@frequency-chain/ethereum-utils 1.17.0-rc5 → 1.17.0-rc7

package/browser/frequency-ethereum-utils.esm.min.js

@@ -137,7 +137,11 @@ function getAugmentedNamespace(n) {
   var f = n.default;
 	if (typeof f == "function") {
 		var a = function a () {
-			if (this instanceof a) {
+			var isInstance = false;
+      try {
+        isInstance = this instanceof a;
+      } catch {}
+			if (isInstance) {
         return Reflect.construct(f, arguments, this.constructor);
 			}
 			return f.apply(this, arguments);
@@ -4553,7 +4557,7 @@ const keccak512 = /*#__PURE__*/ withWasm((wasm, data) => {
 function isReady() {
     return !!bridge.wasm;
 }/*! scure-base - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-function isBytes$2(a) {
+function isBytes$1(a) {
     return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
 }
 function isArrayOf(isString, arr) {
@@ -4713,7 +4717,7 @@ function radix(num) {
     const _256 = 2 ** 8;
     return {
         encode: (bytes) => {
-            if (!isBytes$2(bytes))
+            if (!isBytes$1(bytes))
                 throw new Error('radix.encode input should be Uint8Array');
             return convertRadix(Array.from(bytes), _256, num);
         },
@@ -4815,7 +4819,7 @@ const base58Encode = /*#__PURE__*/ createEncode(config);const crypto$2 = typeof
 // Makes the utils un-importable in browsers without a bundler.
 // Once node.js 18 is deprecated (2025-04-30), we can just drop the import.
 /** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
-function isBytes$1(a) {
+function isBytes(a) {
     return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
 }
 /** Asserts something is positive integer. */
@@ -4824,8 +4828,8 @@ function anumber(n) {
         throw new Error('positive integer expected, got ' + n);
 }
 /** Asserts something is Uint8Array. */
-function abytes$1(b, ...lengths) {
-    if (!isBytes$1(b))
+function abytes(b, ...lengths) {
+    if (!isBytes(b))
         throw new Error('Uint8Array expected');
     if (lengths.length > 0 && !lengths.includes(b.length))
         throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);
@@ -4846,7 +4850,7 @@ function aexists(instance, checkFinished = true) {
 }
 /** Asserts output is properly-sized byte array */
 function aoutput(out, instance) {
-    abytes$1(out);
+    abytes(out);
     const min = instance.outputLen;
     if (out.length < min) {
         throw new Error('digestInto() expects output buffer of length at least ' + min);
@@ -4893,6 +4897,65 @@ function byteSwap32(arr) {
 const swap32IfBE = isLE$1
     ? (u) => u
     : byteSwap32;
+// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex
+const hasHexBuiltin = /* @__PURE__ */ (() => 
+// @ts-ignore
+typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function')();
+// Array where index 0xf0 (240) is mapped to string 'f0'
+const hexes$1 = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
+/**
+ * Convert byte array to hex string. Uses built-in function, when available.
+ * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
+ */
+function bytesToHex$1(bytes) {
+    abytes(bytes);
+    // @ts-ignore
+    if (hasHexBuiltin)
+        return bytes.toHex();
+    // pre-caching improves the speed 6x
+    let hex = '';
+    for (let i = 0; i < bytes.length; i++) {
+        hex += hexes$1[bytes[i]];
+    }
+    return hex;
+}
+// We use optimized technique to convert hex string to byte array
+const asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function asciiToBase16(ch) {
+    if (ch >= asciis._0 && ch <= asciis._9)
+        return ch - asciis._0; // '2' => 50-48
+    if (ch >= asciis.A && ch <= asciis.F)
+        return ch - (asciis.A - 10); // 'B' => 66-(65-10)
+    if (ch >= asciis.a && ch <= asciis.f)
+        return ch - (asciis.a - 10); // 'b' => 98-(97-10)
+    return;
+}
+/**
+ * Convert hex string to byte array. Uses built-in function, when available.
+ * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])
+ */
+function hexToBytes$1(hex) {
+    if (typeof hex !== 'string')
+        throw new Error('hex string expected, got ' + typeof hex);
+    // @ts-ignore
+    if (hasHexBuiltin)
+        return Uint8Array.fromHex(hex);
+    const hl = hex.length;
+    const al = hl / 2;
+    if (hl % 2)
+        throw new Error('hex string expected, got unpadded hex of length ' + hl);
+    const array = new Uint8Array(al);
+    for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+        const n1 = asciiToBase16(hex.charCodeAt(hi));
+        const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
+        if (n1 === undefined || n2 === undefined) {
+            const char = hex[hi] + hex[hi + 1];
+            throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
+        }
+        array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163
+    }
+    return array;
+}
 /**
  * Converts string to bytes using UTF8 encoding.
  * @example utf8ToBytes('abc') // Uint8Array.from([97, 98, 99])
@@ -4910,15 +4973,15 @@ function utf8ToBytes$2(str) {
 function toBytes$1(data) {
     if (typeof data === 'string')
         data = utf8ToBytes$2(data);
-    abytes$1(data);
+    abytes(data);
     return data;
 }
 /** Copies several Uint8Arrays into one. */
-function concatBytes$3(...arrays) {
+function concatBytes$2(...arrays) {
     let sum = 0;
     for (let i = 0; i < arrays.length; i++) {
         const a = arrays[i];
-        abytes$1(a);
+        abytes(a);
         sum += a.length;
     }
     const res = new Uint8Array(sum);
@@ -5032,7 +5095,7 @@ class HashMD extends Hash$1 {
     update(data) {
         aexists(this);
         data = toBytes$1(data);
-        abytes$1(data);
+        abytes(data);
         const { view, buffer, blockLen } = this;
         const len = data.length;
         for (let pos = 0; pos < len;) {
@@ -5260,7 +5323,7 @@ class BLAKE2 extends Hash$1 {
     update(data) {
         aexists(this);
         data = toBytes$1(data);
-        abytes$1(data);
+        abytes(data);
         // Main difference with other hashes: there is flag for last block,
         // so we cannot process current block before we know that there
         // is the next one. This significantly complicates logic and reduces ability
@@ -7530,6 +7593,9 @@ var knownSubstrate = [
         '0xe3777fa922cafbff200cadeaea1a76bd7898ad5b89f7848999058b50e715f636', // Kusama CC2
         '0x3fd7b9eb6a00376e5be61f01abb429ffb0b104be05eaff4d458da48fcd425baf' // Kusama CC1
     ],
+    liberland: [
+        '0x6bd89e052d67a45bb60a9a23e8581053d5e0d619f15cb9865946937e690c42d6'
+    ],
     matrixchain: [
         '0x3af4ff48ec76d2efc8476730f423ac07e25ad48f5f4c9dc39c778b164d808615'
     ],
@@ -7656,6 +7722,7 @@ var knownSubstrate = [
     karura: 0x000002ae,
     khala: 0x000001b2,
     kusama: 0x000001b2,
+    liberland: 0x000002ff,
     matrixchain: 0x00000483,
     nodle: 0x000003eb,
     origintrail: 0x00000162,
@@ -7901,7 +7968,7 @@ let HMAC$1=class HMAC extends Hash$1 {
     }
     digestInto(out) {
         aexists(this);
-        abytes$1(out, this.outputLen);
+        abytes(out, this.outputLen);
         this.finished = true;
         this.iHash.digestInto(out);
         this.oHash.update(out);
@@ -7951,19 +8018,8 @@ hmac$1.create = (hash, key) => new HMAC$1(hash, key);/**
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// 100 lines of code in the file are duplicated from noble-hashes (utils).
-// This is OK: `abstract` directory does not use noble-hashes.
-// User may opt-in into using different hashing library. This way, noble-hashes
-// won't be included into their bundle.
-const _0n$a = /* @__PURE__ */ BigInt(0);
+const _0n$9 = /* @__PURE__ */ BigInt(0);
 const _1n$b = /* @__PURE__ */ BigInt(1);
-function isBytes(a) {
-    return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
-}
-function abytes(item) {
-    if (!isBytes(item))
-        throw new Error('Uint8Array expected');
-}
 function abool(title, value) {
     if (typeof value !== 'boolean')
         throw new Error(title + ' boolean expected, got ' + value);
@@ -7976,66 +8032,7 @@ function numberToHexUnpadded$1(num) {
 function hexToNumber$1(hex) {
     if (typeof hex !== 'string')
         throw new Error('hex string expected, got ' + typeof hex);
-    return hex === '' ? _0n$a : BigInt('0x' + hex); // Big Endian
-}
-// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex
-const hasHexBuiltin = 
-// @ts-ignore
-typeof Uint8Array.from([]).toHex === 'function' && typeof Uint8Array.fromHex === 'function';
-// Array where index 0xf0 (240) is mapped to string 'f0'
-const hexes$1 = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
-/**
- * Convert byte array to hex string. Uses built-in function, when available.
- * @example bytesToHex(Uint8Array.from([0xca, 0xfe, 0x01, 0x23])) // 'cafe0123'
- */
-function bytesToHex$1(bytes) {
-    abytes(bytes);
-    // @ts-ignore
-    if (hasHexBuiltin)
-        return bytes.toHex();
-    // pre-caching improves the speed 6x
-    let hex = '';
-    for (let i = 0; i < bytes.length; i++) {
-        hex += hexes$1[bytes[i]];
-    }
-    return hex;
-}
-// We use optimized technique to convert hex string to byte array
-const asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
-function asciiToBase16(ch) {
-    if (ch >= asciis._0 && ch <= asciis._9)
-        return ch - asciis._0; // '2' => 50-48
-    if (ch >= asciis.A && ch <= asciis.F)
-        return ch - (asciis.A - 10); // 'B' => 66-(65-10)
-    if (ch >= asciis.a && ch <= asciis.f)
-        return ch - (asciis.a - 10); // 'b' => 98-(97-10)
-    return;
-}
-/**
- * Convert hex string to byte array. Uses built-in function, when available.
- * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])
- */
-function hexToBytes$1(hex) {
-    if (typeof hex !== 'string')
-        throw new Error('hex string expected, got ' + typeof hex);
-    // @ts-ignore
-    if (hasHexBuiltin)
-        return Uint8Array.fromHex(hex);
-    const hl = hex.length;
-    const al = hl / 2;
-    if (hl % 2)
-        throw new Error('hex string expected, got unpadded hex of length ' + hl);
-    const array = new Uint8Array(al);
-    for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
-        const n1 = asciiToBase16(hex.charCodeAt(hi));
-        const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
-        if (n1 === undefined || n2 === undefined) {
-            const char = hex[hi] + hex[hi + 1];
-            throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
-        }
-        array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163
-    }
-    return array;
+    return hex === '' ? _0n$9 : BigInt('0x' + hex); // Big Endian
 }
 // BE: Big Endian, LE: Little Endian
 function bytesToNumberBE$1(bytes) {
@@ -8084,25 +8081,16 @@ function ensureBytes$1(title, hex, expectedLength) {
     return res;
 }
 /**
- * Copies several Uint8Arrays into one.
+ * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
  */
-function concatBytes$2(...arrays) {
-    let sum = 0;
-    for (let i = 0; i < arrays.length; i++) {
-        const a = arrays[i];
-        abytes(a);
-        sum += a.length;
-    }
-    const res = new Uint8Array(sum);
-    for (let i = 0, pad = 0; i < arrays.length; i++) {
-        const a = arrays[i];
-        res.set(a, pad);
-        pad += a.length;
-    }
-    return res;
-}
+// export const utf8ToBytes: typeof utf8ToBytes_ = utf8ToBytes_;
+/**
+ * Converts bytes to string using UTF8 encoding.
+ * @example bytesToUtf8(Uint8Array.from([97, 98, 99])) // 'abc'
+ */
+// export const bytesToUtf8: typeof bytesToUtf8_ = bytesToUtf8_;
 // Is positive bigint
-const isPosBig = (n) => typeof n === 'bigint' && _0n$a <= n;
+const isPosBig = (n) => typeof n === 'bigint' && _0n$9 <= n;
 function inRange(n, min, max) {
     return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
 }
@@ -8128,7 +8116,7 @@ function aInRange(title, n, min, max) {
  */
 function bitLen$1(n) {
     let len;
-    for (len = 0; n > _0n$a; n >>= _1n$b, len += 1)
+    for (len = 0; n > _0n$9; n >>= _1n$b, len += 1)
         ;
     return len;
 }
@@ -8137,9 +8125,6 @@ function bitLen$1(n) {
  * Same as BigInt(`0b${Array(i).fill('1').join('')}`)
  */
 const bitMask$1 = (n) => (_1n$b << BigInt(n)) - _1n$b;
-// DRBG
-const u8n$1 = (len) => new Uint8Array(len); // creates Uint8Array
-const u8fr$1 = (arr) => Uint8Array.from(arr); // another shortcut
 /**
  * Minimal HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
  * @returns function that will call DRBG until 2nd arg returns something meaningful
@@ -8155,8 +8140,10 @@ function createHmacDrbg$1(hashLen, qByteLen, hmacFn) {
     if (typeof hmacFn !== 'function')
         throw new Error('hmacFn must be a function');
     // Step B, Step C: set hashLen to 8*ceil(hlen/8)
-    let v = u8n$1(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
-    let k = u8n$1(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same
+    const u8n = (len) => new Uint8Array(len); // creates Uint8Array
+    const u8of = (byte) => Uint8Array.of(byte); // another shortcut
+    let v = u8n(hashLen); // Minimal non-full-spec HMAC-DRBG from NIST 800-90 for RFC6979 sigs.
+    let k = u8n(hashLen); // Steps B and C of RFC6979 3.2: set hashLen, in our case always same
     let i = 0; // Iterations counter, will throw when over 1000
     const reset = () => {
         v.fill(1);
@@ -8164,13 +8151,13 @@ function createHmacDrbg$1(hashLen, qByteLen, hmacFn) {
         i = 0;
     };
     const h = (...b) => hmacFn(k, v, ...b); // hmac(k)(v, ...values)
-    const reseed = (seed = u8n$1(0)) => {
+    const reseed = (seed = u8n(0)) => {
         // HMAC-DRBG reseed() function. Steps D-G
-        k = h(u8fr$1([0x00]), seed); // k = hmac(k || v || 0x00 || seed)
+        k = h(u8of(0x00), seed); // k = hmac(k || v || 0x00 || seed)
         v = h(); // v = hmac(k || v)
         if (seed.length === 0)
             return;
-        k = h(u8fr$1([0x01]), seed); // k = hmac(k || v || 0x01 || seed)
+        k = h(u8of(0x01), seed); // k = hmac(k || v || 0x01 || seed)
         v = h(); // v = hmac(k || v)
     };
     const gen = () => {
@@ -8198,36 +8185,19 @@ function createHmacDrbg$1(hashLen, qByteLen, hmacFn) {
     };
     return genUntil;
 }
-// Validating curves and fields
-const validatorFns$1 = {
-    bigint: (val) => typeof val === 'bigint',
-    function: (val) => typeof val === 'function',
-    boolean: (val) => typeof val === 'boolean',
-    string: (val) => typeof val === 'string',
-    stringOrUint8Array: (val) => typeof val === 'string' || isBytes(val),
-    isSafeInteger: (val) => Number.isSafeInteger(val),
-    array: (val) => Array.isArray(val),
-    field: (val, object) => object.Fp.isValid(val),
-    hash: (val) => typeof val === 'function' && Number.isSafeInteger(val.outputLen),
-};
-// type Record<K extends string | number | symbol, T> = { [P in K]: T; }
-function validateObject$1(object, validators, optValidators = {}) {
-    const checkField = (fieldName, type, isOptional) => {
-        const checkVal = validatorFns$1[type];
-        if (typeof checkVal !== 'function')
-            throw new Error('invalid validator function');
+function _validateObject(object, fields, optFields = {}) {
+    if (!object || typeof object !== 'object')
+        throw new Error('expected valid options object');
+    function checkField(fieldName, expectedType, isOpt) {
         const val = object[fieldName];
-        if (isOptional && val === undefined)
+        if (isOpt && val === undefined)
             return;
-        if (!checkVal(val, object)) {
-            throw new Error('param ' + String(fieldName) + ' is invalid. Expected ' + type + ', got ' + val);
-        }
-    };
-    for (const [fieldName, type] of Object.entries(validators))
-        checkField(fieldName, type, false);
-    for (const [fieldName, type] of Object.entries(optValidators))
-        checkField(fieldName, type, true);
-    return object;
+        const current = typeof val;
+        if (current !== expectedType || val === null)
+            throw new Error(`param "${fieldName}" is invalid: expected ${expectedType}, got ${current}`);
+    }
+    Object.entries(fields).forEach(([k, v]) => checkField(k, v, false));
+    Object.entries(optFields).forEach(([k, v]) => checkField(k, v, true));
 }
 /**
  * Memoizes (caches) computation result.
@@ -8244,25 +8214,26 @@ function memoized(fn) {
         return computed;
     };
 }/**
- * Utils for modular division and finite fields.
- * A finite field over 11 is integer number operations `mod 11`.
+ * Utils for modular division and fields.
+ * Field over 11 is a finite (Galois) field is integer number operations `mod 11`.
  * There is no division: it is replaced by modular multiplicative inverse.
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 // prettier-ignore
-const _0n$9 = BigInt(0), _1n$a = BigInt(1), _2n$6 = /* @__PURE__ */ BigInt(2), _3n$3 = /* @__PURE__ */ BigInt(3);
+const _0n$8 = BigInt(0), _1n$a = BigInt(1), _2n$7 = /* @__PURE__ */ BigInt(2), _3n$3 = /* @__PURE__ */ BigInt(3);
 // prettier-ignore
-const _4n$2 = /* @__PURE__ */ BigInt(4), _5n$1 = /* @__PURE__ */ BigInt(5), _8n$1 = /* @__PURE__ */ BigInt(8);
+const _4n$2 = /* @__PURE__ */ BigInt(4), _5n$1 = /* @__PURE__ */ BigInt(5);
+const _8n$1 = /* @__PURE__ */ BigInt(8);
 // Calculates a modulo b
 function mod$1(a, b) {
     const result = a % b;
-    return result >= _0n$9 ? result : b + result;
+    return result >= _0n$8 ? result : b + result;
 }
 /** Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` */
 function pow2$1(x, power, modulo) {
     let res = x;
-    while (power-- > _0n$9) {
+    while (power-- > _0n$8) {
         res *= res;
         res %= modulo;
     }
@@ -8273,16 +8244,16 @@ function pow2$1(x, power, modulo) {
  * Implemented using [Euclidean GCD](https://brilliant.org/wiki/extended-euclidean-algorithm/).
  */
 function invert$1(number, modulo) {
-    if (number === _0n$9)
+    if (number === _0n$8)
         throw new Error('invert: expected non-zero number');
-    if (modulo <= _0n$9)
+    if (modulo <= _0n$8)
         throw new Error('invert: expected positive modulus, got ' + modulo);
     // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower.
     let a = mod$1(number, modulo);
     let b = modulo;
     // prettier-ignore
-    let x = _0n$9, u = _1n$a;
-    while (a !== _0n$9) {
+    let x = _0n$8, u = _1n$a;
+    while (a !== _0n$8) {
         // JIT applies optimization if those two lines follow each other
         const q = b / a;
         const r = b % a;
@@ -8309,10 +8280,10 @@ function sqrt3mod4(Fp, n) {
 }
 function sqrt5mod8(Fp, n) {
     const p5div8 = (Fp.ORDER - _5n$1) / _8n$1;
-    const n2 = Fp.mul(n, _2n$6);
+    const n2 = Fp.mul(n, _2n$7);
     const v = Fp.pow(n2, p5div8);
     const nv = Fp.mul(n, v);
-    const i = Fp.mul(Fp.mul(nv, _2n$6), v);
+    const i = Fp.mul(Fp.mul(nv, _2n$7), v);
     const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
     if (!Fp.eql(Fp.sqr(root), n))
         throw new Error('Cannot find square root');
@@ -8349,17 +8320,18 @@ function sqrt5mod8(Fp, n) {
  */
 function tonelliShanks$1(P) {
     // Initialization (precomputation).
+    // Caching initialization could boost perf by 7%.
     if (P < BigInt(3))
         throw new Error('sqrt is not defined for small field');
     // Factor P - 1 = Q * 2^S, where Q is odd
     let Q = P - _1n$a;
     let S = 0;
-    while (Q % _2n$6 === _0n$9) {
-        Q /= _2n$6;
+    while (Q % _2n$7 === _0n$8) {
+        Q /= _2n$7;
         S++;
     }
     // Find the first quadratic non-residue Z >= 2
-    let Z = _2n$6;
+    let Z = _2n$7;
     const _Fp = Field$1(P);
     while (FpLegendre(_Fp, Z) === 1) {
         // Basic primality test for P. After x iterations, chance of
@@ -8373,7 +8345,7 @@ function tonelliShanks$1(P) {
     // Slow-path
     // TODO: test on Fp2 and others
     let cc = _Fp.pow(Z, Q); // c = z^Q
-    const Q1div2 = (Q + _1n$a) / _2n$6;
+    const Q1div2 = (Q + _1n$a) / _2n$7;
     return function tonelliSlow(Fp, n) {
         if (Fp.is0(n))
             return n;
@@ -8442,14 +8414,18 @@ function validateField$1(field) {
     const initial = {
         ORDER: 'bigint',
         MASK: 'bigint',
-        BYTES: 'isSafeInteger',
-        BITS: 'isSafeInteger',
+        BYTES: 'number',
+        BITS: 'number',
     };
     const opts = FIELD_FIELDS$1.reduce((map, val) => {
         map[val] = 'function';
         return map;
     }, initial);
-    return validateObject$1(field, opts);
+    _validateObject(field, opts);
+    // const max = 16384;
+    // if (field.BYTES < 1 || field.BYTES > max) throw new Error('invalid field');
+    // if (field.BITS < 1 || field.BITS > 8 * max) throw new Error('invalid field');
+    return field;
 }
 // Generic field functions
 /**
@@ -8457,15 +8433,15 @@ function validateField$1(field) {
  * Unsafe in some contexts: uses ladder, so can expose bigint bits.
  */
 function FpPow$1(Fp, num, power) {
-    if (power < _0n$9)
+    if (power < _0n$8)
         throw new Error('invalid exponent, negatives unsupported');
-    if (power === _0n$9)
+    if (power === _0n$8)
         return Fp.ONE;
     if (power === _1n$a)
         return num;
     let p = Fp.ONE;
     let d = num;
-    while (power > _0n$9) {
+    while (power > _0n$8) {
         if (power & _1n$a)
             p = Fp.mul(p, d);
         d = Fp.sqr(d);
@@ -8510,7 +8486,7 @@ function FpInvertBatch$1(Fp, nums, passZero = false) {
 function FpLegendre(Fp, n) {
     // We can use 3rd argument as optional cache of this value
     // but seems unneeded for now. The operation is very fast.
-    const p1mod2 = (Fp.ORDER - _1n$a) / _2n$6;
+    const p1mod2 = (Fp.ORDER - _1n$a) / _2n$7;
     const powered = Fp.pow(n, p1mod2);
     const yes = Fp.eql(powered, Fp.ONE);
     const zero = Fp.eql(powered, Fp.ZERO);
@@ -8529,24 +8505,47 @@ function nLength$1(n, nBitLength) {
     return { nBitLength: _nBitLength, nByteLength };
 }
 /**
- * Initializes a finite field over prime.
- * Major performance optimizations:
- * * a) denormalized operations like mulN instead of mul
- * * b) same object shape: never add or remove keys
- * * c) Object.freeze
+ * Creates a finite field. Major performance optimizations:
+ * * 1. Denormalized operations like mulN instead of mul.
+ * * 2. Identical object shape: never add or remove keys.
+ * * 3. `Object.freeze`.
  * Fragile: always run a benchmark on a change.
  * Security note: operations don't check 'isValid' for all elements for performance reasons,
  * it is caller responsibility to check this.
  * This is low-level code, please make sure you know what you're doing.
- * @param ORDER prime positive bigint
+ *
+ * Note about field properties:
+ * * CHARACTERISTIC p = prime number, number of elements in main subgroup.
+ * * ORDER q = similar to cofactor in curves, may be composite `q = p^m`.
+ *
+ * @param ORDER field order, probably prime, or could be composite
  * @param bitLen how many bits the field consumes
- * @param isLE (def: false) if encoding / decoding should be in little-endian
+ * @param isLE (default: false) if encoding / decoding should be in little-endian
  * @param redef optional faster redefinitions of sqrt and other methods
  */
-function Field$1(ORDER, bitLen, isLE = false, redef = {}) {
-    if (ORDER <= _0n$9)
+function Field$1(ORDER, bitLenOrOpts, isLE = false, opts = {}) {
+    if (ORDER <= _0n$8)
         throw new Error('invalid field: expected ORDER > 0, got ' + ORDER);
-    const { nBitLength: BITS, nByteLength: BYTES } = nLength$1(ORDER, bitLen);
+    let _nbitLength = undefined;
+    let _sqrt = undefined;
+    if (typeof bitLenOrOpts === 'object' && bitLenOrOpts != null) {
+        if (opts.sqrt || isLE)
+            throw new Error('cannot specify opts in two arguments');
+        const _opts = bitLenOrOpts;
+        if (_opts.BITS)
+            _nbitLength = _opts.BITS;
+        if (_opts.sqrt)
+            _sqrt = _opts.sqrt;
+        if (typeof _opts.isLE === 'boolean')
+            isLE = _opts.isLE;
+    }
+    else {
+        if (typeof bitLenOrOpts === 'number')
+            _nbitLength = bitLenOrOpts;
+        if (opts.sqrt)
+            _sqrt = opts.sqrt;
+    }
+    const { nBitLength: BITS, nByteLength: BYTES } = nLength$1(ORDER, _nbitLength);
     if (BYTES > 2048)
         throw new Error('invalid field: expected ORDER of <= 2048 bytes');
     let sqrtP; // cached sqrtP
@@ -8556,15 +8555,17 @@ function Field$1(ORDER, bitLen, isLE = false, redef = {}) {
         BITS,
         BYTES,
         MASK: bitMask$1(BITS),
-        ZERO: _0n$9,
+        ZERO: _0n$8,
         ONE: _1n$a,
         create: (num) => mod$1(num, ORDER),
         isValid: (num) => {
             if (typeof num !== 'bigint')
                 throw new Error('invalid field element: expected bigint, got ' + typeof num);
-            return _0n$9 <= num && num < ORDER; // 0 is valid element, but it's not invertible
+            return _0n$8 <= num && num < ORDER; // 0 is valid element, but it's not invertible
         },
-        is0: (num) => num === _0n$9,
+        is0: (num) => num === _0n$8,
+        // is valid and invertible
+        isValidNot0: (num) => !f.is0(num) && f.isValid(num),
         isOdd: (num) => (num & _1n$a) === _1n$a,
         neg: (num) => mod$1(-num, ORDER),
         eql: (lhs, rhs) => lhs === rhs,
@@ -8580,7 +8581,7 @@ function Field$1(ORDER, bitLen, isLE = false, redef = {}) {
         subN: (lhs, rhs) => lhs - rhs,
         mulN: (lhs, rhs) => lhs * rhs,
         inv: (num) => invert$1(num, ORDER),
-        sqrt: redef.sqrt ||
+        sqrt: _sqrt ||
             ((n) => {
                 if (!sqrtP)
                     sqrtP = FpSqrt$1(ORDER);
@@ -8653,12 +8654,25 @@ function mapHashToField$1(key, fieldOrder, isLE = false) {
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const _0n$8 = BigInt(0);
+const _0n$7 = BigInt(0);
 const _1n$9 = BigInt(1);
-function constTimeNegate(condition, item) {
+function negateCt(condition, item) {
     const neg = item.negate();
     return condition ? neg : item;
 }
+/**
+ * Takes a bunch of Projective Points but executes only one
+ * inversion on all of them. Inversion is very slow operation,
+ * so this improves performance massively.
+ * Optimization: converts a list of projective points to a list of identical points with Z=1.
+ */
+function normalizeZ(c, property, points) {
+    const getz = (p) => p.pz ;
+    const toInv = FpInvertBatch$1(c.Fp, points.map(getz));
+    // @ts-ignore
+    const affined = points.map((p, i) => p.toAffine(toInv[i]));
+    return affined.map(c.fromAffine);
+}
 function validateW(W, bits) {
     if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
         throw new Error('invalid window size, expected [1..' + bits + '], got W=' + W);
@@ -8718,6 +8732,10 @@ const pointWindowSizes = new WeakMap();
 function getW(P) {
     return pointWindowSizes.get(P) || 1;
 }
+function assert0(n) {
+    if (n !== _0n$7)
+        throw new Error('invalid wNAF');
+}
 /**
  * Elliptic curve multiplication of Point by scalar. Fragile.
  * Scalars should always be less than curve order: this should be checked inside of a curve itself.
@@ -8734,14 +8752,14 @@ function getW(P) {
  */
 function wNAF$1(c, bits) {
     return {
-        constTimeNegate,
+        constTimeNegate: negateCt,
         hasPrecomputes(elm) {
             return getW(elm) !== 1;
         },
         // non-const time multiplication ladder
         unsafeLadder(elm, n, p = c.ZERO) {
             let d = elm;
-            while (n > _0n$8) {
+            while (n > _0n$7) {
                 if (n & _1n$9)
                     p = p.add(d);
                 d = d.double();
@@ -8807,13 +8825,14 @@ function wNAF$1(c, bits) {
                 if (isZero) {
                     // bits are 0: add garbage to fake point
                     // Important part for const-time getPublicKey: add random "noise" point to f.
-                    f = f.add(constTimeNegate(isNegF, precomputes[offsetF]));
+                    f = f.add(negateCt(isNegF, precomputes[offsetF]));
                 }
                 else {
                     // bits are 1: add to result point
-                    p = p.add(constTimeNegate(isNeg, precomputes[offset]));
+                    p = p.add(negateCt(isNeg, precomputes[offset]));
                 }
             }
+            assert0(n);
             // Return both real and fake points: JIT won't eliminate f.
             // At this point there is a way to F be infinity-point even if p is not,
             // which makes it less const-time: around 1 bigint multiply.
@@ -8830,7 +8849,7 @@ function wNAF$1(c, bits) {
         wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
             const wo = calcWOpts(W, bits);
             for (let window = 0; window < wo.windows; window++) {
-                if (n === _0n$8)
+                if (n === _0n$7)
                     break; // Early-exit, skip 0 value
                 const { nextN, offset, isZero, isNeg } = calcOffsets(n, window, wo);
                 n = nextN;
@@ -8844,6 +8863,7 @@ function wNAF$1(c, bits) {
                     acc = acc.add(isNeg ? item.negate() : item); // Re-using acc allows to save adds in MSM
                 }
             }
+            assert0(n);
             return acc;
         },
         getPrecomputes(W, P, transform) {
@@ -8851,8 +8871,12 @@ function wNAF$1(c, bits) {
             let comp = pointPrecomputes.get(P);
             if (!comp) {
                 comp = this.precomputeWindow(P, W);
-                if (W !== 1)
-                    pointPrecomputes.set(P, transform(comp));
+                if (W !== 1) {
+                    // Doing transform outside of if brings 15% perf hit
+                    if (typeof transform === 'function')
+                        comp = transform(comp);
+                    pointPrecomputes.set(P, comp);
+                }
             }
             return comp;
         },
@@ -8876,6 +8900,25 @@ function wNAF$1(c, bits) {
         },
     };
 }
+/**
+ * Endomorphism-specific multiplication for Koblitz curves.
+ * Cost: 128 dbl, 0-256 adds.
+ */
+function mulEndoUnsafe(c, point, k1, k2) {
+    let acc = point;
+    let p1 = c.ZERO;
+    let p2 = c.ZERO;
+    while (k1 > _0n$7 || k2 > _0n$7) {
+        if (k1 & _1n$9)
+            p1 = p1.add(acc);
+        if (k2 & _1n$9)
+            p2 = p2.add(acc);
+        acc = acc.double();
+        k1 >>= _1n$9;
+        k2 >>= _1n$9;
+    }
+    return { p1, p2 };
+}
 /**
  * Pippenger algorithm for multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).
  * 30x faster vs naive addition on L=4096, 10x faster than precomputes.
@@ -8933,39 +8976,39 @@ function pippenger(c, fieldN, points, scalars) {
     }
     return sum;
 }
-function validateBasic$1(curve) {
-    validateField$1(curve.Fp);
-    validateObject$1(curve, {
-        n: 'bigint',
-        h: 'bigint',
-        Gx: 'field',
-        Gy: 'field',
-    }, {
-        nBitLength: 'isSafeInteger',
-        nByteLength: 'isSafeInteger',
-    });
-    // Set defaults
-    return Object.freeze({
-        ...nLength$1(curve.n, curve.nBitLength),
-        ...curve,
-        ...{ p: curve.Fp.ORDER },
-    });
+function createField(order, field) {
+    if (field) {
+        if (field.ORDER !== order)
+            throw new Error('Field.ORDER must match order: Fp == p, Fn == n');
+        validateField$1(field);
+        return field;
+    }
+    else {
+        return Field$1(order);
+    }
+}
+/** Validates CURVE opts and creates fields */
+function _createCurveFields(type, CURVE, curveOpts = {}) {
+    if (!CURVE || typeof CURVE !== 'object')
+        throw new Error(`expected valid ${type} CURVE object`);
+    for (const p of ['p', 'n', 'h']) {
+        const val = CURVE[p];
+        if (!(typeof val === 'bigint' && val > _0n$7))
+            throw new Error(`CURVE.${p} must be positive bigint`);
+    }
+    const Fp = createField(CURVE.p, curveOpts.Fp);
+    const Fn = createField(CURVE.n, curveOpts.Fn);
+    const _b = 'b' ;
+    const params = ['Gx', 'Gy', 'a', _b];
+    for (const p of params) {
+        // @ts-ignore
+        if (!Fp.isValid(CURVE[p]))
+            throw new Error(`CURVE.${p} must be valid field element of CURVE.Fp`);
+    }
+    return { Fp, Fn };
 }/**
  * Short Weierstrass curve methods. The formula is: y² = x³ + ax + b.
  *
- * ### Parameters
- *
- * To initialize a weierstrass curve, one needs to pass following params:
- *
- * * a: formula param
- * * b: formula param
- * * Fp: finite field of prime characteristic P; may be complex (Fp2). Arithmetics is done in field
- * * n: order of prime subgroup a.k.a total amount of valid curve points
- * * Gx: Base point (x, y) aka generator point. Gx = x coordinate
- * * Gy: ...y coordinate
- * * h: cofactor, usually 1. h*n = curve group order (n is only subgroup order)
- * * lowS: whether to enable (default) or disable "low-s" non-malleable signatures
- *
  * ### Design rationale for types
  *
  * * Interaction between classes from different curves should fail:
@@ -8990,40 +9033,12 @@ function validateBasic$1(curve) {
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// prettier-ignore
 function validateSigVerOpts(opts) {
     if (opts.lowS !== undefined)
         abool('lowS', opts.lowS);
     if (opts.prehash !== undefined)
         abool('prehash', opts.prehash);
 }
-function validatePointOpts$1(curve) {
-    const opts = validateBasic$1(curve);
-    validateObject$1(opts, {
-        a: 'field',
-        b: 'field',
-    }, {
-        allowInfinityPoint: 'boolean',
-        allowedPrivateKeyLengths: 'array',
-        clearCofactor: 'function',
-        fromBytes: 'function',
-        isTorsionFree: 'function',
-        toBytes: 'function',
-        wrapPrivateKey: 'boolean',
-    });
-    const { endo, Fp, a } = opts;
-    if (endo) {
-        if (!Fp.eql(a, Fp.ZERO)) {
-            throw new Error('invalid endo: CURVE.a must be 0');
-        }
-        if (typeof endo !== 'object' ||
-            typeof endo.beta !== 'bigint' ||
-            typeof endo.splitScalar !== 'function') {
-            throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function');
-        }
-    }
-    return Object.freeze({ ...opts });
-}
 class DERErr extends Error {
     constructor(m = '') {
         super(m);
@@ -9100,7 +9115,7 @@ const DER$1 = {
     _int: {
         encode(num) {
             const { Err: E } = DER$1;
-            if (num < _0n$7)
+            if (num < _0n$6)
                 throw new E('integer: negative integers are not allowed');
             let hex = numberToHexUnpadded$1(num);
             // Pad with zero byte if negative flag is present
@@ -9140,40 +9155,139 @@ const DER$1 = {
         return tlv.encode(0x30, seq);
     },
 };
-function numToSizedHex(num, size) {
-    return bytesToHex$1(numberToBytesBE$1(num, size));
-}
 // Be friendly to bad ECMAScript parsers by not using bigint literals
 // prettier-ignore
-const _0n$7 = BigInt(0), _1n$8 = BigInt(1); BigInt(2); const _3n$2 = BigInt(3), _4n$1 = BigInt(4);
-function weierstrassPoints$1(opts) {
-    const CURVE = validatePointOpts$1(opts);
-    const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ
-    const Fn = Field$1(CURVE.n, CURVE.nBitLength);
-    const toBytes = CURVE.toBytes ||
-        ((_c, point, _isCompressed) => {
-            const a = point.toAffine();
-            return concatBytes$2(Uint8Array.from([0x04]), Fp.toBytes(a.x), Fp.toBytes(a.y));
-        });
-    const fromBytes = CURVE.fromBytes ||
-        ((bytes) => {
-            // const head = bytes[0];
-            const tail = bytes.subarray(1);
-            // if (head !== 0x04) throw new Error('Only non-compressed encoding is supported');
-            const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
-            const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
-            return { x, y };
-        });
+const _0n$6 = BigInt(0), _1n$8 = BigInt(1), _2n$6 = BigInt(2), _3n$2 = BigInt(3), _4n$1 = BigInt(4);
+// TODO: remove
+function _legacyHelperEquat(Fp, a, b) {
     /**
      * y² = x³ + ax + b: Short weierstrass curve formula. Takes x, returns y².
      * @returns y²
      */
     function weierstrassEquation(x) {
-        const { a, b } = CURVE;
         const x2 = Fp.sqr(x); // x * x
         const x3 = Fp.mul(x2, x); // x² * x
         return Fp.add(Fp.add(x3, Fp.mul(x, a)), b); // x³ + a * x + b
     }
+    return weierstrassEquation;
+}
+function _legacyHelperNormPriv(Fn, allowedPrivateKeyLengths, wrapPrivateKey) {
+    const { BYTES: expected } = Fn;
+    // Validates if priv key is valid and converts it to bigint.
+    function normPrivateKeyToScalar(key) {
+        let num;
+        if (typeof key === 'bigint') {
+            num = key;
+        }
+        else {
+            let bytes = ensureBytes$1('private key', key);
+            if (allowedPrivateKeyLengths) {
+                if (!allowedPrivateKeyLengths.includes(bytes.length * 2))
+                    throw new Error('invalid private key');
+                const padded = new Uint8Array(expected);
+                padded.set(bytes, padded.length - bytes.length);
+                bytes = padded;
+            }
+            try {
+                num = Fn.fromBytes(bytes);
+            }
+            catch (error) {
+                throw new Error(`invalid private key: expected ui8a of size ${expected}, got ${typeof key}`);
+            }
+        }
+        if (wrapPrivateKey)
+            num = Fn.create(num); // disabled by default, enabled for BLS
+        if (!Fn.isValidNot0(num))
+            throw new Error('invalid private key: out of range [1..N-1]');
+        return num;
+    }
+    return normPrivateKeyToScalar;
+}
+function weierstrassN(CURVE, curveOpts = {}) {
+    const { Fp, Fn } = _createCurveFields('weierstrass', CURVE, curveOpts);
+    const { h: cofactor, n: CURVE_ORDER } = CURVE;
+    _validateObject(curveOpts, {}, {
+        allowInfinityPoint: 'boolean',
+        clearCofactor: 'function',
+        isTorsionFree: 'function',
+        fromBytes: 'function',
+        toBytes: 'function',
+        endo: 'object',
+        wrapPrivateKey: 'boolean',
+    });
+    const { endo } = curveOpts;
+    if (endo) {
+        // validateObject(endo, { beta: 'bigint', splitScalar: 'function' });
+        if (!Fp.is0(CURVE.a) ||
+            typeof endo.beta !== 'bigint' ||
+            typeof endo.splitScalar !== 'function') {
+            throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function');
+        }
+    }
+    function assertCompressionIsSupported() {
+        if (!Fp.isOdd)
+            throw new Error('compression is not supported: Field does not have .isOdd()');
+    }
+    // Implements IEEE P1363 point encoding
+    function pointToBytes(_c, point, isCompressed) {
+        const { x, y } = point.toAffine();
+        const bx = Fp.toBytes(x);
+        abool('isCompressed', isCompressed);
+        if (isCompressed) {
+            assertCompressionIsSupported();
+            const hasEvenY = !Fp.isOdd(y);
+            return concatBytes$2(pprefix(hasEvenY), bx);
+        }
+        else {
+            return concatBytes$2(Uint8Array.of(0x04), bx, Fp.toBytes(y));
+        }
+    }
+    function pointFromBytes(bytes) {
+        abytes(bytes);
+        const L = Fp.BYTES;
+        const LC = L + 1; // length compressed, e.g. 33 for 32-byte field
+        const LU = 2 * L + 1; // length uncompressed, e.g. 65 for 32-byte field
+        const length = bytes.length;
+        const head = bytes[0];
+        const tail = bytes.subarray(1);
+        // No actual validation is done here: use .assertValidity()
+        if (length === LC && (head === 0x02 || head === 0x03)) {
+            const x = Fp.fromBytes(tail);
+            if (!Fp.isValid(x))
+                throw new Error('bad point: is not on curve, wrong x');
+            const y2 = weierstrassEquation(x); // y² = x³ + ax + b
+            let y;
+            try {
+                y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
+            }
+            catch (sqrtError) {
+                const err = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
+                throw new Error('bad point: is not on curve, sqrt error' + err);
+            }
+            assertCompressionIsSupported();
+            const isYOdd = Fp.isOdd(y); // (y & _1n) === _1n;
+            const isHeadOdd = (head & 1) === 1; // ECDSA-specific
+            if (isHeadOdd !== isYOdd)
+                y = Fp.neg(y);
+            return { x, y };
+        }
+        else if (length === LU && head === 0x04) {
+            // TODO: more checks
+            const x = Fp.fromBytes(tail.subarray(L * 0, L * 1));
+            const y = Fp.fromBytes(tail.subarray(L * 1, L * 2));
+            if (!isValidXY(x, y))
+                throw new Error('bad point: is not on curve');
+            return { x, y };
+        }
+        else {
+            throw new Error(`bad point: got length ${length}, expected compressed=${LC} or uncompressed=${LU}`);
+        }
+    }
+    const toBytes = curveOpts.toBytes || pointToBytes;
+    const fromBytes = curveOpts.fromBytes || pointFromBytes;
+    const weierstrassEquation = _legacyHelperEquat(Fp, CURVE.a, CURVE.b);
+    // TODO: move top-level
+    /** Checks whether equation holds for given x, y: y² == x³ + ax + b */
     function isValidXY(x, y) {
         const left = Fp.sqr(y); // y²
         const right = weierstrassEquation(x); // x³ + ax + b
@@ -9189,36 +9303,11 @@ function weierstrassPoints$1(opts) {
     const _27b2 = Fp.mul(Fp.sqr(CURVE.b), BigInt(27));
     if (Fp.is0(Fp.add(_4a3, _27b2)))
         throw new Error('bad curve params: a or b');
-    // Valid group elements reside in range 1..n-1
-    function isWithinCurveOrder(num) {
-        return inRange(num, _1n$8, CURVE.n);
-    }
-    // Validates if priv key is valid and converts it to bigint.
-    // Supports options allowedPrivateKeyLengths and wrapPrivateKey.
-    function normPrivateKeyToScalar(key) {
-        const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;
-        if (lengths && typeof key !== 'bigint') {
-            if (isBytes(key))
-                key = bytesToHex$1(key);
-            // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes
-            if (typeof key !== 'string' || !lengths.includes(key.length))
-                throw new Error('invalid private key');
-            key = key.padStart(nByteLength * 2, '0');
-        }
-        let num;
-        try {
-            num =
-                typeof key === 'bigint'
-                    ? key
-                    : bytesToNumberBE$1(ensureBytes$1('private key', key, nByteLength));
-        }
-        catch (error) {
-            throw new Error('invalid private key, expected hex or ' + nByteLength + ' bytes, got ' + typeof key);
-        }
-        if (wrapPrivateKey)
-            num = mod$1(num, N); // disabled by default, enabled for BLS
-        aInRange('private key', num, _1n$8, N); // num in range [1..N-1]
-        return num;
+    /** Asserts coordinate is valid: 0 <= n < Fp.ORDER. */
+    function acoord(title, n, banZero = false) {
+        if (!Fp.isValid(n) || (banZero && Fp.is0(n)))
+            throw new Error(`bad point coordinate ${title}`);
+        return n;
     }
     function aprjpoint(other) {
         if (!(other instanceof Point))
@@ -9254,50 +9343,48 @@ function weierstrassPoints$1(opts) {
             // (0, 1, 0) aka ZERO is invalid in most contexts.
             // In BLS, ZERO can be serialized, so we allow it.
             // (0, 0, 0) is invalid representation of ZERO.
-            if (CURVE.allowInfinityPoint && !Fp.is0(p.py))
+            if (curveOpts.allowInfinityPoint && !Fp.is0(p.py))
                 return;
             throw new Error('bad point: ZERO');
         }
         // Some 3rd-party test vectors require different wording between here & `fromCompressedHex`
         const { x, y } = p.toAffine();
-        // Check if x, y are valid field elements
         if (!Fp.isValid(x) || !Fp.isValid(y))
-            throw new Error('bad point: x or y not FE');
+            throw new Error('bad point: x or y not field elements');
         if (!isValidXY(x, y))
             throw new Error('bad point: equation left != right');
         if (!p.isTorsionFree())
             throw new Error('bad point: not in prime-order subgroup');
         return true;
     });
+    function finishEndo(endoBeta, k1p, k2p, k1neg, k2neg) {
+        k2p = new Point(Fp.mul(k2p.px, endoBeta), k2p.py, k2p.pz);
+        k1p = negateCt(k1neg, k1p);
+        k2p = negateCt(k2neg, k2p);
+        return k1p.add(k2p);
+    }
     /**
-     * Projective Point works in 3d / projective (homogeneous) coordinates: (X, Y, Z) ∋ (x=X/Z, y=Y/Z)
-     * Default Point works in 2d / affine coordinates: (x, y)
+     * Projective Point works in 3d / projective (homogeneous) coordinates:(X, Y, Z) ∋ (x=X/Z, y=Y/Z).
+     * Default Point works in 2d / affine coordinates: (x, y).
      * We're doing calculations in projective, because its operations don't require costly inversion.
      */
     class Point {
+        /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
         constructor(px, py, pz) {
-            if (px == null || !Fp.isValid(px))
-                throw new Error('x required');
-            if (py == null || !Fp.isValid(py) || Fp.is0(py))
-                throw new Error('y required');
-            if (pz == null || !Fp.isValid(pz))
-                throw new Error('z required');
-            this.px = px;
-            this.py = py;
-            this.pz = pz;
+            this.px = acoord('x', px);
+            this.py = acoord('y', py, true);
+            this.pz = acoord('z', pz);
             Object.freeze(this);
         }
-        // Does not validate if the point is on-curve.
-        // Use fromHex instead, or call assertValidity() later.
+        /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
         static fromAffine(p) {
             const { x, y } = p || {};
             if (!p || !Fp.isValid(x) || !Fp.isValid(y))
                 throw new Error('invalid affine point');
             if (p instanceof Point)
                 throw new Error('projective point not allowed');
-            const is0 = (i) => Fp.eql(i, Fp.ZERO);
-            // fromAffine(x:0, y:0) would produce (x:0, y:0, z:1), but we need (x:0, y:1, z:0)
-            if (is0(x) && is0(y))
+            // (0, 0) would've produced (0, 0, 1) - instead, we need (0, 1, 0)
+            if (Fp.is0(x) && Fp.is0(y))
                 return Point.ZERO;
             return new Point(x, y, Fp.ONE);
         }
@@ -9307,50 +9394,56 @@ function weierstrassPoints$1(opts) {
         get y() {
             return this.toAffine().y;
         }
-        /**
-         * Takes a bunch of Projective Points but executes only one
-         * inversion on all of them. Inversion is very slow operation,
-         * so this improves performance massively.
-         * Optimization: converts a list of projective points to a list of identical points with Z=1.
-         */
         static normalizeZ(points) {
-            const toInv = FpInvertBatch$1(Fp, points.map((p) => p.pz));
-            return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);
+            return normalizeZ(Point, 'pz', points);
         }
-        /**
-         * Converts hash string or Uint8Array to Point.
-         * @param hex short/long ECDSA hex
-         */
+        static fromBytes(bytes) {
+            abytes(bytes);
+            return Point.fromHex(bytes);
+        }
+        /** Converts hash string or Uint8Array to Point. */
         static fromHex(hex) {
             const P = Point.fromAffine(fromBytes(ensureBytes$1('pointHex', hex)));
             P.assertValidity();
             return P;
         }
-        // Multiplies generator point by privateKey.
+        /** Multiplies generator point by privateKey. */
         static fromPrivateKey(privateKey) {
+            const normPrivateKeyToScalar = _legacyHelperNormPriv(Fn, curveOpts.allowedPrivateKeyLengths, curveOpts.wrapPrivateKey);
             return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));
         }
-        // Multiscalar Multiplication
+        /** Multiscalar Multiplication */
         static msm(points, scalars) {
             return pippenger(Point, Fn, points, scalars);
         }
-        // "Private method", don't use it directly
-        _setWindowSize(windowSize) {
+        /**
+         *
+         * @param windowSize
+         * @param isLazy true will defer table computation until the first multiplication
+         * @returns
+         */
+        precompute(windowSize = 8, isLazy = true) {
             wnaf.setWindowSize(this, windowSize);
+            if (!isLazy)
+                this.multiply(_3n$2); // random number
+            return this;
         }
-        // A point on curve is valid if it conforms to equation.
+        /** "Private method", don't use it directly */
+        _setWindowSize(windowSize) {
+            this.precompute(windowSize);
+        }
+        // TODO: return `this`
+        /** A point on curve is valid if it conforms to equation. */
         assertValidity() {
             assertValidMemo(this);
         }
         hasEvenY() {
             const { y } = this.toAffine();
-            if (Fp.isOdd)
-                return !Fp.isOdd(y);
-            throw new Error("Field doesn't support isOdd");
+            if (!Fp.isOdd)
+                throw new Error("Field doesn't support isOdd");
+            return !Fp.isOdd(y);
         }
-        /**
-         * Compare one point to another.
-         */
+        /** Compare one point to another. */
         equals(other) {
             aprjpoint(other);
             const { px: X1, py: Y1, pz: Z1 } = this;
@@ -9359,9 +9452,7 @@ function weierstrassPoints$1(opts) {
             const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));
             return U1 && U2;
         }
-        /**
-         * Flips point to one corresponding to (x, -y) in Affine coordinates.
-         */
+        /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
         negate() {
             return new Point(this.px, Fp.neg(this.py), this.pz);
         }
@@ -9466,47 +9557,6 @@ function weierstrassPoints$1(opts) {
         is0() {
             return this.equals(Point.ZERO);
         }
-        wNAF(n) {
-            return wnaf.wNAFCached(this, n, Point.normalizeZ);
-        }
-        /**
-         * Non-constant-time multiplication. Uses double-and-add algorithm.
-         * It's faster, but should only be used when you don't care about
-         * an exposed private key e.g. sig verification, which works over *public* keys.
-         */
-        multiplyUnsafe(sc) {
-            const { endo, n: N } = CURVE;
-            aInRange('scalar', sc, _0n$7, N);
-            const I = Point.ZERO;
-            if (sc === _0n$7)
-                return I;
-            if (this.is0() || sc === _1n$8)
-                return this;
-            // Case a: no endomorphism. Case b: has precomputes.
-            if (!endo || wnaf.hasPrecomputes(this))
-                return wnaf.wNAFCachedUnsafe(this, sc, Point.normalizeZ);
-            // Case c: endomorphism
-            /** See docs for {@link EndomorphismOpts} */
-            let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
-            let k1p = I;
-            let k2p = I;
-            let d = this;
-            while (k1 > _0n$7 || k2 > _0n$7) {
-                if (k1 & _1n$8)
-                    k1p = k1p.add(d);
-                if (k2 & _1n$8)
-                    k2p = k2p.add(d);
-                d = d.double();
-                k1 >>= _1n$8;
-                k2 >>= _1n$8;
-            }
-            if (k1neg)
-                k1p = k1p.negate();
-            if (k2neg)
-                k2p = k2p.negate();
-            k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
-            return k1p.add(k2p);
-        }
         /**
          * Constant time multiplication.
          * Uses wNAF method. Windowed method may be 10% faster,
@@ -9517,22 +9567,21 @@ function weierstrassPoints$1(opts) {
          * @returns New point
          */
         multiply(scalar) {
-            const { endo, n: N } = CURVE;
-            aInRange('scalar', scalar, _1n$8, N);
+            const { endo } = curveOpts;
+            if (!Fn.isValidNot0(scalar))
+                throw new Error('invalid scalar: out of range'); // 0 is invalid
             let point, fake; // Fake point is used to const-time mult
+            const mul = (n) => wnaf.wNAFCached(this, n, Point.normalizeZ);
             /** See docs for {@link EndomorphismOpts} */
             if (endo) {
                 const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);
-                let { p: k1p, f: f1p } = this.wNAF(k1);
-                let { p: k2p, f: f2p } = this.wNAF(k2);
-                k1p = wnaf.constTimeNegate(k1neg, k1p);
-                k2p = wnaf.constTimeNegate(k2neg, k2p);
-                k2p = new Point(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
-                point = k1p.add(k2p);
-                fake = f1p.add(f2p);
+                const { p: k1p, f: k1f } = mul(k1);
+                const { p: k2p, f: k2f } = mul(k2);
+                fake = k1f.add(k2f);
+                point = finishEndo(endo.beta, k1p, k2p, k1neg, k2neg);
             }
             else {
-                const { p, f } = this.wNAF(scalar);
+                const { p, f } = mul(scalar);
                 point = p;
                 fake = f;
             }
@@ -9540,162 +9589,124 @@ function weierstrassPoints$1(opts) {
             return Point.normalizeZ([point, fake])[0];
         }
         /**
-         * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.
-         * Not using Strauss-Shamir trick: precomputation tables are faster.
-         * The trick could be useful if both P and Q are not G (not in our case).
-         * @returns non-zero affine point
+         * Non-constant-time multiplication. Uses double-and-add algorithm.
+         * It's faster, but should only be used when you don't care about
+         * an exposed private key e.g. sig verification, which works over *public* keys.
          */
+        multiplyUnsafe(sc) {
+            const { endo } = curveOpts;
+            const p = this;
+            if (!Fn.isValid(sc))
+                throw new Error('invalid scalar: out of range'); // 0 is valid
+            if (sc === _0n$6 || p.is0())
+                return Point.ZERO;
+            if (sc === _1n$8)
+                return p; // fast-path
+            if (wnaf.hasPrecomputes(this))
+                return this.multiply(sc);
+            if (endo) {
+                const { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
+                // `wNAFCachedUnsafe` is 30% slower
+                const { p1, p2 } = mulEndoUnsafe(Point, p, k1, k2);
+                return finishEndo(endo.beta, p1, p2, k1neg, k2neg);
+            }
+            else {
+                return wnaf.wNAFCachedUnsafe(p, sc);
+            }
+        }
         multiplyAndAddUnsafe(Q, a, b) {
-            const G = Point.BASE; // No Strauss-Shamir trick: we have 10% faster G precomputes
-            const mul = (P, a // Select faster multiply() method
-            ) => (a === _0n$7 || a === _1n$8 || !P.equals(G) ? P.multiplyUnsafe(a) : P.multiply(a));
-            const sum = mul(this, a).add(mul(Q, b));
+            const sum = this.multiplyUnsafe(a).add(Q.multiplyUnsafe(b));
             return sum.is0() ? undefined : sum;
         }
-        // Converts Projective point to affine (x, y) coordinates.
-        // Can accept precomputed Z^-1 - for example, from invertBatch.
-        // (x, y, z) ∋ (x=x/z, y=y/z)
-        toAffine(iz) {
-            return toAffineMemo(this, iz);
-        }
+        /**
+         * Converts Projective point to affine (x, y) coordinates.
+         * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
+         */
+        toAffine(invertedZ) {
+            return toAffineMemo(this, invertedZ);
+        }
+        /**
+         * Checks whether Point is free of torsion elements (is in prime subgroup).
+         * Always torsion-free for cofactor=1 curves.
+         */
         isTorsionFree() {
-            const { h: cofactor, isTorsionFree } = CURVE;
+            const { isTorsionFree } = curveOpts;
             if (cofactor === _1n$8)
-                return true; // No subgroups, always torsion-free
+                return true;
             if (isTorsionFree)
                 return isTorsionFree(Point, this);
-            throw new Error('isTorsionFree() has not been declared for the elliptic curve');
+            return wnaf.wNAFCachedUnsafe(this, CURVE_ORDER).is0();
         }
         clearCofactor() {
-            const { h: cofactor, clearCofactor } = CURVE;
+            const { clearCofactor } = curveOpts;
             if (cofactor === _1n$8)
                 return this; // Fast-path
             if (clearCofactor)
                 return clearCofactor(Point, this);
-            return this.multiplyUnsafe(CURVE.h);
+            return this.multiplyUnsafe(cofactor);
         }
-        toRawBytes(isCompressed = true) {
+        toBytes(isCompressed = true) {
             abool('isCompressed', isCompressed);
             this.assertValidity();
             return toBytes(Point, this, isCompressed);
         }
+        /** @deprecated use `toBytes` */
+        toRawBytes(isCompressed = true) {
+            return this.toBytes(isCompressed);
+        }
         toHex(isCompressed = true) {
-            abool('isCompressed', isCompressed);
-            return bytesToHex$1(this.toRawBytes(isCompressed));
+            return bytesToHex$1(this.toBytes(isCompressed));
+        }
+        toString() {
+            return `<Point ${this.is0() ? 'ZERO' : this.toHex()}>`;
         }
     }
     // base / generator point
     Point.BASE = new Point(CURVE.Gx, CURVE.Gy, Fp.ONE);
     // zero / infinity / identity point
     Point.ZERO = new Point(Fp.ZERO, Fp.ONE, Fp.ZERO); // 0, 1, 0
-    const { endo, nBitLength } = CURVE;
-    const wnaf = wNAF$1(Point, endo ? Math.ceil(nBitLength / 2) : nBitLength);
-    return {
-        CURVE,
-        ProjectivePoint: Point,
-        normPrivateKeyToScalar,
-        weierstrassEquation,
-        isWithinCurveOrder,
-    };
-}
-function validateOpts$1(curve) {
-    const opts = validateBasic$1(curve);
-    validateObject$1(opts, {
-        hash: 'hash',
+    // fields
+    Point.Fp = Fp;
+    Point.Fn = Fn;
+    const bits = Fn.BITS;
+    const wnaf = wNAF$1(Point, curveOpts.endo ? Math.ceil(bits / 2) : bits);
+    return Point;
+}
+// Points start with byte 0x02 when y is even; otherwise 0x03
+function pprefix(hasEvenY) {
+    return Uint8Array.of(hasEvenY ? 0x02 : 0x03);
+}
+function ecdsa(Point, ecdsaOpts, curveOpts = {}) {
+    _validateObject(ecdsaOpts, { hash: 'function' }, {
         hmac: 'function',
+        lowS: 'boolean',
         randomBytes: 'function',
-    }, {
         bits2int: 'function',
         bits2int_modN: 'function',
-        lowS: 'boolean',
-    });
-    return Object.freeze({ lowS: true, ...opts });
-}
-/**
- * Creates short weierstrass curve and ECDSA signature methods for it.
- * @example
- * import { Field } from '@noble/curves/abstract/modular';
- * // Before that, define BigInt-s: a, b, p, n, Gx, Gy
- * const curve = weierstrass({ a, b, Fp: Field(p), n, Gx, Gy, h: 1n })
- */
-function weierstrass$1(curveDef) {
-    const CURVE = validateOpts$1(curveDef);
-    const { Fp, n: CURVE_ORDER, nByteLength, nBitLength } = CURVE;
-    const compressedLen = Fp.BYTES + 1; // e.g. 33 for 32
-    const uncompressedLen = 2 * Fp.BYTES + 1; // e.g. 65 for 32
-    function modN(a) {
-        return mod$1(a, CURVE_ORDER);
-    }
-    function invN(a) {
-        return invert$1(a, CURVE_ORDER);
-    }
-    const { ProjectivePoint: Point, normPrivateKeyToScalar, weierstrassEquation, isWithinCurveOrder, } = weierstrassPoints$1({
-        ...CURVE,
-        toBytes(_c, point, isCompressed) {
-            const a = point.toAffine();
-            const x = Fp.toBytes(a.x);
-            const cat = concatBytes$2;
-            abool('isCompressed', isCompressed);
-            if (isCompressed) {
-                return cat(Uint8Array.from([point.hasEvenY() ? 0x02 : 0x03]), x);
-            }
-            else {
-                return cat(Uint8Array.from([0x04]), x, Fp.toBytes(a.y));
-            }
-        },
-        fromBytes(bytes) {
-            const len = bytes.length;
-            const head = bytes[0];
-            const tail = bytes.subarray(1);
-            // this.assertValidity() is done inside of fromHex
-            if (len === compressedLen && (head === 0x02 || head === 0x03)) {
-                const x = bytesToNumberBE$1(tail);
-                if (!inRange(x, _1n$8, Fp.ORDER))
-                    throw new Error('Point is not on curve');
-                const y2 = weierstrassEquation(x); // y² = x³ + ax + b
-                let y;
-                try {
-                    y = Fp.sqrt(y2); // y = y² ^ (p+1)/4
-                }
-                catch (sqrtError) {
-                    const suffix = sqrtError instanceof Error ? ': ' + sqrtError.message : '';
-                    throw new Error('Point is not on curve' + suffix);
-                }
-                const isYOdd = (y & _1n$8) === _1n$8;
-                // ECDSA
-                const isHeadOdd = (head & 1) === 1;
-                if (isHeadOdd !== isYOdd)
-                    y = Fp.neg(y);
-                return { x, y };
-            }
-            else if (len === uncompressedLen && head === 0x04) {
-                const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
-                const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
-                return { x, y };
-            }
-            else {
-                const cl = compressedLen;
-                const ul = uncompressedLen;
-                throw new Error('invalid Point, expected length of ' + cl + ', or uncompressed ' + ul + ', got ' + len);
-            }
-        },
     });
+    const randomBytes_ = ecdsaOpts.randomBytes || randomBytes$3;
+    const hmac_ = ecdsaOpts.hmac ||
+        ((key, ...msgs) => hmac$1(ecdsaOpts.hash, key, concatBytes$2(...msgs)));
+    const { Fp, Fn } = Point;
+    const { ORDER: CURVE_ORDER, BITS: fnBits } = Fn;
     function isBiggerThanHalfOrder(number) {
         const HALF = CURVE_ORDER >> _1n$8;
         return number > HALF;
     }
     function normalizeS(s) {
-        return isBiggerThanHalfOrder(s) ? modN(-s) : s;
+        return isBiggerThanHalfOrder(s) ? Fn.neg(s) : s;
+    }
+    function aValidRS(title, num) {
+        if (!Fn.isValidNot0(num))
+            throw new Error(`invalid signature ${title}: out of range 1..CURVE.n`);
     }
-    // slice bytes num
-    const slcNum = (b, from, to) => bytesToNumberBE$1(b.slice(from, to));
     /**
      * ECDSA signature with its (r, s) properties. Supports DER & compact representations.
      */
     class Signature {
         constructor(r, s, recovery) {
-            aInRange('r', r, _1n$8, CURVE_ORDER); // r in [1..N]
-            aInRange('s', s, _1n$8, CURVE_ORDER); // s in [1..N]
+            aValidRS('r', r); // r in [1..N-1]
+            aValidRS('s', s); // s in [1..N-1]
             this.r = r;
             this.s = s;
             if (recovery != null)
@@ -9704,9 +9715,9 @@ function weierstrass$1(curveDef) {
         }
         // pair (bytes of r, bytes of s)
         static fromCompact(hex) {
-            const l = nByteLength;
-            hex = ensureBytes$1('compactSignature', hex, l * 2);
-            return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
+            const L = Fn.BYTES;
+            const b = ensureBytes$1('compactSignature', hex, L * 2);
+            return new Signature(Fn.fromBytes(b.subarray(0, L)), Fn.fromBytes(b.subarray(L, L * 2)));
         }
         // DER encoded ECDSA signature
         // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
@@ -9722,22 +9733,36 @@ function weierstrass$1(curveDef) {
         addRecoveryBit(recovery) {
             return new Signature(this.r, this.s, recovery);
         }
+        // ProjPointType<bigint>
         recoverPublicKey(msgHash) {
+            const FIELD_ORDER = Fp.ORDER;
             const { r, s, recovery: rec } = this;
-            const h = bits2int_modN(ensureBytes$1('msgHash', msgHash)); // Truncate hash
             if (rec == null || ![0, 1, 2, 3].includes(rec))
                 throw new Error('recovery id invalid');
-            const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
-            if (radj >= Fp.ORDER)
+            // ECDSA recovery is hard for cofactor > 1 curves.
+            // In sign, `r = q.x mod n`, and here we recover q.x from r.
+            // While recovering q.x >= n, we need to add r+n for cofactor=1 curves.
+            // However, for cofactor>1, r+n may not get q.x:
+            // r+n*i would need to be done instead where i is unknown.
+            // To easily get i, we either need to:
+            // a. increase amount of valid recid values (4, 5...); OR
+            // b. prohibit non-prime-order signatures (recid > 1).
+            const hasCofactor = CURVE_ORDER * _2n$6 < FIELD_ORDER;
+            if (hasCofactor && rec > 1)
+                throw new Error('recovery id is ambiguous for h>1 curve');
+            const radj = rec === 2 || rec === 3 ? r + CURVE_ORDER : r;
+            if (!Fp.isValid(radj))
                 throw new Error('recovery id 2 or 3 invalid');
-            const prefix = (rec & 1) === 0 ? '02' : '03';
-            const R = Point.fromHex(prefix + numToSizedHex(radj, Fp.BYTES));
-            const ir = invN(radj); // r^-1
-            const u1 = modN(-h * ir); // -hr^-1
-            const u2 = modN(s * ir); // sr^-1
-            const Q = Point.BASE.multiplyAndAddUnsafe(R, u1, u2); // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1)
-            if (!Q)
-                throw new Error('point at infinify'); // unsafe is fine: no priv data leaked
+            const x = Fp.toBytes(radj);
+            const R = Point.fromHex(concatBytes$2(pprefix((rec & 1) === 0), x));
+            const ir = Fn.inv(radj); // r^-1
+            const h = bits2int_modN(ensureBytes$1('msgHash', msgHash)); // Truncate hash
+            const u1 = Fn.create(-h * ir); // -hr^-1
+            const u2 = Fn.create(s * ir); // sr^-1
+            // (sr^-1)R-(hr^-1)G = -(hr^-1)G + (sr^-1). unsafe is fine: there is no private data.
+            const Q = Point.BASE.multiplyUnsafe(u1).add(R.multiplyUnsafe(u2));
+            if (Q.is0())
+                throw new Error('point at infinify');
             Q.assertValidity();
             return Q;
         }
@@ -9746,24 +9771,31 @@ function weierstrass$1(curveDef) {
             return isBiggerThanHalfOrder(this.s);
         }
         normalizeS() {
-            return this.hasHighS() ? new Signature(this.r, modN(-this.s), this.recovery) : this;
+            return this.hasHighS() ? new Signature(this.r, Fn.neg(this.s), this.recovery) : this;
+        }
+        toBytes(format) {
+            if (format === 'compact')
+                return concatBytes$2(Fn.toBytes(this.r), Fn.toBytes(this.s));
+            if (format === 'der')
+                return hexToBytes$1(DER$1.hexFromSig(this));
+            throw new Error('invalid format');
         }
         // DER-encoded
         toDERRawBytes() {
-            return hexToBytes$1(this.toDERHex());
+            return this.toBytes('der');
         }
         toDERHex() {
-            return DER$1.hexFromSig(this);
+            return bytesToHex$1(this.toBytes('der'));
         }
         // padded bytes of r, then padded bytes of s
         toCompactRawBytes() {
-            return hexToBytes$1(this.toCompactHex());
+            return this.toBytes('compact');
         }
         toCompactHex() {
-            const l = nByteLength;
-            return numToSizedHex(this.r, l) + numToSizedHex(this.s, l);
+            return bytesToHex$1(this.toBytes('compact'));
         }
     }
+    const normPrivateKeyToScalar = _legacyHelperNormPriv(Fn, curveOpts.allowedPrivateKeyLengths, curveOpts.wrapPrivateKey);
     const utils = {
         isValidPrivateKey(privateKey) {
             try {
@@ -9780,21 +9812,11 @@ function weierstrass$1(curveDef) {
          * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
          */
         randomPrivateKey: () => {
-            const length = getMinHashLength$1(CURVE.n);
-            return mapHashToField$1(CURVE.randomBytes(length), CURVE.n);
+            const n = CURVE_ORDER;
+            return mapHashToField$1(randomBytes_(getMinHashLength$1(n)), n);
         },
-        /**
-         * Creates precompute table for an arbitrary EC point. Makes point "cached".
-         * Allows to massively speed-up `point.multiply(scalar)`.
-         * @returns cached point
-         * @example
-         * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));
-         * fast.multiply(privKey); // much faster ECDH now
-         */
         precompute(windowSize = 8, point = Point.BASE) {
-            point._setWindowSize(windowSize);
-            point.multiply(BigInt(3)); // 3 is arbitrary, just need any number here
-            return point;
+            return point.precompute(windowSize, false);
         },
     };
     /**
@@ -9804,7 +9826,7 @@ function weierstrass$1(curveDef) {
      * @returns Public key, full when isCompressed=false; short when isCompressed=true
      */
     function getPublicKey(privateKey, isCompressed = true) {
-        return Point.fromPrivateKey(privateKey).toRawBytes(isCompressed);
+        return Point.fromPrivateKey(privateKey).toBytes(isCompressed);
     }
     /**
      * Quick and dirty check for item being public key. Does not validate hex, or being on-curve.
@@ -9815,15 +9837,15 @@ function weierstrass$1(curveDef) {
         if (item instanceof Point)
             return true;
         const arr = ensureBytes$1('key', item);
-        const len = arr.length;
-        const fpl = Fp.BYTES;
-        const compLen = fpl + 1; // e.g. 33 for 32
-        const uncompLen = 2 * fpl + 1; // e.g. 65 for 32
-        if (CURVE.allowedPrivateKeyLengths || nByteLength === compLen) {
+        const length = arr.length;
+        const L = Fp.BYTES;
+        const LC = L + 1; // e.g. 33 for 32
+        const LU = 2 * L + 1; // e.g. 65 for 32
+        if (curveOpts.allowedPrivateKeyLengths || Fn.BYTES === LC) {
             return undefined;
         }
         else {
-            return len === compLen || len === uncompLen;
+            return length === LC || length === LU;
         }
     }
     /**
@@ -9842,13 +9864,13 @@ function weierstrass$1(curveDef) {
         if (isProbPub(publicB) === false)
             throw new Error('second arg must be public key');
         const b = Point.fromHex(publicB); // check for being on-curve
-        return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
+        return b.multiply(normPrivateKeyToScalar(privateA)).toBytes(isCompressed);
     }
     // RFC6979: ensure ECDSA msg is X bytes and < N. RFC suggests optional truncating via bits2octets.
     // FIPS 186-4 4.6 suggests the leftmost min(nBitLen, outLen) bits, which matches bits2int.
     // bits2int can produce res>N, we can do mod(res, N) since the bitLen is the same.
     // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors
-    const bits2int = CURVE.bits2int ||
+    const bits2int = ecdsaOpts.bits2int ||
         function (bytes) {
             // Our custom check "just in case", for protection against DoS
             if (bytes.length > 8192)
@@ -9856,22 +9878,22 @@ function weierstrass$1(curveDef) {
             // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)
             // for some cases, since bytes.length * 8 is not actual bitLength.
             const num = bytesToNumberBE$1(bytes); // check for == u8 done here
-            const delta = bytes.length * 8 - nBitLength; // truncate to nBitLength leftmost bits
+            const delta = bytes.length * 8 - fnBits; // truncate to nBitLength leftmost bits
             return delta > 0 ? num >> BigInt(delta) : num;
         };
-    const bits2int_modN = CURVE.bits2int_modN ||
+    const bits2int_modN = ecdsaOpts.bits2int_modN ||
         function (bytes) {
-            return modN(bits2int(bytes)); // can't use bytesToNumberBE here
+            return Fn.create(bits2int(bytes)); // can't use bytesToNumberBE here
         };
     // NOTE: pads output with zero as per spec
-    const ORDER_MASK = bitMask$1(nBitLength);
+    const ORDER_MASK = bitMask$1(fnBits);
     /**
      * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.
      */
     function int2octets(num) {
-        aInRange('num < 2^' + nBitLength, num, _0n$7, ORDER_MASK);
-        // works with order, can have different size than numToField!
-        return numberToBytesBE$1(num, nByteLength);
+        // IMPORTANT: the check ensures working for case `Fn.BYTES != Fn.BITS * 8`
+        aInRange('num < 2^' + fnBits, num, _0n$6, ORDER_MASK);
+        return Fn.toBytes(num);
     }
     // Steps A, D of RFC6979 3.2
     // Creates RFC6979 seed; converts msg/privKey to numbers.
@@ -9881,7 +9903,7 @@ function weierstrass$1(curveDef) {
     function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
         if (['recovered', 'canonical'].some((k) => k in opts))
             throw new Error('sign() legacy options not supported');
-        const { hash, randomBytes } = CURVE;
+        const { hash } = ecdsaOpts;
         let { lowS, prehash, extraEntropy: ent } = opts; // generates low-s sigs by default
         if (lowS == null)
             lowS = true; // RFC6979 3.2: we skip step A, because we already provide hash
@@ -9890,7 +9912,7 @@ function weierstrass$1(curveDef) {
         if (prehash)
             msgHash = ensureBytes$1('prehashed msgHash', hash(msgHash));
         // We can't later call bits2octets, since nested bits2int is broken for curves
-        // with nBitLength % 8 !== 0. Because of that, we unwrap it here as int2octets call.
+        // with fnBits % 8 !== 0. Because of that, we unwrap it here as int2octets call.
         // const bits2octets = (bits) => int2octets(bits2int_modN(bits))
         const h1int = bits2int_modN(msgHash);
         const d = normPrivateKeyToScalar(privateKey); // validate private key, convert to bigint
@@ -9898,27 +9920,28 @@ function weierstrass$1(curveDef) {
         // extraEntropy. RFC6979 3.6: additional k' (optional).
         if (ent != null && ent !== false) {
             // K = HMAC_K(V || 0x00 || int2octets(x) || bits2octets(h1) || k')
-            const e = ent === true ? randomBytes(Fp.BYTES) : ent; // generate random bytes OR pass as-is
+            const e = ent === true ? randomBytes_(Fp.BYTES) : ent; // generate random bytes OR pass as-is
             seedArgs.push(ensureBytes$1('extraEntropy', e)); // check for being bytes
         }
         const seed = concatBytes$2(...seedArgs); // Step D of RFC6979 3.2
         const m = h1int; // NOTE: no need to call bits2int second time here, it is inside truncateHash!
         // Converts signature params into point w r/s, checks result for validity.
+        // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to
+        // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:
+        // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT
         function k2sig(kBytes) {
             // RFC 6979 Section 3.2, step 3: k = bits2int(T)
+            // Important: all mod() calls here must be done over N
             const k = bits2int(kBytes); // Cannot use fields methods, since it is group element
-            if (!isWithinCurveOrder(k))
-                return; // Important: all mod() calls here must be done over N
-            const ik = invN(k); // k^-1 mod n
+            if (!Fn.isValidNot0(k))
+                return; // Valid scalars (including k) must be in 1..N-1
+            const ik = Fn.inv(k); // k^-1 mod n
             const q = Point.BASE.multiply(k).toAffine(); // q = Gk
-            const r = modN(q.x); // r = q.x mod n
-            if (r === _0n$7)
+            const r = Fn.create(q.x); // r = q.x mod n
+            if (r === _0n$6)
                 return;
-            // Can use scalar blinding b^-1(bm + bdr) where b ∈ [1,q−1] according to
-            // https://tches.iacr.org/index.php/TCHES/article/view/7337/6509. We've decided against it:
-            // a) dependency on CSPRNG b) 15% slowdown c) doesn't really help since bigints are not CT
-            const s = modN(ik * modN(m + r * d)); // Not using blinding here
-            if (s === _0n$7)
+            const s = Fn.create(ik * Fn.create(m + r * d)); // Not using blinding here, see comment above
+            if (s === _0n$6)
                 return;
             let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n$8); // recovery bit (2 or 3, when q.x > n)
             let normS = s;
@@ -9930,8 +9953,8 @@ function weierstrass$1(curveDef) {
         }
         return { seed, k2sig };
     }
-    const defaultSigOpts = { lowS: CURVE.lowS, prehash: false };
-    const defaultVerOpts = { lowS: CURVE.lowS, prehash: false };
+    const defaultSigOpts = { lowS: ecdsaOpts.lowS, prehash: false };
+    const defaultVerOpts = { lowS: ecdsaOpts.lowS, prehash: false };
     /**
      * Signs message hash with a private key.
      * ```
@@ -9947,13 +9970,11 @@ function weierstrass$1(curveDef) {
      */
     function sign(msgHash, privKey, opts = defaultSigOpts) {
         const { seed, k2sig } = prepSig(msgHash, privKey, opts); // Steps A, D of RFC6979 3.2.
-        const C = CURVE;
-        const drbg = createHmacDrbg$1(C.hash.outputLen, C.nByteLength, C.hmac);
+        const drbg = createHmacDrbg$1(ecdsaOpts.hash.outputLen, Fn.BYTES, hmac_);
         return drbg(seed, k2sig); // Steps B, C, D, E, F, G
     }
     // Enable precomputes. Slows down first publicKey computation by 20ms.
-    Point.BASE._setWindowSize(8);
-    // utils.precompute(8, ProjectivePoint.BASE)
+    Point.BASE.precompute(8);
     /**
      * Verifies a signature against message hash and public key.
      * Rejects lowS signatures by default: to override,
@@ -9971,13 +9992,14 @@ function weierstrass$1(curveDef) {
         const sg = signature;
         msgHash = ensureBytes$1('msgHash', msgHash);
         publicKey = ensureBytes$1('publicKey', publicKey);
-        const { lowS, prehash, format } = opts;
-        // Verify opts, deduce signature format
+        // Verify opts
         validateSigVerOpts(opts);
+        const { lowS, prehash, format } = opts;
+        // TODO: remove
         if ('strict' in opts)
             throw new Error('options.strict was renamed to lowS');
-        if (format !== undefined && format !== 'compact' && format !== 'der')
-            throw new Error('format must be compact or der');
+        if (format !== undefined && !['compact', 'der', 'js'].includes(format))
+            throw new Error('format must be "compact", "der" or "js"');
         const isHex = typeof sg === 'string' || isBytes(sg);
         const isObj = !isHex &&
             !format &&
@@ -9989,12 +10011,29 @@ function weierstrass$1(curveDef) {
             throw new Error('invalid signature, expected Uint8Array, hex string or Signature instance');
         let _sig = undefined;
         let P;
+        // deduce signature format
         try {
-            if (isObj)
-                _sig = new Signature(sg.r, sg.s);
+            // if (format === 'js') {
+            //   if (sg != null && !isBytes(sg)) _sig = new Signature(sg.r, sg.s);
+            // } else if (format === 'compact') {
+            //   _sig = Signature.fromCompact(sg);
+            // } else if (format === 'der') {
+            //   _sig = Signature.fromDER(sg);
+            // } else {
+            //   throw new Error('invalid format');
+            // }
+            if (isObj) {
+                if (format === undefined || format === 'js') {
+                    _sig = new Signature(sg.r, sg.s);
+                }
+                else {
+                    throw new Error('invalid format');
+                }
+            }
             if (isHex) {
-                // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).
-                // Since DER can also be 2*nByteLength bytes, we check for it first.
+                // TODO: remove this malleable check
+                // Signature can be represented in 2 ways: compact (2*Fn.BYTES) & DER (variable-length).
+                // Since DER can also be 2*Fn.BYTES bytes, we check for it first.
                 try {
                     if (format !== 'compact')
                         _sig = Signature.fromDER(sg);
@@ -10015,61 +10054,111 @@ function weierstrass$1(curveDef) {
             return false;
         if (lowS && _sig.hasHighS())
             return false;
+        // todo: optional.hash => hash
         if (prehash)
-            msgHash = CURVE.hash(msgHash);
+            msgHash = ecdsaOpts.hash(msgHash);
         const { r, s } = _sig;
         const h = bits2int_modN(msgHash); // Cannot use fields methods, since it is group element
-        const is = invN(s); // s^-1
-        const u1 = modN(h * is); // u1 = hs^-1 mod n
-        const u2 = modN(r * is); // u2 = rs^-1 mod n
-        const R = Point.BASE.multiplyAndAddUnsafe(P, u1, u2)?.toAffine(); // R = u1⋅G + u2⋅P
-        if (!R)
+        const is = Fn.inv(s); // s^-1
+        const u1 = Fn.create(h * is); // u1 = hs^-1 mod n
+        const u2 = Fn.create(r * is); // u2 = rs^-1 mod n
+        const R = Point.BASE.multiplyUnsafe(u1).add(P.multiplyUnsafe(u2));
+        if (R.is0())
             return false;
-        const v = modN(R.x);
+        const v = Fn.create(R.x); // v = r.x mod n
         return v === r;
     }
-    return {
-        CURVE,
+    // TODO: clarify API for cloning .clone({hash: sha512}) ? .createWith({hash: sha512})?
+    // const clone = (hash: CHash): ECDSA => ecdsa(Point, { ...ecdsaOpts, ...getHash(hash) }, curveOpts);
+    return Object.freeze({
         getPublicKey,
         getSharedSecret,
         sign,
         verify,
-        ProjectivePoint: Point,
-        Signature,
         utils,
+        Point,
+        Signature,
+    });
+}
+function _weierstrass_legacy_opts_to_new(c) {
+    const CURVE = {
+        a: c.a,
+        b: c.b,
+        p: c.Fp.ORDER,
+        n: c.n,
+        h: c.h,
+        Gx: c.Gx,
+        Gy: c.Gy,
+    };
+    const Fp = c.Fp;
+    const Fn = Field$1(CURVE.n, c.nBitLength);
+    const curveOpts = {
+        Fp,
+        Fn,
+        allowedPrivateKeyLengths: c.allowedPrivateKeyLengths,
+        allowInfinityPoint: c.allowInfinityPoint,
+        endo: c.endo,
+        wrapPrivateKey: c.wrapPrivateKey,
+        isTorsionFree: c.isTorsionFree,
+        clearCofactor: c.clearCofactor,
+        fromBytes: c.fromBytes,
+        toBytes: c.toBytes,
+    };
+    return { CURVE, curveOpts };
+}
+function _ecdsa_legacy_opts_to_new(c) {
+    const { CURVE, curveOpts } = _weierstrass_legacy_opts_to_new(c);
+    const ecdsaOpts = {
+        hash: c.hash,
+        hmac: c.hmac,
+        randomBytes: c.randomBytes,
+        lowS: c.lowS,
+        bits2int: c.bits2int,
+        bits2int_modN: c.bits2int_modN,
     };
+    return { CURVE, curveOpts, ecdsaOpts };
+}
+function _ecdsa_new_output_to_legacy(c, ecdsa) {
+    return Object.assign({}, ecdsa, {
+        ProjectivePoint: ecdsa.Point,
+        CURVE: c,
+    });
+}
+// _ecdsa_legacy
+function weierstrass$1(c) {
+    const { CURVE, curveOpts, ecdsaOpts } = _ecdsa_legacy_opts_to_new(c);
+    const Point = weierstrassN(CURVE, curveOpts);
+    const signs = ecdsa(Point, ecdsaOpts, curveOpts);
+    return _ecdsa_new_output_to_legacy(c, signs);
 }/**
  * Utilities for short weierstrass curves, combined with noble-hashes.
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-/** connects noble-curves to noble-hashes */
-function getHash$1(hash) {
-    return {
-        hash,
-        hmac: (key, ...msgs) => hmac$1(hash, key, concatBytes$3(...msgs)),
-        randomBytes: randomBytes$3,
-    };
-}
 function createCurve$1(curveDef, defHash) {
-    const create = (hash) => weierstrass$1({ ...curveDef, ...getHash$1(hash) });
+    const create = (hash) => weierstrass$1({ ...curveDef, hash: hash });
     return { ...create(defHash), create };
 }/**
- * NIST secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
- *
- * Seems to be rigid (not backdoored)
- * [as per discussion](https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975).
+ * SECG secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
  *
- * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
- * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
- * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
- * [See explanation](https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066).
+ * Belongs to Koblitz curves: it has efficiently-computable GLV endomorphism ψ,
+ * check out {@link EndomorphismOpts}. Seems to be rigid (not backdoored).
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const secp256k1P$1 = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
-const secp256k1N$1 = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');
-const _0n$6 = BigInt(0);
+// Seems like generator was produced from some seed:
+// `Point.BASE.multiply(Point.Fn.inv(2n, N)).toAffine().x`
+// // gives short x 0x3b78ce563f89a0ed9414f5aa28ad0d96d6795f9c63n
+const secp256k1_CURVE = {
+    p: BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f'),
+    n: BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141'),
+    h: BigInt(1),
+    a: BigInt(0),
+    b: BigInt(7),
+    Gx: BigInt('0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798'),
+    Gy: BigInt('0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8'),
+};
+BigInt(0);
 const _1n$7 = BigInt(1);
 const _2n$5 = BigInt(2);
 const divNearest$1 = (a, b) => (a + b / _2n$5) / b;
@@ -10078,7 +10167,7 @@ const divNearest$1 = (a, b) => (a + b / _2n$5) / b;
  * (P+1n/4n).toString(2) would produce bits [223x 1, 0, 22x 1, 4x 0, 11, 00]
  */
 function sqrtMod$1(y) {
-    const P = secp256k1P$1;
+    const P = secp256k1_CURVE.p;
     // prettier-ignore
     const _3n = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
     // prettier-ignore
@@ -10101,7 +10190,7 @@ function sqrtMod$1(y) {
         throw new Error('Cannot find square root');
     return root;
 }
-const Fpk1 = Field$1(secp256k1P$1, undefined, undefined, { sqrt: sqrtMod$1 });
+const Fpk1 = Field$1(secp256k1_CURVE.p, undefined, undefined, { sqrt: sqrtMod$1 });
 /**
  * secp256k1 curve, ECDSA and ECDH methods.
  *
@@ -10118,19 +10207,14 @@ const Fpk1 = Field$1(secp256k1P$1, undefined, undefined, { sqrt: sqrtMod$1 });
  * ```
  */
 const secp256k1$1 = createCurve$1({
-    a: _0n$6,
-    b: BigInt(7),
+    ...secp256k1_CURVE,
     Fp: Fpk1,
-    n: secp256k1N$1,
-    Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
-    Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
-    h: BigInt(1),
     lowS: true, // Allow only low-S signatures by default in sign() and verify()
     endo: {
         // Endomorphism, see above
         beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
         splitScalar: (k) => {
-            const n = secp256k1N$1;
+            const n = secp256k1_CURVE.n;
             const a1 = BigInt('0x3086d221a7d46bcde86c90e49284eb15');
             const b1 = -_1n$7 * BigInt('0xe4437ed6010e88286f547fa90abfe4c3');
             const a2 = BigInt('0x114ca50f7a8e2f3f657c1108d9d44cfd8');
@@ -10295,7 +10379,7 @@ let Keccak$1=class Keccak extends Hash$1 {
     update(data) {
         aexists(this);
         data = toBytes$1(data);
-        abytes$1(data);
+        abytes(data);
         const { blockLen, state } = this;
         const len = data.length;
         for (let pos = 0; pos < len;) {
@@ -10321,7 +10405,7 @@ let Keccak$1=class Keccak extends Hash$1 {
     }
     writeInto(out) {
         aexists(this, false);
-        abytes$1(out);
+        abytes(out);
         this.finish();
         const bufferOut = this.state;
         const { blockLen } = this;
@@ -10431,7 +10515,7 @@ function ethereumEncode(addressOrPublic) {
 /**
  *  The current version of Ethers.
  */
-const version = "6.14.3";/**
+const version = "6.14.4";/**
  *  Property helper functions.
  *
  *  @_subsection api/utils:Properties  [about-properties]
@@ -10834,7 +10918,7 @@ function getBigInt(value, name) {
         case "bigint": return value;
         case "number":
             assertArgument(Number.isInteger(value), "underflow", name || "value", value);
-            assertArgument(value >= -9007199254740991 && value <= maxValue, "overflow", name || "value", value);
+            assertArgument(value >= -maxValue && value <= maxValue, "overflow", name || "value", value);
             return BigInt(value);
         case "string":
             try {
@@ -10886,11 +10970,11 @@ function toBigInt(value) {
 function getNumber(value, name) {
     switch (typeof (value)) {
         case "bigint":
-            assertArgument(value >= -9007199254740991 && value <= maxValue, "overflow", name || "value", value);
+            assertArgument(value >= -maxValue && value <= maxValue, "overflow", name || "value", value);
             return Number(value);
         case "number":
             assertArgument(Number.isInteger(value), "underflow", name || "value", value);
-            assertArgument(value >= -9007199254740991 && value <= maxValue, "overflow", name || "value", value);
+            assertArgument(value >= -maxValue && value <= maxValue, "overflow", name || "value", value);
             return value;
         case "string":
             try {
@@ -15422,8 +15506,8 @@ function formatAuthorizationList(value) {
             a.address,
             formatNumber(a.nonce, "nonce"),
             formatNumber(a.signature.yParity, "yParity"),
-            a.signature.r,
-            a.signature.s
+            toBeArray(a.signature.r),
+            toBeArray(a.signature.s)
         ];
     });
 }
@@ -16490,6 +16574,14 @@ function hashMessage(message) {
         toUtf8Bytes(String(message.length)),
         message
     ]));
+}
+/**
+ *  Return the address of the private key that produced
+ *  the signature %%sig%% during signing for %%message%%.
+ */
+function verifyMessage(message, sig) {
+    const digest = hashMessage(message);
+    return recoverAddress(digest, sig);
 }//import { TypedDataDomain, TypedDataField } from "@ethersproject/providerabstract-signer";
 const padding = new Uint8Array(32);
 padding.fill(0);
@@ -18759,7 +18851,7 @@ class HDNodeWallet extends BaseWallet {
         // Base path
         let path = this.path;
         if (path) {
-            path += "/" + (index & 2147483647);
+            path += "/" + (index & ~HardenedBit);
             if (index & HardenedBit) {
                 path += "'";
             }
@@ -18961,7 +19053,7 @@ class HDNodeVoidWallet extends VoidSigner {
         // Base path
         let path = this.path;
         if (path) {
-            path += "/" + (index & 2147483647);
+            path += "/" + (index & ~HardenedBit);
             if (index & HardenedBit) {
                 path += "'";
             }
@@ -19319,8 +19411,15 @@ function assert(condition, message) {
         },
     ],
 };
-// using pallet_revive test chain ID for now.
-const EIP712_DOMAIN_DEFAULT = {
+// using 2091 for mainnet
+const EIP712_DOMAIN_MAINNET = {
+    name: 'Frequency',
+    version: '1',
+    chainId: '0x082B',
+    verifyingContract: '0xCcCCccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC',
+};
+// using pallet_revive test chain ID for testnet/dev
+const EIP712_DOMAIN_TESTNET = {
     name: 'Frequency',
     version: '1',
     chainId: '0x190f1b44',
@@ -19358,6 +19457,22 @@ const ADD_KEY_DATA_DEFINITION = {
         },
     ],
 };
+const AUTHORIZED_KEY_DATA_DEFINITION = {
+    AuthorizedKeyData: [
+        {
+            name: 'msaId',
+            type: 'uint64',
+        },
+        {
+            name: 'expiration',
+            type: 'uint32',
+        },
+        {
+            name: 'authorizedPublicKey',
+            type: 'address',
+        },
+    ],
+};
 const CLAIM_HANDLE_PAYLOAD_DEFINITION = {
     ClaimHandlePayload: [
         {
@@ -19446,34 +19561,68 @@ const ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2 = {
         { name: 'data', type: 'bytes' },
         { name: 'index', type: 'uint16' },
     ],
-};var signatureDefinitions=/*#__PURE__*/Object.freeze({__proto__:null,ADD_KEY_DATA_DEFINITION:ADD_KEY_DATA_DEFINITION,ADD_PROVIDER_DEFINITION:ADD_PROVIDER_DEFINITION,CLAIM_HANDLE_PAYLOAD_DEFINITION:CLAIM_HANDLE_PAYLOAD_DEFINITION,EIP712_DOMAIN_DEFAULT:EIP712_DOMAIN_DEFAULT,EIP712_DOMAIN_DEFINITION:EIP712_DOMAIN_DEFINITION,ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2:ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2:PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2:PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2,PASSKEY_PUBLIC_KEY_DEFINITION:PASSKEY_PUBLIC_KEY_DEFINITION});/**
- * Signing EIP-712 compatible signature for payload
+};
+const SIWF_SIGNED_REQUEST_PAYLOAD_DEFINITION = {
+    SiwfSignedRequestPayload: [
+        {
+            name: 'callback',
+            type: 'string',
+        },
+        {
+            name: 'permissions',
+            type: 'uint16[]',
+        },
+        {
+            name: 'userIdentifierAdminUrl',
+            type: 'string',
+        },
+    ],
+};var signatureDefinitions=/*#__PURE__*/Object.freeze({__proto__:null,ADD_KEY_DATA_DEFINITION:ADD_KEY_DATA_DEFINITION,ADD_PROVIDER_DEFINITION:ADD_PROVIDER_DEFINITION,AUTHORIZED_KEY_DATA_DEFINITION:AUTHORIZED_KEY_DATA_DEFINITION,CLAIM_HANDLE_PAYLOAD_DEFINITION:CLAIM_HANDLE_PAYLOAD_DEFINITION,EIP712_DOMAIN_DEFINITION:EIP712_DOMAIN_DEFINITION,EIP712_DOMAIN_MAINNET:EIP712_DOMAIN_MAINNET,EIP712_DOMAIN_TESTNET:EIP712_DOMAIN_TESTNET,ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2:ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2:PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2:PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2,PASSKEY_PUBLIC_KEY_DEFINITION:PASSKEY_PUBLIC_KEY_DEFINITION,SIWF_SIGNED_REQUEST_PAYLOAD_DEFINITION:SIWF_SIGNED_REQUEST_PAYLOAD_DEFINITION});/**
+ * Signing EIP-712 or ERC-191 compatible signature based on payload
  * @param secretKey
  * @param payload
  * @param chain
  */
-async function signEip712(secretKey, payload, chain = 'Mainnet-Frequency') {
-    const types = getTypesFor(payload.type);
+async function sign(secretKey, payload, chain) {
+    const signatureType = getSignatureType(payload.type);
     const normalizedPayload = normalizePayload(payload);
     const wallet = new Wallet(secretKey);
-    // TODO: use correct chainID for different networks
-    // TODO: use correct contract address for different payloads
-    const signature = await wallet.signTypedData(EIP712_DOMAIN_DEFAULT, types, normalizedPayload);
+    let signature;
+    switch (signatureType) {
+        case 'EIP-712':
+            // TODO: use correct contract address for different payloads
+            signature = await wallet.signTypedData(chain === 'Mainnet-Frequency' ? EIP712_DOMAIN_MAINNET : EIP712_DOMAIN_TESTNET, getTypesFor(payload.type), normalizedPayload);
+            break;
+        case 'EIP-191':
+            signature = await wallet.signMessage(payload.message);
+            break;
+        default:
+            throw new Error(`Unsupported signature type : ${signatureType}`);
+    }
     return { Ecdsa: signature };
 }
 /**
- * Verify EIP-712 signatures
+ * Verify EIP-712 and ERC-191 signatures based on payload
  * @param ethereumAddress
  * @param signature
  * @param payload
  * @param chain
  */
-function verifyEip712Signature(ethereumAddress, signature, payload, chain = 'Mainnet-Frequency') {
-    const types = getTypesFor(payload.type);
+function verifySignature(ethereumAddress, signature, payload, chain) {
+    const signatureType = getSignatureType(payload.type);
     const normalizedPayload = normalizePayload(payload);
-    // TODO: use correct chainID for different networks
-    // TODO: use correct contract address for different payloads
-    const recoveredAddress = verifyTypedData(EIP712_DOMAIN_DEFAULT, types, normalizedPayload, signature);
+    let recoveredAddress;
+    switch (signatureType) {
+        case 'EIP-712':
+            // TODO: use correct contract address for different payloads
+            recoveredAddress = verifyTypedData(chain === 'Mainnet-Frequency' ? EIP712_DOMAIN_MAINNET : EIP712_DOMAIN_TESTNET, getTypesFor(payload.type), normalizedPayload, signature);
+            break;
+        case 'EIP-191':
+            recoveredAddress = verifyMessage(payload.message, signature);
+            break;
+        default:
+            throw new Error(`Unsupported signature type : ${signatureType}`);
+    }
     return recoveredAddress.toLowerCase() === ethereumAddress.toLowerCase();
 }
 function normalizePayload(payload) {
@@ -19485,6 +19634,7 @@ function normalizePayload(payload) {
         case 'PasskeyPublicKey':
         case 'ClaimHandlePayload':
         case 'AddProvider':
+        case 'SiwfLoginRequestPayload':
             break;
         case 'AddKeyData':
             // convert to 20 bytes ethereum address for signature
@@ -19493,6 +19643,18 @@ function normalizePayload(payload) {
             }
             clonedPayload.newPublicKey = clonedPayload.newPublicKey.toLowerCase();
             break;
+        case 'AuthorizedKeyData':
+            // convert to 20 bytes ethereum address for signature
+            if (clonedPayload.authorizedPublicKey.length !== 42) {
+                clonedPayload.authorizedPublicKey = reverseUnifiedAddressToEthereumAddress(payload.authorizedPublicKey);
+            }
+            clonedPayload.authorizedPublicKey = clonedPayload.authorizedPublicKey.toLowerCase();
+            break;
+        case 'SiwfSignedRequestPayload':
+            if (clonedPayload.userIdentifierAdminUrl == null) {
+                clonedPayload.userIdentifierAdminUrl = '';
+            }
+            break;
         default:
             throw new Error(`Unsupported payload type: ${JSON.stringify(payload)}`);
     }
@@ -19508,7 +19670,10 @@ function getTypesFor(payloadType) {
         PasskeyPublicKey: PASSKEY_PUBLIC_KEY_DEFINITION,
         ClaimHandlePayload: CLAIM_HANDLE_PAYLOAD_DEFINITION,
         AddKeyData: ADD_KEY_DATA_DEFINITION,
+        AuthorizedKeyData: AUTHORIZED_KEY_DATA_DEFINITION,
         AddProvider: ADD_PROVIDER_DEFINITION,
+        // offchain signatures
+        SiwfSignedRequestPayload: SIWF_SIGNED_REQUEST_PAYLOAD_DEFINITION,
     };
     const definition = PAYLOAD_TYPE_DEFINITIONS[payloadType];
     if (!definition) {
@@ -19516,6 +19681,12 @@ function getTypesFor(payloadType) {
     }
     return definition;
 }
+function getSignatureType(payloadType) {
+    if (payloadType === 'SiwfLoginRequestPayload') {
+        return 'EIP-191';
+    }
+    return 'EIP-712';
+}
 /**
  * Build an AddKeyData payload for signature.
  *
@@ -19536,6 +19707,26 @@ function createAddKeyData(msaId, newPublicKey, expirationBlock) {
         newPublicKey: parsedNewPublicKey,
     };
 }
+/**
+ * Build an AuthorizedKeyData payload for signature.
+ *
+ * @param msaId                  MSA ID (uint64) to add the key
+ * @param authorizedPublicKey    32 bytes public key to authorize in hex or Uint8Array
+ * @param expirationBlock        Block number after which this payload is invalid
+ */
+function createAuthorizedKeyData(msaId, newPublicKey, expirationBlock) {
+    const parsedMsaId = typeof msaId === 'string' ? msaId : `${msaId}`;
+    const parsedNewPublicKey = typeof newPublicKey === 'object' ? u8aToHex(newPublicKey) : newPublicKey;
+    assert(isValidUint64String(parsedMsaId), 'msaId should be a valid uint64');
+    assert(isValidUint32(expirationBlock), 'expiration should be a valid uint32');
+    assert(isHexString(parsedNewPublicKey), 'newPublicKey should be valid hex');
+    return {
+        type: 'AuthorizedKeyData',
+        msaId: parsedMsaId,
+        expiration: expirationBlock,
+        authorizedPublicKey: parsedNewPublicKey,
+    };
+}
 /**
  * Build an AddProvider payload for signature.
  *
@@ -19660,6 +19851,35 @@ function createPaginatedUpsertSignaturePayloadV2(schemaId, pageId, targetHash, e
         payload: parsedPayload,
     };
 }
+/**
+ * Build an SiwfSignedRequestPayload payload for signature.
+ *
+ * @param callback        Callback URL for login
+ * @param permissions       One or more schema IDs (uint16) the provider may use
+ * @param userIdentifierAdminUrl Only used for custom integration situations.
+ */
+function createSiwfSignedRequestPayload(callback, permissions, userIdentifierAdminUrl) {
+    permissions.forEach((schemaId) => {
+        assert(isValidUint16(schemaId), 'permission should be a valid uint16');
+    });
+    return {
+        type: 'SiwfSignedRequestPayload',
+        callback: callback,
+        permissions,
+        userIdentifierAdminUrl,
+    };
+}
+/**
+ * Build an SiwfLoginRequestPayload payload for signature.
+ *
+ * @param message        login message
+ */
+function createSiwfLoginRequestPayload(message) {
+    return {
+        type: 'SiwfLoginRequestPayload',
+        message,
+    };
+}
 /**
  * Returns the EIP-712 browser request for a AddKeyData for signing.
  *
@@ -19668,11 +19888,24 @@ function createPaginatedUpsertSignaturePayloadV2(schemaId, pageId, targetHash, e
  * @param expirationBlock Block number after which this payload is invalid
  * @param domain
  */
-function getEip712BrowserRequestAddKeyData(msaId, newPublicKey, expirationBlock, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestAddKeyData(msaId, newPublicKey, expirationBlock, domain = EIP712_DOMAIN_MAINNET) {
     const message = createAddKeyData(msaId, newPublicKey, expirationBlock);
     const normalized = normalizePayload(message);
     return createEip712Payload(ADD_KEY_DATA_DEFINITION, message.type, domain, normalized);
 }
+/**
+ * Returns the EIP-712 browser request for a AuthorizedKeyData for signing.
+ *
+ * @param msaId           MSA ID (uint64) to add the key
+ * @param authorizedPublicKey    32 bytes public key to add in hex or Uint8Array
+ * @param expirationBlock Block number after which this payload is invalid
+ * @param domain
+ */
+function getEip712BrowserRequestAuthorizedKeyData(msaId, authorizedPublicKey, expirationBlock, domain = EIP712_DOMAIN_MAINNET) {
+    const message = createAuthorizedKeyData(msaId, authorizedPublicKey, expirationBlock);
+    const normalized = normalizePayload(message);
+    return createEip712Payload(AUTHORIZED_KEY_DATA_DEFINITION, message.type, domain, normalized);
+}
 /**
  * Returns the EIP-712 browser request for a AddProvider for signing.
  *
@@ -19681,7 +19914,7 @@ function getEip712BrowserRequestAddKeyData(msaId, newPublicKey, expirationBlock,
  * @param expirationBlock Block number after which this payload is invalid
  * @param domain
  */
-function getEip712BrowserRequestAddProvider(authorizedMsaId, schemaIds, expirationBlock, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestAddProvider(authorizedMsaId, schemaIds, expirationBlock, domain = EIP712_DOMAIN_MAINNET) {
     const message = createAddProvider(authorizedMsaId, schemaIds, expirationBlock);
     const normalized = normalizePayload(message);
     return createEip712Payload(ADD_PROVIDER_DEFINITION, message.type, domain, normalized);
@@ -19696,7 +19929,7 @@ function getEip712BrowserRequestAddProvider(authorizedMsaId, schemaIds, expirati
  * @param payload    HexString or Uint8Array data to upsert
  * @param domain
  */
-function getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2(schemaId, pageId, targetHash, expiration, payload, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2(schemaId, pageId, targetHash, expiration, payload, domain = EIP712_DOMAIN_MAINNET) {
     const message = createPaginatedUpsertSignaturePayloadV2(schemaId, pageId, targetHash, expiration, payload);
     const normalized = normalizePayload(message);
     return createEip712Payload(PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2, message.type, domain, normalized);
@@ -19710,7 +19943,7 @@ function getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2(schemaId, page
  * @param expiration uint32 expiration block
  * @param domain
  */
-function getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2(schemaId, pageId, targetHash, expiration, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2(schemaId, pageId, targetHash, expiration, domain = EIP712_DOMAIN_MAINNET) {
     const message = createPaginatedDeleteSignaturePayloadV2(schemaId, pageId, targetHash, expiration);
     const normalized = normalizePayload(message);
     return createEip712Payload(PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2, message.type, domain, normalized);
@@ -19724,7 +19957,7 @@ function getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2(schemaId, page
  * @param actions    Array of Add/Delete itemized actions
  * @param domain
  */
-function getEip712BrowserRequestItemizedSignaturePayloadV2(schemaId, targetHash, expiration, actions, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestItemizedSignaturePayloadV2(schemaId, targetHash, expiration, actions, domain = EIP712_DOMAIN_MAINNET) {
     const message = createItemizedSignaturePayloadV2(schemaId, targetHash, expiration, actions);
     const normalized = normalizePayload(message);
     return createEip712Payload(ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2, message.type, domain, normalized);
@@ -19736,7 +19969,7 @@ function getEip712BrowserRequestItemizedSignaturePayloadV2(schemaId, targetHash,
  * @param expirationBlock Block number after which this payload is invalid
  * @param domain
  */
-function getEip712BrowserRequestClaimHandlePayload(handle, expirationBlock, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestClaimHandlePayload(handle, expirationBlock, domain = EIP712_DOMAIN_MAINNET) {
     const message = createClaimHandlePayload(handle, expirationBlock);
     const normalized = normalizePayload(message);
     return createEip712Payload(CLAIM_HANDLE_PAYLOAD_DEFINITION, message.type, domain, normalized);
@@ -19747,11 +19980,24 @@ function getEip712BrowserRequestClaimHandlePayload(handle, expirationBlock, doma
  * @param publicKey The passkey’s public key (hex string or raw bytes)
  * @param domain
  */
-function getEip712BrowserRequestPasskeyPublicKey(publicKey, domain = EIP712_DOMAIN_DEFAULT) {
+function getEip712BrowserRequestPasskeyPublicKey(publicKey, domain = EIP712_DOMAIN_MAINNET) {
     const message = createPasskeyPublicKey(publicKey);
     const normalized = normalizePayload(message);
     return createEip712Payload(PASSKEY_PUBLIC_KEY_DEFINITION, message.type, domain, normalized);
 }
+/**
+ * Returns the EIP-712 browser request for a SiwfSignedRequestPayload for signing.
+ *
+ * @param callback        Callback URL for login
+ * @param permissions       One or more schema IDs (uint16) the provider may use
+ * @param userIdentifierAdminUrl Only used for custom integration situations.
+ * @param domain
+ */
+function getEip712BrowserRequestSiwfSignedRequestPayload(callback, permissions, userIdentifierAdminUrl, domain = EIP712_DOMAIN_MAINNET) {
+    const message = createSiwfSignedRequestPayload(callback, permissions, userIdentifierAdminUrl);
+    const normalized = normalizePayload(message);
+    return createEip712Payload(SIWF_SIGNED_REQUEST_PAYLOAD_DEFINITION, message.type, domain, normalized);
+}
 function createEip712Payload(typeDefinition, primaryType, domain, message) {
     return {
         types: {
@@ -19808,4 +20054,4 @@ function prefixEthereumTags(hexPayload) {
     const wrapped = `\x19Ethereum Signed Message:\n${hexPayload.length}${hexPayload}`;
     const buffer = Buffer.from(wrapped, 'utf-8');
     return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.length);
-}var signature=/*#__PURE__*/Object.freeze({__proto__:null,createAddKeyData:createAddKeyData,createAddProvider:createAddProvider,createClaimHandlePayload:createClaimHandlePayload,createItemizedAddAction:createItemizedAddAction,createItemizedDeleteAction:createItemizedDeleteAction,createItemizedSignaturePayloadV2:createItemizedSignaturePayloadV2,createPaginatedDeleteSignaturePayloadV2:createPaginatedDeleteSignaturePayloadV2,createPaginatedUpsertSignaturePayloadV2:createPaginatedUpsertSignaturePayloadV2,createPasskeyPublicKey:createPasskeyPublicKey,getEip712BrowserRequestAddKeyData:getEip712BrowserRequestAddKeyData,getEip712BrowserRequestAddProvider:getEip712BrowserRequestAddProvider,getEip712BrowserRequestClaimHandlePayload:getEip712BrowserRequestClaimHandlePayload,getEip712BrowserRequestItemizedSignaturePayloadV2:getEip712BrowserRequestItemizedSignaturePayloadV2,getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2:getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2,getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2:getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2,getEip712BrowserRequestPasskeyPublicKey:getEip712BrowserRequestPasskeyPublicKey,getEthereumMessageSigner:getEthereumMessageSigner,getEthereumRegularSigner:getEthereumRegularSigner,signEip712:signEip712,verifyEip712Signature:verifyEip712Signature});var index = { ...payloads, ...address, ...signatureDefinitions, ...signature };export{ADD_KEY_DATA_DEFINITION,ADD_PROVIDER_DEFINITION,CLAIM_HANDLE_PAYLOAD_DEFINITION,EIP712_DOMAIN_DEFAULT,EIP712_DOMAIN_DEFINITION,ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2,PASSKEY_PUBLIC_KEY_DEFINITION,createAddKeyData,createAddProvider,createClaimHandlePayload,createItemizedAddAction,createItemizedDeleteAction,createItemizedSignaturePayloadV2,createPaginatedDeleteSignaturePayloadV2,createPaginatedUpsertSignaturePayloadV2,createPasskeyPublicKey,createRandomKey,index as default,ethereumAddressToKeyringPair,getAccountId20MultiAddress,getEip712BrowserRequestAddKeyData,getEip712BrowserRequestAddProvider,getEip712BrowserRequestClaimHandlePayload,getEip712BrowserRequestItemizedSignaturePayloadV2,getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2,getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2,getEip712BrowserRequestPasskeyPublicKey,getEthereumMessageSigner,getEthereumRegularSigner,getKeyringPairFromSecp256k1PrivateKey,getSS58AccountFromEthereumAccount,getUnifiedAddress,getUnifiedPublicKey,reverseUnifiedAddressToEthereumAddress,signEip712,verifyEip712Signature};
+}var signature=/*#__PURE__*/Object.freeze({__proto__:null,createAddKeyData:createAddKeyData,createAddProvider:createAddProvider,createAuthorizedKeyData:createAuthorizedKeyData,createClaimHandlePayload:createClaimHandlePayload,createItemizedAddAction:createItemizedAddAction,createItemizedDeleteAction:createItemizedDeleteAction,createItemizedSignaturePayloadV2:createItemizedSignaturePayloadV2,createPaginatedDeleteSignaturePayloadV2:createPaginatedDeleteSignaturePayloadV2,createPaginatedUpsertSignaturePayloadV2:createPaginatedUpsertSignaturePayloadV2,createPasskeyPublicKey:createPasskeyPublicKey,createSiwfLoginRequestPayload:createSiwfLoginRequestPayload,createSiwfSignedRequestPayload:createSiwfSignedRequestPayload,getEip712BrowserRequestAddKeyData:getEip712BrowserRequestAddKeyData,getEip712BrowserRequestAddProvider:getEip712BrowserRequestAddProvider,getEip712BrowserRequestAuthorizedKeyData:getEip712BrowserRequestAuthorizedKeyData,getEip712BrowserRequestClaimHandlePayload:getEip712BrowserRequestClaimHandlePayload,getEip712BrowserRequestItemizedSignaturePayloadV2:getEip712BrowserRequestItemizedSignaturePayloadV2,getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2:getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2,getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2:getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2,getEip712BrowserRequestPasskeyPublicKey:getEip712BrowserRequestPasskeyPublicKey,getEip712BrowserRequestSiwfSignedRequestPayload:getEip712BrowserRequestSiwfSignedRequestPayload,getEthereumMessageSigner:getEthereumMessageSigner,getEthereumRegularSigner:getEthereumRegularSigner,sign:sign,verifySignature:verifySignature});var index = { ...payloads, ...address, ...signatureDefinitions, ...signature };export{ADD_KEY_DATA_DEFINITION,ADD_PROVIDER_DEFINITION,AUTHORIZED_KEY_DATA_DEFINITION,CLAIM_HANDLE_PAYLOAD_DEFINITION,EIP712_DOMAIN_DEFINITION,EIP712_DOMAIN_MAINNET,EIP712_DOMAIN_TESTNET,ITEMIZED_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_DELETE_SIGNATURE_PAYLOAD_DEFINITION_V2,PAGINATED_UPSERT_SIGNATURE_PAYLOAD_DEFINITION_V2,PASSKEY_PUBLIC_KEY_DEFINITION,SIWF_SIGNED_REQUEST_PAYLOAD_DEFINITION,createAddKeyData,createAddProvider,createAuthorizedKeyData,createClaimHandlePayload,createItemizedAddAction,createItemizedDeleteAction,createItemizedSignaturePayloadV2,createPaginatedDeleteSignaturePayloadV2,createPaginatedUpsertSignaturePayloadV2,createPasskeyPublicKey,createRandomKey,createSiwfLoginRequestPayload,createSiwfSignedRequestPayload,index as default,ethereumAddressToKeyringPair,getAccountId20MultiAddress,getEip712BrowserRequestAddKeyData,getEip712BrowserRequestAddProvider,getEip712BrowserRequestAuthorizedKeyData,getEip712BrowserRequestClaimHandlePayload,getEip712BrowserRequestItemizedSignaturePayloadV2,getEip712BrowserRequestPaginatedDeleteSignaturePayloadV2,getEip712BrowserRequestPaginatedUpsertSignaturePayloadV2,getEip712BrowserRequestPasskeyPublicKey,getEip712BrowserRequestSiwfSignedRequestPayload,getEthereumMessageSigner,getEthereumRegularSigner,getKeyringPairFromSecp256k1PrivateKey,getSS58AccountFromEthereumAccount,getUnifiedAddress,getUnifiedPublicKey,reverseUnifiedAddressToEthereumAddress,sign,verifySignature};