npm - @gardenfi/utils - Versions diffs - 2.1.3-beta.1 → 2.1.3-beta.10 - Mend

@gardenfi/utils 2.1.3-beta.1 → 2.1.3-beta.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (135) hide show

package/dist/index298.js CHANGED Viewed

@@ -1,645 +1,209 @@
-import { validateBasic as mt, wNAF as gt, pippenger as Et } from "./index299.js";
-import { Field as bt, mod as wt, getMinHashLength as vt, mapHashToField as Bt, invert as xt } from "./index278.js";
-import { bytesToNumberBE as tt, bitMask as St, validateObject as pt, concatBytes as st, aInRange as Q, ensureBytes as V, bytesToHex as ct, hexToBytes as lt, isBytes as at, createHmacDrbg as Rt, memoized as ut, abool as et, inRange as yt, numberToHexUnpadded as nt, numberToBytesBE as dt } from "./index294.js";
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-function ft(h) {
-  h.lowS !== void 0 && et("lowS", h.lowS), h.prehash !== void 0 && et("prehash", h.prehash);
+const w = /* @__PURE__ */ BigInt(0), p = /* @__PURE__ */ BigInt(1);
+function b(t) {
+  return t instanceof Uint8Array || ArrayBuffer.isView(t) && t.constructor.name === "Uint8Array";
 }
-function Ot(h) {
-  const n = mt(h);
-  pt(n, {
-    a: "field",
-    b: "field"
-  }, {
-    allowedPrivateKeyLengths: "array",
-    wrapPrivateKey: "boolean",
-    isTorsionFree: "function",
-    clearCofactor: "function",
-    allowInfinityPoint: "boolean",
-    fromBytes: "function",
-    toBytes: "function"
-  });
-  const { endo: t, Fp: E, a: R } = n;
-  if (t) {
-    if (!E.eql(R, E.ZERO))
-      throw new Error("invalid endomorphism, can only be defined for Koblitz curves that have a=0");
-    if (typeof t != "object" || typeof t.beta != "bigint" || typeof t.splitScalar != "function")
-      throw new Error("invalid endomorphism, expected beta: bigint and splitScalar: function");
-  }
-  return Object.freeze({ ...n });
+function h(t) {
+  if (!b(t))
+    throw new Error("Uint8Array expected");
 }
-class At extends Error {
-  constructor(n = "") {
-    super(n);
-  }
+function k(t, n) {
+  if (typeof n != "boolean")
+    throw new Error(t + " boolean expected, got " + n);
 }
-const U = {
-  // asn.1 DER encoding utils
-  Err: At,
-  // Basic building block is TLV (Tag-Length-Value)
-  _tlv: {
-    encode: (h, n) => {
-      const { Err: t } = U;
-      if (h < 0 || h > 256)
-        throw new t("tlv.encode: wrong tag");
-      if (n.length & 1)
-        throw new t("tlv.encode: unpadded data");
-      const E = n.length / 2, R = nt(E);
-      if (R.length / 2 & 128)
-        throw new t("tlv.encode: long form length too big");
-      const q = E > 127 ? nt(R.length / 2 | 128) : "";
-      return nt(h) + q + R + n;
-    },
-    // v - value, l - left bytes (unparsed)
-    decode(h, n) {
-      const { Err: t } = U;
-      let E = 0;
-      if (h < 0 || h > 256)
-        throw new t("tlv.encode: wrong tag");
-      if (n.length < 2 || n[E++] !== h)
-        throw new t("tlv.decode: wrong tlv");
-      const R = n[E++], q = !!(R & 128);
-      let B = 0;
-      if (!q)
-        B = R;
-      else {
-        const S = R & 127;
-        if (!S)
-          throw new t("tlv.decode(long): indefinite length not supported");
-        if (S > 4)
-          throw new t("tlv.decode(long): byte length is too big");
-        const L = n.subarray(E, E + S);
-        if (L.length !== S)
-          throw new t("tlv.decode: length bytes not complete");
-        if (L[0] === 0)
-          throw new t("tlv.decode(long): zero leftmost byte");
-        for (const k of L)
-          B = B << 8 | k;
-        if (E += S, B < 128)
-          throw new t("tlv.decode(long): not minimal encoding");
-      }
-      const Y = n.subarray(E, E + B);
-      if (Y.length !== B)
-        throw new t("tlv.decode: wrong value length");
-      return { v: Y, l: n.subarray(E + B) };
-    }
-  },
-  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
-  // since we always use positive integers here. It must always be empty:
-  // - add zero byte if exists
-  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
-  _int: {
-    encode(h) {
-      const { Err: n } = U;
-      if (h < j)
-        throw new n("integer: negative integers are not allowed");
-      let t = nt(h);
-      if (Number.parseInt(t[0], 16) & 8 && (t = "00" + t), t.length & 1)
-        throw new n("unexpected DER parsing assertion: unpadded hex");
-      return t;
-    },
-    decode(h) {
-      const { Err: n } = U;
-      if (h[0] & 128)
-        throw new n("invalid signature integer: negative");
-      if (h[0] === 0 && !(h[1] & 128))
-        throw new n("invalid signature integer: unnecessary leading zero");
-      return tt(h);
-    }
-  },
-  toSig(h) {
-    const { Err: n, _int: t, _tlv: E } = U, R = V("signature", h), { v: q, l: B } = E.decode(48, R);
-    if (B.length)
-      throw new n("invalid signature: left bytes after parsing");
-    const { v: Y, l: S } = E.decode(2, q), { v: L, l: k } = E.decode(2, S);
-    if (k.length)
-      throw new n("invalid signature: left bytes after parsing");
-    return { r: t.decode(Y), s: t.decode(L) };
-  },
-  hexFromSig(h) {
-    const { _tlv: n, _int: t } = U, E = n.encode(2, t.encode(h.r)), R = n.encode(2, t.encode(h.s)), q = E + R;
-    return n.encode(48, q);
-  }
-}, j = BigInt(0), A = BigInt(1);
-BigInt(2);
-const ht = BigInt(3);
-BigInt(4);
-function Zt(h) {
-  const n = Ot(h), { Fp: t } = n, E = bt(n.n, n.nBitLength), R = n.toBytes || ((m, e, s) => {
-    const c = e.toAffine();
-    return st(Uint8Array.from([4]), t.toBytes(c.x), t.toBytes(c.y));
-  }), q = n.fromBytes || ((m) => {
-    const e = m.subarray(1), s = t.fromBytes(e.subarray(0, t.BYTES)), c = t.fromBytes(e.subarray(t.BYTES, 2 * t.BYTES));
-    return { x: s, y: c };
-  });
-  function B(m) {
-    const { a: e, b: s } = n, c = t.sqr(m), u = t.mul(c, m);
-    return t.add(t.add(u, t.mul(m, e)), s);
-  }
-  if (!t.eql(t.sqr(n.Gy), B(n.Gx)))
-    throw new Error("bad generator point: equation left != right");
-  function Y(m) {
-    return yt(m, A, n.n);
-  }
-  function S(m) {
-    const { allowedPrivateKeyLengths: e, nByteLength: s, wrapPrivateKey: c, n: u } = n;
-    if (e && typeof m != "bigint") {
-      if (at(m) && (m = ct(m)), typeof m != "string" || !e.includes(m.length))
-        throw new Error("invalid private key");
-      m = m.padStart(s * 2, "0");
-    }
-    let p;
+function F(t) {
+  const n = t.toString(16);
+  return n.length & 1 ? "0" + n : n;
+}
+function E(t) {
+  if (typeof t != "string")
+    throw new Error("hex string expected, got " + typeof t);
+  return t === "" ? w : BigInt("0x" + t);
+}
+const U = (
+  // @ts-ignore
+  typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function"
+), S = /* @__PURE__ */ Array.from({ length: 256 }, (t, n) => n.toString(16).padStart(2, "0"));
+function x(t) {
+  if (h(t), U)
+    return t.toHex();
+  let n = "";
+  for (let e = 0; e < t.length; e++)
+    n += S[t[e]];
+  return n;
+}
+const u = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function m(t) {
+  if (t >= u._0 && t <= u._9)
+    return t - u._0;
+  if (t >= u.A && t <= u.F)
+    return t - (u.A - 10);
+  if (t >= u.a && t <= u.f)
+    return t - (u.a - 10);
+}
+function B(t) {
+  if (typeof t != "string")
+    throw new Error("hex string expected, got " + typeof t);
+  if (U)
+    return Uint8Array.fromHex(t);
+  const n = t.length, e = n / 2;
+  if (n % 2)
+    throw new Error("hex string expected, got unpadded hex of length " + n);
+  const r = new Uint8Array(e);
+  for (let o = 0, i = 0; o < e; o++, i += 2) {
+    const a = m(t.charCodeAt(i)), f = m(t.charCodeAt(i + 1));
+    if (a === void 0 || f === void 0) {
+      const c = t[i] + t[i + 1];
+      throw new Error('hex string expected, got non-hex character "' + c + '" at index ' + i);
+    }
+    r[o] = a * 16 + f;
+  }
+  return r;
+}
+function O(t) {
+  return E(x(t));
+}
+function V(t) {
+  return h(t), E(x(Uint8Array.from(t).reverse()));
+}
+function T(t, n) {
+  return B(t.toString(16).padStart(n * 2, "0"));
+}
+function C(t, n) {
+  return T(t, n).reverse();
+}
+function M(t, n, e) {
+  let r;
+  if (typeof n == "string")
     try {
-      p = typeof m == "bigint" ? m : tt(V("private key", m, s));
-    } catch {
-      throw new Error("invalid private key, expected hex or " + s + " bytes, got " + typeof m);
-    }
-    return c && (p = wt(p, u)), Q("private key", p, A, u), p;
-  }
-  function L(m) {
-    if (!(m instanceof w))
-      throw new Error("ProjectivePoint expected");
-  }
-  const k = ut((m, e) => {
-    const { px: s, py: c, pz: u } = m;
-    if (t.eql(u, t.ONE))
-      return { x: s, y: c };
-    const p = m.is0();
-    e == null && (e = p ? t.ONE : t.inv(u));
-    const v = t.mul(s, e), y = t.mul(c, e), a = t.mul(u, e);
-    if (p)
-      return { x: t.ZERO, y: t.ZERO };
-    if (!t.eql(a, t.ONE))
-      throw new Error("invZ was invalid");
-    return { x: v, y };
-  }), rt = ut((m) => {
-    if (m.is0()) {
-      if (n.allowInfinityPoint && !t.is0(m.py))
-        return;
-      throw new Error("bad point: ZERO");
-    }
-    const { x: e, y: s } = m.toAffine();
-    if (!t.isValid(e) || !t.isValid(s))
-      throw new Error("bad point: x or y not FE");
-    const c = t.sqr(s), u = B(e);
-    if (!t.eql(c, u))
-      throw new Error("bad point: equation left != right");
-    if (!m.isTorsionFree())
-      throw new Error("bad point: not in prime-order subgroup");
-    return !0;
-  });
-  class w {
-    constructor(e, s, c) {
-      if (e == null || !t.isValid(e))
-        throw new Error("x required");
-      if (s == null || !t.isValid(s))
-        throw new Error("y required");
-      if (c == null || !t.isValid(c))
-        throw new Error("z required");
-      this.px = e, this.py = s, this.pz = c, Object.freeze(this);
-    }
-    // Does not validate if the point is on-curve.
-    // Use fromHex instead, or call assertValidity() later.
-    static fromAffine(e) {
-      const { x: s, y: c } = e || {};
-      if (!e || !t.isValid(s) || !t.isValid(c))
-        throw new Error("invalid affine point");
-      if (e instanceof w)
-        throw new Error("projective point not allowed");
-      const u = (p) => t.eql(p, t.ZERO);
-      return u(s) && u(c) ? w.ZERO : new w(s, c, t.ONE);
-    }
-    get x() {
-      return this.toAffine().x;
-    }
-    get y() {
-      return this.toAffine().y;
-    }
-    /**
-     * Takes a bunch of Projective Points but executes only one
-     * inversion on all of them. Inversion is very slow operation,
-     * so this improves performance massively.
-     * Optimization: converts a list of projective points to a list of identical points with Z=1.
-     */
-    static normalizeZ(e) {
-      const s = t.invertBatch(e.map((c) => c.pz));
-      return e.map((c, u) => c.toAffine(s[u])).map(w.fromAffine);
-    }
-    /**
-     * Converts hash string or Uint8Array to Point.
-     * @param hex short/long ECDSA hex
-     */
-    static fromHex(e) {
-      const s = w.fromAffine(q(V("pointHex", e)));
-      return s.assertValidity(), s;
-    }
-    // Multiplies generator point by privateKey.
-    static fromPrivateKey(e) {
-      return w.BASE.multiply(S(e));
-    }
-    // Multiscalar Multiplication
-    static msm(e, s) {
-      return Et(w, E, e, s);
-    }
-    // "Private method", don't use it directly
-    _setWindowSize(e) {
-      D.setWindowSize(this, e);
-    }
-    // A point on curve is valid if it conforms to equation.
-    assertValidity() {
-      rt(this);
-    }
-    hasEvenY() {
-      const { y: e } = this.toAffine();
-      if (t.isOdd)
-        return !t.isOdd(e);
-      throw new Error("Field doesn't support isOdd");
-    }
-    /**
-     * Compare one point to another.
-     */
-    equals(e) {
-      L(e);
-      const { px: s, py: c, pz: u } = this, { px: p, py: v, pz: y } = e, a = t.eql(t.mul(s, y), t.mul(p, u)), f = t.eql(t.mul(c, y), t.mul(v, u));
-      return a && f;
-    }
-    /**
-     * Flips point to one corresponding to (x, -y) in Affine coordinates.
-     */
-    negate() {
-      return new w(this.px, t.neg(this.py), this.pz);
-    }
-    // Renes-Costello-Batina exception-free doubling formula.
-    // There is 30% faster Jacobian formula, but it is not complete.
-    // https://eprint.iacr.org/2015/1060, algorithm 3
-    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
-    double() {
-      const { a: e, b: s } = n, c = t.mul(s, ht), { px: u, py: p, pz: v } = this;
-      let y = t.ZERO, a = t.ZERO, f = t.ZERO, l = t.mul(u, u), Z = t.mul(p, p), x = t.mul(v, v), b = t.mul(u, p);
-      return b = t.add(b, b), f = t.mul(u, v), f = t.add(f, f), y = t.mul(e, f), a = t.mul(c, x), a = t.add(y, a), y = t.sub(Z, a), a = t.add(Z, a), a = t.mul(y, a), y = t.mul(b, y), f = t.mul(c, f), x = t.mul(e, x), b = t.sub(l, x), b = t.mul(e, b), b = t.add(b, f), f = t.add(l, l), l = t.add(f, l), l = t.add(l, x), l = t.mul(l, b), a = t.add(a, l), x = t.mul(p, v), x = t.add(x, x), l = t.mul(x, b), y = t.sub(y, l), f = t.mul(x, Z), f = t.add(f, f), f = t.add(f, f), new w(y, a, f);
-    }
-    // Renes-Costello-Batina exception-free addition formula.
-    // There is 30% faster Jacobian formula, but it is not complete.
-    // https://eprint.iacr.org/2015/1060, algorithm 1
-    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
-    add(e) {
-      L(e);
-      const { px: s, py: c, pz: u } = this, { px: p, py: v, pz: y } = e;
-      let a = t.ZERO, f = t.ZERO, l = t.ZERO;
-      const Z = n.a, x = t.mul(n.b, ht);
-      let b = t.mul(s, p), F = t.mul(c, v), r = t.mul(u, y), o = t.add(s, c), i = t.add(p, v);
-      o = t.mul(o, i), i = t.add(b, F), o = t.sub(o, i), i = t.add(s, u);
-      let d = t.add(p, y);
-      return i = t.mul(i, d), d = t.add(b, r), i = t.sub(i, d), d = t.add(c, u), a = t.add(v, y), d = t.mul(d, a), a = t.add(F, r), d = t.sub(d, a), l = t.mul(Z, i), a = t.mul(x, r), l = t.add(a, l), a = t.sub(F, l), l = t.add(F, l), f = t.mul(a, l), F = t.add(b, b), F = t.add(F, b), r = t.mul(Z, r), i = t.mul(x, i), F = t.add(F, r), r = t.sub(b, r), r = t.mul(Z, r), i = t.add(i, r), b = t.mul(F, i), f = t.add(f, b), b = t.mul(d, i), a = t.mul(o, a), a = t.sub(a, b), b = t.mul(o, F), l = t.mul(d, l), l = t.add(l, b), new w(a, f, l);
-    }
-    subtract(e) {
-      return this.add(e.negate());
-    }
-    is0() {
-      return this.equals(w.ZERO);
-    }
-    wNAF(e) {
-      return D.wNAFCached(this, e, w.normalizeZ);
-    }
-    /**
-     * Non-constant-time multiplication. Uses double-and-add algorithm.
-     * It's faster, but should only be used when you don't care about
-     * an exposed private key e.g. sig verification, which works over *public* keys.
-     */
-    multiplyUnsafe(e) {
-      const { endo: s, n: c } = n;
-      Q("scalar", e, j, c);
-      const u = w.ZERO;
-      if (e === j)
-        return u;
-      if (this.is0() || e === A)
-        return this;
-      if (!s || D.hasPrecomputes(this))
-        return D.wNAFCachedUnsafe(this, e, w.normalizeZ);
-      let { k1neg: p, k1: v, k2neg: y, k2: a } = s.splitScalar(e), f = u, l = u, Z = this;
-      for (; v > j || a > j; )
-        v & A && (f = f.add(Z)), a & A && (l = l.add(Z)), Z = Z.double(), v >>= A, a >>= A;
-      return p && (f = f.negate()), y && (l = l.negate()), l = new w(t.mul(l.px, s.beta), l.py, l.pz), f.add(l);
-    }
-    /**
-     * Constant time multiplication.
-     * Uses wNAF method. Windowed method may be 10% faster,
-     * but takes 2x longer to generate and consumes 2x memory.
-     * Uses precomputes when available.
-     * Uses endomorphism for Koblitz curves.
-     * @param scalar by which the point would be multiplied
-     * @returns New point
-     */
-    multiply(e) {
-      const { endo: s, n: c } = n;
-      Q("scalar", e, A, c);
-      let u, p;
-      if (s) {
-        const { k1neg: v, k1: y, k2neg: a, k2: f } = s.splitScalar(e);
-        let { p: l, f: Z } = this.wNAF(y), { p: x, f: b } = this.wNAF(f);
-        l = D.constTimeNegate(v, l), x = D.constTimeNegate(a, x), x = new w(t.mul(x.px, s.beta), x.py, x.pz), u = l.add(x), p = Z.add(b);
-      } else {
-        const { p: v, f: y } = this.wNAF(e);
-        u = v, p = y;
-      }
-      return w.normalizeZ([u, p])[0];
-    }
-    /**
-     * Efficiently calculate `aP + bQ`. Unsafe, can expose private key, if used incorrectly.
-     * Not using Strauss-Shamir trick: precomputation tables are faster.
-     * The trick could be useful if both P and Q are not G (not in our case).
-     * @returns non-zero affine point
-     */
-    multiplyAndAddUnsafe(e, s, c) {
-      const u = w.BASE, p = (y, a) => a === j || a === A || !y.equals(u) ? y.multiplyUnsafe(a) : y.multiply(a), v = p(this, s).add(p(e, c));
-      return v.is0() ? void 0 : v;
-    }
-    // Converts Projective point to affine (x, y) coordinates.
-    // Can accept precomputed Z^-1 - for example, from invertBatch.
-    // (x, y, z) ∋ (x=x/z, y=y/z)
-    toAffine(e) {
-      return k(this, e);
-    }
-    isTorsionFree() {
-      const { h: e, isTorsionFree: s } = n;
-      if (e === A)
-        return !0;
-      if (s)
-        return s(w, this);
-      throw new Error("isTorsionFree() has not been declared for the elliptic curve");
-    }
-    clearCofactor() {
-      const { h: e, clearCofactor: s } = n;
-      return e === A ? this : s ? s(w, this) : this.multiplyUnsafe(n.h);
-    }
-    toRawBytes(e = !0) {
-      return et("isCompressed", e), this.assertValidity(), R(w, this, e);
-    }
-    toHex(e = !0) {
-      return et("isCompressed", e), ct(this.toRawBytes(e));
-    }
-  }
-  w.BASE = new w(n.Gx, n.Gy, t.ONE), w.ZERO = new w(t.ZERO, t.ONE, t.ZERO);
-  const X = n.nBitLength, D = gt(w, n.endo ? Math.ceil(X / 2) : X);
-  return {
-    CURVE: n,
-    ProjectivePoint: w,
-    normPrivateKeyToScalar: S,
-    weierstrassEquation: B,
-    isWithinCurveOrder: Y
-  };
+      r = B(n);
+    } catch (i) {
+      throw new Error(t + " must be hex string or Uint8Array, cause: " + i);
+    }
+  else if (b(n))
+    r = Uint8Array.from(n);
+  else
+    throw new Error(t + " must be hex string or Uint8Array");
+  const o = r.length;
+  if (typeof e == "number" && o !== e)
+    throw new Error(t + " of length " + e + " expected, got " + o);
+  return r;
 }
-function Nt(h) {
-  const n = mt(h);
-  return pt(n, {
-    hash: "hash",
-    hmac: "function",
-    randomBytes: "function"
-  }, {
-    bits2int: "function",
-    bits2int_modN: "function",
-    lowS: "boolean"
-  }), Object.freeze({ lowS: !0, ...n });
+function H(...t) {
+  let n = 0;
+  for (let r = 0; r < t.length; r++) {
+    const o = t[r];
+    h(o), n += o.length;
+  }
+  const e = new Uint8Array(n);
+  for (let r = 0, o = 0; r < t.length; r++) {
+    const i = t[r];
+    e.set(i, o), o += i.length;
+  }
+  return e;
 }
-function Lt(h) {
-  const n = Nt(h), { Fp: t, n: E } = n, R = t.BYTES + 1, q = 2 * t.BYTES + 1;
-  function B(r) {
-    return wt(r, E);
-  }
-  function Y(r) {
-    return xt(r, E);
-  }
-  const { ProjectivePoint: S, normPrivateKeyToScalar: L, weierstrassEquation: k, isWithinCurveOrder: rt } = Zt({
-    ...n,
-    toBytes(r, o, i) {
-      const d = o.toAffine(), g = t.toBytes(d.x), O = st;
-      return et("isCompressed", i), i ? O(Uint8Array.from([o.hasEvenY() ? 2 : 3]), g) : O(Uint8Array.from([4]), g, t.toBytes(d.y));
-    },
-    fromBytes(r) {
-      const o = r.length, i = r[0], d = r.subarray(1);
-      if (o === R && (i === 2 || i === 3)) {
-        const g = tt(d);
-        if (!yt(g, A, t.ORDER))
-          throw new Error("Point is not on curve");
-        const O = k(g);
-        let z;
-        try {
-          z = t.sqrt(O);
-        } catch (H) {
-          const T = H instanceof Error ? ": " + H.message : "";
-          throw new Error("Point is not on curve" + T);
-        }
-        const N = (z & A) === A;
-        return (i & 1) === 1 !== N && (z = t.neg(z)), { x: g, y: z };
-      } else if (o === q && i === 4) {
-        const g = t.fromBytes(d.subarray(0, t.BYTES)), O = t.fromBytes(d.subarray(t.BYTES, 2 * t.BYTES));
-        return { x: g, y: O };
-      } else {
-        const g = R, O = q;
-        throw new Error("invalid Point, expected length of " + g + ", or uncompressed " + O + ", got " + o);
-      }
-    }
-  }), w = (r) => ct(dt(r, n.nByteLength));
-  function X(r) {
-    const o = E >> A;
-    return r > o;
-  }
-  function D(r) {
-    return X(r) ? B(-r) : r;
-  }
-  const m = (r, o, i) => tt(r.slice(o, i));
-  class e {
-    constructor(o, i, d) {
-      Q("r", o, A, E), Q("s", i, A, E), this.r = o, this.s = i, d != null && (this.recovery = d), Object.freeze(this);
-    }
-    // pair (bytes of r, bytes of s)
-    static fromCompact(o) {
-      const i = n.nByteLength;
-      return o = V("compactSignature", o, i * 2), new e(m(o, 0, i), m(o, i, 2 * i));
-    }
-    // DER encoded ECDSA signature
-    // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
-    static fromDER(o) {
-      const { r: i, s: d } = U.toSig(V("DER", o));
-      return new e(i, d);
-    }
-    /**
-     * @todo remove
-     * @deprecated
-     */
-    assertValidity() {
-    }
-    addRecoveryBit(o) {
-      return new e(this.r, this.s, o);
-    }
-    recoverPublicKey(o) {
-      const { r: i, s: d, recovery: g } = this, O = y(V("msgHash", o));
-      if (g == null || ![0, 1, 2, 3].includes(g))
-        throw new Error("recovery id invalid");
-      const z = g === 2 || g === 3 ? i + n.n : i;
-      if (z >= t.ORDER)
-        throw new Error("recovery id 2 or 3 invalid");
-      const N = g & 1 ? "03" : "02", C = S.fromHex(N + w(z)), H = Y(z), T = B(-O * H), M = B(d * H), K = S.BASE.multiplyAndAddUnsafe(C, T, M);
-      if (!K)
-        throw new Error("point at infinify");
-      return K.assertValidity(), K;
-    }
-    // Signatures should be low-s, to prevent malleability.
-    hasHighS() {
-      return X(this.s);
-    }
-    normalizeS() {
-      return this.hasHighS() ? new e(this.r, B(-this.s), this.recovery) : this;
-    }
-    // DER-encoded
-    toDERRawBytes() {
-      return lt(this.toDERHex());
-    }
-    toDERHex() {
-      return U.hexFromSig({ r: this.r, s: this.s });
-    }
-    // padded bytes of r, then padded bytes of s
-    toCompactRawBytes() {
-      return lt(this.toCompactHex());
-    }
-    toCompactHex() {
-      return w(this.r) + w(this.s);
-    }
-  }
-  const s = {
-    isValidPrivateKey(r) {
-      try {
-        return L(r), !0;
-      } catch {
-        return !1;
-      }
-    },
-    normPrivateKeyToScalar: L,
-    /**
-     * Produces cryptographically secure private key from random of size
-     * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
-     */
-    randomPrivateKey: () => {
-      const r = vt(n.n);
-      return Bt(n.randomBytes(r), n.n);
-    },
-    /**
-     * Creates precompute table for an arbitrary EC point. Makes point "cached".
-     * Allows to massively speed-up `point.multiply(scalar)`.
-     * @returns cached point
-     * @example
-     * const fast = utils.precompute(8, ProjectivePoint.fromHex(someonesPubKey));
-     * fast.multiply(privKey); // much faster ECDH now
-     */
-    precompute(r = 8, o = S.BASE) {
-      return o._setWindowSize(r), o.multiply(BigInt(3)), o;
-    }
+const y = (t) => typeof t == "bigint" && w <= t;
+function I(t, n, e) {
+  return y(t) && y(n) && y(e) && n <= t && t < e;
+}
+function R(t, n, e, r) {
+  if (!I(n, e, r))
+    throw new Error("expected valid " + t + ": " + e + " <= n < " + r + ", got " + n);
+}
+function j(t) {
+  let n;
+  for (n = 0; t > w; t >>= p, n += 1)
+    ;
+  return n;
+}
+const z = (t) => (p << BigInt(t)) - p, d = (t) => new Uint8Array(t), A = (t) => Uint8Array.from(t);
+function D(t, n, e) {
+  if (typeof t != "number" || t < 2)
+    throw new Error("hashLen must be a number");
+  if (typeof n != "number" || n < 2)
+    throw new Error("qByteLen must be a number");
+  if (typeof e != "function")
+    throw new Error("hmacFn must be a function");
+  let r = d(t), o = d(t), i = 0;
+  const a = () => {
+    r.fill(1), o.fill(0), i = 0;
+  }, f = (...s) => e(o, r, ...s), c = (s = d(0)) => {
+    o = f(A([0]), s), r = f(), s.length !== 0 && (o = f(A([1]), s), r = f());
+  }, v = () => {
+    if (i++ >= 1e3)
+      throw new Error("drbg: tried 1000 values");
+    let s = 0;
+    const l = [];
+    for (; s < n; ) {
+      r = f();
+      const g = r.slice();
+      l.push(g), s += r.length;
+    }
+    return H(...l);
   };
-  function c(r, o = !0) {
-    return S.fromPrivateKey(r).toRawBytes(o);
-  }
-  function u(r) {
-    const o = at(r), i = typeof r == "string", d = (o || i) && r.length;
-    return o ? d === R || d === q : i ? d === 2 * R || d === 2 * q : r instanceof S;
-  }
-  function p(r, o, i = !0) {
-    if (u(r))
-      throw new Error("first arg must be private key");
-    if (!u(o))
-      throw new Error("second arg must be public key");
-    return S.fromHex(o).multiply(L(r)).toRawBytes(i);
-  }
-  const v = n.bits2int || function(r) {
-    if (r.length > 8192)
-      throw new Error("input is too large");
-    const o = tt(r), i = r.length * 8 - n.nBitLength;
-    return i > 0 ? o >> BigInt(i) : o;
-  }, y = n.bits2int_modN || function(r) {
-    return B(v(r));
-  }, a = St(n.nBitLength);
-  function f(r) {
-    return Q("num < 2^" + n.nBitLength, r, j, a), dt(r, n.nByteLength);
-  }
-  function l(r, o, i = Z) {
-    if (["recovered", "canonical"].some((I) => I in i))
-      throw new Error("sign() legacy options not supported");
-    const { hash: d, randomBytes: g } = n;
-    let { lowS: O, prehash: z, extraEntropy: N } = i;
-    O == null && (O = !0), r = V("msgHash", r), ft(i), z && (r = V("prehashed msgHash", d(r)));
-    const C = y(r), H = L(o), T = [f(H), f(C)];
-    if (N != null && N !== !1) {
-      const I = N === !0 ? g(t.BYTES) : N;
-      T.push(V("extraEntropy", I));
-    }
-    const M = st(...T), K = C;
-    function ot(I) {
-      const W = v(I);
-      if (!rt(W))
-        return;
-      const it = Y(W), J = S.BASE.multiply(W).toAffine(), P = B(J.x);
-      if (P === j)
-        return;
-      const $ = B(it * B(K + P * H));
-      if ($ === j)
-        return;
-      let _ = (J.x === P ? 0 : 2) | Number(J.y & A), G = $;
-      return O && X($) && (G = D($), _ ^= 1), new e(P, G, _);
-    }
-    return { seed: M, k2sig: ot };
-  }
-  const Z = { lowS: n.lowS, prehash: !1 }, x = { lowS: n.lowS, prehash: !1 };
-  function b(r, o, i = Z) {
-    const { seed: d, k2sig: g } = l(r, o, i), O = n;
-    return Rt(O.hash.outputLen, O.nByteLength, O.hmac)(d, g);
-  }
-  S.BASE._setWindowSize(8);
-  function F(r, o, i, d = x) {
-    var _;
-    const g = r;
-    o = V("msgHash", o), i = V("publicKey", i);
-    const { lowS: O, prehash: z, format: N } = d;
-    if (ft(d), "strict" in d)
-      throw new Error("options.strict was renamed to lowS");
-    if (N !== void 0 && N !== "compact" && N !== "der")
-      throw new Error("format must be compact or der");
-    const C = typeof g == "string" || at(g), H = !C && !N && typeof g == "object" && g !== null && typeof g.r == "bigint" && typeof g.s == "bigint";
-    if (!C && !H)
-      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
-    let T, M;
-    try {
-      if (H && (T = new e(g.r, g.s)), C) {
-        try {
-          N !== "compact" && (T = e.fromDER(g));
-        } catch (G) {
-          if (!(G instanceof U.Err))
-            throw G;
-        }
-        !T && N !== "der" && (T = e.fromCompact(g));
-      }
-      M = S.fromHex(i);
-    } catch {
-      return !1;
-    }
-    if (!T || O && T.hasHighS())
-      return !1;
-    z && (o = n.hash(o));
-    const { r: K, s: ot } = T, I = y(o), W = Y(ot), it = B(I * W), J = B(K * W), P = (_ = S.BASE.multiplyAndAddUnsafe(M, it, J)) == null ? void 0 : _.toAffine();
-    return P ? B(P.x) === K : !1;
-  }
-  return {
-    CURVE: n,
-    getPublicKey: c,
-    getSharedSecret: p,
-    sign: b,
-    verify: F,
-    ProjectivePoint: S,
-    Signature: e,
-    utils: s
+  return (s, l) => {
+    a(), c(s);
+    let g;
+    for (; !(g = l(v())); )
+      c();
+    return a(), g;
+  };
+}
+const _ = {
+  bigint: (t) => typeof t == "bigint",
+  function: (t) => typeof t == "function",
+  boolean: (t) => typeof t == "boolean",
+  string: (t) => typeof t == "string",
+  stringOrUint8Array: (t) => typeof t == "string" || b(t),
+  isSafeInteger: (t) => Number.isSafeInteger(t),
+  array: (t) => Array.isArray(t),
+  field: (t, n) => n.Fp.isValid(t),
+  hash: (t) => typeof t == "function" && Number.isSafeInteger(t.outputLen)
+};
+function P(t, n, e = {}) {
+  const r = (o, i, a) => {
+    const f = _[i];
+    if (typeof f != "function")
+      throw new Error("invalid validator function");
+    const c = t[o];
+    if (!(a && c === void 0) && !f(c, t))
+      throw new Error("param " + String(o) + " is invalid. Expected " + i + ", got " + c);
+  };
+  for (const [o, i] of Object.entries(n))
+    r(o, i, !1);
+  for (const [o, i] of Object.entries(e))
+    r(o, i, !0);
+  return t;
+}
+function W(t) {
+  const n = /* @__PURE__ */ new WeakMap();
+  return (e, ...r) => {
+    const o = n.get(e);
+    if (o !== void 0)
+      return o;
+    const i = t(e, ...r);
+    return n.set(e, i), i;
   };
 }
 export {
-  U as DER,
-  At as DERErr,
-  Lt as weierstrass,
-  Zt as weierstrassPoints
+  R as aInRange,
+  k as abool,
+  h as abytes,
+  j as bitLen,
+  z as bitMask,
+  x as bytesToHex,
+  O as bytesToNumberBE,
+  V as bytesToNumberLE,
+  H as concatBytes,
+  D as createHmacDrbg,
+  M as ensureBytes,
+  B as hexToBytes,
+  E as hexToNumber,
+  I as inRange,
+  b as isBytes,
+  W as memoized,
+  T as numberToBytesBE,
+  C as numberToBytesLE,
+  F as numberToHexUnpadded,
+  P as validateObject
 };