npm - @latticexyz/world-module-erc20 - Versions diffs - 2.2.21-581228bd857077023efdb496a9a44fa62ff89936 → 2.2.21-a1b22c2778fe67a4457042f68a7240465c07183d - Mend

@latticexyz/world-module-erc20 2.2.21-581228bd857077023efdb496a9a44fa62ff89936 → 2.2.21-a1b22c2778fe67a4457042f68a7240465c07183d

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

package/dist/{secp256k1-XVT662DN.js → secp256k1-QT34R5PW.js} RENAMED Viewed

@@ -1,21 +1,21 @@
 import {
   Hash,
-  bytes,
+  abytes,
+  aexists,
+  ahash,
+  aoutput,
   concatBytes,
   createView,
-  exists,
-  hash,
-  output,
   randomBytes,
   rotr,
   toBytes,
   wrapConstructor
-} from "./chunk-2VXHCW2O.js";
+} from "./chunk-M5FHJZR5.js";
 import {
   __export
 } from "./chunk-PR4QN5HX.js";
-// ../../node_modules/.pnpm/@noble+hashes@1.5.0/node_modules/@noble/hashes/esm/_md.js
+// ../../node_modules/.pnpm/@noble+hashes@1.7.1/node_modules/@noble/hashes/esm/_md.js
 function setBigUint64(view, byteOffset, value, isLE) {
   if (typeof view.setBigUint64 === "function")
     return view.setBigUint64(byteOffset, value, isLE);
@@ -28,8 +28,12 @@ function setBigUint64(view, byteOffset, value, isLE) {
   view.setUint32(byteOffset + h, wh, isLE);
   view.setUint32(byteOffset + l, wl, isLE);
 }
-var Chi = (a, b, c) => a & b ^ ~a & c;
-var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
+function Chi(a, b, c) {
+  return a & b ^ ~a & c;
+}
+function Maj(a, b, c) {
+  return a & b ^ a & c ^ b & c;
+}
 var HashMD = class extends Hash {
   constructor(blockLen, outputLen, padOffset, isLE) {
     super();
@@ -45,7 +49,7 @@ var HashMD = class extends Hash {
     this.view = createView(this.buffer);
   }
   update(data) {
-    exists(this);
+    aexists(this);
     const { view, buffer, blockLen } = this;
     data = toBytes(data);
     const len = data.length;
@@ -70,8 +74,8 @@ var HashMD = class extends Hash {
     return this;
   }
   digestInto(out) {
-    exists(this);
-    output(out, this);
+    aexists(this);
+    aoutput(out, this);
     this.finished = true;
     const { buffer, view, blockLen, isLE } = this;
     let { pos } = this;
@@ -117,7 +121,7 @@ var HashMD = class extends Hash {
   }
 };
-// ../../node_modules/.pnpm/@noble+hashes@1.5.0/node_modules/@noble/hashes/esm/sha256.js
+// ../../node_modules/.pnpm/@noble+hashes@1.7.1/node_modules/@noble/hashes/esm/sha256.js
 var SHA256_K = /* @__PURE__ */ new Uint32Array([
   1116352408,
   1899447441,
@@ -267,39 +271,39 @@ var SHA256 = class extends HashMD {
 };
 var sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
-// ../../node_modules/.pnpm/@noble+hashes@1.5.0/node_modules/@noble/hashes/esm/hmac.js
+// ../../node_modules/.pnpm/@noble+hashes@1.7.1/node_modules/@noble/hashes/esm/hmac.js
 var HMAC = class extends Hash {
-  constructor(hash2, _key) {
+  constructor(hash, _key) {
     super();
     this.finished = false;
     this.destroyed = false;
-    hash(hash2);
+    ahash(hash);
     const key = toBytes(_key);
-    this.iHash = hash2.create();
+    this.iHash = hash.create();
     if (typeof this.iHash.update !== "function")
       throw new Error("Expected instance of class which extends utils.Hash");
     this.blockLen = this.iHash.blockLen;
     this.outputLen = this.iHash.outputLen;
     const blockLen = this.blockLen;
     const pad = new Uint8Array(blockLen);
-    pad.set(key.length > blockLen ? hash2.create().update(key).digest() : key);
+    pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
     for (let i = 0; i < pad.length; i++)
       pad[i] ^= 54;
     this.iHash.update(pad);
-    this.oHash = hash2.create();
+    this.oHash = hash.create();
     for (let i = 0; i < pad.length; i++)
       pad[i] ^= 54 ^ 92;
     this.oHash.update(pad);
     pad.fill(0);
   }
   update(buf) {
-    exists(this);
+    aexists(this);
     this.iHash.update(buf);
     return this;
   }
   digestInto(out) {
-    exists(this);
-    bytes(out, this.outputLen);
+    aexists(this);
+    abytes(out, this.outputLen);
     this.finished = true;
     this.iHash.digestInto(out);
     this.oHash.update(out);
@@ -329,15 +333,15 @@ var HMAC = class extends Hash {
     this.iHash.destroy();
   }
 };
-var hmac = (hash2, key, message) => new HMAC(hash2, key).update(message).digest();
-hmac.create = (hash2, key) => new HMAC(hash2, key);
+var hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
+hmac.create = (hash, key) => new HMAC(hash, key);
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/abstract/utils.js
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/abstract/utils.js
 var utils_exports = {};
 __export(utils_exports, {
   aInRange: () => aInRange,
   abool: () => abool,
-  abytes: () => abytes,
+  abytes: () => abytes2,
   bitGet: () => bitGet,
   bitLen: () => bitLen,
   bitMask: () => bitMask,
@@ -366,42 +370,42 @@ var _0n = /* @__PURE__ */ BigInt(0);
 var _1n = /* @__PURE__ */ BigInt(1);
 var _2n = /* @__PURE__ */ BigInt(2);
 function isBytes(a) {
-  return a instanceof Uint8Array || a != null && typeof a === "object" && a.constructor.name === "Uint8Array";
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
 }
-function abytes(item) {
+function abytes2(item) {
   if (!isBytes(item))
     throw new Error("Uint8Array expected");
 }
 function abool(title, value) {
   if (typeof value !== "boolean")
-    throw new Error(`${title} must be valid boolean, got "${value}".`);
+    throw new Error(title + " boolean expected, got " + value);
 }
 var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
-function bytesToHex(bytes2) {
-  abytes(bytes2);
+function bytesToHex(bytes) {
+  abytes2(bytes);
   let hex = "";
-  for (let i = 0; i < bytes2.length; i++) {
-    hex += hexes[bytes2[i]];
+  for (let i = 0; i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
   }
   return hex;
 }
 function numberToHexUnpadded(num2) {
   const hex = num2.toString(16);
-  return hex.length & 1 ? `0${hex}` : hex;
+  return hex.length & 1 ? "0" + hex : hex;
 }
 function hexToNumber(hex) {
   if (typeof hex !== "string")
     throw new Error("hex string expected, got " + typeof hex);
-  return BigInt(hex === "" ? "0" : `0x${hex}`);
-}
-var asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };
-function asciiToBase16(char) {
-  if (char >= asciis._0 && char <= asciis._9)
-    return char - asciis._0;
-  if (char >= asciis._A && char <= asciis._F)
-    return char - (asciis._A - 10);
-  if (char >= asciis._a && char <= asciis._f)
-    return char - (asciis._a - 10);
+  return hex === "" ? _0n : BigInt("0x" + hex);
+}
+var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function asciiToBase16(ch) {
+  if (ch >= asciis._0 && ch <= asciis._9)
+    return ch - asciis._0;
+  if (ch >= asciis.A && ch <= asciis.F)
+    return ch - (asciis.A - 10);
+  if (ch >= asciis.a && ch <= asciis.f)
+    return ch - (asciis.a - 10);
   return;
 }
 function hexToBytes(hex) {
@@ -410,7 +414,7 @@ function hexToBytes(hex) {
   const hl = hex.length;
   const al = hl / 2;
   if (hl % 2)
-    throw new Error("padded hex string expected, got unpadded hex of length " + hl);
+    throw new Error("hex string expected, got unpadded hex of length " + hl);
   const array = new Uint8Array(al);
   for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
     const n1 = asciiToBase16(hex.charCodeAt(hi));
@@ -423,12 +427,12 @@ function hexToBytes(hex) {
   }
   return array;
 }
-function bytesToNumberBE(bytes2) {
-  return hexToNumber(bytesToHex(bytes2));
+function bytesToNumberBE(bytes) {
+  return hexToNumber(bytesToHex(bytes));
 }
-function bytesToNumberLE(bytes2) {
-  abytes(bytes2);
-  return hexToNumber(bytesToHex(Uint8Array.from(bytes2).reverse()));
+function bytesToNumberLE(bytes) {
+  abytes2(bytes);
+  return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
 }
 function numberToBytesBE(n, len) {
   return hexToBytes(n.toString(16).padStart(len * 2, "0"));
@@ -445,23 +449,23 @@ function ensureBytes(title, hex, expectedLength) {
     try {
       res = hexToBytes(hex);
     } catch (e) {
-      throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
+      throw new Error(title + " must be hex string or Uint8Array, cause: " + e);
     }
   } else if (isBytes(hex)) {
     res = Uint8Array.from(hex);
   } else {
-    throw new Error(`${title} must be hex string or Uint8Array`);
+    throw new Error(title + " must be hex string or Uint8Array");
   }
   const len = res.length;
   if (typeof expectedLength === "number" && len !== expectedLength)
-    throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
+    throw new Error(title + " of length " + expectedLength + " expected, got " + len);
   return res;
 }
 function concatBytes2(...arrays) {
   let sum = 0;
   for (let i = 0; i < arrays.length; i++) {
     const a = arrays[i];
-    abytes(a);
+    abytes2(a);
     sum += a.length;
   }
   const res = new Uint8Array(sum);
@@ -482,7 +486,7 @@ function equalBytes(a, b) {
 }
 function utf8ToBytes(str) {
   if (typeof str !== "string")
-    throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+    throw new Error("string expected");
   return new Uint8Array(new TextEncoder().encode(str));
 }
 var isPosBig = (n) => typeof n === "bigint" && _0n <= n;
@@ -491,7 +495,7 @@ function inRange(n, min, max) {
 }
 function aInRange(title, n, min, max) {
   if (!inRange(n, min, max))
-    throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);
+    throw new Error("expected valid " + title + ": " + min + " <= n < " + max + ", got " + n);
 }
 function bitLen(n) {
   let len;
@@ -571,12 +575,12 @@ function validateObject(object, validators, optValidators = {}) {
   const checkField = (fieldName, type, isOptional) => {
     const checkVal = validatorFns[type];
     if (typeof checkVal !== "function")
-      throw new Error(`Invalid validator "${type}", expected function`);
+      throw new Error("invalid validator function");
     const val = object[fieldName];
     if (isOptional && val === void 0)
       return;
     if (!checkVal(val, object)) {
-      throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
+      throw new Error("param " + String(fieldName) + " is invalid. Expected " + type + ", got " + val);
     }
   };
   for (const [fieldName, type] of Object.entries(validators))
@@ -600,23 +604,25 @@ function memoized(fn) {
   };
 }
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/abstract/modular.js
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/abstract/modular.js
 var _0n2 = BigInt(0);
 var _1n2 = BigInt(1);
-var _2n2 = BigInt(2);
-var _3n = BigInt(3);
-var _4n = BigInt(4);
-var _5n = BigInt(5);
-var _8n = BigInt(8);
-var _9n = BigInt(9);
-var _16n = BigInt(16);
+var _2n2 = /* @__PURE__ */ BigInt(2);
+var _3n = /* @__PURE__ */ BigInt(3);
+var _4n = /* @__PURE__ */ BigInt(4);
+var _5n = /* @__PURE__ */ BigInt(5);
+var _8n = /* @__PURE__ */ BigInt(8);
+var _9n = /* @__PURE__ */ BigInt(9);
+var _16n = /* @__PURE__ */ BigInt(16);
 function mod(a, b) {
   const result = a % b;
   return result >= _0n2 ? result : b + result;
 }
 function pow(num2, power, modulo) {
-  if (modulo <= _0n2 || power < _0n2)
-    throw new Error("Expected power/modulo > 0");
+  if (power < _0n2)
+    throw new Error("invalid exponent, negatives unsupported");
+  if (modulo <= _0n2)
+    throw new Error("invalid modulus");
   if (modulo === _1n2)
     return _0n2;
   let res = _1n2;
@@ -637,9 +643,10 @@ function pow2(x, power, modulo) {
   return res;
 }
 function invert(number, modulo) {
-  if (number === _0n2 || modulo <= _0n2) {
-    throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
-  }
+  if (number === _0n2)
+    throw new Error("invert: expected non-zero number");
+  if (modulo <= _0n2)
+    throw new Error("invert: expected positive modulus, got " + modulo);
   let a = mod(number, modulo);
   let b = modulo;
   let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
@@ -660,38 +667,40 @@ function tonelliShanks(P) {
   let Q, S, Z;
   for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
     ;
-  for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++)
-    ;
+  for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++) {
+    if (Z > 1e3)
+      throw new Error("Cannot find square root: likely non-prime P");
+  }
   if (S === 1) {
     const p1div4 = (P + _1n2) / _4n;
-    return function tonelliFast(Fp2, n) {
-      const root = Fp2.pow(n, p1div4);
-      if (!Fp2.eql(Fp2.sqr(root), n))
+    return function tonelliFast(Fp, n) {
+      const root = Fp.pow(n, p1div4);
+      if (!Fp.eql(Fp.sqr(root), n))
         throw new Error("Cannot find square root");
       return root;
     };
   }
   const Q1div2 = (Q + _1n2) / _2n2;
-  return function tonelliSlow(Fp2, n) {
-    if (Fp2.pow(n, legendreC) === Fp2.neg(Fp2.ONE))
+  return function tonelliSlow(Fp, n) {
+    if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))
       throw new Error("Cannot find square root");
     let r = S;
-    let g = Fp2.pow(Fp2.mul(Fp2.ONE, Z), Q);
-    let x = Fp2.pow(n, Q1div2);
-    let b = Fp2.pow(n, Q);
-    while (!Fp2.eql(b, Fp2.ONE)) {
-      if (Fp2.eql(b, Fp2.ZERO))
-        return Fp2.ZERO;
+    let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q);
+    let x = Fp.pow(n, Q1div2);
+    let b = Fp.pow(n, Q);
+    while (!Fp.eql(b, Fp.ONE)) {
+      if (Fp.eql(b, Fp.ZERO))
+        return Fp.ZERO;
       let m = 1;
-      for (let t2 = Fp2.sqr(b); m < r; m++) {
-        if (Fp2.eql(t2, Fp2.ONE))
+      for (let t2 = Fp.sqr(b); m < r; m++) {
+        if (Fp.eql(t2, Fp.ONE))
           break;
-        t2 = Fp2.sqr(t2);
+        t2 = Fp.sqr(t2);
       }
-      const ge = Fp2.pow(g, _1n2 << BigInt(r - m - 1));
-      g = Fp2.sqr(ge);
-      x = Fp2.mul(x, ge);
-      b = Fp2.mul(b, g);
+      const ge = Fp.pow(g, _1n2 << BigInt(r - m - 1));
+      g = Fp.sqr(ge);
+      x = Fp.mul(x, ge);
+      b = Fp.mul(b, g);
       r = m;
     }
     return x;
@@ -700,22 +709,22 @@ function tonelliShanks(P) {
 function FpSqrt(P) {
   if (P % _4n === _3n) {
     const p1div4 = (P + _1n2) / _4n;
-    return function sqrt3mod4(Fp2, n) {
-      const root = Fp2.pow(n, p1div4);
-      if (!Fp2.eql(Fp2.sqr(root), n))
+    return function sqrt3mod4(Fp, n) {
+      const root = Fp.pow(n, p1div4);
+      if (!Fp.eql(Fp.sqr(root), n))
         throw new Error("Cannot find square root");
       return root;
     };
   }
   if (P % _8n === _5n) {
     const c1 = (P - _5n) / _8n;
-    return function sqrt5mod8(Fp2, n) {
-      const n2 = Fp2.mul(n, _2n2);
-      const v = Fp2.pow(n2, c1);
-      const nv = Fp2.mul(n, v);
-      const i = Fp2.mul(Fp2.mul(nv, _2n2), v);
-      const root = Fp2.mul(nv, Fp2.sub(i, Fp2.ONE));
-      if (!Fp2.eql(Fp2.sqr(root), n))
+    return function sqrt5mod8(Fp, n) {
+      const n2 = Fp.mul(n, _2n2);
+      const v = Fp.pow(n2, c1);
+      const nv = Fp.mul(n, v);
+      const i = Fp.mul(Fp.mul(nv, _2n2), v);
+      const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
+      if (!Fp.eql(Fp.sqr(root), n))
         throw new Error("Cannot find square root");
       return root;
     };
@@ -758,7 +767,7 @@ function validateField(field) {
 }
 function FpPow(f, num2, power) {
   if (power < _0n2)
-    throw new Error("Expected power > 0");
+    throw new Error("invalid exponent, negatives unsupported");
   if (power === _0n2)
     return f.ONE;
   if (power === _1n2)
@@ -797,13 +806,14 @@ function nLength(n, nBitLength) {
 }
 function Field(ORDER, bitLen2, isLE = false, redef = {}) {
   if (ORDER <= _0n2)
-    throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);
+    throw new Error("invalid field: expected ORDER > 0, got " + ORDER);
   const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
   if (BYTES > 2048)
-    throw new Error("Field lengths over 2048 bytes are not supported");
-  const sqrtP = FpSqrt(ORDER);
+    throw new Error("invalid field: expected ORDER of <= 2048 bytes");
+  let sqrtP;
   const f = Object.freeze({
     ORDER,
+    isLE,
     BITS,
     BYTES,
     MASK: bitMask(BITS),
@@ -812,7 +822,7 @@ function Field(ORDER, bitLen2, isLE = false, redef = {}) {
     create: (num2) => mod(num2, ORDER),
     isValid: (num2) => {
       if (typeof num2 !== "bigint")
-        throw new Error(`Invalid field element: expected bigint, got ${typeof num2}`);
+        throw new Error("invalid field element: expected bigint, got " + typeof num2);
       return _0n2 <= num2 && num2 < ORDER;
     },
     is0: (num2) => num2 === _0n2,
@@ -831,16 +841,20 @@ function Field(ORDER, bitLen2, isLE = false, redef = {}) {
     subN: (lhs, rhs) => lhs - rhs,
     mulN: (lhs, rhs) => lhs * rhs,
     inv: (num2) => invert(num2, ORDER),
-    sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
+    sqrt: redef.sqrt || ((n) => {
+      if (!sqrtP)
+        sqrtP = FpSqrt(ORDER);
+      return sqrtP(f, n);
+    }),
     invertBatch: (lst) => FpInvertBatch(f, lst),
     // TODO: do we really need constant cmov?
     // We don't have const-time bigints anyway, so probably will be not very useful
     cmov: (a, b, c) => c ? b : a,
     toBytes: (num2) => isLE ? numberToBytesLE(num2, BYTES) : numberToBytesBE(num2, BYTES),
-    fromBytes: (bytes2) => {
-      if (bytes2.length !== BYTES)
-        throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes2.length}`);
-      return isLE ? bytesToNumberLE(bytes2) : bytesToNumberBE(bytes2);
+    fromBytes: (bytes) => {
+      if (bytes.length !== BYTES)
+        throw new Error("Field.fromBytes: expected " + BYTES + " bytes, got " + bytes.length);
+      return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
     }
   });
   return Object.freeze(f);
@@ -860,37 +874,58 @@ function mapHashToField(key, fieldOrder, isLE = false) {
   const fieldLen = getFieldBytesLength(fieldOrder);
   const minLen = getMinHashLength(fieldOrder);
   if (len < 16 || len < minLen || len > 1024)
-    throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);
-  const num2 = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);
+    throw new Error("expected " + minLen + "-1024 bytes of input, got " + len);
+  const num2 = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);
   const reduced = mod(num2, fieldOrder - _1n2) + _1n2;
   return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
 }
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/abstract/curve.js
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/abstract/curve.js
 var _0n3 = BigInt(0);
 var _1n3 = BigInt(1);
+function constTimeNegate(condition, item) {
+  const neg = item.negate();
+  return condition ? neg : item;
+}
+function validateW(W, bits) {
+  if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
+    throw new Error("invalid window size, expected [1.." + bits + "], got W=" + W);
+}
+function calcWOpts(W, bits) {
+  validateW(W, bits);
+  const windows = Math.ceil(bits / W) + 1;
+  const windowSize = 2 ** (W - 1);
+  return { windows, windowSize };
+}
+function validateMSMPoints(points, c) {
+  if (!Array.isArray(points))
+    throw new Error("array expected");
+  points.forEach((p, i) => {
+    if (!(p instanceof c))
+      throw new Error("invalid point at index " + i);
+  });
+}
+function validateMSMScalars(scalars, field) {
+  if (!Array.isArray(scalars))
+    throw new Error("array of scalars expected");
+  scalars.forEach((s, i) => {
+    if (!field.isValid(s))
+      throw new Error("invalid scalar at index " + i);
+  });
+}
 var pointPrecomputes = /* @__PURE__ */ new WeakMap();
 var pointWindowSizes = /* @__PURE__ */ new WeakMap();
+function getW(P) {
+  return pointWindowSizes.get(P) || 1;
+}
 function wNAF(c, bits) {
-  const constTimeNegate = (condition, item) => {
-    const neg = item.negate();
-    return condition ? neg : item;
-  };
-  const validateW = (W) => {
-    if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
-      throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);
-  };
-  const opts = (W) => {
-    validateW(W);
-    const windows = Math.ceil(bits / W) + 1;
-    const windowSize = 2 ** (W - 1);
-    return { windows, windowSize };
-  };
   return {
     constTimeNegate,
+    hasPrecomputes(elm) {
+      return getW(elm) !== 1;
+    },
     // non-const time multiplication ladder
-    unsafeLadder(elm, n) {
-      let p = c.ZERO;
+    unsafeLadder(elm, n, p = c.ZERO) {
       let d = elm;
       while (n > _0n3) {
         if (n & _1n3)
@@ -908,10 +943,12 @@ function wNAF(c, bits) {
      * - 𝑊 is the window size
      * - 𝑛 is the bitlength of the curve order.
      * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
+     * @param elm Point instance
+     * @param W window size
      * @returns precomputed point tables flattened to a single array
      */
     precomputeWindow(elm, W) {
-      const { windows, windowSize } = opts(W);
+      const { windows, windowSize } = calcWOpts(W, bits);
       const points = [];
       let p = elm;
       let base = p;
@@ -934,7 +971,7 @@ function wNAF(c, bits) {
      * @returns real and fake (for const-time) points
      */
     wNAF(W, precomputes, n) {
-      const { windows, windowSize } = opts(W);
+      const { windows, windowSize } = calcWOpts(W, bits);
       let p = c.ZERO;
       let f = c.BASE;
       const mask = BigInt(2 ** W - 1);
@@ -960,52 +997,88 @@ function wNAF(c, bits) {
       }
       return { p, f };
     },
-    wNAFCached(P, n, transform) {
-      const W = pointWindowSizes.get(P) || 1;
+    /**
+     * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
+     * @param W window size
+     * @param precomputes precomputed tables
+     * @param n scalar (we don't check here, but should be less than curve order)
+     * @param acc accumulator point to add result of multiplication
+     * @returns point
+     */
+    wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
+      const { windows, windowSize } = calcWOpts(W, bits);
+      const mask = BigInt(2 ** W - 1);
+      const maxNumber = 2 ** W;
+      const shiftBy = BigInt(W);
+      for (let window = 0; window < windows; window++) {
+        const offset = window * windowSize;
+        if (n === _0n3)
+          break;
+        let wbits = Number(n & mask);
+        n >>= shiftBy;
+        if (wbits > windowSize) {
+          wbits -= maxNumber;
+          n += _1n3;
+        }
+        if (wbits === 0)
+          continue;
+        let curr = precomputes[offset + Math.abs(wbits) - 1];
+        if (wbits < 0)
+          curr = curr.negate();
+        acc = acc.add(curr);
+      }
+      return acc;
+    },
+    getPrecomputes(W, P, transform) {
       let comp = pointPrecomputes.get(P);
       if (!comp) {
         comp = this.precomputeWindow(P, W);
         if (W !== 1)
           pointPrecomputes.set(P, transform(comp));
       }
-      return this.wNAF(W, comp, n);
+      return comp;
+    },
+    wNAFCached(P, n, transform) {
+      const W = getW(P);
+      return this.wNAF(W, this.getPrecomputes(W, P, transform), n);
+    },
+    wNAFCachedUnsafe(P, n, transform, prev) {
+      const W = getW(P);
+      if (W === 1)
+        return this.unsafeLadder(P, n, prev);
+      return this.wNAFUnsafe(W, this.getPrecomputes(W, P, transform), n, prev);
     },
     // We calculate precomputes for elliptic curve point multiplication
     // using windowed method. This specifies window size and
     // stores precomputed values. Usually only base point would be precomputed.
     setWindowSize(P, W) {
-      validateW(W);
+      validateW(W, bits);
       pointWindowSizes.set(P, W);
       pointPrecomputes.delete(P);
     }
   };
 }
-function pippenger(c, field, points, scalars) {
-  if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)
+function pippenger(c, fieldN, points, scalars) {
+  validateMSMPoints(points, c);
+  validateMSMScalars(scalars, fieldN);
+  if (points.length !== scalars.length)
     throw new Error("arrays of points and scalars must have equal length");
-  scalars.forEach((s, i) => {
-    if (!field.isValid(s))
-      throw new Error(`wrong scalar at index ${i}`);
-  });
-  points.forEach((p, i) => {
-    if (!(p instanceof c))
-      throw new Error(`wrong point at index ${i}`);
-  });
+  const zero = c.ZERO;
   const wbits = bitLen(BigInt(points.length));
   const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1;
   const MASK = (1 << windowSize) - 1;
-  const buckets = new Array(MASK + 1).fill(c.ZERO);
-  const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;
-  let sum = c.ZERO;
+  const buckets = new Array(MASK + 1).fill(zero);
+  const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) * windowSize;
+  let sum = zero;
   for (let i = lastBits; i >= 0; i -= windowSize) {
-    buckets.fill(c.ZERO);
+    buckets.fill(zero);
     for (let j = 0; j < scalars.length; j++) {
       const scalar = scalars[j];
       const wbits2 = Number(scalar >> BigInt(i) & BigInt(MASK));
       buckets[wbits2] = buckets[wbits2].add(points[j]);
     }
-    let resI = c.ZERO;
-    for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {
+    let resI = zero;
+    for (let j = buckets.length - 1, sumI = zero; j > 0; j--) {
       sumI = sumI.add(buckets[j]);
       resI = resI.add(sumI);
     }
@@ -1034,7 +1107,7 @@ function validateBasic(curve) {
   });
 }
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/abstract/weierstrass.js
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/abstract/weierstrass.js
 function validateSigVerOpts(opts) {
   if (opts.lowS !== void 0)
     abool("lowS", opts.lowS);
@@ -1055,25 +1128,26 @@ function validatePointOpts(curve) {
     fromBytes: "function",
     toBytes: "function"
   });
-  const { endo, Fp: Fp2, a } = opts;
+  const { endo, Fp, a } = opts;
   if (endo) {
-    if (!Fp2.eql(a, Fp2.ZERO)) {
-      throw new Error("Endomorphism can only be defined for Koblitz curves that have a=0");
+    if (!Fp.eql(a, Fp.ZERO)) {
+      throw new Error("invalid endomorphism, can only be defined for Koblitz curves that have a=0");
     }
     if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
-      throw new Error("Expected endomorphism with beta: bigint and splitScalar: function");
+      throw new Error("invalid endomorphism, expected beta: bigint and splitScalar: function");
     }
   }
   return Object.freeze({ ...opts });
 }
 var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
+var DERErr = class extends Error {
+  constructor(m = "") {
+    super(m);
+  }
+};
 var DER = {
   // asn.1 DER encoding utils
-  Err: class DERErr extends Error {
-    constructor(m = "") {
-      super(m);
-    }
-  },
+  Err: DERErr,
   // Basic building block is TLV (Tag-Length-Value)
   _tlv: {
     encode: (tag, data) => {
@@ -1087,7 +1161,8 @@ var DER = {
       if (len.length / 2 & 128)
         throw new E("tlv.encode: long form length too big");
       const lenLen = dataLen > 127 ? numberToHexUnpadded(len.length / 2 | 128) : "";
-      return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`;
+      const t = numberToHexUnpadded(tag);
+      return t + lenLen + len + data;
     },
     // v - value, l - left bytes (unparsed)
     decode(tag, data) {
@@ -1138,34 +1213,36 @@ var DER = {
       if (Number.parseInt(hex[0], 16) & 8)
         hex = "00" + hex;
       if (hex.length & 1)
-        throw new E("unexpected assertion");
+        throw new E("unexpected DER parsing assertion: unpadded hex");
       return hex;
     },
     decode(data) {
       const { Err: E } = DER;
       if (data[0] & 128)
-        throw new E("Invalid signature integer: negative");
+        throw new E("invalid signature integer: negative");
       if (data[0] === 0 && !(data[1] & 128))
-        throw new E("Invalid signature integer: unnecessary leading zero");
+        throw new E("invalid signature integer: unnecessary leading zero");
       return b2n(data);
     }
   },
   toSig(hex) {
     const { Err: E, _int: int, _tlv: tlv } = DER;
     const data = typeof hex === "string" ? h2b(hex) : hex;
-    abytes(data);
+    abytes2(data);
     const { v: seqBytes, l: seqLeftBytes } = tlv.decode(48, data);
     if (seqLeftBytes.length)
-      throw new E("Invalid signature: left bytes after parsing");
+      throw new E("invalid signature: left bytes after parsing");
     const { v: rBytes, l: rLeftBytes } = tlv.decode(2, seqBytes);
     const { v: sBytes, l: sLeftBytes } = tlv.decode(2, rLeftBytes);
     if (sLeftBytes.length)
-      throw new E("Invalid signature: left bytes after parsing");
+      throw new E("invalid signature: left bytes after parsing");
     return { r: int.decode(rBytes), s: int.decode(sBytes) };
   },
   hexFromSig(sig) {
     const { _tlv: tlv, _int: int } = DER;
-    const seq = `${tlv.encode(2, int.encode(sig.r))}${tlv.encode(2, int.encode(sig.s))}`;
+    const rs = tlv.encode(2, int.encode(sig.r));
+    const ss = tlv.encode(2, int.encode(sig.s));
+    const seq = rs + ss;
     return tlv.encode(48, seq);
   }
 };
@@ -1176,25 +1253,25 @@ var _3n2 = BigInt(3);
 var _4n2 = BigInt(4);
 function weierstrassPoints(opts) {
   const CURVE = validatePointOpts(opts);
-  const { Fp: Fp2 } = CURVE;
+  const { Fp } = CURVE;
   const Fn = Field(CURVE.n, CURVE.nBitLength);
   const toBytes2 = CURVE.toBytes || ((_c, point, _isCompressed) => {
     const a = point.toAffine();
-    return concatBytes2(Uint8Array.from([4]), Fp2.toBytes(a.x), Fp2.toBytes(a.y));
+    return concatBytes2(Uint8Array.from([4]), Fp.toBytes(a.x), Fp.toBytes(a.y));
   });
-  const fromBytes = CURVE.fromBytes || ((bytes2) => {
-    const tail = bytes2.subarray(1);
-    const x = Fp2.fromBytes(tail.subarray(0, Fp2.BYTES));
-    const y = Fp2.fromBytes(tail.subarray(Fp2.BYTES, 2 * Fp2.BYTES));
+  const fromBytes = CURVE.fromBytes || ((bytes) => {
+    const tail = bytes.subarray(1);
+    const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
+    const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
     return { x, y };
   });
   function weierstrassEquation(x) {
     const { a, b } = CURVE;
-    const x2 = Fp2.sqr(x);
-    const x3 = Fp2.mul(x2, x);
-    return Fp2.add(Fp2.add(x3, Fp2.mul(x, a)), b);
+    const x2 = Fp.sqr(x);
+    const x3 = Fp.mul(x2, x);
+    return Fp.add(Fp.add(x3, Fp.mul(x, a)), b);
   }
-  if (!Fp2.eql(Fp2.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
+  if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
     throw new Error("bad generator point: equation left != right");
   function isWithinCurveOrder(num2) {
     return inRange(num2, _1n4, CURVE.n);
@@ -1205,14 +1282,14 @@ function weierstrassPoints(opts) {
       if (isBytes(key))
         key = bytesToHex(key);
       if (typeof key !== "string" || !lengths.includes(key.length))
-        throw new Error("Invalid key");
+        throw new Error("invalid private key");
       key = key.padStart(nByteLength * 2, "0");
     }
     let num2;
     try {
       num2 = typeof key === "bigint" ? key : bytesToNumberBE(ensureBytes("private key", key, nByteLength));
     } catch (error) {
-      throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
+      throw new Error("invalid private key, expected hex or " + nByteLength + " bytes, got " + typeof key);
     }
     if (wrapPrivateKey)
       num2 = mod(num2, N);
@@ -1225,32 +1302,32 @@ function weierstrassPoints(opts) {
   }
   const toAffineMemo = memoized((p, iz) => {
     const { px: x, py: y, pz: z } = p;
-    if (Fp2.eql(z, Fp2.ONE))
+    if (Fp.eql(z, Fp.ONE))
       return { x, y };
     const is0 = p.is0();
     if (iz == null)
-      iz = is0 ? Fp2.ONE : Fp2.inv(z);
-    const ax = Fp2.mul(x, iz);
-    const ay = Fp2.mul(y, iz);
-    const zz = Fp2.mul(z, iz);
+      iz = is0 ? Fp.ONE : Fp.inv(z);
+    const ax = Fp.mul(x, iz);
+    const ay = Fp.mul(y, iz);
+    const zz = Fp.mul(z, iz);
     if (is0)
-      return { x: Fp2.ZERO, y: Fp2.ZERO };
-    if (!Fp2.eql(zz, Fp2.ONE))
+      return { x: Fp.ZERO, y: Fp.ZERO };
+    if (!Fp.eql(zz, Fp.ONE))
       throw new Error("invZ was invalid");
     return { x: ax, y: ay };
   });
   const assertValidMemo = memoized((p) => {
     if (p.is0()) {
-      if (CURVE.allowInfinityPoint && !Fp2.is0(p.py))
+      if (CURVE.allowInfinityPoint && !Fp.is0(p.py))
         return;
       throw new Error("bad point: ZERO");
     }
     const { x, y } = p.toAffine();
-    if (!Fp2.isValid(x) || !Fp2.isValid(y))
+    if (!Fp.isValid(x) || !Fp.isValid(y))
       throw new Error("bad point: x or y not FE");
-    const left = Fp2.sqr(y);
+    const left = Fp.sqr(y);
     const right = weierstrassEquation(x);
-    if (!Fp2.eql(left, right))
+    if (!Fp.eql(left, right))
       throw new Error("bad point: equation left != right");
     if (!p.isTorsionFree())
       throw new Error("bad point: not in prime-order subgroup");
@@ -1261,11 +1338,11 @@ function weierstrassPoints(opts) {
       this.px = px;
       this.py = py;
       this.pz = pz;
-      if (px == null || !Fp2.isValid(px))
+      if (px == null || !Fp.isValid(px))
         throw new Error("x required");
-      if (py == null || !Fp2.isValid(py))
+      if (py == null || !Fp.isValid(py))
         throw new Error("y required");
-      if (pz == null || !Fp2.isValid(pz))
+      if (pz == null || !Fp.isValid(pz))
         throw new Error("z required");
       Object.freeze(this);
     }
@@ -1273,14 +1350,14 @@ function weierstrassPoints(opts) {
     // Use fromHex instead, or call assertValidity() later.
     static fromAffine(p) {
       const { x, y } = p || {};
-      if (!p || !Fp2.isValid(x) || !Fp2.isValid(y))
+      if (!p || !Fp.isValid(x) || !Fp.isValid(y))
         throw new Error("invalid affine point");
       if (p instanceof Point2)
         throw new Error("projective point not allowed");
-      const is0 = (i) => Fp2.eql(i, Fp2.ZERO);
+      const is0 = (i) => Fp.eql(i, Fp.ZERO);
       if (is0(x) && is0(y))
         return Point2.ZERO;
-      return new Point2(x, y, Fp2.ONE);
+      return new Point2(x, y, Fp.ONE);
     }
     get x() {
       return this.toAffine().x;
@@ -1295,7 +1372,7 @@ function weierstrassPoints(opts) {
      * Optimization: converts a list of projective points to a list of identical points with Z=1.
      */
     static normalizeZ(points) {
-      const toInv = Fp2.invertBatch(points.map((p) => p.pz));
+      const toInv = Fp.invertBatch(points.map((p) => p.pz));
       return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
     }
     /**
@@ -1325,8 +1402,8 @@ function weierstrassPoints(opts) {
     }
     hasEvenY() {
       const { y } = this.toAffine();
-      if (Fp2.isOdd)
-        return !Fp2.isOdd(y);
+      if (Fp.isOdd)
+        return !Fp.isOdd(y);
       throw new Error("Field doesn't support isOdd");
     }
     /**
@@ -1336,15 +1413,15 @@ function weierstrassPoints(opts) {
       assertPrjPoint(other);
       const { px: X1, py: Y1, pz: Z1 } = this;
       const { px: X2, py: Y2, pz: Z2 } = other;
-      const U1 = Fp2.eql(Fp2.mul(X1, Z2), Fp2.mul(X2, Z1));
-      const U2 = Fp2.eql(Fp2.mul(Y1, Z2), Fp2.mul(Y2, Z1));
+      const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));
+      const U2 = Fp.eql(Fp.mul(Y1, Z2), Fp.mul(Y2, Z1));
       return U1 && U2;
     }
     /**
      * Flips point to one corresponding to (x, -y) in Affine coordinates.
      */
     negate() {
-      return new Point2(this.px, Fp2.neg(this.py), this.pz);
+      return new Point2(this.px, Fp.neg(this.py), this.pz);
     }
     // Renes-Costello-Batina exception-free doubling formula.
     // There is 30% faster Jacobian formula, but it is not complete.
@@ -1352,40 +1429,40 @@ function weierstrassPoints(opts) {
     // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
     double() {
       const { a, b } = CURVE;
-      const b3 = Fp2.mul(b, _3n2);
+      const b3 = Fp.mul(b, _3n2);
       const { px: X1, py: Y1, pz: Z1 } = this;
-      let X3 = Fp2.ZERO, Y3 = Fp2.ZERO, Z3 = Fp2.ZERO;
-      let t0 = Fp2.mul(X1, X1);
-      let t1 = Fp2.mul(Y1, Y1);
-      let t2 = Fp2.mul(Z1, Z1);
-      let t3 = Fp2.mul(X1, Y1);
-      t3 = Fp2.add(t3, t3);
-      Z3 = Fp2.mul(X1, Z1);
-      Z3 = Fp2.add(Z3, Z3);
-      X3 = Fp2.mul(a, Z3);
-      Y3 = Fp2.mul(b3, t2);
-      Y3 = Fp2.add(X3, Y3);
-      X3 = Fp2.sub(t1, Y3);
-      Y3 = Fp2.add(t1, Y3);
-      Y3 = Fp2.mul(X3, Y3);
-      X3 = Fp2.mul(t3, X3);
-      Z3 = Fp2.mul(b3, Z3);
-      t2 = Fp2.mul(a, t2);
-      t3 = Fp2.sub(t0, t2);
-      t3 = Fp2.mul(a, t3);
-      t3 = Fp2.add(t3, Z3);
-      Z3 = Fp2.add(t0, t0);
-      t0 = Fp2.add(Z3, t0);
-      t0 = Fp2.add(t0, t2);
-      t0 = Fp2.mul(t0, t3);
-      Y3 = Fp2.add(Y3, t0);
-      t2 = Fp2.mul(Y1, Z1);
-      t2 = Fp2.add(t2, t2);
-      t0 = Fp2.mul(t2, t3);
-      X3 = Fp2.sub(X3, t0);
-      Z3 = Fp2.mul(t2, t1);
-      Z3 = Fp2.add(Z3, Z3);
-      Z3 = Fp2.add(Z3, Z3);
+      let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO;
+      let t0 = Fp.mul(X1, X1);
+      let t1 = Fp.mul(Y1, Y1);
+      let t2 = Fp.mul(Z1, Z1);
+      let t3 = Fp.mul(X1, Y1);
+      t3 = Fp.add(t3, t3);
+      Z3 = Fp.mul(X1, Z1);
+      Z3 = Fp.add(Z3, Z3);
+      X3 = Fp.mul(a, Z3);
+      Y3 = Fp.mul(b3, t2);
+      Y3 = Fp.add(X3, Y3);
+      X3 = Fp.sub(t1, Y3);
+      Y3 = Fp.add(t1, Y3);
+      Y3 = Fp.mul(X3, Y3);
+      X3 = Fp.mul(t3, X3);
+      Z3 = Fp.mul(b3, Z3);
+      t2 = Fp.mul(a, t2);
+      t3 = Fp.sub(t0, t2);
+      t3 = Fp.mul(a, t3);
+      t3 = Fp.add(t3, Z3);
+      Z3 = Fp.add(t0, t0);
+      t0 = Fp.add(Z3, t0);
+      t0 = Fp.add(t0, t2);
+      t0 = Fp.mul(t0, t3);
+      Y3 = Fp.add(Y3, t0);
+      t2 = Fp.mul(Y1, Z1);
+      t2 = Fp.add(t2, t2);
+      t0 = Fp.mul(t2, t3);
+      X3 = Fp.sub(X3, t0);
+      Z3 = Fp.mul(t2, t1);
+      Z3 = Fp.add(Z3, Z3);
+      Z3 = Fp.add(Z3, Z3);
       return new Point2(X3, Y3, Z3);
     }
     // Renes-Costello-Batina exception-free addition formula.
@@ -1396,49 +1473,49 @@ function weierstrassPoints(opts) {
       assertPrjPoint(other);
       const { px: X1, py: Y1, pz: Z1 } = this;
       const { px: X2, py: Y2, pz: Z2 } = other;
-      let X3 = Fp2.ZERO, Y3 = Fp2.ZERO, Z3 = Fp2.ZERO;
+      let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO;
       const a = CURVE.a;
-      const b3 = Fp2.mul(CURVE.b, _3n2);
-      let t0 = Fp2.mul(X1, X2);
-      let t1 = Fp2.mul(Y1, Y2);
-      let t2 = Fp2.mul(Z1, Z2);
-      let t3 = Fp2.add(X1, Y1);
-      let t4 = Fp2.add(X2, Y2);
-      t3 = Fp2.mul(t3, t4);
-      t4 = Fp2.add(t0, t1);
-      t3 = Fp2.sub(t3, t4);
-      t4 = Fp2.add(X1, Z1);
-      let t5 = Fp2.add(X2, Z2);
-      t4 = Fp2.mul(t4, t5);
-      t5 = Fp2.add(t0, t2);
-      t4 = Fp2.sub(t4, t5);
-      t5 = Fp2.add(Y1, Z1);
-      X3 = Fp2.add(Y2, Z2);
-      t5 = Fp2.mul(t5, X3);
-      X3 = Fp2.add(t1, t2);
-      t5 = Fp2.sub(t5, X3);
-      Z3 = Fp2.mul(a, t4);
-      X3 = Fp2.mul(b3, t2);
-      Z3 = Fp2.add(X3, Z3);
-      X3 = Fp2.sub(t1, Z3);
-      Z3 = Fp2.add(t1, Z3);
-      Y3 = Fp2.mul(X3, Z3);
-      t1 = Fp2.add(t0, t0);
-      t1 = Fp2.add(t1, t0);
-      t2 = Fp2.mul(a, t2);
-      t4 = Fp2.mul(b3, t4);
-      t1 = Fp2.add(t1, t2);
-      t2 = Fp2.sub(t0, t2);
-      t2 = Fp2.mul(a, t2);
-      t4 = Fp2.add(t4, t2);
-      t0 = Fp2.mul(t1, t4);
-      Y3 = Fp2.add(Y3, t0);
-      t0 = Fp2.mul(t5, t4);
-      X3 = Fp2.mul(t3, X3);
-      X3 = Fp2.sub(X3, t0);
-      t0 = Fp2.mul(t3, t1);
-      Z3 = Fp2.mul(t5, Z3);
-      Z3 = Fp2.add(Z3, t0);
+      const b3 = Fp.mul(CURVE.b, _3n2);
+      let t0 = Fp.mul(X1, X2);
+      let t1 = Fp.mul(Y1, Y2);
+      let t2 = Fp.mul(Z1, Z2);
+      let t3 = Fp.add(X1, Y1);
+      let t4 = Fp.add(X2, Y2);
+      t3 = Fp.mul(t3, t4);
+      t4 = Fp.add(t0, t1);
+      t3 = Fp.sub(t3, t4);
+      t4 = Fp.add(X1, Z1);
+      let t5 = Fp.add(X2, Z2);
+      t4 = Fp.mul(t4, t5);
+      t5 = Fp.add(t0, t2);
+      t4 = Fp.sub(t4, t5);
+      t5 = Fp.add(Y1, Z1);
+      X3 = Fp.add(Y2, Z2);
+      t5 = Fp.mul(t5, X3);
+      X3 = Fp.add(t1, t2);
+      t5 = Fp.sub(t5, X3);
+      Z3 = Fp.mul(a, t4);
+      X3 = Fp.mul(b3, t2);
+      Z3 = Fp.add(X3, Z3);
+      X3 = Fp.sub(t1, Z3);
+      Z3 = Fp.add(t1, Z3);
+      Y3 = Fp.mul(X3, Z3);
+      t1 = Fp.add(t0, t0);
+      t1 = Fp.add(t1, t0);
+      t2 = Fp.mul(a, t2);
+      t4 = Fp.mul(b3, t4);
+      t1 = Fp.add(t1, t2);
+      t2 = Fp.sub(t0, t2);
+      t2 = Fp.mul(a, t2);
+      t4 = Fp.add(t4, t2);
+      t0 = Fp.mul(t1, t4);
+      Y3 = Fp.add(Y3, t0);
+      t0 = Fp.mul(t5, t4);
+      X3 = Fp.mul(t3, X3);
+      X3 = Fp.sub(X3, t0);
+      t0 = Fp.mul(t3, t1);
+      Z3 = Fp.mul(t5, Z3);
+      Z3 = Fp.add(Z3, t0);
       return new Point2(X3, Y3, Z3);
     }
     subtract(other) {
@@ -1456,15 +1533,15 @@ function weierstrassPoints(opts) {
      * an exposed private key e.g. sig verification, which works over *public* keys.
      */
     multiplyUnsafe(sc) {
-      aInRange("scalar", sc, _0n4, CURVE.n);
+      const { endo, n: N } = CURVE;
+      aInRange("scalar", sc, _0n4, N);
       const I = Point2.ZERO;
       if (sc === _0n4)
         return I;
-      if (sc === _1n4)
+      if (this.is0() || sc === _1n4)
         return this;
-      const { endo } = CURVE;
-      if (!endo)
-        return wnaf.unsafeLadder(this, sc);
+      if (!endo || wnaf.hasPrecomputes(this))
+        return wnaf.wNAFCachedUnsafe(this, sc, Point2.normalizeZ);
       let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
       let k1p = I;
       let k2p = I;
@@ -1482,7 +1559,7 @@ function weierstrassPoints(opts) {
         k1p = k1p.negate();
       if (k2neg)
         k2p = k2p.negate();
-      k2p = new Point2(Fp2.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
+      k2p = new Point2(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
       return k1p.add(k2p);
     }
     /**
@@ -1504,7 +1581,7 @@ function weierstrassPoints(opts) {
         let { p: k2p, f: f2p } = this.wNAF(k2);
         k1p = wnaf.constTimeNegate(k1neg, k1p);
         k2p = wnaf.constTimeNegate(k2neg, k2p);
-        k2p = new Point2(Fp2.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
+        k2p = new Point2(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
         point = k1p.add(k2p);
         fake = f1p.add(f2p);
       } else {
@@ -1558,8 +1635,8 @@ function weierstrassPoints(opts) {
       return bytesToHex(this.toRawBytes(isCompressed));
     }
   }
-  Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp2.ONE);
-  Point2.ZERO = new Point2(Fp2.ZERO, Fp2.ONE, Fp2.ZERO);
+  Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp.ONE);
+  Point2.ZERO = new Point2(Fp.ZERO, Fp.ONE, Fp.ZERO);
   const _bits = CURVE.nBitLength;
   const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
   return {
@@ -1585,9 +1662,9 @@ function validateOpts(curve) {
 }
 function weierstrass(curveDef) {
   const CURVE = validateOpts(curveDef);
-  const { Fp: Fp2, n: CURVE_ORDER } = CURVE;
-  const compressedLen = Fp2.BYTES + 1;
-  const uncompressedLen = 2 * Fp2.BYTES + 1;
+  const { Fp, n: CURVE_ORDER } = CURVE;
+  const compressedLen = Fp.BYTES + 1;
+  const uncompressedLen = 2 * Fp.BYTES + 1;
   function modN2(a) {
     return mod(a, CURVE_ORDER);
   }
@@ -1598,27 +1675,27 @@ function weierstrass(curveDef) {
     ...CURVE,
     toBytes(_c, point, isCompressed) {
       const a = point.toAffine();
-      const x = Fp2.toBytes(a.x);
+      const x = Fp.toBytes(a.x);
       const cat = concatBytes2;
       abool("isCompressed", isCompressed);
       if (isCompressed) {
         return cat(Uint8Array.from([point.hasEvenY() ? 2 : 3]), x);
       } else {
-        return cat(Uint8Array.from([4]), x, Fp2.toBytes(a.y));
+        return cat(Uint8Array.from([4]), x, Fp.toBytes(a.y));
       }
     },
-    fromBytes(bytes2) {
-      const len = bytes2.length;
-      const head = bytes2[0];
-      const tail = bytes2.subarray(1);
+    fromBytes(bytes) {
+      const len = bytes.length;
+      const head = bytes[0];
+      const tail = bytes.subarray(1);
       if (len === compressedLen && (head === 2 || head === 3)) {
         const x = bytesToNumberBE(tail);
-        if (!inRange(x, _1n4, Fp2.ORDER))
+        if (!inRange(x, _1n4, Fp.ORDER))
           throw new Error("Point is not on curve");
         const y2 = weierstrassEquation(x);
         let y;
         try {
-          y = Fp2.sqrt(y2);
+          y = Fp.sqrt(y2);
         } catch (sqrtError) {
           const suffix = sqrtError instanceof Error ? ": " + sqrtError.message : "";
           throw new Error("Point is not on curve" + suffix);
@@ -1626,14 +1703,16 @@ function weierstrass(curveDef) {
         const isYOdd = (y & _1n4) === _1n4;
         const isHeadOdd = (head & 1) === 1;
         if (isHeadOdd !== isYOdd)
-          y = Fp2.neg(y);
+          y = Fp.neg(y);
         return { x, y };
       } else if (len === uncompressedLen && head === 4) {
-        const x = Fp2.fromBytes(tail.subarray(0, Fp2.BYTES));
-        const y = Fp2.fromBytes(tail.subarray(Fp2.BYTES, 2 * Fp2.BYTES));
+        const x = Fp.fromBytes(tail.subarray(0, Fp.BYTES));
+        const y = Fp.fromBytes(tail.subarray(Fp.BYTES, 2 * Fp.BYTES));
         return { x, y };
       } else {
-        throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
+        const cl = compressedLen;
+        const ul = uncompressedLen;
+        throw new Error("invalid Point, expected length of " + cl + ", or uncompressed " + ul + ", got " + len);
       }
     }
   });
@@ -1678,7 +1757,7 @@ function weierstrass(curveDef) {
       if (rec == null || ![0, 1, 2, 3].includes(rec))
         throw new Error("recovery id invalid");
       const radj = rec === 2 || rec === 3 ? r + CURVE.n : r;
-      if (radj >= Fp2.ORDER)
+      if (radj >= Fp.ORDER)
         throw new Error("recovery id 2 or 3 invalid");
       const prefix = (rec & 1) === 0 ? "02" : "03";
       const R = Point2.fromHex(prefix + numToNByteStr(radj));
@@ -1768,35 +1847,37 @@ function weierstrass(curveDef) {
     const b = Point2.fromHex(publicB);
     return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
   }
-  const bits2int = CURVE.bits2int || function(bytes2) {
-    const num2 = bytesToNumberBE(bytes2);
-    const delta = bytes2.length * 8 - CURVE.nBitLength;
+  const bits2int = CURVE.bits2int || function(bytes) {
+    if (bytes.length > 8192)
+      throw new Error("input is too large");
+    const num2 = bytesToNumberBE(bytes);
+    const delta = bytes.length * 8 - CURVE.nBitLength;
     return delta > 0 ? num2 >> BigInt(delta) : num2;
   };
-  const bits2int_modN = CURVE.bits2int_modN || function(bytes2) {
-    return modN2(bits2int(bytes2));
+  const bits2int_modN = CURVE.bits2int_modN || function(bytes) {
+    return modN2(bits2int(bytes));
   };
   const ORDER_MASK = bitMask(CURVE.nBitLength);
   function int2octets(num2) {
-    aInRange(`num < 2^${CURVE.nBitLength}`, num2, _0n4, ORDER_MASK);
+    aInRange("num < 2^" + CURVE.nBitLength, num2, _0n4, ORDER_MASK);
     return numberToBytesBE(num2, CURVE.nByteLength);
   }
   function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
     if (["recovered", "canonical"].some((k) => k in opts))
       throw new Error("sign() legacy options not supported");
-    const { hash: hash2, randomBytes: randomBytes2 } = CURVE;
+    const { hash, randomBytes: randomBytes2 } = CURVE;
     let { lowS, prehash, extraEntropy: ent } = opts;
     if (lowS == null)
       lowS = true;
     msgHash = ensureBytes("msgHash", msgHash);
     validateSigVerOpts(opts);
     if (prehash)
-      msgHash = ensureBytes("prehashed msgHash", hash2(msgHash));
+      msgHash = ensureBytes("prehashed msgHash", hash(msgHash));
     const h1int = bits2int_modN(msgHash);
     const d = normPrivateKeyToScalar(privateKey);
     const seedArgs = [int2octets(d), int2octets(h1int)];
     if (ent != null && ent !== false) {
-      const e = ent === true ? randomBytes2(Fp2.BYTES) : ent;
+      const e = ent === true ? randomBytes2(Fp.BYTES) : ent;
       seedArgs.push(ensureBytes("extraEntropy", e));
     }
     const seed = concatBytes2(...seedArgs);
@@ -1836,33 +1917,38 @@ function weierstrass(curveDef) {
     const sg = signature;
     msgHash = ensureBytes("msgHash", msgHash);
     publicKey = ensureBytes("publicKey", publicKey);
+    const { lowS, prehash, format } = opts;
+    validateSigVerOpts(opts);
     if ("strict" in opts)
       throw new Error("options.strict was renamed to lowS");
-    validateSigVerOpts(opts);
-    const { lowS, prehash } = opts;
+    if (format !== void 0 && format !== "compact" && format !== "der")
+      throw new Error("format must be compact or der");
+    const isHex = typeof sg === "string" || isBytes(sg);
+    const isObj = !isHex && !format && typeof sg === "object" && sg !== null && typeof sg.r === "bigint" && typeof sg.s === "bigint";
+    if (!isHex && !isObj)
+      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
     let _sig = void 0;
     let P;
     try {
-      if (typeof sg === "string" || isBytes(sg)) {
+      if (isObj)
+        _sig = new Signature(sg.r, sg.s);
+      if (isHex) {
         try {
-          _sig = Signature.fromDER(sg);
+          if (format !== "compact")
+            _sig = Signature.fromDER(sg);
         } catch (derError) {
           if (!(derError instanceof DER.Err))
             throw derError;
-          _sig = Signature.fromCompact(sg);
         }
-      } else if (typeof sg === "object" && typeof sg.r === "bigint" && typeof sg.s === "bigint") {
-        const { r: r2, s: s2 } = sg;
-        _sig = new Signature(r2, s2);
-      } else {
-        throw new Error("PARSE");
+        if (!_sig && format !== "der")
+          _sig = Signature.fromCompact(sg);
       }
       P = Point2.fromHex(publicKey);
     } catch (error) {
-      if (error.message === "PARSE")
-        throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
       return false;
     }
+    if (!_sig)
+      return false;
     if (lowS && _sig.hasHighS())
       return false;
     if (prehash)
@@ -1889,8 +1975,8 @@ function weierstrass(curveDef) {
     utils
   };
 }
-function SWUFpSqrtRatio(Fp2, Z) {
-  const q = Fp2.ORDER;
+function SWUFpSqrtRatio(Fp, Z) {
+  const q = Fp.ORDER;
   let l = _0n4;
   for (let o = q - _1n4; o % _2n3 === _0n4; o /= _2n3)
     l += _1n4;
@@ -1901,115 +1987,114 @@ function SWUFpSqrtRatio(Fp2, Z) {
   const c3 = (c2 - _1n4) / _2n3;
   const c4 = _2n_pow_c1 - _1n4;
   const c5 = _2n_pow_c1_1;
-  const c6 = Fp2.pow(Z, c2);
-  const c7 = Fp2.pow(Z, (c2 + _1n4) / _2n3);
+  const c6 = Fp.pow(Z, c2);
+  const c7 = Fp.pow(Z, (c2 + _1n4) / _2n3);
   let sqrtRatio = (u, v) => {
     let tv1 = c6;
-    let tv2 = Fp2.pow(v, c4);
-    let tv3 = Fp2.sqr(tv2);
-    tv3 = Fp2.mul(tv3, v);
-    let tv5 = Fp2.mul(u, tv3);
-    tv5 = Fp2.pow(tv5, c3);
-    tv5 = Fp2.mul(tv5, tv2);
-    tv2 = Fp2.mul(tv5, v);
-    tv3 = Fp2.mul(tv5, u);
-    let tv4 = Fp2.mul(tv3, tv2);
-    tv5 = Fp2.pow(tv4, c5);
-    let isQR = Fp2.eql(tv5, Fp2.ONE);
-    tv2 = Fp2.mul(tv3, c7);
-    tv5 = Fp2.mul(tv4, tv1);
-    tv3 = Fp2.cmov(tv2, tv3, isQR);
-    tv4 = Fp2.cmov(tv5, tv4, isQR);
+    let tv2 = Fp.pow(v, c4);
+    let tv3 = Fp.sqr(tv2);
+    tv3 = Fp.mul(tv3, v);
+    let tv5 = Fp.mul(u, tv3);
+    tv5 = Fp.pow(tv5, c3);
+    tv5 = Fp.mul(tv5, tv2);
+    tv2 = Fp.mul(tv5, v);
+    tv3 = Fp.mul(tv5, u);
+    let tv4 = Fp.mul(tv3, tv2);
+    tv5 = Fp.pow(tv4, c5);
+    let isQR = Fp.eql(tv5, Fp.ONE);
+    tv2 = Fp.mul(tv3, c7);
+    tv5 = Fp.mul(tv4, tv1);
+    tv3 = Fp.cmov(tv2, tv3, isQR);
+    tv4 = Fp.cmov(tv5, tv4, isQR);
     for (let i = c1; i > _1n4; i--) {
       let tv52 = i - _2n3;
       tv52 = _2n3 << tv52 - _1n4;
-      let tvv5 = Fp2.pow(tv4, tv52);
-      const e1 = Fp2.eql(tvv5, Fp2.ONE);
-      tv2 = Fp2.mul(tv3, tv1);
-      tv1 = Fp2.mul(tv1, tv1);
-      tvv5 = Fp2.mul(tv4, tv1);
-      tv3 = Fp2.cmov(tv2, tv3, e1);
-      tv4 = Fp2.cmov(tvv5, tv4, e1);
+      let tvv5 = Fp.pow(tv4, tv52);
+      const e1 = Fp.eql(tvv5, Fp.ONE);
+      tv2 = Fp.mul(tv3, tv1);
+      tv1 = Fp.mul(tv1, tv1);
+      tvv5 = Fp.mul(tv4, tv1);
+      tv3 = Fp.cmov(tv2, tv3, e1);
+      tv4 = Fp.cmov(tvv5, tv4, e1);
     }
     return { isValid: isQR, value: tv3 };
   };
-  if (Fp2.ORDER % _4n2 === _3n2) {
-    const c12 = (Fp2.ORDER - _3n2) / _4n2;
-    const c22 = Fp2.sqrt(Fp2.neg(Z));
+  if (Fp.ORDER % _4n2 === _3n2) {
+    const c12 = (Fp.ORDER - _3n2) / _4n2;
+    const c22 = Fp.sqrt(Fp.neg(Z));
     sqrtRatio = (u, v) => {
-      let tv1 = Fp2.sqr(v);
-      const tv2 = Fp2.mul(u, v);
-      tv1 = Fp2.mul(tv1, tv2);
-      let y1 = Fp2.pow(tv1, c12);
-      y1 = Fp2.mul(y1, tv2);
-      const y2 = Fp2.mul(y1, c22);
-      const tv3 = Fp2.mul(Fp2.sqr(y1), v);
-      const isQR = Fp2.eql(tv3, u);
-      let y = Fp2.cmov(y2, y1, isQR);
+      let tv1 = Fp.sqr(v);
+      const tv2 = Fp.mul(u, v);
+      tv1 = Fp.mul(tv1, tv2);
+      let y1 = Fp.pow(tv1, c12);
+      y1 = Fp.mul(y1, tv2);
+      const y2 = Fp.mul(y1, c22);
+      const tv3 = Fp.mul(Fp.sqr(y1), v);
+      const isQR = Fp.eql(tv3, u);
+      let y = Fp.cmov(y2, y1, isQR);
       return { isValid: isQR, value: y };
     };
   }
   return sqrtRatio;
 }
-function mapToCurveSimpleSWU(Fp2, opts) {
-  validateField(Fp2);
-  if (!Fp2.isValid(opts.A) || !Fp2.isValid(opts.B) || !Fp2.isValid(opts.Z))
+function mapToCurveSimpleSWU(Fp, opts) {
+  validateField(Fp);
+  if (!Fp.isValid(opts.A) || !Fp.isValid(opts.B) || !Fp.isValid(opts.Z))
     throw new Error("mapToCurveSimpleSWU: invalid opts");
-  const sqrtRatio = SWUFpSqrtRatio(Fp2, opts.Z);
-  if (!Fp2.isOdd)
+  const sqrtRatio = SWUFpSqrtRatio(Fp, opts.Z);
+  if (!Fp.isOdd)
     throw new Error("Fp.isOdd is not implemented!");
   return (u) => {
     let tv1, tv2, tv3, tv4, tv5, tv6, x, y;
-    tv1 = Fp2.sqr(u);
-    tv1 = Fp2.mul(tv1, opts.Z);
-    tv2 = Fp2.sqr(tv1);
-    tv2 = Fp2.add(tv2, tv1);
-    tv3 = Fp2.add(tv2, Fp2.ONE);
-    tv3 = Fp2.mul(tv3, opts.B);
-    tv4 = Fp2.cmov(opts.Z, Fp2.neg(tv2), !Fp2.eql(tv2, Fp2.ZERO));
-    tv4 = Fp2.mul(tv4, opts.A);
-    tv2 = Fp2.sqr(tv3);
-    tv6 = Fp2.sqr(tv4);
-    tv5 = Fp2.mul(tv6, opts.A);
-    tv2 = Fp2.add(tv2, tv5);
-    tv2 = Fp2.mul(tv2, tv3);
-    tv6 = Fp2.mul(tv6, tv4);
-    tv5 = Fp2.mul(tv6, opts.B);
-    tv2 = Fp2.add(tv2, tv5);
-    x = Fp2.mul(tv1, tv3);
+    tv1 = Fp.sqr(u);
+    tv1 = Fp.mul(tv1, opts.Z);
+    tv2 = Fp.sqr(tv1);
+    tv2 = Fp.add(tv2, tv1);
+    tv3 = Fp.add(tv2, Fp.ONE);
+    tv3 = Fp.mul(tv3, opts.B);
+    tv4 = Fp.cmov(opts.Z, Fp.neg(tv2), !Fp.eql(tv2, Fp.ZERO));
+    tv4 = Fp.mul(tv4, opts.A);
+    tv2 = Fp.sqr(tv3);
+    tv6 = Fp.sqr(tv4);
+    tv5 = Fp.mul(tv6, opts.A);
+    tv2 = Fp.add(tv2, tv5);
+    tv2 = Fp.mul(tv2, tv3);
+    tv6 = Fp.mul(tv6, tv4);
+    tv5 = Fp.mul(tv6, opts.B);
+    tv2 = Fp.add(tv2, tv5);
+    x = Fp.mul(tv1, tv3);
     const { isValid, value } = sqrtRatio(tv2, tv6);
-    y = Fp2.mul(tv1, u);
-    y = Fp2.mul(y, value);
-    x = Fp2.cmov(x, tv3, isValid);
-    y = Fp2.cmov(y, value, isValid);
-    const e1 = Fp2.isOdd(u) === Fp2.isOdd(y);
-    y = Fp2.cmov(Fp2.neg(y), y, e1);
-    x = Fp2.div(x, tv4);
+    y = Fp.mul(tv1, u);
+    y = Fp.mul(y, value);
+    x = Fp.cmov(x, tv3, isValid);
+    y = Fp.cmov(y, value, isValid);
+    const e1 = Fp.isOdd(u) === Fp.isOdd(y);
+    y = Fp.cmov(Fp.neg(y), y, e1);
+    x = Fp.div(x, tv4);
     return { x, y };
   };
 }
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/_shortw_utils.js
-function getHash(hash2) {
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/_shortw_utils.js
+function getHash(hash) {
   return {
-    hash: hash2,
-    hmac: (key, ...msgs) => hmac(hash2, key, concatBytes(...msgs)),
+    hash,
+    hmac: (key, ...msgs) => hmac(hash, key, concatBytes(...msgs)),
     randomBytes
   };
 }
 function createCurve(curveDef, defHash) {
-  const create = (hash2) => weierstrass({ ...curveDef, ...getHash(hash2) });
-  return Object.freeze({ ...create(defHash), create });
+  const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
+  return { ...create(defHash), create };
 }
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/abstract/hash-to-curve.js
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/abstract/hash-to-curve.js
 var os2ip = bytesToNumberBE;
 function i2osp(value, length) {
   anum(value);
   anum(length);
-  if (value < 0 || value >= 1 << 8 * length) {
-    throw new Error(`bad I2OSP call: value=${value} length=${length}`);
-  }
+  if (value < 0 || value >= 1 << 8 * length)
+    throw new Error("invalid I2OSP input: " + value);
   const res = Array.from({ length }).fill(0);
   for (let i = length - 1; i >= 0; i--) {
     res[i] = value & 255;
@@ -2029,8 +2114,8 @@ function anum(item) {
     throw new Error("number expected");
 }
 function expand_message_xmd(msg, DST, lenInBytes, H) {
-  abytes(msg);
-  abytes(DST);
+  abytes2(msg);
+  abytes2(DST);
   anum(lenInBytes);
   if (DST.length > 255)
     DST = H(concatBytes2(utf8ToBytes("H2C-OVERSIZE-DST-"), DST));
@@ -2052,8 +2137,8 @@ function expand_message_xmd(msg, DST, lenInBytes, H) {
   return pseudo_random_bytes.slice(0, lenInBytes);
 }
 function expand_message_xof(msg, DST, lenInBytes, k, H) {
-  abytes(msg);
-  abytes(DST);
+  abytes2(msg);
+  abytes2(DST);
   anum(lenInBytes);
   if (DST.length > 255) {
     const dkLen = Math.ceil(2 * k / 8);
@@ -2071,8 +2156,8 @@ function hash_to_field(msg, count, options) {
     k: "isSafeInteger",
     hash: "hash"
   });
-  const { p, k, m, hash: hash2, expand, DST: _DST } = options;
-  abytes(msg);
+  const { p, k, m, hash, expand, DST: _DST } = options;
+  abytes2(msg);
   anum(count);
   const DST = typeof _DST === "string" ? utf8ToBytes(_DST) : _DST;
   const log2p = p.toString(2).length;
@@ -2080,9 +2165,9 @@ function hash_to_field(msg, count, options) {
   const len_in_bytes = count * m * L;
   let prb;
   if (expand === "xmd") {
-    prb = expand_message_xmd(msg, DST, len_in_bytes, hash2);
+    prb = expand_message_xmd(msg, DST, len_in_bytes, hash);
   } else if (expand === "xof") {
-    prb = expand_message_xof(msg, DST, len_in_bytes, k, hash2);
+    prb = expand_message_xof(msg, DST, len_in_bytes, k, hash);
   } else if (expand === "_internal_pass") {
     prb = msg;
   } else {
@@ -2137,7 +2222,7 @@ function createHasher(Point2, mapToCurve, def) {
         throw new Error("mapToCurve: expected array of bigints");
       for (const i of scalars)
         if (typeof i !== "bigint")
-          throw new Error(`mapToCurve: expected array of bigints, got ${i} in array`);
+          throw new Error("mapToCurve: expected array of bigints");
       const P = Point2.fromAffine(mapToCurve(scalars)).clearCofactor();
       P.assertValidity();
       return P;
@@ -2145,7 +2230,7 @@ function createHasher(Point2, mapToCurve, def) {
   };
 }
-// ../../node_modules/.pnpm/@noble+curves@1.6.0/node_modules/@noble/curves/esm/secp256k1.js
+// ../../node_modules/.pnpm/@noble+curves@1.8.1/node_modules/@noble/curves/esm/secp256k1.js
 var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
 var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
 var _1n5 = BigInt(1);
@@ -2169,17 +2254,16 @@ function sqrtMod(y) {
   const t1 = pow2(b223, _23n, P) * b22 % P;
   const t2 = pow2(t1, _6n, P) * b2 % P;
   const root = pow2(t2, _2n4, P);
-  if (!Fp.eql(Fp.sqr(root), y))
+  if (!Fpk1.eql(Fpk1.sqr(root), y))
     throw new Error("Cannot find square root");
   return root;
 }
-var Fp = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
+var Fpk1 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
 var secp256k1 = createCurve({
   a: BigInt(0),
   // equation params: a, b
   b: BigInt(7),
-  // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
-  Fp,
+  Fp: Fpk1,
   // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
   n: secp256k1N,
   // Curve order, total count of valid points in the field
@@ -2190,13 +2274,8 @@ var secp256k1 = createCurve({
   // Cofactor
   lowS: true,
   // Allow only low-S signatures by default in sign() and verify()
-  /**
-   * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
-   * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
-   * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
-   * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
-   */
   endo: {
+    // Endomorphism, see above
     beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
     splitScalar: (k) => {
       const n = secp256k1N;
@@ -2316,7 +2395,7 @@ var schnorr = /* @__PURE__ */ (() => ({
     mod
   }
 }))();
-var isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [
+var isoMap = /* @__PURE__ */ (() => isogenyMap(Fpk1, [
   // xNum
   [
     "0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7",
@@ -2347,18 +2426,18 @@ var isoMap = /* @__PURE__ */ (() => isogenyMap(Fp, [
     // LAST 1
   ]
 ].map((i) => i.map((j) => BigInt(j)))))();
-var mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fp, {
+var mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fpk1, {
   A: BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),
   B: BigInt("1771"),
-  Z: Fp.create(BigInt("-11"))
+  Z: Fpk1.create(BigInt("-11"))
 }))();
 var htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {
-  const { x, y } = mapSWU(Fp.create(scalars[0]));
+  const { x, y } = mapSWU(Fpk1.create(scalars[0]));
   return isoMap(x, y);
 }, {
   DST: "secp256k1_XMD:SHA-256_SSWU_RO_",
   encodeDST: "secp256k1_XMD:SHA-256_SSWU_NU_",
-  p: Fp.ORDER,
+  p: Fpk1.ORDER,
   m: 1,
   k: 128,
   expand: "xmd",
@@ -2392,4 +2471,4 @@ export {
 @noble/curves/esm/secp256k1.js:
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
-//# sourceMappingURL=secp256k1-XVT662DN.js.map
+//# sourceMappingURL=secp256k1-QT34R5PW.js.map