@fastnear/api 0.9.9 → 0.9.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (11) hide show
  1. package/dist/cjs/index.cjs +2 -2
  2. package/dist/cjs/near.cjs +3 -3
  3. package/dist/cjs/near.cjs.map +1 -1
  4. package/dist/cjs/state.cjs +2 -2
  5. package/dist/esm/index.js +2 -2
  6. package/dist/esm/near.js +3 -3
  7. package/dist/esm/near.js.map +1 -1
  8. package/dist/esm/state.js +2 -2
  9. package/dist/umd/browser.global.js +1535 -1084
  10. package/dist/umd/browser.global.js.map +1 -1
  11. package/package.json +4 -4
package/dist/umd/browser.global.js CHANGED
@@ -1,5 +1,5 @@
1
- /* ⋈ 🏃🏻💨 FastNear API - IIFE/UMD (@fastnear/api version 0.9.8) */
2
- /* https://www.npmjs.com/package/@fastnear/api/v/0.9.8 */
1
+ /* ⋈ 🏃🏻💨 FastNear API - IIFE/UMD (@fastnear/api version 0.9.10) */
2
+ /* https://www.npmjs.com/package/@fastnear/api/v/0.9.10 */
3
3
  "use strict";
4
4
  var near = (() => {
5
5
  var __defProp = Object.defineProperty;
@@ -581,16 +581,29 @@ var near = (() => {
581
581
  txToJsonStringified: () => txToJsonStringified
582
582
  });
583
583
 
584
- // ../../node_modules/@noble/hashes/esm/_assert.js
584
+ // ../utils/node_modules/@noble/hashes/utils.js
585
585
  function isBytes(a) {
586
586
  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
587
587
  }
588
588
  __name(isBytes, "isBytes");
589
- function abytes(b, ...lengths) {
590
- if (!isBytes(b))
591
- throw new Error("Uint8Array expected");
592
- if (lengths.length > 0 && !lengths.includes(b.length))
593
- throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
589
+ function anumber(n, title = "") {
590
+ if (!Number.isSafeInteger(n) || n < 0) {
591
+ const prefix = title && `"${title}" `;
592
+ throw new Error(`${prefix}expected integer >= 0, got ${n}`);
593
+ }
594
+ }
595
+ __name(anumber, "anumber");
596
+ function abytes(value, length, title = "") {
597
+ const bytes = isBytes(value);
598
+ const len = value?.length;
599
+ const needsLen = length !== void 0;
600
+ if (!bytes || needsLen && len !== length) {
601
+ const prefix = title && `"${title}" `;
602
+ const ofLen = needsLen ? ` of length ${length}` : "";
603
+ const got = bytes ? `length=${len}` : `type=${typeof value}`;
604
+ throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
605
+ }
606
+ return value;
594
607
  }
595
608
  __name(abytes, "abytes");
596
609
  function aexists(instance, checkFinished = true) {
@@ -601,18 +614,19 @@ var near = (() => {
601
614
  }
602
615
  __name(aexists, "aexists");
603
616
  function aoutput(out, instance) {
604
- abytes(out);
617
+ abytes(out, void 0, "digestInto() output");
605
618
  const min = instance.outputLen;
606
619
  if (out.length < min) {
607
- throw new Error("digestInto() expects output buffer of length at least " + min);
620
+ throw new Error('"digestInto() output" expected to be of length >=' + min);
608
621
  }
609
622
  }
610
623
  __name(aoutput, "aoutput");
611
-
612
- // ../../node_modules/@noble/hashes/esm/crypto.js
613
- var crypto2 = typeof globalThis === "object" && "crypto" in globalThis ? globalThis.crypto : void 0;
614
-
615
- // ../../node_modules/@noble/hashes/esm/utils.js
624
+ function clean(...arrays) {
625
+ for (let i = 0; i < arrays.length; i++) {
626
+ arrays[i].fill(0);
627
+ }
628
+ }
629
+ __name(clean, "clean");
616
630
  function createView(arr) {
617
631
  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
618
632
  }
@@ -621,62 +635,93 @@ var near = (() => {
621
635
  return word << 32 - shift | word >>> shift;
622
636
  }
623
637
  __name(rotr, "rotr");
624
- function utf8ToBytes(str) {
625
- if (typeof str !== "string")
626
- throw new Error("utf8ToBytes expected string, got " + typeof str);
627
- return new Uint8Array(new TextEncoder().encode(str));
638
+ var hasHexBuiltin = /* @__PURE__ */ (() => (
639
+ // @ts-ignore
640
+ typeof Uint8Array.from([]).toHex === "function" && typeof Uint8Array.fromHex === "function"
641
+ ))();
642
+ var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
643
+ function bytesToHex(bytes) {
644
+ abytes(bytes);
645
+ if (hasHexBuiltin)
646
+ return bytes.toHex();
647
+ let hex = "";
648
+ for (let i = 0; i < bytes.length; i++) {
649
+ hex += hexes[bytes[i]];
650
+ }
651
+ return hex;
628
652
  }
629
- __name(utf8ToBytes, "utf8ToBytes");
630
- function toBytes(data) {
631
- if (typeof data === "string")
632
- data = utf8ToBytes(data);
633
- abytes(data);
634
- return data;
653
+ __name(bytesToHex, "bytesToHex");
654
+ var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
655
+ function asciiToBase16(ch) {
656
+ if (ch >= asciis._0 && ch <= asciis._9)
657
+ return ch - asciis._0;
658
+ if (ch >= asciis.A && ch <= asciis.F)
659
+ return ch - (asciis.A - 10);
660
+ if (ch >= asciis.a && ch <= asciis.f)
661
+ return ch - (asciis.a - 10);
662
+ return;
635
663
  }
636
- __name(toBytes, "toBytes");
637
- var Hash = class {
638
- static {
639
- __name(this, "Hash");
664
+ __name(asciiToBase16, "asciiToBase16");
665
+ function hexToBytes(hex) {
666
+ if (typeof hex !== "string")
667
+ throw new Error("hex string expected, got " + typeof hex);
668
+ if (hasHexBuiltin)
669
+ return Uint8Array.fromHex(hex);
670
+ const hl = hex.length;
671
+ const al = hl / 2;
672
+ if (hl % 2)
673
+ throw new Error("hex string expected, got unpadded hex of length " + hl);
674
+ const array = new Uint8Array(al);
675
+ for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
676
+ const n1 = asciiToBase16(hex.charCodeAt(hi));
677
+ const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
678
+ if (n1 === void 0 || n2 === void 0) {
679
+ const char = hex[hi] + hex[hi + 1];
680
+ throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
681
+ }
682
+ array[ai] = n1 * 16 + n2;
640
683
  }
641
- // Safe version that clones internal state
642
- clone() {
643
- return this._cloneInto();
684
+ return array;
685
+ }
686
+ __name(hexToBytes, "hexToBytes");
687
+ function concatBytes(...arrays) {
688
+ let sum = 0;
689
+ for (let i = 0; i < arrays.length; i++) {
690
+ const a = arrays[i];
691
+ abytes(a);
692
+ sum += a.length;
644
693
  }
645
- };
646
- function wrapConstructor(hashCons) {
647
- const hashC = /* @__PURE__ */ __name((msg) => hashCons().update(toBytes(msg)).digest(), "hashC");
648
- const tmp = hashCons();
694
+ const res = new Uint8Array(sum);
695
+ for (let i = 0, pad = 0; i < arrays.length; i++) {
696
+ const a = arrays[i];
697
+ res.set(a, pad);
698
+ pad += a.length;
699
+ }
700
+ return res;
701
+ }
702
+ __name(concatBytes, "concatBytes");
703
+ function createHasher(hashCons, info = {}) {
704
+ const hashC = /* @__PURE__ */ __name((msg, opts) => hashCons(opts).update(msg).digest(), "hashC");
705
+ const tmp = hashCons(void 0);
649
706
  hashC.outputLen = tmp.outputLen;
650
707
  hashC.blockLen = tmp.blockLen;
651
- hashC.create = () => hashCons();
652
- return hashC;
708
+ hashC.create = (opts) => hashCons(opts);
709
+ Object.assign(hashC, info);
710
+ return Object.freeze(hashC);
653
711
  }
654
- __name(wrapConstructor, "wrapConstructor");
712
+ __name(createHasher, "createHasher");
655
713
  function randomBytes(bytesLength = 32) {
656
- if (crypto2 && typeof crypto2.getRandomValues === "function") {
657
- return crypto2.getRandomValues(new Uint8Array(bytesLength));
658
- }
659
- if (crypto2 && typeof crypto2.randomBytes === "function") {
660
- return crypto2.randomBytes(bytesLength);
661
- }
662
- throw new Error("crypto.getRandomValues must be defined");
714
+ const cr = typeof globalThis === "object" ? globalThis.crypto : null;
715
+ if (typeof cr?.getRandomValues !== "function")
716
+ throw new Error("crypto.getRandomValues must be defined");
717
+ return cr.getRandomValues(new Uint8Array(bytesLength));
663
718
  }
664
719
  __name(randomBytes, "randomBytes");
720
+ var oidNist = /* @__PURE__ */ __name((suffix) => ({
721
+ oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, suffix])
722
+ }), "oidNist");
665
723
 
666
- // ../../node_modules/@noble/hashes/esm/_md.js
667
- function setBigUint64(view2, byteOffset, value, isLE) {
668
- if (typeof view2.setBigUint64 === "function")
669
- return view2.setBigUint64(byteOffset, value, isLE);
670
- const _32n2 = BigInt(32);
671
- const _u32_max = BigInt(4294967295);
672
- const wh = Number(value >> _32n2 & _u32_max);
673
- const wl = Number(value & _u32_max);
674
- const h = isLE ? 4 : 0;
675
- const l = isLE ? 0 : 4;
676
- view2.setUint32(byteOffset + h, wh, isLE);
677
- view2.setUint32(byteOffset + l, wl, isLE);
678
- }
679
- __name(setBigUint64, "setBigUint64");
724
+ // ../utils/node_modules/@noble/hashes/_md.js
680
725
  function Chi(a, b, c) {
681
726
  return a & b ^ ~a & c;
682
727
  }
@@ -685,27 +730,33 @@ var near = (() => {
685
730
  return a & b ^ a & c ^ b & c;
686
731
  }
687
732
  __name(Maj, "Maj");
688
- var HashMD = class extends Hash {
733
+ var HashMD = class {
689
734
  static {
690
735
  __name(this, "HashMD");
691
736
  }
737
+ blockLen;
738
+ outputLen;
739
+ padOffset;
740
+ isLE;
741
+ // For partial updates less than block size
742
+ buffer;
743
+ view;
744
+ finished = false;
745
+ length = 0;
746
+ pos = 0;
747
+ destroyed = false;
692
748
  constructor(blockLen, outputLen, padOffset, isLE) {
693
- super();
694
749
  this.blockLen = blockLen;
695
750
  this.outputLen = outputLen;
696
751
  this.padOffset = padOffset;
697
752
  this.isLE = isLE;
698
- this.finished = false;
699
- this.length = 0;
700
- this.pos = 0;
701
- this.destroyed = false;
702
753
  this.buffer = new Uint8Array(blockLen);
703
754
  this.view = createView(this.buffer);
704
755
  }
705
756
  update(data) {
706
757
  aexists(this);
758
+ abytes(data);
707
759
  const { view: view2, buffer, blockLen } = this;
708
- data = toBytes(data);
709
760
  const len = data.length;
710
761
  for (let pos = 0; pos < len; ) {
711
762
  const take = Math.min(blockLen - this.pos, len - pos);
@@ -734,19 +785,19 @@ var near = (() => {
734
785
  const { buffer, view: view2, blockLen, isLE } = this;
735
786
  let { pos } = this;
736
787
  buffer[pos++] = 128;
737
- this.buffer.subarray(pos).fill(0);
788
+ clean(this.buffer.subarray(pos));
738
789
  if (this.padOffset > blockLen - pos) {
739
790
  this.process(view2, 0);
740
791
  pos = 0;
741
792
  }
742
793
  for (let i = pos; i < blockLen; i++)
743
794
  buffer[i] = 0;
744
- setBigUint64(view2, blockLen - 8, BigInt(this.length * 8), isLE);
795
+ view2.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);
745
796
  this.process(view2, 0);
746
797
  const oview = createView(out);
747
798
  const len = this.outputLen;
748
799
  if (len % 4)
749
- throw new Error("_sha2: outputLen should be aligned to 32bit");
800
+ throw new Error("_sha2: outputLen must be aligned to 32bit");
750
801
  const outLen = len / 4;
751
802
  const state2 = this.get();
752
803
  if (outLen > state2.length)
@@ -762,20 +813,51 @@ var near = (() => {
762
813
  return res;
763
814
  }
764
815
  _cloneInto(to) {
765
- to || (to = new this.constructor());
816
+ to ||= new this.constructor();
766
817
  to.set(...this.get());
767
818
  const { blockLen, buffer, length, finished, destroyed, pos } = this;
819
+ to.destroyed = destroyed;
820
+ to.finished = finished;
768
821
  to.length = length;
769
822
  to.pos = pos;
770
- to.finished = finished;
771
- to.destroyed = destroyed;
772
823
  if (length % blockLen)
773
824
  to.buffer.set(buffer);
774
825
  return to;
775
826
  }
827
+ clone() {
828
+ return this._cloneInto();
829
+ }
776
830
  };
831
+ var SHA256_IV = /* @__PURE__ */ Uint32Array.from([
832
+ 1779033703,
833
+ 3144134277,
834
+ 1013904242,
835
+ 2773480762,
836
+ 1359893119,
837
+ 2600822924,
838
+ 528734635,
839
+ 1541459225
840
+ ]);
841
+ var SHA512_IV = /* @__PURE__ */ Uint32Array.from([
842
+ 1779033703,
843
+ 4089235720,
844
+ 3144134277,
845
+ 2227873595,
846
+ 1013904242,
847
+ 4271175723,
848
+ 2773480762,
849
+ 1595750129,
850
+ 1359893119,
851
+ 2917565137,
852
+ 2600822924,
853
+ 725511199,
854
+ 528734635,
855
+ 4215389547,
856
+ 1541459225,
857
+ 327033209
858
+ ]);
777
859
 
778
- // ../../node_modules/@noble/hashes/esm/_u64.js
860
+ // ../utils/node_modules/@noble/hashes/_u64.js
779
861
  var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
780
862
  var _32n = /* @__PURE__ */ BigInt(32);
781
863
  function fromBig(n, le = false) {
@@ -785,28 +867,22 @@ var near = (() => {
785
867
  }
786
868
  __name(fromBig, "fromBig");
787
869
  function split(lst, le = false) {
788
- let Ah = new Uint32Array(lst.length);
789
- let Al = new Uint32Array(lst.length);
790
- for (let i = 0; i < lst.length; i++) {
870
+ const len = lst.length;
871
+ let Ah = new Uint32Array(len);
872
+ let Al = new Uint32Array(len);
873
+ for (let i = 0; i < len; i++) {
791
874
  const { h, l } = fromBig(lst[i], le);
792
875
  [Ah[i], Al[i]] = [h, l];
793
876
  }
794
877
  return [Ah, Al];
795
878
  }
796
879
  __name(split, "split");
797
- var toBig = /* @__PURE__ */ __name((h, l) => BigInt(h >>> 0) << _32n | BigInt(l >>> 0), "toBig");
798
880
  var shrSH = /* @__PURE__ */ __name((h, _l, s) => h >>> s, "shrSH");
799
881
  var shrSL = /* @__PURE__ */ __name((h, l, s) => h << 32 - s | l >>> s, "shrSL");
800
882
  var rotrSH = /* @__PURE__ */ __name((h, l, s) => h >>> s | l << 32 - s, "rotrSH");
801
883
  var rotrSL = /* @__PURE__ */ __name((h, l, s) => h << 32 - s | l >>> s, "rotrSL");
802
884
  var rotrBH = /* @__PURE__ */ __name((h, l, s) => h << 64 - s | l >>> s - 32, "rotrBH");
803
885
  var rotrBL = /* @__PURE__ */ __name((h, l, s) => h >>> s - 32 | l << 64 - s, "rotrBL");
804
- var rotr32H = /* @__PURE__ */ __name((_h, l) => l, "rotr32H");
805
- var rotr32L = /* @__PURE__ */ __name((h, _l) => h, "rotr32L");
806
- var rotlSH = /* @__PURE__ */ __name((h, l, s) => h << s | l >>> 32 - s, "rotlSH");
807
- var rotlSL = /* @__PURE__ */ __name((h, l, s) => l << s | h >>> 32 - s, "rotlSL");
808
- var rotlBH = /* @__PURE__ */ __name((h, l, s) => l << s - 32 | h >>> 64 - s, "rotlBH");
809
- var rotlBL = /* @__PURE__ */ __name((h, l, s) => h << s - 32 | l >>> 64 - s, "rotlBL");
810
886
  function add(Ah, Al, Bh, Bl) {
811
887
  const l = (Al >>> 0) + (Bl >>> 0);
812
888
  return { h: Ah + Bh + (l / 2 ** 32 | 0) | 0, l: l | 0 };
@@ -818,34 +894,159 @@ var near = (() => {
818
894
  var add4H = /* @__PURE__ */ __name((low, Ah, Bh, Ch, Dh) => Ah + Bh + Ch + Dh + (low / 2 ** 32 | 0) | 0, "add4H");
819
895
  var add5L = /* @__PURE__ */ __name((Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0), "add5L");
820
896
  var add5H = /* @__PURE__ */ __name((low, Ah, Bh, Ch, Dh, Eh) => Ah + Bh + Ch + Dh + Eh + (low / 2 ** 32 | 0) | 0, "add5H");
821
- var u64 = {
822
- fromBig,
823
- split,
824
- toBig,
825
- shrSH,
826
- shrSL,
827
- rotrSH,
828
- rotrSL,
829
- rotrBH,
830
- rotrBL,
831
- rotr32H,
832
- rotr32L,
833
- rotlSH,
834
- rotlSL,
835
- rotlBH,
836
- rotlBL,
837
- add,
838
- add3L,
839
- add3H,
840
- add4L,
841
- add4H,
842
- add5H,
843
- add5L
844
- };
845
- var u64_default = u64;
846
897
 
847
- // ../../node_modules/@noble/hashes/esm/sha512.js
848
- var [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64_default.split([
898
+ // ../utils/node_modules/@noble/hashes/sha2.js
899
+ var SHA256_K = /* @__PURE__ */ Uint32Array.from([
900
+ 1116352408,
901
+ 1899447441,
902
+ 3049323471,
903
+ 3921009573,
904
+ 961987163,
905
+ 1508970993,
906
+ 2453635748,
907
+ 2870763221,
908
+ 3624381080,
909
+ 310598401,
910
+ 607225278,
911
+ 1426881987,
912
+ 1925078388,
913
+ 2162078206,
914
+ 2614888103,
915
+ 3248222580,
916
+ 3835390401,
917
+ 4022224774,
918
+ 264347078,
919
+ 604807628,
920
+ 770255983,
921
+ 1249150122,
922
+ 1555081692,
923
+ 1996064986,
924
+ 2554220882,
925
+ 2821834349,
926
+ 2952996808,
927
+ 3210313671,
928
+ 3336571891,
929
+ 3584528711,
930
+ 113926993,
931
+ 338241895,
932
+ 666307205,
933
+ 773529912,
934
+ 1294757372,
935
+ 1396182291,
936
+ 1695183700,
937
+ 1986661051,
938
+ 2177026350,
939
+ 2456956037,
940
+ 2730485921,
941
+ 2820302411,
942
+ 3259730800,
943
+ 3345764771,
944
+ 3516065817,
945
+ 3600352804,
946
+ 4094571909,
947
+ 275423344,
948
+ 430227734,
949
+ 506948616,
950
+ 659060556,
951
+ 883997877,
952
+ 958139571,
953
+ 1322822218,
954
+ 1537002063,
955
+ 1747873779,
956
+ 1955562222,
957
+ 2024104815,
958
+ 2227730452,
959
+ 2361852424,
960
+ 2428436474,
961
+ 2756734187,
962
+ 3204031479,
963
+ 3329325298
964
+ ]);
965
+ var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
966
+ var SHA2_32B = class extends HashMD {
967
+ static {
968
+ __name(this, "SHA2_32B");
969
+ }
970
+ constructor(outputLen) {
971
+ super(64, outputLen, 8, false);
972
+ }
973
+ get() {
974
+ const { A, B, C, D, E, F, G, H } = this;
975
+ return [A, B, C, D, E, F, G, H];
976
+ }
977
+ // prettier-ignore
978
+ set(A, B, C, D, E, F, G, H) {
979
+ this.A = A | 0;
980
+ this.B = B | 0;
981
+ this.C = C | 0;
982
+ this.D = D | 0;
983
+ this.E = E | 0;
984
+ this.F = F | 0;
985
+ this.G = G | 0;
986
+ this.H = H | 0;
987
+ }
988
+ process(view2, offset) {
989
+ for (let i = 0; i < 16; i++, offset += 4)
990
+ SHA256_W[i] = view2.getUint32(offset, false);
991
+ for (let i = 16; i < 64; i++) {
992
+ const W15 = SHA256_W[i - 15];
993
+ const W2 = SHA256_W[i - 2];
994
+ const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
995
+ const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
996
+ SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
997
+ }
998
+ let { A, B, C, D, E, F, G, H } = this;
999
+ for (let i = 0; i < 64; i++) {
1000
+ const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
1001
+ const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i] | 0;
1002
+ const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
1003
+ const T2 = sigma0 + Maj(A, B, C) | 0;
1004
+ H = G;
1005
+ G = F;
1006
+ F = E;
1007
+ E = D + T1 | 0;
1008
+ D = C;
1009
+ C = B;
1010
+ B = A;
1011
+ A = T1 + T2 | 0;
1012
+ }
1013
+ A = A + this.A | 0;
1014
+ B = B + this.B | 0;
1015
+ C = C + this.C | 0;
1016
+ D = D + this.D | 0;
1017
+ E = E + this.E | 0;
1018
+ F = F + this.F | 0;
1019
+ G = G + this.G | 0;
1020
+ H = H + this.H | 0;
1021
+ this.set(A, B, C, D, E, F, G, H);
1022
+ }
1023
+ roundClean() {
1024
+ clean(SHA256_W);
1025
+ }
1026
+ destroy() {
1027
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
1028
+ clean(this.buffer);
1029
+ }
1030
+ };
1031
+ var _SHA256 = class extends SHA2_32B {
1032
+ static {
1033
+ __name(this, "_SHA256");
1034
+ }
1035
+ // We cannot use array here since array allows indexing by variable
1036
+ // which means optimizer/compiler cannot use registers.
1037
+ A = SHA256_IV[0] | 0;
1038
+ B = SHA256_IV[1] | 0;
1039
+ C = SHA256_IV[2] | 0;
1040
+ D = SHA256_IV[3] | 0;
1041
+ E = SHA256_IV[4] | 0;
1042
+ F = SHA256_IV[5] | 0;
1043
+ G = SHA256_IV[6] | 0;
1044
+ H = SHA256_IV[7] | 0;
1045
+ constructor() {
1046
+ super(32);
1047
+ }
1048
+ };
1049
+ var K512 = /* @__PURE__ */ (() => split([
849
1050
  "0x428a2f98d728ae22",
850
1051
  "0x7137449123ef65cd",
851
1052
  "0xb5c0fbcfec4d3b2f",
@@ -927,30 +1128,16 @@ var near = (() => {
927
1128
  "0x5fcb6fab3ad6faec",
928
1129
  "0x6c44198c4a475817"
929
1130
  ].map((n) => BigInt(n))))();
1131
+ var SHA512_Kh = /* @__PURE__ */ (() => K512[0])();
1132
+ var SHA512_Kl = /* @__PURE__ */ (() => K512[1])();
930
1133
  var SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);
931
1134
  var SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
932
- var SHA512 = class extends HashMD {
1135
+ var SHA2_64B = class extends HashMD {
933
1136
  static {
934
- __name(this, "SHA512");
1137
+ __name(this, "SHA2_64B");
935
1138
  }
936
- constructor() {
937
- super(128, 64, 16, false);
938
- this.Ah = 1779033703 | 0;
939
- this.Al = 4089235720 | 0;
940
- this.Bh = 3144134277 | 0;
941
- this.Bl = 2227873595 | 0;
942
- this.Ch = 1013904242 | 0;
943
- this.Cl = 4271175723 | 0;
944
- this.Dh = 2773480762 | 0;
945
- this.Dl = 1595750129 | 0;
946
- this.Eh = 1359893119 | 0;
947
- this.El = 2917565137 | 0;
948
- this.Fh = 2600822924 | 0;
949
- this.Fl = 725511199 | 0;
950
- this.Gh = 528734635 | 0;
951
- this.Gl = 4215389547 | 0;
952
- this.Hh = 1541459225 | 0;
953
- this.Hl = 327033209 | 0;
1139
+ constructor(outputLen) {
1140
+ super(128, outputLen, 16, false);
954
1141
  }
955
1142
  // prettier-ignore
956
1143
  get() {
@@ -984,28 +1171,28 @@ var near = (() => {
984
1171
  for (let i = 16; i < 80; i++) {
985
1172
  const W15h = SHA512_W_H[i - 15] | 0;
986
1173
  const W15l = SHA512_W_L[i - 15] | 0;
987
- const s0h = u64_default.rotrSH(W15h, W15l, 1) ^ u64_default.rotrSH(W15h, W15l, 8) ^ u64_default.shrSH(W15h, W15l, 7);
988
- const s0l = u64_default.rotrSL(W15h, W15l, 1) ^ u64_default.rotrSL(W15h, W15l, 8) ^ u64_default.shrSL(W15h, W15l, 7);
1174
+ const s0h = rotrSH(W15h, W15l, 1) ^ rotrSH(W15h, W15l, 8) ^ shrSH(W15h, W15l, 7);
1175
+ const s0l = rotrSL(W15h, W15l, 1) ^ rotrSL(W15h, W15l, 8) ^ shrSL(W15h, W15l, 7);
989
1176
  const W2h = SHA512_W_H[i - 2] | 0;
990
1177
  const W2l = SHA512_W_L[i - 2] | 0;
991
- const s1h = u64_default.rotrSH(W2h, W2l, 19) ^ u64_default.rotrBH(W2h, W2l, 61) ^ u64_default.shrSH(W2h, W2l, 6);
992
- const s1l = u64_default.rotrSL(W2h, W2l, 19) ^ u64_default.rotrBL(W2h, W2l, 61) ^ u64_default.shrSL(W2h, W2l, 6);
993
- const SUMl = u64_default.add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
994
- const SUMh = u64_default.add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
1178
+ const s1h = rotrSH(W2h, W2l, 19) ^ rotrBH(W2h, W2l, 61) ^ shrSH(W2h, W2l, 6);
1179
+ const s1l = rotrSL(W2h, W2l, 19) ^ rotrBL(W2h, W2l, 61) ^ shrSL(W2h, W2l, 6);
1180
+ const SUMl = add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
1181
+ const SUMh = add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
995
1182
  SHA512_W_H[i] = SUMh | 0;
996
1183
  SHA512_W_L[i] = SUMl | 0;
997
1184
  }
998
1185
  let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
999
1186
  for (let i = 0; i < 80; i++) {
1000
- const sigma1h = u64_default.rotrSH(Eh, El, 14) ^ u64_default.rotrSH(Eh, El, 18) ^ u64_default.rotrBH(Eh, El, 41);
1001
- const sigma1l = u64_default.rotrSL(Eh, El, 14) ^ u64_default.rotrSL(Eh, El, 18) ^ u64_default.rotrBL(Eh, El, 41);
1187
+ const sigma1h = rotrSH(Eh, El, 14) ^ rotrSH(Eh, El, 18) ^ rotrBH(Eh, El, 41);
1188
+ const sigma1l = rotrSL(Eh, El, 14) ^ rotrSL(Eh, El, 18) ^ rotrBL(Eh, El, 41);
1002
1189
  const CHIh = Eh & Fh ^ ~Eh & Gh;
1003
1190
  const CHIl = El & Fl ^ ~El & Gl;
1004
- const T1ll = u64_default.add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
1005
- const T1h = u64_default.add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
1191
+ const T1ll = add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
1192
+ const T1h = add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
1006
1193
  const T1l = T1ll | 0;
1007
- const sigma0h = u64_default.rotrSH(Ah, Al, 28) ^ u64_default.rotrBH(Ah, Al, 34) ^ u64_default.rotrBH(Ah, Al, 39);
1008
- const sigma0l = u64_default.rotrSL(Ah, Al, 28) ^ u64_default.rotrBL(Ah, Al, 34) ^ u64_default.rotrBL(Ah, Al, 39);
1194
+ const sigma0h = rotrSH(Ah, Al, 28) ^ rotrBH(Ah, Al, 34) ^ rotrBH(Ah, Al, 39);
1195
+ const sigma0l = rotrSL(Ah, Al, 28) ^ rotrBL(Ah, Al, 34) ^ rotrBL(Ah, Al, 39);
1009
1196
  const MAJh = Ah & Bh ^ Ah & Ch ^ Bh & Ch;
1010
1197
  const MAJl = Al & Bl ^ Al & Cl ^ Bl & Cl;
1011
1198
  Hh = Gh | 0;
@@ -1014,155 +1201,119 @@ var near = (() => {
1014
1201
  Gl = Fl | 0;
1015
1202
  Fh = Eh | 0;
1016
1203
  Fl = El | 0;
1017
- ({ h: Eh, l: El } = u64_default.add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
1204
+ ({ h: Eh, l: El } = add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
1018
1205
  Dh = Ch | 0;
1019
1206
  Dl = Cl | 0;
1020
1207
  Ch = Bh | 0;
1021
1208
  Cl = Bl | 0;
1022
1209
  Bh = Ah | 0;
1023
1210
  Bl = Al | 0;
1024
- const All = u64_default.add3L(T1l, sigma0l, MAJl);
1025
- Ah = u64_default.add3H(All, T1h, sigma0h, MAJh);
1211
+ const All = add3L(T1l, sigma0l, MAJl);
1212
+ Ah = add3H(All, T1h, sigma0h, MAJh);
1026
1213
  Al = All | 0;
1027
1214
  }
1028
- ({ h: Ah, l: Al } = u64_default.add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
1029
- ({ h: Bh, l: Bl } = u64_default.add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
1030
- ({ h: Ch, l: Cl } = u64_default.add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
1031
- ({ h: Dh, l: Dl } = u64_default.add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
1032
- ({ h: Eh, l: El } = u64_default.add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
1033
- ({ h: Fh, l: Fl } = u64_default.add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
1034
- ({ h: Gh, l: Gl } = u64_default.add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
1035
- ({ h: Hh, l: Hl } = u64_default.add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
1215
+ ({ h: Ah, l: Al } = add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
1216
+ ({ h: Bh, l: Bl } = add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
1217
+ ({ h: Ch, l: Cl } = add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
1218
+ ({ h: Dh, l: Dl } = add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
1219
+ ({ h: Eh, l: El } = add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
1220
+ ({ h: Fh, l: Fl } = add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
1221
+ ({ h: Gh, l: Gl } = add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
1222
+ ({ h: Hh, l: Hl } = add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
1036
1223
  this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
1037
1224
  }
1038
1225
  roundClean() {
1039
- SHA512_W_H.fill(0);
1040
- SHA512_W_L.fill(0);
1226
+ clean(SHA512_W_H, SHA512_W_L);
1041
1227
  }
1042
1228
  destroy() {
1043
- this.buffer.fill(0);
1229
+ clean(this.buffer);
1044
1230
  this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
1045
1231
  }
1046
1232
  };
1047
- var sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());
1233
+ var _SHA512 = class extends SHA2_64B {
1234
+ static {
1235
+ __name(this, "_SHA512");
1236
+ }
1237
+ Ah = SHA512_IV[0] | 0;
1238
+ Al = SHA512_IV[1] | 0;
1239
+ Bh = SHA512_IV[2] | 0;
1240
+ Bl = SHA512_IV[3] | 0;
1241
+ Ch = SHA512_IV[4] | 0;
1242
+ Cl = SHA512_IV[5] | 0;
1243
+ Dh = SHA512_IV[6] | 0;
1244
+ Dl = SHA512_IV[7] | 0;
1245
+ Eh = SHA512_IV[8] | 0;
1246
+ El = SHA512_IV[9] | 0;
1247
+ Fh = SHA512_IV[10] | 0;
1248
+ Fl = SHA512_IV[11] | 0;
1249
+ Gh = SHA512_IV[12] | 0;
1250
+ Gl = SHA512_IV[13] | 0;
1251
+ Hh = SHA512_IV[14] | 0;
1252
+ Hl = SHA512_IV[15] | 0;
1253
+ constructor() {
1254
+ super(64);
1255
+ }
1256
+ };
1257
+ var sha256 = /* @__PURE__ */ createHasher(
1258
+ () => new _SHA256(),
1259
+ /* @__PURE__ */ oidNist(1)
1260
+ );
1261
+ var sha512 = /* @__PURE__ */ createHasher(
1262
+ () => new _SHA512(),
1263
+ /* @__PURE__ */ oidNist(3)
1264
+ );
1048
1265
 
1049
- // ../../node_modules/@noble/curves/esm/abstract/utils.js
1266
+ // ../utils/node_modules/@noble/curves/utils.js
1050
1267
  var _0n = /* @__PURE__ */ BigInt(0);
1051
1268
  var _1n = /* @__PURE__ */ BigInt(1);
1052
- var _2n = /* @__PURE__ */ BigInt(2);
1053
- function isBytes2(a) {
1054
- return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
1055
- }
1056
- __name(isBytes2, "isBytes");
1057
- function abytes2(item) {
1058
- if (!isBytes2(item))
1059
- throw new Error("Uint8Array expected");
1060
- }
1061
- __name(abytes2, "abytes");
1062
- function abool(title, value) {
1063
- if (typeof value !== "boolean")
1064
- throw new Error(title + " boolean expected, got " + value);
1269
+ function abool(value, title = "") {
1270
+ if (typeof value !== "boolean") {
1271
+ const prefix = title && `"${title}" `;
1272
+ throw new Error(prefix + "expected boolean, got type=" + typeof value);
1273
+ }
1274
+ return value;
1065
1275
  }
1066
1276
  __name(abool, "abool");
1067
- var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
1068
- function bytesToHex(bytes) {
1069
- abytes2(bytes);
1070
- let hex = "";
1071
- for (let i = 0; i < bytes.length; i++) {
1072
- hex += hexes[bytes[i]];
1073
- }
1074
- return hex;
1277
+ function abignumber(n) {
1278
+ if (typeof n === "bigint") {
1279
+ if (!isPosBig(n))
1280
+ throw new Error("positive bigint expected, got " + n);
1281
+ } else
1282
+ anumber(n);
1283
+ return n;
1075
1284
  }
1076
- __name(bytesToHex, "bytesToHex");
1285
+ __name(abignumber, "abignumber");
1077
1286
  function hexToNumber(hex) {
1078
1287
  if (typeof hex !== "string")
1079
1288
  throw new Error("hex string expected, got " + typeof hex);
1080
1289
  return hex === "" ? _0n : BigInt("0x" + hex);
1081
1290
  }
1082
1291
  __name(hexToNumber, "hexToNumber");
1083
- var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
1084
- function asciiToBase16(ch) {
1085
- if (ch >= asciis._0 && ch <= asciis._9)
1086
- return ch - asciis._0;
1087
- if (ch >= asciis.A && ch <= asciis.F)
1088
- return ch - (asciis.A - 10);
1089
- if (ch >= asciis.a && ch <= asciis.f)
1090
- return ch - (asciis.a - 10);
1091
- return;
1092
- }
1093
- __name(asciiToBase16, "asciiToBase16");
1094
- function hexToBytes(hex) {
1095
- if (typeof hex !== "string")
1096
- throw new Error("hex string expected, got " + typeof hex);
1097
- const hl = hex.length;
1098
- const al = hl / 2;
1099
- if (hl % 2)
1100
- throw new Error("hex string expected, got unpadded hex of length " + hl);
1101
- const array = new Uint8Array(al);
1102
- for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
1103
- const n1 = asciiToBase16(hex.charCodeAt(hi));
1104
- const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
1105
- if (n1 === void 0 || n2 === void 0) {
1106
- const char = hex[hi] + hex[hi + 1];
1107
- throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
1108
- }
1109
- array[ai] = n1 * 16 + n2;
1110
- }
1111
- return array;
1112
- }
1113
- __name(hexToBytes, "hexToBytes");
1114
- function bytesToNumberBE(bytes) {
1115
- return hexToNumber(bytesToHex(bytes));
1292
+ function bytesToNumberBE(bytes) {
1293
+ return hexToNumber(bytesToHex(bytes));
1116
1294
  }
1117
1295
  __name(bytesToNumberBE, "bytesToNumberBE");
1118
1296
  function bytesToNumberLE(bytes) {
1119
- abytes2(bytes);
1120
- return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
1297
+ return hexToNumber(bytesToHex(copyBytes(abytes(bytes)).reverse()));
1121
1298
  }
1122
1299
  __name(bytesToNumberLE, "bytesToNumberLE");
1123
1300
  function numberToBytesBE(n, len) {
1124
- return hexToBytes(n.toString(16).padStart(len * 2, "0"));
1301
+ anumber(len);
1302
+ n = abignumber(n);
1303
+ const res = hexToBytes(n.toString(16).padStart(len * 2, "0"));
1304
+ if (res.length !== len)
1305
+ throw new Error("number too large");
1306
+ return res;
1125
1307
  }
1126
1308
  __name(numberToBytesBE, "numberToBytesBE");
1127
1309
  function numberToBytesLE(n, len) {
1128
1310
  return numberToBytesBE(n, len).reverse();
1129
1311
  }
1130
1312
  __name(numberToBytesLE, "numberToBytesLE");
1131
- function ensureBytes(title, hex, expectedLength) {
1132
- let res;
1133
- if (typeof hex === "string") {
1134
- try {
1135
- res = hexToBytes(hex);
1136
- } catch (e) {
1137
- throw new Error(title + " must be hex string or Uint8Array, cause: " + e);
1138
- }
1139
- } else if (isBytes2(hex)) {
1140
- res = Uint8Array.from(hex);
1141
- } else {
1142
- throw new Error(title + " must be hex string or Uint8Array");
1143
- }
1144
- const len = res.length;
1145
- if (typeof expectedLength === "number" && len !== expectedLength)
1146
- throw new Error(title + " of length " + expectedLength + " expected, got " + len);
1147
- return res;
1148
- }
1149
- __name(ensureBytes, "ensureBytes");
1150
- function concatBytes(...arrays) {
1151
- let sum = 0;
1152
- for (let i = 0; i < arrays.length; i++) {
1153
- const a = arrays[i];
1154
- abytes2(a);
1155
- sum += a.length;
1156
- }
1157
- const res = new Uint8Array(sum);
1158
- for (let i = 0, pad = 0; i < arrays.length; i++) {
1159
- const a = arrays[i];
1160
- res.set(a, pad);
1161
- pad += a.length;
1162
- }
1163
- return res;
1313
+ function copyBytes(bytes) {
1314
+ return Uint8Array.from(bytes);
1164
1315
  }
1165
- __name(concatBytes, "concatBytes");
1316
+ __name(copyBytes, "copyBytes");
1166
1317
  var isPosBig = /* @__PURE__ */ __name((n) => typeof n === "bigint" && _0n <= n, "isPosBig");
1167
1318
  function inRange(n, min, max) {
1168
1319
  return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
@@ -1173,42 +1324,22 @@ var near = (() => {
1173
1324
  throw new Error("expected valid " + title + ": " + min + " <= n < " + max + ", got " + n);
1174
1325
  }
1175
1326
  __name(aInRange, "aInRange");
1176
- function bitLen(n) {
1177
- let len;
1178
- for (len = 0; n > _0n; n >>= _1n, len += 1)
1179
- ;
1180
- return len;
1181
- }
1182
- __name(bitLen, "bitLen");
1183
- var bitMask = /* @__PURE__ */ __name((n) => (_2n << BigInt(n - 1)) - _1n, "bitMask");
1184
- var validatorFns = {
1185
- bigint: /* @__PURE__ */ __name((val) => typeof val === "bigint", "bigint"),
1186
- function: /* @__PURE__ */ __name((val) => typeof val === "function", "function"),
1187
- boolean: /* @__PURE__ */ __name((val) => typeof val === "boolean", "boolean"),
1188
- string: /* @__PURE__ */ __name((val) => typeof val === "string", "string"),
1189
- stringOrUint8Array: /* @__PURE__ */ __name((val) => typeof val === "string" || isBytes2(val), "stringOrUint8Array"),
1190
- isSafeInteger: /* @__PURE__ */ __name((val) => Number.isSafeInteger(val), "isSafeInteger"),
1191
- array: /* @__PURE__ */ __name((val) => Array.isArray(val), "array"),
1192
- field: /* @__PURE__ */ __name((val, object) => object.Fp.isValid(val), "field"),
1193
- hash: /* @__PURE__ */ __name((val) => typeof val === "function" && Number.isSafeInteger(val.outputLen), "hash")
1194
- };
1195
- function validateObject(object, validators, optValidators = {}) {
1196
- const checkField = /* @__PURE__ */ __name((fieldName, type, isOptional) => {
1197
- const checkVal = validatorFns[type];
1198
- if (typeof checkVal !== "function")
1199
- throw new Error("invalid validator function");
1327
+ var bitMask = /* @__PURE__ */ __name((n) => (_1n << BigInt(n)) - _1n, "bitMask");
1328
+ function validateObject(object, fields = {}, optFields = {}) {
1329
+ if (!object || typeof object !== "object")
1330
+ throw new Error("expected valid options object");
1331
+ function checkField(fieldName, expectedType, isOpt) {
1200
1332
  const val = object[fieldName];
1201
- if (isOptional && val === void 0)
1333
+ if (isOpt && val === void 0)
1202
1334
  return;
1203
- if (!checkVal(val, object)) {
1204
- throw new Error("param " + String(fieldName) + " is invalid. Expected " + type + ", got " + val);
1205
- }
1206
- }, "checkField");
1207
- for (const [fieldName, type] of Object.entries(validators))
1208
- checkField(fieldName, type, false);
1209
- for (const [fieldName, type] of Object.entries(optValidators))
1210
- checkField(fieldName, type, true);
1211
- return object;
1335
+ const current = typeof val;
1336
+ if (current !== expectedType || val === null)
1337
+ throw new Error(`param "${fieldName}" is invalid: expected ${expectedType}, got ${current}`);
1338
+ }
1339
+ __name(checkField, "checkField");
1340
+ const iter = /* @__PURE__ */ __name((f, isOpt) => Object.entries(f).forEach(([k, v]) => checkField(k, v, isOpt)), "iter");
1341
+ iter(fields, false);
1342
+ iter(optFields, true);
1212
1343
  }
1213
1344
  __name(validateObject, "validateObject");
1214
1345
  function memoized(fn) {
@@ -1224,13 +1355,14 @@ var near = (() => {
1224
1355
  }
1225
1356
  __name(memoized, "memoized");
1226
1357
 
1227
- // ../../node_modules/@noble/curves/esm/abstract/modular.js
1228
- var _0n2 = BigInt(0);
1229
- var _1n2 = BigInt(1);
1230
- var _2n2 = /* @__PURE__ */ BigInt(2);
1358
+ // ../utils/node_modules/@noble/curves/abstract/modular.js
1359
+ var _0n2 = /* @__PURE__ */ BigInt(0);
1360
+ var _1n2 = /* @__PURE__ */ BigInt(1);
1361
+ var _2n = /* @__PURE__ */ BigInt(2);
1231
1362
  var _3n = /* @__PURE__ */ BigInt(3);
1232
1363
  var _4n = /* @__PURE__ */ BigInt(4);
1233
1364
  var _5n = /* @__PURE__ */ BigInt(5);
1365
+ var _7n = /* @__PURE__ */ BigInt(7);
1234
1366
  var _8n = /* @__PURE__ */ BigInt(8);
1235
1367
  var _9n = /* @__PURE__ */ BigInt(9);
1236
1368
  var _16n = /* @__PURE__ */ BigInt(16);
@@ -1239,23 +1371,6 @@ var near = (() => {
1239
1371
  return result >= _0n2 ? result : b + result;
1240
1372
  }
1241
1373
  __name(mod, "mod");
1242
- function pow(num, power, modulo) {
1243
- if (power < _0n2)
1244
- throw new Error("invalid exponent, negatives unsupported");
1245
- if (modulo <= _0n2)
1246
- throw new Error("invalid modulus");
1247
- if (modulo === _1n2)
1248
- return _0n2;
1249
- let res = _1n2;
1250
- while (power > _0n2) {
1251
- if (power & _1n2)
1252
- res = res * num % modulo;
1253
- num = num * num % modulo;
1254
- power >>= _1n2;
1255
- }
1256
- return res;
1257
- }
1258
- __name(pow, "pow");
1259
1374
  function pow2(x, power, modulo) {
1260
1375
  let res = x;
1261
1376
  while (power-- > _0n2) {
@@ -1286,76 +1401,109 @@ var near = (() => {
1286
1401
  return mod(x, modulo);
1287
1402
  }
1288
1403
  __name(invert, "invert");
1404
+ function assertIsSquare(Fp, root, n) {
1405
+ if (!Fp.eql(Fp.sqr(root), n))
1406
+ throw new Error("Cannot find square root");
1407
+ }
1408
+ __name(assertIsSquare, "assertIsSquare");
1409
+ function sqrt3mod4(Fp, n) {
1410
+ const p1div4 = (Fp.ORDER + _1n2) / _4n;
1411
+ const root = Fp.pow(n, p1div4);
1412
+ assertIsSquare(Fp, root, n);
1413
+ return root;
1414
+ }
1415
+ __name(sqrt3mod4, "sqrt3mod4");
1416
+ function sqrt5mod8(Fp, n) {
1417
+ const p5div8 = (Fp.ORDER - _5n) / _8n;
1418
+ const n2 = Fp.mul(n, _2n);
1419
+ const v = Fp.pow(n2, p5div8);
1420
+ const nv = Fp.mul(n, v);
1421
+ const i = Fp.mul(Fp.mul(nv, _2n), v);
1422
+ const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
1423
+ assertIsSquare(Fp, root, n);
1424
+ return root;
1425
+ }
1426
+ __name(sqrt5mod8, "sqrt5mod8");
1427
+ function sqrt9mod16(P2) {
1428
+ const Fp_ = Field(P2);
1429
+ const tn = tonelliShanks(P2);
1430
+ const c1 = tn(Fp_, Fp_.neg(Fp_.ONE));
1431
+ const c2 = tn(Fp_, c1);
1432
+ const c3 = tn(Fp_, Fp_.neg(c1));
1433
+ const c4 = (P2 + _7n) / _16n;
1434
+ return (Fp, n) => {
1435
+ let tv1 = Fp.pow(n, c4);
1436
+ let tv2 = Fp.mul(tv1, c1);
1437
+ const tv3 = Fp.mul(tv1, c2);
1438
+ const tv4 = Fp.mul(tv1, c3);
1439
+ const e1 = Fp.eql(Fp.sqr(tv2), n);
1440
+ const e2 = Fp.eql(Fp.sqr(tv3), n);
1441
+ tv1 = Fp.cmov(tv1, tv2, e1);
1442
+ tv2 = Fp.cmov(tv4, tv3, e2);
1443
+ const e3 = Fp.eql(Fp.sqr(tv2), n);
1444
+ const root = Fp.cmov(tv1, tv2, e3);
1445
+ assertIsSquare(Fp, root, n);
1446
+ return root;
1447
+ };
1448
+ }
1449
+ __name(sqrt9mod16, "sqrt9mod16");
1289
1450
  function tonelliShanks(P2) {
1290
- const legendreC = (P2 - _1n2) / _2n2;
1291
- let Q, S, Z;
1292
- for (Q = P2 - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
1293
- ;
1294
- for (Z = _2n2; Z < P2 && pow(Z, legendreC, P2) !== P2 - _1n2; Z++) {
1295
- if (Z > 1e3)
1296
- throw new Error("Cannot find square root: likely non-prime P");
1297
- }
1298
- if (S === 1) {
1299
- const p1div4 = (P2 + _1n2) / _4n;
1300
- return /* @__PURE__ */ __name(function tonelliFast(Fp2, n) {
1301
- const root = Fp2.pow(n, p1div4);
1302
- if (!Fp2.eql(Fp2.sqr(root), n))
1303
- throw new Error("Cannot find square root");
1304
- return root;
1305
- }, "tonelliFast");
1306
- }
1307
- const Q1div2 = (Q + _1n2) / _2n2;
1308
- return /* @__PURE__ */ __name(function tonelliSlow(Fp2, n) {
1309
- if (Fp2.pow(n, legendreC) === Fp2.neg(Fp2.ONE))
1451
+ if (P2 < _3n)
1452
+ throw new Error("sqrt is not defined for small field");
1453
+ let Q = P2 - _1n2;
1454
+ let S = 0;
1455
+ while (Q % _2n === _0n2) {
1456
+ Q /= _2n;
1457
+ S++;
1458
+ }
1459
+ let Z = _2n;
1460
+ const _Fp = Field(P2);
1461
+ while (FpLegendre(_Fp, Z) === 1) {
1462
+ if (Z++ > 1e3)
1463
+ throw new Error("Cannot find square root: probably non-prime P");
1464
+ }
1465
+ if (S === 1)
1466
+ return sqrt3mod4;
1467
+ let cc = _Fp.pow(Z, Q);
1468
+ const Q1div2 = (Q + _1n2) / _2n;
1469
+ return /* @__PURE__ */ __name(function tonelliSlow(Fp, n) {
1470
+ if (Fp.is0(n))
1471
+ return n;
1472
+ if (FpLegendre(Fp, n) !== 1)
1310
1473
  throw new Error("Cannot find square root");
1311
- let r = S;
1312
- let g = Fp2.pow(Fp2.mul(Fp2.ONE, Z), Q);
1313
- let x = Fp2.pow(n, Q1div2);
1314
- let b = Fp2.pow(n, Q);
1315
- while (!Fp2.eql(b, Fp2.ONE)) {
1316
- if (Fp2.eql(b, Fp2.ZERO))
1317
- return Fp2.ZERO;
1318
- let m = 1;
1319
- for (let t2 = Fp2.sqr(b); m < r; m++) {
1320
- if (Fp2.eql(t2, Fp2.ONE))
1321
- break;
1322
- t2 = Fp2.sqr(t2);
1474
+ let M = S;
1475
+ let c = Fp.mul(Fp.ONE, cc);
1476
+ let t = Fp.pow(n, Q);
1477
+ let R = Fp.pow(n, Q1div2);
1478
+ while (!Fp.eql(t, Fp.ONE)) {
1479
+ if (Fp.is0(t))
1480
+ return Fp.ZERO;
1481
+ let i = 1;
1482
+ let t_tmp = Fp.sqr(t);
1483
+ while (!Fp.eql(t_tmp, Fp.ONE)) {
1484
+ i++;
1485
+ t_tmp = Fp.sqr(t_tmp);
1486
+ if (i === M)
1487
+ throw new Error("Cannot find square root");
1323
1488
  }
1324
- const ge = Fp2.pow(g, _1n2 << BigInt(r - m - 1));
1325
- g = Fp2.sqr(ge);
1326
- x = Fp2.mul(x, ge);
1327
- b = Fp2.mul(b, g);
1328
- r = m;
1489
+ const exponent = _1n2 << BigInt(M - i - 1);
1490
+ const b = Fp.pow(c, exponent);
1491
+ M = i;
1492
+ c = Fp.sqr(b);
1493
+ t = Fp.mul(t, c);
1494
+ R = Fp.mul(R, b);
1329
1495
  }
1330
- return x;
1496
+ return R;
1331
1497
  }, "tonelliSlow");
1332
1498
  }
1333
1499
  __name(tonelliShanks, "tonelliShanks");
1334
1500
  function FpSqrt(P2) {
1335
- if (P2 % _4n === _3n) {
1336
- const p1div4 = (P2 + _1n2) / _4n;
1337
- return /* @__PURE__ */ __name(function sqrt3mod4(Fp2, n) {
1338
- const root = Fp2.pow(n, p1div4);
1339
- if (!Fp2.eql(Fp2.sqr(root), n))
1340
- throw new Error("Cannot find square root");
1341
- return root;
1342
- }, "sqrt3mod4");
1343
- }
1344
- if (P2 % _8n === _5n) {
1345
- const c1 = (P2 - _5n) / _8n;
1346
- return /* @__PURE__ */ __name(function sqrt5mod8(Fp2, n) {
1347
- const n2 = Fp2.mul(n, _2n2);
1348
- const v = Fp2.pow(n2, c1);
1349
- const nv = Fp2.mul(n, v);
1350
- const i = Fp2.mul(Fp2.mul(nv, _2n2), v);
1351
- const root = Fp2.mul(nv, Fp2.sub(i, Fp2.ONE));
1352
- if (!Fp2.eql(Fp2.sqr(root), n))
1353
- throw new Error("Cannot find square root");
1354
- return root;
1355
- }, "sqrt5mod8");
1356
- }
1357
- if (P2 % _16n === _9n) {
1358
- }
1501
+ if (P2 % _4n === _3n)
1502
+ return sqrt3mod4;
1503
+ if (P2 % _8n === _5n)
1504
+ return sqrt5mod8;
1505
+ if (P2 % _16n === _9n)
1506
+ return sqrt9mod16(P2);
1359
1507
  return tonelliShanks(P2);
1360
1508
  }
1361
1509
  __name(FpSqrt, "FpSqrt");
@@ -1382,422 +1530,506 @@ var near = (() => {
1382
1530
  function validateField(field) {
1383
1531
  const initial = {
1384
1532
  ORDER: "bigint",
1385
- MASK: "bigint",
1386
- BYTES: "isSafeInteger",
1387
- BITS: "isSafeInteger"
1533
+ BYTES: "number",
1534
+ BITS: "number"
1388
1535
  };
1389
1536
  const opts = FIELD_FIELDS.reduce((map, val) => {
1390
1537
  map[val] = "function";
1391
1538
  return map;
1392
1539
  }, initial);
1393
- return validateObject(field, opts);
1540
+ validateObject(field, opts);
1541
+ return field;
1394
1542
  }
1395
1543
  __name(validateField, "validateField");
1396
- function FpPow(f, num, power) {
1544
+ function FpPow(Fp, num, power) {
1397
1545
  if (power < _0n2)
1398
1546
  throw new Error("invalid exponent, negatives unsupported");
1399
1547
  if (power === _0n2)
1400
- return f.ONE;
1548
+ return Fp.ONE;
1401
1549
  if (power === _1n2)
1402
1550
  return num;
1403
- let p = f.ONE;
1551
+ let p = Fp.ONE;
1404
1552
  let d = num;
1405
1553
  while (power > _0n2) {
1406
1554
  if (power & _1n2)
1407
- p = f.mul(p, d);
1408
- d = f.sqr(d);
1555
+ p = Fp.mul(p, d);
1556
+ d = Fp.sqr(d);
1409
1557
  power >>= _1n2;
1410
1558
  }
1411
1559
  return p;
1412
1560
  }
1413
1561
  __name(FpPow, "FpPow");
1414
- function FpInvertBatch(f, nums) {
1415
- const tmp = new Array(nums.length);
1416
- const lastMultiplied = nums.reduce((acc, num, i) => {
1417
- if (f.is0(num))
1562
+ function FpInvertBatch(Fp, nums, passZero = false) {
1563
+ const inverted = new Array(nums.length).fill(passZero ? Fp.ZERO : void 0);
1564
+ const multipliedAcc = nums.reduce((acc, num, i) => {
1565
+ if (Fp.is0(num))
1418
1566
  return acc;
1419
- tmp[i] = acc;
1420
- return f.mul(acc, num);
1421
- }, f.ONE);
1422
- const inverted = f.inv(lastMultiplied);
1567
+ inverted[i] = acc;
1568
+ return Fp.mul(acc, num);
1569
+ }, Fp.ONE);
1570
+ const invertedAcc = Fp.inv(multipliedAcc);
1423
1571
  nums.reduceRight((acc, num, i) => {
1424
- if (f.is0(num))
1572
+ if (Fp.is0(num))
1425
1573
  return acc;
1426
- tmp[i] = f.mul(acc, tmp[i]);
1427
- return f.mul(acc, num);
1428
- }, inverted);
1429
- return tmp;
1574
+ inverted[i] = Fp.mul(acc, inverted[i]);
1575
+ return Fp.mul(acc, num);
1576
+ }, invertedAcc);
1577
+ return inverted;
1430
1578
  }
1431
1579
  __name(FpInvertBatch, "FpInvertBatch");
1580
+ function FpLegendre(Fp, n) {
1581
+ const p1mod2 = (Fp.ORDER - _1n2) / _2n;
1582
+ const powered = Fp.pow(n, p1mod2);
1583
+ const yes = Fp.eql(powered, Fp.ONE);
1584
+ const zero = Fp.eql(powered, Fp.ZERO);
1585
+ const no = Fp.eql(powered, Fp.neg(Fp.ONE));
1586
+ if (!yes && !zero && !no)
1587
+ throw new Error("invalid Legendre symbol result");
1588
+ return yes ? 1 : zero ? 0 : -1;
1589
+ }
1590
+ __name(FpLegendre, "FpLegendre");
1432
1591
  function nLength(n, nBitLength) {
1592
+ if (nBitLength !== void 0)
1593
+ anumber(nBitLength);
1433
1594
  const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
1434
1595
  const nByteLength = Math.ceil(_nBitLength / 8);
1435
1596
  return { nBitLength: _nBitLength, nByteLength };
1436
1597
  }
1437
1598
  __name(nLength, "nLength");
1438
- function Field(ORDER, bitLen2, isLE = false, redef = {}) {
1439
- if (ORDER <= _0n2)
1440
- throw new Error("invalid field: expected ORDER > 0, got " + ORDER);
1441
- const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
1442
- if (BYTES > 2048)
1443
- throw new Error("invalid field: expected ORDER of <= 2048 bytes");
1444
- let sqrtP;
1445
- const f = Object.freeze({
1446
- ORDER,
1447
- isLE,
1448
- BITS,
1449
- BYTES,
1450
- MASK: bitMask(BITS),
1451
- ZERO: _0n2,
1452
- ONE: _1n2,
1453
- create: /* @__PURE__ */ __name((num) => mod(num, ORDER), "create"),
1454
- isValid: /* @__PURE__ */ __name((num) => {
1455
- if (typeof num !== "bigint")
1456
- throw new Error("invalid field element: expected bigint, got " + typeof num);
1457
- return _0n2 <= num && num < ORDER;
1458
- }, "isValid"),
1459
- is0: /* @__PURE__ */ __name((num) => num === _0n2, "is0"),
1460
- isOdd: /* @__PURE__ */ __name((num) => (num & _1n2) === _1n2, "isOdd"),
1461
- neg: /* @__PURE__ */ __name((num) => mod(-num, ORDER), "neg"),
1462
- eql: /* @__PURE__ */ __name((lhs, rhs) => lhs === rhs, "eql"),
1463
- sqr: /* @__PURE__ */ __name((num) => mod(num * num, ORDER), "sqr"),
1464
- add: /* @__PURE__ */ __name((lhs, rhs) => mod(lhs + rhs, ORDER), "add"),
1465
- sub: /* @__PURE__ */ __name((lhs, rhs) => mod(lhs - rhs, ORDER), "sub"),
1466
- mul: /* @__PURE__ */ __name((lhs, rhs) => mod(lhs * rhs, ORDER), "mul"),
1467
- pow: /* @__PURE__ */ __name((num, power) => FpPow(f, num, power), "pow"),
1468
- div: /* @__PURE__ */ __name((lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER), "div"),
1469
- // Same as above, but doesn't normalize
1470
- sqrN: /* @__PURE__ */ __name((num) => num * num, "sqrN"),
1471
- addN: /* @__PURE__ */ __name((lhs, rhs) => lhs + rhs, "addN"),
1472
- subN: /* @__PURE__ */ __name((lhs, rhs) => lhs - rhs, "subN"),
1473
- mulN: /* @__PURE__ */ __name((lhs, rhs) => lhs * rhs, "mulN"),
1474
- inv: /* @__PURE__ */ __name((num) => invert(num, ORDER), "inv"),
1475
- sqrt: redef.sqrt || ((n) => {
1476
- if (!sqrtP)
1477
- sqrtP = FpSqrt(ORDER);
1478
- return sqrtP(f, n);
1479
- }),
1480
- invertBatch: /* @__PURE__ */ __name((lst) => FpInvertBatch(f, lst), "invertBatch"),
1481
- // TODO: do we really need constant cmov?
1482
- // We don't have const-time bigints anyway, so probably will be not very useful
1483
- cmov: /* @__PURE__ */ __name((a, b, c) => c ? b : a, "cmov"),
1484
- toBytes: /* @__PURE__ */ __name((num) => isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES), "toBytes"),
1485
- fromBytes: /* @__PURE__ */ __name((bytes) => {
1486
- if (bytes.length !== BYTES)
1487
- throw new Error("Field.fromBytes: expected " + BYTES + " bytes, got " + bytes.length);
1488
- return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
1489
- }, "fromBytes")
1490
- });
1491
- return Object.freeze(f);
1599
+ var _Field = class {
1600
+ static {
1601
+ __name(this, "_Field");
1602
+ }
1603
+ ORDER;
1604
+ BITS;
1605
+ BYTES;
1606
+ isLE;
1607
+ ZERO = _0n2;
1608
+ ONE = _1n2;
1609
+ _lengths;
1610
+ _sqrt;
1611
+ // cached sqrt
1612
+ _mod;
1613
+ constructor(ORDER, opts = {}) {
1614
+ if (ORDER <= _0n2)
1615
+ throw new Error("invalid field: expected ORDER > 0, got " + ORDER);
1616
+ let _nbitLength = void 0;
1617
+ this.isLE = false;
1618
+ if (opts != null && typeof opts === "object") {
1619
+ if (typeof opts.BITS === "number")
1620
+ _nbitLength = opts.BITS;
1621
+ if (typeof opts.sqrt === "function")
1622
+ this.sqrt = opts.sqrt;
1623
+ if (typeof opts.isLE === "boolean")
1624
+ this.isLE = opts.isLE;
1625
+ if (opts.allowedLengths)
1626
+ this._lengths = opts.allowedLengths?.slice();
1627
+ if (typeof opts.modFromBytes === "boolean")
1628
+ this._mod = opts.modFromBytes;
1629
+ }
1630
+ const { nBitLength, nByteLength } = nLength(ORDER, _nbitLength);
1631
+ if (nByteLength > 2048)
1632
+ throw new Error("invalid field: expected ORDER of <= 2048 bytes");
1633
+ this.ORDER = ORDER;
1634
+ this.BITS = nBitLength;
1635
+ this.BYTES = nByteLength;
1636
+ this._sqrt = void 0;
1637
+ Object.preventExtensions(this);
1638
+ }
1639
+ create(num) {
1640
+ return mod(num, this.ORDER);
1641
+ }
1642
+ isValid(num) {
1643
+ if (typeof num !== "bigint")
1644
+ throw new Error("invalid field element: expected bigint, got " + typeof num);
1645
+ return _0n2 <= num && num < this.ORDER;
1646
+ }
1647
+ is0(num) {
1648
+ return num === _0n2;
1649
+ }
1650
+ // is valid and invertible
1651
+ isValidNot0(num) {
1652
+ return !this.is0(num) && this.isValid(num);
1653
+ }
1654
+ isOdd(num) {
1655
+ return (num & _1n2) === _1n2;
1656
+ }
1657
+ neg(num) {
1658
+ return mod(-num, this.ORDER);
1659
+ }
1660
+ eql(lhs, rhs) {
1661
+ return lhs === rhs;
1662
+ }
1663
+ sqr(num) {
1664
+ return mod(num * num, this.ORDER);
1665
+ }
1666
+ add(lhs, rhs) {
1667
+ return mod(lhs + rhs, this.ORDER);
1668
+ }
1669
+ sub(lhs, rhs) {
1670
+ return mod(lhs - rhs, this.ORDER);
1671
+ }
1672
+ mul(lhs, rhs) {
1673
+ return mod(lhs * rhs, this.ORDER);
1674
+ }
1675
+ pow(num, power) {
1676
+ return FpPow(this, num, power);
1677
+ }
1678
+ div(lhs, rhs) {
1679
+ return mod(lhs * invert(rhs, this.ORDER), this.ORDER);
1680
+ }
1681
+ // Same as above, but doesn't normalize
1682
+ sqrN(num) {
1683
+ return num * num;
1684
+ }
1685
+ addN(lhs, rhs) {
1686
+ return lhs + rhs;
1687
+ }
1688
+ subN(lhs, rhs) {
1689
+ return lhs - rhs;
1690
+ }
1691
+ mulN(lhs, rhs) {
1692
+ return lhs * rhs;
1693
+ }
1694
+ inv(num) {
1695
+ return invert(num, this.ORDER);
1696
+ }
1697
+ sqrt(num) {
1698
+ if (!this._sqrt)
1699
+ this._sqrt = FpSqrt(this.ORDER);
1700
+ return this._sqrt(this, num);
1701
+ }
1702
+ toBytes(num) {
1703
+ return this.isLE ? numberToBytesLE(num, this.BYTES) : numberToBytesBE(num, this.BYTES);
1704
+ }
1705
+ fromBytes(bytes, skipValidation = false) {
1706
+ abytes(bytes);
1707
+ const { _lengths: allowedLengths, BYTES, isLE, ORDER, _mod: modFromBytes } = this;
1708
+ if (allowedLengths) {
1709
+ if (!allowedLengths.includes(bytes.length) || bytes.length > BYTES) {
1710
+ throw new Error("Field.fromBytes: expected " + allowedLengths + " bytes, got " + bytes.length);
1711
+ }
1712
+ const padded = new Uint8Array(BYTES);
1713
+ padded.set(bytes, isLE ? 0 : padded.length - bytes.length);
1714
+ bytes = padded;
1715
+ }
1716
+ if (bytes.length !== BYTES)
1717
+ throw new Error("Field.fromBytes: expected " + BYTES + " bytes, got " + bytes.length);
1718
+ let scalar = isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
1719
+ if (modFromBytes)
1720
+ scalar = mod(scalar, ORDER);
1721
+ if (!skipValidation) {
1722
+ if (!this.isValid(scalar))
1723
+ throw new Error("invalid field element: outside of range 0..ORDER");
1724
+ }
1725
+ return scalar;
1726
+ }
1727
+ // TODO: we don't need it here, move out to separate fn
1728
+ invertBatch(lst) {
1729
+ return FpInvertBatch(this, lst);
1730
+ }
1731
+ // We can't move this out because Fp6, Fp12 implement it
1732
+ // and it's unclear what to return in there.
1733
+ cmov(a, b, condition) {
1734
+ return condition ? b : a;
1735
+ }
1736
+ };
1737
+ function Field(ORDER, opts = {}) {
1738
+ return new _Field(ORDER, opts);
1492
1739
  }
1493
1740
  __name(Field, "Field");
1494
1741
 
1495
- // ../../node_modules/@noble/curves/esm/abstract/curve.js
1496
- var _0n3 = BigInt(0);
1497
- var _1n3 = BigInt(1);
1498
- function constTimeNegate(condition, item) {
1742
+ // ../utils/node_modules/@noble/curves/abstract/curve.js
1743
+ var _0n3 = /* @__PURE__ */ BigInt(0);
1744
+ var _1n3 = /* @__PURE__ */ BigInt(1);
1745
+ function negateCt(condition, item) {
1499
1746
  const neg = item.negate();
1500
1747
  return condition ? neg : item;
1501
1748
  }
1502
- __name(constTimeNegate, "constTimeNegate");
1749
+ __name(negateCt, "negateCt");
1750
+ function normalizeZ(c, points) {
1751
+ const invertedZs = FpInvertBatch(c.Fp, points.map((p) => p.Z));
1752
+ return points.map((p, i) => c.fromAffine(p.toAffine(invertedZs[i])));
1753
+ }
1754
+ __name(normalizeZ, "normalizeZ");
1503
1755
  function validateW(W, bits) {
1504
1756
  if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
1505
1757
  throw new Error("invalid window size, expected [1.." + bits + "], got W=" + W);
1506
1758
  }
1507
1759
  __name(validateW, "validateW");
1508
- function calcWOpts(W, bits) {
1509
- validateW(W, bits);
1510
- const windows = Math.ceil(bits / W) + 1;
1760
+ function calcWOpts(W, scalarBits) {
1761
+ validateW(W, scalarBits);
1762
+ const windows = Math.ceil(scalarBits / W) + 1;
1511
1763
  const windowSize = 2 ** (W - 1);
1512
- return { windows, windowSize };
1764
+ const maxNumber = 2 ** W;
1765
+ const mask = bitMask(W);
1766
+ const shiftBy = BigInt(W);
1767
+ return { windows, windowSize, mask, maxNumber, shiftBy };
1513
1768
  }
1514
1769
  __name(calcWOpts, "calcWOpts");
1515
- function validateMSMPoints(points, c) {
1516
- if (!Array.isArray(points))
1517
- throw new Error("array expected");
1518
- points.forEach((p, i) => {
1519
- if (!(p instanceof c))
1520
- throw new Error("invalid point at index " + i);
1521
- });
1770
+ function calcOffsets(n, window, wOpts) {
1771
+ const { windowSize, mask, maxNumber, shiftBy } = wOpts;
1772
+ let wbits = Number(n & mask);
1773
+ let nextN = n >> shiftBy;
1774
+ if (wbits > windowSize) {
1775
+ wbits -= maxNumber;
1776
+ nextN += _1n3;
1777
+ }
1778
+ const offsetStart = window * windowSize;
1779
+ const offset = offsetStart + Math.abs(wbits) - 1;
1780
+ const isZero = wbits === 0;
1781
+ const isNeg = wbits < 0;
1782
+ const isNegF = window % 2 !== 0;
1783
+ const offsetF = offsetStart;
1784
+ return { nextN, offset, isZero, isNeg, isNegF, offsetF };
1522
1785
  }
1523
- __name(validateMSMPoints, "validateMSMPoints");
1524
- function validateMSMScalars(scalars, field) {
1525
- if (!Array.isArray(scalars))
1526
- throw new Error("array of scalars expected");
1527
- scalars.forEach((s, i) => {
1528
- if (!field.isValid(s))
1529
- throw new Error("invalid scalar at index " + i);
1530
- });
1531
- }
1532
- __name(validateMSMScalars, "validateMSMScalars");
1786
+ __name(calcOffsets, "calcOffsets");
1533
1787
  var pointPrecomputes = /* @__PURE__ */ new WeakMap();
1534
1788
  var pointWindowSizes = /* @__PURE__ */ new WeakMap();
1535
1789
  function getW(P2) {
1536
1790
  return pointWindowSizes.get(P2) || 1;
1537
1791
  }
1538
1792
  __name(getW, "getW");
1539
- function wNAF(c, bits) {
1540
- return {
1541
- constTimeNegate,
1542
- hasPrecomputes(elm) {
1543
- return getW(elm) !== 1;
1544
- },
1545
- // non-const time multiplication ladder
1546
- unsafeLadder(elm, n, p = c.ZERO) {
1547
- let d = elm;
1548
- while (n > _0n3) {
1549
- if (n & _1n3)
1550
- p = p.add(d);
1551
- d = d.double();
1552
- n >>= _1n3;
1553
- }
1554
- return p;
1555
- },
1556
- /**
1557
- * Creates a wNAF precomputation window. Used for caching.
1558
- * Default window size is set by `utils.precompute()` and is equal to 8.
1559
- * Number of precomputed points depends on the curve size:
1560
- * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
1561
- * - 𝑊 is the window size
1562
- * - 𝑛 is the bitlength of the curve order.
1563
- * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
1564
- * @param elm Point instance
1565
- * @param W window size
1566
- * @returns precomputed point tables flattened to a single array
1567
- */
1568
- precomputeWindow(elm, W) {
1569
- const { windows, windowSize } = calcWOpts(W, bits);
1570
- const points = [];
1571
- let p = elm;
1572
- let base = p;
1573
- for (let window = 0; window < windows; window++) {
1574
- base = p;
1793
+ function assert0(n) {
1794
+ if (n !== _0n3)
1795
+ throw new Error("invalid wNAF");
1796
+ }
1797
+ __name(assert0, "assert0");
1798
+ var wNAF = class {
1799
+ static {
1800
+ __name(this, "wNAF");
1801
+ }
1802
+ BASE;
1803
+ ZERO;
1804
+ Fn;
1805
+ bits;
1806
+ // Parametrized with a given Point class (not individual point)
1807
+ constructor(Point, bits) {
1808
+ this.BASE = Point.BASE;
1809
+ this.ZERO = Point.ZERO;
1810
+ this.Fn = Point.Fn;
1811
+ this.bits = bits;
1812
+ }
1813
+ // non-const time multiplication ladder
1814
+ _unsafeLadder(elm, n, p = this.ZERO) {
1815
+ let d = elm;
1816
+ while (n > _0n3) {
1817
+ if (n & _1n3)
1818
+ p = p.add(d);
1819
+ d = d.double();
1820
+ n >>= _1n3;
1821
+ }
1822
+ return p;
1823
+ }
1824
+ /**
1825
+ * Creates a wNAF precomputation window. Used for caching.
1826
+ * Default window size is set by `utils.precompute()` and is equal to 8.
1827
+ * Number of precomputed points depends on the curve size:
1828
+ * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
1829
+ * - 𝑊 is the window size
1830
+ * - 𝑛 is the bitlength of the curve order.
1831
+ * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
1832
+ * @param point Point instance
1833
+ * @param W window size
1834
+ * @returns precomputed point tables flattened to a single array
1835
+ */
1836
+ precomputeWindow(point, W) {
1837
+ const { windows, windowSize } = calcWOpts(W, this.bits);
1838
+ const points = [];
1839
+ let p = point;
1840
+ let base = p;
1841
+ for (let window = 0; window < windows; window++) {
1842
+ base = p;
1843
+ points.push(base);
1844
+ for (let i = 1; i < windowSize; i++) {
1845
+ base = base.add(p);
1575
1846
  points.push(base);
1576
- for (let i = 1; i < windowSize; i++) {
1577
- base = base.add(p);
1578
- points.push(base);
1579
- }
1580
- p = base.double();
1581
- }
1582
- return points;
1583
- },
1584
- /**
1585
- * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
1586
- * @param W window size
1587
- * @param precomputes precomputed tables
1588
- * @param n scalar (we don't check here, but should be less than curve order)
1589
- * @returns real and fake (for const-time) points
1590
- */
1591
- wNAF(W, precomputes, n) {
1592
- const { windows, windowSize } = calcWOpts(W, bits);
1593
- let p = c.ZERO;
1594
- let f = c.BASE;
1595
- const mask = BigInt(2 ** W - 1);
1596
- const maxNumber = 2 ** W;
1597
- const shiftBy = BigInt(W);
1598
- for (let window = 0; window < windows; window++) {
1599
- const offset = window * windowSize;
1600
- let wbits = Number(n & mask);
1601
- n >>= shiftBy;
1602
- if (wbits > windowSize) {
1603
- wbits -= maxNumber;
1604
- n += _1n3;
1605
- }
1606
- const offset1 = offset;
1607
- const offset2 = offset + Math.abs(wbits) - 1;
1608
- const cond1 = window % 2 !== 0;
1609
- const cond2 = wbits < 0;
1610
- if (wbits === 0) {
1611
- f = f.add(constTimeNegate(cond1, precomputes[offset1]));
1612
- } else {
1613
- p = p.add(constTimeNegate(cond2, precomputes[offset2]));
1614
- }
1615
- }
1616
- return { p, f };
1617
- },
1618
- /**
1619
- * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
1620
- * @param W window size
1621
- * @param precomputes precomputed tables
1622
- * @param n scalar (we don't check here, but should be less than curve order)
1623
- * @param acc accumulator point to add result of multiplication
1624
- * @returns point
1625
- */
1626
- wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
1627
- const { windows, windowSize } = calcWOpts(W, bits);
1628
- const mask = BigInt(2 ** W - 1);
1629
- const maxNumber = 2 ** W;
1630
- const shiftBy = BigInt(W);
1631
- for (let window = 0; window < windows; window++) {
1632
- const offset = window * windowSize;
1633
- if (n === _0n3)
1634
- break;
1635
- let wbits = Number(n & mask);
1636
- n >>= shiftBy;
1637
- if (wbits > windowSize) {
1638
- wbits -= maxNumber;
1639
- n += _1n3;
1640
- }
1641
- if (wbits === 0)
1642
- continue;
1643
- let curr = precomputes[offset + Math.abs(wbits) - 1];
1644
- if (wbits < 0)
1645
- curr = curr.negate();
1646
- acc = acc.add(curr);
1647
1847
  }
1648
- return acc;
1649
- },
1650
- getPrecomputes(W, P2, transform) {
1651
- let comp = pointPrecomputes.get(P2);
1652
- if (!comp) {
1653
- comp = this.precomputeWindow(P2, W);
1654
- if (W !== 1)
1655
- pointPrecomputes.set(P2, transform(comp));
1848
+ p = base.double();
1849
+ }
1850
+ return points;
1851
+ }
1852
+ /**
1853
+ * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
1854
+ * More compact implementation:
1855
+ * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
1856
+ * @returns real and fake (for const-time) points
1857
+ */
1858
+ wNAF(W, precomputes, n) {
1859
+ if (!this.Fn.isValid(n))
1860
+ throw new Error("invalid scalar");
1861
+ let p = this.ZERO;
1862
+ let f = this.BASE;
1863
+ const wo = calcWOpts(W, this.bits);
1864
+ for (let window = 0; window < wo.windows; window++) {
1865
+ const { nextN, offset, isZero, isNeg, isNegF, offsetF } = calcOffsets(n, window, wo);
1866
+ n = nextN;
1867
+ if (isZero) {
1868
+ f = f.add(negateCt(isNegF, precomputes[offsetF]));
1869
+ } else {
1870
+ p = p.add(negateCt(isNeg, precomputes[offset]));
1656
1871
  }
1657
- return comp;
1658
- },
1659
- wNAFCached(P2, n, transform) {
1660
- const W = getW(P2);
1661
- return this.wNAF(W, this.getPrecomputes(W, P2, transform), n);
1662
- },
1663
- wNAFCachedUnsafe(P2, n, transform, prev) {
1664
- const W = getW(P2);
1665
- if (W === 1)
1666
- return this.unsafeLadder(P2, n, prev);
1667
- return this.wNAFUnsafe(W, this.getPrecomputes(W, P2, transform), n, prev);
1668
- },
1669
- // We calculate precomputes for elliptic curve point multiplication
1670
- // using windowed method. This specifies window size and
1671
- // stores precomputed values. Usually only base point would be precomputed.
1672
- setWindowSize(P2, W) {
1673
- validateW(W, bits);
1674
- pointWindowSizes.set(P2, W);
1675
- pointPrecomputes.delete(P2);
1676
1872
  }
1677
- };
1678
- }
1679
- __name(wNAF, "wNAF");
1680
- function pippenger(c, fieldN, points, scalars) {
1681
- validateMSMPoints(points, c);
1682
- validateMSMScalars(scalars, fieldN);
1683
- if (points.length !== scalars.length)
1684
- throw new Error("arrays of points and scalars must have equal length");
1685
- const zero = c.ZERO;
1686
- const wbits = bitLen(BigInt(points.length));
1687
- const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1;
1688
- const MASK = (1 << windowSize) - 1;
1689
- const buckets = new Array(MASK + 1).fill(zero);
1690
- const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) * windowSize;
1691
- let sum = zero;
1692
- for (let i = lastBits; i >= 0; i -= windowSize) {
1693
- buckets.fill(zero);
1694
- for (let j = 0; j < scalars.length; j++) {
1695
- const scalar = scalars[j];
1696
- const wbits2 = Number(scalar >> BigInt(i) & BigInt(MASK));
1697
- buckets[wbits2] = buckets[wbits2].add(points[j]);
1873
+ assert0(n);
1874
+ return { p, f };
1875
+ }
1876
+ /**
1877
+ * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
1878
+ * @param acc accumulator point to add result of multiplication
1879
+ * @returns point
1880
+ */
1881
+ wNAFUnsafe(W, precomputes, n, acc = this.ZERO) {
1882
+ const wo = calcWOpts(W, this.bits);
1883
+ for (let window = 0; window < wo.windows; window++) {
1884
+ if (n === _0n3)
1885
+ break;
1886
+ const { nextN, offset, isZero, isNeg } = calcOffsets(n, window, wo);
1887
+ n = nextN;
1888
+ if (isZero) {
1889
+ continue;
1890
+ } else {
1891
+ const item = precomputes[offset];
1892
+ acc = acc.add(isNeg ? item.negate() : item);
1893
+ }
1698
1894
  }
1699
- let resI = zero;
1700
- for (let j = buckets.length - 1, sumI = zero; j > 0; j--) {
1701
- sumI = sumI.add(buckets[j]);
1702
- resI = resI.add(sumI);
1895
+ assert0(n);
1896
+ return acc;
1897
+ }
1898
+ getPrecomputes(W, point, transform) {
1899
+ let comp = pointPrecomputes.get(point);
1900
+ if (!comp) {
1901
+ comp = this.precomputeWindow(point, W);
1902
+ if (W !== 1) {
1903
+ if (typeof transform === "function")
1904
+ comp = transform(comp);
1905
+ pointPrecomputes.set(point, comp);
1906
+ }
1703
1907
  }
1704
- sum = sum.add(resI);
1705
- if (i !== 0)
1706
- for (let j = 0; j < windowSize; j++)
1707
- sum = sum.double();
1908
+ return comp;
1909
+ }
1910
+ cached(point, scalar, transform) {
1911
+ const W = getW(point);
1912
+ return this.wNAF(W, this.getPrecomputes(W, point, transform), scalar);
1913
+ }
1914
+ unsafe(point, scalar, transform, prev) {
1915
+ const W = getW(point);
1916
+ if (W === 1)
1917
+ return this._unsafeLadder(point, scalar, prev);
1918
+ return this.wNAFUnsafe(W, this.getPrecomputes(W, point, transform), scalar, prev);
1919
+ }
1920
+ // We calculate precomputes for elliptic curve point multiplication
1921
+ // using windowed method. This specifies window size and
1922
+ // stores precomputed values. Usually only base point would be precomputed.
1923
+ createCache(P2, W) {
1924
+ validateW(W, this.bits);
1925
+ pointWindowSizes.set(P2, W);
1926
+ pointPrecomputes.delete(P2);
1927
+ }
1928
+ hasCache(elm) {
1929
+ return getW(elm) !== 1;
1930
+ }
1931
+ };
1932
+ function createField(order, field, isLE) {
1933
+ if (field) {
1934
+ if (field.ORDER !== order)
1935
+ throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
1936
+ validateField(field);
1937
+ return field;
1938
+ } else {
1939
+ return Field(order, { isLE });
1708
1940
  }
1709
- return sum;
1710
1941
  }
1711
- __name(pippenger, "pippenger");
1712
- function validateBasic(curve) {
1713
- validateField(curve.Fp);
1714
- validateObject(curve, {
1715
- n: "bigint",
1716
- h: "bigint",
1717
- Gx: "field",
1718
- Gy: "field"
1719
- }, {
1720
- nBitLength: "isSafeInteger",
1721
- nByteLength: "isSafeInteger"
1722
- });
1723
- return Object.freeze({
1724
- ...nLength(curve.n, curve.nBitLength),
1725
- ...curve,
1726
- ...{ p: curve.Fp.ORDER }
1727
- });
1942
+ __name(createField, "createField");
1943
+ function createCurveFields(type, CURVE, curveOpts = {}, FpFnLE) {
1944
+ if (FpFnLE === void 0)
1945
+ FpFnLE = type === "edwards";
1946
+ if (!CURVE || typeof CURVE !== "object")
1947
+ throw new Error(`expected valid ${type} CURVE object`);
1948
+ for (const p of ["p", "n", "h"]) {
1949
+ const val = CURVE[p];
1950
+ if (!(typeof val === "bigint" && val > _0n3))
1951
+ throw new Error(`CURVE.${p} must be positive bigint`);
1952
+ }
1953
+ const Fp = createField(CURVE.p, curveOpts.Fp, FpFnLE);
1954
+ const Fn = createField(CURVE.n, curveOpts.Fn, FpFnLE);
1955
+ const _b = type === "weierstrass" ? "b" : "d";
1956
+ const params = ["Gx", "Gy", "a", _b];
1957
+ for (const p of params) {
1958
+ if (!Fp.isValid(CURVE[p]))
1959
+ throw new Error(`CURVE.${p} must be valid field element of CURVE.Fp`);
1960
+ }
1961
+ CURVE = Object.freeze(Object.assign({}, CURVE));
1962
+ return { CURVE, Fp, Fn };
1728
1963
  }
1729
- __name(validateBasic, "validateBasic");
1964
+ __name(createCurveFields, "createCurveFields");
1965
+ function createKeygen(randomSecretKey, getPublicKey) {
1966
+ return /* @__PURE__ */ __name(function keygen(seed) {
1967
+ const secretKey = randomSecretKey(seed);
1968
+ return { secretKey, publicKey: getPublicKey(secretKey) };
1969
+ }, "keygen");
1970
+ }
1971
+ __name(createKeygen, "createKeygen");
1730
1972
 
1731
- // ../../node_modules/@noble/curves/esm/abstract/edwards.js
1973
+ // ../utils/node_modules/@noble/curves/abstract/edwards.js
1732
1974
  var _0n4 = BigInt(0);
1733
1975
  var _1n4 = BigInt(1);
1734
- var _2n3 = BigInt(2);
1976
+ var _2n2 = BigInt(2);
1735
1977
  var _8n2 = BigInt(8);
1736
- var VERIFY_DEFAULT = { zip215: true };
1737
- function validateOpts(curve) {
1738
- const opts = validateBasic(curve);
1739
- validateObject(curve, {
1740
- hash: "function",
1741
- a: "bigint",
1742
- d: "bigint",
1743
- randomBytes: "function"
1744
- }, {
1745
- adjustScalarBytes: "function",
1746
- domain: "function",
1747
- uvRatio: "function",
1748
- mapToCurve: "function"
1749
- });
1750
- return Object.freeze({ ...opts });
1978
+ function isEdValidXY(Fp, CURVE, x, y) {
1979
+ const x2 = Fp.sqr(x);
1980
+ const y2 = Fp.sqr(y);
1981
+ const left = Fp.add(Fp.mul(CURVE.a, x2), y2);
1982
+ const right = Fp.add(Fp.ONE, Fp.mul(CURVE.d, Fp.mul(x2, y2)));
1983
+ return Fp.eql(left, right);
1751
1984
  }
1752
- __name(validateOpts, "validateOpts");
1753
- function twistedEdwards(curveDef) {
1754
- const CURVE = validateOpts(curveDef);
1755
- const { Fp: Fp2, n: CURVE_ORDER, prehash, hash: cHash, randomBytes: randomBytes2, nByteLength, h: cofactor } = CURVE;
1756
- const MASK = _2n3 << BigInt(nByteLength * 8) - _1n4;
1757
- const modP = Fp2.create;
1758
- const Fn = Field(CURVE.n, CURVE.nBitLength);
1759
- const uvRatio2 = CURVE.uvRatio || ((u, v) => {
1985
+ __name(isEdValidXY, "isEdValidXY");
1986
+ function edwards(params, extraOpts = {}) {
1987
+ const validated = createCurveFields("edwards", params, extraOpts, extraOpts.FpFnLE);
1988
+ const { Fp, Fn } = validated;
1989
+ let CURVE = validated.CURVE;
1990
+ const { h: cofactor } = CURVE;
1991
+ validateObject(extraOpts, {}, { uvRatio: "function" });
1992
+ const MASK = _2n2 << BigInt(Fn.BYTES * 8) - _1n4;
1993
+ const modP = /* @__PURE__ */ __name((n) => Fp.create(n), "modP");
1994
+ const uvRatio2 = extraOpts.uvRatio || ((u, v) => {
1760
1995
  try {
1761
- return { isValid: true, value: Fp2.sqrt(u * Fp2.inv(v)) };
1996
+ return { isValid: true, value: Fp.sqrt(Fp.div(u, v)) };
1762
1997
  } catch (e) {
1763
1998
  return { isValid: false, value: _0n4 };
1764
1999
  }
1765
2000
  });
1766
- const adjustScalarBytes2 = CURVE.adjustScalarBytes || ((bytes) => bytes);
1767
- const domain = CURVE.domain || ((data, ctx, phflag) => {
1768
- abool("phflag", phflag);
1769
- if (ctx.length || phflag)
1770
- throw new Error("Contexts/pre-hash are not supported");
1771
- return data;
1772
- });
1773
- function aCoordinate(title, n) {
1774
- aInRange("coordinate " + title, n, _0n4, MASK);
1775
- }
1776
- __name(aCoordinate, "aCoordinate");
1777
- function assertPoint(other) {
2001
+ if (!isEdValidXY(Fp, CURVE, CURVE.Gx, CURVE.Gy))
2002
+ throw new Error("bad curve params: generator point");
2003
+ function acoord(title, n, banZero = false) {
2004
+ const min = banZero ? _1n4 : _0n4;
2005
+ aInRange("coordinate " + title, n, min, MASK);
2006
+ return n;
2007
+ }
2008
+ __name(acoord, "acoord");
2009
+ function aedpoint(other) {
1778
2010
  if (!(other instanceof Point))
1779
- throw new Error("ExtendedPoint expected");
2011
+ throw new Error("EdwardsPoint expected");
1780
2012
  }
1781
- __name(assertPoint, "assertPoint");
2013
+ __name(aedpoint, "aedpoint");
1782
2014
  const toAffineMemo = memoized((p, iz) => {
1783
- const { ex: x, ey: y, ez: z } = p;
2015
+ const { X, Y, Z } = p;
1784
2016
  const is0 = p.is0();
1785
2017
  if (iz == null)
1786
- iz = is0 ? _8n2 : Fp2.inv(z);
1787
- const ax = modP(x * iz);
1788
- const ay = modP(y * iz);
1789
- const zz = modP(z * iz);
2018
+ iz = is0 ? _8n2 : Fp.inv(Z);
2019
+ const x = modP(X * iz);
2020
+ const y = modP(Y * iz);
2021
+ const zz = Fp.mul(Z, iz);
1790
2022
  if (is0)
1791
2023
  return { x: _0n4, y: _1n4 };
1792
2024
  if (zz !== _1n4)
1793
2025
  throw new Error("invZ was invalid");
1794
- return { x: ax, y: ay };
2026
+ return { x, y };
1795
2027
  });
1796
2028
  const assertValidMemo = memoized((p) => {
1797
2029
  const { a, d } = CURVE;
1798
2030
  if (p.is0())
1799
2031
  throw new Error("bad point: ZERO");
1800
- const { ex: X, ey: Y, ez: Z, et: T } = p;
2032
+ const { X, Y, Z, T } = p;
1801
2033
  const X2 = modP(X * X);
1802
2034
  const Y2 = modP(Y * Y);
1803
2035
  const Z2 = modP(Z * Z);
@@ -1817,53 +2049,87 @@ var near = (() => {
1817
2049
  static {
1818
2050
  __name(this, "Point");
1819
2051
  }
1820
- constructor(ex, ey, ez, et) {
1821
- this.ex = ex;
1822
- this.ey = ey;
1823
- this.ez = ez;
1824
- this.et = et;
1825
- aCoordinate("x", ex);
1826
- aCoordinate("y", ey);
1827
- aCoordinate("z", ez);
1828
- aCoordinate("t", et);
2052
+ // base / generator point
2053
+ static BASE = new Point(CURVE.Gx, CURVE.Gy, _1n4, modP(CURVE.Gx * CURVE.Gy));
2054
+ // zero / infinity / identity point
2055
+ static ZERO = new Point(_0n4, _1n4, _1n4, _0n4);
2056
+ // 0, 1, 1, 0
2057
+ // math field
2058
+ static Fp = Fp;
2059
+ // scalar field
2060
+ static Fn = Fn;
2061
+ X;
2062
+ Y;
2063
+ Z;
2064
+ T;
2065
+ constructor(X, Y, Z, T) {
2066
+ this.X = acoord("x", X);
2067
+ this.Y = acoord("y", Y);
2068
+ this.Z = acoord("z", Z, true);
2069
+ this.T = acoord("t", T);
1829
2070
  Object.freeze(this);
1830
2071
  }
1831
- get x() {
1832
- return this.toAffine().x;
1833
- }
1834
- get y() {
1835
- return this.toAffine().y;
2072
+ static CURVE() {
2073
+ return CURVE;
1836
2074
  }
1837
2075
  static fromAffine(p) {
1838
2076
  if (p instanceof Point)
1839
2077
  throw new Error("extended point not allowed");
1840
2078
  const { x, y } = p || {};
1841
- aCoordinate("x", x);
1842
- aCoordinate("y", y);
2079
+ acoord("x", x);
2080
+ acoord("y", y);
1843
2081
  return new Point(x, y, _1n4, modP(x * y));
1844
2082
  }
1845
- static normalizeZ(points) {
1846
- const toInv = Fp2.invertBatch(points.map((p) => p.ez));
1847
- return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);
2083
+ // Uses algo from RFC8032 5.1.3.
2084
+ static fromBytes(bytes, zip215 = false) {
2085
+ const len = Fp.BYTES;
2086
+ const { a, d } = CURVE;
2087
+ bytes = copyBytes(abytes(bytes, len, "point"));
2088
+ abool(zip215, "zip215");
2089
+ const normed = copyBytes(bytes);
2090
+ const lastByte = bytes[len - 1];
2091
+ normed[len - 1] = lastByte & ~128;
2092
+ const y = bytesToNumberLE(normed);
2093
+ const max = zip215 ? MASK : Fp.ORDER;
2094
+ aInRange("point.y", y, _0n4, max);
2095
+ const y2 = modP(y * y);
2096
+ const u = modP(y2 - _1n4);
2097
+ const v = modP(d * y2 - a);
2098
+ let { isValid, value: x } = uvRatio2(u, v);
2099
+ if (!isValid)
2100
+ throw new Error("bad point: invalid y coordinate");
2101
+ const isXOdd = (x & _1n4) === _1n4;
2102
+ const isLastByteOdd = (lastByte & 128) !== 0;
2103
+ if (!zip215 && x === _0n4 && isLastByteOdd)
2104
+ throw new Error("bad point: x=0 and x_0=1");
2105
+ if (isLastByteOdd !== isXOdd)
2106
+ x = modP(-x);
2107
+ return Point.fromAffine({ x, y });
2108
+ }
2109
+ static fromHex(hex, zip215 = false) {
2110
+ return Point.fromBytes(hexToBytes(hex), zip215);
2111
+ }
2112
+ get x() {
2113
+ return this.toAffine().x;
1848
2114
  }
1849
- // Multiscalar Multiplication
1850
- static msm(points, scalars) {
1851
- return pippenger(Point, Fn, points, scalars);
2115
+ get y() {
2116
+ return this.toAffine().y;
1852
2117
  }
1853
- // "Private method", don't use it directly
1854
- _setWindowSize(windowSize) {
1855
- wnaf.setWindowSize(this, windowSize);
2118
+ precompute(windowSize = 8, isLazy = true) {
2119
+ wnaf.createCache(this, windowSize);
2120
+ if (!isLazy)
2121
+ this.multiply(_2n2);
2122
+ return this;
1856
2123
  }
1857
- // Not required for fromHex(), which always creates valid points.
1858
- // Could be useful for fromAffine().
2124
+ // Useful in fromAffine() - not for fromBytes(), which always created valid points.
1859
2125
  assertValidity() {
1860
2126
  assertValidMemo(this);
1861
2127
  }
1862
2128
  // Compare one point to another.
1863
2129
  equals(other) {
1864
- assertPoint(other);
1865
- const { ex: X1, ey: Y1, ez: Z1 } = this;
1866
- const { ex: X2, ey: Y2, ez: Z2 } = other;
2130
+ aedpoint(other);
2131
+ const { X: X1, Y: Y1, Z: Z1 } = this;
2132
+ const { X: X2, Y: Y2, Z: Z2 } = other;
1867
2133
  const X1Z2 = modP(X1 * Z2);
1868
2134
  const X2Z1 = modP(X2 * Z1);
1869
2135
  const Y1Z2 = modP(Y1 * Z2);
@@ -1874,80 +2140,60 @@ var near = (() => {
1874
2140
  return this.equals(Point.ZERO);
1875
2141
  }
1876
2142
  negate() {
1877
- return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));
2143
+ return new Point(modP(-this.X), this.Y, this.Z, modP(-this.T));
1878
2144
  }
1879
2145
  // Fast algo for doubling Extended Point.
1880
2146
  // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd
1881
2147
  // Cost: 4M + 4S + 1*a + 6add + 1*2.
1882
2148
  double() {
1883
2149
  const { a } = CURVE;
1884
- const { ex: X1, ey: Y1, ez: Z1 } = this;
2150
+ const { X: X1, Y: Y1, Z: Z1 } = this;
1885
2151
  const A = modP(X1 * X1);
1886
2152
  const B = modP(Y1 * Y1);
1887
- const C = modP(_2n3 * modP(Z1 * Z1));
2153
+ const C = modP(_2n2 * modP(Z1 * Z1));
1888
2154
  const D = modP(a * A);
1889
2155
  const x1y1 = X1 + Y1;
1890
2156
  const E = modP(modP(x1y1 * x1y1) - A - B);
1891
- const G2 = D + B;
1892
- const F = G2 - C;
2157
+ const G = D + B;
2158
+ const F = G - C;
1893
2159
  const H = D - B;
1894
2160
  const X3 = modP(E * F);
1895
- const Y3 = modP(G2 * H);
2161
+ const Y3 = modP(G * H);
1896
2162
  const T3 = modP(E * H);
1897
- const Z3 = modP(F * G2);
2163
+ const Z3 = modP(F * G);
1898
2164
  return new Point(X3, Y3, Z3, T3);
1899
2165
  }
1900
2166
  // Fast algo for adding 2 Extended Points.
1901
2167
  // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd
1902
2168
  // Cost: 9M + 1*a + 1*d + 7add.
1903
2169
  add(other) {
1904
- assertPoint(other);
2170
+ aedpoint(other);
1905
2171
  const { a, d } = CURVE;
1906
- const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;
1907
- const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;
1908
- if (a === BigInt(-1)) {
1909
- const A2 = modP((Y1 - X1) * (Y2 + X2));
1910
- const B2 = modP((Y1 + X1) * (Y2 - X2));
1911
- const F2 = modP(B2 - A2);
1912
- if (F2 === _0n4)
1913
- return this.double();
1914
- const C2 = modP(Z1 * _2n3 * T2);
1915
- const D2 = modP(T1 * _2n3 * Z2);
1916
- const E2 = D2 + C2;
1917
- const G3 = B2 + A2;
1918
- const H2 = D2 - C2;
1919
- const X32 = modP(E2 * F2);
1920
- const Y32 = modP(G3 * H2);
1921
- const T32 = modP(E2 * H2);
1922
- const Z32 = modP(F2 * G3);
1923
- return new Point(X32, Y32, Z32, T32);
1924
- }
2172
+ const { X: X1, Y: Y1, Z: Z1, T: T1 } = this;
2173
+ const { X: X2, Y: Y2, Z: Z2, T: T2 } = other;
1925
2174
  const A = modP(X1 * X2);
1926
2175
  const B = modP(Y1 * Y2);
1927
2176
  const C = modP(T1 * d * T2);
1928
2177
  const D = modP(Z1 * Z2);
1929
2178
  const E = modP((X1 + Y1) * (X2 + Y2) - A - B);
1930
2179
  const F = D - C;
1931
- const G2 = D + C;
2180
+ const G = D + C;
1932
2181
  const H = modP(B - a * A);
1933
2182
  const X3 = modP(E * F);
1934
- const Y3 = modP(G2 * H);
2183
+ const Y3 = modP(G * H);
1935
2184
  const T3 = modP(E * H);
1936
- const Z3 = modP(F * G2);
2185
+ const Z3 = modP(F * G);
1937
2186
  return new Point(X3, Y3, Z3, T3);
1938
2187
  }
1939
2188
  subtract(other) {
1940
2189
  return this.add(other.negate());
1941
2190
  }
1942
- wNAF(n) {
1943
- return wnaf.wNAFCached(this, n, Point.normalizeZ);
1944
- }
1945
2191
  // Constant-time multiplication.
1946
2192
  multiply(scalar) {
1947
- const n = scalar;
1948
- aInRange("scalar", n, _1n4, CURVE_ORDER);
1949
- const { p, f } = this.wNAF(n);
1950
- return Point.normalizeZ([p, f])[0];
2193
+ if (!Fn.isValidNot0(scalar))
2194
+ throw new Error("invalid scalar: expected 1 <= sc < curve.n");
2195
+ const { p, f } = wnaf.cached(this, scalar, (p2) => normalizeZ(Point, p2));
2196
+ return normalizeZ(Point, [p, f])[0];
1951
2197
  }
1952
2198
  // Non-constant-time multiplication. Uses double-and-add algorithm.
1953
2199
  // It's faster, but should only be used when you don't care about
@@ -1955,13 +2201,13 @@ var near = (() => {
1955
2201
  // Does NOT allow scalars higher than CURVE.n.
1956
2202
  // Accepts optional accumulator to merge with multiply (important for sparse scalars)
1957
2203
  multiplyUnsafe(scalar, acc = Point.ZERO) {
1958
- const n = scalar;
1959
- aInRange("scalar", n, _0n4, CURVE_ORDER);
1960
- if (n === _0n4)
1961
- return I;
1962
- if (this.is0() || n === _1n4)
2204
+ if (!Fn.isValid(scalar))
2205
+ throw new Error("invalid scalar: expected 0 <= sc < curve.n");
2206
+ if (scalar === _0n4)
2207
+ return Point.ZERO;
2208
+ if (this.is0() || scalar === _1n4)
1963
2209
  return this;
1964
- return wnaf.wNAFCachedUnsafe(this, n, Point.normalizeZ, acc);
2210
+ return wnaf.unsafe(this, scalar, (p) => normalizeZ(Point, p), acc);
1965
2211
  }
1966
2212
  // Checks if point is of small order.
1967
2213
  // If you add something to small order point, you will have "dirty"
@@ -1973,176 +2219,216 @@ var near = (() => {
1973
2219
  // Multiplies point by curve order and checks if the result is 0.
1974
2220
  // Returns `false` is the point is dirty.
1975
2221
  isTorsionFree() {
1976
- return wnaf.unsafeLadder(this, CURVE_ORDER).is0();
2222
+ return wnaf.unsafe(this, CURVE.n).is0();
1977
2223
  }
1978
2224
  // Converts Extended point to default (x, y) coordinates.
1979
2225
  // Can accept precomputed Z^-1 - for example, from invertBatch.
1980
- toAffine(iz) {
1981
- return toAffineMemo(this, iz);
2226
+ toAffine(invertedZ) {
2227
+ return toAffineMemo(this, invertedZ);
1982
2228
  }
1983
2229
  clearCofactor() {
1984
- const { h: cofactor2 } = CURVE;
1985
- if (cofactor2 === _1n4)
2230
+ if (cofactor === _1n4)
1986
2231
  return this;
1987
- return this.multiplyUnsafe(cofactor2);
1988
- }
1989
- // Converts hash string or Uint8Array to Point.
1990
- // Uses algo from RFC8032 5.1.3.
1991
- static fromHex(hex, zip215 = false) {
1992
- const { d, a } = CURVE;
1993
- const len = Fp2.BYTES;
1994
- hex = ensureBytes("pointHex", hex, len);
1995
- abool("zip215", zip215);
1996
- const normed = hex.slice();
1997
- const lastByte = hex[len - 1];
1998
- normed[len - 1] = lastByte & ~128;
1999
- const y = bytesToNumberLE(normed);
2000
- const max = zip215 ? MASK : Fp2.ORDER;
2001
- aInRange("pointHex.y", y, _0n4, max);
2002
- const y2 = modP(y * y);
2003
- const u = modP(y2 - _1n4);
2004
- const v = modP(d * y2 - a);
2005
- let { isValid, value: x } = uvRatio2(u, v);
2006
- if (!isValid)
2007
- throw new Error("Point.fromHex: invalid y coordinate");
2008
- const isXOdd = (x & _1n4) === _1n4;
2009
- const isLastByteOdd = (lastByte & 128) !== 0;
2010
- if (!zip215 && x === _0n4 && isLastByteOdd)
2011
- throw new Error("Point.fromHex: x=0 and x_0=1");
2012
- if (isLastByteOdd !== isXOdd)
2013
- x = modP(-x);
2014
- return Point.fromAffine({ x, y });
2015
- }
2016
- static fromPrivateKey(privKey) {
2017
- return getExtendedPublicKey(privKey).point;
2232
+ return this.multiplyUnsafe(cofactor);
2018
2233
  }
2019
- toRawBytes() {
2234
+ toBytes() {
2020
2235
  const { x, y } = this.toAffine();
2021
- const bytes = numberToBytesLE(y, Fp2.BYTES);
2236
+ const bytes = Fp.toBytes(y);
2022
2237
  bytes[bytes.length - 1] |= x & _1n4 ? 128 : 0;
2023
2238
  return bytes;
2024
2239
  }
2025
2240
  toHex() {
2026
- return bytesToHex(this.toRawBytes());
2241
+ return bytesToHex(this.toBytes());
2242
+ }
2243
+ toString() {
2244
+ return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
2027
2245
  }
2028
2246
  }
2029
- Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n4, modP(CURVE.Gx * CURVE.Gy));
2030
- Point.ZERO = new Point(_0n4, _1n4, _1n4, _0n4);
2031
- const { BASE: G, ZERO: I } = Point;
2032
- const wnaf = wNAF(Point, nByteLength * 8);
2033
- function modN(a) {
2034
- return mod(a, CURVE_ORDER);
2035
- }
2036
- __name(modN, "modN");
2247
+ const wnaf = new wNAF(Point, Fn.BITS);
2248
+ Point.BASE.precompute(8);
2249
+ return Point;
2250
+ }
2251
+ __name(edwards, "edwards");
2252
+ function eddsa(Point, cHash, eddsaOpts = {}) {
2253
+ if (typeof cHash !== "function")
2254
+ throw new Error('"hash" function param is required');
2255
+ validateObject(eddsaOpts, {}, {
2256
+ adjustScalarBytes: "function",
2257
+ randomBytes: "function",
2258
+ domain: "function",
2259
+ prehash: "function",
2260
+ mapToCurve: "function"
2261
+ });
2262
+ const { prehash } = eddsaOpts;
2263
+ const { BASE, Fp, Fn } = Point;
2264
+ const randomBytes2 = eddsaOpts.randomBytes || randomBytes;
2265
+ const adjustScalarBytes2 = eddsaOpts.adjustScalarBytes || ((bytes) => bytes);
2266
+ const domain = eddsaOpts.domain || ((data, ctx, phflag) => {
2267
+ abool(phflag, "phflag");
2268
+ if (ctx.length || phflag)
2269
+ throw new Error("Contexts/pre-hash are not supported");
2270
+ return data;
2271
+ });
2037
2272
  function modN_LE(hash) {
2038
- return modN(bytesToNumberLE(hash));
2273
+ return Fn.create(bytesToNumberLE(hash));
2039
2274
  }
2040
2275
  __name(modN_LE, "modN_LE");
2041
- function getExtendedPublicKey(key) {
2042
- const len = Fp2.BYTES;
2043
- key = ensureBytes("private key", key, len);
2044
- const hashed = ensureBytes("hashed private key", cHash(key), 2 * len);
2276
+ function getPrivateScalar(key) {
2277
+ const len = lengths.secretKey;
2278
+ abytes(key, lengths.secretKey, "secretKey");
2279
+ const hashed = abytes(cHash(key), 2 * len, "hashedSecretKey");
2045
2280
  const head = adjustScalarBytes2(hashed.slice(0, len));
2046
2281
  const prefix = hashed.slice(len, 2 * len);
2047
2282
  const scalar = modN_LE(head);
2048
- const point = G.multiply(scalar);
2049
- const pointBytes = point.toRawBytes();
2283
+ return { head, prefix, scalar };
2284
+ }
2285
+ __name(getPrivateScalar, "getPrivateScalar");
2286
+ function getExtendedPublicKey(secretKey) {
2287
+ const { head, prefix, scalar } = getPrivateScalar(secretKey);
2288
+ const point = BASE.multiply(scalar);
2289
+ const pointBytes = point.toBytes();
2050
2290
  return { head, prefix, scalar, point, pointBytes };
2051
2291
  }
2052
2292
  __name(getExtendedPublicKey, "getExtendedPublicKey");
2053
- function getPublicKey(privKey) {
2054
- return getExtendedPublicKey(privKey).pointBytes;
2293
+ function getPublicKey(secretKey) {
2294
+ return getExtendedPublicKey(secretKey).pointBytes;
2055
2295
  }
2056
2296
  __name(getPublicKey, "getPublicKey");
2057
- function hashDomainToScalar(context = new Uint8Array(), ...msgs) {
2297
+ function hashDomainToScalar(context = Uint8Array.of(), ...msgs) {
2058
2298
  const msg = concatBytes(...msgs);
2059
- return modN_LE(cHash(domain(msg, ensureBytes("context", context), !!prehash)));
2299
+ return modN_LE(cHash(domain(msg, abytes(context, void 0, "context"), !!prehash)));
2060
2300
  }
2061
2301
  __name(hashDomainToScalar, "hashDomainToScalar");
2062
- function sign(msg, privKey, options = {}) {
2063
- msg = ensureBytes("message", msg);
2302
+ function sign(msg, secretKey, options = {}) {
2303
+ msg = abytes(msg, void 0, "message");
2064
2304
  if (prehash)
2065
2305
  msg = prehash(msg);
2066
- const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);
2306
+ const { prefix, scalar, pointBytes } = getExtendedPublicKey(secretKey);
2067
2307
  const r = hashDomainToScalar(options.context, prefix, msg);
2068
- const R = G.multiply(r).toRawBytes();
2308
+ const R = BASE.multiply(r).toBytes();
2069
2309
  const k = hashDomainToScalar(options.context, R, pointBytes, msg);
2070
- const s = modN(r + k * scalar);
2071
- aInRange("signature.s", s, _0n4, CURVE_ORDER);
2072
- const res = concatBytes(R, numberToBytesLE(s, Fp2.BYTES));
2073
- return ensureBytes("result", res, Fp2.BYTES * 2);
2310
+ const s = Fn.create(r + k * scalar);
2311
+ if (!Fn.isValid(s))
2312
+ throw new Error("sign failed: invalid s");
2313
+ const rs = concatBytes(R, Fn.toBytes(s));
2314
+ return abytes(rs, lengths.signature, "result");
2074
2315
  }
2075
2316
  __name(sign, "sign");
2076
- const verifyOpts = VERIFY_DEFAULT;
2317
+ const verifyOpts = { zip215: true };
2077
2318
  function verify(sig, msg, publicKey2, options = verifyOpts) {
2078
2319
  const { context, zip215 } = options;
2079
- const len = Fp2.BYTES;
2080
- sig = ensureBytes("signature", sig, 2 * len);
2081
- msg = ensureBytes("message", msg);
2082
- publicKey2 = ensureBytes("publicKey", publicKey2, len);
2320
+ const len = lengths.signature;
2321
+ sig = abytes(sig, len, "signature");
2322
+ msg = abytes(msg, void 0, "message");
2323
+ publicKey2 = abytes(publicKey2, lengths.publicKey, "publicKey");
2083
2324
  if (zip215 !== void 0)
2084
- abool("zip215", zip215);
2325
+ abool(zip215, "zip215");
2085
2326
  if (prehash)
2086
2327
  msg = prehash(msg);
2087
- const s = bytesToNumberLE(sig.slice(len, 2 * len));
2328
+ const mid = len / 2;
2329
+ const r = sig.subarray(0, mid);
2330
+ const s = bytesToNumberLE(sig.subarray(mid, len));
2088
2331
  let A, R, SB;
2089
2332
  try {
2090
- A = Point.fromHex(publicKey2, zip215);
2091
- R = Point.fromHex(sig.slice(0, len), zip215);
2092
- SB = G.multiplyUnsafe(s);
2333
+ A = Point.fromBytes(publicKey2, zip215);
2334
+ R = Point.fromBytes(r, zip215);
2335
+ SB = BASE.multiplyUnsafe(s);
2093
2336
  } catch (error) {
2094
2337
  return false;
2095
2338
  }
2096
2339
  if (!zip215 && A.isSmallOrder())
2097
2340
  return false;
2098
- const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);
2341
+ const k = hashDomainToScalar(context, R.toBytes(), A.toBytes(), msg);
2099
2342
  const RkA = R.add(A.multiplyUnsafe(k));
2100
- return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);
2343
+ return RkA.subtract(SB).clearCofactor().is0();
2101
2344
  }
2102
2345
  __name(verify, "verify");
2103
- G._setWindowSize(8);
2346
+ const _size = Fp.BYTES;
2347
+ const lengths = {
2348
+ secretKey: _size,
2349
+ publicKey: _size,
2350
+ signature: 2 * _size,
2351
+ seed: _size
2352
+ };
2353
+ function randomSecretKey(seed = randomBytes2(lengths.seed)) {
2354
+ return abytes(seed, lengths.seed, "seed");
2355
+ }
2356
+ __name(randomSecretKey, "randomSecretKey");
2357
+ function isValidSecretKey(key) {
2358
+ return isBytes(key) && key.length === Fn.BYTES;
2359
+ }
2360
+ __name(isValidSecretKey, "isValidSecretKey");
2361
+ function isValidPublicKey(key, zip215) {
2362
+ try {
2363
+ return !!Point.fromBytes(key, zip215);
2364
+ } catch (error) {
2365
+ return false;
2366
+ }
2367
+ }
2368
+ __name(isValidPublicKey, "isValidPublicKey");
2104
2369
  const utils2 = {
2105
2370
  getExtendedPublicKey,
2106
- // ed25519 private keys are uniform 32b. No need to check for modulo bias, like in secp256k1.
2107
- randomPrivateKey: /* @__PURE__ */ __name(() => randomBytes2(Fp2.BYTES), "randomPrivateKey"),
2371
+ randomSecretKey,
2372
+ isValidSecretKey,
2373
+ isValidPublicKey,
2108
2374
  /**
2109
- * We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT
2110
- * values. This slows down first getPublicKey() by milliseconds (see Speed section),
2111
- * but allows to speed-up subsequent getPublicKey() calls up to 20x.
2112
- * @param windowSize 2, 4, 8, 16
2375
+ * Converts ed public key to x public key. Uses formula:
2376
+ * - ed25519:
2377
+ * - `(u, v) = ((1+y)/(1-y), sqrt(-486664)*u/x)`
2378
+ * - `(x, y) = (sqrt(-486664)*u/v, (u-1)/(u+1))`
2379
+ * - ed448:
2380
+ * - `(u, v) = ((y-1)/(y+1), sqrt(156324)*u/x)`
2381
+ * - `(x, y) = (sqrt(156324)*u/v, (1+u)/(1-u))`
2113
2382
  */
2114
- precompute(windowSize = 8, point = Point.BASE) {
2115
- point._setWindowSize(windowSize);
2116
- point.multiply(BigInt(3));
2117
- return point;
2383
+ toMontgomery(publicKey2) {
2384
+ const { y } = Point.fromBytes(publicKey2);
2385
+ const size = lengths.publicKey;
2386
+ const is25519 = size === 32;
2387
+ if (!is25519 && size !== 57)
2388
+ throw new Error("only defined for 25519 and 448");
2389
+ const u = is25519 ? Fp.div(_1n4 + y, _1n4 - y) : Fp.div(y - _1n4, y + _1n4);
2390
+ return Fp.toBytes(u);
2391
+ },
2392
+ toMontgomerySecret(secretKey) {
2393
+ const size = lengths.secretKey;
2394
+ abytes(secretKey, size);
2395
+ const hashed = cHash(secretKey.subarray(0, size));
2396
+ return adjustScalarBytes2(hashed).subarray(0, size);
2118
2397
  }
2119
2398
  };
2120
- return {
2121
- CURVE,
2399
+ return Object.freeze({
2400
+ keygen: createKeygen(randomSecretKey, getPublicKey),
2122
2401
  getPublicKey,
2123
2402
  sign,
2124
2403
  verify,
2125
- ExtendedPoint: Point,
2126
- utils: utils2
2127
- };
2404
+ utils: utils2,
2405
+ Point,
2406
+ lengths
2407
+ });
2128
2408
  }
2129
- __name(twistedEdwards, "twistedEdwards");
2409
+ __name(eddsa, "eddsa");
2130
2410
 
2131
- // ../../node_modules/@noble/curves/esm/ed25519.js
2132
- var ED25519_P = BigInt("57896044618658097711785492504343953926634992332820282019728792003956564819949");
2133
- var ED25519_SQRT_M1 = /* @__PURE__ */ BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");
2134
- var _0n5 = BigInt(0);
2411
+ // ../utils/node_modules/@noble/curves/ed25519.js
2135
2412
  var _1n5 = BigInt(1);
2136
- var _2n4 = BigInt(2);
2137
- var _3n2 = BigInt(3);
2413
+ var _2n3 = BigInt(2);
2138
2414
  var _5n2 = BigInt(5);
2139
2415
  var _8n3 = BigInt(8);
2416
+ var ed25519_CURVE_p = BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffed");
2417
+ var ed25519_CURVE = /* @__PURE__ */ (() => ({
2418
+ p: ed25519_CURVE_p,
2419
+ n: BigInt("0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed"),
2420
+ h: _8n3,
2421
+ a: BigInt("0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec"),
2422
+ d: BigInt("0x52036cee2b6ffe738cc740797779e89800700a4d4141d8ab75eb4dca135978a3"),
2423
+ Gx: BigInt("0x216936d3cd6e53fec0a4e231fdd6dc5c692cc7609525a7b2c9562d608f25d51a"),
2424
+ Gy: BigInt("0x6666666666666666666666666666666666666666666666666666666666666658")
2425
+ }))();
2140
2426
  function ed25519_pow_2_252_3(x) {
2141
2427
  const _10n = BigInt(10), _20n = BigInt(20), _40n = BigInt(40), _80n = BigInt(80);
2142
- const P2 = ED25519_P;
2428
+ const P2 = ed25519_CURVE_p;
2143
2429
  const x2 = x * x % P2;
2144
2430
  const b2 = x2 * x % P2;
2145
- const b4 = pow2(b2, _2n4, P2) * b2 % P2;
2431
+ const b4 = pow2(b2, _2n3, P2) * b2 % P2;
2146
2432
  const b5 = pow2(b4, _1n5, P2) * x % P2;
2147
2433
  const b10 = pow2(b5, _5n2, P2) * b5 % P2;
2148
2434
  const b20 = pow2(b10, _10n, P2) * b10 % P2;
@@ -2151,7 +2437,7 @@ var near = (() => {
2151
2437
  const b160 = pow2(b80, _80n, P2) * b80 % P2;
2152
2438
  const b240 = pow2(b160, _80n, P2) * b80 % P2;
2153
2439
  const b250 = pow2(b240, _10n, P2) * b10 % P2;
2154
- const pow_p_5_8 = pow2(b250, _2n4, P2) * x % P2;
2440
+ const pow_p_5_8 = pow2(b250, _2n3, P2) * x % P2;
2155
2441
  return { pow_p_5_8, b2 };
2156
2442
  }
2157
2443
  __name(ed25519_pow_2_252_3, "ed25519_pow_2_252_3");
@@ -2162,207 +2448,34 @@ var near = (() => {
2162
2448
  return bytes;
2163
2449
  }
2164
2450
  __name(adjustScalarBytes, "adjustScalarBytes");
2165
- function uvRatio(u, v) {
2166
- const P2 = ED25519_P;
2167
- const v3 = mod(v * v * v, P2);
2168
- const v7 = mod(v3 * v3 * v, P2);
2169
- const pow3 = ed25519_pow_2_252_3(u * v7).pow_p_5_8;
2170
- let x = mod(u * v3 * pow3, P2);
2171
- const vx2 = mod(v * x * x, P2);
2172
- const root1 = x;
2173
- const root2 = mod(x * ED25519_SQRT_M1, P2);
2174
- const useRoot1 = vx2 === u;
2175
- const useRoot2 = vx2 === mod(-u, P2);
2176
- const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P2);
2177
- if (useRoot1)
2178
- x = root1;
2179
- if (useRoot2 || noRoot)
2180
- x = root2;
2181
- if (isNegativeLE(x, P2))
2182
- x = mod(-x, P2);
2183
- return { isValid: useRoot1 || useRoot2, value: x };
2184
- }
2185
- __name(uvRatio, "uvRatio");
2186
- var Fp = /* @__PURE__ */ (() => Field(ED25519_P, void 0, true))();
2187
- var ed25519Defaults = /* @__PURE__ */ (() => ({
2188
- // Param: a
2189
- a: BigInt(-1),
2190
- // Fp.create(-1) is proper; our way still works and is faster
2191
- // d is equal to -121665/121666 over finite field.
2192
- // Negative number is P - number, and division is invert(number, P)
2193
- d: BigInt("37095705934669439343138083508754565189542113879843219016388785533085940283555"),
2194
- // Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n
2195
- Fp,
2196
- // Subgroup order: how many points curve has
2197
- // 2n**252n + 27742317777372353535851937790883648493n;
2198
- n: BigInt("7237005577332262213973186563042994240857116359379907606001950938285454250989"),
2199
- // Cofactor
2200
- h: _8n3,
2201
- // Base point (x, y) aka generator point
2202
- Gx: BigInt("15112221349535400772501151409588531511454012693041857206046113283949847762202"),
2203
- Gy: BigInt("46316835694926478169428394003475163141307993866256225615783033603165251855960"),
2204
- hash: sha512,
2205
- randomBytes,
2206
- adjustScalarBytes,
2207
- // dom2
2208
- // Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3.
2209
- // Constant-time, u/√v
2210
- uvRatio
2211
- }))();
2212
- var ed25519 = /* @__PURE__ */ (() => twistedEdwards(ed25519Defaults))();
2213
-
2214
- // ../../node_modules/@noble/hashes/esm/sha256.js
2215
- var SHA256_K = /* @__PURE__ */ new Uint32Array([
2216
- 1116352408,
2217
- 1899447441,
2218
- 3049323471,
2219
- 3921009573,
2220
- 961987163,
2221
- 1508970993,
2222
- 2453635748,
2223
- 2870763221,
2224
- 3624381080,
2225
- 310598401,
2226
- 607225278,
2227
- 1426881987,
2228
- 1925078388,
2229
- 2162078206,
2230
- 2614888103,
2231
- 3248222580,
2232
- 3835390401,
2233
- 4022224774,
2234
- 264347078,
2235
- 604807628,
2236
- 770255983,
2237
- 1249150122,
2238
- 1555081692,
2239
- 1996064986,
2240
- 2554220882,
2241
- 2821834349,
2242
- 2952996808,
2243
- 3210313671,
2244
- 3336571891,
2245
- 3584528711,
2246
- 113926993,
2247
- 338241895,
2248
- 666307205,
2249
- 773529912,
2250
- 1294757372,
2251
- 1396182291,
2252
- 1695183700,
2253
- 1986661051,
2254
- 2177026350,
2255
- 2456956037,
2256
- 2730485921,
2257
- 2820302411,
2258
- 3259730800,
2259
- 3345764771,
2260
- 3516065817,
2261
- 3600352804,
2262
- 4094571909,
2263
- 275423344,
2264
- 430227734,
2265
- 506948616,
2266
- 659060556,
2267
- 883997877,
2268
- 958139571,
2269
- 1322822218,
2270
- 1537002063,
2271
- 1747873779,
2272
- 1955562222,
2273
- 2024104815,
2274
- 2227730452,
2275
- 2361852424,
2276
- 2428436474,
2277
- 2756734187,
2278
- 3204031479,
2279
- 3329325298
2280
- ]);
2281
- var SHA256_IV = /* @__PURE__ */ new Uint32Array([
2282
- 1779033703,
2283
- 3144134277,
2284
- 1013904242,
2285
- 2773480762,
2286
- 1359893119,
2287
- 2600822924,
2288
- 528734635,
2289
- 1541459225
2290
- ]);
2291
- var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
2292
- var SHA256 = class extends HashMD {
2293
- static {
2294
- __name(this, "SHA256");
2295
- }
2296
- constructor() {
2297
- super(64, 32, 8, false);
2298
- this.A = SHA256_IV[0] | 0;
2299
- this.B = SHA256_IV[1] | 0;
2300
- this.C = SHA256_IV[2] | 0;
2301
- this.D = SHA256_IV[3] | 0;
2302
- this.E = SHA256_IV[4] | 0;
2303
- this.F = SHA256_IV[5] | 0;
2304
- this.G = SHA256_IV[6] | 0;
2305
- this.H = SHA256_IV[7] | 0;
2306
- }
2307
- get() {
2308
- const { A, B, C, D, E, F, G, H } = this;
2309
- return [A, B, C, D, E, F, G, H];
2310
- }
2311
- // prettier-ignore
2312
- set(A, B, C, D, E, F, G, H) {
2313
- this.A = A | 0;
2314
- this.B = B | 0;
2315
- this.C = C | 0;
2316
- this.D = D | 0;
2317
- this.E = E | 0;
2318
- this.F = F | 0;
2319
- this.G = G | 0;
2320
- this.H = H | 0;
2321
- }
2322
- process(view2, offset) {
2323
- for (let i = 0; i < 16; i++, offset += 4)
2324
- SHA256_W[i] = view2.getUint32(offset, false);
2325
- for (let i = 16; i < 64; i++) {
2326
- const W15 = SHA256_W[i - 15];
2327
- const W2 = SHA256_W[i - 2];
2328
- const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
2329
- const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
2330
- SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
2331
- }
2332
- let { A, B, C, D, E, F, G, H } = this;
2333
- for (let i = 0; i < 64; i++) {
2334
- const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
2335
- const T1 = H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i] | 0;
2336
- const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
2337
- const T2 = sigma0 + Maj(A, B, C) | 0;
2338
- H = G;
2339
- G = F;
2340
- F = E;
2341
- E = D + T1 | 0;
2342
- D = C;
2343
- C = B;
2344
- B = A;
2345
- A = T1 + T2 | 0;
2346
- }
2347
- A = A + this.A | 0;
2348
- B = B + this.B | 0;
2349
- C = C + this.C | 0;
2350
- D = D + this.D | 0;
2351
- E = E + this.E | 0;
2352
- F = F + this.F | 0;
2353
- G = G + this.G | 0;
2354
- H = H + this.H | 0;
2355
- this.set(A, B, C, D, E, F, G, H);
2356
- }
2357
- roundClean() {
2358
- SHA256_W.fill(0);
2359
- }
2360
- destroy() {
2361
- this.set(0, 0, 0, 0, 0, 0, 0, 0);
2362
- this.buffer.fill(0);
2363
- }
2364
- };
2365
- var sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
2451
+ var ED25519_SQRT_M1 = /* @__PURE__ */ BigInt("19681161376707505956807079304988542015446066515923890162744021073123829784752");
2452
+ function uvRatio(u, v) {
2453
+ const P2 = ed25519_CURVE_p;
2454
+ const v3 = mod(v * v * v, P2);
2455
+ const v7 = mod(v3 * v3 * v, P2);
2456
+ const pow = ed25519_pow_2_252_3(u * v7).pow_p_5_8;
2457
+ let x = mod(u * v3 * pow, P2);
2458
+ const vx2 = mod(v * x * x, P2);
2459
+ const root1 = x;
2460
+ const root2 = mod(x * ED25519_SQRT_M1, P2);
2461
+ const useRoot1 = vx2 === u;
2462
+ const useRoot2 = vx2 === mod(-u, P2);
2463
+ const noRoot = vx2 === mod(-u * ED25519_SQRT_M1, P2);
2464
+ if (useRoot1)
2465
+ x = root1;
2466
+ if (useRoot2 || noRoot)
2467
+ x = root2;
2468
+ if (isNegativeLE(x, P2))
2469
+ x = mod(-x, P2);
2470
+ return { isValid: useRoot1 || useRoot2, value: x };
2471
+ }
2472
+ __name(uvRatio, "uvRatio");
2473
+ var ed25519_Point = /* @__PURE__ */ edwards(ed25519_CURVE, { uvRatio });
2474
+ function ed(opts) {
2475
+ return eddsa(ed25519_Point, sha512, Object.assign({ adjustScalarBytes }, opts));
2476
+ }
2477
+ __name(ed, "ed");
2478
+ var ed25519 = /* @__PURE__ */ ed({});
2366
2479
 
2367
2480
  // ../utils/node_modules/base58-js/base58_chars.js
2368
2481
  var base58_chars = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
@@ -3702,6 +3815,341 @@ var near = (() => {
3702
3815
  lsSet("txHistory", _txHistory);
3703
3816
  }, "resetTxHistory");
3704
3817
 
3818
+ // node_modules/@noble/hashes/utils.js
3819
+ function isBytes2(a) {
3820
+ return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
3821
+ }
3822
+ __name(isBytes2, "isBytes");
3823
+ function abytes2(value, length, title = "") {
3824
+ const bytes = isBytes2(value);
3825
+ const len = value?.length;
3826
+ const needsLen = length !== void 0;
3827
+ if (!bytes || needsLen && len !== length) {
3828
+ const prefix = title && `"${title}" `;
3829
+ const ofLen = needsLen ? ` of length ${length}` : "";
3830
+ const got = bytes ? `length=${len}` : `type=${typeof value}`;
3831
+ throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
3832
+ }
3833
+ return value;
3834
+ }
3835
+ __name(abytes2, "abytes");
3836
+ function aexists2(instance, checkFinished = true) {
3837
+ if (instance.destroyed)
3838
+ throw new Error("Hash instance has been destroyed");
3839
+ if (checkFinished && instance.finished)
3840
+ throw new Error("Hash#digest() has already been called");
3841
+ }
3842
+ __name(aexists2, "aexists");
3843
+ function aoutput2(out, instance) {
3844
+ abytes2(out, void 0, "digestInto() output");
3845
+ const min = instance.outputLen;
3846
+ if (out.length < min) {
3847
+ throw new Error('"digestInto() output" expected to be of length >=' + min);
3848
+ }
3849
+ }
3850
+ __name(aoutput2, "aoutput");
3851
+ function clean2(...arrays) {
3852
+ for (let i = 0; i < arrays.length; i++) {
3853
+ arrays[i].fill(0);
3854
+ }
3855
+ }
3856
+ __name(clean2, "clean");
3857
+ function createView2(arr) {
3858
+ return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
3859
+ }
3860
+ __name(createView2, "createView");
3861
+ function rotr2(word, shift) {
3862
+ return word << 32 - shift | word >>> shift;
3863
+ }
3864
+ __name(rotr2, "rotr");
3865
+ function createHasher2(hashCons, info = {}) {
3866
+ const hashC = /* @__PURE__ */ __name((msg, opts) => hashCons(opts).update(msg).digest(), "hashC");
3867
+ const tmp = hashCons(void 0);
3868
+ hashC.outputLen = tmp.outputLen;
3869
+ hashC.blockLen = tmp.blockLen;
3870
+ hashC.create = (opts) => hashCons(opts);
3871
+ Object.assign(hashC, info);
3872
+ return Object.freeze(hashC);
3873
+ }
3874
+ __name(createHasher2, "createHasher");
3875
+ var oidNist2 = /* @__PURE__ */ __name((suffix) => ({
3876
+ oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, suffix])
3877
+ }), "oidNist");
3878
+
3879
+ // node_modules/@noble/hashes/_md.js
3880
+ function Chi2(a, b, c) {
3881
+ return a & b ^ ~a & c;
3882
+ }
3883
+ __name(Chi2, "Chi");
3884
+ function Maj2(a, b, c) {
3885
+ return a & b ^ a & c ^ b & c;
3886
+ }
3887
+ __name(Maj2, "Maj");
3888
+ var HashMD2 = class {
3889
+ static {
3890
+ __name(this, "HashMD");
3891
+ }
3892
+ blockLen;
3893
+ outputLen;
3894
+ padOffset;
3895
+ isLE;
3896
+ // For partial updates less than block size
3897
+ buffer;
3898
+ view;
3899
+ finished = false;
3900
+ length = 0;
3901
+ pos = 0;
3902
+ destroyed = false;
3903
+ constructor(blockLen, outputLen, padOffset, isLE) {
3904
+ this.blockLen = blockLen;
3905
+ this.outputLen = outputLen;
3906
+ this.padOffset = padOffset;
3907
+ this.isLE = isLE;
3908
+ this.buffer = new Uint8Array(blockLen);
3909
+ this.view = createView2(this.buffer);
3910
+ }
3911
+ update(data) {
3912
+ aexists2(this);
3913
+ abytes2(data);
3914
+ const { view: view2, buffer, blockLen } = this;
3915
+ const len = data.length;
3916
+ for (let pos = 0; pos < len; ) {
3917
+ const take = Math.min(blockLen - this.pos, len - pos);
3918
+ if (take === blockLen) {
3919
+ const dataView = createView2(data);
3920
+ for (; blockLen <= len - pos; pos += blockLen)
3921
+ this.process(dataView, pos);
3922
+ continue;
3923
+ }
3924
+ buffer.set(data.subarray(pos, pos + take), this.pos);
3925
+ this.pos += take;
3926
+ pos += take;
3927
+ if (this.pos === blockLen) {
3928
+ this.process(view2, 0);
3929
+ this.pos = 0;
3930
+ }
3931
+ }
3932
+ this.length += data.length;
3933
+ this.roundClean();
3934
+ return this;
3935
+ }
3936
+ digestInto(out) {
3937
+ aexists2(this);
3938
+ aoutput2(out, this);
3939
+ this.finished = true;
3940
+ const { buffer, view: view2, blockLen, isLE } = this;
3941
+ let { pos } = this;
3942
+ buffer[pos++] = 128;
3943
+ clean2(this.buffer.subarray(pos));
3944
+ if (this.padOffset > blockLen - pos) {
3945
+ this.process(view2, 0);
3946
+ pos = 0;
3947
+ }
3948
+ for (let i = pos; i < blockLen; i++)
3949
+ buffer[i] = 0;
3950
+ view2.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);
3951
+ this.process(view2, 0);
3952
+ const oview = createView2(out);
3953
+ const len = this.outputLen;
3954
+ if (len % 4)
3955
+ throw new Error("_sha2: outputLen must be aligned to 32bit");
3956
+ const outLen = len / 4;
3957
+ const state2 = this.get();
3958
+ if (outLen > state2.length)
3959
+ throw new Error("_sha2: outputLen bigger than state");
3960
+ for (let i = 0; i < outLen; i++)
3961
+ oview.setUint32(4 * i, state2[i], isLE);
3962
+ }
3963
+ digest() {
3964
+ const { buffer, outputLen } = this;
3965
+ this.digestInto(buffer);
3966
+ const res = buffer.slice(0, outputLen);
3967
+ this.destroy();
3968
+ return res;
3969
+ }
3970
+ _cloneInto(to) {
3971
+ to ||= new this.constructor();
3972
+ to.set(...this.get());
3973
+ const { blockLen, buffer, length, finished, destroyed, pos } = this;
3974
+ to.destroyed = destroyed;
3975
+ to.finished = finished;
3976
+ to.length = length;
3977
+ to.pos = pos;
3978
+ if (length % blockLen)
3979
+ to.buffer.set(buffer);
3980
+ return to;
3981
+ }
3982
+ clone() {
3983
+ return this._cloneInto();
3984
+ }
3985
+ };
3986
+ var SHA256_IV2 = /* @__PURE__ */ Uint32Array.from([
3987
+ 1779033703,
3988
+ 3144134277,
3989
+ 1013904242,
3990
+ 2773480762,
3991
+ 1359893119,
3992
+ 2600822924,
3993
+ 528734635,
3994
+ 1541459225
3995
+ ]);
3996
+
3997
+ // node_modules/@noble/hashes/sha2.js
3998
+ var SHA256_K2 = /* @__PURE__ */ Uint32Array.from([
3999
+ 1116352408,
4000
+ 1899447441,
4001
+ 3049323471,
4002
+ 3921009573,
4003
+ 961987163,
4004
+ 1508970993,
4005
+ 2453635748,
4006
+ 2870763221,
4007
+ 3624381080,
4008
+ 310598401,
4009
+ 607225278,
4010
+ 1426881987,
4011
+ 1925078388,
4012
+ 2162078206,
4013
+ 2614888103,
4014
+ 3248222580,
4015
+ 3835390401,
4016
+ 4022224774,
4017
+ 264347078,
4018
+ 604807628,
4019
+ 770255983,
4020
+ 1249150122,
4021
+ 1555081692,
4022
+ 1996064986,
4023
+ 2554220882,
4024
+ 2821834349,
4025
+ 2952996808,
4026
+ 3210313671,
4027
+ 3336571891,
4028
+ 3584528711,
4029
+ 113926993,
4030
+ 338241895,
4031
+ 666307205,
4032
+ 773529912,
4033
+ 1294757372,
4034
+ 1396182291,
4035
+ 1695183700,
4036
+ 1986661051,
4037
+ 2177026350,
4038
+ 2456956037,
4039
+ 2730485921,
4040
+ 2820302411,
4041
+ 3259730800,
4042
+ 3345764771,
4043
+ 3516065817,
4044
+ 3600352804,
4045
+ 4094571909,
4046
+ 275423344,
4047
+ 430227734,
4048
+ 506948616,
4049
+ 659060556,
4050
+ 883997877,
4051
+ 958139571,
4052
+ 1322822218,
4053
+ 1537002063,
4054
+ 1747873779,
4055
+ 1955562222,
4056
+ 2024104815,
4057
+ 2227730452,
4058
+ 2361852424,
4059
+ 2428436474,
4060
+ 2756734187,
4061
+ 3204031479,
4062
+ 3329325298
4063
+ ]);
4064
+ var SHA256_W2 = /* @__PURE__ */ new Uint32Array(64);
4065
+ var SHA2_32B2 = class extends HashMD2 {
4066
+ static {
4067
+ __name(this, "SHA2_32B");
4068
+ }
4069
+ constructor(outputLen) {
4070
+ super(64, outputLen, 8, false);
4071
+ }
4072
+ get() {
4073
+ const { A, B, C, D, E, F, G, H } = this;
4074
+ return [A, B, C, D, E, F, G, H];
4075
+ }
4076
+ // prettier-ignore
4077
+ set(A, B, C, D, E, F, G, H) {
4078
+ this.A = A | 0;
4079
+ this.B = B | 0;
4080
+ this.C = C | 0;
4081
+ this.D = D | 0;
4082
+ this.E = E | 0;
4083
+ this.F = F | 0;
4084
+ this.G = G | 0;
4085
+ this.H = H | 0;
4086
+ }
4087
+ process(view2, offset) {
4088
+ for (let i = 0; i < 16; i++, offset += 4)
4089
+ SHA256_W2[i] = view2.getUint32(offset, false);
4090
+ for (let i = 16; i < 64; i++) {
4091
+ const W15 = SHA256_W2[i - 15];
4092
+ const W2 = SHA256_W2[i - 2];
4093
+ const s0 = rotr2(W15, 7) ^ rotr2(W15, 18) ^ W15 >>> 3;
4094
+ const s1 = rotr2(W2, 17) ^ rotr2(W2, 19) ^ W2 >>> 10;
4095
+ SHA256_W2[i] = s1 + SHA256_W2[i - 7] + s0 + SHA256_W2[i - 16] | 0;
4096
+ }
4097
+ let { A, B, C, D, E, F, G, H } = this;
4098
+ for (let i = 0; i < 64; i++) {
4099
+ const sigma1 = rotr2(E, 6) ^ rotr2(E, 11) ^ rotr2(E, 25);
4100
+ const T1 = H + sigma1 + Chi2(E, F, G) + SHA256_K2[i] + SHA256_W2[i] | 0;
4101
+ const sigma0 = rotr2(A, 2) ^ rotr2(A, 13) ^ rotr2(A, 22);
4102
+ const T2 = sigma0 + Maj2(A, B, C) | 0;
4103
+ H = G;
4104
+ G = F;
4105
+ F = E;
4106
+ E = D + T1 | 0;
4107
+ D = C;
4108
+ C = B;
4109
+ B = A;
4110
+ A = T1 + T2 | 0;
4111
+ }
4112
+ A = A + this.A | 0;
4113
+ B = B + this.B | 0;
4114
+ C = C + this.C | 0;
4115
+ D = D + this.D | 0;
4116
+ E = E + this.E | 0;
4117
+ F = F + this.F | 0;
4118
+ G = G + this.G | 0;
4119
+ H = H + this.H | 0;
4120
+ this.set(A, B, C, D, E, F, G, H);
4121
+ }
4122
+ roundClean() {
4123
+ clean2(SHA256_W2);
4124
+ }
4125
+ destroy() {
4126
+ this.set(0, 0, 0, 0, 0, 0, 0, 0);
4127
+ clean2(this.buffer);
4128
+ }
4129
+ };
4130
+ var _SHA2562 = class extends SHA2_32B2 {
4131
+ static {
4132
+ __name(this, "_SHA256");
4133
+ }
4134
+ // We cannot use array here since array allows indexing by variable
4135
+ // which means optimizer/compiler cannot use registers.
4136
+ A = SHA256_IV2[0] | 0;
4137
+ B = SHA256_IV2[1] | 0;
4138
+ C = SHA256_IV2[2] | 0;
4139
+ D = SHA256_IV2[3] | 0;
4140
+ E = SHA256_IV2[4] | 0;
4141
+ F = SHA256_IV2[5] | 0;
4142
+ G = SHA256_IV2[6] | 0;
4143
+ H = SHA256_IV2[7] | 0;
4144
+ constructor() {
4145
+ super(32);
4146
+ }
4147
+ };
4148
+ var sha2562 = /* @__PURE__ */ createHasher2(
4149
+ () => new _SHA2562(),
4150
+ /* @__PURE__ */ oidNist2(1)
4151
+ );
4152
+
3705
4153
  // src/near.ts
3706
4154
  big_default.DP = 27;
3707
4155
  var MaxBlockDelayMs = 1e3 * 60 * 60 * 6;
@@ -3992,7 +4440,7 @@ var near = (() => {
3992
4440
  actions: actions2
3993
4441
  };
3994
4442
  const txBytes = serializeTransaction(plainTransactionObj);
3995
- const txHashBytes = sha256(txBytes);
4443
+ const txHashBytes = sha2562(txBytes);
3996
4444
  const txHash58 = binary_to_base58_default(txHashBytes);
3997
4445
  const signatureBase58 = signHash(txHashBytes, privKey, { returnBase58: true });
3998
4446
  const signedTransactionBytes = serializeSignedTransaction(plainTransactionObj, signatureBase58);
@@ -4105,23 +4553,26 @@ var near = (() => {
4105
4553
  })();
4106
4554
  /*! Bundled license information:
4107
4555
 
4108
- @noble/hashes/esm/utils.js:
4556
+ @noble/hashes/utils.js:
4109
4557
  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4110
4558
 
4111
- @noble/curves/esm/abstract/utils.js:
4559
+ @noble/curves/utils.js:
4112
4560
  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4113
4561
 
4114
- @noble/curves/esm/abstract/modular.js:
4562
+ @noble/curves/abstract/modular.js:
4115
4563
  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4116
4564
 
4117
- @noble/curves/esm/abstract/curve.js:
4565
+ @noble/curves/abstract/curve.js:
4118
4566
  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4119
4567
 
4120
- @noble/curves/esm/abstract/edwards.js:
4568
+ @noble/curves/abstract/edwards.js:
4121
4569
  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4122
4570
 
4123
- @noble/curves/esm/ed25519.js:
4571
+ @noble/curves/ed25519.js:
4124
4572
  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4573
+
4574
+ @noble/hashes/utils.js:
4575
+ (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
4125
4576
  */
4126
4577
 
4127
4578
  try {