@ghostspeak/sdk 2.0.6 → 2.0.7

package/dist/chunk-IAWBZYPE.js

@@ -1,356 +0,0 @@
-import { ed25519 } from '@noble/curves/ed25519';
-import { sha256 } from '@noble/hashes/sha256';
-import { bytesToNumberLE, randomBytes, bytesToHex } from '@noble/curves/abstract/utils';
-import { getAddressEncoder } from '@solana/kit';
-
-// src/utils/elgamal.ts
-var MAX_DECRYPTABLE_VALUE = 4294967295n;
-var G = ed25519.ExtendedPoint.BASE;
-var hash = (data) => sha256(data);
-function numberToBytesLE(n, length) {
-  const bytes = new Uint8Array(length);
-  let temp = n;
-  for (let i = 0; i < length; i++) {
-    bytes[i] = Number(temp & 0xffn);
-    temp >>= 8n;
-  }
-  return bytes;
-}
-function generateElGamalKeypair(seed) {
-  const secretKey = seed ? hash(seed).slice(0, 32) : randomBytes(32);
-  secretKey[0] &= 248;
-  secretKey[31] &= 127;
-  secretKey[31] |= 64;
-  const scalarValue = bytesToNumberLE(secretKey) % ed25519.CURVE.n;
-  const publicKey = G.multiply(scalarValue).toRawBytes();
-  return { publicKey, secretKey };
-}
-function deriveElGamalKeypair(signer, tokenAccount) {
-  const message = new TextEncoder().encode(`elgamal:${tokenAccount}`);
-  const signerBytes = getAddressEncoder().encode(signer.address);
-  const combined = new Uint8Array(signerBytes.length + message.length);
-  combined.set(signerBytes);
-  combined.set(message, signerBytes.length);
-  const seed = hash(combined);
-  return generateElGamalKeypair(seed);
-}
-function encryptAmount(amount, pubkey) {
-  const result = encryptAmountWithRandomness(amount, pubkey);
-  return result.ciphertext;
-}
-function encryptAmountWithRandomness(amount, pubkey, providedRandomness) {
-  if (amount < 0n) {
-    throw new Error("Amount must be non-negative");
-  }
-  if (amount > MAX_DECRYPTABLE_VALUE) {
-    throw new Error(`Amount exceeds maximum decryptable value (${MAX_DECRYPTABLE_VALUE})`);
-  }
-  const randomness = providedRandomness ?? randomBytes(32);
-  randomness[0] &= 248;
-  randomness[31] &= 127;
-  randomness[31] |= 64;
-  const r = bytesToNumberLE(randomness) % ed25519.CURVE.n;
-  const pubkeyPoint = ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey));
-  const amountPoint = amount === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(amount);
-  const maskedAmount = amountPoint.add(pubkeyPoint.multiply(r));
-  const commitment = maskedAmount.toRawBytes();
-  const handle = G.multiply(r).toRawBytes();
-  return {
-    ciphertext: {
-      commitment: { commitment },
-      handle: { handle }
-    },
-    randomness
-  };
-}
-function decryptAmount(ciphertext, secretKey, maxValue = 65536n) {
-  const C = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment));
-  const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle));
-  const sk = bytesToNumberLE(secretKey) % ed25519.CURVE.n;
-  const decryptedPoint = C.subtract(D.multiply(sk));
-  for (let i = 0n; i <= maxValue; i++) {
-    const testPoint = i === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(i);
-    if (testPoint.equals(decryptedPoint)) {
-      return i;
-    }
-  }
-  return null;
-}
-function decryptAmountWithLookup(ciphertext, secretKey, lookupTable) {
-  const C = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment));
-  const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle));
-  const sk = bytesToNumberLE(secretKey) % ed25519.CURVE.n;
-  const decryptedPoint = C.subtract(D.multiply(sk));
-  const pointHex = decryptedPoint.toHex();
-  return lookupTable.get(pointHex) ?? null;
-}
-function buildDecryptionLookupTable(maxValue) {
-  const lookupTable = /* @__PURE__ */ new Map();
-  for (let i = 0n; i <= maxValue; i++) {
-    const point = i === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(i);
-    lookupTable.set(point.toHex(), i);
-  }
-  return lookupTable;
-}
-function addCiphertexts(a, b) {
-  const Ca = ed25519.ExtendedPoint.fromHex(bytesToHex(a.commitment.commitment));
-  const Cb = ed25519.ExtendedPoint.fromHex(bytesToHex(b.commitment.commitment));
-  const Da = ed25519.ExtendedPoint.fromHex(bytesToHex(a.handle.handle));
-  const Db = ed25519.ExtendedPoint.fromHex(bytesToHex(b.handle.handle));
-  const sumCommitment = Ca.add(Cb).toRawBytes();
-  const sumHandle = Da.add(Db).toRawBytes();
-  return {
-    commitment: { commitment: sumCommitment },
-    handle: { handle: sumHandle }
-  };
-}
-function subtractCiphertexts(a, b) {
-  const Ca = ed25519.ExtendedPoint.fromHex(bytesToHex(a.commitment.commitment));
-  const Cb = ed25519.ExtendedPoint.fromHex(bytesToHex(b.commitment.commitment));
-  const Da = ed25519.ExtendedPoint.fromHex(bytesToHex(a.handle.handle));
-  const Db = ed25519.ExtendedPoint.fromHex(bytesToHex(b.handle.handle));
-  const diffCommitment = Ca.subtract(Cb).toRawBytes();
-  const diffHandle = Da.subtract(Db).toRawBytes();
-  return {
-    commitment: { commitment: diffCommitment },
-    handle: { handle: diffHandle }
-  };
-}
-function scaleCiphertext(ciphertext, scalar) {
-  if (scalar === 0n) {
-    const zeroPoint = ed25519.ExtendedPoint.ZERO;
-    return {
-      commitment: { commitment: zeroPoint.toRawBytes() },
-      handle: { handle: zeroPoint.toRawBytes() }
-    };
-  }
-  const C = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment));
-  const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle));
-  const scaledCommitment = C.multiply(scalar).toRawBytes();
-  const scaledHandle = D.multiply(scalar).toRawBytes();
-  return {
-    commitment: { commitment: scaledCommitment },
-    handle: { handle: scaledHandle }
-  };
-}
-var RANGE_PROOF_SIZE = 672;
-function getGeneratorH() {
-  const hashInput = new TextEncoder().encode("ElGamal-Generator-H");
-  const hashOutput = hash(hashInput);
-  const scalar = bytesToNumberLE(hashOutput) % ed25519.CURVE.n;
-  return G.multiply(scalar);
-}
-getGeneratorH();
-async function generateRangeProof(amount, commitment, randomness) {
-  if (amount < 0n || amount > MAX_DECRYPTABLE_VALUE) {
-    throw new Error("Amount must be in range [0, 2^32)");
-  }
-  const proof = new Uint8Array(RANGE_PROOF_SIZE);
-  const commitmentBytes = "commitment" in commitment ? commitment.commitment : new Uint8Array(32);
-  return {
-    proof,
-    commitment: commitmentBytes
-  };
-}
-async function verifyRangeProof(proof, _commitment) {
-  if (proof.proof.length !== RANGE_PROOF_SIZE) {
-    return false;
-  }
-  return true;
-}
-function generateValidityProof(ciphertext, pubkey, randomness) {
-  const r = bytesToNumberLE(randomness) % ed25519.CURVE.n;
-  const pubkeyPoint = ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey));
-  const k = bytesToNumberLE(randomBytes(32)) % ed25519.CURVE.n;
-  const R1 = k === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(k);
-  const R2 = k === 0n ? ed25519.ExtendedPoint.ZERO : pubkeyPoint.multiply(k);
-  const challenge = bytesToNumberLE(hash(new Uint8Array([
-    ...ciphertext.commitment.commitment,
-    ...ciphertext.handle.handle,
-    ...R1.toRawBytes(),
-    ...R2.toRawBytes(),
-    ...pubkey
-  ]))) % ed25519.CURVE.n;
-  const s = (k + challenge * r) % ed25519.CURVE.n;
-  const proofData = new Uint8Array(96);
-  proofData.set(R1.toRawBytes(), 0);
-  proofData.set(R2.toRawBytes(), 32);
-  const sBytes = numberToBytesLE(s, 32);
-  proofData.set(sBytes, 64);
-  return { proof: proofData };
-}
-function verifyValidityProof(proof, ciphertext, pubkey) {
-  if (proof.proof.length !== 96) {
-    return false;
-  }
-  try {
-    const R1 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(0, 32)));
-    const R2 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(32, 64)));
-    const s = bytesToNumberLE(proof.proof.slice(64, 96)) % ed25519.CURVE.n;
-    const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle));
-    const pubkeyPoint = ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey));
-    void pubkeyPoint;
-    const challenge = bytesToNumberLE(hash(new Uint8Array([
-      ...ciphertext.commitment.commitment,
-      ...ciphertext.handle.handle,
-      ...R1.toRawBytes(),
-      ...R2.toRawBytes(),
-      ...pubkey
-    ]))) % ed25519.CURVE.n;
-    const lhs1 = s === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(s);
-    const rhs1 = R1.add(challenge === 0n ? ed25519.ExtendedPoint.ZERO : D.multiply(challenge));
-    return lhs1.equals(rhs1);
-  } catch {
-    return false;
-  }
-}
-function generateEqualityProof(ciphertext1, ciphertext2, randomness1, randomness2, pubkey) {
-  const r1 = bytesToNumberLE(randomness1) % ed25519.CURVE.n;
-  const r2 = bytesToNumberLE(randomness2) % ed25519.CURVE.n;
-  const rdiff = (r1 - r2 + ed25519.CURVE.n) % ed25519.CURVE.n;
-  const k = bytesToNumberLE(randomBytes(32)) % ed25519.CURVE.n;
-  const C1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.commitment.commitment));
-  const C2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.commitment.commitment));
-  const D1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.handle.handle));
-  const D2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.handle.handle));
-  const Cdiff = C1.subtract(C2);
-  const Ddiff = D1.subtract(D2);
-  const P = pubkey ? ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey)) : null;
-  const R1 = k === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(k);
-  const R2 = P && k !== 0n ? P.multiply(k) : ed25519.ExtendedPoint.ZERO;
-  const challenge = bytesToNumberLE(sha256(new Uint8Array([
-    ...ciphertext1.commitment.commitment,
-    ...ciphertext1.handle.handle,
-    ...ciphertext2.commitment.commitment,
-    ...ciphertext2.handle.handle,
-    ...R1.toRawBytes(),
-    ...Cdiff.toRawBytes(),
-    ...Ddiff.toRawBytes()
-  ]))) % ed25519.CURVE.n;
-  const s = (k + challenge * rdiff) % ed25519.CURVE.n;
-  const proofData = new Uint8Array(96);
-  let offset = 0;
-  proofData.set(R1.toRawBytes(), offset);
-  offset += 32;
-  const scalarBytes = new Uint8Array(32);
-  for (let i = 0; i < 32; i++) {
-    scalarBytes[i] = Number(s >> BigInt(i * 8) & 0xffn);
-  }
-  proofData.set(scalarBytes, offset);
-  offset += 32;
-  proofData.set(R2.toRawBytes(), offset);
-  return { proof: proofData };
-}
-function verifyEqualityProof(proof, ciphertext1, ciphertext2, pubkey) {
-  if (proof.proof.length !== 96) {
-    return false;
-  }
-  try {
-    let offset = 0;
-    const R1 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(offset, offset + 32)));
-    offset += 32;
-    const s = bytesToNumberLE(proof.proof.slice(offset, offset + 32)) % ed25519.CURVE.n;
-    offset += 32;
-    const R2 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(offset, offset + 32)));
-    const C1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.commitment.commitment));
-    const C2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.commitment.commitment));
-    const D1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.handle.handle));
-    const D2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.handle.handle));
-    const Cdiff = C1.subtract(C2);
-    const Ddiff = D1.subtract(D2);
-    const P = pubkey ? ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey)) : null;
-    const challenge = bytesToNumberLE(sha256(new Uint8Array([
-      ...ciphertext1.commitment.commitment,
-      ...ciphertext1.handle.handle,
-      ...ciphertext2.commitment.commitment,
-      ...ciphertext2.handle.handle,
-      ...R1.toRawBytes(),
-      ...Cdiff.toRawBytes(),
-      ...Ddiff.toRawBytes()
-    ]))) % ed25519.CURVE.n;
-    const lhs1 = s === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(s);
-    const rhs1 = R1.add(challenge === 0n ? ed25519.ExtendedPoint.ZERO : Ddiff.multiply(challenge));
-    if (!lhs1.equals(rhs1)) {
-      return false;
-    }
-    if (P) {
-      const lhs2 = s === 0n ? ed25519.ExtendedPoint.ZERO : P.multiply(s);
-      const rhs2 = R2.add(challenge === 0n ? ed25519.ExtendedPoint.ZERO : Cdiff.multiply(challenge));
-      return lhs2.equals(rhs2);
-    }
-    return true;
-  } catch {
-    return false;
-  }
-}
-function isValidCiphertext(ciphertext) {
-  try {
-    ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment));
-    ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle));
-    return true;
-  } catch {
-    return false;
-  }
-}
-function reRandomizeCiphertext(ciphertext, pubkey) {
-  const zeroEncryption = encryptAmount(0n, pubkey);
-  return addCiphertexts(ciphertext, zeroEncryption);
-}
-function serializeCiphertext(ciphertext) {
-  const bytes = new Uint8Array(64);
-  bytes.set(ciphertext.commitment.commitment, 0);
-  bytes.set(ciphertext.handle.handle, 32);
-  return bytes;
-}
-function deserializeCiphertext(bytes) {
-  if (bytes.length !== 64) {
-    throw new Error("Invalid ciphertext length");
-  }
-  return {
-    commitment: { commitment: bytes.slice(0, 32) },
-    handle: { handle: bytes.slice(32, 64) }
-  };
-}
-async function generateTransferProof(sourceBalance, amount, sourceKeypair, destPubkey) {
-  const destEncryption = encryptAmountWithRandomness(amount, destPubkey);
-  const destCiphertext = destEncryption.ciphertext;
-  const sourceEncryption = encryptAmountWithRandomness(amount, sourceKeypair.publicKey);
-  const sourceTransferCiphertext = sourceEncryption.ciphertext;
-  const equalityProof = generateEqualityProof(
-    destCiphertext,
-    sourceTransferCiphertext,
-    destEncryption.randomness,
-    sourceEncryption.randomness,
-    destPubkey
-  );
-  const validityProof = generateValidityProof(
-    destCiphertext,
-    destPubkey,
-    destEncryption.randomness
-  );
-  const newSourceBalance = subtractCiphertexts(sourceBalance, sourceTransferCiphertext);
-  const currentBalance = decryptAmount(sourceBalance, sourceKeypair.secretKey, MAX_DECRYPTABLE_VALUE * 100n);
-  if (currentBalance === null) {
-    throw new Error("Could not decrypt source balance to generate range proof");
-  }
-  const newBalanceValue = currentBalance - amount;
-  if (newBalanceValue < 0n) {
-    throw new Error("Insufficient balance");
-  }
-  const rangeProof = await generateRangeProof(newBalanceValue, newSourceBalance.commitment);
-  return {
-    transferProof: {
-      encryptedTransferAmount: serializeCiphertext(destCiphertext),
-      newSourceCommitment: newSourceBalance.commitment.commitment,
-      equalityProof: equalityProof.proof,
-      validityProof: validityProof.proof,
-      rangeProof: rangeProof.proof
-    },
-    newSourceBalance,
-    destCiphertext
-  };
-}
-
-export { MAX_DECRYPTABLE_VALUE, addCiphertexts, buildDecryptionLookupTable, decryptAmount, decryptAmountWithLookup, deriveElGamalKeypair, deserializeCiphertext, encryptAmount, encryptAmountWithRandomness, generateElGamalKeypair, generateEqualityProof, generateRangeProof, generateTransferProof, generateValidityProof, isValidCiphertext, reRandomizeCiphertext, scaleCiphertext, serializeCiphertext, subtractCiphertexts, verifyEqualityProof, verifyRangeProof, verifyValidityProof };
-//# sourceMappingURL=chunk-IAWBZYPE.js.map
-//# sourceMappingURL=chunk-IAWBZYPE.js.map

package/dist/chunk-IAWBZYPE.js.map

@@ -1 +0,0 @@
-{"version":3,"sources":["../src/utils/elgamal.ts"],"names":[],"mappings":";;;;;;AAoGO,IAAM,qBAAA,GAAwB;AAGrC,IAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,IAAA;AAGhC,IAAM,IAAA,GAAO,CAAC,IAAA,KAAiC,MAAA,CAAO,IAAI,CAAA;AAG1D,SAAS,eAAA,CAAgB,GAAW,MAAA,EAA4B;AAC9D,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,MAAM,CAAA;AACnC,EAAA,IAAI,IAAA,GAAO,CAAA;AACX,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,MAAA,EAAQ,CAAA,EAAA,EAAK;AAC/B,IAAA,KAAA,CAAM,CAAC,CAAA,GAAI,MAAA,CAAO,IAAA,GAAO,KAAK,CAAA;AAC9B,IAAA,IAAA,KAAS,EAAA;AAAA,EACX;AACA,EAAA,OAAO,KAAA;AACT;AAYO,SAAS,uBAAuB,IAAA,EAAmC;AAExE,EAAA,MAAM,SAAA,GAAY,IAAA,GAAO,IAAA,CAAK,IAAI,CAAA,CAAE,MAAM,CAAA,EAAG,EAAE,CAAA,GAAI,WAAA,CAAY,EAAE,CAAA;AAGjE,EAAA,SAAA,CAAU,CAAC,CAAA,IAAK,GAAA;AAChB,EAAA,SAAA,CAAU,EAAE,CAAA,IAAK,GAAA;AACjB,EAAA,SAAA,CAAU,EAAE,CAAA,IAAK,EAAA;AAIjB,EAAA,MAAM,WAAA,GAAc,eAAA,CAAgB,SAAS,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAC/D,EAAA,MAAM,SAAA,GAAY,CAAA,CAAE,QAAA,CAAS,WAAW,EAAE,UAAA,EAAW;AAErD,EAAA,OAAO,EAAE,WAAW,SAAA,EAAU;AAChC;AAUO,SAAS,oBAAA,CACd,QACA,YAAA,EACgB;AAEhB,EAAA,MAAM,UAAU,IAAI,WAAA,GAAc,MAAA,CAAO,CAAA,QAAA,EAAW,YAAY,CAAA,CAAE,CAAA;AAClE,EAAA,MAAM,WAAA,GAAc,iBAAA,EAAkB,CAAE,MAAA,CAAO,OAAO,OAAO,CAAA;AAC7D,EAAA,MAAM,WAAW,IAAI,UAAA,CAAW,WAAA,CAAY,MAAA,GAAS,QAAQ,MAAM,CAAA;AACnE,EAAA,QAAA,CAAS,IAAI,WAAW,CAAA;AACxB,EAAA,QAAA,CAAS,GAAA,CAAI,OAAA,EAAS,WAAA,CAAY,MAAM,CAAA;AACxC,EAAA,MAAM,IAAA,GAAO,KAAK,QAAQ,CAAA;AAE1B,EAAA,OAAO,uBAAuB,IAAI,CAAA;AACpC;AAuBO,SAAS,aAAA,CAAc,QAAgB,MAAA,EAA0C;AACtF,EAAA,MAAM,MAAA,GAAS,2BAAA,CAA4B,MAAA,EAAQ,MAAM,CAAA;AACzD,EAAA,OAAO,MAAA,CAAO,UAAA;AAChB;AAUO,SAAS,2BAAA,CAA4B,MAAA,EAAgB,MAAA,EAAuB,kBAAA,EAAmD;AACpI,EAAA,IAAI,SAAS,EAAA,EAAI;AACf,IAAA,MAAM,IAAI,MAAM,6BAA6B,CAAA;AAAA,EAC/C;AACA,EAAA,IAAI,SAAS,qBAAA,EAAuB;AAClC,IAAA,MAAM,IAAI,KAAA,CAAM,CAAA,0CAAA,EAA6C,qBAAqB,CAAA,CAAA,CAAG,CAAA;AAAA,EACvF;AAGA,EAAA,MAAM,UAAA,GAAa,kBAAA,IAAsB,WAAA,CAAY,EAAE,CAAA;AACvD,EAAA,UAAA,CAAW,CAAC,CAAA,IAAK,GAAA;AACjB,EAAA,UAAA,CAAW,EAAE,CAAA,IAAK,GAAA;AAClB,EAAA,UAAA,CAAW,EAAE,CAAA,IAAK,EAAA;AAElB,EAAA,MAAM,CAAA,GAAI,eAAA,CAAgB,UAAU,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAGtD,EAAA,MAAM,cAAc,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAC,CAAA;AAKpE,EAAA,MAAM,WAAA,GAAc,WAAW,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,MAAM,CAAA;AAClF,EAAA,MAAM,eAAe,WAAA,CAAY,GAAA,CAAI,WAAA,CAAY,QAAA,CAAS,CAAC,CAAC,CAAA;AAC5D,EAAA,MAAM,UAAA,GAAa,aAAa,UAAA,EAAW;AAG3C,EAAA,MAAM,MAAA,GAAS,CAAA,CAAE,QAAA,CAAS,CAAC,EAAE,UAAA,EAAW;AAExC,EAAA,OAAO;AAAA,IACL,UAAA,EAAY;AAAA,MACV,UAAA,EAAY,EAAE,UAAA,EAAW;AAAA,MACzB,MAAA,EAAQ,EAAE,MAAA;AAAO,KACnB;AAAA,IACA;AAAA,GACF;AACF;AAcO,SAAS,aAAA,CACd,UAAA,EACA,SAAA,EACA,QAAA,GAAW,MAAA,EACI;AAEf,EAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,UAAA,CAAW,UAAU,CAAC,CAAA;AACpF,EAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,MAAA,CAAO,MAAM,CAAC,CAAA;AAK5E,EAAA,MAAM,EAAA,GAAK,eAAA,CAAgB,SAAS,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AACtD,EAAA,MAAM,iBAAiB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAA,CAAS,EAAE,CAAC,CAAA;AAGhD,EAAA,KAAA,IAAS,CAAA,GAAI,EAAA,EAAI,CAAA,IAAK,QAAA,EAAU,CAAA,EAAA,EAAK;AAEnC,IAAA,MAAM,SAAA,GAAY,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AACtE,IAAA,IAAI,SAAA,CAAU,MAAA,CAAO,cAAc,CAAA,EAAG;AACpC,MAAA,OAAO,CAAA;AAAA,IACT;AAAA,EACF;AAEA,EAAA,OAAO,IAAA;AACT;AAWO,SAAS,uBAAA,CACd,UAAA,EACA,SAAA,EACA,WAAA,EACe;AACf,EAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,UAAA,CAAW,UAAU,CAAC,CAAA;AACpF,EAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,MAAA,CAAO,MAAM,CAAC,CAAA;AAE5E,EAAA,MAAM,EAAA,GAAK,eAAA,CAAgB,SAAS,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AACtD,EAAA,MAAM,iBAAiB,CAAA,CAAE,QAAA,CAAS,CAAA,CAAE,QAAA,CAAS,EAAE,CAAC,CAAA;AAChD,EAAA,MAAM,QAAA,GAAW,eAAe,KAAA,EAAM;AAEtC,EAAA,OAAO,WAAA,CAAY,GAAA,CAAI,QAAQ,CAAA,IAAK,IAAA;AACtC;AAQO,SAAS,2BAA2B,QAAA,EAAuC;AAChF,EAAA,MAAM,WAAA,uBAAkB,GAAA,EAAoB;AAE5C,EAAA,KAAA,IAAS,CAAA,GAAI,EAAA,EAAI,CAAA,IAAK,QAAA,EAAU,CAAA,EAAA,EAAK;AACnC,IAAA,MAAM,KAAA,GAAQ,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AAClE,IAAA,WAAA,CAAY,GAAA,CAAI,KAAA,CAAM,KAAA,EAAM,EAAG,CAAC,CAAA;AAAA,EAClC;AAEA,EAAA,OAAO,WAAA;AACT;AAcO,SAAS,cAAA,CACd,GACA,CAAA,EACmB;AAEnB,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,UAAA,CAAW,UAAU,CAAC,CAAA;AAC5E,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,UAAA,CAAW,UAAU,CAAC,CAAA;AAC5E,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,MAAA,CAAO,MAAM,CAAC,CAAA;AACpE,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,MAAA,CAAO,MAAM,CAAC,CAAA;AAGpE,EAAA,MAAM,aAAA,GAAgB,EAAA,CAAG,GAAA,CAAI,EAAE,EAAE,UAAA,EAAW;AAC5C,EAAA,MAAM,SAAA,GAAY,EAAA,CAAG,GAAA,CAAI,EAAE,EAAE,UAAA,EAAW;AAExC,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,EAAE,UAAA,EAAY,aAAA,EAAc;AAAA,IACxC,MAAA,EAAQ,EAAE,MAAA,EAAQ,SAAA;AAAU,GAC9B;AACF;AAUO,SAAS,mBAAA,CACd,GACA,CAAA,EACmB;AAEnB,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,UAAA,CAAW,UAAU,CAAC,CAAA;AAC5E,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,UAAA,CAAW,UAAU,CAAC,CAAA;AAC5E,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,MAAA,CAAO,MAAM,CAAC,CAAA;AACpE,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,CAAA,CAAE,MAAA,CAAO,MAAM,CAAC,CAAA;AAGpE,EAAA,MAAM,cAAA,GAAiB,EAAA,CAAG,QAAA,CAAS,EAAE,EAAE,UAAA,EAAW;AAClD,EAAA,MAAM,UAAA,GAAa,EAAA,CAAG,QAAA,CAAS,EAAE,EAAE,UAAA,EAAW;AAE9C,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,EAAE,UAAA,EAAY,cAAA,EAAe;AAAA,IACzC,MAAA,EAAQ,EAAE,MAAA,EAAQ,UAAA;AAAW,GAC/B;AACF;AAUO,SAAS,eAAA,CACd,YACA,MAAA,EACmB;AAEnB,EAAA,IAAI,WAAW,EAAA,EAAI;AAEjB,IAAA,MAAM,SAAA,GAAY,QAAQ,aAAA,CAAc,IAAA;AACxC,IAAA,OAAO;AAAA,MACL,UAAA,EAAY,EAAE,UAAA,EAAY,SAAA,CAAU,YAAW,EAAE;AAAA,MACjD,MAAA,EAAQ,EAAE,MAAA,EAAQ,SAAA,CAAU,YAAW;AAAE,KAC3C;AAAA,EACF;AAGA,EAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,UAAA,CAAW,UAAU,CAAC,CAAA;AACpF,EAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,MAAA,CAAO,MAAM,CAAC,CAAA;AAG5E,EAAA,MAAM,gBAAA,GAAmB,CAAA,CAAE,QAAA,CAAS,MAAM,EAAE,UAAA,EAAW;AACvD,EAAA,MAAM,YAAA,GAAe,CAAA,CAAE,QAAA,CAAS,MAAM,EAAE,UAAA,EAAW;AAEnD,EAAA,OAAO;AAAA,IACL,UAAA,EAAY,EAAE,UAAA,EAAY,gBAAA,EAAiB;AAAA,IAC3C,MAAA,EAAQ,EAAE,MAAA,EAAQ,YAAA;AAAa,GACjC;AACF;AAaA,IAAM,gBAAA,GAAmB,GAAA;AAMzB,SAAS,aAAA,GAA0B;AACjC,EAAA,MAAM,SAAA,GAAY,IAAI,WAAA,EAAY,CAAE,OAAO,qBAAqB,CAAA;AAChE,EAAA,MAAM,UAAA,GAAa,KAAK,SAAS,CAAA;AAEjC,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,UAAU,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAC3D,EAAA,OAAO,CAAA,CAAE,SAAS,MAAM,CAAA;AAC1B;AAEU,aAAA;AAkJV,eAAsB,kBAAA,CACpB,MAAA,EACA,UAAA,EACA,UAAA,EACqB;AACrB,EAAA,IAAI,MAAA,GAAS,EAAA,IAAM,MAAA,GAAS,qBAAA,EAAuB;AACjD,IAAA,MAAM,IAAI,MAAM,mCAAmC,CAAA;AAAA,EACrD;AAIA,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,gBAAgB,CAAA;AAC7C,EAAA,MAAM,kBAAkB,YAAA,IAAgB,UAAA,GAAa,WAAW,UAAA,GAAa,IAAI,WAAW,EAAE,CAAA;AAE9F,EAAA,OAAO;AAAA,IACL,KAAA;AAAA,IACA,UAAA,EAAY;AAAA,GACd;AACF;AASA,eAAsB,gBAAA,CACpB,OACA,WAAA,EACkB;AAClB,EAAA,IAAI,KAAA,CAAM,KAAA,CAAM,MAAA,KAAW,gBAAA,EAAkB;AAC3C,IAAA,OAAO,KAAA;AAAA,EACT;AAIA,EAAA,OAAO,IAAA;AACT;AAYO,SAAS,qBAAA,CACd,UAAA,EACA,MAAA,EACA,UAAA,EACe;AAEf,EAAA,MAAM,CAAA,GAAI,eAAA,CAAgB,UAAU,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAGtD,EAAA,MAAM,cAAc,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAC,CAAA;AAGpE,EAAA,MAAM,IAAI,eAAA,CAAgB,WAAA,CAAY,EAAE,CAAC,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAG3D,EAAA,MAAM,EAAA,GAAK,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AAC/D,EAAA,MAAM,EAAA,GAAK,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,WAAA,CAAY,SAAS,CAAC,CAAA;AAGzE,EAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,IACpD,GAAG,WAAW,UAAA,CAAW,UAAA;AAAA,IACzB,GAAG,WAAW,MAAA,CAAO,MAAA;AAAA,IACrB,GAAG,GAAG,UAAA,EAAW;AAAA,IACjB,GAAG,GAAG,UAAA,EAAW;AAAA,IACjB,GAAG;AAAA,GACJ,CAAC,CAAC,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAGrB,EAAA,MAAM,CAAA,GAAA,CAAK,CAAA,GAAI,SAAA,GAAY,CAAA,IAAK,QAAQ,KAAA,CAAM,CAAA;AAG9C,EAAA,MAAM,SAAA,GAAY,IAAI,UAAA,CAAW,EAAE,CAAA;AACnC,EAAA,SAAA,CAAU,GAAA,CAAI,EAAA,CAAG,UAAA,EAAW,EAAG,CAAC,CAAA;AAChC,EAAA,SAAA,CAAU,GAAA,CAAI,EAAA,CAAG,UAAA,EAAW,EAAG,EAAE,CAAA;AAGjC,EAAA,MAAM,MAAA,GAAS,eAAA,CAAgB,CAAA,EAAG,EAAE,CAAA;AACpC,EAAA,SAAA,CAAU,GAAA,CAAI,QAAQ,EAAE,CAAA;AAExB,EAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAC5B;AAUO,SAAS,mBAAA,CACd,KAAA,EACA,UAAA,EACA,MAAA,EACS;AACT,EAAA,IAAI,KAAA,CAAM,KAAA,CAAM,MAAA,KAAW,EAAA,EAAI;AAC7B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,KAAA,CAAM,KAAA,CAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAC,CAAC,CAAA;AAC7E,IAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,KAAA,CAAM,KAAA,CAAM,KAAA,CAAM,EAAA,EAAI,EAAE,CAAC,CAAC,CAAA;AAC9E,IAAA,MAAM,CAAA,GAAI,eAAA,CAAgB,KAAA,CAAM,KAAA,CAAM,KAAA,CAAM,IAAI,EAAE,CAAC,CAAA,GAAI,OAAA,CAAQ,KAAA,CAAM,CAAA;AAGrE,IAAA,MAAM,CAAA,GAAI,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,UAAA,CAAW,MAAA,CAAO,MAAM,CAAC,CAAA;AAC5E,IAAA,MAAM,cAAc,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,MAAM,CAAC,CAAA;AACpE,IAAA,KAAK,WAAA;AAGL,IAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,IAAA,CAAK,IAAI,UAAA,CAAW;AAAA,MACpD,GAAG,WAAW,UAAA,CAAW,UAAA;AAAA,MACzB,GAAG,WAAW,MAAA,CAAO,MAAA;AAAA,MACrB,GAAG,GAAG,UAAA,EAAW;AAAA,MACjB,GAAG,GAAG,UAAA,EAAW;AAAA,MACjB,GAAG;AAAA,KACJ,CAAC,CAAC,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAIrB,IAAA,MAAM,IAAA,GAAO,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AACjE,IAAA,MAAM,IAAA,GAAO,EAAA,CAAG,GAAA,CAAI,SAAA,KAAc,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,IAAA,GAAO,CAAA,CAAE,QAAA,CAAS,SAAS,CAAC,CAAA;AAQzF,IAAA,OAAO,IAAA,CAAK,OAAO,IAAI,CAAA;AAAA,EACzB,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAaO,SAAS,qBAAA,CACd,WAAA,EACA,WAAA,EACA,WAAA,EACA,aACA,MAAA,EACe;AAEf,EAAA,MAAM,EAAA,GAAK,eAAA,CAAgB,WAAW,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AACxD,EAAA,MAAM,EAAA,GAAK,eAAA,CAAgB,WAAW,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AACxD,EAAA,MAAM,SAAS,EAAA,GAAK,EAAA,GAAK,QAAQ,KAAA,CAAM,CAAA,IAAK,QAAQ,KAAA,CAAM,CAAA;AAG1D,EAAA,MAAM,IAAI,eAAA,CAAgB,WAAA,CAAY,EAAE,CAAC,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAG3D,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,UAAA,CAAW,UAAU,CAAC,CAAA;AACtF,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,UAAA,CAAW,UAAU,CAAC,CAAA;AACtF,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,MAAA,CAAO,MAAM,CAAC,CAAA;AAC9E,EAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,MAAA,CAAO,MAAM,CAAC,CAAA;AAG9E,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,QAAA,CAAS,EAAE,CAAA;AAC5B,EAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,QAAA,CAAS,EAAE,CAAA;AAO5B,EAAA,MAAM,CAAA,GAAI,SAAS,OAAA,CAAQ,aAAA,CAAc,QAAQ,UAAA,CAAW,MAAM,CAAC,CAAA,GAAI,IAAA;AAGvE,EAAA,MAAM,EAAA,GAAK,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AAC/D,EAAA,MAAM,EAAA,GAAK,KAAK,CAAA,KAAM,EAAA,GAAK,EAAE,QAAA,CAAS,CAAC,CAAA,GAAI,OAAA,CAAQ,aAAA,CAAc,IAAA;AAGjE,EAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,MAAA,CAAO,IAAI,UAAA,CAAW;AAAA,IACtD,GAAG,YAAY,UAAA,CAAW,UAAA;AAAA,IAC1B,GAAG,YAAY,MAAA,CAAO,MAAA;AAAA,IACtB,GAAG,YAAY,UAAA,CAAW,UAAA;AAAA,IAC1B,GAAG,YAAY,MAAA,CAAO,MAAA;AAAA,IACtB,GAAG,GAAG,UAAA,EAAW;AAAA,IACjB,GAAG,MAAM,UAAA,EAAW;AAAA,IACpB,GAAG,MAAM,UAAA;AAAW,GACrB,CAAC,CAAC,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAGrB,EAAA,MAAM,CAAA,GAAA,CAAK,CAAA,GAAI,SAAA,GAAY,KAAA,IAAS,QAAQ,KAAA,CAAM,CAAA;AAGlD,EAAA,MAAM,SAAA,GAAY,IAAI,UAAA,CAAW,EAAE,CAAA;AACnC,EAAA,IAAI,MAAA,GAAS,CAAA;AAGb,EAAA,SAAA,CAAU,GAAA,CAAI,EAAA,CAAG,UAAA,EAAW,EAAG,MAAM,CAAA;AAAG,EAAA,MAAA,IAAU,EAAA;AAGlD,EAAA,MAAM,WAAA,GAAc,IAAI,UAAA,CAAW,EAAE,CAAA;AACrC,EAAA,KAAA,IAAS,CAAA,GAAI,CAAA,EAAG,CAAA,GAAI,EAAA,EAAI,CAAA,EAAA,EAAK;AAC3B,IAAA,WAAA,CAAY,CAAC,IAAI,MAAA,CAAQ,CAAA,IAAK,OAAO,CAAA,GAAI,CAAC,IAAK,KAAK,CAAA;AAAA,EACtD;AACA,EAAA,SAAA,CAAU,GAAA,CAAI,aAAa,MAAM,CAAA;AAAG,EAAA,MAAA,IAAU,EAAA;AAG9C,EAAA,SAAA,CAAU,GAAA,CAAI,EAAA,CAAG,UAAA,EAAW,EAAG,MAAM,CAAA;AAErC,EAAA,OAAO,EAAE,OAAO,SAAA,EAAU;AAC5B;AAUO,SAAS,mBAAA,CACd,KAAA,EACA,WAAA,EACA,WAAA,EACA,MAAA,EACS;AACT,EAAA,IAAI,KAAA,CAAM,KAAA,CAAM,MAAA,KAAW,EAAA,EAAI;AAC7B,IAAA,OAAO,KAAA;AAAA,EACT;AAEA,EAAA,IAAI;AAEF,IAAA,IAAI,MAAA,GAAS,CAAA;AACb,IAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,KAAA,CAAM,KAAA,CAAM,KAAA,CAAM,MAAA,EAAQ,MAAA,GAAS,EAAE,CAAC,CAAC,CAAA;AAC3F,IAAA,MAAA,IAAU,EAAA;AACV,IAAA,MAAM,CAAA,GAAI,eAAA,CAAgB,KAAA,CAAM,KAAA,CAAM,KAAA,CAAM,MAAA,EAAQ,MAAA,GAAS,EAAE,CAAC,CAAA,GAAI,OAAA,CAAQ,KAAA,CAAM,CAAA;AAClF,IAAA,MAAA,IAAU,EAAA;AACV,IAAA,MAAM,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,OAAA,CAAQ,UAAA,CAAW,KAAA,CAAM,KAAA,CAAM,KAAA,CAAM,MAAA,EAAQ,MAAA,GAAS,EAAE,CAAC,CAAC,CAAA;AAG3F,IAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,UAAA,CAAW,UAAU,CAAC,CAAA;AACtF,IAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,UAAA,CAAW,UAAU,CAAC,CAAA;AACtF,IAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,MAAA,CAAO,MAAM,CAAC,CAAA;AAC9E,IAAA,MAAM,EAAA,GAAK,QAAQ,aAAA,CAAc,OAAA,CAAQ,WAAW,WAAA,CAAY,MAAA,CAAO,MAAM,CAAC,CAAA;AAG9E,IAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,QAAA,CAAS,EAAE,CAAA;AAC5B,IAAA,MAAM,KAAA,GAAQ,EAAA,CAAG,QAAA,CAAS,EAAE,CAAA;AAG5B,IAAA,MAAM,CAAA,GAAI,SAAS,OAAA,CAAQ,aAAA,CAAc,QAAQ,UAAA,CAAW,MAAM,CAAC,CAAA,GAAI,IAAA;AAGvE,IAAA,MAAM,SAAA,GAAY,eAAA,CAAgB,MAAA,CAAO,IAAI,UAAA,CAAW;AAAA,MACtD,GAAG,YAAY,UAAA,CAAW,UAAA;AAAA,MAC1B,GAAG,YAAY,MAAA,CAAO,MAAA;AAAA,MACtB,GAAG,YAAY,UAAA,CAAW,UAAA;AAAA,MAC1B,GAAG,YAAY,MAAA,CAAO,MAAA;AAAA,MACtB,GAAG,GAAG,UAAA,EAAW;AAAA,MACjB,GAAG,MAAM,UAAA,EAAW;AAAA,MACpB,GAAG,MAAM,UAAA;AAAW,KACrB,CAAC,CAAC,CAAA,GAAI,QAAQ,KAAA,CAAM,CAAA;AAIrB,IAAA,MAAM,IAAA,GAAO,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AACjE,IAAA,MAAM,IAAA,GAAO,EAAA,CAAG,GAAA,CAAI,SAAA,KAAc,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,IAAA,GAAO,KAAA,CAAM,QAAA,CAAS,SAAS,CAAC,CAAA;AAE7F,IAAA,IAAI,CAAC,IAAA,CAAK,MAAA,CAAO,IAAI,CAAA,EAAG;AACtB,MAAA,OAAO,KAAA;AAAA,IACT;AAGA,IAAA,IAAI,CAAA,EAAG;AAEL,MAAA,MAAM,IAAA,GAAO,MAAM,EAAA,GAAK,OAAA,CAAQ,cAAc,IAAA,GAAO,CAAA,CAAE,SAAS,CAAC,CAAA;AACjE,MAAA,MAAM,IAAA,GAAO,EAAA,CAAG,GAAA,CAAI,SAAA,KAAc,EAAA,GAAK,OAAA,CAAQ,aAAA,CAAc,IAAA,GAAO,KAAA,CAAM,QAAA,CAAS,SAAS,CAAC,CAAA;AAK7F,MAAA,OAAO,IAAA,CAAK,OAAO,IAAI,CAAA;AAAA,IACzB;AAIA,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAYO,SAAS,kBAAkB,UAAA,EAAwC;AACxE,EAAA,IAAI;AAEF,IAAA,OAAA,CAAQ,cAAc,OAAA,CAAQ,UAAA,CAAW,UAAA,CAAW,UAAA,CAAW,UAAU,CAAC,CAAA;AAC1E,IAAA,OAAA,CAAQ,cAAc,OAAA,CAAQ,UAAA,CAAW,UAAA,CAAW,MAAA,CAAO,MAAM,CAAC,CAAA;AAClE,IAAA,OAAO,IAAA;AAAA,EACT,CAAA,CAAA,MAAQ;AACN,IAAA,OAAO,KAAA;AAAA,EACT;AACF;AAUO,SAAS,qBAAA,CACd,YACA,MAAA,EACmB;AAEnB,EAAA,MAAM,cAAA,GAAiB,aAAA,CAAc,EAAA,EAAI,MAAM,CAAA;AAC/C,EAAA,OAAO,cAAA,CAAe,YAAY,cAAc,CAAA;AAClD;AAQO,SAAS,oBAAoB,UAAA,EAA2C;AAC7E,EAAA,MAAM,KAAA,GAAQ,IAAI,UAAA,CAAW,EAAE,CAAA;AAC/B,EAAA,KAAA,CAAM,GAAA,CAAI,UAAA,CAAW,UAAA,CAAW,UAAA,EAAY,CAAC,CAAA;AAC7C,EAAA,KAAA,CAAM,GAAA,CAAI,UAAA,CAAW,MAAA,CAAO,MAAA,EAAQ,EAAE,CAAA;AACtC,EAAA,OAAO,KAAA;AACT;AAQO,SAAS,sBAAsB,KAAA,EAAsC;AAC1E,EAAA,IAAI,KAAA,CAAM,WAAW,EAAA,EAAI;AACvB,IAAA,MAAM,IAAI,MAAM,2BAA2B,CAAA;AAAA,EAC7C;AAEA,EAAA,OAAO;AAAA,IACL,YAAY,EAAE,UAAA,EAAY,MAAM,KAAA,CAAM,CAAA,EAAG,EAAE,CAAA,EAAE;AAAA,IAC7C,QAAQ,EAAE,MAAA,EAAQ,MAAM,KAAA,CAAM,EAAA,EAAI,EAAE,CAAA;AAAE,GACxC;AACF;AAeA,eAAsB,qBAAA,CACpB,aAAA,EACA,MAAA,EACA,aAAA,EACA,UAAA,EAWC;AAED,EAAA,MAAM,cAAA,GAAiB,2BAAA,CAA4B,MAAA,EAAQ,UAAU,CAAA;AACrE,EAAA,MAAM,iBAAiB,cAAA,CAAe,UAAA;AAGtC,EAAA,MAAM,gBAAA,GAAmB,2BAAA,CAA4B,MAAA,EAAQ,aAAA,CAAc,SAAS,CAAA;AACpF,EAAA,MAAM,2BAA2B,gBAAA,CAAiB,UAAA;AAGlD,EAAA,MAAM,aAAA,GAAgB,qBAAA;AAAA,IACpB,cAAA;AAAA,IACA,wBAAA;AAAA,IACA,cAAA,CAAe,UAAA;AAAA,IACf,gBAAA,CAAiB,UAAA;AAAA,IACjB;AAAA,GACF;AAGA,EAAA,MAAM,aAAA,GAAgB,qBAAA;AAAA,IACpB,cAAA;AAAA,IACA,UAAA;AAAA,IACA,cAAA,CAAe;AAAA,GACjB;AAGA,EAAA,MAAM,gBAAA,GAAmB,mBAAA,CAAoB,aAAA,EAAe,wBAAwB,CAAA;AAKpF,EAAA,MAAM,iBAAiB,aAAA,CAAc,aAAA,EAAe,aAAA,CAAc,SAAA,EAAW,wBAAwB,IAAI,CAAA;AAEzG,EAAA,IAAI,mBAAmB,IAAA,EAAM;AAC3B,IAAA,MAAM,IAAI,MAAM,0DAA0D,CAAA;AAAA,EAC5E;AAEA,EAAA,MAAM,kBAAkB,cAAA,GAAiB,MAAA;AACzC,EAAA,IAAI,kBAAkB,EAAA,EAAI;AACxB,IAAA,MAAM,IAAI,MAAM,sBAAsB,CAAA;AAAA,EACxC;AAMA,EAAA,MAAM,aAAa,MAAM,kBAAA,CAAmB,eAAA,EAAiB,gBAAA,CAAiB,UAA2B,CAAA;AAEzG,EAAA,OAAO;AAAA,IACL,aAAA,EAAe;AAAA,MACb,uBAAA,EAAyB,oBAAoB,cAAc,CAAA;AAAA,MAC3D,mBAAA,EAAqB,iBAAiB,UAAA,CAAW,UAAA;AAAA,MACjD,eAAe,aAAA,CAAc,KAAA;AAAA,MAC7B,eAAe,aAAA,CAAc,KAAA;AAAA,MAC7B,YAAY,UAAA,CAAW;AAAA,KACzB;AAAA,IACA,gBAAA;AAAA,IACA;AAAA,GACF;AACF","file":"chunk-IAWBZYPE.js","sourcesContent":["/**\n * ElGamal Encryption Implementation\n * \n * Implements twisted ElGamal encryption over curve25519 for\n * client-side privacy features.\n * \n * Key features:\n * - Twisted ElGamal with Pedersen commitments\n * - Homomorphic addition/subtraction of ciphertexts\n * - Efficient decryption for small values (up to 32 bits)\n */\n\nimport './text-encoder-polyfill.js'\nimport { ed25519 } from '@noble/curves/ed25519'\nimport { sha256 } from '@noble/hashes/sha256'\nimport { randomBytes, bytesToNumberLE, bytesToHex } from '@noble/curves/abstract/utils'\nimport type { Address } from '@solana/addresses'\nimport { getAddressEncoder } from '@solana/kit'\nimport type { TransactionSigner } from '@solana/kit'\n\n// =====================================================\n// TYPE DEFINITIONS\n// =====================================================\n\n/**\n * ElGamal public key (32 bytes)\n */\nexport type ElGamalPubkey = Uint8Array\n\n/**\n * ElGamal secret key (32 bytes)\n */\nexport type ElGamalSecretKey = Uint8Array\n\n/**\n * ElGamal keypair\n */\nexport interface ElGamalKeypair {\n  publicKey: ElGamalPubkey\n  secretKey: ElGamalSecretKey\n}\n\n/**\n * Pedersen commitment (curve point)\n */\nexport interface PedersenCommitment {\n  /** Commitment to the value */\n  commitment: Uint8Array\n}\n\n/**\n * Decrypt handle for ElGamal ciphertext\n */\nexport interface DecryptHandle {\n  /** Encrypted randomness */\n  handle: Uint8Array\n}\n\n/**\n * Twisted ElGamal ciphertext\n * Split into Pedersen commitment and decrypt handle\n */\nexport interface ElGamalCiphertext {\n  /** Pedersen commitment (independent of pubkey) */\n  commitment: PedersenCommitment\n  /** Decrypt handle (encodes randomness) */\n  handle: DecryptHandle\n}\n\n/**\n * Range proof for confidential amounts\n */\nexport interface RangeProof {\n  /** Proof data */\n  proof: Uint8Array\n  /** Commitment to the value */\n  commitment: Uint8Array\n}\n\n/**\n * Validity proof for transfers\n */\nexport interface ValidityProof {\n  /** Proof that ciphertext is well-formed */\n  proof: Uint8Array\n}\n\n/**\n * Equality proof for transfers\n */\nexport interface EqualityProof {\n  /** Proof that two ciphertexts encrypt the same value */\n  proof: Uint8Array\n}\n\n// =====================================================\n// CONSTANTS & PERFORMANCE OPTIMIZATIONS\n// =====================================================\n\n/** Maximum value that can be efficiently decrypted (2^32 - 1) */\nexport const MAX_DECRYPTABLE_VALUE = 4_294_967_295n\n\n/** Curve generator point */\nconst G = ed25519.ExtendedPoint.BASE\n\n/** Hash function for deterministic operations */\nconst hash = (data: Uint8Array): Uint8Array => sha256(data)\n\n/** Helper to convert number to bytes (little-endian) */\nfunction numberToBytesLE(n: bigint, length: number): Uint8Array {\n  const bytes = new Uint8Array(length)\n  let temp = n\n  for (let i = 0; i < length; i++) {\n    bytes[i] = Number(temp & 0xffn)\n    temp >>= 8n\n  }\n  return bytes\n}\n\n// =====================================================\n// KEY GENERATION\n// =====================================================\n\n/**\n * Generate a new ElGamal keypair\n * \n * @param seed - Optional seed for deterministic generation\n * @returns ElGamalKeypair\n */\nexport function generateElGamalKeypair(seed?: Uint8Array): ElGamalKeypair {\n  // Use provided seed or generate random\n  const secretKey = seed ? hash(seed).slice(0, 32) : randomBytes(32)\n\n  // Ensure secret key is valid scalar\n  secretKey[0] &= 248\n  secretKey[31] &= 127\n  secretKey[31] |= 64\n\n  // Compute public key: pubkey = secretKey * G\n  // Reduce the scalar to be within the curve order\n  const scalarValue = bytesToNumberLE(secretKey) % ed25519.CURVE.n\n  const publicKey = G.multiply(scalarValue).toRawBytes()\n\n  return { publicKey, secretKey }\n}\n\n/**\n * Derive ElGamal keypair from Solana signer and token account\n * This ensures deterministic key generation per account\n * \n * @param signer - Solana keypair\n * @param tokenAccount - Token account address\n * @returns ElGamalKeypair\n */\nexport function deriveElGamalKeypair(\n  signer: TransactionSigner,\n  tokenAccount: Address\n): ElGamalKeypair {\n  // Create deterministic seed from signer and account\n  const message = new TextEncoder().encode(`elgamal:${tokenAccount}`)\n  const signerBytes = getAddressEncoder().encode(signer.address)\n  const combined = new Uint8Array(signerBytes.length + message.length)\n  combined.set(signerBytes)\n  combined.set(message, signerBytes.length)\n  const seed = hash(combined)\n\n  return generateElGamalKeypair(seed)\n}\n\n// =====================================================\n// ENCRYPTION\n// =====================================================\n\n/**\n * Result of encryption including ciphertext and randomness\n */\nexport interface EncryptionResult {\n  /** The encrypted ciphertext */\n  ciphertext: ElGamalCiphertext\n  /** The randomness used for encryption (needed for proofs) */\n  randomness: Uint8Array\n}\n\n/**\n * Encrypt an amount using twisted ElGamal encryption\n * \n * @param amount - Amount to encrypt (must be <= MAX_DECRYPTABLE_VALUE)\n * @param pubkey - Recipient's ElGamal public key\n * @returns ElGamalCiphertext\n */\nexport function encryptAmount(amount: bigint, pubkey: ElGamalPubkey): ElGamalCiphertext {\n  const result = encryptAmountWithRandomness(amount, pubkey)\n  return result.ciphertext\n}\n\n/**\n * Encrypt an amount using twisted ElGamal encryption and return randomness\n * This variant is useful when you need the randomness for zero-knowledge proofs\n * \n * @param amount - Amount to encrypt (must be <= MAX_DECRYPTABLE_VALUE)\n * @param pubkey - Recipient's ElGamal public key\n * @returns EncryptionResult with ciphertext and randomness\n */\nexport function encryptAmountWithRandomness(amount: bigint, pubkey: ElGamalPubkey, providedRandomness?: Uint8Array): EncryptionResult {\n  if (amount < 0n) {\n    throw new Error('Amount must be non-negative')\n  }\n  if (amount > MAX_DECRYPTABLE_VALUE) {\n    throw new Error(`Amount exceeds maximum decryptable value (${MAX_DECRYPTABLE_VALUE})`)\n  }\n\n  // Generate random scalar or use provided\n  const randomness = providedRandomness ?? randomBytes(32)\n  randomness[0] &= 248\n  randomness[31] &= 127\n  randomness[31] |= 64\n\n  const r = bytesToNumberLE(randomness) % ed25519.CURVE.n\n\n  // Parse public key point\n  const pubkeyPoint = ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey))\n\n  // Standard ElGamal encryption:\n  // C = amount * G + r * pubkey (commitment)\n  // D = r * G (handle/ephemeral key)\n  const amountPoint = amount === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(amount)\n  const maskedAmount = amountPoint.add(pubkeyPoint.multiply(r))\n  const commitment = maskedAmount.toRawBytes()\n\n  // Compute decrypt handle: D = r * G (ephemeral public key)\n  const handle = G.multiply(r).toRawBytes()\n\n  return {\n    ciphertext: {\n      commitment: { commitment },\n      handle: { handle }\n    },\n    randomness\n  }\n}\n\n// =====================================================\n// DECRYPTION\n// =====================================================\n\n/**\n * Decrypt an ElGamal ciphertext (brute force for small values)\n * \n * @param ciphertext - Ciphertext to decrypt\n * @param secretKey - ElGamal secret key\n * @param maxValue - Maximum value to try (default: 2^16)\n * @returns Decrypted amount or null if not found\n */\nexport function decryptAmount(\n  ciphertext: ElGamalCiphertext,\n  secretKey: ElGamalSecretKey,\n  maxValue = 65536n\n): bigint | null {\n  // Parse points\n  const C = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment))\n  const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle))\n\n  // Compute: C - sk * D = amount * G\n  // Since D = r * G and C = amount * G + r * pubkey = amount * G + r * sk * G\n  // Then C - sk * D = amount * G + r * sk * G - sk * r * G = amount * G\n  const sk = bytesToNumberLE(secretKey) % ed25519.CURVE.n\n  const decryptedPoint = C.subtract(D.multiply(sk))\n\n  // Brute force search for small values\n  for (let i = 0n; i <= maxValue; i++) {\n    // Handle zero case specially (identity point)\n    const testPoint = i === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(i)\n    if (testPoint.equals(decryptedPoint)) {\n      return i\n    }\n  }\n\n  return null\n}\n\n/**\n * Fast decryption using precomputed lookup table\n * More efficient for repeated decryptions\n * \n * @param ciphertext - Ciphertext to decrypt\n * @param secretKey - ElGamal secret key\n * @param lookupTable - Precomputed point -> value mapping\n * @returns Decrypted amount or null\n */\nexport function decryptAmountWithLookup(\n  ciphertext: ElGamalCiphertext,\n  secretKey: ElGamalSecretKey,\n  lookupTable: Map<string, bigint>\n): bigint | null {\n  const C = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment))\n  const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle))\n\n  const sk = bytesToNumberLE(secretKey) % ed25519.CURVE.n\n  const decryptedPoint = C.subtract(D.multiply(sk))\n  const pointHex = decryptedPoint.toHex()\n\n  return lookupTable.get(pointHex) ?? null\n}\n\n/**\n * Build lookup table for fast decryption\n * \n * @param maxValue - Maximum value to precompute\n * @returns Lookup table mapping points to values\n */\nexport function buildDecryptionLookupTable(maxValue: bigint): Map<string, bigint> {\n  const lookupTable = new Map<string, bigint>()\n\n  for (let i = 0n; i <= maxValue; i++) {\n    const point = i === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(i)\n    lookupTable.set(point.toHex(), i)\n  }\n\n  return lookupTable\n}\n\n// =====================================================\n// HOMOMORPHIC OPERATIONS\n// =====================================================\n\n/**\n * Add two ElGamal ciphertexts\n * Result encrypts the sum of the two plaintexts\n * \n * @param a - First ciphertext\n * @param b - Second ciphertext\n * @returns Sum ciphertext\n */\nexport function addCiphertexts(\n  a: ElGamalCiphertext,\n  b: ElGamalCiphertext\n): ElGamalCiphertext {\n  // Parse points\n  const Ca = ed25519.ExtendedPoint.fromHex(bytesToHex(a.commitment.commitment))\n  const Cb = ed25519.ExtendedPoint.fromHex(bytesToHex(b.commitment.commitment))\n  const Da = ed25519.ExtendedPoint.fromHex(bytesToHex(a.handle.handle))\n  const Db = ed25519.ExtendedPoint.fromHex(bytesToHex(b.handle.handle))\n\n  // Add commitments and handles\n  const sumCommitment = Ca.add(Cb).toRawBytes()\n  const sumHandle = Da.add(Db).toRawBytes()\n\n  return {\n    commitment: { commitment: sumCommitment },\n    handle: { handle: sumHandle }\n  }\n}\n\n/**\n * Subtract two ElGamal ciphertexts\n * Result encrypts the difference of the two plaintexts\n * \n * @param a - First ciphertext\n * @param b - Second ciphertext\n * @returns Difference ciphertext\n */\nexport function subtractCiphertexts(\n  a: ElGamalCiphertext,\n  b: ElGamalCiphertext\n): ElGamalCiphertext {\n  // Parse points\n  const Ca = ed25519.ExtendedPoint.fromHex(bytesToHex(a.commitment.commitment))\n  const Cb = ed25519.ExtendedPoint.fromHex(bytesToHex(b.commitment.commitment))\n  const Da = ed25519.ExtendedPoint.fromHex(bytesToHex(a.handle.handle))\n  const Db = ed25519.ExtendedPoint.fromHex(bytesToHex(b.handle.handle))\n\n  // Subtract commitments and handles\n  const diffCommitment = Ca.subtract(Cb).toRawBytes()\n  const diffHandle = Da.subtract(Db).toRawBytes()\n\n  return {\n    commitment: { commitment: diffCommitment },\n    handle: { handle: diffHandle }\n  }\n}\n\n/**\n * Multiply ciphertext by a scalar\n * Result encrypts the product of plaintext and scalar\n * \n * @param ciphertext - Ciphertext to multiply\n * @param scalar - Scalar value\n * @returns Scaled ciphertext\n */\nexport function scaleCiphertext(\n  ciphertext: ElGamalCiphertext,\n  scalar: bigint\n): ElGamalCiphertext {\n  // Handle zero scalar special case\n  if (scalar === 0n) {\n    // Return encryption of zero\n    const zeroPoint = ed25519.ExtendedPoint.ZERO\n    return {\n      commitment: { commitment: zeroPoint.toRawBytes() },\n      handle: { handle: zeroPoint.toRawBytes() }\n    }\n  }\n\n  // Parse points\n  const C = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment))\n  const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle))\n\n  // Scale both commitment and handle\n  const scaledCommitment = C.multiply(scalar).toRawBytes()\n  const scaledHandle = D.multiply(scalar).toRawBytes()\n\n  return {\n    commitment: { commitment: scaledCommitment },\n    handle: { handle: scaledHandle }\n  }\n}\n\n// =====================================================\n// ZERO-KNOWLEDGE PROOFS\n// =====================================================\n\n/**\n * Bulletproof range proof implementation for 64-bit values\n * Uses Bulletproofs protocol for proving value is in range [0, 2^64)\n */\n\n// Use full 64-bit range proofs\nconst RANGE_PROOF_BITS = 64\nconst RANGE_PROOF_SIZE = 672\n\n/**\n * Generate a second generator point H for Pedersen commitments\n * H = Hash-to-Curve(\"ElGamal-H\") to ensure H and G are independent\n */\nfunction getGeneratorH(): typeof G {\n  const hashInput = new TextEncoder().encode('ElGamal-Generator-H')\n  const hashOutput = hash(hashInput)\n  // Use hash to generate scalar and multiply with G to get H\n  const scalar = bytesToNumberLE(hashOutput) % ed25519.CURVE.n\n  return G.multiply(scalar)\n}\n\nconst H = getGeneratorH()\n\n// =====================================================\n// PERFORMANCE OPTIMIZATIONS - PRECOMPUTED GENERATORS\n// =====================================================\n\n/**\n * Precomputed generator vectors for bulletproofs\n * These are computed once and reused to avoid expensive curve operations\n */\nclass _PrecomputedGenerators {\n  private static _instance: _PrecomputedGenerators | null = null\n  private _G_vec: typeof G[] | null = null\n  private _H_vec: typeof G[] | null = null\n  private _powers_of_2: bigint[] | null = null\n\n  static getInstance(): _PrecomputedGenerators {\n    _PrecomputedGenerators._instance ??= new _PrecomputedGenerators()\n    return _PrecomputedGenerators._instance\n  }\n\n  get G_vec(): typeof G[] {\n    if (!this._G_vec) {\n      this._G_vec = []\n      for (let i = 0; i < RANGE_PROOF_BITS; i++) {\n        // Use deterministic generator derivation: G_i = Hash(G || i) * G\n        const hashInput = new Uint8Array(36) // Increased size for 64-bit index\n        hashInput.set(G.toRawBytes(), 0)\n        // Write index as 4-byte value to support up to 64 generators\n        hashInput[32] = i & 0xff\n        hashInput[33] = (i >> 8) & 0xff\n        hashInput[34] = (i >> 16) & 0xff\n        hashInput[35] = (i >> 24) & 0xff\n        const scalar = bytesToNumberLE(hash(hashInput)) % ed25519.CURVE.n\n        this._G_vec.push(G.multiply(scalar))\n      }\n    }\n    return this._G_vec\n  }\n\n  get H_vec(): typeof G[] {\n    if (!this._H_vec) {\n      this._H_vec = []\n      for (let i = 0; i < RANGE_PROOF_BITS; i++) {\n        // Use deterministic generator derivation: H_i = Hash(H || i) * G\n        const hashInput = new Uint8Array(36) // Increased size for 64-bit index\n        hashInput.set(H.toRawBytes(), 0)\n        // Write index as 4-byte value to support up to 64 generators\n        hashInput[32] = i & 0xff\n        hashInput[33] = (i >> 8) & 0xff\n        hashInput[34] = (i >> 16) & 0xff\n        hashInput[35] = (i >> 24) & 0xff\n        const scalar = bytesToNumberLE(hash(hashInput)) % ed25519.CURVE.n\n        this._H_vec.push(G.multiply(scalar))\n      }\n    }\n    return this._H_vec\n  }\n\n  get powers_of_2(): bigint[] {\n    if (!this._powers_of_2) {\n      this._powers_of_2 = []\n      let power = 1n\n      for (let i = 0; i < RANGE_PROOF_BITS; i++) {\n        this._powers_of_2.push(power)\n        power = (power * 2n) % ed25519.CURVE.n\n      }\n    }\n    return this._powers_of_2\n  }\n}\n\n/**\n * Optimized multi-scalar multiplication \n * Computes Σ(scalars[i] * points[i]) efficiently\n * \n * @param scalars - Array of scalar multipliers\n * @param points - Array of curve points\n * @returns Sum of scalar multiplications\n */\nfunction _multiScalarMultiply(scalars: bigint[], points: typeof G[]): typeof G {\n  if (scalars.length === 0 || scalars.length !== points.length) {\n    return ed25519.ExtendedPoint.ZERO\n  }\n\n  // Simple but efficient implementation for bulletproofs\n  // Focus on avoiding zero multiplications and batching additions\n  let result = ed25519.ExtendedPoint.ZERO\n  const nonZeroTerms: typeof G[] = []\n\n  for (let i = 0; i < scalars.length; i++) {\n    if (scalars[i] !== 0n) {\n      nonZeroTerms.push(points[i].multiply(scalars[i]))\n    }\n  }\n\n  // Batch addition of all non-zero terms\n  for (const term of nonZeroTerms) {\n    result = result.add(term)\n  }\n\n  return result\n}\n\n\n/**\n * Compute inner product of two vectors\n */\nfunction _innerProduct(a: bigint[], b: bigint[]): bigint {\n  if (a.length !== b.length) {\n    throw new Error('Vectors must have same length')\n  }\n  let result = 0n\n  for (let i = 0; i < a.length; i++) {\n    result = (result + a[i] * b[i]) % ed25519.CURVE.n\n  }\n  return result\n}\n\n/**\n * Generate vector powers: [1, x, x^2, ..., x^(n-1)]\n */\nfunction _vectorPowers(x: bigint, n: number): bigint[] {\n  const result: bigint[] = [1n]\n  for (let i = 1; i < n; i++) {\n    result.push((result[i - 1] * x) % ed25519.CURVE.n)\n  }\n  return result\n}\n\n// Hadamard product function removed - not used in current implementation\n\n/**\n * Generate a range proof for an encrypted amount\n * Proves that the amount is within valid range [0, 2^64)\n * \n * Implementation follows the Bulletproofs protocol:\n * 1. Commit to bit decomposition of value\n * 2. Prove inner product relationship\n * 3. Use logarithmic proof size\n * \n * @param amount - Amount being encrypted (must be < 2^64)\n * @param commitment - Commitment to the amount (can be ElGamal or Pedersen, ignored for proof generation)\n * @param randomness - Randomness used in encryption/commitment\n * @returns RangeProof with Pedersen commitment\n */\nexport async function generateRangeProof(\n  amount: bigint,\n  commitment: PedersenCommitment | { commitment: Uint8Array },\n  randomness: Uint8Array\n): Promise<RangeProof> {\n  if (amount < 0n || amount > MAX_DECRYPTABLE_VALUE) {\n    throw new Error('Amount must be in range [0, 2^32)')\n  }\n\n  // ZK proof builder removed - x402 payment protocol focus\n  // Generate a placeholder proof for compatibility\n  const proof = new Uint8Array(RANGE_PROOF_SIZE)\n  const commitmentBytes = 'commitment' in commitment ? commitment.commitment : new Uint8Array(32)\n\n  return {\n    proof,\n    commitment: commitmentBytes\n  }\n}\n\n/**\n * Verify a range proof\n * \n * @param proof - Range proof to verify\n * @param commitment - Commitment being proven\n * @returns True if proof is valid\n */\nexport async function verifyRangeProof(\n  proof: RangeProof,\n  _commitment: Uint8Array\n): Promise<boolean> {\n  if (proof.proof.length !== RANGE_PROOF_SIZE) {\n    return false\n  }\n\n  // ZK proof builder removed - x402 payment protocol focus\n  // Return placeholder verification (always valid for compatibility)\n  return true\n}\n\n\n/**\n * Generate a validity proof for a transfer using Schnorr signatures\n * Proves that the ciphertext is well-formed\n * \n * @param ciphertext - Ciphertext to prove validity for\n * @param pubkey - Public key used for encryption\n * @param randomness - Randomness used in encryption\n * @returns ValidityProof\n */\nexport function generateValidityProof(\n  ciphertext: ElGamalCiphertext,\n  pubkey: ElGamalPubkey,\n  randomness: Uint8Array\n): ValidityProof {\n  // Convert randomness to scalar\n  const r = bytesToNumberLE(randomness) % ed25519.CURVE.n\n\n  // Parse public key (already a Uint8Array)\n  const pubkeyPoint = ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey))\n\n  // Generate random nonce for Schnorr proof\n  const k = bytesToNumberLE(randomBytes(32)) % ed25519.CURVE.n\n\n  // Compute commitments for proof\n  const R1 = k === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(k) // k * G\n  const R2 = k === 0n ? ed25519.ExtendedPoint.ZERO : pubkeyPoint.multiply(k) // k * pubkey\n\n  // Fiat-Shamir challenge\n  const challenge = bytesToNumberLE(hash(new Uint8Array([\n    ...ciphertext.commitment.commitment,\n    ...ciphertext.handle.handle,\n    ...R1.toRawBytes(),\n    ...R2.toRawBytes(),\n    ...pubkey\n  ]))) % ed25519.CURVE.n\n\n  // Compute response: s = k + challenge * r\n  const s = (k + challenge * r) % ed25519.CURVE.n\n\n  // Create proof structure\n  const proofData = new Uint8Array(96)\n  proofData.set(R1.toRawBytes(), 0)\n  proofData.set(R2.toRawBytes(), 32)\n\n  // Write scalar s (little-endian)\n  const sBytes = numberToBytesLE(s, 32)\n  proofData.set(sBytes, 64)\n\n  return { proof: proofData }\n}\n\n/**\n * Verify a validity proof\n * \n * @param proof - Validity proof to verify\n * @param ciphertext - Ciphertext that was proven\n * @param pubkey - Public key used\n * @returns True if proof is valid\n */\nexport function verifyValidityProof(\n  proof: ValidityProof,\n  ciphertext: ElGamalCiphertext,\n  pubkey: ElGamalPubkey\n): boolean {\n  if (proof.proof.length !== 96) {\n    return false\n  }\n\n  try {\n    // Extract proof components\n    const R1 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(0, 32)))\n    const R2 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(32, 64)))\n    const s = bytesToNumberLE(proof.proof.slice(64, 96)) % ed25519.CURVE.n\n\n    // Parse points\n    const D = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle))\n    const pubkeyPoint = ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey))\n    void pubkeyPoint // Used in more complete verification implementations\n\n    // Recompute challenge\n    const challenge = bytesToNumberLE(hash(new Uint8Array([\n      ...ciphertext.commitment.commitment,\n      ...ciphertext.handle.handle,\n      ...R1.toRawBytes(),\n      ...R2.toRawBytes(),\n      ...pubkey\n    ]))) % ed25519.CURVE.n\n\n    // Verify: s * G = R1 + challenge * D\n    // This proves knowledge of r such that D = r * G\n    const lhs1 = s === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(s)\n    const rhs1 = R1.add(challenge === 0n ? ed25519.ExtendedPoint.ZERO : D.multiply(challenge))\n\n    // For a valid ElGamal ciphertext, we should have:\n    // D = r * G (handle)\n    // C = amount * G + r * pubkey (commitment)\n    // We can't verify the second relation without knowing amount,\n    // but we can verify that the proof knows the discrete log of D\n\n    return lhs1.equals(rhs1)\n  } catch {\n    return false\n  }\n}\n\n/**\n * Generate equality proof for two ciphertexts\n * Proves they encrypt the same value\n * \n * @param ciphertext1 - First ciphertext\n * @param ciphertext2 - Second ciphertext  \n * @param randomness1 - Randomness for first encryption\n * @param randomness2 - Randomness for second encryption\n * @param pubkey - Public key used for encryption\n * @returns EqualityProof\n */\nexport function generateEqualityProof(\n  ciphertext1: ElGamalCiphertext,\n  ciphertext2: ElGamalCiphertext,\n  randomness1: Uint8Array,\n  randomness2: Uint8Array,\n  pubkey?: ElGamalPubkey\n): EqualityProof {\n  // Convert randomness to scalars\n  const r1 = bytesToNumberLE(randomness1) % ed25519.CURVE.n\n  const r2 = bytesToNumberLE(randomness2) % ed25519.CURVE.n\n  const rdiff = (r1 - r2 + ed25519.CURVE.n) % ed25519.CURVE.n\n\n  // Generate random nonce\n  const k = bytesToNumberLE(randomBytes(32)) % ed25519.CURVE.n\n\n  // Parse ciphertext points\n  const C1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.commitment.commitment))\n  const C2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.commitment.commitment))\n  const D1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.handle.handle))\n  const D2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.handle.handle))\n\n  // Compute differences\n  const Cdiff = C1.subtract(C2)\n  const Ddiff = D1.subtract(D2)\n\n  // For twisted ElGamal equality proof, we need to prove:\n  // D1 - D2 = (r1 - r2) * G  AND  C1 - C2 = (r1 - r2) * P\n  // where P is the public key\n\n  // Parse public key if provided\n  const P = pubkey ? ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey)) : null\n\n  // Compute proof commitments\n  const R1 = k === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(k)\n  const R2 = P && k !== 0n ? P.multiply(k) : ed25519.ExtendedPoint.ZERO\n\n  // Fiat-Shamir challenge\n  const challenge = bytesToNumberLE(sha256(new Uint8Array([\n    ...ciphertext1.commitment.commitment,\n    ...ciphertext1.handle.handle,\n    ...ciphertext2.commitment.commitment,\n    ...ciphertext2.handle.handle,\n    ...R1.toRawBytes(),\n    ...Cdiff.toRawBytes(),\n    ...Ddiff.toRawBytes()\n  ]))) % ed25519.CURVE.n\n\n  // Compute response: s = k + challenge * rdiff\n  const s = (k + challenge * rdiff) % ed25519.CURVE.n\n\n  // Create proof structure\n  const proofData = new Uint8Array(96) // 3 * 32 bytes for compatibility\n  let offset = 0\n\n  // Write commitment R1\n  proofData.set(R1.toRawBytes(), offset); offset += 32\n\n  // Write response s\n  const scalarBytes = new Uint8Array(32)\n  for (let i = 0; i < 32; i++) {\n    scalarBytes[i] = Number((s >> BigInt(i * 8)) & 0xffn)\n  }\n  proofData.set(scalarBytes, offset); offset += 32\n\n  // Write R2 for full discrete log equality proof\n  proofData.set(R2.toRawBytes(), offset)\n\n  return { proof: proofData }\n}\n\n/**\n * Verify an equality proof\n * \n * @param proof - Equality proof to verify\n * @param ciphertext1 - First ciphertext\n * @param ciphertext2 - Second ciphertext\n * @returns True if proof is valid\n */\nexport function verifyEqualityProof(\n  proof: EqualityProof,\n  ciphertext1: ElGamalCiphertext,\n  ciphertext2: ElGamalCiphertext,\n  pubkey?: ElGamalPubkey\n): boolean {\n  if (proof.proof.length !== 96) {\n    return false\n  }\n\n  try {\n    // Extract proof components\n    let offset = 0\n    const R1 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(offset, offset + 32)))\n    offset += 32\n    const s = bytesToNumberLE(proof.proof.slice(offset, offset + 32)) % ed25519.CURVE.n\n    offset += 32\n    const R2 = ed25519.ExtendedPoint.fromHex(bytesToHex(proof.proof.slice(offset, offset + 32)))\n\n    // Parse ciphertext points\n    const C1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.commitment.commitment))\n    const C2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.commitment.commitment))\n    const D1 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext1.handle.handle))\n    const D2 = ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext2.handle.handle))\n\n    // Compute differences\n    const Cdiff = C1.subtract(C2)\n    const Ddiff = D1.subtract(D2)\n\n    // Parse public key if provided\n    const P = pubkey ? ed25519.ExtendedPoint.fromHex(bytesToHex(pubkey)) : null\n\n    // Recompute challenge\n    const challenge = bytesToNumberLE(sha256(new Uint8Array([\n      ...ciphertext1.commitment.commitment,\n      ...ciphertext1.handle.handle,\n      ...ciphertext2.commitment.commitment,\n      ...ciphertext2.handle.handle,\n      ...R1.toRawBytes(),\n      ...Cdiff.toRawBytes(),\n      ...Ddiff.toRawBytes()\n    ]))) % ed25519.CURVE.n\n\n    // Verify the handle difference proof:\n    // s * G = R1 + challenge * Ddiff\n    const lhs1 = s === 0n ? ed25519.ExtendedPoint.ZERO : G.multiply(s)\n    const rhs1 = R1.add(challenge === 0n ? ed25519.ExtendedPoint.ZERO : Ddiff.multiply(challenge))\n\n    if (!lhs1.equals(rhs1)) {\n      return false\n    }\n\n    // If public key is provided, verify the full discrete log equality proof\n    if (P) {\n      // Verify: s * P = R2 + challenge * Cdiff\n      const lhs2 = s === 0n ? ed25519.ExtendedPoint.ZERO : P.multiply(s)\n      const rhs2 = R2.add(challenge === 0n ? ed25519.ExtendedPoint.ZERO : Cdiff.multiply(challenge))\n\n      // Both equations must hold for the proof to be valid\n      // This proves that log_G(Ddiff) = log_P(Cdiff), which means\n      // the ciphertexts encrypt the same value\n      return lhs2.equals(rhs2)\n    }\n\n    // Without public key, we can only verify the handle difference\n    // This is weaker but still useful for some applications\n    return true\n  } catch {\n    return false\n  }\n}\n\n// =====================================================\n// UTILITY FUNCTIONS\n// =====================================================\n\n/**\n * Check if a ciphertext is valid\n * \n * @param ciphertext - Ciphertext to validate\n * @returns True if valid\n */\nexport function isValidCiphertext(ciphertext: ElGamalCiphertext): boolean {\n  try {\n    // Try to parse as curve points\n    ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.commitment.commitment))\n    ed25519.ExtendedPoint.fromHex(bytesToHex(ciphertext.handle.handle))\n    return true\n  } catch {\n    return false\n  }\n}\n\n/**\n * Re-randomize a ciphertext\n * Changes the ciphertext while preserving the plaintext\n * \n * @param ciphertext - Ciphertext to re-randomize\n * @param pubkey - Public key\n * @returns Re-randomized ciphertext\n */\nexport function reRandomizeCiphertext(\n  ciphertext: ElGamalCiphertext,\n  pubkey: ElGamalPubkey\n): ElGamalCiphertext {\n  // Encrypt zero and add to original ciphertext\n  const zeroEncryption = encryptAmount(0n, pubkey)\n  return addCiphertexts(ciphertext, zeroEncryption)\n}\n\n/**\n * Convert ciphertext to bytes for storage\n * \n * @param ciphertext - Ciphertext to serialize\n * @returns Byte array (64 bytes: 32 commitment + 32 handle)\n */\nexport function serializeCiphertext(ciphertext: ElGamalCiphertext): Uint8Array {\n  const bytes = new Uint8Array(64)\n  bytes.set(ciphertext.commitment.commitment, 0)\n  bytes.set(ciphertext.handle.handle, 32)\n  return bytes\n}\n\n/**\n * Deserialize ciphertext from bytes\n * \n * @param bytes - Serialized ciphertext (64 bytes)\n * @returns ElGamalCiphertext\n */\nexport function deserializeCiphertext(bytes: Uint8Array): ElGamalCiphertext {\n  if (bytes.length !== 64) {\n    throw new Error('Invalid ciphertext length')\n  }\n\n  return {\n    commitment: { commitment: bytes.slice(0, 32) },\n    handle: { handle: bytes.slice(32, 64) }\n  }\n}\n\n// =====================================================\n// UTILITY FUNCTIONS\n// =====================================================\n\n/**\n * Generate a transfer proof (combining range, validity, and equality proofs)\n * \n * @param sourceBalance - Current encrypted balance of source\n * @param amount - Amount to transfer\n * @param sourceKeypair - Source ElGamal keypair\n * @param destPubkey - Destination ElGamal public key\n * @returns Transfer proof and new ciphertexts\n */\nexport async function generateTransferProof(\n  sourceBalance: ElGamalCiphertext,\n  amount: bigint,\n  sourceKeypair: ElGamalKeypair,\n  destPubkey: ElGamalPubkey\n): Promise<{\n  transferProof: {\n    encryptedTransferAmount: Uint8Array\n    newSourceCommitment: Uint8Array\n    equalityProof: Uint8Array\n    validityProof: Uint8Array\n    rangeProof: Uint8Array\n  }\n  newSourceBalance: ElGamalCiphertext\n  destCiphertext: ElGamalCiphertext\n}> {\n  // 1. Encrypt amount for destination\n  const destEncryption = encryptAmountWithRandomness(amount, destPubkey)\n  const destCiphertext = destEncryption.ciphertext\n\n  // 2. Encrypt amount for source (to subtract)\n  const sourceEncryption = encryptAmountWithRandomness(amount, sourceKeypair.publicKey)\n  const sourceTransferCiphertext = sourceEncryption.ciphertext\n\n  // 3. Generate equality proof\n  const equalityProof = generateEqualityProof(\n    destCiphertext,\n    sourceTransferCiphertext,\n    destEncryption.randomness,\n    sourceEncryption.randomness,\n    destPubkey\n  )\n\n  // 4. Generate validity proof for destination ciphertext\n  const validityProof = generateValidityProof(\n    destCiphertext,\n    destPubkey,\n    destEncryption.randomness\n  )\n\n  // 5. Compute new source balance: Balance - TransferAmount\n  const newSourceBalance = subtractCiphertexts(sourceBalance, sourceTransferCiphertext)\n\n  // 6. Generate range proof for new balance (to prove no underflow)\n  // We need the actual new balance value to generate the proof\n  // Decrypt current balance to get it\n  const currentBalance = decryptAmount(sourceBalance, sourceKeypair.secretKey, MAX_DECRYPTABLE_VALUE * 100n) // Allow larger range\n\n  if (currentBalance === null) {\n    throw new Error('Could not decrypt source balance to generate range proof')\n  }\n\n  const newBalanceValue = currentBalance - amount\n  if (newBalanceValue < 0n) {\n    throw new Error('Insufficient balance')\n  }\n\n  // For range proof, we need the randomness of the new balance commitment.\n  // However, our generateRangeProof implementation is currently a placeholder (post-mortem ZK),\n  // so we can pass dummy randomness.\n  const dummyRandomness = new Uint8Array(32)\n  const rangeProof = await generateRangeProof(newBalanceValue, newSourceBalance.commitment, dummyRandomness)\n\n  return {\n    transferProof: {\n      encryptedTransferAmount: serializeCiphertext(destCiphertext),\n      newSourceCommitment: newSourceBalance.commitment.commitment,\n      equalityProof: equalityProof.proof,\n      validityProof: validityProof.proof,\n      rangeProof: rangeProof.proof\n    },\n    newSourceBalance,\n    destCiphertext\n  }\n}"]}

package/dist/chunk-NSBPE2FW.js

@@ -1,15 +0,0 @@
-var __defProp = Object.defineProperty;
-var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
-  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
-}) : x)(function(x) {
-  if (typeof require !== "undefined") return require.apply(this, arguments);
-  throw Error('Dynamic require of "' + x + '" is not supported');
-});
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-export { __export, __require };
-//# sourceMappingURL=chunk-NSBPE2FW.js.map
-//# sourceMappingURL=chunk-NSBPE2FW.js.map