npm - @coinbase/cdp-hooks - Versions diffs - 0.0.96 → 0.0.97 - Mend

@coinbase/cdp-hooks 0.0.96 → 0.0.97

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (282) hide show

package/dist/esm/index344.js CHANGED Viewed

@@ -1,208 +1,658 @@
-const w = /* @__PURE__ */ BigInt(0), p = /* @__PURE__ */ BigInt(1);
-function b(t) {
-  return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array";
+import { validateBasic as mt, pippenger as bt, wNAF as vt } from "./index346.js";
+import { Field as Bt, mod as wt, getMinHashLength as xt, mapHashToField as St, FpInvertBatch as Rt, invert as Ot } from "./index325.js";
+import { bytesToNumberBE as $, bitMask as At, validateObject as pt, concatBytes as at, aInRange as W, ensureBytes as F, hexToBytes as dt, isBytes as yt, createHmacDrbg as Tt, abool as _, bytesToHex as lt, inRange as gt, numberToHexUnpadded as nt, numberToBytesBE as Et, memoized as ft } from "./index345.js";
+function ht(m) {
+  m.lowS !== void 0 && _("lowS", m.lowS), m.prehash !== void 0 && _("prehash", m.prehash);
 }
-function h(t) {
-  if (!b(t))
-    throw new Error("Uint8Array expected");
-}
-function k(t, n) {
-  if (typeof n != "boolean")
-    throw new Error(t + " boolean expected, got " + n);
-}
-function F(t) {
-  const n = t.toString(16);
-  return n.length & 1 ? "0" + n : n;
-}
-function E(t) {
-  if (typeof t != "string")
-    throw new Error("hex string expected, got " + typeof t);
-  return t === "" ? w : BigInt("0x" + t);
-}
-const U = (
-  // @ts-ignore
-  typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function"
-), S = /* @__PURE__ */ Array.from({ length: 256 }, (t, n) => n.toString(16).padStart(2, "0"));
-function x(t) {
-  if (h(t), U)
-    return t.toHex();
-  let n = "";
-  for (let e = 0; e < t.length; e++)
-    n += S[t[e]];
-  return n;
-}
-const u = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
-function m(t) {
-  if (t >= u._0 && t <= u._9)
-    return t - u._0;
-  if (t >= u.A && t <= u.F)
-    return t - (u.A - 10);
-  if (t >= u.a && t <= u.f)
-    return t - (u.a - 10);
-}
-function B(t) {
-  if (typeof t != "string")
-    throw new Error("hex string expected, got " + typeof t);
-  if (U)
-    return Uint8Array.fromHex(t);
-  const n = t.length, e = n / 2;
-  if (n % 2)
-    throw new Error("hex string expected, got unpadded hex of length " + n);
-  const r = new Uint8Array(e);
-  for (let o = 0, i = 0; o < e; o++, i += 2) {
-    const a = m(t.charCodeAt(i)), f = m(t.charCodeAt(i + 1));
-    if (a === void 0 || f === void 0) {
-      const c = t[i] + t[i + 1];
-      throw new Error('hex string expected, got non-hex character "' + c + '" at index ' + i);
-    }
-    r[o] = a * 16 + f;
-  }
-  return r;
-}
-function O(t) {
-  return E(x(t));
-}
-function V(t) {
-  return h(t), E(x(Uint8Array.from(t).reverse()));
+function Zt(m) {
+  const r = mt(m);
+  pt(r, {
+    a: "field",
+    b: "field"
+  }, {
+    allowInfinityPoint: "boolean",
+    allowedPrivateKeyLengths: "array",
+    clearCofactor: "function",
+    fromBytes: "function",
+    isTorsionFree: "function",
+    toBytes: "function",
+    wrapPrivateKey: "boolean"
+  });
+  const { endo: t, Fp: b, a: S } = r;
+  if (t) {
+    if (!b.eql(S, b.ZERO))
+      throw new Error("invalid endo: CURVE.a must be 0");
+    if (typeof t != "object" || typeof t.beta != "bigint" || typeof t.splitScalar != "function")
+      throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function');
+  }
+  return Object.freeze({ ...r });
 }
-function T(t, n) {
-  return B(t.toString(16).padStart(n * 2, "0"));
+class zt extends Error {
+  constructor(r = "") {
+    super(r);
+  }
 }
-function C(t, n) {
-  return T(t, n).reverse();
+const C = {
+  // asn.1 DER encoding utils
+  Err: zt,
+  // Basic building block is TLV (Tag-Length-Value)
+  _tlv: {
+    encode: (m, r) => {
+      const { Err: t } = C;
+      if (m < 0 || m > 256)
+        throw new t("tlv.encode: wrong tag");
+      if (r.length & 1)
+        throw new t("tlv.encode: unpadded data");
+      const b = r.length / 2, S = nt(b);
+      if (S.length / 2 & 128)
+        throw new t("tlv.encode: long form length too big");
+      const N = b > 127 ? nt(S.length / 2 | 128) : "";
+      return nt(m) + N + S + r;
+    },
+    // v - value, l - left bytes (unparsed)
+    decode(m, r) {
+      const { Err: t } = C;
+      let b = 0;
+      if (m < 0 || m > 256)
+        throw new t("tlv.encode: wrong tag");
+      if (r.length < 2 || r[b++] !== m)
+        throw new t("tlv.decode: wrong tlv");
+      const S = r[b++], N = !!(S & 128);
+      let A = 0;
+      if (!N)
+        A = S;
+      else {
+        const x = S & 127;
+        if (!x)
+          throw new t("tlv.decode(long): indefinite length not supported");
+        if (x > 4)
+          throw new t("tlv.decode(long): byte length is too big");
+        const L = r.subarray(b, b + x);
+        if (L.length !== x)
+          throw new t("tlv.decode: length bytes not complete");
+        if (L[0] === 0)
+          throw new t("tlv.decode(long): zero leftmost byte");
+        for (const O of L)
+          A = A << 8 | O;
+        if (b += x, A < 128)
+          throw new t("tlv.decode(long): not minimal encoding");
+      }
+      const V = r.subarray(b, b + A);
+      if (V.length !== A)
+        throw new t("tlv.decode: wrong value length");
+      return { v: V, l: r.subarray(b + A) };
+    }
+  },
+  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
+  // since we always use positive integers here. It must always be empty:
+  // - add zero byte if exists
+  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
+  _int: {
+    encode(m) {
+      const { Err: r } = C;
+      if (m < U)
+        throw new r("integer: negative integers are not allowed");
+      let t = nt(m);
+      if (Number.parseInt(t[0], 16) & 8 && (t = "00" + t), t.length & 1)
+        throw new r("unexpected DER parsing assertion: unpadded hex");
+      return t;
+    },
+    decode(m) {
+      const { Err: r } = C;
+      if (m[0] & 128)
+        throw new r("invalid signature integer: negative");
+      if (m[0] === 0 && !(m[1] & 128))
+        throw new r("invalid signature integer: unnecessary leading zero");
+      return $(m);
+    }
+  },
+  toSig(m) {
+    const { Err: r, _int: t, _tlv: b } = C, S = F("signature", m), { v: N, l: A } = b.decode(48, S);
+    if (A.length)
+      throw new r("invalid signature: left bytes after parsing");
+    const { v: V, l: x } = b.decode(2, N), { v: L, l: O } = b.decode(2, x);
+    if (O.length)
+      throw new r("invalid signature: left bytes after parsing");
+    return { r: t.decode(V), s: t.decode(L) };
+  },
+  hexFromSig(m) {
+    const { _tlv: r, _int: t } = C, b = r.encode(2, t.encode(m.r)), S = r.encode(2, t.encode(m.s)), N = b + S;
+    return r.encode(48, N);
+  }
+};
+function st(m, r) {
+  return lt(Et(m, r));
 }
-function M(t, n, e) {
-  let r;
-  if (typeof n == "string")
+const U = BigInt(0), R = BigInt(1);
+BigInt(2);
+const ct = BigInt(3), Nt = BigInt(4);
+function qt(m) {
+  const r = Zt(m), { Fp: t } = r, b = Bt(r.n, r.nBitLength), S = r.toBytes || ((w, e, i) => {
+    const c = e.toAffine();
+    return at(Uint8Array.from([4]), t.toBytes(c.x), t.toBytes(c.y));
+  }), N = r.fromBytes || ((w) => {
+    const e = w.subarray(1), i = t.fromBytes(e.subarray(0, t.BYTES)), c = t.fromBytes(e.subarray(t.BYTES, 2 * t.BYTES));
+    return { x: i, y: c };
+  });
+  function A(w) {
+    const { a: e, b: i } = r, c = t.sqr(w), d = t.mul(c, w);
+    return t.add(t.add(d, t.mul(w, e)), i);
+  }
+  function V(w, e) {
+    const i = t.sqr(e), c = A(w);
+    return t.eql(i, c);
+  }
+  if (!V(r.Gx, r.Gy))
+    throw new Error("bad curve params: generator point");
+  const x = t.mul(t.pow(r.a, ct), Nt), L = t.mul(t.sqr(r.b), BigInt(27));
+  if (t.is0(t.add(x, L)))
+    throw new Error("bad curve params: a or b");
+  function O(w) {
+    return gt(w, R, r.n);
+  }
+  function k(w) {
+    const { allowedPrivateKeyLengths: e, nByteLength: i, wrapPrivateKey: c, n: d } = r;
+    if (e && typeof w != "bigint") {
+      if (yt(w) && (w = lt(w)), typeof w != "string" || !e.includes(w.length))
+        throw new Error("invalid private key");
+      w = w.padStart(i * 2, "0");
+    }
+    let y;
     try {
-      r = B(n);
-    } catch (i) {
-      throw new Error(t + " must be hex string or Uint8Array, cause: " + i);
-    }
-  else if (b(n))
-    r = Uint8Array.from(n);
-  else
-    throw new Error(t + " must be hex string or Uint8Array");
-  const o = r.length;
-  if (typeof e == "number" && o !== e)
-    throw new Error(t + " of length " + e + " expected, got " + o);
-  return r;
-}
-function H(...t) {
-  let n = 0;
-  for (let r = 0; r < t.length; r++) {
-    const o = t[r];
-    h(o), n += o.length;
-  }
-  const e = new Uint8Array(n);
-  for (let r = 0, o = 0; r < t.length; r++) {
-    const i = t[r];
-    e.set(i, o), o += i.length;
-  }
-  return e;
-}
-const y = (t) => typeof t == "bigint" && w <= t;
-function I(t, n, e) {
-  return y(t) && y(n) && y(e) && n <= t && t < e;
-}
-function R(t, n, e, r) {
-  if (!I(n, e, r))
-    throw new Error("expected valid " + t + ": " + e + " <= n < " + r + ", got " + n);
-}
-function j(t) {
-  let n;
-  for (n = 0; t > w; t >>= p, n += 1)
-    ;
-  return n;
-}
-const z = (t) => (p << BigInt(t)) - p, d = (t) => new Uint8Array(t), A = (t) => Uint8Array.from(t);
-function D(t, n, e) {
-  if (typeof t != "number" || t < 2)
-    throw new Error("hashLen must be a number");
-  if (typeof n != "number" || n < 2)
-    throw new Error("qByteLen must be a number");
-  if (typeof e != "function")
-    throw new Error("hmacFn must be a function");
-  let r = d(t), o = d(t), i = 0;
-  const a = () => {
-    r.fill(1), o.fill(0), i = 0;
-  }, f = (...s) => e(o, r, ...s), c = (s = d(0)) => {
-    o = f(A([0]), s), r = f(), s.length !== 0 && (o = f(A([1]), s), r = f());
-  }, v = () => {
-    if (i++ >= 1e3)
-      throw new Error("drbg: tried 1000 values");
-    let s = 0;
-    const l = [];
-    for (; s < n; ) {
-      r = f();
-      const g = r.slice();
-      l.push(g), s += r.length;
-    }
-    return H(...l);
-  };
-  return (s, l) => {
-    a(), c(s);
-    let g;
-    for (; !(g = l(v())); )
-      c();
-    return a(), g;
+      y = typeof w == "bigint" ? w : $(F("private key", w, i));
+    } catch {
+      throw new Error("invalid private key, expected hex or " + i + " bytes, got " + typeof w);
+    }
+    return c && (y = wt(y, d)), W("private key", y, R, d), y;
+  }
+  function tt(w) {
+    if (!(w instanceof g))
+      throw new Error("ProjectivePoint expected");
+  }
+  const rt = ft((w, e) => {
+    const { px: i, py: c, pz: d } = w;
+    if (t.eql(d, t.ONE))
+      return { x: i, y: c };
+    const y = w.is0();
+    e == null && (e = y ? t.ONE : t.inv(d));
+    const v = t.mul(i, e), E = t.mul(c, e), a = t.mul(d, e);
+    if (y)
+      return { x: t.ZERO, y: t.ZERO };
+    if (!t.eql(a, t.ONE))
+      throw new Error("invZ was invalid");
+    return { x: v, y: E };
+  }), G = ft((w) => {
+    if (w.is0()) {
+      if (r.allowInfinityPoint && !t.is0(w.py))
+        return;
+      throw new Error("bad point: ZERO");
+    }
+    const { x: e, y: i } = w.toAffine();
+    if (!t.isValid(e) || !t.isValid(i))
+      throw new Error("bad point: x or y not FE");
+    if (!V(e, i))
+      throw new Error("bad point: equation left != right");
+    if (!w.isTorsionFree())
+      throw new Error("bad point: not in prime-order subgroup");
+    return !0;
+  });
+  class g {
+    constructor(e, i, c) {
+      if (e == null || !t.isValid(e))
+        throw new Error("x required");
+      if (i == null || !t.isValid(i) || t.is0(i))
+        throw new Error("y required");
+      if (c == null || !t.isValid(c))
+        throw new Error("z required");
+      this.px = e, this.py = i, this.pz = c, Object.freeze(this);
+    }
+    // Does not validate if the point is on-curve.
+    // Use fromHex instead, or call assertValidity() later.
+    static fromAffine(e) {
+      const { x: i, y: c } = e || {};
+      if (!e || !t.isValid(i) || !t.isValid(c))
+        throw new Error("invalid affine point");
+      if (e instanceof g)
+        throw new Error("projective point not allowed");
+      const d = (y) => t.eql(y, t.ZERO);
+      return d(i) && d(c) ? g.ZERO : new g(i, c, t.ONE);
+    }
+    get x() {
+      return this.toAffine().x;
+    }
+    get y() {
+      return this.toAffine().y;
+    }
+    /**
+     * Takes a bunch of Projective Points but executes only one
+     * inversion on all of them. Inversion is very slow operation,
+     * so this improves performance massively.
+     * Optimization: converts a list of projective points to a list of identical points with Z=1.
+     */
+    static normalizeZ(e) {
+      const i = Rt(t, e.map((c) => c.pz));
+      return e.map((c, d) => c.toAffine(i[d])).map(g.fromAffine);
+    }
+    /**
+     * Converts hash string or Uint8Array to Point.
+     * @param hex short/long ECDSA hex
+     */
+    static fromHex(e) {
+      const i = g.fromAffine(N(F("pointHex", e)));
+      return i.assertValidity(), i;
+    }
+    // Multiplies generator point by privateKey.
+    static fromPrivateKey(e) {
+      return g.BASE.multiply(k(e));
+    }
+    // Multiscalar Multiplication
+    static msm(e, i) {
+      return bt(g, b, e, i);
+    }
+    // "Private method", don't use it directly
+    _setWindowSize(e) {
+      j.setWindowSize(this, e);
+    }
+    // A point on curve is valid if it conforms to equation.
+    assertValidity() {
+      G(this);
+    }
+    hasEvenY() {
+      const { y: e } = this.toAffine();
+      if (t.isOdd)
+        return !t.isOdd(e);
+      throw new Error("Field doesn't support isOdd");
+    }
+    /**
+     * Compare one point to another.
+     */
+    equals(e) {
+      tt(e);
+      const { px: i, py: c, pz: d } = this, { px: y, py: v, pz: E } = e, a = t.eql(t.mul(i, E), t.mul(y, d)), p = t.eql(t.mul(c, E), t.mul(v, d));
+      return a && p;
+    }
+    /**
+     * Flips point to one corresponding to (x, -y) in Affine coordinates.
+     */
+    negate() {
+      return new g(this.px, t.neg(this.py), this.pz);
+    }
+    // Renes-Costello-Batina exception-free doubling formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 3
+    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
+    double() {
+      const { a: e, b: i } = r, c = t.mul(i, ct), { px: d, py: y, pz: v } = this;
+      let E = t.ZERO, a = t.ZERO, p = t.ZERO, l = t.mul(d, d), T = t.mul(y, y), o = t.mul(v, v), n = t.mul(d, y);
+      return n = t.add(n, n), p = t.mul(d, v), p = t.add(p, p), E = t.mul(e, p), a = t.mul(c, o), a = t.add(E, a), E = t.sub(T, a), a = t.add(T, a), a = t.mul(E, a), E = t.mul(n, E), p = t.mul(c, p), o = t.mul(e, o), n = t.sub(l, o), n = t.mul(e, n), n = t.add(n, p), p = t.add(l, l), l = t.add(p, l), l = t.add(l, o), l = t.mul(l, n), a = t.add(a, l), o = t.mul(y, v), o = t.add(o, o), l = t.mul(o, n), E = t.sub(E, l), p = t.mul(o, T), p = t.add(p, p), p = t.add(p, p), new g(E, a, p);
+    }
+    // Renes-Costello-Batina exception-free addition formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 1
+    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
+    add(e) {
+      tt(e);
+      const { px: i, py: c, pz: d } = this, { px: y, py: v, pz: E } = e;
+      let a = t.ZERO, p = t.ZERO, l = t.ZERO;
+      const T = r.a, o = t.mul(r.b, ct);
+      let n = t.mul(i, y), s = t.mul(c, v), h = t.mul(d, E), u = t.add(i, c), f = t.add(y, v);
+      u = t.mul(u, f), f = t.add(n, s), u = t.sub(u, f), f = t.add(i, d);
+      let B = t.add(y, E);
+      return f = t.mul(f, B), B = t.add(n, h), f = t.sub(f, B), B = t.add(c, d), a = t.add(v, E), B = t.mul(B, a), a = t.add(s, h), B = t.sub(B, a), l = t.mul(T, f), a = t.mul(o, h), l = t.add(a, l), a = t.sub(s, l), l = t.add(s, l), p = t.mul(a, l), s = t.add(n, n), s = t.add(s, n), h = t.mul(T, h), f = t.mul(o, f), s = t.add(s, h), h = t.sub(n, h), h = t.mul(T, h), f = t.add(f, h), n = t.mul(s, f), p = t.add(p, n), n = t.mul(B, f), a = t.mul(u, a), a = t.sub(a, n), n = t.mul(u, s), l = t.mul(B, l), l = t.add(l, n), new g(a, p, l);
+    }
+    subtract(e) {
+      return this.add(e.negate());
+    }
+    is0() {
+      return this.equals(g.ZERO);
+    }
+    wNAF(e) {
+      return j.wNAFCached(this, e, g.normalizeZ);
+    }
+    /**
+     * Non-constant-time multiplication. Uses double-and-add algorithm.
+     * It's faster, but should only be used when you don't care about
+     * an exposed private key e.g. sig verification, which works over *public* keys.
+     */
+    multiplyUnsafe(e) {
+      const { endo: i, n: c } = r;
+      W("scalar", e, U, c);
+      const d = g.ZERO;
+      if (e === U)
+        return d;
+      if (this.is0() || e === R)
+        return this;
+      if (!i || j.hasPrecomputes(this))
+        return j.wNAFCachedUnsafe(this, e, g.normalizeZ);
+      let { k1neg: y, k1: v, k2neg: E, k2: a } = i.splitScalar(e), p = d, l = d, T = this;
+      for (; v > U || a > U; )
+        v & R && (p = p.add(T)), a & R && (l = l.add(T)), T = T.double(), v >>= R, a >>= R;
+      return y && (p = p.negate()), E && (l = l.negate()), l = new g(t.mul(l.px, i.beta), l.py, l.pz), p.add(l);
+    }
+    /**
+     * Constant time multiplication.
+     * Uses wNAF method. Windowed method may be 10% faster,
+     * but takes 2x longer to generate and consumes 2x memory.
+     * Uses precomputes when available.
+     * Uses endomorphism for Koblitz curves.
+     * @param scalar by which the point would be multiplied
+     * @returns New point
+     */
+    multiply(e) {
+      const { endo: i, n: c } = r;
+      W("scalar", e, R, c);
+      let d, y;
+      if (i) {
+        const { k1neg: v, k1: E, k2neg: a, k2: p } = i.splitScalar(e);
+        let { p: l, f: T } = this.wNAF(E), { p: o, f: n } = this.wNAF(p);
+        l = j.constTimeNegate(v, l), o = j.constTimeNegate(a, o), o = new g(t.mul(o.px, i.beta), o.py, o.pz), d = l.add(o), y = T.add(n);
+      } else {
+        const { p: v, f: E } = this.wNAF(e);
+        d = v, y = E;
+      }
+      return g.normalizeZ([d, y])[0];
+    }
+    /**
+     * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.
+     * Not using Strauss-Shamir trick: precomputation tables are faster.
+     * The trick could be useful if both P and Q are not G (not in our case).
+     * @returns non-zero affine point
+     */
+    multiplyAndAddUnsafe(e, i, c) {
+      const d = g.BASE, y = (E, a) => a === U || a === R || !E.equals(d) ? E.multiplyUnsafe(a) : E.multiply(a), v = y(this, i).add(y(e, c));
+      return v.is0() ? void 0 : v;
+    }
+    // Converts Projective point to affine (x, y) coordinates.
+    // Can accept precomputed Z^-1 - for example, from invertBatch.
+    // (x, y, z) ∋ (x=x/z, y=y/z)
+    toAffine(e) {
+      return rt(this, e);
+    }
+    isTorsionFree() {
+      const { h: e, isTorsionFree: i } = r;
+      if (e === R)
+        return !0;
+      if (i)
+        return i(g, this);
+      throw new Error("isTorsionFree() has not been declared for the elliptic curve");
+    }
+    clearCofactor() {
+      const { h: e, clearCofactor: i } = r;
+      return e === R ? this : i ? i(g, this) : this.multiplyUnsafe(r.h);
+    }
+    toRawBytes(e = !0) {
+      return _("isCompressed", e), this.assertValidity(), S(g, this, e);
+    }
+    toHex(e = !0) {
+      return _("isCompressed", e), lt(this.toRawBytes(e));
+    }
+  }
+  g.BASE = new g(r.Gx, r.Gy, t.ONE), g.ZERO = new g(t.ZERO, t.ONE, t.ZERO);
+  const { endo: et, nBitLength: q } = r, j = vt(g, et ? Math.ceil(q / 2) : q);
+  return {
+    CURVE: r,
+    ProjectivePoint: g,
+    normPrivateKeyToScalar: k,
+    weierstrassEquation: A,
+    isWithinCurveOrder: O
   };
 }
-const _ = {
-  bigint: (t) => typeof t == "bigint",
-  function: (t) => typeof t == "function",
-  boolean: (t) => typeof t == "boolean",
-  string: (t) => typeof t == "string",
-  stringOrUint8Array: (t) => typeof t == "string" || b(t),
-  isSafeInteger: (t) => Number.isSafeInteger(t),
-  array: (t) => Array.isArray(t),
-  field: (t, n) => n.Fp.isValid(t),
-  hash: (t) => typeof t == "function" && Number.isSafeInteger(t.outputLen)
-};
-function P(t, n, e = {}) {
-  const r = (o, i, a) => {
-    const f = _[i];
-    if (typeof f != "function")
-      throw new Error("invalid validator function");
-    const c = t[o];
-    if (!(a && c === void 0) && !f(c, t))
-      throw new Error("param " + String(o) + " is invalid. Expected " + i + ", got " + c);
-  };
-  for (const [o, i] of Object.entries(n))
-    r(o, i, !1);
-  for (const [o, i] of Object.entries(e))
-    r(o, i, !0);
-  return t;
+function Ft(m) {
+  const r = mt(m);
+  return pt(r, {
+    hash: "hash",
+    hmac: "function",
+    randomBytes: "function"
+  }, {
+    bits2int: "function",
+    bits2int_modN: "function",
+    lowS: "boolean"
+  }), Object.freeze({ lowS: !0, ...r });
 }
-function W(t) {
-  const n = /* @__PURE__ */ new WeakMap();
-  return (e, ...r) => {
-    const o = n.get(e);
-    if (o !== void 0)
-      return o;
-    const i = t(e, ...r);
-    return n.set(e, i), i;
+function Ht(m) {
+  const r = Ft(m), { Fp: t, n: b, nByteLength: S, nBitLength: N } = r, A = t.BYTES + 1, V = 2 * t.BYTES + 1;
+  function x(o) {
+    return wt(o, b);
+  }
+  function L(o) {
+    return Ot(o, b);
+  }
+  const { ProjectivePoint: O, normPrivateKeyToScalar: k, weierstrassEquation: tt, isWithinCurveOrder: rt } = qt({
+    ...r,
+    toBytes(o, n, s) {
+      const h = n.toAffine(), u = t.toBytes(h.x), f = at;
+      return _("isCompressed", s), s ? f(Uint8Array.from([n.hasEvenY() ? 2 : 3]), u) : f(Uint8Array.from([4]), u, t.toBytes(h.y));
+    },
+    fromBytes(o) {
+      const n = o.length, s = o[0], h = o.subarray(1);
+      if (n === A && (s === 2 || s === 3)) {
+        const u = $(h);
+        if (!gt(u, R, t.ORDER))
+          throw new Error("Point is not on curve");
+        const f = tt(u);
+        let B;
+        try {
+          B = t.sqrt(f);
+        } catch (Y) {
+          const z = Y instanceof Error ? ": " + Y.message : "";
+          throw new Error("Point is not on curve" + z);
+        }
+        const Z = (B & R) === R;
+        return (s & 1) === 1 !== Z && (B = t.neg(B)), { x: u, y: B };
+      } else if (n === V && s === 4) {
+        const u = t.fromBytes(h.subarray(0, t.BYTES)), f = t.fromBytes(h.subarray(t.BYTES, 2 * t.BYTES));
+        return { x: u, y: f };
+      } else {
+        const u = A, f = V;
+        throw new Error("invalid Point, expected length of " + u + ", or uncompressed " + f + ", got " + n);
+      }
+    }
+  });
+  function G(o) {
+    const n = b >> R;
+    return o > n;
+  }
+  function g(o) {
+    return G(o) ? x(-o) : o;
+  }
+  const et = (o, n, s) => $(o.slice(n, s));
+  class q {
+    constructor(n, s, h) {
+      W("r", n, R, b), W("s", s, R, b), this.r = n, this.s = s, h != null && (this.recovery = h), Object.freeze(this);
+    }
+    // pair (bytes of r, bytes of s)
+    static fromCompact(n) {
+      const s = S;
+      return n = F("compactSignature", n, s * 2), new q(et(n, 0, s), et(n, s, 2 * s));
+    }
+    // DER encoded ECDSA signature
+    // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
+    static fromDER(n) {
+      const { r: s, s: h } = C.toSig(F("DER", n));
+      return new q(s, h);
+    }
+    /**
+     * @todo remove
+     * @deprecated
+     */
+    assertValidity() {
+    }
+    addRecoveryBit(n) {
+      return new q(this.r, this.s, n);
+    }
+    recoverPublicKey(n) {
+      const { r: s, s: h, recovery: u } = this, f = d(F("msgHash", n));
+      if (u == null || ![0, 1, 2, 3].includes(u))
+        throw new Error("recovery id invalid");
+      const B = u === 2 || u === 3 ? s + r.n : s;
+      if (B >= t.ORDER)
+        throw new Error("recovery id 2 or 3 invalid");
+      const Z = (u & 1) === 0 ? "02" : "03", H = O.fromHex(Z + st(B, t.BYTES)), Y = L(B), z = x(-f * Y), P = x(h * Y), I = O.BASE.multiplyAndAddUnsafe(H, z, P);
+      if (!I)
+        throw new Error("point at infinify");
+      return I.assertValidity(), I;
+    }
+    // Signatures should be low-s, to prevent malleability.
+    hasHighS() {
+      return G(this.s);
+    }
+    normalizeS() {
+      return this.hasHighS() ? new q(this.r, x(-this.s), this.recovery) : this;
+    }
+    // DER-encoded
+    toDERRawBytes() {
+      return dt(this.toDERHex());
+    }
+    toDERHex() {
+      return C.hexFromSig(this);
+    }
+    // padded bytes of r, then padded bytes of s
+    toCompactRawBytes() {
+      return dt(this.toCompactHex());
+    }
+    toCompactHex() {
+      const n = S;
+      return st(this.r, n) + st(this.s, n);
+    }
+  }
+  const j = {
+    isValidPrivateKey(o) {
+      try {
+        return k(o), !0;
+      } catch {
+        return !1;
+      }
+    },
+    normPrivateKeyToScalar: k,
+    /**
+     * Produces cryptographically secure private key from random of size
+     * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
+     */
+    randomPrivateKey: () => {
+      const o = xt(r.n);
+      return St(r.randomBytes(o), r.n);
+    },
+    /**
+     * Creates precompute table for an arbitrary EC point. Makes point "cached".
+     * Allows to massively speed-up `point.multiply(scalar)`.
+     * @returns cached point
+     * @example
+     * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));
+     * fast.multiply(privKey); // much faster ECDH now
+     */
+    precompute(o = 8, n = O.BASE) {
+      return n._setWindowSize(o), n.multiply(BigInt(3)), n;
+    }
+  };
+  function w(o, n = !0) {
+    return O.fromPrivateKey(o).toRawBytes(n);
+  }
+  function e(o) {
+    if (typeof o == "bigint")
+      return !1;
+    if (o instanceof O)
+      return !0;
+    const s = F("key", o).length, h = t.BYTES, u = h + 1, f = 2 * h + 1;
+    if (!(r.allowedPrivateKeyLengths || S === u))
+      return s === u || s === f;
+  }
+  function i(o, n, s = !0) {
+    if (e(o) === !0)
+      throw new Error("first arg must be private key");
+    if (e(n) === !1)
+      throw new Error("second arg must be public key");
+    return O.fromHex(n).multiply(k(o)).toRawBytes(s);
+  }
+  const c = r.bits2int || function(o) {
+    if (o.length > 8192)
+      throw new Error("input is too large");
+    const n = $(o), s = o.length * 8 - N;
+    return s > 0 ? n >> BigInt(s) : n;
+  }, d = r.bits2int_modN || function(o) {
+    return x(c(o));
+  }, y = At(N);
+  function v(o) {
+    return W("num < 2^" + N, o, U, y), Et(o, S);
+  }
+  function E(o, n, s = a) {
+    if (["recovered", "canonical"].some((D) => D in s))
+      throw new Error("sign() legacy options not supported");
+    const { hash: h, randomBytes: u } = r;
+    let { lowS: f, prehash: B, extraEntropy: Z } = s;
+    f == null && (f = !0), o = F("msgHash", o), ht(s), B && (o = F("prehashed msgHash", h(o)));
+    const H = d(o), Y = k(n), z = [v(Y), v(H)];
+    if (Z != null && Z !== !1) {
+      const D = Z === !0 ? u(t.BYTES) : Z;
+      z.push(F("extraEntropy", D));
+    }
+    const P = at(...z), I = H;
+    function ot(D) {
+      const X = c(D);
+      if (!rt(X))
+        return;
+      const it = L(X), Q = O.BASE.multiply(X).toAffine(), K = x(Q.x);
+      if (K === U)
+        return;
+      const J = x(it * x(I + K * Y));
+      if (J === U)
+        return;
+      let M = (Q.x === K ? 0 : 2) | Number(Q.y & R), ut = J;
+      return f && G(J) && (ut = g(J), M ^= 1), new q(K, ut, M);
+    }
+    return { seed: P, k2sig: ot };
+  }
+  const a = { lowS: r.lowS, prehash: !1 }, p = { lowS: r.lowS, prehash: !1 };
+  function l(o, n, s = a) {
+    const { seed: h, k2sig: u } = E(o, n, s), f = r;
+    return Tt(f.hash.outputLen, f.nByteLength, f.hmac)(h, u);
+  }
+  O.BASE._setWindowSize(8);
+  function T(o, n, s, h = p) {
+    const u = o;
+    n = F("msgHash", n), s = F("publicKey", s);
+    const { lowS: f, prehash: B, format: Z } = h;
+    if (ht(h), "strict" in h)
+      throw new Error("options.strict was renamed to lowS");
+    if (Z !== void 0 && Z !== "compact" && Z !== "der")
+      throw new Error("format must be compact or der");
+    const H = typeof u == "string" || yt(u), Y = !H && !Z && typeof u == "object" && u !== null && typeof u.r == "bigint" && typeof u.s == "bigint";
+    if (!H && !Y)
+      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
+    let z, P;
+    try {
+      if (Y && (z = new q(u.r, u.s)), H) {
+        try {
+          Z !== "compact" && (z = q.fromDER(u));
+        } catch (M) {
+          if (!(M instanceof C.Err))
+            throw M;
+        }
+        !z && Z !== "der" && (z = q.fromCompact(u));
+      }
+      P = O.fromHex(s);
+    } catch {
+      return !1;
+    }
+    if (!z || f && z.hasHighS())
+      return !1;
+    B && (n = r.hash(n));
+    const { r: I, s: ot } = z, D = d(n), X = L(ot), it = x(D * X), Q = x(I * X), K = O.BASE.multiplyAndAddUnsafe(P, it, Q)?.toAffine();
+    return K ? x(K.x) === I : !1;
+  }
+  return {
+    CURVE: r,
+    getPublicKey: w,
+    getSharedSecret: i,
+    sign: l,
+    verify: T,
+    ProjectivePoint: O,
+    Signature: q,
+    utils: j
   };
 }
 export {
-  R as aInRange,
-  k as abool,
-  h as abytes,
-  j as bitLen,
-  z as bitMask,
-  x as bytesToHex,
-  O as bytesToNumberBE,
-  V as bytesToNumberLE,
-  H as concatBytes,
-  D as createHmacDrbg,
-  M as ensureBytes,
-  B as hexToBytes,
-  E as hexToNumber,
-  I as inRange,
-  b as isBytes,
-  W as memoized,
-  T as numberToBytesBE,
-  C as numberToBytesLE,
-  F as numberToHexUnpadded,
-  P as validateObject
+  C as DER,
+  zt as DERErr,
+  Ht as weierstrass,
+  qt as weierstrassPoints
 };