- if (Z === V || x.is0())
1097
+ if (Z === k || R.is0())
1125
1098
  return fe.ZERO;
1126
1099
  if (Z === E)
1127
- return x;
1100
+ return R;
1128
1101
  if (Ue.hasCache(this))
1129
1102
  return this.multiply(Z);
1130
1103
  if (N) {
1131
- const { k1neg: z, k1: J, k2neg: re, k2: ne } = ye(Z), { p1: ee, p2: oe } = (0, u.mulEndoUnsafe)(fe, x, J, ne);
1132
- return Te(N.beta, ee, oe, z, re);
1104
+ const { k1neg: D, k1: J, k2neg: re, k2: ne } = ye(Z), { p1: ee, p2: oe } = (0, l.mulEndoUnsafe)(fe, R, J, ne);
1105
+ return xe(N.beta, ee, oe, D, re);
1133
1106
  } else
1134
- return Ue.unsafe(x, Z);
1107
+ return Ue.unsafe(R, Z);
1135
1108
  }
1136
- multiplyAndAddUnsafe(Z, N, x) {
1137
- const z = this.multiplyUnsafe(N).add(Z.multiplyUnsafe(x));
1138
- return z.is0() ? void 0 : z;
1109
+ multiplyAndAddUnsafe(Z, N, R) {
1110
+ const D = this.multiplyUnsafe(N).add(Z.multiplyUnsafe(R));
1111
+ return D.is0() ? void 0 : D;
1139
1112
  }
1140
1113
  /**
1141
1114
  * Converts Projective point to affine (x, y) coordinates.
@@ -1185,91 +1158,91 @@ function Ct() {
1185
1158
  this.precompute(Z);
1186
1159
  }
1187
1160
  static normalizeZ(Z) {
1188
- return (0, u.normalizeZ)(fe, Z);
1161
+ return (0, l.normalizeZ)(fe, Z);
1189
1162
  }
1190
1163
  static msm(Z, N) {
1191
- return (0, u.pippenger)(fe, h, Z, N);
1164
+ return (0, l.pippenger)(fe, h, Z, N);
1192
1165
  }
1193
1166
  static fromPrivateKey(Z) {
1194
1167
  return fe.BASE.multiply(M(h, Z));
1195
1168
  }
1196
1169
  }
1197
1170
  fe.BASE = new fe(w.Gx, w.Gy, o.ONE), fe.ZERO = new fe(o.ZERO, o.ONE, o.ZERO), fe.Fp = o, fe.Fn = h;
1198
- const Ye = h.BITS, Ue = new u.wNAF(fe, a.endo ? Math.ceil(Ye / 2) : Ye);
1171
+ const Ye = h.BITS, Ue = new l.wNAF(fe, a.endo ? Math.ceil(Ye / 2) : Ye);
1199
1172
  return fe.BASE.precompute(8), fe;
1200
1173
  }
1201
- function F(r) {
1202
- return Uint8Array.of(r ? 2 : 3);
1174
+ function F(n) {
1175
+ return Uint8Array.of(n ? 2 : 3);
1203
1176
  }
1204
- function G(r, a) {
1205
- const i = r.ORDER;
1206
- let o = V;
1207
- for (let q = i - E; q % b === V; q /= b)
1177
+ function G(n, a) {
1178
+ const i = n.ORDER;
1179
+ let o = k;
1180
+ for (let q = i - E; q % b === k; q /= b)
1208
1181
  o += E;
1209
- const h = o, w = b << h - E - E, s = w * b, f = (i - E) / s, y = (f - E) / b, B = s - E, O = w, k = r.pow(a, f), Y = r.pow(a, (f + E) / b);
1182
+ const h = o, w = b << h - E - E, s = w * b, f = (i - E) / s, y = (f - E) / b, B = s - E, T = w, V = n.pow(a, f), Y = n.pow(a, (f + E) / b);
1210
1183
  let I = (q, C) => {
1211
- let te = k, $ = r.pow(C, B), T = r.sqr($);
1212
- T = r.mul(T, C);
1213
- let X = r.mul(q, T);
1214
- X = r.pow(X, y), X = r.mul(X, $), $ = r.mul(X, C), T = r.mul(X, q);
1215
- let ae = r.mul(T, $);
1216
- X = r.pow(ae, O);
1217
- let ye = r.eql(X, r.ONE);
1218
- $ = r.mul(T, Y), X = r.mul(ae, te), T = r.cmov($, T, ye), ae = r.cmov(X, ae, ye);
1184
+ let te = V, $ = n.pow(C, B), x = n.sqr($);
1185
+ x = n.mul(x, C);
1186
+ let X = n.mul(q, x);
1187
+ X = n.pow(X, y), X = n.mul(X, $), $ = n.mul(X, C), x = n.mul(X, q);
1188
+ let ae = n.mul(x, $);
1189
+ X = n.pow(ae, T);
1190
+ let ye = n.eql(X, n.ONE);
1191
+ $ = n.mul(x, Y), X = n.mul(ae, te), x = n.cmov($, x, ye), ae = n.cmov(X, ae, ye);
1219
1192
  for (let pe = h; pe > E; pe--) {
1220
1193
  let ve = pe - b;
1221
1194
  ve = b << ve - E;
1222
- let Te = r.pow(ae, ve);
1223
- const fe = r.eql(Te, r.ONE);
1224
- $ = r.mul(T, te), te = r.mul(te, te), Te = r.mul(ae, te), T = r.cmov($, T, fe), ae = r.cmov(Te, ae, fe);
1195
+ let xe = n.pow(ae, ve);
1196
+ const fe = n.eql(xe, n.ONE);
1197
+ $ = n.mul(x, te), te = n.mul(te, te), xe = n.mul(ae, te), x = n.cmov($, x, fe), ae = n.cmov(xe, ae, fe);
1225
1198
  }
1226
- return { isValid: ye, value: T };
1199
+ return { isValid: ye, value: x };
1227
1200
  };
1228
- if (r.ORDER % A === S) {
1229
- const q = (r.ORDER - S) / A, C = r.sqrt(r.neg(a));
1201
+ if (n.ORDER % A === S) {
1202
+ const q = (n.ORDER - S) / A, C = n.sqrt(n.neg(a));
1230
1203
  I = (te, $) => {
1231
- let T = r.sqr($);
1232
- const X = r.mul(te, $);
1233
- T = r.mul(T, X);
1234
- let ae = r.pow(T, q);
1235
- ae = r.mul(ae, X);
1236
- const ye = r.mul(ae, C), pe = r.mul(r.sqr(ae), $), ve = r.eql(pe, te);
1237
- let Te = r.cmov(ye, ae, ve);
1238
- return { isValid: ve, value: Te };
1204
+ let x = n.sqr($);
1205
+ const X = n.mul(te, $);
1206
+ x = n.mul(x, X);
1207
+ let ae = n.pow(x, q);
1208
+ ae = n.mul(ae, X);
1209
+ const ye = n.mul(ae, C), pe = n.mul(n.sqr(ae), $), ve = n.eql(pe, te);
1210
+ let xe = n.cmov(ye, ae, ve);
1211
+ return { isValid: ve, value: xe };
1239
1212
  };
1240
1213
  }
1241
1214
  return I;
1242
1215
  }
1243
- function se(r, a) {
1244
- (0, m.validateField)(r);
1216
+ function se(n, a) {
1217
+ (0, m.validateField)(n);
1245
1218
  const { A: i, B: o, Z: h } = a;
1246
- if (!r.isValid(i) || !r.isValid(o) || !r.isValid(h))
1219
+ if (!n.isValid(i) || !n.isValid(o) || !n.isValid(h))
1247
1220
  throw new Error("mapToCurveSimpleSWU: invalid opts");
1248
- const w = G(r, h);
1249
- if (!r.isOdd)
1221
+ const w = G(n, h);
1222
+ if (!n.isOdd)
1250
1223
  throw new Error("Field does not have .isOdd()");
1251
1224
  return (s) => {
1252
- let f, y, B, O, k, Y, I, q;
1253
- f = r.sqr(s), f = r.mul(f, h), y = r.sqr(f), y = r.add(y, f), B = r.add(y, r.ONE), B = r.mul(B, o), O = r.cmov(h, r.neg(y), !r.eql(y, r.ZERO)), O = r.mul(O, i), y = r.sqr(B), Y = r.sqr(O), k = r.mul(Y, i), y = r.add(y, k), y = r.mul(y, B), Y = r.mul(Y, O), k = r.mul(Y, o), y = r.add(y, k), I = r.mul(f, B);
1225
+ let f, y, B, T, V, Y, I, q;
1226
+ f = n.sqr(s), f = n.mul(f, h), y = n.sqr(f), y = n.add(y, f), B = n.add(y, n.ONE), B = n.mul(B, o), T = n.cmov(h, n.neg(y), !n.eql(y, n.ZERO)), T = n.mul(T, i), y = n.sqr(B), Y = n.sqr(T), V = n.mul(Y, i), y = n.add(y, V), y = n.mul(y, B), Y = n.mul(Y, T), V = n.mul(Y, o), y = n.add(y, V), I = n.mul(f, B);
1254
1227
  const { isValid: C, value: te } = w(y, Y);
1255
- q = r.mul(f, s), q = r.mul(q, te), I = r.cmov(I, B, C), q = r.cmov(q, te, C);
1256
- const $ = r.isOdd(s) === r.isOdd(q);
1257
- q = r.cmov(r.neg(q), q, $);
1258
- const T = (0, m.FpInvertBatch)(r, [O], !0)[0];
1259
- return I = r.mul(I, T), { x: I, y: q };
1228
+ q = n.mul(f, s), q = n.mul(q, te), I = n.cmov(I, B, C), q = n.cmov(q, te, C);
1229
+ const $ = n.isOdd(s) === n.isOdd(q);
1230
+ q = n.cmov(n.neg(q), q, $);
1231
+ const x = (0, m.FpInvertBatch)(n, [T], !0)[0];
1232
+ return I = n.mul(I, x), { x: I, y: q };
1260
1233
  };
1261
1234
  }
1262
- function ie(r, a) {
1235
+ function ie(n, a) {
1263
1236
  return {
1264
1237
  secretKey: a.BYTES,
1265
- publicKey: 1 + r.BYTES,
1266
- publicKeyUncompressed: 1 + 2 * r.BYTES,
1238
+ publicKey: 1 + n.BYTES,
1239
+ publicKeyUncompressed: 1 + 2 * n.BYTES,
1267
1240
  publicKeyHasPrefix: !0,
1268
1241
  signature: 2 * a.BYTES
1269
1242
  };
1270
1243
  }
1271
- function j(r, a = {}) {
1272
- const { Fn: i } = r, o = a.randomBytes || t.randomBytes, h = Object.assign(ie(r.Fp, i), { seed: (0, m.getMinHashLength)(i.ORDER) });
1244
+ function j(n, a = {}) {
1245
+ const { Fn: i } = n, o = a.randomBytes || t.randomBytes, h = Object.assign(ie(n.Fp, i), { seed: (0, m.getMinHashLength)(i.ORDER) });
1273
1246
  function w(I) {
1274
1247
  try {
1275
1248
  return !!M(i, I);
@@ -1281,7 +1254,7 @@ function Ct() {
1281
1254
  const { publicKey: C, publicKeyUncompressed: te } = h;
1282
1255
  try {
1283
1256
  const $ = I.length;
1284
- return q === !0 && $ !== C || q === !1 && $ !== te ? !1 : !!r.fromBytes(I);
1257
+ return q === !0 && $ !== C || q === !1 && $ !== te ? !1 : !!n.fromBytes(I);
1285
1258
  } catch {
1286
1259
  return !1;
1287
1260
  }
@@ -1290,16 +1263,16 @@ function Ct() {
1290
1263
  return (0, m.mapHashToField)((0, t._abytes2)(I, h.seed, "seed"), i.ORDER);
1291
1264
  }
1292
1265
  function y(I, q = !0) {
1293
- return r.BASE.multiply(M(i, I)).toBytes(q);
1266
+ return n.BASE.multiply(M(i, I)).toBytes(q);
1294
1267
  }
1295
1268
  function B(I) {
1296
1269
  const q = f(I);
1297
1270
  return { secretKey: q, publicKey: y(q) };
1298
1271
  }
1299
- function O(I) {
1272
+ function T(I) {
1300
1273
  if (typeof I == "bigint")
1301
1274
  return !1;
1302
- if (I instanceof r)
1275
+ if (I instanceof n)
1303
1276
  return !0;
1304
1277
  const { secretKey: q, publicKey: C, publicKeyUncompressed: te } = h;
1305
1278
  if (i.allowedLengths || q === C)
@@ -1307,15 +1280,15 @@ function Ct() {
1307
1280
  const $ = (0, t.ensureBytes)("key", I).length;
1308
1281
  return $ === C || $ === te;
1309
1282
  }
1310
- function k(I, q, C = !0) {
1311
- if (O(I) === !0)
1283
+ function V(I, q, C = !0) {
1284
+ if (T(I) === !0)
1312
1285
  throw new Error("first arg must be private key");
1313
- if (O(q) === !1)
1286
+ if (T(q) === !1)
1314
1287
  throw new Error("second arg must be public key");
1315
1288
  const te = M(i, I);
1316
- return r.fromHex(q).multiply(te).toBytes(C);
1289
+ return n.fromHex(q).multiply(te).toBytes(C);
1317
1290
  }
1318
- return Object.freeze({ getPublicKey: y, getSharedSecret: k, keygen: B, Point: r, utils: {
1291
+ return Object.freeze({ getPublicKey: y, getSharedSecret: V, keygen: B, Point: n, utils: {
1319
1292
  isValidSecretKey: w,
1320
1293
  isValidPublicKey: s,
1321
1294
  randomSecretKey: f,
@@ -1323,12 +1296,12 @@ function Ct() {
1323
1296
  isValidPrivateKey: w,
1324
1297
  randomPrivateKey: f,
1325
1298
  normPrivateKeyToScalar: (I) => M(i, I),
1326
- precompute(I = 8, q = r.BASE) {
1299
+ precompute(I = 8, q = n.BASE) {
1327
1300
  return q.precompute(I, !1);
1328
1301
  }
1329
1302
  }, lengths: h });
1330
1303
  }
1331
- function R(r, a, i = {}) {
1304
+ function O(n, a, i = {}) {
1332
1305
  (0, c.ahash)(a), (0, t._validateObject)(i, {}, {
1333
1306
  hmac: "function",
1334
1307
  lowS: "boolean",
@@ -1336,7 +1309,7 @@ function Ct() {
1336
1309
  bits2int: "function",
1337
1310
  bits2int_modN: "function"
1338
1311
  });
1339
- const o = i.randomBytes || t.randomBytes, h = i.hmac || ((N, ...x) => (0, n.hmac)(a, N, (0, t.concatBytes)(...x))), { Fp: w, Fn: s } = r, { ORDER: f, BITS: y } = s, { keygen: B, getPublicKey: O, getSharedSecret: k, utils: Y, lengths: I } = j(r, i), q = {
1312
+ const o = i.randomBytes || t.randomBytes, h = i.hmac || ((N, ...R) => (0, r.hmac)(a, N, (0, t.concatBytes)(...R))), { Fp: w, Fn: s } = n, { ORDER: f, BITS: y } = s, { keygen: B, getPublicKey: T, getSharedSecret: V, utils: Y, lengths: I } = j(n, i), q = {
1340
1313
  prehash: !1,
1341
1314
  lowS: typeof i.lowS == "boolean" ? i.lowS : !1,
1342
1315
  format: void 0,
@@ -1344,50 +1317,50 @@ function Ct() {
1344
1317
  extraEntropy: !1
1345
1318
  }, C = "compact";
1346
1319
  function te(N) {
1347
- const x = f >> E;
1348
- return N > x;
1320
+ const R = f >> E;
1321
+ return N > R;
1349
1322
  }
1350
- function $(N, x) {
1351
- if (!s.isValidNot0(x))
1323
+ function $(N, R) {
1324
+ if (!s.isValidNot0(R))
1352
1325
  throw new Error(`invalid signature ${N}: out of range 1..Point.Fn.ORDER`);
1353
- return x;
1326
+ return R;
1354
1327
  }
1355
- function T(N, x) {
1356
- v(x);
1357
- const z = I.signature, J = x === "compact" ? z : x === "recovered" ? z + 1 : void 0;
1358
- return (0, t._abytes2)(N, J, `${x} signature`);
1328
+ function x(N, R) {
1329
+ v(R);
1330
+ const D = I.signature, J = R === "compact" ? D : R === "recovered" ? D + 1 : void 0;
1331
+ return (0, t._abytes2)(N, J, `${R} signature`);
1359
1332
  }
1360
1333
  class X {
1361
- constructor(x, z, J) {
1362
- this.r = $("r", x), this.s = $("s", z), J != null && (this.recovery = J), Object.freeze(this);
1334
+ constructor(R, D, J) {
1335
+ this.r = $("r", R), this.s = $("s", D), J != null && (this.recovery = J), Object.freeze(this);
1363
1336
  }
1364
- static fromBytes(x, z = C) {
1365
- T(x, z);
1337
+ static fromBytes(R, D = C) {
1338
+ x(R, D);
1366
1339
  let J;
1367
- if (z === "der") {
1368
- const { r: oe, s: ce } = e.DER.toSig((0, t._abytes2)(x));
1340
+ if (D === "der") {
1341
+ const { r: oe, s: ce } = e.DER.toSig((0, t._abytes2)(R));
1369
1342
  return new X(oe, ce);
1370
1343
  }
1371
- z === "recovered" && (J = x[0], z = "compact", x = x.subarray(1));
1372
- const re = s.BYTES, ne = x.subarray(0, re), ee = x.subarray(re, re * 2);
1344
+ D === "recovered" && (J = R[0], D = "compact", R = R.subarray(1));
1345
+ const re = s.BYTES, ne = R.subarray(0, re), ee = R.subarray(re, re * 2);
1373
1346
  return new X(s.fromBytes(ne), s.fromBytes(ee), J);
1374
1347
  }
1375
- static fromHex(x, z) {
1376
- return this.fromBytes((0, t.hexToBytes)(x), z);
1348
+ static fromHex(R, D) {
1349
+ return this.fromBytes((0, t.hexToBytes)(R), D);
1377
1350
  }
1378
- addRecoveryBit(x) {
1379
- return new X(this.r, this.s, x);
1351
+ addRecoveryBit(R) {
1352
+ return new X(this.r, this.s, R);
1380
1353
  }
1381
- recoverPublicKey(x) {
1382
- const z = w.ORDER, { r: J, s: re, recovery: ne } = this;
1354
+ recoverPublicKey(R) {
1355
+ const D = w.ORDER, { r: J, s: re, recovery: ne } = this;
1383
1356
  if (ne == null || ![0, 1, 2, 3].includes(ne))
1384
1357
  throw new Error("recovery id invalid");
1385
- if (f * b < z && ne > 1)
1358
+ if (f * b < D && ne > 1)
1386
1359
  throw new Error("recovery id is ambiguous for h>1 curve");
1387
1360
  const oe = ne === 2 || ne === 3 ? J + f : J;
1388
1361
  if (!w.isValid(oe))
1389
1362
  throw new Error("recovery id 2 or 3 invalid");
1390
- const ce = w.toBytes(oe), we = r.fromBytes((0, t.concatBytes)(F((ne & 1) === 0), ce)), de = s.inv(oe), ue = ye((0, t.ensureBytes)("msgHash", x)), me = s.create(-ue * de), ge = s.create(re * de), _e = r.BASE.multiplyUnsafe(me).add(we.multiplyUnsafe(ge));
1363
+ const ce = w.toBytes(oe), we = n.fromBytes((0, t.concatBytes)(F((ne & 1) === 0), ce)), de = s.inv(oe), ue = ye((0, t.ensureBytes)("msgHash", R)), me = s.create(-ue * de), ge = s.create(re * de), _e = n.BASE.multiplyUnsafe(me).add(we.multiplyUnsafe(ge));
1391
1364
  if (_e.is0())
1392
1365
  throw new Error("point at infinify");
1393
1366
  return _e.assertValidity(), _e;
@@ -1396,28 +1369,28 @@ function Ct() {
1396
1369
  hasHighS() {
1397
1370
  return te(this.s);
1398
1371
  }
1399
- toBytes(x = C) {
1400
- if (v(x), x === "der")
1372
+ toBytes(R = C) {
1373
+ if (v(R), R === "der")
1401
1374
  return (0, t.hexToBytes)(e.DER.hexFromSig(this));
1402
- const z = s.toBytes(this.r), J = s.toBytes(this.s);
1403
- if (x === "recovered") {
1375
+ const D = s.toBytes(this.r), J = s.toBytes(this.s);
1376
+ if (R === "recovered") {
1404
1377
  if (this.recovery == null)
1405
1378
  throw new Error("recovery bit must be present");
1406
- return (0, t.concatBytes)(Uint8Array.of(this.recovery), z, J);
1379
+ return (0, t.concatBytes)(Uint8Array.of(this.recovery), D, J);
1407
1380
  }
1408
- return (0, t.concatBytes)(z, J);
1381
+ return (0, t.concatBytes)(D, J);
1409
1382
  }
1410
- toHex(x) {
1411
- return (0, t.bytesToHex)(this.toBytes(x));
1383
+ toHex(R) {
1384
+ return (0, t.bytesToHex)(this.toBytes(R));
1412
1385
  }
1413
1386
  // TODO: remove
1414
1387
  assertValidity() {
1415
1388
  }
1416
- static fromCompact(x) {
1417
- return X.fromBytes((0, t.ensureBytes)("sig", x), "compact");
1389
+ static fromCompact(R) {
1390
+ return X.fromBytes((0, t.ensureBytes)("sig", R), "compact");
1418
1391
  }
1419
- static fromDER(x) {
1420
- return X.fromBytes((0, t.ensureBytes)("sig", x), "der");
1392
+ static fromDER(R) {
1393
+ return X.fromBytes((0, t.ensureBytes)("sig", R), "der");
1421
1394
  }
1422
1395
  normalizeS() {
1423
1396
  return this.hasHighS() ? new X(this.r, s.neg(this.s), this.recovery) : this;
@@ -1435,26 +1408,26 @@ function Ct() {
1435
1408
  return (0, t.bytesToHex)(this.toBytes("compact"));
1436
1409
  }
1437
1410
  }
1438
- const ae = i.bits2int || function(x) {
1439
- if (x.length > 8192)
1411
+ const ae = i.bits2int || function(R) {
1412
+ if (R.length > 8192)
1440
1413
  throw new Error("input is too large");
1441
- const z = (0, t.bytesToNumberBE)(x), J = x.length * 8 - y;
1442
- return J > 0 ? z >> BigInt(J) : z;
1443
- }, ye = i.bits2int_modN || function(x) {
1444
- return s.create(ae(x));
1414
+ const D = (0, t.bytesToNumberBE)(R), J = R.length * 8 - y;
1415
+ return J > 0 ? D >> BigInt(J) : D;
1416
+ }, ye = i.bits2int_modN || function(R) {
1417
+ return s.create(ae(R));
1445
1418
  }, pe = (0, t.bitMask)(y);
1446
1419
  function ve(N) {
1447
- return (0, t.aInRange)("num < 2^" + y, N, V, pe), s.toBytes(N);
1420
+ return (0, t.aInRange)("num < 2^" + y, N, k, pe), s.toBytes(N);
1448
1421
  }
1449
- function Te(N, x) {
1450
- return (0, t._abytes2)(N, void 0, "message"), x ? (0, t._abytes2)(a(N), void 0, "prehashed message") : N;
1422
+ function xe(N, R) {
1423
+ return (0, t._abytes2)(N, void 0, "message"), R ? (0, t._abytes2)(a(N), void 0, "prehashed message") : N;
1451
1424
  }
1452
- function fe(N, x, z) {
1453
- if (["recovered", "canonical"].some((me) => me in z))
1425
+ function fe(N, R, D) {
1426
+ if (["recovered", "canonical"].some((me) => me in D))
1454
1427
  throw new Error("sign() legacy options not supported");
1455
- const { lowS: J, prehash: re, extraEntropy: ne } = U(z, q);
1456
- N = Te(N, re);
1457
- const ee = ye(N), oe = M(s, x), ce = [ve(oe), ve(ee)];
1428
+ const { lowS: J, prehash: re, extraEntropy: ne } = U(D, q);
1429
+ N = xe(N, re);
1430
+ const ee = ye(N), oe = M(s, R), ce = [ve(oe), ve(ee)];
1458
1431
  if (ne != null && ne !== !1) {
1459
1432
  const me = ne === !0 ? o(I.secretKey) : ne;
1460
1433
  ce.push((0, t.ensureBytes)("extraEntropy", me));
@@ -1464,73 +1437,73 @@ function Ct() {
1464
1437
  const ge = ae(me);
1465
1438
  if (!s.isValidNot0(ge))
1466
1439
  return;
1467
- const _e = s.inv(ge), be = r.BASE.multiply(ge).toAffine(), Ee = s.create(be.x);
1468
- if (Ee === V)
1440
+ const _e = s.inv(ge), be = n.BASE.multiply(ge).toAffine(), Ee = s.create(be.x);
1441
+ if (Ee === k)
1469
1442
  return;
1470
1443
  const Pe = s.create(_e * s.create(de + Ee * oe));
1471
- if (Pe === V)
1444
+ if (Pe === k)
1472
1445
  return;
1473
1446
  let pt = (be.x === Ee ? 0 : 2) | Number(be.y & E), vt = Pe;
1474
1447
  return J && te(Pe) && (vt = s.neg(Pe), pt ^= 1), new X(Ee, vt, pt);
1475
1448
  }
1476
1449
  return { seed: we, k2sig: ue };
1477
1450
  }
1478
- function Ye(N, x, z = {}) {
1451
+ function Ye(N, R, D = {}) {
1479
1452
  N = (0, t.ensureBytes)("message", N);
1480
- const { seed: J, k2sig: re } = fe(N, x, z);
1453
+ const { seed: J, k2sig: re } = fe(N, R, D);
1481
1454
  return (0, t.createHmacDrbg)(a.outputLen, s.BYTES, h)(J, re);
1482
1455
  }
1483
1456
  function Ue(N) {
1484
- let x;
1485
- const z = typeof N == "string" || (0, t.isBytes)(N), J = !z && N !== null && typeof N == "object" && typeof N.r == "bigint" && typeof N.s == "bigint";
1486
- if (!z && !J)
1457
+ let R;
1458
+ const D = typeof N == "string" || (0, t.isBytes)(N), J = !D && N !== null && typeof N == "object" && typeof N.r == "bigint" && typeof N.s == "bigint";
1459
+ if (!D && !J)
1487
1460
  throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
1488
1461
  if (J)
1489
- x = new X(N.r, N.s);
1490
- else if (z) {
1462
+ R = new X(N.r, N.s);
1463
+ else if (D) {
1491
1464
  try {
1492
- x = X.fromBytes((0, t.ensureBytes)("sig", N), "der");
1465
+ R = X.fromBytes((0, t.ensureBytes)("sig", N), "der");
1493
1466
  } catch (re) {
1494
1467
  if (!(re instanceof e.DER.Err))
1495
1468
  throw re;
1496
1469
  }
1497
- if (!x)
1470
+ if (!R)
1498
1471
  try {
1499
- x = X.fromBytes((0, t.ensureBytes)("sig", N), "compact");
1472
+ R = X.fromBytes((0, t.ensureBytes)("sig", N), "compact");
1500
1473
  } catch {
1501
1474
  return !1;
1502
1475
  }
1503
1476
  }
1504
- return x || !1;
1477
+ return R || !1;
1505
1478
  }
1506
- function le(N, x, z, J = {}) {
1479
+ function le(N, R, D, J = {}) {
1507
1480
  const { lowS: re, prehash: ne, format: ee } = U(J, q);
1508
- if (z = (0, t.ensureBytes)("publicKey", z), x = Te((0, t.ensureBytes)("message", x), ne), "strict" in J)
1481
+ if (D = (0, t.ensureBytes)("publicKey", D), R = xe((0, t.ensureBytes)("message", R), ne), "strict" in J)
1509
1482
  throw new Error("options.strict was renamed to lowS");
1510
1483
  const oe = ee === void 0 ? Ue(N) : X.fromBytes((0, t.ensureBytes)("sig", N), ee);
1511
1484
  if (oe === !1)
1512
1485
  return !1;
1513
1486
  try {
1514
- const ce = r.fromBytes(z);
1487
+ const ce = n.fromBytes(D);
1515
1488
  if (re && oe.hasHighS())
1516
1489
  return !1;
1517
- const { r: we, s: de } = oe, ue = ye(x), me = s.inv(de), ge = s.create(ue * me), _e = s.create(we * me), be = r.BASE.multiplyUnsafe(ge).add(ce.multiplyUnsafe(_e));
1490
+ const { r: we, s: de } = oe, ue = ye(R), me = s.inv(de), ge = s.create(ue * me), _e = s.create(we * me), be = n.BASE.multiplyUnsafe(ge).add(ce.multiplyUnsafe(_e));
1518
1491
  return be.is0() ? !1 : s.create(be.x) === we;
1519
1492
  } catch {
1520
1493
  return !1;
1521
1494
  }
1522
1495
  }
1523
- function Z(N, x, z = {}) {
1524
- const { prehash: J } = U(z, q);
1525
- return x = Te(x, J), X.fromBytes(N, "recovered").recoverPublicKey(x).toBytes();
1496
+ function Z(N, R, D = {}) {
1497
+ const { prehash: J } = U(D, q);
1498
+ return R = xe(R, J), X.fromBytes(N, "recovered").recoverPublicKey(R).toBytes();
1526
1499
  }
1527
1500
  return Object.freeze({
1528
1501
  keygen: B,
1529
- getPublicKey: O,
1530
- getSharedSecret: k,
1502
+ getPublicKey: T,
1503
+ getSharedSecret: V,
1531
1504
  utils: Y,
1532
1505
  lengths: I,
1533
- Point: r,
1506
+ Point: n,
1534
1507
  sign: Ye,
1535
1508
  verify: le,
1536
1509
  recoverPublicKey: Z,
@@ -1538,62 +1511,62 @@ function Ct() {
1538
1511
  hash: a
1539
1512
  });
1540
1513
  }
1541
- function L(r) {
1542
- const { CURVE: a, curveOpts: i } = _(r), o = Q(a, i);
1543
- return D(r, o);
1514
+ function L(n) {
1515
+ const { CURVE: a, curveOpts: i } = _(n), o = Q(a, i);
1516
+ return z(n, o);
1544
1517
  }
1545
- function _(r) {
1518
+ function _(n) {
1546
1519
  const a = {
1547
- a: r.a,
1548
- b: r.b,
1549
- p: r.Fp.ORDER,
1550
- n: r.n,
1551
- h: r.h,
1552
- Gx: r.Gx,
1553
- Gy: r.Gy
1554
- }, i = r.Fp;
1555
- let o = r.allowedPrivateKeyLengths ? Array.from(new Set(r.allowedPrivateKeyLengths.map((s) => Math.ceil(s / 2)))) : void 0;
1520
+ a: n.a,
1521
+ b: n.b,
1522
+ p: n.Fp.ORDER,
1523
+ n: n.n,
1524
+ h: n.h,
1525
+ Gx: n.Gx,
1526
+ Gy: n.Gy
1527
+ }, i = n.Fp;
1528
+ let o = n.allowedPrivateKeyLengths ? Array.from(new Set(n.allowedPrivateKeyLengths.map((s) => Math.ceil(s / 2)))) : void 0;
1556
1529
  const h = (0, m.Field)(a.n, {
1557
- BITS: r.nBitLength,
1530
+ BITS: n.nBitLength,
1558
1531
  allowedLengths: o,
1559
- modFromBytes: r.wrapPrivateKey
1532
+ modFromBytes: n.wrapPrivateKey
1560
1533
  }), w = {
1561
1534
  Fp: i,
1562
1535
  Fn: h,
1563
- allowInfinityPoint: r.allowInfinityPoint,
1564
- endo: r.endo,
1565
- isTorsionFree: r.isTorsionFree,
1566
- clearCofactor: r.clearCofactor,
1567
- fromBytes: r.fromBytes,
1568
- toBytes: r.toBytes
1536
+ allowInfinityPoint: n.allowInfinityPoint,
1537
+ endo: n.endo,
1538
+ isTorsionFree: n.isTorsionFree,
1539
+ clearCofactor: n.clearCofactor,
1540
+ fromBytes: n.fromBytes,
1541
+ toBytes: n.toBytes
1569
1542
  };
1570
1543
  return { CURVE: a, curveOpts: w };
1571
1544
  }
1572
- function K(r) {
1573
- const { CURVE: a, curveOpts: i } = _(r), o = {
1574
- hmac: r.hmac,
1575
- randomBytes: r.randomBytes,
1576
- lowS: r.lowS,
1577
- bits2int: r.bits2int,
1578
- bits2int_modN: r.bits2int_modN
1545
+ function K(n) {
1546
+ const { CURVE: a, curveOpts: i } = _(n), o = {
1547
+ hmac: n.hmac,
1548
+ randomBytes: n.randomBytes,
1549
+ lowS: n.lowS,
1550
+ bits2int: n.bits2int,
1551
+ bits2int_modN: n.bits2int_modN
1579
1552
  };
1580
- return { CURVE: a, curveOpts: i, hash: r.hash, ecdsaOpts: o };
1553
+ return { CURVE: a, curveOpts: i, hash: n.hash, ecdsaOpts: o };
1581
1554
  }
1582
- function W(r, a, i) {
1555
+ function W(n, a, i) {
1583
1556
  function o(h) {
1584
- const w = r.sqr(h), s = r.mul(w, h);
1585
- return r.add(r.add(s, r.mul(h, a)), i);
1557
+ const w = n.sqr(h), s = n.mul(w, h);
1558
+ return n.add(n.add(s, n.mul(h, a)), i);
1586
1559
  }
1587
1560
  return o;
1588
1561
  }
1589
- function D(r, a) {
1562
+ function z(n, a) {
1590
1563
  const { Fp: i, Fn: o } = a;
1591
1564
  function h(s) {
1592
1565
  return (0, t.inRange)(s, E, o.ORDER);
1593
1566
  }
1594
- const w = W(i, r.a, r.b);
1567
+ const w = W(i, n.a, n.b);
1595
1568
  return Object.assign({}, {
1596
- CURVE: r,
1569
+ CURVE: n,
1597
1570
  Point: a,
1598
1571
  ProjectivePoint: a,
1599
1572
  normPrivateKeyToScalar: (s) => M(o, s),
@@ -1601,39 +1574,39 @@ function Ct() {
1601
1574
  isWithinCurveOrder: h
1602
1575
  });
1603
1576
  }
1604
- function d(r, a) {
1577
+ function d(n, a) {
1605
1578
  const i = a.Point;
1606
1579
  return Object.assign({}, a, {
1607
1580
  ProjectivePoint: i,
1608
- CURVE: Object.assign({}, r, (0, m.nLength)(i.Fn.ORDER, i.Fn.BITS))
1581
+ CURVE: Object.assign({}, n, (0, m.nLength)(i.Fn.ORDER, i.Fn.BITS))
1609
1582
  });
1610
1583
  }
1611
- function l(r) {
1612
- const { CURVE: a, curveOpts: i, hash: o, ecdsaOpts: h } = K(r), w = Q(a, i), s = R(w, o, h);
1613
- return d(r, s);
1584
+ function u(n) {
1585
+ const { CURVE: a, curveOpts: i, hash: o, ecdsaOpts: h } = K(n), w = Q(a, i), s = O(w, o, h);
1586
+ return d(n, s);
1614
1587
  }
1615
1588
  })(nt)), nt;
1616
1589
  }
1617
- var Rt;
1590
+ var Ot;
1618
1591
  function En() {
1619
- if (Rt) return Ke;
1620
- Rt = 1, Object.defineProperty(Ke, "__esModule", { value: !0 }), Ke.getHash = n, Ke.createCurve = c;
1592
+ if (Ot) return Ke;
1593
+ Ot = 1, Object.defineProperty(Ke, "__esModule", { value: !0 }), Ke.getHash = r, Ke.createCurve = c;
1621
1594
  const e = /* @__PURE__ */ Ct();
1622
- function n(t) {
1595
+ function r(t) {
1623
1596
  return { hash: t };
1624
1597
  }
1625
- function c(t, u) {
1598
+ function c(t, l) {
1626
1599
  const m = (g) => (0, e.weierstrass)({ ...t, hash: g });
1627
- return { ...m(u), create: m };
1600
+ return { ...m(l), create: m };
1628
1601
  }
1629
1602
  return Ke;
1630
1603
  }
1631
- var ot = {}, xt;
1604
+ var ot = {}, Rt;
1632
1605
  function Bn() {
1633
- return xt || (xt = 1, (function(e) {
1634
- Object.defineProperty(e, "__esModule", { value: !0 }), e._DST_scalar = void 0, e.expand_message_xmd = v, e.expand_message_xof = U, e.hash_to_field = H, e.isogenyMap = V, e.createHasher = E;
1635
- const n = /* @__PURE__ */ Ce(), c = /* @__PURE__ */ $e(), t = n.bytesToNumberBE;
1636
- function u(b, S) {
1606
+ return Rt || (Rt = 1, (function(e) {
1607
+ Object.defineProperty(e, "__esModule", { value: !0 }), e._DST_scalar = void 0, e.expand_message_xmd = v, e.expand_message_xof = U, e.hash_to_field = H, e.isogenyMap = k, e.createHasher = E;
1608
+ const r = /* @__PURE__ */ Ce(), c = /* @__PURE__ */ $e(), t = r.bytesToNumberBE;
1609
+ function l(b, S) {
1637
1610
  if (g(b), g(S), b < 0 || b >= 1 << 8 * S)
1638
1611
  throw new Error("invalid I2OSP input: " + b);
1639
1612
  const A = Array.from({ length: S }).fill(0);
@@ -1652,44 +1625,44 @@ function Bn() {
1652
1625
  throw new Error("number expected");
1653
1626
  }
1654
1627
  function p(b) {
1655
- if (!(0, n.isBytes)(b) && typeof b != "string")
1628
+ if (!(0, r.isBytes)(b) && typeof b != "string")
1656
1629
  throw new Error("DST must be Uint8Array or string");
1657
- return typeof b == "string" ? (0, n.utf8ToBytes)(b) : b;
1630
+ return typeof b == "string" ? (0, r.utf8ToBytes)(b) : b;
1658
1631
  }
1659
1632
  function v(b, S, A, M) {
1660
- (0, n.abytes)(b), g(A), S = p(S), S.length > 255 && (S = M((0, n.concatBytes)((0, n.utf8ToBytes)("H2C-OVERSIZE-DST-"), S)));
1633
+ (0, r.abytes)(b), g(A), S = p(S), S.length > 255 && (S = M((0, r.concatBytes)((0, r.utf8ToBytes)("H2C-OVERSIZE-DST-"), S)));
1661
1634
  const { outputLen: Q, blockLen: F } = M, G = Math.ceil(A / Q);
1662
1635
  if (A > 65535 || G > 255)
1663
1636
  throw new Error("expand_message_xmd: invalid lenInBytes");
1664
- const se = (0, n.concatBytes)(S, u(S.length, 1)), ie = u(0, F), j = u(A, 2), R = new Array(G), L = M((0, n.concatBytes)(ie, b, j, u(0, 1), se));
1665
- R[0] = M((0, n.concatBytes)(L, u(1, 1), se));
1637
+ const se = (0, r.concatBytes)(S, l(S.length, 1)), ie = l(0, F), j = l(A, 2), O = new Array(G), L = M((0, r.concatBytes)(ie, b, j, l(0, 1), se));
1638
+ O[0] = M((0, r.concatBytes)(L, l(1, 1), se));
1666
1639
  for (let K = 1; K <= G; K++) {
1667
- const W = [m(L, R[K - 1]), u(K + 1, 1), se];
1668
- R[K] = M((0, n.concatBytes)(...W));
1640
+ const W = [m(L, O[K - 1]), l(K + 1, 1), se];
1641
+ O[K] = M((0, r.concatBytes)(...W));
1669
1642
  }
1670
- return (0, n.concatBytes)(...R).slice(0, A);
1643
+ return (0, r.concatBytes)(...O).slice(0, A);
1671
1644
  }
1672
1645
  function U(b, S, A, M, Q) {
1673
- if ((0, n.abytes)(b), g(A), S = p(S), S.length > 255) {
1646
+ if ((0, r.abytes)(b), g(A), S = p(S), S.length > 255) {
1674
1647
  const F = Math.ceil(2 * M / 8);
1675
- S = Q.create({ dkLen: F }).update((0, n.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(S).digest();
1648
+ S = Q.create({ dkLen: F }).update((0, r.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(S).digest();
1676
1649
  }
1677
1650
  if (A > 65535 || S.length > 255)
1678
1651
  throw new Error("expand_message_xof: invalid lenInBytes");
1679
- return Q.create({ dkLen: A }).update(b).update(u(A, 2)).update(S).update(u(S.length, 1)).digest();
1652
+ return Q.create({ dkLen: A }).update(b).update(l(A, 2)).update(S).update(l(S.length, 1)).digest();
1680
1653
  }
1681
1654
  function H(b, S, A) {
1682
- (0, n._validateObject)(A, {
1655
+ (0, r._validateObject)(A, {
1683
1656
  p: "bigint",
1684
1657
  m: "number",
1685
1658
  k: "number",
1686
1659
  hash: "function"
1687
1660
  });
1688
1661
  const { p: M, k: Q, m: F, hash: G, expand: se, DST: ie } = A;
1689
- if (!(0, n.isHash)(A.hash))
1662
+ if (!(0, r.isHash)(A.hash))
1690
1663
  throw new Error("expected valid hash");
1691
- (0, n.abytes)(b), g(S);
1692
- const j = M.toString(2).length, R = Math.ceil((j + Q) / 8), L = S * F * R;
1664
+ (0, r.abytes)(b), g(S);
1665
+ const j = M.toString(2).length, O = Math.ceil((j + Q) / 8), L = S * F * O;
1693
1666
  let _;
1694
1667
  if (se === "xmd")
1695
1668
  _ = v(b, ie, L, G);
@@ -1701,23 +1674,23 @@ function Bn() {
1701
1674
  throw new Error('expand must be "xmd" or "xof"');
1702
1675
  const K = new Array(S);
1703
1676
  for (let W = 0; W < S; W++) {
1704
- const D = new Array(F);
1677
+ const z = new Array(F);
1705
1678
  for (let d = 0; d < F; d++) {
1706
- const l = R * (d + W * F), r = _.subarray(l, l + R);
1707
- D[d] = (0, c.mod)(t(r), M);
1679
+ const u = O * (d + W * F), n = _.subarray(u, u + O);
1680
+ z[d] = (0, c.mod)(t(n), M);
1708
1681
  }
1709
- K[W] = D;
1682
+ K[W] = z;
1710
1683
  }
1711
1684
  return K;
1712
1685
  }
1713
- function V(b, S) {
1686
+ function k(b, S) {
1714
1687
  const A = S.map((M) => Array.from(M).reverse());
1715
1688
  return (M, Q) => {
1716
- const [F, G, se, ie] = A.map((L) => L.reduce((_, K) => b.add(b.mul(_, M), K))), [j, R] = (0, c.FpInvertBatch)(b, [G, ie], !0);
1717
- return M = b.mul(F, j), Q = b.mul(Q, b.mul(se, R)), { x: M, y: Q };
1689
+ const [F, G, se, ie] = A.map((L) => L.reduce((_, K) => b.add(b.mul(_, M), K))), [j, O] = (0, c.FpInvertBatch)(b, [G, ie], !0);
1690
+ return M = b.mul(F, j), Q = b.mul(Q, b.mul(se, O)), { x: M, y: Q };
1718
1691
  };
1719
1692
  }
1720
- e._DST_scalar = (0, n.utf8ToBytes)("HashToScalar-");
1693
+ e._DST_scalar = (0, r.utf8ToBytes)("HashToScalar-");
1721
1694
  function E(b, S, A) {
1722
1695
  if (typeof S != "function")
1723
1696
  throw new Error("mapToCurve() must be defined");
@@ -1731,12 +1704,12 @@ function Bn() {
1731
1704
  return {
1732
1705
  defaults: A,
1733
1706
  hashToCurve(F, G) {
1734
- const se = Object.assign({}, A, G), ie = H(F, 2, se), j = M(ie[0]), R = M(ie[1]);
1735
- return Q(j.add(R));
1707
+ const se = Object.assign({}, A, G), ie = H(F, 2, se), j = M(ie[0]), O = M(ie[1]);
1708
+ return Q(j.add(O));
1736
1709
  },
1737
1710
  encodeToCurve(F, G) {
1738
- const se = A.encodeDST ? { DST: A.encodeDST } : {}, ie = Object.assign({}, A, se, G), j = H(F, 1, ie), R = M(j[0]);
1739
- return Q(R);
1711
+ const se = A.encodeDST ? { DST: A.encodeDST } : {}, ie = Object.assign({}, A, se, G), j = H(F, 1, ie), O = M(j[0]);
1712
+ return Q(O);
1740
1713
  },
1741
1714
  /** See {@link H2CHasher} */
1742
1715
  mapToCurve(F) {
@@ -1758,10 +1731,10 @@ function Bn() {
1758
1731
  })(ot)), ot;
1759
1732
  }
1760
1733
  var qt;
1761
- function nr() {
1734
+ function er() {
1762
1735
  return qt || (qt = 1, (function(e) {
1763
1736
  Object.defineProperty(e, "__esModule", { value: !0 }), e.encodeToCurve = e.hashToCurve = e.secp256k1_hasher = e.schnorr = e.secp256k1 = void 0;
1764
- const n = /* @__PURE__ */ dn(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ En(), u = /* @__PURE__ */ Bn(), m = /* @__PURE__ */ $e(), g = /* @__PURE__ */ Ct(), p = /* @__PURE__ */ Ce(), v = {
1737
+ const r = /* @__PURE__ */ dn(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ En(), l = /* @__PURE__ */ Bn(), m = /* @__PURE__ */ $e(), g = /* @__PURE__ */ Ct(), p = /* @__PURE__ */ Ce(), v = {
1765
1738
  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
1766
1739
  n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
1767
1740
  h: BigInt(1),
@@ -1775,72 +1748,72 @@ function nr() {
1775
1748
  [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
1776
1749
  [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
1777
1750
  ]
1778
- }, H = /* @__PURE__ */ BigInt(0), V = /* @__PURE__ */ BigInt(1), E = /* @__PURE__ */ BigInt(2);
1751
+ }, H = /* @__PURE__ */ BigInt(0), k = /* @__PURE__ */ BigInt(1), E = /* @__PURE__ */ BigInt(2);
1779
1752
  function b(d) {
1780
- const l = v.p, r = BigInt(3), a = BigInt(6), i = BigInt(11), o = BigInt(22), h = BigInt(23), w = BigInt(44), s = BigInt(88), f = d * d * d % l, y = f * f * d % l, B = (0, m.pow2)(y, r, l) * y % l, O = (0, m.pow2)(B, r, l) * y % l, k = (0, m.pow2)(O, E, l) * f % l, Y = (0, m.pow2)(k, i, l) * k % l, I = (0, m.pow2)(Y, o, l) * Y % l, q = (0, m.pow2)(I, w, l) * I % l, C = (0, m.pow2)(q, s, l) * q % l, te = (0, m.pow2)(C, w, l) * I % l, $ = (0, m.pow2)(te, r, l) * y % l, T = (0, m.pow2)($, h, l) * Y % l, X = (0, m.pow2)(T, a, l) * f % l, ae = (0, m.pow2)(X, E, l);
1753
+ const u = v.p, n = BigInt(3), a = BigInt(6), i = BigInt(11), o = BigInt(22), h = BigInt(23), w = BigInt(44), s = BigInt(88), f = d * d * d % u, y = f * f * d % u, B = (0, m.pow2)(y, n, u) * y % u, T = (0, m.pow2)(B, n, u) * y % u, V = (0, m.pow2)(T, E, u) * f % u, Y = (0, m.pow2)(V, i, u) * V % u, I = (0, m.pow2)(Y, o, u) * Y % u, q = (0, m.pow2)(I, w, u) * I % u, C = (0, m.pow2)(q, s, u) * q % u, te = (0, m.pow2)(C, w, u) * I % u, $ = (0, m.pow2)(te, n, u) * y % u, x = (0, m.pow2)($, h, u) * Y % u, X = (0, m.pow2)(x, a, u) * f % u, ae = (0, m.pow2)(X, E, u);
1781
1754
  if (!S.eql(S.sqr(ae), d))
1782
1755
  throw new Error("Cannot find square root");
1783
1756
  return ae;
1784
1757
  }
1785
1758
  const S = (0, m.Field)(v.p, { sqrt: b });
1786
- e.secp256k1 = (0, t.createCurve)({ ...v, Fp: S, lowS: !0, endo: U }, n.sha256);
1759
+ e.secp256k1 = (0, t.createCurve)({ ...v, Fp: S, lowS: !0, endo: U }, r.sha256);
1787
1760
  const A = {};
1788
- function M(d, ...l) {
1789
- let r = A[d];
1790
- if (r === void 0) {
1791
- const a = (0, n.sha256)((0, p.utf8ToBytes)(d));
1792
- r = (0, p.concatBytes)(a, a), A[d] = r;
1761
+ function M(d, ...u) {
1762
+ let n = A[d];
1763
+ if (n === void 0) {
1764
+ const a = (0, r.sha256)((0, p.utf8ToBytes)(d));
1765
+ n = (0, p.concatBytes)(a, a), A[d] = n;
1793
1766
  }
1794
- return (0, n.sha256)((0, p.concatBytes)(r, ...l));
1767
+ return (0, r.sha256)((0, p.concatBytes)(n, ...u));
1795
1768
  }
1796
1769
  const Q = (d) => d.toBytes(!0).slice(1), F = e.secp256k1.Point, G = (d) => d % E === H;
1797
1770
  function se(d) {
1798
- const { Fn: l, BASE: r } = F, a = (0, g._normFnElement)(l, d), i = r.multiply(a);
1799
- return { scalar: G(i.y) ? a : l.neg(a), bytes: Q(i) };
1771
+ const { Fn: u, BASE: n } = F, a = (0, g._normFnElement)(u, d), i = n.multiply(a);
1772
+ return { scalar: G(i.y) ? a : u.neg(a), bytes: Q(i) };
1800
1773
  }
1801
1774
  function ie(d) {
1802
- const l = S;
1803
- if (!l.isValidNot0(d))
1775
+ const u = S;
1776
+ if (!u.isValidNot0(d))
1804
1777
  throw new Error("invalid x: Fail if x ≥ p");
1805
- const r = l.create(d * d), a = l.create(r * d + BigInt(7));
1806
- let i = l.sqrt(a);
1807
- G(i) || (i = l.neg(i));
1778
+ const n = u.create(d * d), a = u.create(n * d + BigInt(7));
1779
+ let i = u.sqrt(a);
1780
+ G(i) || (i = u.neg(i));
1808
1781
  const o = F.fromAffine({ x: d, y: i });
1809
1782
  return o.assertValidity(), o;
1810
1783
  }
1811
1784
  const j = p.bytesToNumberBE;
1812
- function R(...d) {
1785
+ function O(...d) {
1813
1786
  return F.Fn.create(j(M("BIP0340/challenge", ...d)));
1814
1787
  }
1815
1788
  function L(d) {
1816
1789
  return se(d).bytes;
1817
1790
  }
1818
- function _(d, l, r = (0, c.randomBytes)(32)) {
1819
- const { Fn: a } = F, i = (0, p.ensureBytes)("message", d), { bytes: o, scalar: h } = se(l), w = (0, p.ensureBytes)("auxRand", r, 32), s = a.toBytes(h ^ j(M("BIP0340/aux", w))), f = M("BIP0340/nonce", s, o, i), { bytes: y, scalar: B } = se(f), O = R(y, o, i), k = new Uint8Array(64);
1820
- if (k.set(y, 0), k.set(a.toBytes(a.create(B + O * h)), 32), !K(k, i, o))
1791
+ function _(d, u, n = (0, c.randomBytes)(32)) {
1792
+ const { Fn: a } = F, i = (0, p.ensureBytes)("message", d), { bytes: o, scalar: h } = se(u), w = (0, p.ensureBytes)("auxRand", n, 32), s = a.toBytes(h ^ j(M("BIP0340/aux", w))), f = M("BIP0340/nonce", s, o, i), { bytes: y, scalar: B } = se(f), T = O(y, o, i), V = new Uint8Array(64);
1793
+ if (V.set(y, 0), V.set(a.toBytes(a.create(B + T * h)), 32), !K(V, i, o))
1821
1794
  throw new Error("sign: Invalid signature produced");
1822
- return k;
1795
+ return V;
1823
1796
  }
1824
- function K(d, l, r) {
1825
- const { Fn: a, BASE: i } = F, o = (0, p.ensureBytes)("signature", d, 64), h = (0, p.ensureBytes)("message", l), w = (0, p.ensureBytes)("publicKey", r, 32);
1797
+ function K(d, u, n) {
1798
+ const { Fn: a, BASE: i } = F, o = (0, p.ensureBytes)("signature", d, 64), h = (0, p.ensureBytes)("message", u), w = (0, p.ensureBytes)("publicKey", n, 32);
1826
1799
  try {
1827
1800
  const s = ie(j(w)), f = j(o.subarray(0, 32));
1828
- if (!(0, p.inRange)(f, V, v.p))
1801
+ if (!(0, p.inRange)(f, k, v.p))
1829
1802
  return !1;
1830
1803
  const y = j(o.subarray(32, 64));
1831
- if (!(0, p.inRange)(y, V, v.n))
1804
+ if (!(0, p.inRange)(y, k, v.n))
1832
1805
  return !1;
1833
- const B = R(a.toBytes(f), Q(s), h), O = i.multiplyUnsafe(y).add(s.multiplyUnsafe(a.neg(B))), { x: k, y: Y } = O.toAffine();
1834
- return !(O.is0() || !G(Y) || k !== f);
1806
+ const B = O(a.toBytes(f), Q(s), h), T = i.multiplyUnsafe(y).add(s.multiplyUnsafe(a.neg(B))), { x: V, y: Y } = T.toAffine();
1807
+ return !(T.is0() || !G(Y) || V !== f);
1835
1808
  } catch {
1836
1809
  return !1;
1837
1810
  }
1838
1811
  }
1839
1812
  e.schnorr = (() => {
1840
- const r = (i = (0, c.randomBytes)(48)) => (0, m.mapHashToField)(i, v.n);
1813
+ const n = (i = (0, c.randomBytes)(48)) => (0, m.mapHashToField)(i, v.n);
1841
1814
  e.secp256k1.utils.randomSecretKey;
1842
1815
  function a(i) {
1843
- const o = r(i);
1816
+ const o = n(i);
1844
1817
  return { secretKey: o, publicKey: L(o) };
1845
1818
  }
1846
1819
  return {
@@ -1850,8 +1823,8 @@ function nr() {
1850
1823
  verify: K,
1851
1824
  Point: F,
1852
1825
  utils: {
1853
- randomSecretKey: r,
1854
- randomPrivateKey: r,
1826
+ randomSecretKey: n,
1827
+ randomPrivateKey: n,
1855
1828
  taggedHash: M,
1856
1829
  // TODO: remove
1857
1830
  lift_x: ie,
@@ -1869,7 +1842,7 @@ function nr() {
1869
1842
  }
1870
1843
  };
1871
1844
  })();
1872
- const W = (0, u.isogenyMap)(S, [
1845
+ const W = (0, l.isogenyMap)(S, [
1873
1846
  // xNum
1874
1847
  [
1875
1848
  "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7",
@@ -1899,14 +1872,14 @@ function nr() {
1899
1872
  "0x0000000000000000000000000000000000000000000000000000000000000001"
1900
1873
  // LAST 1
1901
1874
  ]
1902
- ].map((d) => d.map((l) => BigInt(l)))), D = (0, g.mapToCurveSimpleSWU)(S, {
1875
+ ].map((d) => d.map((u) => BigInt(u)))), z = (0, g.mapToCurveSimpleSWU)(S, {
1903
1876
  A: BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),
1904
1877
  B: BigInt("1771"),
1905
1878
  Z: S.create(BigInt("-11"))
1906
1879
  });
1907
- e.secp256k1_hasher = (0, u.createHasher)(e.secp256k1.Point, (d) => {
1908
- const { x: l, y: r } = D(S.create(d[0]));
1909
- return W(l, r);
1880
+ e.secp256k1_hasher = (0, l.createHasher)(e.secp256k1.Point, (d) => {
1881
+ const { x: u, y: n } = z(S.create(d[0]));
1882
+ return W(u, n);
1910
1883
  }, {
1911
1884
  DST: "secp256k1_XMD:SHA-256_SSWU_RO_",
1912
1885
  encodeDST: "secp256k1_XMD:SHA-256_SSWU_NU_",
@@ -1914,20 +1887,20 @@ function nr() {
1914
1887
  m: 1,
1915
1888
  k: 128,
1916
1889
  expand: "xmd",
1917
- hash: n.sha256
1890
+ hash: r.sha256
1918
1891
  }), e.hashToCurve = e.secp256k1_hasher.hashToCurve, e.encodeToCurve = e.secp256k1_hasher.encodeToCurve;
1919
1892
  })(tt)), tt;
1920
1893
  }
1921
1894
  var P = {}, It;
1922
- function rr() {
1895
+ function tr() {
1923
1896
  if (It) return P;
1924
1897
  It = 1, Object.defineProperty(P, "__esModule", { value: !0 }), P.isHash = P.validateObject = P.memoized = P.notImplemented = P.createHmacDrbg = P.bitMask = P.bitSet = P.bitGet = P.bitLen = P.aInRange = P.inRange = P.asciiToBytes = P.copyBytes = P.equalBytes = P.ensureBytes = P.numberToVarBytesBE = P.numberToBytesLE = P.numberToBytesBE = P.bytesToNumberLE = P.bytesToNumberBE = P.hexToNumber = P.numberToHexUnpadded = P.abool = P.utf8ToBytes = P.randomBytes = P.isBytes = P.hexToBytes = P.concatBytes = P.bytesToUtf8 = P.bytesToHex = P.anumber = P.abytes = void 0;
1925
1898
  const e = /* @__PURE__ */ Ce();
1926
1899
  return P.abytes = e.abytes, P.anumber = e.anumber, P.bytesToHex = e.bytesToHex, P.bytesToUtf8 = e.bytesToUtf8, P.concatBytes = e.concatBytes, P.hexToBytes = e.hexToBytes, P.isBytes = e.isBytes, P.randomBytes = e.randomBytes, P.utf8ToBytes = e.utf8ToBytes, P.abool = e.abool, P.numberToHexUnpadded = e.numberToHexUnpadded, P.hexToNumber = e.hexToNumber, P.bytesToNumberBE = e.bytesToNumberBE, P.bytesToNumberLE = e.bytesToNumberLE, P.numberToBytesBE = e.numberToBytesBE, P.numberToBytesLE = e.numberToBytesLE, P.numberToVarBytesBE = e.numberToVarBytesBE, P.ensureBytes = e.ensureBytes, P.equalBytes = e.equalBytes, P.copyBytes = e.copyBytes, P.asciiToBytes = e.asciiToBytes, P.inRange = e.inRange, P.aInRange = e.aInRange, P.bitLen = e.bitLen, P.bitGet = e.bitGet, P.bitSet = e.bitSet, P.bitMask = e.bitMask, P.createHmacDrbg = e.createHmacDrbg, P.notImplemented = e.notImplemented, P.memoized = e.memoized, P.validateObject = e.validateObject, P.isHash = e.isHash, P;
1927
1900
  }
1928
- function or(e, n = "") {
1901
+ function nr(e, r = "") {
1929
1902
  if (typeof e != "boolean") {
1930
- const c = n && `"${n}" `;
1903
+ const c = r && `"${r}" `;
1931
1904
  throw new Error(c + "expected boolean, got type=" + typeof e);
1932
1905
  }
1933
1906
  return e;
@@ -1940,138 +1913,138 @@ function mt(e) {
1940
1913
  function Kt(e) {
1941
1914
  return mt(e), (e & e - 1) === 0 && e !== 0;
1942
1915
  }
1943
- function pn(e, n) {
1916
+ function pn(e, r) {
1944
1917
  mt(e);
1945
1918
  let c = 0;
1946
- for (let t = 0; t < n; t++, e >>>= 1)
1919
+ for (let t = 0; t < r; t++, e >>>= 1)
1947
1920
  c = c << 1 | e & 1;
1948
1921
  return c;
1949
1922
  }
1950
- function Dt(e) {
1923
+ function zt(e) {
1951
1924
  return mt(e), 31 - Math.clz32(e);
1952
1925
  }
1953
1926
  function Nt(e) {
1954
- const n = e.length;
1955
- if (n < 2 || !Kt(n))
1956
- throw new Error("n must be a power of 2 and greater than 1. Got " + n);
1957
- const c = Dt(n);
1958
- for (let t = 0; t < n; t++) {
1959
- const u = pn(t, c);
1960
- if (t < u) {
1927
+ const r = e.length;
1928
+ if (r < 2 || !Kt(r))
1929
+ throw new Error("n must be a power of 2 and greater than 1. Got " + r);
1930
+ const c = zt(r);
1931
+ for (let t = 0; t < r; t++) {
1932
+ const l = pn(t, c);
1933
+ if (t < l) {
1961
1934
  const m = e[t];
1962
- e[t] = e[u], e[u] = m;
1935
+ e[t] = e[l], e[l] = m;
1963
1936
  }
1964
1937
  }
1965
1938
  return e;
1966
1939
  }
1967
- const sr = (e, n) => {
1968
- const { N: c, roots: t, dit: u, invertButterflies: m = !1, skipStages: g = 0, brp: p = !0 } = n, v = Dt(c);
1940
+ const rr = (e, r) => {
1941
+ const { N: c, roots: t, dit: l, invertButterflies: m = !1, skipStages: g = 0, brp: p = !0 } = r, v = zt(c);
1969
1942
  if (!Kt(c))
1970
1943
  throw new Error("FFT: Polynomial size should be power of two");
1971
- const U = u !== m;
1944
+ const U = l !== m;
1972
1945
  return (H) => {
1973
1946
  if (H.length !== c)
1974
1947
  throw new Error("FFT: wrong Polynomial length");
1975
- u && p && Nt(H);
1976
- for (let V = 0, E = 1; V < v - g; V++) {
1977
- const b = u ? V + 1 + g : v - V, S = 1 << b, A = S >> 1, M = c >> b;
1948
+ l && p && Nt(H);
1949
+ for (let k = 0, E = 1; k < v - g; k++) {
1950
+ const b = l ? k + 1 + g : v - k, S = 1 << b, A = S >> 1, M = c >> b;
1978
1951
  for (let Q = 0; Q < c; Q += S)
1979
1952
  for (let F = 0, G = E++; F < A; F++) {
1980
- const se = m ? u ? c - G : G : F * M, ie = Q + F, j = Q + F + A, R = t[se], L = H[j], _ = H[ie];
1953
+ const se = m ? l ? c - G : G : F * M, ie = Q + F, j = Q + F + A, O = t[se], L = H[j], _ = H[ie];
1981
1954
  if (U) {
1982
- const K = e.mul(L, R);
1955
+ const K = e.mul(L, O);
1983
1956
  H[ie] = e.add(_, K), H[j] = e.sub(_, K);
1984
- } else m ? (H[ie] = e.add(L, _), H[j] = e.mul(e.sub(L, _), R)) : (H[ie] = e.add(_, L), H[j] = e.mul(e.sub(_, L), R));
1957
+ } else m ? (H[ie] = e.add(L, _), H[j] = e.mul(e.sub(L, _), O)) : (H[ie] = e.add(_, L), H[j] = e.mul(e.sub(_, L), O));
1985
1958
  }
1986
1959
  }
1987
- return !u && p && Nt(H), H;
1960
+ return !l && p && Nt(H), H;
1988
1961
  };
1989
1962
  };
1990
1963
  const bt = /* @__PURE__ */ BigInt(0), lt = /* @__PURE__ */ BigInt(1);
1991
- function Je(e, n = "") {
1964
+ function Je(e, r = "") {
1992
1965
  if (typeof e != "boolean") {
1993
- const c = n && `"${n}"`;
1966
+ const c = r && `"${r}"`;
1994
1967
  throw new Error(c + "expected boolean, got type=" + typeof e);
1995
1968
  }
1996
1969
  return e;
1997
1970
  }
1998
- function Ze(e, n, c = "") {
1999
- const t = yt(e), u = e?.length, m = n !== void 0;
2000
- if (!t || m && u !== n) {
2001
- const g = c && `"${c}" `, p = m ? ` of length ${n}` : "", v = t ? `length=${u}` : `type=${typeof e}`;
1971
+ function Ze(e, r, c = "") {
1972
+ const t = yt(e), l = e?.length, m = r !== void 0;
1973
+ if (!t || m && l !== r) {
1974
+ const g = c && `"${c}" `, p = m ? ` of length ${r}` : "", v = t ? `length=${l}` : `type=${typeof e}`;
2002
1975
  throw new Error(g + "expected Uint8Array" + p + ", got " + v);
2003
1976
  }
2004
1977
  return e;
2005
1978
  }
2006
1979
  function Xe(e) {
2007
- const n = e.toString(16);
2008
- return n.length & 1 ? "0" + n : n;
1980
+ const r = e.toString(16);
1981
+ return r.length & 1 ? "0" + r : r;
2009
1982
  }
2010
- function zt(e) {
1983
+ function Dt(e) {
2011
1984
  if (typeof e != "string")
2012
1985
  throw new Error("hex string expected, got " + typeof e);
2013
1986
  return e === "" ? bt : BigInt("0x" + e);
2014
1987
  }
2015
1988
  function et(e) {
2016
- return zt(Me(e));
1989
+ return Dt(Me(e));
2017
1990
  }
2018
1991
  function Yt(e) {
2019
- return hn(e), zt(Me(Uint8Array.from(e).reverse()));
1992
+ return hn(e), Dt(Me(Uint8Array.from(e).reverse()));
2020
1993
  }
2021
- function wt(e, n) {
2022
- return Qe(e.toString(16).padStart(n * 2, "0"));
1994
+ function wt(e, r) {
1995
+ return Qe(e.toString(16).padStart(r * 2, "0"));
2023
1996
  }
2024
- function Pt(e, n) {
2025
- return wt(e, n).reverse();
1997
+ function Pt(e, r) {
1998
+ return wt(e, r).reverse();
2026
1999
  }
2027
- function Se(e, n, c) {
2000
+ function Se(e, r, c) {
2028
2001
  let t;
2029
- if (typeof n == "string")
2002
+ if (typeof r == "string")
2030
2003
  try {
2031
- t = Qe(n);
2032
- } catch (u) {
2033
- throw new Error(e + " must be hex string or Uint8Array, cause: " + u);
2004
+ t = Qe(r);
2005
+ } catch (l) {
2006
+ throw new Error(e + " must be hex string or Uint8Array, cause: " + l);
2034
2007
  }
2035
- else if (yt(n))
2036
- t = Uint8Array.from(n);
2008
+ else if (yt(r))
2009
+ t = Uint8Array.from(r);
2037
2010
  else
2038
2011
  throw new Error(e + " must be hex string or Uint8Array");
2039
2012
  return t.length, t;
2040
2013
  }
2041
2014
  const st = (e) => typeof e == "bigint" && bt <= e;
2042
- function vn(e, n, c) {
2043
- return st(e) && st(n) && st(c) && n <= e && e < c;
2015
+ function vn(e, r, c) {
2016
+ return st(e) && st(r) && st(c) && r <= e && e < c;
2044
2017
  }
2045
- function _n(e, n, c, t) {
2046
- if (!vn(n, c, t))
2047
- throw new Error("expected valid " + e + ": " + c + " <= n < " + t + ", got " + n);
2018
+ function _n(e, r, c, t) {
2019
+ if (!vn(r, c, t))
2020
+ throw new Error("expected valid " + e + ": " + c + " <= n < " + t + ", got " + r);
2048
2021
  }
2049
2022
  function Xt(e) {
2050
- let n;
2051
- for (n = 0; e > bt; e >>= lt, n += 1)
2023
+ let r;
2024
+ for (r = 0; e > bt; e >>= lt, r += 1)
2052
2025
  ;
2053
- return n;
2026
+ return r;
2054
2027
  }
2055
- const De = (e) => (lt << BigInt(e)) - lt;
2056
- function Sn(e, n, c) {
2028
+ const ze = (e) => (lt << BigInt(e)) - lt;
2029
+ function Sn(e, r, c) {
2057
2030
  if (typeof e != "number" || e < 2)
2058
2031
  throw new Error("hashLen must be a number");
2059
- if (typeof n != "number" || n < 2)
2032
+ if (typeof r != "number" || r < 2)
2060
2033
  throw new Error("qByteLen must be a number");
2061
2034
  if (typeof c != "function")
2062
2035
  throw new Error("hmacFn must be a function");
2063
- const t = (b) => new Uint8Array(b), u = (b) => Uint8Array.of(b);
2036
+ const t = (b) => new Uint8Array(b), l = (b) => Uint8Array.of(b);
2064
2037
  let m = t(e), g = t(e), p = 0;
2065
2038
  const v = () => {
2066
2039
  m.fill(1), g.fill(0), p = 0;
2067
2040
  }, U = (...b) => c(g, m, ...b), H = (b = t(0)) => {
2068
- g = U(u(0), b), m = U(), b.length !== 0 && (g = U(u(1), b), m = U());
2069
- }, V = () => {
2041
+ g = U(l(0), b), m = U(), b.length !== 0 && (g = U(l(1), b), m = U());
2042
+ }, k = () => {
2070
2043
  if (p++ >= 1e3)
2071
2044
  throw new Error("drbg: tried 1000 values");
2072
2045
  let b = 0;
2073
2046
  const S = [];
2074
- for (; b < n; ) {
2047
+ for (; b < r; ) {
2075
2048
  m = U();
2076
2049
  const A = m.slice();
2077
2050
  S.push(A), b += m.length;
@@ -2081,77 +2054,77 @@ function Sn(e, n, c) {
2081
2054
  return (b, S) => {
2082
2055
  v(), H(b);
2083
2056
  let A;
2084
- for (; !(A = S(V())); )
2057
+ for (; !(A = S(k())); )
2085
2058
  H();
2086
2059
  return v(), A;
2087
2060
  };
2088
2061
  }
2089
- function gt(e, n, c = {}) {
2062
+ function gt(e, r, c = {}) {
2090
2063
  if (!e || typeof e != "object")
2091
2064
  throw new Error("expected valid options object");
2092
- function t(u, m, g) {
2093
- const p = e[u];
2065
+ function t(l, m, g) {
2066
+ const p = e[l];
2094
2067
  if (g && p === void 0)
2095
2068
  return;
2096
2069
  const v = typeof p;
2097
2070
  if (v !== m || p === null)
2098
- throw new Error(`param "${u}" is invalid: expected ${m}, got ${v}`);
2071
+ throw new Error(`param "${l}" is invalid: expected ${m}, got ${v}`);
2099
2072
  }
2100
- Object.entries(n).forEach(([u, m]) => t(u, m, !1)), Object.entries(c).forEach(([u, m]) => t(u, m, !0));
2073
+ Object.entries(r).forEach(([l, m]) => t(l, m, !1)), Object.entries(c).forEach(([l, m]) => t(l, m, !0));
2101
2074
  }
2102
2075
  function At(e) {
2103
- const n = /* @__PURE__ */ new WeakMap();
2076
+ const r = /* @__PURE__ */ new WeakMap();
2104
2077
  return (c, ...t) => {
2105
- const u = n.get(c);
2106
- if (u !== void 0)
2107
- return u;
2078
+ const l = r.get(c);
2079
+ if (l !== void 0)
2080
+ return l;
2108
2081
  const m = e(c, ...t);
2109
- return n.set(c, m), m;
2082
+ return r.set(c, m), m;
2110
2083
  };
2111
2084
  }
2112
- const Oe = BigInt(0), Be = BigInt(1), je = /* @__PURE__ */ BigInt(2), Gt = /* @__PURE__ */ BigInt(3), Wt = /* @__PURE__ */ BigInt(4), Qt = /* @__PURE__ */ BigInt(5), On = /* @__PURE__ */ BigInt(7), Jt = /* @__PURE__ */ BigInt(8), Tn = /* @__PURE__ */ BigInt(9), Ft = /* @__PURE__ */ BigInt(16);
2113
- function qe(e, n) {
2114
- const c = e % n;
2115
- return c >= Oe ? c : n + c;
2085
+ const Te = BigInt(0), Be = BigInt(1), je = /* @__PURE__ */ BigInt(2), Gt = /* @__PURE__ */ BigInt(3), Wt = /* @__PURE__ */ BigInt(4), Qt = /* @__PURE__ */ BigInt(5), Tn = /* @__PURE__ */ BigInt(7), Jt = /* @__PURE__ */ BigInt(8), xn = /* @__PURE__ */ BigInt(9), Ft = /* @__PURE__ */ BigInt(16);
2086
+ function qe(e, r) {
2087
+ const c = e % r;
2088
+ return c >= Te ? c : r + c;
2116
2089
  }
2117
- function xe(e, n, c) {
2090
+ function Re(e, r, c) {
2118
2091
  let t = e;
2119
- for (; n-- > Oe; )
2092
+ for (; r-- > Te; )
2120
2093
  t *= t, t %= c;
2121
2094
  return t;
2122
2095
  }
2123
- function Ut(e, n) {
2124
- if (e === Oe)
2096
+ function Ut(e, r) {
2097
+ if (e === Te)
2125
2098
  throw new Error("invert: expected non-zero number");
2126
- if (n <= Oe)
2127
- throw new Error("invert: expected positive modulus, got " + n);
2128
- let c = qe(e, n), t = n, u = Oe, m = Be;
2129
- for (; c !== Oe; ) {
2130
- const p = t / c, v = t % c, U = u - m * p;
2131
- t = c, c = v, u = m, m = U;
2099
+ if (r <= Te)
2100
+ throw new Error("invert: expected positive modulus, got " + r);
2101
+ let c = qe(e, r), t = r, l = Te, m = Be;
2102
+ for (; c !== Te; ) {
2103
+ const p = t / c, v = t % c, U = l - m * p;
2104
+ t = c, c = v, l = m, m = U;
2132
2105
  }
2133
2106
  if (t !== Be)
2134
2107
  throw new Error("invert: does not exist");
2135
- return qe(u, n);
2108
+ return qe(l, r);
2136
2109
  }
2137
- function Et(e, n, c) {
2138
- if (!e.eql(e.sqr(n), c))
2110
+ function Et(e, r, c) {
2111
+ if (!e.eql(e.sqr(r), c))
2139
2112
  throw new Error("Cannot find square root");
2140
2113
  }
2141
- function $t(e, n) {
2142
- const c = (e.ORDER + Be) / Wt, t = e.pow(n, c);
2143
- return Et(e, t, n), t;
2114
+ function $t(e, r) {
2115
+ const c = (e.ORDER + Be) / Wt, t = e.pow(r, c);
2116
+ return Et(e, t, r), t;
2144
2117
  }
2145
- function Rn(e, n) {
2146
- const c = (e.ORDER - Qt) / Jt, t = e.mul(n, je), u = e.pow(t, c), m = e.mul(n, u), g = e.mul(e.mul(m, je), u), p = e.mul(m, e.sub(g, e.ONE));
2147
- return Et(e, p, n), p;
2118
+ function On(e, r) {
2119
+ const c = (e.ORDER - Qt) / Jt, t = e.mul(r, je), l = e.pow(t, c), m = e.mul(r, l), g = e.mul(e.mul(m, je), l), p = e.mul(m, e.sub(g, e.ONE));
2120
+ return Et(e, p, r), p;
2148
2121
  }
2149
- function xn(e) {
2150
- const n = ze(e), c = en(e), t = c(n, n.neg(n.ONE)), u = c(n, t), m = c(n, n.neg(t)), g = (e + On) / Ft;
2122
+ function Rn(e) {
2123
+ const r = De(e), c = en(e), t = c(r, r.neg(r.ONE)), l = c(r, t), m = c(r, r.neg(t)), g = (e + Tn) / Ft;
2151
2124
  return (p, v) => {
2152
2125
  let U = p.pow(v, g), H = p.mul(U, t);
2153
- const V = p.mul(U, u), E = p.mul(U, m), b = p.eql(p.sqr(H), v), S = p.eql(p.sqr(V), v);
2154
- U = p.cmov(U, H, b), H = p.cmov(E, V, S);
2126
+ const k = p.mul(U, l), E = p.mul(U, m), b = p.eql(p.sqr(H), v), S = p.eql(p.sqr(k), v);
2127
+ U = p.cmov(U, H, b), H = p.cmov(E, k, S);
2155
2128
  const A = p.eql(p.sqr(H), v), M = p.cmov(U, H, A);
2156
2129
  return Et(p, M, v), M;
2157
2130
  };
@@ -2159,24 +2132,24 @@ function xn(e) {
2159
2132
  function en(e) {
2160
2133
  if (e < Gt)
2161
2134
  throw new Error("sqrt is not defined for small field");
2162
- let n = e - Be, c = 0;
2163
- for (; n % je === Oe; )
2164
- n /= je, c++;
2135
+ let r = e - Be, c = 0;
2136
+ for (; r % je === Te; )
2137
+ r /= je, c++;
2165
2138
  let t = je;
2166
- const u = ze(e);
2167
- for (; Zt(u, t) === 1; )
2139
+ const l = De(e);
2140
+ for (; Zt(l, t) === 1; )
2168
2141
  if (t++ > 1e3)
2169
2142
  throw new Error("Cannot find square root: probably non-prime P");
2170
2143
  if (c === 1)
2171
2144
  return $t;
2172
- let m = u.pow(t, n);
2173
- const g = (n + Be) / je;
2145
+ let m = l.pow(t, r);
2146
+ const g = (r + Be) / je;
2174
2147
  return function(v, U) {
2175
2148
  if (v.is0(U))
2176
2149
  return U;
2177
2150
  if (Zt(v, U) !== 1)
2178
2151
  throw new Error("Cannot find square root");
2179
- let H = c, V = v.mul(v.ONE, m), E = v.pow(U, n), b = v.pow(U, g);
2152
+ let H = c, k = v.mul(v.ONE, m), E = v.pow(U, r), b = v.pow(U, g);
2180
2153
  for (; !v.eql(E, v.ONE); ) {
2181
2154
  if (v.is0(E))
2182
2155
  return v.ZERO;
@@ -2184,14 +2157,14 @@ function en(e) {
2184
2157
  for (; !v.eql(A, v.ONE); )
2185
2158
  if (S++, A = v.sqr(A), S === H)
2186
2159
  throw new Error("Cannot find square root");
2187
- const M = Be << BigInt(H - S - 1), Q = v.pow(V, M);
2188
- H = S, V = v.sqr(Q), E = v.mul(E, V), b = v.mul(b, Q);
2160
+ const M = Be << BigInt(H - S - 1), Q = v.pow(k, M);
2161
+ H = S, k = v.sqr(Q), E = v.mul(E, k), b = v.mul(b, Q);
2189
2162
  }
2190
2163
  return b;
2191
2164
  };
2192
2165
  }
2193
2166
  function qn(e) {
2194
- return e % Wt === Gt ? $t : e % Jt === Qt ? Rn : e % Ft === Tn ? xn(e) : en(e);
2167
+ return e % Wt === Gt ? $t : e % Jt === Qt ? On : e % Ft === xn ? Rn(e) : en(e);
2195
2168
  }
2196
2169
  const In = [
2197
2170
  "create",
@@ -2213,74 +2186,74 @@ const In = [
2213
2186
  "sqrN"
2214
2187
  ];
2215
2188
  function Nn(e) {
2216
- const n = {
2189
+ const r = {
2217
2190
  ORDER: "bigint",
2218
2191
  MASK: "bigint",
2219
2192
  BYTES: "number",
2220
2193
  BITS: "number"
2221
- }, c = In.reduce((t, u) => (t[u] = "function", t), n);
2194
+ }, c = In.reduce((t, l) => (t[l] = "function", t), r);
2222
2195
  return gt(e, c), e;
2223
2196
  }
2224
- function An(e, n, c) {
2225
- if (c < Oe)
2197
+ function An(e, r, c) {
2198
+ if (c < Te)
2226
2199
  throw new Error("invalid exponent, negatives unsupported");
2227
- if (c === Oe)
2200
+ if (c === Te)
2228
2201
  return e.ONE;
2229
2202
  if (c === Be)
2230
- return n;
2231
- let t = e.ONE, u = n;
2232
- for (; c > Oe; )
2233
- c & Be && (t = e.mul(t, u)), u = e.sqr(u), c >>= Be;
2203
+ return r;
2204
+ let t = e.ONE, l = r;
2205
+ for (; c > Te; )
2206
+ c & Be && (t = e.mul(t, l)), l = e.sqr(l), c >>= Be;
2234
2207
  return t;
2235
2208
  }
2236
- function tn(e, n, c = !1) {
2237
- const t = new Array(n.length).fill(c ? e.ZERO : void 0), u = n.reduce((g, p, v) => e.is0(p) ? g : (t[v] = g, e.mul(g, p)), e.ONE), m = e.inv(u);
2238
- return n.reduceRight((g, p, v) => e.is0(p) ? g : (t[v] = e.mul(g, t[v]), e.mul(g, p)), m), t;
2209
+ function tn(e, r, c = !1) {
2210
+ const t = new Array(r.length).fill(c ? e.ZERO : void 0), l = r.reduce((g, p, v) => e.is0(p) ? g : (t[v] = g, e.mul(g, p)), e.ONE), m = e.inv(l);
2211
+ return r.reduceRight((g, p, v) => e.is0(p) ? g : (t[v] = e.mul(g, t[v]), e.mul(g, p)), m), t;
2239
2212
  }
2240
- function Zt(e, n) {
2241
- const c = (e.ORDER - Be) / je, t = e.pow(n, c), u = e.eql(t, e.ONE), m = e.eql(t, e.ZERO), g = e.eql(t, e.neg(e.ONE));
2242
- if (!u && !m && !g)
2213
+ function Zt(e, r) {
2214
+ const c = (e.ORDER - Be) / je, t = e.pow(r, c), l = e.eql(t, e.ONE), m = e.eql(t, e.ZERO), g = e.eql(t, e.neg(e.ONE));
2215
+ if (!l && !m && !g)
2243
2216
  throw new Error("invalid Legendre symbol result");
2244
- return u ? 1 : m ? 0 : -1;
2217
+ return l ? 1 : m ? 0 : -1;
2245
2218
  }
2246
- function nn(e, n) {
2247
- n !== void 0 && yn(n);
2248
- const c = n !== void 0 ? n : e.toString(2).length, t = Math.ceil(c / 8);
2219
+ function nn(e, r) {
2220
+ r !== void 0 && yn(r);
2221
+ const c = r !== void 0 ? r : e.toString(2).length, t = Math.ceil(c / 8);
2249
2222
  return { nBitLength: c, nByteLength: t };
2250
2223
  }
2251
- function ze(e, n, c = !1, t = {}) {
2252
- if (e <= Oe)
2224
+ function De(e, r, c = !1, t = {}) {
2225
+ if (e <= Te)
2253
2226
  throw new Error("invalid field: expected ORDER > 0, got " + e);
2254
- let u, m, g = !1, p;
2255
- if (typeof n == "object" && n != null) {
2227
+ let l, m, g = !1, p;
2228
+ if (typeof r == "object" && r != null) {
2256
2229
  if (t.sqrt || c)
2257
2230
  throw new Error("cannot specify opts in two arguments");
2258
- const E = n;
2259
- E.BITS && (u = E.BITS), E.sqrt && (m = E.sqrt), typeof E.isLE == "boolean" && (c = E.isLE), typeof E.modFromBytes == "boolean" && (g = E.modFromBytes), p = E.allowedLengths;
2231
+ const E = r;
2232
+ E.BITS && (l = E.BITS), E.sqrt && (m = E.sqrt), typeof E.isLE == "boolean" && (c = E.isLE), typeof E.modFromBytes == "boolean" && (g = E.modFromBytes), p = E.allowedLengths;
2260
2233
  } else
2261
- typeof n == "number" && (u = n), t.sqrt && (m = t.sqrt);
2262
- const { nBitLength: v, nByteLength: U } = nn(e, u);
2234
+ typeof r == "number" && (l = r), t.sqrt && (m = t.sqrt);
2235
+ const { nBitLength: v, nByteLength: U } = nn(e, l);
2263
2236
  if (U > 2048)
2264
2237
  throw new Error("invalid field: expected ORDER of <= 2048 bytes");
2265
2238
  let H;
2266
- const V = Object.freeze({
2239
+ const k = Object.freeze({
2267
2240
  ORDER: e,
2268
2241
  isLE: c,
2269
2242
  BITS: v,
2270
2243
  BYTES: U,
2271
- MASK: De(v),
2272
- ZERO: Oe,
2244
+ MASK: ze(v),
2245
+ ZERO: Te,
2273
2246
  ONE: Be,
2274
2247
  allowedLengths: p,
2275
2248
  create: (E) => qe(E, e),
2276
2249
  isValid: (E) => {
2277
2250
  if (typeof E != "bigint")
2278
2251
  throw new Error("invalid field element: expected bigint, got " + typeof E);
2279
- return Oe <= E && E < e;
2252
+ return Te <= E && E < e;
2280
2253
  },
2281
- is0: (E) => E === Oe,
2254
+ is0: (E) => E === Te,
2282
2255
  // is valid and invertible
2283
- isValidNot0: (E) => !V.is0(E) && V.isValid(E),
2256
+ isValidNot0: (E) => !k.is0(E) && k.isValid(E),
2284
2257
  isOdd: (E) => (E & Be) === Be,
2285
2258
  neg: (E) => qe(-E, e),
2286
2259
  eql: (E, b) => E === b,
@@ -2288,7 +2261,7 @@ function ze(e, n, c = !1, t = {}) {
2288
2261
  add: (E, b) => qe(E + b, e),
2289
2262
  sub: (E, b) => qe(E - b, e),
2290
2263
  mul: (E, b) => qe(E * b, e),
2291
- pow: (E, b) => An(V, E, b),
2264
+ pow: (E, b) => An(k, E, b),
2292
2265
  div: (E, b) => qe(E * Ut(b, e), e),
2293
2266
  // Same as above, but doesn't normalize
2294
2267
  sqrN: (E) => E * E,
@@ -2296,7 +2269,7 @@ function ze(e, n, c = !1, t = {}) {
2296
2269
  subN: (E, b) => E - b,
2297
2270
  mulN: (E, b) => E * b,
2298
2271
  inv: (E) => Ut(E, e),
2299
- sqrt: m || ((E) => (H || (H = qn(e)), H(V, E))),
2272
+ sqrt: m || ((E) => (H || (H = qn(e)), H(k, E))),
2300
2273
  toBytes: (E) => c ? Pt(E, U) : wt(E, U),
2301
2274
  fromBytes: (E, b = !0) => {
2302
2275
  if (p) {
@@ -2308,73 +2281,73 @@ function ze(e, n, c = !1, t = {}) {
2308
2281
  if (E.length !== U)
2309
2282
  throw new Error("Field.fromBytes: expected " + U + " bytes, got " + E.length);
2310
2283
  let S = c ? Yt(E) : et(E);
2311
- if (g && (S = qe(S, e)), !b && !V.isValid(S))
2284
+ if (g && (S = qe(S, e)), !b && !k.isValid(S))
2312
2285
  throw new Error("invalid field element: outside of range 0..ORDER");
2313
2286
  return S;
2314
2287
  },
2315
2288
  // TODO: we don't need it here, move out to separate fn
2316
- invertBatch: (E) => tn(V, E),
2289
+ invertBatch: (E) => tn(k, E),
2317
2290
  // We can't move this out because Fp6, Fp12 implement it
2318
2291
  // and it's unclear what to return in there.
2319
2292
  cmov: (E, b, S) => S ? b : E
2320
2293
  });
2321
- return Object.freeze(V);
2294
+ return Object.freeze(k);
2322
2295
  }
2323
2296
  function rn(e) {
2324
2297
  if (typeof e != "bigint")
2325
2298
  throw new Error("field order must be bigint");
2326
- const n = e.toString(2).length;
2327
- return Math.ceil(n / 8);
2299
+ const r = e.toString(2).length;
2300
+ return Math.ceil(r / 8);
2328
2301
  }
2329
2302
  function on(e) {
2330
- const n = rn(e);
2331
- return n + Math.ceil(n / 2);
2303
+ const r = rn(e);
2304
+ return r + Math.ceil(r / 2);
2332
2305
  }
2333
- function Un(e, n, c = !1) {
2334
- const t = e.length, u = rn(n), m = on(n);
2306
+ function Un(e, r, c = !1) {
2307
+ const t = e.length, l = rn(r), m = on(r);
2335
2308
  if (t < 16 || t < m || t > 1024)
2336
2309
  throw new Error("expected " + m + "-1024 bytes of input, got " + t);
2337
- const g = c ? Yt(e) : et(e), p = qe(g, n - Be) + Be;
2338
- return c ? Pt(p, u) : wt(p, u);
2339
- }
2340
- const ke = BigInt(0), Le = BigInt(1);
2341
- function Fe(e, n) {
2342
- const c = n.negate();
2343
- return e ? c : n;
2344
- }
2345
- function it(e, n) {
2346
- const c = tn(e.Fp, n.map((t) => t.Z));
2347
- return n.map((t, u) => e.fromAffine(t.toAffine(c[u])));
2348
- }
2349
- function sn(e, n) {
2350
- if (!Number.isSafeInteger(e) || e <= 0 || e > n)
2351
- throw new Error("invalid window size, expected [1.." + n + "], got W=" + e);
2352
- }
2353
- function ct(e, n) {
2354
- sn(e, n);
2355
- const c = Math.ceil(n / e) + 1, t = 2 ** (e - 1), u = 2 ** e, m = De(e), g = BigInt(e);
2356
- return { windows: c, windowSize: t, mask: m, maxNumber: u, shiftBy: g };
2357
- }
2358
- function jt(e, n, c) {
2359
- const { windowSize: t, mask: u, maxNumber: m, shiftBy: g } = c;
2360
- let p = Number(e & u), v = e >> g;
2310
+ const g = c ? Yt(e) : et(e), p = qe(g, r - Be) + Be;
2311
+ return c ? Pt(p, l) : wt(p, l);
2312
+ }
2313
+ const Ve = BigInt(0), Le = BigInt(1);
2314
+ function Fe(e, r) {
2315
+ const c = r.negate();
2316
+ return e ? c : r;
2317
+ }
2318
+ function it(e, r) {
2319
+ const c = tn(e.Fp, r.map((t) => t.Z));
2320
+ return r.map((t, l) => e.fromAffine(t.toAffine(c[l])));
2321
+ }
2322
+ function sn(e, r) {
2323
+ if (!Number.isSafeInteger(e) || e <= 0 || e > r)
2324
+ throw new Error("invalid window size, expected [1.." + r + "], got W=" + e);
2325
+ }
2326
+ function ct(e, r) {
2327
+ sn(e, r);
2328
+ const c = Math.ceil(r / e) + 1, t = 2 ** (e - 1), l = 2 ** e, m = ze(e), g = BigInt(e);
2329
+ return { windows: c, windowSize: t, mask: m, maxNumber: l, shiftBy: g };
2330
+ }
2331
+ function jt(e, r, c) {
2332
+ const { windowSize: t, mask: l, maxNumber: m, shiftBy: g } = c;
2333
+ let p = Number(e & l), v = e >> g;
2361
2334
  p > t && (p -= m, v += Le);
2362
- const U = n * t, H = U + Math.abs(p) - 1, V = p === 0, E = p < 0, b = n % 2 !== 0;
2363
- return { nextN: v, offset: H, isZero: V, isNeg: E, isNegF: b, offsetF: U };
2335
+ const U = r * t, H = U + Math.abs(p) - 1, k = p === 0, E = p < 0, b = r % 2 !== 0;
2336
+ return { nextN: v, offset: H, isZero: k, isNeg: E, isNegF: b, offsetF: U };
2364
2337
  }
2365
- function Zn(e, n) {
2338
+ function Zn(e, r) {
2366
2339
  if (!Array.isArray(e))
2367
2340
  throw new Error("array expected");
2368
2341
  e.forEach((c, t) => {
2369
- if (!(c instanceof n))
2342
+ if (!(c instanceof r))
2370
2343
  throw new Error("invalid point at index " + t);
2371
2344
  });
2372
2345
  }
2373
- function jn(e, n) {
2346
+ function jn(e, r) {
2374
2347
  if (!Array.isArray(e))
2375
2348
  throw new Error("array of scalars expected");
2376
2349
  e.forEach((c, t) => {
2377
- if (!n.isValid(c))
2350
+ if (!r.isValid(c))
2378
2351
  throw new Error("invalid scalar at index " + t);
2379
2352
  });
2380
2353
  }
@@ -2383,19 +2356,19 @@ function ft(e) {
2383
2356
  return cn.get(e) || 1;
2384
2357
  }
2385
2358
  function Lt(e) {
2386
- if (e !== ke)
2359
+ if (e !== Ve)
2387
2360
  throw new Error("invalid wNAF");
2388
2361
  }
2389
2362
  class Ln {
2390
2363
  // Parametrized with a given Point class (not individual point)
2391
- constructor(n, c) {
2392
- this.BASE = n.BASE, this.ZERO = n.ZERO, this.Fn = n.Fn, this.bits = c;
2364
+ constructor(r, c) {
2365
+ this.BASE = r.BASE, this.ZERO = r.ZERO, this.Fn = r.Fn, this.bits = c;
2393
2366
  }
2394
2367
  // non-const time multiplication ladder
2395
- _unsafeLadder(n, c, t = this.ZERO) {
2396
- let u = n;
2397
- for (; c > ke; )
2398
- c & Le && (t = t.add(u)), u = u.double(), c >>= Le;
2368
+ _unsafeLadder(r, c, t = this.ZERO) {
2369
+ let l = r;
2370
+ for (; c > Ve; )
2371
+ c & Le && (t = t.add(l)), l = l.double(), c >>= Le;
2399
2372
  return t;
2400
2373
  }
2401
2374
  /**
@@ -2410,12 +2383,12 @@ class Ln {
2410
2383
  * @param W window size
2411
2384
  * @returns precomputed point tables flattened to a single array
2412
2385
  */
2413
- precomputeWindow(n, c) {
2414
- const { windows: t, windowSize: u } = ct(c, this.bits), m = [];
2415
- let g = n, p = g;
2386
+ precomputeWindow(r, c) {
2387
+ const { windows: t, windowSize: l } = ct(c, this.bits), m = [];
2388
+ let g = r, p = g;
2416
2389
  for (let v = 0; v < t; v++) {
2417
2390
  p = g, m.push(p);
2418
- for (let U = 1; U < u; U++)
2391
+ for (let U = 1; U < l; U++)
2419
2392
  p = p.add(g), m.push(p);
2420
2393
  g = p.double();
2421
2394
  }
@@ -2427,72 +2400,72 @@ class Ln {
2427
2400
  * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
2428
2401
  * @returns real and fake (for const-time) points
2429
2402
  */
2430
- wNAF(n, c, t) {
2403
+ wNAF(r, c, t) {
2431
2404
  if (!this.Fn.isValid(t))
2432
2405
  throw new Error("invalid scalar");
2433
- let u = this.ZERO, m = this.BASE;
2434
- const g = ct(n, this.bits);
2406
+ let l = this.ZERO, m = this.BASE;
2407
+ const g = ct(r, this.bits);
2435
2408
  for (let p = 0; p < g.windows; p++) {
2436
- const { nextN: v, offset: U, isZero: H, isNeg: V, isNegF: E, offsetF: b } = jt(t, p, g);
2437
- t = v, H ? m = m.add(Fe(E, c[b])) : u = u.add(Fe(V, c[U]));
2409
+ const { nextN: v, offset: U, isZero: H, isNeg: k, isNegF: E, offsetF: b } = jt(t, p, g);
2410
+ t = v, H ? m = m.add(Fe(E, c[b])) : l = l.add(Fe(k, c[U]));
2438
2411
  }
2439
- return Lt(t), { p: u, f: m };
2412
+ return Lt(t), { p: l, f: m };
2440
2413
  }
2441
2414
  /**
2442
2415
  * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
2443
2416
  * @param acc accumulator point to add result of multiplication
2444
2417
  * @returns point
2445
2418
  */
2446
- wNAFUnsafe(n, c, t, u = this.ZERO) {
2447
- const m = ct(n, this.bits);
2448
- for (let g = 0; g < m.windows && t !== ke; g++) {
2419
+ wNAFUnsafe(r, c, t, l = this.ZERO) {
2420
+ const m = ct(r, this.bits);
2421
+ for (let g = 0; g < m.windows && t !== Ve; g++) {
2449
2422
  const { nextN: p, offset: v, isZero: U, isNeg: H } = jt(t, g, m);
2450
2423
  if (t = p, !U) {
2451
- const V = c[v];
2452
- u = u.add(H ? V.negate() : V);
2424
+ const k = c[v];
2425
+ l = l.add(H ? k.negate() : k);
2453
2426
  }
2454
2427
  }
2455
- return Lt(t), u;
2428
+ return Lt(t), l;
2456
2429
  }
2457
- getPrecomputes(n, c, t) {
2458
- let u = at.get(c);
2459
- return u || (u = this.precomputeWindow(c, n), n !== 1 && (typeof t == "function" && (u = t(u)), at.set(c, u))), u;
2430
+ getPrecomputes(r, c, t) {
2431
+ let l = at.get(c);
2432
+ return l || (l = this.precomputeWindow(c, r), r !== 1 && (typeof t == "function" && (l = t(l)), at.set(c, l))), l;
2460
2433
  }
2461
- cached(n, c, t) {
2462
- const u = ft(n);
2463
- return this.wNAF(u, this.getPrecomputes(u, n, t), c);
2434
+ cached(r, c, t) {
2435
+ const l = ft(r);
2436
+ return this.wNAF(l, this.getPrecomputes(l, r, t), c);
2464
2437
  }
2465
- unsafe(n, c, t, u) {
2466
- const m = ft(n);
2467
- return m === 1 ? this._unsafeLadder(n, c, u) : this.wNAFUnsafe(m, this.getPrecomputes(m, n, t), c, u);
2438
+ unsafe(r, c, t, l) {
2439
+ const m = ft(r);
2440
+ return m === 1 ? this._unsafeLadder(r, c, l) : this.wNAFUnsafe(m, this.getPrecomputes(m, r, t), c, l);
2468
2441
  }
2469
2442
  // We calculate precomputes for elliptic curve point multiplication
2470
2443
  // using windowed method. This specifies window size and
2471
2444
  // stores precomputed values. Usually only base point would be precomputed.
2472
- createCache(n, c) {
2473
- sn(c, this.bits), cn.set(n, c), at.delete(n);
2445
+ createCache(r, c) {
2446
+ sn(c, this.bits), cn.set(r, c), at.delete(r);
2474
2447
  }
2475
- hasCache(n) {
2476
- return ft(n) !== 1;
2448
+ hasCache(r) {
2449
+ return ft(r) !== 1;
2477
2450
  }
2478
2451
  }
2479
- function Hn(e, n, c, t) {
2480
- let u = n, m = e.ZERO, g = e.ZERO;
2481
- for (; c > ke || t > ke; )
2482
- c & Le && (m = m.add(u)), t & Le && (g = g.add(u)), u = u.double(), c >>= Le, t >>= Le;
2452
+ function Hn(e, r, c, t) {
2453
+ let l = r, m = e.ZERO, g = e.ZERO;
2454
+ for (; c > Ve || t > Ve; )
2455
+ c & Le && (m = m.add(l)), t & Le && (g = g.add(l)), l = l.double(), c >>= Le, t >>= Le;
2483
2456
  return { p1: m, p2: g };
2484
2457
  }
2485
- function Mn(e, n, c, t) {
2486
- Zn(c, e), jn(t, n);
2487
- const u = c.length, m = t.length;
2488
- if (u !== m)
2458
+ function Mn(e, r, c, t) {
2459
+ Zn(c, e), jn(t, r);
2460
+ const l = c.length, m = t.length;
2461
+ if (l !== m)
2489
2462
  throw new Error("arrays of points and scalars must have equal length");
2490
- const g = e.ZERO, p = Xt(BigInt(u));
2463
+ const g = e.ZERO, p = Xt(BigInt(l));
2491
2464
  let v = 1;
2492
2465
  p > 12 ? v = p - 3 : p > 4 ? v = p - 2 : p > 0 && (v = 2);
2493
- const U = De(v), H = new Array(Number(U) + 1).fill(g), V = Math.floor((n.BITS - 1) / v) * v;
2466
+ const U = ze(v), H = new Array(Number(U) + 1).fill(g), k = Math.floor((r.BITS - 1) / v) * v;
2494
2467
  let E = g;
2495
- for (let b = V; b >= 0; b -= v) {
2468
+ for (let b = k; b >= 0; b -= v) {
2496
2469
  H.fill(g);
2497
2470
  for (let A = 0; A < m; A++) {
2498
2471
  const M = t[A], Q = Number(M >> BigInt(b) & U);
@@ -2507,53 +2480,53 @@ function Mn(e, n, c, t) {
2507
2480
  }
2508
2481
  return E;
2509
2482
  }
2510
- function Ht(e, n, c) {
2511
- if (n) {
2512
- if (n.ORDER !== e)
2483
+ function Ht(e, r, c) {
2484
+ if (r) {
2485
+ if (r.ORDER !== e)
2513
2486
  throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
2514
- return Nn(n), n;
2487
+ return Nn(r), r;
2515
2488
  } else
2516
- return ze(e, { isLE: c });
2489
+ return De(e, { isLE: c });
2517
2490
  }
2518
- function Vn(e, n, c = {}, t) {
2519
- if (t === void 0 && (t = e === "edwards"), !n || typeof n != "object")
2491
+ function kn(e, r, c = {}, t) {
2492
+ if (t === void 0 && (t = e === "edwards"), !r || typeof r != "object")
2520
2493
  throw new Error(`expected valid ${e} CURVE object`);
2521
2494
  for (const v of ["p", "n", "h"]) {
2522
- const U = n[v];
2523
- if (!(typeof U == "bigint" && U > ke))
2495
+ const U = r[v];
2496
+ if (!(typeof U == "bigint" && U > Ve))
2524
2497
  throw new Error(`CURVE.${v} must be positive bigint`);
2525
2498
  }
2526
- const u = Ht(n.p, c.Fp, t), m = Ht(n.n, c.Fn, t), p = ["Gx", "Gy", "a", "b"];
2499
+ const l = Ht(r.p, c.Fp, t), m = Ht(r.n, c.Fn, t), p = ["Gx", "Gy", "a", "b"];
2527
2500
  for (const v of p)
2528
- if (!u.isValid(n[v]))
2501
+ if (!l.isValid(r[v]))
2529
2502
  throw new Error(`CURVE.${v} must be valid field element of CURVE.Fp`);
2530
- return n = Object.freeze(Object.assign({}, n)), { CURVE: n, Fp: u, Fn: m };
2531
- }
2532
- const Mt = (e, n) => (e + (e >= 0 ? n : -n) / an) / n;
2533
- function kn(e, n, c) {
2534
- const [[t, u], [m, g]] = n, p = Mt(g * e, c), v = Mt(-u * e, c);
2535
- let U = e - p * t - v * m, H = -p * u - v * g;
2536
- const V = U < Ne, E = H < Ne;
2537
- V && (U = -U), E && (H = -H);
2538
- const b = De(Math.ceil(Xt(c) / 2)) + Ve;
2503
+ return r = Object.freeze(Object.assign({}, r)), { CURVE: r, Fp: l, Fn: m };
2504
+ }
2505
+ const Mt = (e, r) => (e + (e >= 0 ? r : -r) / an) / r;
2506
+ function Vn(e, r, c) {
2507
+ const [[t, l], [m, g]] = r, p = Mt(g * e, c), v = Mt(-l * e, c);
2508
+ let U = e - p * t - v * m, H = -p * l - v * g;
2509
+ const k = U < Ne, E = H < Ne;
2510
+ k && (U = -U), E && (H = -H);
2511
+ const b = ze(Math.ceil(Xt(c) / 2)) + ke;
2539
2512
  if (U < Ne || U >= b || H < Ne || H >= b)
2540
2513
  throw new Error("splitScalar (endomorphism): failed, k=" + e);
2541
- return { k1neg: V, k1: U, k2neg: E, k2: H };
2514
+ return { k1neg: k, k1: U, k2neg: E, k2: H };
2542
2515
  }
2543
2516
  function dt(e) {
2544
2517
  if (!["compact", "recovered", "der"].includes(e))
2545
2518
  throw new Error('Signature format must be "compact", "recovered", or "der"');
2546
2519
  return e;
2547
2520
  }
2548
- function ut(e, n) {
2521
+ function ut(e, r) {
2549
2522
  const c = {};
2550
- for (let t of Object.keys(n))
2551
- c[t] = e[t] === void 0 ? n[t] : e[t];
2523
+ for (let t of Object.keys(r))
2524
+ c[t] = e[t] === void 0 ? r[t] : e[t];
2552
2525
  return Je(c.lowS, "lowS"), Je(c.prehash, "prehash"), c.format !== void 0 && dt(c.format), c;
2553
2526
  }
2554
2527
  class Cn extends Error {
2555
- constructor(n = "") {
2556
- super(n);
2528
+ constructor(r = "") {
2529
+ super(r);
2557
2530
  }
2558
2531
  }
2559
2532
  const Ie = {
@@ -2561,37 +2534,37 @@ const Ie = {
2561
2534
  Err: Cn,
2562
2535
  // Basic building block is TLV (Tag-Length-Value)
2563
2536
  _tlv: {
2564
- encode: (e, n) => {
2537
+ encode: (e, r) => {
2565
2538
  const { Err: c } = Ie;
2566
2539
  if (e < 0 || e > 256)
2567
2540
  throw new c("tlv.encode: wrong tag");
2568
- if (n.length & 1)
2541
+ if (r.length & 1)
2569
2542
  throw new c("tlv.encode: unpadded data");
2570
- const t = n.length / 2, u = Xe(t);
2571
- if (u.length / 2 & 128)
2543
+ const t = r.length / 2, l = Xe(t);
2544
+ if (l.length / 2 & 128)
2572
2545
  throw new c("tlv.encode: long form length too big");
2573
- const m = t > 127 ? Xe(u.length / 2 | 128) : "";
2574
- return Xe(e) + m + u + n;
2546
+ const m = t > 127 ? Xe(l.length / 2 | 128) : "";
2547
+ return Xe(e) + m + l + r;
2575
2548
  },
2576
2549
  // v - value, l - left bytes (unparsed)
2577
- decode(e, n) {
2550
+ decode(e, r) {
2578
2551
  const { Err: c } = Ie;
2579
2552
  let t = 0;
2580
2553
  if (e < 0 || e > 256)
2581
2554
  throw new c("tlv.encode: wrong tag");
2582
- if (n.length < 2 || n[t++] !== e)
2555
+ if (r.length < 2 || r[t++] !== e)
2583
2556
  throw new c("tlv.decode: wrong tlv");
2584
- const u = n[t++], m = !!(u & 128);
2557
+ const l = r[t++], m = !!(l & 128);
2585
2558
  let g = 0;
2586
2559
  if (!m)
2587
- g = u;
2560
+ g = l;
2588
2561
  else {
2589
- const v = u & 127;
2562
+ const v = l & 127;
2590
2563
  if (!v)
2591
2564
  throw new c("tlv.decode(long): indefinite length not supported");
2592
2565
  if (v > 4)
2593
2566
  throw new c("tlv.decode(long): byte length is too big");
2594
- const U = n.subarray(t, t + v);
2567
+ const U = r.subarray(t, t + v);
2595
2568
  if (U.length !== v)
2596
2569
  throw new c("tlv.decode: length bytes not complete");
2597
2570
  if (U[0] === 0)
@@ -2601,10 +2574,10 @@ const Ie = {
2601
2574
  if (t += v, g < 128)
2602
2575
  throw new c("tlv.decode(long): not minimal encoding");
2603
2576
  }
2604
- const p = n.subarray(t, t + g);
2577
+ const p = r.subarray(t, t + g);
2605
2578
  if (p.length !== g)
2606
2579
  throw new c("tlv.decode: wrong value length");
2607
- return { v: p, l: n.subarray(t + g) };
2580
+ return { v: p, l: r.subarray(t + g) };
2608
2581
  }
2609
2582
  },
2610
2583
  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
@@ -2613,59 +2586,59 @@ const Ie = {
2613
2586
  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
2614
2587
  _int: {
2615
2588
  encode(e) {
2616
- const { Err: n } = Ie;
2589
+ const { Err: r } = Ie;
2617
2590
  if (e < Ne)
2618
- throw new n("integer: negative integers are not allowed");
2591
+ throw new r("integer: negative integers are not allowed");
2619
2592
  let c = Xe(e);
2620
2593
  if (Number.parseInt(c[0], 16) & 8 && (c = "00" + c), c.length & 1)
2621
- throw new n("unexpected DER parsing assertion: unpadded hex");
2594
+ throw new r("unexpected DER parsing assertion: unpadded hex");
2622
2595
  return c;
2623
2596
  },
2624
2597
  decode(e) {
2625
- const { Err: n } = Ie;
2598
+ const { Err: r } = Ie;
2626
2599
  if (e[0] & 128)
2627
- throw new n("invalid signature integer: negative");
2600
+ throw new r("invalid signature integer: negative");
2628
2601
  if (e[0] === 0 && !(e[1] & 128))
2629
- throw new n("invalid signature integer: unnecessary leading zero");
2602
+ throw new r("invalid signature integer: unnecessary leading zero");
2630
2603
  return et(e);
2631
2604
  }
2632
2605
  },
2633
2606
  toSig(e) {
2634
- const { Err: n, _int: c, _tlv: t } = Ie, u = Se("signature", e), { v: m, l: g } = t.decode(48, u);
2607
+ const { Err: r, _int: c, _tlv: t } = Ie, l = Se("signature", e), { v: m, l: g } = t.decode(48, l);
2635
2608
  if (g.length)
2636
- throw new n("invalid signature: left bytes after parsing");
2609
+ throw new r("invalid signature: left bytes after parsing");
2637
2610
  const { v: p, l: v } = t.decode(2, m), { v: U, l: H } = t.decode(2, v);
2638
2611
  if (H.length)
2639
- throw new n("invalid signature: left bytes after parsing");
2612
+ throw new r("invalid signature: left bytes after parsing");
2640
2613
  return { r: c.decode(p), s: c.decode(U) };
2641
2614
  },
2642
2615
  hexFromSig(e) {
2643
- const { _tlv: n, _int: c } = Ie, t = n.encode(2, c.encode(e.r)), u = n.encode(2, c.encode(e.s)), m = t + u;
2644
- return n.encode(48, m);
2616
+ const { _tlv: r, _int: c } = Ie, t = r.encode(2, c.encode(e.r)), l = r.encode(2, c.encode(e.s)), m = t + l;
2617
+ return r.encode(48, m);
2645
2618
  }
2646
- }, Ne = BigInt(0), Ve = BigInt(1), an = BigInt(2), Ge = BigInt(3), Kn = BigInt(4);
2647
- function He(e, n) {
2619
+ }, Ne = BigInt(0), ke = BigInt(1), an = BigInt(2), Ge = BigInt(3), Kn = BigInt(4);
2620
+ function He(e, r) {
2648
2621
  const { BYTES: c } = e;
2649
2622
  let t;
2650
- if (typeof n == "bigint")
2651
- t = n;
2623
+ if (typeof r == "bigint")
2624
+ t = r;
2652
2625
  else {
2653
- let u = Se("private key", n);
2626
+ let l = Se("private key", r);
2654
2627
  try {
2655
- t = e.fromBytes(u);
2628
+ t = e.fromBytes(l);
2656
2629
  } catch {
2657
- throw new Error(`invalid private key: expected ui8a of size ${c}, got ${typeof n}`);
2630
+ throw new Error(`invalid private key: expected ui8a of size ${c}, got ${typeof r}`);
2658
2631
  }
2659
2632
  }
2660
2633
  if (!e.isValidNot0(t))
2661
2634
  throw new Error("invalid private key: out of range [1..N-1]");
2662
2635
  return t;
2663
2636
  }
2664
- function Dn(e, n = {}) {
2665
- const c = Vn("weierstrass", e, n), { Fp: t, Fn: u } = c;
2637
+ function zn(e, r = {}) {
2638
+ const c = kn("weierstrass", e, r), { Fp: t, Fn: l } = c;
2666
2639
  let m = c.CURVE;
2667
2640
  const { h: g, n: p } = m;
2668
- gt(n, {}, {
2641
+ gt(r, {}, {
2669
2642
  allowInfinityPoint: "boolean",
2670
2643
  clearCofactor: "function",
2671
2644
  isTorsionFree: "function",
@@ -2674,27 +2647,27 @@ function Dn(e, n = {}) {
2674
2647
  endo: "object",
2675
2648
  wrapPrivateKey: "boolean"
2676
2649
  });
2677
- const { endo: v } = n;
2650
+ const { endo: v } = r;
2678
2651
  if (v && (!t.is0(m.a) || typeof v.beta != "bigint" || !Array.isArray(v.basises)))
2679
2652
  throw new Error('invalid endo: expected "beta": bigint and "basises": array');
2680
- const U = un(t, u);
2653
+ const U = un(t, l);
2681
2654
  function H() {
2682
2655
  if (!t.isOdd)
2683
2656
  throw new Error("compression is not supported: Field does not have .isOdd()");
2684
2657
  }
2685
- function V(D, d, l) {
2686
- const { x: r, y: a } = d.toAffine(), i = t.toBytes(r);
2687
- if (Je(l, "isCompressed"), l) {
2658
+ function k(z, d, u) {
2659
+ const { x: n, y: a } = d.toAffine(), i = t.toBytes(n);
2660
+ if (Je(u, "isCompressed"), u) {
2688
2661
  H();
2689
2662
  const o = !t.isOdd(a);
2690
2663
  return Ae(fn(o), i);
2691
2664
  } else
2692
2665
  return Ae(Uint8Array.of(4), i, t.toBytes(a));
2693
2666
  }
2694
- function E(D) {
2695
- Ze(D, void 0, "Point");
2696
- const { publicKey: d, publicKeyUncompressed: l } = U, r = D.length, a = D[0], i = D.subarray(1);
2697
- if (r === d && (a === 2 || a === 3)) {
2667
+ function E(z) {
2668
+ Ze(z, void 0, "Point");
2669
+ const { publicKey: d, publicKeyUncompressed: u } = U, n = z.length, a = z[0], i = z.subarray(1);
2670
+ if (n === d && (a === 2 || a === 3)) {
2698
2671
  const o = t.fromBytes(i);
2699
2672
  if (!t.isValid(o))
2700
2673
  throw new Error("bad point: is not on curve, wrong x");
@@ -2709,92 +2682,92 @@ function Dn(e, n = {}) {
2709
2682
  H();
2710
2683
  const s = t.isOdd(w);
2711
2684
  return (a & 1) === 1 !== s && (w = t.neg(w)), { x: o, y: w };
2712
- } else if (r === l && a === 4) {
2685
+ } else if (n === u && a === 4) {
2713
2686
  const o = t.BYTES, h = t.fromBytes(i.subarray(0, o)), w = t.fromBytes(i.subarray(o, o * 2));
2714
2687
  if (!M(h, w))
2715
2688
  throw new Error("bad point: is not on curve");
2716
2689
  return { x: h, y: w };
2717
2690
  } else
2718
- throw new Error(`bad point: got length ${r}, expected compressed=${d} or uncompressed=${l}`);
2691
+ throw new Error(`bad point: got length ${n}, expected compressed=${d} or uncompressed=${u}`);
2719
2692
  }
2720
- const b = n.toBytes || V, S = n.fromBytes || E;
2721
- function A(D) {
2722
- const d = t.sqr(D), l = t.mul(d, D);
2723
- return t.add(t.add(l, t.mul(D, m.a)), m.b);
2693
+ const b = r.toBytes || k, S = r.fromBytes || E;
2694
+ function A(z) {
2695
+ const d = t.sqr(z), u = t.mul(d, z);
2696
+ return t.add(t.add(u, t.mul(z, m.a)), m.b);
2724
2697
  }
2725
- function M(D, d) {
2726
- const l = t.sqr(d), r = A(D);
2727
- return t.eql(l, r);
2698
+ function M(z, d) {
2699
+ const u = t.sqr(d), n = A(z);
2700
+ return t.eql(u, n);
2728
2701
  }
2729
2702
  if (!M(m.Gx, m.Gy))
2730
2703
  throw new Error("bad curve params: generator point");
2731
2704
  const Q = t.mul(t.pow(m.a, Ge), Kn), F = t.mul(t.sqr(m.b), BigInt(27));
2732
2705
  if (t.is0(t.add(Q, F)))
2733
2706
  throw new Error("bad curve params: a or b");
2734
- function G(D, d, l = !1) {
2735
- if (!t.isValid(d) || l && t.is0(d))
2736
- throw new Error(`bad point coordinate ${D}`);
2707
+ function G(z, d, u = !1) {
2708
+ if (!t.isValid(d) || u && t.is0(d))
2709
+ throw new Error(`bad point coordinate ${z}`);
2737
2710
  return d;
2738
2711
  }
2739
- function se(D) {
2740
- if (!(D instanceof _))
2712
+ function se(z) {
2713
+ if (!(z instanceof _))
2741
2714
  throw new Error("ProjectivePoint expected");
2742
2715
  }
2743
- function ie(D) {
2716
+ function ie(z) {
2744
2717
  if (!v || !v.basises)
2745
2718
  throw new Error("no endo");
2746
- return kn(D, v.basises, u.ORDER);
2719
+ return Vn(z, v.basises, l.ORDER);
2747
2720
  }
2748
- const j = At((D, d) => {
2749
- const { X: l, Y: r, Z: a } = D;
2721
+ const j = At((z, d) => {
2722
+ const { X: u, Y: n, Z: a } = z;
2750
2723
  if (t.eql(a, t.ONE))
2751
- return { x: l, y: r };
2752
- const i = D.is0();
2724
+ return { x: u, y: n };
2725
+ const i = z.is0();
2753
2726
  d == null && (d = i ? t.ONE : t.inv(a));
2754
- const o = t.mul(l, d), h = t.mul(r, d), w = t.mul(a, d);
2727
+ const o = t.mul(u, d), h = t.mul(n, d), w = t.mul(a, d);
2755
2728
  if (i)
2756
2729
  return { x: t.ZERO, y: t.ZERO };
2757
2730
  if (!t.eql(w, t.ONE))
2758
2731
  throw new Error("invZ was invalid");
2759
2732
  return { x: o, y: h };
2760
- }), R = At((D) => {
2761
- if (D.is0()) {
2762
- if (n.allowInfinityPoint && !t.is0(D.Y))
2733
+ }), O = At((z) => {
2734
+ if (z.is0()) {
2735
+ if (r.allowInfinityPoint && !t.is0(z.Y))
2763
2736
  return;
2764
2737
  throw new Error("bad point: ZERO");
2765
2738
  }
2766
- const { x: d, y: l } = D.toAffine();
2767
- if (!t.isValid(d) || !t.isValid(l))
2739
+ const { x: d, y: u } = z.toAffine();
2740
+ if (!t.isValid(d) || !t.isValid(u))
2768
2741
  throw new Error("bad point: x or y not field elements");
2769
- if (!M(d, l))
2742
+ if (!M(d, u))
2770
2743
  throw new Error("bad point: equation left != right");
2771
- if (!D.isTorsionFree())
2744
+ if (!z.isTorsionFree())
2772
2745
  throw new Error("bad point: not in prime-order subgroup");
2773
2746
  return !0;
2774
2747
  });
2775
- function L(D, d, l, r, a) {
2776
- return l = new _(t.mul(l.X, D), l.Y, l.Z), d = Fe(r, d), l = Fe(a, l), d.add(l);
2748
+ function L(z, d, u, n, a) {
2749
+ return u = new _(t.mul(u.X, z), u.Y, u.Z), d = Fe(n, d), u = Fe(a, u), d.add(u);
2777
2750
  }
2778
2751
  class _ {
2779
2752
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
2780
- constructor(d, l, r) {
2781
- this.X = G("x", d), this.Y = G("y", l, !0), this.Z = G("z", r), Object.freeze(this);
2753
+ constructor(d, u, n) {
2754
+ this.X = G("x", d), this.Y = G("y", u, !0), this.Z = G("z", n), Object.freeze(this);
2782
2755
  }
2783
2756
  static CURVE() {
2784
2757
  return m;
2785
2758
  }
2786
2759
  /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
2787
2760
  static fromAffine(d) {
2788
- const { x: l, y: r } = d || {};
2789
- if (!d || !t.isValid(l) || !t.isValid(r))
2761
+ const { x: u, y: n } = d || {};
2762
+ if (!d || !t.isValid(u) || !t.isValid(n))
2790
2763
  throw new Error("invalid affine point");
2791
2764
  if (d instanceof _)
2792
2765
  throw new Error("projective point not allowed");
2793
- return t.is0(l) && t.is0(r) ? _.ZERO : new _(l, r, t.ONE);
2766
+ return t.is0(u) && t.is0(n) ? _.ZERO : new _(u, n, t.ONE);
2794
2767
  }
2795
2768
  static fromBytes(d) {
2796
- const l = _.fromAffine(S(Ze(d, void 0, "point")));
2797
- return l.assertValidity(), l;
2769
+ const u = _.fromAffine(S(Ze(d, void 0, "point")));
2770
+ return u.assertValidity(), u;
2798
2771
  }
2799
2772
  static fromHex(d) {
2800
2773
  return _.fromBytes(Se("pointHex", d));
@@ -2811,13 +2784,13 @@ function Dn(e, n = {}) {
2811
2784
  * @param isLazy true will defer table computation until the first multiplication
2812
2785
  * @returns
2813
2786
  */
2814
- precompute(d = 8, l = !0) {
2815
- return W.createCache(this, d), l || this.multiply(Ge), this;
2787
+ precompute(d = 8, u = !0) {
2788
+ return W.createCache(this, d), u || this.multiply(Ge), this;
2816
2789
  }
2817
2790
  // TODO: return `this`
2818
2791
  /** A point on curve is valid if it conforms to equation. */
2819
2792
  assertValidity() {
2820
- R(this);
2793
+ O(this);
2821
2794
  }
2822
2795
  hasEvenY() {
2823
2796
  const { y: d } = this.toAffine();
@@ -2828,7 +2801,7 @@ function Dn(e, n = {}) {
2828
2801
  /** Compare one point to another. */
2829
2802
  equals(d) {
2830
2803
  se(d);
2831
- const { X: l, Y: r, Z: a } = this, { X: i, Y: o, Z: h } = d, w = t.eql(t.mul(l, h), t.mul(i, a)), s = t.eql(t.mul(r, h), t.mul(o, a));
2804
+ const { X: u, Y: n, Z: a } = this, { X: i, Y: o, Z: h } = d, w = t.eql(t.mul(u, h), t.mul(i, a)), s = t.eql(t.mul(n, h), t.mul(o, a));
2832
2805
  return w && s;
2833
2806
  }
2834
2807
  /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
@@ -2840,9 +2813,9 @@ function Dn(e, n = {}) {
2840
2813
  // https://eprint.iacr.org/2015/1060, algorithm 3
2841
2814
  // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
2842
2815
  double() {
2843
- const { a: d, b: l } = m, r = t.mul(l, Ge), { X: a, Y: i, Z: o } = this;
2844
- let h = t.ZERO, w = t.ZERO, s = t.ZERO, f = t.mul(a, a), y = t.mul(i, i), B = t.mul(o, o), O = t.mul(a, i);
2845
- return O = t.add(O, O), s = t.mul(a, o), s = t.add(s, s), h = t.mul(d, s), w = t.mul(r, B), w = t.add(h, w), h = t.sub(y, w), w = t.add(y, w), w = t.mul(h, w), h = t.mul(O, h), s = t.mul(r, s), B = t.mul(d, B), O = t.sub(f, B), O = t.mul(d, O), O = t.add(O, s), s = t.add(f, f), f = t.add(s, f), f = t.add(f, B), f = t.mul(f, O), w = t.add(w, f), B = t.mul(i, o), B = t.add(B, B), f = t.mul(B, O), h = t.sub(h, f), s = t.mul(B, y), s = t.add(s, s), s = t.add(s, s), new _(h, w, s);
2816
+ const { a: d, b: u } = m, n = t.mul(u, Ge), { X: a, Y: i, Z: o } = this;
2817
+ let h = t.ZERO, w = t.ZERO, s = t.ZERO, f = t.mul(a, a), y = t.mul(i, i), B = t.mul(o, o), T = t.mul(a, i);
2818
+ return T = t.add(T, T), s = t.mul(a, o), s = t.add(s, s), h = t.mul(d, s), w = t.mul(n, B), w = t.add(h, w), h = t.sub(y, w), w = t.add(y, w), w = t.mul(h, w), h = t.mul(T, h), s = t.mul(n, s), B = t.mul(d, B), T = t.sub(f, B), T = t.mul(d, T), T = t.add(T, s), s = t.add(f, f), f = t.add(s, f), f = t.add(f, B), f = t.mul(f, T), w = t.add(w, f), B = t.mul(i, o), B = t.add(B, B), f = t.mul(B, T), h = t.sub(h, f), s = t.mul(B, y), s = t.add(s, s), s = t.add(s, s), new _(h, w, s);
2846
2819
  }
2847
2820
  // Renes-Costello-Batina exception-free addition formula.
2848
2821
  // There is 30% faster Jacobian formula, but it is not complete.
@@ -2850,13 +2823,13 @@ function Dn(e, n = {}) {
2850
2823
  // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
2851
2824
  add(d) {
2852
2825
  se(d);
2853
- const { X: l, Y: r, Z: a } = this, { X: i, Y: o, Z: h } = d;
2826
+ const { X: u, Y: n, Z: a } = this, { X: i, Y: o, Z: h } = d;
2854
2827
  let w = t.ZERO, s = t.ZERO, f = t.ZERO;
2855
2828
  const y = m.a, B = t.mul(m.b, Ge);
2856
- let O = t.mul(l, i), k = t.mul(r, o), Y = t.mul(a, h), I = t.add(l, r), q = t.add(i, o);
2857
- I = t.mul(I, q), q = t.add(O, k), I = t.sub(I, q), q = t.add(l, a);
2829
+ let T = t.mul(u, i), V = t.mul(n, o), Y = t.mul(a, h), I = t.add(u, n), q = t.add(i, o);
2830
+ I = t.mul(I, q), q = t.add(T, V), I = t.sub(I, q), q = t.add(u, a);
2858
2831
  let C = t.add(i, h);
2859
- return q = t.mul(q, C), C = t.add(O, Y), q = t.sub(q, C), C = t.add(r, a), w = t.add(o, h), C = t.mul(C, w), w = t.add(k, Y), C = t.sub(C, w), f = t.mul(y, q), w = t.mul(B, Y), f = t.add(w, f), w = t.sub(k, f), f = t.add(k, f), s = t.mul(w, f), k = t.add(O, O), k = t.add(k, O), Y = t.mul(y, Y), q = t.mul(B, q), k = t.add(k, Y), Y = t.sub(O, Y), Y = t.mul(y, Y), q = t.add(q, Y), O = t.mul(k, q), s = t.add(s, O), O = t.mul(C, q), w = t.mul(I, w), w = t.sub(w, O), O = t.mul(I, k), f = t.mul(C, f), f = t.add(f, O), new _(w, s, f);
2832
+ return q = t.mul(q, C), C = t.add(T, Y), q = t.sub(q, C), C = t.add(n, a), w = t.add(o, h), C = t.mul(C, w), w = t.add(V, Y), C = t.sub(C, w), f = t.mul(y, q), w = t.mul(B, Y), f = t.add(w, f), w = t.sub(V, f), f = t.add(V, f), s = t.mul(w, f), V = t.add(T, T), V = t.add(V, T), Y = t.mul(y, Y), q = t.mul(B, q), V = t.add(V, Y), Y = t.sub(T, Y), Y = t.mul(y, Y), q = t.add(q, Y), T = t.mul(V, q), s = t.add(s, T), T = t.mul(C, q), w = t.mul(I, w), w = t.sub(w, T), T = t.mul(I, V), f = t.mul(C, f), f = t.add(f, T), new _(w, s, f);
2860
2833
  }
2861
2834
  subtract(d) {
2862
2835
  return this.add(d.negate());
@@ -2874,19 +2847,19 @@ function Dn(e, n = {}) {
2874
2847
  * @returns New point
2875
2848
  */
2876
2849
  multiply(d) {
2877
- const { endo: l } = n;
2878
- if (!u.isValidNot0(d))
2850
+ const { endo: u } = r;
2851
+ if (!l.isValidNot0(d))
2879
2852
  throw new Error("invalid scalar: out of range");
2880
- let r, a;
2853
+ let n, a;
2881
2854
  const i = (o) => W.cached(this, o, (h) => it(_, h));
2882
- if (l) {
2883
- const { k1neg: o, k1: h, k2neg: w, k2: s } = ie(d), { p: f, f: y } = i(h), { p: B, f: O } = i(s);
2884
- a = y.add(O), r = L(l.beta, f, B, o, w);
2855
+ if (u) {
2856
+ const { k1neg: o, k1: h, k2neg: w, k2: s } = ie(d), { p: f, f: y } = i(h), { p: B, f: T } = i(s);
2857
+ a = y.add(T), n = L(u.beta, f, B, o, w);
2885
2858
  } else {
2886
2859
  const { p: o, f: h } = i(d);
2887
- r = o, a = h;
2860
+ n = o, a = h;
2888
2861
  }
2889
- return it(_, [r, a])[0];
2862
+ return it(_, [n, a])[0];
2890
2863
  }
2891
2864
  /**
2892
2865
  * Non-constant-time multiplication. Uses double-and-add algorithm.
@@ -2894,23 +2867,23 @@ function Dn(e, n = {}) {
2894
2867
  * an exposed secret key e.g. sig verification, which works over *public* keys.
2895
2868
  */
2896
2869
  multiplyUnsafe(d) {
2897
- const { endo: l } = n, r = this;
2898
- if (!u.isValid(d))
2870
+ const { endo: u } = r, n = this;
2871
+ if (!l.isValid(d))
2899
2872
  throw new Error("invalid scalar: out of range");
2900
- if (d === Ne || r.is0())
2873
+ if (d === Ne || n.is0())
2901
2874
  return _.ZERO;
2902
- if (d === Ve)
2903
- return r;
2875
+ if (d === ke)
2876
+ return n;
2904
2877
  if (W.hasCache(this))
2905
2878
  return this.multiply(d);
2906
- if (l) {
2907
- const { k1neg: a, k1: i, k2neg: o, k2: h } = ie(d), { p1: w, p2: s } = Hn(_, r, i, h);
2908
- return L(l.beta, w, s, a, o);
2879
+ if (u) {
2880
+ const { k1neg: a, k1: i, k2neg: o, k2: h } = ie(d), { p1: w, p2: s } = Hn(_, n, i, h);
2881
+ return L(u.beta, w, s, a, o);
2909
2882
  } else
2910
- return W.unsafe(r, d);
2883
+ return W.unsafe(n, d);
2911
2884
  }
2912
- multiplyAndAddUnsafe(d, l, r) {
2913
- const a = this.multiplyUnsafe(l).add(d.multiplyUnsafe(r));
2885
+ multiplyAndAddUnsafe(d, u, n) {
2886
+ const a = this.multiplyUnsafe(u).add(d.multiplyUnsafe(n));
2914
2887
  return a.is0() ? void 0 : a;
2915
2888
  }
2916
2889
  /**
@@ -2925,12 +2898,12 @@ function Dn(e, n = {}) {
2925
2898
  * Always torsion-free for cofactor=1 curves.
2926
2899
  */
2927
2900
  isTorsionFree() {
2928
- const { isTorsionFree: d } = n;
2929
- return g === Ve ? !0 : d ? d(_, this) : W.unsafe(this, p).is0();
2901
+ const { isTorsionFree: d } = r;
2902
+ return g === ke ? !0 : d ? d(_, this) : W.unsafe(this, p).is0();
2930
2903
  }
2931
2904
  clearCofactor() {
2932
- const { clearCofactor: d } = n;
2933
- return g === Ve ? this : d ? d(_, this) : this.multiplyUnsafe(g);
2905
+ const { clearCofactor: d } = r;
2906
+ return g === ke ? this : d ? d(_, this) : this.multiplyUnsafe(g);
2934
2907
  }
2935
2908
  isSmallOrder() {
2936
2909
  return this.multiplyUnsafe(g).is0();
@@ -2963,31 +2936,31 @@ function Dn(e, n = {}) {
2963
2936
  static normalizeZ(d) {
2964
2937
  return it(_, d);
2965
2938
  }
2966
- static msm(d, l) {
2967
- return Mn(_, u, d, l);
2939
+ static msm(d, u) {
2940
+ return Mn(_, l, d, u);
2968
2941
  }
2969
2942
  static fromPrivateKey(d) {
2970
- return _.BASE.multiply(He(u, d));
2943
+ return _.BASE.multiply(He(l, d));
2971
2944
  }
2972
2945
  }
2973
- _.BASE = new _(m.Gx, m.Gy, t.ONE), _.ZERO = new _(t.ZERO, t.ONE, t.ZERO), _.Fp = t, _.Fn = u;
2974
- const K = u.BITS, W = new Ln(_, n.endo ? Math.ceil(K / 2) : K);
2946
+ _.BASE = new _(m.Gx, m.Gy, t.ONE), _.ZERO = new _(t.ZERO, t.ONE, t.ZERO), _.Fp = t, _.Fn = l;
2947
+ const K = l.BITS, W = new Ln(_, r.endo ? Math.ceil(K / 2) : K);
2975
2948
  return _.BASE.precompute(8), _;
2976
2949
  }
2977
2950
  function fn(e) {
2978
2951
  return Uint8Array.of(e ? 2 : 3);
2979
2952
  }
2980
- function un(e, n) {
2953
+ function un(e, r) {
2981
2954
  return {
2982
- secretKey: n.BYTES,
2955
+ secretKey: r.BYTES,
2983
2956
  publicKey: 1 + e.BYTES,
2984
2957
  publicKeyUncompressed: 1 + 2 * e.BYTES,
2985
2958
  publicKeyHasPrefix: !0,
2986
- signature: 2 * n.BYTES
2959
+ signature: 2 * r.BYTES
2987
2960
  };
2988
2961
  }
2989
- function zn(e, n = {}) {
2990
- const { Fn: c } = e, t = n.randomBytes || kt, u = Object.assign(un(e.Fp, c), { seed: on(c.ORDER) });
2962
+ function Dn(e, r = {}) {
2963
+ const { Fn: c } = e, t = r.randomBytes || Vt, l = Object.assign(un(e.Fp, c), { seed: on(c.ORDER) });
2991
2964
  function m(b) {
2992
2965
  try {
2993
2966
  return !!He(c, b);
@@ -2996,7 +2969,7 @@ function zn(e, n = {}) {
2996
2969
  }
2997
2970
  }
2998
2971
  function g(b, S) {
2999
- const { publicKey: A, publicKeyUncompressed: M } = u;
2972
+ const { publicKey: A, publicKeyUncompressed: M } = l;
3000
2973
  try {
3001
2974
  const Q = b.length;
3002
2975
  return S === !0 && Q !== A || S === !1 && Q !== M ? !1 : !!e.fromBytes(b);
@@ -3004,8 +2977,8 @@ function zn(e, n = {}) {
3004
2977
  return !1;
3005
2978
  }
3006
2979
  }
3007
- function p(b = t(u.seed)) {
3008
- return Un(Ze(b, u.seed, "seed"), c.ORDER);
2980
+ function p(b = t(l.seed)) {
2981
+ return Un(Ze(b, l.seed, "seed"), c.ORDER);
3009
2982
  }
3010
2983
  function v(b, S = !0) {
3011
2984
  return e.BASE.multiply(He(c, b)).toBytes(S);
@@ -3019,13 +2992,13 @@ function zn(e, n = {}) {
3019
2992
  return !1;
3020
2993
  if (b instanceof e)
3021
2994
  return !0;
3022
- const { secretKey: S, publicKey: A, publicKeyUncompressed: M } = u;
2995
+ const { secretKey: S, publicKey: A, publicKeyUncompressed: M } = l;
3023
2996
  if (c.allowedLengths || S === A)
3024
2997
  return;
3025
2998
  const Q = Se("key", b).length;
3026
2999
  return Q === A || Q === M;
3027
3000
  }
3028
- function V(b, S, A = !0) {
3001
+ function k(b, S, A = !0) {
3029
3002
  if (H(b) === !0)
3030
3003
  throw new Error("first arg must be private key");
3031
3004
  if (H(S) === !1)
@@ -3033,7 +3006,7 @@ function zn(e, n = {}) {
3033
3006
  const M = He(c, b);
3034
3007
  return e.fromHex(S).multiply(M).toBytes(A);
3035
3008
  }
3036
- return Object.freeze({ getPublicKey: v, getSharedSecret: V, keygen: U, Point: e, utils: {
3009
+ return Object.freeze({ getPublicKey: v, getSharedSecret: k, keygen: U, Point: e, utils: {
3037
3010
  isValidSecretKey: m,
3038
3011
  isValidPublicKey: g,
3039
3012
  randomSecretKey: p,
@@ -3044,59 +3017,59 @@ function zn(e, n = {}) {
3044
3017
  precompute(b = 8, S = e.BASE) {
3045
3018
  return S.precompute(b, !1);
3046
3019
  }
3047
- }, lengths: u });
3020
+ }, lengths: l });
3048
3021
  }
3049
- function Yn(e, n, c = {}) {
3050
- mn(n), gt(c, {}, {
3022
+ function Yn(e, r, c = {}) {
3023
+ mn(r), gt(c, {}, {
3051
3024
  hmac: "function",
3052
3025
  lowS: "boolean",
3053
3026
  randomBytes: "function",
3054
3027
  bits2int: "function",
3055
3028
  bits2int_modN: "function"
3056
3029
  });
3057
- const t = c.randomBytes || kt, u = c.hmac || ((l, ...r) => bn(n, l, Ae(...r))), { Fp: m, Fn: g } = e, { ORDER: p, BITS: v } = g, { keygen: U, getPublicKey: H, getSharedSecret: V, utils: E, lengths: b } = zn(e, c), S = {
3030
+ const t = c.randomBytes || Vt, l = c.hmac || ((u, ...n) => bn(r, u, Ae(...n))), { Fp: m, Fn: g } = e, { ORDER: p, BITS: v } = g, { keygen: U, getPublicKey: H, getSharedSecret: k, utils: E, lengths: b } = Dn(e, c), S = {
3058
3031
  prehash: !1,
3059
3032
  lowS: typeof c.lowS == "boolean" ? c.lowS : !1,
3060
3033
  format: void 0,
3061
3034
  //'compact' as ECDSASigFormat,
3062
3035
  extraEntropy: !1
3063
3036
  }, A = "compact";
3064
- function M(l) {
3065
- const r = p >> Ve;
3066
- return l > r;
3037
+ function M(u) {
3038
+ const n = p >> ke;
3039
+ return u > n;
3067
3040
  }
3068
- function Q(l, r) {
3069
- if (!g.isValidNot0(r))
3070
- throw new Error(`invalid signature ${l}: out of range 1..Point.Fn.ORDER`);
3071
- return r;
3041
+ function Q(u, n) {
3042
+ if (!g.isValidNot0(n))
3043
+ throw new Error(`invalid signature ${u}: out of range 1..Point.Fn.ORDER`);
3044
+ return n;
3072
3045
  }
3073
- function F(l, r) {
3074
- dt(r);
3075
- const a = b.signature, i = r === "compact" ? a : r === "recovered" ? a + 1 : void 0;
3076
- return Ze(l, i, `${r} signature`);
3046
+ function F(u, n) {
3047
+ dt(n);
3048
+ const a = b.signature, i = n === "compact" ? a : n === "recovered" ? a + 1 : void 0;
3049
+ return Ze(u, i, `${n} signature`);
3077
3050
  }
3078
3051
  class G {
3079
- constructor(r, a, i) {
3080
- this.r = Q("r", r), this.s = Q("s", a), i != null && (this.recovery = i), Object.freeze(this);
3052
+ constructor(n, a, i) {
3053
+ this.r = Q("r", n), this.s = Q("s", a), i != null && (this.recovery = i), Object.freeze(this);
3081
3054
  }
3082
- static fromBytes(r, a = A) {
3083
- F(r, a);
3055
+ static fromBytes(n, a = A) {
3056
+ F(n, a);
3084
3057
  let i;
3085
3058
  if (a === "der") {
3086
- const { r: s, s: f } = Ie.toSig(Ze(r));
3059
+ const { r: s, s: f } = Ie.toSig(Ze(n));
3087
3060
  return new G(s, f);
3088
3061
  }
3089
- a === "recovered" && (i = r[0], a = "compact", r = r.subarray(1));
3090
- const o = g.BYTES, h = r.subarray(0, o), w = r.subarray(o, o * 2);
3062
+ a === "recovered" && (i = n[0], a = "compact", n = n.subarray(1));
3063
+ const o = g.BYTES, h = n.subarray(0, o), w = n.subarray(o, o * 2);
3091
3064
  return new G(g.fromBytes(h), g.fromBytes(w), i);
3092
3065
  }
3093
- static fromHex(r, a) {
3094
- return this.fromBytes(Qe(r), a);
3066
+ static fromHex(n, a) {
3067
+ return this.fromBytes(Qe(n), a);
3095
3068
  }
3096
- addRecoveryBit(r) {
3097
- return new G(this.r, this.s, r);
3069
+ addRecoveryBit(n) {
3070
+ return new G(this.r, this.s, n);
3098
3071
  }
3099
- recoverPublicKey(r) {
3072
+ recoverPublicKey(n) {
3100
3073
  const a = m.ORDER, { r: i, s: o, recovery: h } = this;
3101
3074
  if (h == null || ![0, 1, 2, 3].includes(h))
3102
3075
  throw new Error("recovery id invalid");
@@ -3105,7 +3078,7 @@ function Yn(e, n, c = {}) {
3105
3078
  const s = h === 2 || h === 3 ? i + p : i;
3106
3079
  if (!m.isValid(s))
3107
3080
  throw new Error("recovery id 2 or 3 invalid");
3108
- const f = m.toBytes(s), y = e.fromBytes(Ae(fn((h & 1) === 0), f)), B = g.inv(s), O = ie(Se("msgHash", r)), k = g.create(-O * B), Y = g.create(o * B), I = e.BASE.multiplyUnsafe(k).add(y.multiplyUnsafe(Y));
3081
+ const f = m.toBytes(s), y = e.fromBytes(Ae(fn((h & 1) === 0), f)), B = g.inv(s), T = ie(Se("msgHash", n)), V = g.create(-T * B), Y = g.create(o * B), I = e.BASE.multiplyUnsafe(V).add(y.multiplyUnsafe(Y));
3109
3082
  if (I.is0())
3110
3083
  throw new Error("point at infinify");
3111
3084
  return I.assertValidity(), I;
@@ -3114,28 +3087,28 @@ function Yn(e, n, c = {}) {
3114
3087
  hasHighS() {
3115
3088
  return M(this.s);
3116
3089
  }
3117
- toBytes(r = A) {
3118
- if (dt(r), r === "der")
3090
+ toBytes(n = A) {
3091
+ if (dt(n), n === "der")
3119
3092
  return Qe(Ie.hexFromSig(this));
3120
3093
  const a = g.toBytes(this.r), i = g.toBytes(this.s);
3121
- if (r === "recovered") {
3094
+ if (n === "recovered") {
3122
3095
  if (this.recovery == null)
3123
3096
  throw new Error("recovery bit must be present");
3124
3097
  return Ae(Uint8Array.of(this.recovery), a, i);
3125
3098
  }
3126
3099
  return Ae(a, i);
3127
3100
  }
3128
- toHex(r) {
3129
- return Me(this.toBytes(r));
3101
+ toHex(n) {
3102
+ return Me(this.toBytes(n));
3130
3103
  }
3131
3104
  // TODO: remove
3132
3105
  assertValidity() {
3133
3106
  }
3134
- static fromCompact(r) {
3135
- return G.fromBytes(Se("sig", r), "compact");
3107
+ static fromCompact(n) {
3108
+ return G.fromBytes(Se("sig", n), "compact");
3136
3109
  }
3137
- static fromDER(r) {
3138
- return G.fromBytes(Se("sig", r), "der");
3110
+ static fromDER(n) {
3111
+ return G.fromBytes(Se("sig", n), "der");
3139
3112
  }
3140
3113
  normalizeS() {
3141
3114
  return this.hasHighS() ? new G(this.r, g.neg(this.s), this.recovery) : this;
@@ -3153,33 +3126,33 @@ function Yn(e, n, c = {}) {
3153
3126
  return Me(this.toBytes("compact"));
3154
3127
  }
3155
3128
  }
3156
- const se = c.bits2int || function(r) {
3157
- if (r.length > 8192)
3129
+ const se = c.bits2int || function(n) {
3130
+ if (n.length > 8192)
3158
3131
  throw new Error("input is too large");
3159
- const a = et(r), i = r.length * 8 - v;
3132
+ const a = et(n), i = n.length * 8 - v;
3160
3133
  return i > 0 ? a >> BigInt(i) : a;
3161
- }, ie = c.bits2int_modN || function(r) {
3162
- return g.create(se(r));
3163
- }, j = De(v);
3164
- function R(l) {
3165
- return _n("num < 2^" + v, l, Ne, j), g.toBytes(l);
3134
+ }, ie = c.bits2int_modN || function(n) {
3135
+ return g.create(se(n));
3136
+ }, j = ze(v);
3137
+ function O(u) {
3138
+ return _n("num < 2^" + v, u, Ne, j), g.toBytes(u);
3166
3139
  }
3167
- function L(l, r) {
3168
- return Ze(l, void 0, "message"), r ? Ze(n(l), void 0, "prehashed message") : l;
3140
+ function L(u, n) {
3141
+ return Ze(u, void 0, "message"), n ? Ze(r(u), void 0, "prehashed message") : u;
3169
3142
  }
3170
- function _(l, r, a) {
3171
- if (["recovered", "canonical"].some((k) => k in a))
3143
+ function _(u, n, a) {
3144
+ if (["recovered", "canonical"].some((V) => V in a))
3172
3145
  throw new Error("sign() legacy options not supported");
3173
3146
  const { lowS: i, prehash: o, extraEntropy: h } = ut(a, S);
3174
- l = L(l, o);
3175
- const w = ie(l), s = He(g, r), f = [R(s), R(w)];
3147
+ u = L(u, o);
3148
+ const w = ie(u), s = He(g, n), f = [O(s), O(w)];
3176
3149
  if (h != null && h !== !1) {
3177
- const k = h === !0 ? t(b.secretKey) : h;
3178
- f.push(Se("extraEntropy", k));
3150
+ const V = h === !0 ? t(b.secretKey) : h;
3151
+ f.push(Se("extraEntropy", V));
3179
3152
  }
3180
3153
  const y = Ae(...f), B = w;
3181
- function O(k) {
3182
- const Y = se(k);
3154
+ function T(V) {
3155
+ const Y = se(V);
3183
3156
  if (!g.isValidNot0(Y))
3184
3157
  return;
3185
3158
  const I = g.inv(Y), q = e.BASE.multiply(Y).toAffine(), C = g.create(q.x);
@@ -3188,76 +3161,76 @@ function Yn(e, n, c = {}) {
3188
3161
  const te = g.create(I * g.create(B + C * s));
3189
3162
  if (te === Ne)
3190
3163
  return;
3191
- let $ = (q.x === C ? 0 : 2) | Number(q.y & Ve), T = te;
3192
- return i && M(te) && (T = g.neg(te), $ ^= 1), new G(C, T, $);
3164
+ let $ = (q.x === C ? 0 : 2) | Number(q.y & ke), x = te;
3165
+ return i && M(te) && (x = g.neg(te), $ ^= 1), new G(C, x, $);
3193
3166
  }
3194
- return { seed: y, k2sig: O };
3167
+ return { seed: y, k2sig: T };
3195
3168
  }
3196
- function K(l, r, a = {}) {
3197
- l = Se("message", l);
3198
- const { seed: i, k2sig: o } = _(l, r, a);
3199
- return Sn(n.outputLen, g.BYTES, u)(i, o);
3169
+ function K(u, n, a = {}) {
3170
+ u = Se("message", u);
3171
+ const { seed: i, k2sig: o } = _(u, n, a);
3172
+ return Sn(r.outputLen, g.BYTES, l)(i, o);
3200
3173
  }
3201
- function W(l) {
3202
- let r;
3203
- const a = typeof l == "string" || yt(l), i = !a && l !== null && typeof l == "object" && typeof l.r == "bigint" && typeof l.s == "bigint";
3174
+ function W(u) {
3175
+ let n;
3176
+ const a = typeof u == "string" || yt(u), i = !a && u !== null && typeof u == "object" && typeof u.r == "bigint" && typeof u.s == "bigint";
3204
3177
  if (!a && !i)
3205
3178
  throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
3206
3179
  if (i)
3207
- r = new G(l.r, l.s);
3180
+ n = new G(u.r, u.s);
3208
3181
  else if (a) {
3209
3182
  try {
3210
- r = G.fromBytes(Se("sig", l), "der");
3183
+ n = G.fromBytes(Se("sig", u), "der");
3211
3184
  } catch (o) {
3212
3185
  if (!(o instanceof Ie.Err))
3213
3186
  throw o;
3214
3187
  }
3215
- if (!r)
3188
+ if (!n)
3216
3189
  try {
3217
- r = G.fromBytes(Se("sig", l), "compact");
3190
+ n = G.fromBytes(Se("sig", u), "compact");
3218
3191
  } catch {
3219
3192
  return !1;
3220
3193
  }
3221
3194
  }
3222
- return r || !1;
3195
+ return n || !1;
3223
3196
  }
3224
- function D(l, r, a, i = {}) {
3197
+ function z(u, n, a, i = {}) {
3225
3198
  const { lowS: o, prehash: h, format: w } = ut(i, S);
3226
- if (a = Se("publicKey", a), r = L(Se("message", r), h), "strict" in i)
3199
+ if (a = Se("publicKey", a), n = L(Se("message", n), h), "strict" in i)
3227
3200
  throw new Error("options.strict was renamed to lowS");
3228
- const s = w === void 0 ? W(l) : G.fromBytes(Se("sig", l), w);
3201
+ const s = w === void 0 ? W(u) : G.fromBytes(Se("sig", u), w);
3229
3202
  if (s === !1)
3230
3203
  return !1;
3231
3204
  try {
3232
3205
  const f = e.fromBytes(a);
3233
3206
  if (o && s.hasHighS())
3234
3207
  return !1;
3235
- const { r: y, s: B } = s, O = ie(r), k = g.inv(B), Y = g.create(O * k), I = g.create(y * k), q = e.BASE.multiplyUnsafe(Y).add(f.multiplyUnsafe(I));
3208
+ const { r: y, s: B } = s, T = ie(n), V = g.inv(B), Y = g.create(T * V), I = g.create(y * V), q = e.BASE.multiplyUnsafe(Y).add(f.multiplyUnsafe(I));
3236
3209
  return q.is0() ? !1 : g.create(q.x) === y;
3237
3210
  } catch {
3238
3211
  return !1;
3239
3212
  }
3240
3213
  }
3241
- function d(l, r, a = {}) {
3214
+ function d(u, n, a = {}) {
3242
3215
  const { prehash: i } = ut(a, S);
3243
- return r = L(r, i), G.fromBytes(l, "recovered").recoverPublicKey(r).toBytes();
3216
+ return n = L(n, i), G.fromBytes(u, "recovered").recoverPublicKey(n).toBytes();
3244
3217
  }
3245
3218
  return Object.freeze({
3246
3219
  keygen: U,
3247
3220
  getPublicKey: H,
3248
- getSharedSecret: V,
3221
+ getSharedSecret: k,
3249
3222
  utils: E,
3250
3223
  lengths: b,
3251
3224
  Point: e,
3252
3225
  sign: K,
3253
- verify: D,
3226
+ verify: z,
3254
3227
  recoverPublicKey: d,
3255
3228
  Signature: G,
3256
- hash: n
3229
+ hash: r
3257
3230
  });
3258
3231
  }
3259
3232
  function Pn(e) {
3260
- const n = {
3233
+ const r = {
3261
3234
  a: e.a,
3262
3235
  b: e.b,
3263
3236
  p: e.Fp.ORDER,
@@ -3267,13 +3240,13 @@ function Pn(e) {
3267
3240
  Gy: e.Gy
3268
3241
  }, c = e.Fp;
3269
3242
  let t = e.allowedPrivateKeyLengths ? Array.from(new Set(e.allowedPrivateKeyLengths.map((g) => Math.ceil(g / 2)))) : void 0;
3270
- const u = ze(n.n, {
3243
+ const l = De(r.n, {
3271
3244
  BITS: e.nBitLength,
3272
3245
  allowedLengths: t,
3273
3246
  modFromBytes: e.wrapPrivateKey
3274
3247
  }), m = {
3275
3248
  Fp: c,
3276
- Fn: u,
3249
+ Fn: l,
3277
3250
  allowInfinityPoint: e.allowInfinityPoint,
3278
3251
  endo: e.endo,
3279
3252
  isTorsionFree: e.isTorsionFree,
@@ -3281,32 +3254,32 @@ function Pn(e) {
3281
3254
  fromBytes: e.fromBytes,
3282
3255
  toBytes: e.toBytes
3283
3256
  };
3284
- return { CURVE: n, curveOpts: m };
3257
+ return { CURVE: r, curveOpts: m };
3285
3258
  }
3286
3259
  function Xn(e) {
3287
- const { CURVE: n, curveOpts: c } = Pn(e), t = {
3260
+ const { CURVE: r, curveOpts: c } = Pn(e), t = {
3288
3261
  hmac: e.hmac,
3289
3262
  randomBytes: e.randomBytes,
3290
3263
  lowS: e.lowS,
3291
3264
  bits2int: e.bits2int,
3292
3265
  bits2int_modN: e.bits2int_modN
3293
3266
  };
3294
- return { CURVE: n, curveOpts: c, hash: e.hash, ecdsaOpts: t };
3267
+ return { CURVE: r, curveOpts: c, hash: e.hash, ecdsaOpts: t };
3295
3268
  }
3296
- function Gn(e, n) {
3297
- const c = n.Point;
3298
- return Object.assign({}, n, {
3269
+ function Gn(e, r) {
3270
+ const c = r.Point;
3271
+ return Object.assign({}, r, {
3299
3272
  ProjectivePoint: c,
3300
3273
  CURVE: Object.assign({}, e, nn(c.Fn.ORDER, c.Fn.BITS))
3301
3274
  });
3302
3275
  }
3303
3276
  function Wn(e) {
3304
- const { CURVE: n, curveOpts: c, hash: t, ecdsaOpts: u } = Xn(e), m = Dn(n, c), g = Yn(m, t, u);
3277
+ const { CURVE: r, curveOpts: c, hash: t, ecdsaOpts: l } = Xn(e), m = zn(r, c), g = Yn(m, t, l);
3305
3278
  return Gn(e, g);
3306
3279
  }
3307
- function Qn(e, n) {
3280
+ function Qn(e, r) {
3308
3281
  const c = (t) => Wn({ ...e, hash: t });
3309
- return { ...c(n), create: c };
3282
+ return { ...c(r), create: c };
3310
3283
  }
3311
3284
  const Bt = {
3312
3285
  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
@@ -3322,24 +3295,22 @@ const Bt = {
3322
3295
  [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
3323
3296
  [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
3324
3297
  ]
3325
- }, Vt = /* @__PURE__ */ BigInt(2);
3298
+ }, kt = /* @__PURE__ */ BigInt(2);
3326
3299
  function Fn(e) {
3327
- const n = Bt.p, c = BigInt(3), t = BigInt(6), u = BigInt(11), m = BigInt(22), g = BigInt(23), p = BigInt(44), v = BigInt(88), U = e * e * e % n, H = U * U * e % n, V = xe(H, c, n) * H % n, E = xe(V, c, n) * H % n, b = xe(E, Vt, n) * U % n, S = xe(b, u, n) * b % n, A = xe(S, m, n) * S % n, M = xe(A, p, n) * A % n, Q = xe(M, v, n) * M % n, F = xe(Q, p, n) * A % n, G = xe(F, c, n) * H % n, se = xe(G, g, n) * S % n, ie = xe(se, t, n) * U % n, j = xe(ie, Vt, n);
3300
+ const r = Bt.p, c = BigInt(3), t = BigInt(6), l = BigInt(11), m = BigInt(22), g = BigInt(23), p = BigInt(44), v = BigInt(88), U = e * e * e % r, H = U * U * e % r, k = Re(H, c, r) * H % r, E = Re(k, c, r) * H % r, b = Re(E, kt, r) * U % r, S = Re(b, l, r) * b % r, A = Re(S, m, r) * S % r, M = Re(A, p, r) * A % r, Q = Re(M, v, r) * M % r, F = Re(Q, p, r) * A % r, G = Re(F, c, r) * H % r, se = Re(G, g, r) * S % r, ie = Re(se, t, r) * U % r, j = Re(ie, kt, r);
3328
3301
  if (!ht.eql(ht.sqr(j), e))
3329
3302
  throw new Error("Cannot find square root");
3330
3303
  return j;
3331
3304
  }
3332
- const ht = ze(Bt.p, { sqrt: Fn }), ir = Qn({ ...Bt, Fp: ht, lowS: !0, endo: Jn }, wn);
3305
+ const ht = De(Bt.p, { sqrt: Fn }), or = Qn({ ...Bt, Fp: ht, lowS: !0, endo: Jn }, wn);
3333
3306
  export {
3334
- sr as F,
3335
- rr as a,
3307
+ rr as F,
3308
+ tr as a,
3336
3309
  $e as b,
3337
- tr as c,
3338
- pn as d,
3339
- or as e,
3340
- et as f,
3341
- er as g,
3310
+ pn as c,
3311
+ nr as d,
3312
+ et as e,
3342
3313
  qe as m,
3343
- nr as r,
3344
- ir as s
3314
+ er as r,
3315
+ or as s
3345
3316
  };