@btc-vision/transaction 1.8.0 → 1.8.2

package/browser/noble-curves.js

@@ -1,256 +1,939 @@
-import { o as ht, p as it, d as V, q as lt, e as J, t as de, c as Mt, u as ae, i as Kt, s as he } from "./noble-hashes.js";
-const Rt = /* @__PURE__ */ BigInt(0), Bt = /* @__PURE__ */ BigInt(1);
-function dt(n, t = "") {
-  if (typeof n != "boolean") {
-    const r = t && `"${t}" `;
-    throw new Error(r + "expected boolean, got type=" + typeof n);
+import { n as Bt, r as je } from "./rolldown-runtime.js";
+function Kt(t) {
+  return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array";
+}
+function xt(t, e = "") {
+  if (!Number.isSafeInteger(t) || t < 0) {
+    const r = e && `"${e}" `;
+    throw new Error(`${r}expected integer >= 0, got ${t}`);
   }
-  return n;
 }
-function zt(n) {
-  if (typeof n == "bigint") {
-    if (!ut(n))
-      throw new Error("positive bigint expected, got " + n);
-  } else
-    it(n);
-  return n;
+function C(t, e, r = "") {
+  const n = Kt(t), o = t?.length, s = e !== void 0;
+  if (!n || s && o !== e) {
+    const i = r && `"${r}" `, c = s ? ` of length ${e}` : "", f = n ? `length=${o}` : `type=${typeof t}`;
+    throw new Error(i + "expected Uint8Array" + c + ", got " + f);
+  }
+  return t;
+}
+function Ye(t) {
+  if (typeof t != "function" || typeof t.create != "function") throw new Error("Hash must wrapped by utils.createHasher");
+  xt(t.outputLen), xt(t.blockLen);
+}
+function Vt(t, e = !0) {
+  if (t.destroyed) throw new Error("Hash instance has been destroyed");
+  if (e && t.finished) throw new Error("Hash#digest() has already been called");
 }
-function ct(n) {
-  const t = zt(n).toString(16);
-  return t.length & 1 ? "0" + t : t;
+function Rn(t, e) {
+  C(t, void 0, "digestInto() output");
+  const r = e.outputLen;
+  if (t.length < r) throw new Error('"digestInto() output" expected to be of length >=' + r);
 }
-function Ct(n) {
-  if (typeof n != "string")
-    throw new Error("hex string expected, got " + typeof n);
-  return n === "" ? Rt : BigInt("0x" + n);
+function Hr(t) {
+  return new Uint32Array(t.buffer, t.byteOffset, Math.floor(t.byteLength / 4));
 }
-function wt(n) {
-  return Ct(ht(n));
+function At(...t) {
+  for (let e = 0; e < t.length; e++) t[e].fill(0);
 }
-function Ht(n) {
-  return Ct(ht(we(V(n)).reverse()));
+function ee(t) {
+  return new DataView(t.buffer, t.byteOffset, t.byteLength);
 }
-function xt(n, t) {
-  it(t), n = zt(n);
-  const r = lt(n.toString(16).padStart(t * 2, "0"));
-  if (r.length !== t)
-    throw new Error("number too large");
+function st(t, e) {
+  return t << 32 - e | t >>> e;
+}
+function Ir(t, e) {
+  return t << e | t >>> 32 - e >>> 0;
+}
+function On(t) {
+  return t << 24 & 4278190080 | t << 8 & 16711680 | t >>> 8 & 65280 | t >>> 24 & 255;
+}
+function Hn(t) {
+  for (let e = 0; e < t.length; e++) t[e] = On(t[e]);
+  return t;
+}
+function Xt(t) {
+  if (C(t), pe) return t.toHex();
+  let e = "";
+  for (let r = 0; r < t.length; r++) e += Ke[t[r]];
+  return e;
+}
+function Oe(t) {
+  if (t >= it._0 && t <= it._9) return t - it._0;
+  if (t >= it.A && t <= it.F) return t - (it.A - 10);
+  if (t >= it.a && t <= it.f) return t - (it.a - 10);
+}
+function Mt(t) {
+  if (typeof t != "string") throw new Error("hex string expected, got " + typeof t);
+  if (pe) return Uint8Array.fromHex(t);
+  const e = t.length, r = e / 2;
+  if (e % 2) throw new Error("hex string expected, got unpadded hex of length " + e);
+  const n = new Uint8Array(r);
+  for (let o = 0, s = 0; o < r; o++, s += 2) {
+    const i = Oe(t.charCodeAt(s)), c = Oe(t.charCodeAt(s + 1));
+    if (i === void 0 || c === void 0) {
+      const f = t[s] + t[s + 1];
+      throw new Error('hex string expected, got non-hex character "' + f + '" at index ' + s);
+    }
+    n[o] = i * 16 + c;
+  }
+  return n;
+}
+function P(...t) {
+  let e = 0;
+  for (let n = 0; n < t.length; n++) {
+    const o = t[n];
+    C(o), e += o.length;
+  }
+  const r = new Uint8Array(e);
+  for (let n = 0, o = 0; n < t.length; n++) {
+    const s = t[n];
+    r.set(s, o), o += s.length;
+  }
   return r;
 }
-function Xt(n, t) {
-  return xt(n, t).reverse();
+function _t(t, e = {}) {
+  const r = (o, s) => t(s).update(o).digest(), n = t(void 0);
+  return r.outputLen = n.outputLen, r.blockLen = n.blockLen, r.create = (o) => t(o), Object.assign(r, e), Object.freeze(r);
 }
-function we(n) {
-  return Uint8Array.from(n);
+function Ge(t = 32) {
+  const e = typeof globalThis == "object" ? globalThis.crypto : null;
+  if (typeof e?.getRandomValues != "function") throw new Error("crypto.getRandomValues must be defined");
+  return e.getRandomValues(new Uint8Array(t));
 }
-const ut = (n) => typeof n == "bigint" && Rt <= n;
-function ge(n, t, r) {
-  return ut(n) && ut(t) && ut(r) && t <= n && n < r;
+var He, In, pe, Ke, it, mt, Nt = Bt((() => {
+  He = new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68, In = He ? (t) => t : Hn, pe = typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function", Ke = /* @__PURE__ */ Array.from({ length: 256 }, (t, e) => e.toString(16).padStart(2, "0")), it = {
+    _0: 48,
+    _9: 57,
+    A: 65,
+    F: 70,
+    a: 97,
+    f: 102
+  }, mt = (t) => ({ oid: Uint8Array.from([
+    6,
+    9,
+    96,
+    134,
+    72,
+    1,
+    101,
+    3,
+    4,
+    2,
+    t
+  ]) });
+})), Lr = /* @__PURE__ */ je({
+  _HMAC: () => kt,
+  hmac: () => $t
+}), kt, $t, Ln = Bt((() => {
+  Nt(), kt = class {
+    oHash;
+    iHash;
+    blockLen;
+    outputLen;
+    finished = !1;
+    destroyed = !1;
+    constructor(t, e) {
+      if (Ye(t), C(e, void 0, "key"), this.iHash = t.create(), typeof this.iHash.update != "function") throw new Error("Expected instance of class which extends utils.Hash");
+      this.blockLen = this.iHash.blockLen, this.outputLen = this.iHash.outputLen;
+      const r = this.blockLen, n = new Uint8Array(r);
+      n.set(e.length > r ? t.create().update(e).digest() : e);
+      for (let o = 0; o < n.length; o++) n[o] ^= 54;
+      this.iHash.update(n), this.oHash = t.create();
+      for (let o = 0; o < n.length; o++) n[o] ^= 106;
+      this.oHash.update(n), At(n);
+    }
+    update(t) {
+      return Vt(this), this.iHash.update(t), this;
+    }
+    digestInto(t) {
+      Vt(this), C(t, this.outputLen, "output"), this.finished = !0, this.iHash.digestInto(t), this.oHash.update(t), this.oHash.digestInto(t), this.destroy();
+    }
+    digest() {
+      const t = new Uint8Array(this.oHash.outputLen);
+      return this.digestInto(t), t;
+    }
+    _cloneInto(t) {
+      t ||= Object.create(Object.getPrototypeOf(this), {});
+      const { oHash: e, iHash: r, finished: n, destroyed: o, blockLen: s, outputLen: i } = this;
+      return t = t, t.finished = n, t.destroyed = o, t.blockLen = s, t.outputLen = i, t.oHash = e._cloneInto(t.oHash), t.iHash = r._cloneInto(t.iHash), t;
+    }
+    clone() {
+      return this._cloneInto();
+    }
+    destroy() {
+      this.destroyed = !0, this.oHash.destroy(), this.iHash.destroy();
+    }
+  }, $t = (t, e, r) => new kt(t, e).update(r).digest(), $t.create = (t, e) => new kt(t, e);
+}));
+function qn(t, e, r) {
+  return t & e ^ ~t & r;
+}
+function Un(t, e, r) {
+  return t & e ^ t & r ^ e & r;
+}
+var ae, dt, ht, K, X, Nn = Bt((() => {
+  Nt(), ae = class {
+    blockLen;
+    outputLen;
+    padOffset;
+    isLE;
+    buffer;
+    view;
+    finished = !1;
+    length = 0;
+    pos = 0;
+    destroyed = !1;
+    constructor(t, e, r, n) {
+      this.blockLen = t, this.outputLen = e, this.padOffset = r, this.isLE = n, this.buffer = new Uint8Array(t), this.view = ee(this.buffer);
+    }
+    update(t) {
+      Vt(this), C(t);
+      const { view: e, buffer: r, blockLen: n } = this, o = t.length;
+      for (let s = 0; s < o; ) {
+        const i = Math.min(n - this.pos, o - s);
+        if (i === n) {
+          const c = ee(t);
+          for (; n <= o - s; s += n) this.process(c, s);
+          continue;
+        }
+        r.set(t.subarray(s, s + i), this.pos), this.pos += i, s += i, this.pos === n && (this.process(e, 0), this.pos = 0);
+      }
+      return this.length += t.length, this.roundClean(), this;
+    }
+    digestInto(t) {
+      Vt(this), Rn(t, this), this.finished = !0;
+      const { buffer: e, view: r, blockLen: n, isLE: o } = this;
+      let { pos: s } = this;
+      e[s++] = 128, At(this.buffer.subarray(s)), this.padOffset > n - s && (this.process(r, 0), s = 0);
+      for (let a = s; a < n; a++) e[a] = 0;
+      r.setBigUint64(n - 8, BigInt(this.length * 8), o), this.process(r, 0);
+      const i = ee(t), c = this.outputLen;
+      if (c % 4) throw new Error("_sha2: outputLen must be aligned to 32bit");
+      const f = c / 4, l = this.get();
+      if (f > l.length) throw new Error("_sha2: outputLen bigger than state");
+      for (let a = 0; a < f; a++) i.setUint32(4 * a, l[a], o);
+    }
+    digest() {
+      const { buffer: t, outputLen: e } = this;
+      this.digestInto(t);
+      const r = t.slice(0, e);
+      return this.destroy(), r;
+    }
+    _cloneInto(t) {
+      t ||= new this.constructor(), t.set(...this.get());
+      const { blockLen: e, buffer: r, length: n, finished: o, destroyed: s, pos: i } = this;
+      return t.destroyed = s, t.finished = o, t.length = n, t.pos = i, n % e && t.buffer.set(r), t;
+    }
+    clone() {
+      return this._cloneInto();
+    }
+  }, dt = /* @__PURE__ */ Uint32Array.from([
+    1779033703,
+    3144134277,
+    1013904242,
+    2773480762,
+    1359893119,
+    2600822924,
+    528734635,
+    1541459225
+  ]), ht = /* @__PURE__ */ Uint32Array.from([
+    3238371032,
+    914150663,
+    812702999,
+    4144912697,
+    4290775857,
+    1750603025,
+    1694076839,
+    3204075428
+  ]), K = /* @__PURE__ */ Uint32Array.from([
+    3418070365,
+    3238371032,
+    1654270250,
+    914150663,
+    2438529370,
+    812702999,
+    355462360,
+    4144912697,
+    1731405415,
+    4290775857,
+    2394180231,
+    1750603025,
+    3675008525,
+    1694076839,
+    1203062813,
+    3204075428
+  ]), X = /* @__PURE__ */ Uint32Array.from([
+    1779033703,
+    4089235720,
+    3144134277,
+    2227873595,
+    1013904242,
+    4271175723,
+    2773480762,
+    1595750129,
+    1359893119,
+    2917565137,
+    2600822924,
+    725511199,
+    528734635,
+    4215389547,
+    1541459225,
+    327033209
+  ]);
+}));
+function Dn(t, e = !1) {
+  return e ? {
+    h: Number(t & It),
+    l: Number(t >> le & It)
+  } : {
+    h: Number(t >> le & It) | 0,
+    l: Number(t & It) | 0
+  };
+}
+function Cn(t, e = !1) {
+  const r = t.length;
+  let n = new Uint32Array(r), o = new Uint32Array(r);
+  for (let s = 0; s < r; s++) {
+    const { h: i, l: c } = Dn(t[s], e);
+    [n[s], o[s]] = [i, c];
+  }
+  return [n, o];
+}
+function ft(t, e, r, n) {
+  const o = (e >>> 0) + (n >>> 0);
+  return {
+    h: t + r + (o / 2 ** 32 | 0) | 0,
+    l: o | 0
+  };
 }
-function me(n, t, r, e) {
-  if (!ge(t, r, e))
-    throw new Error("expected valid " + n + ": " + r + " <= n < " + e + ", got " + t);
+var It, le, ue, de, yt, Et, Lt, qt, Zn, kn, Tn, Vn, Xe, ze, We, Qe, Je, Pe, Mn = Bt((() => {
+  It = /* @__PURE__ */ BigInt(2 ** 32 - 1), le = /* @__PURE__ */ BigInt(32), ue = (t, e, r) => t >>> r, de = (t, e, r) => t << 32 - r | e >>> r, yt = (t, e, r) => t >>> r | e << 32 - r, Et = (t, e, r) => t << 32 - r | e >>> r, Lt = (t, e, r) => t << 64 - r | e >>> r - 32, qt = (t, e, r) => t >>> r - 32 | e << 64 - r, Zn = (t, e, r) => t << r | e >>> 32 - r, kn = (t, e, r) => e << r | t >>> 32 - r, Tn = (t, e, r) => e << r - 32 | t >>> 64 - r, Vn = (t, e, r) => t << r - 32 | e >>> 64 - r, Xe = (t, e, r) => (t >>> 0) + (e >>> 0) + (r >>> 0), ze = (t, e, r, n) => e + r + n + (t / 2 ** 32 | 0) | 0, We = (t, e, r, n) => (t >>> 0) + (e >>> 0) + (r >>> 0) + (n >>> 0), Qe = (t, e, r, n, o) => e + r + n + o + (t / 2 ** 32 | 0) | 0, Je = (t, e, r, n, o) => (t >>> 0) + (e >>> 0) + (r >>> 0) + (n >>> 0) + (o >>> 0), Pe = (t, e, r, n, o, s) => e + r + n + o + s + (t / 2 ** 32 | 0) | 0;
+})), qr = /* @__PURE__ */ je({
+  _SHA224: () => be,
+  _SHA256: () => he,
+  _SHA384: () => ge,
+  _SHA512: () => we,
+  _SHA512_224: () => me,
+  _SHA512_256: () => ye,
+  sha224: () => Fe,
+  sha256: () => zt,
+  sha384: () => en,
+  sha512: () => tn,
+  sha512_224: () => rn,
+  sha512_256: () => nn
+}), Ie, at, ne, he, be, re, Le, qe, lt, ut, Ht, we, ge, Y, G, me, ye, zt, Fe, tn, en, nn, rn, $n = Bt((() => {
+  Nn(), Mn(), Nt(), Ie = /* @__PURE__ */ Uint32Array.from([
+    1116352408,
+    1899447441,
+    3049323471,
+    3921009573,
+    961987163,
+    1508970993,
+    2453635748,
+    2870763221,
+    3624381080,
+    310598401,
+    607225278,
+    1426881987,
+    1925078388,
+    2162078206,
+    2614888103,
+    3248222580,
+    3835390401,
+    4022224774,
+    264347078,
+    604807628,
+    770255983,
+    1249150122,
+    1555081692,
+    1996064986,
+    2554220882,
+    2821834349,
+    2952996808,
+    3210313671,
+    3336571891,
+    3584528711,
+    113926993,
+    338241895,
+    666307205,
+    773529912,
+    1294757372,
+    1396182291,
+    1695183700,
+    1986661051,
+    2177026350,
+    2456956037,
+    2730485921,
+    2820302411,
+    3259730800,
+    3345764771,
+    3516065817,
+    3600352804,
+    4094571909,
+    275423344,
+    430227734,
+    506948616,
+    659060556,
+    883997877,
+    958139571,
+    1322822218,
+    1537002063,
+    1747873779,
+    1955562222,
+    2024104815,
+    2227730452,
+    2361852424,
+    2428436474,
+    2756734187,
+    3204031479,
+    3329325298
+  ]), at = /* @__PURE__ */ new Uint32Array(64), ne = class extends ae {
+    constructor(t) {
+      super(64, t, 8, !1);
+    }
+    get() {
+      const { A: t, B: e, C: r, D: n, E: o, F: s, G: i, H: c } = this;
+      return [
+        t,
+        e,
+        r,
+        n,
+        o,
+        s,
+        i,
+        c
+      ];
+    }
+    set(t, e, r, n, o, s, i, c) {
+      this.A = t | 0, this.B = e | 0, this.C = r | 0, this.D = n | 0, this.E = o | 0, this.F = s | 0, this.G = i | 0, this.H = c | 0;
+    }
+    process(t, e) {
+      for (let a = 0; a < 16; a++, e += 4) at[a] = t.getUint32(e, !1);
+      for (let a = 16; a < 64; a++) {
+        const g = at[a - 15], b = at[a - 2], w = st(g, 7) ^ st(g, 18) ^ g >>> 3;
+        at[a] = (st(b, 17) ^ st(b, 19) ^ b >>> 10) + at[a - 7] + w + at[a - 16] | 0;
+      }
+      let { A: r, B: n, C: o, D: s, E: i, F: c, G: f, H: l } = this;
+      for (let a = 0; a < 64; a++) {
+        const g = st(i, 6) ^ st(i, 11) ^ st(i, 25), b = l + g + qn(i, c, f) + Ie[a] + at[a] | 0, w = (st(r, 2) ^ st(r, 13) ^ st(r, 22)) + Un(r, n, o) | 0;
+        l = f, f = c, c = i, i = s + b | 0, s = o, o = n, n = r, r = b + w | 0;
+      }
+      r = r + this.A | 0, n = n + this.B | 0, o = o + this.C | 0, s = s + this.D | 0, i = i + this.E | 0, c = c + this.F | 0, f = f + this.G | 0, l = l + this.H | 0, this.set(r, n, o, s, i, c, f, l);
+    }
+    roundClean() {
+      At(at);
+    }
+    destroy() {
+      this.set(0, 0, 0, 0, 0, 0, 0, 0), At(this.buffer);
+    }
+  }, he = class extends ne {
+    A = dt[0] | 0;
+    B = dt[1] | 0;
+    C = dt[2] | 0;
+    D = dt[3] | 0;
+    E = dt[4] | 0;
+    F = dt[5] | 0;
+    G = dt[6] | 0;
+    H = dt[7] | 0;
+    constructor() {
+      super(32);
+    }
+  }, be = class extends ne {
+    A = ht[0] | 0;
+    B = ht[1] | 0;
+    C = ht[2] | 0;
+    D = ht[3] | 0;
+    E = ht[4] | 0;
+    F = ht[5] | 0;
+    G = ht[6] | 0;
+    H = ht[7] | 0;
+    constructor() {
+      super(28);
+    }
+  }, re = Cn([
+    "0x428a2f98d728ae22",
+    "0x7137449123ef65cd",
+    "0xb5c0fbcfec4d3b2f",
+    "0xe9b5dba58189dbbc",
+    "0x3956c25bf348b538",
+    "0x59f111f1b605d019",
+    "0x923f82a4af194f9b",
+    "0xab1c5ed5da6d8118",
+    "0xd807aa98a3030242",
+    "0x12835b0145706fbe",
+    "0x243185be4ee4b28c",
+    "0x550c7dc3d5ffb4e2",
+    "0x72be5d74f27b896f",
+    "0x80deb1fe3b1696b1",
+    "0x9bdc06a725c71235",
+    "0xc19bf174cf692694",
+    "0xe49b69c19ef14ad2",
+    "0xefbe4786384f25e3",
+    "0x0fc19dc68b8cd5b5",
+    "0x240ca1cc77ac9c65",
+    "0x2de92c6f592b0275",
+    "0x4a7484aa6ea6e483",
+    "0x5cb0a9dcbd41fbd4",
+    "0x76f988da831153b5",
+    "0x983e5152ee66dfab",
+    "0xa831c66d2db43210",
+    "0xb00327c898fb213f",
+    "0xbf597fc7beef0ee4",
+    "0xc6e00bf33da88fc2",
+    "0xd5a79147930aa725",
+    "0x06ca6351e003826f",
+    "0x142929670a0e6e70",
+    "0x27b70a8546d22ffc",
+    "0x2e1b21385c26c926",
+    "0x4d2c6dfc5ac42aed",
+    "0x53380d139d95b3df",
+    "0x650a73548baf63de",
+    "0x766a0abb3c77b2a8",
+    "0x81c2c92e47edaee6",
+    "0x92722c851482353b",
+    "0xa2bfe8a14cf10364",
+    "0xa81a664bbc423001",
+    "0xc24b8b70d0f89791",
+    "0xc76c51a30654be30",
+    "0xd192e819d6ef5218",
+    "0xd69906245565a910",
+    "0xf40e35855771202a",
+    "0x106aa07032bbd1b8",
+    "0x19a4c116b8d2d0c8",
+    "0x1e376c085141ab53",
+    "0x2748774cdf8eeb99",
+    "0x34b0bcb5e19b48a8",
+    "0x391c0cb3c5c95a63",
+    "0x4ed8aa4ae3418acb",
+    "0x5b9cca4f7763e373",
+    "0x682e6ff3d6b2b8a3",
+    "0x748f82ee5defb2fc",
+    "0x78a5636f43172f60",
+    "0x84c87814a1f0ab72",
+    "0x8cc702081a6439ec",
+    "0x90befffa23631e28",
+    "0xa4506cebde82bde9",
+    "0xbef9a3f7b2c67915",
+    "0xc67178f2e372532b",
+    "0xca273eceea26619c",
+    "0xd186b8c721c0c207",
+    "0xeada7dd6cde0eb1e",
+    "0xf57d4f7fee6ed178",
+    "0x06f067aa72176fba",
+    "0x0a637dc5a2c898a6",
+    "0x113f9804bef90dae",
+    "0x1b710b35131c471b",
+    "0x28db77f523047d84",
+    "0x32caab7b40c72493",
+    "0x3c9ebe0a15c9bebc",
+    "0x431d67c49c100d4c",
+    "0x4cc5d4becb3e42b6",
+    "0x597f299cfc657e2a",
+    "0x5fcb6fab3ad6faec",
+    "0x6c44198c4a475817"
+  ].map((t) => BigInt(t))), Le = re[0], qe = re[1], lt = /* @__PURE__ */ new Uint32Array(80), ut = /* @__PURE__ */ new Uint32Array(80), Ht = class extends ae {
+    constructor(t) {
+      super(128, t, 16, !1);
+    }
+    get() {
+      const { Ah: t, Al: e, Bh: r, Bl: n, Ch: o, Cl: s, Dh: i, Dl: c, Eh: f, El: l, Fh: a, Fl: g, Gh: b, Gl: w, Hh: m, Hl: x } = this;
+      return [
+        t,
+        e,
+        r,
+        n,
+        o,
+        s,
+        i,
+        c,
+        f,
+        l,
+        a,
+        g,
+        b,
+        w,
+        m,
+        x
+      ];
+    }
+    set(t, e, r, n, o, s, i, c, f, l, a, g, b, w, m, x) {
+      this.Ah = t | 0, this.Al = e | 0, this.Bh = r | 0, this.Bl = n | 0, this.Ch = o | 0, this.Cl = s | 0, this.Dh = i | 0, this.Dl = c | 0, this.Eh = f | 0, this.El = l | 0, this.Fh = a | 0, this.Fl = g | 0, this.Gh = b | 0, this.Gl = w | 0, this.Hh = m | 0, this.Hl = x | 0;
+    }
+    process(t, e) {
+      for (let E = 0; E < 16; E++, e += 4)
+        lt[E] = t.getUint32(e), ut[E] = t.getUint32(e += 4);
+      for (let E = 16; E < 80; E++) {
+        const L = lt[E - 15] | 0, I = ut[E - 15] | 0, V = yt(L, I, 1) ^ yt(L, I, 8) ^ ue(L, I, 7), M = Et(L, I, 1) ^ Et(L, I, 8) ^ de(L, I, 7), D = lt[E - 2] | 0, N = ut[E - 2] | 0, O = yt(D, N, 19) ^ Lt(D, N, 61) ^ ue(D, N, 6), nt = Et(D, N, 19) ^ qt(D, N, 61) ^ de(D, N, 6), F = We(M, nt, ut[E - 7], ut[E - 16]);
+        lt[E] = Qe(F, V, O, lt[E - 7], lt[E - 16]) | 0, ut[E] = F | 0;
+      }
+      let { Ah: r, Al: n, Bh: o, Bl: s, Ch: i, Cl: c, Dh: f, Dl: l, Eh: a, El: g, Fh: b, Fl: w, Gh: m, Gl: x, Hh: v, Hl: B } = this;
+      for (let E = 0; E < 80; E++) {
+        const L = yt(a, g, 14) ^ yt(a, g, 18) ^ Lt(a, g, 41), I = Et(a, g, 14) ^ Et(a, g, 18) ^ qt(a, g, 41), V = a & b ^ ~a & m, M = g & w ^ ~g & x, D = Je(B, I, M, qe[E], ut[E]), N = Pe(D, v, L, V, Le[E], lt[E]), O = D | 0, nt = yt(r, n, 28) ^ Lt(r, n, 34) ^ Lt(r, n, 39), F = Et(r, n, 28) ^ qt(r, n, 34) ^ qt(r, n, 39), U = r & o ^ r & i ^ o & i, h = n & s ^ n & c ^ s & c;
+        v = m | 0, B = x | 0, m = b | 0, x = w | 0, b = a | 0, w = g | 0, { h: a, l: g } = ft(f | 0, l | 0, N | 0, O | 0), f = i | 0, l = c | 0, i = o | 0, c = s | 0, o = r | 0, s = n | 0;
+        const d = Xe(O, F, h);
+        r = ze(d, N, nt, U), n = d | 0;
+      }
+      ({ h: r, l: n } = ft(this.Ah | 0, this.Al | 0, r | 0, n | 0)), { h: o, l: s } = ft(this.Bh | 0, this.Bl | 0, o | 0, s | 0), { h: i, l: c } = ft(this.Ch | 0, this.Cl | 0, i | 0, c | 0), { h: f, l } = ft(this.Dh | 0, this.Dl | 0, f | 0, l | 0), { h: a, l: g } = ft(this.Eh | 0, this.El | 0, a | 0, g | 0), { h: b, l: w } = ft(this.Fh | 0, this.Fl | 0, b | 0, w | 0), { h: m, l: x } = ft(this.Gh | 0, this.Gl | 0, m | 0, x | 0), { h: v, l: B } = ft(this.Hh | 0, this.Hl | 0, v | 0, B | 0), this.set(r, n, o, s, i, c, f, l, a, g, b, w, m, x, v, B);
+    }
+    roundClean() {
+      At(lt, ut);
+    }
+    destroy() {
+      At(this.buffer), this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+    }
+  }, we = class extends Ht {
+    Ah = X[0] | 0;
+    Al = X[1] | 0;
+    Bh = X[2] | 0;
+    Bl = X[3] | 0;
+    Ch = X[4] | 0;
+    Cl = X[5] | 0;
+    Dh = X[6] | 0;
+    Dl = X[7] | 0;
+    Eh = X[8] | 0;
+    El = X[9] | 0;
+    Fh = X[10] | 0;
+    Fl = X[11] | 0;
+    Gh = X[12] | 0;
+    Gl = X[13] | 0;
+    Hh = X[14] | 0;
+    Hl = X[15] | 0;
+    constructor() {
+      super(64);
+    }
+  }, ge = class extends Ht {
+    Ah = K[0] | 0;
+    Al = K[1] | 0;
+    Bh = K[2] | 0;
+    Bl = K[3] | 0;
+    Ch = K[4] | 0;
+    Cl = K[5] | 0;
+    Dh = K[6] | 0;
+    Dl = K[7] | 0;
+    Eh = K[8] | 0;
+    El = K[9] | 0;
+    Fh = K[10] | 0;
+    Fl = K[11] | 0;
+    Gh = K[12] | 0;
+    Gl = K[13] | 0;
+    Hh = K[14] | 0;
+    Hl = K[15] | 0;
+    constructor() {
+      super(48);
+    }
+  }, Y = /* @__PURE__ */ Uint32Array.from([
+    2352822216,
+    424955298,
+    1944164710,
+    2312950998,
+    502970286,
+    855612546,
+    1738396948,
+    1479516111,
+    258812777,
+    2077511080,
+    2011393907,
+    79989058,
+    1067287976,
+    1780299464,
+    286451373,
+    2446758561
+  ]), G = /* @__PURE__ */ Uint32Array.from([
+    573645204,
+    4230739756,
+    2673172387,
+    3360449730,
+    596883563,
+    1867755857,
+    2520282905,
+    1497426621,
+    2519219938,
+    2827943907,
+    3193839141,
+    1401305490,
+    721525244,
+    746961066,
+    246885852,
+    2177182882
+  ]), me = class extends Ht {
+    Ah = Y[0] | 0;
+    Al = Y[1] | 0;
+    Bh = Y[2] | 0;
+    Bl = Y[3] | 0;
+    Ch = Y[4] | 0;
+    Cl = Y[5] | 0;
+    Dh = Y[6] | 0;
+    Dl = Y[7] | 0;
+    Eh = Y[8] | 0;
+    El = Y[9] | 0;
+    Fh = Y[10] | 0;
+    Fl = Y[11] | 0;
+    Gh = Y[12] | 0;
+    Gl = Y[13] | 0;
+    Hh = Y[14] | 0;
+    Hl = Y[15] | 0;
+    constructor() {
+      super(28);
+    }
+  }, ye = class extends Ht {
+    Ah = G[0] | 0;
+    Al = G[1] | 0;
+    Bh = G[2] | 0;
+    Bl = G[3] | 0;
+    Ch = G[4] | 0;
+    Cl = G[5] | 0;
+    Dh = G[6] | 0;
+    Dl = G[7] | 0;
+    Eh = G[8] | 0;
+    El = G[9] | 0;
+    Fh = G[10] | 0;
+    Fl = G[11] | 0;
+    Gh = G[12] | 0;
+    Gl = G[13] | 0;
+    Hh = G[14] | 0;
+    Hl = G[15] | 0;
+    constructor() {
+      super(32);
+    }
+  }, zt = /* @__PURE__ */ _t(() => new he(), /* @__PURE__ */ mt(1)), Fe = /* @__PURE__ */ _t(() => new be(), /* @__PURE__ */ mt(4)), tn = /* @__PURE__ */ _t(() => new we(), /* @__PURE__ */ mt(3)), en = /* @__PURE__ */ _t(() => new ge(), /* @__PURE__ */ mt(2)), nn = /* @__PURE__ */ _t(() => new ye(), /* @__PURE__ */ mt(6)), rn = /* @__PURE__ */ _t(() => new me(), /* @__PURE__ */ mt(5));
+}));
+function jt(t, e = "") {
+  if (typeof t != "boolean") {
+    const r = e && `"${e}" `;
+    throw new Error(r + "expected boolean, got type=" + typeof t);
+  }
+  return t;
 }
-function be(n) {
-  let t;
-  for (t = 0; n > Rt; n >>= Bt, t += 1)
-    ;
+function on(t) {
+  if (typeof t == "bigint") {
+    if (!Ut(t)) throw new Error("positive bigint expected, got " + t);
+  } else xt(t);
   return t;
 }
-const St = (n) => (Bt << BigInt(n)) - Bt;
-function Ee(n, t, r) {
-  if (it(n, "hashLen"), it(t, "qByteLen"), typeof r != "function")
-    throw new Error("hmacFn must be a function");
-  const e = (R) => new Uint8Array(R), o = Uint8Array.of(), s = Uint8Array.of(0), i = Uint8Array.of(1), u = 1e3;
-  let c = e(n), a = e(n), w = 0;
-  const S = () => {
-    c.fill(1), a.fill(0), w = 0;
-  }, q = (...R) => r(a, J(c, ...R)), B = (R = o) => {
-    a = q(s, R), c = q(), R.length !== 0 && (a = q(i, R), c = q());
-  }, v = () => {
-    if (w++ >= u)
-      throw new Error("drbg: tried max amount of iterations");
-    let R = 0;
-    const N = [];
-    for (; R < t; ) {
-      c = q();
-      const T = c.slice();
-      N.push(T), R += c.length;
-    }
-    return J(...N);
+function Rt(t, e = "") {
+  if (!Number.isSafeInteger(t)) {
+    const r = e && `"${e}" `;
+    throw new Error(r + "expected safe integer, got type=" + typeof t);
+  }
+}
+function Zt(t) {
+  const e = on(t).toString(16);
+  return e.length & 1 ? "0" + e : e;
+}
+function sn(t) {
+  if (typeof t != "string") throw new Error("hex string expected, got " + typeof t);
+  return t === "" ? Yt : BigInt("0x" + t);
+}
+function Dt(t) {
+  return sn(Xt(t));
+}
+function cn(t) {
+  return sn(Xt(jn(C(t)).reverse()));
+}
+function xe(t, e) {
+  xt(e), t = on(t);
+  const r = Mt(t.toString(16).padStart(e * 2, "0"));
+  if (r.length !== e) throw new Error("number too large");
+  return r;
+}
+function fn(t, e) {
+  return xe(t, e).reverse();
+}
+function jn(t) {
+  return Uint8Array.from(t);
+}
+function Wt(t) {
+  return Uint8Array.from(t, (e, r) => {
+    const n = e.charCodeAt(0);
+    if (e.length !== 1 || n > 127) throw new Error(`string contains non-ASCII character "${t[r]}" with code ${n} at position ${r}`);
+    return n;
+  });
+}
+function Yn(t, e, r) {
+  return Ut(t) && Ut(e) && Ut(r) && e <= t && t < r;
+}
+function Gn(t, e, r, n) {
+  if (!Yn(e, r, n)) throw new Error("expected valid " + t + ": " + r + " <= n < " + n + ", got " + e);
+}
+function Kn(t) {
+  let e;
+  for (e = 0; t > Yt; t >>= Tt, e += 1) ;
+  return e;
+}
+function Xn(t, e, r) {
+  if (xt(t, "hashLen"), xt(e, "qByteLen"), typeof r != "function") throw new Error("hmacFn must be a function");
+  const n = (v) => new Uint8Array(v), o = Uint8Array.of(), s = Uint8Array.of(0), i = Uint8Array.of(1), c = 1e3;
+  let f = n(t), l = n(t), a = 0;
+  const g = () => {
+    f.fill(1), l.fill(0), a = 0;
+  }, b = (...v) => r(l, P(f, ...v)), w = (v = o) => {
+    l = b(s, v), f = b(), v.length !== 0 && (l = b(i, v), f = b());
+  }, m = () => {
+    if (a++ >= c) throw new Error("drbg: tried max amount of iterations");
+    let v = 0;
+    const B = [];
+    for (; v < e; ) {
+      f = b();
+      const E = f.slice();
+      B.push(E), v += f.length;
+    }
+    return P(...B);
   };
-  return (R, N) => {
-    S(), B(R);
-    let T;
-    for (; !(T = N(v())); )
-      B();
-    return S(), T;
+  return (v, B) => {
+    g(), w(v);
+    let E;
+    for (; !(E = B(m())); ) w();
+    return g(), E;
   };
 }
-function Ot(n, t = {}, r = {}) {
-  if (!n || typeof n != "object")
-    throw new Error("expected valid options object");
-  function e(s, i, u) {
-    const c = n[s];
-    if (u && c === void 0)
-      return;
-    const a = typeof c;
-    if (a !== i || c === null)
-      throw new Error(`param "${s}" is invalid: expected ${i}, got ${a}`);
-  }
-  const o = (s, i) => Object.entries(s).forEach(([u, c]) => e(u, c, i));
-  o(t, !1), o(r, !0);
-}
-function At(n) {
-  const t = /* @__PURE__ */ new WeakMap();
-  return (r, ...e) => {
-    const o = t.get(r);
-    if (o !== void 0)
-      return o;
-    const s = n(r, ...e);
-    return t.set(r, s), s;
+function Qt(t, e = {}, r = {}) {
+  if (!t || typeof t != "object") throw new Error("expected valid options object");
+  function n(s, i, c) {
+    const f = t[s];
+    if (c && f === void 0) return;
+    const l = typeof f;
+    if (l !== i || f === null) throw new Error(`param "${s}" is invalid: expected ${i}, got ${l}`);
+  }
+  const o = (s, i) => Object.entries(s).forEach(([c, f]) => n(c, f, i));
+  o(e, !1), o(r, !0);
+}
+function Ue(t) {
+  const e = /* @__PURE__ */ new WeakMap();
+  return (r, ...n) => {
+    const o = e.get(r);
+    if (o !== void 0) return o;
+    const s = t(r, ...n);
+    return e.set(r, s), s;
   };
 }
-function qt(n) {
-  if (!Number.isSafeInteger(n) || n < 0 || n > 4294967295)
-    throw new Error("wrong u32 integer:" + n);
-  return n;
+var Yt, Tt, Ut, Jt, Pt = Bt((() => {
+  Nt(), Yt = /* @__PURE__ */ BigInt(0), Tt = /* @__PURE__ */ BigInt(1), Ut = (t) => typeof t == "bigint" && Yt <= t, Jt = (t) => (Tt << BigInt(t)) - Tt;
+}));
+function Be(t) {
+  if (!Number.isSafeInteger(t) || t < 0 || t > 4294967295) throw new Error("wrong u32 integer:" + t);
+  return t;
 }
-function Gt(n) {
-  return qt(n), (n & n - 1) === 0 && n !== 0;
+function an(t) {
+  return Be(t), (t & t - 1) === 0 && t !== 0;
 }
-function ye(n, t) {
-  qt(n);
+function zn(t, e) {
+  Be(t);
   let r = 0;
-  for (let e = 0; e < t; e++, n >>>= 1)
-    r = r << 1 | n & 1;
+  for (let n = 0; n < e; n++, t >>>= 1) r = r << 1 | t & 1;
   return r;
 }
-function Wt(n) {
-  return qt(n), 31 - Math.clz32(n);
+function ln(t) {
+  return Be(t), 31 - Math.clz32(t);
 }
-function Lt(n) {
-  const t = n.length;
-  if (t < 2 || !Gt(t))
-    throw new Error("n must be a power of 2 and greater than 1. Got " + t);
-  const r = Wt(t);
-  for (let e = 0; e < t; e++) {
-    const o = ye(e, r);
-    if (e < o) {
-      const s = n[e];
-      n[e] = n[o], n[o] = s;
+function Ne(t) {
+  const e = t.length;
+  if (e < 2 || !an(e)) throw new Error("n must be a power of 2 and greater than 1. Got " + e);
+  const r = ln(e);
+  for (let n = 0; n < e; n++) {
+    const o = zn(n, r);
+    if (n < o) {
+      const s = t[n];
+      t[n] = t[o], t[o] = s;
     }
   }
-  return n;
+  return t;
 }
-const Ce = (n, t) => {
-  const { N: r, roots: e, dit: o, invertButterflies: s = !1, skipStages: i = 0, brp: u = !0 } = t, c = Wt(r);
-  if (!Gt(r))
-    throw new Error("FFT: Polynomial size should be power of two");
-  const a = o !== s;
-  return (w) => {
-    if (w.length !== r)
-      throw new Error("FFT: wrong Polynomial length");
-    o && u && Lt(w);
-    for (let S = 0, q = 1; S < c - i; S++) {
-      const B = o ? S + 1 + i : c - S, v = 1 << B, _ = v >> 1, R = r >> B;
-      for (let N = 0; N < r; N += v)
-        for (let T = 0, C = q++; T < _; T++) {
-          const Y = s ? o ? r - C : C : T * R, K = N + T, M = N + T + _, F = e[Y], H = w[M], x = w[K];
-          if (a) {
-            const P = n.mul(H, F);
-            w[K] = n.add(x, P), w[M] = n.sub(x, P);
-          } else s ? (w[K] = n.add(H, x), w[M] = n.mul(n.sub(H, x), F)) : (w[K] = n.add(x, H), w[M] = n.mul(n.sub(x, H), F));
+var Wn, Ur = Bt((() => {
+  Wn = (t, e) => {
+    const { N: r, roots: n, dit: o, invertButterflies: s = !1, skipStages: i = 0, brp: c = !0 } = e, f = ln(r);
+    if (!an(r)) throw new Error("FFT: Polynomial size should be power of two");
+    const l = o !== s;
+    return (a) => {
+      if (a.length !== r) throw new Error("FFT: wrong Polynomial length");
+      o && c && Ne(a);
+      for (let g = 0, b = 1; g < f - i; g++) {
+        const w = o ? g + 1 + i : f - g, m = 1 << w, x = m >> 1, v = r >> w;
+        for (let B = 0; B < r; B += m) for (let E = 0, L = b++; E < x; E++) {
+          const I = s ? o ? r - L : L : E * v, V = B + E, M = B + E + x, D = n[I], N = a[M], O = a[V];
+          if (l) {
+            const nt = t.mul(N, D);
+            a[V] = t.add(O, nt), a[M] = t.sub(O, nt);
+          } else s ? (a[V] = t.add(N, O), a[M] = t.mul(t.sub(N, O), D)) : (a[V] = t.add(O, N), a[M] = t.mul(t.sub(O, N), D));
         }
-    }
-    return !o && u && Lt(w), w;
+      }
+      return !o && c && Ne(a), a;
+    };
   };
-};
-const j = /* @__PURE__ */ BigInt(0), $ = /* @__PURE__ */ BigInt(1), et = /* @__PURE__ */ BigInt(2), Qt = /* @__PURE__ */ BigInt(3), Jt = /* @__PURE__ */ BigInt(4), Ft = /* @__PURE__ */ BigInt(5), Be = /* @__PURE__ */ BigInt(7), Pt = /* @__PURE__ */ BigInt(8), pe = /* @__PURE__ */ BigInt(9), te = /* @__PURE__ */ BigInt(16);
-function X(n, t) {
-  const r = n % t;
-  return r >= j ? r : t + r;
-}
-function z(n, t, r) {
-  let e = n;
-  for (; t-- > j; )
-    e *= e, e %= r;
-  return e;
+}));
+Pt();
+var J = /* @__PURE__ */ BigInt(0), W = /* @__PURE__ */ BigInt(1), vt = /* @__PURE__ */ BigInt(2), un = /* @__PURE__ */ BigInt(3), dn = /* @__PURE__ */ BigInt(4), hn = /* @__PURE__ */ BigInt(5), Qn = /* @__PURE__ */ BigInt(7), bn = /* @__PURE__ */ BigInt(8), Jn = /* @__PURE__ */ BigInt(9), wn = /* @__PURE__ */ BigInt(16);
+function et(t, e) {
+  const r = t % e;
+  return r >= J ? r : e + r;
+}
+function tt(t, e, r) {
+  let n = t;
+  for (; e-- > J; )
+    n *= n, n %= r;
+  return n;
+}
+function De(t, e) {
+  if (t === J) throw new Error("invert: expected non-zero number");
+  if (e <= J) throw new Error("invert: expected positive modulus, got " + e);
+  let r = et(t, e), n = e, o = J, s = W, i = W, c = J;
+  for (; r !== J; ) {
+    const f = n / r, l = n % r, a = o - i * f, g = s - c * f;
+    n = r, r = l, o = i, s = c, i = a, c = g;
+  }
+  if (n !== W) throw new Error("invert: does not exist");
+  return et(o, e);
+}
+function _e(t, e, r) {
+  if (!t.eql(t.sqr(e), r)) throw new Error("Cannot find square root");
+}
+function gn(t, e) {
+  const r = (t.ORDER + W) / dn, n = t.pow(e, r);
+  return _e(t, n, e), n;
 }
-function Dt(n, t) {
-  if (n === j)
-    throw new Error("invert: expected non-zero number");
-  if (t <= j)
-    throw new Error("invert: expected positive modulus, got " + t);
-  let r = X(n, t), e = t, o = j, s = $;
-  for (; r !== j; ) {
-    const u = e / r, c = e % r, a = o - s * u;
-    e = r, r = c, o = s, s = a;
-  }
-  if (e !== $)
-    throw new Error("invert: does not exist");
-  return X(o, t);
-}
-function It(n, t, r) {
-  if (!n.eql(n.sqr(t), r))
-    throw new Error("Cannot find square root");
-}
-function ee(n, t) {
-  const r = (n.ORDER + $) / Jt, e = n.pow(t, r);
-  return It(n, e, t), e;
-}
-function ve(n, t) {
-  const r = (n.ORDER - Ft) / Pt, e = n.mul(t, et), o = n.pow(e, r), s = n.mul(t, o), i = n.mul(n.mul(s, et), o), u = n.mul(s, n.sub(i, n.ONE));
-  return It(n, u, t), u;
-}
-function Re(n) {
-  const t = gt(n), r = ne(n), e = r(t, t.neg(t.ONE)), o = r(t, e), s = r(t, t.neg(e)), i = (n + Be) / te;
-  return (u, c) => {
-    let a = u.pow(c, i), w = u.mul(a, e);
-    const S = u.mul(a, o), q = u.mul(a, s), B = u.eql(u.sqr(w), c), v = u.eql(u.sqr(S), c);
-    a = u.cmov(a, w, B), w = u.cmov(q, S, v);
-    const _ = u.eql(u.sqr(w), c), R = u.cmov(a, w, _);
-    return It(u, R, c), R;
+function Pn(t, e) {
+  const r = (t.ORDER - hn) / bn, n = t.mul(e, vt), o = t.pow(n, r), s = t.mul(e, o), i = t.mul(t.mul(s, vt), o), c = t.mul(s, t.sub(i, t.ONE));
+  return _e(t, c, e), c;
+}
+function Fn(t) {
+  const e = te(t), r = mn(t), n = r(e, e.neg(e.ONE)), o = r(e, n), s = r(e, e.neg(n)), i = (t + Qn) / wn;
+  return (c, f) => {
+    let l = c.pow(f, i), a = c.mul(l, n);
+    const g = c.mul(l, o), b = c.mul(l, s), w = c.eql(c.sqr(a), f), m = c.eql(c.sqr(g), f);
+    l = c.cmov(l, a, w), a = c.cmov(b, g, m);
+    const x = c.eql(c.sqr(a), f), v = c.cmov(l, a, x);
+    return _e(c, v, f), v;
   };
 }
-function ne(n) {
-  if (n < Qt)
-    throw new Error("sqrt is not defined for small field");
-  let t = n - $, r = 0;
-  for (; t % et === j; )
-    t /= et, r++;
-  let e = et;
-  const o = gt(n);
-  for (; Tt(o, e) === 1; )
-    if (e++ > 1e3)
-      throw new Error("Cannot find square root: probably non-prime P");
-  if (r === 1)
-    return ee;
-  let s = o.pow(e, t);
-  const i = (t + $) / et;
-  return function(c, a) {
-    if (c.is0(a))
-      return a;
-    if (Tt(c, a) !== 1)
-      throw new Error("Cannot find square root");
-    let w = r, S = c.mul(c.ONE, s), q = c.pow(a, t), B = c.pow(a, i);
-    for (; !c.eql(q, c.ONE); ) {
-      if (c.is0(q))
-        return c.ZERO;
-      let v = 1, _ = c.sqr(q);
-      for (; !c.eql(_, c.ONE); )
-        if (v++, _ = c.sqr(_), v === w)
-          throw new Error("Cannot find square root");
-      const R = $ << BigInt(w - v - 1), N = c.pow(S, R);
-      w = v, S = c.sqr(N), q = c.mul(q, S), B = c.mul(B, N);
-    }
-    return B;
+function mn(t) {
+  if (t < un) throw new Error("sqrt is not defined for small field");
+  let e = t - W, r = 0;
+  for (; e % vt === J; )
+    e /= vt, r++;
+  let n = vt;
+  const o = te(t);
+  for (; Ce(o, n) === 1; ) if (n++ > 1e3) throw new Error("Cannot find square root: probably non-prime P");
+  if (r === 1) return gn;
+  let s = o.pow(n, e);
+  const i = (e + W) / vt;
+  return function(f, l) {
+    if (f.is0(l)) return l;
+    if (Ce(f, l) !== 1) throw new Error("Cannot find square root");
+    let a = r, g = f.mul(f.ONE, s), b = f.pow(l, e), w = f.pow(l, i);
+    for (; !f.eql(b, f.ONE); ) {
+      if (f.is0(b)) return f.ZERO;
+      let m = 1, x = f.sqr(b);
+      for (; !f.eql(x, f.ONE); )
+        if (m++, x = f.sqr(x), m === a) throw new Error("Cannot find square root");
+      const v = W << BigInt(a - m - 1), B = f.pow(g, v);
+      a = m, g = f.sqr(B), b = f.mul(b, g), w = f.mul(w, B);
+    }
+    return w;
   };
 }
-function xe(n) {
-  return n % Jt === Qt ? ee : n % Pt === Ft ? ve : n % te === pe ? Re(n) : ne(n);
+function tr(t) {
+  return t % dn === un ? gn : t % bn === hn ? Pn : t % wn === Jn ? Fn(t) : mn(t);
 }
-const Se = [
+var er = [
   "create",
   "isValid",
   "is0",
@@ -269,454 +952,537 @@ const Se = [
   "mulN",
   "sqrN"
 ];
-function Oe(n) {
-  const t = {
+function yn(t) {
+  return Qt(t, er.reduce((e, r) => (e[r] = "function", e), {
     ORDER: "bigint",
     BYTES: "number",
     BITS: "number"
-  }, r = Se.reduce((e, o) => (e[o] = "function", e), t);
-  return Ot(n, r), n;
-}
-function qe(n, t, r) {
-  if (r < j)
-    throw new Error("invalid exponent, negatives unsupported");
-  if (r === j)
-    return n.ONE;
-  if (r === $)
-    return t;
-  let e = n.ONE, o = t;
-  for (; r > j; )
-    r & $ && (e = n.mul(e, o)), o = n.sqr(o), r >>= $;
-  return e;
+  })), t;
 }
-function re(n, t, r = !1) {
-  const e = new Array(t.length).fill(r ? n.ZERO : void 0), o = t.reduce((i, u, c) => n.is0(u) ? i : (e[c] = i, n.mul(i, u)), n.ONE), s = n.inv(o);
-  return t.reduceRight((i, u, c) => n.is0(u) ? i : (e[c] = n.mul(i, e[c]), n.mul(i, u)), s), e;
+function nr(t, e, r) {
+  if (r < J) throw new Error("invalid exponent, negatives unsupported");
+  if (r === J) return t.ONE;
+  if (r === W) return e;
+  let n = t.ONE, o = e;
+  for (; r > J; )
+    r & W && (n = t.mul(n, o)), o = t.sqr(o), r >>= W;
+  return n;
 }
-function Tt(n, t) {
-  const r = (n.ORDER - $) / et, e = n.pow(t, r), o = n.eql(e, n.ONE), s = n.eql(e, n.ZERO), i = n.eql(e, n.neg(n.ONE));
-  if (!o && !s && !i)
-    throw new Error("invalid Legendre symbol result");
+function Ft(t, e, r = !1) {
+  const n = new Array(e.length).fill(r ? t.ZERO : void 0), o = e.reduce((i, c, f) => t.is0(c) ? i : (n[f] = i, t.mul(i, c)), t.ONE), s = t.inv(o);
+  return e.reduceRight((i, c, f) => t.is0(c) ? i : (n[f] = t.mul(i, n[f]), t.mul(i, c)), s), n;
+}
+function Ce(t, e) {
+  const r = (t.ORDER - W) / vt, n = t.pow(e, r), o = t.eql(n, t.ONE), s = t.eql(n, t.ZERO), i = t.eql(n, t.neg(t.ONE));
+  if (!o && !s && !i) throw new Error("invalid Legendre symbol result");
   return o ? 1 : s ? 0 : -1;
 }
-function Ie(n, t) {
-  t !== void 0 && it(t);
-  const r = t !== void 0 ? t : n.toString(2).length, e = Math.ceil(r / 8);
-  return { nBitLength: r, nByteLength: e };
+function rr(t, e) {
+  e !== void 0 && xt(e);
+  const r = e !== void 0 ? e : t.toString(2).length;
+  return {
+    nBitLength: r,
+    nByteLength: Math.ceil(r / 8)
+  };
 }
-class Ne {
+var or = class {
   ORDER;
   BITS;
   BYTES;
   isLE;
-  ZERO = j;
-  ONE = $;
+  ZERO = J;
+  ONE = W;
   _lengths;
   _sqrt;
-  // cached sqrt
   _mod;
-  constructor(t, r = {}) {
-    if (t <= j)
-      throw new Error("invalid field: expected ORDER > 0, got " + t);
-    let e;
-    this.isLE = !1, r != null && typeof r == "object" && (typeof r.BITS == "number" && (e = r.BITS), typeof r.sqrt == "function" && (this.sqrt = r.sqrt), typeof r.isLE == "boolean" && (this.isLE = r.isLE), r.allowedLengths && (this._lengths = r.allowedLengths?.slice()), typeof r.modFromBytes == "boolean" && (this._mod = r.modFromBytes));
-    const { nBitLength: o, nByteLength: s } = Ie(t, e);
-    if (s > 2048)
-      throw new Error("invalid field: expected ORDER of <= 2048 bytes");
-    this.ORDER = t, this.BITS = o, this.BYTES = s, this._sqrt = void 0, Object.preventExtensions(this);
+  constructor(t, e = {}) {
+    if (t <= J) throw new Error("invalid field: expected ORDER > 0, got " + t);
+    let r;
+    this.isLE = !1, e != null && typeof e == "object" && (typeof e.BITS == "number" && (r = e.BITS), typeof e.sqrt == "function" && (this.sqrt = e.sqrt), typeof e.isLE == "boolean" && (this.isLE = e.isLE), e.allowedLengths && (this._lengths = e.allowedLengths?.slice()), typeof e.modFromBytes == "boolean" && (this._mod = e.modFromBytes));
+    const { nBitLength: n, nByteLength: o } = rr(t, r);
+    if (o > 2048) throw new Error("invalid field: expected ORDER of <= 2048 bytes");
+    this.ORDER = t, this.BITS = n, this.BYTES = o, this._sqrt = void 0, Object.preventExtensions(this);
   }
   create(t) {
-    return X(t, this.ORDER);
+    return et(t, this.ORDER);
   }
   isValid(t) {
-    if (typeof t != "bigint")
-      throw new Error("invalid field element: expected bigint, got " + typeof t);
-    return j <= t && t < this.ORDER;
+    if (typeof t != "bigint") throw new Error("invalid field element: expected bigint, got " + typeof t);
+    return J <= t && t < this.ORDER;
   }
   is0(t) {
-    return t === j;
+    return t === J;
   }
-  // is valid and invertible
   isValidNot0(t) {
     return !this.is0(t) && this.isValid(t);
   }
   isOdd(t) {
-    return (t & $) === $;
+    return (t & W) === W;
   }
   neg(t) {
-    return X(-t, this.ORDER);
+    return et(-t, this.ORDER);
   }
-  eql(t, r) {
-    return t === r;
+  eql(t, e) {
+    return t === e;
   }
   sqr(t) {
-    return X(t * t, this.ORDER);
+    return et(t * t, this.ORDER);
   }
-  add(t, r) {
-    return X(t + r, this.ORDER);
+  add(t, e) {
+    return et(t + e, this.ORDER);
   }
-  sub(t, r) {
-    return X(t - r, this.ORDER);
+  sub(t, e) {
+    return et(t - e, this.ORDER);
   }
-  mul(t, r) {
-    return X(t * r, this.ORDER);
+  mul(t, e) {
+    return et(t * e, this.ORDER);
   }
-  pow(t, r) {
-    return qe(this, t, r);
+  pow(t, e) {
+    return nr(this, t, e);
   }
-  div(t, r) {
-    return X(t * Dt(r, this.ORDER), this.ORDER);
+  div(t, e) {
+    return et(t * De(e, this.ORDER), this.ORDER);
   }
-  // Same as above, but doesn't normalize
   sqrN(t) {
     return t * t;
   }
-  addN(t, r) {
-    return t + r;
+  addN(t, e) {
+    return t + e;
   }
-  subN(t, r) {
-    return t - r;
+  subN(t, e) {
+    return t - e;
   }
-  mulN(t, r) {
-    return t * r;
+  mulN(t, e) {
+    return t * e;
   }
   inv(t) {
-    return Dt(t, this.ORDER);
+    return De(t, this.ORDER);
   }
   sqrt(t) {
-    return this._sqrt || (this._sqrt = xe(this.ORDER)), this._sqrt(this, t);
+    return this._sqrt || (this._sqrt = tr(this.ORDER)), this._sqrt(this, t);
   }
   toBytes(t) {
-    return this.isLE ? Xt(t, this.BYTES) : xt(t, this.BYTES);
-  }
-  fromBytes(t, r = !1) {
-    V(t);
-    const { _lengths: e, BYTES: o, isLE: s, ORDER: i, _mod: u } = this;
-    if (e) {
-      if (!e.includes(t.length) || t.length > o)
-        throw new Error("Field.fromBytes: expected " + e + " bytes, got " + t.length);
-      const a = new Uint8Array(o);
-      a.set(t, s ? 0 : a.length - t.length), t = a;
-    }
-    if (t.length !== o)
-      throw new Error("Field.fromBytes: expected " + o + " bytes, got " + t.length);
-    let c = s ? Ht(t) : wt(t);
-    if (u && (c = X(c, i)), !r && !this.isValid(c))
+    return this.isLE ? fn(t, this.BYTES) : xe(t, this.BYTES);
+  }
+  fromBytes(t, e = !1) {
+    C(t);
+    const { _lengths: r, BYTES: n, isLE: o, ORDER: s, _mod: i } = this;
+    if (r) {
+      if (!r.includes(t.length) || t.length > n) throw new Error("Field.fromBytes: expected " + r + " bytes, got " + t.length);
+      const f = new Uint8Array(n);
+      f.set(t, o ? 0 : f.length - t.length), t = f;
+    }
+    if (t.length !== n) throw new Error("Field.fromBytes: expected " + n + " bytes, got " + t.length);
+    let c = o ? cn(t) : Dt(t);
+    if (i && (c = et(c, s)), !e && !this.isValid(c))
       throw new Error("invalid field element: outside of range 0..ORDER");
     return c;
   }
-  // TODO: we don't need it here, move out to separate fn
   invertBatch(t) {
-    return re(this, t);
-  }
-  // We can't move this out because Fp6, Fp12 implement it
-  // and it's unclear what to return in there.
-  cmov(t, r, e) {
-    return e ? r : t;
-  }
-}
-function gt(n, t = {}) {
-  return new Ne(n, t);
-}
-function oe(n) {
-  if (typeof n != "bigint")
-    throw new Error("field order must be bigint");
-  const t = n.toString(2).length;
-  return Math.ceil(t / 8);
-}
-function ie(n) {
-  const t = oe(n);
-  return t + Math.ceil(t / 2);
-}
-function _e(n, t, r = !1) {
-  V(n);
-  const e = n.length, o = oe(t), s = ie(t);
-  if (e < 16 || e < s || e > 1024)
-    throw new Error("expected " + s + "-1024 bytes of input, got " + e);
-  const i = r ? Ht(n) : wt(n), u = X(i, t - $) + $;
-  return r ? Xt(u, o) : xt(u, o);
-}
-const ot = /* @__PURE__ */ BigInt(0), nt = /* @__PURE__ */ BigInt(1);
-function at(n, t) {
-  const r = t.negate();
-  return n ? r : t;
-}
-function Ut(n, t) {
-  const r = re(n.Fp, t.map((e) => e.Z));
-  return t.map((e, o) => n.fromAffine(e.toAffine(r[o])));
-}
-function se(n, t) {
-  if (!Number.isSafeInteger(n) || n <= 0 || n > t)
-    throw new Error("invalid window size, expected [1.." + t + "], got W=" + n);
-}
-function mt(n, t) {
-  se(n, t);
-  const r = Math.ceil(t / n) + 1, e = 2 ** (n - 1), o = 2 ** n, s = St(n), i = BigInt(n);
-  return { windows: r, windowSize: e, mask: s, maxNumber: o, shiftBy: i };
-}
-function Yt(n, t, r) {
-  const { windowSize: e, mask: o, maxNumber: s, shiftBy: i } = r;
-  let u = Number(n & o), c = n >> i;
-  u > e && (u -= s, c += nt);
-  const a = t * e, w = a + Math.abs(u) - 1, S = u === 0, q = u < 0, B = t % 2 !== 0;
-  return { nextN: c, offset: w, isZero: S, isNeg: q, isNegF: B, offsetF: a };
-}
-const bt = /* @__PURE__ */ new WeakMap(), ce = /* @__PURE__ */ new WeakMap();
-function Et(n) {
-  return ce.get(n) || 1;
-}
-function kt(n) {
-  if (n !== ot)
-    throw new Error("invalid wNAF");
-}
-class Ze {
+    return Ft(this, t);
+  }
+  cmov(t, e, r) {
+    return r ? e : t;
+  }
+};
+function te(t, e = {}) {
+  return new or(t, e);
+}
+function En(t) {
+  if (typeof t != "bigint") throw new Error("field order must be bigint");
+  const e = t.toString(2).length;
+  return Math.ceil(e / 8);
+}
+function vn(t) {
+  const e = En(t);
+  return e + Math.ceil(e / 2);
+}
+function sr(t, e, r = !1) {
+  C(t);
+  const n = t.length, o = En(e), s = vn(e);
+  if (n < 16 || n < s || n > 1024) throw new Error("expected " + s + "-1024 bytes of input, got " + n);
+  const i = et(r ? cn(t) : Dt(t), e - W) + W;
+  return r ? fn(i, o) : xe(i, o);
+}
+Pt();
+var Ot = /* @__PURE__ */ BigInt(0), pt = /* @__PURE__ */ BigInt(1);
+function Gt(t, e) {
+  const r = e.negate();
+  return t ? r : e;
+}
+function Ze(t, e) {
+  const r = Ft(t.Fp, e.map((n) => n.Z));
+  return e.map((n, o) => t.fromAffine(n.toAffine(r[o])));
+}
+function pn(t, e) {
+  if (!Number.isSafeInteger(t) || t <= 0 || t > e) throw new Error("invalid window size, expected [1.." + e + "], got W=" + t);
+}
+function oe(t, e) {
+  pn(t, e);
+  const r = Math.ceil(e / t) + 1, n = 2 ** (t - 1), o = 2 ** t;
+  return {
+    windows: r,
+    windowSize: n,
+    mask: Jt(t),
+    maxNumber: o,
+    shiftBy: BigInt(t)
+  };
+}
+function ke(t, e, r) {
+  const { windowSize: n, mask: o, maxNumber: s, shiftBy: i } = r;
+  let c = Number(t & o), f = t >> i;
+  c > n && (c -= s, f += pt);
+  const l = e * n, a = l + Math.abs(c) - 1, g = c === 0, b = c < 0, w = e % 2 !== 0;
+  return {
+    nextN: f,
+    offset: a,
+    isZero: g,
+    isNeg: b,
+    isNegF: w,
+    offsetF: l
+  };
+}
+var se = /* @__PURE__ */ new WeakMap(), xn = /* @__PURE__ */ new WeakMap();
+function ie(t) {
+  return xn.get(t) || 1;
+}
+function Te(t) {
+  if (t !== Ot) throw new Error("invalid wNAF");
+}
+var ir = class {
   BASE;
   ZERO;
   Fn;
   bits;
-  // Parametrized with a given Point class (not individual point)
-  constructor(t, r) {
-    this.BASE = t.BASE, this.ZERO = t.ZERO, this.Fn = t.Fn, this.bits = r;
-  }
-  // non-const time multiplication ladder
-  _unsafeLadder(t, r, e = this.ZERO) {
-    let o = t;
-    for (; r > ot; )
-      r & nt && (e = e.add(o)), o = o.double(), r >>= nt;
-    return e;
-  }
-  /**
-   * Creates a wNAF precomputation window. Used for caching.
-   * Default window size is set by `utils.precompute()` and is equal to 8.
-   * Number of precomputed points depends on the curve size:
-   * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
-   * - 𝑊 is the window size
-   * - 𝑛 is the bitlength of the curve order.
-   * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
-   * @param point Point instance
-   * @param W window size
-   * @returns precomputed point tables flattened to a single array
-   */
-  precomputeWindow(t, r) {
-    const { windows: e, windowSize: o } = mt(r, this.bits), s = [];
-    let i = t, u = i;
-    for (let c = 0; c < e; c++) {
-      u = i, s.push(u);
-      for (let a = 1; a < o; a++)
-        u = u.add(i), s.push(u);
-      i = u.double();
-    }
-    return s;
-  }
-  /**
-   * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
-   * More compact implementation:
-   * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
-   * @returns real and fake (for const-time) points
-   */
-  wNAF(t, r, e) {
-    if (!this.Fn.isValid(e))
-      throw new Error("invalid scalar");
-    let o = this.ZERO, s = this.BASE;
-    const i = mt(t, this.bits);
-    for (let u = 0; u < i.windows; u++) {
-      const { nextN: c, offset: a, isZero: w, isNeg: S, isNegF: q, offsetF: B } = Yt(e, u, i);
-      e = c, w ? s = s.add(at(q, r[B])) : o = o.add(at(S, r[a]));
-    }
-    return kt(e), { p: o, f: s };
-  }
-  /**
-   * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
-   * @param acc accumulator point to add result of multiplication
-   * @returns point
-   */
-  wNAFUnsafe(t, r, e, o = this.ZERO) {
-    const s = mt(t, this.bits);
-    for (let i = 0; i < s.windows && e !== ot; i++) {
-      const { nextN: u, offset: c, isZero: a, isNeg: w } = Yt(e, i, s);
-      if (e = u, !a) {
-        const S = r[c];
-        o = o.add(w ? S.negate() : S);
+  constructor(t, e) {
+    this.BASE = t.BASE, this.ZERO = t.ZERO, this.Fn = t.Fn, this.bits = e;
+  }
+  _unsafeLadder(t, e, r = this.ZERO) {
+    let n = t;
+    for (; e > Ot; )
+      e & pt && (r = r.add(n)), n = n.double(), e >>= pt;
+    return r;
+  }
+  precomputeWindow(t, e) {
+    const { windows: r, windowSize: n } = oe(e, this.bits), o = [];
+    let s = t, i = s;
+    for (let c = 0; c < r; c++) {
+      i = s, o.push(i);
+      for (let f = 1; f < n; f++)
+        i = i.add(s), o.push(i);
+      s = i.double();
+    }
+    return o;
+  }
+  wNAF(t, e, r) {
+    if (!this.Fn.isValid(r)) throw new Error("invalid scalar");
+    let n = this.ZERO, o = this.BASE;
+    const s = oe(t, this.bits);
+    for (let i = 0; i < s.windows; i++) {
+      const { nextN: c, offset: f, isZero: l, isNeg: a, isNegF: g, offsetF: b } = ke(r, i, s);
+      r = c, l ? o = o.add(Gt(g, e[b])) : n = n.add(Gt(a, e[f]));
+    }
+    return Te(r), {
+      p: n,
+      f: o
+    };
+  }
+  wNAFUnsafe(t, e, r, n = this.ZERO) {
+    const o = oe(t, this.bits);
+    for (let s = 0; s < o.windows && r !== Ot; s++) {
+      const { nextN: i, offset: c, isZero: f, isNeg: l } = ke(r, s, o);
+      if (r = i, !f) {
+        const a = e[c];
+        n = n.add(l ? a.negate() : a);
       }
     }
-    return kt(e), o;
+    return Te(r), n;
   }
-  getPrecomputes(t, r, e) {
-    let o = bt.get(r);
-    return o || (o = this.precomputeWindow(r, t), t !== 1 && (typeof e == "function" && (o = e(o)), bt.set(r, o))), o;
+  getPrecomputes(t, e, r) {
+    let n = se.get(e);
+    return n || (n = this.precomputeWindow(e, t), t !== 1 && (typeof r == "function" && (n = r(n)), se.set(e, n))), n;
   }
-  cached(t, r, e) {
-    const o = Et(t);
-    return this.wNAF(o, this.getPrecomputes(o, t, e), r);
+  cached(t, e, r) {
+    const n = ie(t);
+    return this.wNAF(n, this.getPrecomputes(n, t, r), e);
   }
-  unsafe(t, r, e, o) {
-    const s = Et(t);
-    return s === 1 ? this._unsafeLadder(t, r, o) : this.wNAFUnsafe(s, this.getPrecomputes(s, t, e), r, o);
+  unsafe(t, e, r, n) {
+    const o = ie(t);
+    return o === 1 ? this._unsafeLadder(t, e, n) : this.wNAFUnsafe(o, this.getPrecomputes(o, t, r), e, n);
   }
-  // We calculate precomputes for elliptic curve point multiplication
-  // using windowed method. This specifies window size and
-  // stores precomputed values. Usually only base point would be precomputed.
-  createCache(t, r) {
-    se(r, this.bits), ce.set(t, r), bt.delete(t);
+  createCache(t, e) {
+    pn(e, this.bits), xn.set(t, e), se.delete(t);
   }
   hasCache(t) {
-    return Et(t) !== 1;
-  }
-}
-function Ae(n, t, r, e) {
-  let o = t, s = n.ZERO, i = n.ZERO;
-  for (; r > ot || e > ot; )
-    r & nt && (s = s.add(o)), e & nt && (i = i.add(o)), o = o.double(), r >>= nt, e >>= nt;
-  return { p1: s, p2: i };
-}
-function Vt(n, t, r) {
-  if (t) {
-    if (t.ORDER !== n)
-      throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
-    return Oe(t), t;
-  } else
-    return gt(n, { isLE: r });
-}
-function Le(n, t, r = {}, e) {
-  if (e === void 0 && (e = n === "edwards"), !t || typeof t != "object")
-    throw new Error(`expected valid ${n} CURVE object`);
-  for (const c of ["p", "n", "h"]) {
-    const a = t[c];
-    if (!(typeof a == "bigint" && a > ot))
-      throw new Error(`CURVE.${c} must be positive bigint`);
-  }
-  const o = Vt(t.p, r.Fp, e), s = Vt(t.n, r.Fn, e), u = ["Gx", "Gy", "a", "b"];
-  for (const c of u)
-    if (!o.isValid(t[c]))
-      throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`);
-  return t = Object.freeze(Object.assign({}, t)), { CURVE: t, Fp: o, Fn: s };
-}
-function De(n, t) {
-  return function(e) {
-    const o = n(e);
-    return { secretKey: o, publicKey: t(o) };
+    return ie(t) !== 1;
+  }
+};
+function cr(t, e, r, n) {
+  let o = e, s = t.ZERO, i = t.ZERO;
+  for (; r > Ot || n > Ot; )
+    r & pt && (s = s.add(o)), n & pt && (i = i.add(o)), o = o.double(), r >>= pt, n >>= pt;
+  return {
+    p1: s,
+    p2: i
   };
 }
-const $t = (n, t) => (n + (n >= 0 ? t : -t) / fe) / t;
-function Te(n, t, r) {
-  const [[e, o], [s, i]] = t, u = $t(i * n, r), c = $t(-o * n, r);
-  let a = n - u * e - c * s, w = -u * o - c * i;
-  const S = a < W, q = w < W;
-  S && (a = -a), q && (w = -w);
-  const B = St(Math.ceil(be(r) / 2)) + rt;
-  if (a < W || a >= B || w < W || w >= B)
-    throw new Error("splitScalar (endomorphism): failed, k=" + n);
-  return { k1neg: S, k1: a, k2neg: q, k2: w };
-}
-function pt(n) {
-  if (!["compact", "recovered", "der"].includes(n))
-    throw new Error('Signature format must be "compact", "recovered", or "der"');
-  return n;
+function Ve(t, e, r) {
+  if (e) {
+    if (e.ORDER !== t) throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
+    return yn(e), e;
+  } else return te(t, { isLE: r });
+}
+function fr(t, e, r = {}, n) {
+  if (n === void 0 && (n = t === "edwards"), !e || typeof e != "object") throw new Error(`expected valid ${t} CURVE object`);
+  for (const c of [
+    "p",
+    "n",
+    "h"
+  ]) {
+    const f = e[c];
+    if (!(typeof f == "bigint" && f > Ot)) throw new Error(`CURVE.${c} must be positive bigint`);
+  }
+  const o = Ve(e.p, r.Fp, n), s = Ve(e.n, r.Fn, n), i = [
+    "Gx",
+    "Gy",
+    "a",
+    t === "weierstrass" ? "b" : "d"
+  ];
+  for (const c of i) if (!o.isValid(e[c])) throw new Error(`CURVE.${c} must be valid field element of CURVE.Fp`);
+  return e = Object.freeze(Object.assign({}, e)), {
+    CURVE: e,
+    Fp: o,
+    Fn: s
+  };
+}
+function ar(t, e) {
+  return function(n) {
+    const o = t(n);
+    return {
+      secretKey: o,
+      publicKey: e(o)
+    };
+  };
+}
+Pt();
+var lr = Dt;
+function bt(t, e) {
+  if (Rt(t), Rt(e), t < 0 || t >= 1 << 8 * e) throw new Error("invalid I2OSP input: " + t);
+  const r = Array.from({ length: e }).fill(0);
+  for (let n = e - 1; n >= 0; n--)
+    r[n] = t & 255, t >>>= 8;
+  return new Uint8Array(r);
+}
+function ur(t, e) {
+  const r = new Uint8Array(t.length);
+  for (let n = 0; n < t.length; n++) r[n] = t[n] ^ e[n];
+  return r;
+}
+function Bn(t) {
+  if (!Kt(t) && typeof t != "string") throw new Error("DST must be Uint8Array or ascii string");
+  return typeof t == "string" ? Wt(t) : t;
+}
+function dr(t, e, r, n) {
+  C(t), Rt(r), e = Bn(e), e.length > 255 && (e = n(P(Wt("H2C-OVERSIZE-DST-"), e)));
+  const { outputLen: o, blockLen: s } = n, i = Math.ceil(r / o);
+  if (r > 65535 || i > 255) throw new Error("expand_message_xmd: invalid lenInBytes");
+  const c = P(e, bt(e.length, 1)), f = bt(0, s), l = bt(r, 2), a = new Array(i), g = n(P(f, t, l, bt(0, 1), c));
+  a[0] = n(P(g, bt(1, 1), c));
+  for (let b = 1; b <= i; b++) a[b] = n(P(ur(g, a[b - 1]), bt(b + 1, 1), c));
+  return P(...a).slice(0, r);
+}
+function hr(t, e, r, n, o) {
+  if (C(t), Rt(r), e = Bn(e), e.length > 255) {
+    const s = Math.ceil(2 * n / 8);
+    e = o.create({ dkLen: s }).update(Wt("H2C-OVERSIZE-DST-")).update(e).digest();
+  }
+  if (r > 65535 || e.length > 255) throw new Error("expand_message_xof: invalid lenInBytes");
+  return o.create({ dkLen: r }).update(t).update(bt(r, 2)).update(e).update(bt(e.length, 1)).digest();
+}
+function ce(t, e, r) {
+  Qt(r, {
+    p: "bigint",
+    m: "number",
+    k: "number",
+    hash: "function"
+  });
+  const { p: n, k: o, m: s, hash: i, expand: c, DST: f } = r;
+  Rt(i.outputLen, "valid hash"), C(t), Rt(e);
+  const l = n.toString(2).length, a = Math.ceil((l + o) / 8), g = e * s * a;
+  let b;
+  if (c === "xmd") b = dr(t, f, g, i);
+  else if (c === "xof") b = hr(t, f, g, o, i);
+  else if (c === "_internal_pass") b = t;
+  else throw new Error('expand must be "xmd" or "xof"');
+  const w = new Array(e);
+  for (let m = 0; m < e; m++) {
+    const x = new Array(s);
+    for (let v = 0; v < s; v++) {
+      const B = a * (v + m * s);
+      x[v] = et(lr(b.subarray(B, B + a)), n);
+    }
+    w[m] = x;
+  }
+  return w;
+}
+function br(t, e) {
+  const r = e.map((n) => Array.from(n).reverse());
+  return (n, o) => {
+    const [s, i, c, f] = r.map((g) => g.reduce((b, w) => t.add(t.mul(b, n), w))), [l, a] = Ft(t, [i, f], !0);
+    return n = t.mul(s, l), o = t.mul(o, t.mul(c, a)), {
+      x: n,
+      y: o
+    };
+  };
 }
-function yt(n, t) {
+var wr = Wt("HashToScalar-");
+function gr(t, e, r) {
+  if (typeof e != "function") throw new Error("mapToCurve() must be defined");
+  function n(s) {
+    return t.fromAffine(e(s));
+  }
+  function o(s) {
+    const i = s.clearCofactor();
+    return i.equals(t.ZERO) ? t.ZERO : (i.assertValidity(), i);
+  }
+  return {
+    defaults: Object.freeze(r),
+    Point: t,
+    hashToCurve(s, i) {
+      const c = ce(s, 2, Object.assign({}, r, i)), f = n(c[0]), l = n(c[1]);
+      return o(f.add(l));
+    },
+    encodeToCurve(s, i) {
+      const c = r.encodeDST ? { DST: r.encodeDST } : {};
+      return o(n(ce(s, 1, Object.assign({}, r, c, i))[0]));
+    },
+    mapToCurve(s) {
+      if (r.m === 1) {
+        if (typeof s != "bigint") throw new Error("expected bigint (m=1)");
+        return o(n([s]));
+      }
+      if (!Array.isArray(s)) throw new Error("expected array of bigints");
+      for (const i of s) if (typeof i != "bigint") throw new Error("expected array of bigints");
+      return o(n(s));
+    },
+    hashToScalar(s, i) {
+      const c = t.Fn.ORDER;
+      return ce(s, 1, Object.assign({}, r, {
+        p: c,
+        m: 1,
+        DST: wr
+      }, i))[0][0];
+    }
+  };
+}
+Ln();
+Nt();
+Pt();
+var Me = (t, e) => (t + (t >= 0 ? e : -e) / ct) / e;
+function mr(t, e, r) {
+  const [[n, o], [s, i]] = e, c = Me(i * t, r), f = Me(-o * t, r);
+  let l = t - c * n - f * s, a = -c * o - f * i;
+  const g = l < rt, b = a < rt;
+  g && (l = -l), b && (a = -a);
+  const w = Jt(Math.ceil(Kn(r) / 2)) + z;
+  if (l < rt || l >= w || a < rt || a >= w) throw new Error("splitScalar (endomorphism): failed, k=" + t);
+  return {
+    k1neg: g,
+    k1: l,
+    k2neg: b,
+    k2: a
+  };
+}
+function Ee(t) {
+  if (![
+    "compact",
+    "recovered",
+    "der"
+  ].includes(t)) throw new Error('Signature format must be "compact", "recovered", or "der"');
+  return t;
+}
+function fe(t, e) {
   const r = {};
-  for (let e of Object.keys(t))
-    r[e] = n[e] === void 0 ? t[e] : n[e];
-  return dt(r.lowS, "lowS"), dt(r.prehash, "prehash"), r.format !== void 0 && pt(r.format), r;
+  for (let n of Object.keys(e)) r[n] = t[n] === void 0 ? e[n] : t[n];
+  return jt(r.lowS, "lowS"), jt(r.prehash, "prehash"), r.format !== void 0 && Ee(r.format), r;
 }
-class Ue extends Error {
+var yr = class extends Error {
   constructor(t = "") {
     super(t);
   }
-}
-const Q = {
-  // asn.1 DER encoding utils
-  Err: Ue,
-  // Basic building block is TLV (Tag-Length-Value)
+}, wt = {
+  Err: yr,
   _tlv: {
-    encode: (n, t) => {
-      const { Err: r } = Q;
-      if (n < 0 || n > 256)
-        throw new r("tlv.encode: wrong tag");
-      if (t.length & 1)
-        throw new r("tlv.encode: unpadded data");
-      const e = t.length / 2, o = ct(e);
-      if (o.length / 2 & 128)
-        throw new r("tlv.encode: long form length too big");
-      const s = e > 127 ? ct(o.length / 2 | 128) : "";
-      return ct(n) + s + o + t;
+    encode: (t, e) => {
+      const { Err: r } = wt;
+      if (t < 0 || t > 256) throw new r("tlv.encode: wrong tag");
+      if (e.length & 1) throw new r("tlv.encode: unpadded data");
+      const n = e.length / 2, o = Zt(n);
+      if (o.length / 2 & 128) throw new r("tlv.encode: long form length too big");
+      const s = n > 127 ? Zt(o.length / 2 | 128) : "";
+      return Zt(t) + s + o + e;
     },
-    // v - value, l - left bytes (unparsed)
-    decode(n, t) {
-      const { Err: r } = Q;
-      let e = 0;
-      if (n < 0 || n > 256)
-        throw new r("tlv.encode: wrong tag");
-      if (t.length < 2 || t[e++] !== n)
-        throw new r("tlv.decode: wrong tlv");
-      const o = t[e++], s = !!(o & 128);
+    decode(t, e) {
+      const { Err: r } = wt;
+      let n = 0;
+      if (t < 0 || t > 256) throw new r("tlv.encode: wrong tag");
+      if (e.length < 2 || e[n++] !== t) throw new r("tlv.decode: wrong tlv");
+      const o = e[n++], s = !!(o & 128);
       let i = 0;
-      if (!s)
-        i = o;
+      if (!s) i = o;
       else {
-        const c = o & 127;
-        if (!c)
-          throw new r("tlv.decode(long): indefinite length not supported");
-        if (c > 4)
-          throw new r("tlv.decode(long): byte length is too big");
-        const a = t.subarray(e, e + c);
-        if (a.length !== c)
-          throw new r("tlv.decode: length bytes not complete");
-        if (a[0] === 0)
-          throw new r("tlv.decode(long): zero leftmost byte");
-        for (const w of a)
-          i = i << 8 | w;
-        if (e += c, i < 128)
-          throw new r("tlv.decode(long): not minimal encoding");
+        const f = o & 127;
+        if (!f) throw new r("tlv.decode(long): indefinite length not supported");
+        if (f > 4) throw new r("tlv.decode(long): byte length is too big");
+        const l = e.subarray(n, n + f);
+        if (l.length !== f) throw new r("tlv.decode: length bytes not complete");
+        if (l[0] === 0) throw new r("tlv.decode(long): zero leftmost byte");
+        for (const a of l) i = i << 8 | a;
+        if (n += f, i < 128) throw new r("tlv.decode(long): not minimal encoding");
       }
-      const u = t.subarray(e, e + i);
-      if (u.length !== i)
-        throw new r("tlv.decode: wrong value length");
-      return { v: u, l: t.subarray(e + i) };
+      const c = e.subarray(n, n + i);
+      if (c.length !== i) throw new r("tlv.decode: wrong value length");
+      return {
+        v: c,
+        l: e.subarray(n + i)
+      };
     }
   },
-  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
-  // since we always use positive integers here. It must always be empty:
-  // - add zero byte if exists
-  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
   _int: {
-    encode(n) {
-      const { Err: t } = Q;
-      if (n < W)
-        throw new t("integer: negative integers are not allowed");
-      let r = ct(n);
-      if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1)
-        throw new t("unexpected DER parsing assertion: unpadded hex");
+    encode(t) {
+      const { Err: e } = wt;
+      if (t < rt) throw new e("integer: negative integers are not allowed");
+      let r = Zt(t);
+      if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1) throw new e("unexpected DER parsing assertion: unpadded hex");
       return r;
     },
-    decode(n) {
-      const { Err: t } = Q;
-      if (n[0] & 128)
-        throw new t("invalid signature integer: negative");
-      if (n[0] === 0 && !(n[1] & 128))
-        throw new t("invalid signature integer: unnecessary leading zero");
-      return wt(n);
+    decode(t) {
+      const { Err: e } = wt;
+      if (t[0] & 128) throw new e("invalid signature integer: negative");
+      if (t[0] === 0 && !(t[1] & 128)) throw new e("invalid signature integer: unnecessary leading zero");
+      return Dt(t);
     }
   },
-  toSig(n) {
-    const { Err: t, _int: r, _tlv: e } = Q, o = V(n, void 0, "signature"), { v: s, l: i } = e.decode(48, o);
-    if (i.length)
-      throw new t("invalid signature: left bytes after parsing");
-    const { v: u, l: c } = e.decode(2, s), { v: a, l: w } = e.decode(2, c);
-    if (w.length)
-      throw new t("invalid signature: left bytes after parsing");
-    return { r: r.decode(u), s: r.decode(a) };
+  toSig(t) {
+    const { Err: e, _int: r, _tlv: n } = wt, o = C(t, void 0, "signature"), { v: s, l: i } = n.decode(48, o);
+    if (i.length) throw new e("invalid signature: left bytes after parsing");
+    const { v: c, l: f } = n.decode(2, s), { v: l, l: a } = n.decode(2, f);
+    if (a.length) throw new e("invalid signature: left bytes after parsing");
+    return {
+      r: r.decode(c),
+      s: r.decode(l)
+    };
   },
-  hexFromSig(n) {
-    const { _tlv: t, _int: r } = Q, e = t.encode(2, r.encode(n.r)), o = t.encode(2, r.encode(n.s)), s = e + o;
-    return t.encode(48, s);
+  hexFromSig(t) {
+    const { _tlv: e, _int: r } = wt, n = e.encode(2, r.encode(t.r)) + e.encode(2, r.encode(t.s));
+    return e.encode(48, n);
   }
-}, W = BigInt(0), rt = BigInt(1), fe = BigInt(2), ft = BigInt(3), Ye = BigInt(4);
-function ke(n, t = {}) {
-  const r = Le("weierstrass", n, t), { Fp: e, Fn: o } = r;
+}, rt = BigInt(0), z = BigInt(1), ct = BigInt(2), St = BigInt(3), ve = BigInt(4);
+function Er(t, e = {}) {
+  const r = fr("weierstrass", t, e), { Fp: n, Fn: o } = r;
   let s = r.CURVE;
-  const { h: i, n: u } = s;
-  Ot(t, {}, {
+  const { h: i, n: c } = s;
+  Qt(e, {}, {
     allowInfinityPoint: "boolean",
     clearCofactor: "function",
     isTorsionFree: "function",
@@ -724,142 +1490,127 @@ function ke(n, t = {}) {
     toBytes: "function",
     endo: "object"
   });
-  const { endo: c } = t;
-  if (c && (!e.is0(s.a) || typeof c.beta != "bigint" || !Array.isArray(c.basises)))
+  const { endo: f } = e;
+  if (f && (!n.is0(s.a) || typeof f.beta != "bigint" || !Array.isArray(f.basises)))
     throw new Error('invalid endo: expected "beta": bigint and "basises": array');
-  const a = le(e, o);
-  function w() {
-    if (!e.isOdd)
-      throw new Error("compression is not supported: Field does not have .isOdd()");
-  }
-  function S(I, d, l) {
-    const { x: f, y: h } = d.toAffine(), m = e.toBytes(f);
-    if (dt(l, "isCompressed"), l) {
-      w();
-      const E = !e.isOdd(h);
-      return J(ue(E), m);
-    } else
-      return J(Uint8Array.of(4), m, e.toBytes(h));
-  }
-  function q(I) {
-    V(I, void 0, "Point");
-    const { publicKey: d, publicKeyUncompressed: l } = a, f = I.length, h = I[0], m = I.subarray(1);
-    if (f === d && (h === 2 || h === 3)) {
-      const E = e.fromBytes(m);
-      if (!e.isValid(E))
-        throw new Error("bad point: is not on curve, wrong x");
-      const b = _(E);
-      let g;
+  const l = An(n, o);
+  function a() {
+    if (!n.isOdd) throw new Error("compression is not supported: Field does not have .isOdd()");
+  }
+  function g(U, h, d) {
+    const { x: u, y } = h.toAffine(), _ = n.toBytes(u);
+    return jt(d, "isCompressed"), d ? (a(), P(_n(!n.isOdd(y)), _)) : P(Uint8Array.of(4), _, n.toBytes(y));
+  }
+  function b(U) {
+    C(U, void 0, "Point");
+    const { publicKey: h, publicKeyUncompressed: d } = l, u = U.length, y = U[0], _ = U.subarray(1);
+    if (u === h && (y === 2 || y === 3)) {
+      const S = n.fromBytes(_);
+      if (!n.isValid(S)) throw new Error("bad point: is not on curve, wrong x");
+      const A = x(S);
+      let p;
       try {
-        g = e.sqrt(b);
-      } catch (D) {
-        const Z = D instanceof Error ? ": " + D.message : "";
-        throw new Error("bad point: is not on curve, sqrt error" + Z);
+        p = n.sqrt(A);
+      } catch (H) {
+        const $ = H instanceof Error ? ": " + H.message : "";
+        throw new Error("bad point: is not on curve, sqrt error" + $);
       }
-      w();
-      const y = e.isOdd(g);
-      return (h & 1) === 1 !== y && (g = e.neg(g)), { x: E, y: g };
-    } else if (f === l && h === 4) {
-      const E = e.BYTES, b = e.fromBytes(m.subarray(0, E)), g = e.fromBytes(m.subarray(E, E * 2));
-      if (!R(b, g))
-        throw new Error("bad point: is not on curve");
-      return { x: b, y: g };
-    } else
-      throw new Error(`bad point: got length ${f}, expected compressed=${d} or uncompressed=${l}`);
-  }
-  const B = t.toBytes || S, v = t.fromBytes || q;
-  function _(I) {
-    const d = e.sqr(I), l = e.mul(d, I);
-    return e.add(e.add(l, e.mul(I, s.a)), s.b);
-  }
-  function R(I, d) {
-    const l = e.sqr(d), f = _(I);
-    return e.eql(l, f);
-  }
-  if (!R(s.Gx, s.Gy))
-    throw new Error("bad curve params: generator point");
-  const N = e.mul(e.pow(s.a, ft), Ye), T = e.mul(e.sqr(s.b), BigInt(27));
-  if (e.is0(e.add(N, T)))
-    throw new Error("bad curve params: a or b");
-  function C(I, d, l = !1) {
-    if (!e.isValid(d) || l && e.is0(d))
-      throw new Error(`bad point coordinate ${I}`);
-    return d;
-  }
-  function Y(I) {
-    if (!(I instanceof x))
-      throw new Error("Weierstrass Point expected");
-  }
-  function K(I) {
-    if (!c || !c.basises)
-      throw new Error("no endo");
-    return Te(I, c.basises, o.ORDER);
-  }
-  const M = At((I, d) => {
-    const { X: l, Y: f, Z: h } = I;
-    if (e.eql(h, e.ONE))
-      return { x: l, y: f };
-    const m = I.is0();
-    d == null && (d = m ? e.ONE : e.inv(h));
-    const E = e.mul(l, d), b = e.mul(f, d), g = e.mul(h, d);
-    if (m)
-      return { x: e.ZERO, y: e.ZERO };
-    if (!e.eql(g, e.ONE))
-      throw new Error("invZ was invalid");
-    return { x: E, y: b };
-  }), F = At((I) => {
-    if (I.is0()) {
-      if (t.allowInfinityPoint && !e.is0(I.Y))
-        return;
+      a();
+      const R = n.isOdd(p);
+      return (y & 1) === 1 !== R && (p = n.neg(p)), {
+        x: S,
+        y: p
+      };
+    } else if (u === d && y === 4) {
+      const S = n.BYTES, A = n.fromBytes(_.subarray(0, S)), p = n.fromBytes(_.subarray(S, S * 2));
+      if (!v(A, p)) throw new Error("bad point: is not on curve");
+      return {
+        x: A,
+        y: p
+      };
+    } else throw new Error(`bad point: got length ${u}, expected compressed=${h} or uncompressed=${d}`);
+  }
+  const w = e.toBytes || g, m = e.fromBytes || b;
+  function x(U) {
+    const h = n.sqr(U), d = n.mul(h, U);
+    return n.add(n.add(d, n.mul(U, s.a)), s.b);
+  }
+  function v(U, h) {
+    const d = n.sqr(h), u = x(U);
+    return n.eql(d, u);
+  }
+  if (!v(s.Gx, s.Gy)) throw new Error("bad curve params: generator point");
+  const B = n.mul(n.pow(s.a, St), ve), E = n.mul(n.sqr(s.b), BigInt(27));
+  if (n.is0(n.add(B, E))) throw new Error("bad curve params: a or b");
+  function L(U, h, d = !1) {
+    if (!n.isValid(h) || d && n.is0(h)) throw new Error(`bad point coordinate ${U}`);
+    return h;
+  }
+  function I(U) {
+    if (!(U instanceof O)) throw new Error("Weierstrass Point expected");
+  }
+  function V(U) {
+    if (!f || !f.basises) throw new Error("no endo");
+    return mr(U, f.basises, o.ORDER);
+  }
+  const M = Ue((U, h) => {
+    const { X: d, Y: u, Z: y } = U;
+    if (n.eql(y, n.ONE)) return {
+      x: d,
+      y: u
+    };
+    const _ = U.is0();
+    h == null && (h = _ ? n.ONE : n.inv(y));
+    const S = n.mul(d, h), A = n.mul(u, h), p = n.mul(y, h);
+    if (_) return {
+      x: n.ZERO,
+      y: n.ZERO
+    };
+    if (!n.eql(p, n.ONE)) throw new Error("invZ was invalid");
+    return {
+      x: S,
+      y: A
+    };
+  }), D = Ue((U) => {
+    if (U.is0()) {
+      if (e.allowInfinityPoint && !n.is0(U.Y)) return;
       throw new Error("bad point: ZERO");
     }
-    const { x: d, y: l } = I.toAffine();
-    if (!e.isValid(d) || !e.isValid(l))
-      throw new Error("bad point: x or y not field elements");
-    if (!R(d, l))
-      throw new Error("bad point: equation left != right");
-    if (!I.isTorsionFree())
-      throw new Error("bad point: not in prime-order subgroup");
+    const { x: h, y: d } = U.toAffine();
+    if (!n.isValid(h) || !n.isValid(d)) throw new Error("bad point: x or y not field elements");
+    if (!v(h, d)) throw new Error("bad point: equation left != right");
+    if (!U.isTorsionFree()) throw new Error("bad point: not in prime-order subgroup");
     return !0;
   });
-  function H(I, d, l, f, h) {
-    return l = new x(e.mul(l.X, I), l.Y, l.Z), d = at(f, d), l = at(h, l), d.add(l);
-  }
-  class x {
-    // base / generator point
-    static BASE = new x(s.Gx, s.Gy, e.ONE);
-    // zero / infinity / identity point
-    static ZERO = new x(e.ZERO, e.ONE, e.ZERO);
-    // 0, 1, 0
-    // math field
-    static Fp = e;
-    // scalar field
+  function N(U, h, d, u, y) {
+    return d = new O(n.mul(d.X, U), d.Y, d.Z), h = Gt(u, h), d = Gt(y, d), h.add(d);
+  }
+  class O {
+    static BASE = new O(s.Gx, s.Gy, n.ONE);
+    static ZERO = new O(n.ZERO, n.ONE, n.ZERO);
+    static Fp = n;
     static Fn = o;
     X;
     Y;
     Z;
-    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    constructor(d, l, f) {
-      this.X = C("x", d), this.Y = C("y", l, !0), this.Z = C("z", f), Object.freeze(this);
+    constructor(h, d, u) {
+      this.X = L("x", h), this.Y = L("y", d, !0), this.Z = L("z", u), Object.freeze(this);
     }
     static CURVE() {
       return s;
     }
-    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
-    static fromAffine(d) {
-      const { x: l, y: f } = d || {};
-      if (!d || !e.isValid(l) || !e.isValid(f))
-        throw new Error("invalid affine point");
-      if (d instanceof x)
-        throw new Error("projective point not allowed");
-      return e.is0(l) && e.is0(f) ? x.ZERO : new x(l, f, e.ONE);
+    static fromAffine(h) {
+      const { x: d, y: u } = h || {};
+      if (!h || !n.isValid(d) || !n.isValid(u)) throw new Error("invalid affine point");
+      if (h instanceof O) throw new Error("projective point not allowed");
+      return n.is0(d) && n.is0(u) ? O.ZERO : new O(d, u, n.ONE);
     }
-    static fromBytes(d) {
-      const l = x.fromAffine(v(V(d, void 0, "point")));
-      return l.assertValidity(), l;
+    static fromBytes(h) {
+      const d = O.fromAffine(m(C(h, void 0, "point")));
+      return d.assertValidity(), d;
     }
-    static fromHex(d) {
-      return x.fromBytes(lt(d));
+    static fromHex(h) {
+      return O.fromBytes(Mt(h));
     }
     get x() {
       return this.toAffine().x;
@@ -867,375 +1618,389 @@ function ke(n, t = {}) {
     get y() {
       return this.toAffine().y;
     }
-    /**
-     *
-     * @param windowSize
-     * @param isLazy true will defer table computation until the first multiplication
-     * @returns
-     */
-    precompute(d = 8, l = !0) {
-      return tt.createCache(this, d), l || this.multiply(ft), this;
-    }
-    // TODO: return `this`
-    /** A point on curve is valid if it conforms to equation. */
+    precompute(h = 8, d = !0) {
+      return F.createCache(this, h), d || this.multiply(St), this;
+    }
     assertValidity() {
-      F(this);
+      D(this);
     }
     hasEvenY() {
-      const { y: d } = this.toAffine();
-      if (!e.isOdd)
-        throw new Error("Field doesn't support isOdd");
-      return !e.isOdd(d);
-    }
-    /** Compare one point to another. */
-    equals(d) {
-      Y(d);
-      const { X: l, Y: f, Z: h } = this, { X: m, Y: E, Z: b } = d, g = e.eql(e.mul(l, b), e.mul(m, h)), y = e.eql(e.mul(f, b), e.mul(E, h));
-      return g && y;
-    }
-    /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
+      const { y: h } = this.toAffine();
+      if (!n.isOdd) throw new Error("Field doesn't support isOdd");
+      return !n.isOdd(h);
+    }
+    equals(h) {
+      I(h);
+      const { X: d, Y: u, Z: y } = this, { X: _, Y: S, Z: A } = h, p = n.eql(n.mul(d, A), n.mul(_, y)), R = n.eql(n.mul(u, A), n.mul(S, y));
+      return p && R;
+    }
     negate() {
-      return new x(this.X, e.neg(this.Y), this.Z);
+      return new O(this.X, n.neg(this.Y), this.Z);
     }
-    // Renes-Costello-Batina exception-free doubling formula.
-    // There is 30% faster Jacobian formula, but it is not complete.
-    // https://eprint.iacr.org/2015/1060, algorithm 3
-    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
     double() {
-      const { a: d, b: l } = s, f = e.mul(l, ft), { X: h, Y: m, Z: E } = this;
-      let b = e.ZERO, g = e.ZERO, y = e.ZERO, p = e.mul(h, h), D = e.mul(m, m), Z = e.mul(E, E), O = e.mul(h, m);
-      return O = e.add(O, O), y = e.mul(h, E), y = e.add(y, y), b = e.mul(d, y), g = e.mul(f, Z), g = e.add(b, g), b = e.sub(D, g), g = e.add(D, g), g = e.mul(b, g), b = e.mul(O, b), y = e.mul(f, y), Z = e.mul(d, Z), O = e.sub(p, Z), O = e.mul(d, O), O = e.add(O, y), y = e.add(p, p), p = e.add(y, p), p = e.add(p, Z), p = e.mul(p, O), g = e.add(g, p), Z = e.mul(m, E), Z = e.add(Z, Z), p = e.mul(Z, O), b = e.sub(b, p), y = e.mul(Z, D), y = e.add(y, y), y = e.add(y, y), new x(b, g, y);
-    }
-    // Renes-Costello-Batina exception-free addition formula.
-    // There is 30% faster Jacobian formula, but it is not complete.
-    // https://eprint.iacr.org/2015/1060, algorithm 1
-    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
-    add(d) {
-      Y(d);
-      const { X: l, Y: f, Z: h } = this, { X: m, Y: E, Z: b } = d;
-      let g = e.ZERO, y = e.ZERO, p = e.ZERO;
-      const D = s.a, Z = e.mul(s.b, ft);
-      let O = e.mul(l, m), A = e.mul(f, E), U = e.mul(h, b), G = e.add(l, f), L = e.add(m, E);
-      G = e.mul(G, L), L = e.add(O, A), G = e.sub(G, L), L = e.add(l, h);
-      let k = e.add(m, b);
-      return L = e.mul(L, k), k = e.add(O, U), L = e.sub(L, k), k = e.add(f, h), g = e.add(E, b), k = e.mul(k, g), g = e.add(A, U), k = e.sub(k, g), p = e.mul(D, L), g = e.mul(Z, U), p = e.add(g, p), g = e.sub(A, p), p = e.add(A, p), y = e.mul(g, p), A = e.add(O, O), A = e.add(A, O), U = e.mul(D, U), L = e.mul(Z, L), A = e.add(A, U), U = e.sub(O, U), U = e.mul(D, U), L = e.add(L, U), O = e.mul(A, L), y = e.add(y, O), O = e.mul(k, L), g = e.mul(G, g), g = e.sub(g, O), O = e.mul(G, A), p = e.mul(k, p), p = e.add(p, O), new x(g, y, p);
-    }
-    subtract(d) {
-      return this.add(d.negate());
+      const { a: h, b: d } = s, u = n.mul(d, St), { X: y, Y: _, Z: S } = this;
+      let A = n.ZERO, p = n.ZERO, R = n.ZERO, H = n.mul(y, y), $ = n.mul(_, _), Z = n.mul(S, S), q = n.mul(y, _);
+      return q = n.add(q, q), R = n.mul(y, S), R = n.add(R, R), A = n.mul(h, R), p = n.mul(u, Z), p = n.add(A, p), A = n.sub($, p), p = n.add($, p), p = n.mul(A, p), A = n.mul(q, A), R = n.mul(u, R), Z = n.mul(h, Z), q = n.sub(H, Z), q = n.mul(h, q), q = n.add(q, R), R = n.add(H, H), H = n.add(R, H), H = n.add(H, Z), H = n.mul(H, q), p = n.add(p, H), Z = n.mul(_, S), Z = n.add(Z, Z), H = n.mul(Z, q), A = n.sub(A, H), R = n.mul(Z, $), R = n.add(R, R), R = n.add(R, R), new O(A, p, R);
+    }
+    add(h) {
+      I(h);
+      const { X: d, Y: u, Z: y } = this, { X: _, Y: S, Z: A } = h;
+      let p = n.ZERO, R = n.ZERO, H = n.ZERO;
+      const $ = s.a, Z = n.mul(s.b, St);
+      let q = n.mul(d, _), k = n.mul(u, S), j = n.mul(y, A), ot = n.add(d, u), T = n.add(_, S);
+      ot = n.mul(ot, T), T = n.add(q, k), ot = n.sub(ot, T), T = n.add(d, y);
+      let Q = n.add(_, A);
+      return T = n.mul(T, Q), Q = n.add(q, j), T = n.sub(T, Q), Q = n.add(u, y), p = n.add(S, A), Q = n.mul(Q, p), p = n.add(k, j), Q = n.sub(Q, p), H = n.mul($, T), p = n.mul(Z, j), H = n.add(p, H), p = n.sub(k, H), H = n.add(k, H), R = n.mul(p, H), k = n.add(q, q), k = n.add(k, q), j = n.mul($, j), T = n.mul(Z, T), k = n.add(k, j), j = n.sub(q, j), j = n.mul($, j), T = n.add(T, j), q = n.mul(k, T), R = n.add(R, q), q = n.mul(Q, T), p = n.mul(ot, p), p = n.sub(p, q), q = n.mul(ot, k), H = n.mul(Q, H), H = n.add(H, q), new O(p, R, H);
+    }
+    subtract(h) {
+      return this.add(h.negate());
     }
     is0() {
-      return this.equals(x.ZERO);
-    }
-    /**
-     * Constant time multiplication.
-     * Uses wNAF method. Windowed method may be 10% faster,
-     * but takes 2x longer to generate and consumes 2x memory.
-     * Uses precomputes when available.
-     * Uses endomorphism for Koblitz curves.
-     * @param scalar by which the point would be multiplied
-     * @returns New point
-     */
-    multiply(d) {
-      const { endo: l } = t;
-      if (!o.isValidNot0(d))
-        throw new Error("invalid scalar: out of range");
-      let f, h;
-      const m = (E) => tt.cached(this, E, (b) => Ut(x, b));
-      if (l) {
-        const { k1neg: E, k1: b, k2neg: g, k2: y } = K(d), { p, f: D } = m(b), { p: Z, f: O } = m(y);
-        h = D.add(O), f = H(l.beta, p, Z, E, g);
+      return this.equals(O.ZERO);
+    }
+    multiply(h) {
+      const { endo: d } = e;
+      if (!o.isValidNot0(h)) throw new Error("invalid scalar: out of range");
+      let u, y;
+      const _ = (S) => F.cached(this, S, (A) => Ze(O, A));
+      if (d) {
+        const { k1neg: S, k1: A, k2neg: p, k2: R } = V(h), { p: H, f: $ } = _(A), { p: Z, f: q } = _(R);
+        y = $.add(q), u = N(d.beta, H, Z, S, p);
       } else {
-        const { p: E, f: b } = m(d);
-        f = E, h = b;
+        const { p: S, f: A } = _(h);
+        u = S, y = A;
       }
-      return Ut(x, [f, h])[0];
-    }
-    /**
-     * Non-constant-time multiplication. Uses double-and-add algorithm.
-     * It's faster, but should only be used when you don't care about
-     * an exposed secret key e.g. sig verification, which works over *public* keys.
-     */
-    multiplyUnsafe(d) {
-      const { endo: l } = t, f = this;
-      if (!o.isValid(d))
-        throw new Error("invalid scalar: out of range");
-      if (d === W || f.is0())
-        return x.ZERO;
-      if (d === rt)
-        return f;
-      if (tt.hasCache(this))
-        return this.multiply(d);
-      if (l) {
-        const { k1neg: h, k1: m, k2neg: E, k2: b } = K(d), { p1: g, p2: y } = Ae(x, f, m, b);
-        return H(l.beta, g, y, h, E);
-      } else
-        return tt.unsafe(f, d);
-    }
-    /**
-     * Converts Projective point to affine (x, y) coordinates.
-     * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
-     */
-    toAffine(d) {
-      return M(this, d);
-    }
-    /**
-     * Checks whether Point is free of torsion elements (is in prime subgroup).
-     * Always torsion-free for cofactor=1 curves.
-     */
+      return Ze(O, [u, y])[0];
+    }
+    multiplyUnsafe(h) {
+      const { endo: d } = e, u = this;
+      if (!o.isValid(h)) throw new Error("invalid scalar: out of range");
+      if (h === rt || u.is0()) return O.ZERO;
+      if (h === z) return u;
+      if (F.hasCache(this)) return this.multiply(h);
+      if (d) {
+        const { k1neg: y, k1: _, k2neg: S, k2: A } = V(h), { p1: p, p2: R } = cr(O, u, _, A);
+        return N(d.beta, p, R, y, S);
+      } else return F.unsafe(u, h);
+    }
+    toAffine(h) {
+      return M(this, h);
+    }
     isTorsionFree() {
-      const { isTorsionFree: d } = t;
-      return i === rt ? !0 : d ? d(x, this) : tt.unsafe(this, u).is0();
+      const { isTorsionFree: h } = e;
+      return i === z ? !0 : h ? h(O, this) : F.unsafe(this, c).is0();
     }
     clearCofactor() {
-      const { clearCofactor: d } = t;
-      return i === rt ? this : d ? d(x, this) : this.multiplyUnsafe(i);
+      const { clearCofactor: h } = e;
+      return i === z ? this : h ? h(O, this) : this.multiplyUnsafe(i);
     }
     isSmallOrder() {
       return this.multiplyUnsafe(i).is0();
     }
-    toBytes(d = !0) {
-      return dt(d, "isCompressed"), this.assertValidity(), B(x, this, d);
+    toBytes(h = !0) {
+      return jt(h, "isCompressed"), this.assertValidity(), w(O, this, h);
     }
-    toHex(d = !0) {
-      return ht(this.toBytes(d));
+    toHex(h = !0) {
+      return Xt(this.toBytes(h));
     }
     toString() {
       return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
     }
   }
-  const P = o.BITS, tt = new Ze(x, t.endo ? Math.ceil(P / 2) : P);
-  return x.BASE.precompute(8), x;
+  const nt = o.BITS, F = new ir(O, e.endo ? Math.ceil(nt / 2) : nt);
+  return O.BASE.precompute(8), O;
+}
+function _n(t) {
+  return Uint8Array.of(t ? 2 : 3);
+}
+function vr(t, e) {
+  const r = t.ORDER;
+  let n = rt;
+  for (let m = r - z; m % ct === rt; m /= ct) n += z;
+  const o = n, s = ct << o - z - z, i = s * ct, c = (r - z) / i, f = (c - z) / ct, l = i - z, a = s, g = t.pow(e, c), b = t.pow(e, (c + z) / ct);
+  let w = (m, x) => {
+    let v = g, B = t.pow(x, l), E = t.sqr(B);
+    E = t.mul(E, x);
+    let L = t.mul(m, E);
+    L = t.pow(L, f), L = t.mul(L, B), B = t.mul(L, x), E = t.mul(L, m);
+    let I = t.mul(E, B);
+    L = t.pow(I, a);
+    let V = t.eql(L, t.ONE);
+    B = t.mul(E, b), L = t.mul(I, v), E = t.cmov(B, E, V), I = t.cmov(L, I, V);
+    for (let M = o; M > z; M--) {
+      let D = M - ct;
+      D = ct << D - z;
+      let N = t.pow(I, D);
+      const O = t.eql(N, t.ONE);
+      B = t.mul(E, v), v = t.mul(v, v), N = t.mul(I, v), E = t.cmov(B, E, O), I = t.cmov(N, I, O);
+    }
+    return {
+      isValid: V,
+      value: E
+    };
+  };
+  if (t.ORDER % ve === St) {
+    const m = (t.ORDER - St) / ve, x = t.sqrt(t.neg(e));
+    w = (v, B) => {
+      let E = t.sqr(B);
+      const L = t.mul(v, B);
+      E = t.mul(E, L);
+      let I = t.pow(E, m);
+      I = t.mul(I, L);
+      const V = t.mul(I, x), M = t.mul(t.sqr(I), B), D = t.eql(M, v);
+      return {
+        isValid: D,
+        value: t.cmov(V, I, D)
+      };
+    };
+  }
+  return w;
 }
-function ue(n) {
-  return Uint8Array.of(n ? 2 : 3);
+function pr(t, e) {
+  yn(t);
+  const { A: r, B: n, Z: o } = e;
+  if (!t.isValid(r) || !t.isValid(n) || !t.isValid(o)) throw new Error("mapToCurveSimpleSWU: invalid opts");
+  const s = vr(t, o);
+  if (!t.isOdd) throw new Error("Field does not have .isOdd()");
+  return (i) => {
+    let c, f, l, a, g, b, w, m;
+    c = t.sqr(i), c = t.mul(c, o), f = t.sqr(c), f = t.add(f, c), l = t.add(f, t.ONE), l = t.mul(l, n), a = t.cmov(o, t.neg(f), !t.eql(f, t.ZERO)), a = t.mul(a, r), f = t.sqr(l), b = t.sqr(a), g = t.mul(b, r), f = t.add(f, g), f = t.mul(f, l), b = t.mul(b, a), g = t.mul(b, n), f = t.add(f, g), w = t.mul(c, l);
+    const { isValid: x, value: v } = s(f, b);
+    m = t.mul(c, i), m = t.mul(m, v), w = t.cmov(w, l, x), m = t.cmov(m, v, x);
+    const B = t.isOdd(i) === t.isOdd(m);
+    m = t.cmov(t.neg(m), m, B);
+    const E = Ft(t, [a], !0)[0];
+    return w = t.mul(w, E), {
+      x: w,
+      y: m
+    };
+  };
 }
-function le(n, t) {
+function An(t, e) {
   return {
-    secretKey: t.BYTES,
-    publicKey: 1 + n.BYTES,
-    publicKeyUncompressed: 1 + 2 * n.BYTES,
+    secretKey: e.BYTES,
+    publicKey: 1 + t.BYTES,
+    publicKeyUncompressed: 1 + 2 * t.BYTES,
     publicKeyHasPrefix: !0,
-    signature: 2 * t.BYTES
+    signature: 2 * e.BYTES
   };
 }
-function Ve(n, t = {}) {
-  const { Fn: r } = n, e = t.randomBytes || Mt, o = Object.assign(le(n.Fp, r), { seed: ie(r.ORDER) });
-  function s(B) {
+function xr(t, e = {}) {
+  const { Fn: r } = t, n = e.randomBytes || Ge, o = Object.assign(An(t.Fp, r), { seed: vn(r.ORDER) });
+  function s(w) {
     try {
-      const v = r.fromBytes(B);
-      return r.isValidNot0(v);
+      const m = r.fromBytes(w);
+      return r.isValidNot0(m);
     } catch {
       return !1;
     }
   }
-  function i(B, v) {
-    const { publicKey: _, publicKeyUncompressed: R } = o;
+  function i(w, m) {
+    const { publicKey: x, publicKeyUncompressed: v } = o;
     try {
-      const N = B.length;
-      return v === !0 && N !== _ || v === !1 && N !== R ? !1 : !!n.fromBytes(B);
+      const B = w.length;
+      return m === !0 && B !== x || m === !1 && B !== v ? !1 : !!t.fromBytes(w);
     } catch {
       return !1;
     }
   }
-  function u(B = e(o.seed)) {
-    return _e(V(B, o.seed, "seed"), r.ORDER);
+  function c(w = n(o.seed)) {
+    return sr(C(w, o.seed, "seed"), r.ORDER);
   }
-  function c(B, v = !0) {
-    return n.BASE.multiply(r.fromBytes(B)).toBytes(v);
+  function f(w, m = !0) {
+    return t.BASE.multiply(r.fromBytes(w)).toBytes(m);
   }
-  function a(B) {
-    const { secretKey: v, publicKey: _, publicKeyUncompressed: R } = o;
-    if (!Kt(B) || "_lengths" in r && r._lengths || v === _)
-      return;
-    const N = V(B, void 0, "key").length;
-    return N === _ || N === R;
+  function l(w) {
+    const { secretKey: m, publicKey: x, publicKeyUncompressed: v } = o;
+    if (!Kt(w) || "_lengths" in r && r._lengths || m === x) return;
+    const B = C(w, void 0, "key").length;
+    return B === x || B === v;
   }
-  function w(B, v, _ = !0) {
-    if (a(B) === !0)
-      throw new Error("first arg must be private key");
-    if (a(v) === !1)
-      throw new Error("second arg must be public key");
-    const R = r.fromBytes(B);
-    return n.fromBytes(v).multiply(R).toBytes(_);
+  function a(w, m, x = !0) {
+    if (l(w) === !0) throw new Error("first arg must be private key");
+    if (l(m) === !1) throw new Error("second arg must be public key");
+    const v = r.fromBytes(w);
+    return t.fromBytes(m).multiply(v).toBytes(x);
   }
-  const S = {
+  const g = {
     isValidSecretKey: s,
     isValidPublicKey: i,
-    randomSecretKey: u
-  }, q = De(u, c);
-  return Object.freeze({ getPublicKey: c, getSharedSecret: w, keygen: q, Point: n, utils: S, lengths: o });
+    randomSecretKey: c
+  }, b = ar(c, f);
+  return Object.freeze({
+    getPublicKey: f,
+    getSharedSecret: a,
+    keygen: b,
+    Point: t,
+    utils: g,
+    lengths: o
+  });
 }
-function $e(n, t, r = {}) {
-  de(t), Ot(r, {}, {
+function Br(t, e, r = {}) {
+  Ye(e), Qt(r, {}, {
     hmac: "function",
     lowS: "boolean",
     randomBytes: "function",
     bits2int: "function",
     bits2int_modN: "function"
   }), r = Object.assign({}, r);
-  const e = r.randomBytes || Mt, o = r.hmac || ((l, f) => ae(t, l, f)), { Fp: s, Fn: i } = n, { ORDER: u, BITS: c } = i, { keygen: a, getPublicKey: w, getSharedSecret: S, utils: q, lengths: B } = Ve(n, r), v = {
+  const n = r.randomBytes || Ge, o = r.hmac || ((d, u) => $t(e, d, u)), { Fp: s, Fn: i } = t, { ORDER: c, BITS: f } = i, { keygen: l, getPublicKey: a, getSharedSecret: g, utils: b, lengths: w } = xr(t, r), m = {
     prehash: !0,
     lowS: typeof r.lowS == "boolean" ? r.lowS : !0,
     format: "compact",
     extraEntropy: !1
-  }, _ = u * fe < s.ORDER;
-  function R(l) {
-    const f = u >> rt;
-    return l > f;
-  }
-  function N(l, f) {
-    if (!i.isValidNot0(f))
-      throw new Error(`invalid signature ${l}: out of range 1..Point.Fn.ORDER`);
-    return f;
-  }
-  function T() {
-    if (_)
-      throw new Error('"recovered" sig type is not supported for cofactor >2 curves');
-  }
-  function C(l, f) {
-    pt(f);
-    const h = B.signature, m = f === "compact" ? h : f === "recovered" ? h + 1 : void 0;
-    return V(l, m);
-  }
-  class Y {
+  }, x = c * ct < s.ORDER;
+  function v(d) {
+    return d > c >> z;
+  }
+  function B(d, u) {
+    if (!i.isValidNot0(u)) throw new Error(`invalid signature ${d}: out of range 1..Point.Fn.ORDER`);
+    return u;
+  }
+  function E() {
+    if (x) throw new Error('"recovered" sig type is not supported for cofactor >2 curves');
+  }
+  function L(d, u) {
+    Ee(u);
+    const y = w.signature;
+    return C(d, u === "compact" ? y : u === "recovered" ? y + 1 : void 0);
+  }
+  class I {
     r;
     s;
     recovery;
-    constructor(f, h, m) {
-      if (this.r = N("r", f), this.s = N("s", h), m != null) {
-        if (T(), ![0, 1, 2, 3].includes(m))
-          throw new Error("invalid recovery id");
-        this.recovery = m;
+    constructor(u, y, _) {
+      if (this.r = B("r", u), this.s = B("s", y), _ != null) {
+        if (E(), ![
+          0,
+          1,
+          2,
+          3
+        ].includes(_)) throw new Error("invalid recovery id");
+        this.recovery = _;
       }
       Object.freeze(this);
     }
-    static fromBytes(f, h = v.format) {
-      C(f, h);
-      let m;
-      if (h === "der") {
-        const { r: y, s: p } = Q.toSig(V(f));
-        return new Y(y, p);
+    static fromBytes(u, y = m.format) {
+      L(u, y);
+      let _;
+      if (y === "der") {
+        const { r: R, s: H } = wt.toSig(C(u));
+        return new I(R, H);
       }
-      h === "recovered" && (m = f[0], h = "compact", f = f.subarray(1));
-      const E = B.signature / 2, b = f.subarray(0, E), g = f.subarray(E, E * 2);
-      return new Y(i.fromBytes(b), i.fromBytes(g), m);
+      y === "recovered" && (_ = u[0], y = "compact", u = u.subarray(1));
+      const S = w.signature / 2, A = u.subarray(0, S), p = u.subarray(S, S * 2);
+      return new I(i.fromBytes(A), i.fromBytes(p), _);
     }
-    static fromHex(f, h) {
-      return this.fromBytes(lt(f), h);
+    static fromHex(u, y) {
+      return this.fromBytes(Mt(u), y);
     }
     assertRecovery() {
-      const { recovery: f } = this;
-      if (f == null)
-        throw new Error("invalid recovery id: must be present");
-      return f;
-    }
-    addRecoveryBit(f) {
-      return new Y(this.r, this.s, f);
-    }
-    recoverPublicKey(f) {
-      const { r: h, s: m } = this, E = this.assertRecovery(), b = E === 2 || E === 3 ? h + u : h;
-      if (!s.isValid(b))
-        throw new Error("invalid recovery id: sig.r+curve.n != R.x");
-      const g = s.toBytes(b), y = n.fromBytes(J(ue((E & 1) === 0), g)), p = i.inv(b), D = M(V(f, void 0, "msgHash")), Z = i.create(-D * p), O = i.create(m * p), A = n.BASE.multiplyUnsafe(Z).add(y.multiplyUnsafe(O));
-      if (A.is0())
-        throw new Error("invalid recovery: point at infinify");
-      return A.assertValidity(), A;
-    }
-    // Signatures should be low-s, to prevent malleability.
+      const { recovery: u } = this;
+      if (u == null) throw new Error("invalid recovery id: must be present");
+      return u;
+    }
+    addRecoveryBit(u) {
+      return new I(this.r, this.s, u);
+    }
+    recoverPublicKey(u) {
+      const { r: y, s: _ } = this, S = this.assertRecovery(), A = S === 2 || S === 3 ? y + c : y;
+      if (!s.isValid(A)) throw new Error("invalid recovery id: sig.r+curve.n != R.x");
+      const p = s.toBytes(A), R = t.fromBytes(P(_n((S & 1) === 0), p)), H = i.inv(A), $ = M(C(u, void 0, "msgHash")), Z = i.create(-$ * H), q = i.create(_ * H), k = t.BASE.multiplyUnsafe(Z).add(R.multiplyUnsafe(q));
+      if (k.is0()) throw new Error("invalid recovery: point at infinify");
+      return k.assertValidity(), k;
+    }
     hasHighS() {
-      return R(this.s);
-    }
-    toBytes(f = v.format) {
-      if (pt(f), f === "der")
-        return lt(Q.hexFromSig(this));
-      const { r: h, s: m } = this, E = i.toBytes(h), b = i.toBytes(m);
-      return f === "recovered" ? (T(), J(Uint8Array.of(this.assertRecovery()), E, b)) : J(E, b);
-    }
-    toHex(f) {
-      return ht(this.toBytes(f));
-    }
-  }
-  const K = r.bits2int || function(f) {
-    if (f.length > 8192)
-      throw new Error("input is too large");
-    const h = wt(f), m = f.length * 8 - c;
-    return m > 0 ? h >> BigInt(m) : h;
-  }, M = r.bits2int_modN || function(f) {
-    return i.create(K(f));
-  }, F = St(c);
-  function H(l) {
-    return me("num < 2^" + c, l, W, F), i.toBytes(l);
-  }
-  function x(l, f) {
-    return V(l, void 0, "message"), f ? V(t(l), void 0, "prehashed message") : l;
-  }
-  function P(l, f, h) {
-    const { lowS: m, prehash: E, extraEntropy: b } = yt(h, v);
-    l = x(l, E);
-    const g = M(l), y = i.fromBytes(f);
-    if (!i.isValidNot0(y))
-      throw new Error("invalid private key");
-    const p = [H(y), H(g)];
-    if (b != null && b !== !1) {
-      const A = b === !0 ? e(B.secretKey) : b;
-      p.push(V(A, void 0, "extraEntropy"));
-    }
-    const D = J(...p), Z = g;
-    function O(A) {
-      const U = K(A);
-      if (!i.isValidNot0(U))
-        return;
-      const G = i.inv(U), L = n.BASE.multiply(U).toAffine(), k = i.create(L.x);
-      if (k === W)
-        return;
-      const st = i.create(G * i.create(Z + k * y));
-      if (st === W)
-        return;
-      let _t = (L.x === k ? 0 : 2) | Number(L.y & rt), Zt = st;
-      return m && R(st) && (Zt = i.neg(st), _t ^= 1), new Y(k, Zt, _ ? void 0 : _t);
-    }
-    return { seed: D, k2sig: O };
-  }
-  function tt(l, f, h = {}) {
-    const { seed: m, k2sig: E } = P(l, f, h);
-    return Ee(t.outputLen, i.BYTES, o)(m, E).toBytes(h.format);
-  }
-  function I(l, f, h, m = {}) {
-    const { lowS: E, prehash: b, format: g } = yt(m, v);
-    if (h = V(h, void 0, "publicKey"), f = x(f, b), !Kt(l)) {
-      const y = l instanceof Y ? ", use sig.toBytes()" : "";
-      throw new Error("verify expects Uint8Array signature" + y);
-    }
-    C(l, g);
+      return v(this.s);
+    }
+    toBytes(u = m.format) {
+      if (Ee(u), u === "der") return Mt(wt.hexFromSig(this));
+      const { r: y, s: _ } = this, S = i.toBytes(y), A = i.toBytes(_);
+      return u === "recovered" ? (E(), P(Uint8Array.of(this.assertRecovery()), S, A)) : P(S, A);
+    }
+    toHex(u) {
+      return Xt(this.toBytes(u));
+    }
+  }
+  const V = r.bits2int || function(u) {
+    if (u.length > 8192) throw new Error("input is too large");
+    const y = Dt(u), _ = u.length * 8 - f;
+    return _ > 0 ? y >> BigInt(_) : y;
+  }, M = r.bits2int_modN || function(u) {
+    return i.create(V(u));
+  }, D = Jt(f);
+  function N(d) {
+    return Gn("num < 2^" + f, d, rt, D), i.toBytes(d);
+  }
+  function O(d, u) {
+    return C(d, void 0, "message"), u ? C(e(d), void 0, "prehashed message") : d;
+  }
+  function nt(d, u, y) {
+    const { lowS: _, prehash: S, extraEntropy: A } = fe(y, m);
+    d = O(d, S);
+    const p = M(d), R = i.fromBytes(u);
+    if (!i.isValidNot0(R)) throw new Error("invalid private key");
+    const H = [N(R), N(p)];
+    if (A != null && A !== !1) {
+      const k = A === !0 ? n(w.secretKey) : A;
+      H.push(C(k, void 0, "extraEntropy"));
+    }
+    const $ = P(...H), Z = p;
+    function q(k) {
+      const j = V(k);
+      if (!i.isValidNot0(j)) return;
+      const ot = i.inv(j), T = t.BASE.multiply(j).toAffine(), Q = i.create(T.x);
+      if (Q === rt) return;
+      const Ct = i.create(ot * i.create(Z + Q * R));
+      if (Ct === rt) return;
+      let Se = (T.x === Q ? 0 : 2) | Number(T.y & z), Re = Ct;
+      return _ && v(Ct) && (Re = i.neg(Ct), Se ^= 1), new I(Q, Re, x ? void 0 : Se);
+    }
+    return {
+      seed: $,
+      k2sig: q
+    };
+  }
+  function F(d, u, y = {}) {
+    const { seed: _, k2sig: S } = nt(d, u, y);
+    return Xn(e.outputLen, i.BYTES, o)(_, S).toBytes(y.format);
+  }
+  function U(d, u, y, _ = {}) {
+    const { lowS: S, prehash: A, format: p } = fe(_, m);
+    if (y = C(y, void 0, "publicKey"), u = O(u, A), !Kt(d)) {
+      const R = d instanceof I ? ", use sig.toBytes()" : "";
+      throw new Error("verify expects Uint8Array signature" + R);
+    }
+    L(d, p);
     try {
-      const y = Y.fromBytes(l, g), p = n.fromBytes(h);
-      if (E && y.hasHighS())
-        return !1;
-      const { r: D, s: Z } = y, O = M(f), A = i.inv(Z), U = i.create(O * A), G = i.create(D * A), L = n.BASE.multiplyUnsafe(U).add(p.multiplyUnsafe(G));
-      return L.is0() ? !1 : i.create(L.x) === D;
+      const R = I.fromBytes(d, p), H = t.fromBytes(y);
+      if (S && R.hasHighS()) return !1;
+      const { r: $, s: Z } = R, q = M(u), k = i.inv(Z), j = i.create(q * k), ot = i.create($ * k), T = t.BASE.multiplyUnsafe(j).add(H.multiplyUnsafe(ot));
+      return T.is0() ? !1 : i.create(T.x) === $;
     } catch {
       return !1;
     }
   }
-  function d(l, f, h = {}) {
-    const { prehash: m } = yt(h, v);
-    return f = x(f, m), Y.fromBytes(l, "recovered").recoverPublicKey(f).toBytes();
+  function h(d, u, y = {}) {
+    const { prehash: _ } = fe(y, m);
+    return u = O(u, _), I.fromBytes(d, "recovered").recoverPublicKey(u).toBytes();
   }
   return Object.freeze({
-    keygen: a,
-    getPublicKey: w,
-    getSharedSecret: S,
-    utils: q,
-    lengths: B,
-    Point: n,
-    sign: tt,
-    verify: I,
-    recoverPublicKey: d,
-    Signature: Y,
-    hash: t
+    keygen: l,
+    getPublicKey: a,
+    getSharedSecret: g,
+    utils: b,
+    lengths: w,
+    Point: t,
+    sign: F,
+    verify: U,
+    recoverPublicKey: h,
+    Signature: I,
+    hash: e
   });
 }
-const Nt = {
+$n();
+var Ae = {
   p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
   n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
   h: BigInt(1),
@@ -1243,28 +2008,95 @@ const Nt = {
   b: BigInt(7),
   Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
   Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
-}, je = {
+}, _r = {
   beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
-  basises: [
-    [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
-    [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
+  basises: [[BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")], [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]
+}, $e = /* @__PURE__ */ BigInt(2);
+function Ar(t) {
+  const e = Ae.p, r = BigInt(3), n = BigInt(6), o = BigInt(11), s = BigInt(22), i = BigInt(23), c = BigInt(44), f = BigInt(88), l = t * t * t % e, a = l * l * t % e, g = tt(tt(tt(a, r, e) * a % e, r, e) * a % e, $e, e) * l % e, b = tt(g, o, e) * g % e, w = tt(b, s, e) * b % e, m = tt(w, c, e) * w % e, x = tt(tt(tt(tt(tt(tt(m, f, e) * m % e, c, e) * w % e, r, e) * a % e, i, e) * b % e, n, e) * l % e, $e, e);
+  if (!gt.eql(gt.sqr(x), t)) throw new Error("Cannot find square root");
+  return x;
+}
+var gt = te(Ae.p, { sqrt: Ar }), Sn = /* @__PURE__ */ Er(Ae, {
+  Fp: gt,
+  endo: _r
+}), Nr = /* @__PURE__ */ Br(Sn, zt), Sr = br(gt, [
+  [
+    "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7",
+    "0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581",
+    "0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262",
+    "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"
+  ],
+  [
+    "0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b",
+    "0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14",
+    "0x0000000000000000000000000000000000000000000000000000000000000001"
+  ],
+  [
+    "0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c",
+    "0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3",
+    "0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931",
+    "0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"
+  ],
+  [
+    "0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b",
+    "0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573",
+    "0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f",
+    "0x0000000000000000000000000000000000000000000000000000000000000001"
   ]
-}, jt = /* @__PURE__ */ BigInt(2);
-function Me(n) {
-  const t = Nt.p, r = BigInt(3), e = BigInt(6), o = BigInt(11), s = BigInt(22), i = BigInt(23), u = BigInt(44), c = BigInt(88), a = n * n * n % t, w = a * a * n % t, S = z(w, r, t) * w % t, q = z(S, r, t) * w % t, B = z(q, jt, t) * a % t, v = z(B, o, t) * B % t, _ = z(v, s, t) * v % t, R = z(_, u, t) * _ % t, N = z(R, c, t) * R % t, T = z(N, u, t) * _ % t, C = z(T, r, t) * w % t, Y = z(C, i, t) * v % t, K = z(Y, e, t) * a % t, M = z(K, jt, t);
-  if (!vt.eql(vt.sqr(M), n))
-    throw new Error("Cannot find square root");
-  return M;
-}
-const vt = gt(Nt.p, { sqrt: Me }), Ke = /* @__PURE__ */ ke(Nt, {
-  Fp: vt,
-  endo: je
-}), He = /* @__PURE__ */ $e(Ke, he);
+].map((t) => t.map((e) => BigInt(e)))), Rr = pr(gt, {
+  A: BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),
+  B: BigInt("1771"),
+  Z: gt.create(BigInt("-11"))
+}), Dr = gr(Sn, (t) => {
+  const { x: e, y: r } = Rr(gt.create(t[0]));
+  return Sr(e, r);
+}, {
+  DST: "secp256k1_XMD:SHA-256_SSWU_RO_",
+  encodeDST: "secp256k1_XMD:SHA-256_SSWU_NU_",
+  p: gt.ORDER,
+  m: 1,
+  k: 128,
+  expand: "xmd",
+  hash: zt
+});
 export {
-  Ce as F,
-  dt as a,
-  wt as b,
-  X as m,
-  ye as r,
-  He as s
+  P as A,
+  Lr as C,
+  xt as D,
+  Vt as E,
+  Ge as F,
+  Ir as I,
+  In as L,
+  Nt as M,
+  Kt as N,
+  Rn as O,
+  mt as P,
+  Hr as R,
+  Nn as S,
+  C as T,
+  kn as _,
+  zn as a,
+  ae as b,
+  Pt as c,
+  qr as d,
+  tn as f,
+  Zn as g,
+  Vn as h,
+  Ur as i,
+  _t as j,
+  At as k,
+  $n as l,
+  Tn as m,
+  et as n,
+  jt as o,
+  Mn as p,
+  Wn as r,
+  Dt as s,
+  Nr as t,
+  zt as u,
+  Cn as v,
+  Ln as w,
+  Un as x,
+  qn as y
 };