npm - @neuraiproject/neurai-depin-msg - Versions diffs - 1.0.0 → 2.0.0 - Mend

@neuraiproject/neurai-depin-msg 1.0.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +15 -6
package/dist/neurai-depin-msg.js +179 -18
package/dist/neurai-depin-msg.min.js +1 -1
package/package.json +1 -1
package/src/index.js +254 -16

package/README.md CHANGED Viewed

@@ -105,6 +105,15 @@ Builds a complete serialized `CDepinMessage` (as hex) suitable for `depinsubmitm
 | `message` | `string` | yes | Plaintext message (UTF-8) |
 | `recipientPubKeys` | `string[]` | yes | Recipient compressed pubkeys as hex (66 chars each). The sender pubkey is automatically added if missing so you can decrypt your own messages. |
+### `neuraiDepinMsg.decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipientPrivateKey)`
+Decrypts the `encrypted_payload_hex` returned by Neurai Core RPC `depinreceivemsg`.
+- `encryptedPayloadHex`: hex string for the serialized `CECIESEncryptedMessage`.
+- `recipientPrivateKey`: recipient private key as WIF or 64-hex.
+Returns `string | null` (it returns `null` if the message is not for that key or authentication fails).
 Notes:
 - Public keys must be **compressed** (start with `02` or `03`).
 - This library does not discover recipients for a token; it only encrypts for the pubkeys you provide.
@@ -121,18 +130,18 @@ Notes:
 ## How it works (Core-compatible)
-### Encryption (Hybrid ECIES)
+### Encryption (Hybrid ECIES with AES-256-GCM)
-This matches Neurai Core's `CECIESEncryptedMessage` format:
+This matches Neurai Core's `CECIESEncryptedMessage` format (v2.0+):
 - Ephemeral keypair is generated per message.
 - Message encryption:
-  - AES-256-CBC encrypts plaintext with a derived AES key.
-  - Payload is stored as `[IV(16) || ciphertext || HMAC-SHA256(aesKey, ciphertext)]`.
+  - AES-256-GCM encrypts plaintext with a derived AES key (no padding).
+  - Payload is stored as `[Nonce(12) || ciphertext || AuthTag(16)]`.
 - Per-recipient key wrapping:
   - ECDH derives a shared secret from ephemeral privkey + recipient pubkey.
-  - A per-recipient `encKey` is derived and used to AES-CBC encrypt the 32-byte AES key.
-  - Recipient package is `[recipientIV(16) || encryptedAESKey || HMAC-SHA256(encKey, encryptedAESKey)]`.
+  - A per-recipient `encKey` is derived and used to AES-256-GCM encrypt the 32-byte AES key.
+  - Recipient package is `[Nonce(12) || encryptedAESKey(32) || AuthTag(16)]` (60 bytes).
 ### Serialization

package/dist/neurai-depin-msg.js CHANGED Viewed

@@ -4223,6 +4223,7 @@ var neuraiDepinMsg = (() => {
     base58Decode: () => base58Decode,
     buildDepinMessage: () => buildDepinMessage,
     bytesToHex: () => bytesToHex,
+    decryptDepinReceiveEncryptedPayload: () => decryptDepinReceiveEncryptedPayload,
     doubleSha256: () => doubleSha256,
     hash160: () => hash160,
     hexToBytes: () => hexToBytes,
@@ -4310,6 +4311,83 @@ var neuraiDepinMsg = (() => {
   function bytesToHex(bytes) {
     return Array.from(bytes).map((b) => b.toString(16).padStart(2, "0")).join("");
   }
+  function normalizeHex(hex) {
+    if (typeof hex !== "string")
+      return null;
+    const trimmed = hex.trim().toLowerCase();
+    const noPrefix = trimmed.startsWith("0x") ? trimmed.slice(2) : trimmed;
+    if (noPrefix.length === 0)
+      return null;
+    if (!/^[0-9a-f]+$/.test(noPrefix))
+      return null;
+    if (noPrefix.length % 2 !== 0)
+      return null;
+    return noPrefix;
+  }
+  function readCompactSize(buf, offset) {
+    if (offset >= buf.length)
+      throw new Error("CompactSize: out of bounds");
+    const first = buf[offset];
+    if (first < 253)
+      return { value: first, offset: offset + 1 };
+    if (first === 253) {
+      if (offset + 3 > buf.length)
+        throw new Error("CompactSize: truncated uint16");
+      const value2 = buf[offset + 1] | buf[offset + 2] << 8;
+      return { value: value2, offset: offset + 3 };
+    }
+    if (first === 254) {
+      if (offset + 5 > buf.length)
+        throw new Error("CompactSize: truncated uint32");
+      const value2 = buf[offset + 1] | buf[offset + 2] << 8 | buf[offset + 3] << 16 | buf[offset + 4] << 24;
+      return { value: value2 >>> 0, offset: offset + 5 };
+    }
+    if (offset + 9 > buf.length)
+      throw new Error("CompactSize: truncated uint64");
+    let value = 0n;
+    for (let i = 0; i < 8; i++) {
+      value |= BigInt(buf[offset + 1 + i]) << 8n * BigInt(i);
+    }
+    if (value > BigInt(Number.MAX_SAFE_INTEGER)) {
+      throw new Error("CompactSize: value too large");
+    }
+    return { value: Number(value), offset: offset + 9 };
+  }
+  function readVector(buf, offset) {
+    const { value: len, offset: afterLen } = readCompactSize(buf, offset);
+    if (afterLen + len > buf.length)
+      throw new Error("Vector: truncated");
+    const data = buf.slice(afterLen, afterLen + len);
+    return { data, offset: afterLen + len };
+  }
+  function deserializeEciesMessage(serialized) {
+    if (!(serialized instanceof Uint8Array))
+      throw new Error("deserializeEciesMessage: invalid input");
+    let offset = 0;
+    const ephem = readVector(serialized, offset);
+    const ephemeralPubKey = ephem.data;
+    offset = ephem.offset;
+    if (ephemeralPubKey.length !== 33 && ephemeralPubKey.length !== 65) {
+      throw new Error("Invalid ephemeral pubkey length: " + ephemeralPubKey.length);
+    }
+    const payloadVec = readVector(serialized, offset);
+    const encryptedPayload = payloadVec.data;
+    offset = payloadVec.offset;
+    const countRes = readCompactSize(serialized, offset);
+    const count = countRes.value;
+    offset = countRes.offset;
+    const recipientKeys = /* @__PURE__ */ new Map();
+    for (let i = 0; i < count; i++) {
+      if (offset + 20 > serialized.length)
+        throw new Error("recipientKeys: truncated keyid");
+      const keyId = serialized.slice(offset, offset + 20);
+      offset += 20;
+      const v = readVector(serialized, offset);
+      offset = v.offset;
+      recipientKeys.set(bytesToHex(keyId), v.data);
+    }
+    return { ephemeralPubKey, encryptedPayload, recipientKeys };
+  }
   function encodeDER(signature) {
     if (signature.length !== 64) {
       throw new Error("Raw signature must be 64 bytes");
@@ -4499,31 +4577,115 @@ var neuraiDepinMsg = (() => {
     crypto.getRandomValues(bytes);
     return bytes;
   }
-  async function aes256CbcEncrypt(plaintext, key, iv) {
+  async function aes256GcmEncrypt(plaintext, key, nonce) {
+    if (key.length !== 32)
+      throw new Error("Key must be 32 bytes");
+    if (nonce.length !== 12)
+      throw new Error("Nonce must be 12 bytes");
     const cryptoKey = await crypto.subtle.importKey(
       "raw",
       key,
-      { name: "AES-CBC" },
+      { name: "AES-GCM" },
       false,
       ["encrypt"]
     );
-    const ciphertext = await crypto.subtle.encrypt(
-      { name: "AES-CBC", iv },
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv: nonce, tagLength: 128 },
       cryptoKey,
       plaintext
     );
-    return new Uint8Array(ciphertext);
+    const encryptedArray = new Uint8Array(encrypted);
+    const ciphertext = encryptedArray.slice(0, -16);
+    const tag = encryptedArray.slice(-16);
+    return { ciphertext, tag };
   }
-  async function hmacSha256(key, data) {
+  async function aes256GcmDecrypt(ciphertext, key, nonce, tag) {
+    if (key.length !== 32)
+      throw new Error("Key must be 32 bytes");
+    if (nonce.length !== 12)
+      throw new Error("Nonce must be 12 bytes");
+    if (tag.length !== 16)
+      throw new Error("Tag must be 16 bytes");
     const cryptoKey = await crypto.subtle.importKey(
       "raw",
       key,
-      { name: "HMAC", hash: { name: "SHA-256" } },
+      { name: "AES-GCM" },
       false,
-      ["sign"]
+      ["decrypt"]
     );
-    const mac = await crypto.subtle.sign("HMAC", cryptoKey, data);
-    return new Uint8Array(mac);
+    const combined = concatBytes(ciphertext, tag);
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv: nonce, tagLength: 128 },
+      cryptoKey,
+      combined
+    );
+    return new Uint8Array(decrypted);
+  }
+  async function normalizePrivateKeyTo32Bytes(wifOrHex) {
+    if (typeof wifOrHex !== "string" || wifOrHex.length === 0) {
+      throw new Error("Private key is required");
+    }
+    if (isWIF(wifOrHex)) {
+      const hex = await wifToHex(wifOrHex);
+      return hexToBytes(hex);
+    }
+    const norm = normalizeHex(wifOrHex);
+    if (!norm)
+      throw new Error("Private key must be WIF or 64-hex");
+    if (norm.length !== 64)
+      throw new Error("Private key must be 32 bytes (64 hex chars)");
+    return hexToBytes(norm);
+  }
+  async function decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipientPrivateKey) {
+    if (!globalThis.crypto?.subtle) {
+      throw new Error("WebCrypto (crypto.subtle) is required for decrypt");
+    }
+    const normalized = normalizeHex(encryptedPayloadHex);
+    if (!normalized)
+      throw new Error("Invalid encryptedPayloadHex");
+    const serialized = hexToBytes(normalized);
+    const msg = deserializeEciesMessage(serialized);
+    const recipientPrivKeyBytes = await normalizePrivateKeyTo32Bytes(recipientPrivateKey);
+    const recipientPubKeyCompressed = secp256k1.pointFromScalar(recipientPrivKeyBytes, true);
+    if (!(recipientPubKeyCompressed instanceof Uint8Array) || recipientPubKeyCompressed.length !== 33) {
+      throw new Error("Failed to derive recipient public key");
+    }
+    const keyIdBytes = await hash160(recipientPubKeyCompressed);
+    const keyIdHex = bytesToHex(keyIdBytes);
+    const keyIdHexReversed = bytesToHex(keyIdBytes.slice().reverse());
+    const recipientPackage = msg.recipientKeys.get(keyIdHex) ?? msg.recipientKeys.get(keyIdHexReversed);
+    if (!recipientPackage)
+      return null;
+    if (recipientPackage.length < 12 + 32 + 16)
+      return null;
+    const recipientNonce = recipientPackage.slice(0, 12);
+    const encryptedAESKey = recipientPackage.slice(12, recipientPackage.length - 16);
+    const recipientTag = recipientPackage.slice(recipientPackage.length - 16);
+    const sharedPointCompressed = secp256k1.pointMultiply(msg.ephemeralPubKey, recipientPrivKeyBytes, true);
+    const sharedSecret = await sha256(sharedPointCompressed);
+    const encKey = await kdfSha256(sharedSecret, 32);
+    let aesKey;
+    try {
+      aesKey = await aes256GcmDecrypt(encryptedAESKey, encKey, recipientNonce, recipientTag);
+    } catch {
+      return null;
+    }
+    if (aesKey.length !== 32)
+      return null;
+    const payload = msg.encryptedPayload;
+    if (payload.length < 12 + 1 + 16)
+      return null;
+    const payloadNonce = payload.slice(0, 12);
+    const ciphertext = payload.slice(12, payload.length - 16);
+    const payloadTag = payload.slice(payload.length - 16);
+    let plaintextBytes;
+    try {
+      plaintextBytes = await aes256GcmDecrypt(ciphertext, aesKey, payloadNonce, payloadTag);
+    } catch {
+      return null;
+    }
+    const decoder = new TextDecoder();
+    return decoder.decode(plaintextBytes);
   }
   async function eciesEncrypt(plaintext, recipientPubKeys) {
     const ephemeralPrivKey = randomBytes(32);
@@ -4532,10 +4694,9 @@ var neuraiDepinMsg = (() => {
       throw new Error("Failed to generate ephemeral public key");
     }
     const aesKey = await kdfSha256(ephemeralPrivKey, 32);
-    const iv = randomBytes(16);
-    const ciphertext = await aes256CbcEncrypt(plaintext, aesKey, iv);
-    const payloadHmac = await hmacSha256(aesKey, ciphertext);
-    const payload = concatBytes(iv, ciphertext, payloadHmac);
+    const nonce = randomBytes(12);
+    const { ciphertext, tag } = await aes256GcmEncrypt(plaintext, aesKey, nonce);
+    const payload = concatBytes(nonce, ciphertext, tag);
     const recipientKeys = /* @__PURE__ */ new Map();
     for (const recipientPubKey of recipientPubKeys) {
       if (!(recipientPubKey instanceof Uint8Array) || recipientPubKey.length !== 33) {
@@ -4544,10 +4705,9 @@ var neuraiDepinMsg = (() => {
       const sharedPointCompressed = secp256k1.pointMultiply(recipientPubKey, ephemeralPrivKey, true);
       const sharedSecret = await sha256(sharedPointCompressed);
       const encKey = await kdfSha256(sharedSecret, 32);
-      const recipientIV = randomBytes(16);
-      const encryptedAESKey = await aes256CbcEncrypt(aesKey, encKey, recipientIV);
-      const recipientHmac = await hmacSha256(encKey, encryptedAESKey);
-      const recipientPackage = concatBytes(recipientIV, encryptedAESKey, recipientHmac);
+      const recipientNonce = randomBytes(12);
+      const { ciphertext: encryptedAESKey, tag: recipientTag } = await aes256GcmEncrypt(aesKey, encKey, recipientNonce);
+      const recipientPackage = concatBytes(recipientNonce, encryptedAESKey, recipientTag);
       const keyHash = await hash160(recipientPubKey);
       const keyHashHex = bytesToHex(keyHash);
       recipientKeys.set(keyHashHex, recipientPackage);
@@ -4670,6 +4830,7 @@ var neuraiDepinMsg = (() => {
   if (typeof globalThis !== "undefined") {
     globalThis.neuraiDepinMsg = {
       buildDepinMessage,
+      decryptDepinReceiveEncryptedPayload,
       wifToHex,
       isWIF,
       utils: {

package/dist/neurai-depin-msg.min.js CHANGED Viewed

@@ -1,4 +1,4 @@
-var neuraiDepinMsg=(()=>{var vo=Object.create;var St=Object.defineProperty;var Ao=Object.getOwnPropertyDescriptor;var Ho=Object.getOwnPropertyNames;var Io=Object.getPrototypeOf,To=Object.prototype.hasOwnProperty;var le=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),Oo=(e,t)=>{for(var r in t)St(e,r,{get:t[r],enumerable:!0})},Nn=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Ho(t))!To.call(e,o)&&o!==r&&St(e,o,{get:()=>t[o],enumerable:!(n=Ao(t,o))||n.enumerable});return e};var Uo=(e,t,r)=>(r=e!=null?vo(Io(e)):{},Nn(t||!e||!e.__esModule?St(r,"default",{value:e,enumerable:!0}):r,e)),Lo=e=>Nn(St({},"__esModule",{value:!0}),e);var kn=le(vt=>{"use strict";Object.defineProperty(vt,"__esModule",{value:!0});vt.crypto=void 0;vt.crypto=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0});var Le=le(O=>{"use strict";Object.defineProperty(O,"__esModule",{value:!0});O.wrapXOFConstructorWithOpts=O.wrapConstructorWithOpts=O.wrapConstructor=O.Hash=O.nextTick=O.swap32IfBE=O.byteSwapIfBE=O.swap8IfBE=O.isLE=void 0;O.isBytes=Pn;O.anumber=Zt;O.abytes=Qe;O.ahash=Ro;O.aexists=qo;O.aoutput=Vo;O.u8=No;O.u32=ko;O.clean=Co;O.createView=Po;O.rotr=Mo;O.rotl=Do;O.byteSwap=Gt;O.byteSwap32=Mn;O.bytesToHex=Ko;O.hexToBytes=Zo;O.asyncLoop=Go;O.utf8ToBytes=Wt;O.bytesToUtf8=Wo;O.toBytes=At;O.kdfInputToBytes=Yo;O.concatBytes=Xo;O.checkOpts=$o;O.createHasher=jn;O.createOptHasher=Kn;O.createXOFer=Zn;O.randomBytes=Fo;var Fe=kn();function Pn(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Zt(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function Qe(e,...t){if(!Pn(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function Ro(e){if(typeof e!="function"||typeof e.create!="function")throw new Error("Hash should be wrapped by utils.createHasher");Zt(e.outputLen),Zt(e.blockLen)}function qo(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Vo(e,t){Qe(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function No(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function ko(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Co(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function Po(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Mo(e,t){return e<<32-t|e>>>t}function Do(e,t){return e<<t|e>>>32-t>>>0}O.isLE=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;function Gt(e){return e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255}O.swap8IfBE=O.isLE?e=>e:e=>Gt(e);O.byteSwapIfBE=O.swap8IfBE;function Mn(e){for(let t=0;t<e.length;t++)e[t]=Gt(e[t]);return e}O.swap32IfBE=O.isLE?e=>e:Mn;var Dn=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",jo=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function Ko(e){if(Qe(e),Dn)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=jo[e[r]];return t}var He={_0:48,_9:57,A:65,F:70,a:97,f:102};function Cn(e){if(e>=He._0&&e<=He._9)return e-He._0;if(e>=He.A&&e<=He.F)return e-(He.A-10);if(e>=He.a&&e<=He.f)return e-(He.a-10)}function Zo(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(Dn)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Cn(e.charCodeAt(s)),c=Cn(e.charCodeAt(s+1));if(i===void 0||c===void 0){let a=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+a+'" at index '+s)}n[o]=i*16+c}return n}var zo=async()=>{};O.nextTick=zo;async function Go(e,t,r){let n=Date.now();for(let o=0;o<e;o++){r(o);let s=Date.now()-n;s>=0&&s<t||(await(0,O.nextTick)(),n+=s)}}function Wt(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function Wo(e){return new TextDecoder().decode(e)}function At(e){return typeof e=="string"&&(e=Wt(e)),Qe(e),e}function Yo(e){return typeof e=="string"&&(e=Wt(e)),Qe(e),e}function Xo(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];Qe(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}function $o(e,t){if(t!==void 0&&{}.toString.call(t)!=="[object Object]")throw new Error("options should be object or undefined");return Object.assign(e,t)}var zt=class{};O.Hash=zt;function jn(e){let t=n=>e().update(At(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Kn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}function Zn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}O.wrapConstructor=jn;O.wrapConstructorWithOpts=Kn;O.wrapXOFConstructorWithOpts=Zn;function Fo(e=32){if(Fe.crypto&&typeof Fe.crypto.getRandomValues=="function")return Fe.crypto.getRandomValues(new Uint8Array(e));if(Fe.crypto&&typeof Fe.crypto.randomBytes=="function")return Uint8Array.from(Fe.crypto.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}});var Gn=le(de=>{"use strict";Object.defineProperty(de,"__esModule",{value:!0});de.SHA512_IV=de.SHA384_IV=de.SHA224_IV=de.SHA256_IV=de.HashMD=void 0;de.setBigUint64=zn;de.Chi=Qo;de.Maj=Jo;var _e=Le();function zn(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),c=Number(r&s),a=n?4:0,l=n?0:4;e.setUint32(t+a,i,n),e.setUint32(t+l,c,n)}function Qo(e,t,r){return e&t^~e&r}function Jo(e,t,r){return e&t^e&r^t&r}var Yt=class extends _e.Hash{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=(0,_e.createView)(this.buffer)}update(t){(0,_e.aexists)(this),t=(0,_e.toBytes)(t),(0,_e.abytes)(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let c=Math.min(o-this.pos,s-i);if(c===o){let a=(0,_e.createView)(t);for(;o<=s-i;i+=o)this.process(a,i);continue}n.set(t.subarray(i,i+c),this.pos),this.pos+=c,i+=c,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){(0,_e.aexists)(this),(0,_e.aoutput)(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,(0,_e.clean)(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let h=i;h<o;h++)r[h]=0;zn(n,o-8,BigInt(this.length*8),s),this.process(n,0);let c=(0,_e.createView)(t),a=this.outputLen;if(a%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let l=a/4,d=this.get();if(l>d.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<l;h++)c.setUint32(4*h,d[h],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:c}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=c,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}};de.HashMD=Yt;de.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);de.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);de.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]);de.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])});var br=le(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.toBig=V.shrSL=V.shrSH=V.rotrSL=V.rotrSH=V.rotrBL=V.rotrBH=V.rotr32L=V.rotr32H=V.rotlSL=V.rotlSH=V.rotlBL=V.rotlBH=V.add5L=V.add5H=V.add4L=V.add4H=V.add3L=V.add3H=void 0;V.add=cr;V.fromBig=$t;V.split=Wn;var Ht=BigInt(2**32-1),Xt=BigInt(32);function $t(e,t=!1){return t?{h:Number(e&Ht),l:Number(e>>Xt&Ht)}:{h:Number(e>>Xt&Ht)|0,l:Number(e&Ht)|0}}function Wn(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:c}=$t(e[s],t);[n[s],o[s]]=[i,c]}return[n,o]}var Yn=(e,t)=>BigInt(e>>>0)<<Xt|BigInt(t>>>0);V.toBig=Yn;var Xn=(e,t,r)=>e>>>r;V.shrSH=Xn;var $n=(e,t,r)=>e<<32-r|t>>>r;V.shrSL=$n;var Fn=(e,t,r)=>e>>>r|t<<32-r;V.rotrSH=Fn;var Qn=(e,t,r)=>e<<32-r|t>>>r;V.rotrSL=Qn;var Jn=(e,t,r)=>e<<64-r|t>>>r-32;V.rotrBH=Jn;var er=(e,t,r)=>e>>>r-32|t<<64-r;V.rotrBL=er;var tr=(e,t)=>t;V.rotr32H=tr;var nr=(e,t)=>e;V.rotr32L=nr;var rr=(e,t,r)=>e<<r|t>>>32-r;V.rotlSH=rr;var or=(e,t,r)=>t<<r|e>>>32-r;V.rotlSL=or;var sr=(e,t,r)=>t<<r-32|e>>>64-r;V.rotlBH=sr;var ir=(e,t,r)=>e<<r-32|t>>>64-r;V.rotlBL=ir;function cr(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var ar=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0);V.add3L=ar;var fr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0;V.add3H=fr;var ur=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0);V.add4L=ur;var lr=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0;V.add4H=lr;var dr=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0);V.add5L=dr;var hr=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;V.add5H=hr;var es={fromBig:$t,split:Wn,toBig:Yn,shrSH:Xn,shrSL:$n,rotrSH:Fn,rotrSL:Qn,rotrBH:Jn,rotrBL:er,rotr32H:tr,rotr32L:nr,rotlSH:rr,rotlSL:or,rotlBH:sr,rotlBL:ir,add:cr,add3L:ar,add3H:fr,add4L:ur,add4H:lr,add5H:hr,add5L:dr};V.default=es});var wr=le(Z=>{"use strict";Object.defineProperty(Z,"__esModule",{value:!0});Z.sha512_224=Z.sha512_256=Z.sha384=Z.sha512=Z.sha224=Z.sha256=Z.SHA512_256=Z.SHA512_224=Z.SHA384=Z.SHA512=Z.SHA224=Z.SHA256=void 0;var T=Gn(),k=br(),J=Le(),ts=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),Re=new Uint32Array(64),ut=class extends T.HashMD{constructor(t=32){super(64,t,8,!1),this.A=T.SHA256_IV[0]|0,this.B=T.SHA256_IV[1]|0,this.C=T.SHA256_IV[2]|0,this.D=T.SHA256_IV[3]|0,this.E=T.SHA256_IV[4]|0,this.F=T.SHA256_IV[5]|0,this.G=T.SHA256_IV[6]|0,this.H=T.SHA256_IV[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:c,H:a}=this;return[t,r,n,o,s,i,c,a]}set(t,r,n,o,s,i,c,a){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=c|0,this.H=a|0}process(t,r){for(let h=0;h<16;h++,r+=4)Re[h]=t.getUint32(r,!1);for(let h=16;h<64;h++){let f=Re[h-15],u=Re[h-2],w=(0,J.rotr)(f,7)^(0,J.rotr)(f,18)^f>>>3,g=(0,J.rotr)(u,17)^(0,J.rotr)(u,19)^u>>>10;Re[h]=g+Re[h-7]+w+Re[h-16]|0}let{A:n,B:o,C:s,D:i,E:c,F:a,G:l,H:d}=this;for(let h=0;h<64;h++){let f=(0,J.rotr)(c,6)^(0,J.rotr)(c,11)^(0,J.rotr)(c,25),u=d+f+(0,T.Chi)(c,a,l)+ts[h]+Re[h]|0,g=((0,J.rotr)(n,2)^(0,J.rotr)(n,13)^(0,J.rotr)(n,22))+(0,T.Maj)(n,o,s)|0;d=l,l=a,a=c,c=i+u|0,i=s,s=o,o=n,n=u+g|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,c=c+this.E|0,a=a+this.F|0,l=l+this.G|0,d=d+this.H|0,this.set(n,o,s,i,c,a,l,d)}roundClean(){(0,J.clean)(Re)}destroy(){this.set(0,0,0,0,0,0,0,0),(0,J.clean)(this.buffer)}};Z.SHA256=ut;var It=class extends ut{constructor(){super(28),this.A=T.SHA224_IV[0]|0,this.B=T.SHA224_IV[1]|0,this.C=T.SHA224_IV[2]|0,this.D=T.SHA224_IV[3]|0,this.E=T.SHA224_IV[4]|0,this.F=T.SHA224_IV[5]|0,this.G=T.SHA224_IV[6]|0,this.H=T.SHA224_IV[7]|0}};Z.SHA224=It;var yr=k.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),ns=yr[0],rs=yr[1],qe=new Uint32Array(80),Ve=new Uint32Array(80),je=class extends T.HashMD{constructor(t=64){super(128,t,16,!1),this.Ah=T.SHA512_IV[0]|0,this.Al=T.SHA512_IV[1]|0,this.Bh=T.SHA512_IV[2]|0,this.Bl=T.SHA512_IV[3]|0,this.Ch=T.SHA512_IV[4]|0,this.Cl=T.SHA512_IV[5]|0,this.Dh=T.SHA512_IV[6]|0,this.Dl=T.SHA512_IV[7]|0,this.Eh=T.SHA512_IV[8]|0,this.El=T.SHA512_IV[9]|0,this.Fh=T.SHA512_IV[10]|0,this.Fl=T.SHA512_IV[11]|0,this.Gh=T.SHA512_IV[12]|0,this.Gl=T.SHA512_IV[13]|0,this.Hh=T.SHA512_IV[14]|0,this.Hl=T.SHA512_IV[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:c,Dl:a,Eh:l,El:d,Fh:h,Fl:f,Gh:u,Gl:w,Hh:g,Hl:_}=this;return[t,r,n,o,s,i,c,a,l,d,h,f,u,w,g,_]}set(t,r,n,o,s,i,c,a,l,d,h,f,u,w,g,_){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=c|0,this.Dl=a|0,this.Eh=l|0,this.El=d|0,this.Fh=h|0,this.Fl=f|0,this.Gh=u|0,this.Gl=w|0,this.Hh=g|0,this.Hl=_|0}process(t,r){for(let B=0;B<16;B++,r+=4)qe[B]=t.getUint32(r),Ve[B]=t.getUint32(r+=4);for(let B=16;B<80;B++){let C=qe[B-15]|0,K=Ve[B-15]|0,Q=k.rotrSH(C,K,1)^k.rotrSH(C,K,8)^k.shrSH(C,K,7),z=k.rotrSL(C,K,1)^k.rotrSL(C,K,8)^k.shrSL(C,K,7),j=qe[B-2]|0,H=Ve[B-2]|0,ye=k.rotrSH(j,H,19)^k.rotrBH(j,H,61)^k.shrSH(j,H,6),ue=k.rotrSL(j,H,19)^k.rotrBL(j,H,61)^k.shrSL(j,H,6),q=k.add4L(z,ue,Ve[B-7],Ve[B-16]),m=k.add4H(q,Q,ye,qe[B-7],qe[B-16]);qe[B]=m|0,Ve[B]=q|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:c,Cl:a,Dh:l,Dl:d,Eh:h,El:f,Fh:u,Fl:w,Gh:g,Gl:_,Hh:U,Hl:P}=this;for(let B=0;B<80;B++){let C=k.rotrSH(h,f,14)^k.rotrSH(h,f,18)^k.rotrBH(h,f,41),K=k.rotrSL(h,f,14)^k.rotrSL(h,f,18)^k.rotrBL(h,f,41),Q=h&u^~h&g,z=f&w^~f&_,j=k.add5L(P,K,z,rs[B],Ve[B]),H=k.add5H(j,U,C,Q,ns[B],qe[B]),ye=j|0,ue=k.rotrSH(n,o,28)^k.rotrBH(n,o,34)^k.rotrBH(n,o,39),q=k.rotrSL(n,o,28)^k.rotrBL(n,o,34)^k.rotrBL(n,o,39),m=n&s^n&c^s&c,y=o&i^o&a^i&a;U=g|0,P=_|0,g=u|0,_=w|0,u=h|0,w=f|0,{h,l:f}=k.add(l|0,d|0,H|0,ye|0),l=c|0,d=a|0,c=s|0,a=i|0,s=n|0,i=o|0;let b=k.add3L(ye,q,y);n=k.add3H(b,H,ue,m),o=b|0}({h:n,l:o}=k.add(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=k.add(this.Bh|0,this.Bl|0,s|0,i|0),{h:c,l:a}=k.add(this.Ch|0,this.Cl|0,c|0,a|0),{h:l,l:d}=k.add(this.Dh|0,this.Dl|0,l|0,d|0),{h,l:f}=k.add(this.Eh|0,this.El|0,h|0,f|0),{h:u,l:w}=k.add(this.Fh|0,this.Fl|0,u|0,w|0),{h:g,l:_}=k.add(this.Gh|0,this.Gl|0,g|0,_|0),{h:U,l:P}=k.add(this.Hh|0,this.Hl|0,U|0,P|0),this.set(n,o,s,i,c,a,l,d,h,f,u,w,g,_,U,P)}roundClean(){(0,J.clean)(qe,Ve)}destroy(){(0,J.clean)(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};Z.SHA512=je;var Tt=class extends je{constructor(){super(48),this.Ah=T.SHA384_IV[0]|0,this.Al=T.SHA384_IV[1]|0,this.Bh=T.SHA384_IV[2]|0,this.Bl=T.SHA384_IV[3]|0,this.Ch=T.SHA384_IV[4]|0,this.Cl=T.SHA384_IV[5]|0,this.Dh=T.SHA384_IV[6]|0,this.Dl=T.SHA384_IV[7]|0,this.Eh=T.SHA384_IV[8]|0,this.El=T.SHA384_IV[9]|0,this.Fh=T.SHA384_IV[10]|0,this.Fl=T.SHA384_IV[11]|0,this.Gh=T.SHA384_IV[12]|0,this.Gl=T.SHA384_IV[13]|0,this.Hh=T.SHA384_IV[14]|0,this.Hl=T.SHA384_IV[15]|0}};Z.SHA384=Tt;var ae=Uint32Array.from([2352822216,424955298,1944164710,2312950998,502970286,855612546,1738396948,1479516111,258812777,2077511080,2011393907,79989058,1067287976,1780299464,286451373,2446758561]),fe=Uint32Array.from([573645204,4230739756,2673172387,3360449730,596883563,1867755857,2520282905,1497426621,2519219938,2827943907,3193839141,1401305490,721525244,746961066,246885852,2177182882]),Ot=class extends je{constructor(){super(28),this.Ah=ae[0]|0,this.Al=ae[1]|0,this.Bh=ae[2]|0,this.Bl=ae[3]|0,this.Ch=ae[4]|0,this.Cl=ae[5]|0,this.Dh=ae[6]|0,this.Dl=ae[7]|0,this.Eh=ae[8]|0,this.El=ae[9]|0,this.Fh=ae[10]|0,this.Fl=ae[11]|0,this.Gh=ae[12]|0,this.Gl=ae[13]|0,this.Hh=ae[14]|0,this.Hl=ae[15]|0}};Z.SHA512_224=Ot;var Ut=class extends je{constructor(){super(32),this.Ah=fe[0]|0,this.Al=fe[1]|0,this.Bh=fe[2]|0,this.Bl=fe[3]|0,this.Ch=fe[4]|0,this.Cl=fe[5]|0,this.Dh=fe[6]|0,this.Dl=fe[7]|0,this.Eh=fe[8]|0,this.El=fe[9]|0,this.Fh=fe[10]|0,this.Fl=fe[11]|0,this.Gh=fe[12]|0,this.Gl=fe[13]|0,this.Hh=fe[14]|0,this.Hl=fe[15]|0}};Z.SHA512_256=Ut;Z.sha256=(0,J.createHasher)(()=>new ut);Z.sha224=(0,J.createHasher)(()=>new It);Z.sha512=(0,J.createHasher)(()=>new je);Z.sha384=(0,J.createHasher)(()=>new Tt);Z.sha512_256=(0,J.createHasher)(()=>new Ut);Z.sha512_224=(0,J.createHasher)(()=>new Ot)});var mr=le(Ze=>{"use strict";Object.defineProperty(Ze,"__esModule",{value:!0});Ze.hmac=Ze.HMAC=void 0;var Ke=Le(),lt=class extends Ke.Hash{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,(0,Ke.ahash)(t);let n=(0,Ke.toBytes)(r);if(this.iHash=t.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?t.create().update(n).digest():n);for(let i=0;i<s.length;i++)s[i]^=54;this.iHash.update(s),this.oHash=t.create();for(let i=0;i<s.length;i++)s[i]^=106;this.oHash.update(s),(0,Ke.clean)(s)}update(t){return(0,Ke.aexists)(this),this.iHash.update(t),this}digestInto(t){(0,Ke.aexists)(this),(0,Ke.abytes)(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));let{oHash:r,iHash:n,finished:o,destroyed:s,blockLen:i,outputLen:c}=this;return t=t,t.finished=o,t.destroyed=s,t.blockLen=i,t.outputLen=c,t.oHash=r._cloneInto(t.oHash),t.iHash=n._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}};Ze.HMAC=lt;var os=(e,t,r)=>new lt(e,t).update(r).digest();Ze.hmac=os;Ze.hmac.create=(e,t)=>new lt(e,t)});var ze=le(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.notImplemented=L.bitMask=L.utf8ToBytes=L.randomBytes=L.isBytes=L.hexToBytes=L.concatBytes=L.bytesToUtf8=L.bytesToHex=L.anumber=L.abytes=void 0;L.abool=ss;L._abool2=is;L._abytes2=cs;L.numberToHexUnpadded=gr;L.hexToNumber=Qt;L.bytesToNumberBE=as;L.bytesToNumberLE=fs;L.numberToBytesBE=pr;L.numberToBytesLE=us;L.numberToVarBytesBE=ls;L.ensureBytes=ds;L.equalBytes=hs;L.copyBytes=bs;L.asciiToBytes=ys;L.inRange=xr;L.aInRange=ws;L.bitLen=ms;L.bitGet=gs;L.bitSet=ps;L.createHmacDrbg=Bs;L.validateObject=_s;L.isHash=Ss;L._validateObject=vs;L.memoized=Hs;var Se=Le(),Ie=Le();Object.defineProperty(L,"abytes",{enumerable:!0,get:function(){return Ie.abytes}});Object.defineProperty(L,"anumber",{enumerable:!0,get:function(){return Ie.anumber}});Object.defineProperty(L,"bytesToHex",{enumerable:!0,get:function(){return Ie.bytesToHex}});Object.defineProperty(L,"bytesToUtf8",{enumerable:!0,get:function(){return Ie.bytesToUtf8}});Object.defineProperty(L,"concatBytes",{enumerable:!0,get:function(){return Ie.concatBytes}});Object.defineProperty(L,"hexToBytes",{enumerable:!0,get:function(){return Ie.hexToBytes}});Object.defineProperty(L,"isBytes",{enumerable:!0,get:function(){return Ie.isBytes}});Object.defineProperty(L,"randomBytes",{enumerable:!0,get:function(){return Ie.randomBytes}});Object.defineProperty(L,"utf8ToBytes",{enumerable:!0,get:function(){return Ie.utf8ToBytes}});var Lt=BigInt(0),dt=BigInt(1);function ss(e,t){if(typeof t!="boolean")throw new Error(e+" boolean expected, got "+t)}function is(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function cs(e,t,r=""){let n=(0,Se.isBytes)(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,c=s?` of length ${t}`:"",a=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+c+", got "+a)}return e}function gr(e){let t=e.toString(16);return t.length&1?"0"+t:t}function Qt(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?Lt:BigInt("0x"+e)}function as(e){return Qt((0,Se.bytesToHex)(e))}function fs(e){return(0,Se.abytes)(e),Qt((0,Se.bytesToHex)(Uint8Array.from(e).reverse()))}function pr(e,t){return(0,Se.hexToBytes)(e.toString(16).padStart(t*2,"0"))}function us(e,t){return pr(e,t).reverse()}function ls(e){return(0,Se.hexToBytes)(gr(e))}function ds(e,t,r){let n;if(typeof t=="string")try{n=(0,Se.hexToBytes)(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if((0,Se.isBytes)(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function hs(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function bs(e){return Uint8Array.from(e)}function ys(e){return Uint8Array.from(e,(t,r)=>{let n=t.charCodeAt(0);if(t.length!==1||n>127)throw new Error(`string contains non-ASCII character "${e[r]}" with code ${n} at position ${r}`);return n})}var Ft=e=>typeof e=="bigint"&&Lt<=e;function xr(e,t,r){return Ft(e)&&Ft(t)&&Ft(r)&&t<=e&&e<r}function ws(e,t,r,n){if(!xr(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function ms(e){let t;for(t=0;e>Lt;e>>=dt,t+=1);return t}function gs(e,t){return e>>BigInt(t)&dt}function ps(e,t,r){return e|(r?dt:Lt)<<BigInt(t)}var xs=e=>(dt<<BigInt(e))-dt;L.bitMask=xs;function Bs(e,t,r){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof t!="number"||t<2)throw new Error("qByteLen must be a number");if(typeof r!="function")throw new Error("hmacFn must be a function");let n=u=>new Uint8Array(u),o=u=>Uint8Array.of(u),s=n(e),i=n(e),c=0,a=()=>{s.fill(1),i.fill(0),c=0},l=(...u)=>r(i,s,...u),d=(u=n(0))=>{i=l(o(0),u),s=l(),u.length!==0&&(i=l(o(1),u),s=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let u=0,w=[];for(;u<t;){s=l();let g=s.slice();w.push(g),u+=s.length}return(0,Se.concatBytes)(...w)};return(u,w)=>{a(),d(u);let g;for(;!(g=w(h()));)d();return a(),g}}var Es={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||(0,Se.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function _s(e,t,r={}){let n=(o,s,i)=>{let c=Es[s];if(typeof c!="function")throw new Error("invalid validator function");let a=e[o];if(!(i&&a===void 0)&&!c(a,e))throw new Error("param "+String(o)+" is invalid. Expected "+s+", got "+a)};for(let[o,s]of Object.entries(t))n(o,s,!1);for(let[o,s]of Object.entries(r))n(o,s,!0);return e}function Ss(e){return typeof e=="function"&&Number.isSafeInteger(e.outputLen)}function vs(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let c=e[o];if(i&&c===void 0)return;let a=typeof c;if(a!==s||c===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${a}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var As=()=>{throw new Error("not implemented")};L.notImplemented=As;function Hs(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}});var Je=le(Y=>{"use strict";Object.defineProperty(Y,"__esModule",{value:!0});Y.isNegativeLE=void 0;Y.mod=me;Y.pow=Os;Y.pow2=Us;Y.invert=Rt;Y.tonelliShanks=en;Y.FpSqrt=Hr;Y.validateField=Ns;Y.FpPow=tn;Y.FpInvertBatch=Ir;Y.FpDiv=ks;Y.FpLegendre=qt;Y.FpIsSquare=Cs;Y.nLength=nn;Y.Field=Vt;Y.FpSqrtOdd=Ps;Y.FpSqrtEven=Ms;Y.hashToPrivateScalar=Ds;Y.getFieldBytesLength=rn;Y.getMinHashLength=Tr;Y.mapHashToField=js;var ge=ze(),he=BigInt(0),ee=BigInt(1),Ge=BigInt(2),Br=BigInt(3),Er=BigInt(4),_r=BigInt(5),Is=BigInt(7),Sr=BigInt(8),Ts=BigInt(9),vr=BigInt(16);function me(e,t){let r=e%t;return r>=he?r:t+r}function Os(e,t,r){return tn(Vt(r),e,t)}function Us(e,t,r){let n=e;for(;t-- >he;)n*=n,n%=r;return n}function Rt(e,t){if(e===he)throw new Error("invert: expected non-zero number");if(t<=he)throw new Error("invert: expected positive modulus, got "+t);let r=me(e,t),n=t,o=he,s=ee,i=ee,c=he;for(;r!==he;){let l=n/r,d=n%r,h=o-i*l,f=s-c*l;n=r,r=d,o=i,s=c,i=h,c=f}if(n!==ee)throw new Error("invert: does not exist");return me(o,t)}function Jt(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function Ar(e,t){let r=(e.ORDER+ee)/Er,n=e.pow(t,r);return Jt(e,n,t),n}function Ls(e,t){let r=(e.ORDER-_r)/Sr,n=e.mul(t,Ge),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,Ge),o),c=e.mul(s,e.sub(i,e.ONE));return Jt(e,c,t),c}function Rs(e){let t=Vt(e),r=en(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+Is)/vr;return(c,a)=>{let l=c.pow(a,i),d=c.mul(l,n),h=c.mul(l,o),f=c.mul(l,s),u=c.eql(c.sqr(d),a),w=c.eql(c.sqr(h),a);l=c.cmov(l,d,u),d=c.cmov(f,h,w);let g=c.eql(c.sqr(d),a),_=c.cmov(l,d,g);return Jt(c,_,a),_}}function en(e){if(e<Br)throw new Error("sqrt is not defined for small field");let t=e-ee,r=0;for(;t%Ge===he;)t/=Ge,r++;let n=Ge,o=Vt(e);for(;qt(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return Ar;let s=o.pow(n,t),i=(t+ee)/Ge;return function(a,l){if(a.is0(l))return l;if(qt(a,l)!==1)throw new Error("Cannot find square root");let d=r,h=a.mul(a.ONE,s),f=a.pow(l,t),u=a.pow(l,i);for(;!a.eql(f,a.ONE);){if(a.is0(f))return a.ZERO;let w=1,g=a.sqr(f);for(;!a.eql(g,a.ONE);)if(w++,g=a.sqr(g),w===d)throw new Error("Cannot find square root");let _=ee<<BigInt(d-w-1),U=a.pow(h,_);d=w,h=a.sqr(U),f=a.mul(f,h),u=a.mul(u,U)}return u}}function Hr(e){return e%Er===Br?Ar:e%Sr===_r?Ls:e%vr===Ts?Rs(e):en(e)}var qs=(e,t)=>(me(e,t)&ee)===ee;Y.isNegativeLE=qs;var Vs=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function Ns(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=Vs.reduce((n,o)=>(n[o]="function",n),t);return(0,ge._validateObject)(e,r),e}function tn(e,t,r){if(r<he)throw new Error("invalid exponent, negatives unsupported");if(r===he)return e.ONE;if(r===ee)return t;let n=e.ONE,o=t;for(;r>he;)r&ee&&(n=e.mul(n,o)),o=e.sqr(o),r>>=ee;return n}function Ir(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,c,a)=>e.is0(c)?i:(n[a]=i,e.mul(i,c)),e.ONE),s=e.inv(o);return t.reduceRight((i,c,a)=>e.is0(c)?i:(n[a]=e.mul(i,n[a]),e.mul(i,c)),s),n}function ks(e,t,r){return e.mul(t,typeof r=="bigint"?Rt(r,e.ORDER):e.inv(r))}function qt(e,t){let r=(e.ORDER-ee)/Ge,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Cs(e,t){return qt(e,t)===1}function nn(e,t){t!==void 0&&(0,ge.anumber)(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function Vt(e,t,r=!1,n={}){if(e<=he)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,c;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),c=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:a,nByteLength:l}=nn(e,o);if(l>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d,h=Object.freeze({ORDER:e,isLE:r,BITS:a,BYTES:l,MASK:(0,ge.bitMask)(a),ZERO:he,ONE:ee,allowedLengths:c,create:f=>me(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return he<=f&&f<e},is0:f=>f===he,isValidNot0:f=>!h.is0(f)&&h.isValid(f),isOdd:f=>(f&ee)===ee,neg:f=>me(-f,e),eql:(f,u)=>f===u,sqr:f=>me(f*f,e),add:(f,u)=>me(f+u,e),sub:(f,u)=>me(f-u,e),mul:(f,u)=>me(f*u,e),pow:(f,u)=>tn(h,f,u),div:(f,u)=>me(f*Rt(u,e),e),sqrN:f=>f*f,addN:(f,u)=>f+u,subN:(f,u)=>f-u,mulN:(f,u)=>f*u,inv:f=>Rt(f,e),sqrt:s||(f=>(d||(d=Hr(e)),d(h,f))),toBytes:f=>r?(0,ge.numberToBytesLE)(f,l):(0,ge.numberToBytesBE)(f,l),fromBytes:(f,u=!0)=>{if(c){if(!c.includes(f.length)||f.length>l)throw new Error("Field.fromBytes: expected "+c+" bytes, got "+f.length);let g=new Uint8Array(l);g.set(f,r?0:g.length-f.length),f=g}if(f.length!==l)throw new Error("Field.fromBytes: expected "+l+" bytes, got "+f.length);let w=r?(0,ge.bytesToNumberLE)(f):(0,ge.bytesToNumberBE)(f);if(i&&(w=me(w,e)),!u&&!h.isValid(w))throw new Error("invalid field element: outside of range 0..ORDER");return w},invertBatch:f=>Ir(h,f),cmov:(f,u,w)=>w?u:f});return Object.freeze(h)}function Ps(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?r:e.neg(r)}function Ms(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?e.neg(r):r}function Ds(e,t,r=!1){e=(0,ge.ensureBytes)("privateHash",e);let n=e.length,o=nn(t).nByteLength+8;if(o<24||n<o||n>1024)throw new Error("hashToPrivateScalar: expected "+o+"-1024 bytes of input, got "+n);let s=r?(0,ge.bytesToNumberLE)(e):(0,ge.bytesToNumberBE)(e);return me(s,t-ee)+ee}function rn(e){if(typeof e!="bigint")throw new Error("field order must be bigint");let t=e.toString(2).length;return Math.ceil(t/8)}function Tr(e){let t=rn(e);return t+Math.ceil(t/2)}function js(e,t,r=!1){let n=e.length,o=rn(t),s=Tr(t);if(n<16||n<s||n>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+n);let i=r?(0,ge.bytesToNumberLE)(e):(0,ge.bytesToNumberBE)(e),c=me(i,t-ee)+ee;return r?(0,ge.numberToBytesLE)(c,o):(0,ge.numberToBytesBE)(c,o)}});var Nr=le(xe=>{"use strict";Object.defineProperty(xe,"__esModule",{value:!0});xe.wNAF=void 0;xe.negateCt=an;xe.normalizeZ=Ks;xe.mulEndoUnsafe=Zs;xe.pippenger=zs;xe.precomputeMSMUnsafe=Gs;xe.validateBasic=Ws;xe._createCurveFields=Ys;var ht=ze(),bt=Je(),et=BigInt(0),We=BigInt(1);function an(e,t){let r=t.negate();return e?r:t}function Ks(e,t){let r=(0,bt.FpInvertBatch)(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function un(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function on(e,t){un(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=(0,ht.bitMask)(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Or(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,c=Number(e&o),a=e>>i;c>n&&(c-=s,a+=We);let l=t*n,d=l+Math.abs(c)-1,h=c===0,f=c<0,u=t%2!==0;return{nextN:a,offset:d,isZero:h,isNeg:f,isNegF:u,offsetF:l}}function Rr(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function qr(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var sn=new WeakMap,Vr=new WeakMap;function cn(e){return Vr.get(e)||1}function Ur(e){if(e!==et)throw new Error("invalid wNAF")}var fn=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>et;)r&We&&(n=n.add(o)),o=o.double(),r>>=We;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=on(r,this.bits),s=[],i=t,c=i;for(let a=0;a<n;a++){c=i,s.push(c);for(let l=1;l<o;l++)c=c.add(i),s.push(c);i=c.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=on(t,this.bits);for(let c=0;c<i.windows;c++){let{nextN:a,offset:l,isZero:d,isNeg:h,isNegF:f,offsetF:u}=Or(n,c,i);n=a,d?s=s.add(an(f,r[u])):o=o.add(an(h,r[l]))}return Ur(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=on(t,this.bits);for(let i=0;i<s.windows&&n!==et;i++){let{nextN:c,offset:a,isZero:l,isNeg:d}=Or(n,i,s);if(n=c,!l){let h=r[a];o=o.add(d?h.negate():h)}}return Ur(n),o}getPrecomputes(t,r,n){let o=sn.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),sn.set(r,o))),o}cached(t,r,n){let o=cn(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=cn(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){un(r,this.bits),Vr.set(t,r),sn.delete(t)}hasCache(t){return cn(t)!==1}};xe.wNAF=fn;function Zs(e,t,r,n){let o=t,s=e.ZERO,i=e.ZERO;for(;r>et||n>et;)r&We&&(s=s.add(o)),n&We&&(i=i.add(o)),o=o.double(),r>>=We,n>>=We;return{p1:s,p2:i}}function zs(e,t,r,n){Rr(r,e),qr(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,c=(0,ht.bitLen)(BigInt(o)),a=1;c>12?a=c-3:c>4?a=c-2:c>0&&(a=2);let l=(0,ht.bitMask)(a),d=new Array(Number(l)+1).fill(i),h=Math.floor((t.BITS-1)/a)*a,f=i;for(let u=h;u>=0;u-=a){d.fill(i);for(let g=0;g<s;g++){let _=n[g],U=Number(_>>BigInt(u)&l);d[U]=d[U].add(r[g])}let w=i;for(let g=d.length-1,_=i;g>0;g--)_=_.add(d[g]),w=w.add(_);if(f=f.add(w),u!==0)for(let g=0;g<a;g++)f=f.double()}return f}function Gs(e,t,r,n){un(n,t.BITS),Rr(r,e);let o=e.ZERO,s=2**n-1,i=Math.ceil(t.BITS/n),c=(0,ht.bitMask)(n),a=r.map(l=>{let d=[];for(let h=0,f=l;h<s;h++)d.push(f),f=f.add(l);return d});return l=>{if(qr(l,t),l.length>r.length)throw new Error("array of scalars must be smaller than array of points");let d=o;for(let h=0;h<i;h++){if(d!==o)for(let u=0;u<n;u++)d=d.double();let f=BigInt(i*n-(h+1)*n);for(let u=0;u<l.length;u++){let w=l[u],g=Number(w>>f&c);g&&(d=d.add(a[u][g-1]))}}return d}}function Ws(e){return(0,bt.validateField)(e.Fp),(0,ht.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,bt.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}function Lr(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,bt.validateField)(t),t}else return(0,bt.Field)(e,{isLE:r})}function Ys(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let a of["p","n","h"]){let l=t[a];if(!(typeof l=="bigint"&&l>et))throw new Error(`CURVE.${a} must be positive bigint`)}let o=Lr(t.p,r.Fp,n),s=Lr(t.n,r.Fn,n),c=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let a of c)if(!o.isValid(t[a]))throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}});var yn=le(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.DER=W.DERErr=void 0;W._splitEndoScalar=Cr;W._normFnElement=Ne;W.weierstrassN=bn;W.SWUFpSqrtRatio=Mr;W.mapToCurveSimpleSWU=Fs;W.ecdh=jr;W.ecdsa=Kr;W.weierstrassPoints=Qs;W._legacyHelperEquat=zr;W.weierstrass=ni;var Xs=mr(),$s=Le(),A=ze(),Te=Nr(),nt=Je(),kr=(e,t)=>(e+(e>=0?t:-t)/ve)/t;function Cr(e,t,r){let[[n,o],[s,i]]=t,c=kr(i*e,r),a=kr(-o*e,r),l=e-c*n-a*s,d=-c*o-a*i,h=l<Be,f=d<Be;h&&(l=-l),f&&(d=-d);let u=(0,A.bitMask)(Math.ceil((0,A.bitLen)(r)/2))+re;if(l<Be||l>=u||d<Be||d>=u)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:h,k1:l,k2neg:f,k2:d}}function dn(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function ln(e,t){let r={};for(let n of Object.keys(t))r[n]=e[n]===void 0?t[n]:e[n];return(0,A._abool2)(r.lowS,"lowS"),(0,A._abool2)(r.prehash,"prehash"),r.format!==void 0&&dn(r.format),r}var Nt=class extends Error{constructor(t=""){super(t)}};W.DERErr=Nt;W.DER={Err:Nt,_tlv:{encode:(e,t)=>{let{Err:r}=W.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length&1)throw new r("tlv.encode: unpadded data");let n=t.length/2,o=(0,A.numberToHexUnpadded)(n);if(o.length/2&128)throw new r("tlv.encode: long form length too big");let s=n>127?(0,A.numberToHexUnpadded)(o.length/2|128):"";return(0,A.numberToHexUnpadded)(e)+s+o+t},decode(e,t){let{Err:r}=W.DER,n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");let o=t[n++],s=!!(o&128),i=0;if(!s)i=o;else{let a=o&127;if(!a)throw new r("tlv.decode(long): indefinite length not supported");if(a>4)throw new r("tlv.decode(long): byte length is too big");let l=t.subarray(n,n+a);if(l.length!==a)throw new r("tlv.decode: length bytes not complete");if(l[0]===0)throw new r("tlv.decode(long): zero leftmost byte");for(let d of l)i=i<<8|d;if(n+=a,i<128)throw new r("tlv.decode(long): not minimal encoding")}let c=t.subarray(n,n+i);if(c.length!==i)throw new r("tlv.decode: wrong value length");return{v:c,l:t.subarray(n+i)}}},_int:{encode(e){let{Err:t}=W.DER;if(e<Be)throw new t("integer: negative integers are not allowed");let r=(0,A.numberToHexUnpadded)(e);if(Number.parseInt(r[0],16)&8&&(r="00"+r),r.length&1)throw new t("unexpected DER parsing assertion: unpadded hex");return r},decode(e){let{Err:t}=W.DER;if(e[0]&128)throw new t("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new t("invalid signature integer: unnecessary leading zero");return(0,A.bytesToNumberBE)(e)}},toSig(e){let{Err:t,_int:r,_tlv:n}=W.DER,o=(0,A.ensureBytes)("signature",e),{v:s,l:i}=n.decode(48,o);if(i.length)throw new t("invalid signature: left bytes after parsing");let{v:c,l:a}=n.decode(2,s),{v:l,l:d}=n.decode(2,a);if(d.length)throw new t("invalid signature: left bytes after parsing");return{r:r.decode(c),s:r.decode(l)}},hexFromSig(e){let{_tlv:t,_int:r}=W.DER,n=t.encode(2,r.encode(e.r)),o=t.encode(2,r.encode(e.s)),s=n+o;return t.encode(48,s)}};var Be=BigInt(0),re=BigInt(1),ve=BigInt(2),tt=BigInt(3),hn=BigInt(4);function Ne(e,t){let{BYTES:r}=e,n;if(typeof t=="bigint")n=t;else{let o=(0,A.ensureBytes)("private key",t);try{n=e.fromBytes(o)}catch{throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof t}`)}}if(!e.isValidNot0(n))throw new Error("invalid private key: out of range [1..N-1]");return n}function bn(e,t={}){let r=(0,Te._createCurveFields)("weierstrass",e,t),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i,n:c}=s;(0,A._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});let{endo:a}=t;if(a&&(!n.is0(s.a)||typeof a.beta!="bigint"||!Array.isArray(a.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');let l=Dr(n,o);function d(){if(!n.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}function h(q,m,y){let{x:b,y:p}=m.toAffine(),x=n.toBytes(b);if((0,A._abool2)(y,"isCompressed"),y){d();let v=!n.isOdd(p);return(0,A.concatBytes)(Pr(v),x)}else return(0,A.concatBytes)(Uint8Array.of(4),x,n.toBytes(p))}function f(q){(0,A._abytes2)(q,void 0,"Point");let{publicKey:m,publicKeyUncompressed:y}=l,b=q.length,p=q[0],x=q.subarray(1);if(b===m&&(p===2||p===3)){let v=n.fromBytes(x);if(!n.isValid(v))throw new Error("bad point: is not on curve, wrong x");let I=g(v),S;try{S=n.sqrt(I)}catch(te){let G=te instanceof Error?": "+te.message:"";throw new Error("bad point: is not on curve, sqrt error"+G)}d();let R=n.isOdd(S);return(p&1)===1!==R&&(S=n.neg(S)),{x:v,y:S}}else if(b===y&&p===4){let v=n.BYTES,I=n.fromBytes(x.subarray(0,v)),S=n.fromBytes(x.subarray(v,v*2));if(!_(I,S))throw new Error("bad point: is not on curve");return{x:I,y:S}}else throw new Error(`bad point: got length ${b}, expected compressed=${m} or uncompressed=${y}`)}let u=t.toBytes||h,w=t.fromBytes||f;function g(q){let m=n.sqr(q),y=n.mul(m,q);return n.add(n.add(y,n.mul(q,s.a)),s.b)}function _(q,m){let y=n.sqr(m),b=g(q);return n.eql(y,b)}if(!_(s.Gx,s.Gy))throw new Error("bad curve params: generator point");let U=n.mul(n.pow(s.a,tt),hn),P=n.mul(n.sqr(s.b),BigInt(27));if(n.is0(n.add(U,P)))throw new Error("bad curve params: a or b");function B(q,m,y=!1){if(!n.isValid(m)||y&&n.is0(m))throw new Error(`bad point coordinate ${q}`);return m}function C(q){if(!(q instanceof H))throw new Error("ProjectivePoint expected")}function K(q){if(!a||!a.basises)throw new Error("no endo");return Cr(q,a.basises,o.ORDER)}let Q=(0,A.memoized)((q,m)=>{let{X:y,Y:b,Z:p}=q;if(n.eql(p,n.ONE))return{x:y,y:b};let x=q.is0();m==null&&(m=x?n.ONE:n.inv(p));let v=n.mul(y,m),I=n.mul(b,m),S=n.mul(p,m);if(x)return{x:n.ZERO,y:n.ZERO};if(!n.eql(S,n.ONE))throw new Error("invZ was invalid");return{x:v,y:I}}),z=(0,A.memoized)(q=>{if(q.is0()){if(t.allowInfinityPoint&&!n.is0(q.Y))return;throw new Error("bad point: ZERO")}let{x:m,y}=q.toAffine();if(!n.isValid(m)||!n.isValid(y))throw new Error("bad point: x or y not field elements");if(!_(m,y))throw new Error("bad point: equation left != right");if(!q.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function j(q,m,y,b,p){return y=new H(n.mul(y.X,q),y.Y,y.Z),m=(0,Te.negateCt)(b,m),y=(0,Te.negateCt)(p,y),m.add(y)}class H{constructor(m,y,b){this.X=B("x",m),this.Y=B("y",y,!0),this.Z=B("z",b),Object.freeze(this)}static CURVE(){return s}static fromAffine(m){let{x:y,y:b}=m||{};if(!m||!n.isValid(y)||!n.isValid(b))throw new Error("invalid affine point");if(m instanceof H)throw new Error("projective point not allowed");return n.is0(y)&&n.is0(b)?H.ZERO:new H(y,b,n.ONE)}static fromBytes(m){let y=H.fromAffine(w((0,A._abytes2)(m,void 0,"point")));return y.assertValidity(),y}static fromHex(m){return H.fromBytes((0,A.ensureBytes)("pointHex",m))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(m=8,y=!0){return ue.createCache(this,m),y||this.multiply(tt),this}assertValidity(){z(this)}hasEvenY(){let{y:m}=this.toAffine();if(!n.isOdd)throw new Error("Field doesn't support isOdd");return!n.isOdd(m)}equals(m){C(m);let{X:y,Y:b,Z:p}=this,{X:x,Y:v,Z:I}=m,S=n.eql(n.mul(y,I),n.mul(x,p)),R=n.eql(n.mul(b,I),n.mul(v,p));return S&&R}negate(){return new H(this.X,n.neg(this.Y),this.Z)}double(){let{a:m,b:y}=s,b=n.mul(y,tt),{X:p,Y:x,Z:v}=this,I=n.ZERO,S=n.ZERO,R=n.ZERO,N=n.mul(p,p),te=n.mul(x,x),G=n.mul(v,v),M=n.mul(p,x);return M=n.add(M,M),R=n.mul(p,v),R=n.add(R,R),I=n.mul(m,R),S=n.mul(b,G),S=n.add(I,S),I=n.sub(te,S),S=n.add(te,S),S=n.mul(I,S),I=n.mul(M,I),R=n.mul(b,R),G=n.mul(m,G),M=n.sub(N,G),M=n.mul(m,M),M=n.add(M,R),R=n.add(N,N),N=n.add(R,N),N=n.add(N,G),N=n.mul(N,M),S=n.add(S,N),G=n.mul(x,v),G=n.add(G,G),N=n.mul(G,M),I=n.sub(I,N),R=n.mul(G,te),R=n.add(R,R),R=n.add(R,R),new H(I,S,R)}add(m){C(m);let{X:y,Y:b,Z:p}=this,{X:x,Y:v,Z:I}=m,S=n.ZERO,R=n.ZERO,N=n.ZERO,te=s.a,G=n.mul(s.b,tt),M=n.mul(y,x),X=n.mul(b,v),ne=n.mul(p,I),we=n.add(y,b),$=n.add(x,v);we=n.mul(we,$),$=n.add(M,X),we=n.sub(we,$),$=n.add(y,p);let ce=n.add(x,I);return $=n.mul($,ce),ce=n.add(M,ne),$=n.sub($,ce),ce=n.add(b,p),S=n.add(v,I),ce=n.mul(ce,S),S=n.add(X,ne),ce=n.sub(ce,S),N=n.mul(te,$),S=n.mul(G,ne),N=n.add(S,N),S=n.sub(X,N),N=n.add(X,N),R=n.mul(S,N),X=n.add(M,M),X=n.add(X,M),ne=n.mul(te,ne),$=n.mul(G,$),X=n.add(X,ne),ne=n.sub(M,ne),ne=n.mul(te,ne),$=n.add($,ne),M=n.mul(X,$),R=n.add(R,M),M=n.mul(ce,$),S=n.mul(we,S),S=n.sub(S,M),M=n.mul(we,X),N=n.mul(ce,N),N=n.add(N,M),new H(S,R,N)}subtract(m){return this.add(m.negate())}is0(){return this.equals(H.ZERO)}multiply(m){let{endo:y}=t;if(!o.isValidNot0(m))throw new Error("invalid scalar: out of range");let b,p,x=v=>ue.cached(this,v,I=>(0,Te.normalizeZ)(H,I));if(y){let{k1neg:v,k1:I,k2neg:S,k2:R}=K(m),{p:N,f:te}=x(I),{p:G,f:M}=x(R);p=te.add(M),b=j(y.beta,N,G,v,S)}else{let{p:v,f:I}=x(m);b=v,p=I}return(0,Te.normalizeZ)(H,[b,p])[0]}multiplyUnsafe(m){let{endo:y}=t,b=this;if(!o.isValid(m))throw new Error("invalid scalar: out of range");if(m===Be||b.is0())return H.ZERO;if(m===re)return b;if(ue.hasCache(this))return this.multiply(m);if(y){let{k1neg:p,k1:x,k2neg:v,k2:I}=K(m),{p1:S,p2:R}=(0,Te.mulEndoUnsafe)(H,b,x,I);return j(y.beta,S,R,p,v)}else return ue.unsafe(b,m)}multiplyAndAddUnsafe(m,y,b){let p=this.multiplyUnsafe(y).add(m.multiplyUnsafe(b));return p.is0()?void 0:p}toAffine(m){return Q(this,m)}isTorsionFree(){let{isTorsionFree:m}=t;return i===re?!0:m?m(H,this):ue.unsafe(this,c).is0()}clearCofactor(){let{clearCofactor:m}=t;return i===re?this:m?m(H,this):this.multiplyUnsafe(i)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}toBytes(m=!0){return(0,A._abool2)(m,"isCompressed"),this.assertValidity(),u(H,this,m)}toHex(m=!0){return(0,A.bytesToHex)(this.toBytes(m))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(m=!0){return this.toBytes(m)}_setWindowSize(m){this.precompute(m)}static normalizeZ(m){return(0,Te.normalizeZ)(H,m)}static msm(m,y){return(0,Te.pippenger)(H,o,m,y)}static fromPrivateKey(m){return H.BASE.multiply(Ne(o,m))}}H.BASE=new H(s.Gx,s.Gy,n.ONE),H.ZERO=new H(n.ZERO,n.ONE,n.ZERO),H.Fp=n,H.Fn=o;let ye=o.BITS,ue=new Te.wNAF(H,t.endo?Math.ceil(ye/2):ye);return H.BASE.precompute(8),H}function Pr(e){return Uint8Array.of(e?2:3)}function Mr(e,t){let r=e.ORDER,n=Be;for(let w=r-re;w%ve===Be;w/=ve)n+=re;let o=n,s=ve<<o-re-re,i=s*ve,c=(r-re)/i,a=(c-re)/ve,l=i-re,d=s,h=e.pow(t,c),f=e.pow(t,(c+re)/ve),u=(w,g)=>{let _=h,U=e.pow(g,l),P=e.sqr(U);P=e.mul(P,g);let B=e.mul(w,P);B=e.pow(B,a),B=e.mul(B,U),U=e.mul(B,g),P=e.mul(B,w);let C=e.mul(P,U);B=e.pow(C,d);let K=e.eql(B,e.ONE);U=e.mul(P,f),B=e.mul(C,_),P=e.cmov(U,P,K),C=e.cmov(B,C,K);for(let Q=o;Q>re;Q--){let z=Q-ve;z=ve<<z-re;let j=e.pow(C,z),H=e.eql(j,e.ONE);U=e.mul(P,_),_=e.mul(_,_),j=e.mul(C,_),P=e.cmov(U,P,H),C=e.cmov(j,C,H)}return{isValid:K,value:P}};if(e.ORDER%hn===tt){let w=(e.ORDER-tt)/hn,g=e.sqrt(e.neg(t));u=(_,U)=>{let P=e.sqr(U),B=e.mul(_,U);P=e.mul(P,B);let C=e.pow(P,w);C=e.mul(C,B);let K=e.mul(C,g),Q=e.mul(e.sqr(C),U),z=e.eql(Q,_),j=e.cmov(K,C,z);return{isValid:z,value:j}}}return u}function Fs(e,t){(0,nt.validateField)(e);let{A:r,B:n,Z:o}=t;if(!e.isValid(r)||!e.isValid(n)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");let s=Mr(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return i=>{let c,a,l,d,h,f,u,w;c=e.sqr(i),c=e.mul(c,o),a=e.sqr(c),a=e.add(a,c),l=e.add(a,e.ONE),l=e.mul(l,n),d=e.cmov(o,e.neg(a),!e.eql(a,e.ZERO)),d=e.mul(d,r),a=e.sqr(l),f=e.sqr(d),h=e.mul(f,r),a=e.add(a,h),a=e.mul(a,l),f=e.mul(f,d),h=e.mul(f,n),a=e.add(a,h),u=e.mul(c,l);let{isValid:g,value:_}=s(a,f);w=e.mul(c,i),w=e.mul(w,_),u=e.cmov(u,l,g),w=e.cmov(w,_,g);let U=e.isOdd(i)===e.isOdd(w);w=e.cmov(e.neg(w),w,U);let P=(0,nt.FpInvertBatch)(e,[d],!0)[0];return u=e.mul(u,P),{x:u,y:w}}}function Dr(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function jr(e,t={}){let{Fn:r}=e,n=t.randomBytes||A.randomBytes,o=Object.assign(Dr(e.Fp,r),{seed:(0,nt.getMinHashLength)(r.ORDER)});function s(u){try{return!!Ne(r,u)}catch{return!1}}function i(u,w){let{publicKey:g,publicKeyUncompressed:_}=o;try{let U=u.length;return w===!0&&U!==g||w===!1&&U!==_?!1:!!e.fromBytes(u)}catch{return!1}}function c(u=n(o.seed)){return(0,nt.mapHashToField)((0,A._abytes2)(u,o.seed,"seed"),r.ORDER)}function a(u,w=!0){return e.BASE.multiply(Ne(r,u)).toBytes(w)}function l(u){let w=c(u);return{secretKey:w,publicKey:a(w)}}function d(u){if(typeof u=="bigint")return!1;if(u instanceof e)return!0;let{secretKey:w,publicKey:g,publicKeyUncompressed:_}=o;if(r.allowedLengths||w===g)return;let U=(0,A.ensureBytes)("key",u).length;return U===g||U===_}function h(u,w,g=!0){if(d(u)===!0)throw new Error("first arg must be private key");if(d(w)===!1)throw new Error("second arg must be public key");let _=Ne(r,u);return e.fromHex(w).multiply(_).toBytes(g)}return Object.freeze({getPublicKey:a,getSharedSecret:h,keygen:l,Point:e,utils:{isValidSecretKey:s,isValidPublicKey:i,randomSecretKey:c,isValidPrivateKey:s,randomPrivateKey:c,normPrivateKeyToScalar:u=>Ne(r,u),precompute(u=8,w=e.BASE){return w.precompute(u,!1)}},lengths:o})}function Kr(e,t,r={}){(0,$s.ahash)(t),(0,A._validateObject)(r,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});let n=r.randomBytes||A.randomBytes,o=r.hmac||((y,...b)=>(0,Xs.hmac)(t,y,(0,A.concatBytes)(...b))),{Fp:s,Fn:i}=e,{ORDER:c,BITS:a}=i,{keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u}=jr(e,r),w={prehash:!1,lowS:typeof r.lowS=="boolean"?r.lowS:!1,format:void 0,extraEntropy:!1},g="compact";function _(y){let b=c>>re;return y>b}function U(y,b){if(!i.isValidNot0(b))throw new Error(`invalid signature ${y}: out of range 1..Point.Fn.ORDER`);return b}function P(y,b){dn(b);let p=u.signature,x=b==="compact"?p:b==="recovered"?p+1:void 0;return(0,A._abytes2)(y,x,`${b} signature`)}class B{constructor(b,p,x){this.r=U("r",b),this.s=U("s",p),x!=null&&(this.recovery=x),Object.freeze(this)}static fromBytes(b,p=g){P(b,p);let x;if(p==="der"){let{r:R,s:N}=W.DER.toSig((0,A._abytes2)(b));return new B(R,N)}p==="recovered"&&(x=b[0],p="compact",b=b.subarray(1));let v=i.BYTES,I=b.subarray(0,v),S=b.subarray(v,v*2);return new B(i.fromBytes(I),i.fromBytes(S),x)}static fromHex(b,p){return this.fromBytes((0,A.hexToBytes)(b),p)}addRecoveryBit(b){return new B(this.r,this.s,b)}recoverPublicKey(b){let p=s.ORDER,{r:x,s:v,recovery:I}=this;if(I==null||![0,1,2,3].includes(I))throw new Error("recovery id invalid");if(c*ve<p&&I>1)throw new Error("recovery id is ambiguous for h>1 curve");let R=I===2||I===3?x+c:x;if(!s.isValid(R))throw new Error("recovery id 2 or 3 invalid");let N=s.toBytes(R),te=e.fromBytes((0,A.concatBytes)(Pr((I&1)===0),N)),G=i.inv(R),M=K((0,A.ensureBytes)("msgHash",b)),X=i.create(-M*G),ne=i.create(v*G),we=e.BASE.multiplyUnsafe(X).add(te.multiplyUnsafe(ne));if(we.is0())throw new Error("point at infinify");return we.assertValidity(),we}hasHighS(){return _(this.s)}toBytes(b=g){if(dn(b),b==="der")return(0,A.hexToBytes)(W.DER.hexFromSig(this));let p=i.toBytes(this.r),x=i.toBytes(this.s);if(b==="recovered"){if(this.recovery==null)throw new Error("recovery bit must be present");return(0,A.concatBytes)(Uint8Array.of(this.recovery),p,x)}return(0,A.concatBytes)(p,x)}toHex(b){return(0,A.bytesToHex)(this.toBytes(b))}assertValidity(){}static fromCompact(b){return B.fromBytes((0,A.ensureBytes)("sig",b),"compact")}static fromDER(b){return B.fromBytes((0,A.ensureBytes)("sig",b),"der")}normalizeS(){return this.hasHighS()?new B(this.r,i.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,A.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,A.bytesToHex)(this.toBytes("compact"))}}let C=r.bits2int||function(b){if(b.length>8192)throw new Error("input is too large");let p=(0,A.bytesToNumberBE)(b),x=b.length*8-a;return x>0?p>>BigInt(x):p},K=r.bits2int_modN||function(b){return i.create(C(b))},Q=(0,A.bitMask)(a);function z(y){return(0,A.aInRange)("num < 2^"+a,y,Be,Q),i.toBytes(y)}function j(y,b){return(0,A._abytes2)(y,void 0,"message"),b?(0,A._abytes2)(t(y),void 0,"prehashed message"):y}function H(y,b,p){if(["recovered","canonical"].some(X=>X in p))throw new Error("sign() legacy options not supported");let{lowS:x,prehash:v,extraEntropy:I}=ln(p,w);y=j(y,v);let S=K(y),R=Ne(i,b),N=[z(R),z(S)];if(I!=null&&I!==!1){let X=I===!0?n(u.secretKey):I;N.push((0,A.ensureBytes)("extraEntropy",X))}let te=(0,A.concatBytes)(...N),G=S;function M(X){let ne=C(X);if(!i.isValidNot0(ne))return;let we=i.inv(ne),$=e.BASE.multiply(ne).toAffine(),ce=i.create($.x);if(ce===Be)return;let _t=i.create(we*i.create(G+ce*R));if(_t===Be)return;let qn=($.x===ce?0:2)|Number($.y&re),Vn=_t;return x&&_(_t)&&(Vn=i.neg(_t),qn^=1),new B(ce,Vn,qn)}return{seed:te,k2sig:M}}function ye(y,b,p={}){y=(0,A.ensureBytes)("message",y);let{seed:x,k2sig:v}=H(y,b,p);return(0,A.createHmacDrbg)(t.outputLen,i.BYTES,o)(x,v)}function ue(y){let b,p=typeof y=="string"||(0,A.isBytes)(y),x=!p&&y!==null&&typeof y=="object"&&typeof y.r=="bigint"&&typeof y.s=="bigint";if(!p&&!x)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(x)b=new B(y.r,y.s);else if(p){try{b=B.fromBytes((0,A.ensureBytes)("sig",y),"der")}catch(v){if(!(v instanceof W.DER.Err))throw v}if(!b)try{b=B.fromBytes((0,A.ensureBytes)("sig",y),"compact")}catch{return!1}}return b||!1}function q(y,b,p,x={}){let{lowS:v,prehash:I,format:S}=ln(x,w);if(p=(0,A.ensureBytes)("publicKey",p),b=j((0,A.ensureBytes)("message",b),I),"strict"in x)throw new Error("options.strict was renamed to lowS");let R=S===void 0?ue(y):B.fromBytes((0,A.ensureBytes)("sig",y),S);if(R===!1)return!1;try{let N=e.fromBytes(p);if(v&&R.hasHighS())return!1;let{r:te,s:G}=R,M=K(b),X=i.inv(G),ne=i.create(M*X),we=i.create(te*X),$=e.BASE.multiplyUnsafe(ne).add(N.multiplyUnsafe(we));return $.is0()?!1:i.create($.x)===te}catch{return!1}}function m(y,b,p={}){let{prehash:x}=ln(p,w);return b=j(b,x),B.fromBytes(y,"recovered").recoverPublicKey(b).toBytes()}return Object.freeze({keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u,Point:e,sign:ye,verify:q,recoverPublicKey:m,Signature:B,hash:t})}function Qs(e){let{CURVE:t,curveOpts:r}=Zr(e),n=bn(t,r);return ei(e,n)}function Zr(e){let t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(i=>Math.ceil(i/2)))):void 0,o=(0,nt.Field)(t.n,{BITS:e.nBitLength,allowedLengths:n,modFromBytes:e.wrapPrivateKey}),s={Fp:r,Fn:o,allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes};return{CURVE:t,curveOpts:s}}function Js(e){let{CURVE:t,curveOpts:r}=Zr(e),n={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:r,hash:e.hash,ecdsaOpts:n}}function zr(e,t,r){function n(o){let s=e.sqr(o),i=e.mul(s,o);return e.add(e.add(i,e.mul(o,t)),r)}return n}function ei(e,t){let{Fp:r,Fn:n}=t;function o(i){return(0,A.inRange)(i,re,n.ORDER)}let s=zr(r,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:i=>Ne(n,i),weierstrassEquation:s,isWithinCurveOrder:o})}function ti(e,t){let r=t.Point;return Object.assign({},t,{ProjectivePoint:r,CURVE:Object.assign({},e,(0,nt.nLength)(r.Fn.ORDER,r.Fn.BITS))})}function ni(e){let{CURVE:t,curveOpts:r,hash:n,ecdsaOpts:o}=Js(e),s=bn(t,r),i=Kr(s,n,o);return ti(e,i)}});var Gr=le(kt=>{"use strict";Object.defineProperty(kt,"__esModule",{value:!0});kt.getHash=oi;kt.createCurve=si;var ri=yn();function oi(e){return{hash:e}}function si(e,t){let r=n=>(0,ri.weierstrass)({...e,hash:n});return{...r(t),create:r}}});var Fr=le(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae._DST_scalar=void 0;Ae.expand_message_xmd=Xr;Ae.expand_message_xof=$r;Ae.hash_to_field=Ct;Ae.isogenyMap=ai;Ae.createHasher=fi;var oe=ze(),Wr=Je(),ii=oe.bytesToNumberBE;function ke(e,t){if(yt(e),yt(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);let r=Array.from({length:t}).fill(0);for(let n=t-1;n>=0;n--)r[n]=e&255,e>>>=8;return new Uint8Array(r)}function ci(e,t){let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e[n]^t[n];return r}function yt(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function Yr(e){if(!(0,oe.isBytes)(e)&&typeof e!="string")throw new Error("DST must be Uint8Array or string");return typeof e=="string"?(0,oe.utf8ToBytes)(e):e}function Xr(e,t,r,n){(0,oe.abytes)(e),yt(r),t=Yr(t),t.length>255&&(t=n((0,oe.concatBytes)((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));let{outputLen:o,blockLen:s}=n,i=Math.ceil(r/o);if(r>65535||i>255)throw new Error("expand_message_xmd: invalid lenInBytes");let c=(0,oe.concatBytes)(t,ke(t.length,1)),a=ke(0,s),l=ke(r,2),d=new Array(i),h=n((0,oe.concatBytes)(a,e,l,ke(0,1),c));d[0]=n((0,oe.concatBytes)(h,ke(1,1),c));for(let u=1;u<=i;u++){let w=[ci(h,d[u-1]),ke(u+1,1),c];d[u]=n((0,oe.concatBytes)(...w))}return(0,oe.concatBytes)(...d).slice(0,r)}function $r(e,t,r,n,o){if((0,oe.abytes)(e),yt(r),t=Yr(t),t.length>255){let s=Math.ceil(2*n/8);t=o.create({dkLen:s}).update((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(r>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return o.create({dkLen:r}).update(e).update(ke(r,2)).update(t).update(ke(t.length,1)).digest()}function Ct(e,t,r){(0,oe._validateObject)(r,{p:"bigint",m:"number",k:"number",hash:"function"});let{p:n,k:o,m:s,hash:i,expand:c,DST:a}=r;if(!(0,oe.isHash)(r.hash))throw new Error("expected valid hash");(0,oe.abytes)(e),yt(t);let l=n.toString(2).length,d=Math.ceil((l+o)/8),h=t*s*d,f;if(c==="xmd")f=Xr(e,a,h,i);else if(c==="xof")f=$r(e,a,h,o,i);else if(c==="_internal_pass")f=e;else throw new Error('expand must be "xmd" or "xof"');let u=new Array(t);for(let w=0;w<t;w++){let g=new Array(s);for(let _=0;_<s;_++){let U=d*(_+w*s),P=f.subarray(U,U+d);g[_]=(0,Wr.mod)(ii(P),n)}u[w]=g}return u}function ai(e,t){let r=t.map(n=>Array.from(n).reverse());return(n,o)=>{let[s,i,c,a]=r.map(h=>h.reduce((f,u)=>e.add(e.mul(f,n),u))),[l,d]=(0,Wr.FpInvertBatch)(e,[i,a],!0);return n=e.mul(s,l),o=e.mul(o,e.mul(c,d)),{x:n,y:o}}}Ae._DST_scalar=(0,oe.utf8ToBytes)("HashToScalar-");function fi(e,t,r){if(typeof t!="function")throw new Error("mapToCurve() must be defined");function n(s){return e.fromAffine(t(s))}function o(s){let i=s.clearCofactor();return i.equals(e.ZERO)?e.ZERO:(i.assertValidity(),i)}return{defaults:r,hashToCurve(s,i){let c=Object.assign({},r,i),a=Ct(s,2,c),l=n(a[0]),d=n(a[1]);return o(l.add(d))},encodeToCurve(s,i){let c=r.encodeDST?{DST:r.encodeDST}:{},a=Object.assign({},r,c,i),l=Ct(s,1,a),d=n(l[0]);return o(d)},mapToCurve(s){if(!Array.isArray(s))throw new Error("expected array of bigints");for(let i of s)if(typeof i!="bigint")throw new Error("expected array of bigints");return o(n(s))},hashToScalar(s,i){let c=e.Fn.ORDER,a=Object.assign({},r,{p:c,m:1,DST:Ae._DST_scalar},i);return Ct(s,1,a)[0][0]}}}});var co=le(se=>{"use strict";Object.defineProperty(se,"__esModule",{value:!0});se.encodeToCurve=se.hashToCurve=se.secp256k1_hasher=se.schnorr=se.secp256k1=void 0;var Pt=wr(),to=Le(),ui=Gr(),no=Fr(),be=Je(),ro=yn(),pe=ze(),rt={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},li={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},di=BigInt(0),Qr=BigInt(1),wn=BigInt(2);function hi(e){let t=rt.p,r=BigInt(3),n=BigInt(6),o=BigInt(11),s=BigInt(22),i=BigInt(23),c=BigInt(44),a=BigInt(88),l=e*e*e%t,d=l*l*e%t,h=(0,be.pow2)(d,r,t)*d%t,f=(0,be.pow2)(h,r,t)*d%t,u=(0,be.pow2)(f,wn,t)*l%t,w=(0,be.pow2)(u,o,t)*u%t,g=(0,be.pow2)(w,s,t)*w%t,_=(0,be.pow2)(g,c,t)*g%t,U=(0,be.pow2)(_,a,t)*_%t,P=(0,be.pow2)(U,c,t)*g%t,B=(0,be.pow2)(P,r,t)*d%t,C=(0,be.pow2)(B,i,t)*w%t,K=(0,be.pow2)(C,n,t)*l%t,Q=(0,be.pow2)(K,wn,t);if(!Oe.eql(Oe.sqr(Q),e))throw new Error("Cannot find square root");return Q}var Oe=(0,be.Field)(rt.p,{sqrt:hi});se.secp256k1=(0,ui.createCurve)({...rt,Fp:Oe,lowS:!0,endo:li},Pt.sha256);var Jr={};function Mt(e,...t){let r=Jr[e];if(r===void 0){let n=(0,Pt.sha256)((0,pe.utf8ToBytes)(e));r=(0,pe.concatBytes)(n,n),Jr[e]=r}return(0,Pt.sha256)((0,pe.concatBytes)(r,...t))}var gn=e=>e.toBytes(!0).slice(1),ot=se.secp256k1.Point,pn=e=>e%wn===di;function mn(e){let{Fn:t,BASE:r}=ot,n=(0,ro._normFnElement)(t,e),o=r.multiply(n);return{scalar:pn(o.y)?n:t.neg(n),bytes:gn(o)}}function oo(e){let t=Oe;if(!t.isValidNot0(e))throw new Error("invalid x: Fail if x \u2265 p");let r=t.create(e*e),n=t.create(r*e+BigInt(7)),o=t.sqrt(n);pn(o)||(o=t.neg(o));let s=ot.fromAffine({x:e,y:o});return s.assertValidity(),s}var wt=pe.bytesToNumberBE;function so(...e){return ot.Fn.create(wt(Mt("BIP0340/challenge",...e)))}function eo(e){return mn(e).bytes}function bi(e,t,r=(0,to.randomBytes)(32)){let{Fn:n}=ot,o=(0,pe.ensureBytes)("message",e),{bytes:s,scalar:i}=mn(t),c=(0,pe.ensureBytes)("auxRand",r,32),a=n.toBytes(i^wt(Mt("BIP0340/aux",c))),l=Mt("BIP0340/nonce",a,s,o),{bytes:d,scalar:h}=mn(l),f=so(d,s,o),u=new Uint8Array(64);if(u.set(d,0),u.set(n.toBytes(n.create(h+f*i)),32),!io(u,o,s))throw new Error("sign: Invalid signature produced");return u}function io(e,t,r){let{Fn:n,BASE:o}=ot,s=(0,pe.ensureBytes)("signature",e,64),i=(0,pe.ensureBytes)("message",t),c=(0,pe.ensureBytes)("publicKey",r,32);try{let a=oo(wt(c)),l=wt(s.subarray(0,32));if(!(0,pe.inRange)(l,Qr,rt.p))return!1;let d=wt(s.subarray(32,64));if(!(0,pe.inRange)(d,Qr,rt.n))return!1;let h=so(n.toBytes(l),gn(a),i),f=o.multiplyUnsafe(d).add(a.multiplyUnsafe(n.neg(h))),{x:u,y:w}=f.toAffine();return!(f.is0()||!pn(w)||u!==l)}catch{return!1}}se.schnorr=(()=>{let r=(o=(0,to.randomBytes)(48))=>(0,be.mapHashToField)(o,rt.n);se.secp256k1.utils.randomSecretKey;function n(o){let s=r(o);return{secretKey:s,publicKey:eo(s)}}return{keygen:n,getPublicKey:eo,sign:bi,verify:io,Point:ot,utils:{randomSecretKey:r,randomPrivateKey:r,taggedHash:Mt,lift_x:oo,pointToBytes:gn,numberToBytesBE:pe.numberToBytesBE,bytesToNumberBE:pe.bytesToNumberBE,mod:be.mod},lengths:{secretKey:32,publicKey:32,publicKeyHasPrefix:!1,signature:32*2,seed:48}}})();var yi=(0,no.isogenyMap)(Oe,[["0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7","0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581","0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262","0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"],["0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b","0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14","0x0000000000000000000000000000000000000000000000000000000000000001"],["0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c","0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3","0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931","0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"],["0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b","0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573","0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f","0x0000000000000000000000000000000000000000000000000000000000000001"]].map(e=>e.map(t=>BigInt(t)))),wi=(0,ro.mapToCurveSimpleSWU)(Oe,{A:BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),B:BigInt("1771"),Z:Oe.create(BigInt("-11"))});se.secp256k1_hasher=(0,no.createHasher)(se.secp256k1.Point,e=>{let{x:t,y:r}=wi(Oe.create(e[0]));return yi(t,r)},{DST:"secp256k1_XMD:SHA-256_SSWU_RO_",encodeDST:"secp256k1_XMD:SHA-256_SSWU_NU_",p:Oe.ORDER,m:1,k:128,expand:"xmd",hash:Pt.sha256});se.hashToCurve=se.secp256k1_hasher.hashToCurve;se.encodeToCurve=se.secp256k1_hasher.encodeToCurve});var ao=le(E=>{"use strict";Object.defineProperty(E,"__esModule",{value:!0});E.isHash=E.validateObject=E.memoized=E.notImplemented=E.createHmacDrbg=E.bitMask=E.bitSet=E.bitGet=E.bitLen=E.aInRange=E.inRange=E.asciiToBytes=E.copyBytes=E.equalBytes=E.ensureBytes=E.numberToVarBytesBE=E.numberToBytesLE=E.numberToBytesBE=E.bytesToNumberLE=E.bytesToNumberBE=E.hexToNumber=E.numberToHexUnpadded=E.abool=E.utf8ToBytes=E.randomBytes=E.isBytes=E.hexToBytes=E.concatBytes=E.bytesToUtf8=E.bytesToHex=E.anumber=E.abytes=void 0;var D=ze();E.abytes=D.abytes;E.anumber=D.anumber;E.bytesToHex=D.bytesToHex;E.bytesToUtf8=D.bytesToUtf8;E.concatBytes=D.concatBytes;E.hexToBytes=D.hexToBytes;E.isBytes=D.isBytes;E.randomBytes=D.randomBytes;E.utf8ToBytes=D.utf8ToBytes;E.abool=D.abool;E.numberToHexUnpadded=D.numberToHexUnpadded;E.hexToNumber=D.hexToNumber;E.bytesToNumberBE=D.bytesToNumberBE;E.bytesToNumberLE=D.bytesToNumberLE;E.numberToBytesBE=D.numberToBytesBE;E.numberToBytesLE=D.numberToBytesLE;E.numberToVarBytesBE=D.numberToVarBytesBE;E.ensureBytes=D.ensureBytes;E.equalBytes=D.equalBytes;E.copyBytes=D.copyBytes;E.asciiToBytes=D.asciiToBytes;E.inRange=D.inRange;E.aInRange=D.aInRange;E.bitLen=D.bitLen;E.bitGet=D.bitGet;E.bitSet=D.bitSet;E.bitMask=D.bitMask;E.createHmacDrbg=D.createHmacDrbg;E.notImplemented=D.notImplemented;E.memoized=D.memoized;E.validateObject=D.validateObject;E.isHash=D.isHash});var go=le(F=>{"use strict";var ie=co(),mi=Je(),gi=ao();function uo(e){var t=Object.create(null);return e&&Object.keys(e).forEach(function(r){if(r!=="default"){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}}),t.default=e,Object.freeze(t)}var lo=uo(mi),Ce=uo(gi),Bn=ie.secp256k1.ProjectivePoint,Me="Expected Private",De="Expected Point",xt="Expected Tweak",pi="Expected Hash",mt="Expected Signature",En="Expected Extra Data (32 bytes)",Bt="Expected Scalar",xi="Bad Recovery Id",Bi=32,Ei=32,xn=new Uint8Array([255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254,186,174,220,230,175,72,160,59,191,210,94,140,208,54,65,65]),_i=32,Si=new Uint8Array(32),vi=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,69,81,35,25,80,183,95,196,64,45,161,114,47,201,186,238]),Ai=BigInt(1);function Hi(e){return e instanceof Uint8Array}function gt(e,t){for(let r=0;r<32;++r)if(e[r]!==t[r])return e[r]<t[r]?-1:1;return 0}function fo(e){return gt(e,Si)===0}function Et(e){return!(!(e instanceof Uint8Array)||e.length!==Ei||gt(e,xn)>=0)}function _n(e){return e instanceof Uint8Array&&e.length===64&&gt(e.subarray(0,32),xn)<0&&gt(e.subarray(32,64),xn)<0}function Ii(e){return Hi(e)&&e.length===64&&gt(e.subarray(0,32),vi)<0}function Ti(e){return!(fo(e.subarray(0,32))||fo(e.subarray(32,64)))}function st(e){return e instanceof Uint8Array&&e.length===Bi}function Sn(e){return e===void 0||e instanceof Uint8Array&&e.length===_i}function vn(e){let t;if(typeof e=="bigint")t=e;else if(typeof e=="number"&&Number.isSafeInteger(e)&&e>=0)t=BigInt(e);else if(typeof e=="string"){if(e.length!==64)throw new Error("Expected 32 bytes of private scalar");t=Ce.hexToNumber(e)}else if(e instanceof Uint8Array){if(e.length!==32)throw new Error("Expected 32 bytes of private scalar");t=Ce.bytesToNumberBE(e)}else throw new TypeError("Expected valid private scalar");if(t<0)throw new Error("Expected private scalar >= 0");return t}function An(e){return ie.secp256k1.utils.normPrivateKeyToScalar(e)}function Oi(e,t){let r=An(e),n=vn(t),o=Ce.numberToBytesBE(lo.mod(r+n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ui(e,t){let r=An(e),n=vn(t),o=Ce.numberToBytesBE(lo.mod(r-n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Li(e){let t=An(e),r=Ce.numberToBytesBE(ie.secp256k1.CURVE.n-t,32);return ie.secp256k1.utils.isValidPrivateKey(r)?r:null}function ho(e,t,r){let n=pt(e),o=vn(t),s=Bn.BASE.multiplyAndAddUnsafe(n,o,Ai);if(!s)throw new Error("Tweaked point at infinity");return s.toRawBytes(r)}function Ri(e,t,r){let n=pt(e),o=typeof t=="string"?t:Ce.bytesToHex(t),s=Ce.hexToNumber(o);return n.multiply(s).toRawBytes(r)}function it(e,t){return e===void 0?t!==void 0?yo(t):!0:!!e}function Ye(e){try{return e()}catch{return null}}function bo(e){return ie.schnorr.utils.lift_x(Ce.bytesToNumberBE(e))}function pt(e){return e.length===32?bo(e):Bn.fromHex(e)}function Hn(e,t){if(e.length===32!==t)return!1;try{return t?!!bo(e):!!Bn.fromHex(e)}catch{return!1}}function Pe(e){return Hn(e,!1)}function yo(e){return Hn(e,!1)&&e.length===33}function Ue(e){return ie.secp256k1.utils.isValidPrivateKey(e)}function Dt(e){return Hn(e,!0)}function qi(e,t){if(!Dt(e))throw new Error(De);if(!Et(t))throw new Error(xt);return Ye(()=>{let r=ho(e,t,!0);return{parity:r[0]%2===1?1:0,xOnlyPubkey:r.slice(1)}})}function wo(e){if(!Pe(e))throw new Error(De);return e.slice(1,33)}function mo(e,t){if(!Ue(e))throw new Error(Me);return Ye(()=>ie.secp256k1.getPublicKey(e,it(t)))}function Vi(e){if(!Ue(e))throw new Error(Me);return wo(mo(e))}function Ni(e,t){if(!Pe(e))throw new Error(De);return pt(e).toRawBytes(it(t,e))}function ki(e,t,r){if(!Pe(e))throw new Error(De);if(!Et(t))throw new Error(xt);return Ye(()=>Ri(e,t,it(r,e)))}function Ci(e,t,r){if(!Pe(e)||!Pe(t))throw new Error(De);return Ye(()=>{let n=pt(e),o=pt(t);return n.equals(o.negate())?null:n.add(o).toRawBytes(it(r,e))})}function Pi(e,t,r){if(!Pe(e))throw new Error(De);if(!Et(t))throw new Error(xt);return Ye(()=>ho(e,t,it(r,e)))}function Mi(e,t){if(!Ue(e))throw new Error(Me);if(!Et(t))throw new Error(xt);return Ye(()=>Oi(e,t))}function Di(e,t){if(!Ue(e))throw new Error(Me);if(!Et(t))throw new Error(xt);return Ye(()=>Ui(e,t))}function ji(e){if(!Ue(e))throw new Error(Me);return Li(e)}function Ki(e,t,r){if(!Ue(t))throw new Error(Me);if(!st(e))throw new Error(Bt);if(!Sn(r))throw new Error(En);return ie.secp256k1.sign(e,t,{extraEntropy:r}).toCompactRawBytes()}function Zi(e,t,r){if(!Ue(t))throw new Error(Me);if(!st(e))throw new Error(Bt);if(!Sn(r))throw new Error(En);let n=ie.secp256k1.sign(e,t,{extraEntropy:r});return{signature:n.toCompactRawBytes(),recoveryId:n.recovery}}function zi(e,t,r){if(!Ue(t))throw new Error(Me);if(!st(e))throw new Error(Bt);if(!Sn(r))throw new Error(En);return ie.schnorr.sign(e,t,r)}function Gi(e,t,r,n){if(!st(e))throw new Error(pi);if(!_n(t)||!Ti(t))throw new Error(mt);if(r&2&&!Ii(t))throw new Error(xi);if(!Dt(t.subarray(0,32)))throw new Error(mt);let s=ie.secp256k1.Signature.fromCompact(t).addRecoveryBit(r).recoverPublicKey(e);if(!s)throw new Error(mt);return s.toRawBytes(it(n))}function Wi(e,t,r,n){if(!Pe(t))throw new Error(De);if(!_n(r))throw new Error(mt);if(!st(e))throw new Error(Bt);return ie.secp256k1.verify(r,e,t,{lowS:n})}function Yi(e,t,r){if(!Dt(t))throw new Error(De);if(!_n(r))throw new Error(mt);if(!st(e))throw new Error(Bt);return ie.schnorr.verify(r,e,t)}F.isPoint=Pe;F.isPointCompressed=yo;F.isPrivate=Ue;F.isXOnlyPoint=Dt;F.pointAdd=Ci;F.pointAddScalar=Pi;F.pointCompress=Ni;F.pointFromScalar=mo;F.pointMultiply=ki;F.privateAdd=Mi;F.privateNegate=ji;F.privateSub=Di;F.recover=Gi;F.sign=Ki;F.signRecoverable=Zi;F.signSchnorr=zi;F.verify=Wi;F.verifySchnorr=Yi;F.xOnlyPointAddTweak=qi;F.xOnlyPointFromPoint=wo;F.xOnlyPointFromScalar=Vi});var Ji={};Oo(Ji,{base58Decode:()=>On,buildDepinMessage:()=>So,bytesToHex:()=>Xe,doubleSha256:()=>Kt,hash160:()=>Rn,hexToBytes:()=>at,isWIF:()=>Ln,sha256:()=>$e,wifToHex:()=>Un});var ft=Uo(go());function Tn(e){if(e<0)throw new Error("CompactSize cannot be negative");if(e<253)return new Uint8Array([e]);if(e<=65535){let t=new Uint8Array(3);return t[0]=253,t[1]=e&255,t[2]=e>>8&255,t}else if(e<=4294967295){let t=new Uint8Array(5);return t[0]=254,t[1]=e&255,t[2]=e>>8&255,t[3]=e>>16&255,t[4]=e>>24&255,t}else{let t=new Uint8Array(9);t[0]=255;let r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[1]=r&255,t[2]=r>>8&255,t[3]=r>>16&255,t[4]=r>>24&255,t[5]=n&255,t[6]=n>>8&255,t[7]=n>>16&255,t[8]=n>>24&255,t}}function jt(e){let r=new TextEncoder().encode(e);return Ee(Tn(r.length),r)}function ct(e){return Ee(Tn(e.length),e)}function po(e){let t=new Uint8Array(8),r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[0]=r&255,t[1]=r>>8&255,t[2]=r>>16&255,t[3]=r>>24&255,t[4]=n&255,t[5]=n>>8&255,t[6]=n>>16&255,t[7]=n>>24&255,t}function Ee(...e){let t=e.reduce((o,s)=>o+s.length,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function at(e){if(e.length%2!==0)throw new Error("Hex must have even length");let t=new Uint8Array(e.length/2);for(let r=0;r<e.length;r+=2)t[r/2]=parseInt(e.substr(r,2),16);return t}function Xe(e){return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function xo(e){if(e.length!==64)throw new Error("Raw signature must be 64 bytes");let t=e.slice(0,32),r=e.slice(32,64);function n(c){let a=0;for(;a<c.length-1&&c[a]===0&&!(c[a+1]&128);)a++;let l=c.slice(a),h=(l[0]&128)!==0?Ee(new Uint8Array([0]),l):l;return Ee(new Uint8Array([2,h.length]),h)}let o=n(t),s=n(r),i=o.length+s.length;return Ee(new Uint8Array([48,i]),o,s)}var Xi="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";function On(e){let t=[];for(let r=0;r<e.length;r++){let n=Xi.indexOf(e[r]);if(n===-1)throw new Error("Invalid Base58 character: "+e[r]);let o=n;for(let s=0;s<t.length;s++)o+=t[s]*58,t[s]=o&255,o>>=8;for(;o>0;)t.push(o&255),o>>=8}for(let r=0;r<e.length&&e[r]==="1";r++)t.push(0);return new Uint8Array(t.reverse())}async function Un(e){let t=On(e);if(t.length<37)throw new Error("Invalid WIF: too short");let r=t.slice(0,-4),n=t.slice(-4),o=await Kt(r);for(let i=0;i<4;i++)if(n[i]!==o[i])throw new Error("Invalid WIF: checksum mismatch");let s;if(r.length===34)s=r.slice(1,33);else if(r.length===33)s=r.slice(1,33);else throw new Error("Invalid WIF: unexpected length "+r.length);return Xe(s)}function Ln(e){return/^[5KLcT][1-9A-HJ-NP-Za-km-z]{50,51}$/.test(e)}async function $e(e){let t=await crypto.subtle.digest("SHA-256",e);return new Uint8Array(t)}async function Kt(e){let t=await $e(e);return $e(t)}function $i(e){let t=1732584193,r=4023233417,n=2562383102,o=271733878,s=3285377520,i=[0,1518500249,1859775393,2400959708,2840853838],c=[1352829926,1548603684,1836072691,2053994217,0],a=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],l=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],d=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],h=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function f(C,K){return(C<<K|C>>>32-K)>>>0}let u=e.length*8,w=(64-(e.length+9)%64)%64,g=new Uint8Array(e.length+1+w+8);g.set(e),g[e.length]=128,new DataView(g.buffer).setUint32(g.length-8,u,!0);let U=g.length/64;for(let C=0;C<U;C++){let K=new Uint32Array(16);for(let x=0;x<16;x++){let v=C*64+x*4;K[x]=g[v]|g[v+1]<<8|g[v+2]<<16|g[v+3]<<24}let Q=t,z=r,j=n,H=o,ye=s,ue=t,q=r,m=n,y=o,b=s;for(let x=0;x<80;x++){let v=Math.floor(x/16),I,S;v===0?(I=z^j^H,S=q^(m|~y)):v===1?(I=z&j|~z&H,S=q&y|m&~y):v===2?(I=(z|~j)^H,S=(q|~m)^y):v===3?(I=z&H|j&~H,S=q&m|~q&y):(I=z^(j|~H),S=q^m^y);let R=f(Q+I+K[a[x]]+i[v]>>>0,d[x])+ye>>>0;Q=ye,ye=H,H=f(j,10),j=z,z=R;let N=f(ue+S+K[l[x]]+c[v]>>>0,h[x])+b>>>0;ue=b,b=y,y=f(m,10),m=q,q=N}let p=r+j+y>>>0;r=n+H+b>>>0,n=o+ye+ue>>>0,o=s+Q+q>>>0,s=t+z+m>>>0,t=p}let P=new Uint8Array(20),B=new DataView(P.buffer);return B.setUint32(0,t,!0),B.setUint32(4,r,!0),B.setUint32(8,n,!0),B.setUint32(12,o,!0),B.setUint32(16,s,!0),P}async function Rn(e){let t=await $e(e);return $i(t)}async function Bo(e,t){let r=new Uint8Array(t),n=0,o=1;for(;n<t;){let s=new Uint8Array(4);s[0]=o>>24&255,s[1]=o>>16&255,s[2]=o>>8&255,s[3]=o&255;let i=Ee(e,s),c=await $e(i),a=t-n,l=Math.min(a,32);r.set(c.slice(0,l),n),n+=l,o++}return r}function In(e){let t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function Eo(e,t,r){let n=await crypto.subtle.importKey("raw",t,{name:"AES-CBC"},!1,["encrypt"]),o=await crypto.subtle.encrypt({name:"AES-CBC",iv:r},n,e);return new Uint8Array(o)}async function _o(e,t){let r=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),n=await crypto.subtle.sign("HMAC",r,t);return new Uint8Array(n)}async function Fi(e,t){let r=In(32),n=ft.pointFromScalar(r,!0);if(!(n instanceof Uint8Array)||n.length!==33)throw new Error("Failed to generate ephemeral public key");let o=await Bo(r,32),s=In(16),i=await Eo(e,o,s),c=await _o(o,i),a=Ee(s,i,c),l=new Map;for(let d of t){if(!(d instanceof Uint8Array)||d.length!==33)throw new Error("Recipient pubkey must be 33 bytes compressed");let h=ft.pointMultiply(d,r,!0),f=await $e(h),u=await Bo(f,32),w=In(16),g=await Eo(o,u,w),_=await _o(u,g),U=Ee(w,g,_),P=await Rn(d),B=Xe(P);l.set(B,U)}return{ephemeralPubKey:n,encryptedPayload:a,recipientKeys:l}}function Qi(e){let t=[];t.push(ct(e.ephemeralPubKey)),t.push(ct(e.encryptedPayload));let r=Array.from(e.recipientKeys.entries()).map(([n,o])=>{let s=at(n);if(s.length!==20)throw new Error("recipient key hash160 must be 20 bytes");return{keyBytes:s,recipientPackage:o}});r.sort((n,o)=>{for(let s=0;s<20;s++)if(n.keyBytes[s]!==o.keyBytes[s])return n.keyBytes[s]-o.keyBytes[s];return 0}),t.push(Tn(r.length));for(let{keyBytes:n,recipientPackage:o}of r)t.push(n),t.push(ct(o));return Ee(...t)}async function So(e){if(!e.token)throw new Error("Token is required");if(!e.senderAddress)throw new Error("Sender address is required");if(!e.senderPubKey||e.senderPubKey.length!==66)throw new Error("Sender public key must be 66 hex characters");let t=e.privateKey;if(!t)throw new Error("Private key is required");if(Ln(t)&&(console.log("Detected WIF format, converting to hex..."),t=await Un(t),console.log("Private key converted successfully")),t.length!==64)throw new Error("Private key must be 64 hex characters (or WIF format)");if(!e.message)throw new Error("Message is required");if(!e.recipientPubKeys||e.recipientPubKeys.length===0)throw new Error("At least one recipient is required");if(!e.timestamp||e.timestamp<=0)throw new Error("Timestamp must be positive");let r=at(t),n=at(e.senderPubKey),o=e.recipientPubKeys.map(_=>{if(_.length!==66)throw new Error("Recipient pubkey must be 66 hex chars");return at(_)}),s=e.senderPubKey.toLowerCase();e.recipientPubKeys.some(_=>_.toLowerCase()===s)||o.push(n);let c=new TextEncoder().encode(e.message),a=await Fi(c,o),l=Qi(a),d=Ee(jt(e.token),jt(e.senderAddress),po(e.timestamp),ct(l)),h=await Kt(d),f=Xe(h.slice().reverse()),u=ft.sign(h,r),w;if(u instanceof Uint8Array)u.length===64?w=xo(u):w=u;else if(typeof u=="object"&&u.toDER)w=u.toDER();else if(typeof u=="object"&&u.signature)u.signature.length===64?w=xo(u.signature):w=u.signature;else throw new Error("Unknown signature format from secp256k1.sign()");let g=Ee(jt(e.token),jt(e.senderAddress),po(e.timestamp),ct(w),ct(l));return{hex:Xe(g),messageHash:f,messageHashBytes:Xe(h),encryptedSize:l.length,recipientCount:o.length}}typeof globalThis<"u"&&(globalThis.neuraiDepinMsg={buildDepinMessage:So,wifToHex:Un,isWIF:Ln,utils:{hexToBytes:at,bytesToHex:Xe,sha256:$e,doubleSha256:Kt,hash160:Rn,base58Decode:On}});return Lo(Ji);})();
+var neuraiDepinMsg=(()=>{var To=Object.create;var vt=Object.defineProperty;var Uo=Object.getOwnPropertyDescriptor;var Oo=Object.getOwnPropertyNames;var Lo=Object.getPrototypeOf,Ro=Object.prototype.hasOwnProperty;var le=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),qo=(e,t)=>{for(var r in t)vt(e,r,{get:t[r],enumerable:!0})},kn=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Oo(t))!Ro.call(e,o)&&o!==r&&vt(e,o,{get:()=>t[o],enumerable:!(n=Uo(t,o))||n.enumerable});return e};var Co=(e,t,r)=>(r=e!=null?To(Lo(e)):{},kn(t||!e||!e.__esModule?vt(r,"default",{value:e,enumerable:!0}):r,e)),Vo=e=>kn(vt({},"__esModule",{value:!0}),e);var Pn=le(St=>{"use strict";Object.defineProperty(St,"__esModule",{value:!0});St.crypto=void 0;St.crypto=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0});var qe=le(O=>{"use strict";Object.defineProperty(O,"__esModule",{value:!0});O.wrapXOFConstructorWithOpts=O.wrapConstructorWithOpts=O.wrapConstructor=O.Hash=O.nextTick=O.swap32IfBE=O.byteSwapIfBE=O.swap8IfBE=O.isLE=void 0;O.isBytes=Kn;O.anumber=Wt;O.abytes=et;O.ahash=No;O.aexists=ko;O.aoutput=Po;O.u8=Mo;O.u32=Ko;O.clean=Do;O.createView=jo;O.rotr=Zo;O.rotl=zo;O.byteSwap=Yt;O.byteSwap32=Dn;O.bytesToHex=Wo;O.hexToBytes=Xo;O.asyncLoop=$o;O.utf8ToBytes=$t;O.bytesToUtf8=Fo;O.toBytes=At;O.kdfInputToBytes=Qo;O.concatBytes=Jo;O.checkOpts=es;O.createHasher=Zn;O.createOptHasher=zn;O.createXOFer=Gn;O.randomBytes=ts;var Je=Pn();function Kn(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Wt(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function et(e,...t){if(!Kn(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function No(e){if(typeof e!="function"||typeof e.create!="function")throw new Error("Hash should be wrapped by utils.createHasher");Wt(e.outputLen),Wt(e.blockLen)}function ko(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Po(e,t){et(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Mo(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function Ko(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Do(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function jo(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Zo(e,t){return e<<32-t|e>>>t}function zo(e,t){return e<<t|e>>>32-t>>>0}O.isLE=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;function Yt(e){return e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255}O.swap8IfBE=O.isLE?e=>e:e=>Yt(e);O.byteSwapIfBE=O.swap8IfBE;function Dn(e){for(let t=0;t<e.length;t++)e[t]=Yt(e[t]);return e}O.swap32IfBE=O.isLE?e=>e:Dn;var jn=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",Go=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function Wo(e){if(et(e),jn)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=Go[e[r]];return t}var Ie={_0:48,_9:57,A:65,F:70,a:97,f:102};function Mn(e){if(e>=Ie._0&&e<=Ie._9)return e-Ie._0;if(e>=Ie.A&&e<=Ie.F)return e-(Ie.A-10);if(e>=Ie.a&&e<=Ie.f)return e-(Ie.a-10)}function Xo(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(jn)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Mn(e.charCodeAt(s)),c=Mn(e.charCodeAt(s+1));if(i===void 0||c===void 0){let a=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+a+'" at index '+s)}n[o]=i*16+c}return n}var Yo=async()=>{};O.nextTick=Yo;async function $o(e,t,r){let n=Date.now();for(let o=0;o<e;o++){r(o);let s=Date.now()-n;s>=0&&s<t||(await(0,O.nextTick)(),n+=s)}}function $t(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function Fo(e){return new TextDecoder().decode(e)}function At(e){return typeof e=="string"&&(e=$t(e)),et(e),e}function Qo(e){return typeof e=="string"&&(e=$t(e)),et(e),e}function Jo(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];et(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}function es(e,t){if(t!==void 0&&{}.toString.call(t)!=="[object Object]")throw new Error("options should be object or undefined");return Object.assign(e,t)}var Xt=class{};O.Hash=Xt;function Zn(e){let t=n=>e().update(At(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function zn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}function Gn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}O.wrapConstructor=Zn;O.wrapConstructorWithOpts=zn;O.wrapXOFConstructorWithOpts=Gn;function ts(e=32){if(Je.crypto&&typeof Je.crypto.getRandomValues=="function")return Je.crypto.getRandomValues(new Uint8Array(e));if(Je.crypto&&typeof Je.crypto.randomBytes=="function")return Uint8Array.from(Je.crypto.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}});var Xn=le(de=>{"use strict";Object.defineProperty(de,"__esModule",{value:!0});de.SHA512_IV=de.SHA384_IV=de.SHA224_IV=de.SHA256_IV=de.HashMD=void 0;de.setBigUint64=Wn;de.Chi=ns;de.Maj=rs;var _e=qe();function Wn(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),c=Number(r&s),a=n?4:0,l=n?0:4;e.setUint32(t+a,i,n),e.setUint32(t+l,c,n)}function ns(e,t,r){return e&t^~e&r}function rs(e,t,r){return e&t^e&r^t&r}var Ft=class extends _e.Hash{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=(0,_e.createView)(this.buffer)}update(t){(0,_e.aexists)(this),t=(0,_e.toBytes)(t),(0,_e.abytes)(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let c=Math.min(o-this.pos,s-i);if(c===o){let a=(0,_e.createView)(t);for(;o<=s-i;i+=o)this.process(a,i);continue}n.set(t.subarray(i,i+c),this.pos),this.pos+=c,i+=c,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){(0,_e.aexists)(this),(0,_e.aoutput)(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,(0,_e.clean)(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let h=i;h<o;h++)r[h]=0;Wn(n,o-8,BigInt(this.length*8),s),this.process(n,0);let c=(0,_e.createView)(t),a=this.outputLen;if(a%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let l=a/4,d=this.get();if(l>d.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<l;h++)c.setUint32(4*h,d[h],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:c}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=c,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}};de.HashMD=Ft;de.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);de.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);de.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]);de.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])});var wr=le(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.toBig=V.shrSL=V.shrSH=V.rotrSL=V.rotrSH=V.rotrBL=V.rotrBH=V.rotr32L=V.rotr32H=V.rotlSL=V.rotlSH=V.rotlBL=V.rotlBH=V.add5L=V.add5H=V.add4L=V.add4H=V.add3L=V.add3H=void 0;V.add=fr;V.fromBig=Jt;V.split=Yn;var Ht=BigInt(2**32-1),Qt=BigInt(32);function Jt(e,t=!1){return t?{h:Number(e&Ht),l:Number(e>>Qt&Ht)}:{h:Number(e>>Qt&Ht)|0,l:Number(e&Ht)|0}}function Yn(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:c}=Jt(e[s],t);[n[s],o[s]]=[i,c]}return[n,o]}var $n=(e,t)=>BigInt(e>>>0)<<Qt|BigInt(t>>>0);V.toBig=$n;var Fn=(e,t,r)=>e>>>r;V.shrSH=Fn;var Qn=(e,t,r)=>e<<32-r|t>>>r;V.shrSL=Qn;var Jn=(e,t,r)=>e>>>r|t<<32-r;V.rotrSH=Jn;var er=(e,t,r)=>e<<32-r|t>>>r;V.rotrSL=er;var tr=(e,t,r)=>e<<64-r|t>>>r-32;V.rotrBH=tr;var nr=(e,t,r)=>e>>>r-32|t<<64-r;V.rotrBL=nr;var rr=(e,t)=>t;V.rotr32H=rr;var or=(e,t)=>e;V.rotr32L=or;var sr=(e,t,r)=>e<<r|t>>>32-r;V.rotlSH=sr;var ir=(e,t,r)=>t<<r|e>>>32-r;V.rotlSL=ir;var cr=(e,t,r)=>t<<r-32|e>>>64-r;V.rotlBH=cr;var ar=(e,t,r)=>e<<r-32|t>>>64-r;V.rotlBL=ar;function fr(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var ur=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0);V.add3L=ur;var lr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0;V.add3H=lr;var dr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0);V.add4L=dr;var hr=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0;V.add4H=hr;var yr=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0);V.add5L=yr;var br=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;V.add5H=br;var os={fromBig:Jt,split:Yn,toBig:$n,shrSH:Fn,shrSL:Qn,rotrSH:Jn,rotrSL:er,rotrBH:tr,rotrBL:nr,rotr32H:rr,rotr32L:or,rotlSH:sr,rotlSL:ir,rotlBH:cr,rotlBL:ar,add:fr,add3L:ur,add3H:lr,add4L:dr,add4H:hr,add5H:br,add5L:yr};V.default=os});var mr=le(z=>{"use strict";Object.defineProperty(z,"__esModule",{value:!0});z.sha512_224=z.sha512_256=z.sha384=z.sha512=z.sha224=z.sha256=z.SHA512_256=z.SHA512_224=z.SHA384=z.SHA512=z.SHA224=z.SHA256=void 0;var U=Xn(),P=wr(),J=qe(),ss=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),Ce=new Uint32Array(64),ut=class extends U.HashMD{constructor(t=32){super(64,t,8,!1),this.A=U.SHA256_IV[0]|0,this.B=U.SHA256_IV[1]|0,this.C=U.SHA256_IV[2]|0,this.D=U.SHA256_IV[3]|0,this.E=U.SHA256_IV[4]|0,this.F=U.SHA256_IV[5]|0,this.G=U.SHA256_IV[6]|0,this.H=U.SHA256_IV[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:c,H:a}=this;return[t,r,n,o,s,i,c,a]}set(t,r,n,o,s,i,c,a){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=c|0,this.H=a|0}process(t,r){for(let h=0;h<16;h++,r+=4)Ce[h]=t.getUint32(r,!1);for(let h=16;h<64;h++){let f=Ce[h-15],u=Ce[h-2],b=(0,J.rotr)(f,7)^(0,J.rotr)(f,18)^f>>>3,m=(0,J.rotr)(u,17)^(0,J.rotr)(u,19)^u>>>10;Ce[h]=m+Ce[h-7]+b+Ce[h-16]|0}let{A:n,B:o,C:s,D:i,E:c,F:a,G:l,H:d}=this;for(let h=0;h<64;h++){let f=(0,J.rotr)(c,6)^(0,J.rotr)(c,11)^(0,J.rotr)(c,25),u=d+f+(0,U.Chi)(c,a,l)+ss[h]+Ce[h]|0,m=((0,J.rotr)(n,2)^(0,J.rotr)(n,13)^(0,J.rotr)(n,22))+(0,U.Maj)(n,o,s)|0;d=l,l=a,a=c,c=i+u|0,i=s,s=o,o=n,n=u+m|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,c=c+this.E|0,a=a+this.F|0,l=l+this.G|0,d=d+this.H|0,this.set(n,o,s,i,c,a,l,d)}roundClean(){(0,J.clean)(Ce)}destroy(){this.set(0,0,0,0,0,0,0,0),(0,J.clean)(this.buffer)}};z.SHA256=ut;var It=class extends ut{constructor(){super(28),this.A=U.SHA224_IV[0]|0,this.B=U.SHA224_IV[1]|0,this.C=U.SHA224_IV[2]|0,this.D=U.SHA224_IV[3]|0,this.E=U.SHA224_IV[4]|0,this.F=U.SHA224_IV[5]|0,this.G=U.SHA224_IV[6]|0,this.H=U.SHA224_IV[7]|0}};z.SHA224=It;var gr=P.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),is=gr[0],cs=gr[1],Ve=new Uint32Array(80),Ne=new Uint32Array(80),Ge=class extends U.HashMD{constructor(t=64){super(128,t,16,!1),this.Ah=U.SHA512_IV[0]|0,this.Al=U.SHA512_IV[1]|0,this.Bh=U.SHA512_IV[2]|0,this.Bl=U.SHA512_IV[3]|0,this.Ch=U.SHA512_IV[4]|0,this.Cl=U.SHA512_IV[5]|0,this.Dh=U.SHA512_IV[6]|0,this.Dl=U.SHA512_IV[7]|0,this.Eh=U.SHA512_IV[8]|0,this.El=U.SHA512_IV[9]|0,this.Fh=U.SHA512_IV[10]|0,this.Fl=U.SHA512_IV[11]|0,this.Gh=U.SHA512_IV[12]|0,this.Gl=U.SHA512_IV[13]|0,this.Hh=U.SHA512_IV[14]|0,this.Hl=U.SHA512_IV[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:c,Dl:a,Eh:l,El:d,Fh:h,Fl:f,Gh:u,Gl:b,Hh:m,Hl:_}=this;return[t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,_]}set(t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,_){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=c|0,this.Dl=a|0,this.Eh=l|0,this.El=d|0,this.Fh=h|0,this.Fl=f|0,this.Gh=u|0,this.Gl=b|0,this.Hh=m|0,this.Hl=_|0}process(t,r){for(let x=0;x<16;x++,r+=4)Ve[x]=t.getUint32(r),Ne[x]=t.getUint32(r+=4);for(let x=16;x<80;x++){let N=Ve[x-15]|0,M=Ne[x-15]|0,Y=P.rotrSH(N,M,1)^P.rotrSH(N,M,8)^P.shrSH(N,M,7),Z=P.rotrSL(N,M,1)^P.rotrSL(N,M,8)^P.shrSL(N,M,7),j=Ve[x-2]|0,H=Ne[x-2]|0,be=P.rotrSH(j,H,19)^P.rotrBH(j,H,61)^P.shrSH(j,H,6),ue=P.rotrSL(j,H,19)^P.rotrBL(j,H,61)^P.shrSL(j,H,6),C=P.add4L(Z,ue,Ne[x-7],Ne[x-16]),g=P.add4H(C,Y,be,Ve[x-7],Ve[x-16]);Ve[x]=g|0,Ne[x]=C|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:c,Cl:a,Dh:l,Dl:d,Eh:h,El:f,Fh:u,Fl:b,Gh:m,Gl:_,Hh:T,Hl:q}=this;for(let x=0;x<80;x++){let N=P.rotrSH(h,f,14)^P.rotrSH(h,f,18)^P.rotrBH(h,f,41),M=P.rotrSL(h,f,14)^P.rotrSL(h,f,18)^P.rotrBL(h,f,41),Y=h&u^~h&m,Z=f&b^~f&_,j=P.add5L(q,M,Z,cs[x],Ne[x]),H=P.add5H(j,T,N,Y,is[x],Ve[x]),be=j|0,ue=P.rotrSH(n,o,28)^P.rotrBH(n,o,34)^P.rotrBH(n,o,39),C=P.rotrSL(n,o,28)^P.rotrBL(n,o,34)^P.rotrBL(n,o,39),g=n&s^n&c^s&c,w=o&i^o&a^i&a;T=m|0,q=_|0,m=u|0,_=b|0,u=h|0,b=f|0,{h,l:f}=P.add(l|0,d|0,H|0,be|0),l=c|0,d=a|0,c=s|0,a=i|0,s=n|0,i=o|0;let y=P.add3L(be,C,w);n=P.add3H(y,H,ue,g),o=y|0}({h:n,l:o}=P.add(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=P.add(this.Bh|0,this.Bl|0,s|0,i|0),{h:c,l:a}=P.add(this.Ch|0,this.Cl|0,c|0,a|0),{h:l,l:d}=P.add(this.Dh|0,this.Dl|0,l|0,d|0),{h,l:f}=P.add(this.Eh|0,this.El|0,h|0,f|0),{h:u,l:b}=P.add(this.Fh|0,this.Fl|0,u|0,b|0),{h:m,l:_}=P.add(this.Gh|0,this.Gl|0,m|0,_|0),{h:T,l:q}=P.add(this.Hh|0,this.Hl|0,T|0,q|0),this.set(n,o,s,i,c,a,l,d,h,f,u,b,m,_,T,q)}roundClean(){(0,J.clean)(Ve,Ne)}destroy(){(0,J.clean)(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};z.SHA512=Ge;var Tt=class extends Ge{constructor(){super(48),this.Ah=U.SHA384_IV[0]|0,this.Al=U.SHA384_IV[1]|0,this.Bh=U.SHA384_IV[2]|0,this.Bl=U.SHA384_IV[3]|0,this.Ch=U.SHA384_IV[4]|0,this.Cl=U.SHA384_IV[5]|0,this.Dh=U.SHA384_IV[6]|0,this.Dl=U.SHA384_IV[7]|0,this.Eh=U.SHA384_IV[8]|0,this.El=U.SHA384_IV[9]|0,this.Fh=U.SHA384_IV[10]|0,this.Fl=U.SHA384_IV[11]|0,this.Gh=U.SHA384_IV[12]|0,this.Gl=U.SHA384_IV[13]|0,this.Hh=U.SHA384_IV[14]|0,this.Hl=U.SHA384_IV[15]|0}};z.SHA384=Tt;var ae=Uint32Array.from([2352822216,424955298,1944164710,2312950998,502970286,855612546,1738396948,1479516111,258812777,2077511080,2011393907,79989058,1067287976,1780299464,286451373,2446758561]),fe=Uint32Array.from([573645204,4230739756,2673172387,3360449730,596883563,1867755857,2520282905,1497426621,2519219938,2827943907,3193839141,1401305490,721525244,746961066,246885852,2177182882]),Ut=class extends Ge{constructor(){super(28),this.Ah=ae[0]|0,this.Al=ae[1]|0,this.Bh=ae[2]|0,this.Bl=ae[3]|0,this.Ch=ae[4]|0,this.Cl=ae[5]|0,this.Dh=ae[6]|0,this.Dl=ae[7]|0,this.Eh=ae[8]|0,this.El=ae[9]|0,this.Fh=ae[10]|0,this.Fl=ae[11]|0,this.Gh=ae[12]|0,this.Gl=ae[13]|0,this.Hh=ae[14]|0,this.Hl=ae[15]|0}};z.SHA512_224=Ut;var Ot=class extends Ge{constructor(){super(32),this.Ah=fe[0]|0,this.Al=fe[1]|0,this.Bh=fe[2]|0,this.Bl=fe[3]|0,this.Ch=fe[4]|0,this.Cl=fe[5]|0,this.Dh=fe[6]|0,this.Dl=fe[7]|0,this.Eh=fe[8]|0,this.El=fe[9]|0,this.Fh=fe[10]|0,this.Fl=fe[11]|0,this.Gh=fe[12]|0,this.Gl=fe[13]|0,this.Hh=fe[14]|0,this.Hl=fe[15]|0}};z.SHA512_256=Ot;z.sha256=(0,J.createHasher)(()=>new ut);z.sha224=(0,J.createHasher)(()=>new It);z.sha512=(0,J.createHasher)(()=>new Ge);z.sha384=(0,J.createHasher)(()=>new Tt);z.sha512_256=(0,J.createHasher)(()=>new Ot);z.sha512_224=(0,J.createHasher)(()=>new Ut)});var pr=le(Xe=>{"use strict";Object.defineProperty(Xe,"__esModule",{value:!0});Xe.hmac=Xe.HMAC=void 0;var We=qe(),lt=class extends We.Hash{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,(0,We.ahash)(t);let n=(0,We.toBytes)(r);if(this.iHash=t.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?t.create().update(n).digest():n);for(let i=0;i<s.length;i++)s[i]^=54;this.iHash.update(s),this.oHash=t.create();for(let i=0;i<s.length;i++)s[i]^=106;this.oHash.update(s),(0,We.clean)(s)}update(t){return(0,We.aexists)(this),this.iHash.update(t),this}digestInto(t){(0,We.aexists)(this),(0,We.abytes)(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));let{oHash:r,iHash:n,finished:o,destroyed:s,blockLen:i,outputLen:c}=this;return t=t,t.finished=o,t.destroyed=s,t.blockLen=i,t.outputLen=c,t.oHash=r._cloneInto(t.oHash),t.iHash=n._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}};Xe.HMAC=lt;var as=(e,t,r)=>new lt(e,t).update(r).digest();Xe.hmac=as;Xe.hmac.create=(e,t)=>new lt(e,t)});var Ye=le(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.notImplemented=L.bitMask=L.utf8ToBytes=L.randomBytes=L.isBytes=L.hexToBytes=L.concatBytes=L.bytesToUtf8=L.bytesToHex=L.anumber=L.abytes=void 0;L.abool=fs;L._abool2=us;L._abytes2=ls;L.numberToHexUnpadded=xr;L.hexToNumber=tn;L.bytesToNumberBE=ds;L.bytesToNumberLE=hs;L.numberToBytesBE=Er;L.numberToBytesLE=ys;L.numberToVarBytesBE=bs;L.ensureBytes=ws;L.equalBytes=gs;L.copyBytes=ms;L.asciiToBytes=ps;L.inRange=Br;L.aInRange=xs;L.bitLen=Es;L.bitGet=Bs;L.bitSet=_s;L.createHmacDrbg=Ss;L.validateObject=Hs;L.isHash=Is;L._validateObject=Ts;L.memoized=Os;var ve=qe(),Te=qe();Object.defineProperty(L,"abytes",{enumerable:!0,get:function(){return Te.abytes}});Object.defineProperty(L,"anumber",{enumerable:!0,get:function(){return Te.anumber}});Object.defineProperty(L,"bytesToHex",{enumerable:!0,get:function(){return Te.bytesToHex}});Object.defineProperty(L,"bytesToUtf8",{enumerable:!0,get:function(){return Te.bytesToUtf8}});Object.defineProperty(L,"concatBytes",{enumerable:!0,get:function(){return Te.concatBytes}});Object.defineProperty(L,"hexToBytes",{enumerable:!0,get:function(){return Te.hexToBytes}});Object.defineProperty(L,"isBytes",{enumerable:!0,get:function(){return Te.isBytes}});Object.defineProperty(L,"randomBytes",{enumerable:!0,get:function(){return Te.randomBytes}});Object.defineProperty(L,"utf8ToBytes",{enumerable:!0,get:function(){return Te.utf8ToBytes}});var Lt=BigInt(0),dt=BigInt(1);function fs(e,t){if(typeof t!="boolean")throw new Error(e+" boolean expected, got "+t)}function us(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function ls(e,t,r=""){let n=(0,ve.isBytes)(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,c=s?` of length ${t}`:"",a=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+c+", got "+a)}return e}function xr(e){let t=e.toString(16);return t.length&1?"0"+t:t}function tn(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?Lt:BigInt("0x"+e)}function ds(e){return tn((0,ve.bytesToHex)(e))}function hs(e){return(0,ve.abytes)(e),tn((0,ve.bytesToHex)(Uint8Array.from(e).reverse()))}function Er(e,t){return(0,ve.hexToBytes)(e.toString(16).padStart(t*2,"0"))}function ys(e,t){return Er(e,t).reverse()}function bs(e){return(0,ve.hexToBytes)(xr(e))}function ws(e,t,r){let n;if(typeof t=="string")try{n=(0,ve.hexToBytes)(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if((0,ve.isBytes)(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function gs(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function ms(e){return Uint8Array.from(e)}function ps(e){return Uint8Array.from(e,(t,r)=>{let n=t.charCodeAt(0);if(t.length!==1||n>127)throw new Error(`string contains non-ASCII character "${e[r]}" with code ${n} at position ${r}`);return n})}var en=e=>typeof e=="bigint"&&Lt<=e;function Br(e,t,r){return en(e)&&en(t)&&en(r)&&t<=e&&e<r}function xs(e,t,r,n){if(!Br(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function Es(e){let t;for(t=0;e>Lt;e>>=dt,t+=1);return t}function Bs(e,t){return e>>BigInt(t)&dt}function _s(e,t,r){return e|(r?dt:Lt)<<BigInt(t)}var vs=e=>(dt<<BigInt(e))-dt;L.bitMask=vs;function Ss(e,t,r){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof t!="number"||t<2)throw new Error("qByteLen must be a number");if(typeof r!="function")throw new Error("hmacFn must be a function");let n=u=>new Uint8Array(u),o=u=>Uint8Array.of(u),s=n(e),i=n(e),c=0,a=()=>{s.fill(1),i.fill(0),c=0},l=(...u)=>r(i,s,...u),d=(u=n(0))=>{i=l(o(0),u),s=l(),u.length!==0&&(i=l(o(1),u),s=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let u=0,b=[];for(;u<t;){s=l();let m=s.slice();b.push(m),u+=s.length}return(0,ve.concatBytes)(...b)};return(u,b)=>{a(),d(u);let m;for(;!(m=b(h()));)d();return a(),m}}var As={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||(0,ve.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function Hs(e,t,r={}){let n=(o,s,i)=>{let c=As[s];if(typeof c!="function")throw new Error("invalid validator function");let a=e[o];if(!(i&&a===void 0)&&!c(a,e))throw new Error("param "+String(o)+" is invalid. Expected "+s+", got "+a)};for(let[o,s]of Object.entries(t))n(o,s,!1);for(let[o,s]of Object.entries(r))n(o,s,!0);return e}function Is(e){return typeof e=="function"&&Number.isSafeInteger(e.outputLen)}function Ts(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let c=e[o];if(i&&c===void 0)return;let a=typeof c;if(a!==s||c===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${a}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var Us=()=>{throw new Error("not implemented")};L.notImplemented=Us;function Os(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}});var tt=le(X=>{"use strict";Object.defineProperty(X,"__esModule",{value:!0});X.isNegativeLE=void 0;X.mod=ge;X.pow=qs;X.pow2=Cs;X.invert=Rt;X.tonelliShanks=rn;X.FpSqrt=Tr;X.validateField=Ms;X.FpPow=on;X.FpInvertBatch=Ur;X.FpDiv=Ks;X.FpLegendre=qt;X.FpIsSquare=Ds;X.nLength=sn;X.Field=Ct;X.FpSqrtOdd=js;X.FpSqrtEven=Zs;X.hashToPrivateScalar=zs;X.getFieldBytesLength=cn;X.getMinHashLength=Or;X.mapHashToField=Gs;var me=Ye(),he=BigInt(0),ee=BigInt(1),$e=BigInt(2),_r=BigInt(3),vr=BigInt(4),Sr=BigInt(5),Ls=BigInt(7),Ar=BigInt(8),Rs=BigInt(9),Hr=BigInt(16);function ge(e,t){let r=e%t;return r>=he?r:t+r}function qs(e,t,r){return on(Ct(r),e,t)}function Cs(e,t,r){let n=e;for(;t-- >he;)n*=n,n%=r;return n}function Rt(e,t){if(e===he)throw new Error("invert: expected non-zero number");if(t<=he)throw new Error("invert: expected positive modulus, got "+t);let r=ge(e,t),n=t,o=he,s=ee,i=ee,c=he;for(;r!==he;){let l=n/r,d=n%r,h=o-i*l,f=s-c*l;n=r,r=d,o=i,s=c,i=h,c=f}if(n!==ee)throw new Error("invert: does not exist");return ge(o,t)}function nn(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function Ir(e,t){let r=(e.ORDER+ee)/vr,n=e.pow(t,r);return nn(e,n,t),n}function Vs(e,t){let r=(e.ORDER-Sr)/Ar,n=e.mul(t,$e),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,$e),o),c=e.mul(s,e.sub(i,e.ONE));return nn(e,c,t),c}function Ns(e){let t=Ct(e),r=rn(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+Ls)/Hr;return(c,a)=>{let l=c.pow(a,i),d=c.mul(l,n),h=c.mul(l,o),f=c.mul(l,s),u=c.eql(c.sqr(d),a),b=c.eql(c.sqr(h),a);l=c.cmov(l,d,u),d=c.cmov(f,h,b);let m=c.eql(c.sqr(d),a),_=c.cmov(l,d,m);return nn(c,_,a),_}}function rn(e){if(e<_r)throw new Error("sqrt is not defined for small field");let t=e-ee,r=0;for(;t%$e===he;)t/=$e,r++;let n=$e,o=Ct(e);for(;qt(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return Ir;let s=o.pow(n,t),i=(t+ee)/$e;return function(a,l){if(a.is0(l))return l;if(qt(a,l)!==1)throw new Error("Cannot find square root");let d=r,h=a.mul(a.ONE,s),f=a.pow(l,t),u=a.pow(l,i);for(;!a.eql(f,a.ONE);){if(a.is0(f))return a.ZERO;let b=1,m=a.sqr(f);for(;!a.eql(m,a.ONE);)if(b++,m=a.sqr(m),b===d)throw new Error("Cannot find square root");let _=ee<<BigInt(d-b-1),T=a.pow(h,_);d=b,h=a.sqr(T),f=a.mul(f,h),u=a.mul(u,T)}return u}}function Tr(e){return e%vr===_r?Ir:e%Ar===Sr?Vs:e%Hr===Rs?Ns(e):rn(e)}var ks=(e,t)=>(ge(e,t)&ee)===ee;X.isNegativeLE=ks;var Ps=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function Ms(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=Ps.reduce((n,o)=>(n[o]="function",n),t);return(0,me._validateObject)(e,r),e}function on(e,t,r){if(r<he)throw new Error("invalid exponent, negatives unsupported");if(r===he)return e.ONE;if(r===ee)return t;let n=e.ONE,o=t;for(;r>he;)r&ee&&(n=e.mul(n,o)),o=e.sqr(o),r>>=ee;return n}function Ur(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,c,a)=>e.is0(c)?i:(n[a]=i,e.mul(i,c)),e.ONE),s=e.inv(o);return t.reduceRight((i,c,a)=>e.is0(c)?i:(n[a]=e.mul(i,n[a]),e.mul(i,c)),s),n}function Ks(e,t,r){return e.mul(t,typeof r=="bigint"?Rt(r,e.ORDER):e.inv(r))}function qt(e,t){let r=(e.ORDER-ee)/$e,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Ds(e,t){return qt(e,t)===1}function sn(e,t){t!==void 0&&(0,me.anumber)(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function Ct(e,t,r=!1,n={}){if(e<=he)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,c;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),c=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:a,nByteLength:l}=sn(e,o);if(l>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d,h=Object.freeze({ORDER:e,isLE:r,BITS:a,BYTES:l,MASK:(0,me.bitMask)(a),ZERO:he,ONE:ee,allowedLengths:c,create:f=>ge(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return he<=f&&f<e},is0:f=>f===he,isValidNot0:f=>!h.is0(f)&&h.isValid(f),isOdd:f=>(f&ee)===ee,neg:f=>ge(-f,e),eql:(f,u)=>f===u,sqr:f=>ge(f*f,e),add:(f,u)=>ge(f+u,e),sub:(f,u)=>ge(f-u,e),mul:(f,u)=>ge(f*u,e),pow:(f,u)=>on(h,f,u),div:(f,u)=>ge(f*Rt(u,e),e),sqrN:f=>f*f,addN:(f,u)=>f+u,subN:(f,u)=>f-u,mulN:(f,u)=>f*u,inv:f=>Rt(f,e),sqrt:s||(f=>(d||(d=Tr(e)),d(h,f))),toBytes:f=>r?(0,me.numberToBytesLE)(f,l):(0,me.numberToBytesBE)(f,l),fromBytes:(f,u=!0)=>{if(c){if(!c.includes(f.length)||f.length>l)throw new Error("Field.fromBytes: expected "+c+" bytes, got "+f.length);let m=new Uint8Array(l);m.set(f,r?0:m.length-f.length),f=m}if(f.length!==l)throw new Error("Field.fromBytes: expected "+l+" bytes, got "+f.length);let b=r?(0,me.bytesToNumberLE)(f):(0,me.bytesToNumberBE)(f);if(i&&(b=ge(b,e)),!u&&!h.isValid(b))throw new Error("invalid field element: outside of range 0..ORDER");return b},invertBatch:f=>Ur(h,f),cmov:(f,u,b)=>b?u:f});return Object.freeze(h)}function js(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?r:e.neg(r)}function Zs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?e.neg(r):r}function zs(e,t,r=!1){e=(0,me.ensureBytes)("privateHash",e);let n=e.length,o=sn(t).nByteLength+8;if(o<24||n<o||n>1024)throw new Error("hashToPrivateScalar: expected "+o+"-1024 bytes of input, got "+n);let s=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e);return ge(s,t-ee)+ee}function cn(e){if(typeof e!="bigint")throw new Error("field order must be bigint");let t=e.toString(2).length;return Math.ceil(t/8)}function Or(e){let t=cn(e);return t+Math.ceil(t/2)}function Gs(e,t,r=!1){let n=e.length,o=cn(t),s=Or(t);if(n<16||n<s||n>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+n);let i=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e),c=ge(i,t-ee)+ee;return r?(0,me.numberToBytesLE)(c,o):(0,me.numberToBytesBE)(c,o)}});var kr=le(Ee=>{"use strict";Object.defineProperty(Ee,"__esModule",{value:!0});Ee.wNAF=void 0;Ee.negateCt=ln;Ee.normalizeZ=Ws;Ee.mulEndoUnsafe=Xs;Ee.pippenger=Ys;Ee.precomputeMSMUnsafe=$s;Ee.validateBasic=Fs;Ee._createCurveFields=Qs;var ht=Ye(),yt=tt(),nt=BigInt(0),Fe=BigInt(1);function ln(e,t){let r=t.negate();return e?r:t}function Ws(e,t){let r=(0,yt.FpInvertBatch)(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function hn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function an(e,t){hn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=(0,ht.bitMask)(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Lr(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,c=Number(e&o),a=e>>i;c>n&&(c-=s,a+=Fe);let l=t*n,d=l+Math.abs(c)-1,h=c===0,f=c<0,u=t%2!==0;return{nextN:a,offset:d,isZero:h,isNeg:f,isNegF:u,offsetF:l}}function Cr(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function Vr(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var fn=new WeakMap,Nr=new WeakMap;function un(e){return Nr.get(e)||1}function Rr(e){if(e!==nt)throw new Error("invalid wNAF")}var dn=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>nt;)r&Fe&&(n=n.add(o)),o=o.double(),r>>=Fe;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=an(r,this.bits),s=[],i=t,c=i;for(let a=0;a<n;a++){c=i,s.push(c);for(let l=1;l<o;l++)c=c.add(i),s.push(c);i=c.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=an(t,this.bits);for(let c=0;c<i.windows;c++){let{nextN:a,offset:l,isZero:d,isNeg:h,isNegF:f,offsetF:u}=Lr(n,c,i);n=a,d?s=s.add(ln(f,r[u])):o=o.add(ln(h,r[l]))}return Rr(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=an(t,this.bits);for(let i=0;i<s.windows&&n!==nt;i++){let{nextN:c,offset:a,isZero:l,isNeg:d}=Lr(n,i,s);if(n=c,!l){let h=r[a];o=o.add(d?h.negate():h)}}return Rr(n),o}getPrecomputes(t,r,n){let o=fn.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),fn.set(r,o))),o}cached(t,r,n){let o=un(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=un(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){hn(r,this.bits),Nr.set(t,r),fn.delete(t)}hasCache(t){return un(t)!==1}};Ee.wNAF=dn;function Xs(e,t,r,n){let o=t,s=e.ZERO,i=e.ZERO;for(;r>nt||n>nt;)r&Fe&&(s=s.add(o)),n&Fe&&(i=i.add(o)),o=o.double(),r>>=Fe,n>>=Fe;return{p1:s,p2:i}}function Ys(e,t,r,n){Cr(r,e),Vr(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,c=(0,ht.bitLen)(BigInt(o)),a=1;c>12?a=c-3:c>4?a=c-2:c>0&&(a=2);let l=(0,ht.bitMask)(a),d=new Array(Number(l)+1).fill(i),h=Math.floor((t.BITS-1)/a)*a,f=i;for(let u=h;u>=0;u-=a){d.fill(i);for(let m=0;m<s;m++){let _=n[m],T=Number(_>>BigInt(u)&l);d[T]=d[T].add(r[m])}let b=i;for(let m=d.length-1,_=i;m>0;m--)_=_.add(d[m]),b=b.add(_);if(f=f.add(b),u!==0)for(let m=0;m<a;m++)f=f.double()}return f}function $s(e,t,r,n){hn(n,t.BITS),Cr(r,e);let o=e.ZERO,s=2**n-1,i=Math.ceil(t.BITS/n),c=(0,ht.bitMask)(n),a=r.map(l=>{let d=[];for(let h=0,f=l;h<s;h++)d.push(f),f=f.add(l);return d});return l=>{if(Vr(l,t),l.length>r.length)throw new Error("array of scalars must be smaller than array of points");let d=o;for(let h=0;h<i;h++){if(d!==o)for(let u=0;u<n;u++)d=d.double();let f=BigInt(i*n-(h+1)*n);for(let u=0;u<l.length;u++){let b=l[u],m=Number(b>>f&c);m&&(d=d.add(a[u][m-1]))}}return d}}function Fs(e){return(0,yt.validateField)(e.Fp),(0,ht.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,yt.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}function qr(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,yt.validateField)(t),t}else return(0,yt.Field)(e,{isLE:r})}function Qs(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let a of["p","n","h"]){let l=t[a];if(!(typeof l=="bigint"&&l>nt))throw new Error(`CURVE.${a} must be positive bigint`)}let o=qr(t.p,r.Fp,n),s=qr(t.n,r.Fn,n),c=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let a of c)if(!o.isValid(t[a]))throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}});var mn=le(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.DER=W.DERErr=void 0;W._splitEndoScalar=Mr;W._normFnElement=ke;W.weierstrassN=gn;W.SWUFpSqrtRatio=Dr;W.mapToCurveSimpleSWU=ti;W.ecdh=Zr;W.ecdsa=zr;W.weierstrassPoints=ni;W._legacyHelperEquat=Wr;W.weierstrass=ii;var Js=pr(),ei=qe(),A=Ye(),Ue=kr(),ot=tt(),Pr=(e,t)=>(e+(e>=0?t:-t)/Se)/t;function Mr(e,t,r){let[[n,o],[s,i]]=t,c=Pr(i*e,r),a=Pr(-o*e,r),l=e-c*n-a*s,d=-c*o-a*i,h=l<Be,f=d<Be;h&&(l=-l),f&&(d=-d);let u=(0,A.bitMask)(Math.ceil((0,A.bitLen)(r)/2))+re;if(l<Be||l>=u||d<Be||d>=u)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:h,k1:l,k2neg:f,k2:d}}function bn(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function yn(e,t){let r={};for(let n of Object.keys(t))r[n]=e[n]===void 0?t[n]:e[n];return(0,A._abool2)(r.lowS,"lowS"),(0,A._abool2)(r.prehash,"prehash"),r.format!==void 0&&bn(r.format),r}var Vt=class extends Error{constructor(t=""){super(t)}};W.DERErr=Vt;W.DER={Err:Vt,_tlv:{encode:(e,t)=>{let{Err:r}=W.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length&1)throw new r("tlv.encode: unpadded data");let n=t.length/2,o=(0,A.numberToHexUnpadded)(n);if(o.length/2&128)throw new r("tlv.encode: long form length too big");let s=n>127?(0,A.numberToHexUnpadded)(o.length/2|128):"";return(0,A.numberToHexUnpadded)(e)+s+o+t},decode(e,t){let{Err:r}=W.DER,n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");let o=t[n++],s=!!(o&128),i=0;if(!s)i=o;else{let a=o&127;if(!a)throw new r("tlv.decode(long): indefinite length not supported");if(a>4)throw new r("tlv.decode(long): byte length is too big");let l=t.subarray(n,n+a);if(l.length!==a)throw new r("tlv.decode: length bytes not complete");if(l[0]===0)throw new r("tlv.decode(long): zero leftmost byte");for(let d of l)i=i<<8|d;if(n+=a,i<128)throw new r("tlv.decode(long): not minimal encoding")}let c=t.subarray(n,n+i);if(c.length!==i)throw new r("tlv.decode: wrong value length");return{v:c,l:t.subarray(n+i)}}},_int:{encode(e){let{Err:t}=W.DER;if(e<Be)throw new t("integer: negative integers are not allowed");let r=(0,A.numberToHexUnpadded)(e);if(Number.parseInt(r[0],16)&8&&(r="00"+r),r.length&1)throw new t("unexpected DER parsing assertion: unpadded hex");return r},decode(e){let{Err:t}=W.DER;if(e[0]&128)throw new t("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new t("invalid signature integer: unnecessary leading zero");return(0,A.bytesToNumberBE)(e)}},toSig(e){let{Err:t,_int:r,_tlv:n}=W.DER,o=(0,A.ensureBytes)("signature",e),{v:s,l:i}=n.decode(48,o);if(i.length)throw new t("invalid signature: left bytes after parsing");let{v:c,l:a}=n.decode(2,s),{v:l,l:d}=n.decode(2,a);if(d.length)throw new t("invalid signature: left bytes after parsing");return{r:r.decode(c),s:r.decode(l)}},hexFromSig(e){let{_tlv:t,_int:r}=W.DER,n=t.encode(2,r.encode(e.r)),o=t.encode(2,r.encode(e.s)),s=n+o;return t.encode(48,s)}};var Be=BigInt(0),re=BigInt(1),Se=BigInt(2),rt=BigInt(3),wn=BigInt(4);function ke(e,t){let{BYTES:r}=e,n;if(typeof t=="bigint")n=t;else{let o=(0,A.ensureBytes)("private key",t);try{n=e.fromBytes(o)}catch{throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof t}`)}}if(!e.isValidNot0(n))throw new Error("invalid private key: out of range [1..N-1]");return n}function gn(e,t={}){let r=(0,Ue._createCurveFields)("weierstrass",e,t),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i,n:c}=s;(0,A._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});let{endo:a}=t;if(a&&(!n.is0(s.a)||typeof a.beta!="bigint"||!Array.isArray(a.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');let l=jr(n,o);function d(){if(!n.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}function h(C,g,w){let{x:y,y:p}=g.toAffine(),E=n.toBytes(y);if((0,A._abool2)(w,"isCompressed"),w){d();let S=!n.isOdd(p);return(0,A.concatBytes)(Kr(S),E)}else return(0,A.concatBytes)(Uint8Array.of(4),E,n.toBytes(p))}function f(C){(0,A._abytes2)(C,void 0,"Point");let{publicKey:g,publicKeyUncompressed:w}=l,y=C.length,p=C[0],E=C.subarray(1);if(y===g&&(p===2||p===3)){let S=n.fromBytes(E);if(!n.isValid(S))throw new Error("bad point: is not on curve, wrong x");let I=m(S),v;try{v=n.sqrt(I)}catch(te){let G=te instanceof Error?": "+te.message:"";throw new Error("bad point: is not on curve, sqrt error"+G)}d();let R=n.isOdd(v);return(p&1)===1!==R&&(v=n.neg(v)),{x:S,y:v}}else if(y===w&&p===4){let S=n.BYTES,I=n.fromBytes(E.subarray(0,S)),v=n.fromBytes(E.subarray(S,S*2));if(!_(I,v))throw new Error("bad point: is not on curve");return{x:I,y:v}}else throw new Error(`bad point: got length ${y}, expected compressed=${g} or uncompressed=${w}`)}let u=t.toBytes||h,b=t.fromBytes||f;function m(C){let g=n.sqr(C),w=n.mul(g,C);return n.add(n.add(w,n.mul(C,s.a)),s.b)}function _(C,g){let w=n.sqr(g),y=m(C);return n.eql(w,y)}if(!_(s.Gx,s.Gy))throw new Error("bad curve params: generator point");let T=n.mul(n.pow(s.a,rt),wn),q=n.mul(n.sqr(s.b),BigInt(27));if(n.is0(n.add(T,q)))throw new Error("bad curve params: a or b");function x(C,g,w=!1){if(!n.isValid(g)||w&&n.is0(g))throw new Error(`bad point coordinate ${C}`);return g}function N(C){if(!(C instanceof H))throw new Error("ProjectivePoint expected")}function M(C){if(!a||!a.basises)throw new Error("no endo");return Mr(C,a.basises,o.ORDER)}let Y=(0,A.memoized)((C,g)=>{let{X:w,Y:y,Z:p}=C;if(n.eql(p,n.ONE))return{x:w,y};let E=C.is0();g==null&&(g=E?n.ONE:n.inv(p));let S=n.mul(w,g),I=n.mul(y,g),v=n.mul(p,g);if(E)return{x:n.ZERO,y:n.ZERO};if(!n.eql(v,n.ONE))throw new Error("invZ was invalid");return{x:S,y:I}}),Z=(0,A.memoized)(C=>{if(C.is0()){if(t.allowInfinityPoint&&!n.is0(C.Y))return;throw new Error("bad point: ZERO")}let{x:g,y:w}=C.toAffine();if(!n.isValid(g)||!n.isValid(w))throw new Error("bad point: x or y not field elements");if(!_(g,w))throw new Error("bad point: equation left != right");if(!C.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function j(C,g,w,y,p){return w=new H(n.mul(w.X,C),w.Y,w.Z),g=(0,Ue.negateCt)(y,g),w=(0,Ue.negateCt)(p,w),g.add(w)}class H{constructor(g,w,y){this.X=x("x",g),this.Y=x("y",w,!0),this.Z=x("z",y),Object.freeze(this)}static CURVE(){return s}static fromAffine(g){let{x:w,y}=g||{};if(!g||!n.isValid(w)||!n.isValid(y))throw new Error("invalid affine point");if(g instanceof H)throw new Error("projective point not allowed");return n.is0(w)&&n.is0(y)?H.ZERO:new H(w,y,n.ONE)}static fromBytes(g){let w=H.fromAffine(b((0,A._abytes2)(g,void 0,"point")));return w.assertValidity(),w}static fromHex(g){return H.fromBytes((0,A.ensureBytes)("pointHex",g))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(g=8,w=!0){return ue.createCache(this,g),w||this.multiply(rt),this}assertValidity(){Z(this)}hasEvenY(){let{y:g}=this.toAffine();if(!n.isOdd)throw new Error("Field doesn't support isOdd");return!n.isOdd(g)}equals(g){N(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:S,Z:I}=g,v=n.eql(n.mul(w,I),n.mul(E,p)),R=n.eql(n.mul(y,I),n.mul(S,p));return v&&R}negate(){return new H(this.X,n.neg(this.Y),this.Z)}double(){let{a:g,b:w}=s,y=n.mul(w,rt),{X:p,Y:E,Z:S}=this,I=n.ZERO,v=n.ZERO,R=n.ZERO,k=n.mul(p,p),te=n.mul(E,E),G=n.mul(S,S),K=n.mul(p,E);return K=n.add(K,K),R=n.mul(p,S),R=n.add(R,R),I=n.mul(g,R),v=n.mul(y,G),v=n.add(I,v),I=n.sub(te,v),v=n.add(te,v),v=n.mul(I,v),I=n.mul(K,I),R=n.mul(y,R),G=n.mul(g,G),K=n.sub(k,G),K=n.mul(g,K),K=n.add(K,R),R=n.add(k,k),k=n.add(R,k),k=n.add(k,G),k=n.mul(k,K),v=n.add(v,k),G=n.mul(E,S),G=n.add(G,G),k=n.mul(G,K),I=n.sub(I,k),R=n.mul(G,te),R=n.add(R,R),R=n.add(R,R),new H(I,v,R)}add(g){N(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:S,Z:I}=g,v=n.ZERO,R=n.ZERO,k=n.ZERO,te=s.a,G=n.mul(s.b,rt),K=n.mul(w,E),$=n.mul(y,S),ne=n.mul(p,I),we=n.add(w,y),F=n.add(E,S);we=n.mul(we,F),F=n.add(K,$),we=n.sub(we,F),F=n.add(w,p);let ce=n.add(E,I);return F=n.mul(F,ce),ce=n.add(K,ne),F=n.sub(F,ce),ce=n.add(y,p),v=n.add(S,I),ce=n.mul(ce,v),v=n.add($,ne),ce=n.sub(ce,v),k=n.mul(te,F),v=n.mul(G,ne),k=n.add(v,k),v=n.sub($,k),k=n.add($,k),R=n.mul(v,k),$=n.add(K,K),$=n.add($,K),ne=n.mul(te,ne),F=n.mul(G,F),$=n.add($,ne),ne=n.sub(K,ne),ne=n.mul(te,ne),F=n.add(F,ne),K=n.mul($,F),R=n.add(R,K),K=n.mul(ce,F),v=n.mul(we,v),v=n.sub(v,K),K=n.mul(we,$),k=n.mul(ce,k),k=n.add(k,K),new H(v,R,k)}subtract(g){return this.add(g.negate())}is0(){return this.equals(H.ZERO)}multiply(g){let{endo:w}=t;if(!o.isValidNot0(g))throw new Error("invalid scalar: out of range");let y,p,E=S=>ue.cached(this,S,I=>(0,Ue.normalizeZ)(H,I));if(w){let{k1neg:S,k1:I,k2neg:v,k2:R}=M(g),{p:k,f:te}=E(I),{p:G,f:K}=E(R);p=te.add(K),y=j(w.beta,k,G,S,v)}else{let{p:S,f:I}=E(g);y=S,p=I}return(0,Ue.normalizeZ)(H,[y,p])[0]}multiplyUnsafe(g){let{endo:w}=t,y=this;if(!o.isValid(g))throw new Error("invalid scalar: out of range");if(g===Be||y.is0())return H.ZERO;if(g===re)return y;if(ue.hasCache(this))return this.multiply(g);if(w){let{k1neg:p,k1:E,k2neg:S,k2:I}=M(g),{p1:v,p2:R}=(0,Ue.mulEndoUnsafe)(H,y,E,I);return j(w.beta,v,R,p,S)}else return ue.unsafe(y,g)}multiplyAndAddUnsafe(g,w,y){let p=this.multiplyUnsafe(w).add(g.multiplyUnsafe(y));return p.is0()?void 0:p}toAffine(g){return Y(this,g)}isTorsionFree(){let{isTorsionFree:g}=t;return i===re?!0:g?g(H,this):ue.unsafe(this,c).is0()}clearCofactor(){let{clearCofactor:g}=t;return i===re?this:g?g(H,this):this.multiplyUnsafe(i)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}toBytes(g=!0){return(0,A._abool2)(g,"isCompressed"),this.assertValidity(),u(H,this,g)}toHex(g=!0){return(0,A.bytesToHex)(this.toBytes(g))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(g=!0){return this.toBytes(g)}_setWindowSize(g){this.precompute(g)}static normalizeZ(g){return(0,Ue.normalizeZ)(H,g)}static msm(g,w){return(0,Ue.pippenger)(H,o,g,w)}static fromPrivateKey(g){return H.BASE.multiply(ke(o,g))}}H.BASE=new H(s.Gx,s.Gy,n.ONE),H.ZERO=new H(n.ZERO,n.ONE,n.ZERO),H.Fp=n,H.Fn=o;let be=o.BITS,ue=new Ue.wNAF(H,t.endo?Math.ceil(be/2):be);return H.BASE.precompute(8),H}function Kr(e){return Uint8Array.of(e?2:3)}function Dr(e,t){let r=e.ORDER,n=Be;for(let b=r-re;b%Se===Be;b/=Se)n+=re;let o=n,s=Se<<o-re-re,i=s*Se,c=(r-re)/i,a=(c-re)/Se,l=i-re,d=s,h=e.pow(t,c),f=e.pow(t,(c+re)/Se),u=(b,m)=>{let _=h,T=e.pow(m,l),q=e.sqr(T);q=e.mul(q,m);let x=e.mul(b,q);x=e.pow(x,a),x=e.mul(x,T),T=e.mul(x,m),q=e.mul(x,b);let N=e.mul(q,T);x=e.pow(N,d);let M=e.eql(x,e.ONE);T=e.mul(q,f),x=e.mul(N,_),q=e.cmov(T,q,M),N=e.cmov(x,N,M);for(let Y=o;Y>re;Y--){let Z=Y-Se;Z=Se<<Z-re;let j=e.pow(N,Z),H=e.eql(j,e.ONE);T=e.mul(q,_),_=e.mul(_,_),j=e.mul(N,_),q=e.cmov(T,q,H),N=e.cmov(j,N,H)}return{isValid:M,value:q}};if(e.ORDER%wn===rt){let b=(e.ORDER-rt)/wn,m=e.sqrt(e.neg(t));u=(_,T)=>{let q=e.sqr(T),x=e.mul(_,T);q=e.mul(q,x);let N=e.pow(q,b);N=e.mul(N,x);let M=e.mul(N,m),Y=e.mul(e.sqr(N),T),Z=e.eql(Y,_),j=e.cmov(M,N,Z);return{isValid:Z,value:j}}}return u}function ti(e,t){(0,ot.validateField)(e);let{A:r,B:n,Z:o}=t;if(!e.isValid(r)||!e.isValid(n)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");let s=Dr(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return i=>{let c,a,l,d,h,f,u,b;c=e.sqr(i),c=e.mul(c,o),a=e.sqr(c),a=e.add(a,c),l=e.add(a,e.ONE),l=e.mul(l,n),d=e.cmov(o,e.neg(a),!e.eql(a,e.ZERO)),d=e.mul(d,r),a=e.sqr(l),f=e.sqr(d),h=e.mul(f,r),a=e.add(a,h),a=e.mul(a,l),f=e.mul(f,d),h=e.mul(f,n),a=e.add(a,h),u=e.mul(c,l);let{isValid:m,value:_}=s(a,f);b=e.mul(c,i),b=e.mul(b,_),u=e.cmov(u,l,m),b=e.cmov(b,_,m);let T=e.isOdd(i)===e.isOdd(b);b=e.cmov(e.neg(b),b,T);let q=(0,ot.FpInvertBatch)(e,[d],!0)[0];return u=e.mul(u,q),{x:u,y:b}}}function jr(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function Zr(e,t={}){let{Fn:r}=e,n=t.randomBytes||A.randomBytes,o=Object.assign(jr(e.Fp,r),{seed:(0,ot.getMinHashLength)(r.ORDER)});function s(u){try{return!!ke(r,u)}catch{return!1}}function i(u,b){let{publicKey:m,publicKeyUncompressed:_}=o;try{let T=u.length;return b===!0&&T!==m||b===!1&&T!==_?!1:!!e.fromBytes(u)}catch{return!1}}function c(u=n(o.seed)){return(0,ot.mapHashToField)((0,A._abytes2)(u,o.seed,"seed"),r.ORDER)}function a(u,b=!0){return e.BASE.multiply(ke(r,u)).toBytes(b)}function l(u){let b=c(u);return{secretKey:b,publicKey:a(b)}}function d(u){if(typeof u=="bigint")return!1;if(u instanceof e)return!0;let{secretKey:b,publicKey:m,publicKeyUncompressed:_}=o;if(r.allowedLengths||b===m)return;let T=(0,A.ensureBytes)("key",u).length;return T===m||T===_}function h(u,b,m=!0){if(d(u)===!0)throw new Error("first arg must be private key");if(d(b)===!1)throw new Error("second arg must be public key");let _=ke(r,u);return e.fromHex(b).multiply(_).toBytes(m)}return Object.freeze({getPublicKey:a,getSharedSecret:h,keygen:l,Point:e,utils:{isValidSecretKey:s,isValidPublicKey:i,randomSecretKey:c,isValidPrivateKey:s,randomPrivateKey:c,normPrivateKeyToScalar:u=>ke(r,u),precompute(u=8,b=e.BASE){return b.precompute(u,!1)}},lengths:o})}function zr(e,t,r={}){(0,ei.ahash)(t),(0,A._validateObject)(r,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});let n=r.randomBytes||A.randomBytes,o=r.hmac||((w,...y)=>(0,Js.hmac)(t,w,(0,A.concatBytes)(...y))),{Fp:s,Fn:i}=e,{ORDER:c,BITS:a}=i,{keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u}=Zr(e,r),b={prehash:!1,lowS:typeof r.lowS=="boolean"?r.lowS:!1,format:void 0,extraEntropy:!1},m="compact";function _(w){let y=c>>re;return w>y}function T(w,y){if(!i.isValidNot0(y))throw new Error(`invalid signature ${w}: out of range 1..Point.Fn.ORDER`);return y}function q(w,y){bn(y);let p=u.signature,E=y==="compact"?p:y==="recovered"?p+1:void 0;return(0,A._abytes2)(w,E,`${y} signature`)}class x{constructor(y,p,E){this.r=T("r",y),this.s=T("s",p),E!=null&&(this.recovery=E),Object.freeze(this)}static fromBytes(y,p=m){q(y,p);let E;if(p==="der"){let{r:R,s:k}=W.DER.toSig((0,A._abytes2)(y));return new x(R,k)}p==="recovered"&&(E=y[0],p="compact",y=y.subarray(1));let S=i.BYTES,I=y.subarray(0,S),v=y.subarray(S,S*2);return new x(i.fromBytes(I),i.fromBytes(v),E)}static fromHex(y,p){return this.fromBytes((0,A.hexToBytes)(y),p)}addRecoveryBit(y){return new x(this.r,this.s,y)}recoverPublicKey(y){let p=s.ORDER,{r:E,s:S,recovery:I}=this;if(I==null||![0,1,2,3].includes(I))throw new Error("recovery id invalid");if(c*Se<p&&I>1)throw new Error("recovery id is ambiguous for h>1 curve");let R=I===2||I===3?E+c:E;if(!s.isValid(R))throw new Error("recovery id 2 or 3 invalid");let k=s.toBytes(R),te=e.fromBytes((0,A.concatBytes)(Kr((I&1)===0),k)),G=i.inv(R),K=M((0,A.ensureBytes)("msgHash",y)),$=i.create(-K*G),ne=i.create(S*G),we=e.BASE.multiplyUnsafe($).add(te.multiplyUnsafe(ne));if(we.is0())throw new Error("point at infinify");return we.assertValidity(),we}hasHighS(){return _(this.s)}toBytes(y=m){if(bn(y),y==="der")return(0,A.hexToBytes)(W.DER.hexFromSig(this));let p=i.toBytes(this.r),E=i.toBytes(this.s);if(y==="recovered"){if(this.recovery==null)throw new Error("recovery bit must be present");return(0,A.concatBytes)(Uint8Array.of(this.recovery),p,E)}return(0,A.concatBytes)(p,E)}toHex(y){return(0,A.bytesToHex)(this.toBytes(y))}assertValidity(){}static fromCompact(y){return x.fromBytes((0,A.ensureBytes)("sig",y),"compact")}static fromDER(y){return x.fromBytes((0,A.ensureBytes)("sig",y),"der")}normalizeS(){return this.hasHighS()?new x(this.r,i.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,A.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,A.bytesToHex)(this.toBytes("compact"))}}let N=r.bits2int||function(y){if(y.length>8192)throw new Error("input is too large");let p=(0,A.bytesToNumberBE)(y),E=y.length*8-a;return E>0?p>>BigInt(E):p},M=r.bits2int_modN||function(y){return i.create(N(y))},Y=(0,A.bitMask)(a);function Z(w){return(0,A.aInRange)("num < 2^"+a,w,Be,Y),i.toBytes(w)}function j(w,y){return(0,A._abytes2)(w,void 0,"message"),y?(0,A._abytes2)(t(w),void 0,"prehashed message"):w}function H(w,y,p){if(["recovered","canonical"].some($=>$ in p))throw new Error("sign() legacy options not supported");let{lowS:E,prehash:S,extraEntropy:I}=yn(p,b);w=j(w,S);let v=M(w),R=ke(i,y),k=[Z(R),Z(v)];if(I!=null&&I!==!1){let $=I===!0?n(u.secretKey):I;k.push((0,A.ensureBytes)("extraEntropy",$))}let te=(0,A.concatBytes)(...k),G=v;function K($){let ne=N($);if(!i.isValidNot0(ne))return;let we=i.inv(ne),F=e.BASE.multiply(ne).toAffine(),ce=i.create(F.x);if(ce===Be)return;let _t=i.create(we*i.create(G+ce*R));if(_t===Be)return;let Vn=(F.x===ce?0:2)|Number(F.y&re),Nn=_t;return E&&_(_t)&&(Nn=i.neg(_t),Vn^=1),new x(ce,Nn,Vn)}return{seed:te,k2sig:K}}function be(w,y,p={}){w=(0,A.ensureBytes)("message",w);let{seed:E,k2sig:S}=H(w,y,p);return(0,A.createHmacDrbg)(t.outputLen,i.BYTES,o)(E,S)}function ue(w){let y,p=typeof w=="string"||(0,A.isBytes)(w),E=!p&&w!==null&&typeof w=="object"&&typeof w.r=="bigint"&&typeof w.s=="bigint";if(!p&&!E)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(E)y=new x(w.r,w.s);else if(p){try{y=x.fromBytes((0,A.ensureBytes)("sig",w),"der")}catch(S){if(!(S instanceof W.DER.Err))throw S}if(!y)try{y=x.fromBytes((0,A.ensureBytes)("sig",w),"compact")}catch{return!1}}return y||!1}function C(w,y,p,E={}){let{lowS:S,prehash:I,format:v}=yn(E,b);if(p=(0,A.ensureBytes)("publicKey",p),y=j((0,A.ensureBytes)("message",y),I),"strict"in E)throw new Error("options.strict was renamed to lowS");let R=v===void 0?ue(w):x.fromBytes((0,A.ensureBytes)("sig",w),v);if(R===!1)return!1;try{let k=e.fromBytes(p);if(S&&R.hasHighS())return!1;let{r:te,s:G}=R,K=M(y),$=i.inv(G),ne=i.create(K*$),we=i.create(te*$),F=e.BASE.multiplyUnsafe(ne).add(k.multiplyUnsafe(we));return F.is0()?!1:i.create(F.x)===te}catch{return!1}}function g(w,y,p={}){let{prehash:E}=yn(p,b);return y=j(y,E),x.fromBytes(w,"recovered").recoverPublicKey(y).toBytes()}return Object.freeze({keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u,Point:e,sign:be,verify:C,recoverPublicKey:g,Signature:x,hash:t})}function ni(e){let{CURVE:t,curveOpts:r}=Gr(e),n=gn(t,r);return oi(e,n)}function Gr(e){let t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(i=>Math.ceil(i/2)))):void 0,o=(0,ot.Field)(t.n,{BITS:e.nBitLength,allowedLengths:n,modFromBytes:e.wrapPrivateKey}),s={Fp:r,Fn:o,allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes};return{CURVE:t,curveOpts:s}}function ri(e){let{CURVE:t,curveOpts:r}=Gr(e),n={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:r,hash:e.hash,ecdsaOpts:n}}function Wr(e,t,r){function n(o){let s=e.sqr(o),i=e.mul(s,o);return e.add(e.add(i,e.mul(o,t)),r)}return n}function oi(e,t){let{Fp:r,Fn:n}=t;function o(i){return(0,A.inRange)(i,re,n.ORDER)}let s=Wr(r,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:i=>ke(n,i),weierstrassEquation:s,isWithinCurveOrder:o})}function si(e,t){let r=t.Point;return Object.assign({},t,{ProjectivePoint:r,CURVE:Object.assign({},e,(0,ot.nLength)(r.Fn.ORDER,r.Fn.BITS))})}function ii(e){let{CURVE:t,curveOpts:r,hash:n,ecdsaOpts:o}=ri(e),s=gn(t,r),i=zr(s,n,o);return si(e,i)}});var Xr=le(Nt=>{"use strict";Object.defineProperty(Nt,"__esModule",{value:!0});Nt.getHash=ai;Nt.createCurve=fi;var ci=mn();function ai(e){return{hash:e}}function fi(e,t){let r=n=>(0,ci.weierstrass)({...e,hash:n});return{...r(t),create:r}}});var Jr=le(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae._DST_scalar=void 0;Ae.expand_message_xmd=Fr;Ae.expand_message_xof=Qr;Ae.hash_to_field=kt;Ae.isogenyMap=di;Ae.createHasher=hi;var oe=Ye(),Yr=tt(),ui=oe.bytesToNumberBE;function Pe(e,t){if(bt(e),bt(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);let r=Array.from({length:t}).fill(0);for(let n=t-1;n>=0;n--)r[n]=e&255,e>>>=8;return new Uint8Array(r)}function li(e,t){let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e[n]^t[n];return r}function bt(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function $r(e){if(!(0,oe.isBytes)(e)&&typeof e!="string")throw new Error("DST must be Uint8Array or string");return typeof e=="string"?(0,oe.utf8ToBytes)(e):e}function Fr(e,t,r,n){(0,oe.abytes)(e),bt(r),t=$r(t),t.length>255&&(t=n((0,oe.concatBytes)((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));let{outputLen:o,blockLen:s}=n,i=Math.ceil(r/o);if(r>65535||i>255)throw new Error("expand_message_xmd: invalid lenInBytes");let c=(0,oe.concatBytes)(t,Pe(t.length,1)),a=Pe(0,s),l=Pe(r,2),d=new Array(i),h=n((0,oe.concatBytes)(a,e,l,Pe(0,1),c));d[0]=n((0,oe.concatBytes)(h,Pe(1,1),c));for(let u=1;u<=i;u++){let b=[li(h,d[u-1]),Pe(u+1,1),c];d[u]=n((0,oe.concatBytes)(...b))}return(0,oe.concatBytes)(...d).slice(0,r)}function Qr(e,t,r,n,o){if((0,oe.abytes)(e),bt(r),t=$r(t),t.length>255){let s=Math.ceil(2*n/8);t=o.create({dkLen:s}).update((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(r>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return o.create({dkLen:r}).update(e).update(Pe(r,2)).update(t).update(Pe(t.length,1)).digest()}function kt(e,t,r){(0,oe._validateObject)(r,{p:"bigint",m:"number",k:"number",hash:"function"});let{p:n,k:o,m:s,hash:i,expand:c,DST:a}=r;if(!(0,oe.isHash)(r.hash))throw new Error("expected valid hash");(0,oe.abytes)(e),bt(t);let l=n.toString(2).length,d=Math.ceil((l+o)/8),h=t*s*d,f;if(c==="xmd")f=Fr(e,a,h,i);else if(c==="xof")f=Qr(e,a,h,o,i);else if(c==="_internal_pass")f=e;else throw new Error('expand must be "xmd" or "xof"');let u=new Array(t);for(let b=0;b<t;b++){let m=new Array(s);for(let _=0;_<s;_++){let T=d*(_+b*s),q=f.subarray(T,T+d);m[_]=(0,Yr.mod)(ui(q),n)}u[b]=m}return u}function di(e,t){let r=t.map(n=>Array.from(n).reverse());return(n,o)=>{let[s,i,c,a]=r.map(h=>h.reduce((f,u)=>e.add(e.mul(f,n),u))),[l,d]=(0,Yr.FpInvertBatch)(e,[i,a],!0);return n=e.mul(s,l),o=e.mul(o,e.mul(c,d)),{x:n,y:o}}}Ae._DST_scalar=(0,oe.utf8ToBytes)("HashToScalar-");function hi(e,t,r){if(typeof t!="function")throw new Error("mapToCurve() must be defined");function n(s){return e.fromAffine(t(s))}function o(s){let i=s.clearCofactor();return i.equals(e.ZERO)?e.ZERO:(i.assertValidity(),i)}return{defaults:r,hashToCurve(s,i){let c=Object.assign({},r,i),a=kt(s,2,c),l=n(a[0]),d=n(a[1]);return o(l.add(d))},encodeToCurve(s,i){let c=r.encodeDST?{DST:r.encodeDST}:{},a=Object.assign({},r,c,i),l=kt(s,1,a),d=n(l[0]);return o(d)},mapToCurve(s){if(!Array.isArray(s))throw new Error("expected array of bigints");for(let i of s)if(typeof i!="bigint")throw new Error("expected array of bigints");return o(n(s))},hashToScalar(s,i){let c=e.Fn.ORDER,a=Object.assign({},r,{p:c,m:1,DST:Ae._DST_scalar},i);return kt(s,1,a)[0][0]}}}});var fo=le(se=>{"use strict";Object.defineProperty(se,"__esModule",{value:!0});se.encodeToCurve=se.hashToCurve=se.secp256k1_hasher=se.schnorr=se.secp256k1=void 0;var Pt=mr(),ro=qe(),yi=Xr(),oo=Jr(),ye=tt(),so=mn(),pe=Ye(),st={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},bi={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},wi=BigInt(0),eo=BigInt(1),pn=BigInt(2);function gi(e){let t=st.p,r=BigInt(3),n=BigInt(6),o=BigInt(11),s=BigInt(22),i=BigInt(23),c=BigInt(44),a=BigInt(88),l=e*e*e%t,d=l*l*e%t,h=(0,ye.pow2)(d,r,t)*d%t,f=(0,ye.pow2)(h,r,t)*d%t,u=(0,ye.pow2)(f,pn,t)*l%t,b=(0,ye.pow2)(u,o,t)*u%t,m=(0,ye.pow2)(b,s,t)*b%t,_=(0,ye.pow2)(m,c,t)*m%t,T=(0,ye.pow2)(_,a,t)*_%t,q=(0,ye.pow2)(T,c,t)*m%t,x=(0,ye.pow2)(q,r,t)*d%t,N=(0,ye.pow2)(x,i,t)*b%t,M=(0,ye.pow2)(N,n,t)*l%t,Y=(0,ye.pow2)(M,pn,t);if(!Oe.eql(Oe.sqr(Y),e))throw new Error("Cannot find square root");return Y}var Oe=(0,ye.Field)(st.p,{sqrt:gi});se.secp256k1=(0,yi.createCurve)({...st,Fp:Oe,lowS:!0,endo:bi},Pt.sha256);var to={};function Mt(e,...t){let r=to[e];if(r===void 0){let n=(0,Pt.sha256)((0,pe.utf8ToBytes)(e));r=(0,pe.concatBytes)(n,n),to[e]=r}return(0,Pt.sha256)((0,pe.concatBytes)(r,...t))}var En=e=>e.toBytes(!0).slice(1),it=se.secp256k1.Point,Bn=e=>e%pn===wi;function xn(e){let{Fn:t,BASE:r}=it,n=(0,so._normFnElement)(t,e),o=r.multiply(n);return{scalar:Bn(o.y)?n:t.neg(n),bytes:En(o)}}function io(e){let t=Oe;if(!t.isValidNot0(e))throw new Error("invalid x: Fail if x \u2265 p");let r=t.create(e*e),n=t.create(r*e+BigInt(7)),o=t.sqrt(n);Bn(o)||(o=t.neg(o));let s=it.fromAffine({x:e,y:o});return s.assertValidity(),s}var wt=pe.bytesToNumberBE;function co(...e){return it.Fn.create(wt(Mt("BIP0340/challenge",...e)))}function no(e){return xn(e).bytes}function mi(e,t,r=(0,ro.randomBytes)(32)){let{Fn:n}=it,o=(0,pe.ensureBytes)("message",e),{bytes:s,scalar:i}=xn(t),c=(0,pe.ensureBytes)("auxRand",r,32),a=n.toBytes(i^wt(Mt("BIP0340/aux",c))),l=Mt("BIP0340/nonce",a,s,o),{bytes:d,scalar:h}=xn(l),f=co(d,s,o),u=new Uint8Array(64);if(u.set(d,0),u.set(n.toBytes(n.create(h+f*i)),32),!ao(u,o,s))throw new Error("sign: Invalid signature produced");return u}function ao(e,t,r){let{Fn:n,BASE:o}=it,s=(0,pe.ensureBytes)("signature",e,64),i=(0,pe.ensureBytes)("message",t),c=(0,pe.ensureBytes)("publicKey",r,32);try{let a=io(wt(c)),l=wt(s.subarray(0,32));if(!(0,pe.inRange)(l,eo,st.p))return!1;let d=wt(s.subarray(32,64));if(!(0,pe.inRange)(d,eo,st.n))return!1;let h=co(n.toBytes(l),En(a),i),f=o.multiplyUnsafe(d).add(a.multiplyUnsafe(n.neg(h))),{x:u,y:b}=f.toAffine();return!(f.is0()||!Bn(b)||u!==l)}catch{return!1}}se.schnorr=(()=>{let r=(o=(0,ro.randomBytes)(48))=>(0,ye.mapHashToField)(o,st.n);se.secp256k1.utils.randomSecretKey;function n(o){let s=r(o);return{secretKey:s,publicKey:no(s)}}return{keygen:n,getPublicKey:no,sign:mi,verify:ao,Point:it,utils:{randomSecretKey:r,randomPrivateKey:r,taggedHash:Mt,lift_x:io,pointToBytes:En,numberToBytesBE:pe.numberToBytesBE,bytesToNumberBE:pe.bytesToNumberBE,mod:ye.mod},lengths:{secretKey:32,publicKey:32,publicKeyHasPrefix:!1,signature:32*2,seed:48}}})();var pi=(0,oo.isogenyMap)(Oe,[["0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7","0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581","0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262","0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"],["0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b","0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14","0x0000000000000000000000000000000000000000000000000000000000000001"],["0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c","0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3","0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931","0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"],["0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b","0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573","0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f","0x0000000000000000000000000000000000000000000000000000000000000001"]].map(e=>e.map(t=>BigInt(t)))),xi=(0,so.mapToCurveSimpleSWU)(Oe,{A:BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),B:BigInt("1771"),Z:Oe.create(BigInt("-11"))});se.secp256k1_hasher=(0,oo.createHasher)(se.secp256k1.Point,e=>{let{x:t,y:r}=xi(Oe.create(e[0]));return pi(t,r)},{DST:"secp256k1_XMD:SHA-256_SSWU_RO_",encodeDST:"secp256k1_XMD:SHA-256_SSWU_NU_",p:Oe.ORDER,m:1,k:128,expand:"xmd",hash:Pt.sha256});se.hashToCurve=se.secp256k1_hasher.hashToCurve;se.encodeToCurve=se.secp256k1_hasher.encodeToCurve});var uo=le(B=>{"use strict";Object.defineProperty(B,"__esModule",{value:!0});B.isHash=B.validateObject=B.memoized=B.notImplemented=B.createHmacDrbg=B.bitMask=B.bitSet=B.bitGet=B.bitLen=B.aInRange=B.inRange=B.asciiToBytes=B.copyBytes=B.equalBytes=B.ensureBytes=B.numberToVarBytesBE=B.numberToBytesLE=B.numberToBytesBE=B.bytesToNumberLE=B.bytesToNumberBE=B.hexToNumber=B.numberToHexUnpadded=B.abool=B.utf8ToBytes=B.randomBytes=B.isBytes=B.hexToBytes=B.concatBytes=B.bytesToUtf8=B.bytesToHex=B.anumber=B.abytes=void 0;var D=Ye();B.abytes=D.abytes;B.anumber=D.anumber;B.bytesToHex=D.bytesToHex;B.bytesToUtf8=D.bytesToUtf8;B.concatBytes=D.concatBytes;B.hexToBytes=D.hexToBytes;B.isBytes=D.isBytes;B.randomBytes=D.randomBytes;B.utf8ToBytes=D.utf8ToBytes;B.abool=D.abool;B.numberToHexUnpadded=D.numberToHexUnpadded;B.hexToNumber=D.hexToNumber;B.bytesToNumberBE=D.bytesToNumberBE;B.bytesToNumberLE=D.bytesToNumberLE;B.numberToBytesBE=D.numberToBytesBE;B.numberToBytesLE=D.numberToBytesLE;B.numberToVarBytesBE=D.numberToVarBytesBE;B.ensureBytes=D.ensureBytes;B.equalBytes=D.equalBytes;B.copyBytes=D.copyBytes;B.asciiToBytes=D.asciiToBytes;B.inRange=D.inRange;B.aInRange=D.aInRange;B.bitLen=D.bitLen;B.bitGet=D.bitGet;B.bitSet=D.bitSet;B.bitMask=D.bitMask;B.createHmacDrbg=D.createHmacDrbg;B.notImplemented=D.notImplemented;B.memoized=D.memoized;B.validateObject=D.validateObject;B.isHash=D.isHash});var xo=le(Q=>{"use strict";var ie=fo(),Ei=tt(),Bi=uo();function ho(e){var t=Object.create(null);return e&&Object.keys(e).forEach(function(r){if(r!=="default"){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}}),t.default=e,Object.freeze(t)}var yo=ho(Ei),Me=ho(Bi),vn=ie.secp256k1.ProjectivePoint,De="Expected Private",je="Expected Point",xt="Expected Tweak",_i="Expected Hash",gt="Expected Signature",Sn="Expected Extra Data (32 bytes)",Et="Expected Scalar",vi="Bad Recovery Id",Si=32,Ai=32,_n=new Uint8Array([255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254,186,174,220,230,175,72,160,59,191,210,94,140,208,54,65,65]),Hi=32,Ii=new Uint8Array(32),Ti=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,69,81,35,25,80,183,95,196,64,45,161,114,47,201,186,238]),Ui=BigInt(1);function Oi(e){return e instanceof Uint8Array}function mt(e,t){for(let r=0;r<32;++r)if(e[r]!==t[r])return e[r]<t[r]?-1:1;return 0}function lo(e){return mt(e,Ii)===0}function Bt(e){return!(!(e instanceof Uint8Array)||e.length!==Ai||mt(e,_n)>=0)}function An(e){return e instanceof Uint8Array&&e.length===64&&mt(e.subarray(0,32),_n)<0&&mt(e.subarray(32,64),_n)<0}function Li(e){return Oi(e)&&e.length===64&&mt(e.subarray(0,32),Ti)<0}function Ri(e){return!(lo(e.subarray(0,32))||lo(e.subarray(32,64)))}function ct(e){return e instanceof Uint8Array&&e.length===Si}function Hn(e){return e===void 0||e instanceof Uint8Array&&e.length===Hi}function In(e){let t;if(typeof e=="bigint")t=e;else if(typeof e=="number"&&Number.isSafeInteger(e)&&e>=0)t=BigInt(e);else if(typeof e=="string"){if(e.length!==64)throw new Error("Expected 32 bytes of private scalar");t=Me.hexToNumber(e)}else if(e instanceof Uint8Array){if(e.length!==32)throw new Error("Expected 32 bytes of private scalar");t=Me.bytesToNumberBE(e)}else throw new TypeError("Expected valid private scalar");if(t<0)throw new Error("Expected private scalar >= 0");return t}function Tn(e){return ie.secp256k1.utils.normPrivateKeyToScalar(e)}function qi(e,t){let r=Tn(e),n=In(t),o=Me.numberToBytesBE(yo.mod(r+n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ci(e,t){let r=Tn(e),n=In(t),o=Me.numberToBytesBE(yo.mod(r-n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Vi(e){let t=Tn(e),r=Me.numberToBytesBE(ie.secp256k1.CURVE.n-t,32);return ie.secp256k1.utils.isValidPrivateKey(r)?r:null}function bo(e,t,r){let n=pt(e),o=In(t),s=vn.BASE.multiplyAndAddUnsafe(n,o,Ui);if(!s)throw new Error("Tweaked point at infinity");return s.toRawBytes(r)}function Ni(e,t,r){let n=pt(e),o=typeof t=="string"?t:Me.bytesToHex(t),s=Me.hexToNumber(o);return n.multiply(s).toRawBytes(r)}function at(e,t){return e===void 0?t!==void 0?go(t):!0:!!e}function Qe(e){try{return e()}catch{return null}}function wo(e){return ie.schnorr.utils.lift_x(Me.bytesToNumberBE(e))}function pt(e){return e.length===32?wo(e):vn.fromHex(e)}function Un(e,t){if(e.length===32!==t)return!1;try{return t?!!wo(e):!!vn.fromHex(e)}catch{return!1}}function Ke(e){return Un(e,!1)}function go(e){return Un(e,!1)&&e.length===33}function Le(e){return ie.secp256k1.utils.isValidPrivateKey(e)}function Kt(e){return Un(e,!0)}function ki(e,t){if(!Kt(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>{let r=bo(e,t,!0);return{parity:r[0]%2===1?1:0,xOnlyPubkey:r.slice(1)}})}function mo(e){if(!Ke(e))throw new Error(je);return e.slice(1,33)}function po(e,t){if(!Le(e))throw new Error(De);return Qe(()=>ie.secp256k1.getPublicKey(e,at(t)))}function Pi(e){if(!Le(e))throw new Error(De);return mo(po(e))}function Mi(e,t){if(!Ke(e))throw new Error(je);return pt(e).toRawBytes(at(t,e))}function Ki(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>Ni(e,t,at(r,e)))}function Di(e,t,r){if(!Ke(e)||!Ke(t))throw new Error(je);return Qe(()=>{let n=pt(e),o=pt(t);return n.equals(o.negate())?null:n.add(o).toRawBytes(at(r,e))})}function ji(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>bo(e,t,at(r,e)))}function Zi(e,t){if(!Le(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>qi(e,t))}function zi(e,t){if(!Le(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>Ci(e,t))}function Gi(e){if(!Le(e))throw new Error(De);return Vi(e)}function Wi(e,t,r){if(!Le(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!Hn(r))throw new Error(Sn);return ie.secp256k1.sign(e,t,{extraEntropy:r}).toCompactRawBytes()}function Xi(e,t,r){if(!Le(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!Hn(r))throw new Error(Sn);let n=ie.secp256k1.sign(e,t,{extraEntropy:r});return{signature:n.toCompactRawBytes(),recoveryId:n.recovery}}function Yi(e,t,r){if(!Le(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!Hn(r))throw new Error(Sn);return ie.schnorr.sign(e,t,r)}function $i(e,t,r,n){if(!ct(e))throw new Error(_i);if(!An(t)||!Ri(t))throw new Error(gt);if(r&2&&!Li(t))throw new Error(vi);if(!Kt(t.subarray(0,32)))throw new Error(gt);let s=ie.secp256k1.Signature.fromCompact(t).addRecoveryBit(r).recoverPublicKey(e);if(!s)throw new Error(gt);return s.toRawBytes(at(n))}function Fi(e,t,r,n){if(!Ke(t))throw new Error(je);if(!An(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.secp256k1.verify(r,e,t,{lowS:n})}function Qi(e,t,r){if(!Kt(t))throw new Error(je);if(!An(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.schnorr.verify(r,e,t)}Q.isPoint=Ke;Q.isPointCompressed=go;Q.isPrivate=Le;Q.isXOnlyPoint=Kt;Q.pointAdd=Di;Q.pointAddScalar=ji;Q.pointCompress=Mi;Q.pointFromScalar=po;Q.pointMultiply=Ki;Q.privateAdd=Zi;Q.privateNegate=Gi;Q.privateSub=zi;Q.recover=$i;Q.sign=Wi;Q.signRecoverable=Xi;Q.signSchnorr=Yi;Q.verify=Fi;Q.verifySchnorr=Qi;Q.xOnlyPointAddTweak=ki;Q.xOnlyPointFromPoint=mo;Q.xOnlyPointFromScalar=Pi});var sc={};qo(sc,{base58Decode:()=>Cn,buildDepinMessage:()=>Io,bytesToHex:()=>He,decryptDepinReceiveEncryptedPayload:()=>Ho,doubleSha256:()=>zt,hash160:()=>Gt,hexToBytes:()=>Re,isWIF:()=>Zt,sha256:()=>Ze,wifToHex:()=>jt});var ze=Co(xo());function qn(e){if(e<0)throw new Error("CompactSize cannot be negative");if(e<253)return new Uint8Array([e]);if(e<=65535){let t=new Uint8Array(3);return t[0]=253,t[1]=e&255,t[2]=e>>8&255,t}else if(e<=4294967295){let t=new Uint8Array(5);return t[0]=254,t[1]=e&255,t[2]=e>>8&255,t[3]=e>>16&255,t[4]=e>>24&255,t}else{let t=new Uint8Array(9);t[0]=255;let r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[1]=r&255,t[2]=r>>8&255,t[3]=r>>16&255,t[4]=r>>24&255,t[5]=n&255,t[6]=n>>8&255,t[7]=n>>16&255,t[8]=n>>24&255,t}}function Dt(e){let r=new TextEncoder().encode(e);return xe(qn(r.length),r)}function ft(e){return xe(qn(e.length),e)}function Eo(e){let t=new Uint8Array(8),r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[0]=r&255,t[1]=r>>8&255,t[2]=r>>16&255,t[3]=r>>24&255,t[4]=n&255,t[5]=n>>8&255,t[6]=n>>16&255,t[7]=n>>24&255,t}function xe(...e){let t=e.reduce((o,s)=>o+s.length,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Re(e){if(e.length%2!==0)throw new Error("Hex must have even length");let t=new Uint8Array(e.length/2);for(let r=0;r<e.length;r+=2)t[r/2]=parseInt(e.substr(r,2),16);return t}function He(e){return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function So(e){if(typeof e!="string")return null;let t=e.trim().toLowerCase(),r=t.startsWith("0x")?t.slice(2):t;return r.length===0||!/^[0-9a-f]+$/.test(r)||r.length%2!==0?null:r}function Ao(e,t){if(t>=e.length)throw new Error("CompactSize: out of bounds");let r=e[t];if(r<253)return{value:r,offset:t+1};if(r===253){if(t+3>e.length)throw new Error("CompactSize: truncated uint16");return{value:e[t+1]|e[t+2]<<8,offset:t+3}}if(r===254){if(t+5>e.length)throw new Error("CompactSize: truncated uint32");return{value:(e[t+1]|e[t+2]<<8|e[t+3]<<16|e[t+4]<<24)>>>0,offset:t+5}}if(t+9>e.length)throw new Error("CompactSize: truncated uint64");let n=0n;for(let o=0;o<8;o++)n|=BigInt(e[t+1+o])<<8n*BigInt(o);if(n>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("CompactSize: value too large");return{value:Number(n),offset:t+9}}function On(e,t){let{value:r,offset:n}=Ao(e,t);if(n+r>e.length)throw new Error("Vector: truncated");return{data:e.slice(n,n+r),offset:n+r}}function Ji(e){if(!(e instanceof Uint8Array))throw new Error("deserializeEciesMessage: invalid input");let t=0,r=On(e,t),n=r.data;if(t=r.offset,n.length!==33&&n.length!==65)throw new Error("Invalid ephemeral pubkey length: "+n.length);let o=On(e,t),s=o.data;t=o.offset;let i=Ao(e,t),c=i.value;t=i.offset;let a=new Map;for(let l=0;l<c;l++){if(t+20>e.length)throw new Error("recipientKeys: truncated keyid");let d=e.slice(t,t+20);t+=20;let h=On(e,t);t=h.offset,a.set(He(d),h.data)}return{ephemeralPubKey:n,encryptedPayload:s,recipientKeys:a}}function Bo(e){if(e.length!==64)throw new Error("Raw signature must be 64 bytes");let t=e.slice(0,32),r=e.slice(32,64);function n(c){let a=0;for(;a<c.length-1&&c[a]===0&&!(c[a+1]&128);)a++;let l=c.slice(a),h=(l[0]&128)!==0?xe(new Uint8Array([0]),l):l;return xe(new Uint8Array([2,h.length]),h)}let o=n(t),s=n(r),i=o.length+s.length;return xe(new Uint8Array([48,i]),o,s)}var ec="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";function Cn(e){let t=[];for(let r=0;r<e.length;r++){let n=ec.indexOf(e[r]);if(n===-1)throw new Error("Invalid Base58 character: "+e[r]);let o=n;for(let s=0;s<t.length;s++)o+=t[s]*58,t[s]=o&255,o>>=8;for(;o>0;)t.push(o&255),o>>=8}for(let r=0;r<e.length&&e[r]==="1";r++)t.push(0);return new Uint8Array(t.reverse())}async function jt(e){let t=Cn(e);if(t.length<37)throw new Error("Invalid WIF: too short");let r=t.slice(0,-4),n=t.slice(-4),o=await zt(r);for(let i=0;i<4;i++)if(n[i]!==o[i])throw new Error("Invalid WIF: checksum mismatch");let s;if(r.length===34)s=r.slice(1,33);else if(r.length===33)s=r.slice(1,33);else throw new Error("Invalid WIF: unexpected length "+r.length);return He(s)}function Zt(e){return/^[5KLcT][1-9A-HJ-NP-Za-km-z]{50,51}$/.test(e)}async function Ze(e){let t=await crypto.subtle.digest("SHA-256",e);return new Uint8Array(t)}async function zt(e){let t=await Ze(e);return Ze(t)}function tc(e){let t=1732584193,r=4023233417,n=2562383102,o=271733878,s=3285377520,i=[0,1518500249,1859775393,2400959708,2840853838],c=[1352829926,1548603684,1836072691,2053994217,0],a=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],l=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],d=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],h=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function f(N,M){return(N<<M|N>>>32-M)>>>0}let u=e.length*8,b=(64-(e.length+9)%64)%64,m=new Uint8Array(e.length+1+b+8);m.set(e),m[e.length]=128,new DataView(m.buffer).setUint32(m.length-8,u,!0);let T=m.length/64;for(let N=0;N<T;N++){let M=new Uint32Array(16);for(let E=0;E<16;E++){let S=N*64+E*4;M[E]=m[S]|m[S+1]<<8|m[S+2]<<16|m[S+3]<<24}let Y=t,Z=r,j=n,H=o,be=s,ue=t,C=r,g=n,w=o,y=s;for(let E=0;E<80;E++){let S=Math.floor(E/16),I,v;S===0?(I=Z^j^H,v=C^(g|~w)):S===1?(I=Z&j|~Z&H,v=C&w|g&~w):S===2?(I=(Z|~j)^H,v=(C|~g)^w):S===3?(I=Z&H|j&~H,v=C&g|~C&w):(I=Z^(j|~H),v=C^g^w);let R=f(Y+I+M[a[E]]+i[S]>>>0,d[E])+be>>>0;Y=be,be=H,H=f(j,10),j=Z,Z=R;let k=f(ue+v+M[l[E]]+c[S]>>>0,h[E])+y>>>0;ue=y,y=w,w=f(g,10),g=C,C=k}let p=r+j+w>>>0;r=n+H+y>>>0,n=o+be+ue>>>0,o=s+Y+C>>>0,s=t+Z+g>>>0,t=p}let q=new Uint8Array(20),x=new DataView(q.buffer);return x.setUint32(0,t,!0),x.setUint32(4,r,!0),x.setUint32(8,n,!0),x.setUint32(12,o,!0),x.setUint32(16,s,!0),q}async function Gt(e){let t=await Ze(e);return tc(t)}async function Rn(e,t){let r=new Uint8Array(t),n=0,o=1;for(;n<t;){let s=new Uint8Array(4);s[0]=o>>24&255,s[1]=o>>16&255,s[2]=o>>8&255,s[3]=o&255;let i=xe(e,s),c=await Ze(i),a=t-n,l=Math.min(a,32);r.set(c.slice(0,l),n),n+=l,o++}return r}function Ln(e){let t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function _o(e,t,r){if(t.length!==32)throw new Error("Key must be 32 bytes");if(r.length!==12)throw new Error("Nonce must be 12 bytes");let n=await crypto.subtle.importKey("raw",t,{name:"AES-GCM"},!1,["encrypt"]),o=await crypto.subtle.encrypt({name:"AES-GCM",iv:r,tagLength:128},n,e),s=new Uint8Array(o),i=s.slice(0,-16),c=s.slice(-16);return{ciphertext:i,tag:c}}async function vo(e,t,r,n){if(t.length!==32)throw new Error("Key must be 32 bytes");if(r.length!==12)throw new Error("Nonce must be 12 bytes");if(n.length!==16)throw new Error("Tag must be 16 bytes");let o=await crypto.subtle.importKey("raw",t,{name:"AES-GCM"},!1,["decrypt"]),s=xe(e,n),i=await crypto.subtle.decrypt({name:"AES-GCM",iv:r,tagLength:128},o,s);return new Uint8Array(i)}async function nc(e){if(typeof e!="string"||e.length===0)throw new Error("Private key is required");if(Zt(e)){let r=await jt(e);return Re(r)}let t=So(e);if(!t)throw new Error("Private key must be WIF or 64-hex");if(t.length!==64)throw new Error("Private key must be 32 bytes (64 hex chars)");return Re(t)}async function Ho(e,t){if(!globalThis.crypto?.subtle)throw new Error("WebCrypto (crypto.subtle) is required for decrypt");let r=So(e);if(!r)throw new Error("Invalid encryptedPayloadHex");let n=Re(r),o=Ji(n),s=await nc(t),i=ze.pointFromScalar(s,!0);if(!(i instanceof Uint8Array)||i.length!==33)throw new Error("Failed to derive recipient public key");let c=await Gt(i),a=He(c),l=He(c.slice().reverse()),d=o.recipientKeys.get(a)??o.recipientKeys.get(l);if(!d||d.length<60)return null;let h=d.slice(0,12),f=d.slice(12,d.length-16),u=d.slice(d.length-16),b=ze.pointMultiply(o.ephemeralPubKey,s,!0),m=await Ze(b),_=await Rn(m,32),T;try{T=await vo(f,_,h,u)}catch{return null}if(T.length!==32)return null;let q=o.encryptedPayload;if(q.length<29)return null;let x=q.slice(0,12),N=q.slice(12,q.length-16),M=q.slice(q.length-16),Y;try{Y=await vo(N,T,x,M)}catch{return null}return new TextDecoder().decode(Y)}async function rc(e,t){let r=Ln(32),n=ze.pointFromScalar(r,!0);if(!(n instanceof Uint8Array)||n.length!==33)throw new Error("Failed to generate ephemeral public key");let o=await Rn(r,32),s=Ln(12),{ciphertext:i,tag:c}=await _o(e,o,s),a=xe(s,i,c),l=new Map;for(let d of t){if(!(d instanceof Uint8Array)||d.length!==33)throw new Error("Recipient pubkey must be 33 bytes compressed");let h=ze.pointMultiply(d,r,!0),f=await Ze(h),u=await Rn(f,32),b=Ln(12),{ciphertext:m,tag:_}=await _o(o,u,b),T=xe(b,m,_),q=await Gt(d),x=He(q);l.set(x,T)}return{ephemeralPubKey:n,encryptedPayload:a,recipientKeys:l}}function oc(e){let t=[];t.push(ft(e.ephemeralPubKey)),t.push(ft(e.encryptedPayload));let r=Array.from(e.recipientKeys.entries()).map(([n,o])=>{let s=Re(n);if(s.length!==20)throw new Error("recipient key hash160 must be 20 bytes");return{keyBytes:s,recipientPackage:o}});r.sort((n,o)=>{for(let s=0;s<20;s++)if(n.keyBytes[s]!==o.keyBytes[s])return n.keyBytes[s]-o.keyBytes[s];return 0}),t.push(qn(r.length));for(let{keyBytes:n,recipientPackage:o}of r)t.push(n),t.push(ft(o));return xe(...t)}async function Io(e){if(!e.token)throw new Error("Token is required");if(!e.senderAddress)throw new Error("Sender address is required");if(!e.senderPubKey||e.senderPubKey.length!==66)throw new Error("Sender public key must be 66 hex characters");let t=e.privateKey;if(!t)throw new Error("Private key is required");if(Zt(t)&&(console.log("Detected WIF format, converting to hex..."),t=await jt(t),console.log("Private key converted successfully")),t.length!==64)throw new Error("Private key must be 64 hex characters (or WIF format)");if(!e.message)throw new Error("Message is required");if(!e.recipientPubKeys||e.recipientPubKeys.length===0)throw new Error("At least one recipient is required");if(!e.timestamp||e.timestamp<=0)throw new Error("Timestamp must be positive");let r=Re(t),n=Re(e.senderPubKey),o=e.recipientPubKeys.map(_=>{if(_.length!==66)throw new Error("Recipient pubkey must be 66 hex chars");return Re(_)}),s=e.senderPubKey.toLowerCase();e.recipientPubKeys.some(_=>_.toLowerCase()===s)||o.push(n);let c=new TextEncoder().encode(e.message),a=await rc(c,o),l=oc(a),d=xe(Dt(e.token),Dt(e.senderAddress),Eo(e.timestamp),ft(l)),h=await zt(d),f=He(h.slice().reverse()),u=ze.sign(h,r),b;if(u instanceof Uint8Array)u.length===64?b=Bo(u):b=u;else if(typeof u=="object"&&u.toDER)b=u.toDER();else if(typeof u=="object"&&u.signature)u.signature.length===64?b=Bo(u.signature):b=u.signature;else throw new Error("Unknown signature format from secp256k1.sign()");let m=xe(Dt(e.token),Dt(e.senderAddress),Eo(e.timestamp),ft(b),ft(l));return{hex:He(m),messageHash:f,messageHashBytes:He(h),encryptedSize:l.length,recipientCount:o.length}}typeof globalThis<"u"&&(globalThis.neuraiDepinMsg={buildDepinMessage:Io,decryptDepinReceiveEncryptedPayload:Ho,wifToHex:jt,isWIF:Zt,utils:{hexToBytes:Re,bytesToHex:He,sha256:Ze,doubleSha256:zt,hash160:Gt,base58Decode:Cn}});return Vo(sc);})();
 /*! Bundled license information:
 @noble/hashes/utils.js:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@neuraiproject/neurai-depin-msg",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "Build and serialize DePIN encrypted messages for Neurai blockchain",
   "main": "dist/neurai-depin-msg.min.js",
   "browser": "dist/neurai-depin-msg.min.js",

package/src/index.js CHANGED Viewed

@@ -96,6 +96,92 @@ function bytesToHex(bytes) {
   return Array.from(bytes).map(b => b.toString(16).padStart(2, '0')).join('');
 }
+function normalizeHex(hex) {
+  if (typeof hex !== 'string') return null;
+  const trimmed = hex.trim().toLowerCase();
+  const noPrefix = trimmed.startsWith('0x') ? trimmed.slice(2) : trimmed;
+  if (noPrefix.length === 0) return null;
+  if (!/^[0-9a-f]+$/.test(noPrefix)) return null;
+  if (noPrefix.length % 2 !== 0) return null;
+  return noPrefix;
+}
+function timingSafeEqual(a, b) {
+  if (!(a instanceof Uint8Array) || !(b instanceof Uint8Array)) return false;
+  if (a.length !== b.length) return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++) diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+function readCompactSize(buf, offset) {
+  if (offset >= buf.length) throw new Error('CompactSize: out of bounds');
+  const first = buf[offset];
+  if (first < 253) return { value: first, offset: offset + 1 };
+  if (first === 253) {
+    if (offset + 3 > buf.length) throw new Error('CompactSize: truncated uint16');
+    const value = buf[offset + 1] | (buf[offset + 2] << 8);
+    return { value, offset: offset + 3 };
+  }
+  if (first === 254) {
+    if (offset + 5 > buf.length) throw new Error('CompactSize: truncated uint32');
+    const value =
+      (buf[offset + 1]) |
+      (buf[offset + 2] << 8) |
+      (buf[offset + 3] << 16) |
+      (buf[offset + 4] << 24);
+    return { value: value >>> 0, offset: offset + 5 };
+  }
+  if (offset + 9 > buf.length) throw new Error('CompactSize: truncated uint64');
+  let value = 0n;
+  for (let i = 0; i < 8; i++) {
+    value |= BigInt(buf[offset + 1 + i]) << (8n * BigInt(i));
+  }
+  if (value > BigInt(Number.MAX_SAFE_INTEGER)) {
+    throw new Error('CompactSize: value too large');
+  }
+  return { value: Number(value), offset: offset + 9 };
+}
+function readVector(buf, offset) {
+  const { value: len, offset: afterLen } = readCompactSize(buf, offset);
+  if (afterLen + len > buf.length) throw new Error('Vector: truncated');
+  const data = buf.slice(afterLen, afterLen + len);
+  return { data, offset: afterLen + len };
+}
+function deserializeEciesMessage(serialized) {
+  if (!(serialized instanceof Uint8Array)) throw new Error('deserializeEciesMessage: invalid input');
+  let offset = 0;
+  const ephem = readVector(serialized, offset);
+  const ephemeralPubKey = ephem.data;
+  offset = ephem.offset;
+  if (ephemeralPubKey.length !== 33 && ephemeralPubKey.length !== 65) {
+    throw new Error('Invalid ephemeral pubkey length: ' + ephemeralPubKey.length);
+  }
+  const payloadVec = readVector(serialized, offset);
+  const encryptedPayload = payloadVec.data;
+  offset = payloadVec.offset;
+  const countRes = readCompactSize(serialized, offset);
+  const count = countRes.value;
+  offset = countRes.offset;
+  const recipientKeys = new Map();
+  for (let i = 0; i < count; i++) {
+    if (offset + 20 > serialized.length) throw new Error('recipientKeys: truncated keyid');
+    const keyId = serialized.slice(offset, offset + 20);
+    offset += 20;
+    const v = readVector(serialized, offset);
+    offset = v.offset;
+    recipientKeys.set(bytesToHex(keyId), v.data);
+  }
+  return { ephemeralPubKey, encryptedPayload, recipientKeys };
+}
 /**
  * Encode ECDSA signature to DER format
  * Takes 64-byte raw signature (32 bytes r + 32 bytes s) and converts to DER
@@ -332,6 +418,74 @@ async function aes256CbcEncrypt(plaintext, key, iv) {
   return new Uint8Array(ciphertext);
 }
+async function aes256CbcDecrypt(ciphertext, key, iv) {
+  const cryptoKey = await crypto.subtle.importKey(
+    'raw', key, { name: 'AES-CBC' }, false, ['decrypt']
+  );
+  const plaintext = await crypto.subtle.decrypt(
+    { name: 'AES-CBC', iv }, cryptoKey, ciphertext
+  );
+  return new Uint8Array(plaintext);
+}
+/**
+ * AES-256-GCM encryption
+ * @param {Uint8Array} plaintext
+ * @param {Uint8Array} key - 32 bytes
+ * @param {Uint8Array} nonce - 12 bytes
+ * @returns {Promise<{ciphertext: Uint8Array, tag: Uint8Array}>}
+ */
+async function aes256GcmEncrypt(plaintext, key, nonce) {
+  if (key.length !== 32) throw new Error('Key must be 32 bytes');
+  if (nonce.length !== 12) throw new Error('Nonce must be 12 bytes');
+  const cryptoKey = await crypto.subtle.importKey(
+    'raw', key, { name: 'AES-GCM' }, false, ['encrypt']
+  );
+  const encrypted = await crypto.subtle.encrypt(
+    { name: 'AES-GCM', iv: nonce, tagLength: 128 },
+    cryptoKey,
+    plaintext
+  );
+  const encryptedArray = new Uint8Array(encrypted);
+  // WebCrypto appends the 16-byte auth tag at the end
+  const ciphertext = encryptedArray.slice(0, -16);
+  const tag = encryptedArray.slice(-16);
+  return { ciphertext, tag };
+}
+/**
+ * AES-256-GCM decryption
+ * @param {Uint8Array} ciphertext
+ * @param {Uint8Array} key - 32 bytes
+ * @param {Uint8Array} nonce - 12 bytes
+ * @param {Uint8Array} tag - 16 bytes
+ * @returns {Promise<Uint8Array>}
+ */
+async function aes256GcmDecrypt(ciphertext, key, nonce, tag) {
+  if (key.length !== 32) throw new Error('Key must be 32 bytes');
+  if (nonce.length !== 12) throw new Error('Nonce must be 12 bytes');
+  if (tag.length !== 16) throw new Error('Tag must be 16 bytes');
+  const cryptoKey = await crypto.subtle.importKey(
+    'raw', key, { name: 'AES-GCM' }, false, ['decrypt']
+  );
+  // Concatenate ciphertext and tag for WebCrypto
+  const combined = concatBytes(ciphertext, tag);
+  const decrypted = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv: nonce, tagLength: 128 },
+    cryptoKey,
+    combined
+  );
+  return new Uint8Array(decrypted);
+}
 async function hmacSha256(key, data) {
   const cryptoKey = await crypto.subtle.importKey(
     'raw',
@@ -344,16 +498,101 @@ async function hmacSha256(key, data) {
   return new Uint8Array(mac);
 }
+async function normalizePrivateKeyTo32Bytes(wifOrHex) {
+  if (typeof wifOrHex !== 'string' || wifOrHex.length === 0) {
+    throw new Error('Private key is required');
+  }
+  if (isWIF(wifOrHex)) {
+    const hex = await wifToHex(wifOrHex);
+    return hexToBytes(hex);
+  }
+  const norm = normalizeHex(wifOrHex);
+  if (!norm) throw new Error('Private key must be WIF or 64-hex');
+  if (norm.length !== 64) throw new Error('Private key must be 32 bytes (64 hex chars)');
+  return hexToBytes(norm);
+}
+/**
+ * Decrypts `encrypted_payload_hex` from Neurai RPC `depinreceivemsg`.
+ *
+ * Returns the decrypted plaintext (UTF-8) or null if the payload is not intended
+ * for the provided private key, or if authentication fails.
+ */
+async function decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipientPrivateKey) {
+  if (!globalThis.crypto?.subtle) {
+    throw new Error('WebCrypto (crypto.subtle) is required for decrypt');
+  }
+  const normalized = normalizeHex(encryptedPayloadHex);
+  if (!normalized) throw new Error('Invalid encryptedPayloadHex');
+  const serialized = hexToBytes(normalized);
+  const msg = deserializeEciesMessage(serialized);
+  const recipientPrivKeyBytes = await normalizePrivateKeyTo32Bytes(recipientPrivateKey);
+  const recipientPubKeyCompressed = secp256k1.pointFromScalar(recipientPrivKeyBytes, true);
+  if (!(recipientPubKeyCompressed instanceof Uint8Array) || recipientPubKeyCompressed.length !== 33) {
+    throw new Error('Failed to derive recipient public key');
+  }
+  const keyIdBytes = await hash160(recipientPubKeyCompressed);
+  const keyIdHex = bytesToHex(keyIdBytes);
+  const keyIdHexReversed = bytesToHex(keyIdBytes.slice().reverse());
+  const recipientPackage = msg.recipientKeys.get(keyIdHex) ?? msg.recipientKeys.get(keyIdHexReversed);
+  if (!recipientPackage) return null;
+  // GCM format: Nonce(12) + encrypted_key(32) + Tag(16) = 60 bytes minimum
+  if (recipientPackage.length < 12 + 32 + 16) return null;
+  const recipientNonce = recipientPackage.slice(0, 12);
+  const encryptedAESKey = recipientPackage.slice(12, recipientPackage.length - 16);
+  const recipientTag = recipientPackage.slice(recipientPackage.length - 16);
+  // ECDH secret must match Core's ecdh module: SHA256(compressed(shared_point))
+  const sharedPointCompressed = secp256k1.pointMultiply(msg.ephemeralPubKey, recipientPrivKeyBytes, true);
+  const sharedSecret = await sha256(sharedPointCompressed);
+  const encKey = await kdfSha256(sharedSecret, 32);
+  // Decrypt AES key with GCM (tag verified automatically)
+  let aesKey;
+  try {
+    aesKey = await aes256GcmDecrypt(encryptedAESKey, encKey, recipientNonce, recipientTag);
+  } catch {
+    return null; // Authentication failed
+  }
+  if (aesKey.length !== 32) return null;
+  const payload = msg.encryptedPayload;
+  // GCM format: Nonce(12) + ciphertext + Tag(16) = 28 bytes minimum
+  if (payload.length < 12 + 1 + 16) return null;
+  const payloadNonce = payload.slice(0, 12);
+  const ciphertext = payload.slice(12, payload.length - 16);
+  const payloadTag = payload.slice(payload.length - 16);
+  // Decrypt payload with GCM (tag verified automatically)
+  let plaintextBytes;
+  try {
+    plaintextBytes = await aes256GcmDecrypt(ciphertext, aesKey, payloadNonce, payloadTag);
+  } catch {
+    return null; // Authentication failed
+  }
+  const decoder = new TextDecoder();
+  return decoder.decode(plaintextBytes);
+}
 // ============================================
 // ECIES ENCRYPTION (using @bitcoinerlab/secp256k1)
 // ============================================
 async function eciesEncrypt(plaintext, recipientPubKeys) {
-  // Neurai Core-compatible hybrid ECIES (see src/depinecies.cpp)
+  // Neurai Core-compatible hybrid ECIES with AES-256-GCM (see src/depinecies.cpp)
   // - Ephemeral keypair per message
   // - AES key derived from ephemeral privkey via KDF_SHA256
-  // - Payload: [IV(16) || ciphertext || HMAC_SHA256(aesKey, ciphertext)]
-  // - Per-recipient package: [recipientIV(16) || AES256_CBC(encKey, aesKey) || HMAC_SHA256(encKey, encryptedAESKey)]
+  // - Payload: [Nonce(12) || ciphertext || Tag(16)]
+  // - Per-recipient package: [Nonce(12) || AES256_GCM(encKey, aesKey) || Tag(16)]
   // - encKey derived from ECDH secret (secp256k1_ecdh default), then KDF_SHA256
   // Generate ephemeral key pair
@@ -366,13 +605,12 @@ async function eciesEncrypt(plaintext, recipientPubKeys) {
   // Derive AES key from ephemeral private key (matches KDF_SHA256 in C++)
   const aesKey = await kdfSha256(ephemeralPrivKey, 32);
-  // Encrypt message with AES-256-CBC (PKCS7 padding)
-  const iv = randomBytes(16);
-  const ciphertext = await aes256CbcEncrypt(plaintext, aesKey, iv);
+  // Encrypt message with AES-256-GCM (no padding needed)
+  const nonce = randomBytes(12);
+  const { ciphertext, tag } = await aes256GcmEncrypt(plaintext, aesKey, nonce);
-  // HMAC over ciphertext only (matches C++)
-  const payloadHmac = await hmacSha256(aesKey, ciphertext);
-  const payload = concatBytes(iv, ciphertext, payloadHmac);
+  // Payload format: [Nonce(12) || ciphertext || Tag(16)]
+  const payload = concatBytes(nonce, ciphertext, tag);
   // For each recipient, encrypt the AES key
   const recipientKeys = new Map();
@@ -390,14 +628,12 @@ async function eciesEncrypt(plaintext, recipientPubKeys) {
     // Derive per-recipient encryption key
     const encKey = await kdfSha256(sharedSecret, 32);
-    // Encrypt the AES key using AES-256-CBC with random per-recipient IV
-    const recipientIV = randomBytes(16);
-    const encryptedAESKey = await aes256CbcEncrypt(aesKey, encKey, recipientIV);
-    // HMAC over encrypted AES key
-    const recipientHmac = await hmacSha256(encKey, encryptedAESKey);
+    // Encrypt the AES key using AES-256-GCM with random per-recipient nonce
+    const recipientNonce = randomBytes(12);
+    const { ciphertext: encryptedAESKey, tag: recipientTag } = await aes256GcmEncrypt(aesKey, encKey, recipientNonce);
-    const recipientPackage = concatBytes(recipientIV, encryptedAESKey, recipientHmac);
+    // Recipient package format: [Nonce(12) || encrypted_aes_key(32) || Tag(16)]
+    const recipientPackage = concatBytes(recipientNonce, encryptedAESKey, recipientTag);
     // Map key is address hash160 (CKeyID): Hash160(serialized pubkey)
     const keyHash = await hash160(recipientPubKey);
@@ -569,6 +805,7 @@ async function buildDepinMessage(params) {
 // Export for browser (IIFE global)
 export {
   buildDepinMessage,
+  decryptDepinReceiveEncryptedPayload,
   wifToHex,
   isWIF,
   hexToBytes,
@@ -583,6 +820,7 @@ export {
 if (typeof globalThis !== 'undefined') {
   globalThis.neuraiDepinMsg = {
     buildDepinMessage,
+    decryptDepinReceiveEncryptedPayload,
     wifToHex,
     isWIF,
     utils: {