@btc-vision/transaction 1.8.0-beta.3 → 1.8.0-beta.5

package/browser/noble-curves.js

@@ -1,2155 +1,256 @@
-import { v as Xe, w as an, x as un, y as Qe, z as Ve, e as Be, A as Pe, f as Ae, B as ln, d as jt, l as dn, i as Mt, k as hn } from "./noble-hashes.js";
-var et = {}, Me = {}, tt = {}, nt = {}, Bt;
-function je() {
-  return Bt || (Bt = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e.notImplemented = e.bitMask = e.utf8ToBytes = e.randomBytes = e.isBytes = e.hexToBytes = e.concatBytes = e.bytesToUtf8 = e.bytesToHex = e.anumber = e.abytes = void 0, e.abool = y, e._abool2 = w, e._abytes2 = p, e.numberToHexUnpadded = E, e.hexToNumber = Z, e.bytesToNumberBE = M, e.bytesToNumberLE = D, e.numberToBytesBE = X, e.numberToBytesLE = S, e.numberToVarBytesBE = q, e.ensureBytes = V, e.equalBytes = U, e.copyBytes = W, e.asciiToBytes = G, e.inRange = re, e.aInRange = ie, e.bitLen = N, e.bitGet = O, e.bitSet = L, e.createHmacDrbg = j, e.validateObject = C, e.isHash = b, e._validateObject = u, e.memoized = f;
-    const n = /* @__PURE__ */ Xe();
-    var c = /* @__PURE__ */ Xe();
-    Object.defineProperty(e, "abytes", { enumerable: !0, get: function() {
-      return c.abytes;
-    } }), Object.defineProperty(e, "anumber", { enumerable: !0, get: function() {
-      return c.anumber;
-    } }), Object.defineProperty(e, "bytesToHex", { enumerable: !0, get: function() {
-      return c.bytesToHex;
-    } }), Object.defineProperty(e, "bytesToUtf8", { enumerable: !0, get: function() {
-      return c.bytesToUtf8;
-    } }), Object.defineProperty(e, "concatBytes", { enumerable: !0, get: function() {
-      return c.concatBytes;
-    } }), Object.defineProperty(e, "hexToBytes", { enumerable: !0, get: function() {
-      return c.hexToBytes;
-    } }), Object.defineProperty(e, "isBytes", { enumerable: !0, get: function() {
-      return c.isBytes;
-    } }), Object.defineProperty(e, "randomBytes", { enumerable: !0, get: function() {
-      return c.randomBytes;
-    } }), Object.defineProperty(e, "utf8ToBytes", { enumerable: !0, get: function() {
-      return c.utf8ToBytes;
-    } });
-    const t = /* @__PURE__ */ BigInt(0), l = /* @__PURE__ */ BigInt(1);
-    function y(i, r) {
-      if (typeof r != "boolean")
-        throw new Error(i + " boolean expected, got " + r);
-    }
-    function w(i, r = "") {
-      if (typeof i != "boolean") {
-        const d = r && `"${r}"`;
-        throw new Error(d + "expected boolean, got type=" + typeof i);
-      }
-      return i;
-    }
-    function p(i, r, d = "") {
-      const m = (0, n.isBytes)(i), s = i?.length, a = r !== void 0;
-      if (!m || a && s !== r) {
-        const h = d && `"${d}" `, g = a ? ` of length ${r}` : "", B = m ? `length=${s}` : `type=${typeof i}`;
-        throw new Error(h + "expected Uint8Array" + g + ", got " + B);
-      }
-      return i;
-    }
-    function E(i) {
-      const r = i.toString(16);
-      return r.length & 1 ? "0" + r : r;
-    }
-    function Z(i) {
-      if (typeof i != "string")
-        throw new Error("hex string expected, got " + typeof i);
-      return i === "" ? t : BigInt("0x" + i);
-    }
-    function M(i) {
-      return Z((0, n.bytesToHex)(i));
-    }
-    function D(i) {
-      return (0, n.abytes)(i), Z((0, n.bytesToHex)(Uint8Array.from(i).reverse()));
-    }
-    function X(i, r) {
-      return (0, n.hexToBytes)(i.toString(16).padStart(r * 2, "0"));
-    }
-    function S(i, r) {
-      return X(i, r).reverse();
-    }
-    function q(i) {
-      return (0, n.hexToBytes)(E(i));
-    }
-    function V(i, r, d) {
-      let m;
-      if (typeof r == "string")
-        try {
-          m = (0, n.hexToBytes)(r);
-        } catch (a) {
-          throw new Error(i + " must be hex string or Uint8Array, cause: " + a);
-        }
-      else if ((0, n.isBytes)(r))
-        m = Uint8Array.from(r);
-      else
-        throw new Error(i + " must be hex string or Uint8Array");
-      const s = m.length;
-      if (typeof d == "number" && s !== d)
-        throw new Error(i + " of length " + d + " expected, got " + s);
-      return m;
-    }
-    function U(i, r) {
-      if (i.length !== r.length)
-        return !1;
-      let d = 0;
-      for (let m = 0; m < i.length; m++)
-        d |= i[m] ^ r[m];
-      return d === 0;
-    }
-    function W(i) {
-      return Uint8Array.from(i);
-    }
-    function G(i) {
-      return Uint8Array.from(i, (r, d) => {
-        const m = r.charCodeAt(0);
-        if (r.length !== 1 || m > 127)
-          throw new Error(`string contains non-ASCII character "${i[d]}" with code ${m} at position ${d}`);
-        return m;
-      });
-    }
-    const te = (i) => typeof i == "bigint" && t <= i;
-    function re(i, r, d) {
-      return te(i) && te(r) && te(d) && r <= i && i < d;
-    }
-    function ie(i, r, d, m) {
-      if (!re(r, d, m))
-        throw new Error("expected valid " + i + ": " + d + " <= n < " + m + ", got " + r);
-    }
-    function N(i) {
-      let r;
-      for (r = 0; i > t; i >>= l, r += 1)
-        ;
-      return r;
-    }
-    function O(i, r) {
-      return i >> BigInt(r) & l;
-    }
-    function L(i, r, d) {
-      return i | (d ? l : t) << BigInt(r);
-    }
-    const v = (i) => (l << BigInt(i)) - l;
-    e.bitMask = v;
-    function j(i, r, d) {
-      if (typeof i != "number" || i < 2)
-        throw new Error("hashLen must be a number");
-      if (typeof r != "number" || r < 2)
-        throw new Error("qByteLen must be a number");
-      if (typeof d != "function")
-        throw new Error("hmacFn must be a function");
-      const m = (k) => new Uint8Array(k), s = (k) => Uint8Array.of(k);
-      let a = m(i), h = m(i), g = 0;
-      const B = () => {
-        a.fill(1), h.fill(0), g = 0;
-      }, H = (...k) => d(h, a, ...k), z = (k = m(0)) => {
-        h = H(s(0), k), a = H(), k.length !== 0 && (h = H(s(1), k), a = H());
-      }, I = () => {
-        if (g++ >= 1e3)
-          throw new Error("drbg: tried 1000 values");
-        let k = 0;
-        const ee = [];
-        for (; k < r; ) {
-          a = H();
-          const F = a.slice();
-          ee.push(F), k += a.length;
-        }
-        return (0, n.concatBytes)(...ee);
-      };
-      return (k, ee) => {
-        B(), z(k);
-        let F;
-        for (; !(F = ee(I())); )
-          z();
-        return B(), F;
-      };
-    }
-    const Q = {
-      bigint: (i) => typeof i == "bigint",
-      function: (i) => typeof i == "function",
-      boolean: (i) => typeof i == "boolean",
-      string: (i) => typeof i == "string",
-      stringOrUint8Array: (i) => typeof i == "string" || (0, n.isBytes)(i),
-      isSafeInteger: (i) => Number.isSafeInteger(i),
-      array: (i) => Array.isArray(i),
-      field: (i, r) => r.Fp.isValid(i),
-      hash: (i) => typeof i == "function" && Number.isSafeInteger(i.outputLen)
-    };
-    function C(i, r, d = {}) {
-      const m = (s, a, h) => {
-        const g = Q[a];
-        if (typeof g != "function")
-          throw new Error("invalid validator function");
-        const B = i[s];
-        if (!(h && B === void 0) && !g(B, i))
-          throw new Error("param " + String(s) + " is invalid. Expected " + a + ", got " + B);
-      };
-      for (const [s, a] of Object.entries(r))
-        m(s, a, !1);
-      for (const [s, a] of Object.entries(d))
-        m(s, a, !0);
-      return i;
-    }
-    function b(i) {
-      return typeof i == "function" && Number.isSafeInteger(i.outputLen);
-    }
-    function u(i, r, d = {}) {
-      if (!i || typeof i != "object")
-        throw new Error("expected valid options object");
-      function m(s, a, h) {
-        const g = i[s];
-        if (h && g === void 0)
-          return;
-        const B = typeof g;
-        if (B !== a || g === null)
-          throw new Error(`param "${s}" is invalid: expected ${a}, got ${B}`);
-      }
-      Object.entries(r).forEach(([s, a]) => m(s, a, !1)), Object.entries(d).forEach(([s, a]) => m(s, a, !0));
-    }
-    const o = () => {
-      throw new Error("not implemented");
-    };
-    e.notImplemented = o;
-    function f(i) {
-      const r = /* @__PURE__ */ new WeakMap();
-      return (d, ...m) => {
-        const s = r.get(d);
-        if (s !== void 0)
-          return s;
-        const a = i(d, ...m);
-        return r.set(d, a), a;
-      };
-    }
-  })(nt)), nt;
-}
-var Te = {}, he = {}, vt;
-function Je() {
-  if (vt) return he;
-  vt = 1, Object.defineProperty(he, "__esModule", { value: !0 }), he.isNegativeLE = void 0, he.mod = D, he.pow = X, he.pow2 = S, he.invert = q, he.tonelliShanks = te, he.FpSqrt = re, he.validateField = O, he.FpPow = L, he.FpInvertBatch = v, he.FpDiv = j, he.FpLegendre = Q, he.FpIsSquare = C, he.nLength = b, he.Field = u, he.FpSqrtOdd = o, he.FpSqrtEven = f, he.hashToPrivateScalar = i, he.getFieldBytesLength = r, he.getMinHashLength = d, he.mapHashToField = m;
-  const e = /* @__PURE__ */ je(), n = BigInt(0), c = BigInt(1), t = /* @__PURE__ */ BigInt(2), l = /* @__PURE__ */ BigInt(3), y = /* @__PURE__ */ BigInt(4), w = /* @__PURE__ */ BigInt(5), p = /* @__PURE__ */ BigInt(7), E = /* @__PURE__ */ BigInt(8), Z = /* @__PURE__ */ BigInt(9), M = /* @__PURE__ */ BigInt(16);
-  function D(s, a) {
-    const h = s % a;
-    return h >= n ? h : a + h;
-  }
-  function X(s, a, h) {
-    return L(u(h), s, a);
-  }
-  function S(s, a, h) {
-    let g = s;
-    for (; a-- > n; )
-      g *= g, g %= h;
-    return g;
-  }
-  function q(s, a) {
-    if (s === n)
-      throw new Error("invert: expected non-zero number");
-    if (a <= n)
-      throw new Error("invert: expected positive modulus, got " + a);
-    let h = D(s, a), g = a, B = n, H = c;
-    for (; h !== n; ) {
-      const I = g / h, T = g % h, k = B - H * I;
-      g = h, h = T, B = H, H = k;
-    }
-    if (g !== c)
-      throw new Error("invert: does not exist");
-    return D(B, a);
-  }
-  function V(s, a, h) {
-    if (!s.eql(s.sqr(a), h))
-      throw new Error("Cannot find square root");
-  }
-  function U(s, a) {
-    const h = (s.ORDER + c) / y, g = s.pow(a, h);
-    return V(s, g, a), g;
-  }
-  function W(s, a) {
-    const h = (s.ORDER - w) / E, g = s.mul(a, t), B = s.pow(g, h), H = s.mul(a, B), z = s.mul(s.mul(H, t), B), I = s.mul(H, s.sub(z, s.ONE));
-    return V(s, I, a), I;
-  }
-  function G(s) {
-    const a = u(s), h = te(s), g = h(a, a.neg(a.ONE)), B = h(a, g), H = h(a, a.neg(g)), z = (s + p) / M;
-    return (I, T) => {
-      let k = I.pow(T, z), ee = I.mul(k, g);
-      const F = I.mul(k, B), _ = I.mul(k, H), P = I.eql(I.sqr(ee), T), fe = I.eql(I.sqr(F), T);
-      k = I.cmov(k, ee, P), ee = I.cmov(_, F, fe);
-      const be = I.eql(I.sqr(ee), T), pe = I.cmov(k, ee, be);
-      return V(I, pe, T), pe;
-    };
-  }
-  function te(s) {
-    if (s < l)
-      throw new Error("sqrt is not defined for small field");
-    let a = s - c, h = 0;
-    for (; a % t === n; )
-      a /= t, h++;
-    let g = t;
-    const B = u(s);
-    for (; Q(B, g) === 1; )
-      if (g++ > 1e3)
-        throw new Error("Cannot find square root: probably non-prime P");
-    if (h === 1)
-      return U;
-    let H = B.pow(g, a);
-    const z = (a + c) / t;
-    return function(T, k) {
-      if (T.is0(k))
-        return k;
-      if (Q(T, k) !== 1)
-        throw new Error("Cannot find square root");
-      let ee = h, F = T.mul(T.ONE, H), _ = T.pow(k, a), P = T.pow(k, z);
-      for (; !T.eql(_, T.ONE); ) {
-        if (T.is0(_))
-          return T.ZERO;
-        let fe = 1, be = T.sqr(_);
-        for (; !T.eql(be, T.ONE); )
-          if (fe++, be = T.sqr(be), fe === ee)
-            throw new Error("Cannot find square root");
-        const pe = c << BigInt(ee - fe - 1), _e = T.pow(F, pe);
-        ee = fe, F = T.sqr(_e), _ = T.mul(_, F), P = T.mul(P, _e);
-      }
-      return P;
-    };
-  }
-  function re(s) {
-    return s % y === l ? U : s % E === w ? W : s % M === Z ? G(s) : te(s);
-  }
-  const ie = (s, a) => (D(s, a) & c) === c;
-  he.isNegativeLE = ie;
-  const N = [
-    "create",
-    "isValid",
-    "is0",
-    "neg",
-    "inv",
-    "sqrt",
-    "sqr",
-    "eql",
-    "add",
-    "sub",
-    "mul",
-    "pow",
-    "div",
-    "addN",
-    "subN",
-    "mulN",
-    "sqrN"
-  ];
-  function O(s) {
-    const a = {
-      ORDER: "bigint",
-      MASK: "bigint",
-      BYTES: "number",
-      BITS: "number"
-    }, h = N.reduce((g, B) => (g[B] = "function", g), a);
-    return (0, e._validateObject)(s, h), s;
-  }
-  function L(s, a, h) {
-    if (h < n)
-      throw new Error("invalid exponent, negatives unsupported");
-    if (h === n)
-      return s.ONE;
-    if (h === c)
-      return a;
-    let g = s.ONE, B = a;
-    for (; h > n; )
-      h & c && (g = s.mul(g, B)), B = s.sqr(B), h >>= c;
-    return g;
-  }
-  function v(s, a, h = !1) {
-    const g = new Array(a.length).fill(h ? s.ZERO : void 0), B = a.reduce((z, I, T) => s.is0(I) ? z : (g[T] = z, s.mul(z, I)), s.ONE), H = s.inv(B);
-    return a.reduceRight((z, I, T) => s.is0(I) ? z : (g[T] = s.mul(z, g[T]), s.mul(z, I)), H), g;
-  }
-  function j(s, a, h) {
-    return s.mul(a, typeof h == "bigint" ? q(h, s.ORDER) : s.inv(h));
-  }
-  function Q(s, a) {
-    const h = (s.ORDER - c) / t, g = s.pow(a, h), B = s.eql(g, s.ONE), H = s.eql(g, s.ZERO), z = s.eql(g, s.neg(s.ONE));
-    if (!B && !H && !z)
-      throw new Error("invalid Legendre symbol result");
-    return B ? 1 : H ? 0 : -1;
-  }
-  function C(s, a) {
-    return Q(s, a) === 1;
-  }
-  function b(s, a) {
-    a !== void 0 && (0, e.anumber)(a);
-    const h = a !== void 0 ? a : s.toString(2).length, g = Math.ceil(h / 8);
-    return { nBitLength: h, nByteLength: g };
-  }
-  function u(s, a, h = !1, g = {}) {
-    if (s <= n)
-      throw new Error("invalid field: expected ORDER > 0, got " + s);
-    let B, H, z = !1, I;
-    if (typeof a == "object" && a != null) {
-      if (g.sqrt || h)
-        throw new Error("cannot specify opts in two arguments");
-      const _ = a;
-      _.BITS && (B = _.BITS), _.sqrt && (H = _.sqrt), typeof _.isLE == "boolean" && (h = _.isLE), typeof _.modFromBytes == "boolean" && (z = _.modFromBytes), I = _.allowedLengths;
-    } else
-      typeof a == "number" && (B = a), g.sqrt && (H = g.sqrt);
-    const { nBitLength: T, nByteLength: k } = b(s, B);
-    if (k > 2048)
-      throw new Error("invalid field: expected ORDER of <= 2048 bytes");
-    let ee;
-    const F = Object.freeze({
-      ORDER: s,
-      isLE: h,
-      BITS: T,
-      BYTES: k,
-      MASK: (0, e.bitMask)(T),
-      ZERO: n,
-      ONE: c,
-      allowedLengths: I,
-      create: (_) => D(_, s),
-      isValid: (_) => {
-        if (typeof _ != "bigint")
-          throw new Error("invalid field element: expected bigint, got " + typeof _);
-        return n <= _ && _ < s;
-      },
-      is0: (_) => _ === n,
-      // is valid and invertible
-      isValidNot0: (_) => !F.is0(_) && F.isValid(_),
-      isOdd: (_) => (_ & c) === c,
-      neg: (_) => D(-_, s),
-      eql: (_, P) => _ === P,
-      sqr: (_) => D(_ * _, s),
-      add: (_, P) => D(_ + P, s),
-      sub: (_, P) => D(_ - P, s),
-      mul: (_, P) => D(_ * P, s),
-      pow: (_, P) => L(F, _, P),
-      div: (_, P) => D(_ * q(P, s), s),
-      // Same as above, but doesn't normalize
-      sqrN: (_) => _ * _,
-      addN: (_, P) => _ + P,
-      subN: (_, P) => _ - P,
-      mulN: (_, P) => _ * P,
-      inv: (_) => q(_, s),
-      sqrt: H || ((_) => (ee || (ee = re(s)), ee(F, _))),
-      toBytes: (_) => h ? (0, e.numberToBytesLE)(_, k) : (0, e.numberToBytesBE)(_, k),
-      fromBytes: (_, P = !0) => {
-        if (I) {
-          if (!I.includes(_.length) || _.length > k)
-            throw new Error("Field.fromBytes: expected " + I + " bytes, got " + _.length);
-          const be = new Uint8Array(k);
-          be.set(_, h ? 0 : be.length - _.length), _ = be;
-        }
-        if (_.length !== k)
-          throw new Error("Field.fromBytes: expected " + k + " bytes, got " + _.length);
-        let fe = h ? (0, e.bytesToNumberLE)(_) : (0, e.bytesToNumberBE)(_);
-        if (z && (fe = D(fe, s)), !P && !F.isValid(fe))
-          throw new Error("invalid field element: outside of range 0..ORDER");
-        return fe;
-      },
-      // TODO: we don't need it here, move out to separate fn
-      invertBatch: (_) => v(F, _),
-      // We can't move this out because Fp6, Fp12 implement it
-      // and it's unclear what to return in there.
-      cmov: (_, P, fe) => fe ? P : _
-    });
-    return Object.freeze(F);
-  }
-  function o(s, a) {
-    if (!s.isOdd)
-      throw new Error("Field doesn't have isOdd");
-    const h = s.sqrt(a);
-    return s.isOdd(h) ? h : s.neg(h);
-  }
-  function f(s, a) {
-    if (!s.isOdd)
-      throw new Error("Field doesn't have isOdd");
-    const h = s.sqrt(a);
-    return s.isOdd(h) ? s.neg(h) : h;
-  }
-  function i(s, a, h = !1) {
-    s = (0, e.ensureBytes)("privateHash", s);
-    const g = s.length, B = b(a).nByteLength + 8;
-    if (B < 24 || g < B || g > 1024)
-      throw new Error("hashToPrivateScalar: expected " + B + "-1024 bytes of input, got " + g);
-    const H = h ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s);
-    return D(H, a - c) + c;
-  }
-  function r(s) {
-    if (typeof s != "bigint")
-      throw new Error("field order must be bigint");
-    const a = s.toString(2).length;
-    return Math.ceil(a / 8);
-  }
-  function d(s) {
-    const a = r(s);
-    return a + Math.ceil(a / 2);
-  }
-  function m(s, a, h = !1) {
-    const g = s.length, B = r(a), H = d(a);
-    if (g < 16 || g < H || g > 1024)
-      throw new Error("expected " + H + "-1024 bytes of input, got " + g);
-    const z = h ? (0, e.bytesToNumberLE)(s) : (0, e.bytesToNumberBE)(s), I = D(z, a - c) + c;
-    return h ? (0, e.numberToBytesLE)(I, B) : (0, e.numberToBytesBE)(I, B);
-  }
-  return he;
-}
-var pt;
-function bn() {
-  if (pt) return Te;
-  pt = 1, Object.defineProperty(Te, "__esModule", { value: !0 }), Te.wNAF = void 0, Te.negateCt = l, Te.normalizeZ = y, Te.mulEndoUnsafe = U, Te.pippenger = W, Te.precomputeMSMUnsafe = G, Te.validateBasic = te, Te._createCurveFields = ie;
-  const e = /* @__PURE__ */ je(), n = /* @__PURE__ */ Je(), c = BigInt(0), t = BigInt(1);
-  function l(N, O) {
-    const L = O.negate();
-    return N ? L : O;
-  }
-  function y(N, O) {
-    const L = (0, n.FpInvertBatch)(N.Fp, O.map((v) => v.Z));
-    return O.map((v, j) => N.fromAffine(v.toAffine(L[j])));
-  }
-  function w(N, O) {
-    if (!Number.isSafeInteger(N) || N <= 0 || N > O)
-      throw new Error("invalid window size, expected [1.." + O + "], got W=" + N);
-  }
-  function p(N, O) {
-    w(N, O);
-    const L = Math.ceil(O / N) + 1, v = 2 ** (N - 1), j = 2 ** N, Q = (0, e.bitMask)(N), C = BigInt(N);
-    return { windows: L, windowSize: v, mask: Q, maxNumber: j, shiftBy: C };
-  }
-  function E(N, O, L) {
-    const { windowSize: v, mask: j, maxNumber: Q, shiftBy: C } = L;
-    let b = Number(N & j), u = N >> C;
-    b > v && (b -= Q, u += t);
-    const o = O * v, f = o + Math.abs(b) - 1, i = b === 0, r = b < 0, d = O % 2 !== 0;
-    return { nextN: u, offset: f, isZero: i, isNeg: r, isNegF: d, offsetF: o };
-  }
-  function Z(N, O) {
-    if (!Array.isArray(N))
-      throw new Error("array expected");
-    N.forEach((L, v) => {
-      if (!(L instanceof O))
-        throw new Error("invalid point at index " + v);
-    });
-  }
-  function M(N, O) {
-    if (!Array.isArray(N))
-      throw new Error("array of scalars expected");
-    N.forEach((L, v) => {
-      if (!O.isValid(L))
-        throw new Error("invalid scalar at index " + v);
-    });
-  }
-  const D = /* @__PURE__ */ new WeakMap(), X = /* @__PURE__ */ new WeakMap();
-  function S(N) {
-    return X.get(N) || 1;
-  }
-  function q(N) {
-    if (N !== c)
-      throw new Error("invalid wNAF");
-  }
-  class V {
-    // Parametrized with a given Point class (not individual point)
-    constructor(O, L) {
-      this.BASE = O.BASE, this.ZERO = O.ZERO, this.Fn = O.Fn, this.bits = L;
-    }
-    // non-const time multiplication ladder
-    _unsafeLadder(O, L, v = this.ZERO) {
-      let j = O;
-      for (; L > c; )
-        L & t && (v = v.add(j)), j = j.double(), L >>= t;
-      return v;
-    }
-    /**
-     * Creates a wNAF precomputation window. Used for caching.
-     * Default window size is set by `utils.precompute()` and is equal to 8.
-     * Number of precomputed points depends on the curve size:
-     * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
-     * - 𝑊 is the window size
-     * - 𝑛 is the bitlength of the curve order.
-     * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
-     * @param point Point instance
-     * @param W window size
-     * @returns precomputed point tables flattened to a single array
-     */
-    precomputeWindow(O, L) {
-      const { windows: v, windowSize: j } = p(L, this.bits), Q = [];
-      let C = O, b = C;
-      for (let u = 0; u < v; u++) {
-        b = C, Q.push(b);
-        for (let o = 1; o < j; o++)
-          b = b.add(C), Q.push(b);
-        C = b.double();
-      }
-      return Q;
-    }
-    /**
-     * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
-     * More compact implementation:
-     * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
-     * @returns real and fake (for const-time) points
-     */
-    wNAF(O, L, v) {
-      if (!this.Fn.isValid(v))
-        throw new Error("invalid scalar");
-      let j = this.ZERO, Q = this.BASE;
-      const C = p(O, this.bits);
-      for (let b = 0; b < C.windows; b++) {
-        const { nextN: u, offset: o, isZero: f, isNeg: i, isNegF: r, offsetF: d } = E(v, b, C);
-        v = u, f ? Q = Q.add(l(r, L[d])) : j = j.add(l(i, L[o]));
-      }
-      return q(v), { p: j, f: Q };
-    }
-    /**
-     * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
-     * @param acc accumulator point to add result of multiplication
-     * @returns point
-     */
-    wNAFUnsafe(O, L, v, j = this.ZERO) {
-      const Q = p(O, this.bits);
-      for (let C = 0; C < Q.windows && v !== c; C++) {
-        const { nextN: b, offset: u, isZero: o, isNeg: f } = E(v, C, Q);
-        if (v = b, !o) {
-          const i = L[u];
-          j = j.add(f ? i.negate() : i);
-        }
-      }
-      return q(v), j;
-    }
-    getPrecomputes(O, L, v) {
-      let j = D.get(L);
-      return j || (j = this.precomputeWindow(L, O), O !== 1 && (typeof v == "function" && (j = v(j)), D.set(L, j))), j;
-    }
-    cached(O, L, v) {
-      const j = S(O);
-      return this.wNAF(j, this.getPrecomputes(j, O, v), L);
-    }
-    unsafe(O, L, v, j) {
-      const Q = S(O);
-      return Q === 1 ? this._unsafeLadder(O, L, j) : this.wNAFUnsafe(Q, this.getPrecomputes(Q, O, v), L, j);
-    }
-    // We calculate precomputes for elliptic curve point multiplication
-    // using windowed method. This specifies window size and
-    // stores precomputed values. Usually only base point would be precomputed.
-    createCache(O, L) {
-      w(L, this.bits), X.set(O, L), D.delete(O);
-    }
-    hasCache(O) {
-      return S(O) !== 1;
-    }
-  }
-  Te.wNAF = V;
-  function U(N, O, L, v) {
-    let j = O, Q = N.ZERO, C = N.ZERO;
-    for (; L > c || v > c; )
-      L & t && (Q = Q.add(j)), v & t && (C = C.add(j)), j = j.double(), L >>= t, v >>= t;
-    return { p1: Q, p2: C };
-  }
-  function W(N, O, L, v) {
-    Z(L, N), M(v, O);
-    const j = L.length, Q = v.length;
-    if (j !== Q)
-      throw new Error("arrays of points and scalars must have equal length");
-    const C = N.ZERO, b = (0, e.bitLen)(BigInt(j));
-    let u = 1;
-    b > 12 ? u = b - 3 : b > 4 ? u = b - 2 : b > 0 && (u = 2);
-    const o = (0, e.bitMask)(u), f = new Array(Number(o) + 1).fill(C), i = Math.floor((O.BITS - 1) / u) * u;
-    let r = C;
-    for (let d = i; d >= 0; d -= u) {
-      f.fill(C);
-      for (let s = 0; s < Q; s++) {
-        const a = v[s], h = Number(a >> BigInt(d) & o);
-        f[h] = f[h].add(L[s]);
-      }
-      let m = C;
-      for (let s = f.length - 1, a = C; s > 0; s--)
-        a = a.add(f[s]), m = m.add(a);
-      if (r = r.add(m), d !== 0)
-        for (let s = 0; s < u; s++)
-          r = r.double();
-    }
-    return r;
-  }
-  function G(N, O, L, v) {
-    w(v, O.BITS), Z(L, N);
-    const j = N.ZERO, Q = 2 ** v - 1, C = Math.ceil(O.BITS / v), b = (0, e.bitMask)(v), u = L.map((o) => {
-      const f = [];
-      for (let i = 0, r = o; i < Q; i++)
-        f.push(r), r = r.add(o);
-      return f;
-    });
-    return (o) => {
-      if (M(o, O), o.length > L.length)
-        throw new Error("array of scalars must be smaller than array of points");
-      let f = j;
-      for (let i = 0; i < C; i++) {
-        if (f !== j)
-          for (let d = 0; d < v; d++)
-            f = f.double();
-        const r = BigInt(C * v - (i + 1) * v);
-        for (let d = 0; d < o.length; d++) {
-          const m = o[d], s = Number(m >> r & b);
-          s && (f = f.add(u[d][s - 1]));
-        }
-      }
-      return f;
-    };
-  }
-  function te(N) {
-    return (0, n.validateField)(N.Fp), (0, e.validateObject)(N, {
-      n: "bigint",
-      h: "bigint",
-      Gx: "field",
-      Gy: "field"
-    }, {
-      nBitLength: "isSafeInteger",
-      nByteLength: "isSafeInteger"
-    }), Object.freeze({
-      ...(0, n.nLength)(N.n, N.nBitLength),
-      ...N,
-      p: N.Fp.ORDER
-    });
-  }
-  function re(N, O, L) {
-    if (O) {
-      if (O.ORDER !== N)
-        throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
-      return (0, n.validateField)(O), O;
-    } else
-      return (0, n.Field)(N, { isLE: L });
-  }
-  function ie(N, O, L = {}, v) {
-    if (v === void 0 && (v = N === "edwards"), !O || typeof O != "object")
-      throw new Error(`expected valid ${N} CURVE object`);
-    for (const u of ["p", "n", "h"]) {
-      const o = O[u];
-      if (!(typeof o == "bigint" && o > c))
-        throw new Error(`CURVE.${u} must be positive bigint`);
-    }
-    const j = re(O.p, L.Fp, v), Q = re(O.n, L.Fn, v), b = ["Gx", "Gy", "a", N === "weierstrass" ? "b" : "d"];
-    for (const u of b)
-      if (!j.isValid(O[u]))
-        throw new Error(`CURVE.${u} must be valid field element of CURVE.Fp`);
-    return O = Object.freeze(Object.assign({}, O)), { CURVE: O, Fp: j, Fn: Q };
-  }
-  return Te;
-}
-var _t;
-function Vt() {
-  return _t || (_t = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e.DER = e.DERErr = void 0, e._splitEndoScalar = p, e._normFnElement = U, e.weierstrassN = W, e.SWUFpSqrtRatio = te, e.mapToCurveSimpleSWU = re, e.ecdh = N, e.ecdsa = O, e.weierstrassPoints = L, e._legacyHelperEquat = Q, e.weierstrass = u;
-    const n = /* @__PURE__ */ an(), c = /* @__PURE__ */ Xe(), t = /* @__PURE__ */ je(), l = /* @__PURE__ */ bn(), y = /* @__PURE__ */ Je(), w = (o, f) => (o + (o >= 0 ? f : -f) / S) / f;
-    function p(o, f, i) {
-      const [[r, d], [m, s]] = f, a = w(s * o, i), h = w(-d * o, i);
-      let g = o - a * r - h * m, B = -a * d - h * s;
-      const H = g < D, z = B < D;
-      H && (g = -g), z && (B = -B);
-      const I = (0, t.bitMask)(Math.ceil((0, t.bitLen)(i) / 2)) + X;
-      if (g < D || g >= I || B < D || B >= I)
-        throw new Error("splitScalar (endomorphism): failed, k=" + o);
-      return { k1neg: H, k1: g, k2neg: z, k2: B };
-    }
-    function E(o) {
-      if (!["compact", "recovered", "der"].includes(o))
-        throw new Error('Signature format must be "compact", "recovered", or "der"');
-      return o;
-    }
-    function Z(o, f) {
-      const i = {};
-      for (let r of Object.keys(f))
-        i[r] = o[r] === void 0 ? f[r] : o[r];
-      return (0, t._abool2)(i.lowS, "lowS"), (0, t._abool2)(i.prehash, "prehash"), i.format !== void 0 && E(i.format), i;
-    }
-    class M extends Error {
-      constructor(f = "") {
-        super(f);
-      }
-    }
-    e.DERErr = M, e.DER = {
-      // asn.1 DER encoding utils
-      Err: M,
-      // Basic building block is TLV (Tag-Length-Value)
-      _tlv: {
-        encode: (o, f) => {
-          const { Err: i } = e.DER;
-          if (o < 0 || o > 256)
-            throw new i("tlv.encode: wrong tag");
-          if (f.length & 1)
-            throw new i("tlv.encode: unpadded data");
-          const r = f.length / 2, d = (0, t.numberToHexUnpadded)(r);
-          if (d.length / 2 & 128)
-            throw new i("tlv.encode: long form length too big");
-          const m = r > 127 ? (0, t.numberToHexUnpadded)(d.length / 2 | 128) : "";
-          return (0, t.numberToHexUnpadded)(o) + m + d + f;
-        },
-        // v - value, l - left bytes (unparsed)
-        decode(o, f) {
-          const { Err: i } = e.DER;
-          let r = 0;
-          if (o < 0 || o > 256)
-            throw new i("tlv.encode: wrong tag");
-          if (f.length < 2 || f[r++] !== o)
-            throw new i("tlv.decode: wrong tlv");
-          const d = f[r++], m = !!(d & 128);
-          let s = 0;
-          if (!m)
-            s = d;
-          else {
-            const h = d & 127;
-            if (!h)
-              throw new i("tlv.decode(long): indefinite length not supported");
-            if (h > 4)
-              throw new i("tlv.decode(long): byte length is too big");
-            const g = f.subarray(r, r + h);
-            if (g.length !== h)
-              throw new i("tlv.decode: length bytes not complete");
-            if (g[0] === 0)
-              throw new i("tlv.decode(long): zero leftmost byte");
-            for (const B of g)
-              s = s << 8 | B;
-            if (r += h, s < 128)
-              throw new i("tlv.decode(long): not minimal encoding");
-          }
-          const a = f.subarray(r, r + s);
-          if (a.length !== s)
-            throw new i("tlv.decode: wrong value length");
-          return { v: a, l: f.subarray(r + s) };
-        }
-      },
-      // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
-      // since we always use positive integers here. It must always be empty:
-      // - add zero byte if exists
-      // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
-      _int: {
-        encode(o) {
-          const { Err: f } = e.DER;
-          if (o < D)
-            throw new f("integer: negative integers are not allowed");
-          let i = (0, t.numberToHexUnpadded)(o);
-          if (Number.parseInt(i[0], 16) & 8 && (i = "00" + i), i.length & 1)
-            throw new f("unexpected DER parsing assertion: unpadded hex");
-          return i;
-        },
-        decode(o) {
-          const { Err: f } = e.DER;
-          if (o[0] & 128)
-            throw new f("invalid signature integer: negative");
-          if (o[0] === 0 && !(o[1] & 128))
-            throw new f("invalid signature integer: unnecessary leading zero");
-          return (0, t.bytesToNumberBE)(o);
-        }
-      },
-      toSig(o) {
-        const { Err: f, _int: i, _tlv: r } = e.DER, d = (0, t.ensureBytes)("signature", o), { v: m, l: s } = r.decode(48, d);
-        if (s.length)
-          throw new f("invalid signature: left bytes after parsing");
-        const { v: a, l: h } = r.decode(2, m), { v: g, l: B } = r.decode(2, h);
-        if (B.length)
-          throw new f("invalid signature: left bytes after parsing");
-        return { r: i.decode(a), s: i.decode(g) };
-      },
-      hexFromSig(o) {
-        const { _tlv: f, _int: i } = e.DER, r = f.encode(2, i.encode(o.r)), d = f.encode(2, i.encode(o.s)), m = r + d;
-        return f.encode(48, m);
-      }
-    };
-    const D = BigInt(0), X = BigInt(1), S = BigInt(2), q = BigInt(3), V = BigInt(4);
-    function U(o, f) {
-      const { BYTES: i } = o;
-      let r;
-      if (typeof f == "bigint")
-        r = f;
-      else {
-        let d = (0, t.ensureBytes)("private key", f);
-        try {
-          r = o.fromBytes(d);
-        } catch {
-          throw new Error(`invalid private key: expected ui8a of size ${i}, got ${typeof f}`);
-        }
-      }
-      if (!o.isValidNot0(r))
-        throw new Error("invalid private key: out of range [1..N-1]");
-      return r;
-    }
-    function W(o, f = {}) {
-      const i = (0, l._createCurveFields)("weierstrass", o, f), { Fp: r, Fn: d } = i;
-      let m = i.CURVE;
-      const { h: s, n: a } = m;
-      (0, t._validateObject)(f, {}, {
-        allowInfinityPoint: "boolean",
-        clearCofactor: "function",
-        isTorsionFree: "function",
-        fromBytes: "function",
-        toBytes: "function",
-        endo: "object",
-        wrapPrivateKey: "boolean"
-      });
-      const { endo: h } = f;
-      if (h && (!r.is0(m.a) || typeof h.beta != "bigint" || !Array.isArray(h.basises)))
-        throw new Error('invalid endo: expected "beta": bigint and "basises": array');
-      const g = ie(r, d);
-      function B() {
-        if (!r.isOdd)
-          throw new Error("compression is not supported: Field does not have .isOdd()");
-      }
-      function H(le, A, x) {
-        const { x: R, y: K } = A.toAffine(), J = r.toBytes(R);
-        if ((0, t._abool2)(x, "isCompressed"), x) {
-          B();
-          const oe = !r.isOdd(K);
-          return (0, t.concatBytes)(G(oe), J);
-        } else
-          return (0, t.concatBytes)(Uint8Array.of(4), J, r.toBytes(K));
-      }
-      function z(le) {
-        (0, t._abytes2)(le, void 0, "Point");
-        const { publicKey: A, publicKeyUncompressed: x } = g, R = le.length, K = le[0], J = le.subarray(1);
-        if (R === A && (K === 2 || K === 3)) {
-          const oe = r.fromBytes(J);
-          if (!r.isValid(oe))
-            throw new Error("bad point: is not on curve, wrong x");
-          const ne = k(oe);
-          let $;
-          try {
-            $ = r.sqrt(ne);
-          } catch (ge) {
-            const de = ge instanceof Error ? ": " + ge.message : "";
-            throw new Error("bad point: is not on curve, sqrt error" + de);
-          }
-          B();
-          const se = r.isOdd($);
-          return (K & 1) === 1 !== se && ($ = r.neg($)), { x: oe, y: $ };
-        } else if (R === x && K === 4) {
-          const oe = r.BYTES, ne = r.fromBytes(J.subarray(0, oe)), $ = r.fromBytes(J.subarray(oe, oe * 2));
-          if (!ee(ne, $))
-            throw new Error("bad point: is not on curve");
-          return { x: ne, y: $ };
-        } else
-          throw new Error(`bad point: got length ${R}, expected compressed=${A} or uncompressed=${x}`);
-      }
-      const I = f.toBytes || H, T = f.fromBytes || z;
-      function k(le) {
-        const A = r.sqr(le), x = r.mul(A, le);
-        return r.add(r.add(x, r.mul(le, m.a)), m.b);
-      }
-      function ee(le, A) {
-        const x = r.sqr(A), R = k(le);
-        return r.eql(x, R);
-      }
-      if (!ee(m.Gx, m.Gy))
-        throw new Error("bad curve params: generator point");
-      const F = r.mul(r.pow(m.a, q), V), _ = r.mul(r.sqr(m.b), BigInt(27));
-      if (r.is0(r.add(F, _)))
-        throw new Error("bad curve params: a or b");
-      function P(le, A, x = !1) {
-        if (!r.isValid(A) || x && r.is0(A))
-          throw new Error(`bad point coordinate ${le}`);
-        return A;
-      }
-      function fe(le) {
-        if (!(le instanceof ae))
-          throw new Error("ProjectivePoint expected");
-      }
-      function be(le) {
-        if (!h || !h.basises)
-          throw new Error("no endo");
-        return p(le, h.basises, d.ORDER);
-      }
-      const pe = (0, t.memoized)((le, A) => {
-        const { X: x, Y: R, Z: K } = le;
-        if (r.eql(K, r.ONE))
-          return { x, y: R };
-        const J = le.is0();
-        A == null && (A = J ? r.ONE : r.inv(K));
-        const oe = r.mul(x, A), ne = r.mul(R, A), $ = r.mul(K, A);
-        if (J)
-          return { x: r.ZERO, y: r.ZERO };
-        if (!r.eql($, r.ONE))
-          throw new Error("invZ was invalid");
-        return { x: oe, y: ne };
-      }), _e = (0, t.memoized)((le) => {
-        if (le.is0()) {
-          if (f.allowInfinityPoint && !r.is0(le.Y))
-            return;
-          throw new Error("bad point: ZERO");
-        }
-        const { x: A, y: x } = le.toAffine();
-        if (!r.isValid(A) || !r.isValid(x))
-          throw new Error("bad point: x or y not field elements");
-        if (!ee(A, x))
-          throw new Error("bad point: equation left != right");
-        if (!le.isTorsionFree())
-          throw new Error("bad point: not in prime-order subgroup");
-        return !0;
-      });
-      function Oe(le, A, x, R, K) {
-        return x = new ae(r.mul(x.X, le), x.Y, x.Z), A = (0, l.negateCt)(R, A), x = (0, l.negateCt)(K, x), A.add(x);
-      }
-      class ae {
-        /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-        constructor(A, x, R) {
-          this.X = P("x", A), this.Y = P("y", x, !0), this.Z = P("z", R), Object.freeze(this);
-        }
-        static CURVE() {
-          return m;
-        }
-        /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-        static fromAffine(A) {
-          const { x, y: R } = A || {};
-          if (!A || !r.isValid(x) || !r.isValid(R))
-            throw new Error("invalid affine point");
-          if (A instanceof ae)
-            throw new Error("projective point not allowed");
-          return r.is0(x) && r.is0(R) ? ae.ZERO : new ae(x, R, r.ONE);
-        }
-        static fromBytes(A) {
-          const x = ae.fromAffine(T((0, t._abytes2)(A, void 0, "point")));
-          return x.assertValidity(), x;
-        }
-        static fromHex(A) {
-          return ae.fromBytes((0, t.ensureBytes)("pointHex", A));
-        }
-        get x() {
-          return this.toAffine().x;
-        }
-        get y() {
-          return this.toAffine().y;
-        }
-        /**
-         *
-         * @param windowSize
-         * @param isLazy true will defer table computation until the first multiplication
-         * @returns
-         */
-        precompute(A = 8, x = !0) {
-          return Ue.createCache(this, A), x || this.multiply(q), this;
-        }
-        // TODO: return `this`
-        /** A point on curve is valid if it conforms to equation. */
-        assertValidity() {
-          _e(this);
-        }
-        hasEvenY() {
-          const { y: A } = this.toAffine();
-          if (!r.isOdd)
-            throw new Error("Field doesn't support isOdd");
-          return !r.isOdd(A);
-        }
-        /** Compare one point to another. */
-        equals(A) {
-          fe(A);
-          const { X: x, Y: R, Z: K } = this, { X: J, Y: oe, Z: ne } = A, $ = r.eql(r.mul(x, ne), r.mul(J, K)), se = r.eql(r.mul(R, ne), r.mul(oe, K));
-          return $ && se;
-        }
-        /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
-        negate() {
-          return new ae(this.X, r.neg(this.Y), this.Z);
-        }
-        // Renes-Costello-Batina exception-free doubling formula.
-        // There is 30% faster Jacobian formula, but it is not complete.
-        // https://eprint.iacr.org/2015/1060, algorithm 3
-        // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
-        double() {
-          const { a: A, b: x } = m, R = r.mul(x, q), { X: K, Y: J, Z: oe } = this;
-          let ne = r.ZERO, $ = r.ZERO, se = r.ZERO, ce = r.mul(K, K), ge = r.mul(J, J), de = r.mul(oe, oe), ue = r.mul(K, J);
-          return ue = r.add(ue, ue), se = r.mul(K, oe), se = r.add(se, se), ne = r.mul(A, se), $ = r.mul(R, de), $ = r.add(ne, $), ne = r.sub(ge, $), $ = r.add(ge, $), $ = r.mul(ne, $), ne = r.mul(ue, ne), se = r.mul(R, se), de = r.mul(A, de), ue = r.sub(ce, de), ue = r.mul(A, ue), ue = r.add(ue, se), se = r.add(ce, ce), ce = r.add(se, ce), ce = r.add(ce, de), ce = r.mul(ce, ue), $ = r.add($, ce), de = r.mul(J, oe), de = r.add(de, de), ce = r.mul(de, ue), ne = r.sub(ne, ce), se = r.mul(de, ge), se = r.add(se, se), se = r.add(se, se), new ae(ne, $, se);
-        }
-        // Renes-Costello-Batina exception-free addition formula.
-        // There is 30% faster Jacobian formula, but it is not complete.
-        // https://eprint.iacr.org/2015/1060, algorithm 1
-        // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
-        add(A) {
-          fe(A);
-          const { X: x, Y: R, Z: K } = this, { X: J, Y: oe, Z: ne } = A;
-          let $ = r.ZERO, se = r.ZERO, ce = r.ZERO;
-          const ge = m.a, de = r.mul(m.b, q);
-          let ue = r.mul(x, J), me = r.mul(R, oe), we = r.mul(K, ne), Se = r.add(x, R), ye = r.add(J, oe);
-          Se = r.mul(Se, ye), ye = r.add(ue, me), Se = r.sub(Se, ye), ye = r.add(x, K);
-          let Ee = r.add(J, ne);
-          return ye = r.mul(ye, Ee), Ee = r.add(ue, we), ye = r.sub(ye, Ee), Ee = r.add(R, K), $ = r.add(oe, ne), Ee = r.mul(Ee, $), $ = r.add(me, we), Ee = r.sub(Ee, $), ce = r.mul(ge, ye), $ = r.mul(de, we), ce = r.add($, ce), $ = r.sub(me, ce), ce = r.add(me, ce), se = r.mul($, ce), me = r.add(ue, ue), me = r.add(me, ue), we = r.mul(ge, we), ye = r.mul(de, ye), me = r.add(me, we), we = r.sub(ue, we), we = r.mul(ge, we), ye = r.add(ye, we), ue = r.mul(me, ye), se = r.add(se, ue), ue = r.mul(Ee, ye), $ = r.mul(Se, $), $ = r.sub($, ue), ue = r.mul(Se, me), ce = r.mul(Ee, ce), ce = r.add(ce, ue), new ae($, se, ce);
-        }
-        subtract(A) {
-          return this.add(A.negate());
-        }
-        is0() {
-          return this.equals(ae.ZERO);
-        }
-        /**
-         * Constant time multiplication.
-         * Uses wNAF method. Windowed method may be 10% faster,
-         * but takes 2x longer to generate and consumes 2x memory.
-         * Uses precomputes when available.
-         * Uses endomorphism for Koblitz curves.
-         * @param scalar by which the point would be multiplied
-         * @returns New point
-         */
-        multiply(A) {
-          const { endo: x } = f;
-          if (!d.isValidNot0(A))
-            throw new Error("invalid scalar: out of range");
-          let R, K;
-          const J = (oe) => Ue.cached(this, oe, (ne) => (0, l.normalizeZ)(ae, ne));
-          if (x) {
-            const { k1neg: oe, k1: ne, k2neg: $, k2: se } = be(A), { p: ce, f: ge } = J(ne), { p: de, f: ue } = J(se);
-            K = ge.add(ue), R = Oe(x.beta, ce, de, oe, $);
-          } else {
-            const { p: oe, f: ne } = J(A);
-            R = oe, K = ne;
-          }
-          return (0, l.normalizeZ)(ae, [R, K])[0];
-        }
-        /**
-         * Non-constant-time multiplication. Uses double-and-add algorithm.
-         * It's faster, but should only be used when you don't care about
-         * an exposed secret key e.g. sig verification, which works over *public* keys.
-         */
-        multiplyUnsafe(A) {
-          const { endo: x } = f, R = this;
-          if (!d.isValid(A))
-            throw new Error("invalid scalar: out of range");
-          if (A === D || R.is0())
-            return ae.ZERO;
-          if (A === X)
-            return R;
-          if (Ue.hasCache(this))
-            return this.multiply(A);
-          if (x) {
-            const { k1neg: K, k1: J, k2neg: oe, k2: ne } = be(A), { p1: $, p2: se } = (0, l.mulEndoUnsafe)(ae, R, J, ne);
-            return Oe(x.beta, $, se, K, oe);
-          } else
-            return Ue.unsafe(R, A);
-        }
-        multiplyAndAddUnsafe(A, x, R) {
-          const K = this.multiplyUnsafe(x).add(A.multiplyUnsafe(R));
-          return K.is0() ? void 0 : K;
-        }
-        /**
-         * Converts Projective point to affine (x, y) coordinates.
-         * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
-         */
-        toAffine(A) {
-          return pe(this, A);
-        }
-        /**
-         * Checks whether Point is free of torsion elements (is in prime subgroup).
-         * Always torsion-free for cofactor=1 curves.
-         */
-        isTorsionFree() {
-          const { isTorsionFree: A } = f;
-          return s === X ? !0 : A ? A(ae, this) : Ue.unsafe(this, a).is0();
-        }
-        clearCofactor() {
-          const { clearCofactor: A } = f;
-          return s === X ? this : A ? A(ae, this) : this.multiplyUnsafe(s);
-        }
-        isSmallOrder() {
-          return this.multiplyUnsafe(s).is0();
-        }
-        toBytes(A = !0) {
-          return (0, t._abool2)(A, "isCompressed"), this.assertValidity(), I(ae, this, A);
-        }
-        toHex(A = !0) {
-          return (0, t.bytesToHex)(this.toBytes(A));
-        }
-        toString() {
-          return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
-        }
-        // TODO: remove
-        get px() {
-          return this.X;
-        }
-        get py() {
-          return this.X;
-        }
-        get pz() {
-          return this.Z;
-        }
-        toRawBytes(A = !0) {
-          return this.toBytes(A);
-        }
-        _setWindowSize(A) {
-          this.precompute(A);
-        }
-        static normalizeZ(A) {
-          return (0, l.normalizeZ)(ae, A);
-        }
-        static msm(A, x) {
-          return (0, l.pippenger)(ae, d, A, x);
-        }
-        static fromPrivateKey(A) {
-          return ae.BASE.multiply(U(d, A));
-        }
-      }
-      ae.BASE = new ae(m.Gx, m.Gy, r.ONE), ae.ZERO = new ae(r.ZERO, r.ONE, r.ZERO), ae.Fp = r, ae.Fn = d;
-      const De = d.BITS, Ue = new l.wNAF(ae, f.endo ? Math.ceil(De / 2) : De);
-      return ae.BASE.precompute(8), ae;
-    }
-    function G(o) {
-      return Uint8Array.of(o ? 2 : 3);
-    }
-    function te(o, f) {
-      const i = o.ORDER;
-      let r = D;
-      for (let T = i - X; T % S === D; T /= S)
-        r += X;
-      const d = r, m = S << d - X - X, s = m * S, a = (i - X) / s, h = (a - X) / S, g = s - X, B = m, H = o.pow(f, a), z = o.pow(f, (a + X) / S);
-      let I = (T, k) => {
-        let ee = H, F = o.pow(k, g), _ = o.sqr(F);
-        _ = o.mul(_, k);
-        let P = o.mul(T, _);
-        P = o.pow(P, h), P = o.mul(P, F), F = o.mul(P, k), _ = o.mul(P, T);
-        let fe = o.mul(_, F);
-        P = o.pow(fe, B);
-        let be = o.eql(P, o.ONE);
-        F = o.mul(_, z), P = o.mul(fe, ee), _ = o.cmov(F, _, be), fe = o.cmov(P, fe, be);
-        for (let pe = d; pe > X; pe--) {
-          let _e = pe - S;
-          _e = S << _e - X;
-          let Oe = o.pow(fe, _e);
-          const ae = o.eql(Oe, o.ONE);
-          F = o.mul(_, ee), ee = o.mul(ee, ee), Oe = o.mul(fe, ee), _ = o.cmov(F, _, ae), fe = o.cmov(Oe, fe, ae);
-        }
-        return { isValid: be, value: _ };
-      };
-      if (o.ORDER % V === q) {
-        const T = (o.ORDER - q) / V, k = o.sqrt(o.neg(f));
-        I = (ee, F) => {
-          let _ = o.sqr(F);
-          const P = o.mul(ee, F);
-          _ = o.mul(_, P);
-          let fe = o.pow(_, T);
-          fe = o.mul(fe, P);
-          const be = o.mul(fe, k), pe = o.mul(o.sqr(fe), F), _e = o.eql(pe, ee);
-          let Oe = o.cmov(be, fe, _e);
-          return { isValid: _e, value: Oe };
-        };
-      }
-      return I;
-    }
-    function re(o, f) {
-      (0, y.validateField)(o);
-      const { A: i, B: r, Z: d } = f;
-      if (!o.isValid(i) || !o.isValid(r) || !o.isValid(d))
-        throw new Error("mapToCurveSimpleSWU: invalid opts");
-      const m = te(o, d);
-      if (!o.isOdd)
-        throw new Error("Field does not have .isOdd()");
-      return (s) => {
-        let a, h, g, B, H, z, I, T;
-        a = o.sqr(s), a = o.mul(a, d), h = o.sqr(a), h = o.add(h, a), g = o.add(h, o.ONE), g = o.mul(g, r), B = o.cmov(d, o.neg(h), !o.eql(h, o.ZERO)), B = o.mul(B, i), h = o.sqr(g), z = o.sqr(B), H = o.mul(z, i), h = o.add(h, H), h = o.mul(h, g), z = o.mul(z, B), H = o.mul(z, r), h = o.add(h, H), I = o.mul(a, g);
-        const { isValid: k, value: ee } = m(h, z);
-        T = o.mul(a, s), T = o.mul(T, ee), I = o.cmov(I, g, k), T = o.cmov(T, ee, k);
-        const F = o.isOdd(s) === o.isOdd(T);
-        T = o.cmov(o.neg(T), T, F);
-        const _ = (0, y.FpInvertBatch)(o, [B], !0)[0];
-        return I = o.mul(I, _), { x: I, y: T };
-      };
-    }
-    function ie(o, f) {
-      return {
-        secretKey: f.BYTES,
-        publicKey: 1 + o.BYTES,
-        publicKeyUncompressed: 1 + 2 * o.BYTES,
-        publicKeyHasPrefix: !0,
-        signature: 2 * f.BYTES
-      };
-    }
-    function N(o, f = {}) {
-      const { Fn: i } = o, r = f.randomBytes || t.randomBytes, d = Object.assign(ie(o.Fp, i), { seed: (0, y.getMinHashLength)(i.ORDER) });
-      function m(I) {
-        try {
-          return !!U(i, I);
-        } catch {
-          return !1;
-        }
-      }
-      function s(I, T) {
-        const { publicKey: k, publicKeyUncompressed: ee } = d;
-        try {
-          const F = I.length;
-          return T === !0 && F !== k || T === !1 && F !== ee ? !1 : !!o.fromBytes(I);
-        } catch {
-          return !1;
-        }
-      }
-      function a(I = r(d.seed)) {
-        return (0, y.mapHashToField)((0, t._abytes2)(I, d.seed, "seed"), i.ORDER);
-      }
-      function h(I, T = !0) {
-        return o.BASE.multiply(U(i, I)).toBytes(T);
-      }
-      function g(I) {
-        const T = a(I);
-        return { secretKey: T, publicKey: h(T) };
-      }
-      function B(I) {
-        if (typeof I == "bigint")
-          return !1;
-        if (I instanceof o)
-          return !0;
-        const { secretKey: T, publicKey: k, publicKeyUncompressed: ee } = d;
-        if (i.allowedLengths || T === k)
-          return;
-        const F = (0, t.ensureBytes)("key", I).length;
-        return F === k || F === ee;
-      }
-      function H(I, T, k = !0) {
-        if (B(I) === !0)
-          throw new Error("first arg must be private key");
-        if (B(T) === !1)
-          throw new Error("second arg must be public key");
-        const ee = U(i, I);
-        return o.fromHex(T).multiply(ee).toBytes(k);
-      }
-      return Object.freeze({ getPublicKey: h, getSharedSecret: H, keygen: g, Point: o, utils: {
-        isValidSecretKey: m,
-        isValidPublicKey: s,
-        randomSecretKey: a,
-        // TODO: remove
-        isValidPrivateKey: m,
-        randomPrivateKey: a,
-        normPrivateKeyToScalar: (I) => U(i, I),
-        precompute(I = 8, T = o.BASE) {
-          return T.precompute(I, !1);
-        }
-      }, lengths: d });
-    }
-    function O(o, f, i = {}) {
-      (0, c.ahash)(f), (0, t._validateObject)(i, {}, {
-        hmac: "function",
-        lowS: "boolean",
-        randomBytes: "function",
-        bits2int: "function",
-        bits2int_modN: "function"
-      });
-      const r = i.randomBytes || t.randomBytes, d = i.hmac || ((x, ...R) => (0, n.hmac)(f, x, (0, t.concatBytes)(...R))), { Fp: m, Fn: s } = o, { ORDER: a, BITS: h } = s, { keygen: g, getPublicKey: B, getSharedSecret: H, utils: z, lengths: I } = N(o, i), T = {
-        prehash: !1,
-        lowS: typeof i.lowS == "boolean" ? i.lowS : !1,
-        format: void 0,
-        //'compact' as ECDSASigFormat,
-        extraEntropy: !1
-      }, k = "compact";
-      function ee(x) {
-        const R = a >> X;
-        return x > R;
-      }
-      function F(x, R) {
-        if (!s.isValidNot0(R))
-          throw new Error(`invalid signature ${x}: out of range 1..Point.Fn.ORDER`);
-        return R;
-      }
-      function _(x, R) {
-        E(R);
-        const K = I.signature, J = R === "compact" ? K : R === "recovered" ? K + 1 : void 0;
-        return (0, t._abytes2)(x, J, `${R} signature`);
-      }
-      class P {
-        constructor(R, K, J) {
-          this.r = F("r", R), this.s = F("s", K), J != null && (this.recovery = J), Object.freeze(this);
-        }
-        static fromBytes(R, K = k) {
-          _(R, K);
-          let J;
-          if (K === "der") {
-            const { r: se, s: ce } = e.DER.toSig((0, t._abytes2)(R));
-            return new P(se, ce);
-          }
-          K === "recovered" && (J = R[0], K = "compact", R = R.subarray(1));
-          const oe = s.BYTES, ne = R.subarray(0, oe), $ = R.subarray(oe, oe * 2);
-          return new P(s.fromBytes(ne), s.fromBytes($), J);
-        }
-        static fromHex(R, K) {
-          return this.fromBytes((0, t.hexToBytes)(R), K);
-        }
-        addRecoveryBit(R) {
-          return new P(this.r, this.s, R);
-        }
-        recoverPublicKey(R) {
-          const K = m.ORDER, { r: J, s: oe, recovery: ne } = this;
-          if (ne == null || ![0, 1, 2, 3].includes(ne))
-            throw new Error("recovery id invalid");
-          if (a * S < K && ne > 1)
-            throw new Error("recovery id is ambiguous for h>1 curve");
-          const se = ne === 2 || ne === 3 ? J + a : J;
-          if (!m.isValid(se))
-            throw new Error("recovery id 2 or 3 invalid");
-          const ce = m.toBytes(se), ge = o.fromBytes((0, t.concatBytes)(G((ne & 1) === 0), ce)), de = s.inv(se), ue = be((0, t.ensureBytes)("msgHash", R)), me = s.create(-ue * de), we = s.create(oe * de), Se = o.BASE.multiplyUnsafe(me).add(ge.multiplyUnsafe(we));
-          if (Se.is0())
-            throw new Error("point at infinify");
-          return Se.assertValidity(), Se;
-        }
-        // Signatures should be low-s, to prevent malleability.
-        hasHighS() {
-          return ee(this.s);
-        }
-        toBytes(R = k) {
-          if (E(R), R === "der")
-            return (0, t.hexToBytes)(e.DER.hexFromSig(this));
-          const K = s.toBytes(this.r), J = s.toBytes(this.s);
-          if (R === "recovered") {
-            if (this.recovery == null)
-              throw new Error("recovery bit must be present");
-            return (0, t.concatBytes)(Uint8Array.of(this.recovery), K, J);
-          }
-          return (0, t.concatBytes)(K, J);
-        }
-        toHex(R) {
-          return (0, t.bytesToHex)(this.toBytes(R));
-        }
-        // TODO: remove
-        assertValidity() {
-        }
-        static fromCompact(R) {
-          return P.fromBytes((0, t.ensureBytes)("sig", R), "compact");
-        }
-        static fromDER(R) {
-          return P.fromBytes((0, t.ensureBytes)("sig", R), "der");
-        }
-        normalizeS() {
-          return this.hasHighS() ? new P(this.r, s.neg(this.s), this.recovery) : this;
-        }
-        toDERRawBytes() {
-          return this.toBytes("der");
-        }
-        toDERHex() {
-          return (0, t.bytesToHex)(this.toBytes("der"));
-        }
-        toCompactRawBytes() {
-          return this.toBytes("compact");
-        }
-        toCompactHex() {
-          return (0, t.bytesToHex)(this.toBytes("compact"));
-        }
-      }
-      const fe = i.bits2int || function(R) {
-        if (R.length > 8192)
-          throw new Error("input is too large");
-        const K = (0, t.bytesToNumberBE)(R), J = R.length * 8 - h;
-        return J > 0 ? K >> BigInt(J) : K;
-      }, be = i.bits2int_modN || function(R) {
-        return s.create(fe(R));
-      }, pe = (0, t.bitMask)(h);
-      function _e(x) {
-        return (0, t.aInRange)("num < 2^" + h, x, D, pe), s.toBytes(x);
-      }
-      function Oe(x, R) {
-        return (0, t._abytes2)(x, void 0, "message"), R ? (0, t._abytes2)(f(x), void 0, "prehashed message") : x;
-      }
-      function ae(x, R, K) {
-        if (["recovered", "canonical"].some((me) => me in K))
-          throw new Error("sign() legacy options not supported");
-        const { lowS: J, prehash: oe, extraEntropy: ne } = Z(K, T);
-        x = Oe(x, oe);
-        const $ = be(x), se = U(s, R), ce = [_e(se), _e($)];
-        if (ne != null && ne !== !1) {
-          const me = ne === !0 ? r(I.secretKey) : ne;
-          ce.push((0, t.ensureBytes)("extraEntropy", me));
-        }
-        const ge = (0, t.concatBytes)(...ce), de = $;
-        function ue(me) {
-          const we = fe(me);
-          if (!s.isValidNot0(we))
-            return;
-          const Se = s.inv(we), ye = o.BASE.multiply(we).toAffine(), Ee = s.create(ye.x);
-          if (Ee === D)
-            return;
-          const Ce = s.create(Se * s.create(de + Ee * se));
-          if (Ce === D)
-            return;
-          let wt = (ye.x === Ee ? 0 : 2) | Number(ye.y & X), Et = Ce;
-          return J && ee(Ce) && (Et = s.neg(Ce), wt ^= 1), new P(Ee, Et, wt);
-        }
-        return { seed: ge, k2sig: ue };
-      }
-      function De(x, R, K = {}) {
-        x = (0, t.ensureBytes)("message", x);
-        const { seed: J, k2sig: oe } = ae(x, R, K);
-        return (0, t.createHmacDrbg)(f.outputLen, s.BYTES, d)(J, oe);
-      }
-      function Ue(x) {
-        let R;
-        const K = typeof x == "string" || (0, t.isBytes)(x), J = !K && x !== null && typeof x == "object" && typeof x.r == "bigint" && typeof x.s == "bigint";
-        if (!K && !J)
-          throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
-        if (J)
-          R = new P(x.r, x.s);
-        else if (K) {
-          try {
-            R = P.fromBytes((0, t.ensureBytes)("sig", x), "der");
-          } catch (oe) {
-            if (!(oe instanceof e.DER.Err))
-              throw oe;
-          }
-          if (!R)
-            try {
-              R = P.fromBytes((0, t.ensureBytes)("sig", x), "compact");
-            } catch {
-              return !1;
-            }
-        }
-        return R || !1;
-      }
-      function le(x, R, K, J = {}) {
-        const { lowS: oe, prehash: ne, format: $ } = Z(J, T);
-        if (K = (0, t.ensureBytes)("publicKey", K), R = Oe((0, t.ensureBytes)("message", R), ne), "strict" in J)
-          throw new Error("options.strict was renamed to lowS");
-        const se = $ === void 0 ? Ue(x) : P.fromBytes((0, t.ensureBytes)("sig", x), $);
-        if (se === !1)
-          return !1;
-        try {
-          const ce = o.fromBytes(K);
-          if (oe && se.hasHighS())
-            return !1;
-          const { r: ge, s: de } = se, ue = be(R), me = s.inv(de), we = s.create(ue * me), Se = s.create(ge * me), ye = o.BASE.multiplyUnsafe(we).add(ce.multiplyUnsafe(Se));
-          return ye.is0() ? !1 : s.create(ye.x) === ge;
-        } catch {
-          return !1;
-        }
-      }
-      function A(x, R, K = {}) {
-        const { prehash: J } = Z(K, T);
-        return R = Oe(R, J), P.fromBytes(x, "recovered").recoverPublicKey(R).toBytes();
-      }
-      return Object.freeze({
-        keygen: g,
-        getPublicKey: B,
-        getSharedSecret: H,
-        utils: z,
-        lengths: I,
-        Point: o,
-        sign: De,
-        verify: le,
-        recoverPublicKey: A,
-        Signature: P,
-        hash: f
-      });
-    }
-    function L(o) {
-      const { CURVE: f, curveOpts: i } = v(o), r = W(f, i);
-      return C(o, r);
-    }
-    function v(o) {
-      const f = {
-        a: o.a,
-        b: o.b,
-        p: o.Fp.ORDER,
-        n: o.n,
-        h: o.h,
-        Gx: o.Gx,
-        Gy: o.Gy
-      }, i = o.Fp;
-      let r = o.allowedPrivateKeyLengths ? Array.from(new Set(o.allowedPrivateKeyLengths.map((s) => Math.ceil(s / 2)))) : void 0;
-      const d = (0, y.Field)(f.n, {
-        BITS: o.nBitLength,
-        allowedLengths: r,
-        modFromBytes: o.wrapPrivateKey
-      }), m = {
-        Fp: i,
-        Fn: d,
-        allowInfinityPoint: o.allowInfinityPoint,
-        endo: o.endo,
-        isTorsionFree: o.isTorsionFree,
-        clearCofactor: o.clearCofactor,
-        fromBytes: o.fromBytes,
-        toBytes: o.toBytes
-      };
-      return { CURVE: f, curveOpts: m };
-    }
-    function j(o) {
-      const { CURVE: f, curveOpts: i } = v(o), r = {
-        hmac: o.hmac,
-        randomBytes: o.randomBytes,
-        lowS: o.lowS,
-        bits2int: o.bits2int,
-        bits2int_modN: o.bits2int_modN
-      };
-      return { CURVE: f, curveOpts: i, hash: o.hash, ecdsaOpts: r };
-    }
-    function Q(o, f, i) {
-      function r(d) {
-        const m = o.sqr(d), s = o.mul(m, d);
-        return o.add(o.add(s, o.mul(d, f)), i);
-      }
-      return r;
-    }
-    function C(o, f) {
-      const { Fp: i, Fn: r } = f;
-      function d(s) {
-        return (0, t.inRange)(s, X, r.ORDER);
-      }
-      const m = Q(i, o.a, o.b);
-      return Object.assign({}, {
-        CURVE: o,
-        Point: f,
-        ProjectivePoint: f,
-        normPrivateKeyToScalar: (s) => U(r, s),
-        weierstrassEquation: m,
-        isWithinCurveOrder: d
-      });
-    }
-    function b(o, f) {
-      const i = f.Point;
-      return Object.assign({}, f, {
-        ProjectivePoint: i,
-        CURVE: Object.assign({}, o, (0, y.nLength)(i.Fn.ORDER, i.Fn.BITS))
-      });
-    }
-    function u(o) {
-      const { CURVE: f, curveOpts: i, hash: r, ecdsaOpts: d } = j(o), m = W(f, i), s = O(m, r, d);
-      return b(o, s);
-    }
-  })(tt)), tt;
-}
-var St;
-function mn() {
-  if (St) return Me;
-  St = 1, Object.defineProperty(Me, "__esModule", { value: !0 }), Me.getHash = n, Me.createCurve = c;
-  const e = /* @__PURE__ */ Vt();
-  function n(t) {
-    return { hash: t };
-  }
-  function c(t, l) {
-    const y = (w) => (0, e.weierstrass)({ ...t, hash: w });
-    return { ...y(l), create: y };
-  }
-  return Me;
-}
-var rt = {}, Rt;
-function yn() {
-  return Rt || (Rt = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e._DST_scalar = void 0, e.expand_message_xmd = E, e.expand_message_xof = Z, e.hash_to_field = M, e.isogenyMap = D, e.createHasher = X;
-    const n = /* @__PURE__ */ je(), c = /* @__PURE__ */ Je(), t = n.bytesToNumberBE;
-    function l(S, q) {
-      if (w(S), w(q), S < 0 || S >= 1 << 8 * q)
-        throw new Error("invalid I2OSP input: " + S);
-      const V = Array.from({ length: q }).fill(0);
-      for (let U = q - 1; U >= 0; U--)
-        V[U] = S & 255, S >>>= 8;
-      return new Uint8Array(V);
-    }
-    function y(S, q) {
-      const V = new Uint8Array(S.length);
-      for (let U = 0; U < S.length; U++)
-        V[U] = S[U] ^ q[U];
-      return V;
-    }
-    function w(S) {
-      if (!Number.isSafeInteger(S))
-        throw new Error("number expected");
-    }
-    function p(S) {
-      if (!(0, n.isBytes)(S) && typeof S != "string")
-        throw new Error("DST must be Uint8Array or string");
-      return typeof S == "string" ? (0, n.utf8ToBytes)(S) : S;
-    }
-    function E(S, q, V, U) {
-      (0, n.abytes)(S), w(V), q = p(q), q.length > 255 && (q = U((0, n.concatBytes)((0, n.utf8ToBytes)("H2C-OVERSIZE-DST-"), q)));
-      const { outputLen: W, blockLen: G } = U, te = Math.ceil(V / W);
-      if (V > 65535 || te > 255)
-        throw new Error("expand_message_xmd: invalid lenInBytes");
-      const re = (0, n.concatBytes)(q, l(q.length, 1)), ie = l(0, G), N = l(V, 2), O = new Array(te), L = U((0, n.concatBytes)(ie, S, N, l(0, 1), re));
-      O[0] = U((0, n.concatBytes)(L, l(1, 1), re));
-      for (let j = 1; j <= te; j++) {
-        const Q = [y(L, O[j - 1]), l(j + 1, 1), re];
-        O[j] = U((0, n.concatBytes)(...Q));
-      }
-      return (0, n.concatBytes)(...O).slice(0, V);
-    }
-    function Z(S, q, V, U, W) {
-      if ((0, n.abytes)(S), w(V), q = p(q), q.length > 255) {
-        const G = Math.ceil(2 * U / 8);
-        q = W.create({ dkLen: G }).update((0, n.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(q).digest();
-      }
-      if (V > 65535 || q.length > 255)
-        throw new Error("expand_message_xof: invalid lenInBytes");
-      return W.create({ dkLen: V }).update(S).update(l(V, 2)).update(q).update(l(q.length, 1)).digest();
-    }
-    function M(S, q, V) {
-      (0, n._validateObject)(V, {
-        p: "bigint",
-        m: "number",
-        k: "number",
-        hash: "function"
-      });
-      const { p: U, k: W, m: G, hash: te, expand: re, DST: ie } = V;
-      if (!(0, n.isHash)(V.hash))
-        throw new Error("expected valid hash");
-      (0, n.abytes)(S), w(q);
-      const N = U.toString(2).length, O = Math.ceil((N + W) / 8), L = q * G * O;
-      let v;
-      if (re === "xmd")
-        v = E(S, ie, L, te);
-      else if (re === "xof")
-        v = Z(S, ie, L, W, te);
-      else if (re === "_internal_pass")
-        v = S;
-      else
-        throw new Error('expand must be "xmd" or "xof"');
-      const j = new Array(q);
-      for (let Q = 0; Q < q; Q++) {
-        const C = new Array(G);
-        for (let b = 0; b < G; b++) {
-          const u = O * (b + Q * G), o = v.subarray(u, u + O);
-          C[b] = (0, c.mod)(t(o), U);
-        }
-        j[Q] = C;
-      }
-      return j;
-    }
-    function D(S, q) {
-      const V = q.map((U) => Array.from(U).reverse());
-      return (U, W) => {
-        const [G, te, re, ie] = V.map((L) => L.reduce((v, j) => S.add(S.mul(v, U), j))), [N, O] = (0, c.FpInvertBatch)(S, [te, ie], !0);
-        return U = S.mul(G, N), W = S.mul(W, S.mul(re, O)), { x: U, y: W };
-      };
-    }
-    e._DST_scalar = (0, n.utf8ToBytes)("HashToScalar-");
-    function X(S, q, V) {
-      if (typeof q != "function")
-        throw new Error("mapToCurve() must be defined");
-      function U(G) {
-        return S.fromAffine(q(G));
-      }
-      function W(G) {
-        const te = G.clearCofactor();
-        return te.equals(S.ZERO) ? S.ZERO : (te.assertValidity(), te);
-      }
-      return {
-        defaults: V,
-        hashToCurve(G, te) {
-          const re = Object.assign({}, V, te), ie = M(G, 2, re), N = U(ie[0]), O = U(ie[1]);
-          return W(N.add(O));
-        },
-        encodeToCurve(G, te) {
-          const re = V.encodeDST ? { DST: V.encodeDST } : {}, ie = Object.assign({}, V, re, te), N = M(G, 1, ie), O = U(N[0]);
-          return W(O);
-        },
-        /** See {@link H2CHasher} */
-        mapToCurve(G) {
-          if (!Array.isArray(G))
-            throw new Error("expected array of bigints");
-          for (const te of G)
-            if (typeof te != "bigint")
-              throw new Error("expected array of bigints");
-          return W(U(G));
-        },
-        // hash_to_scalar can produce 0: https://www.rfc-editor.org/errata/eid8393
-        // RFC 9380, draft-irtf-cfrg-bbs-signatures-08
-        hashToScalar(G, te) {
-          const re = S.Fn.ORDER, ie = Object.assign({}, V, { p: re, m: 1, DST: e._DST_scalar }, te);
-          return M(G, 1, ie)[0][0];
-        }
-      };
-    }
-  })(rt)), rt;
-}
-var Ot;
-function Gn() {
-  return Ot || (Ot = 1, (function(e) {
-    Object.defineProperty(e, "__esModule", { value: !0 }), e.encodeToCurve = e.hashToCurve = e.secp256k1_hasher = e.schnorr = e.secp256k1 = void 0;
-    const n = /* @__PURE__ */ un(), c = /* @__PURE__ */ Xe(), t = /* @__PURE__ */ mn(), l = /* @__PURE__ */ yn(), y = /* @__PURE__ */ Je(), w = /* @__PURE__ */ Vt(), p = /* @__PURE__ */ je(), E = {
-      p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
-      n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
-      h: BigInt(1),
-      a: BigInt(0),
-      b: BigInt(7),
-      Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
-      Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
-    }, Z = {
-      beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
-      basises: [
-        [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
-        [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
-      ]
-    }, M = /* @__PURE__ */ BigInt(0), D = /* @__PURE__ */ BigInt(1), X = /* @__PURE__ */ BigInt(2);
-    function S(b) {
-      const u = E.p, o = BigInt(3), f = BigInt(6), i = BigInt(11), r = BigInt(22), d = BigInt(23), m = BigInt(44), s = BigInt(88), a = b * b * b % u, h = a * a * b % u, g = (0, y.pow2)(h, o, u) * h % u, B = (0, y.pow2)(g, o, u) * h % u, H = (0, y.pow2)(B, X, u) * a % u, z = (0, y.pow2)(H, i, u) * H % u, I = (0, y.pow2)(z, r, u) * z % u, T = (0, y.pow2)(I, m, u) * I % u, k = (0, y.pow2)(T, s, u) * T % u, ee = (0, y.pow2)(k, m, u) * I % u, F = (0, y.pow2)(ee, o, u) * h % u, _ = (0, y.pow2)(F, d, u) * z % u, P = (0, y.pow2)(_, f, u) * a % u, fe = (0, y.pow2)(P, X, u);
-      if (!q.eql(q.sqr(fe), b))
-        throw new Error("Cannot find square root");
-      return fe;
-    }
-    const q = (0, y.Field)(E.p, { sqrt: S });
-    e.secp256k1 = (0, t.createCurve)({ ...E, Fp: q, lowS: !0, endo: Z }, n.sha256);
-    const V = {};
-    function U(b, ...u) {
-      let o = V[b];
-      if (o === void 0) {
-        const f = (0, n.sha256)((0, p.utf8ToBytes)(b));
-        o = (0, p.concatBytes)(f, f), V[b] = o;
-      }
-      return (0, n.sha256)((0, p.concatBytes)(o, ...u));
-    }
-    const W = (b) => b.toBytes(!0).slice(1), G = e.secp256k1.Point, te = (b) => b % X === M;
-    function re(b) {
-      const { Fn: u, BASE: o } = G, f = (0, w._normFnElement)(u, b), i = o.multiply(f);
-      return { scalar: te(i.y) ? f : u.neg(f), bytes: W(i) };
-    }
-    function ie(b) {
-      const u = q;
-      if (!u.isValidNot0(b))
-        throw new Error("invalid x: Fail if x ≥ p");
-      const o = u.create(b * b), f = u.create(o * b + BigInt(7));
-      let i = u.sqrt(f);
-      te(i) || (i = u.neg(i));
-      const r = G.fromAffine({ x: b, y: i });
-      return r.assertValidity(), r;
-    }
-    const N = p.bytesToNumberBE;
-    function O(...b) {
-      return G.Fn.create(N(U("BIP0340/challenge", ...b)));
-    }
-    function L(b) {
-      return re(b).bytes;
-    }
-    function v(b, u, o = (0, c.randomBytes)(32)) {
-      const { Fn: f } = G, i = (0, p.ensureBytes)("message", b), { bytes: r, scalar: d } = re(u), m = (0, p.ensureBytes)("auxRand", o, 32), s = f.toBytes(d ^ N(U("BIP0340/aux", m))), a = U("BIP0340/nonce", s, r, i), { bytes: h, scalar: g } = re(a), B = O(h, r, i), H = new Uint8Array(64);
-      if (H.set(h, 0), H.set(f.toBytes(f.create(g + B * d)), 32), !j(H, i, r))
-        throw new Error("sign: Invalid signature produced");
-      return H;
-    }
-    function j(b, u, o) {
-      const { Fn: f, BASE: i } = G, r = (0, p.ensureBytes)("signature", b, 64), d = (0, p.ensureBytes)("message", u), m = (0, p.ensureBytes)("publicKey", o, 32);
-      try {
-        const s = ie(N(m)), a = N(r.subarray(0, 32));
-        if (!(0, p.inRange)(a, D, E.p))
-          return !1;
-        const h = N(r.subarray(32, 64));
-        if (!(0, p.inRange)(h, D, E.n))
-          return !1;
-        const g = O(f.toBytes(a), W(s), d), B = i.multiplyUnsafe(h).add(s.multiplyUnsafe(f.neg(g))), { x: H, y: z } = B.toAffine();
-        return !(B.is0() || !te(z) || H !== a);
-      } catch {
-        return !1;
-      }
-    }
-    e.schnorr = (() => {
-      const o = (i = (0, c.randomBytes)(48)) => (0, y.mapHashToField)(i, E.n);
-      e.secp256k1.utils.randomSecretKey;
-      function f(i) {
-        const r = o(i);
-        return { secretKey: r, publicKey: L(r) };
-      }
-      return {
-        keygen: f,
-        getPublicKey: L,
-        sign: v,
-        verify: j,
-        Point: G,
-        utils: {
-          randomSecretKey: o,
-          randomPrivateKey: o,
-          taggedHash: U,
-          // TODO: remove
-          lift_x: ie,
-          pointToBytes: W,
-          numberToBytesBE: p.numberToBytesBE,
-          bytesToNumberBE: p.bytesToNumberBE,
-          mod: y.mod
-        },
-        lengths: {
-          secretKey: 32,
-          publicKey: 32,
-          publicKeyHasPrefix: !1,
-          signature: 64,
-          seed: 48
-        }
-      };
-    })();
-    const Q = (0, l.isogenyMap)(q, [
-      // xNum
-      [
-        "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7",
-        "0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581",
-        "0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262",
-        "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"
-      ],
-      // xDen
-      [
-        "0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b",
-        "0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14",
-        "0x0000000000000000000000000000000000000000000000000000000000000001"
-        // LAST 1
-      ],
-      // yNum
-      [
-        "0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c",
-        "0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3",
-        "0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931",
-        "0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"
-      ],
-      // yDen
-      [
-        "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b",
-        "0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573",
-        "0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f",
-        "0x0000000000000000000000000000000000000000000000000000000000000001"
-        // LAST 1
-      ]
-    ].map((b) => b.map((u) => BigInt(u)))), C = (0, w.mapToCurveSimpleSWU)(q, {
-      A: BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),
-      B: BigInt("1771"),
-      Z: q.create(BigInt("-11"))
-    });
-    e.secp256k1_hasher = (0, l.createHasher)(e.secp256k1.Point, (b) => {
-      const { x: u, y: o } = C(q.create(b[0]));
-      return Q(u, o);
-    }, {
-      DST: "secp256k1_XMD:SHA-256_SSWU_RO_",
-      encodeDST: "secp256k1_XMD:SHA-256_SSWU_NU_",
-      p: q.ORDER,
-      m: 1,
-      k: 128,
-      expand: "xmd",
-      hash: n.sha256
-    }), e.hashToCurve = e.secp256k1_hasher.hashToCurve, e.encodeToCurve = e.secp256k1_hasher.encodeToCurve;
-  })(et)), et;
-}
-var Y = {}, Tt;
-function Wn() {
-  if (Tt) return Y;
-  Tt = 1, Object.defineProperty(Y, "__esModule", { value: !0 }), Y.isHash = Y.validateObject = Y.memoized = Y.notImplemented = Y.createHmacDrbg = Y.bitMask = Y.bitSet = Y.bitGet = Y.bitLen = Y.aInRange = Y.inRange = Y.asciiToBytes = Y.copyBytes = Y.equalBytes = Y.ensureBytes = Y.numberToVarBytesBE = Y.numberToBytesLE = Y.numberToBytesBE = Y.bytesToNumberLE = Y.bytesToNumberBE = Y.hexToNumber = Y.numberToHexUnpadded = Y.abool = Y.utf8ToBytes = Y.randomBytes = Y.isBytes = Y.hexToBytes = Y.concatBytes = Y.bytesToUtf8 = Y.bytesToHex = Y.anumber = Y.abytes = void 0;
-  const e = /* @__PURE__ */ je();
-  return Y.abytes = e.abytes, Y.anumber = e.anumber, Y.bytesToHex = e.bytesToHex, Y.bytesToUtf8 = e.bytesToUtf8, Y.concatBytes = e.concatBytes, Y.hexToBytes = e.hexToBytes, Y.isBytes = e.isBytes, Y.randomBytes = e.randomBytes, Y.utf8ToBytes = e.utf8ToBytes, Y.abool = e.abool, Y.numberToHexUnpadded = e.numberToHexUnpadded, Y.hexToNumber = e.hexToNumber, Y.bytesToNumberBE = e.bytesToNumberBE, Y.bytesToNumberLE = e.bytesToNumberLE, Y.numberToBytesBE = e.numberToBytesBE, Y.numberToBytesLE = e.numberToBytesLE, Y.numberToVarBytesBE = e.numberToVarBytesBE, Y.ensureBytes = e.ensureBytes, Y.equalBytes = e.equalBytes, Y.copyBytes = e.copyBytes, Y.asciiToBytes = e.asciiToBytes, Y.inRange = e.inRange, Y.aInRange = e.aInRange, Y.bitLen = e.bitLen, Y.bitGet = e.bitGet, Y.bitSet = e.bitSet, Y.bitMask = e.bitMask, Y.createHmacDrbg = e.createHmacDrbg, Y.notImplemented = e.notImplemented, Y.memoized = e.memoized, Y.validateObject = e.validateObject, Y.isHash = e.isHash, Y;
-}
-const lt = /* @__PURE__ */ BigInt(0), ft = /* @__PURE__ */ BigInt(1);
-function Ge(e, n = "") {
-  if (typeof e != "boolean") {
-    const c = n && `"${n}" `;
-    throw new Error(c + "expected boolean, got type=" + typeof e);
+import { p as ht, q as it, e as V, t as lt, f as J, u as de, d as Mt, v as ae, i as Kt, w as he } from "./noble-hashes.js";
+const Rt = /* @__PURE__ */ BigInt(0), Bt = /* @__PURE__ */ BigInt(1);
+function dt(n, t = "") {
+  if (typeof n != "boolean") {
+    const r = t && `"${t}" `;
+    throw new Error(r + "expected boolean, got type=" + typeof n);
   }
-  return e;
+  return n;
 }
-function Dt(e) {
-  if (typeof e == "bigint") {
-    if (!ze(e))
-      throw new Error("positive bigint expected, got " + e);
+function zt(n) {
+  if (typeof n == "bigint") {
+    if (!ut(n))
+      throw new Error("positive bigint expected, got " + n);
   } else
-    Ve(e);
-  return e;
+    it(n);
+  return n;
 }
-function Ke(e) {
-  const n = Dt(e).toString(16);
-  return n.length & 1 ? "0" + n : n;
+function ct(n) {
+  const t = zt(n).toString(16);
+  return t.length & 1 ? "0" + t : t;
 }
-function Ct(e) {
-  if (typeof e != "string")
-    throw new Error("hex string expected, got " + typeof e);
-  return e === "" ? lt : BigInt("0x" + e);
+function Ct(n) {
+  if (typeof n != "string")
+    throw new Error("hex string expected, got " + typeof n);
+  return n === "" ? Rt : BigInt("0x" + n);
 }
-function Fe(e) {
-  return Ct(Qe(e));
+function wt(n) {
+  return Ct(ht(n));
 }
-function Kt(e) {
-  return Ct(Qe(gn(Be(e)).reverse()));
+function Ht(n) {
+  return Ct(ht(we(V(n)).reverse()));
 }
-function dt(e, n) {
-  Ve(n), e = Dt(e);
-  const c = Pe(e.toString(16).padStart(n * 2, "0"));
-  if (c.length !== n)
+function xt(n, t) {
+  it(t), n = zt(n);
+  const r = lt(n.toString(16).padStart(t * 2, "0"));
+  if (r.length !== t)
     throw new Error("number too large");
-  return c;
+  return r;
 }
-function Yt(e, n) {
-  return dt(e, n).reverse();
+function Xt(n, t) {
+  return xt(n, t).reverse();
 }
-function gn(e) {
-  return Uint8Array.from(e);
+function we(n) {
+  return Uint8Array.from(n);
 }
-const ze = (e) => typeof e == "bigint" && lt <= e;
-function wn(e, n, c) {
-  return ze(e) && ze(n) && ze(c) && n <= e && e < c;
+const ut = (n) => typeof n == "bigint" && Rt <= n;
+function ge(n, t, r) {
+  return ut(n) && ut(t) && ut(r) && t <= n && n < r;
 }
-function En(e, n, c, t) {
-  if (!wn(n, c, t))
-    throw new Error("expected valid " + e + ": " + c + " <= n < " + t + ", got " + n);
+function me(n, t, r, e) {
+  if (!ge(t, r, e))
+    throw new Error("expected valid " + n + ": " + r + " <= n < " + e + ", got " + t);
 }
-function Bn(e) {
-  let n;
-  for (n = 0; e > lt; e >>= ft, n += 1)
+function be(n) {
+  let t;
+  for (t = 0; n > Rt; n >>= Bt, t += 1)
     ;
-  return n;
+  return t;
 }
-const ht = (e) => (ft << BigInt(e)) - ft;
-function vn(e, n, c) {
-  if (Ve(e, "hashLen"), Ve(n, "qByteLen"), typeof c != "function")
+const St = (n) => (Bt << BigInt(n)) - Bt;
+function Ee(n, t, r) {
+  if (it(n, "hashLen"), it(t, "qByteLen"), typeof r != "function")
     throw new Error("hmacFn must be a function");
-  const t = (U) => new Uint8Array(U), l = Uint8Array.of(), y = Uint8Array.of(0), w = Uint8Array.of(1), p = 1e3;
-  let E = t(e), Z = t(e), M = 0;
-  const D = () => {
-    E.fill(1), Z.fill(0), M = 0;
-  }, X = (...U) => c(Z, Ae(E, ...U)), S = (U = l) => {
-    Z = X(y, U), E = X(), U.length !== 0 && (Z = X(w, U), E = X());
-  }, q = () => {
-    if (M++ >= p)
+  const e = (R) => new Uint8Array(R), o = Uint8Array.of(), s = Uint8Array.of(0), i = Uint8Array.of(1), u = 1e3;
+  let c = e(n), a = e(n), w = 0;
+  const S = () => {
+    c.fill(1), a.fill(0), w = 0;
+  }, q = (...R) => r(a, J(c, ...R)), B = (R = o) => {
+    a = q(s, R), c = q(), R.length !== 0 && (a = q(i, R), c = q());
+  }, v = () => {
+    if (w++ >= u)
       throw new Error("drbg: tried max amount of iterations");
-    let U = 0;
-    const W = [];
-    for (; U < n; ) {
-      E = X();
-      const G = E.slice();
-      W.push(G), U += E.length;
-    }
-    return Ae(...W);
+    let R = 0;
+    const N = [];
+    for (; R < t; ) {
+      c = q();
+      const T = c.slice();
+      N.push(T), R += c.length;
+    }
+    return J(...N);
   };
-  return (U, W) => {
-    D(), S(U);
-    let G;
-    for (; !(G = W(q())); )
-      S();
-    return D(), G;
+  return (R, N) => {
+    S(), B(R);
+    let T;
+    for (; !(T = N(v())); )
+      B();
+    return S(), T;
   };
 }
-function bt(e, n = {}, c = {}) {
-  if (!e || typeof e != "object")
+function Ot(n, t = {}, r = {}) {
+  if (!n || typeof n != "object")
     throw new Error("expected valid options object");
-  function t(y, w, p) {
-    const E = e[y];
-    if (p && E === void 0)
+  function e(s, i, u) {
+    const c = n[s];
+    if (u && c === void 0)
       return;
-    const Z = typeof E;
-    if (Z !== w || E === null)
-      throw new Error(`param "${y}" is invalid: expected ${w}, got ${Z}`);
-  }
-  const l = (y, w) => Object.entries(y).forEach(([p, E]) => t(p, E, w));
-  l(n, !1), l(c, !0);
-}
-function qt(e) {
-  const n = /* @__PURE__ */ new WeakMap();
-  return (c, ...t) => {
-    const l = n.get(c);
-    if (l !== void 0)
-      return l;
-    const y = e(c, ...t);
-    return n.set(c, y), y;
+    const a = typeof c;
+    if (a !== i || c === null)
+      throw new Error(`param "${s}" is invalid: expected ${i}, got ${a}`);
+  }
+  const o = (s, i) => Object.entries(s).forEach(([u, c]) => e(u, c, i));
+  o(t, !1), o(r, !0);
+}
+function At(n) {
+  const t = /* @__PURE__ */ new WeakMap();
+  return (r, ...e) => {
+    const o = t.get(r);
+    if (o !== void 0)
+      return o;
+    const s = n(r, ...e);
+    return t.set(r, s), s;
   };
 }
-function mt(e) {
-  if (!Number.isSafeInteger(e) || e < 0 || e > 4294967295)
-    throw new Error("wrong u32 integer:" + e);
-  return e;
+function qt(n) {
+  if (!Number.isSafeInteger(n) || n < 0 || n > 4294967295)
+    throw new Error("wrong u32 integer:" + n);
+  return n;
 }
-function zt(e) {
-  return mt(e), (e & e - 1) === 0 && e !== 0;
+function Gt(n) {
+  return qt(n), (n & n - 1) === 0 && n !== 0;
 }
-function pn(e, n) {
-  mt(e);
-  let c = 0;
-  for (let t = 0; t < n; t++, e >>>= 1)
-    c = c << 1 | e & 1;
-  return c;
+function ye(n, t) {
+  qt(n);
+  let r = 0;
+  for (let e = 0; e < t; e++, n >>>= 1)
+    r = r << 1 | n & 1;
+  return r;
 }
-function Xt(e) {
-  return mt(e), 31 - Math.clz32(e);
+function Wt(n) {
+  return qt(n), 31 - Math.clz32(n);
 }
-function xt(e) {
-  const n = e.length;
-  if (n < 2 || !zt(n))
-    throw new Error("n must be a power of 2 and greater than 1. Got " + n);
-  const c = Xt(n);
-  for (let t = 0; t < n; t++) {
-    const l = pn(t, c);
-    if (t < l) {
-      const y = e[t];
-      e[t] = e[l], e[l] = y;
+function Lt(n) {
+  const t = n.length;
+  if (t < 2 || !Gt(t))
+    throw new Error("n must be a power of 2 and greater than 1. Got " + t);
+  const r = Wt(t);
+  for (let e = 0; e < t; e++) {
+    const o = ye(e, r);
+    if (e < o) {
+      const s = n[e];
+      n[e] = n[o], n[o] = s;
     }
   }
-  return e;
+  return n;
 }
-const Qn = (e, n) => {
-  const { N: c, roots: t, dit: l, invertButterflies: y = !1, skipStages: w = 0, brp: p = !0 } = n, E = Xt(c);
-  if (!zt(c))
+const Ce = (n, t) => {
+  const { N: r, roots: e, dit: o, invertButterflies: s = !1, skipStages: i = 0, brp: u = !0 } = t, c = Wt(r);
+  if (!Gt(r))
     throw new Error("FFT: Polynomial size should be power of two");
-  const Z = l !== y;
-  return (M) => {
-    if (M.length !== c)
+  const a = o !== s;
+  return (w) => {
+    if (w.length !== r)
       throw new Error("FFT: wrong Polynomial length");
-    l && p && xt(M);
-    for (let D = 0, X = 1; D < E - w; D++) {
-      const S = l ? D + 1 + w : E - D, q = 1 << S, V = q >> 1, U = c >> S;
-      for (let W = 0; W < c; W += q)
-        for (let G = 0, te = X++; G < V; G++) {
-          const re = y ? l ? c - te : te : G * U, ie = W + G, N = W + G + V, O = t[re], L = M[N], v = M[ie];
-          if (Z) {
-            const j = e.mul(L, O);
-            M[ie] = e.add(v, j), M[N] = e.sub(v, j);
-          } else y ? (M[ie] = e.add(L, v), M[N] = e.mul(e.sub(L, v), O)) : (M[ie] = e.add(v, L), M[N] = e.mul(e.sub(v, L), O));
-        }
-    }
-    return !l && p && xt(M), M;
+    o && u && Lt(w);
+    for (let S = 0, q = 1; S < c - i; S++) {
+      const B = o ? S + 1 + i : c - S, v = 1 << B, _ = v >> 1, R = r >> B;
+      for (let N = 0; N < r; N += v)
+        for (let T = 0, C = q++; T < _; T++) {
+          const Y = s ? o ? r - C : C : T * R, K = N + T, M = N + T + _, F = e[Y], H = w[M], x = w[K];
+          if (a) {
+            const P = n.mul(H, F);
+            w[K] = n.add(x, P), w[M] = n.sub(x, P);
+          } else s ? (w[K] = n.add(H, x), w[M] = n.mul(n.sub(H, x), F)) : (w[K] = n.add(x, H), w[M] = n.mul(n.sub(x, H), F));
+        }
+    }
+    return !o && u && Lt(w), w;
   };
 };
-const Re = /* @__PURE__ */ BigInt(0), ve = /* @__PURE__ */ BigInt(1), Ze = /* @__PURE__ */ BigInt(2), Pt = /* @__PURE__ */ BigInt(3), Gt = /* @__PURE__ */ BigInt(4), Wt = /* @__PURE__ */ BigInt(5), _n = /* @__PURE__ */ BigInt(7), Qt = /* @__PURE__ */ BigInt(8), Sn = /* @__PURE__ */ BigInt(9), Jt = /* @__PURE__ */ BigInt(16);
-function xe(e, n) {
-  const c = e % n;
-  return c >= Re ? c : n + c;
-}
-function qe(e, n, c) {
-  let t = e;
-  for (; n-- > Re; )
-    t *= t, t %= c;
-  return t;
+const j = /* @__PURE__ */ BigInt(0), $ = /* @__PURE__ */ BigInt(1), et = /* @__PURE__ */ BigInt(2), Qt = /* @__PURE__ */ BigInt(3), Jt = /* @__PURE__ */ BigInt(4), Ft = /* @__PURE__ */ BigInt(5), Be = /* @__PURE__ */ BigInt(7), Pt = /* @__PURE__ */ BigInt(8), pe = /* @__PURE__ */ BigInt(9), te = /* @__PURE__ */ BigInt(16);
+function X(n, t) {
+  const r = n % t;
+  return r >= j ? r : t + r;
+}
+function z(n, t, r) {
+  let e = n;
+  for (; t-- > j; )
+    e *= e, e %= r;
+  return e;
 }
-function It(e, n) {
-  if (e === Re)
+function Dt(n, t) {
+  if (n === j)
     throw new Error("invert: expected non-zero number");
-  if (n <= Re)
-    throw new Error("invert: expected positive modulus, got " + n);
-  let c = xe(e, n), t = n, l = Re, y = ve;
-  for (; c !== Re; ) {
-    const p = t / c, E = t % c, Z = l - y * p;
-    t = c, c = E, l = y, y = Z;
-  }
-  if (t !== ve)
+  if (t <= j)
+    throw new Error("invert: expected positive modulus, got " + t);
+  let r = X(n, t), e = t, o = j, s = $;
+  for (; r !== j; ) {
+    const u = e / r, c = e % r, a = o - s * u;
+    e = r, r = c, o = s, s = a;
+  }
+  if (e !== $)
     throw new Error("invert: does not exist");
-  return xe(l, n);
+  return X(o, t);
 }
-function yt(e, n, c) {
-  if (!e.eql(e.sqr(n), c))
+function It(n, t, r) {
+  if (!n.eql(n.sqr(t), r))
     throw new Error("Cannot find square root");
 }
-function Ft(e, n) {
-  const c = (e.ORDER + ve) / Gt, t = e.pow(n, c);
-  return yt(e, t, n), t;
-}
-function Rn(e, n) {
-  const c = (e.ORDER - Wt) / Qt, t = e.mul(n, Ze), l = e.pow(t, c), y = e.mul(n, l), w = e.mul(e.mul(y, Ze), l), p = e.mul(y, e.sub(w, e.ONE));
-  return yt(e, p, n), p;
-}
-function On(e) {
-  const n = $e(e), c = $t(e), t = c(n, n.neg(n.ONE)), l = c(n, t), y = c(n, n.neg(t)), w = (e + _n) / Jt;
-  return (p, E) => {
-    let Z = p.pow(E, w), M = p.mul(Z, t);
-    const D = p.mul(Z, l), X = p.mul(Z, y), S = p.eql(p.sqr(M), E), q = p.eql(p.sqr(D), E);
-    Z = p.cmov(Z, M, S), M = p.cmov(X, D, q);
-    const V = p.eql(p.sqr(M), E), U = p.cmov(Z, M, V);
-    return yt(p, U, E), U;
+function ee(n, t) {
+  const r = (n.ORDER + $) / Jt, e = n.pow(t, r);
+  return It(n, e, t), e;
+}
+function ve(n, t) {
+  const r = (n.ORDER - Ft) / Pt, e = n.mul(t, et), o = n.pow(e, r), s = n.mul(t, o), i = n.mul(n.mul(s, et), o), u = n.mul(s, n.sub(i, n.ONE));
+  return It(n, u, t), u;
+}
+function Re(n) {
+  const t = gt(n), r = ne(n), e = r(t, t.neg(t.ONE)), o = r(t, e), s = r(t, t.neg(e)), i = (n + Be) / te;
+  return (u, c) => {
+    let a = u.pow(c, i), w = u.mul(a, e);
+    const S = u.mul(a, o), q = u.mul(a, s), B = u.eql(u.sqr(w), c), v = u.eql(u.sqr(S), c);
+    a = u.cmov(a, w, B), w = u.cmov(q, S, v);
+    const _ = u.eql(u.sqr(w), c), R = u.cmov(a, w, _);
+    return It(u, R, c), R;
   };
 }
-function $t(e) {
-  if (e < Pt)
+function ne(n) {
+  if (n < Qt)
     throw new Error("sqrt is not defined for small field");
-  let n = e - ve, c = 0;
-  for (; n % Ze === Re; )
-    n /= Ze, c++;
-  let t = Ze;
-  const l = $e(e);
-  for (; Nt(l, t) === 1; )
-    if (t++ > 1e3)
+  let t = n - $, r = 0;
+  for (; t % et === j; )
+    t /= et, r++;
+  let e = et;
+  const o = gt(n);
+  for (; Tt(o, e) === 1; )
+    if (e++ > 1e3)
       throw new Error("Cannot find square root: probably non-prime P");
-  if (c === 1)
-    return Ft;
-  let y = l.pow(t, n);
-  const w = (n + ve) / Ze;
-  return function(E, Z) {
-    if (E.is0(Z))
-      return Z;
-    if (Nt(E, Z) !== 1)
+  if (r === 1)
+    return ee;
+  let s = o.pow(e, t);
+  const i = (t + $) / et;
+  return function(c, a) {
+    if (c.is0(a))
+      return a;
+    if (Tt(c, a) !== 1)
       throw new Error("Cannot find square root");
-    let M = c, D = E.mul(E.ONE, y), X = E.pow(Z, n), S = E.pow(Z, w);
-    for (; !E.eql(X, E.ONE); ) {
-      if (E.is0(X))
-        return E.ZERO;
-      let q = 1, V = E.sqr(X);
-      for (; !E.eql(V, E.ONE); )
-        if (q++, V = E.sqr(V), q === M)
+    let w = r, S = c.mul(c.ONE, s), q = c.pow(a, t), B = c.pow(a, i);
+    for (; !c.eql(q, c.ONE); ) {
+      if (c.is0(q))
+        return c.ZERO;
+      let v = 1, _ = c.sqr(q);
+      for (; !c.eql(_, c.ONE); )
+        if (v++, _ = c.sqr(_), v === w)
           throw new Error("Cannot find square root");
-      const U = ve << BigInt(M - q - 1), W = E.pow(D, U);
-      M = q, D = E.sqr(W), X = E.mul(X, D), S = E.mul(S, W);
+      const R = $ << BigInt(w - v - 1), N = c.pow(S, R);
+      w = v, S = c.sqr(N), q = c.mul(q, S), B = c.mul(B, N);
     }
-    return S;
+    return B;
   };
 }
-function Tn(e) {
-  return e % Gt === Pt ? Ft : e % Qt === Wt ? Rn : e % Jt === Sn ? On(e) : $t(e);
+function xe(n) {
+  return n % Jt === Qt ? ee : n % Pt === Ft ? ve : n % te === pe ? Re(n) : ne(n);
 }
-const qn = [
+const Se = [
   "create",
   "isValid",
   "is0",
@@ -2168,221 +269,221 @@ const qn = [
   "mulN",
   "sqrN"
 ];
-function xn(e) {
-  const n = {
+function Oe(n) {
+  const t = {
     ORDER: "bigint",
     BYTES: "number",
     BITS: "number"
-  }, c = qn.reduce((t, l) => (t[l] = "function", t), n);
-  return bt(e, c), e;
+  }, r = Se.reduce((e, o) => (e[o] = "function", e), t);
+  return Ot(n, r), n;
 }
-function In(e, n, c) {
-  if (c < Re)
+function qe(n, t, r) {
+  if (r < j)
     throw new Error("invalid exponent, negatives unsupported");
-  if (c === Re)
-    return e.ONE;
-  if (c === ve)
-    return n;
-  let t = e.ONE, l = n;
-  for (; c > Re; )
-    c & ve && (t = e.mul(t, l)), l = e.sqr(l), c >>= ve;
-  return t;
+  if (r === j)
+    return n.ONE;
+  if (r === $)
+    return t;
+  let e = n.ONE, o = t;
+  for (; r > j; )
+    r & $ && (e = n.mul(e, o)), o = n.sqr(o), r >>= $;
+  return e;
 }
-function en(e, n, c = !1) {
-  const t = new Array(n.length).fill(c ? e.ZERO : void 0), l = n.reduce((w, p, E) => e.is0(p) ? w : (t[E] = w, e.mul(w, p)), e.ONE), y = e.inv(l);
-  return n.reduceRight((w, p, E) => e.is0(p) ? w : (t[E] = e.mul(w, t[E]), e.mul(w, p)), y), t;
+function re(n, t, r = !1) {
+  const e = new Array(t.length).fill(r ? n.ZERO : void 0), o = t.reduce((i, u, c) => n.is0(u) ? i : (e[c] = i, n.mul(i, u)), n.ONE), s = n.inv(o);
+  return t.reduceRight((i, u, c) => n.is0(u) ? i : (e[c] = n.mul(i, e[c]), n.mul(i, u)), s), e;
 }
-function Nt(e, n) {
-  const c = (e.ORDER - ve) / Ze, t = e.pow(n, c), l = e.eql(t, e.ONE), y = e.eql(t, e.ZERO), w = e.eql(t, e.neg(e.ONE));
-  if (!l && !y && !w)
+function Tt(n, t) {
+  const r = (n.ORDER - $) / et, e = n.pow(t, r), o = n.eql(e, n.ONE), s = n.eql(e, n.ZERO), i = n.eql(e, n.neg(n.ONE));
+  if (!o && !s && !i)
     throw new Error("invalid Legendre symbol result");
-  return l ? 1 : y ? 0 : -1;
+  return o ? 1 : s ? 0 : -1;
 }
-function Nn(e, n) {
-  n !== void 0 && Ve(n);
-  const c = n !== void 0 ? n : e.toString(2).length, t = Math.ceil(c / 8);
-  return { nBitLength: c, nByteLength: t };
+function Ie(n, t) {
+  t !== void 0 && it(t);
+  const r = t !== void 0 ? t : n.toString(2).length, e = Math.ceil(r / 8);
+  return { nBitLength: r, nByteLength: e };
 }
-class An {
+class Ne {
   ORDER;
   BITS;
   BYTES;
   isLE;
-  ZERO = Re;
-  ONE = ve;
+  ZERO = j;
+  ONE = $;
   _lengths;
   _sqrt;
   // cached sqrt
   _mod;
-  constructor(n, c = {}) {
-    if (n <= Re)
-      throw new Error("invalid field: expected ORDER > 0, got " + n);
-    let t;
-    this.isLE = !1, c != null && typeof c == "object" && (typeof c.BITS == "number" && (t = c.BITS), typeof c.sqrt == "function" && (this.sqrt = c.sqrt), typeof c.isLE == "boolean" && (this.isLE = c.isLE), c.allowedLengths && (this._lengths = c.allowedLengths?.slice()), typeof c.modFromBytes == "boolean" && (this._mod = c.modFromBytes));
-    const { nBitLength: l, nByteLength: y } = Nn(n, t);
-    if (y > 2048)
+  constructor(t, r = {}) {
+    if (t <= j)
+      throw new Error("invalid field: expected ORDER > 0, got " + t);
+    let e;
+    this.isLE = !1, r != null && typeof r == "object" && (typeof r.BITS == "number" && (e = r.BITS), typeof r.sqrt == "function" && (this.sqrt = r.sqrt), typeof r.isLE == "boolean" && (this.isLE = r.isLE), r.allowedLengths && (this._lengths = r.allowedLengths?.slice()), typeof r.modFromBytes == "boolean" && (this._mod = r.modFromBytes));
+    const { nBitLength: o, nByteLength: s } = Ie(t, e);
+    if (s > 2048)
       throw new Error("invalid field: expected ORDER of <= 2048 bytes");
-    this.ORDER = n, this.BITS = l, this.BYTES = y, this._sqrt = void 0, Object.preventExtensions(this);
+    this.ORDER = t, this.BITS = o, this.BYTES = s, this._sqrt = void 0, Object.preventExtensions(this);
   }
-  create(n) {
-    return xe(n, this.ORDER);
+  create(t) {
+    return X(t, this.ORDER);
   }
-  isValid(n) {
-    if (typeof n != "bigint")
-      throw new Error("invalid field element: expected bigint, got " + typeof n);
-    return Re <= n && n < this.ORDER;
+  isValid(t) {
+    if (typeof t != "bigint")
+      throw new Error("invalid field element: expected bigint, got " + typeof t);
+    return j <= t && t < this.ORDER;
   }
-  is0(n) {
-    return n === Re;
+  is0(t) {
+    return t === j;
   }
   // is valid and invertible
-  isValidNot0(n) {
-    return !this.is0(n) && this.isValid(n);
+  isValidNot0(t) {
+    return !this.is0(t) && this.isValid(t);
   }
-  isOdd(n) {
-    return (n & ve) === ve;
+  isOdd(t) {
+    return (t & $) === $;
   }
-  neg(n) {
-    return xe(-n, this.ORDER);
+  neg(t) {
+    return X(-t, this.ORDER);
   }
-  eql(n, c) {
-    return n === c;
+  eql(t, r) {
+    return t === r;
   }
-  sqr(n) {
-    return xe(n * n, this.ORDER);
+  sqr(t) {
+    return X(t * t, this.ORDER);
   }
-  add(n, c) {
-    return xe(n + c, this.ORDER);
+  add(t, r) {
+    return X(t + r, this.ORDER);
   }
-  sub(n, c) {
-    return xe(n - c, this.ORDER);
+  sub(t, r) {
+    return X(t - r, this.ORDER);
   }
-  mul(n, c) {
-    return xe(n * c, this.ORDER);
+  mul(t, r) {
+    return X(t * r, this.ORDER);
   }
-  pow(n, c) {
-    return In(this, n, c);
+  pow(t, r) {
+    return qe(this, t, r);
   }
-  div(n, c) {
-    return xe(n * It(c, this.ORDER), this.ORDER);
+  div(t, r) {
+    return X(t * Dt(r, this.ORDER), this.ORDER);
   }
   // Same as above, but doesn't normalize
-  sqrN(n) {
-    return n * n;
+  sqrN(t) {
+    return t * t;
   }
-  addN(n, c) {
-    return n + c;
+  addN(t, r) {
+    return t + r;
   }
-  subN(n, c) {
-    return n - c;
+  subN(t, r) {
+    return t - r;
   }
-  mulN(n, c) {
-    return n * c;
+  mulN(t, r) {
+    return t * r;
   }
-  inv(n) {
-    return It(n, this.ORDER);
+  inv(t) {
+    return Dt(t, this.ORDER);
   }
-  sqrt(n) {
-    return this._sqrt || (this._sqrt = Tn(this.ORDER)), this._sqrt(this, n);
+  sqrt(t) {
+    return this._sqrt || (this._sqrt = xe(this.ORDER)), this._sqrt(this, t);
   }
-  toBytes(n) {
-    return this.isLE ? Yt(n, this.BYTES) : dt(n, this.BYTES);
+  toBytes(t) {
+    return this.isLE ? Xt(t, this.BYTES) : xt(t, this.BYTES);
   }
-  fromBytes(n, c = !1) {
-    Be(n);
-    const { _lengths: t, BYTES: l, isLE: y, ORDER: w, _mod: p } = this;
-    if (t) {
-      if (!t.includes(n.length) || n.length > l)
-        throw new Error("Field.fromBytes: expected " + t + " bytes, got " + n.length);
-      const Z = new Uint8Array(l);
-      Z.set(n, y ? 0 : Z.length - n.length), n = Z;
+  fromBytes(t, r = !1) {
+    V(t);
+    const { _lengths: e, BYTES: o, isLE: s, ORDER: i, _mod: u } = this;
+    if (e) {
+      if (!e.includes(t.length) || t.length > o)
+        throw new Error("Field.fromBytes: expected " + e + " bytes, got " + t.length);
+      const a = new Uint8Array(o);
+      a.set(t, s ? 0 : a.length - t.length), t = a;
     }
-    if (n.length !== l)
-      throw new Error("Field.fromBytes: expected " + l + " bytes, got " + n.length);
-    let E = y ? Kt(n) : Fe(n);
-    if (p && (E = xe(E, w)), !c && !this.isValid(E))
+    if (t.length !== o)
+      throw new Error("Field.fromBytes: expected " + o + " bytes, got " + t.length);
+    let c = s ? Ht(t) : wt(t);
+    if (u && (c = X(c, i)), !r && !this.isValid(c))
       throw new Error("invalid field element: outside of range 0..ORDER");
-    return E;
+    return c;
   }
   // TODO: we don't need it here, move out to separate fn
-  invertBatch(n) {
-    return en(this, n);
+  invertBatch(t) {
+    return re(this, t);
   }
   // We can't move this out because Fp6, Fp12 implement it
   // and it's unclear what to return in there.
-  cmov(n, c, t) {
-    return t ? c : n;
+  cmov(t, r, e) {
+    return e ? r : t;
   }
 }
-function $e(e, n = {}) {
-  return new An(e, n);
+function gt(n, t = {}) {
+  return new Ne(n, t);
 }
-function tn(e) {
-  if (typeof e != "bigint")
+function oe(n) {
+  if (typeof n != "bigint")
     throw new Error("field order must be bigint");
-  const n = e.toString(2).length;
-  return Math.ceil(n / 8);
-}
-function nn(e) {
-  const n = tn(e);
-  return n + Math.ceil(n / 2);
-}
-function Un(e, n, c = !1) {
-  Be(e);
-  const t = e.length, l = tn(n), y = nn(n);
-  if (t < 16 || t < y || t > 1024)
-    throw new Error("expected " + y + "-1024 bytes of input, got " + t);
-  const w = c ? Kt(e) : Fe(e), p = xe(w, n - ve) + ve;
-  return c ? Yt(p, l) : dt(p, l);
-}
-const ke = /* @__PURE__ */ BigInt(0), Le = /* @__PURE__ */ BigInt(1);
-function We(e, n) {
-  const c = n.negate();
-  return e ? c : n;
-}
-function At(e, n) {
-  const c = en(e.Fp, n.map((t) => t.Z));
-  return n.map((t, l) => e.fromAffine(t.toAffine(c[l])));
-}
-function rn(e, n) {
-  if (!Number.isSafeInteger(e) || e <= 0 || e > n)
-    throw new Error("invalid window size, expected [1.." + n + "], got W=" + e);
-}
-function ot(e, n) {
-  rn(e, n);
-  const c = Math.ceil(n / e) + 1, t = 2 ** (e - 1), l = 2 ** e, y = ht(e), w = BigInt(e);
-  return { windows: c, windowSize: t, mask: y, maxNumber: l, shiftBy: w };
-}
-function Ut(e, n, c) {
-  const { windowSize: t, mask: l, maxNumber: y, shiftBy: w } = c;
-  let p = Number(e & l), E = e >> w;
-  p > t && (p -= y, E += Le);
-  const Z = n * t, M = Z + Math.abs(p) - 1, D = p === 0, X = p < 0, S = n % 2 !== 0;
-  return { nextN: E, offset: M, isZero: D, isNeg: X, isNegF: S, offsetF: Z };
-}
-const st = /* @__PURE__ */ new WeakMap(), on = /* @__PURE__ */ new WeakMap();
-function it(e) {
-  return on.get(e) || 1;
-}
-function Zt(e) {
-  if (e !== ke)
+  const t = n.toString(2).length;
+  return Math.ceil(t / 8);
+}
+function ie(n) {
+  const t = oe(n);
+  return t + Math.ceil(t / 2);
+}
+function _e(n, t, r = !1) {
+  V(n);
+  const e = n.length, o = oe(t), s = ie(t);
+  if (e < 16 || e < s || e > 1024)
+    throw new Error("expected " + s + "-1024 bytes of input, got " + e);
+  const i = r ? Ht(n) : wt(n), u = X(i, t - $) + $;
+  return r ? Xt(u, o) : xt(u, o);
+}
+const ot = /* @__PURE__ */ BigInt(0), nt = /* @__PURE__ */ BigInt(1);
+function at(n, t) {
+  const r = t.negate();
+  return n ? r : t;
+}
+function Ut(n, t) {
+  const r = re(n.Fp, t.map((e) => e.Z));
+  return t.map((e, o) => n.fromAffine(e.toAffine(r[o])));
+}
+function se(n, t) {
+  if (!Number.isSafeInteger(n) || n <= 0 || n > t)
+    throw new Error("invalid window size, expected [1.." + t + "], got W=" + n);
+}
+function mt(n, t) {
+  se(n, t);
+  const r = Math.ceil(t / n) + 1, e = 2 ** (n - 1), o = 2 ** n, s = St(n), i = BigInt(n);
+  return { windows: r, windowSize: e, mask: s, maxNumber: o, shiftBy: i };
+}
+function Yt(n, t, r) {
+  const { windowSize: e, mask: o, maxNumber: s, shiftBy: i } = r;
+  let u = Number(n & o), c = n >> i;
+  u > e && (u -= s, c += nt);
+  const a = t * e, w = a + Math.abs(u) - 1, S = u === 0, q = u < 0, B = t % 2 !== 0;
+  return { nextN: c, offset: w, isZero: S, isNeg: q, isNegF: B, offsetF: a };
+}
+const bt = /* @__PURE__ */ new WeakMap(), ce = /* @__PURE__ */ new WeakMap();
+function Et(n) {
+  return ce.get(n) || 1;
+}
+function kt(n) {
+  if (n !== ot)
     throw new Error("invalid wNAF");
 }
-class Zn {
+class Ze {
   BASE;
   ZERO;
   Fn;
   bits;
   // Parametrized with a given Point class (not individual point)
-  constructor(n, c) {
-    this.BASE = n.BASE, this.ZERO = n.ZERO, this.Fn = n.Fn, this.bits = c;
+  constructor(t, r) {
+    this.BASE = t.BASE, this.ZERO = t.ZERO, this.Fn = t.Fn, this.bits = r;
   }
   // non-const time multiplication ladder
-  _unsafeLadder(n, c, t = this.ZERO) {
-    let l = n;
-    for (; c > ke; )
-      c & Le && (t = t.add(l)), l = l.double(), c >>= Le;
-    return t;
+  _unsafeLadder(t, r, e = this.ZERO) {
+    let o = t;
+    for (; r > ot; )
+      r & nt && (e = e.add(o)), o = o.double(), r >>= nt;
+    return e;
   }
   /**
    * Creates a wNAF precomputation window. Used for caching.
@@ -2396,16 +497,16 @@ class Zn {
    * @param W window size
    * @returns precomputed point tables flattened to a single array
    */
-  precomputeWindow(n, c) {
-    const { windows: t, windowSize: l } = ot(c, this.bits), y = [];
-    let w = n, p = w;
-    for (let E = 0; E < t; E++) {
-      p = w, y.push(p);
-      for (let Z = 1; Z < l; Z++)
-        p = p.add(w), y.push(p);
-      w = p.double();
+  precomputeWindow(t, r) {
+    const { windows: e, windowSize: o } = mt(r, this.bits), s = [];
+    let i = t, u = i;
+    for (let c = 0; c < e; c++) {
+      u = i, s.push(u);
+      for (let a = 1; a < o; a++)
+        u = u.add(i), s.push(u);
+      i = u.double();
     }
-    return y;
+    return s;
   }
   /**
    * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
@@ -2413,165 +514,165 @@ class Zn {
    * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
    * @returns real and fake (for const-time) points
    */
-  wNAF(n, c, t) {
-    if (!this.Fn.isValid(t))
+  wNAF(t, r, e) {
+    if (!this.Fn.isValid(e))
       throw new Error("invalid scalar");
-    let l = this.ZERO, y = this.BASE;
-    const w = ot(n, this.bits);
-    for (let p = 0; p < w.windows; p++) {
-      const { nextN: E, offset: Z, isZero: M, isNeg: D, isNegF: X, offsetF: S } = Ut(t, p, w);
-      t = E, M ? y = y.add(We(X, c[S])) : l = l.add(We(D, c[Z]));
+    let o = this.ZERO, s = this.BASE;
+    const i = mt(t, this.bits);
+    for (let u = 0; u < i.windows; u++) {
+      const { nextN: c, offset: a, isZero: w, isNeg: S, isNegF: q, offsetF: B } = Yt(e, u, i);
+      e = c, w ? s = s.add(at(q, r[B])) : o = o.add(at(S, r[a]));
     }
-    return Zt(t), { p: l, f: y };
+    return kt(e), { p: o, f: s };
   }
   /**
    * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
    * @param acc accumulator point to add result of multiplication
    * @returns point
    */
-  wNAFUnsafe(n, c, t, l = this.ZERO) {
-    const y = ot(n, this.bits);
-    for (let w = 0; w < y.windows && t !== ke; w++) {
-      const { nextN: p, offset: E, isZero: Z, isNeg: M } = Ut(t, w, y);
-      if (t = p, !Z) {
-        const D = c[E];
-        l = l.add(M ? D.negate() : D);
+  wNAFUnsafe(t, r, e, o = this.ZERO) {
+    const s = mt(t, this.bits);
+    for (let i = 0; i < s.windows && e !== ot; i++) {
+      const { nextN: u, offset: c, isZero: a, isNeg: w } = Yt(e, i, s);
+      if (e = u, !a) {
+        const S = r[c];
+        o = o.add(w ? S.negate() : S);
       }
     }
-    return Zt(t), l;
+    return kt(e), o;
   }
-  getPrecomputes(n, c, t) {
-    let l = st.get(c);
-    return l || (l = this.precomputeWindow(c, n), n !== 1 && (typeof t == "function" && (l = t(l)), st.set(c, l))), l;
+  getPrecomputes(t, r, e) {
+    let o = bt.get(r);
+    return o || (o = this.precomputeWindow(r, t), t !== 1 && (typeof e == "function" && (o = e(o)), bt.set(r, o))), o;
   }
-  cached(n, c, t) {
-    const l = it(n);
-    return this.wNAF(l, this.getPrecomputes(l, n, t), c);
+  cached(t, r, e) {
+    const o = Et(t);
+    return this.wNAF(o, this.getPrecomputes(o, t, e), r);
   }
-  unsafe(n, c, t, l) {
-    const y = it(n);
-    return y === 1 ? this._unsafeLadder(n, c, l) : this.wNAFUnsafe(y, this.getPrecomputes(y, n, t), c, l);
+  unsafe(t, r, e, o) {
+    const s = Et(t);
+    return s === 1 ? this._unsafeLadder(t, r, o) : this.wNAFUnsafe(s, this.getPrecomputes(s, t, e), r, o);
   }
   // We calculate precomputes for elliptic curve point multiplication
   // using windowed method. This specifies window size and
   // stores precomputed values. Usually only base point would be precomputed.
-  createCache(n, c) {
-    rn(c, this.bits), on.set(n, c), st.delete(n);
+  createCache(t, r) {
+    se(r, this.bits), ce.set(t, r), bt.delete(t);
   }
-  hasCache(n) {
-    return it(n) !== 1;
+  hasCache(t) {
+    return Et(t) !== 1;
   }
 }
-function Ln(e, n, c, t) {
-  let l = n, y = e.ZERO, w = e.ZERO;
-  for (; c > ke || t > ke; )
-    c & Le && (y = y.add(l)), t & Le && (w = w.add(l)), l = l.double(), c >>= Le, t >>= Le;
-  return { p1: y, p2: w };
+function Ae(n, t, r, e) {
+  let o = t, s = n.ZERO, i = n.ZERO;
+  for (; r > ot || e > ot; )
+    r & nt && (s = s.add(o)), e & nt && (i = i.add(o)), o = o.double(), r >>= nt, e >>= nt;
+  return { p1: s, p2: i };
 }
-function Lt(e, n, c) {
-  if (n) {
-    if (n.ORDER !== e)
+function Vt(n, t, r) {
+  if (t) {
+    if (t.ORDER !== n)
       throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
-    return xn(n), n;
+    return Oe(t), t;
   } else
-    return $e(e, { isLE: c });
-}
-function Hn(e, n, c = {}, t) {
-  if (t === void 0 && (t = e === "edwards"), !n || typeof n != "object")
-    throw new Error(`expected valid ${e} CURVE object`);
-  for (const E of ["p", "n", "h"]) {
-    const Z = n[E];
-    if (!(typeof Z == "bigint" && Z > ke))
-      throw new Error(`CURVE.${E} must be positive bigint`);
-  }
-  const l = Lt(n.p, c.Fp, t), y = Lt(n.n, c.Fn, t), p = ["Gx", "Gy", "a", "b"];
-  for (const E of p)
-    if (!l.isValid(n[E]))
-      throw new Error(`CURVE.${E} must be valid field element of CURVE.Fp`);
-  return n = Object.freeze(Object.assign({}, n)), { CURVE: n, Fp: l, Fn: y };
-}
-function kn(e, n) {
-  return function(t) {
-    const l = e(t);
-    return { secretKey: l, publicKey: n(l) };
+    return gt(n, { isLE: r });
+}
+function Le(n, t, r = {}, e) {
+  if (e === void 0 && (e = n === "edwards"), !t || typeof t != "object")
+    throw new Error(`expected valid ${n} CURVE object`);
+  for (const c of ["p", "n", "h"]) {
+    const a = t[c];
+    if (!(typeof a == "bigint" && a > ot))
+      throw new Error(`CURVE.${c} must be positive bigint`);
+  }
+  const o = Vt(t.p, r.Fp, e), s = Vt(t.n, r.Fn, e), u = ["Gx", "Gy", "a", "b"];
+  for (const c of u)
+    if (!o.isValid(t[c]))
+      throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`);
+  return t = Object.freeze(Object.assign({}, t)), { CURVE: t, Fp: o, Fn: s };
+}
+function De(n, t) {
+  return function(e) {
+    const o = n(e);
+    return { secretKey: o, publicKey: t(o) };
   };
 }
-const Ht = (e, n) => (e + (e >= 0 ? n : -n) / sn) / n;
-function jn(e, n, c) {
-  const [[t, l], [y, w]] = n, p = Ht(w * e, c), E = Ht(-l * e, c);
-  let Z = e - p * t - E * y, M = -p * l - E * w;
-  const D = Z < Ie, X = M < Ie;
-  D && (Z = -Z), X && (M = -M);
-  const S = ht(Math.ceil(Bn(c) / 2)) + He;
-  if (Z < Ie || Z >= S || M < Ie || M >= S)
-    throw new Error("splitScalar (endomorphism): failed, k=" + e);
-  return { k1neg: D, k1: Z, k2neg: X, k2: M };
-}
-function at(e) {
-  if (!["compact", "recovered", "der"].includes(e))
+const $t = (n, t) => (n + (n >= 0 ? t : -t) / fe) / t;
+function Te(n, t, r) {
+  const [[e, o], [s, i]] = t, u = $t(i * n, r), c = $t(-o * n, r);
+  let a = n - u * e - c * s, w = -u * o - c * i;
+  const S = a < W, q = w < W;
+  S && (a = -a), q && (w = -w);
+  const B = St(Math.ceil(be(r) / 2)) + rt;
+  if (a < W || a >= B || w < W || w >= B)
+    throw new Error("splitScalar (endomorphism): failed, k=" + n);
+  return { k1neg: S, k1: a, k2neg: q, k2: w };
+}
+function pt(n) {
+  if (!["compact", "recovered", "der"].includes(n))
     throw new Error('Signature format must be "compact", "recovered", or "der"');
-  return e;
+  return n;
 }
-function ct(e, n) {
-  const c = {};
-  for (let t of Object.keys(n))
-    c[t] = e[t] === void 0 ? n[t] : e[t];
-  return Ge(c.lowS, "lowS"), Ge(c.prehash, "prehash"), c.format !== void 0 && at(c.format), c;
+function yt(n, t) {
+  const r = {};
+  for (let e of Object.keys(t))
+    r[e] = n[e] === void 0 ? t[e] : n[e];
+  return dt(r.lowS, "lowS"), dt(r.prehash, "prehash"), r.format !== void 0 && pt(r.format), r;
 }
-class Mn extends Error {
-  constructor(n = "") {
-    super(n);
+class Ue extends Error {
+  constructor(t = "") {
+    super(t);
   }
 }
-const Ne = {
+const Q = {
   // asn.1 DER encoding utils
-  Err: Mn,
+  Err: Ue,
   // Basic building block is TLV (Tag-Length-Value)
   _tlv: {
-    encode: (e, n) => {
-      const { Err: c } = Ne;
-      if (e < 0 || e > 256)
-        throw new c("tlv.encode: wrong tag");
-      if (n.length & 1)
-        throw new c("tlv.encode: unpadded data");
-      const t = n.length / 2, l = Ke(t);
-      if (l.length / 2 & 128)
-        throw new c("tlv.encode: long form length too big");
-      const y = t > 127 ? Ke(l.length / 2 | 128) : "";
-      return Ke(e) + y + l + n;
+    encode: (n, t) => {
+      const { Err: r } = Q;
+      if (n < 0 || n > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (t.length & 1)
+        throw new r("tlv.encode: unpadded data");
+      const e = t.length / 2, o = ct(e);
+      if (o.length / 2 & 128)
+        throw new r("tlv.encode: long form length too big");
+      const s = e > 127 ? ct(o.length / 2 | 128) : "";
+      return ct(n) + s + o + t;
     },
     // v - value, l - left bytes (unparsed)
-    decode(e, n) {
-      const { Err: c } = Ne;
-      let t = 0;
-      if (e < 0 || e > 256)
-        throw new c("tlv.encode: wrong tag");
-      if (n.length < 2 || n[t++] !== e)
-        throw new c("tlv.decode: wrong tlv");
-      const l = n[t++], y = !!(l & 128);
-      let w = 0;
-      if (!y)
-        w = l;
+    decode(n, t) {
+      const { Err: r } = Q;
+      let e = 0;
+      if (n < 0 || n > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (t.length < 2 || t[e++] !== n)
+        throw new r("tlv.decode: wrong tlv");
+      const o = t[e++], s = !!(o & 128);
+      let i = 0;
+      if (!s)
+        i = o;
       else {
-        const E = l & 127;
-        if (!E)
-          throw new c("tlv.decode(long): indefinite length not supported");
-        if (E > 4)
-          throw new c("tlv.decode(long): byte length is too big");
-        const Z = n.subarray(t, t + E);
-        if (Z.length !== E)
-          throw new c("tlv.decode: length bytes not complete");
-        if (Z[0] === 0)
-          throw new c("tlv.decode(long): zero leftmost byte");
-        for (const M of Z)
-          w = w << 8 | M;
-        if (t += E, w < 128)
-          throw new c("tlv.decode(long): not minimal encoding");
+        const c = o & 127;
+        if (!c)
+          throw new r("tlv.decode(long): indefinite length not supported");
+        if (c > 4)
+          throw new r("tlv.decode(long): byte length is too big");
+        const a = t.subarray(e, e + c);
+        if (a.length !== c)
+          throw new r("tlv.decode: length bytes not complete");
+        if (a[0] === 0)
+          throw new r("tlv.decode(long): zero leftmost byte");
+        for (const w of a)
+          i = i << 8 | w;
+        if (e += c, i < 128)
+          throw new r("tlv.decode(long): not minimal encoding");
       }
-      const p = n.subarray(t, t + w);
-      if (p.length !== w)
-        throw new c("tlv.decode: wrong value length");
-      return { v: p, l: n.subarray(t + w) };
+      const u = t.subarray(e, e + i);
+      if (u.length !== i)
+        throw new r("tlv.decode: wrong value length");
+      return { v: u, l: t.subarray(e + i) };
     }
   },
   // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
@@ -2579,43 +680,43 @@ const Ne = {
   // - add zero byte if exists
   // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
   _int: {
-    encode(e) {
-      const { Err: n } = Ne;
-      if (e < Ie)
-        throw new n("integer: negative integers are not allowed");
-      let c = Ke(e);
-      if (Number.parseInt(c[0], 16) & 8 && (c = "00" + c), c.length & 1)
-        throw new n("unexpected DER parsing assertion: unpadded hex");
-      return c;
+    encode(n) {
+      const { Err: t } = Q;
+      if (n < W)
+        throw new t("integer: negative integers are not allowed");
+      let r = ct(n);
+      if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1)
+        throw new t("unexpected DER parsing assertion: unpadded hex");
+      return r;
     },
-    decode(e) {
-      const { Err: n } = Ne;
-      if (e[0] & 128)
-        throw new n("invalid signature integer: negative");
-      if (e[0] === 0 && !(e[1] & 128))
-        throw new n("invalid signature integer: unnecessary leading zero");
-      return Fe(e);
+    decode(n) {
+      const { Err: t } = Q;
+      if (n[0] & 128)
+        throw new t("invalid signature integer: negative");
+      if (n[0] === 0 && !(n[1] & 128))
+        throw new t("invalid signature integer: unnecessary leading zero");
+      return wt(n);
     }
   },
-  toSig(e) {
-    const { Err: n, _int: c, _tlv: t } = Ne, l = Be(e, void 0, "signature"), { v: y, l: w } = t.decode(48, l);
+  toSig(n) {
+    const { Err: t, _int: r, _tlv: e } = Q, o = V(n, void 0, "signature"), { v: s, l: i } = e.decode(48, o);
+    if (i.length)
+      throw new t("invalid signature: left bytes after parsing");
+    const { v: u, l: c } = e.decode(2, s), { v: a, l: w } = e.decode(2, c);
     if (w.length)
-      throw new n("invalid signature: left bytes after parsing");
-    const { v: p, l: E } = t.decode(2, y), { v: Z, l: M } = t.decode(2, E);
-    if (M.length)
-      throw new n("invalid signature: left bytes after parsing");
-    return { r: c.decode(p), s: c.decode(Z) };
+      throw new t("invalid signature: left bytes after parsing");
+    return { r: r.decode(u), s: r.decode(a) };
   },
-  hexFromSig(e) {
-    const { _tlv: n, _int: c } = Ne, t = n.encode(2, c.encode(e.r)), l = n.encode(2, c.encode(e.s)), y = t + l;
-    return n.encode(48, y);
-  }
-}, Ie = BigInt(0), He = BigInt(1), sn = BigInt(2), Ye = BigInt(3), Vn = BigInt(4);
-function Dn(e, n = {}) {
-  const c = Hn("weierstrass", e, n), { Fp: t, Fn: l } = c;
-  let y = c.CURVE;
-  const { h: w, n: p } = y;
-  bt(n, {}, {
+  hexFromSig(n) {
+    const { _tlv: t, _int: r } = Q, e = t.encode(2, r.encode(n.r)), o = t.encode(2, r.encode(n.s)), s = e + o;
+    return t.encode(48, s);
+  }
+}, W = BigInt(0), rt = BigInt(1), fe = BigInt(2), ft = BigInt(3), Ye = BigInt(4);
+function ke(n, t = {}) {
+  const r = Le("weierstrass", n, t), { Fp: e, Fn: o } = r;
+  let s = r.CURVE;
+  const { h: i, n: u } = s;
+  Ot(t, {}, {
     allowInfinityPoint: "boolean",
     clearCofactor: "function",
     isTorsionFree: "function",
@@ -2623,142 +724,142 @@ function Dn(e, n = {}) {
     toBytes: "function",
     endo: "object"
   });
-  const { endo: E } = n;
-  if (E && (!t.is0(y.a) || typeof E.beta != "bigint" || !Array.isArray(E.basises)))
+  const { endo: c } = t;
+  if (c && (!e.is0(s.a) || typeof c.beta != "bigint" || !Array.isArray(c.basises)))
     throw new Error('invalid endo: expected "beta": bigint and "basises": array');
-  const Z = fn(t, l);
-  function M() {
-    if (!t.isOdd)
+  const a = le(e, o);
+  function w() {
+    if (!e.isOdd)
       throw new Error("compression is not supported: Field does not have .isOdd()");
   }
-  function D(C, b, u) {
-    const { x: o, y: f } = b.toAffine(), i = t.toBytes(o);
-    if (Ge(u, "isCompressed"), u) {
-      M();
-      const r = !t.isOdd(f);
-      return Ae(cn(r), i);
+  function S(I, d, l) {
+    const { x: f, y: h } = d.toAffine(), m = e.toBytes(f);
+    if (dt(l, "isCompressed"), l) {
+      w();
+      const E = !e.isOdd(h);
+      return J(ue(E), m);
     } else
-      return Ae(Uint8Array.of(4), i, t.toBytes(f));
-  }
-  function X(C) {
-    Be(C, void 0, "Point");
-    const { publicKey: b, publicKeyUncompressed: u } = Z, o = C.length, f = C[0], i = C.subarray(1);
-    if (o === b && (f === 2 || f === 3)) {
-      const r = t.fromBytes(i);
-      if (!t.isValid(r))
+      return J(Uint8Array.of(4), m, e.toBytes(h));
+  }
+  function q(I) {
+    V(I, void 0, "Point");
+    const { publicKey: d, publicKeyUncompressed: l } = a, f = I.length, h = I[0], m = I.subarray(1);
+    if (f === d && (h === 2 || h === 3)) {
+      const E = e.fromBytes(m);
+      if (!e.isValid(E))
         throw new Error("bad point: is not on curve, wrong x");
-      const d = V(r);
-      let m;
+      const b = _(E);
+      let g;
       try {
-        m = t.sqrt(d);
-      } catch (h) {
-        const g = h instanceof Error ? ": " + h.message : "";
-        throw new Error("bad point: is not on curve, sqrt error" + g);
+        g = e.sqrt(b);
+      } catch (D) {
+        const Z = D instanceof Error ? ": " + D.message : "";
+        throw new Error("bad point: is not on curve, sqrt error" + Z);
       }
-      M();
-      const s = t.isOdd(m);
-      return (f & 1) === 1 !== s && (m = t.neg(m)), { x: r, y: m };
-    } else if (o === u && f === 4) {
-      const r = t.BYTES, d = t.fromBytes(i.subarray(0, r)), m = t.fromBytes(i.subarray(r, r * 2));
-      if (!U(d, m))
+      w();
+      const y = e.isOdd(g);
+      return (h & 1) === 1 !== y && (g = e.neg(g)), { x: E, y: g };
+    } else if (f === l && h === 4) {
+      const E = e.BYTES, b = e.fromBytes(m.subarray(0, E)), g = e.fromBytes(m.subarray(E, E * 2));
+      if (!R(b, g))
         throw new Error("bad point: is not on curve");
-      return { x: d, y: m };
+      return { x: b, y: g };
     } else
-      throw new Error(`bad point: got length ${o}, expected compressed=${b} or uncompressed=${u}`);
+      throw new Error(`bad point: got length ${f}, expected compressed=${d} or uncompressed=${l}`);
   }
-  const S = n.toBytes || D, q = n.fromBytes || X;
-  function V(C) {
-    const b = t.sqr(C), u = t.mul(b, C);
-    return t.add(t.add(u, t.mul(C, y.a)), y.b);
+  const B = t.toBytes || S, v = t.fromBytes || q;
+  function _(I) {
+    const d = e.sqr(I), l = e.mul(d, I);
+    return e.add(e.add(l, e.mul(I, s.a)), s.b);
   }
-  function U(C, b) {
-    const u = t.sqr(b), o = V(C);
-    return t.eql(u, o);
+  function R(I, d) {
+    const l = e.sqr(d), f = _(I);
+    return e.eql(l, f);
   }
-  if (!U(y.Gx, y.Gy))
+  if (!R(s.Gx, s.Gy))
     throw new Error("bad curve params: generator point");
-  const W = t.mul(t.pow(y.a, Ye), Vn), G = t.mul(t.sqr(y.b), BigInt(27));
-  if (t.is0(t.add(W, G)))
+  const N = e.mul(e.pow(s.a, ft), Ye), T = e.mul(e.sqr(s.b), BigInt(27));
+  if (e.is0(e.add(N, T)))
     throw new Error("bad curve params: a or b");
-  function te(C, b, u = !1) {
-    if (!t.isValid(b) || u && t.is0(b))
-      throw new Error(`bad point coordinate ${C}`);
-    return b;
+  function C(I, d, l = !1) {
+    if (!e.isValid(d) || l && e.is0(d))
+      throw new Error(`bad point coordinate ${I}`);
+    return d;
   }
-  function re(C) {
-    if (!(C instanceof v))
+  function Y(I) {
+    if (!(I instanceof x))
       throw new Error("Weierstrass Point expected");
   }
-  function ie(C) {
-    if (!E || !E.basises)
+  function K(I) {
+    if (!c || !c.basises)
       throw new Error("no endo");
-    return jn(C, E.basises, l.ORDER);
-  }
-  const N = qt((C, b) => {
-    const { X: u, Y: o, Z: f } = C;
-    if (t.eql(f, t.ONE))
-      return { x: u, y: o };
-    const i = C.is0();
-    b == null && (b = i ? t.ONE : t.inv(f));
-    const r = t.mul(u, b), d = t.mul(o, b), m = t.mul(f, b);
-    if (i)
-      return { x: t.ZERO, y: t.ZERO };
-    if (!t.eql(m, t.ONE))
+    return Te(I, c.basises, o.ORDER);
+  }
+  const M = At((I, d) => {
+    const { X: l, Y: f, Z: h } = I;
+    if (e.eql(h, e.ONE))
+      return { x: l, y: f };
+    const m = I.is0();
+    d == null && (d = m ? e.ONE : e.inv(h));
+    const E = e.mul(l, d), b = e.mul(f, d), g = e.mul(h, d);
+    if (m)
+      return { x: e.ZERO, y: e.ZERO };
+    if (!e.eql(g, e.ONE))
       throw new Error("invZ was invalid");
-    return { x: r, y: d };
-  }), O = qt((C) => {
-    if (C.is0()) {
-      if (n.allowInfinityPoint && !t.is0(C.Y))
+    return { x: E, y: b };
+  }), F = At((I) => {
+    if (I.is0()) {
+      if (t.allowInfinityPoint && !e.is0(I.Y))
         return;
       throw new Error("bad point: ZERO");
     }
-    const { x: b, y: u } = C.toAffine();
-    if (!t.isValid(b) || !t.isValid(u))
+    const { x: d, y: l } = I.toAffine();
+    if (!e.isValid(d) || !e.isValid(l))
       throw new Error("bad point: x or y not field elements");
-    if (!U(b, u))
+    if (!R(d, l))
       throw new Error("bad point: equation left != right");
-    if (!C.isTorsionFree())
+    if (!I.isTorsionFree())
       throw new Error("bad point: not in prime-order subgroup");
     return !0;
   });
-  function L(C, b, u, o, f) {
-    return u = new v(t.mul(u.X, C), u.Y, u.Z), b = We(o, b), u = We(f, u), b.add(u);
+  function H(I, d, l, f, h) {
+    return l = new x(e.mul(l.X, I), l.Y, l.Z), d = at(f, d), l = at(h, l), d.add(l);
   }
-  class v {
+  class x {
     // base / generator point
-    static BASE = new v(y.Gx, y.Gy, t.ONE);
+    static BASE = new x(s.Gx, s.Gy, e.ONE);
     // zero / infinity / identity point
-    static ZERO = new v(t.ZERO, t.ONE, t.ZERO);
+    static ZERO = new x(e.ZERO, e.ONE, e.ZERO);
     // 0, 1, 0
     // math field
-    static Fp = t;
+    static Fp = e;
     // scalar field
-    static Fn = l;
+    static Fn = o;
     X;
     Y;
     Z;
     /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    constructor(b, u, o) {
-      this.X = te("x", b), this.Y = te("y", u, !0), this.Z = te("z", o), Object.freeze(this);
+    constructor(d, l, f) {
+      this.X = C("x", d), this.Y = C("y", l, !0), this.Z = C("z", f), Object.freeze(this);
     }
     static CURVE() {
-      return y;
+      return s;
     }
     /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    static fromAffine(b) {
-      const { x: u, y: o } = b || {};
-      if (!b || !t.isValid(u) || !t.isValid(o))
+    static fromAffine(d) {
+      const { x: l, y: f } = d || {};
+      if (!d || !e.isValid(l) || !e.isValid(f))
         throw new Error("invalid affine point");
-      if (b instanceof v)
+      if (d instanceof x)
         throw new Error("projective point not allowed");
-      return t.is0(u) && t.is0(o) ? v.ZERO : new v(u, o, t.ONE);
+      return e.is0(l) && e.is0(f) ? x.ZERO : new x(l, f, e.ONE);
     }
-    static fromBytes(b) {
-      const u = v.fromAffine(q(Be(b, void 0, "point")));
-      return u.assertValidity(), u;
+    static fromBytes(d) {
+      const l = x.fromAffine(v(V(d, void 0, "point")));
+      return l.assertValidity(), l;
     }
-    static fromHex(b) {
-      return v.fromBytes(Pe(b));
+    static fromHex(d) {
+      return x.fromBytes(lt(d));
     }
     get x() {
       return this.toAffine().x;
@@ -2772,58 +873,58 @@ function Dn(e, n = {}) {
      * @param isLazy true will defer table computation until the first multiplication
      * @returns
      */
-    precompute(b = 8, u = !0) {
-      return Q.createCache(this, b), u || this.multiply(Ye), this;
+    precompute(d = 8, l = !0) {
+      return tt.createCache(this, d), l || this.multiply(ft), this;
     }
     // TODO: return `this`
     /** A point on curve is valid if it conforms to equation. */
     assertValidity() {
-      O(this);
+      F(this);
     }
     hasEvenY() {
-      const { y: b } = this.toAffine();
-      if (!t.isOdd)
+      const { y: d } = this.toAffine();
+      if (!e.isOdd)
         throw new Error("Field doesn't support isOdd");
-      return !t.isOdd(b);
+      return !e.isOdd(d);
     }
     /** Compare one point to another. */
-    equals(b) {
-      re(b);
-      const { X: u, Y: o, Z: f } = this, { X: i, Y: r, Z: d } = b, m = t.eql(t.mul(u, d), t.mul(i, f)), s = t.eql(t.mul(o, d), t.mul(r, f));
-      return m && s;
+    equals(d) {
+      Y(d);
+      const { X: l, Y: f, Z: h } = this, { X: m, Y: E, Z: b } = d, g = e.eql(e.mul(l, b), e.mul(m, h)), y = e.eql(e.mul(f, b), e.mul(E, h));
+      return g && y;
     }
     /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
     negate() {
-      return new v(this.X, t.neg(this.Y), this.Z);
+      return new x(this.X, e.neg(this.Y), this.Z);
     }
     // Renes-Costello-Batina exception-free doubling formula.
     // There is 30% faster Jacobian formula, but it is not complete.
     // https://eprint.iacr.org/2015/1060, algorithm 3
     // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
     double() {
-      const { a: b, b: u } = y, o = t.mul(u, Ye), { X: f, Y: i, Z: r } = this;
-      let d = t.ZERO, m = t.ZERO, s = t.ZERO, a = t.mul(f, f), h = t.mul(i, i), g = t.mul(r, r), B = t.mul(f, i);
-      return B = t.add(B, B), s = t.mul(f, r), s = t.add(s, s), d = t.mul(b, s), m = t.mul(o, g), m = t.add(d, m), d = t.sub(h, m), m = t.add(h, m), m = t.mul(d, m), d = t.mul(B, d), s = t.mul(o, s), g = t.mul(b, g), B = t.sub(a, g), B = t.mul(b, B), B = t.add(B, s), s = t.add(a, a), a = t.add(s, a), a = t.add(a, g), a = t.mul(a, B), m = t.add(m, a), g = t.mul(i, r), g = t.add(g, g), a = t.mul(g, B), d = t.sub(d, a), s = t.mul(g, h), s = t.add(s, s), s = t.add(s, s), new v(d, m, s);
+      const { a: d, b: l } = s, f = e.mul(l, ft), { X: h, Y: m, Z: E } = this;
+      let b = e.ZERO, g = e.ZERO, y = e.ZERO, p = e.mul(h, h), D = e.mul(m, m), Z = e.mul(E, E), O = e.mul(h, m);
+      return O = e.add(O, O), y = e.mul(h, E), y = e.add(y, y), b = e.mul(d, y), g = e.mul(f, Z), g = e.add(b, g), b = e.sub(D, g), g = e.add(D, g), g = e.mul(b, g), b = e.mul(O, b), y = e.mul(f, y), Z = e.mul(d, Z), O = e.sub(p, Z), O = e.mul(d, O), O = e.add(O, y), y = e.add(p, p), p = e.add(y, p), p = e.add(p, Z), p = e.mul(p, O), g = e.add(g, p), Z = e.mul(m, E), Z = e.add(Z, Z), p = e.mul(Z, O), b = e.sub(b, p), y = e.mul(Z, D), y = e.add(y, y), y = e.add(y, y), new x(b, g, y);
     }
     // Renes-Costello-Batina exception-free addition formula.
     // There is 30% faster Jacobian formula, but it is not complete.
     // https://eprint.iacr.org/2015/1060, algorithm 1
     // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
-    add(b) {
-      re(b);
-      const { X: u, Y: o, Z: f } = this, { X: i, Y: r, Z: d } = b;
-      let m = t.ZERO, s = t.ZERO, a = t.ZERO;
-      const h = y.a, g = t.mul(y.b, Ye);
-      let B = t.mul(u, i), H = t.mul(o, r), z = t.mul(f, d), I = t.add(u, o), T = t.add(i, r);
-      I = t.mul(I, T), T = t.add(B, H), I = t.sub(I, T), T = t.add(u, f);
-      let k = t.add(i, d);
-      return T = t.mul(T, k), k = t.add(B, z), T = t.sub(T, k), k = t.add(o, f), m = t.add(r, d), k = t.mul(k, m), m = t.add(H, z), k = t.sub(k, m), a = t.mul(h, T), m = t.mul(g, z), a = t.add(m, a), m = t.sub(H, a), a = t.add(H, a), s = t.mul(m, a), H = t.add(B, B), H = t.add(H, B), z = t.mul(h, z), T = t.mul(g, T), H = t.add(H, z), z = t.sub(B, z), z = t.mul(h, z), T = t.add(T, z), B = t.mul(H, T), s = t.add(s, B), B = t.mul(k, T), m = t.mul(I, m), m = t.sub(m, B), B = t.mul(I, H), a = t.mul(k, a), a = t.add(a, B), new v(m, s, a);
-    }
-    subtract(b) {
-      return this.add(b.negate());
+    add(d) {
+      Y(d);
+      const { X: l, Y: f, Z: h } = this, { X: m, Y: E, Z: b } = d;
+      let g = e.ZERO, y = e.ZERO, p = e.ZERO;
+      const D = s.a, Z = e.mul(s.b, ft);
+      let O = e.mul(l, m), A = e.mul(f, E), U = e.mul(h, b), G = e.add(l, f), L = e.add(m, E);
+      G = e.mul(G, L), L = e.add(O, A), G = e.sub(G, L), L = e.add(l, h);
+      let k = e.add(m, b);
+      return L = e.mul(L, k), k = e.add(O, U), L = e.sub(L, k), k = e.add(f, h), g = e.add(E, b), k = e.mul(k, g), g = e.add(A, U), k = e.sub(k, g), p = e.mul(D, L), g = e.mul(Z, U), p = e.add(g, p), g = e.sub(A, p), p = e.add(A, p), y = e.mul(g, p), A = e.add(O, O), A = e.add(A, O), U = e.mul(D, U), L = e.mul(Z, L), A = e.add(A, U), U = e.sub(O, U), U = e.mul(D, U), L = e.add(L, U), O = e.mul(A, L), y = e.add(y, O), O = e.mul(k, L), g = e.mul(G, g), g = e.sub(g, O), O = e.mul(G, A), p = e.mul(k, p), p = e.add(p, O), new x(g, y, p);
+    }
+    subtract(d) {
+      return this.add(d.negate());
     }
     is0() {
-      return this.equals(v.ZERO);
+      return this.equals(x.ZERO);
     }
     /**
      * Constant time multiplication.
@@ -2834,307 +935,307 @@ function Dn(e, n = {}) {
      * @param scalar by which the point would be multiplied
      * @returns New point
      */
-    multiply(b) {
-      const { endo: u } = n;
-      if (!l.isValidNot0(b))
+    multiply(d) {
+      const { endo: l } = t;
+      if (!o.isValidNot0(d))
         throw new Error("invalid scalar: out of range");
-      let o, f;
-      const i = (r) => Q.cached(this, r, (d) => At(v, d));
-      if (u) {
-        const { k1neg: r, k1: d, k2neg: m, k2: s } = ie(b), { p: a, f: h } = i(d), { p: g, f: B } = i(s);
-        f = h.add(B), o = L(u.beta, a, g, r, m);
+      let f, h;
+      const m = (E) => tt.cached(this, E, (b) => Ut(x, b));
+      if (l) {
+        const { k1neg: E, k1: b, k2neg: g, k2: y } = K(d), { p, f: D } = m(b), { p: Z, f: O } = m(y);
+        h = D.add(O), f = H(l.beta, p, Z, E, g);
       } else {
-        const { p: r, f: d } = i(b);
-        o = r, f = d;
+        const { p: E, f: b } = m(d);
+        f = E, h = b;
       }
-      return At(v, [o, f])[0];
+      return Ut(x, [f, h])[0];
     }
     /**
      * Non-constant-time multiplication. Uses double-and-add algorithm.
      * It's faster, but should only be used when you don't care about
      * an exposed secret key e.g. sig verification, which works over *public* keys.
      */
-    multiplyUnsafe(b) {
-      const { endo: u } = n, o = this;
-      if (!l.isValid(b))
+    multiplyUnsafe(d) {
+      const { endo: l } = t, f = this;
+      if (!o.isValid(d))
         throw new Error("invalid scalar: out of range");
-      if (b === Ie || o.is0())
-        return v.ZERO;
-      if (b === He)
-        return o;
-      if (Q.hasCache(this))
-        return this.multiply(b);
-      if (u) {
-        const { k1neg: f, k1: i, k2neg: r, k2: d } = ie(b), { p1: m, p2: s } = Ln(v, o, i, d);
-        return L(u.beta, m, s, f, r);
+      if (d === W || f.is0())
+        return x.ZERO;
+      if (d === rt)
+        return f;
+      if (tt.hasCache(this))
+        return this.multiply(d);
+      if (l) {
+        const { k1neg: h, k1: m, k2neg: E, k2: b } = K(d), { p1: g, p2: y } = Ae(x, f, m, b);
+        return H(l.beta, g, y, h, E);
       } else
-        return Q.unsafe(o, b);
+        return tt.unsafe(f, d);
     }
     /**
      * Converts Projective point to affine (x, y) coordinates.
      * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
      */
-    toAffine(b) {
-      return N(this, b);
+    toAffine(d) {
+      return M(this, d);
     }
     /**
      * Checks whether Point is free of torsion elements (is in prime subgroup).
      * Always torsion-free for cofactor=1 curves.
      */
     isTorsionFree() {
-      const { isTorsionFree: b } = n;
-      return w === He ? !0 : b ? b(v, this) : Q.unsafe(this, p).is0();
+      const { isTorsionFree: d } = t;
+      return i === rt ? !0 : d ? d(x, this) : tt.unsafe(this, u).is0();
     }
     clearCofactor() {
-      const { clearCofactor: b } = n;
-      return w === He ? this : b ? b(v, this) : this.multiplyUnsafe(w);
+      const { clearCofactor: d } = t;
+      return i === rt ? this : d ? d(x, this) : this.multiplyUnsafe(i);
     }
     isSmallOrder() {
-      return this.multiplyUnsafe(w).is0();
+      return this.multiplyUnsafe(i).is0();
     }
-    toBytes(b = !0) {
-      return Ge(b, "isCompressed"), this.assertValidity(), S(v, this, b);
+    toBytes(d = !0) {
+      return dt(d, "isCompressed"), this.assertValidity(), B(x, this, d);
     }
-    toHex(b = !0) {
-      return Qe(this.toBytes(b));
+    toHex(d = !0) {
+      return ht(this.toBytes(d));
     }
     toString() {
       return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
     }
   }
-  const j = l.BITS, Q = new Zn(v, n.endo ? Math.ceil(j / 2) : j);
-  return v.BASE.precompute(8), v;
+  const P = o.BITS, tt = new Ze(x, t.endo ? Math.ceil(P / 2) : P);
+  return x.BASE.precompute(8), x;
 }
-function cn(e) {
-  return Uint8Array.of(e ? 2 : 3);
+function ue(n) {
+  return Uint8Array.of(n ? 2 : 3);
 }
-function fn(e, n) {
+function le(n, t) {
   return {
-    secretKey: n.BYTES,
-    publicKey: 1 + e.BYTES,
-    publicKeyUncompressed: 1 + 2 * e.BYTES,
+    secretKey: t.BYTES,
+    publicKey: 1 + n.BYTES,
+    publicKeyUncompressed: 1 + 2 * n.BYTES,
     publicKeyHasPrefix: !0,
-    signature: 2 * n.BYTES
+    signature: 2 * t.BYTES
   };
 }
-function Cn(e, n = {}) {
-  const { Fn: c } = e, t = n.randomBytes || jt, l = Object.assign(fn(e.Fp, c), { seed: nn(c.ORDER) });
-  function y(S) {
+function Ve(n, t = {}) {
+  const { Fn: r } = n, e = t.randomBytes || Mt, o = Object.assign(le(n.Fp, r), { seed: ie(r.ORDER) });
+  function s(B) {
     try {
-      const q = c.fromBytes(S);
-      return c.isValidNot0(q);
+      const v = r.fromBytes(B);
+      return r.isValidNot0(v);
     } catch {
       return !1;
     }
   }
-  function w(S, q) {
-    const { publicKey: V, publicKeyUncompressed: U } = l;
+  function i(B, v) {
+    const { publicKey: _, publicKeyUncompressed: R } = o;
     try {
-      const W = S.length;
-      return q === !0 && W !== V || q === !1 && W !== U ? !1 : !!e.fromBytes(S);
+      const N = B.length;
+      return v === !0 && N !== _ || v === !1 && N !== R ? !1 : !!n.fromBytes(B);
     } catch {
       return !1;
     }
   }
-  function p(S = t(l.seed)) {
-    return Un(Be(S, l.seed, "seed"), c.ORDER);
+  function u(B = e(o.seed)) {
+    return _e(V(B, o.seed, "seed"), r.ORDER);
   }
-  function E(S, q = !0) {
-    return e.BASE.multiply(c.fromBytes(S)).toBytes(q);
+  function c(B, v = !0) {
+    return n.BASE.multiply(r.fromBytes(B)).toBytes(v);
   }
-  function Z(S) {
-    const { secretKey: q, publicKey: V, publicKeyUncompressed: U } = l;
-    if (!Mt(S) || "_lengths" in c && c._lengths || q === V)
+  function a(B) {
+    const { secretKey: v, publicKey: _, publicKeyUncompressed: R } = o;
+    if (!Kt(B) || "_lengths" in r && r._lengths || v === _)
       return;
-    const W = Be(S, void 0, "key").length;
-    return W === V || W === U;
+    const N = V(B, void 0, "key").length;
+    return N === _ || N === R;
   }
-  function M(S, q, V = !0) {
-    if (Z(S) === !0)
+  function w(B, v, _ = !0) {
+    if (a(B) === !0)
       throw new Error("first arg must be private key");
-    if (Z(q) === !1)
+    if (a(v) === !1)
       throw new Error("second arg must be public key");
-    const U = c.fromBytes(S);
-    return e.fromBytes(q).multiply(U).toBytes(V);
-  }
-  const D = {
-    isValidSecretKey: y,
-    isValidPublicKey: w,
-    randomSecretKey: p
-  }, X = kn(p, E);
-  return Object.freeze({ getPublicKey: E, getSharedSecret: M, keygen: X, Point: e, utils: D, lengths: l });
-}
-function Kn(e, n, c = {}) {
-  ln(n), bt(c, {}, {
+    const R = r.fromBytes(B);
+    return n.fromBytes(v).multiply(R).toBytes(_);
+  }
+  const S = {
+    isValidSecretKey: s,
+    isValidPublicKey: i,
+    randomSecretKey: u
+  }, q = De(u, c);
+  return Object.freeze({ getPublicKey: c, getSharedSecret: w, keygen: q, Point: n, utils: S, lengths: o });
+}
+function $e(n, t, r = {}) {
+  de(t), Ot(r, {}, {
     hmac: "function",
     lowS: "boolean",
     randomBytes: "function",
     bits2int: "function",
     bits2int_modN: "function"
-  }), c = Object.assign({}, c);
-  const t = c.randomBytes || jt, l = c.hmac || ((u, o) => dn(n, u, o)), { Fp: y, Fn: w } = e, { ORDER: p, BITS: E } = w, { keygen: Z, getPublicKey: M, getSharedSecret: D, utils: X, lengths: S } = Cn(e, c), q = {
+  }), r = Object.assign({}, r);
+  const e = r.randomBytes || Mt, o = r.hmac || ((l, f) => ae(t, l, f)), { Fp: s, Fn: i } = n, { ORDER: u, BITS: c } = i, { keygen: a, getPublicKey: w, getSharedSecret: S, utils: q, lengths: B } = Ve(n, r), v = {
     prehash: !0,
-    lowS: typeof c.lowS == "boolean" ? c.lowS : !0,
+    lowS: typeof r.lowS == "boolean" ? r.lowS : !0,
     format: "compact",
     extraEntropy: !1
-  }, V = p * sn < y.ORDER;
-  function U(u) {
-    const o = p >> He;
-    return u > o;
-  }
-  function W(u, o) {
-    if (!w.isValidNot0(o))
-      throw new Error(`invalid signature ${u}: out of range 1..Point.Fn.ORDER`);
-    return o;
-  }
-  function G() {
-    if (V)
+  }, _ = u * fe < s.ORDER;
+  function R(l) {
+    const f = u >> rt;
+    return l > f;
+  }
+  function N(l, f) {
+    if (!i.isValidNot0(f))
+      throw new Error(`invalid signature ${l}: out of range 1..Point.Fn.ORDER`);
+    return f;
+  }
+  function T() {
+    if (_)
       throw new Error('"recovered" sig type is not supported for cofactor >2 curves');
   }
-  function te(u, o) {
-    at(o);
-    const f = S.signature, i = o === "compact" ? f : o === "recovered" ? f + 1 : void 0;
-    return Be(u, i);
+  function C(l, f) {
+    pt(f);
+    const h = B.signature, m = f === "compact" ? h : f === "recovered" ? h + 1 : void 0;
+    return V(l, m);
   }
-  class re {
+  class Y {
     r;
     s;
     recovery;
-    constructor(o, f, i) {
-      if (this.r = W("r", o), this.s = W("s", f), i != null) {
-        if (G(), ![0, 1, 2, 3].includes(i))
+    constructor(f, h, m) {
+      if (this.r = N("r", f), this.s = N("s", h), m != null) {
+        if (T(), ![0, 1, 2, 3].includes(m))
           throw new Error("invalid recovery id");
-        this.recovery = i;
+        this.recovery = m;
       }
       Object.freeze(this);
     }
-    static fromBytes(o, f = q.format) {
-      te(o, f);
-      let i;
-      if (f === "der") {
-        const { r: s, s: a } = Ne.toSig(Be(o));
-        return new re(s, a);
+    static fromBytes(f, h = v.format) {
+      C(f, h);
+      let m;
+      if (h === "der") {
+        const { r: y, s: p } = Q.toSig(V(f));
+        return new Y(y, p);
       }
-      f === "recovered" && (i = o[0], f = "compact", o = o.subarray(1));
-      const r = S.signature / 2, d = o.subarray(0, r), m = o.subarray(r, r * 2);
-      return new re(w.fromBytes(d), w.fromBytes(m), i);
+      h === "recovered" && (m = f[0], h = "compact", f = f.subarray(1));
+      const E = B.signature / 2, b = f.subarray(0, E), g = f.subarray(E, E * 2);
+      return new Y(i.fromBytes(b), i.fromBytes(g), m);
     }
-    static fromHex(o, f) {
-      return this.fromBytes(Pe(o), f);
+    static fromHex(f, h) {
+      return this.fromBytes(lt(f), h);
     }
     assertRecovery() {
-      const { recovery: o } = this;
-      if (o == null)
+      const { recovery: f } = this;
+      if (f == null)
         throw new Error("invalid recovery id: must be present");
-      return o;
+      return f;
     }
-    addRecoveryBit(o) {
-      return new re(this.r, this.s, o);
+    addRecoveryBit(f) {
+      return new Y(this.r, this.s, f);
     }
-    recoverPublicKey(o) {
-      const { r: f, s: i } = this, r = this.assertRecovery(), d = r === 2 || r === 3 ? f + p : f;
-      if (!y.isValid(d))
+    recoverPublicKey(f) {
+      const { r: h, s: m } = this, E = this.assertRecovery(), b = E === 2 || E === 3 ? h + u : h;
+      if (!s.isValid(b))
         throw new Error("invalid recovery id: sig.r+curve.n != R.x");
-      const m = y.toBytes(d), s = e.fromBytes(Ae(cn((r & 1) === 0), m)), a = w.inv(d), h = N(Be(o, void 0, "msgHash")), g = w.create(-h * a), B = w.create(i * a), H = e.BASE.multiplyUnsafe(g).add(s.multiplyUnsafe(B));
-      if (H.is0())
+      const g = s.toBytes(b), y = n.fromBytes(J(ue((E & 1) === 0), g)), p = i.inv(b), D = M(V(f, void 0, "msgHash")), Z = i.create(-D * p), O = i.create(m * p), A = n.BASE.multiplyUnsafe(Z).add(y.multiplyUnsafe(O));
+      if (A.is0())
         throw new Error("invalid recovery: point at infinify");
-      return H.assertValidity(), H;
+      return A.assertValidity(), A;
     }
     // Signatures should be low-s, to prevent malleability.
     hasHighS() {
-      return U(this.s);
+      return R(this.s);
     }
-    toBytes(o = q.format) {
-      if (at(o), o === "der")
-        return Pe(Ne.hexFromSig(this));
-      const { r: f, s: i } = this, r = w.toBytes(f), d = w.toBytes(i);
-      return o === "recovered" ? (G(), Ae(Uint8Array.of(this.assertRecovery()), r, d)) : Ae(r, d);
+    toBytes(f = v.format) {
+      if (pt(f), f === "der")
+        return lt(Q.hexFromSig(this));
+      const { r: h, s: m } = this, E = i.toBytes(h), b = i.toBytes(m);
+      return f === "recovered" ? (T(), J(Uint8Array.of(this.assertRecovery()), E, b)) : J(E, b);
     }
-    toHex(o) {
-      return Qe(this.toBytes(o));
+    toHex(f) {
+      return ht(this.toBytes(f));
     }
   }
-  const ie = c.bits2int || function(o) {
-    if (o.length > 8192)
+  const K = r.bits2int || function(f) {
+    if (f.length > 8192)
       throw new Error("input is too large");
-    const f = Fe(o), i = o.length * 8 - E;
-    return i > 0 ? f >> BigInt(i) : f;
-  }, N = c.bits2int_modN || function(o) {
-    return w.create(ie(o));
-  }, O = ht(E);
-  function L(u) {
-    return En("num < 2^" + E, u, Ie, O), w.toBytes(u);
-  }
-  function v(u, o) {
-    return Be(u, void 0, "message"), o ? Be(n(u), void 0, "prehashed message") : u;
-  }
-  function j(u, o, f) {
-    const { lowS: i, prehash: r, extraEntropy: d } = ct(f, q);
-    u = v(u, r);
-    const m = N(u), s = w.fromBytes(o);
-    if (!w.isValidNot0(s))
+    const h = wt(f), m = f.length * 8 - c;
+    return m > 0 ? h >> BigInt(m) : h;
+  }, M = r.bits2int_modN || function(f) {
+    return i.create(K(f));
+  }, F = St(c);
+  function H(l) {
+    return me("num < 2^" + c, l, W, F), i.toBytes(l);
+  }
+  function x(l, f) {
+    return V(l, void 0, "message"), f ? V(t(l), void 0, "prehashed message") : l;
+  }
+  function P(l, f, h) {
+    const { lowS: m, prehash: E, extraEntropy: b } = yt(h, v);
+    l = x(l, E);
+    const g = M(l), y = i.fromBytes(f);
+    if (!i.isValidNot0(y))
       throw new Error("invalid private key");
-    const a = [L(s), L(m)];
-    if (d != null && d !== !1) {
-      const H = d === !0 ? t(S.secretKey) : d;
-      a.push(Be(H, void 0, "extraEntropy"));
-    }
-    const h = Ae(...a), g = m;
-    function B(H) {
-      const z = ie(H);
-      if (!w.isValidNot0(z))
+    const p = [H(y), H(g)];
+    if (b != null && b !== !1) {
+      const A = b === !0 ? e(B.secretKey) : b;
+      p.push(V(A, void 0, "extraEntropy"));
+    }
+    const D = J(...p), Z = g;
+    function O(A) {
+      const U = K(A);
+      if (!i.isValidNot0(U))
         return;
-      const I = w.inv(z), T = e.BASE.multiply(z).toAffine(), k = w.create(T.x);
-      if (k === Ie)
+      const G = i.inv(U), L = n.BASE.multiply(U).toAffine(), k = i.create(L.x);
+      if (k === W)
         return;
-      const ee = w.create(I * w.create(g + k * s));
-      if (ee === Ie)
+      const st = i.create(G * i.create(Z + k * y));
+      if (st === W)
         return;
-      let F = (T.x === k ? 0 : 2) | Number(T.y & He), _ = ee;
-      return i && U(ee) && (_ = w.neg(ee), F ^= 1), new re(k, _, V ? void 0 : F);
+      let _t = (L.x === k ? 0 : 2) | Number(L.y & rt), Zt = st;
+      return m && R(st) && (Zt = i.neg(st), _t ^= 1), new Y(k, Zt, _ ? void 0 : _t);
     }
-    return { seed: h, k2sig: B };
+    return { seed: D, k2sig: O };
   }
-  function Q(u, o, f = {}) {
-    const { seed: i, k2sig: r } = j(u, o, f);
-    return vn(n.outputLen, w.BYTES, l)(i, r).toBytes(f.format);
+  function tt(l, f, h = {}) {
+    const { seed: m, k2sig: E } = P(l, f, h);
+    return Ee(t.outputLen, i.BYTES, o)(m, E).toBytes(h.format);
   }
-  function C(u, o, f, i = {}) {
-    const { lowS: r, prehash: d, format: m } = ct(i, q);
-    if (f = Be(f, void 0, "publicKey"), o = v(o, d), !Mt(u)) {
-      const s = u instanceof re ? ", use sig.toBytes()" : "";
-      throw new Error("verify expects Uint8Array signature" + s);
+  function I(l, f, h, m = {}) {
+    const { lowS: E, prehash: b, format: g } = yt(m, v);
+    if (h = V(h, void 0, "publicKey"), f = x(f, b), !Kt(l)) {
+      const y = l instanceof Y ? ", use sig.toBytes()" : "";
+      throw new Error("verify expects Uint8Array signature" + y);
     }
-    te(u, m);
+    C(l, g);
     try {
-      const s = re.fromBytes(u, m), a = e.fromBytes(f);
-      if (r && s.hasHighS())
+      const y = Y.fromBytes(l, g), p = n.fromBytes(h);
+      if (E && y.hasHighS())
         return !1;
-      const { r: h, s: g } = s, B = N(o), H = w.inv(g), z = w.create(B * H), I = w.create(h * H), T = e.BASE.multiplyUnsafe(z).add(a.multiplyUnsafe(I));
-      return T.is0() ? !1 : w.create(T.x) === h;
+      const { r: D, s: Z } = y, O = M(f), A = i.inv(Z), U = i.create(O * A), G = i.create(D * A), L = n.BASE.multiplyUnsafe(U).add(p.multiplyUnsafe(G));
+      return L.is0() ? !1 : i.create(L.x) === D;
     } catch {
       return !1;
     }
   }
-  function b(u, o, f = {}) {
-    const { prehash: i } = ct(f, q);
-    return o = v(o, i), re.fromBytes(u, "recovered").recoverPublicKey(o).toBytes();
+  function d(l, f, h = {}) {
+    const { prehash: m } = yt(h, v);
+    return f = x(f, m), Y.fromBytes(l, "recovered").recoverPublicKey(f).toBytes();
   }
   return Object.freeze({
-    keygen: Z,
-    getPublicKey: M,
-    getSharedSecret: D,
-    utils: X,
-    lengths: S,
-    Point: e,
-    sign: Q,
-    verify: C,
-    recoverPublicKey: b,
-    Signature: re,
-    hash: n
+    keygen: a,
+    getPublicKey: w,
+    getSharedSecret: S,
+    utils: q,
+    lengths: B,
+    Point: n,
+    sign: tt,
+    verify: I,
+    recoverPublicKey: d,
+    Signature: Y,
+    hash: t
   });
 }
-const gt = {
+const Nt = {
   p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
   n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
   h: BigInt(1),
@@ -3142,31 +1243,28 @@ const gt = {
   b: BigInt(7),
   Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
   Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
-}, Yn = {
+}, je = {
   beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
   basises: [
     [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
     [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
   ]
-}, kt = /* @__PURE__ */ BigInt(2);
-function zn(e) {
-  const n = gt.p, c = BigInt(3), t = BigInt(6), l = BigInt(11), y = BigInt(22), w = BigInt(23), p = BigInt(44), E = BigInt(88), Z = e * e * e % n, M = Z * Z * e % n, D = qe(M, c, n) * M % n, X = qe(D, c, n) * M % n, S = qe(X, kt, n) * Z % n, q = qe(S, l, n) * S % n, V = qe(q, y, n) * q % n, U = qe(V, p, n) * V % n, W = qe(U, E, n) * U % n, G = qe(W, p, n) * V % n, te = qe(G, c, n) * M % n, re = qe(te, w, n) * q % n, ie = qe(re, t, n) * Z % n, N = qe(ie, kt, n);
-  if (!ut.eql(ut.sqr(N), e))
+}, jt = /* @__PURE__ */ BigInt(2);
+function Me(n) {
+  const t = Nt.p, r = BigInt(3), e = BigInt(6), o = BigInt(11), s = BigInt(22), i = BigInt(23), u = BigInt(44), c = BigInt(88), a = n * n * n % t, w = a * a * n % t, S = z(w, r, t) * w % t, q = z(S, r, t) * w % t, B = z(q, jt, t) * a % t, v = z(B, o, t) * B % t, _ = z(v, s, t) * v % t, R = z(_, u, t) * _ % t, N = z(R, c, t) * R % t, T = z(N, u, t) * _ % t, C = z(T, r, t) * w % t, Y = z(C, i, t) * v % t, K = z(Y, e, t) * a % t, M = z(K, jt, t);
+  if (!vt.eql(vt.sqr(M), n))
     throw new Error("Cannot find square root");
-  return N;
+  return M;
 }
-const ut = $e(gt.p, { sqrt: zn }), Xn = /* @__PURE__ */ Dn(gt, {
-  Fp: ut,
-  endo: Yn
-}), Jn = /* @__PURE__ */ Kn(Xn, hn);
+const vt = gt(Nt.p, { sqrt: Me }), Ke = /* @__PURE__ */ ke(Nt, {
+  Fp: vt,
+  endo: je
+}), He = /* @__PURE__ */ $e(Ke, he);
 export {
-  Qn as F,
-  Wn as a,
-  Je as b,
-  pn as c,
-  Ge as d,
-  Fe as e,
-  xe as m,
-  Gn as r,
-  Jn as s
+  Ce as F,
+  dt as a,
+  wt as b,
+  X as m,
+  ye as r,
+  He as s
 };