npm - @btc-vision/transaction - Versions diffs - 1.8.0-beta.1 → 1.8.0-beta.4 - Mend

@btc-vision/transaction 1.8.0-beta.1 → 1.8.0-beta.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (765) hide show

package/browser/noble-curves.js CHANGED Viewed

@@ -1,2172 +1,256 @@
-import { m as We, b as ln, n as dn, o as Me, q as yt, t as Qe, u as hn, v as Ae, w as yn, x as mn, y as Vt, k as bn, z as wn } from "./noble-hashes.js";
-var tt = {}, Ke = {}, nt = {}, rt = {}, _t;
-function Ce() {
-  return _t || (_t = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e.notImplemented = e.bitMask = e.utf8ToBytes = e.randomBytes = e.isBytes = e.hexToBytes = e.concatBytes = e.bytesToUtf8 = e.bytesToHex = e.anumber = e.abytes = void 0, e.abool = m, e._abool2 = g, e._abytes2 = p, e.numberToHexUnpadded = v, e.hexToNumber = U, e.bytesToNumberBE = H, e.bytesToNumberLE = k, e.numberToBytesBE = E, e.numberToBytesLE = b, e.numberToVarBytesBE = S, e.ensureBytes = A, e.equalBytes = M, e.copyBytes = Q, e.asciiToBytes = F, e.inRange = se, e.aInRange = ie, e.bitLen = j, e.bitGet = O, e.bitSet = L, e.createHmacDrbg = K, e.validateObject = z, e.isHash = d, e._validateObject = u, e.memoized = a;
-    const r = /* @__PURE__ */ We();
-    var c = /* @__PURE__ */ We();
-    Object.defineProperty(e, "abytes", { enumerable: !0, get: function() {
-      return c.abytes;
-    } }), Object.defineProperty(e, "anumber", { enumerable: !0, get: function() {
-      return c.anumber;
-    } }), Object.defineProperty(e, "bytesToHex", { enumerable: !0, get: function() {
-      return c.bytesToHex;
-    } }), Object.defineProperty(e, "bytesToUtf8", { enumerable: !0, get: function() {
-      return c.bytesToUtf8;
-    } }), Object.defineProperty(e, "concatBytes", { enumerable: !0, get: function() {
-      return c.concatBytes;
-    } }), Object.defineProperty(e, "hexToBytes", { enumerable: !0, get: function() {
-      return c.hexToBytes;
-    } }), Object.defineProperty(e, "isBytes", { enumerable: !0, get: function() {
-      return c.isBytes;
-    } }), Object.defineProperty(e, "randomBytes", { enumerable: !0, get: function() {
-      return c.randomBytes;
-    } }), Object.defineProperty(e, "utf8ToBytes", { enumerable: !0, get: function() {
-      return c.utf8ToBytes;
-    } });
-    const t = /* @__PURE__ */ BigInt(0), l = /* @__PURE__ */ BigInt(1);
-    function m(i, o) {
-      if (typeof o != "boolean")
-        throw new Error(i + " boolean expected, got " + o);
-    }
-    function g(i, o = "") {
-      if (typeof i != "boolean") {
-        const h = o && `"${o}"`;
-        throw new Error(h + "expected boolean, got type=" + typeof i);
-      }
-      return i;
-    }
-    function p(i, o, h = "") {
-      const w = (0, r.isBytes)(i), s = i?.length, f = o !== void 0;
-      if (!w || f && s !== o) {
-        const y = h && `"${h}" `, B = f ? ` of length ${o}` : "", T = w ? `length=${s}` : `type=${typeof i}`;
-        throw new Error(y + "expected Uint8Array" + B + ", got " + T);
-      }
-      return i;
-    }
-    function v(i) {
-      const o = i.toString(16);
-      return o.length & 1 ? "0" + o : o;
-    }
-    function U(i) {
-      if (typeof i != "string")
-        throw new Error("hex string expected, got " + typeof i);
-      return i === "" ? t : BigInt("0x" + i);
-    }
-    function H(i) {
-      return U((0, r.bytesToHex)(i));
-    }
-    function k(i) {
-      return (0, r.abytes)(i), U((0, r.bytesToHex)(Uint8Array.from(i).reverse()));
-    }
-    function E(i, o) {
-      return (0, r.hexToBytes)(i.toString(16).padStart(o * 2, "0"));
-    }
-    function b(i, o) {
-      return E(i, o).reverse();
-    }
-    function S(i) {
-      return (0, r.hexToBytes)(v(i));
-    }
-    function A(i, o, h) {
-      let w;
-      if (typeof o == "string")
-        try {
-          w = (0, r.hexToBytes)(o);
-        } catch (f) {
-          throw new Error(i + " must be hex string or Uint8Array, cause: " + f);
-        }
-      else if ((0, r.isBytes)(o))
-        w = Uint8Array.from(o);
-      else
-        throw new Error(i + " must be hex string or Uint8Array");
-      const s = w.length;
-      if (typeof h == "number" && s !== h)
-        throw new Error(i + " of length " + h + " expected, got " + s);
-      return w;
-    }
-    function M(i, o) {
-      if (i.length !== o.length)
-        return !1;
-      let h = 0;
-      for (let w = 0; w < i.length; w++)
-        h |= i[w] ^ o[w];
-      return h === 0;
-    }
-    function Q(i) {
-      return Uint8Array.from(i);
-    }
-    function F(i) {
-      return Uint8Array.from(i, (o, h) => {
-        const w = o.charCodeAt(0);
-        if (o.length !== 1 || w > 127)
-          throw new Error(`string contains non-ASCII character "${i[h]}" with code ${w} at position ${h}`);
-        return w;
-      });
-    }
-    const G = (i) => typeof i == "bigint" && t <= i;
-    function se(i, o, h) {
-      return G(i) && G(o) && G(h) && o <= i && i < h;
-    }
-    function ie(i, o, h, w) {
-      if (!se(o, h, w))
-        throw new Error("expected valid " + i + ": " + h + " <= n < " + w + ", got " + o);
-    }
-    function j(i) {
-      let o;
-      for (o = 0; i > t; i >>= l, o += 1)
-        ;
-      return o;
-    }
-    function O(i, o) {
-      return i >> BigInt(o) & l;
-    }
-    function L(i, o, h) {
-      return i | (h ? l : t) << BigInt(o);
-    }
-    const _ = (i) => (l << BigInt(i)) - l;
-    e.bitMask = _;
-    function K(i, o, h) {
-      if (typeof i != "number" || i < 2)
-        throw new Error("hashLen must be a number");
-      if (typeof o != "number" || o < 2)
-        throw new Error("qByteLen must be a number");
-      if (typeof h != "function")
-        throw new Error("hmacFn must be a function");
-      const w = (C) => new Uint8Array(C), s = (C) => Uint8Array.of(C);
-      let f = w(i), y = w(i), B = 0;
-      const T = () => {
-        f.fill(1), y.fill(0), B = 0;
-      }, V = (...C) => h(y, f, ...C), Y = (C = w(0)) => {
-        y = V(s(0), C), f = V(), C.length !== 0 && (y = V(s(1), C), f = V());
-      }, I = () => {
-        if (B++ >= 1e3)
-          throw new Error("drbg: tried 1000 values");
-        let C = 0;
-        const te = [];
-        for (; C < o; ) {
-          f = V();
-          const $ = f.slice();
-          te.push($), C += f.length;
-        }
-        return (0, r.concatBytes)(...te);
-      };
-      return (C, te) => {
-        T(), Y(C);
-        let $;
-        for (; !($ = te(I())); )
-          Y();
-        return T(), $;
-      };
-    }
-    const W = {
-      bigint: (i) => typeof i == "bigint",
-      function: (i) => typeof i == "function",
-      boolean: (i) => typeof i == "boolean",
-      string: (i) => typeof i == "string",
-      stringOrUint8Array: (i) => typeof i == "string" || (0, r.isBytes)(i),
-      isSafeInteger: (i) => Number.isSafeInteger(i),
-      array: (i) => Array.isArray(i),
-      field: (i, o) => o.Fp.isValid(i),
-      hash: (i) => typeof i == "function" && Number.isSafeInteger(i.outputLen)
-    };
-    function z(i, o, h = {}) {
-      const w = (s, f, y) => {
-        const B = W[f];
-        if (typeof B != "function")
-          throw new Error("invalid validator function");
-        const T = i[s];
-        if (!(y && T === void 0) && !B(T, i))
-          throw new Error("param " + String(s) + " is invalid. Expected " + f + ", got " + T);
-      };
-      for (const [s, f] of Object.entries(o))
-        w(s, f, !1);
-      for (const [s, f] of Object.entries(h))
-        w(s, f, !0);
-      return i;
-    }
-    function d(i) {
-      return typeof i == "function" && Number.isSafeInteger(i.outputLen);
-    }
-    function u(i, o, h = {}) {
-      if (!i || typeof i != "object")
-        throw new Error("expected valid options object");
-      function w(s, f, y) {
-        const B = i[s];
-        if (y && B === void 0)
-          return;
-        const T = typeof B;
-        if (T !== f || B === null)
-          throw new Error(`param "${s}" is invalid: expected ${f}, got ${T}`);
-      }
-      Object.entries(o).forEach(([s, f]) => w(s, f, !1)), Object.entries(h).forEach(([s, f]) => w(s, f, !0));
-    }
-    const n = () => {
-      throw new Error("not implemented");
-    };
-    e.notImplemented = n;
-    function a(i) {
-      const o = /* @__PURE__ */ new WeakMap();
-      return (h, ...w) => {
-        const s = o.get(h);
-        if (s !== void 0)
-          return s;
-        const f = i(h, ...w);
-        return o.set(h, f), f;
-      };
-    }
-  })(rt)), rt;
-}
-var Oe = {}, he = {}, St;
-function $e() {
-  if (St) return he;
-  St = 1, Object.defineProperty(he, "__esModule", { value: !0 }), he.isNegativeLE = void 0, he.mod = k, he.pow = E, he.pow2 = b, he.invert = S, he.tonelliShanks = G, he.FpSqrt = se, he.validateField = O, he.FpPow = L, he.FpInvertBatch = _, he.FpDiv = K, he.FpLegendre = W, he.FpIsSquare = z, he.nLength = d, he.Field = u, he.FpSqrtOdd = n, he.FpSqrtEven = a, he.hashToPrivateScalar = i, he.getFieldBytesLength = o, he.getMinHashLength = h, he.mapHashToField = w;
-  const e = /* @__PURE__ */ Ce(), r = BigInt(0), c = BigInt(1), t = /* @__PURE__ */ BigInt(2), l = /* @__PURE__ */ BigInt(3), m = /* @__PURE__ */ BigInt(4), g = /* @__PURE__ */ BigInt(5), p = /* @__PURE__ */ BigInt(7), v = /* @__PURE__ */ BigInt(8), U = /* @__PURE__ */ BigInt(9), H = /* @__PURE__ */ BigInt(16);
-  function k(s, f) {
-    const y = s % f;
-    return y >= r ? y : f + y;
-  }
-  function E(s, f, y) {
-    return L(u(y), s, f);
-  }
-  function b(s, f, y) {
-    let B = s;
-    for (; f-- > r; )
-      B *= B, B %= y;
-    return B;
-  }
-  function S(s, f) {
-    if (s === r)
-      throw new Error("invert: expected non-zero number");
-    if (f <= r)
-      throw new Error("invert: expected positive modulus, got " + f);
-    let y = k(s, f), B = f, T = r, V = c;
-    for (; y !== r; ) {
-      const I = B / y, q = B % y, C = T - V * I;
-      B = y, y = q, T = V, V = C;
-    }
-    if (B !== c)
-      throw new Error("invert: does not exist");
-    return k(T, f);
-  }
-  function A(s, f, y) {
-    if (!s.eql(s.sqr(f), y))
-      throw new Error("Cannot find square root");
-  }
-  function M(s, f) {
-    const y = (s.ORDER + c) / m, B = s.pow(f, y);
-    return A(s, B, f), B;
-  }
-  function Q(s, f) {
-    const y = (s.ORDER - g) / v, B = s.mul(f, t), T = s.pow(B, y), V = s.mul(f, T), Y = s.mul(s.mul(V, t), T), I = s.mul(V, s.sub(Y, s.ONE));
-    return A(s, I, f), I;
-  }
-  function F(s) {
-    const f = u(s), y = G(s), B = y(f, f.neg(f.ONE)), T = y(f, B), V = y(f, f.neg(B)), Y = (s + p) / H;
-    return (I, q) => {
-      let C = I.pow(q, Y), te = I.mul(C, B);
-      const $ = I.mul(C, T), x = I.mul(C, V), X = I.eql(I.sqr(te), q), ae = I.eql(I.sqr($), q);
-      C = I.cmov(C, te, X), te = I.cmov(x, $, ae);
-      const ye = I.eql(I.sqr(te), q), pe = I.cmov(C, te, ye);
-      return A(I, pe, q), pe;
-    };
-  }
-  function G(s) {
-    if (s < l)
-      throw new Error("sqrt is not defined for small field");
-    let f = s - c, y = 0;
-    for (; f % t === r; )
-      f /= t, y++;
-    let B = t;
-    const T = u(s);
-    for (; W(T, B) === 1; )
-      if (B++ > 1e3)
-        throw new Error("Cannot find square root: probably non-prime P");
-    if (y === 1)
-      return M;
-    let V = T.pow(B, f);
-    const Y = (f + c) / t;
-    return function(q, C) {
-      if (q.is0(C))
-        return C;
-      if (W(q, C) !== 1)
-        throw new Error("Cannot find square root");
-      let te = y, $ = q.mul(q.ONE, V), x = q.pow(C, f), X = q.pow(C, Y);
-      for (; !q.eql(x, q.ONE); ) {
-        if (q.is0(x))
-          return q.ZERO;
-        let ae = 1, ye = q.sqr(x);
-        for (; !q.eql(ye, q.ONE); )
-          if (ae++, ye = q.sqr(ye), ae === te)
-            throw new Error("Cannot find square root");
-        const pe = c << BigInt(te - ae - 1), ve = q.pow($, pe);
-        te = ae, $ = q.sqr(ve), x = q.mul(x, $), X = q.mul(X, ve);
-      }
-      return X;
-    };
-  }
-  function se(s) {
-    return s % m === l ? M : s % v === g ? Q : s % H === U ? F(s) : G(s);
-  }
-  const ie = (s, f) => (k(s, f) & c) === c;
-  he.isNegativeLE = ie;
-  const j = [
-    "create",
-    "isValid",
-    "is0",
-    "neg",
-    "inv",
-    "sqrt",
-    "sqr",
-    "eql",
-    "add",
-    "sub",
-    "mul",
-    "pow",
-    "div",
-    "addN",
-    "subN",
-    "mulN",
-    "sqrN"
-  ];
-  function O(s) {
-    const f = {
-      ORDER: "bigint",
-      MASK: "bigint",
-      BYTES: "number",
-      BITS: "number"
-    }, y = j.reduce((B, T) => (B[T] = "function", B), f);
-    return (0, e._validateObject)(s, y), s;
-  }
-  function L(s, f, y) {
-    if (y < r)
-      throw new Error("invalid exponent, negatives unsupported");
-    if (y === r)
-      return s.ONE;
-    if (y === c)
-      return f;
-    let B = s.ONE, T = f;
-    for (; y > r; )
-      y & c && (B = s.mul(B, T)), T = s.sqr(T), y >>= c;
-    return B;
-  }
-  function _(s, f, y = !1) {
-    const B = new Array(f.length).fill(y ? s.ZERO : void 0), T = f.reduce((Y, I, q) => s.is0(I) ? Y : (B[q] = Y, s.mul(Y, I)), s.ONE), V = s.inv(T);
-    return f.reduceRight((Y, I, q) => s.is0(I) ? Y : (B[q] = s.mul(Y, B[q]), s.mul(Y, I)), V), B;
-  }
-  function K(s, f, y) {
-    return s.mul(f, typeof y == "bigint" ? S(y, s.ORDER) : s.inv(y));
-  }
-  function W(s, f) {
-    const y = (s.ORDER - c) / t, B = s.pow(f, y), T = s.eql(B, s.ONE), V = s.eql(B, s.ZERO), Y = s.eql(B, s.neg(s.ONE));
-    if (!T && !V && !Y)
-      throw new Error("invalid Legendre symbol result");
-    return T ? 1 : V ? 0 : -1;
-  }
-  function z(s, f) {
-    return W(s, f) === 1;
-  }
-  function d(s, f) {
-    f !== void 0 && (0, e.anumber)(f);
-    const y = f !== void 0 ? f : s.toString(2).length, B = Math.ceil(y / 8);
-    return { nBitLength: y, nByteLength: B };
-  }
-  function u(s, f, y = !1, B = {}) {
-    if (s <= r)
-      throw new Error("invalid field: expected ORDER > 0, got " + s);
-    let T, V, Y = !1, I;
-    if (typeof f == "object" && f != null) {
-      if (B.sqrt || y)
-        throw new Error("cannot specify opts in two arguments");
-      const x = f;
-      x.BITS && (T = x.BITS), x.sqrt && (V = x.sqrt), typeof x.isLE == "boolean" && (y = x.isLE), typeof x.modFromBytes == "boolean" && (Y = x.modFromBytes), I = x.allowedLengths;
-    } else
-      typeof f == "number" && (T = f), B.sqrt && (V = B.sqrt);
-    const { nBitLength: q, nByteLength: C } = d(s, T);
-    if (C > 2048)
-      throw new Error("invalid field: expected ORDER of <= 2048 bytes");
-    let te;
-    const $ = Object.freeze({
-      ORDER: s,
-      isLE: y,
-      BITS: q,
-      BYTES: C,
-      MASK: (0, e.bitMask)(q),
-      ZERO: r,
-      ONE: c,
-      allowedLengths: I,
-      create: (x) => k(x, s),
-      isValid: (x) => {
-        if (typeof x != "bigint")
-          throw new Error("invalid field element: expected bigint, got " + typeof x);
-        return r <= x && x < s;
-      },
-      is0: (x) => x === r,
-      // is valid and invertible
-      isValidNot0: (x) => !$.is0(x) && $.isValid(x),
-      isOdd: (x) => (x & c) === c,
-      neg: (x) => k(-x, s),
-      eql: (x, X) => x === X,
-      sqr: (x) => k(x * x, s),
-      add: (x, X) => k(x + X, s),
-      sub: (x, X) => k(x - X, s),
-      mul: (x, X) => k(x * X, s),
-      pow: (x, X) => L($, x, X),
-      div: (x, X) => k(x * S(X, s), s),
-      // Same as above, but doesn't normalize
-      sqrN: (x) => x * x,
-      addN: (x, X) => x + X,
-      subN: (x, X) => x - X,
-      mulN: (x, X) => x * X,
-      inv: (x) => S(x, s),
-      sqrt: V || ((x) => (te || (te = se(s)), te($, x))),
-      toBytes: (x) => y ? (0, e.numberToBytesLE)(x, C) : (0, e.numberToBytesBE)(x, C),
-      fromBytes: (x, X = !0) => {
-        if (I) {
-          if (!I.includes(x.length) || x.length > C)
-            throw new Error("Field.fromBytes: expected " + I + " bytes, got " + x.length);
-          const ye = new Uint8Array(C);
-          ye.set(x, y ? 0 : ye.length - x.length), x = ye;
-        }
-        if (x.length !== C)
-          throw new Error("Field.fromBytes: expected " + C + " bytes, got " + x.length);
-        let ae = y ? (0, e.bytesToNumberLE)(x) : (0, e.bytesToNumberBE)(x);
-        if (Y && (ae = k(ae, s)), !X && !$.isValid(ae))
-          throw new Error("invalid field element: outside of range 0..ORDER");
-        return ae;
-      },
-      // TODO: we don't need it here, move out to separate fn
-      invertBatch: (x) => _($, x),
-      // We can't move this out because Fp6, Fp12 implement it
-      // and it's unclear what to return in there.
-      cmov: (x, X, ae) => ae ? X : x
-    });
-    return Object.freeze($);
-  }
-  function n(s, f) {
-    if (!s.isOdd)
-      throw new Error("Field doesn't have isOdd");
-    const y = s.sqrt(f);
-    return s.isOdd(y) ? y : s.neg(y);
-  }
-  function a(s, f) {
-    if (!s.isOdd)
-      throw new Error("Field doesn't have isOdd");
-    const y = s.sqrt(f);
-    return s.isOdd(y) ? s.neg(y) : y;
-  }
-  function i(s, f, y = !1) {
-    s = (0, e.ensureBytes)("privateHash", s);
-    const B = s.length, T = d(f).nByteLength + 8;
-    if (T < 24 || B < T || B > 1024)
-      throw new Error("hashToPrivateScalar: expected " + T + "-1024 bytes of input, got " + B);
-    const V = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s);
-    return k(V, f - c) + c;
-  }
-  function o(s) {
-    if (typeof s != "bigint")
-      throw new Error("field order must be bigint");
-    const f = s.toString(2).length;
-    return Math.ceil(f / 8);
-  }
-  function h(s) {
-    const f = o(s);
-    return f + Math.ceil(f / 2);
-  }
-  function w(s, f, y = !1) {
-    const B = s.length, T = o(f), V = h(f);
-    if (B < 16 || B < V || B > 1024)
-      throw new Error("expected " + V + "-1024 bytes of input, got " + B);
-    const Y = y ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s), I = k(Y, f - c) + c;
-    return y ? (0, e.numberToBytesLE)(I, T) : (0, e.numberToBytesBE)(I, T);
-  }
-  return he;
-}
-var Tt;
-function gn() {
-  if (Tt) return Oe;
-  Tt = 1, Object.defineProperty(Oe, "__esModule", { value: !0 }), Oe.wNAF = void 0, Oe.negateCt = l, Oe.normalizeZ = m, Oe.mulEndoUnsafe = M, Oe.pippenger = Q, Oe.precomputeMSMUnsafe = F, Oe.validateBasic = G, Oe._createCurveFields = ie;
-  const e = /* @__PURE__ */ Ce(), r = /* @__PURE__ */ $e(), c = BigInt(0), t = BigInt(1);
-  function l(j, O) {
-    const L = O.negate();
-    return j ? L : O;
-  }
-  function m(j, O) {
-    const L = (0, r.FpInvertBatch)(j.Fp, O.map((_) => _.Z));
-    return O.map((_, K) => j.fromAffine(_.toAffine(L[K])));
-  }
-  function g(j, O) {
-    if (!Number.isSafeInteger(j) || j <= 0 || j > O)
-      throw new Error("invalid window size, expected [1.." + O + "], got W=" + j);
-  }
-  function p(j, O) {
-    g(j, O);
-    const L = Math.ceil(O / j) + 1, _ = 2 ** (j - 1), K = 2 ** j, W = (0, e.bitMask)(j), z = BigInt(j);
-    return { windows: L, windowSize: _, mask: W, maxNumber: K, shiftBy: z };
-  }
-  function v(j, O, L) {
-    const { windowSize: _, mask: K, maxNumber: W, shiftBy: z } = L;
-    let d = Number(j & K), u = j >> z;
-    d > _ && (d -= W, u += t);
-    const n = O * _, a = n + Math.abs(d) - 1, i = d === 0, o = d < 0, h = O % 2 !== 0;
-    return { nextN: u, offset: a, isZero: i, isNeg: o, isNegF: h, offsetF: n };
-  }
-  function U(j, O) {
-    if (!Array.isArray(j))
-      throw new Error("array expected");
-    j.forEach((L, _) => {
-      if (!(L instanceof O))
-        throw new Error("invalid point at index " + _);
-    });
-  }
-  function H(j, O) {
-    if (!Array.isArray(j))
-      throw new Error("array of scalars expected");
-    j.forEach((L, _) => {
-      if (!O.isValid(L))
-        throw new Error("invalid scalar at index " + _);
-    });
-  }
-  const k = /* @__PURE__ */ new WeakMap(), E = /* @__PURE__ */ new WeakMap();
-  function b(j) {
-    return E.get(j) || 1;
-  }
-  function S(j) {
-    if (j !== c)
-      throw new Error("invalid wNAF");
-  }
-  class A {
-    // Parametrized with a given Point class (not individual point)
-    constructor(O, L) {
-      this.BASE = O.BASE, this.ZERO = O.ZERO, this.Fn = O.Fn, this.bits = L;
-    }
-    // non-const time multiplication ladder
-    _unsafeLadder(O, L, _ = this.ZERO) {
-      let K = O;
-      for (; L > c; )
-        L & t && (_ = _.add(K)), K = K.double(), L >>= t;
-      return _;
-    }
-    /**
-     * Creates a wNAF precomputation window. Used for caching.
-     * Default window size is set by `utils.precompute()` and is equal to 8.
-     * Number of precomputed points depends on the curve size:
-     * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
-     * - 𝑊 is the window size
-     * - 𝑛 is the bitlength of the curve order.
-     * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
-     * @param point Point instance
-     * @param W window size
-     * @returns precomputed point tables flattened to a single array
-     */
-    precomputeWindow(O, L) {
-      const { windows: _, windowSize: K } = p(L, this.bits), W = [];
-      let z = O, d = z;
-      for (let u = 0; u < _; u++) {
-        d = z, W.push(d);
-        for (let n = 1; n < K; n++)
-          d = d.add(z), W.push(d);
-        z = d.double();
-      }
-      return W;
-    }
-    /**
-     * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
-     * More compact implementation:
-     * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
-     * @returns real and fake (for const-time) points
-     */
-    wNAF(O, L, _) {
-      if (!this.Fn.isValid(_))
-        throw new Error("invalid scalar");
-      let K = this.ZERO, W = this.BASE;
-      const z = p(O, this.bits);
-      for (let d = 0; d < z.windows; d++) {
-        const { nextN: u, offset: n, isZero: a, isNeg: i, isNegF: o, offsetF: h } = v(_, d, z);
-        _ = u, a ? W = W.add(l(o, L[h])) : K = K.add(l(i, L[n]));
-      }
-      return S(_), { p: K, f: W };
-    }
-    /**
-     * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
-     * @param acc accumulator point to add result of multiplication
-     * @returns point
-     */
-    wNAFUnsafe(O, L, _, K = this.ZERO) {
-      const W = p(O, this.bits);
-      for (let z = 0; z < W.windows && _ !== c; z++) {
-        const { nextN: d, offset: u, isZero: n, isNeg: a } = v(_, z, W);
-        if (_ = d, !n) {
-          const i = L[u];
-          K = K.add(a ? i.negate() : i);
-        }
-      }
-      return S(_), K;
-    }
-    getPrecomputes(O, L, _) {
-      let K = k.get(L);
-      return K || (K = this.precomputeWindow(L, O), O !== 1 && (typeof _ == "function" && (K = _(K)), k.set(L, K))), K;
-    }
-    cached(O, L, _) {
-      const K = b(O);
-      return this.wNAF(K, this.getPrecomputes(K, O, _), L);
-    }
-    unsafe(O, L, _, K) {
-      const W = b(O);
-      return W === 1 ? this._unsafeLadder(O, L, K) : this.wNAFUnsafe(W, this.getPrecomputes(W, O, _), L, K);
-    }
-    // We calculate precomputes for elliptic curve point multiplication
-    // using windowed method. This specifies window size and
-    // stores precomputed values. Usually only base point would be precomputed.
-    createCache(O, L) {
-      g(L, this.bits), E.set(O, L), k.delete(O);
-    }
-    hasCache(O) {
-      return b(O) !== 1;
-    }
-  }
-  Oe.wNAF = A;
-  function M(j, O, L, _) {
-    let K = O, W = j.ZERO, z = j.ZERO;
-    for (; L > c || _ > c; )
-      L & t && (W = W.add(K)), _ & t && (z = z.add(K)), K = K.double(), L >>= t, _ >>= t;
-    return { p1: W, p2: z };
-  }
-  function Q(j, O, L, _) {
-    U(L, j), H(_, O);
-    const K = L.length, W = _.length;
-    if (K !== W)
-      throw new Error("arrays of points and scalars must have equal length");
-    const z = j.ZERO, d = (0, e.bitLen)(BigInt(K));
-    let u = 1;
-    d > 12 ? u = d - 3 : d > 4 ? u = d - 2 : d > 0 && (u = 2);
-    const n = (0, e.bitMask)(u), a = new Array(Number(n) + 1).fill(z), i = Math.floor((O.BITS - 1) / u) * u;
-    let o = z;
-    for (let h = i; h >= 0; h -= u) {
-      a.fill(z);
-      for (let s = 0; s < W; s++) {
-        const f = _[s], y = Number(f >> BigInt(h) & n);
-        a[y] = a[y].add(L[s]);
-      }
-      let w = z;
-      for (let s = a.length - 1, f = z; s > 0; s--)
-        f = f.add(a[s]), w = w.add(f);
-      if (o = o.add(w), h !== 0)
-        for (let s = 0; s < u; s++)
-          o = o.double();
-    }
-    return o;
-  }
-  function F(j, O, L, _) {
-    g(_, O.BITS), U(L, j);
-    const K = j.ZERO, W = 2 ** _ - 1, z = Math.ceil(O.BITS / _), d = (0, e.bitMask)(_), u = L.map((n) => {
-      const a = [];
-      for (let i = 0, o = n; i < W; i++)
-        a.push(o), o = o.add(n);
-      return a;
-    });
-    return (n) => {
-      if (H(n, O), n.length > L.length)
-        throw new Error("array of scalars must be smaller than array of points");
-      let a = K;
-      for (let i = 0; i < z; i++) {
-        if (a !== K)
-          for (let h = 0; h < _; h++)
-            a = a.double();
-        const o = BigInt(z * _ - (i + 1) * _);
-        for (let h = 0; h < n.length; h++) {
-          const w = n[h], s = Number(w >> o & d);
-          s && (a = a.add(u[h][s - 1]));
-        }
-      }
-      return a;
-    };
-  }
-  function G(j) {
-    return (0, r.validateField)(j.Fp), (0, e.validateObject)(j, {
-      n: "bigint",
-      h: "bigint",
-      Gx: "field",
-      Gy: "field"
-    }, {
-      nBitLength: "isSafeInteger",
-      nByteLength: "isSafeInteger"
-    }), Object.freeze({
-      ...(0, r.nLength)(j.n, j.nBitLength),
-      ...j,
-      p: j.Fp.ORDER
-    });
-  }
-  function se(j, O, L) {
-    if (O) {
-      if (O.ORDER !== j)
-        throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
-      return (0, r.validateField)(O), O;
-    } else
-      return (0, r.Field)(j, { isLE: L });
-  }
-  function ie(j, O, L = {}, _) {
-    if (_ === void 0 && (_ = j === "edwards"), !O || typeof O != "object")
-      throw new Error(`expected valid ${j} CURVE object`);
-    for (const u of ["p", "n", "h"]) {
-      const n = O[u];
-      if (!(typeof n == "bigint" && n > c))
-        throw new Error(`CURVE.${u} must be positive bigint`);
-    }
-    const K = se(O.p, L.Fp, _), W = se(O.n, L.Fn, _), d = ["Gx", "Gy", "a", j === "weierstrass" ? "b" : "d"];
-    for (const u of d)
-      if (!K.isValid(O[u]))
-        throw new Error(`CURVE.${u} must be valid field element of CURVE.Fp`);
-    return O = Object.freeze(Object.assign({}, O)), { CURVE: O, Fp: K, Fn: W };
-  }
-  return Oe;
-}
-var xt;
-function Ct() {
-  return xt || (xt = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e.DER = e.DERErr = void 0, e._splitEndoScalar = p, e._normFnElement = M, e.weierstrassN = Q, e.SWUFpSqrtRatio = G, e.mapToCurveSimpleSWU = se, e.ecdh = j, e.ecdsa = O, e.weierstrassPoints = L, e._legacyHelperEquat = W, e.weierstrass = u;
-    const r = /* @__PURE__ */ ln(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ Ce(), l = /* @__PURE__ */ gn(), m = /* @__PURE__ */ $e(), g = (n, a) => (n + (n >= 0 ? a : -a) / b) / a;
-    function p(n, a, i) {
-      const [[o, h], [w, s]] = a, f = g(s * n, i), y = g(-h * n, i);
-      let B = n - f * o - y * w, T = -f * h - y * s;
-      const V = B < k, Y = T < k;
-      V && (B = -B), Y && (T = -T);
-      const I = (0, t.bitMask)(Math.ceil((0, t.bitLen)(i) / 2)) + E;
-      if (B < k || B >= I || T < k || T >= I)
-        throw new Error("splitScalar (endomorphism): failed, k=" + n);
-      return { k1neg: V, k1: B, k2neg: Y, k2: T };
-    }
-    function v(n) {
-      if (!["compact", "recovered", "der"].includes(n))
-        throw new Error('Signature format must be "compact", "recovered", or "der"');
-      return n;
-    }
-    function U(n, a) {
-      const i = {};
-      for (let o of Object.keys(a))
-        i[o] = n[o] === void 0 ? a[o] : n[o];
-      return (0, t._abool2)(i.lowS, "lowS"), (0, t._abool2)(i.prehash, "prehash"), i.format !== void 0 && v(i.format), i;
-    }
-    class H extends Error {
-      constructor(a = "") {
-        super(a);
-      }
-    }
-    e.DERErr = H, e.DER = {
-      // asn.1 DER encoding utils
-      Err: H,
-      // Basic building block is TLV (Tag-Length-Value)
-      _tlv: {
-        encode: (n, a) => {
-          const { Err: i } = e.DER;
-          if (n < 0 || n > 256)
-            throw new i("tlv.encode: wrong tag");
-          if (a.length & 1)
-            throw new i("tlv.encode: unpadded data");
-          const o = a.length / 2, h = (0, t.numberToHexUnpadded)(o);
-          if (h.length / 2 & 128)
-            throw new i("tlv.encode: long form length too big");
-          const w = o > 127 ? (0, t.numberToHexUnpadded)(h.length / 2 | 128) : "";
-          return (0, t.numberToHexUnpadded)(n) + w + h + a;
-        },
-        // v - value, l - left bytes (unparsed)
-        decode(n, a) {
-          const { Err: i } = e.DER;
-          let o = 0;
-          if (n < 0 || n > 256)
-            throw new i("tlv.encode: wrong tag");
-          if (a.length < 2 || a[o++] !== n)
-            throw new i("tlv.decode: wrong tlv");
-          const h = a[o++], w = !!(h & 128);
-          let s = 0;
-          if (!w)
-            s = h;
-          else {
-            const y = h & 127;
-            if (!y)
-              throw new i("tlv.decode(long): indefinite length not supported");
-            if (y > 4)
-              throw new i("tlv.decode(long): byte length is too big");
-            const B = a.subarray(o, o + y);
-            if (B.length !== y)
-              throw new i("tlv.decode: length bytes not complete");
-            if (B[0] === 0)
-              throw new i("tlv.decode(long): zero leftmost byte");
-            for (const T of B)
-              s = s << 8 | T;
-            if (o += y, s < 128)
-              throw new i("tlv.decode(long): not minimal encoding");
-          }
-          const f = a.subarray(o, o + s);
-          if (f.length !== s)
-            throw new i("tlv.decode: wrong value length");
-          return { v: f, l: a.subarray(o + s) };
-        }
-      },
-      // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
-      // since we always use positive integers here. It must always be empty:
-      // - add zero byte if exists
-      // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
-      _int: {
-        encode(n) {
-          const { Err: a } = e.DER;
-          if (n < k)
-            throw new a("integer: negative integers are not allowed");
-          let i = (0, t.numberToHexUnpadded)(n);
-          if (Number.parseInt(i[0], 16) & 8 && (i = "00" + i), i.length & 1)
-            throw new a("unexpected DER parsing assertion: unpadded hex");
-          return i;
-        },
-        decode(n) {
-          const { Err: a } = e.DER;
-          if (n[0] & 128)
-            throw new a("invalid signature integer: negative");
-          if (n[0] === 0 && !(n[1] & 128))
-            throw new a("invalid signature integer: unnecessary leading zero");
-          return (0, t.bytesToNumberBE)(n);
-        }
-      },
-      toSig(n) {
-        const { Err: a, _int: i, _tlv: o } = e.DER, h = (0, t.ensureBytes)("signature", n), { v: w, l: s } = o.decode(48, h);
-        if (s.length)
-          throw new a("invalid signature: left bytes after parsing");
-        const { v: f, l: y } = o.decode(2, w), { v: B, l: T } = o.decode(2, y);
-        if (T.length)
-          throw new a("invalid signature: left bytes after parsing");
-        return { r: i.decode(f), s: i.decode(B) };
-      },
-      hexFromSig(n) {
-        const { _tlv: a, _int: i } = e.DER, o = a.encode(2, i.encode(n.r)), h = a.encode(2, i.encode(n.s)), w = o + h;
-        return a.encode(48, w);
-      }
-    };
-    const k = BigInt(0), E = BigInt(1), b = BigInt(2), S = BigInt(3), A = BigInt(4);
-    function M(n, a) {
-      const { BYTES: i } = n;
-      let o;
-      if (typeof a == "bigint")
-        o = a;
-      else {
-        let h = (0, t.ensureBytes)("private key", a);
-        try {
-          o = n.fromBytes(h);
-        } catch {
-          throw new Error(`invalid private key: expected ui8a of size ${i}, got ${typeof a}`);
-        }
-      }
-      if (!n.isValidNot0(o))
-        throw new Error("invalid private key: out of range [1..N-1]");
-      return o;
-    }
-    function Q(n, a = {}) {
-      const i = (0, l._createCurveFields)("weierstrass", n, a), { Fp: o, Fn: h } = i;
-      let w = i.CURVE;
-      const { h: s, n: f } = w;
-      (0, t._validateObject)(a, {}, {
-        allowInfinityPoint: "boolean",
-        clearCofactor: "function",
-        isTorsionFree: "function",
-        fromBytes: "function",
-        toBytes: "function",
-        endo: "object",
-        wrapPrivateKey: "boolean"
-      });
-      const { endo: y } = a;
-      if (y && (!o.is0(w.a) || typeof y.beta != "bigint" || !Array.isArray(y.basises)))
-        throw new Error('invalid endo: expected "beta": bigint and "basises": array');
-      const B = ie(o, h);
-      function T() {
-        if (!o.isOdd)
-          throw new Error("compression is not supported: Field does not have .isOdd()");
-      }
-      function V(le, Z, N) {
-        const { x: R, y: D } = Z.toAffine(), J = o.toBytes(R);
-        if ((0, t._abool2)(N, "isCompressed"), N) {
-          T();
-          const re = !o.isOdd(D);
-          return (0, t.concatBytes)(F(re), J);
-        } else
-          return (0, t.concatBytes)(Uint8Array.of(4), J, o.toBytes(D));
-      }
-      function Y(le) {
-        (0, t._abytes2)(le, void 0, "Point");
-        const { publicKey: Z, publicKeyUncompressed: N } = B, R = le.length, D = le[0], J = le.subarray(1);
-        if (R === Z && (D === 2 || D === 3)) {
-          const re = o.fromBytes(J);
-          if (!o.isValid(re))
-            throw new Error("bad point: is not on curve, wrong x");
-          const ne = C(re);
-          let ee;
-          try {
-            ee = o.sqrt(ne);
-          } catch (we) {
-            const de = we instanceof Error ? ": " + we.message : "";
-            throw new Error("bad point: is not on curve, sqrt error" + de);
-          }
-          T();
-          const oe = o.isOdd(ee);
-          return (D & 1) === 1 !== oe && (ee = o.neg(ee)), { x: re, y: ee };
-        } else if (R === N && D === 4) {
-          const re = o.BYTES, ne = o.fromBytes(J.subarray(0, re)), ee = o.fromBytes(J.subarray(re, re * 2));
-          if (!te(ne, ee))
-            throw new Error("bad point: is not on curve");
-          return { x: ne, y: ee };
-        } else
-          throw new Error(`bad point: got length ${R}, expected compressed=${Z} or uncompressed=${N}`);
-      }
-      const I = a.toBytes || V, q = a.fromBytes || Y;
-      function C(le) {
-        const Z = o.sqr(le), N = o.mul(Z, le);
-        return o.add(o.add(N, o.mul(le, w.a)), w.b);
-      }
-      function te(le, Z) {
-        const N = o.sqr(Z), R = C(le);
-        return o.eql(N, R);
-      }
-      if (!te(w.Gx, w.Gy))
-        throw new Error("bad curve params: generator point");
-      const $ = o.mul(o.pow(w.a, S), A), x = o.mul(o.sqr(w.b), BigInt(27));
-      if (o.is0(o.add($, x)))
-        throw new Error("bad curve params: a or b");
-      function X(le, Z, N = !1) {
-        if (!o.isValid(Z) || N && o.is0(Z))
-          throw new Error(`bad point coordinate ${le}`);
-        return Z;
-      }
-      function ae(le) {
-        if (!(le instanceof fe))
-          throw new Error("ProjectivePoint expected");
-      }
-      function ye(le) {
-        if (!y || !y.basises)
-          throw new Error("no endo");
-        return p(le, y.basises, h.ORDER);
-      }
-      const pe = (0, t.memoized)((le, Z) => {
-        const { X: N, Y: R, Z: D } = le;
-        if (o.eql(D, o.ONE))
-          return { x: N, y: R };
-        const J = le.is0();
-        Z == null && (Z = J ? o.ONE : o.inv(D));
-        const re = o.mul(N, Z), ne = o.mul(R, Z), ee = o.mul(D, Z);
-        if (J)
-          return { x: o.ZERO, y: o.ZERO };
-        if (!o.eql(ee, o.ONE))
-          throw new Error("invZ was invalid");
-        return { x: re, y: ne };
-      }), ve = (0, t.memoized)((le) => {
-        if (le.is0()) {
-          if (a.allowInfinityPoint && !o.is0(le.Y))
-            return;
-          throw new Error("bad point: ZERO");
-        }
-        const { x: Z, y: N } = le.toAffine();
-        if (!o.isValid(Z) || !o.isValid(N))
-          throw new Error("bad point: x or y not field elements");
-        if (!te(Z, N))
-          throw new Error("bad point: equation left != right");
-        if (!le.isTorsionFree())
-          throw new Error("bad point: not in prime-order subgroup");
-        return !0;
-      });
-      function xe(le, Z, N, R, D) {
-        return N = new fe(o.mul(N.X, le), N.Y, N.Z), Z = (0, l.negateCt)(R, Z), N = (0, l.negateCt)(D, N), Z.add(N);
-      }
-      class fe {
-        /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-        constructor(Z, N, R) {
-          this.X = X("x", Z), this.Y = X("y", N, !0), this.Z = X("z", R), Object.freeze(this);
-        }
-        static CURVE() {
-          return w;
-        }
-        /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-        static fromAffine(Z) {
-          const { x: N, y: R } = Z || {};
-          if (!Z || !o.isValid(N) || !o.isValid(R))
-            throw new Error("invalid affine point");
-          if (Z instanceof fe)
-            throw new Error("projective point not allowed");
-          return o.is0(N) && o.is0(R) ? fe.ZERO : new fe(N, R, o.ONE);
-        }
-        static fromBytes(Z) {
-          const N = fe.fromAffine(q((0, t._abytes2)(Z, void 0, "point")));
-          return N.assertValidity(), N;
-        }
-        static fromHex(Z) {
-          return fe.fromBytes((0, t.ensureBytes)("pointHex", Z));
-        }
-        get x() {
-          return this.toAffine().x;
-        }
-        get y() {
-          return this.toAffine().y;
-        }
-        /**
-         *
-         * @param windowSize
-         * @param isLazy true will defer table computation until the first multiplication
-         * @returns
-         */
-        precompute(Z = 8, N = !0) {
-          return Ue.createCache(this, Z), N || this.multiply(S), this;
-        }
-        // TODO: return `this`
-        /** A point on curve is valid if it conforms to equation. */
-        assertValidity() {
-          ve(this);
-        }
-        hasEvenY() {
-          const { y: Z } = this.toAffine();
-          if (!o.isOdd)
-            throw new Error("Field doesn't support isOdd");
-          return !o.isOdd(Z);
-        }
-        /** Compare one point to another. */
-        equals(Z) {
-          ae(Z);
-          const { X: N, Y: R, Z: D } = this, { X: J, Y: re, Z: ne } = Z, ee = o.eql(o.mul(N, ne), o.mul(J, D)), oe = o.eql(o.mul(R, ne), o.mul(re, D));
-          return ee && oe;
-        }
-        /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
-        negate() {
-          return new fe(this.X, o.neg(this.Y), this.Z);
-        }
-        // Renes-Costello-Batina exception-free doubling formula.
-        // There is 30% faster Jacobian formula, but it is not complete.
-        // https://eprint.iacr.org/2015/1060, algorithm 3
-        // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
-        double() {
-          const { a: Z, b: N } = w, R = o.mul(N, S), { X: D, Y: J, Z: re } = this;
-          let ne = o.ZERO, ee = o.ZERO, oe = o.ZERO, ce = o.mul(D, D), we = o.mul(J, J), de = o.mul(re, re), ue = o.mul(D, J);
-          return ue = o.add(ue, ue), oe = o.mul(D, re), oe = o.add(oe, oe), ne = o.mul(Z, oe), ee = o.mul(R, de), ee = o.add(ne, ee), ne = o.sub(we, ee), ee = o.add(we, ee), ee = o.mul(ne, ee), ne = o.mul(ue, ne), oe = o.mul(R, oe), de = o.mul(Z, de), ue = o.sub(ce, de), ue = o.mul(Z, ue), ue = o.add(ue, oe), oe = o.add(ce, ce), ce = o.add(oe, ce), ce = o.add(ce, de), ce = o.mul(ce, ue), ee = o.add(ee, ce), de = o.mul(J, re), de = o.add(de, de), ce = o.mul(de, ue), ne = o.sub(ne, ce), oe = o.mul(de, we), oe = o.add(oe, oe), oe = o.add(oe, oe), new fe(ne, ee, oe);
-        }
-        // Renes-Costello-Batina exception-free addition formula.
-        // There is 30% faster Jacobian formula, but it is not complete.
-        // https://eprint.iacr.org/2015/1060, algorithm 1
-        // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
-        add(Z) {
-          ae(Z);
-          const { X: N, Y: R, Z: D } = this, { X: J, Y: re, Z: ne } = Z;
-          let ee = o.ZERO, oe = o.ZERO, ce = o.ZERO;
-          const we = w.a, de = o.mul(w.b, S);
-          let ue = o.mul(N, J), me = o.mul(R, re), ge = o.mul(D, ne), _e = o.add(N, R), be = o.add(J, re);
-          _e = o.mul(_e, be), be = o.add(ue, me), _e = o.sub(_e, be), be = o.add(N, D);
-          let Ee = o.add(J, ne);
-          return be = o.mul(be, Ee), Ee = o.add(ue, ge), be = o.sub(be, Ee), Ee = o.add(R, D), ee = o.add(re, ne), Ee = o.mul(Ee, ee), ee = o.add(me, ge), Ee = o.sub(Ee, ee), ce = o.mul(we, be), ee = o.mul(de, ge), ce = o.add(ee, ce), ee = o.sub(me, ce), ce = o.add(me, ce), oe = o.mul(ee, ce), me = o.add(ue, ue), me = o.add(me, ue), ge = o.mul(we, ge), be = o.mul(de, be), me = o.add(me, ge), ge = o.sub(ue, ge), ge = o.mul(we, ge), be = o.add(be, ge), ue = o.mul(me, be), oe = o.add(oe, ue), ue = o.mul(Ee, be), ee = o.mul(_e, ee), ee = o.sub(ee, ue), ue = o.mul(_e, me), ce = o.mul(Ee, ce), ce = o.add(ce, ue), new fe(ee, oe, ce);
-        }
-        subtract(Z) {
-          return this.add(Z.negate());
-        }
-        is0() {
-          return this.equals(fe.ZERO);
-        }
-        /**
-         * Constant time multiplication.
-         * Uses wNAF method. Windowed method may be 10% faster,
-         * but takes 2x longer to generate and consumes 2x memory.
-         * Uses precomputes when available.
-         * Uses endomorphism for Koblitz curves.
-         * @param scalar by which the point would be multiplied
-         * @returns New point
-         */
-        multiply(Z) {
-          const { endo: N } = a;
-          if (!h.isValidNot0(Z))
-            throw new Error("invalid scalar: out of range");
-          let R, D;
-          const J = (re) => Ue.cached(this, re, (ne) => (0, l.normalizeZ)(fe, ne));
-          if (N) {
-            const { k1neg: re, k1: ne, k2neg: ee, k2: oe } = ye(Z), { p: ce, f: we } = J(ne), { p: de, f: ue } = J(oe);
-            D = we.add(ue), R = xe(N.beta, ce, de, re, ee);
-          } else {
-            const { p: re, f: ne } = J(Z);
-            R = re, D = ne;
-          }
-          return (0, l.normalizeZ)(fe, [R, D])[0];
-        }
-        /**
-         * Non-constant-time multiplication. Uses double-and-add algorithm.
-         * It's faster, but should only be used when you don't care about
-         * an exposed secret key e.g. sig verification, which works over *public* keys.
-         */
-        multiplyUnsafe(Z) {
-          const { endo: N } = a, R = this;
-          if (!h.isValid(Z))
-            throw new Error("invalid scalar: out of range");
-          if (Z === k || R.is0())
-            return fe.ZERO;
-          if (Z === E)
-            return R;
-          if (Ue.hasCache(this))
-            return this.multiply(Z);
-          if (N) {
-            const { k1neg: D, k1: J, k2neg: re, k2: ne } = ye(Z), { p1: ee, p2: oe } = (0, l.mulEndoUnsafe)(fe, R, J, ne);
-            return xe(N.beta, ee, oe, D, re);
-          } else
-            return Ue.unsafe(R, Z);
-        }
-        multiplyAndAddUnsafe(Z, N, R) {
-          const D = this.multiplyUnsafe(N).add(Z.multiplyUnsafe(R));
-          return D.is0() ? void 0 : D;
-        }
-        /**
-         * Converts Projective point to affine (x, y) coordinates.
-         * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
-         */
-        toAffine(Z) {
-          return pe(this, Z);
-        }
-        /**
-         * Checks whether Point is free of torsion elements (is in prime subgroup).
-         * Always torsion-free for cofactor=1 curves.
-         */
-        isTorsionFree() {
-          const { isTorsionFree: Z } = a;
-          return s === E ? !0 : Z ? Z(fe, this) : Ue.unsafe(this, f).is0();
-        }
-        clearCofactor() {
-          const { clearCofactor: Z } = a;
-          return s === E ? this : Z ? Z(fe, this) : this.multiplyUnsafe(s);
-        }
-        isSmallOrder() {
-          return this.multiplyUnsafe(s).is0();
-        }
-        toBytes(Z = !0) {
-          return (0, t._abool2)(Z, "isCompressed"), this.assertValidity(), I(fe, this, Z);
-        }
-        toHex(Z = !0) {
-          return (0, t.bytesToHex)(this.toBytes(Z));
-        }
-        toString() {
-          return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
-        }
-        // TODO: remove
-        get px() {
-          return this.X;
-        }
-        get py() {
-          return this.X;
-        }
-        get pz() {
-          return this.Z;
-        }
-        toRawBytes(Z = !0) {
-          return this.toBytes(Z);
-        }
-        _setWindowSize(Z) {
-          this.precompute(Z);
-        }
-        static normalizeZ(Z) {
-          return (0, l.normalizeZ)(fe, Z);
-        }
-        static msm(Z, N) {
-          return (0, l.pippenger)(fe, h, Z, N);
-        }
-        static fromPrivateKey(Z) {
-          return fe.BASE.multiply(M(h, Z));
-        }
-      }
-      fe.BASE = new fe(w.Gx, w.Gy, o.ONE), fe.ZERO = new fe(o.ZERO, o.ONE, o.ZERO), fe.Fp = o, fe.Fn = h;
-      const Ye = h.BITS, Ue = new l.wNAF(fe, a.endo ? Math.ceil(Ye / 2) : Ye);
-      return fe.BASE.precompute(8), fe;
-    }
-    function F(n) {
-      return Uint8Array.of(n ? 2 : 3);
-    }
-    function G(n, a) {
-      const i = n.ORDER;
-      let o = k;
-      for (let q = i - E; q % b === k; q /= b)
-        o += E;
-      const h = o, w = b << h - E - E, s = w * b, f = (i - E) / s, y = (f - E) / b, B = s - E, T = w, V = n.pow(a, f), Y = n.pow(a, (f + E) / b);
-      let I = (q, C) => {
-        let te = V, $ = n.pow(C, B), x = n.sqr($);
-        x = n.mul(x, C);
-        let X = n.mul(q, x);
-        X = n.pow(X, y), X = n.mul(X, $), $ = n.mul(X, C), x = n.mul(X, q);
-        let ae = n.mul(x, $);
-        X = n.pow(ae, T);
-        let ye = n.eql(X, n.ONE);
-        $ = n.mul(x, Y), X = n.mul(ae, te), x = n.cmov($, x, ye), ae = n.cmov(X, ae, ye);
-        for (let pe = h; pe > E; pe--) {
-          let ve = pe - b;
-          ve = b << ve - E;
-          let xe = n.pow(ae, ve);
-          const fe = n.eql(xe, n.ONE);
-          $ = n.mul(x, te), te = n.mul(te, te), xe = n.mul(ae, te), x = n.cmov($, x, fe), ae = n.cmov(xe, ae, fe);
-        }
-        return { isValid: ye, value: x };
-      };
-      if (n.ORDER % A === S) {
-        const q = (n.ORDER - S) / A, C = n.sqrt(n.neg(a));
-        I = (te, $) => {
-          let x = n.sqr($);
-          const X = n.mul(te, $);
-          x = n.mul(x, X);
-          let ae = n.pow(x, q);
-          ae = n.mul(ae, X);
-          const ye = n.mul(ae, C), pe = n.mul(n.sqr(ae), $), ve = n.eql(pe, te);
-          let xe = n.cmov(ye, ae, ve);
-          return { isValid: ve, value: xe };
-        };
-      }
-      return I;
-    }
-    function se(n, a) {
-      (0, m.validateField)(n);
-      const { A: i, B: o, Z: h } = a;
-      if (!n.isValid(i) || !n.isValid(o) || !n.isValid(h))
-        throw new Error("mapToCurveSimpleSWU: invalid opts");
-      const w = G(n, h);
-      if (!n.isOdd)
-        throw new Error("Field does not have .isOdd()");
-      return (s) => {
-        let f, y, B, T, V, Y, I, q;
-        f = n.sqr(s), f = n.mul(f, h), y = n.sqr(f), y = n.add(y, f), B = n.add(y, n.ONE), B = n.mul(B, o), T = n.cmov(h, n.neg(y), !n.eql(y, n.ZERO)), T = n.mul(T, i), y = n.sqr(B), Y = n.sqr(T), V = n.mul(Y, i), y = n.add(y, V), y = n.mul(y, B), Y = n.mul(Y, T), V = n.mul(Y, o), y = n.add(y, V), I = n.mul(f, B);
-        const { isValid: C, value: te } = w(y, Y);
-        q = n.mul(f, s), q = n.mul(q, te), I = n.cmov(I, B, C), q = n.cmov(q, te, C);
-        const $ = n.isOdd(s) === n.isOdd(q);
-        q = n.cmov(n.neg(q), q, $);
-        const x = (0, m.FpInvertBatch)(n, [T], !0)[0];
-        return I = n.mul(I, x), { x: I, y: q };
-      };
-    }
-    function ie(n, a) {
-      return {
-        secretKey: a.BYTES,
-        publicKey: 1 + n.BYTES,
-        publicKeyUncompressed: 1 + 2 * n.BYTES,
-        publicKeyHasPrefix: !0,
-        signature: 2 * a.BYTES
-      };
-    }
-    function j(n, a = {}) {
-      const { Fn: i } = n, o = a.randomBytes || t.randomBytes, h = Object.assign(ie(n.Fp, i), { seed: (0, m.getMinHashLength)(i.ORDER) });
-      function w(I) {
-        try {
-          return !!M(i, I);
-        } catch {
-          return !1;
-        }
-      }
-      function s(I, q) {
-        const { publicKey: C, publicKeyUncompressed: te } = h;
-        try {
-          const $ = I.length;
-          return q === !0 && $ !== C || q === !1 && $ !== te ? !1 : !!n.fromBytes(I);
-        } catch {
-          return !1;
-        }
-      }
-      function f(I = o(h.seed)) {
-        return (0, m.mapHashToField)((0, t._abytes2)(I, h.seed, "seed"), i.ORDER);
-      }
-      function y(I, q = !0) {
-        return n.BASE.multiply(M(i, I)).toBytes(q);
-      }
-      function B(I) {
-        const q = f(I);
-        return { secretKey: q, publicKey: y(q) };
-      }
-      function T(I) {
-        if (typeof I == "bigint")
-          return !1;
-        if (I instanceof n)
-          return !0;
-        const { secretKey: q, publicKey: C, publicKeyUncompressed: te } = h;
-        if (i.allowedLengths || q === C)
-          return;
-        const $ = (0, t.ensureBytes)("key", I).length;
-        return $ === C || $ === te;
-      }
-      function V(I, q, C = !0) {
-        if (T(I) === !0)
-          throw new Error("first arg must be private key");
-        if (T(q) === !1)
-          throw new Error("second arg must be public key");
-        const te = M(i, I);
-        return n.fromHex(q).multiply(te).toBytes(C);
-      }
-      return Object.freeze({ getPublicKey: y, getSharedSecret: V, keygen: B, Point: n, utils: {
-        isValidSecretKey: w,
-        isValidPublicKey: s,
-        randomSecretKey: f,
-        // TODO: remove
-        isValidPrivateKey: w,
-        randomPrivateKey: f,
-        normPrivateKeyToScalar: (I) => M(i, I),
-        precompute(I = 8, q = n.BASE) {
-          return q.precompute(I, !1);
-        }
-      }, lengths: h });
-    }
-    function O(n, a, i = {}) {
-      (0, c.ahash)(a), (0, t._validateObject)(i, {}, {
-        hmac: "function",
-        lowS: "boolean",
-        randomBytes: "function",
-        bits2int: "function",
-        bits2int_modN: "function"
-      });
-      const o = i.randomBytes || t.randomBytes, h = i.hmac || ((N, ...R) => (0, r.hmac)(a, N, (0, t.concatBytes)(...R))), { Fp: w, Fn: s } = n, { ORDER: f, BITS: y } = s, { keygen: B, getPublicKey: T, getSharedSecret: V, utils: Y, lengths: I } = j(n, i), q = {
-        prehash: !1,
-        lowS: typeof i.lowS == "boolean" ? i.lowS : !1,
-        format: void 0,
-        //'compact' as ECDSASigFormat,
-        extraEntropy: !1
-      }, C = "compact";
-      function te(N) {
-        const R = f >> E;
-        return N > R;
-      }
-      function $(N, R) {
-        if (!s.isValidNot0(R))
-          throw new Error(`invalid signature ${N}: out of range 1..Point.Fn.ORDER`);
-        return R;
-      }
-      function x(N, R) {
-        v(R);
-        const D = I.signature, J = R === "compact" ? D : R === "recovered" ? D + 1 : void 0;
-        return (0, t._abytes2)(N, J, `${R} signature`);
-      }
-      class X {
-        constructor(R, D, J) {
-          this.r = $("r", R), this.s = $("s", D), J != null && (this.recovery = J), Object.freeze(this);
-        }
-        static fromBytes(R, D = C) {
-          x(R, D);
-          let J;
-          if (D === "der") {
-            const { r: oe, s: ce } = e.DER.toSig((0, t._abytes2)(R));
-            return new X(oe, ce);
-          }
-          D === "recovered" && (J = R[0], D = "compact", R = R.subarray(1));
-          const re = s.BYTES, ne = R.subarray(0, re), ee = R.subarray(re, re * 2);
-          return new X(s.fromBytes(ne), s.fromBytes(ee), J);
-        }
-        static fromHex(R, D) {
-          return this.fromBytes((0, t.hexToBytes)(R), D);
-        }
-        addRecoveryBit(R) {
-          return new X(this.r, this.s, R);
-        }
-        recoverPublicKey(R) {
-          const D = w.ORDER, { r: J, s: re, recovery: ne } = this;
-          if (ne == null || ![0, 1, 2, 3].includes(ne))
-            throw new Error("recovery id invalid");
-          if (f * b < D && ne > 1)
-            throw new Error("recovery id is ambiguous for h>1 curve");
-          const oe = ne === 2 || ne === 3 ? J + f : J;
-          if (!w.isValid(oe))
-            throw new Error("recovery id 2 or 3 invalid");
-          const ce = w.toBytes(oe), we = n.fromBytes((0, t.concatBytes)(F((ne & 1) === 0), ce)), de = s.inv(oe), ue = ye((0, t.ensureBytes)("msgHash", R)), me = s.create(-ue * de), ge = s.create(re * de), _e = n.BASE.multiplyUnsafe(me).add(we.multiplyUnsafe(ge));
-          if (_e.is0())
-            throw new Error("point at infinify");
-          return _e.assertValidity(), _e;
-        }
-        // Signatures should be low-s, to prevent malleability.
-        hasHighS() {
-          return te(this.s);
-        }
-        toBytes(R = C) {
-          if (v(R), R === "der")
-            return (0, t.hexToBytes)(e.DER.hexFromSig(this));
-          const D = s.toBytes(this.r), J = s.toBytes(this.s);
-          if (R === "recovered") {
-            if (this.recovery == null)
-              throw new Error("recovery bit must be present");
-            return (0, t.concatBytes)(Uint8Array.of(this.recovery), D, J);
-          }
-          return (0, t.concatBytes)(D, J);
-        }
-        toHex(R) {
-          return (0, t.bytesToHex)(this.toBytes(R));
-        }
-        // TODO: remove
-        assertValidity() {
-        }
-        static fromCompact(R) {
-          return X.fromBytes((0, t.ensureBytes)("sig", R), "compact");
-        }
-        static fromDER(R) {
-          return X.fromBytes((0, t.ensureBytes)("sig", R), "der");
-        }
-        normalizeS() {
-          return this.hasHighS() ? new X(this.r, s.neg(this.s), this.recovery) : this;
-        }
-        toDERRawBytes() {
-          return this.toBytes("der");
-        }
-        toDERHex() {
-          return (0, t.bytesToHex)(this.toBytes("der"));
-        }
-        toCompactRawBytes() {
-          return this.toBytes("compact");
-        }
-        toCompactHex() {
-          return (0, t.bytesToHex)(this.toBytes("compact"));
-        }
-      }
-      const ae = i.bits2int || function(R) {
-        if (R.length > 8192)
-          throw new Error("input is too large");
-        const D = (0, t.bytesToNumberBE)(R), J = R.length * 8 - y;
-        return J > 0 ? D >> BigInt(J) : D;
-      }, ye = i.bits2int_modN || function(R) {
-        return s.create(ae(R));
-      }, pe = (0, t.bitMask)(y);
-      function ve(N) {
-        return (0, t.aInRange)("num < 2^" + y, N, k, pe), s.toBytes(N);
-      }
-      function xe(N, R) {
-        return (0, t._abytes2)(N, void 0, "message"), R ? (0, t._abytes2)(a(N), void 0, "prehashed message") : N;
-      }
-      function fe(N, R, D) {
-        if (["recovered", "canonical"].some((me) => me in D))
-          throw new Error("sign() legacy options not supported");
-        const { lowS: J, prehash: re, extraEntropy: ne } = U(D, q);
-        N = xe(N, re);
-        const ee = ye(N), oe = M(s, R), ce = [ve(oe), ve(ee)];
-        if (ne != null && ne !== !1) {
-          const me = ne === !0 ? o(I.secretKey) : ne;
-          ce.push((0, t.ensureBytes)("extraEntropy", me));
-        }
-        const we = (0, t.concatBytes)(...ce), de = ee;
-        function ue(me) {
-          const ge = ae(me);
-          if (!s.isValidNot0(ge))
-            return;
-          const _e = s.inv(ge), be = n.BASE.multiply(ge).toAffine(), Ee = s.create(be.x);
-          if (Ee === k)
-            return;
-          const Pe = s.create(_e * s.create(de + Ee * oe));
-          if (Pe === k)
-            return;
-          let pt = (be.x === Ee ? 0 : 2) | Number(be.y & E), vt = Pe;
-          return J && te(Pe) && (vt = s.neg(Pe), pt ^= 1), new X(Ee, vt, pt);
-        }
-        return { seed: we, k2sig: ue };
-      }
-      function Ye(N, R, D = {}) {
-        N = (0, t.ensureBytes)("message", N);
-        const { seed: J, k2sig: re } = fe(N, R, D);
-        return (0, t.createHmacDrbg)(a.outputLen, s.BYTES, h)(J, re);
-      }
-      function Ue(N) {
-        let R;
-        const D = typeof N == "string" || (0, t.isBytes)(N), J = !D && N !== null && typeof N == "object" && typeof N.r == "bigint" && typeof N.s == "bigint";
-        if (!D && !J)
-          throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
-        if (J)
-          R = new X(N.r, N.s);
-        else if (D) {
-          try {
-            R = X.fromBytes((0, t.ensureBytes)("sig", N), "der");
-          } catch (re) {
-            if (!(re instanceof e.DER.Err))
-              throw re;
-          }
-          if (!R)
-            try {
-              R = X.fromBytes((0, t.ensureBytes)("sig", N), "compact");
-            } catch {
-              return !1;
-            }
-        }
-        return R || !1;
-      }
-      function le(N, R, D, J = {}) {
-        const { lowS: re, prehash: ne, format: ee } = U(J, q);
-        if (D = (0, t.ensureBytes)("publicKey", D), R = xe((0, t.ensureBytes)("message", R), ne), "strict" in J)
-          throw new Error("options.strict was renamed to lowS");
-        const oe = ee === void 0 ? Ue(N) : X.fromBytes((0, t.ensureBytes)("sig", N), ee);
-        if (oe === !1)
-          return !1;
-        try {
-          const ce = n.fromBytes(D);
-          if (re && oe.hasHighS())
-            return !1;
-          const { r: we, s: de } = oe, ue = ye(R), me = s.inv(de), ge = s.create(ue * me), _e = s.create(we * me), be = n.BASE.multiplyUnsafe(ge).add(ce.multiplyUnsafe(_e));
-          return be.is0() ? !1 : s.create(be.x) === we;
-        } catch {
-          return !1;
-        }
-      }
-      function Z(N, R, D = {}) {
-        const { prehash: J } = U(D, q);
-        return R = xe(R, J), X.fromBytes(N, "recovered").recoverPublicKey(R).toBytes();
-      }
-      return Object.freeze({
-        keygen: B,
-        getPublicKey: T,
-        getSharedSecret: V,
-        utils: Y,
-        lengths: I,
-        Point: n,
-        sign: Ye,
-        verify: le,
-        recoverPublicKey: Z,
-        Signature: X,
-        hash: a
-      });
-    }
-    function L(n) {
-      const { CURVE: a, curveOpts: i } = _(n), o = Q(a, i);
-      return z(n, o);
-    }
-    function _(n) {
-      const a = {
-        a: n.a,
-        b: n.b,
-        p: n.Fp.ORDER,
-        n: n.n,
-        h: n.h,
-        Gx: n.Gx,
-        Gy: n.Gy
-      }, i = n.Fp;
-      let o = n.allowedPrivateKeyLengths ? Array.from(new Set(n.allowedPrivateKeyLengths.map((s) => Math.ceil(s / 2)))) : void 0;
-      const h = (0, m.Field)(a.n, {
-        BITS: n.nBitLength,
-        allowedLengths: o,
-        modFromBytes: n.wrapPrivateKey
-      }), w = {
-        Fp: i,
-        Fn: h,
-        allowInfinityPoint: n.allowInfinityPoint,
-        endo: n.endo,
-        isTorsionFree: n.isTorsionFree,
-        clearCofactor: n.clearCofactor,
-        fromBytes: n.fromBytes,
-        toBytes: n.toBytes
-      };
-      return { CURVE: a, curveOpts: w };
-    }
-    function K(n) {
-      const { CURVE: a, curveOpts: i } = _(n), o = {
-        hmac: n.hmac,
-        randomBytes: n.randomBytes,
-        lowS: n.lowS,
-        bits2int: n.bits2int,
-        bits2int_modN: n.bits2int_modN
-      };
-      return { CURVE: a, curveOpts: i, hash: n.hash, ecdsaOpts: o };
-    }
-    function W(n, a, i) {
-      function o(h) {
-        const w = n.sqr(h), s = n.mul(w, h);
-        return n.add(n.add(s, n.mul(h, a)), i);
-      }
-      return o;
-    }
-    function z(n, a) {
-      const { Fp: i, Fn: o } = a;
-      function h(s) {
-        return (0, t.inRange)(s, E, o.ORDER);
-      }
-      const w = W(i, n.a, n.b);
-      return Object.assign({}, {
-        CURVE: n,
-        Point: a,
-        ProjectivePoint: a,
-        normPrivateKeyToScalar: (s) => M(o, s),
-        weierstrassEquation: w,
-        isWithinCurveOrder: h
-      });
-    }
-    function d(n, a) {
-      const i = a.Point;
-      return Object.assign({}, a, {
-        ProjectivePoint: i,
-        CURVE: Object.assign({}, n, (0, m.nLength)(i.Fn.ORDER, i.Fn.BITS))
-      });
-    }
-    function u(n) {
-      const { CURVE: a, curveOpts: i, hash: o, ecdsaOpts: h } = K(n), w = Q(a, i), s = O(w, o, h);
-      return d(n, s);
-    }
-  })(nt)), nt;
-}
-var Ot;
-function En() {
-  if (Ot) return Ke;
-  Ot = 1, Object.defineProperty(Ke, "__esModule", { value: !0 }), Ke.getHash = r, Ke.createCurve = c;
-  const e = /* @__PURE__ */ Ct();
-  function r(t) {
-    return { hash: t };
-  }
-  function c(t, l) {
-    const m = (g) => (0, e.weierstrass)({ ...t, hash: g });
-    return { ...m(l), create: m };
-  }
-  return Ke;
-}
-var ot = {}, Rt;
-function Bn() {
-  return Rt || (Rt = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e._DST_scalar = void 0, e.expand_message_xmd = v, e.expand_message_xof = U, e.hash_to_field = H, e.isogenyMap = k, e.createHasher = E;
-    const r = /* @__PURE__ */ Ce(), c = /* @__PURE__ */ $e(), t = r.bytesToNumberBE;
-    function l(b, S) {
-      if (g(b), g(S), b < 0 || b >= 1 << 8 * S)
-        throw new Error("invalid I2OSP input: " + b);
-      const A = Array.from({ length: S }).fill(0);
-      for (let M = S - 1; M >= 0; M--)
-        A[M] = b & 255, b >>>= 8;
-      return new Uint8Array(A);
-    }
-    function m(b, S) {
-      const A = new Uint8Array(b.length);
-      for (let M = 0; M < b.length; M++)
-        A[M] = b[M] ^ S[M];
-      return A;
-    }
-    function g(b) {
-      if (!Number.isSafeInteger(b))
-        throw new Error("number expected");
-    }
-    function p(b) {
-      if (!(0, r.isBytes)(b) && typeof b != "string")
-        throw new Error("DST must be Uint8Array or string");
-      return typeof b == "string" ? (0, r.utf8ToBytes)(b) : b;
-    }
-    function v(b, S, A, M) {
-      (0, r.abytes)(b), g(A), S = p(S), S.length > 255 && (S = M((0, r.concatBytes)((0, r.utf8ToBytes)("H2C-OVERSIZE-DST-"), S)));
-      const { outputLen: Q, blockLen: F } = M, G = Math.ceil(A / Q);
-      if (A > 65535 || G > 255)
-        throw new Error("expand_message_xmd: invalid lenInBytes");
-      const se = (0, r.concatBytes)(S, l(S.length, 1)), ie = l(0, F), j = l(A, 2), O = new Array(G), L = M((0, r.concatBytes)(ie, b, j, l(0, 1), se));
-      O[0] = M((0, r.concatBytes)(L, l(1, 1), se));
-      for (let K = 1; K <= G; K++) {
-        const W = [m(L, O[K - 1]), l(K + 1, 1), se];
-        O[K] = M((0, r.concatBytes)(...W));
-      }
-      return (0, r.concatBytes)(...O).slice(0, A);
-    }
-    function U(b, S, A, M, Q) {
-      if ((0, r.abytes)(b), g(A), S = p(S), S.length > 255) {
-        const F = Math.ceil(2 * M / 8);
-        S = Q.create({ dkLen: F }).update((0, r.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(S).digest();
-      }
-      if (A > 65535 || S.length > 255)
-        throw new Error("expand_message_xof: invalid lenInBytes");
-      return Q.create({ dkLen: A }).update(b).update(l(A, 2)).update(S).update(l(S.length, 1)).digest();
-    }
-    function H(b, S, A) {
-      (0, r._validateObject)(A, {
-        p: "bigint",
-        m: "number",
-        k: "number",
-        hash: "function"
-      });
-      const { p: M, k: Q, m: F, hash: G, expand: se, DST: ie } = A;
-      if (!(0, r.isHash)(A.hash))
-        throw new Error("expected valid hash");
-      (0, r.abytes)(b), g(S);
-      const j = M.toString(2).length, O = Math.ceil((j + Q) / 8), L = S * F * O;
-      let _;
-      if (se === "xmd")
-        _ = v(b, ie, L, G);
-      else if (se === "xof")
-        _ = U(b, ie, L, Q, G);
-      else if (se === "_internal_pass")
-        _ = b;
-      else
-        throw new Error('expand must be "xmd" or "xof"');
-      const K = new Array(S);
-      for (let W = 0; W < S; W++) {
-        const z = new Array(F);
-        for (let d = 0; d < F; d++) {
-          const u = O * (d + W * F), n = _.subarray(u, u + O);
-          z[d] = (0, c.mod)(t(n), M);
-        }
-        K[W] = z;
-      }
-      return K;
-    }
-    function k(b, S) {
-      const A = S.map((M) => Array.from(M).reverse());
-      return (M, Q) => {
-        const [F, G, se, ie] = A.map((L) => L.reduce((_, K) => b.add(b.mul(_, M), K))), [j, O] = (0, c.FpInvertBatch)(b, [G, ie], !0);
-        return M = b.mul(F, j), Q = b.mul(Q, b.mul(se, O)), { x: M, y: Q };
-      };
-    }
-    e._DST_scalar = (0, r.utf8ToBytes)("HashToScalar-");
-    function E(b, S, A) {
-      if (typeof S != "function")
-        throw new Error("mapToCurve() must be defined");
-      function M(F) {
-        return b.fromAffine(S(F));
-      }
-      function Q(F) {
-        const G = F.clearCofactor();
-        return G.equals(b.ZERO) ? b.ZERO : (G.assertValidity(), G);
-      }
-      return {
-        defaults: A,
-        hashToCurve(F, G) {
-          const se = Object.assign({}, A, G), ie = H(F, 2, se), j = M(ie[0]), O = M(ie[1]);
-          return Q(j.add(O));
-        },
-        encodeToCurve(F, G) {
-          const se = A.encodeDST ? { DST: A.encodeDST } : {}, ie = Object.assign({}, A, se, G), j = H(F, 1, ie), O = M(j[0]);
-          return Q(O);
-        },
-        /** See {@link H2CHasher} */
-        mapToCurve(F) {
-          if (!Array.isArray(F))
-            throw new Error("expected array of bigints");
-          for (const G of F)
-            if (typeof G != "bigint")
-              throw new Error("expected array of bigints");
-          return Q(M(F));
-        },
-        // hash_to_scalar can produce 0: https://www.rfc-editor.org/errata/eid8393
-        // RFC 9380, draft-irtf-cfrg-bbs-signatures-08
-        hashToScalar(F, G) {
-          const se = b.Fn.ORDER, ie = Object.assign({}, A, { p: se, m: 1, DST: e._DST_scalar }, G);
-          return H(F, 1, ie)[0][0];
-        }
-      };
-    }
-  })(ot)), ot;
-}
-var qt;
-function er() {
-  return qt || (qt = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e.encodeToCurve = e.hashToCurve = e.secp256k1_hasher = e.schnorr = e.secp256k1 = void 0;
-    const r = /* @__PURE__ */ dn(), c = /* @__PURE__ */ We(), t = /* @__PURE__ */ En(), l = /* @__PURE__ */ Bn(), m = /* @__PURE__ */ $e(), g = /* @__PURE__ */ Ct(), p = /* @__PURE__ */ Ce(), v = {
-      p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
-      n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
-      h: BigInt(1),
-      a: BigInt(0),
-      b: BigInt(7),
-      Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
-      Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
-    }, U = {
-      beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
-      basises: [
-        [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
-        [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
-      ]
-    }, H = /* @__PURE__ */ BigInt(0), k = /* @__PURE__ */ BigInt(1), E = /* @__PURE__ */ BigInt(2);
-    function b(d) {
-      const u = v.p, n = BigInt(3), a = BigInt(6), i = BigInt(11), o = BigInt(22), h = BigInt(23), w = BigInt(44), s = BigInt(88), f = d * d * d % u, y = f * f * d % u, B = (0, m.pow2)(y, n, u) * y % u, T = (0, m.pow2)(B, n, u) * y % u, V = (0, m.pow2)(T, E, u) * f % u, Y = (0, m.pow2)(V, i, u) * V % u, I = (0, m.pow2)(Y, o, u) * Y % u, q = (0, m.pow2)(I, w, u) * I % u, C = (0, m.pow2)(q, s, u) * q % u, te = (0, m.pow2)(C, w, u) * I % u, $ = (0, m.pow2)(te, n, u) * y % u, x = (0, m.pow2)($, h, u) * Y % u, X = (0, m.pow2)(x, a, u) * f % u, ae = (0, m.pow2)(X, E, u);
-      if (!S.eql(S.sqr(ae), d))
-        throw new Error("Cannot find square root");
-      return ae;
-    }
-    const S = (0, m.Field)(v.p, { sqrt: b });
-    e.secp256k1 = (0, t.createCurve)({ ...v, Fp: S, lowS: !0, endo: U }, r.sha256);
-    const A = {};
-    function M(d, ...u) {
-      let n = A[d];
-      if (n === void 0) {
-        const a = (0, r.sha256)((0, p.utf8ToBytes)(d));
-        n = (0, p.concatBytes)(a, a), A[d] = n;
-      }
-      return (0, r.sha256)((0, p.concatBytes)(n, ...u));
-    }
-    const Q = (d) => d.toBytes(!0).slice(1), F = e.secp256k1.Point, G = (d) => d % E === H;
-    function se(d) {
-      const { Fn: u, BASE: n } = F, a = (0, g._normFnElement)(u, d), i = n.multiply(a);
-      return { scalar: G(i.y) ? a : u.neg(a), bytes: Q(i) };
-    }
-    function ie(d) {
-      const u = S;
-      if (!u.isValidNot0(d))
-        throw new Error("invalid x: Fail if x ≥ p");
-      const n = u.create(d * d), a = u.create(n * d + BigInt(7));
-      let i = u.sqrt(a);
-      G(i) || (i = u.neg(i));
-      const o = F.fromAffine({ x: d, y: i });
-      return o.assertValidity(), o;
-    }
-    const j = p.bytesToNumberBE;
-    function O(...d) {
-      return F.Fn.create(j(M("BIP0340/challenge", ...d)));
-    }
-    function L(d) {
-      return se(d).bytes;
-    }
-    function _(d, u, n = (0, c.randomBytes)(32)) {
-      const { Fn: a } = F, i = (0, p.ensureBytes)("message", d), { bytes: o, scalar: h } = se(u), w = (0, p.ensureBytes)("auxRand", n, 32), s = a.toBytes(h ^ j(M("BIP0340/aux", w))), f = M("BIP0340/nonce", s, o, i), { bytes: y, scalar: B } = se(f), T = O(y, o, i), V = new Uint8Array(64);
-      if (V.set(y, 0), V.set(a.toBytes(a.create(B + T * h)), 32), !K(V, i, o))
-        throw new Error("sign: Invalid signature produced");
-      return V;
-    }
-    function K(d, u, n) {
-      const { Fn: a, BASE: i } = F, o = (0, p.ensureBytes)("signature", d, 64), h = (0, p.ensureBytes)("message", u), w = (0, p.ensureBytes)("publicKey", n, 32);
-      try {
-        const s = ie(j(w)), f = j(o.subarray(0, 32));
-        if (!(0, p.inRange)(f, k, v.p))
-          return !1;
-        const y = j(o.subarray(32, 64));
-        if (!(0, p.inRange)(y, k, v.n))
-          return !1;
-        const B = O(a.toBytes(f), Q(s), h), T = i.multiplyUnsafe(y).add(s.multiplyUnsafe(a.neg(B))), { x: V, y: Y } = T.toAffine();
-        return !(T.is0() || !G(Y) || V !== f);
-      } catch {
-        return !1;
-      }
-    }
-    e.schnorr = (() => {
-      const n = (i = (0, c.randomBytes)(48)) => (0, m.mapHashToField)(i, v.n);
-      e.secp256k1.utils.randomSecretKey;
-      function a(i) {
-        const o = n(i);
-        return { secretKey: o, publicKey: L(o) };
-      }
-      return {
-        keygen: a,
-        getPublicKey: L,
-        sign: _,
-        verify: K,
-        Point: F,
-        utils: {
-          randomSecretKey: n,
-          randomPrivateKey: n,
-          taggedHash: M,
-          // TODO: remove
-          lift_x: ie,
-          pointToBytes: Q,
-          numberToBytesBE: p.numberToBytesBE,
-          bytesToNumberBE: p.bytesToNumberBE,
-          mod: m.mod
-        },
-        lengths: {
-          secretKey: 32,
-          publicKey: 32,
-          publicKeyHasPrefix: !1,
-          signature: 64,
-          seed: 48
-        }
-      };
-    })();
-    const W = (0, l.isogenyMap)(S, [
-      // xNum
-      [
-        "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7",
-        "0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581",
-        "0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262",
-        "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"
-      ],
-      // xDen
-      [
-        "0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b",
-        "0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14",
-        "0x0000000000000000000000000000000000000000000000000000000000000001"
-        // LAST 1
-      ],
-      // yNum
-      [
-        "0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c",
-        "0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3",
-        "0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931",
-        "0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"
-      ],
-      // yDen
-      [
-        "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b",
-        "0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573",
-        "0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f",
-        "0x0000000000000000000000000000000000000000000000000000000000000001"
-        // LAST 1
-      ]
-    ].map((d) => d.map((u) => BigInt(u)))), z = (0, g.mapToCurveSimpleSWU)(S, {
-      A: BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),
-      B: BigInt("1771"),
-      Z: S.create(BigInt("-11"))
-    });
-    e.secp256k1_hasher = (0, l.createHasher)(e.secp256k1.Point, (d) => {
-      const { x: u, y: n } = z(S.create(d[0]));
-      return W(u, n);
-    }, {
-      DST: "secp256k1_XMD:SHA-256_SSWU_RO_",
-      encodeDST: "secp256k1_XMD:SHA-256_SSWU_NU_",
-      p: S.ORDER,
-      m: 1,
-      k: 128,
-      expand: "xmd",
-      hash: r.sha256
-    }), e.hashToCurve = e.secp256k1_hasher.hashToCurve, e.encodeToCurve = e.secp256k1_hasher.encodeToCurve;
-  })(tt)), tt;
-}
-var P = {}, It;
-function tr() {
-  if (It) return P;
-  It = 1, Object.defineProperty(P, "__esModule", { value: !0 }), P.isHash = P.validateObject = P.memoized = P.notImplemented = P.createHmacDrbg = P.bitMask = P.bitSet = P.bitGet = P.bitLen = P.aInRange = P.inRange = P.asciiToBytes = P.copyBytes = P.equalBytes = P.ensureBytes = P.numberToVarBytesBE = P.numberToBytesLE = P.numberToBytesBE = P.bytesToNumberLE = P.bytesToNumberBE = P.hexToNumber = P.numberToHexUnpadded = P.abool = P.utf8ToBytes = P.randomBytes = P.isBytes = P.hexToBytes = P.concatBytes = P.bytesToUtf8 = P.bytesToHex = P.anumber = P.abytes = void 0;
-  const e = /* @__PURE__ */ Ce();
-  return P.abytes = e.abytes, P.anumber = e.anumber, P.bytesToHex = e.bytesToHex, P.bytesToUtf8 = e.bytesToUtf8, P.concatBytes = e.concatBytes, P.hexToBytes = e.hexToBytes, P.isBytes = e.isBytes, P.randomBytes = e.randomBytes, P.utf8ToBytes = e.utf8ToBytes, P.abool = e.abool, P.numberToHexUnpadded = e.numberToHexUnpadded, P.hexToNumber = e.hexToNumber, P.bytesToNumberBE = e.bytesToNumberBE, P.bytesToNumberLE = e.bytesToNumberLE, P.numberToBytesBE = e.numberToBytesBE, P.numberToBytesLE = e.numberToBytesLE, P.numberToVarBytesBE = e.numberToVarBytesBE, P.ensureBytes = e.ensureBytes, P.equalBytes = e.equalBytes, P.copyBytes = e.copyBytes, P.asciiToBytes = e.asciiToBytes, P.inRange = e.inRange, P.aInRange = e.aInRange, P.bitLen = e.bitLen, P.bitGet = e.bitGet, P.bitSet = e.bitSet, P.bitMask = e.bitMask, P.createHmacDrbg = e.createHmacDrbg, P.notImplemented = e.notImplemented, P.memoized = e.memoized, P.validateObject = e.validateObject, P.isHash = e.isHash, P;
-}
-function nr(e, r = "") {
-  if (typeof e != "boolean") {
-    const c = r && `"${r}" `;
-    throw new Error(c + "expected boolean, got type=" + typeof e);
-  }
-  return e;
-}
-function mt(e) {
-  if (!Number.isSafeInteger(e) || e < 0 || e > 4294967295)
-    throw new Error("wrong u32 integer:" + e);
-  return e;
+import { p as ht, q as it, e as V, t as lt, f as J, u as de, d as Mt, v as ae, i as Kt, w as he } from "./noble-hashes.js";
+const Rt = /* @__PURE__ */ BigInt(0), Bt = /* @__PURE__ */ BigInt(1);
+function dt(n, t = "") {
+  if (typeof n != "boolean") {
+    const r = t && `"${t}" `;
+    throw new Error(r + "expected boolean, got type=" + typeof n);
+  }
+  return n;
+}
+function zt(n) {
+  if (typeof n == "bigint") {
+    if (!ut(n))
+      throw new Error("positive bigint expected, got " + n);
+  } else
+    it(n);
+  return n;
 }
-function Kt(e) {
-  return mt(e), (e & e - 1) === 0 && e !== 0;
+function ct(n) {
+  const t = zt(n).toString(16);
+  return t.length & 1 ? "0" + t : t;
 }
-function pn(e, r) {
-  mt(e);
-  let c = 0;
-  for (let t = 0; t < r; t++, e >>>= 1)
-    c = c << 1 | e & 1;
-  return c;
+function Ct(n) {
+  if (typeof n != "string")
+    throw new Error("hex string expected, got " + typeof n);
+  return n === "" ? Rt : BigInt("0x" + n);
 }
-function zt(e) {
-  return mt(e), 31 - Math.clz32(e);
+function wt(n) {
+  return Ct(ht(n));
 }
-function Nt(e) {
-  const r = e.length;
-  if (r < 2 || !Kt(r))
-    throw new Error("n must be a power of 2 and greater than 1. Got " + r);
-  const c = zt(r);
-  for (let t = 0; t < r; t++) {
-    const l = pn(t, c);
-    if (t < l) {
-      const m = e[t];
-      e[t] = e[l], e[l] = m;
-    }
-  }
-  return e;
+function Ht(n) {
+  return Ct(ht(we(V(n)).reverse()));
 }
-const rr = (e, r) => {
-  const { N: c, roots: t, dit: l, invertButterflies: m = !1, skipStages: g = 0, brp: p = !0 } = r, v = zt(c);
-  if (!Kt(c))
-    throw new Error("FFT: Polynomial size should be power of two");
-  const U = l !== m;
-  return (H) => {
-    if (H.length !== c)
-      throw new Error("FFT: wrong Polynomial length");
-    l && p && Nt(H);
-    for (let k = 0, E = 1; k < v - g; k++) {
-      const b = l ? k + 1 + g : v - k, S = 1 << b, A = S >> 1, M = c >> b;
-      for (let Q = 0; Q < c; Q += S)
-        for (let F = 0, G = E++; F < A; F++) {
-          const se = m ? l ? c - G : G : F * M, ie = Q + F, j = Q + F + A, O = t[se], L = H[j], _ = H[ie];
-          if (U) {
-            const K = e.mul(L, O);
-            H[ie] = e.add(_, K), H[j] = e.sub(_, K);
-          } else m ? (H[ie] = e.add(L, _), H[j] = e.mul(e.sub(L, _), O)) : (H[ie] = e.add(_, L), H[j] = e.mul(e.sub(_, L), O));
-        }
-    }
-    return !l && p && Nt(H), H;
-  };
-};
-const bt = /* @__PURE__ */ BigInt(0), lt = /* @__PURE__ */ BigInt(1);
-function Je(e, r = "") {
-  if (typeof e != "boolean") {
-    const c = r && `"${r}"`;
-    throw new Error(c + "expected boolean, got type=" + typeof e);
-  }
-  return e;
-}
-function Ze(e, r, c = "") {
-  const t = yt(e), l = e?.length, m = r !== void 0;
-  if (!t || m && l !== r) {
-    const g = c && `"${c}" `, p = m ? ` of length ${r}` : "", v = t ? `length=${l}` : `type=${typeof e}`;
-    throw new Error(g + "expected Uint8Array" + p + ", got " + v);
-  }
-  return e;
-}
-function Xe(e) {
-  const r = e.toString(16);
-  return r.length & 1 ? "0" + r : r;
-}
-function Dt(e) {
-  if (typeof e != "string")
-    throw new Error("hex string expected, got " + typeof e);
-  return e === "" ? bt : BigInt("0x" + e);
+function xt(n, t) {
+  it(t), n = zt(n);
+  const r = lt(n.toString(16).padStart(t * 2, "0"));
+  if (r.length !== t)
+    throw new Error("number too large");
+  return r;
 }
-function et(e) {
-  return Dt(Me(e));
+function Xt(n, t) {
+  return xt(n, t).reverse();
 }
-function Yt(e) {
-  return hn(e), Dt(Me(Uint8Array.from(e).reverse()));
+function we(n) {
+  return Uint8Array.from(n);
 }
-function wt(e, r) {
-  return Qe(e.toString(16).padStart(r * 2, "0"));
+const ut = (n) => typeof n == "bigint" && Rt <= n;
+function ge(n, t, r) {
+  return ut(n) && ut(t) && ut(r) && t <= n && n < r;
 }
-function Pt(e, r) {
-  return wt(e, r).reverse();
+function me(n, t, r, e) {
+  if (!ge(t, r, e))
+    throw new Error("expected valid " + n + ": " + r + " <= n < " + e + ", got " + t);
 }
-function Se(e, r, c) {
+function be(n) {
   let t;
-  if (typeof r == "string")
-    try {
-      t = Qe(r);
-    } catch (l) {
-      throw new Error(e + " must be hex string or Uint8Array, cause: " + l);
-    }
-  else if (yt(r))
-    t = Uint8Array.from(r);
-  else
-    throw new Error(e + " must be hex string or Uint8Array");
-  return t.length, t;
-}
-const st = (e) => typeof e == "bigint" && bt <= e;
-function vn(e, r, c) {
-  return st(e) && st(r) && st(c) && r <= e && e < c;
-}
-function _n(e, r, c, t) {
-  if (!vn(r, c, t))
-    throw new Error("expected valid " + e + ": " + c + " <= n < " + t + ", got " + r);
-}
-function Xt(e) {
-  let r;
-  for (r = 0; e > bt; e >>= lt, r += 1)
+  for (t = 0; n > Rt; n >>= Bt, t += 1)
     ;
-  return r;
+  return t;
 }
-const ze = (e) => (lt << BigInt(e)) - lt;
-function Sn(e, r, c) {
-  if (typeof e != "number" || e < 2)
-    throw new Error("hashLen must be a number");
-  if (typeof r != "number" || r < 2)
-    throw new Error("qByteLen must be a number");
-  if (typeof c != "function")
+const St = (n) => (Bt << BigInt(n)) - Bt;
+function Ee(n, t, r) {
+  if (it(n, "hashLen"), it(t, "qByteLen"), typeof r != "function")
     throw new Error("hmacFn must be a function");
-  const t = (b) => new Uint8Array(b), l = (b) => Uint8Array.of(b);
-  let m = t(e), g = t(e), p = 0;
-  const v = () => {
-    m.fill(1), g.fill(0), p = 0;
-  }, U = (...b) => c(g, m, ...b), H = (b = t(0)) => {
-    g = U(l(0), b), m = U(), b.length !== 0 && (g = U(l(1), b), m = U());
-  }, k = () => {
-    if (p++ >= 1e3)
-      throw new Error("drbg: tried 1000 values");
-    let b = 0;
-    const S = [];
-    for (; b < r; ) {
-      m = U();
-      const A = m.slice();
-      S.push(A), b += m.length;
-    }
-    return Ae(...S);
+  const e = (R) => new Uint8Array(R), o = Uint8Array.of(), s = Uint8Array.of(0), i = Uint8Array.of(1), u = 1e3;
+  let c = e(n), a = e(n), w = 0;
+  const S = () => {
+    c.fill(1), a.fill(0), w = 0;
+  }, q = (...R) => r(a, J(c, ...R)), B = (R = o) => {
+    a = q(s, R), c = q(), R.length !== 0 && (a = q(i, R), c = q());
+  }, v = () => {
+    if (w++ >= u)
+      throw new Error("drbg: tried max amount of iterations");
+    let R = 0;
+    const N = [];
+    for (; R < t; ) {
+      c = q();
+      const T = c.slice();
+      N.push(T), R += c.length;
+    }
+    return J(...N);
   };
-  return (b, S) => {
-    v(), H(b);
-    let A;
-    for (; !(A = S(k())); )
-      H();
-    return v(), A;
+  return (R, N) => {
+    S(), B(R);
+    let T;
+    for (; !(T = N(v())); )
+      B();
+    return S(), T;
   };
 }
-function gt(e, r, c = {}) {
-  if (!e || typeof e != "object")
+function Ot(n, t = {}, r = {}) {
+  if (!n || typeof n != "object")
     throw new Error("expected valid options object");
-  function t(l, m, g) {
-    const p = e[l];
-    if (g && p === void 0)
+  function e(s, i, u) {
+    const c = n[s];
+    if (u && c === void 0)
       return;
-    const v = typeof p;
-    if (v !== m || p === null)
-      throw new Error(`param "${l}" is invalid: expected ${m}, got ${v}`);
-  }
-  Object.entries(r).forEach(([l, m]) => t(l, m, !1)), Object.entries(c).forEach(([l, m]) => t(l, m, !0));
-}
-function At(e) {
-  const r = /* @__PURE__ */ new WeakMap();
-  return (c, ...t) => {
-    const l = r.get(c);
-    if (l !== void 0)
-      return l;
-    const m = e(c, ...t);
-    return r.set(c, m), m;
+    const a = typeof c;
+    if (a !== i || c === null)
+      throw new Error(`param "${s}" is invalid: expected ${i}, got ${a}`);
+  }
+  const o = (s, i) => Object.entries(s).forEach(([u, c]) => e(u, c, i));
+  o(t, !1), o(r, !0);
+}
+function At(n) {
+  const t = /* @__PURE__ */ new WeakMap();
+  return (r, ...e) => {
+    const o = t.get(r);
+    if (o !== void 0)
+      return o;
+    const s = n(r, ...e);
+    return t.set(r, s), s;
   };
 }
-const Te = BigInt(0), Be = BigInt(1), je = /* @__PURE__ */ BigInt(2), Gt = /* @__PURE__ */ BigInt(3), Wt = /* @__PURE__ */ BigInt(4), Qt = /* @__PURE__ */ BigInt(5), Tn = /* @__PURE__ */ BigInt(7), Jt = /* @__PURE__ */ BigInt(8), xn = /* @__PURE__ */ BigInt(9), Ft = /* @__PURE__ */ BigInt(16);
-function qe(e, r) {
-  const c = e % r;
-  return c >= Te ? c : r + c;
+function qt(n) {
+  if (!Number.isSafeInteger(n) || n < 0 || n > 4294967295)
+    throw new Error("wrong u32 integer:" + n);
+  return n;
 }
-function Re(e, r, c) {
-  let t = e;
-  for (; r-- > Te; )
-    t *= t, t %= c;
-  return t;
+function Gt(n) {
+  return qt(n), (n & n - 1) === 0 && n !== 0;
+}
+function ye(n, t) {
+  qt(n);
+  let r = 0;
+  for (let e = 0; e < t; e++, n >>>= 1)
+    r = r << 1 | n & 1;
+  return r;
+}
+function Wt(n) {
+  return qt(n), 31 - Math.clz32(n);
 }
-function Ut(e, r) {
-  if (e === Te)
+function Lt(n) {
+  const t = n.length;
+  if (t < 2 || !Gt(t))
+    throw new Error("n must be a power of 2 and greater than 1. Got " + t);
+  const r = Wt(t);
+  for (let e = 0; e < t; e++) {
+    const o = ye(e, r);
+    if (e < o) {
+      const s = n[e];
+      n[e] = n[o], n[o] = s;
+    }
+  }
+  return n;
+}
+const Ce = (n, t) => {
+  const { N: r, roots: e, dit: o, invertButterflies: s = !1, skipStages: i = 0, brp: u = !0 } = t, c = Wt(r);
+  if (!Gt(r))
+    throw new Error("FFT: Polynomial size should be power of two");
+  const a = o !== s;
+  return (w) => {
+    if (w.length !== r)
+      throw new Error("FFT: wrong Polynomial length");
+    o && u && Lt(w);
+    for (let S = 0, q = 1; S < c - i; S++) {
+      const B = o ? S + 1 + i : c - S, v = 1 << B, _ = v >> 1, R = r >> B;
+      for (let N = 0; N < r; N += v)
+        for (let T = 0, C = q++; T < _; T++) {
+          const Y = s ? o ? r - C : C : T * R, K = N + T, M = N + T + _, F = e[Y], H = w[M], x = w[K];
+          if (a) {
+            const P = n.mul(H, F);
+            w[K] = n.add(x, P), w[M] = n.sub(x, P);
+          } else s ? (w[K] = n.add(H, x), w[M] = n.mul(n.sub(H, x), F)) : (w[K] = n.add(x, H), w[M] = n.mul(n.sub(x, H), F));
+        }
+    }
+    return !o && u && Lt(w), w;
+  };
+};
+const j = /* @__PURE__ */ BigInt(0), $ = /* @__PURE__ */ BigInt(1), et = /* @__PURE__ */ BigInt(2), Qt = /* @__PURE__ */ BigInt(3), Jt = /* @__PURE__ */ BigInt(4), Ft = /* @__PURE__ */ BigInt(5), Be = /* @__PURE__ */ BigInt(7), Pt = /* @__PURE__ */ BigInt(8), pe = /* @__PURE__ */ BigInt(9), te = /* @__PURE__ */ BigInt(16);
+function X(n, t) {
+  const r = n % t;
+  return r >= j ? r : t + r;
+}
+function z(n, t, r) {
+  let e = n;
+  for (; t-- > j; )
+    e *= e, e %= r;
+  return e;
+}
+function Dt(n, t) {
+  if (n === j)
     throw new Error("invert: expected non-zero number");
-  if (r <= Te)
-    throw new Error("invert: expected positive modulus, got " + r);
-  let c = qe(e, r), t = r, l = Te, m = Be;
-  for (; c !== Te; ) {
-    const p = t / c, v = t % c, U = l - m * p;
-    t = c, c = v, l = m, m = U;
-  }
-  if (t !== Be)
+  if (t <= j)
+    throw new Error("invert: expected positive modulus, got " + t);
+  let r = X(n, t), e = t, o = j, s = $;
+  for (; r !== j; ) {
+    const u = e / r, c = e % r, a = o - s * u;
+    e = r, r = c, o = s, s = a;
+  }
+  if (e !== $)
     throw new Error("invert: does not exist");
-  return qe(l, r);
+  return X(o, t);
 }
-function Et(e, r, c) {
-  if (!e.eql(e.sqr(r), c))
+function It(n, t, r) {
+  if (!n.eql(n.sqr(t), r))
     throw new Error("Cannot find square root");
 }
-function $t(e, r) {
-  const c = (e.ORDER + Be) / Wt, t = e.pow(r, c);
-  return Et(e, t, r), t;
-}
-function On(e, r) {
-  const c = (e.ORDER - Qt) / Jt, t = e.mul(r, je), l = e.pow(t, c), m = e.mul(r, l), g = e.mul(e.mul(m, je), l), p = e.mul(m, e.sub(g, e.ONE));
-  return Et(e, p, r), p;
-}
-function Rn(e) {
-  const r = De(e), c = en(e), t = c(r, r.neg(r.ONE)), l = c(r, t), m = c(r, r.neg(t)), g = (e + Tn) / Ft;
-  return (p, v) => {
-    let U = p.pow(v, g), H = p.mul(U, t);
-    const k = p.mul(U, l), E = p.mul(U, m), b = p.eql(p.sqr(H), v), S = p.eql(p.sqr(k), v);
-    U = p.cmov(U, H, b), H = p.cmov(E, k, S);
-    const A = p.eql(p.sqr(H), v), M = p.cmov(U, H, A);
-    return Et(p, M, v), M;
+function ee(n, t) {
+  const r = (n.ORDER + $) / Jt, e = n.pow(t, r);
+  return It(n, e, t), e;
+}
+function ve(n, t) {
+  const r = (n.ORDER - Ft) / Pt, e = n.mul(t, et), o = n.pow(e, r), s = n.mul(t, o), i = n.mul(n.mul(s, et), o), u = n.mul(s, n.sub(i, n.ONE));
+  return It(n, u, t), u;
+}
+function Re(n) {
+  const t = gt(n), r = ne(n), e = r(t, t.neg(t.ONE)), o = r(t, e), s = r(t, t.neg(e)), i = (n + Be) / te;
+  return (u, c) => {
+    let a = u.pow(c, i), w = u.mul(a, e);
+    const S = u.mul(a, o), q = u.mul(a, s), B = u.eql(u.sqr(w), c), v = u.eql(u.sqr(S), c);
+    a = u.cmov(a, w, B), w = u.cmov(q, S, v);
+    const _ = u.eql(u.sqr(w), c), R = u.cmov(a, w, _);
+    return It(u, R, c), R;
   };
 }
-function en(e) {
-  if (e < Gt)
+function ne(n) {
+  if (n < Qt)
     throw new Error("sqrt is not defined for small field");
-  let r = e - Be, c = 0;
-  for (; r % je === Te; )
-    r /= je, c++;
-  let t = je;
-  const l = De(e);
-  for (; Zt(l, t) === 1; )
-    if (t++ > 1e3)
+  let t = n - $, r = 0;
+  for (; t % et === j; )
+    t /= et, r++;
+  let e = et;
+  const o = gt(n);
+  for (; Tt(o, e) === 1; )
+    if (e++ > 1e3)
       throw new Error("Cannot find square root: probably non-prime P");
-  if (c === 1)
-    return $t;
-  let m = l.pow(t, r);
-  const g = (r + Be) / je;
-  return function(v, U) {
-    if (v.is0(U))
-      return U;
-    if (Zt(v, U) !== 1)
+  if (r === 1)
+    return ee;
+  let s = o.pow(e, t);
+  const i = (t + $) / et;
+  return function(c, a) {
+    if (c.is0(a))
+      return a;
+    if (Tt(c, a) !== 1)
       throw new Error("Cannot find square root");
-    let H = c, k = v.mul(v.ONE, m), E = v.pow(U, r), b = v.pow(U, g);
-    for (; !v.eql(E, v.ONE); ) {
-      if (v.is0(E))
-        return v.ZERO;
-      let S = 1, A = v.sqr(E);
-      for (; !v.eql(A, v.ONE); )
-        if (S++, A = v.sqr(A), S === H)
+    let w = r, S = c.mul(c.ONE, s), q = c.pow(a, t), B = c.pow(a, i);
+    for (; !c.eql(q, c.ONE); ) {
+      if (c.is0(q))
+        return c.ZERO;
+      let v = 1, _ = c.sqr(q);
+      for (; !c.eql(_, c.ONE); )
+        if (v++, _ = c.sqr(_), v === w)
           throw new Error("Cannot find square root");
-      const M = Be << BigInt(H - S - 1), Q = v.pow(k, M);
-      H = S, k = v.sqr(Q), E = v.mul(E, k), b = v.mul(b, Q);
+      const R = $ << BigInt(w - v - 1), N = c.pow(S, R);
+      w = v, S = c.sqr(N), q = c.mul(q, S), B = c.mul(B, N);
     }
-    return b;
+    return B;
   };
 }
-function qn(e) {
-  return e % Wt === Gt ? $t : e % Jt === Qt ? On : e % Ft === xn ? Rn(e) : en(e);
+function xe(n) {
+  return n % Jt === Qt ? ee : n % Pt === Ft ? ve : n % te === pe ? Re(n) : ne(n);
 }
-const In = [
+const Se = [
   "create",
   "isValid",
   "is0",
@@ -2185,191 +269,221 @@ const In = [
   "mulN",
   "sqrN"
 ];
-function Nn(e) {
-  const r = {
+function Oe(n) {
+  const t = {
     ORDER: "bigint",
-    MASK: "bigint",
     BYTES: "number",
     BITS: "number"
-  }, c = In.reduce((t, l) => (t[l] = "function", t), r);
-  return gt(e, c), e;
+  }, r = Se.reduce((e, o) => (e[o] = "function", e), t);
+  return Ot(n, r), n;
 }
-function An(e, r, c) {
-  if (c < Te)
+function qe(n, t, r) {
+  if (r < j)
     throw new Error("invalid exponent, negatives unsupported");
-  if (c === Te)
-    return e.ONE;
-  if (c === Be)
-    return r;
-  let t = e.ONE, l = r;
-  for (; c > Te; )
-    c & Be && (t = e.mul(t, l)), l = e.sqr(l), c >>= Be;
-  return t;
+  if (r === j)
+    return n.ONE;
+  if (r === $)
+    return t;
+  let e = n.ONE, o = t;
+  for (; r > j; )
+    r & $ && (e = n.mul(e, o)), o = n.sqr(o), r >>= $;
+  return e;
 }
-function tn(e, r, c = !1) {
-  const t = new Array(r.length).fill(c ? e.ZERO : void 0), l = r.reduce((g, p, v) => e.is0(p) ? g : (t[v] = g, e.mul(g, p)), e.ONE), m = e.inv(l);
-  return r.reduceRight((g, p, v) => e.is0(p) ? g : (t[v] = e.mul(g, t[v]), e.mul(g, p)), m), t;
+function re(n, t, r = !1) {
+  const e = new Array(t.length).fill(r ? n.ZERO : void 0), o = t.reduce((i, u, c) => n.is0(u) ? i : (e[c] = i, n.mul(i, u)), n.ONE), s = n.inv(o);
+  return t.reduceRight((i, u, c) => n.is0(u) ? i : (e[c] = n.mul(i, e[c]), n.mul(i, u)), s), e;
 }
-function Zt(e, r) {
-  const c = (e.ORDER - Be) / je, t = e.pow(r, c), l = e.eql(t, e.ONE), m = e.eql(t, e.ZERO), g = e.eql(t, e.neg(e.ONE));
-  if (!l && !m && !g)
+function Tt(n, t) {
+  const r = (n.ORDER - $) / et, e = n.pow(t, r), o = n.eql(e, n.ONE), s = n.eql(e, n.ZERO), i = n.eql(e, n.neg(n.ONE));
+  if (!o && !s && !i)
     throw new Error("invalid Legendre symbol result");
-  return l ? 1 : m ? 0 : -1;
-}
-function nn(e, r) {
-  r !== void 0 && yn(r);
-  const c = r !== void 0 ? r : e.toString(2).length, t = Math.ceil(c / 8);
-  return { nBitLength: c, nByteLength: t };
+  return o ? 1 : s ? 0 : -1;
+}
+function Ie(n, t) {
+  t !== void 0 && it(t);
+  const r = t !== void 0 ? t : n.toString(2).length, e = Math.ceil(r / 8);
+  return { nBitLength: r, nByteLength: e };
+}
+class Ne {
+  ORDER;
+  BITS;
+  BYTES;
+  isLE;
+  ZERO = j;
+  ONE = $;
+  _lengths;
+  _sqrt;
+  // cached sqrt
+  _mod;
+  constructor(t, r = {}) {
+    if (t <= j)
+      throw new Error("invalid field: expected ORDER > 0, got " + t);
+    let e;
+    this.isLE = !1, r != null && typeof r == "object" && (typeof r.BITS == "number" && (e = r.BITS), typeof r.sqrt == "function" && (this.sqrt = r.sqrt), typeof r.isLE == "boolean" && (this.isLE = r.isLE), r.allowedLengths && (this._lengths = r.allowedLengths?.slice()), typeof r.modFromBytes == "boolean" && (this._mod = r.modFromBytes));
+    const { nBitLength: o, nByteLength: s } = Ie(t, e);
+    if (s > 2048)
+      throw new Error("invalid field: expected ORDER of <= 2048 bytes");
+    this.ORDER = t, this.BITS = o, this.BYTES = s, this._sqrt = void 0, Object.preventExtensions(this);
+  }
+  create(t) {
+    return X(t, this.ORDER);
+  }
+  isValid(t) {
+    if (typeof t != "bigint")
+      throw new Error("invalid field element: expected bigint, got " + typeof t);
+    return j <= t && t < this.ORDER;
+  }
+  is0(t) {
+    return t === j;
+  }
+  // is valid and invertible
+  isValidNot0(t) {
+    return !this.is0(t) && this.isValid(t);
+  }
+  isOdd(t) {
+    return (t & $) === $;
+  }
+  neg(t) {
+    return X(-t, this.ORDER);
+  }
+  eql(t, r) {
+    return t === r;
+  }
+  sqr(t) {
+    return X(t * t, this.ORDER);
+  }
+  add(t, r) {
+    return X(t + r, this.ORDER);
+  }
+  sub(t, r) {
+    return X(t - r, this.ORDER);
+  }
+  mul(t, r) {
+    return X(t * r, this.ORDER);
+  }
+  pow(t, r) {
+    return qe(this, t, r);
+  }
+  div(t, r) {
+    return X(t * Dt(r, this.ORDER), this.ORDER);
+  }
+  // Same as above, but doesn't normalize
+  sqrN(t) {
+    return t * t;
+  }
+  addN(t, r) {
+    return t + r;
+  }
+  subN(t, r) {
+    return t - r;
+  }
+  mulN(t, r) {
+    return t * r;
+  }
+  inv(t) {
+    return Dt(t, this.ORDER);
+  }
+  sqrt(t) {
+    return this._sqrt || (this._sqrt = xe(this.ORDER)), this._sqrt(this, t);
+  }
+  toBytes(t) {
+    return this.isLE ? Xt(t, this.BYTES) : xt(t, this.BYTES);
+  }
+  fromBytes(t, r = !1) {
+    V(t);
+    const { _lengths: e, BYTES: o, isLE: s, ORDER: i, _mod: u } = this;
+    if (e) {
+      if (!e.includes(t.length) || t.length > o)
+        throw new Error("Field.fromBytes: expected " + e + " bytes, got " + t.length);
+      const a = new Uint8Array(o);
+      a.set(t, s ? 0 : a.length - t.length), t = a;
+    }
+    if (t.length !== o)
+      throw new Error("Field.fromBytes: expected " + o + " bytes, got " + t.length);
+    let c = s ? Ht(t) : wt(t);
+    if (u && (c = X(c, i)), !r && !this.isValid(c))
+      throw new Error("invalid field element: outside of range 0..ORDER");
+    return c;
+  }
+  // TODO: we don't need it here, move out to separate fn
+  invertBatch(t) {
+    return re(this, t);
+  }
+  // We can't move this out because Fp6, Fp12 implement it
+  // and it's unclear what to return in there.
+  cmov(t, r, e) {
+    return e ? r : t;
+  }
 }
-function De(e, r, c = !1, t = {}) {
-  if (e <= Te)
-    throw new Error("invalid field: expected ORDER > 0, got " + e);
-  let l, m, g = !1, p;
-  if (typeof r == "object" && r != null) {
-    if (t.sqrt || c)
-      throw new Error("cannot specify opts in two arguments");
-    const E = r;
-    E.BITS && (l = E.BITS), E.sqrt && (m = E.sqrt), typeof E.isLE == "boolean" && (c = E.isLE), typeof E.modFromBytes == "boolean" && (g = E.modFromBytes), p = E.allowedLengths;
-  } else
-    typeof r == "number" && (l = r), t.sqrt && (m = t.sqrt);
-  const { nBitLength: v, nByteLength: U } = nn(e, l);
-  if (U > 2048)
-    throw new Error("invalid field: expected ORDER of <= 2048 bytes");
-  let H;
-  const k = Object.freeze({
-    ORDER: e,
-    isLE: c,
-    BITS: v,
-    BYTES: U,
-    MASK: ze(v),
-    ZERO: Te,
-    ONE: Be,
-    allowedLengths: p,
-    create: (E) => qe(E, e),
-    isValid: (E) => {
-      if (typeof E != "bigint")
-        throw new Error("invalid field element: expected bigint, got " + typeof E);
-      return Te <= E && E < e;
-    },
-    is0: (E) => E === Te,
-    // is valid and invertible
-    isValidNot0: (E) => !k.is0(E) && k.isValid(E),
-    isOdd: (E) => (E & Be) === Be,
-    neg: (E) => qe(-E, e),
-    eql: (E, b) => E === b,
-    sqr: (E) => qe(E * E, e),
-    add: (E, b) => qe(E + b, e),
-    sub: (E, b) => qe(E - b, e),
-    mul: (E, b) => qe(E * b, e),
-    pow: (E, b) => An(k, E, b),
-    div: (E, b) => qe(E * Ut(b, e), e),
-    // Same as above, but doesn't normalize
-    sqrN: (E) => E * E,
-    addN: (E, b) => E + b,
-    subN: (E, b) => E - b,
-    mulN: (E, b) => E * b,
-    inv: (E) => Ut(E, e),
-    sqrt: m || ((E) => (H || (H = qn(e)), H(k, E))),
-    toBytes: (E) => c ? Pt(E, U) : wt(E, U),
-    fromBytes: (E, b = !0) => {
-      if (p) {
-        if (!p.includes(E.length) || E.length > U)
-          throw new Error("Field.fromBytes: expected " + p + " bytes, got " + E.length);
-        const A = new Uint8Array(U);
-        A.set(E, c ? 0 : A.length - E.length), E = A;
-      }
-      if (E.length !== U)
-        throw new Error("Field.fromBytes: expected " + U + " bytes, got " + E.length);
-      let S = c ? Yt(E) : et(E);
-      if (g && (S = qe(S, e)), !b && !k.isValid(S))
-        throw new Error("invalid field element: outside of range 0..ORDER");
-      return S;
-    },
-    // TODO: we don't need it here, move out to separate fn
-    invertBatch: (E) => tn(k, E),
-    // We can't move this out because Fp6, Fp12 implement it
-    // and it's unclear what to return in there.
-    cmov: (E, b, S) => S ? b : E
-  });
-  return Object.freeze(k);
+function gt(n, t = {}) {
+  return new Ne(n, t);
 }
-function rn(e) {
-  if (typeof e != "bigint")
+function oe(n) {
+  if (typeof n != "bigint")
     throw new Error("field order must be bigint");
-  const r = e.toString(2).length;
-  return Math.ceil(r / 8);
-}
-function on(e) {
-  const r = rn(e);
-  return r + Math.ceil(r / 2);
-}
-function Un(e, r, c = !1) {
-  const t = e.length, l = rn(r), m = on(r);
-  if (t < 16 || t < m || t > 1024)
-    throw new Error("expected " + m + "-1024 bytes of input, got " + t);
-  const g = c ? Yt(e) : et(e), p = qe(g, r - Be) + Be;
-  return c ? Pt(p, l) : wt(p, l);
-}
-const Ve = BigInt(0), Le = BigInt(1);
-function Fe(e, r) {
-  const c = r.negate();
-  return e ? c : r;
-}
-function it(e, r) {
-  const c = tn(e.Fp, r.map((t) => t.Z));
-  return r.map((t, l) => e.fromAffine(t.toAffine(c[l])));
-}
-function sn(e, r) {
-  if (!Number.isSafeInteger(e) || e <= 0 || e > r)
-    throw new Error("invalid window size, expected [1.." + r + "], got W=" + e);
-}
-function ct(e, r) {
-  sn(e, r);
-  const c = Math.ceil(r / e) + 1, t = 2 ** (e - 1), l = 2 ** e, m = ze(e), g = BigInt(e);
-  return { windows: c, windowSize: t, mask: m, maxNumber: l, shiftBy: g };
-}
-function jt(e, r, c) {
-  const { windowSize: t, mask: l, maxNumber: m, shiftBy: g } = c;
-  let p = Number(e & l), v = e >> g;
-  p > t && (p -= m, v += Le);
-  const U = r * t, H = U + Math.abs(p) - 1, k = p === 0, E = p < 0, b = r % 2 !== 0;
-  return { nextN: v, offset: H, isZero: k, isNeg: E, isNegF: b, offsetF: U };
-}
-function Zn(e, r) {
-  if (!Array.isArray(e))
-    throw new Error("array expected");
-  e.forEach((c, t) => {
-    if (!(c instanceof r))
-      throw new Error("invalid point at index " + t);
-  });
-}
-function jn(e, r) {
-  if (!Array.isArray(e))
-    throw new Error("array of scalars expected");
-  e.forEach((c, t) => {
-    if (!r.isValid(c))
-      throw new Error("invalid scalar at index " + t);
-  });
-}
-const at = /* @__PURE__ */ new WeakMap(), cn = /* @__PURE__ */ new WeakMap();
-function ft(e) {
-  return cn.get(e) || 1;
-}
-function Lt(e) {
-  if (e !== Ve)
+  const t = n.toString(2).length;
+  return Math.ceil(t / 8);
+}
+function ie(n) {
+  const t = oe(n);
+  return t + Math.ceil(t / 2);
+}
+function _e(n, t, r = !1) {
+  V(n);
+  const e = n.length, o = oe(t), s = ie(t);
+  if (e < 16 || e < s || e > 1024)
+    throw new Error("expected " + s + "-1024 bytes of input, got " + e);
+  const i = r ? Ht(n) : wt(n), u = X(i, t - $) + $;
+  return r ? Xt(u, o) : xt(u, o);
+}
+const ot = /* @__PURE__ */ BigInt(0), nt = /* @__PURE__ */ BigInt(1);
+function at(n, t) {
+  const r = t.negate();
+  return n ? r : t;
+}
+function Ut(n, t) {
+  const r = re(n.Fp, t.map((e) => e.Z));
+  return t.map((e, o) => n.fromAffine(e.toAffine(r[o])));
+}
+function se(n, t) {
+  if (!Number.isSafeInteger(n) || n <= 0 || n > t)
+    throw new Error("invalid window size, expected [1.." + t + "], got W=" + n);
+}
+function mt(n, t) {
+  se(n, t);
+  const r = Math.ceil(t / n) + 1, e = 2 ** (n - 1), o = 2 ** n, s = St(n), i = BigInt(n);
+  return { windows: r, windowSize: e, mask: s, maxNumber: o, shiftBy: i };
+}
+function Yt(n, t, r) {
+  const { windowSize: e, mask: o, maxNumber: s, shiftBy: i } = r;
+  let u = Number(n & o), c = n >> i;
+  u > e && (u -= s, c += nt);
+  const a = t * e, w = a + Math.abs(u) - 1, S = u === 0, q = u < 0, B = t % 2 !== 0;
+  return { nextN: c, offset: w, isZero: S, isNeg: q, isNegF: B, offsetF: a };
+}
+const bt = /* @__PURE__ */ new WeakMap(), ce = /* @__PURE__ */ new WeakMap();
+function Et(n) {
+  return ce.get(n) || 1;
+}
+function kt(n) {
+  if (n !== ot)
     throw new Error("invalid wNAF");
 }
-class Ln {
+class Ze {
+  BASE;
+  ZERO;
+  Fn;
+  bits;
   // Parametrized with a given Point class (not individual point)
-  constructor(r, c) {
-    this.BASE = r.BASE, this.ZERO = r.ZERO, this.Fn = r.Fn, this.bits = c;
+  constructor(t, r) {
+    this.BASE = t.BASE, this.ZERO = t.ZERO, this.Fn = t.Fn, this.bits = r;
   }
   // non-const time multiplication ladder
-  _unsafeLadder(r, c, t = this.ZERO) {
-    let l = r;
-    for (; c > Ve; )
-      c & Le && (t = t.add(l)), l = l.double(), c >>= Le;
-    return t;
+  _unsafeLadder(t, r, e = this.ZERO) {
+    let o = t;
+    for (; r > ot; )
+      r & nt && (e = e.add(o)), o = o.double(), r >>= nt;
+    return e;
   }
   /**
    * Creates a wNAF precomputation window. Used for caching.
@@ -2383,16 +497,16 @@ class Ln {
    * @param W window size
    * @returns precomputed point tables flattened to a single array
    */
-  precomputeWindow(r, c) {
-    const { windows: t, windowSize: l } = ct(c, this.bits), m = [];
-    let g = r, p = g;
-    for (let v = 0; v < t; v++) {
-      p = g, m.push(p);
-      for (let U = 1; U < l; U++)
-        p = p.add(g), m.push(p);
-      g = p.double();
+  precomputeWindow(t, r) {
+    const { windows: e, windowSize: o } = mt(r, this.bits), s = [];
+    let i = t, u = i;
+    for (let c = 0; c < e; c++) {
+      u = i, s.push(u);
+      for (let a = 1; a < o; a++)
+        u = u.add(i), s.push(u);
+      i = u.double();
     }
-    return m;
+    return s;
   }
   /**
    * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
@@ -2400,184 +514,165 @@ class Ln {
    * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
    * @returns real and fake (for const-time) points
    */
-  wNAF(r, c, t) {
-    if (!this.Fn.isValid(t))
+  wNAF(t, r, e) {
+    if (!this.Fn.isValid(e))
       throw new Error("invalid scalar");
-    let l = this.ZERO, m = this.BASE;
-    const g = ct(r, this.bits);
-    for (let p = 0; p < g.windows; p++) {
-      const { nextN: v, offset: U, isZero: H, isNeg: k, isNegF: E, offsetF: b } = jt(t, p, g);
-      t = v, H ? m = m.add(Fe(E, c[b])) : l = l.add(Fe(k, c[U]));
+    let o = this.ZERO, s = this.BASE;
+    const i = mt(t, this.bits);
+    for (let u = 0; u < i.windows; u++) {
+      const { nextN: c, offset: a, isZero: w, isNeg: S, isNegF: q, offsetF: B } = Yt(e, u, i);
+      e = c, w ? s = s.add(at(q, r[B])) : o = o.add(at(S, r[a]));
     }
-    return Lt(t), { p: l, f: m };
+    return kt(e), { p: o, f: s };
   }
   /**
    * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
    * @param acc accumulator point to add result of multiplication
    * @returns point
    */
-  wNAFUnsafe(r, c, t, l = this.ZERO) {
-    const m = ct(r, this.bits);
-    for (let g = 0; g < m.windows && t !== Ve; g++) {
-      const { nextN: p, offset: v, isZero: U, isNeg: H } = jt(t, g, m);
-      if (t = p, !U) {
-        const k = c[v];
-        l = l.add(H ? k.negate() : k);
+  wNAFUnsafe(t, r, e, o = this.ZERO) {
+    const s = mt(t, this.bits);
+    for (let i = 0; i < s.windows && e !== ot; i++) {
+      const { nextN: u, offset: c, isZero: a, isNeg: w } = Yt(e, i, s);
+      if (e = u, !a) {
+        const S = r[c];
+        o = o.add(w ? S.negate() : S);
       }
     }
-    return Lt(t), l;
+    return kt(e), o;
   }
-  getPrecomputes(r, c, t) {
-    let l = at.get(c);
-    return l || (l = this.precomputeWindow(c, r), r !== 1 && (typeof t == "function" && (l = t(l)), at.set(c, l))), l;
+  getPrecomputes(t, r, e) {
+    let o = bt.get(r);
+    return o || (o = this.precomputeWindow(r, t), t !== 1 && (typeof e == "function" && (o = e(o)), bt.set(r, o))), o;
   }
-  cached(r, c, t) {
-    const l = ft(r);
-    return this.wNAF(l, this.getPrecomputes(l, r, t), c);
+  cached(t, r, e) {
+    const o = Et(t);
+    return this.wNAF(o, this.getPrecomputes(o, t, e), r);
   }
-  unsafe(r, c, t, l) {
-    const m = ft(r);
-    return m === 1 ? this._unsafeLadder(r, c, l) : this.wNAFUnsafe(m, this.getPrecomputes(m, r, t), c, l);
+  unsafe(t, r, e, o) {
+    const s = Et(t);
+    return s === 1 ? this._unsafeLadder(t, r, o) : this.wNAFUnsafe(s, this.getPrecomputes(s, t, e), r, o);
   }
   // We calculate precomputes for elliptic curve point multiplication
   // using windowed method. This specifies window size and
   // stores precomputed values. Usually only base point would be precomputed.
-  createCache(r, c) {
-    sn(c, this.bits), cn.set(r, c), at.delete(r);
+  createCache(t, r) {
+    se(r, this.bits), ce.set(t, r), bt.delete(t);
   }
-  hasCache(r) {
-    return ft(r) !== 1;
+  hasCache(t) {
+    return Et(t) !== 1;
   }
 }
-function Hn(e, r, c, t) {
-  let l = r, m = e.ZERO, g = e.ZERO;
-  for (; c > Ve || t > Ve; )
-    c & Le && (m = m.add(l)), t & Le && (g = g.add(l)), l = l.double(), c >>= Le, t >>= Le;
-  return { p1: m, p2: g };
-}
-function Mn(e, r, c, t) {
-  Zn(c, e), jn(t, r);
-  const l = c.length, m = t.length;
-  if (l !== m)
-    throw new Error("arrays of points and scalars must have equal length");
-  const g = e.ZERO, p = Xt(BigInt(l));
-  let v = 1;
-  p > 12 ? v = p - 3 : p > 4 ? v = p - 2 : p > 0 && (v = 2);
-  const U = ze(v), H = new Array(Number(U) + 1).fill(g), k = Math.floor((r.BITS - 1) / v) * v;
-  let E = g;
-  for (let b = k; b >= 0; b -= v) {
-    H.fill(g);
-    for (let A = 0; A < m; A++) {
-      const M = t[A], Q = Number(M >> BigInt(b) & U);
-      H[Q] = H[Q].add(c[A]);
-    }
-    let S = g;
-    for (let A = H.length - 1, M = g; A > 0; A--)
-      M = M.add(H[A]), S = S.add(M);
-    if (E = E.add(S), b !== 0)
-      for (let A = 0; A < v; A++)
-        E = E.double();
-  }
-  return E;
+function Ae(n, t, r, e) {
+  let o = t, s = n.ZERO, i = n.ZERO;
+  for (; r > ot || e > ot; )
+    r & nt && (s = s.add(o)), e & nt && (i = i.add(o)), o = o.double(), r >>= nt, e >>= nt;
+  return { p1: s, p2: i };
 }
-function Ht(e, r, c) {
-  if (r) {
-    if (r.ORDER !== e)
+function Vt(n, t, r) {
+  if (t) {
+    if (t.ORDER !== n)
       throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
-    return Nn(r), r;
+    return Oe(t), t;
   } else
-    return De(e, { isLE: c });
-}
-function kn(e, r, c = {}, t) {
-  if (t === void 0 && (t = e === "edwards"), !r || typeof r != "object")
-    throw new Error(`expected valid ${e} CURVE object`);
-  for (const v of ["p", "n", "h"]) {
-    const U = r[v];
-    if (!(typeof U == "bigint" && U > Ve))
-      throw new Error(`CURVE.${v} must be positive bigint`);
-  }
-  const l = Ht(r.p, c.Fp, t), m = Ht(r.n, c.Fn, t), p = ["Gx", "Gy", "a", "b"];
-  for (const v of p)
-    if (!l.isValid(r[v]))
-      throw new Error(`CURVE.${v} must be valid field element of CURVE.Fp`);
-  return r = Object.freeze(Object.assign({}, r)), { CURVE: r, Fp: l, Fn: m };
-}
-const Mt = (e, r) => (e + (e >= 0 ? r : -r) / an) / r;
-function Vn(e, r, c) {
-  const [[t, l], [m, g]] = r, p = Mt(g * e, c), v = Mt(-l * e, c);
-  let U = e - p * t - v * m, H = -p * l - v * g;
-  const k = U < Ne, E = H < Ne;
-  k && (U = -U), E && (H = -H);
-  const b = ze(Math.ceil(Xt(c) / 2)) + ke;
-  if (U < Ne || U >= b || H < Ne || H >= b)
-    throw new Error("splitScalar (endomorphism): failed, k=" + e);
-  return { k1neg: k, k1: U, k2neg: E, k2: H };
+    return gt(n, { isLE: r });
+}
+function Le(n, t, r = {}, e) {
+  if (e === void 0 && (e = n === "edwards"), !t || typeof t != "object")
+    throw new Error(`expected valid ${n} CURVE object`);
+  for (const c of ["p", "n", "h"]) {
+    const a = t[c];
+    if (!(typeof a == "bigint" && a > ot))
+      throw new Error(`CURVE.${c} must be positive bigint`);
+  }
+  const o = Vt(t.p, r.Fp, e), s = Vt(t.n, r.Fn, e), u = ["Gx", "Gy", "a", "b"];
+  for (const c of u)
+    if (!o.isValid(t[c]))
+      throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`);
+  return t = Object.freeze(Object.assign({}, t)), { CURVE: t, Fp: o, Fn: s };
+}
+function De(n, t) {
+  return function(e) {
+    const o = n(e);
+    return { secretKey: o, publicKey: t(o) };
+  };
 }
-function dt(e) {
-  if (!["compact", "recovered", "der"].includes(e))
+const $t = (n, t) => (n + (n >= 0 ? t : -t) / fe) / t;
+function Te(n, t, r) {
+  const [[e, o], [s, i]] = t, u = $t(i * n, r), c = $t(-o * n, r);
+  let a = n - u * e - c * s, w = -u * o - c * i;
+  const S = a < W, q = w < W;
+  S && (a = -a), q && (w = -w);
+  const B = St(Math.ceil(be(r) / 2)) + rt;
+  if (a < W || a >= B || w < W || w >= B)
+    throw new Error("splitScalar (endomorphism): failed, k=" + n);
+  return { k1neg: S, k1: a, k2neg: q, k2: w };
+}
+function pt(n) {
+  if (!["compact", "recovered", "der"].includes(n))
     throw new Error('Signature format must be "compact", "recovered", or "der"');
-  return e;
+  return n;
 }
-function ut(e, r) {
-  const c = {};
-  for (let t of Object.keys(r))
-    c[t] = e[t] === void 0 ? r[t] : e[t];
-  return Je(c.lowS, "lowS"), Je(c.prehash, "prehash"), c.format !== void 0 && dt(c.format), c;
+function yt(n, t) {
+  const r = {};
+  for (let e of Object.keys(t))
+    r[e] = n[e] === void 0 ? t[e] : n[e];
+  return dt(r.lowS, "lowS"), dt(r.prehash, "prehash"), r.format !== void 0 && pt(r.format), r;
 }
-class Cn extends Error {
-  constructor(r = "") {
-    super(r);
+class Ue extends Error {
+  constructor(t = "") {
+    super(t);
   }
 }
-const Ie = {
+const Q = {
   // asn.1 DER encoding utils
-  Err: Cn,
+  Err: Ue,
   // Basic building block is TLV (Tag-Length-Value)
   _tlv: {
-    encode: (e, r) => {
-      const { Err: c } = Ie;
-      if (e < 0 || e > 256)
-        throw new c("tlv.encode: wrong tag");
-      if (r.length & 1)
-        throw new c("tlv.encode: unpadded data");
-      const t = r.length / 2, l = Xe(t);
-      if (l.length / 2 & 128)
-        throw new c("tlv.encode: long form length too big");
-      const m = t > 127 ? Xe(l.length / 2 | 128) : "";
-      return Xe(e) + m + l + r;
+    encode: (n, t) => {
+      const { Err: r } = Q;
+      if (n < 0 || n > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (t.length & 1)
+        throw new r("tlv.encode: unpadded data");
+      const e = t.length / 2, o = ct(e);
+      if (o.length / 2 & 128)
+        throw new r("tlv.encode: long form length too big");
+      const s = e > 127 ? ct(o.length / 2 | 128) : "";
+      return ct(n) + s + o + t;
     },
     // v - value, l - left bytes (unparsed)
-    decode(e, r) {
-      const { Err: c } = Ie;
-      let t = 0;
-      if (e < 0 || e > 256)
-        throw new c("tlv.encode: wrong tag");
-      if (r.length < 2 || r[t++] !== e)
-        throw new c("tlv.decode: wrong tlv");
-      const l = r[t++], m = !!(l & 128);
-      let g = 0;
-      if (!m)
-        g = l;
+    decode(n, t) {
+      const { Err: r } = Q;
+      let e = 0;
+      if (n < 0 || n > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (t.length < 2 || t[e++] !== n)
+        throw new r("tlv.decode: wrong tlv");
+      const o = t[e++], s = !!(o & 128);
+      let i = 0;
+      if (!s)
+        i = o;
       else {
-        const v = l & 127;
-        if (!v)
-          throw new c("tlv.decode(long): indefinite length not supported");
-        if (v > 4)
-          throw new c("tlv.decode(long): byte length is too big");
-        const U = r.subarray(t, t + v);
-        if (U.length !== v)
-          throw new c("tlv.decode: length bytes not complete");
-        if (U[0] === 0)
-          throw new c("tlv.decode(long): zero leftmost byte");
-        for (const H of U)
-          g = g << 8 | H;
-        if (t += v, g < 128)
-          throw new c("tlv.decode(long): not minimal encoding");
+        const c = o & 127;
+        if (!c)
+          throw new r("tlv.decode(long): indefinite length not supported");
+        if (c > 4)
+          throw new r("tlv.decode(long): byte length is too big");
+        const a = t.subarray(e, e + c);
+        if (a.length !== c)
+          throw new r("tlv.decode: length bytes not complete");
+        if (a[0] === 0)
+          throw new r("tlv.decode(long): zero leftmost byte");
+        for (const w of a)
+          i = i << 8 | w;
+        if (e += c, i < 128)
+          throw new r("tlv.decode(long): not minimal encoding");
       }
-      const p = r.subarray(t, t + g);
-      if (p.length !== g)
-        throw new c("tlv.decode: wrong value length");
-      return { v: p, l: r.subarray(t + g) };
+      const u = t.subarray(e, e + i);
+      if (u.length !== i)
+        throw new r("tlv.decode: wrong value length");
+      return { v: u, l: t.subarray(e + i) };
     }
   },
   // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
@@ -2585,192 +680,186 @@ const Ie = {
   // - add zero byte if exists
   // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
   _int: {
-    encode(e) {
-      const { Err: r } = Ie;
-      if (e < Ne)
-        throw new r("integer: negative integers are not allowed");
-      let c = Xe(e);
-      if (Number.parseInt(c[0], 16) & 8 && (c = "00" + c), c.length & 1)
-        throw new r("unexpected DER parsing assertion: unpadded hex");
-      return c;
+    encode(n) {
+      const { Err: t } = Q;
+      if (n < W)
+        throw new t("integer: negative integers are not allowed");
+      let r = ct(n);
+      if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1)
+        throw new t("unexpected DER parsing assertion: unpadded hex");
+      return r;
     },
-    decode(e) {
-      const { Err: r } = Ie;
-      if (e[0] & 128)
-        throw new r("invalid signature integer: negative");
-      if (e[0] === 0 && !(e[1] & 128))
-        throw new r("invalid signature integer: unnecessary leading zero");
-      return et(e);
+    decode(n) {
+      const { Err: t } = Q;
+      if (n[0] & 128)
+        throw new t("invalid signature integer: negative");
+      if (n[0] === 0 && !(n[1] & 128))
+        throw new t("invalid signature integer: unnecessary leading zero");
+      return wt(n);
     }
   },
-  toSig(e) {
-    const { Err: r, _int: c, _tlv: t } = Ie, l = Se("signature", e), { v: m, l: g } = t.decode(48, l);
-    if (g.length)
-      throw new r("invalid signature: left bytes after parsing");
-    const { v: p, l: v } = t.decode(2, m), { v: U, l: H } = t.decode(2, v);
-    if (H.length)
-      throw new r("invalid signature: left bytes after parsing");
-    return { r: c.decode(p), s: c.decode(U) };
+  toSig(n) {
+    const { Err: t, _int: r, _tlv: e } = Q, o = V(n, void 0, "signature"), { v: s, l: i } = e.decode(48, o);
+    if (i.length)
+      throw new t("invalid signature: left bytes after parsing");
+    const { v: u, l: c } = e.decode(2, s), { v: a, l: w } = e.decode(2, c);
+    if (w.length)
+      throw new t("invalid signature: left bytes after parsing");
+    return { r: r.decode(u), s: r.decode(a) };
   },
-  hexFromSig(e) {
-    const { _tlv: r, _int: c } = Ie, t = r.encode(2, c.encode(e.r)), l = r.encode(2, c.encode(e.s)), m = t + l;
-    return r.encode(48, m);
-  }
-}, Ne = BigInt(0), ke = BigInt(1), an = BigInt(2), Ge = BigInt(3), Kn = BigInt(4);
-function He(e, r) {
-  const { BYTES: c } = e;
-  let t;
-  if (typeof r == "bigint")
-    t = r;
-  else {
-    let l = Se("private key", r);
-    try {
-      t = e.fromBytes(l);
-    } catch {
-      throw new Error(`invalid private key: expected ui8a of size ${c}, got ${typeof r}`);
-    }
-  }
-  if (!e.isValidNot0(t))
-    throw new Error("invalid private key: out of range [1..N-1]");
-  return t;
-}
-function zn(e, r = {}) {
-  const c = kn("weierstrass", e, r), { Fp: t, Fn: l } = c;
-  let m = c.CURVE;
-  const { h: g, n: p } = m;
-  gt(r, {}, {
+  hexFromSig(n) {
+    const { _tlv: t, _int: r } = Q, e = t.encode(2, r.encode(n.r)), o = t.encode(2, r.encode(n.s)), s = e + o;
+    return t.encode(48, s);
+  }
+}, W = BigInt(0), rt = BigInt(1), fe = BigInt(2), ft = BigInt(3), Ye = BigInt(4);
+function ke(n, t = {}) {
+  const r = Le("weierstrass", n, t), { Fp: e, Fn: o } = r;
+  let s = r.CURVE;
+  const { h: i, n: u } = s;
+  Ot(t, {}, {
     allowInfinityPoint: "boolean",
     clearCofactor: "function",
     isTorsionFree: "function",
     fromBytes: "function",
     toBytes: "function",
-    endo: "object",
-    wrapPrivateKey: "boolean"
+    endo: "object"
   });
-  const { endo: v } = r;
-  if (v && (!t.is0(m.a) || typeof v.beta != "bigint" || !Array.isArray(v.basises)))
+  const { endo: c } = t;
+  if (c && (!e.is0(s.a) || typeof c.beta != "bigint" || !Array.isArray(c.basises)))
     throw new Error('invalid endo: expected "beta": bigint and "basises": array');
-  const U = un(t, l);
-  function H() {
-    if (!t.isOdd)
+  const a = le(e, o);
+  function w() {
+    if (!e.isOdd)
       throw new Error("compression is not supported: Field does not have .isOdd()");
   }
-  function k(z, d, u) {
-    const { x: n, y: a } = d.toAffine(), i = t.toBytes(n);
-    if (Je(u, "isCompressed"), u) {
-      H();
-      const o = !t.isOdd(a);
-      return Ae(fn(o), i);
+  function S(I, d, l) {
+    const { x: f, y: h } = d.toAffine(), m = e.toBytes(f);
+    if (dt(l, "isCompressed"), l) {
+      w();
+      const E = !e.isOdd(h);
+      return J(ue(E), m);
     } else
-      return Ae(Uint8Array.of(4), i, t.toBytes(a));
-  }
-  function E(z) {
-    Ze(z, void 0, "Point");
-    const { publicKey: d, publicKeyUncompressed: u } = U, n = z.length, a = z[0], i = z.subarray(1);
-    if (n === d && (a === 2 || a === 3)) {
-      const o = t.fromBytes(i);
-      if (!t.isValid(o))
+      return J(Uint8Array.of(4), m, e.toBytes(h));
+  }
+  function q(I) {
+    V(I, void 0, "Point");
+    const { publicKey: d, publicKeyUncompressed: l } = a, f = I.length, h = I[0], m = I.subarray(1);
+    if (f === d && (h === 2 || h === 3)) {
+      const E = e.fromBytes(m);
+      if (!e.isValid(E))
         throw new Error("bad point: is not on curve, wrong x");
-      const h = A(o);
-      let w;
+      const b = _(E);
+      let g;
       try {
-        w = t.sqrt(h);
-      } catch (y) {
-        const B = y instanceof Error ? ": " + y.message : "";
-        throw new Error("bad point: is not on curve, sqrt error" + B);
+        g = e.sqrt(b);
+      } catch (D) {
+        const Z = D instanceof Error ? ": " + D.message : "";
+        throw new Error("bad point: is not on curve, sqrt error" + Z);
       }
-      H();
-      const s = t.isOdd(w);
-      return (a & 1) === 1 !== s && (w = t.neg(w)), { x: o, y: w };
-    } else if (n === u && a === 4) {
-      const o = t.BYTES, h = t.fromBytes(i.subarray(0, o)), w = t.fromBytes(i.subarray(o, o * 2));
-      if (!M(h, w))
+      w();
+      const y = e.isOdd(g);
+      return (h & 1) === 1 !== y && (g = e.neg(g)), { x: E, y: g };
+    } else if (f === l && h === 4) {
+      const E = e.BYTES, b = e.fromBytes(m.subarray(0, E)), g = e.fromBytes(m.subarray(E, E * 2));
+      if (!R(b, g))
         throw new Error("bad point: is not on curve");
-      return { x: h, y: w };
+      return { x: b, y: g };
     } else
-      throw new Error(`bad point: got length ${n}, expected compressed=${d} or uncompressed=${u}`);
+      throw new Error(`bad point: got length ${f}, expected compressed=${d} or uncompressed=${l}`);
   }
-  const b = r.toBytes || k, S = r.fromBytes || E;
-  function A(z) {
-    const d = t.sqr(z), u = t.mul(d, z);
-    return t.add(t.add(u, t.mul(z, m.a)), m.b);
+  const B = t.toBytes || S, v = t.fromBytes || q;
+  function _(I) {
+    const d = e.sqr(I), l = e.mul(d, I);
+    return e.add(e.add(l, e.mul(I, s.a)), s.b);
   }
-  function M(z, d) {
-    const u = t.sqr(d), n = A(z);
-    return t.eql(u, n);
+  function R(I, d) {
+    const l = e.sqr(d), f = _(I);
+    return e.eql(l, f);
   }
-  if (!M(m.Gx, m.Gy))
+  if (!R(s.Gx, s.Gy))
     throw new Error("bad curve params: generator point");
-  const Q = t.mul(t.pow(m.a, Ge), Kn), F = t.mul(t.sqr(m.b), BigInt(27));
-  if (t.is0(t.add(Q, F)))
+  const N = e.mul(e.pow(s.a, ft), Ye), T = e.mul(e.sqr(s.b), BigInt(27));
+  if (e.is0(e.add(N, T)))
     throw new Error("bad curve params: a or b");
-  function G(z, d, u = !1) {
-    if (!t.isValid(d) || u && t.is0(d))
-      throw new Error(`bad point coordinate ${z}`);
+  function C(I, d, l = !1) {
+    if (!e.isValid(d) || l && e.is0(d))
+      throw new Error(`bad point coordinate ${I}`);
     return d;
   }
-  function se(z) {
-    if (!(z instanceof _))
-      throw new Error("ProjectivePoint expected");
+  function Y(I) {
+    if (!(I instanceof x))
+      throw new Error("Weierstrass Point expected");
   }
-  function ie(z) {
-    if (!v || !v.basises)
+  function K(I) {
+    if (!c || !c.basises)
       throw new Error("no endo");
-    return Vn(z, v.basises, l.ORDER);
-  }
-  const j = At((z, d) => {
-    const { X: u, Y: n, Z: a } = z;
-    if (t.eql(a, t.ONE))
-      return { x: u, y: n };
-    const i = z.is0();
-    d == null && (d = i ? t.ONE : t.inv(a));
-    const o = t.mul(u, d), h = t.mul(n, d), w = t.mul(a, d);
-    if (i)
-      return { x: t.ZERO, y: t.ZERO };
-    if (!t.eql(w, t.ONE))
+    return Te(I, c.basises, o.ORDER);
+  }
+  const M = At((I, d) => {
+    const { X: l, Y: f, Z: h } = I;
+    if (e.eql(h, e.ONE))
+      return { x: l, y: f };
+    const m = I.is0();
+    d == null && (d = m ? e.ONE : e.inv(h));
+    const E = e.mul(l, d), b = e.mul(f, d), g = e.mul(h, d);
+    if (m)
+      return { x: e.ZERO, y: e.ZERO };
+    if (!e.eql(g, e.ONE))
       throw new Error("invZ was invalid");
-    return { x: o, y: h };
-  }), O = At((z) => {
-    if (z.is0()) {
-      if (r.allowInfinityPoint && !t.is0(z.Y))
+    return { x: E, y: b };
+  }), F = At((I) => {
+    if (I.is0()) {
+      if (t.allowInfinityPoint && !e.is0(I.Y))
         return;
       throw new Error("bad point: ZERO");
     }
-    const { x: d, y: u } = z.toAffine();
-    if (!t.isValid(d) || !t.isValid(u))
+    const { x: d, y: l } = I.toAffine();
+    if (!e.isValid(d) || !e.isValid(l))
       throw new Error("bad point: x or y not field elements");
-    if (!M(d, u))
+    if (!R(d, l))
       throw new Error("bad point: equation left != right");
-    if (!z.isTorsionFree())
+    if (!I.isTorsionFree())
       throw new Error("bad point: not in prime-order subgroup");
     return !0;
   });
-  function L(z, d, u, n, a) {
-    return u = new _(t.mul(u.X, z), u.Y, u.Z), d = Fe(n, d), u = Fe(a, u), d.add(u);
-  }
-  class _ {
+  function H(I, d, l, f, h) {
+    return l = new x(e.mul(l.X, I), l.Y, l.Z), d = at(f, d), l = at(h, l), d.add(l);
+  }
+  class x {
+    // base / generator point
+    static BASE = new x(s.Gx, s.Gy, e.ONE);
+    // zero / infinity / identity point
+    static ZERO = new x(e.ZERO, e.ONE, e.ZERO);
+    // 0, 1, 0
+    // math field
+    static Fp = e;
+    // scalar field
+    static Fn = o;
+    X;
+    Y;
+    Z;
     /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    constructor(d, u, n) {
-      this.X = G("x", d), this.Y = G("y", u, !0), this.Z = G("z", n), Object.freeze(this);
+    constructor(d, l, f) {
+      this.X = C("x", d), this.Y = C("y", l, !0), this.Z = C("z", f), Object.freeze(this);
     }
     static CURVE() {
-      return m;
+      return s;
     }
     /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
     static fromAffine(d) {
-      const { x: u, y: n } = d || {};
-      if (!d || !t.isValid(u) || !t.isValid(n))
+      const { x: l, y: f } = d || {};
+      if (!d || !e.isValid(l) || !e.isValid(f))
         throw new Error("invalid affine point");
-      if (d instanceof _)
+      if (d instanceof x)
         throw new Error("projective point not allowed");
-      return t.is0(u) && t.is0(n) ? _.ZERO : new _(u, n, t.ONE);
+      return e.is0(l) && e.is0(f) ? x.ZERO : new x(l, f, e.ONE);
     }
     static fromBytes(d) {
-      const u = _.fromAffine(S(Ze(d, void 0, "point")));
-      return u.assertValidity(), u;
+      const l = x.fromAffine(v(V(d, void 0, "point")));
+      return l.assertValidity(), l;
     }
     static fromHex(d) {
-      return _.fromBytes(Se("pointHex", d));
+      return x.fromBytes(lt(d));
     }
     get x() {
       return this.toAffine().x;
@@ -2784,58 +873,58 @@ function zn(e, r = {}) {
      * @param isLazy true will defer table computation until the first multiplication
      * @returns
      */
-    precompute(d = 8, u = !0) {
-      return W.createCache(this, d), u || this.multiply(Ge), this;
+    precompute(d = 8, l = !0) {
+      return tt.createCache(this, d), l || this.multiply(ft), this;
     }
     // TODO: return `this`
     /** A point on curve is valid if it conforms to equation. */
     assertValidity() {
-      O(this);
+      F(this);
     }
     hasEvenY() {
       const { y: d } = this.toAffine();
-      if (!t.isOdd)
+      if (!e.isOdd)
         throw new Error("Field doesn't support isOdd");
-      return !t.isOdd(d);
+      return !e.isOdd(d);
     }
     /** Compare one point to another. */
     equals(d) {
-      se(d);
-      const { X: u, Y: n, Z: a } = this, { X: i, Y: o, Z: h } = d, w = t.eql(t.mul(u, h), t.mul(i, a)), s = t.eql(t.mul(n, h), t.mul(o, a));
-      return w && s;
+      Y(d);
+      const { X: l, Y: f, Z: h } = this, { X: m, Y: E, Z: b } = d, g = e.eql(e.mul(l, b), e.mul(m, h)), y = e.eql(e.mul(f, b), e.mul(E, h));
+      return g && y;
     }
     /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
     negate() {
-      return new _(this.X, t.neg(this.Y), this.Z);
+      return new x(this.X, e.neg(this.Y), this.Z);
     }
     // Renes-Costello-Batina exception-free doubling formula.
     // There is 30% faster Jacobian formula, but it is not complete.
     // https://eprint.iacr.org/2015/1060, algorithm 3
     // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
     double() {
-      const { a: d, b: u } = m, n = t.mul(u, Ge), { X: a, Y: i, Z: o } = this;
-      let h = t.ZERO, w = t.ZERO, s = t.ZERO, f = t.mul(a, a), y = t.mul(i, i), B = t.mul(o, o), T = t.mul(a, i);
-      return T = t.add(T, T), s = t.mul(a, o), s = t.add(s, s), h = t.mul(d, s), w = t.mul(n, B), w = t.add(h, w), h = t.sub(y, w), w = t.add(y, w), w = t.mul(h, w), h = t.mul(T, h), s = t.mul(n, s), B = t.mul(d, B), T = t.sub(f, B), T = t.mul(d, T), T = t.add(T, s), s = t.add(f, f), f = t.add(s, f), f = t.add(f, B), f = t.mul(f, T), w = t.add(w, f), B = t.mul(i, o), B = t.add(B, B), f = t.mul(B, T), h = t.sub(h, f), s = t.mul(B, y), s = t.add(s, s), s = t.add(s, s), new _(h, w, s);
+      const { a: d, b: l } = s, f = e.mul(l, ft), { X: h, Y: m, Z: E } = this;
+      let b = e.ZERO, g = e.ZERO, y = e.ZERO, p = e.mul(h, h), D = e.mul(m, m), Z = e.mul(E, E), O = e.mul(h, m);
+      return O = e.add(O, O), y = e.mul(h, E), y = e.add(y, y), b = e.mul(d, y), g = e.mul(f, Z), g = e.add(b, g), b = e.sub(D, g), g = e.add(D, g), g = e.mul(b, g), b = e.mul(O, b), y = e.mul(f, y), Z = e.mul(d, Z), O = e.sub(p, Z), O = e.mul(d, O), O = e.add(O, y), y = e.add(p, p), p = e.add(y, p), p = e.add(p, Z), p = e.mul(p, O), g = e.add(g, p), Z = e.mul(m, E), Z = e.add(Z, Z), p = e.mul(Z, O), b = e.sub(b, p), y = e.mul(Z, D), y = e.add(y, y), y = e.add(y, y), new x(b, g, y);
     }
     // Renes-Costello-Batina exception-free addition formula.
     // There is 30% faster Jacobian formula, but it is not complete.
     // https://eprint.iacr.org/2015/1060, algorithm 1
     // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
     add(d) {
-      se(d);
-      const { X: u, Y: n, Z: a } = this, { X: i, Y: o, Z: h } = d;
-      let w = t.ZERO, s = t.ZERO, f = t.ZERO;
-      const y = m.a, B = t.mul(m.b, Ge);
-      let T = t.mul(u, i), V = t.mul(n, o), Y = t.mul(a, h), I = t.add(u, n), q = t.add(i, o);
-      I = t.mul(I, q), q = t.add(T, V), I = t.sub(I, q), q = t.add(u, a);
-      let C = t.add(i, h);
-      return q = t.mul(q, C), C = t.add(T, Y), q = t.sub(q, C), C = t.add(n, a), w = t.add(o, h), C = t.mul(C, w), w = t.add(V, Y), C = t.sub(C, w), f = t.mul(y, q), w = t.mul(B, Y), f = t.add(w, f), w = t.sub(V, f), f = t.add(V, f), s = t.mul(w, f), V = t.add(T, T), V = t.add(V, T), Y = t.mul(y, Y), q = t.mul(B, q), V = t.add(V, Y), Y = t.sub(T, Y), Y = t.mul(y, Y), q = t.add(q, Y), T = t.mul(V, q), s = t.add(s, T), T = t.mul(C, q), w = t.mul(I, w), w = t.sub(w, T), T = t.mul(I, V), f = t.mul(C, f), f = t.add(f, T), new _(w, s, f);
+      Y(d);
+      const { X: l, Y: f, Z: h } = this, { X: m, Y: E, Z: b } = d;
+      let g = e.ZERO, y = e.ZERO, p = e.ZERO;
+      const D = s.a, Z = e.mul(s.b, ft);
+      let O = e.mul(l, m), A = e.mul(f, E), U = e.mul(h, b), G = e.add(l, f), L = e.add(m, E);
+      G = e.mul(G, L), L = e.add(O, A), G = e.sub(G, L), L = e.add(l, h);
+      let k = e.add(m, b);
+      return L = e.mul(L, k), k = e.add(O, U), L = e.sub(L, k), k = e.add(f, h), g = e.add(E, b), k = e.mul(k, g), g = e.add(A, U), k = e.sub(k, g), p = e.mul(D, L), g = e.mul(Z, U), p = e.add(g, p), g = e.sub(A, p), p = e.add(A, p), y = e.mul(g, p), A = e.add(O, O), A = e.add(A, O), U = e.mul(D, U), L = e.mul(Z, L), A = e.add(A, U), U = e.sub(O, U), U = e.mul(D, U), L = e.add(L, U), O = e.mul(A, L), y = e.add(y, O), O = e.mul(k, L), g = e.mul(G, g), g = e.sub(g, O), O = e.mul(G, A), p = e.mul(k, p), p = e.add(p, O), new x(g, y, p);
     }
     subtract(d) {
       return this.add(d.negate());
     }
     is0() {
-      return this.equals(_.ZERO);
+      return this.equals(x.ZERO);
     }
     /**
      * Constant time multiplication.
@@ -2847,19 +936,19 @@ function zn(e, r = {}) {
      * @returns New point
      */
     multiply(d) {
-      const { endo: u } = r;
-      if (!l.isValidNot0(d))
+      const { endo: l } = t;
+      if (!o.isValidNot0(d))
         throw new Error("invalid scalar: out of range");
-      let n, a;
-      const i = (o) => W.cached(this, o, (h) => it(_, h));
-      if (u) {
-        const { k1neg: o, k1: h, k2neg: w, k2: s } = ie(d), { p: f, f: y } = i(h), { p: B, f: T } = i(s);
-        a = y.add(T), n = L(u.beta, f, B, o, w);
+      let f, h;
+      const m = (E) => tt.cached(this, E, (b) => Ut(x, b));
+      if (l) {
+        const { k1neg: E, k1: b, k2neg: g, k2: y } = K(d), { p, f: D } = m(b), { p: Z, f: O } = m(y);
+        h = D.add(O), f = H(l.beta, p, Z, E, g);
       } else {
-        const { p: o, f: h } = i(d);
-        n = o, a = h;
+        const { p: E, f: b } = m(d);
+        f = E, h = b;
       }
-      return it(_, [n, a])[0];
+      return Ut(x, [f, h])[0];
     }
     /**
      * Non-constant-time multiplication. Uses double-and-add algorithm.
@@ -2867,421 +956,286 @@ function zn(e, r = {}) {
      * an exposed secret key e.g. sig verification, which works over *public* keys.
      */
     multiplyUnsafe(d) {
-      const { endo: u } = r, n = this;
-      if (!l.isValid(d))
+      const { endo: l } = t, f = this;
+      if (!o.isValid(d))
         throw new Error("invalid scalar: out of range");
-      if (d === Ne || n.is0())
-        return _.ZERO;
-      if (d === ke)
-        return n;
-      if (W.hasCache(this))
+      if (d === W || f.is0())
+        return x.ZERO;
+      if (d === rt)
+        return f;
+      if (tt.hasCache(this))
         return this.multiply(d);
-      if (u) {
-        const { k1neg: a, k1: i, k2neg: o, k2: h } = ie(d), { p1: w, p2: s } = Hn(_, n, i, h);
-        return L(u.beta, w, s, a, o);
+      if (l) {
+        const { k1neg: h, k1: m, k2neg: E, k2: b } = K(d), { p1: g, p2: y } = Ae(x, f, m, b);
+        return H(l.beta, g, y, h, E);
       } else
-        return W.unsafe(n, d);
-    }
-    multiplyAndAddUnsafe(d, u, n) {
-      const a = this.multiplyUnsafe(u).add(d.multiplyUnsafe(n));
-      return a.is0() ? void 0 : a;
+        return tt.unsafe(f, d);
     }
     /**
      * Converts Projective point to affine (x, y) coordinates.
      * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
      */
     toAffine(d) {
-      return j(this, d);
+      return M(this, d);
     }
     /**
      * Checks whether Point is free of torsion elements (is in prime subgroup).
      * Always torsion-free for cofactor=1 curves.
      */
     isTorsionFree() {
-      const { isTorsionFree: d } = r;
-      return g === ke ? !0 : d ? d(_, this) : W.unsafe(this, p).is0();
+      const { isTorsionFree: d } = t;
+      return i === rt ? !0 : d ? d(x, this) : tt.unsafe(this, u).is0();
     }
     clearCofactor() {
-      const { clearCofactor: d } = r;
-      return g === ke ? this : d ? d(_, this) : this.multiplyUnsafe(g);
+      const { clearCofactor: d } = t;
+      return i === rt ? this : d ? d(x, this) : this.multiplyUnsafe(i);
     }
     isSmallOrder() {
-      return this.multiplyUnsafe(g).is0();
+      return this.multiplyUnsafe(i).is0();
     }
     toBytes(d = !0) {
-      return Je(d, "isCompressed"), this.assertValidity(), b(_, this, d);
+      return dt(d, "isCompressed"), this.assertValidity(), B(x, this, d);
     }
     toHex(d = !0) {
-      return Me(this.toBytes(d));
+      return ht(this.toBytes(d));
     }
     toString() {
       return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
     }
-    // TODO: remove
-    get px() {
-      return this.X;
-    }
-    get py() {
-      return this.X;
-    }
-    get pz() {
-      return this.Z;
-    }
-    toRawBytes(d = !0) {
-      return this.toBytes(d);
-    }
-    _setWindowSize(d) {
-      this.precompute(d);
-    }
-    static normalizeZ(d) {
-      return it(_, d);
-    }
-    static msm(d, u) {
-      return Mn(_, l, d, u);
-    }
-    static fromPrivateKey(d) {
-      return _.BASE.multiply(He(l, d));
-    }
   }
-  _.BASE = new _(m.Gx, m.Gy, t.ONE), _.ZERO = new _(t.ZERO, t.ONE, t.ZERO), _.Fp = t, _.Fn = l;
-  const K = l.BITS, W = new Ln(_, r.endo ? Math.ceil(K / 2) : K);
-  return _.BASE.precompute(8), _;
+  const P = o.BITS, tt = new Ze(x, t.endo ? Math.ceil(P / 2) : P);
+  return x.BASE.precompute(8), x;
 }
-function fn(e) {
-  return Uint8Array.of(e ? 2 : 3);
+function ue(n) {
+  return Uint8Array.of(n ? 2 : 3);
 }
-function un(e, r) {
+function le(n, t) {
   return {
-    secretKey: r.BYTES,
-    publicKey: 1 + e.BYTES,
-    publicKeyUncompressed: 1 + 2 * e.BYTES,
+    secretKey: t.BYTES,
+    publicKey: 1 + n.BYTES,
+    publicKeyUncompressed: 1 + 2 * n.BYTES,
     publicKeyHasPrefix: !0,
-    signature: 2 * r.BYTES
+    signature: 2 * t.BYTES
   };
 }
-function Dn(e, r = {}) {
-  const { Fn: c } = e, t = r.randomBytes || Vt, l = Object.assign(un(e.Fp, c), { seed: on(c.ORDER) });
-  function m(b) {
+function Ve(n, t = {}) {
+  const { Fn: r } = n, e = t.randomBytes || Mt, o = Object.assign(le(n.Fp, r), { seed: ie(r.ORDER) });
+  function s(B) {
     try {
-      return !!He(c, b);
+      const v = r.fromBytes(B);
+      return r.isValidNot0(v);
     } catch {
       return !1;
     }
   }
-  function g(b, S) {
-    const { publicKey: A, publicKeyUncompressed: M } = l;
+  function i(B, v) {
+    const { publicKey: _, publicKeyUncompressed: R } = o;
     try {
-      const Q = b.length;
-      return S === !0 && Q !== A || S === !1 && Q !== M ? !1 : !!e.fromBytes(b);
+      const N = B.length;
+      return v === !0 && N !== _ || v === !1 && N !== R ? !1 : !!n.fromBytes(B);
     } catch {
       return !1;
     }
   }
-  function p(b = t(l.seed)) {
-    return Un(Ze(b, l.seed, "seed"), c.ORDER);
-  }
-  function v(b, S = !0) {
-    return e.BASE.multiply(He(c, b)).toBytes(S);
+  function u(B = e(o.seed)) {
+    return _e(V(B, o.seed, "seed"), r.ORDER);
   }
-  function U(b) {
-    const S = p(b);
-    return { secretKey: S, publicKey: v(S) };
+  function c(B, v = !0) {
+    return n.BASE.multiply(r.fromBytes(B)).toBytes(v);
   }
-  function H(b) {
-    if (typeof b == "bigint")
-      return !1;
-    if (b instanceof e)
-      return !0;
-    const { secretKey: S, publicKey: A, publicKeyUncompressed: M } = l;
-    if (c.allowedLengths || S === A)
+  function a(B) {
+    const { secretKey: v, publicKey: _, publicKeyUncompressed: R } = o;
+    if (!Kt(B) || "_lengths" in r && r._lengths || v === _)
       return;
-    const Q = Se("key", b).length;
-    return Q === A || Q === M;
+    const N = V(B, void 0, "key").length;
+    return N === _ || N === R;
   }
-  function k(b, S, A = !0) {
-    if (H(b) === !0)
+  function w(B, v, _ = !0) {
+    if (a(B) === !0)
       throw new Error("first arg must be private key");
-    if (H(S) === !1)
+    if (a(v) === !1)
       throw new Error("second arg must be public key");
-    const M = He(c, b);
-    return e.fromHex(S).multiply(M).toBytes(A);
-  }
-  return Object.freeze({ getPublicKey: v, getSharedSecret: k, keygen: U, Point: e, utils: {
-    isValidSecretKey: m,
-    isValidPublicKey: g,
-    randomSecretKey: p,
-    // TODO: remove
-    isValidPrivateKey: m,
-    randomPrivateKey: p,
-    normPrivateKeyToScalar: (b) => He(c, b),
-    precompute(b = 8, S = e.BASE) {
-      return S.precompute(b, !1);
-    }
-  }, lengths: l });
-}
-function Yn(e, r, c = {}) {
-  mn(r), gt(c, {}, {
+    const R = r.fromBytes(B);
+    return n.fromBytes(v).multiply(R).toBytes(_);
+  }
+  const S = {
+    isValidSecretKey: s,
+    isValidPublicKey: i,
+    randomSecretKey: u
+  }, q = De(u, c);
+  return Object.freeze({ getPublicKey: c, getSharedSecret: w, keygen: q, Point: n, utils: S, lengths: o });
+}
+function $e(n, t, r = {}) {
+  de(t), Ot(r, {}, {
     hmac: "function",
     lowS: "boolean",
     randomBytes: "function",
     bits2int: "function",
     bits2int_modN: "function"
-  });
-  const t = c.randomBytes || Vt, l = c.hmac || ((u, ...n) => bn(r, u, Ae(...n))), { Fp: m, Fn: g } = e, { ORDER: p, BITS: v } = g, { keygen: U, getPublicKey: H, getSharedSecret: k, utils: E, lengths: b } = Dn(e, c), S = {
-    prehash: !1,
-    lowS: typeof c.lowS == "boolean" ? c.lowS : !1,
-    format: void 0,
-    //'compact' as ECDSASigFormat,
+  }), r = Object.assign({}, r);
+  const e = r.randomBytes || Mt, o = r.hmac || ((l, f) => ae(t, l, f)), { Fp: s, Fn: i } = n, { ORDER: u, BITS: c } = i, { keygen: a, getPublicKey: w, getSharedSecret: S, utils: q, lengths: B } = Ve(n, r), v = {
+    prehash: !0,
+    lowS: typeof r.lowS == "boolean" ? r.lowS : !0,
+    format: "compact",
     extraEntropy: !1
-  }, A = "compact";
-  function M(u) {
-    const n = p >> ke;
-    return u > n;
-  }
-  function Q(u, n) {
-    if (!g.isValidNot0(n))
-      throw new Error(`invalid signature ${u}: out of range 1..Point.Fn.ORDER`);
-    return n;
-  }
-  function F(u, n) {
-    dt(n);
-    const a = b.signature, i = n === "compact" ? a : n === "recovered" ? a + 1 : void 0;
-    return Ze(u, i, `${n} signature`);
-  }
-  class G {
-    constructor(n, a, i) {
-      this.r = Q("r", n), this.s = Q("s", a), i != null && (this.recovery = i), Object.freeze(this);
-    }
-    static fromBytes(n, a = A) {
-      F(n, a);
-      let i;
-      if (a === "der") {
-        const { r: s, s: f } = Ie.toSig(Ze(n));
-        return new G(s, f);
+  }, _ = u * fe < s.ORDER;
+  function R(l) {
+    const f = u >> rt;
+    return l > f;
+  }
+  function N(l, f) {
+    if (!i.isValidNot0(f))
+      throw new Error(`invalid signature ${l}: out of range 1..Point.Fn.ORDER`);
+    return f;
+  }
+  function T() {
+    if (_)
+      throw new Error('"recovered" sig type is not supported for cofactor >2 curves');
+  }
+  function C(l, f) {
+    pt(f);
+    const h = B.signature, m = f === "compact" ? h : f === "recovered" ? h + 1 : void 0;
+    return V(l, m);
+  }
+  class Y {
+    r;
+    s;
+    recovery;
+    constructor(f, h, m) {
+      if (this.r = N("r", f), this.s = N("s", h), m != null) {
+        if (T(), ![0, 1, 2, 3].includes(m))
+          throw new Error("invalid recovery id");
+        this.recovery = m;
       }
-      a === "recovered" && (i = n[0], a = "compact", n = n.subarray(1));
-      const o = g.BYTES, h = n.subarray(0, o), w = n.subarray(o, o * 2);
-      return new G(g.fromBytes(h), g.fromBytes(w), i);
-    }
-    static fromHex(n, a) {
-      return this.fromBytes(Qe(n), a);
-    }
-    addRecoveryBit(n) {
-      return new G(this.r, this.s, n);
-    }
-    recoverPublicKey(n) {
-      const a = m.ORDER, { r: i, s: o, recovery: h } = this;
-      if (h == null || ![0, 1, 2, 3].includes(h))
-        throw new Error("recovery id invalid");
-      if (p * an < a && h > 1)
-        throw new Error("recovery id is ambiguous for h>1 curve");
-      const s = h === 2 || h === 3 ? i + p : i;
-      if (!m.isValid(s))
-        throw new Error("recovery id 2 or 3 invalid");
-      const f = m.toBytes(s), y = e.fromBytes(Ae(fn((h & 1) === 0), f)), B = g.inv(s), T = ie(Se("msgHash", n)), V = g.create(-T * B), Y = g.create(o * B), I = e.BASE.multiplyUnsafe(V).add(y.multiplyUnsafe(Y));
-      if (I.is0())
-        throw new Error("point at infinify");
-      return I.assertValidity(), I;
-    }
-    // Signatures should be low-s, to prevent malleability.
-    hasHighS() {
-      return M(this.s);
-    }
-    toBytes(n = A) {
-      if (dt(n), n === "der")
-        return Qe(Ie.hexFromSig(this));
-      const a = g.toBytes(this.r), i = g.toBytes(this.s);
-      if (n === "recovered") {
-        if (this.recovery == null)
-          throw new Error("recovery bit must be present");
-        return Ae(Uint8Array.of(this.recovery), a, i);
+      Object.freeze(this);
+    }
+    static fromBytes(f, h = v.format) {
+      C(f, h);
+      let m;
+      if (h === "der") {
+        const { r: y, s: p } = Q.toSig(V(f));
+        return new Y(y, p);
       }
-      return Ae(a, i);
-    }
-    toHex(n) {
-      return Me(this.toBytes(n));
-    }
-    // TODO: remove
-    assertValidity() {
+      h === "recovered" && (m = f[0], h = "compact", f = f.subarray(1));
+      const E = B.signature / 2, b = f.subarray(0, E), g = f.subarray(E, E * 2);
+      return new Y(i.fromBytes(b), i.fromBytes(g), m);
     }
-    static fromCompact(n) {
-      return G.fromBytes(Se("sig", n), "compact");
+    static fromHex(f, h) {
+      return this.fromBytes(lt(f), h);
     }
-    static fromDER(n) {
-      return G.fromBytes(Se("sig", n), "der");
+    assertRecovery() {
+      const { recovery: f } = this;
+      if (f == null)
+        throw new Error("invalid recovery id: must be present");
+      return f;
     }
-    normalizeS() {
-      return this.hasHighS() ? new G(this.r, g.neg(this.s), this.recovery) : this;
+    addRecoveryBit(f) {
+      return new Y(this.r, this.s, f);
     }
-    toDERRawBytes() {
-      return this.toBytes("der");
+    recoverPublicKey(f) {
+      const { r: h, s: m } = this, E = this.assertRecovery(), b = E === 2 || E === 3 ? h + u : h;
+      if (!s.isValid(b))
+        throw new Error("invalid recovery id: sig.r+curve.n != R.x");
+      const g = s.toBytes(b), y = n.fromBytes(J(ue((E & 1) === 0), g)), p = i.inv(b), D = M(V(f, void 0, "msgHash")), Z = i.create(-D * p), O = i.create(m * p), A = n.BASE.multiplyUnsafe(Z).add(y.multiplyUnsafe(O));
+      if (A.is0())
+        throw new Error("invalid recovery: point at infinify");
+      return A.assertValidity(), A;
     }
-    toDERHex() {
-      return Me(this.toBytes("der"));
+    // Signatures should be low-s, to prevent malleability.
+    hasHighS() {
+      return R(this.s);
     }
-    toCompactRawBytes() {
-      return this.toBytes("compact");
+    toBytes(f = v.format) {
+      if (pt(f), f === "der")
+        return lt(Q.hexFromSig(this));
+      const { r: h, s: m } = this, E = i.toBytes(h), b = i.toBytes(m);
+      return f === "recovered" ? (T(), J(Uint8Array.of(this.assertRecovery()), E, b)) : J(E, b);
     }
-    toCompactHex() {
-      return Me(this.toBytes("compact"));
+    toHex(f) {
+      return ht(this.toBytes(f));
     }
   }
-  const se = c.bits2int || function(n) {
-    if (n.length > 8192)
+  const K = r.bits2int || function(f) {
+    if (f.length > 8192)
       throw new Error("input is too large");
-    const a = et(n), i = n.length * 8 - v;
-    return i > 0 ? a >> BigInt(i) : a;
-  }, ie = c.bits2int_modN || function(n) {
-    return g.create(se(n));
-  }, j = ze(v);
-  function O(u) {
-    return _n("num < 2^" + v, u, Ne, j), g.toBytes(u);
-  }
-  function L(u, n) {
-    return Ze(u, void 0, "message"), n ? Ze(r(u), void 0, "prehashed message") : u;
-  }
-  function _(u, n, a) {
-    if (["recovered", "canonical"].some((V) => V in a))
-      throw new Error("sign() legacy options not supported");
-    const { lowS: i, prehash: o, extraEntropy: h } = ut(a, S);
-    u = L(u, o);
-    const w = ie(u), s = He(g, n), f = [O(s), O(w)];
-    if (h != null && h !== !1) {
-      const V = h === !0 ? t(b.secretKey) : h;
-      f.push(Se("extraEntropy", V));
-    }
-    const y = Ae(...f), B = w;
-    function T(V) {
-      const Y = se(V);
-      if (!g.isValidNot0(Y))
+    const h = wt(f), m = f.length * 8 - c;
+    return m > 0 ? h >> BigInt(m) : h;
+  }, M = r.bits2int_modN || function(f) {
+    return i.create(K(f));
+  }, F = St(c);
+  function H(l) {
+    return me("num < 2^" + c, l, W, F), i.toBytes(l);
+  }
+  function x(l, f) {
+    return V(l, void 0, "message"), f ? V(t(l), void 0, "prehashed message") : l;
+  }
+  function P(l, f, h) {
+    const { lowS: m, prehash: E, extraEntropy: b } = yt(h, v);
+    l = x(l, E);
+    const g = M(l), y = i.fromBytes(f);
+    if (!i.isValidNot0(y))
+      throw new Error("invalid private key");
+    const p = [H(y), H(g)];
+    if (b != null && b !== !1) {
+      const A = b === !0 ? e(B.secretKey) : b;
+      p.push(V(A, void 0, "extraEntropy"));
+    }
+    const D = J(...p), Z = g;
+    function O(A) {
+      const U = K(A);
+      if (!i.isValidNot0(U))
         return;
-      const I = g.inv(Y), q = e.BASE.multiply(Y).toAffine(), C = g.create(q.x);
-      if (C === Ne)
+      const G = i.inv(U), L = n.BASE.multiply(U).toAffine(), k = i.create(L.x);
+      if (k === W)
         return;
-      const te = g.create(I * g.create(B + C * s));
-      if (te === Ne)
+      const st = i.create(G * i.create(Z + k * y));
+      if (st === W)
         return;
-      let $ = (q.x === C ? 0 : 2) | Number(q.y & ke), x = te;
-      return i && M(te) && (x = g.neg(te), $ ^= 1), new G(C, x, $);
+      let _t = (L.x === k ? 0 : 2) | Number(L.y & rt), Zt = st;
+      return m && R(st) && (Zt = i.neg(st), _t ^= 1), new Y(k, Zt, _ ? void 0 : _t);
     }
-    return { seed: y, k2sig: T };
-  }
-  function K(u, n, a = {}) {
-    u = Se("message", u);
-    const { seed: i, k2sig: o } = _(u, n, a);
-    return Sn(r.outputLen, g.BYTES, l)(i, o);
-  }
-  function W(u) {
-    let n;
-    const a = typeof u == "string" || yt(u), i = !a && u !== null && typeof u == "object" && typeof u.r == "bigint" && typeof u.s == "bigint";
-    if (!a && !i)
-      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
-    if (i)
-      n = new G(u.r, u.s);
-    else if (a) {
-      try {
-        n = G.fromBytes(Se("sig", u), "der");
-      } catch (o) {
-        if (!(o instanceof Ie.Err))
-          throw o;
-      }
-      if (!n)
-        try {
-          n = G.fromBytes(Se("sig", u), "compact");
-        } catch {
-          return !1;
-        }
+    return { seed: D, k2sig: O };
+  }
+  function tt(l, f, h = {}) {
+    const { seed: m, k2sig: E } = P(l, f, h);
+    return Ee(t.outputLen, i.BYTES, o)(m, E).toBytes(h.format);
+  }
+  function I(l, f, h, m = {}) {
+    const { lowS: E, prehash: b, format: g } = yt(m, v);
+    if (h = V(h, void 0, "publicKey"), f = x(f, b), !Kt(l)) {
+      const y = l instanceof Y ? ", use sig.toBytes()" : "";
+      throw new Error("verify expects Uint8Array signature" + y);
     }
-    return n || !1;
-  }
-  function z(u, n, a, i = {}) {
-    const { lowS: o, prehash: h, format: w } = ut(i, S);
-    if (a = Se("publicKey", a), n = L(Se("message", n), h), "strict" in i)
-      throw new Error("options.strict was renamed to lowS");
-    const s = w === void 0 ? W(u) : G.fromBytes(Se("sig", u), w);
-    if (s === !1)
-      return !1;
+    C(l, g);
     try {
-      const f = e.fromBytes(a);
-      if (o && s.hasHighS())
+      const y = Y.fromBytes(l, g), p = n.fromBytes(h);
+      if (E && y.hasHighS())
         return !1;
-      const { r: y, s: B } = s, T = ie(n), V = g.inv(B), Y = g.create(T * V), I = g.create(y * V), q = e.BASE.multiplyUnsafe(Y).add(f.multiplyUnsafe(I));
-      return q.is0() ? !1 : g.create(q.x) === y;
+      const { r: D, s: Z } = y, O = M(f), A = i.inv(Z), U = i.create(O * A), G = i.create(D * A), L = n.BASE.multiplyUnsafe(U).add(p.multiplyUnsafe(G));
+      return L.is0() ? !1 : i.create(L.x) === D;
     } catch {
       return !1;
     }
   }
-  function d(u, n, a = {}) {
-    const { prehash: i } = ut(a, S);
-    return n = L(n, i), G.fromBytes(u, "recovered").recoverPublicKey(n).toBytes();
+  function d(l, f, h = {}) {
+    const { prehash: m } = yt(h, v);
+    return f = x(f, m), Y.fromBytes(l, "recovered").recoverPublicKey(f).toBytes();
   }
   return Object.freeze({
-    keygen: U,
-    getPublicKey: H,
-    getSharedSecret: k,
-    utils: E,
-    lengths: b,
-    Point: e,
-    sign: K,
-    verify: z,
+    keygen: a,
+    getPublicKey: w,
+    getSharedSecret: S,
+    utils: q,
+    lengths: B,
+    Point: n,
+    sign: tt,
+    verify: I,
     recoverPublicKey: d,
-    Signature: G,
-    hash: r
-  });
-}
-function Pn(e) {
-  const r = {
-    a: e.a,
-    b: e.b,
-    p: e.Fp.ORDER,
-    n: e.n,
-    h: e.h,
-    Gx: e.Gx,
-    Gy: e.Gy
-  }, c = e.Fp;
-  let t = e.allowedPrivateKeyLengths ? Array.from(new Set(e.allowedPrivateKeyLengths.map((g) => Math.ceil(g / 2)))) : void 0;
-  const l = De(r.n, {
-    BITS: e.nBitLength,
-    allowedLengths: t,
-    modFromBytes: e.wrapPrivateKey
-  }), m = {
-    Fp: c,
-    Fn: l,
-    allowInfinityPoint: e.allowInfinityPoint,
-    endo: e.endo,
-    isTorsionFree: e.isTorsionFree,
-    clearCofactor: e.clearCofactor,
-    fromBytes: e.fromBytes,
-    toBytes: e.toBytes
-  };
-  return { CURVE: r, curveOpts: m };
-}
-function Xn(e) {
-  const { CURVE: r, curveOpts: c } = Pn(e), t = {
-    hmac: e.hmac,
-    randomBytes: e.randomBytes,
-    lowS: e.lowS,
-    bits2int: e.bits2int,
-    bits2int_modN: e.bits2int_modN
-  };
-  return { CURVE: r, curveOpts: c, hash: e.hash, ecdsaOpts: t };
-}
-function Gn(e, r) {
-  const c = r.Point;
-  return Object.assign({}, r, {
-    ProjectivePoint: c,
-    CURVE: Object.assign({}, e, nn(c.Fn.ORDER, c.Fn.BITS))
+    Signature: Y,
+    hash: t
   });
 }
-function Wn(e) {
-  const { CURVE: r, curveOpts: c, hash: t, ecdsaOpts: l } = Xn(e), m = zn(r, c), g = Yn(m, t, l);
-  return Gn(e, g);
-}
-function Qn(e, r) {
-  const c = (t) => Wn({ ...e, hash: t });
-  return { ...c(r), create: c };
-}
-const Bt = {
+const Nt = {
   p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
   n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
   h: BigInt(1),
@@ -3289,28 +1243,28 @@ const Bt = {
   b: BigInt(7),
   Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
   Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
-}, Jn = {
+}, je = {
   beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
   basises: [
     [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
     [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
   ]
-}, kt = /* @__PURE__ */ BigInt(2);
-function Fn(e) {
-  const r = Bt.p, c = BigInt(3), t = BigInt(6), l = BigInt(11), m = BigInt(22), g = BigInt(23), p = BigInt(44), v = BigInt(88), U = e * e * e % r, H = U * U * e % r, k = Re(H, c, r) * H % r, E = Re(k, c, r) * H % r, b = Re(E, kt, r) * U % r, S = Re(b, l, r) * b % r, A = Re(S, m, r) * S % r, M = Re(A, p, r) * A % r, Q = Re(M, v, r) * M % r, F = Re(Q, p, r) * A % r, G = Re(F, c, r) * H % r, se = Re(G, g, r) * S % r, ie = Re(se, t, r) * U % r, j = Re(ie, kt, r);
-  if (!ht.eql(ht.sqr(j), e))
+}, jt = /* @__PURE__ */ BigInt(2);
+function Me(n) {
+  const t = Nt.p, r = BigInt(3), e = BigInt(6), o = BigInt(11), s = BigInt(22), i = BigInt(23), u = BigInt(44), c = BigInt(88), a = n * n * n % t, w = a * a * n % t, S = z(w, r, t) * w % t, q = z(S, r, t) * w % t, B = z(q, jt, t) * a % t, v = z(B, o, t) * B % t, _ = z(v, s, t) * v % t, R = z(_, u, t) * _ % t, N = z(R, c, t) * R % t, T = z(N, u, t) * _ % t, C = z(T, r, t) * w % t, Y = z(C, i, t) * v % t, K = z(Y, e, t) * a % t, M = z(K, jt, t);
+  if (!vt.eql(vt.sqr(M), n))
     throw new Error("Cannot find square root");
-  return j;
+  return M;
 }
-const ht = De(Bt.p, { sqrt: Fn }), or = Qn({ ...Bt, Fp: ht, lowS: !0, endo: Jn }, wn);
+const vt = gt(Nt.p, { sqrt: Me }), Ke = /* @__PURE__ */ ke(Nt, {
+  Fp: vt,
+  endo: je
+}), He = /* @__PURE__ */ $e(Ke, he);
 export {
-  rr as F,
-  tr as a,
-  $e as b,
-  pn as c,
-  nr as d,
-  et as e,
-  qe as m,
-  er as r,
-  or as s
+  Ce as F,
+  dt as a,
+  wt as b,
+  X as m,
+  ye as r,
+  He as s
 };