npm - @neuraiproject/neurai-depin-msg - Versions diffs - 1.0.1 → 2.1.0 - Mend

@neuraiproject/neurai-depin-msg 1.0.1 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md +6 -6
package/dist/neurai-depin-msg.js +81 -60
package/dist/neurai-depin-msg.min.js +1 -1
package/package.json +2 -2
package/src/index.js +144 -37

package/README.md CHANGED Viewed

@@ -130,18 +130,18 @@ Notes:
 ## How it works (Core-compatible)
-### Encryption (Hybrid ECIES)
+### Encryption (Hybrid ECIES with AES-256-GCM)
-This matches Neurai Core's `CECIESEncryptedMessage` format:
+This matches Neurai Core's `CECIESEncryptedMessage` format (v2.0+):
 - Ephemeral keypair is generated per message.
 - Message encryption:
-  - AES-256-CBC encrypts plaintext with a derived AES key.
-  - Payload is stored as `[IV(16) || ciphertext || HMAC-SHA256(aesKey, ciphertext)]`.
+  - AES-256-GCM encrypts plaintext with a derived AES key (no padding).
+  - Payload is stored as `[Nonce(12) || ciphertext || AuthTag(16)]`.
 - Per-recipient key wrapping:
   - ECDH derives a shared secret from ephemeral privkey + recipient pubkey.
-  - A per-recipient `encKey` is derived and used to AES-CBC encrypt the 32-byte AES key.
-  - Recipient package is `[recipientIV(16) || encryptedAESKey || HMAC-SHA256(encKey, encryptedAESKey)]`.
+  - A per-recipient `encKey` is derived and used to AES-256-GCM encrypt the 32-byte AES key.
+  - Recipient package is `[Nonce(12) || encryptedAESKey(32) || AuthTag(16)]` (60 bytes).
 ### Serialization

package/dist/neurai-depin-msg.js CHANGED Viewed

@@ -4229,7 +4229,9 @@ var neuraiDepinMsg = (() => {
     hexToBytes: () => hexToBytes,
     isWIF: () => isWIF,
     sha256: () => sha256,
-    wifToHex: () => wifToHex
+    unwrapMessageFromServer: () => unwrapMessageFromServer,
+    wifToHex: () => wifToHex,
+    wrapMessageForServer: () => wrapMessageForServer
   });
   var secp256k1 = __toESM(require_dist());
   function writeCompactSize(value) {
@@ -4324,16 +4326,6 @@ var neuraiDepinMsg = (() => {
       return null;
     return noPrefix;
   }
-  function timingSafeEqual(a, b) {
-    if (!(a instanceof Uint8Array) || !(b instanceof Uint8Array))
-      return false;
-    if (a.length !== b.length)
-      return false;
-    let diff = 0;
-    for (let i = 0; i < a.length; i++)
-      diff |= a[i] ^ b[i];
-    return diff === 0;
-  }
   function readCompactSize(buf, offset) {
     if (offset >= buf.length)
       throw new Error("CompactSize: out of bounds");
@@ -4587,46 +4579,49 @@ var neuraiDepinMsg = (() => {
     crypto.getRandomValues(bytes);
     return bytes;
   }
-  async function aes256CbcEncrypt(plaintext, key, iv) {
+  async function aes256GcmEncrypt(plaintext, key, nonce) {
+    if (key.length !== 32)
+      throw new Error("Key must be 32 bytes");
+    if (nonce.length !== 12)
+      throw new Error("Nonce must be 12 bytes");
     const cryptoKey = await crypto.subtle.importKey(
       "raw",
       key,
-      { name: "AES-CBC" },
+      { name: "AES-GCM" },
       false,
       ["encrypt"]
     );
-    const ciphertext = await crypto.subtle.encrypt(
-      { name: "AES-CBC", iv },
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv: nonce, tagLength: 128 },
       cryptoKey,
       plaintext
     );
-    return new Uint8Array(ciphertext);
+    const encryptedArray = new Uint8Array(encrypted);
+    const ciphertext = encryptedArray.slice(0, -16);
+    const tag = encryptedArray.slice(-16);
+    return { ciphertext, tag };
   }
-  async function aes256CbcDecrypt(ciphertext, key, iv) {
+  async function aes256GcmDecrypt(ciphertext, key, nonce, tag) {
+    if (key.length !== 32)
+      throw new Error("Key must be 32 bytes");
+    if (nonce.length !== 12)
+      throw new Error("Nonce must be 12 bytes");
+    if (tag.length !== 16)
+      throw new Error("Tag must be 16 bytes");
     const cryptoKey = await crypto.subtle.importKey(
       "raw",
       key,
-      { name: "AES-CBC" },
+      { name: "AES-GCM" },
       false,
       ["decrypt"]
     );
-    const plaintext = await crypto.subtle.decrypt(
-      { name: "AES-CBC", iv },
+    const combined = concatBytes(ciphertext, tag);
+    const decrypted = await crypto.subtle.decrypt(
+      { name: "AES-GCM", iv: nonce, tagLength: 128 },
       cryptoKey,
-      ciphertext
+      combined
     );
-    return new Uint8Array(plaintext);
-  }
-  async function hmacSha256(key, data) {
-    const cryptoKey = await crypto.subtle.importKey(
-      "raw",
-      key,
-      { name: "HMAC", hash: { name: "SHA-256" } },
-      false,
-      ["sign"]
-    );
-    const mac = await crypto.subtle.sign("HMAC", cryptoKey, data);
-    return new Uint8Array(mac);
+    return new Uint8Array(decrypted);
   }
   async function normalizePrivateKeyTo32Bytes(wifOrHex) {
     if (typeof wifOrHex !== "string" || wifOrHex.length === 0) {
@@ -4663,38 +4658,31 @@ var neuraiDepinMsg = (() => {
     const recipientPackage = msg.recipientKeys.get(keyIdHex) ?? msg.recipientKeys.get(keyIdHexReversed);
     if (!recipientPackage)
       return null;
-    if (recipientPackage.length < 16 + 32 + 32)
+    if (recipientPackage.length < 12 + 32 + 16)
       return null;
-    const recipientIV = recipientPackage.slice(0, 16);
-    const encryptedAESKey = recipientPackage.slice(16, recipientPackage.length - 32);
-    const recipientHmac = recipientPackage.slice(recipientPackage.length - 32);
+    const recipientNonce = recipientPackage.slice(0, 12);
+    const encryptedAESKey = recipientPackage.slice(12, recipientPackage.length - 16);
+    const recipientTag = recipientPackage.slice(recipientPackage.length - 16);
     const sharedPointCompressed = secp256k1.pointMultiply(msg.ephemeralPubKey, recipientPrivKeyBytes, true);
     const sharedSecret = await sha256(sharedPointCompressed);
     const encKey = await kdfSha256(sharedSecret, 32);
-    const expectedRecipientHmac = await hmacSha256(encKey, encryptedAESKey);
-    if (!timingSafeEqual(expectedRecipientHmac, recipientHmac))
-      return null;
-    let aesKeyRaw;
+    let aesKey;
     try {
-      aesKeyRaw = await aes256CbcDecrypt(encryptedAESKey, encKey, recipientIV);
+      aesKey = await aes256GcmDecrypt(encryptedAESKey, encKey, recipientNonce, recipientTag);
     } catch {
       return null;
     }
-    if (aesKeyRaw.length < 32)
+    if (aesKey.length !== 32)
       return null;
-    const aesKey = aesKeyRaw.slice(0, 32);
     const payload = msg.encryptedPayload;
-    if (payload.length < 16 + 1 + 32)
-      return null;
-    const iv = payload.slice(0, 16);
-    const ciphertext = payload.slice(16, payload.length - 32);
-    const payloadHmac = payload.slice(payload.length - 32);
-    const expectedPayloadHmac = await hmacSha256(aesKey, ciphertext);
-    if (!timingSafeEqual(expectedPayloadHmac, payloadHmac))
+    if (payload.length < 12 + 1 + 16)
       return null;
+    const payloadNonce = payload.slice(0, 12);
+    const ciphertext = payload.slice(12, payload.length - 16);
+    const payloadTag = payload.slice(payload.length - 16);
     let plaintextBytes;
     try {
-      plaintextBytes = await aes256CbcDecrypt(ciphertext, aesKey, iv);
+      plaintextBytes = await aes256GcmDecrypt(ciphertext, aesKey, payloadNonce, payloadTag);
     } catch {
       return null;
     }
@@ -4708,10 +4696,9 @@ var neuraiDepinMsg = (() => {
       throw new Error("Failed to generate ephemeral public key");
     }
     const aesKey = await kdfSha256(ephemeralPrivKey, 32);
-    const iv = randomBytes(16);
-    const ciphertext = await aes256CbcEncrypt(plaintext, aesKey, iv);
-    const payloadHmac = await hmacSha256(aesKey, ciphertext);
-    const payload = concatBytes(iv, ciphertext, payloadHmac);
+    const nonce = randomBytes(12);
+    const { ciphertext, tag } = await aes256GcmEncrypt(plaintext, aesKey, nonce);
+    const payload = concatBytes(nonce, ciphertext, tag);
     const recipientKeys = /* @__PURE__ */ new Map();
     for (const recipientPubKey of recipientPubKeys) {
       if (!(recipientPubKey instanceof Uint8Array) || recipientPubKey.length !== 33) {
@@ -4720,10 +4707,9 @@ var neuraiDepinMsg = (() => {
       const sharedPointCompressed = secp256k1.pointMultiply(recipientPubKey, ephemeralPrivKey, true);
       const sharedSecret = await sha256(sharedPointCompressed);
       const encKey = await kdfSha256(sharedSecret, 32);
-      const recipientIV = randomBytes(16);
-      const encryptedAESKey = await aes256CbcEncrypt(aesKey, encKey, recipientIV);
-      const recipientHmac = await hmacSha256(encKey, encryptedAESKey);
-      const recipientPackage = concatBytes(recipientIV, encryptedAESKey, recipientHmac);
+      const recipientNonce = randomBytes(12);
+      const { ciphertext: encryptedAESKey, tag: recipientTag } = await aes256GcmEncrypt(aesKey, encKey, recipientNonce);
+      const recipientPackage = concatBytes(recipientNonce, encryptedAESKey, recipientTag);
       const keyHash = await hash160(recipientPubKey);
       const keyHashHex = bytesToHex(keyHash);
       recipientKeys.set(keyHashHex, recipientPackage);
@@ -4843,9 +4829,44 @@ var neuraiDepinMsg = (() => {
       recipientCount: recipientPubKeys.length
     };
   }
+  async function wrapMessageForServer(messageHex, serverPubKeyHex, senderAddress) {
+    if (!messageHex || !serverPubKeyHex || !senderAddress) {
+      throw new Error("messageHex, serverPubKeyHex, and senderAddress are required");
+    }
+    const normalizedMsg = normalizeHex(messageHex);
+    const normalizedServerPk = normalizeHex(serverPubKeyHex);
+    if (!normalizedMsg)
+      throw new Error("Invalid messageHex");
+    if (!normalizedServerPk)
+      throw new Error("Invalid serverPubKeyHex");
+    const messageBytes = hexToBytes(normalizedMsg);
+    const serverPubKey = hexToBytes(normalizedServerPk);
+    if (serverPubKey.length !== 33) {
+      throw new Error("Server public key must be 33 bytes compressed");
+    }
+    const eciesMsg = await eciesEncrypt(messageBytes, [serverPubKey]);
+    const serializedECIES = serializeEciesMessage(eciesMsg);
+    return {
+      sender: senderAddress,
+      encrypted: bytesToHex(serializedECIES)
+    };
+  }
+  async function unwrapMessageFromServer(encryptedHex, recipientPrivateKeyWifOrHex) {
+    if (!encryptedHex || !recipientPrivateKeyWifOrHex) {
+      throw new Error("encryptedHex and recipientPrivateKey are required");
+    }
+    let privKeyHex = recipientPrivateKeyWifOrHex;
+    if (isWIF(privKeyHex)) {
+      privKeyHex = await wifToHex(privKeyHex);
+    }
+    const decrypted = await decryptDepinReceiveEncryptedPayload(encryptedHex, privKeyHex);
+    return decrypted;
+  }
   if (typeof globalThis !== "undefined") {
     globalThis.neuraiDepinMsg = {
       buildDepinMessage,
+      wrapMessageForServer,
+      unwrapMessageFromServer,
       decryptDepinReceiveEncryptedPayload,
       wifToHex,
       isWIF,

package/dist/neurai-depin-msg.min.js CHANGED Viewed

@@ -1,4 +1,4 @@
-var neuraiDepinMsg=(()=>{var Uo=Object.create;var vt=Object.defineProperty;var Ro=Object.getOwnPropertyDescriptor;var Lo=Object.getOwnPropertyNames;var qo=Object.getPrototypeOf,Vo=Object.prototype.hasOwnProperty;var de=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),ko=(e,t)=>{for(var r in t)vt(e,r,{get:t[r],enumerable:!0})},Pn=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Lo(t))!Vo.call(e,o)&&o!==r&&vt(e,o,{get:()=>t[o],enumerable:!(n=Ro(t,o))||n.enumerable});return e};var Co=(e,t,r)=>(r=e!=null?Uo(qo(e)):{},Pn(t||!e||!e.__esModule?vt(r,"default",{value:e,enumerable:!0}):r,e)),No=e=>Pn(vt({},"__esModule",{value:!0}),e);var Mn=de(St=>{"use strict";Object.defineProperty(St,"__esModule",{value:!0});St.crypto=void 0;St.crypto=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0});var qe=de(O=>{"use strict";Object.defineProperty(O,"__esModule",{value:!0});O.wrapXOFConstructorWithOpts=O.wrapConstructorWithOpts=O.wrapConstructor=O.Hash=O.nextTick=O.swap32IfBE=O.byteSwapIfBE=O.swap8IfBE=O.isLE=void 0;O.isBytes=Dn;O.anumber=Xt;O.abytes=et;O.ahash=Po;O.aexists=Mo;O.aoutput=Ko;O.u8=Do;O.u32=jo;O.clean=Zo;O.createView=zo;O.rotr=Go;O.rotl=Wo;O.byteSwap=$t;O.byteSwap32=jn;O.bytesToHex=Yo;O.hexToBytes=$o;O.asyncLoop=Qo;O.utf8ToBytes=Ft;O.bytesToUtf8=Jo;O.toBytes=At;O.kdfInputToBytes=es;O.concatBytes=ts;O.checkOpts=ns;O.createHasher=zn;O.createOptHasher=Gn;O.createXOFer=Wn;O.randomBytes=rs;var Je=Mn();function Dn(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Xt(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function et(e,...t){if(!Dn(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function Po(e){if(typeof e!="function"||typeof e.create!="function")throw new Error("Hash should be wrapped by utils.createHasher");Xt(e.outputLen),Xt(e.blockLen)}function Mo(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function Ko(e,t){et(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Do(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function jo(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Zo(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function zo(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Go(e,t){return e<<32-t|e>>>t}function Wo(e,t){return e<<t|e>>>32-t>>>0}O.isLE=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;function $t(e){return e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255}O.swap8IfBE=O.isLE?e=>e:e=>$t(e);O.byteSwapIfBE=O.swap8IfBE;function jn(e){for(let t=0;t<e.length;t++)e[t]=$t(e[t]);return e}O.swap32IfBE=O.isLE?e=>e:jn;var Zn=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",Xo=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function Yo(e){if(et(e),Zn)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=Xo[e[r]];return t}var Ie={_0:48,_9:57,A:65,F:70,a:97,f:102};function Kn(e){if(e>=Ie._0&&e<=Ie._9)return e-Ie._0;if(e>=Ie.A&&e<=Ie.F)return e-(Ie.A-10);if(e>=Ie.a&&e<=Ie.f)return e-(Ie.a-10)}function $o(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(Zn)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Kn(e.charCodeAt(s)),c=Kn(e.charCodeAt(s+1));if(i===void 0||c===void 0){let a=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+a+'" at index '+s)}n[o]=i*16+c}return n}var Fo=async()=>{};O.nextTick=Fo;async function Qo(e,t,r){let n=Date.now();for(let o=0;o<e;o++){r(o);let s=Date.now()-n;s>=0&&s<t||(await(0,O.nextTick)(),n+=s)}}function Ft(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function Jo(e){return new TextDecoder().decode(e)}function At(e){return typeof e=="string"&&(e=Ft(e)),et(e),e}function es(e){return typeof e=="string"&&(e=Ft(e)),et(e),e}function ts(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];et(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}function ns(e,t){if(t!==void 0&&{}.toString.call(t)!=="[object Object]")throw new Error("options should be object or undefined");return Object.assign(e,t)}var Yt=class{};O.Hash=Yt;function zn(e){let t=n=>e().update(At(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Gn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}function Wn(e){let t=(n,o)=>e(o).update(At(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}O.wrapConstructor=zn;O.wrapConstructorWithOpts=Gn;O.wrapXOFConstructorWithOpts=Wn;function rs(e=32){if(Je.crypto&&typeof Je.crypto.getRandomValues=="function")return Je.crypto.getRandomValues(new Uint8Array(e));if(Je.crypto&&typeof Je.crypto.randomBytes=="function")return Uint8Array.from(Je.crypto.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}});var Yn=de(he=>{"use strict";Object.defineProperty(he,"__esModule",{value:!0});he.SHA512_IV=he.SHA384_IV=he.SHA224_IV=he.SHA256_IV=he.HashMD=void 0;he.setBigUint64=Xn;he.Chi=os;he.Maj=ss;var _e=qe();function Xn(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),c=Number(r&s),a=n?4:0,l=n?0:4;e.setUint32(t+a,i,n),e.setUint32(t+l,c,n)}function os(e,t,r){return e&t^~e&r}function ss(e,t,r){return e&t^e&r^t&r}var Qt=class extends _e.Hash{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=(0,_e.createView)(this.buffer)}update(t){(0,_e.aexists)(this),t=(0,_e.toBytes)(t),(0,_e.abytes)(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let c=Math.min(o-this.pos,s-i);if(c===o){let a=(0,_e.createView)(t);for(;o<=s-i;i+=o)this.process(a,i);continue}n.set(t.subarray(i,i+c),this.pos),this.pos+=c,i+=c,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){(0,_e.aexists)(this),(0,_e.aoutput)(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,(0,_e.clean)(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let h=i;h<o;h++)r[h]=0;Xn(n,o-8,BigInt(this.length*8),s),this.process(n,0);let c=(0,_e.createView)(t),a=this.outputLen;if(a%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let l=a/4,d=this.get();if(l>d.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<l;h++)c.setUint32(4*h,d[h],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:c}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=c,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}};he.HashMD=Qt;he.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);he.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);he.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]);he.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])});var gr=de(k=>{"use strict";Object.defineProperty(k,"__esModule",{value:!0});k.toBig=k.shrSL=k.shrSH=k.rotrSL=k.rotrSH=k.rotrBL=k.rotrBH=k.rotr32L=k.rotr32H=k.rotlSL=k.rotlSH=k.rotlBL=k.rotlBH=k.add5L=k.add5H=k.add4L=k.add4H=k.add3L=k.add3H=void 0;k.add=ur;k.fromBig=en;k.split=$n;var Ht=BigInt(2**32-1),Jt=BigInt(32);function en(e,t=!1){return t?{h:Number(e&Ht),l:Number(e>>Jt&Ht)}:{h:Number(e>>Jt&Ht)|0,l:Number(e&Ht)|0}}function $n(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:c}=en(e[s],t);[n[s],o[s]]=[i,c]}return[n,o]}var Fn=(e,t)=>BigInt(e>>>0)<<Jt|BigInt(t>>>0);k.toBig=Fn;var Qn=(e,t,r)=>e>>>r;k.shrSH=Qn;var Jn=(e,t,r)=>e<<32-r|t>>>r;k.shrSL=Jn;var er=(e,t,r)=>e>>>r|t<<32-r;k.rotrSH=er;var tr=(e,t,r)=>e<<32-r|t>>>r;k.rotrSL=tr;var nr=(e,t,r)=>e<<64-r|t>>>r-32;k.rotrBH=nr;var rr=(e,t,r)=>e>>>r-32|t<<64-r;k.rotrBL=rr;var or=(e,t)=>t;k.rotr32H=or;var sr=(e,t)=>e;k.rotr32L=sr;var ir=(e,t,r)=>e<<r|t>>>32-r;k.rotlSH=ir;var cr=(e,t,r)=>t<<r|e>>>32-r;k.rotlSL=cr;var ar=(e,t,r)=>t<<r-32|e>>>64-r;k.rotlBH=ar;var fr=(e,t,r)=>e<<r-32|t>>>64-r;k.rotlBL=fr;function ur(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var lr=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0);k.add3L=lr;var dr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0;k.add3H=dr;var hr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0);k.add4L=hr;var yr=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0;k.add4H=yr;var br=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0);k.add5L=br;var wr=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;k.add5H=wr;var is={fromBig:en,split:$n,toBig:Fn,shrSH:Qn,shrSL:Jn,rotrSH:er,rotrSL:tr,rotrBH:nr,rotrBL:rr,rotr32H:or,rotr32L:sr,rotlSH:ir,rotlSL:cr,rotlBH:ar,rotlBL:fr,add:ur,add3L:lr,add3H:dr,add4L:hr,add4H:yr,add5H:wr,add5L:br};k.default=is});var pr=de(z=>{"use strict";Object.defineProperty(z,"__esModule",{value:!0});z.sha512_224=z.sha512_256=z.sha384=z.sha512=z.sha224=z.sha256=z.SHA512_256=z.SHA512_224=z.SHA384=z.SHA512=z.SHA224=z.SHA256=void 0;var T=Yn(),P=gr(),J=qe(),cs=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),Ve=new Uint32Array(64),ut=class extends T.HashMD{constructor(t=32){super(64,t,8,!1),this.A=T.SHA256_IV[0]|0,this.B=T.SHA256_IV[1]|0,this.C=T.SHA256_IV[2]|0,this.D=T.SHA256_IV[3]|0,this.E=T.SHA256_IV[4]|0,this.F=T.SHA256_IV[5]|0,this.G=T.SHA256_IV[6]|0,this.H=T.SHA256_IV[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:c,H:a}=this;return[t,r,n,o,s,i,c,a]}set(t,r,n,o,s,i,c,a){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=c|0,this.H=a|0}process(t,r){for(let h=0;h<16;h++,r+=4)Ve[h]=t.getUint32(r,!1);for(let h=16;h<64;h++){let f=Ve[h-15],u=Ve[h-2],b=(0,J.rotr)(f,7)^(0,J.rotr)(f,18)^f>>>3,m=(0,J.rotr)(u,17)^(0,J.rotr)(u,19)^u>>>10;Ve[h]=m+Ve[h-7]+b+Ve[h-16]|0}let{A:n,B:o,C:s,D:i,E:c,F:a,G:l,H:d}=this;for(let h=0;h<64;h++){let f=(0,J.rotr)(c,6)^(0,J.rotr)(c,11)^(0,J.rotr)(c,25),u=d+f+(0,T.Chi)(c,a,l)+cs[h]+Ve[h]|0,m=((0,J.rotr)(n,2)^(0,J.rotr)(n,13)^(0,J.rotr)(n,22))+(0,T.Maj)(n,o,s)|0;d=l,l=a,a=c,c=i+u|0,i=s,s=o,o=n,n=u+m|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,c=c+this.E|0,a=a+this.F|0,l=l+this.G|0,d=d+this.H|0,this.set(n,o,s,i,c,a,l,d)}roundClean(){(0,J.clean)(Ve)}destroy(){this.set(0,0,0,0,0,0,0,0),(0,J.clean)(this.buffer)}};z.SHA256=ut;var It=class extends ut{constructor(){super(28),this.A=T.SHA224_IV[0]|0,this.B=T.SHA224_IV[1]|0,this.C=T.SHA224_IV[2]|0,this.D=T.SHA224_IV[3]|0,this.E=T.SHA224_IV[4]|0,this.F=T.SHA224_IV[5]|0,this.G=T.SHA224_IV[6]|0,this.H=T.SHA224_IV[7]|0}};z.SHA224=It;var mr=P.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),as=mr[0],fs=mr[1],ke=new Uint32Array(80),Ce=new Uint32Array(80),Ge=class extends T.HashMD{constructor(t=64){super(128,t,16,!1),this.Ah=T.SHA512_IV[0]|0,this.Al=T.SHA512_IV[1]|0,this.Bh=T.SHA512_IV[2]|0,this.Bl=T.SHA512_IV[3]|0,this.Ch=T.SHA512_IV[4]|0,this.Cl=T.SHA512_IV[5]|0,this.Dh=T.SHA512_IV[6]|0,this.Dl=T.SHA512_IV[7]|0,this.Eh=T.SHA512_IV[8]|0,this.El=T.SHA512_IV[9]|0,this.Fh=T.SHA512_IV[10]|0,this.Fl=T.SHA512_IV[11]|0,this.Gh=T.SHA512_IV[12]|0,this.Gl=T.SHA512_IV[13]|0,this.Hh=T.SHA512_IV[14]|0,this.Hl=T.SHA512_IV[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:c,Dl:a,Eh:l,El:d,Fh:h,Fl:f,Gh:u,Gl:b,Hh:m,Hl:B}=this;return[t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,B]}set(t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,B){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=c|0,this.Dl=a|0,this.Eh=l|0,this.El=d|0,this.Fh=h|0,this.Fl=f|0,this.Gh=u|0,this.Gl=b|0,this.Hh=m|0,this.Hl=B|0}process(t,r){for(let x=0;x<16;x++,r+=4)ke[x]=t.getUint32(r),Ce[x]=t.getUint32(r+=4);for(let x=16;x<80;x++){let q=ke[x-15]|0,K=Ce[x-15]|0,Y=P.rotrSH(q,K,1)^P.rotrSH(q,K,8)^P.shrSH(q,K,7),Z=P.rotrSL(q,K,1)^P.rotrSL(q,K,8)^P.shrSL(q,K,7),M=ke[x-2]|0,v=Ce[x-2]|0,ue=P.rotrSH(M,v,19)^P.rotrBH(M,v,61)^P.shrSH(M,v,6),le=P.rotrSL(M,v,19)^P.rotrBL(M,v,61)^P.shrSL(M,v,6),V=P.add4L(Z,le,Ce[x-7],Ce[x-16]),g=P.add4H(V,Y,ue,ke[x-7],ke[x-16]);ke[x]=g|0,Ce[x]=V|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:c,Cl:a,Dh:l,Dl:d,Eh:h,El:f,Fh:u,Fl:b,Gh:m,Gl:B,Hh:U,Hl:C}=this;for(let x=0;x<80;x++){let q=P.rotrSH(h,f,14)^P.rotrSH(h,f,18)^P.rotrBH(h,f,41),K=P.rotrSL(h,f,14)^P.rotrSL(h,f,18)^P.rotrBL(h,f,41),Y=h&u^~h&m,Z=f&b^~f&B,M=P.add5L(C,K,Z,fs[x],Ce[x]),v=P.add5H(M,U,q,Y,as[x],ke[x]),ue=M|0,le=P.rotrSH(n,o,28)^P.rotrBH(n,o,34)^P.rotrBH(n,o,39),V=P.rotrSL(n,o,28)^P.rotrBL(n,o,34)^P.rotrBL(n,o,39),g=n&s^n&c^s&c,w=o&i^o&a^i&a;U=m|0,C=B|0,m=u|0,B=b|0,u=h|0,b=f|0,{h,l:f}=P.add(l|0,d|0,v|0,ue|0),l=c|0,d=a|0,c=s|0,a=i|0,s=n|0,i=o|0;let y=P.add3L(ue,V,w);n=P.add3H(y,v,le,g),o=y|0}({h:n,l:o}=P.add(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=P.add(this.Bh|0,this.Bl|0,s|0,i|0),{h:c,l:a}=P.add(this.Ch|0,this.Cl|0,c|0,a|0),{h:l,l:d}=P.add(this.Dh|0,this.Dl|0,l|0,d|0),{h,l:f}=P.add(this.Eh|0,this.El|0,h|0,f|0),{h:u,l:b}=P.add(this.Fh|0,this.Fl|0,u|0,b|0),{h:m,l:B}=P.add(this.Gh|0,this.Gl|0,m|0,B|0),{h:U,l:C}=P.add(this.Hh|0,this.Hl|0,U|0,C|0),this.set(n,o,s,i,c,a,l,d,h,f,u,b,m,B,U,C)}roundClean(){(0,J.clean)(ke,Ce)}destroy(){(0,J.clean)(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};z.SHA512=Ge;var Tt=class extends Ge{constructor(){super(48),this.Ah=T.SHA384_IV[0]|0,this.Al=T.SHA384_IV[1]|0,this.Bh=T.SHA384_IV[2]|0,this.Bl=T.SHA384_IV[3]|0,this.Ch=T.SHA384_IV[4]|0,this.Cl=T.SHA384_IV[5]|0,this.Dh=T.SHA384_IV[6]|0,this.Dl=T.SHA384_IV[7]|0,this.Eh=T.SHA384_IV[8]|0,this.El=T.SHA384_IV[9]|0,this.Fh=T.SHA384_IV[10]|0,this.Fl=T.SHA384_IV[11]|0,this.Gh=T.SHA384_IV[12]|0,this.Gl=T.SHA384_IV[13]|0,this.Hh=T.SHA384_IV[14]|0,this.Hl=T.SHA384_IV[15]|0}};z.SHA384=Tt;var ae=Uint32Array.from([2352822216,424955298,1944164710,2312950998,502970286,855612546,1738396948,1479516111,258812777,2077511080,2011393907,79989058,1067287976,1780299464,286451373,2446758561]),fe=Uint32Array.from([573645204,4230739756,2673172387,3360449730,596883563,1867755857,2520282905,1497426621,2519219938,2827943907,3193839141,1401305490,721525244,746961066,246885852,2177182882]),Ot=class extends Ge{constructor(){super(28),this.Ah=ae[0]|0,this.Al=ae[1]|0,this.Bh=ae[2]|0,this.Bl=ae[3]|0,this.Ch=ae[4]|0,this.Cl=ae[5]|0,this.Dh=ae[6]|0,this.Dl=ae[7]|0,this.Eh=ae[8]|0,this.El=ae[9]|0,this.Fh=ae[10]|0,this.Fl=ae[11]|0,this.Gh=ae[12]|0,this.Gl=ae[13]|0,this.Hh=ae[14]|0,this.Hl=ae[15]|0}};z.SHA512_224=Ot;var Ut=class extends Ge{constructor(){super(32),this.Ah=fe[0]|0,this.Al=fe[1]|0,this.Bh=fe[2]|0,this.Bl=fe[3]|0,this.Ch=fe[4]|0,this.Cl=fe[5]|0,this.Dh=fe[6]|0,this.Dl=fe[7]|0,this.Eh=fe[8]|0,this.El=fe[9]|0,this.Fh=fe[10]|0,this.Fl=fe[11]|0,this.Gh=fe[12]|0,this.Gl=fe[13]|0,this.Hh=fe[14]|0,this.Hl=fe[15]|0}};z.SHA512_256=Ut;z.sha256=(0,J.createHasher)(()=>new ut);z.sha224=(0,J.createHasher)(()=>new It);z.sha512=(0,J.createHasher)(()=>new Ge);z.sha384=(0,J.createHasher)(()=>new Tt);z.sha512_256=(0,J.createHasher)(()=>new Ut);z.sha512_224=(0,J.createHasher)(()=>new Ot)});var xr=de(Xe=>{"use strict";Object.defineProperty(Xe,"__esModule",{value:!0});Xe.hmac=Xe.HMAC=void 0;var We=qe(),lt=class extends We.Hash{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,(0,We.ahash)(t);let n=(0,We.toBytes)(r);if(this.iHash=t.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?t.create().update(n).digest():n);for(let i=0;i<s.length;i++)s[i]^=54;this.iHash.update(s),this.oHash=t.create();for(let i=0;i<s.length;i++)s[i]^=106;this.oHash.update(s),(0,We.clean)(s)}update(t){return(0,We.aexists)(this),this.iHash.update(t),this}digestInto(t){(0,We.aexists)(this),(0,We.abytes)(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));let{oHash:r,iHash:n,finished:o,destroyed:s,blockLen:i,outputLen:c}=this;return t=t,t.finished=o,t.destroyed=s,t.blockLen=i,t.outputLen=c,t.oHash=r._cloneInto(t.oHash),t.iHash=n._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}};Xe.HMAC=lt;var us=(e,t,r)=>new lt(e,t).update(r).digest();Xe.hmac=us;Xe.hmac.create=(e,t)=>new lt(e,t)});var Ye=de(R=>{"use strict";Object.defineProperty(R,"__esModule",{value:!0});R.notImplemented=R.bitMask=R.utf8ToBytes=R.randomBytes=R.isBytes=R.hexToBytes=R.concatBytes=R.bytesToUtf8=R.bytesToHex=R.anumber=R.abytes=void 0;R.abool=ls;R._abool2=ds;R._abytes2=hs;R.numberToHexUnpadded=Er;R.hexToNumber=nn;R.bytesToNumberBE=ys;R.bytesToNumberLE=bs;R.numberToBytesBE=Br;R.numberToBytesLE=ws;R.numberToVarBytesBE=gs;R.ensureBytes=ms;R.equalBytes=ps;R.copyBytes=xs;R.asciiToBytes=Es;R.inRange=_r;R.aInRange=Bs;R.bitLen=_s;R.bitGet=vs;R.bitSet=Ss;R.createHmacDrbg=Hs;R.validateObject=Ts;R.isHash=Os;R._validateObject=Us;R.memoized=Ls;var ve=qe(),Te=qe();Object.defineProperty(R,"abytes",{enumerable:!0,get:function(){return Te.abytes}});Object.defineProperty(R,"anumber",{enumerable:!0,get:function(){return Te.anumber}});Object.defineProperty(R,"bytesToHex",{enumerable:!0,get:function(){return Te.bytesToHex}});Object.defineProperty(R,"bytesToUtf8",{enumerable:!0,get:function(){return Te.bytesToUtf8}});Object.defineProperty(R,"concatBytes",{enumerable:!0,get:function(){return Te.concatBytes}});Object.defineProperty(R,"hexToBytes",{enumerable:!0,get:function(){return Te.hexToBytes}});Object.defineProperty(R,"isBytes",{enumerable:!0,get:function(){return Te.isBytes}});Object.defineProperty(R,"randomBytes",{enumerable:!0,get:function(){return Te.randomBytes}});Object.defineProperty(R,"utf8ToBytes",{enumerable:!0,get:function(){return Te.utf8ToBytes}});var Rt=BigInt(0),dt=BigInt(1);function ls(e,t){if(typeof t!="boolean")throw new Error(e+" boolean expected, got "+t)}function ds(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function hs(e,t,r=""){let n=(0,ve.isBytes)(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,c=s?` of length ${t}`:"",a=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+c+", got "+a)}return e}function Er(e){let t=e.toString(16);return t.length&1?"0"+t:t}function nn(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?Rt:BigInt("0x"+e)}function ys(e){return nn((0,ve.bytesToHex)(e))}function bs(e){return(0,ve.abytes)(e),nn((0,ve.bytesToHex)(Uint8Array.from(e).reverse()))}function Br(e,t){return(0,ve.hexToBytes)(e.toString(16).padStart(t*2,"0"))}function ws(e,t){return Br(e,t).reverse()}function gs(e){return(0,ve.hexToBytes)(Er(e))}function ms(e,t,r){let n;if(typeof t=="string")try{n=(0,ve.hexToBytes)(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if((0,ve.isBytes)(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function ps(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function xs(e){return Uint8Array.from(e)}function Es(e){return Uint8Array.from(e,(t,r)=>{let n=t.charCodeAt(0);if(t.length!==1||n>127)throw new Error(`string contains non-ASCII character "${e[r]}" with code ${n} at position ${r}`);return n})}var tn=e=>typeof e=="bigint"&&Rt<=e;function _r(e,t,r){return tn(e)&&tn(t)&&tn(r)&&t<=e&&e<r}function Bs(e,t,r,n){if(!_r(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function _s(e){let t;for(t=0;e>Rt;e>>=dt,t+=1);return t}function vs(e,t){return e>>BigInt(t)&dt}function Ss(e,t,r){return e|(r?dt:Rt)<<BigInt(t)}var As=e=>(dt<<BigInt(e))-dt;R.bitMask=As;function Hs(e,t,r){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof t!="number"||t<2)throw new Error("qByteLen must be a number");if(typeof r!="function")throw new Error("hmacFn must be a function");let n=u=>new Uint8Array(u),o=u=>Uint8Array.of(u),s=n(e),i=n(e),c=0,a=()=>{s.fill(1),i.fill(0),c=0},l=(...u)=>r(i,s,...u),d=(u=n(0))=>{i=l(o(0),u),s=l(),u.length!==0&&(i=l(o(1),u),s=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let u=0,b=[];for(;u<t;){s=l();let m=s.slice();b.push(m),u+=s.length}return(0,ve.concatBytes)(...b)};return(u,b)=>{a(),d(u);let m;for(;!(m=b(h()));)d();return a(),m}}var Is={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||(0,ve.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function Ts(e,t,r={}){let n=(o,s,i)=>{let c=Is[s];if(typeof c!="function")throw new Error("invalid validator function");let a=e[o];if(!(i&&a===void 0)&&!c(a,e))throw new Error("param "+String(o)+" is invalid. Expected "+s+", got "+a)};for(let[o,s]of Object.entries(t))n(o,s,!1);for(let[o,s]of Object.entries(r))n(o,s,!0);return e}function Os(e){return typeof e=="function"&&Number.isSafeInteger(e.outputLen)}function Us(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let c=e[o];if(i&&c===void 0)return;let a=typeof c;if(a!==s||c===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${a}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var Rs=()=>{throw new Error("not implemented")};R.notImplemented=Rs;function Ls(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}});var tt=de(X=>{"use strict";Object.defineProperty(X,"__esModule",{value:!0});X.isNegativeLE=void 0;X.mod=ge;X.pow=ks;X.pow2=Cs;X.invert=Lt;X.tonelliShanks=on;X.FpSqrt=Or;X.validateField=Ds;X.FpPow=sn;X.FpInvertBatch=Ur;X.FpDiv=js;X.FpLegendre=qt;X.FpIsSquare=Zs;X.nLength=cn;X.Field=Vt;X.FpSqrtOdd=zs;X.FpSqrtEven=Gs;X.hashToPrivateScalar=Ws;X.getFieldBytesLength=an;X.getMinHashLength=Rr;X.mapHashToField=Xs;var me=Ye(),ye=BigInt(0),ee=BigInt(1),$e=BigInt(2),vr=BigInt(3),Sr=BigInt(4),Ar=BigInt(5),qs=BigInt(7),Hr=BigInt(8),Vs=BigInt(9),Ir=BigInt(16);function ge(e,t){let r=e%t;return r>=ye?r:t+r}function ks(e,t,r){return sn(Vt(r),e,t)}function Cs(e,t,r){let n=e;for(;t-- >ye;)n*=n,n%=r;return n}function Lt(e,t){if(e===ye)throw new Error("invert: expected non-zero number");if(t<=ye)throw new Error("invert: expected positive modulus, got "+t);let r=ge(e,t),n=t,o=ye,s=ee,i=ee,c=ye;for(;r!==ye;){let l=n/r,d=n%r,h=o-i*l,f=s-c*l;n=r,r=d,o=i,s=c,i=h,c=f}if(n!==ee)throw new Error("invert: does not exist");return ge(o,t)}function rn(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function Tr(e,t){let r=(e.ORDER+ee)/Sr,n=e.pow(t,r);return rn(e,n,t),n}function Ns(e,t){let r=(e.ORDER-Ar)/Hr,n=e.mul(t,$e),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,$e),o),c=e.mul(s,e.sub(i,e.ONE));return rn(e,c,t),c}function Ps(e){let t=Vt(e),r=on(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+qs)/Ir;return(c,a)=>{let l=c.pow(a,i),d=c.mul(l,n),h=c.mul(l,o),f=c.mul(l,s),u=c.eql(c.sqr(d),a),b=c.eql(c.sqr(h),a);l=c.cmov(l,d,u),d=c.cmov(f,h,b);let m=c.eql(c.sqr(d),a),B=c.cmov(l,d,m);return rn(c,B,a),B}}function on(e){if(e<vr)throw new Error("sqrt is not defined for small field");let t=e-ee,r=0;for(;t%$e===ye;)t/=$e,r++;let n=$e,o=Vt(e);for(;qt(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return Tr;let s=o.pow(n,t),i=(t+ee)/$e;return function(a,l){if(a.is0(l))return l;if(qt(a,l)!==1)throw new Error("Cannot find square root");let d=r,h=a.mul(a.ONE,s),f=a.pow(l,t),u=a.pow(l,i);for(;!a.eql(f,a.ONE);){if(a.is0(f))return a.ZERO;let b=1,m=a.sqr(f);for(;!a.eql(m,a.ONE);)if(b++,m=a.sqr(m),b===d)throw new Error("Cannot find square root");let B=ee<<BigInt(d-b-1),U=a.pow(h,B);d=b,h=a.sqr(U),f=a.mul(f,h),u=a.mul(u,U)}return u}}function Or(e){return e%Sr===vr?Tr:e%Hr===Ar?Ns:e%Ir===Vs?Ps(e):on(e)}var Ms=(e,t)=>(ge(e,t)&ee)===ee;X.isNegativeLE=Ms;var Ks=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function Ds(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=Ks.reduce((n,o)=>(n[o]="function",n),t);return(0,me._validateObject)(e,r),e}function sn(e,t,r){if(r<ye)throw new Error("invalid exponent, negatives unsupported");if(r===ye)return e.ONE;if(r===ee)return t;let n=e.ONE,o=t;for(;r>ye;)r&ee&&(n=e.mul(n,o)),o=e.sqr(o),r>>=ee;return n}function Ur(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,c,a)=>e.is0(c)?i:(n[a]=i,e.mul(i,c)),e.ONE),s=e.inv(o);return t.reduceRight((i,c,a)=>e.is0(c)?i:(n[a]=e.mul(i,n[a]),e.mul(i,c)),s),n}function js(e,t,r){return e.mul(t,typeof r=="bigint"?Lt(r,e.ORDER):e.inv(r))}function qt(e,t){let r=(e.ORDER-ee)/$e,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Zs(e,t){return qt(e,t)===1}function cn(e,t){t!==void 0&&(0,me.anumber)(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function Vt(e,t,r=!1,n={}){if(e<=ye)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,c;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),c=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:a,nByteLength:l}=cn(e,o);if(l>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d,h=Object.freeze({ORDER:e,isLE:r,BITS:a,BYTES:l,MASK:(0,me.bitMask)(a),ZERO:ye,ONE:ee,allowedLengths:c,create:f=>ge(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return ye<=f&&f<e},is0:f=>f===ye,isValidNot0:f=>!h.is0(f)&&h.isValid(f),isOdd:f=>(f&ee)===ee,neg:f=>ge(-f,e),eql:(f,u)=>f===u,sqr:f=>ge(f*f,e),add:(f,u)=>ge(f+u,e),sub:(f,u)=>ge(f-u,e),mul:(f,u)=>ge(f*u,e),pow:(f,u)=>sn(h,f,u),div:(f,u)=>ge(f*Lt(u,e),e),sqrN:f=>f*f,addN:(f,u)=>f+u,subN:(f,u)=>f-u,mulN:(f,u)=>f*u,inv:f=>Lt(f,e),sqrt:s||(f=>(d||(d=Or(e)),d(h,f))),toBytes:f=>r?(0,me.numberToBytesLE)(f,l):(0,me.numberToBytesBE)(f,l),fromBytes:(f,u=!0)=>{if(c){if(!c.includes(f.length)||f.length>l)throw new Error("Field.fromBytes: expected "+c+" bytes, got "+f.length);let m=new Uint8Array(l);m.set(f,r?0:m.length-f.length),f=m}if(f.length!==l)throw new Error("Field.fromBytes: expected "+l+" bytes, got "+f.length);let b=r?(0,me.bytesToNumberLE)(f):(0,me.bytesToNumberBE)(f);if(i&&(b=ge(b,e)),!u&&!h.isValid(b))throw new Error("invalid field element: outside of range 0..ORDER");return b},invertBatch:f=>Ur(h,f),cmov:(f,u,b)=>b?u:f});return Object.freeze(h)}function zs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?r:e.neg(r)}function Gs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?e.neg(r):r}function Ws(e,t,r=!1){e=(0,me.ensureBytes)("privateHash",e);let n=e.length,o=cn(t).nByteLength+8;if(o<24||n<o||n>1024)throw new Error("hashToPrivateScalar: expected "+o+"-1024 bytes of input, got "+n);let s=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e);return ge(s,t-ee)+ee}function an(e){if(typeof e!="bigint")throw new Error("field order must be bigint");let t=e.toString(2).length;return Math.ceil(t/8)}function Rr(e){let t=an(e);return t+Math.ceil(t/2)}function Xs(e,t,r=!1){let n=e.length,o=an(t),s=Rr(t);if(n<16||n<s||n>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+n);let i=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e),c=ge(i,t-ee)+ee;return r?(0,me.numberToBytesLE)(c,o):(0,me.numberToBytesBE)(c,o)}});var Pr=de(xe=>{"use strict";Object.defineProperty(xe,"__esModule",{value:!0});xe.wNAF=void 0;xe.negateCt=dn;xe.normalizeZ=Ys;xe.mulEndoUnsafe=$s;xe.pippenger=Fs;xe.precomputeMSMUnsafe=Qs;xe.validateBasic=Js;xe._createCurveFields=ei;var ht=Ye(),yt=tt(),nt=BigInt(0),Fe=BigInt(1);function dn(e,t){let r=t.negate();return e?r:t}function Ys(e,t){let r=(0,yt.FpInvertBatch)(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function yn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function fn(e,t){yn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=(0,ht.bitMask)(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function Lr(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,c=Number(e&o),a=e>>i;c>n&&(c-=s,a+=Fe);let l=t*n,d=l+Math.abs(c)-1,h=c===0,f=c<0,u=t%2!==0;return{nextN:a,offset:d,isZero:h,isNeg:f,isNegF:u,offsetF:l}}function kr(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function Cr(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var un=new WeakMap,Nr=new WeakMap;function ln(e){return Nr.get(e)||1}function qr(e){if(e!==nt)throw new Error("invalid wNAF")}var hn=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>nt;)r&Fe&&(n=n.add(o)),o=o.double(),r>>=Fe;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=fn(r,this.bits),s=[],i=t,c=i;for(let a=0;a<n;a++){c=i,s.push(c);for(let l=1;l<o;l++)c=c.add(i),s.push(c);i=c.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=fn(t,this.bits);for(let c=0;c<i.windows;c++){let{nextN:a,offset:l,isZero:d,isNeg:h,isNegF:f,offsetF:u}=Lr(n,c,i);n=a,d?s=s.add(dn(f,r[u])):o=o.add(dn(h,r[l]))}return qr(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=fn(t,this.bits);for(let i=0;i<s.windows&&n!==nt;i++){let{nextN:c,offset:a,isZero:l,isNeg:d}=Lr(n,i,s);if(n=c,!l){let h=r[a];o=o.add(d?h.negate():h)}}return qr(n),o}getPrecomputes(t,r,n){let o=un.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),un.set(r,o))),o}cached(t,r,n){let o=ln(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=ln(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){yn(r,this.bits),Nr.set(t,r),un.delete(t)}hasCache(t){return ln(t)!==1}};xe.wNAF=hn;function $s(e,t,r,n){let o=t,s=e.ZERO,i=e.ZERO;for(;r>nt||n>nt;)r&Fe&&(s=s.add(o)),n&Fe&&(i=i.add(o)),o=o.double(),r>>=Fe,n>>=Fe;return{p1:s,p2:i}}function Fs(e,t,r,n){kr(r,e),Cr(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,c=(0,ht.bitLen)(BigInt(o)),a=1;c>12?a=c-3:c>4?a=c-2:c>0&&(a=2);let l=(0,ht.bitMask)(a),d=new Array(Number(l)+1).fill(i),h=Math.floor((t.BITS-1)/a)*a,f=i;for(let u=h;u>=0;u-=a){d.fill(i);for(let m=0;m<s;m++){let B=n[m],U=Number(B>>BigInt(u)&l);d[U]=d[U].add(r[m])}let b=i;for(let m=d.length-1,B=i;m>0;m--)B=B.add(d[m]),b=b.add(B);if(f=f.add(b),u!==0)for(let m=0;m<a;m++)f=f.double()}return f}function Qs(e,t,r,n){yn(n,t.BITS),kr(r,e);let o=e.ZERO,s=2**n-1,i=Math.ceil(t.BITS/n),c=(0,ht.bitMask)(n),a=r.map(l=>{let d=[];for(let h=0,f=l;h<s;h++)d.push(f),f=f.add(l);return d});return l=>{if(Cr(l,t),l.length>r.length)throw new Error("array of scalars must be smaller than array of points");let d=o;for(let h=0;h<i;h++){if(d!==o)for(let u=0;u<n;u++)d=d.double();let f=BigInt(i*n-(h+1)*n);for(let u=0;u<l.length;u++){let b=l[u],m=Number(b>>f&c);m&&(d=d.add(a[u][m-1]))}}return d}}function Js(e){return(0,yt.validateField)(e.Fp),(0,ht.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,yt.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}function Vr(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,yt.validateField)(t),t}else return(0,yt.Field)(e,{isLE:r})}function ei(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let a of["p","n","h"]){let l=t[a];if(!(typeof l=="bigint"&&l>nt))throw new Error(`CURVE.${a} must be positive bigint`)}let o=Vr(t.p,r.Fp,n),s=Vr(t.n,r.Fn,n),c=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let a of c)if(!o.isValid(t[a]))throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}});var pn=de(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.DER=W.DERErr=void 0;W._splitEndoScalar=Kr;W._normFnElement=Ne;W.weierstrassN=mn;W.SWUFpSqrtRatio=jr;W.mapToCurveSimpleSWU=ri;W.ecdh=zr;W.ecdsa=Gr;W.weierstrassPoints=oi;W._legacyHelperEquat=Xr;W.weierstrass=ai;var ti=xr(),ni=qe(),H=Ye(),Oe=Pr(),ot=tt(),Mr=(e,t)=>(e+(e>=0?t:-t)/Se)/t;function Kr(e,t,r){let[[n,o],[s,i]]=t,c=Mr(i*e,r),a=Mr(-o*e,r),l=e-c*n-a*s,d=-c*o-a*i,h=l<Ee,f=d<Ee;h&&(l=-l),f&&(d=-d);let u=(0,H.bitMask)(Math.ceil((0,H.bitLen)(r)/2))+re;if(l<Ee||l>=u||d<Ee||d>=u)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:h,k1:l,k2neg:f,k2:d}}function wn(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function bn(e,t){let r={};for(let n of Object.keys(t))r[n]=e[n]===void 0?t[n]:e[n];return(0,H._abool2)(r.lowS,"lowS"),(0,H._abool2)(r.prehash,"prehash"),r.format!==void 0&&wn(r.format),r}var kt=class extends Error{constructor(t=""){super(t)}};W.DERErr=kt;W.DER={Err:kt,_tlv:{encode:(e,t)=>{let{Err:r}=W.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length&1)throw new r("tlv.encode: unpadded data");let n=t.length/2,o=(0,H.numberToHexUnpadded)(n);if(o.length/2&128)throw new r("tlv.encode: long form length too big");let s=n>127?(0,H.numberToHexUnpadded)(o.length/2|128):"";return(0,H.numberToHexUnpadded)(e)+s+o+t},decode(e,t){let{Err:r}=W.DER,n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");let o=t[n++],s=!!(o&128),i=0;if(!s)i=o;else{let a=o&127;if(!a)throw new r("tlv.decode(long): indefinite length not supported");if(a>4)throw new r("tlv.decode(long): byte length is too big");let l=t.subarray(n,n+a);if(l.length!==a)throw new r("tlv.decode: length bytes not complete");if(l[0]===0)throw new r("tlv.decode(long): zero leftmost byte");for(let d of l)i=i<<8|d;if(n+=a,i<128)throw new r("tlv.decode(long): not minimal encoding")}let c=t.subarray(n,n+i);if(c.length!==i)throw new r("tlv.decode: wrong value length");return{v:c,l:t.subarray(n+i)}}},_int:{encode(e){let{Err:t}=W.DER;if(e<Ee)throw new t("integer: negative integers are not allowed");let r=(0,H.numberToHexUnpadded)(e);if(Number.parseInt(r[0],16)&8&&(r="00"+r),r.length&1)throw new t("unexpected DER parsing assertion: unpadded hex");return r},decode(e){let{Err:t}=W.DER;if(e[0]&128)throw new t("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new t("invalid signature integer: unnecessary leading zero");return(0,H.bytesToNumberBE)(e)}},toSig(e){let{Err:t,_int:r,_tlv:n}=W.DER,o=(0,H.ensureBytes)("signature",e),{v:s,l:i}=n.decode(48,o);if(i.length)throw new t("invalid signature: left bytes after parsing");let{v:c,l:a}=n.decode(2,s),{v:l,l:d}=n.decode(2,a);if(d.length)throw new t("invalid signature: left bytes after parsing");return{r:r.decode(c),s:r.decode(l)}},hexFromSig(e){let{_tlv:t,_int:r}=W.DER,n=t.encode(2,r.encode(e.r)),o=t.encode(2,r.encode(e.s)),s=n+o;return t.encode(48,s)}};var Ee=BigInt(0),re=BigInt(1),Se=BigInt(2),rt=BigInt(3),gn=BigInt(4);function Ne(e,t){let{BYTES:r}=e,n;if(typeof t=="bigint")n=t;else{let o=(0,H.ensureBytes)("private key",t);try{n=e.fromBytes(o)}catch{throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof t}`)}}if(!e.isValidNot0(n))throw new Error("invalid private key: out of range [1..N-1]");return n}function mn(e,t={}){let r=(0,Oe._createCurveFields)("weierstrass",e,t),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i,n:c}=s;(0,H._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});let{endo:a}=t;if(a&&(!n.is0(s.a)||typeof a.beta!="bigint"||!Array.isArray(a.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');let l=Zr(n,o);function d(){if(!n.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}function h(V,g,w){let{x:y,y:p}=g.toAffine(),E=n.toBytes(y);if((0,H._abool2)(w,"isCompressed"),w){d();let A=!n.isOdd(p);return(0,H.concatBytes)(Dr(A),E)}else return(0,H.concatBytes)(Uint8Array.of(4),E,n.toBytes(p))}function f(V){(0,H._abytes2)(V,void 0,"Point");let{publicKey:g,publicKeyUncompressed:w}=l,y=V.length,p=V[0],E=V.subarray(1);if(y===g&&(p===2||p===3)){let A=n.fromBytes(E);if(!n.isValid(A))throw new Error("bad point: is not on curve, wrong x");let I=m(A),S;try{S=n.sqrt(I)}catch(te){let G=te instanceof Error?": "+te.message:"";throw new Error("bad point: is not on curve, sqrt error"+G)}d();let L=n.isOdd(S);return(p&1)===1!==L&&(S=n.neg(S)),{x:A,y:S}}else if(y===w&&p===4){let A=n.BYTES,I=n.fromBytes(E.subarray(0,A)),S=n.fromBytes(E.subarray(A,A*2));if(!B(I,S))throw new Error("bad point: is not on curve");return{x:I,y:S}}else throw new Error(`bad point: got length ${y}, expected compressed=${g} or uncompressed=${w}`)}let u=t.toBytes||h,b=t.fromBytes||f;function m(V){let g=n.sqr(V),w=n.mul(g,V);return n.add(n.add(w,n.mul(V,s.a)),s.b)}function B(V,g){let w=n.sqr(g),y=m(V);return n.eql(w,y)}if(!B(s.Gx,s.Gy))throw new Error("bad curve params: generator point");let U=n.mul(n.pow(s.a,rt),gn),C=n.mul(n.sqr(s.b),BigInt(27));if(n.is0(n.add(U,C)))throw new Error("bad curve params: a or b");function x(V,g,w=!1){if(!n.isValid(g)||w&&n.is0(g))throw new Error(`bad point coordinate ${V}`);return g}function q(V){if(!(V instanceof v))throw new Error("ProjectivePoint expected")}function K(V){if(!a||!a.basises)throw new Error("no endo");return Kr(V,a.basises,o.ORDER)}let Y=(0,H.memoized)((V,g)=>{let{X:w,Y:y,Z:p}=V;if(n.eql(p,n.ONE))return{x:w,y};let E=V.is0();g==null&&(g=E?n.ONE:n.inv(p));let A=n.mul(w,g),I=n.mul(y,g),S=n.mul(p,g);if(E)return{x:n.ZERO,y:n.ZERO};if(!n.eql(S,n.ONE))throw new Error("invZ was invalid");return{x:A,y:I}}),Z=(0,H.memoized)(V=>{if(V.is0()){if(t.allowInfinityPoint&&!n.is0(V.Y))return;throw new Error("bad point: ZERO")}let{x:g,y:w}=V.toAffine();if(!n.isValid(g)||!n.isValid(w))throw new Error("bad point: x or y not field elements");if(!B(g,w))throw new Error("bad point: equation left != right");if(!V.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function M(V,g,w,y,p){return w=new v(n.mul(w.X,V),w.Y,w.Z),g=(0,Oe.negateCt)(y,g),w=(0,Oe.negateCt)(p,w),g.add(w)}class v{constructor(g,w,y){this.X=x("x",g),this.Y=x("y",w,!0),this.Z=x("z",y),Object.freeze(this)}static CURVE(){return s}static fromAffine(g){let{x:w,y}=g||{};if(!g||!n.isValid(w)||!n.isValid(y))throw new Error("invalid affine point");if(g instanceof v)throw new Error("projective point not allowed");return n.is0(w)&&n.is0(y)?v.ZERO:new v(w,y,n.ONE)}static fromBytes(g){let w=v.fromAffine(b((0,H._abytes2)(g,void 0,"point")));return w.assertValidity(),w}static fromHex(g){return v.fromBytes((0,H.ensureBytes)("pointHex",g))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(g=8,w=!0){return le.createCache(this,g),w||this.multiply(rt),this}assertValidity(){Z(this)}hasEvenY(){let{y:g}=this.toAffine();if(!n.isOdd)throw new Error("Field doesn't support isOdd");return!n.isOdd(g)}equals(g){q(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:A,Z:I}=g,S=n.eql(n.mul(w,I),n.mul(E,p)),L=n.eql(n.mul(y,I),n.mul(A,p));return S&&L}negate(){return new v(this.X,n.neg(this.Y),this.Z)}double(){let{a:g,b:w}=s,y=n.mul(w,rt),{X:p,Y:E,Z:A}=this,I=n.ZERO,S=n.ZERO,L=n.ZERO,N=n.mul(p,p),te=n.mul(E,E),G=n.mul(A,A),D=n.mul(p,E);return D=n.add(D,D),L=n.mul(p,A),L=n.add(L,L),I=n.mul(g,L),S=n.mul(y,G),S=n.add(I,S),I=n.sub(te,S),S=n.add(te,S),S=n.mul(I,S),I=n.mul(D,I),L=n.mul(y,L),G=n.mul(g,G),D=n.sub(N,G),D=n.mul(g,D),D=n.add(D,L),L=n.add(N,N),N=n.add(L,N),N=n.add(N,G),N=n.mul(N,D),S=n.add(S,N),G=n.mul(E,A),G=n.add(G,G),N=n.mul(G,D),I=n.sub(I,N),L=n.mul(G,te),L=n.add(L,L),L=n.add(L,L),new v(I,S,L)}add(g){q(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:A,Z:I}=g,S=n.ZERO,L=n.ZERO,N=n.ZERO,te=s.a,G=n.mul(s.b,rt),D=n.mul(w,E),$=n.mul(y,A),ne=n.mul(p,I),we=n.add(w,y),F=n.add(E,A);we=n.mul(we,F),F=n.add(D,$),we=n.sub(we,F),F=n.add(w,p);let ce=n.add(E,I);return F=n.mul(F,ce),ce=n.add(D,ne),F=n.sub(F,ce),ce=n.add(y,p),S=n.add(A,I),ce=n.mul(ce,S),S=n.add($,ne),ce=n.sub(ce,S),N=n.mul(te,F),S=n.mul(G,ne),N=n.add(S,N),S=n.sub($,N),N=n.add($,N),L=n.mul(S,N),$=n.add(D,D),$=n.add($,D),ne=n.mul(te,ne),F=n.mul(G,F),$=n.add($,ne),ne=n.sub(D,ne),ne=n.mul(te,ne),F=n.add(F,ne),D=n.mul($,F),L=n.add(L,D),D=n.mul(ce,F),S=n.mul(we,S),S=n.sub(S,D),D=n.mul(we,$),N=n.mul(ce,N),N=n.add(N,D),new v(S,L,N)}subtract(g){return this.add(g.negate())}is0(){return this.equals(v.ZERO)}multiply(g){let{endo:w}=t;if(!o.isValidNot0(g))throw new Error("invalid scalar: out of range");let y,p,E=A=>le.cached(this,A,I=>(0,Oe.normalizeZ)(v,I));if(w){let{k1neg:A,k1:I,k2neg:S,k2:L}=K(g),{p:N,f:te}=E(I),{p:G,f:D}=E(L);p=te.add(D),y=M(w.beta,N,G,A,S)}else{let{p:A,f:I}=E(g);y=A,p=I}return(0,Oe.normalizeZ)(v,[y,p])[0]}multiplyUnsafe(g){let{endo:w}=t,y=this;if(!o.isValid(g))throw new Error("invalid scalar: out of range");if(g===Ee||y.is0())return v.ZERO;if(g===re)return y;if(le.hasCache(this))return this.multiply(g);if(w){let{k1neg:p,k1:E,k2neg:A,k2:I}=K(g),{p1:S,p2:L}=(0,Oe.mulEndoUnsafe)(v,y,E,I);return M(w.beta,S,L,p,A)}else return le.unsafe(y,g)}multiplyAndAddUnsafe(g,w,y){let p=this.multiplyUnsafe(w).add(g.multiplyUnsafe(y));return p.is0()?void 0:p}toAffine(g){return Y(this,g)}isTorsionFree(){let{isTorsionFree:g}=t;return i===re?!0:g?g(v,this):le.unsafe(this,c).is0()}clearCofactor(){let{clearCofactor:g}=t;return i===re?this:g?g(v,this):this.multiplyUnsafe(i)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}toBytes(g=!0){return(0,H._abool2)(g,"isCompressed"),this.assertValidity(),u(v,this,g)}toHex(g=!0){return(0,H.bytesToHex)(this.toBytes(g))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(g=!0){return this.toBytes(g)}_setWindowSize(g){this.precompute(g)}static normalizeZ(g){return(0,Oe.normalizeZ)(v,g)}static msm(g,w){return(0,Oe.pippenger)(v,o,g,w)}static fromPrivateKey(g){return v.BASE.multiply(Ne(o,g))}}v.BASE=new v(s.Gx,s.Gy,n.ONE),v.ZERO=new v(n.ZERO,n.ONE,n.ZERO),v.Fp=n,v.Fn=o;let ue=o.BITS,le=new Oe.wNAF(v,t.endo?Math.ceil(ue/2):ue);return v.BASE.precompute(8),v}function Dr(e){return Uint8Array.of(e?2:3)}function jr(e,t){let r=e.ORDER,n=Ee;for(let b=r-re;b%Se===Ee;b/=Se)n+=re;let o=n,s=Se<<o-re-re,i=s*Se,c=(r-re)/i,a=(c-re)/Se,l=i-re,d=s,h=e.pow(t,c),f=e.pow(t,(c+re)/Se),u=(b,m)=>{let B=h,U=e.pow(m,l),C=e.sqr(U);C=e.mul(C,m);let x=e.mul(b,C);x=e.pow(x,a),x=e.mul(x,U),U=e.mul(x,m),C=e.mul(x,b);let q=e.mul(C,U);x=e.pow(q,d);let K=e.eql(x,e.ONE);U=e.mul(C,f),x=e.mul(q,B),C=e.cmov(U,C,K),q=e.cmov(x,q,K);for(let Y=o;Y>re;Y--){let Z=Y-Se;Z=Se<<Z-re;let M=e.pow(q,Z),v=e.eql(M,e.ONE);U=e.mul(C,B),B=e.mul(B,B),M=e.mul(q,B),C=e.cmov(U,C,v),q=e.cmov(M,q,v)}return{isValid:K,value:C}};if(e.ORDER%gn===rt){let b=(e.ORDER-rt)/gn,m=e.sqrt(e.neg(t));u=(B,U)=>{let C=e.sqr(U),x=e.mul(B,U);C=e.mul(C,x);let q=e.pow(C,b);q=e.mul(q,x);let K=e.mul(q,m),Y=e.mul(e.sqr(q),U),Z=e.eql(Y,B),M=e.cmov(K,q,Z);return{isValid:Z,value:M}}}return u}function ri(e,t){(0,ot.validateField)(e);let{A:r,B:n,Z:o}=t;if(!e.isValid(r)||!e.isValid(n)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");let s=jr(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return i=>{let c,a,l,d,h,f,u,b;c=e.sqr(i),c=e.mul(c,o),a=e.sqr(c),a=e.add(a,c),l=e.add(a,e.ONE),l=e.mul(l,n),d=e.cmov(o,e.neg(a),!e.eql(a,e.ZERO)),d=e.mul(d,r),a=e.sqr(l),f=e.sqr(d),h=e.mul(f,r),a=e.add(a,h),a=e.mul(a,l),f=e.mul(f,d),h=e.mul(f,n),a=e.add(a,h),u=e.mul(c,l);let{isValid:m,value:B}=s(a,f);b=e.mul(c,i),b=e.mul(b,B),u=e.cmov(u,l,m),b=e.cmov(b,B,m);let U=e.isOdd(i)===e.isOdd(b);b=e.cmov(e.neg(b),b,U);let C=(0,ot.FpInvertBatch)(e,[d],!0)[0];return u=e.mul(u,C),{x:u,y:b}}}function Zr(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function zr(e,t={}){let{Fn:r}=e,n=t.randomBytes||H.randomBytes,o=Object.assign(Zr(e.Fp,r),{seed:(0,ot.getMinHashLength)(r.ORDER)});function s(u){try{return!!Ne(r,u)}catch{return!1}}function i(u,b){let{publicKey:m,publicKeyUncompressed:B}=o;try{let U=u.length;return b===!0&&U!==m||b===!1&&U!==B?!1:!!e.fromBytes(u)}catch{return!1}}function c(u=n(o.seed)){return(0,ot.mapHashToField)((0,H._abytes2)(u,o.seed,"seed"),r.ORDER)}function a(u,b=!0){return e.BASE.multiply(Ne(r,u)).toBytes(b)}function l(u){let b=c(u);return{secretKey:b,publicKey:a(b)}}function d(u){if(typeof u=="bigint")return!1;if(u instanceof e)return!0;let{secretKey:b,publicKey:m,publicKeyUncompressed:B}=o;if(r.allowedLengths||b===m)return;let U=(0,H.ensureBytes)("key",u).length;return U===m||U===B}function h(u,b,m=!0){if(d(u)===!0)throw new Error("first arg must be private key");if(d(b)===!1)throw new Error("second arg must be public key");let B=Ne(r,u);return e.fromHex(b).multiply(B).toBytes(m)}return Object.freeze({getPublicKey:a,getSharedSecret:h,keygen:l,Point:e,utils:{isValidSecretKey:s,isValidPublicKey:i,randomSecretKey:c,isValidPrivateKey:s,randomPrivateKey:c,normPrivateKeyToScalar:u=>Ne(r,u),precompute(u=8,b=e.BASE){return b.precompute(u,!1)}},lengths:o})}function Gr(e,t,r={}){(0,ni.ahash)(t),(0,H._validateObject)(r,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});let n=r.randomBytes||H.randomBytes,o=r.hmac||((w,...y)=>(0,ti.hmac)(t,w,(0,H.concatBytes)(...y))),{Fp:s,Fn:i}=e,{ORDER:c,BITS:a}=i,{keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u}=zr(e,r),b={prehash:!1,lowS:typeof r.lowS=="boolean"?r.lowS:!1,format:void 0,extraEntropy:!1},m="compact";function B(w){let y=c>>re;return w>y}function U(w,y){if(!i.isValidNot0(y))throw new Error(`invalid signature ${w}: out of range 1..Point.Fn.ORDER`);return y}function C(w,y){wn(y);let p=u.signature,E=y==="compact"?p:y==="recovered"?p+1:void 0;return(0,H._abytes2)(w,E,`${y} signature`)}class x{constructor(y,p,E){this.r=U("r",y),this.s=U("s",p),E!=null&&(this.recovery=E),Object.freeze(this)}static fromBytes(y,p=m){C(y,p);let E;if(p==="der"){let{r:L,s:N}=W.DER.toSig((0,H._abytes2)(y));return new x(L,N)}p==="recovered"&&(E=y[0],p="compact",y=y.subarray(1));let A=i.BYTES,I=y.subarray(0,A),S=y.subarray(A,A*2);return new x(i.fromBytes(I),i.fromBytes(S),E)}static fromHex(y,p){return this.fromBytes((0,H.hexToBytes)(y),p)}addRecoveryBit(y){return new x(this.r,this.s,y)}recoverPublicKey(y){let p=s.ORDER,{r:E,s:A,recovery:I}=this;if(I==null||![0,1,2,3].includes(I))throw new Error("recovery id invalid");if(c*Se<p&&I>1)throw new Error("recovery id is ambiguous for h>1 curve");let L=I===2||I===3?E+c:E;if(!s.isValid(L))throw new Error("recovery id 2 or 3 invalid");let N=s.toBytes(L),te=e.fromBytes((0,H.concatBytes)(Dr((I&1)===0),N)),G=i.inv(L),D=K((0,H.ensureBytes)("msgHash",y)),$=i.create(-D*G),ne=i.create(A*G),we=e.BASE.multiplyUnsafe($).add(te.multiplyUnsafe(ne));if(we.is0())throw new Error("point at infinify");return we.assertValidity(),we}hasHighS(){return B(this.s)}toBytes(y=m){if(wn(y),y==="der")return(0,H.hexToBytes)(W.DER.hexFromSig(this));let p=i.toBytes(this.r),E=i.toBytes(this.s);if(y==="recovered"){if(this.recovery==null)throw new Error("recovery bit must be present");return(0,H.concatBytes)(Uint8Array.of(this.recovery),p,E)}return(0,H.concatBytes)(p,E)}toHex(y){return(0,H.bytesToHex)(this.toBytes(y))}assertValidity(){}static fromCompact(y){return x.fromBytes((0,H.ensureBytes)("sig",y),"compact")}static fromDER(y){return x.fromBytes((0,H.ensureBytes)("sig",y),"der")}normalizeS(){return this.hasHighS()?new x(this.r,i.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,H.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,H.bytesToHex)(this.toBytes("compact"))}}let q=r.bits2int||function(y){if(y.length>8192)throw new Error("input is too large");let p=(0,H.bytesToNumberBE)(y),E=y.length*8-a;return E>0?p>>BigInt(E):p},K=r.bits2int_modN||function(y){return i.create(q(y))},Y=(0,H.bitMask)(a);function Z(w){return(0,H.aInRange)("num < 2^"+a,w,Ee,Y),i.toBytes(w)}function M(w,y){return(0,H._abytes2)(w,void 0,"message"),y?(0,H._abytes2)(t(w),void 0,"prehashed message"):w}function v(w,y,p){if(["recovered","canonical"].some($=>$ in p))throw new Error("sign() legacy options not supported");let{lowS:E,prehash:A,extraEntropy:I}=bn(p,b);w=M(w,A);let S=K(w),L=Ne(i,y),N=[Z(L),Z(S)];if(I!=null&&I!==!1){let $=I===!0?n(u.secretKey):I;N.push((0,H.ensureBytes)("extraEntropy",$))}let te=(0,H.concatBytes)(...N),G=S;function D($){let ne=q($);if(!i.isValidNot0(ne))return;let we=i.inv(ne),F=e.BASE.multiply(ne).toAffine(),ce=i.create(F.x);if(ce===Ee)return;let _t=i.create(we*i.create(G+ce*L));if(_t===Ee)return;let Cn=(F.x===ce?0:2)|Number(F.y&re),Nn=_t;return E&&B(_t)&&(Nn=i.neg(_t),Cn^=1),new x(ce,Nn,Cn)}return{seed:te,k2sig:D}}function ue(w,y,p={}){w=(0,H.ensureBytes)("message",w);let{seed:E,k2sig:A}=v(w,y,p);return(0,H.createHmacDrbg)(t.outputLen,i.BYTES,o)(E,A)}function le(w){let y,p=typeof w=="string"||(0,H.isBytes)(w),E=!p&&w!==null&&typeof w=="object"&&typeof w.r=="bigint"&&typeof w.s=="bigint";if(!p&&!E)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(E)y=new x(w.r,w.s);else if(p){try{y=x.fromBytes((0,H.ensureBytes)("sig",w),"der")}catch(A){if(!(A instanceof W.DER.Err))throw A}if(!y)try{y=x.fromBytes((0,H.ensureBytes)("sig",w),"compact")}catch{return!1}}return y||!1}function V(w,y,p,E={}){let{lowS:A,prehash:I,format:S}=bn(E,b);if(p=(0,H.ensureBytes)("publicKey",p),y=M((0,H.ensureBytes)("message",y),I),"strict"in E)throw new Error("options.strict was renamed to lowS");let L=S===void 0?le(w):x.fromBytes((0,H.ensureBytes)("sig",w),S);if(L===!1)return!1;try{let N=e.fromBytes(p);if(A&&L.hasHighS())return!1;let{r:te,s:G}=L,D=K(y),$=i.inv(G),ne=i.create(D*$),we=i.create(te*$),F=e.BASE.multiplyUnsafe(ne).add(N.multiplyUnsafe(we));return F.is0()?!1:i.create(F.x)===te}catch{return!1}}function g(w,y,p={}){let{prehash:E}=bn(p,b);return y=M(y,E),x.fromBytes(w,"recovered").recoverPublicKey(y).toBytes()}return Object.freeze({keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u,Point:e,sign:ue,verify:V,recoverPublicKey:g,Signature:x,hash:t})}function oi(e){let{CURVE:t,curveOpts:r}=Wr(e),n=mn(t,r);return ii(e,n)}function Wr(e){let t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(i=>Math.ceil(i/2)))):void 0,o=(0,ot.Field)(t.n,{BITS:e.nBitLength,allowedLengths:n,modFromBytes:e.wrapPrivateKey}),s={Fp:r,Fn:o,allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes};return{CURVE:t,curveOpts:s}}function si(e){let{CURVE:t,curveOpts:r}=Wr(e),n={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:r,hash:e.hash,ecdsaOpts:n}}function Xr(e,t,r){function n(o){let s=e.sqr(o),i=e.mul(s,o);return e.add(e.add(i,e.mul(o,t)),r)}return n}function ii(e,t){let{Fp:r,Fn:n}=t;function o(i){return(0,H.inRange)(i,re,n.ORDER)}let s=Xr(r,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:i=>Ne(n,i),weierstrassEquation:s,isWithinCurveOrder:o})}function ci(e,t){let r=t.Point;return Object.assign({},t,{ProjectivePoint:r,CURVE:Object.assign({},e,(0,ot.nLength)(r.Fn.ORDER,r.Fn.BITS))})}function ai(e){let{CURVE:t,curveOpts:r,hash:n,ecdsaOpts:o}=si(e),s=mn(t,r),i=Gr(s,n,o);return ci(e,i)}});var Yr=de(Ct=>{"use strict";Object.defineProperty(Ct,"__esModule",{value:!0});Ct.getHash=ui;Ct.createCurve=li;var fi=pn();function ui(e){return{hash:e}}function li(e,t){let r=n=>(0,fi.weierstrass)({...e,hash:n});return{...r(t),create:r}}});var eo=de(Ae=>{"use strict";Object.defineProperty(Ae,"__esModule",{value:!0});Ae._DST_scalar=void 0;Ae.expand_message_xmd=Qr;Ae.expand_message_xof=Jr;Ae.hash_to_field=Nt;Ae.isogenyMap=yi;Ae.createHasher=bi;var oe=Ye(),$r=tt(),di=oe.bytesToNumberBE;function Pe(e,t){if(bt(e),bt(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);let r=Array.from({length:t}).fill(0);for(let n=t-1;n>=0;n--)r[n]=e&255,e>>>=8;return new Uint8Array(r)}function hi(e,t){let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e[n]^t[n];return r}function bt(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function Fr(e){if(!(0,oe.isBytes)(e)&&typeof e!="string")throw new Error("DST must be Uint8Array or string");return typeof e=="string"?(0,oe.utf8ToBytes)(e):e}function Qr(e,t,r,n){(0,oe.abytes)(e),bt(r),t=Fr(t),t.length>255&&(t=n((0,oe.concatBytes)((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));let{outputLen:o,blockLen:s}=n,i=Math.ceil(r/o);if(r>65535||i>255)throw new Error("expand_message_xmd: invalid lenInBytes");let c=(0,oe.concatBytes)(t,Pe(t.length,1)),a=Pe(0,s),l=Pe(r,2),d=new Array(i),h=n((0,oe.concatBytes)(a,e,l,Pe(0,1),c));d[0]=n((0,oe.concatBytes)(h,Pe(1,1),c));for(let u=1;u<=i;u++){let b=[hi(h,d[u-1]),Pe(u+1,1),c];d[u]=n((0,oe.concatBytes)(...b))}return(0,oe.concatBytes)(...d).slice(0,r)}function Jr(e,t,r,n,o){if((0,oe.abytes)(e),bt(r),t=Fr(t),t.length>255){let s=Math.ceil(2*n/8);t=o.create({dkLen:s}).update((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(r>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return o.create({dkLen:r}).update(e).update(Pe(r,2)).update(t).update(Pe(t.length,1)).digest()}function Nt(e,t,r){(0,oe._validateObject)(r,{p:"bigint",m:"number",k:"number",hash:"function"});let{p:n,k:o,m:s,hash:i,expand:c,DST:a}=r;if(!(0,oe.isHash)(r.hash))throw new Error("expected valid hash");(0,oe.abytes)(e),bt(t);let l=n.toString(2).length,d=Math.ceil((l+o)/8),h=t*s*d,f;if(c==="xmd")f=Qr(e,a,h,i);else if(c==="xof")f=Jr(e,a,h,o,i);else if(c==="_internal_pass")f=e;else throw new Error('expand must be "xmd" or "xof"');let u=new Array(t);for(let b=0;b<t;b++){let m=new Array(s);for(let B=0;B<s;B++){let U=d*(B+b*s),C=f.subarray(U,U+d);m[B]=(0,$r.mod)(di(C),n)}u[b]=m}return u}function yi(e,t){let r=t.map(n=>Array.from(n).reverse());return(n,o)=>{let[s,i,c,a]=r.map(h=>h.reduce((f,u)=>e.add(e.mul(f,n),u))),[l,d]=(0,$r.FpInvertBatch)(e,[i,a],!0);return n=e.mul(s,l),o=e.mul(o,e.mul(c,d)),{x:n,y:o}}}Ae._DST_scalar=(0,oe.utf8ToBytes)("HashToScalar-");function bi(e,t,r){if(typeof t!="function")throw new Error("mapToCurve() must be defined");function n(s){return e.fromAffine(t(s))}function o(s){let i=s.clearCofactor();return i.equals(e.ZERO)?e.ZERO:(i.assertValidity(),i)}return{defaults:r,hashToCurve(s,i){let c=Object.assign({},r,i),a=Nt(s,2,c),l=n(a[0]),d=n(a[1]);return o(l.add(d))},encodeToCurve(s,i){let c=r.encodeDST?{DST:r.encodeDST}:{},a=Object.assign({},r,c,i),l=Nt(s,1,a),d=n(l[0]);return o(d)},mapToCurve(s){if(!Array.isArray(s))throw new Error("expected array of bigints");for(let i of s)if(typeof i!="bigint")throw new Error("expected array of bigints");return o(n(s))},hashToScalar(s,i){let c=e.Fn.ORDER,a=Object.assign({},r,{p:c,m:1,DST:Ae._DST_scalar},i);return Nt(s,1,a)[0][0]}}}});var uo=de(se=>{"use strict";Object.defineProperty(se,"__esModule",{value:!0});se.encodeToCurve=se.hashToCurve=se.secp256k1_hasher=se.schnorr=se.secp256k1=void 0;var Pt=pr(),oo=qe(),wi=Yr(),so=eo(),be=tt(),io=pn(),pe=Ye(),st={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},gi={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},mi=BigInt(0),to=BigInt(1),xn=BigInt(2);function pi(e){let t=st.p,r=BigInt(3),n=BigInt(6),o=BigInt(11),s=BigInt(22),i=BigInt(23),c=BigInt(44),a=BigInt(88),l=e*e*e%t,d=l*l*e%t,h=(0,be.pow2)(d,r,t)*d%t,f=(0,be.pow2)(h,r,t)*d%t,u=(0,be.pow2)(f,xn,t)*l%t,b=(0,be.pow2)(u,o,t)*u%t,m=(0,be.pow2)(b,s,t)*b%t,B=(0,be.pow2)(m,c,t)*m%t,U=(0,be.pow2)(B,a,t)*B%t,C=(0,be.pow2)(U,c,t)*m%t,x=(0,be.pow2)(C,r,t)*d%t,q=(0,be.pow2)(x,i,t)*b%t,K=(0,be.pow2)(q,n,t)*l%t,Y=(0,be.pow2)(K,xn,t);if(!Ue.eql(Ue.sqr(Y),e))throw new Error("Cannot find square root");return Y}var Ue=(0,be.Field)(st.p,{sqrt:pi});se.secp256k1=(0,wi.createCurve)({...st,Fp:Ue,lowS:!0,endo:gi},Pt.sha256);var no={};function Mt(e,...t){let r=no[e];if(r===void 0){let n=(0,Pt.sha256)((0,pe.utf8ToBytes)(e));r=(0,pe.concatBytes)(n,n),no[e]=r}return(0,Pt.sha256)((0,pe.concatBytes)(r,...t))}var Bn=e=>e.toBytes(!0).slice(1),it=se.secp256k1.Point,_n=e=>e%xn===mi;function En(e){let{Fn:t,BASE:r}=it,n=(0,io._normFnElement)(t,e),o=r.multiply(n);return{scalar:_n(o.y)?n:t.neg(n),bytes:Bn(o)}}function co(e){let t=Ue;if(!t.isValidNot0(e))throw new Error("invalid x: Fail if x \u2265 p");let r=t.create(e*e),n=t.create(r*e+BigInt(7)),o=t.sqrt(n);_n(o)||(o=t.neg(o));let s=it.fromAffine({x:e,y:o});return s.assertValidity(),s}var wt=pe.bytesToNumberBE;function ao(...e){return it.Fn.create(wt(Mt("BIP0340/challenge",...e)))}function ro(e){return En(e).bytes}function xi(e,t,r=(0,oo.randomBytes)(32)){let{Fn:n}=it,o=(0,pe.ensureBytes)("message",e),{bytes:s,scalar:i}=En(t),c=(0,pe.ensureBytes)("auxRand",r,32),a=n.toBytes(i^wt(Mt("BIP0340/aux",c))),l=Mt("BIP0340/nonce",a,s,o),{bytes:d,scalar:h}=En(l),f=ao(d,s,o),u=new Uint8Array(64);if(u.set(d,0),u.set(n.toBytes(n.create(h+f*i)),32),!fo(u,o,s))throw new Error("sign: Invalid signature produced");return u}function fo(e,t,r){let{Fn:n,BASE:o}=it,s=(0,pe.ensureBytes)("signature",e,64),i=(0,pe.ensureBytes)("message",t),c=(0,pe.ensureBytes)("publicKey",r,32);try{let a=co(wt(c)),l=wt(s.subarray(0,32));if(!(0,pe.inRange)(l,to,st.p))return!1;let d=wt(s.subarray(32,64));if(!(0,pe.inRange)(d,to,st.n))return!1;let h=ao(n.toBytes(l),Bn(a),i),f=o.multiplyUnsafe(d).add(a.multiplyUnsafe(n.neg(h))),{x:u,y:b}=f.toAffine();return!(f.is0()||!_n(b)||u!==l)}catch{return!1}}se.schnorr=(()=>{let r=(o=(0,oo.randomBytes)(48))=>(0,be.mapHashToField)(o,st.n);se.secp256k1.utils.randomSecretKey;function n(o){let s=r(o);return{secretKey:s,publicKey:ro(s)}}return{keygen:n,getPublicKey:ro,sign:xi,verify:fo,Point:it,utils:{randomSecretKey:r,randomPrivateKey:r,taggedHash:Mt,lift_x:co,pointToBytes:Bn,numberToBytesBE:pe.numberToBytesBE,bytesToNumberBE:pe.bytesToNumberBE,mod:be.mod},lengths:{secretKey:32,publicKey:32,publicKeyHasPrefix:!1,signature:32*2,seed:48}}})();var Ei=(0,so.isogenyMap)(Ue,[["0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7","0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581","0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262","0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"],["0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b","0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14","0x0000000000000000000000000000000000000000000000000000000000000001"],["0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c","0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3","0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931","0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"],["0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b","0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573","0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f","0x0000000000000000000000000000000000000000000000000000000000000001"]].map(e=>e.map(t=>BigInt(t)))),Bi=(0,io.mapToCurveSimpleSWU)(Ue,{A:BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),B:BigInt("1771"),Z:Ue.create(BigInt("-11"))});se.secp256k1_hasher=(0,so.createHasher)(se.secp256k1.Point,e=>{let{x:t,y:r}=Bi(Ue.create(e[0]));return Ei(t,r)},{DST:"secp256k1_XMD:SHA-256_SSWU_RO_",encodeDST:"secp256k1_XMD:SHA-256_SSWU_NU_",p:Ue.ORDER,m:1,k:128,expand:"xmd",hash:Pt.sha256});se.hashToCurve=se.secp256k1_hasher.hashToCurve;se.encodeToCurve=se.secp256k1_hasher.encodeToCurve});var lo=de(_=>{"use strict";Object.defineProperty(_,"__esModule",{value:!0});_.isHash=_.validateObject=_.memoized=_.notImplemented=_.createHmacDrbg=_.bitMask=_.bitSet=_.bitGet=_.bitLen=_.aInRange=_.inRange=_.asciiToBytes=_.copyBytes=_.equalBytes=_.ensureBytes=_.numberToVarBytesBE=_.numberToBytesLE=_.numberToBytesBE=_.bytesToNumberLE=_.bytesToNumberBE=_.hexToNumber=_.numberToHexUnpadded=_.abool=_.utf8ToBytes=_.randomBytes=_.isBytes=_.hexToBytes=_.concatBytes=_.bytesToUtf8=_.bytesToHex=_.anumber=_.abytes=void 0;var j=Ye();_.abytes=j.abytes;_.anumber=j.anumber;_.bytesToHex=j.bytesToHex;_.bytesToUtf8=j.bytesToUtf8;_.concatBytes=j.concatBytes;_.hexToBytes=j.hexToBytes;_.isBytes=j.isBytes;_.randomBytes=j.randomBytes;_.utf8ToBytes=j.utf8ToBytes;_.abool=j.abool;_.numberToHexUnpadded=j.numberToHexUnpadded;_.hexToNumber=j.hexToNumber;_.bytesToNumberBE=j.bytesToNumberBE;_.bytesToNumberLE=j.bytesToNumberLE;_.numberToBytesBE=j.numberToBytesBE;_.numberToBytesLE=j.numberToBytesLE;_.numberToVarBytesBE=j.numberToVarBytesBE;_.ensureBytes=j.ensureBytes;_.equalBytes=j.equalBytes;_.copyBytes=j.copyBytes;_.asciiToBytes=j.asciiToBytes;_.inRange=j.inRange;_.aInRange=j.aInRange;_.bitLen=j.bitLen;_.bitGet=j.bitGet;_.bitSet=j.bitSet;_.bitMask=j.bitMask;_.createHmacDrbg=j.createHmacDrbg;_.notImplemented=j.notImplemented;_.memoized=j.memoized;_.validateObject=j.validateObject;_.isHash=j.isHash});var Eo=de(Q=>{"use strict";var ie=uo(),_i=tt(),vi=lo();function yo(e){var t=Object.create(null);return e&&Object.keys(e).forEach(function(r){if(r!=="default"){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}}),t.default=e,Object.freeze(t)}var bo=yo(_i),Me=yo(vi),Sn=ie.secp256k1.ProjectivePoint,De="Expected Private",je="Expected Point",xt="Expected Tweak",Si="Expected Hash",gt="Expected Signature",An="Expected Extra Data (32 bytes)",Et="Expected Scalar",Ai="Bad Recovery Id",Hi=32,Ii=32,vn=new Uint8Array([255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254,186,174,220,230,175,72,160,59,191,210,94,140,208,54,65,65]),Ti=32,Oi=new Uint8Array(32),Ui=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,69,81,35,25,80,183,95,196,64,45,161,114,47,201,186,238]),Ri=BigInt(1);function Li(e){return e instanceof Uint8Array}function mt(e,t){for(let r=0;r<32;++r)if(e[r]!==t[r])return e[r]<t[r]?-1:1;return 0}function ho(e){return mt(e,Oi)===0}function Bt(e){return!(!(e instanceof Uint8Array)||e.length!==Ii||mt(e,vn)>=0)}function Hn(e){return e instanceof Uint8Array&&e.length===64&&mt(e.subarray(0,32),vn)<0&&mt(e.subarray(32,64),vn)<0}function qi(e){return Li(e)&&e.length===64&&mt(e.subarray(0,32),Ui)<0}function Vi(e){return!(ho(e.subarray(0,32))||ho(e.subarray(32,64)))}function ct(e){return e instanceof Uint8Array&&e.length===Hi}function In(e){return e===void 0||e instanceof Uint8Array&&e.length===Ti}function Tn(e){let t;if(typeof e=="bigint")t=e;else if(typeof e=="number"&&Number.isSafeInteger(e)&&e>=0)t=BigInt(e);else if(typeof e=="string"){if(e.length!==64)throw new Error("Expected 32 bytes of private scalar");t=Me.hexToNumber(e)}else if(e instanceof Uint8Array){if(e.length!==32)throw new Error("Expected 32 bytes of private scalar");t=Me.bytesToNumberBE(e)}else throw new TypeError("Expected valid private scalar");if(t<0)throw new Error("Expected private scalar >= 0");return t}function On(e){return ie.secp256k1.utils.normPrivateKeyToScalar(e)}function ki(e,t){let r=On(e),n=Tn(t),o=Me.numberToBytesBE(bo.mod(r+n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ci(e,t){let r=On(e),n=Tn(t),o=Me.numberToBytesBE(bo.mod(r-n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Ni(e){let t=On(e),r=Me.numberToBytesBE(ie.secp256k1.CURVE.n-t,32);return ie.secp256k1.utils.isValidPrivateKey(r)?r:null}function wo(e,t,r){let n=pt(e),o=Tn(t),s=Sn.BASE.multiplyAndAddUnsafe(n,o,Ri);if(!s)throw new Error("Tweaked point at infinity");return s.toRawBytes(r)}function Pi(e,t,r){let n=pt(e),o=typeof t=="string"?t:Me.bytesToHex(t),s=Me.hexToNumber(o);return n.multiply(s).toRawBytes(r)}function at(e,t){return e===void 0?t!==void 0?mo(t):!0:!!e}function Qe(e){try{return e()}catch{return null}}function go(e){return ie.schnorr.utils.lift_x(Me.bytesToNumberBE(e))}function pt(e){return e.length===32?go(e):Sn.fromHex(e)}function Un(e,t){if(e.length===32!==t)return!1;try{return t?!!go(e):!!Sn.fromHex(e)}catch{return!1}}function Ke(e){return Un(e,!1)}function mo(e){return Un(e,!1)&&e.length===33}function Re(e){return ie.secp256k1.utils.isValidPrivateKey(e)}function Kt(e){return Un(e,!0)}function Mi(e,t){if(!Kt(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>{let r=wo(e,t,!0);return{parity:r[0]%2===1?1:0,xOnlyPubkey:r.slice(1)}})}function po(e){if(!Ke(e))throw new Error(je);return e.slice(1,33)}function xo(e,t){if(!Re(e))throw new Error(De);return Qe(()=>ie.secp256k1.getPublicKey(e,at(t)))}function Ki(e){if(!Re(e))throw new Error(De);return po(xo(e))}function Di(e,t){if(!Ke(e))throw new Error(je);return pt(e).toRawBytes(at(t,e))}function ji(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>Pi(e,t,at(r,e)))}function Zi(e,t,r){if(!Ke(e)||!Ke(t))throw new Error(je);return Qe(()=>{let n=pt(e),o=pt(t);return n.equals(o.negate())?null:n.add(o).toRawBytes(at(r,e))})}function zi(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>wo(e,t,at(r,e)))}function Gi(e,t){if(!Re(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>ki(e,t))}function Wi(e,t){if(!Re(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>Ci(e,t))}function Xi(e){if(!Re(e))throw new Error(De);return Ni(e)}function Yi(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);return ie.secp256k1.sign(e,t,{extraEntropy:r}).toCompactRawBytes()}function $i(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);let n=ie.secp256k1.sign(e,t,{extraEntropy:r});return{signature:n.toCompactRawBytes(),recoveryId:n.recovery}}function Fi(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);return ie.schnorr.sign(e,t,r)}function Qi(e,t,r,n){if(!ct(e))throw new Error(Si);if(!Hn(t)||!Vi(t))throw new Error(gt);if(r&2&&!qi(t))throw new Error(Ai);if(!Kt(t.subarray(0,32)))throw new Error(gt);let s=ie.secp256k1.Signature.fromCompact(t).addRecoveryBit(r).recoverPublicKey(e);if(!s)throw new Error(gt);return s.toRawBytes(at(n))}function Ji(e,t,r,n){if(!Ke(t))throw new Error(je);if(!Hn(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.secp256k1.verify(r,e,t,{lowS:n})}function ec(e,t,r){if(!Kt(t))throw new Error(je);if(!Hn(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.schnorr.verify(r,e,t)}Q.isPoint=Ke;Q.isPointCompressed=mo;Q.isPrivate=Re;Q.isXOnlyPoint=Kt;Q.pointAdd=Zi;Q.pointAddScalar=zi;Q.pointCompress=Di;Q.pointFromScalar=xo;Q.pointMultiply=ji;Q.privateAdd=Gi;Q.privateNegate=Xi;Q.privateSub=Wi;Q.recover=Qi;Q.sign=Yi;Q.signRecoverable=$i;Q.signSchnorr=Fi;Q.verify=Ji;Q.verifySchnorr=ec;Q.xOnlyPointAddTweak=Mi;Q.xOnlyPointFromPoint=po;Q.xOnlyPointFromScalar=Ki});var cc={};ko(cc,{base58Decode:()=>kn,buildDepinMessage:()=>Oo,bytesToHex:()=>He,decryptDepinReceiveEncryptedPayload:()=>To,doubleSha256:()=>Gt,hash160:()=>Wt,hexToBytes:()=>Le,isWIF:()=>zt,sha256:()=>Ze,wifToHex:()=>Zt});var ze=Co(Eo());function Vn(e){if(e<0)throw new Error("CompactSize cannot be negative");if(e<253)return new Uint8Array([e]);if(e<=65535){let t=new Uint8Array(3);return t[0]=253,t[1]=e&255,t[2]=e>>8&255,t}else if(e<=4294967295){let t=new Uint8Array(5);return t[0]=254,t[1]=e&255,t[2]=e>>8&255,t[3]=e>>16&255,t[4]=e>>24&255,t}else{let t=new Uint8Array(9);t[0]=255;let r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[1]=r&255,t[2]=r>>8&255,t[3]=r>>16&255,t[4]=r>>24&255,t[5]=n&255,t[6]=n>>8&255,t[7]=n>>16&255,t[8]=n>>24&255,t}}function Dt(e){let r=new TextEncoder().encode(e);return Be(Vn(r.length),r)}function ft(e){return Be(Vn(e.length),e)}function Bo(e){let t=new Uint8Array(8),r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[0]=r&255,t[1]=r>>8&255,t[2]=r>>16&255,t[3]=r>>24&255,t[4]=n&255,t[5]=n>>8&255,t[6]=n>>16&255,t[7]=n>>24&255,t}function Be(...e){let t=e.reduce((o,s)=>o+s.length,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function Le(e){if(e.length%2!==0)throw new Error("Hex must have even length");let t=new Uint8Array(e.length/2);for(let r=0;r<e.length;r+=2)t[r/2]=parseInt(e.substr(r,2),16);return t}function He(e){return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function Ho(e){if(typeof e!="string")return null;let t=e.trim().toLowerCase(),r=t.startsWith("0x")?t.slice(2):t;return r.length===0||!/^[0-9a-f]+$/.test(r)||r.length%2!==0?null:r}function _o(e,t){if(!(e instanceof Uint8Array)||!(t instanceof Uint8Array)||e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function Io(e,t){if(t>=e.length)throw new Error("CompactSize: out of bounds");let r=e[t];if(r<253)return{value:r,offset:t+1};if(r===253){if(t+3>e.length)throw new Error("CompactSize: truncated uint16");return{value:e[t+1]|e[t+2]<<8,offset:t+3}}if(r===254){if(t+5>e.length)throw new Error("CompactSize: truncated uint32");return{value:(e[t+1]|e[t+2]<<8|e[t+3]<<16|e[t+4]<<24)>>>0,offset:t+5}}if(t+9>e.length)throw new Error("CompactSize: truncated uint64");let n=0n;for(let o=0;o<8;o++)n|=BigInt(e[t+1+o])<<8n*BigInt(o);if(n>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("CompactSize: value too large");return{value:Number(n),offset:t+9}}function Rn(e,t){let{value:r,offset:n}=Io(e,t);if(n+r>e.length)throw new Error("Vector: truncated");return{data:e.slice(n,n+r),offset:n+r}}function tc(e){if(!(e instanceof Uint8Array))throw new Error("deserializeEciesMessage: invalid input");let t=0,r=Rn(e,t),n=r.data;if(t=r.offset,n.length!==33&&n.length!==65)throw new Error("Invalid ephemeral pubkey length: "+n.length);let o=Rn(e,t),s=o.data;t=o.offset;let i=Io(e,t),c=i.value;t=i.offset;let a=new Map;for(let l=0;l<c;l++){if(t+20>e.length)throw new Error("recipientKeys: truncated keyid");let d=e.slice(t,t+20);t+=20;let h=Rn(e,t);t=h.offset,a.set(He(d),h.data)}return{ephemeralPubKey:n,encryptedPayload:s,recipientKeys:a}}function vo(e){if(e.length!==64)throw new Error("Raw signature must be 64 bytes");let t=e.slice(0,32),r=e.slice(32,64);function n(c){let a=0;for(;a<c.length-1&&c[a]===0&&!(c[a+1]&128);)a++;let l=c.slice(a),h=(l[0]&128)!==0?Be(new Uint8Array([0]),l):l;return Be(new Uint8Array([2,h.length]),h)}let o=n(t),s=n(r),i=o.length+s.length;return Be(new Uint8Array([48,i]),o,s)}var nc="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";function kn(e){let t=[];for(let r=0;r<e.length;r++){let n=nc.indexOf(e[r]);if(n===-1)throw new Error("Invalid Base58 character: "+e[r]);let o=n;for(let s=0;s<t.length;s++)o+=t[s]*58,t[s]=o&255,o>>=8;for(;o>0;)t.push(o&255),o>>=8}for(let r=0;r<e.length&&e[r]==="1";r++)t.push(0);return new Uint8Array(t.reverse())}async function Zt(e){let t=kn(e);if(t.length<37)throw new Error("Invalid WIF: too short");let r=t.slice(0,-4),n=t.slice(-4),o=await Gt(r);for(let i=0;i<4;i++)if(n[i]!==o[i])throw new Error("Invalid WIF: checksum mismatch");let s;if(r.length===34)s=r.slice(1,33);else if(r.length===33)s=r.slice(1,33);else throw new Error("Invalid WIF: unexpected length "+r.length);return He(s)}function zt(e){return/^[5KLcT][1-9A-HJ-NP-Za-km-z]{50,51}$/.test(e)}async function Ze(e){let t=await crypto.subtle.digest("SHA-256",e);return new Uint8Array(t)}async function Gt(e){let t=await Ze(e);return Ze(t)}function rc(e){let t=1732584193,r=4023233417,n=2562383102,o=271733878,s=3285377520,i=[0,1518500249,1859775393,2400959708,2840853838],c=[1352829926,1548603684,1836072691,2053994217,0],a=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],l=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],d=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],h=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function f(q,K){return(q<<K|q>>>32-K)>>>0}let u=e.length*8,b=(64-(e.length+9)%64)%64,m=new Uint8Array(e.length+1+b+8);m.set(e),m[e.length]=128,new DataView(m.buffer).setUint32(m.length-8,u,!0);let U=m.length/64;for(let q=0;q<U;q++){let K=new Uint32Array(16);for(let E=0;E<16;E++){let A=q*64+E*4;K[E]=m[A]|m[A+1]<<8|m[A+2]<<16|m[A+3]<<24}let Y=t,Z=r,M=n,v=o,ue=s,le=t,V=r,g=n,w=o,y=s;for(let E=0;E<80;E++){let A=Math.floor(E/16),I,S;A===0?(I=Z^M^v,S=V^(g|~w)):A===1?(I=Z&M|~Z&v,S=V&w|g&~w):A===2?(I=(Z|~M)^v,S=(V|~g)^w):A===3?(I=Z&v|M&~v,S=V&g|~V&w):(I=Z^(M|~v),S=V^g^w);let L=f(Y+I+K[a[E]]+i[A]>>>0,d[E])+ue>>>0;Y=ue,ue=v,v=f(M,10),M=Z,Z=L;let N=f(le+S+K[l[E]]+c[A]>>>0,h[E])+y>>>0;le=y,y=w,w=f(g,10),g=V,V=N}let p=r+M+w>>>0;r=n+v+y>>>0,n=o+ue+le>>>0,o=s+Y+V>>>0,s=t+Z+g>>>0,t=p}let C=new Uint8Array(20),x=new DataView(C.buffer);return x.setUint32(0,t,!0),x.setUint32(4,r,!0),x.setUint32(8,n,!0),x.setUint32(12,o,!0),x.setUint32(16,s,!0),C}async function Wt(e){let t=await Ze(e);return rc(t)}async function qn(e,t){let r=new Uint8Array(t),n=0,o=1;for(;n<t;){let s=new Uint8Array(4);s[0]=o>>24&255,s[1]=o>>16&255,s[2]=o>>8&255,s[3]=o&255;let i=Be(e,s),c=await Ze(i),a=t-n,l=Math.min(a,32);r.set(c.slice(0,l),n),n+=l,o++}return r}function Ln(e){let t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function So(e,t,r){let n=await crypto.subtle.importKey("raw",t,{name:"AES-CBC"},!1,["encrypt"]),o=await crypto.subtle.encrypt({name:"AES-CBC",iv:r},n,e);return new Uint8Array(o)}async function Ao(e,t,r){let n=await crypto.subtle.importKey("raw",t,{name:"AES-CBC"},!1,["decrypt"]),o=await crypto.subtle.decrypt({name:"AES-CBC",iv:r},n,e);return new Uint8Array(o)}async function jt(e,t){let r=await crypto.subtle.importKey("raw",e,{name:"HMAC",hash:{name:"SHA-256"}},!1,["sign"]),n=await crypto.subtle.sign("HMAC",r,t);return new Uint8Array(n)}async function oc(e){if(typeof e!="string"||e.length===0)throw new Error("Private key is required");if(zt(e)){let r=await Zt(e);return Le(r)}let t=Ho(e);if(!t)throw new Error("Private key must be WIF or 64-hex");if(t.length!==64)throw new Error("Private key must be 32 bytes (64 hex chars)");return Le(t)}async function To(e,t){if(!globalThis.crypto?.subtle)throw new Error("WebCrypto (crypto.subtle) is required for decrypt");let r=Ho(e);if(!r)throw new Error("Invalid encryptedPayloadHex");let n=Le(r),o=tc(n),s=await oc(t),i=ze.pointFromScalar(s,!0);if(!(i instanceof Uint8Array)||i.length!==33)throw new Error("Failed to derive recipient public key");let c=await Wt(i),a=He(c),l=He(c.slice().reverse()),d=o.recipientKeys.get(a)??o.recipientKeys.get(l);if(!d||d.length<80)return null;let h=d.slice(0,16),f=d.slice(16,d.length-32),u=d.slice(d.length-32),b=ze.pointMultiply(o.ephemeralPubKey,s,!0),m=await Ze(b),B=await qn(m,32),U=await jt(B,f);if(!_o(U,u))return null;let C;try{C=await Ao(f,B,h)}catch{return null}if(C.length<32)return null;let x=C.slice(0,32),q=o.encryptedPayload;if(q.length<49)return null;let K=q.slice(0,16),Y=q.slice(16,q.length-32),Z=q.slice(q.length-32),M=await jt(x,Y);if(!_o(M,Z))return null;let v;try{v=await Ao(Y,x,K)}catch{return null}return new TextDecoder().decode(v)}async function sc(e,t){let r=Ln(32),n=ze.pointFromScalar(r,!0);if(!(n instanceof Uint8Array)||n.length!==33)throw new Error("Failed to generate ephemeral public key");let o=await qn(r,32),s=Ln(16),i=await So(e,o,s),c=await jt(o,i),a=Be(s,i,c),l=new Map;for(let d of t){if(!(d instanceof Uint8Array)||d.length!==33)throw new Error("Recipient pubkey must be 33 bytes compressed");let h=ze.pointMultiply(d,r,!0),f=await Ze(h),u=await qn(f,32),b=Ln(16),m=await So(o,u,b),B=await jt(u,m),U=Be(b,m,B),C=await Wt(d),x=He(C);l.set(x,U)}return{ephemeralPubKey:n,encryptedPayload:a,recipientKeys:l}}function ic(e){let t=[];t.push(ft(e.ephemeralPubKey)),t.push(ft(e.encryptedPayload));let r=Array.from(e.recipientKeys.entries()).map(([n,o])=>{let s=Le(n);if(s.length!==20)throw new Error("recipient key hash160 must be 20 bytes");return{keyBytes:s,recipientPackage:o}});r.sort((n,o)=>{for(let s=0;s<20;s++)if(n.keyBytes[s]!==o.keyBytes[s])return n.keyBytes[s]-o.keyBytes[s];return 0}),t.push(Vn(r.length));for(let{keyBytes:n,recipientPackage:o}of r)t.push(n),t.push(ft(o));return Be(...t)}async function Oo(e){if(!e.token)throw new Error("Token is required");if(!e.senderAddress)throw new Error("Sender address is required");if(!e.senderPubKey||e.senderPubKey.length!==66)throw new Error("Sender public key must be 66 hex characters");let t=e.privateKey;if(!t)throw new Error("Private key is required");if(zt(t)&&(console.log("Detected WIF format, converting to hex..."),t=await Zt(t),console.log("Private key converted successfully")),t.length!==64)throw new Error("Private key must be 64 hex characters (or WIF format)");if(!e.message)throw new Error("Message is required");if(!e.recipientPubKeys||e.recipientPubKeys.length===0)throw new Error("At least one recipient is required");if(!e.timestamp||e.timestamp<=0)throw new Error("Timestamp must be positive");let r=Le(t),n=Le(e.senderPubKey),o=e.recipientPubKeys.map(B=>{if(B.length!==66)throw new Error("Recipient pubkey must be 66 hex chars");return Le(B)}),s=e.senderPubKey.toLowerCase();e.recipientPubKeys.some(B=>B.toLowerCase()===s)||o.push(n);let c=new TextEncoder().encode(e.message),a=await sc(c,o),l=ic(a),d=Be(Dt(e.token),Dt(e.senderAddress),Bo(e.timestamp),ft(l)),h=await Gt(d),f=He(h.slice().reverse()),u=ze.sign(h,r),b;if(u instanceof Uint8Array)u.length===64?b=vo(u):b=u;else if(typeof u=="object"&&u.toDER)b=u.toDER();else if(typeof u=="object"&&u.signature)u.signature.length===64?b=vo(u.signature):b=u.signature;else throw new Error("Unknown signature format from secp256k1.sign()");let m=Be(Dt(e.token),Dt(e.senderAddress),Bo(e.timestamp),ft(b),ft(l));return{hex:He(m),messageHash:f,messageHashBytes:He(h),encryptedSize:l.length,recipientCount:o.length}}typeof globalThis<"u"&&(globalThis.neuraiDepinMsg={buildDepinMessage:Oo,decryptDepinReceiveEncryptedPayload:To,wifToHex:Zt,isWIF:zt,utils:{hexToBytes:Le,bytesToHex:He,sha256:Ze,doubleSha256:Gt,hash160:Wt,base58Decode:kn}});return No(cc);})();
+var neuraiDepinMsg=(()=>{var Ro=Object.create;var At=Object.defineProperty;var qo=Object.getOwnPropertyDescriptor;var Co=Object.getOwnPropertyNames;var Vo=Object.getPrototypeOf,No=Object.prototype.hasOwnProperty;var le=(e,t)=>()=>(t||e((t={exports:{}}).exports,t),t.exports),ko=(e,t)=>{for(var r in t)At(e,r,{get:t[r],enumerable:!0})},Mn=(e,t,r,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let o of Co(t))!No.call(e,o)&&o!==r&&At(e,o,{get:()=>t[o],enumerable:!(n=qo(t,o))||n.enumerable});return e};var Po=(e,t,r)=>(r=e!=null?Ro(Vo(e)):{},Mn(t||!e||!e.__esModule?At(r,"default",{value:e,enumerable:!0}):r,e)),Mo=e=>Mn(At({},"__esModule",{value:!0}),e);var Kn=le(Ht=>{"use strict";Object.defineProperty(Ht,"__esModule",{value:!0});Ht.crypto=void 0;Ht.crypto=typeof globalThis=="object"&&"crypto"in globalThis?globalThis.crypto:void 0});var qe=le(O=>{"use strict";Object.defineProperty(O,"__esModule",{value:!0});O.wrapXOFConstructorWithOpts=O.wrapConstructorWithOpts=O.wrapConstructor=O.Hash=O.nextTick=O.swap32IfBE=O.byteSwapIfBE=O.swap8IfBE=O.isLE=void 0;O.isBytes=jn;O.anumber=Xt;O.abytes=et;O.ahash=Ko;O.aexists=Do;O.aoutput=jo;O.u8=Zo;O.u32=zo;O.clean=Go;O.createView=Wo;O.rotr=Xo;O.rotl=Yo;O.byteSwap=$t;O.byteSwap32=Zn;O.bytesToHex=Fo;O.hexToBytes=Qo;O.asyncLoop=es;O.utf8ToBytes=Ft;O.bytesToUtf8=ts;O.toBytes=It;O.kdfInputToBytes=ns;O.concatBytes=rs;O.checkOpts=os;O.createHasher=Gn;O.createOptHasher=Wn;O.createXOFer=Xn;O.randomBytes=ss;var Je=Kn();function jn(e){return e instanceof Uint8Array||ArrayBuffer.isView(e)&&e.constructor.name==="Uint8Array"}function Xt(e){if(!Number.isSafeInteger(e)||e<0)throw new Error("positive integer expected, got "+e)}function et(e,...t){if(!jn(e))throw new Error("Uint8Array expected");if(t.length>0&&!t.includes(e.length))throw new Error("Uint8Array expected of length "+t+", got length="+e.length)}function Ko(e){if(typeof e!="function"||typeof e.create!="function")throw new Error("Hash should be wrapped by utils.createHasher");Xt(e.outputLen),Xt(e.blockLen)}function Do(e,t=!0){if(e.destroyed)throw new Error("Hash instance has been destroyed");if(t&&e.finished)throw new Error("Hash#digest() has already been called")}function jo(e,t){et(e);let r=t.outputLen;if(e.length<r)throw new Error("digestInto() expects output buffer of length at least "+r)}function Zo(e){return new Uint8Array(e.buffer,e.byteOffset,e.byteLength)}function zo(e){return new Uint32Array(e.buffer,e.byteOffset,Math.floor(e.byteLength/4))}function Go(...e){for(let t=0;t<e.length;t++)e[t].fill(0)}function Wo(e){return new DataView(e.buffer,e.byteOffset,e.byteLength)}function Xo(e,t){return e<<32-t|e>>>t}function Yo(e,t){return e<<t|e>>>32-t>>>0}O.isLE=new Uint8Array(new Uint32Array([287454020]).buffer)[0]===68;function $t(e){return e<<24&4278190080|e<<8&16711680|e>>>8&65280|e>>>24&255}O.swap8IfBE=O.isLE?e=>e:e=>$t(e);O.byteSwapIfBE=O.swap8IfBE;function Zn(e){for(let t=0;t<e.length;t++)e[t]=$t(e[t]);return e}O.swap32IfBE=O.isLE?e=>e:Zn;var zn=typeof Uint8Array.from([]).toHex=="function"&&typeof Uint8Array.fromHex=="function",$o=Array.from({length:256},(e,t)=>t.toString(16).padStart(2,"0"));function Fo(e){if(et(e),zn)return e.toHex();let t="";for(let r=0;r<e.length;r++)t+=$o[e[r]];return t}var Te={_0:48,_9:57,A:65,F:70,a:97,f:102};function Dn(e){if(e>=Te._0&&e<=Te._9)return e-Te._0;if(e>=Te.A&&e<=Te.F)return e-(Te.A-10);if(e>=Te.a&&e<=Te.f)return e-(Te.a-10)}function Qo(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);if(zn)return Uint8Array.fromHex(e);let t=e.length,r=t/2;if(t%2)throw new Error("hex string expected, got unpadded hex of length "+t);let n=new Uint8Array(r);for(let o=0,s=0;o<r;o++,s+=2){let i=Dn(e.charCodeAt(s)),c=Dn(e.charCodeAt(s+1));if(i===void 0||c===void 0){let a=e[s]+e[s+1];throw new Error('hex string expected, got non-hex character "'+a+'" at index '+s)}n[o]=i*16+c}return n}var Jo=async()=>{};O.nextTick=Jo;async function es(e,t,r){let n=Date.now();for(let o=0;o<e;o++){r(o);let s=Date.now()-n;s>=0&&s<t||(await(0,O.nextTick)(),n+=s)}}function Ft(e){if(typeof e!="string")throw new Error("string expected");return new Uint8Array(new TextEncoder().encode(e))}function ts(e){return new TextDecoder().decode(e)}function It(e){return typeof e=="string"&&(e=Ft(e)),et(e),e}function ns(e){return typeof e=="string"&&(e=Ft(e)),et(e),e}function rs(...e){let t=0;for(let n=0;n<e.length;n++){let o=e[n];et(o),t+=o.length}let r=new Uint8Array(t);for(let n=0,o=0;n<e.length;n++){let s=e[n];r.set(s,o),o+=s.length}return r}function os(e,t){if(t!==void 0&&{}.toString.call(t)!=="[object Object]")throw new Error("options should be object or undefined");return Object.assign(e,t)}var Yt=class{};O.Hash=Yt;function Gn(e){let t=n=>e().update(It(n)).digest(),r=e();return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=()=>e(),t}function Wn(e){let t=(n,o)=>e(o).update(It(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}function Xn(e){let t=(n,o)=>e(o).update(It(n)).digest(),r=e({});return t.outputLen=r.outputLen,t.blockLen=r.blockLen,t.create=n=>e(n),t}O.wrapConstructor=Gn;O.wrapConstructorWithOpts=Wn;O.wrapXOFConstructorWithOpts=Xn;function ss(e=32){if(Je.crypto&&typeof Je.crypto.getRandomValues=="function")return Je.crypto.getRandomValues(new Uint8Array(e));if(Je.crypto&&typeof Je.crypto.randomBytes=="function")return Uint8Array.from(Je.crypto.randomBytes(e));throw new Error("crypto.getRandomValues must be defined")}});var $n=le(de=>{"use strict";Object.defineProperty(de,"__esModule",{value:!0});de.SHA512_IV=de.SHA384_IV=de.SHA224_IV=de.SHA256_IV=de.HashMD=void 0;de.setBigUint64=Yn;de.Chi=is;de.Maj=cs;var Se=qe();function Yn(e,t,r,n){if(typeof e.setBigUint64=="function")return e.setBigUint64(t,r,n);let o=BigInt(32),s=BigInt(4294967295),i=Number(r>>o&s),c=Number(r&s),a=n?4:0,l=n?0:4;e.setUint32(t+a,i,n),e.setUint32(t+l,c,n)}function is(e,t,r){return e&t^~e&r}function cs(e,t,r){return e&t^e&r^t&r}var Qt=class extends Se.Hash{constructor(t,r,n,o){super(),this.finished=!1,this.length=0,this.pos=0,this.destroyed=!1,this.blockLen=t,this.outputLen=r,this.padOffset=n,this.isLE=o,this.buffer=new Uint8Array(t),this.view=(0,Se.createView)(this.buffer)}update(t){(0,Se.aexists)(this),t=(0,Se.toBytes)(t),(0,Se.abytes)(t);let{view:r,buffer:n,blockLen:o}=this,s=t.length;for(let i=0;i<s;){let c=Math.min(o-this.pos,s-i);if(c===o){let a=(0,Se.createView)(t);for(;o<=s-i;i+=o)this.process(a,i);continue}n.set(t.subarray(i,i+c),this.pos),this.pos+=c,i+=c,this.pos===o&&(this.process(r,0),this.pos=0)}return this.length+=t.length,this.roundClean(),this}digestInto(t){(0,Se.aexists)(this),(0,Se.aoutput)(t,this),this.finished=!0;let{buffer:r,view:n,blockLen:o,isLE:s}=this,{pos:i}=this;r[i++]=128,(0,Se.clean)(this.buffer.subarray(i)),this.padOffset>o-i&&(this.process(n,0),i=0);for(let h=i;h<o;h++)r[h]=0;Yn(n,o-8,BigInt(this.length*8),s),this.process(n,0);let c=(0,Se.createView)(t),a=this.outputLen;if(a%4)throw new Error("_sha2: outputLen should be aligned to 32bit");let l=a/4,d=this.get();if(l>d.length)throw new Error("_sha2: outputLen bigger than state");for(let h=0;h<l;h++)c.setUint32(4*h,d[h],s)}digest(){let{buffer:t,outputLen:r}=this;this.digestInto(t);let n=t.slice(0,r);return this.destroy(),n}_cloneInto(t){t||(t=new this.constructor),t.set(...this.get());let{blockLen:r,buffer:n,length:o,finished:s,destroyed:i,pos:c}=this;return t.destroyed=i,t.finished=s,t.length=o,t.pos=c,o%r&&t.buffer.set(n),t}clone(){return this._cloneInto()}};de.HashMD=Qt;de.SHA256_IV=Uint32Array.from([1779033703,3144134277,1013904242,2773480762,1359893119,2600822924,528734635,1541459225]);de.SHA224_IV=Uint32Array.from([3238371032,914150663,812702999,4144912697,4290775857,1750603025,1694076839,3204075428]);de.SHA384_IV=Uint32Array.from([3418070365,3238371032,1654270250,914150663,2438529370,812702999,355462360,4144912697,1731405415,4290775857,2394180231,1750603025,3675008525,1694076839,1203062813,3204075428]);de.SHA512_IV=Uint32Array.from([1779033703,4089235720,3144134277,2227873595,1013904242,4271175723,2773480762,1595750129,1359893119,2917565137,2600822924,725511199,528734635,4215389547,1541459225,327033209])});var mr=le(V=>{"use strict";Object.defineProperty(V,"__esModule",{value:!0});V.toBig=V.shrSL=V.shrSH=V.rotrSL=V.rotrSH=V.rotrBL=V.rotrBH=V.rotr32L=V.rotr32H=V.rotlSL=V.rotlSH=V.rotlBL=V.rotlBH=V.add5L=V.add5H=V.add4L=V.add4H=V.add3L=V.add3H=void 0;V.add=lr;V.fromBig=en;V.split=Fn;var Tt=BigInt(2**32-1),Jt=BigInt(32);function en(e,t=!1){return t?{h:Number(e&Tt),l:Number(e>>Jt&Tt)}:{h:Number(e>>Jt&Tt)|0,l:Number(e&Tt)|0}}function Fn(e,t=!1){let r=e.length,n=new Uint32Array(r),o=new Uint32Array(r);for(let s=0;s<r;s++){let{h:i,l:c}=en(e[s],t);[n[s],o[s]]=[i,c]}return[n,o]}var Qn=(e,t)=>BigInt(e>>>0)<<Jt|BigInt(t>>>0);V.toBig=Qn;var Jn=(e,t,r)=>e>>>r;V.shrSH=Jn;var er=(e,t,r)=>e<<32-r|t>>>r;V.shrSL=er;var tr=(e,t,r)=>e>>>r|t<<32-r;V.rotrSH=tr;var nr=(e,t,r)=>e<<32-r|t>>>r;V.rotrSL=nr;var rr=(e,t,r)=>e<<64-r|t>>>r-32;V.rotrBH=rr;var or=(e,t,r)=>e>>>r-32|t<<64-r;V.rotrBL=or;var sr=(e,t)=>t;V.rotr32H=sr;var ir=(e,t)=>e;V.rotr32L=ir;var cr=(e,t,r)=>e<<r|t>>>32-r;V.rotlSH=cr;var ar=(e,t,r)=>t<<r|e>>>32-r;V.rotlSL=ar;var fr=(e,t,r)=>t<<r-32|e>>>64-r;V.rotlBH=fr;var ur=(e,t,r)=>e<<r-32|t>>>64-r;V.rotlBL=ur;function lr(e,t,r,n){let o=(t>>>0)+(n>>>0);return{h:e+r+(o/2**32|0)|0,l:o|0}}var dr=(e,t,r)=>(e>>>0)+(t>>>0)+(r>>>0);V.add3L=dr;var hr=(e,t,r,n)=>t+r+n+(e/2**32|0)|0;V.add3H=hr;var yr=(e,t,r,n)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0);V.add4L=yr;var br=(e,t,r,n,o)=>t+r+n+o+(e/2**32|0)|0;V.add4H=br;var wr=(e,t,r,n,o)=>(e>>>0)+(t>>>0)+(r>>>0)+(n>>>0)+(o>>>0);V.add5L=wr;var gr=(e,t,r,n,o,s)=>t+r+n+o+s+(e/2**32|0)|0;V.add5H=gr;var as={fromBig:en,split:Fn,toBig:Qn,shrSH:Jn,shrSL:er,rotrSH:tr,rotrSL:nr,rotrBH:rr,rotrBL:or,rotr32H:sr,rotr32L:ir,rotlSH:cr,rotlSL:ar,rotlBH:fr,rotlBL:ur,add:lr,add3L:dr,add3H:hr,add4L:yr,add4H:br,add5H:gr,add5L:wr};V.default=as});var xr=le(z=>{"use strict";Object.defineProperty(z,"__esModule",{value:!0});z.sha512_224=z.sha512_256=z.sha384=z.sha512=z.sha224=z.sha256=z.SHA512_256=z.SHA512_224=z.SHA384=z.SHA512=z.SHA224=z.SHA256=void 0;var U=$n(),P=mr(),J=qe(),fs=Uint32Array.from([1116352408,1899447441,3049323471,3921009573,961987163,1508970993,2453635748,2870763221,3624381080,310598401,607225278,1426881987,1925078388,2162078206,2614888103,3248222580,3835390401,4022224774,264347078,604807628,770255983,1249150122,1555081692,1996064986,2554220882,2821834349,2952996808,3210313671,3336571891,3584528711,113926993,338241895,666307205,773529912,1294757372,1396182291,1695183700,1986661051,2177026350,2456956037,2730485921,2820302411,3259730800,3345764771,3516065817,3600352804,4094571909,275423344,430227734,506948616,659060556,883997877,958139571,1322822218,1537002063,1747873779,1955562222,2024104815,2227730452,2361852424,2428436474,2756734187,3204031479,3329325298]),Ce=new Uint32Array(64),ut=class extends U.HashMD{constructor(t=32){super(64,t,8,!1),this.A=U.SHA256_IV[0]|0,this.B=U.SHA256_IV[1]|0,this.C=U.SHA256_IV[2]|0,this.D=U.SHA256_IV[3]|0,this.E=U.SHA256_IV[4]|0,this.F=U.SHA256_IV[5]|0,this.G=U.SHA256_IV[6]|0,this.H=U.SHA256_IV[7]|0}get(){let{A:t,B:r,C:n,D:o,E:s,F:i,G:c,H:a}=this;return[t,r,n,o,s,i,c,a]}set(t,r,n,o,s,i,c,a){this.A=t|0,this.B=r|0,this.C=n|0,this.D=o|0,this.E=s|0,this.F=i|0,this.G=c|0,this.H=a|0}process(t,r){for(let h=0;h<16;h++,r+=4)Ce[h]=t.getUint32(r,!1);for(let h=16;h<64;h++){let f=Ce[h-15],u=Ce[h-2],b=(0,J.rotr)(f,7)^(0,J.rotr)(f,18)^f>>>3,m=(0,J.rotr)(u,17)^(0,J.rotr)(u,19)^u>>>10;Ce[h]=m+Ce[h-7]+b+Ce[h-16]|0}let{A:n,B:o,C:s,D:i,E:c,F:a,G:l,H:d}=this;for(let h=0;h<64;h++){let f=(0,J.rotr)(c,6)^(0,J.rotr)(c,11)^(0,J.rotr)(c,25),u=d+f+(0,U.Chi)(c,a,l)+fs[h]+Ce[h]|0,m=((0,J.rotr)(n,2)^(0,J.rotr)(n,13)^(0,J.rotr)(n,22))+(0,U.Maj)(n,o,s)|0;d=l,l=a,a=c,c=i+u|0,i=s,s=o,o=n,n=u+m|0}n=n+this.A|0,o=o+this.B|0,s=s+this.C|0,i=i+this.D|0,c=c+this.E|0,a=a+this.F|0,l=l+this.G|0,d=d+this.H|0,this.set(n,o,s,i,c,a,l,d)}roundClean(){(0,J.clean)(Ce)}destroy(){this.set(0,0,0,0,0,0,0,0),(0,J.clean)(this.buffer)}};z.SHA256=ut;var Ut=class extends ut{constructor(){super(28),this.A=U.SHA224_IV[0]|0,this.B=U.SHA224_IV[1]|0,this.C=U.SHA224_IV[2]|0,this.D=U.SHA224_IV[3]|0,this.E=U.SHA224_IV[4]|0,this.F=U.SHA224_IV[5]|0,this.G=U.SHA224_IV[6]|0,this.H=U.SHA224_IV[7]|0}};z.SHA224=Ut;var pr=P.split(["0x428a2f98d728ae22","0x7137449123ef65cd","0xb5c0fbcfec4d3b2f","0xe9b5dba58189dbbc","0x3956c25bf348b538","0x59f111f1b605d019","0x923f82a4af194f9b","0xab1c5ed5da6d8118","0xd807aa98a3030242","0x12835b0145706fbe","0x243185be4ee4b28c","0x550c7dc3d5ffb4e2","0x72be5d74f27b896f","0x80deb1fe3b1696b1","0x9bdc06a725c71235","0xc19bf174cf692694","0xe49b69c19ef14ad2","0xefbe4786384f25e3","0x0fc19dc68b8cd5b5","0x240ca1cc77ac9c65","0x2de92c6f592b0275","0x4a7484aa6ea6e483","0x5cb0a9dcbd41fbd4","0x76f988da831153b5","0x983e5152ee66dfab","0xa831c66d2db43210","0xb00327c898fb213f","0xbf597fc7beef0ee4","0xc6e00bf33da88fc2","0xd5a79147930aa725","0x06ca6351e003826f","0x142929670a0e6e70","0x27b70a8546d22ffc","0x2e1b21385c26c926","0x4d2c6dfc5ac42aed","0x53380d139d95b3df","0x650a73548baf63de","0x766a0abb3c77b2a8","0x81c2c92e47edaee6","0x92722c851482353b","0xa2bfe8a14cf10364","0xa81a664bbc423001","0xc24b8b70d0f89791","0xc76c51a30654be30","0xd192e819d6ef5218","0xd69906245565a910","0xf40e35855771202a","0x106aa07032bbd1b8","0x19a4c116b8d2d0c8","0x1e376c085141ab53","0x2748774cdf8eeb99","0x34b0bcb5e19b48a8","0x391c0cb3c5c95a63","0x4ed8aa4ae3418acb","0x5b9cca4f7763e373","0x682e6ff3d6b2b8a3","0x748f82ee5defb2fc","0x78a5636f43172f60","0x84c87814a1f0ab72","0x8cc702081a6439ec","0x90befffa23631e28","0xa4506cebde82bde9","0xbef9a3f7b2c67915","0xc67178f2e372532b","0xca273eceea26619c","0xd186b8c721c0c207","0xeada7dd6cde0eb1e","0xf57d4f7fee6ed178","0x06f067aa72176fba","0x0a637dc5a2c898a6","0x113f9804bef90dae","0x1b710b35131c471b","0x28db77f523047d84","0x32caab7b40c72493","0x3c9ebe0a15c9bebc","0x431d67c49c100d4c","0x4cc5d4becb3e42b6","0x597f299cfc657e2a","0x5fcb6fab3ad6faec","0x6c44198c4a475817"].map(e=>BigInt(e))),us=pr[0],ls=pr[1],Ve=new Uint32Array(80),Ne=new Uint32Array(80),Ge=class extends U.HashMD{constructor(t=64){super(128,t,16,!1),this.Ah=U.SHA512_IV[0]|0,this.Al=U.SHA512_IV[1]|0,this.Bh=U.SHA512_IV[2]|0,this.Bl=U.SHA512_IV[3]|0,this.Ch=U.SHA512_IV[4]|0,this.Cl=U.SHA512_IV[5]|0,this.Dh=U.SHA512_IV[6]|0,this.Dl=U.SHA512_IV[7]|0,this.Eh=U.SHA512_IV[8]|0,this.El=U.SHA512_IV[9]|0,this.Fh=U.SHA512_IV[10]|0,this.Fl=U.SHA512_IV[11]|0,this.Gh=U.SHA512_IV[12]|0,this.Gl=U.SHA512_IV[13]|0,this.Hh=U.SHA512_IV[14]|0,this.Hl=U.SHA512_IV[15]|0}get(){let{Ah:t,Al:r,Bh:n,Bl:o,Ch:s,Cl:i,Dh:c,Dl:a,Eh:l,El:d,Fh:h,Fl:f,Gh:u,Gl:b,Hh:m,Hl:_}=this;return[t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,_]}set(t,r,n,o,s,i,c,a,l,d,h,f,u,b,m,_){this.Ah=t|0,this.Al=r|0,this.Bh=n|0,this.Bl=o|0,this.Ch=s|0,this.Cl=i|0,this.Dh=c|0,this.Dl=a|0,this.Eh=l|0,this.El=d|0,this.Fh=h|0,this.Fl=f|0,this.Gh=u|0,this.Gl=b|0,this.Hh=m|0,this.Hl=_|0}process(t,r){for(let x=0;x<16;x++,r+=4)Ve[x]=t.getUint32(r),Ne[x]=t.getUint32(r+=4);for(let x=16;x<80;x++){let N=Ve[x-15]|0,M=Ne[x-15]|0,Y=P.rotrSH(N,M,1)^P.rotrSH(N,M,8)^P.shrSH(N,M,7),Z=P.rotrSL(N,M,1)^P.rotrSL(N,M,8)^P.shrSL(N,M,7),j=Ve[x-2]|0,H=Ne[x-2]|0,be=P.rotrSH(j,H,19)^P.rotrBH(j,H,61)^P.shrSH(j,H,6),ue=P.rotrSL(j,H,19)^P.rotrBL(j,H,61)^P.shrSL(j,H,6),C=P.add4L(Z,ue,Ne[x-7],Ne[x-16]),g=P.add4H(C,Y,be,Ve[x-7],Ve[x-16]);Ve[x]=g|0,Ne[x]=C|0}let{Ah:n,Al:o,Bh:s,Bl:i,Ch:c,Cl:a,Dh:l,Dl:d,Eh:h,El:f,Fh:u,Fl:b,Gh:m,Gl:_,Hh:T,Hl:q}=this;for(let x=0;x<80;x++){let N=P.rotrSH(h,f,14)^P.rotrSH(h,f,18)^P.rotrBH(h,f,41),M=P.rotrSL(h,f,14)^P.rotrSL(h,f,18)^P.rotrBL(h,f,41),Y=h&u^~h&m,Z=f&b^~f&_,j=P.add5L(q,M,Z,ls[x],Ne[x]),H=P.add5H(j,T,N,Y,us[x],Ve[x]),be=j|0,ue=P.rotrSH(n,o,28)^P.rotrBH(n,o,34)^P.rotrBH(n,o,39),C=P.rotrSL(n,o,28)^P.rotrBL(n,o,34)^P.rotrBL(n,o,39),g=n&s^n&c^s&c,w=o&i^o&a^i&a;T=m|0,q=_|0,m=u|0,_=b|0,u=h|0,b=f|0,{h,l:f}=P.add(l|0,d|0,H|0,be|0),l=c|0,d=a|0,c=s|0,a=i|0,s=n|0,i=o|0;let y=P.add3L(be,C,w);n=P.add3H(y,H,ue,g),o=y|0}({h:n,l:o}=P.add(this.Ah|0,this.Al|0,n|0,o|0)),{h:s,l:i}=P.add(this.Bh|0,this.Bl|0,s|0,i|0),{h:c,l:a}=P.add(this.Ch|0,this.Cl|0,c|0,a|0),{h:l,l:d}=P.add(this.Dh|0,this.Dl|0,l|0,d|0),{h,l:f}=P.add(this.Eh|0,this.El|0,h|0,f|0),{h:u,l:b}=P.add(this.Fh|0,this.Fl|0,u|0,b|0),{h:m,l:_}=P.add(this.Gh|0,this.Gl|0,m|0,_|0),{h:T,l:q}=P.add(this.Hh|0,this.Hl|0,T|0,q|0),this.set(n,o,s,i,c,a,l,d,h,f,u,b,m,_,T,q)}roundClean(){(0,J.clean)(Ve,Ne)}destroy(){(0,J.clean)(this.buffer),this.set(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0)}};z.SHA512=Ge;var Ot=class extends Ge{constructor(){super(48),this.Ah=U.SHA384_IV[0]|0,this.Al=U.SHA384_IV[1]|0,this.Bh=U.SHA384_IV[2]|0,this.Bl=U.SHA384_IV[3]|0,this.Ch=U.SHA384_IV[4]|0,this.Cl=U.SHA384_IV[5]|0,this.Dh=U.SHA384_IV[6]|0,this.Dl=U.SHA384_IV[7]|0,this.Eh=U.SHA384_IV[8]|0,this.El=U.SHA384_IV[9]|0,this.Fh=U.SHA384_IV[10]|0,this.Fl=U.SHA384_IV[11]|0,this.Gh=U.SHA384_IV[12]|0,this.Gl=U.SHA384_IV[13]|0,this.Hh=U.SHA384_IV[14]|0,this.Hl=U.SHA384_IV[15]|0}};z.SHA384=Ot;var ae=Uint32Array.from([2352822216,424955298,1944164710,2312950998,502970286,855612546,1738396948,1479516111,258812777,2077511080,2011393907,79989058,1067287976,1780299464,286451373,2446758561]),fe=Uint32Array.from([573645204,4230739756,2673172387,3360449730,596883563,1867755857,2520282905,1497426621,2519219938,2827943907,3193839141,1401305490,721525244,746961066,246885852,2177182882]),Lt=class extends Ge{constructor(){super(28),this.Ah=ae[0]|0,this.Al=ae[1]|0,this.Bh=ae[2]|0,this.Bl=ae[3]|0,this.Ch=ae[4]|0,this.Cl=ae[5]|0,this.Dh=ae[6]|0,this.Dl=ae[7]|0,this.Eh=ae[8]|0,this.El=ae[9]|0,this.Fh=ae[10]|0,this.Fl=ae[11]|0,this.Gh=ae[12]|0,this.Gl=ae[13]|0,this.Hh=ae[14]|0,this.Hl=ae[15]|0}};z.SHA512_224=Lt;var Rt=class extends Ge{constructor(){super(32),this.Ah=fe[0]|0,this.Al=fe[1]|0,this.Bh=fe[2]|0,this.Bl=fe[3]|0,this.Ch=fe[4]|0,this.Cl=fe[5]|0,this.Dh=fe[6]|0,this.Dl=fe[7]|0,this.Eh=fe[8]|0,this.El=fe[9]|0,this.Fh=fe[10]|0,this.Fl=fe[11]|0,this.Gh=fe[12]|0,this.Gl=fe[13]|0,this.Hh=fe[14]|0,this.Hl=fe[15]|0}};z.SHA512_256=Rt;z.sha256=(0,J.createHasher)(()=>new ut);z.sha224=(0,J.createHasher)(()=>new Ut);z.sha512=(0,J.createHasher)(()=>new Ge);z.sha384=(0,J.createHasher)(()=>new Ot);z.sha512_256=(0,J.createHasher)(()=>new Rt);z.sha512_224=(0,J.createHasher)(()=>new Lt)});var Er=le(Xe=>{"use strict";Object.defineProperty(Xe,"__esModule",{value:!0});Xe.hmac=Xe.HMAC=void 0;var We=qe(),lt=class extends We.Hash{constructor(t,r){super(),this.finished=!1,this.destroyed=!1,(0,We.ahash)(t);let n=(0,We.toBytes)(r);if(this.iHash=t.create(),typeof this.iHash.update!="function")throw new Error("Expected instance of class which extends utils.Hash");this.blockLen=this.iHash.blockLen,this.outputLen=this.iHash.outputLen;let o=this.blockLen,s=new Uint8Array(o);s.set(n.length>o?t.create().update(n).digest():n);for(let i=0;i<s.length;i++)s[i]^=54;this.iHash.update(s),this.oHash=t.create();for(let i=0;i<s.length;i++)s[i]^=106;this.oHash.update(s),(0,We.clean)(s)}update(t){return(0,We.aexists)(this),this.iHash.update(t),this}digestInto(t){(0,We.aexists)(this),(0,We.abytes)(t,this.outputLen),this.finished=!0,this.iHash.digestInto(t),this.oHash.update(t),this.oHash.digestInto(t),this.destroy()}digest(){let t=new Uint8Array(this.oHash.outputLen);return this.digestInto(t),t}_cloneInto(t){t||(t=Object.create(Object.getPrototypeOf(this),{}));let{oHash:r,iHash:n,finished:o,destroyed:s,blockLen:i,outputLen:c}=this;return t=t,t.finished=o,t.destroyed=s,t.blockLen=i,t.outputLen=c,t.oHash=r._cloneInto(t.oHash),t.iHash=n._cloneInto(t.iHash),t}clone(){return this._cloneInto()}destroy(){this.destroyed=!0,this.oHash.destroy(),this.iHash.destroy()}};Xe.HMAC=lt;var ds=(e,t,r)=>new lt(e,t).update(r).digest();Xe.hmac=ds;Xe.hmac.create=(e,t)=>new lt(e,t)});var Ye=le(L=>{"use strict";Object.defineProperty(L,"__esModule",{value:!0});L.notImplemented=L.bitMask=L.utf8ToBytes=L.randomBytes=L.isBytes=L.hexToBytes=L.concatBytes=L.bytesToUtf8=L.bytesToHex=L.anumber=L.abytes=void 0;L.abool=hs;L._abool2=ys;L._abytes2=bs;L.numberToHexUnpadded=Br;L.hexToNumber=nn;L.bytesToNumberBE=ws;L.bytesToNumberLE=gs;L.numberToBytesBE=_r;L.numberToBytesLE=ms;L.numberToVarBytesBE=ps;L.ensureBytes=xs;L.equalBytes=Es;L.copyBytes=Bs;L.asciiToBytes=_s;L.inRange=vr;L.aInRange=vs;L.bitLen=Ss;L.bitGet=As;L.bitSet=Hs;L.createHmacDrbg=Ts;L.validateObject=Os;L.isHash=Ls;L._validateObject=Rs;L.memoized=Cs;var Ae=qe(),Ue=qe();Object.defineProperty(L,"abytes",{enumerable:!0,get:function(){return Ue.abytes}});Object.defineProperty(L,"anumber",{enumerable:!0,get:function(){return Ue.anumber}});Object.defineProperty(L,"bytesToHex",{enumerable:!0,get:function(){return Ue.bytesToHex}});Object.defineProperty(L,"bytesToUtf8",{enumerable:!0,get:function(){return Ue.bytesToUtf8}});Object.defineProperty(L,"concatBytes",{enumerable:!0,get:function(){return Ue.concatBytes}});Object.defineProperty(L,"hexToBytes",{enumerable:!0,get:function(){return Ue.hexToBytes}});Object.defineProperty(L,"isBytes",{enumerable:!0,get:function(){return Ue.isBytes}});Object.defineProperty(L,"randomBytes",{enumerable:!0,get:function(){return Ue.randomBytes}});Object.defineProperty(L,"utf8ToBytes",{enumerable:!0,get:function(){return Ue.utf8ToBytes}});var qt=BigInt(0),dt=BigInt(1);function hs(e,t){if(typeof t!="boolean")throw new Error(e+" boolean expected, got "+t)}function ys(e,t=""){if(typeof e!="boolean"){let r=t&&`"${t}"`;throw new Error(r+"expected boolean, got type="+typeof e)}return e}function bs(e,t,r=""){let n=(0,Ae.isBytes)(e),o=e?.length,s=t!==void 0;if(!n||s&&o!==t){let i=r&&`"${r}" `,c=s?` of length ${t}`:"",a=n?`length=${o}`:`type=${typeof e}`;throw new Error(i+"expected Uint8Array"+c+", got "+a)}return e}function Br(e){let t=e.toString(16);return t.length&1?"0"+t:t}function nn(e){if(typeof e!="string")throw new Error("hex string expected, got "+typeof e);return e===""?qt:BigInt("0x"+e)}function ws(e){return nn((0,Ae.bytesToHex)(e))}function gs(e){return(0,Ae.abytes)(e),nn((0,Ae.bytesToHex)(Uint8Array.from(e).reverse()))}function _r(e,t){return(0,Ae.hexToBytes)(e.toString(16).padStart(t*2,"0"))}function ms(e,t){return _r(e,t).reverse()}function ps(e){return(0,Ae.hexToBytes)(Br(e))}function xs(e,t,r){let n;if(typeof t=="string")try{n=(0,Ae.hexToBytes)(t)}catch(s){throw new Error(e+" must be hex string or Uint8Array, cause: "+s)}else if((0,Ae.isBytes)(t))n=Uint8Array.from(t);else throw new Error(e+" must be hex string or Uint8Array");let o=n.length;if(typeof r=="number"&&o!==r)throw new Error(e+" of length "+r+" expected, got "+o);return n}function Es(e,t){if(e.length!==t.length)return!1;let r=0;for(let n=0;n<e.length;n++)r|=e[n]^t[n];return r===0}function Bs(e){return Uint8Array.from(e)}function _s(e){return Uint8Array.from(e,(t,r)=>{let n=t.charCodeAt(0);if(t.length!==1||n>127)throw new Error(`string contains non-ASCII character "${e[r]}" with code ${n} at position ${r}`);return n})}var tn=e=>typeof e=="bigint"&&qt<=e;function vr(e,t,r){return tn(e)&&tn(t)&&tn(r)&&t<=e&&e<r}function vs(e,t,r,n){if(!vr(t,r,n))throw new Error("expected valid "+e+": "+r+" <= n < "+n+", got "+t)}function Ss(e){let t;for(t=0;e>qt;e>>=dt,t+=1);return t}function As(e,t){return e>>BigInt(t)&dt}function Hs(e,t,r){return e|(r?dt:qt)<<BigInt(t)}var Is=e=>(dt<<BigInt(e))-dt;L.bitMask=Is;function Ts(e,t,r){if(typeof e!="number"||e<2)throw new Error("hashLen must be a number");if(typeof t!="number"||t<2)throw new Error("qByteLen must be a number");if(typeof r!="function")throw new Error("hmacFn must be a function");let n=u=>new Uint8Array(u),o=u=>Uint8Array.of(u),s=n(e),i=n(e),c=0,a=()=>{s.fill(1),i.fill(0),c=0},l=(...u)=>r(i,s,...u),d=(u=n(0))=>{i=l(o(0),u),s=l(),u.length!==0&&(i=l(o(1),u),s=l())},h=()=>{if(c++>=1e3)throw new Error("drbg: tried 1000 values");let u=0,b=[];for(;u<t;){s=l();let m=s.slice();b.push(m),u+=s.length}return(0,Ae.concatBytes)(...b)};return(u,b)=>{a(),d(u);let m;for(;!(m=b(h()));)d();return a(),m}}var Us={bigint:e=>typeof e=="bigint",function:e=>typeof e=="function",boolean:e=>typeof e=="boolean",string:e=>typeof e=="string",stringOrUint8Array:e=>typeof e=="string"||(0,Ae.isBytes)(e),isSafeInteger:e=>Number.isSafeInteger(e),array:e=>Array.isArray(e),field:(e,t)=>t.Fp.isValid(e),hash:e=>typeof e=="function"&&Number.isSafeInteger(e.outputLen)};function Os(e,t,r={}){let n=(o,s,i)=>{let c=Us[s];if(typeof c!="function")throw new Error("invalid validator function");let a=e[o];if(!(i&&a===void 0)&&!c(a,e))throw new Error("param "+String(o)+" is invalid. Expected "+s+", got "+a)};for(let[o,s]of Object.entries(t))n(o,s,!1);for(let[o,s]of Object.entries(r))n(o,s,!0);return e}function Ls(e){return typeof e=="function"&&Number.isSafeInteger(e.outputLen)}function Rs(e,t,r={}){if(!e||typeof e!="object")throw new Error("expected valid options object");function n(o,s,i){let c=e[o];if(i&&c===void 0)return;let a=typeof c;if(a!==s||c===null)throw new Error(`param "${o}" is invalid: expected ${s}, got ${a}`)}Object.entries(t).forEach(([o,s])=>n(o,s,!1)),Object.entries(r).forEach(([o,s])=>n(o,s,!0))}var qs=()=>{throw new Error("not implemented")};L.notImplemented=qs;function Cs(e){let t=new WeakMap;return(r,...n)=>{let o=t.get(r);if(o!==void 0)return o;let s=e(r,...n);return t.set(r,s),s}}});var tt=le(X=>{"use strict";Object.defineProperty(X,"__esModule",{value:!0});X.isNegativeLE=void 0;X.mod=ge;X.pow=ks;X.pow2=Ps;X.invert=Ct;X.tonelliShanks=on;X.FpSqrt=Or;X.validateField=Zs;X.FpPow=sn;X.FpInvertBatch=Lr;X.FpDiv=zs;X.FpLegendre=Vt;X.FpIsSquare=Gs;X.nLength=cn;X.Field=Nt;X.FpSqrtOdd=Ws;X.FpSqrtEven=Xs;X.hashToPrivateScalar=Ys;X.getFieldBytesLength=an;X.getMinHashLength=Rr;X.mapHashToField=$s;var me=Ye(),he=BigInt(0),ee=BigInt(1),$e=BigInt(2),Sr=BigInt(3),Ar=BigInt(4),Hr=BigInt(5),Vs=BigInt(7),Ir=BigInt(8),Ns=BigInt(9),Tr=BigInt(16);function ge(e,t){let r=e%t;return r>=he?r:t+r}function ks(e,t,r){return sn(Nt(r),e,t)}function Ps(e,t,r){let n=e;for(;t-- >he;)n*=n,n%=r;return n}function Ct(e,t){if(e===he)throw new Error("invert: expected non-zero number");if(t<=he)throw new Error("invert: expected positive modulus, got "+t);let r=ge(e,t),n=t,o=he,s=ee,i=ee,c=he;for(;r!==he;){let l=n/r,d=n%r,h=o-i*l,f=s-c*l;n=r,r=d,o=i,s=c,i=h,c=f}if(n!==ee)throw new Error("invert: does not exist");return ge(o,t)}function rn(e,t,r){if(!e.eql(e.sqr(t),r))throw new Error("Cannot find square root")}function Ur(e,t){let r=(e.ORDER+ee)/Ar,n=e.pow(t,r);return rn(e,n,t),n}function Ms(e,t){let r=(e.ORDER-Hr)/Ir,n=e.mul(t,$e),o=e.pow(n,r),s=e.mul(t,o),i=e.mul(e.mul(s,$e),o),c=e.mul(s,e.sub(i,e.ONE));return rn(e,c,t),c}function Ks(e){let t=Nt(e),r=on(e),n=r(t,t.neg(t.ONE)),o=r(t,n),s=r(t,t.neg(n)),i=(e+Vs)/Tr;return(c,a)=>{let l=c.pow(a,i),d=c.mul(l,n),h=c.mul(l,o),f=c.mul(l,s),u=c.eql(c.sqr(d),a),b=c.eql(c.sqr(h),a);l=c.cmov(l,d,u),d=c.cmov(f,h,b);let m=c.eql(c.sqr(d),a),_=c.cmov(l,d,m);return rn(c,_,a),_}}function on(e){if(e<Sr)throw new Error("sqrt is not defined for small field");let t=e-ee,r=0;for(;t%$e===he;)t/=$e,r++;let n=$e,o=Nt(e);for(;Vt(o,n)===1;)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(r===1)return Ur;let s=o.pow(n,t),i=(t+ee)/$e;return function(a,l){if(a.is0(l))return l;if(Vt(a,l)!==1)throw new Error("Cannot find square root");let d=r,h=a.mul(a.ONE,s),f=a.pow(l,t),u=a.pow(l,i);for(;!a.eql(f,a.ONE);){if(a.is0(f))return a.ZERO;let b=1,m=a.sqr(f);for(;!a.eql(m,a.ONE);)if(b++,m=a.sqr(m),b===d)throw new Error("Cannot find square root");let _=ee<<BigInt(d-b-1),T=a.pow(h,_);d=b,h=a.sqr(T),f=a.mul(f,h),u=a.mul(u,T)}return u}}function Or(e){return e%Ar===Sr?Ur:e%Ir===Hr?Ms:e%Tr===Ns?Ks(e):on(e)}var Ds=(e,t)=>(ge(e,t)&ee)===ee;X.isNegativeLE=Ds;var js=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function Zs(e){let t={ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"},r=js.reduce((n,o)=>(n[o]="function",n),t);return(0,me._validateObject)(e,r),e}function sn(e,t,r){if(r<he)throw new Error("invalid exponent, negatives unsupported");if(r===he)return e.ONE;if(r===ee)return t;let n=e.ONE,o=t;for(;r>he;)r&ee&&(n=e.mul(n,o)),o=e.sqr(o),r>>=ee;return n}function Lr(e,t,r=!1){let n=new Array(t.length).fill(r?e.ZERO:void 0),o=t.reduce((i,c,a)=>e.is0(c)?i:(n[a]=i,e.mul(i,c)),e.ONE),s=e.inv(o);return t.reduceRight((i,c,a)=>e.is0(c)?i:(n[a]=e.mul(i,n[a]),e.mul(i,c)),s),n}function zs(e,t,r){return e.mul(t,typeof r=="bigint"?Ct(r,e.ORDER):e.inv(r))}function Vt(e,t){let r=(e.ORDER-ee)/$e,n=e.pow(t,r),o=e.eql(n,e.ONE),s=e.eql(n,e.ZERO),i=e.eql(n,e.neg(e.ONE));if(!o&&!s&&!i)throw new Error("invalid Legendre symbol result");return o?1:s?0:-1}function Gs(e,t){return Vt(e,t)===1}function cn(e,t){t!==void 0&&(0,me.anumber)(t);let r=t!==void 0?t:e.toString(2).length,n=Math.ceil(r/8);return{nBitLength:r,nByteLength:n}}function Nt(e,t,r=!1,n={}){if(e<=he)throw new Error("invalid field: expected ORDER > 0, got "+e);let o,s,i=!1,c;if(typeof t=="object"&&t!=null){if(n.sqrt||r)throw new Error("cannot specify opts in two arguments");let f=t;f.BITS&&(o=f.BITS),f.sqrt&&(s=f.sqrt),typeof f.isLE=="boolean"&&(r=f.isLE),typeof f.modFromBytes=="boolean"&&(i=f.modFromBytes),c=f.allowedLengths}else typeof t=="number"&&(o=t),n.sqrt&&(s=n.sqrt);let{nBitLength:a,nByteLength:l}=cn(e,o);if(l>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let d,h=Object.freeze({ORDER:e,isLE:r,BITS:a,BYTES:l,MASK:(0,me.bitMask)(a),ZERO:he,ONE:ee,allowedLengths:c,create:f=>ge(f,e),isValid:f=>{if(typeof f!="bigint")throw new Error("invalid field element: expected bigint, got "+typeof f);return he<=f&&f<e},is0:f=>f===he,isValidNot0:f=>!h.is0(f)&&h.isValid(f),isOdd:f=>(f&ee)===ee,neg:f=>ge(-f,e),eql:(f,u)=>f===u,sqr:f=>ge(f*f,e),add:(f,u)=>ge(f+u,e),sub:(f,u)=>ge(f-u,e),mul:(f,u)=>ge(f*u,e),pow:(f,u)=>sn(h,f,u),div:(f,u)=>ge(f*Ct(u,e),e),sqrN:f=>f*f,addN:(f,u)=>f+u,subN:(f,u)=>f-u,mulN:(f,u)=>f*u,inv:f=>Ct(f,e),sqrt:s||(f=>(d||(d=Or(e)),d(h,f))),toBytes:f=>r?(0,me.numberToBytesLE)(f,l):(0,me.numberToBytesBE)(f,l),fromBytes:(f,u=!0)=>{if(c){if(!c.includes(f.length)||f.length>l)throw new Error("Field.fromBytes: expected "+c+" bytes, got "+f.length);let m=new Uint8Array(l);m.set(f,r?0:m.length-f.length),f=m}if(f.length!==l)throw new Error("Field.fromBytes: expected "+l+" bytes, got "+f.length);let b=r?(0,me.bytesToNumberLE)(f):(0,me.bytesToNumberBE)(f);if(i&&(b=ge(b,e)),!u&&!h.isValid(b))throw new Error("invalid field element: outside of range 0..ORDER");return b},invertBatch:f=>Lr(h,f),cmov:(f,u,b)=>b?u:f});return Object.freeze(h)}function Ws(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?r:e.neg(r)}function Xs(e,t){if(!e.isOdd)throw new Error("Field doesn't have isOdd");let r=e.sqrt(t);return e.isOdd(r)?e.neg(r):r}function Ys(e,t,r=!1){e=(0,me.ensureBytes)("privateHash",e);let n=e.length,o=cn(t).nByteLength+8;if(o<24||n<o||n>1024)throw new Error("hashToPrivateScalar: expected "+o+"-1024 bytes of input, got "+n);let s=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e);return ge(s,t-ee)+ee}function an(e){if(typeof e!="bigint")throw new Error("field order must be bigint");let t=e.toString(2).length;return Math.ceil(t/8)}function Rr(e){let t=an(e);return t+Math.ceil(t/2)}function $s(e,t,r=!1){let n=e.length,o=an(t),s=Rr(t);if(n<16||n<s||n>1024)throw new Error("expected "+s+"-1024 bytes of input, got "+n);let i=r?(0,me.bytesToNumberLE)(e):(0,me.bytesToNumberBE)(e),c=ge(i,t-ee)+ee;return r?(0,me.numberToBytesLE)(c,o):(0,me.numberToBytesBE)(c,o)}});var Mr=le(Ee=>{"use strict";Object.defineProperty(Ee,"__esModule",{value:!0});Ee.wNAF=void 0;Ee.negateCt=dn;Ee.normalizeZ=Fs;Ee.mulEndoUnsafe=Qs;Ee.pippenger=Js;Ee.precomputeMSMUnsafe=ei;Ee.validateBasic=ti;Ee._createCurveFields=ni;var ht=Ye(),yt=tt(),nt=BigInt(0),Fe=BigInt(1);function dn(e,t){let r=t.negate();return e?r:t}function Fs(e,t){let r=(0,yt.FpInvertBatch)(e.Fp,t.map(n=>n.Z));return t.map((n,o)=>e.fromAffine(n.toAffine(r[o])))}function yn(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function fn(e,t){yn(e,t);let r=Math.ceil(t/e)+1,n=2**(e-1),o=2**e,s=(0,ht.bitMask)(e),i=BigInt(e);return{windows:r,windowSize:n,mask:s,maxNumber:o,shiftBy:i}}function qr(e,t,r){let{windowSize:n,mask:o,maxNumber:s,shiftBy:i}=r,c=Number(e&o),a=e>>i;c>n&&(c-=s,a+=Fe);let l=t*n,d=l+Math.abs(c)-1,h=c===0,f=c<0,u=t%2!==0;return{nextN:a,offset:d,isZero:h,isNeg:f,isNegF:u,offsetF:l}}function Nr(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach((r,n)=>{if(!(r instanceof t))throw new Error("invalid point at index "+n)})}function kr(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach((r,n)=>{if(!t.isValid(r))throw new Error("invalid scalar at index "+n)})}var un=new WeakMap,Pr=new WeakMap;function ln(e){return Pr.get(e)||1}function Cr(e){if(e!==nt)throw new Error("invalid wNAF")}var hn=class{constructor(t,r){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=r}_unsafeLadder(t,r,n=this.ZERO){let o=t;for(;r>nt;)r&Fe&&(n=n.add(o)),o=o.double(),r>>=Fe;return n}precomputeWindow(t,r){let{windows:n,windowSize:o}=fn(r,this.bits),s=[],i=t,c=i;for(let a=0;a<n;a++){c=i,s.push(c);for(let l=1;l<o;l++)c=c.add(i),s.push(c);i=c.double()}return s}wNAF(t,r,n){if(!this.Fn.isValid(n))throw new Error("invalid scalar");let o=this.ZERO,s=this.BASE,i=fn(t,this.bits);for(let c=0;c<i.windows;c++){let{nextN:a,offset:l,isZero:d,isNeg:h,isNegF:f,offsetF:u}=qr(n,c,i);n=a,d?s=s.add(dn(f,r[u])):o=o.add(dn(h,r[l]))}return Cr(n),{p:o,f:s}}wNAFUnsafe(t,r,n,o=this.ZERO){let s=fn(t,this.bits);for(let i=0;i<s.windows&&n!==nt;i++){let{nextN:c,offset:a,isZero:l,isNeg:d}=qr(n,i,s);if(n=c,!l){let h=r[a];o=o.add(d?h.negate():h)}}return Cr(n),o}getPrecomputes(t,r,n){let o=un.get(r);return o||(o=this.precomputeWindow(r,t),t!==1&&(typeof n=="function"&&(o=n(o)),un.set(r,o))),o}cached(t,r,n){let o=ln(t);return this.wNAF(o,this.getPrecomputes(o,t,n),r)}unsafe(t,r,n,o){let s=ln(t);return s===1?this._unsafeLadder(t,r,o):this.wNAFUnsafe(s,this.getPrecomputes(s,t,n),r,o)}createCache(t,r){yn(r,this.bits),Pr.set(t,r),un.delete(t)}hasCache(t){return ln(t)!==1}};Ee.wNAF=hn;function Qs(e,t,r,n){let o=t,s=e.ZERO,i=e.ZERO;for(;r>nt||n>nt;)r&Fe&&(s=s.add(o)),n&Fe&&(i=i.add(o)),o=o.double(),r>>=Fe,n>>=Fe;return{p1:s,p2:i}}function Js(e,t,r,n){Nr(r,e),kr(n,t);let o=r.length,s=n.length;if(o!==s)throw new Error("arrays of points and scalars must have equal length");let i=e.ZERO,c=(0,ht.bitLen)(BigInt(o)),a=1;c>12?a=c-3:c>4?a=c-2:c>0&&(a=2);let l=(0,ht.bitMask)(a),d=new Array(Number(l)+1).fill(i),h=Math.floor((t.BITS-1)/a)*a,f=i;for(let u=h;u>=0;u-=a){d.fill(i);for(let m=0;m<s;m++){let _=n[m],T=Number(_>>BigInt(u)&l);d[T]=d[T].add(r[m])}let b=i;for(let m=d.length-1,_=i;m>0;m--)_=_.add(d[m]),b=b.add(_);if(f=f.add(b),u!==0)for(let m=0;m<a;m++)f=f.double()}return f}function ei(e,t,r,n){yn(n,t.BITS),Nr(r,e);let o=e.ZERO,s=2**n-1,i=Math.ceil(t.BITS/n),c=(0,ht.bitMask)(n),a=r.map(l=>{let d=[];for(let h=0,f=l;h<s;h++)d.push(f),f=f.add(l);return d});return l=>{if(kr(l,t),l.length>r.length)throw new Error("array of scalars must be smaller than array of points");let d=o;for(let h=0;h<i;h++){if(d!==o)for(let u=0;u<n;u++)d=d.double();let f=BigInt(i*n-(h+1)*n);for(let u=0;u<l.length;u++){let b=l[u],m=Number(b>>f&c);m&&(d=d.add(a[u][m-1]))}}return d}}function ti(e){return(0,yt.validateField)(e.Fp),(0,ht.validateObject)(e,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...(0,yt.nLength)(e.n,e.nBitLength),...e,p:e.Fp.ORDER})}function Vr(e,t,r){if(t){if(t.ORDER!==e)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return(0,yt.validateField)(t),t}else return(0,yt.Field)(e,{isLE:r})}function ni(e,t,r={},n){if(n===void 0&&(n=e==="edwards"),!t||typeof t!="object")throw new Error(`expected valid ${e} CURVE object`);for(let a of["p","n","h"]){let l=t[a];if(!(typeof l=="bigint"&&l>nt))throw new Error(`CURVE.${a} must be positive bigint`)}let o=Vr(t.p,r.Fp,n),s=Vr(t.n,r.Fn,n),c=["Gx","Gy","a",e==="weierstrass"?"b":"d"];for(let a of c)if(!o.isValid(t[a]))throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);return t=Object.freeze(Object.assign({},t)),{CURVE:t,Fp:o,Fn:s}}});var pn=le(W=>{"use strict";Object.defineProperty(W,"__esModule",{value:!0});W.DER=W.DERErr=void 0;W._splitEndoScalar=Dr;W._normFnElement=ke;W.weierstrassN=mn;W.SWUFpSqrtRatio=Zr;W.mapToCurveSimpleSWU=si;W.ecdh=Gr;W.ecdsa=Wr;W.weierstrassPoints=ii;W._legacyHelperEquat=Yr;W.weierstrass=ui;var ri=Er(),oi=qe(),A=Ye(),Oe=Mr(),ot=tt(),Kr=(e,t)=>(e+(e>=0?t:-t)/He)/t;function Dr(e,t,r){let[[n,o],[s,i]]=t,c=Kr(i*e,r),a=Kr(-o*e,r),l=e-c*n-a*s,d=-c*o-a*i,h=l<Be,f=d<Be;h&&(l=-l),f&&(d=-d);let u=(0,A.bitMask)(Math.ceil((0,A.bitLen)(r)/2))+re;if(l<Be||l>=u||d<Be||d>=u)throw new Error("splitScalar (endomorphism): failed, k="+e);return{k1neg:h,k1:l,k2neg:f,k2:d}}function wn(e){if(!["compact","recovered","der"].includes(e))throw new Error('Signature format must be "compact", "recovered", or "der"');return e}function bn(e,t){let r={};for(let n of Object.keys(t))r[n]=e[n]===void 0?t[n]:e[n];return(0,A._abool2)(r.lowS,"lowS"),(0,A._abool2)(r.prehash,"prehash"),r.format!==void 0&&wn(r.format),r}var kt=class extends Error{constructor(t=""){super(t)}};W.DERErr=kt;W.DER={Err:kt,_tlv:{encode:(e,t)=>{let{Err:r}=W.DER;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length&1)throw new r("tlv.encode: unpadded data");let n=t.length/2,o=(0,A.numberToHexUnpadded)(n);if(o.length/2&128)throw new r("tlv.encode: long form length too big");let s=n>127?(0,A.numberToHexUnpadded)(o.length/2|128):"";return(0,A.numberToHexUnpadded)(e)+s+o+t},decode(e,t){let{Err:r}=W.DER,n=0;if(e<0||e>256)throw new r("tlv.encode: wrong tag");if(t.length<2||t[n++]!==e)throw new r("tlv.decode: wrong tlv");let o=t[n++],s=!!(o&128),i=0;if(!s)i=o;else{let a=o&127;if(!a)throw new r("tlv.decode(long): indefinite length not supported");if(a>4)throw new r("tlv.decode(long): byte length is too big");let l=t.subarray(n,n+a);if(l.length!==a)throw new r("tlv.decode: length bytes not complete");if(l[0]===0)throw new r("tlv.decode(long): zero leftmost byte");for(let d of l)i=i<<8|d;if(n+=a,i<128)throw new r("tlv.decode(long): not minimal encoding")}let c=t.subarray(n,n+i);if(c.length!==i)throw new r("tlv.decode: wrong value length");return{v:c,l:t.subarray(n+i)}}},_int:{encode(e){let{Err:t}=W.DER;if(e<Be)throw new t("integer: negative integers are not allowed");let r=(0,A.numberToHexUnpadded)(e);if(Number.parseInt(r[0],16)&8&&(r="00"+r),r.length&1)throw new t("unexpected DER parsing assertion: unpadded hex");return r},decode(e){let{Err:t}=W.DER;if(e[0]&128)throw new t("invalid signature integer: negative");if(e[0]===0&&!(e[1]&128))throw new t("invalid signature integer: unnecessary leading zero");return(0,A.bytesToNumberBE)(e)}},toSig(e){let{Err:t,_int:r,_tlv:n}=W.DER,o=(0,A.ensureBytes)("signature",e),{v:s,l:i}=n.decode(48,o);if(i.length)throw new t("invalid signature: left bytes after parsing");let{v:c,l:a}=n.decode(2,s),{v:l,l:d}=n.decode(2,a);if(d.length)throw new t("invalid signature: left bytes after parsing");return{r:r.decode(c),s:r.decode(l)}},hexFromSig(e){let{_tlv:t,_int:r}=W.DER,n=t.encode(2,r.encode(e.r)),o=t.encode(2,r.encode(e.s)),s=n+o;return t.encode(48,s)}};var Be=BigInt(0),re=BigInt(1),He=BigInt(2),rt=BigInt(3),gn=BigInt(4);function ke(e,t){let{BYTES:r}=e,n;if(typeof t=="bigint")n=t;else{let o=(0,A.ensureBytes)("private key",t);try{n=e.fromBytes(o)}catch{throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof t}`)}}if(!e.isValidNot0(n))throw new Error("invalid private key: out of range [1..N-1]");return n}function mn(e,t={}){let r=(0,Oe._createCurveFields)("weierstrass",e,t),{Fp:n,Fn:o}=r,s=r.CURVE,{h:i,n:c}=s;(0,A._validateObject)(t,{},{allowInfinityPoint:"boolean",clearCofactor:"function",isTorsionFree:"function",fromBytes:"function",toBytes:"function",endo:"object",wrapPrivateKey:"boolean"});let{endo:a}=t;if(a&&(!n.is0(s.a)||typeof a.beta!="bigint"||!Array.isArray(a.basises)))throw new Error('invalid endo: expected "beta": bigint and "basises": array');let l=zr(n,o);function d(){if(!n.isOdd)throw new Error("compression is not supported: Field does not have .isOdd()")}function h(C,g,w){let{x:y,y:p}=g.toAffine(),E=n.toBytes(y);if((0,A._abool2)(w,"isCompressed"),w){d();let S=!n.isOdd(p);return(0,A.concatBytes)(jr(S),E)}else return(0,A.concatBytes)(Uint8Array.of(4),E,n.toBytes(p))}function f(C){(0,A._abytes2)(C,void 0,"Point");let{publicKey:g,publicKeyUncompressed:w}=l,y=C.length,p=C[0],E=C.subarray(1);if(y===g&&(p===2||p===3)){let S=n.fromBytes(E);if(!n.isValid(S))throw new Error("bad point: is not on curve, wrong x");let I=m(S),v;try{v=n.sqrt(I)}catch(te){let G=te instanceof Error?": "+te.message:"";throw new Error("bad point: is not on curve, sqrt error"+G)}d();let R=n.isOdd(v);return(p&1)===1!==R&&(v=n.neg(v)),{x:S,y:v}}else if(y===w&&p===4){let S=n.BYTES,I=n.fromBytes(E.subarray(0,S)),v=n.fromBytes(E.subarray(S,S*2));if(!_(I,v))throw new Error("bad point: is not on curve");return{x:I,y:v}}else throw new Error(`bad point: got length ${y}, expected compressed=${g} or uncompressed=${w}`)}let u=t.toBytes||h,b=t.fromBytes||f;function m(C){let g=n.sqr(C),w=n.mul(g,C);return n.add(n.add(w,n.mul(C,s.a)),s.b)}function _(C,g){let w=n.sqr(g),y=m(C);return n.eql(w,y)}if(!_(s.Gx,s.Gy))throw new Error("bad curve params: generator point");let T=n.mul(n.pow(s.a,rt),gn),q=n.mul(n.sqr(s.b),BigInt(27));if(n.is0(n.add(T,q)))throw new Error("bad curve params: a or b");function x(C,g,w=!1){if(!n.isValid(g)||w&&n.is0(g))throw new Error(`bad point coordinate ${C}`);return g}function N(C){if(!(C instanceof H))throw new Error("ProjectivePoint expected")}function M(C){if(!a||!a.basises)throw new Error("no endo");return Dr(C,a.basises,o.ORDER)}let Y=(0,A.memoized)((C,g)=>{let{X:w,Y:y,Z:p}=C;if(n.eql(p,n.ONE))return{x:w,y};let E=C.is0();g==null&&(g=E?n.ONE:n.inv(p));let S=n.mul(w,g),I=n.mul(y,g),v=n.mul(p,g);if(E)return{x:n.ZERO,y:n.ZERO};if(!n.eql(v,n.ONE))throw new Error("invZ was invalid");return{x:S,y:I}}),Z=(0,A.memoized)(C=>{if(C.is0()){if(t.allowInfinityPoint&&!n.is0(C.Y))return;throw new Error("bad point: ZERO")}let{x:g,y:w}=C.toAffine();if(!n.isValid(g)||!n.isValid(w))throw new Error("bad point: x or y not field elements");if(!_(g,w))throw new Error("bad point: equation left != right");if(!C.isTorsionFree())throw new Error("bad point: not in prime-order subgroup");return!0});function j(C,g,w,y,p){return w=new H(n.mul(w.X,C),w.Y,w.Z),g=(0,Oe.negateCt)(y,g),w=(0,Oe.negateCt)(p,w),g.add(w)}class H{constructor(g,w,y){this.X=x("x",g),this.Y=x("y",w,!0),this.Z=x("z",y),Object.freeze(this)}static CURVE(){return s}static fromAffine(g){let{x:w,y}=g||{};if(!g||!n.isValid(w)||!n.isValid(y))throw new Error("invalid affine point");if(g instanceof H)throw new Error("projective point not allowed");return n.is0(w)&&n.is0(y)?H.ZERO:new H(w,y,n.ONE)}static fromBytes(g){let w=H.fromAffine(b((0,A._abytes2)(g,void 0,"point")));return w.assertValidity(),w}static fromHex(g){return H.fromBytes((0,A.ensureBytes)("pointHex",g))}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(g=8,w=!0){return ue.createCache(this,g),w||this.multiply(rt),this}assertValidity(){Z(this)}hasEvenY(){let{y:g}=this.toAffine();if(!n.isOdd)throw new Error("Field doesn't support isOdd");return!n.isOdd(g)}equals(g){N(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:S,Z:I}=g,v=n.eql(n.mul(w,I),n.mul(E,p)),R=n.eql(n.mul(y,I),n.mul(S,p));return v&&R}negate(){return new H(this.X,n.neg(this.Y),this.Z)}double(){let{a:g,b:w}=s,y=n.mul(w,rt),{X:p,Y:E,Z:S}=this,I=n.ZERO,v=n.ZERO,R=n.ZERO,k=n.mul(p,p),te=n.mul(E,E),G=n.mul(S,S),K=n.mul(p,E);return K=n.add(K,K),R=n.mul(p,S),R=n.add(R,R),I=n.mul(g,R),v=n.mul(y,G),v=n.add(I,v),I=n.sub(te,v),v=n.add(te,v),v=n.mul(I,v),I=n.mul(K,I),R=n.mul(y,R),G=n.mul(g,G),K=n.sub(k,G),K=n.mul(g,K),K=n.add(K,R),R=n.add(k,k),k=n.add(R,k),k=n.add(k,G),k=n.mul(k,K),v=n.add(v,k),G=n.mul(E,S),G=n.add(G,G),k=n.mul(G,K),I=n.sub(I,k),R=n.mul(G,te),R=n.add(R,R),R=n.add(R,R),new H(I,v,R)}add(g){N(g);let{X:w,Y:y,Z:p}=this,{X:E,Y:S,Z:I}=g,v=n.ZERO,R=n.ZERO,k=n.ZERO,te=s.a,G=n.mul(s.b,rt),K=n.mul(w,E),$=n.mul(y,S),ne=n.mul(p,I),we=n.add(w,y),F=n.add(E,S);we=n.mul(we,F),F=n.add(K,$),we=n.sub(we,F),F=n.add(w,p);let ce=n.add(E,I);return F=n.mul(F,ce),ce=n.add(K,ne),F=n.sub(F,ce),ce=n.add(y,p),v=n.add(S,I),ce=n.mul(ce,v),v=n.add($,ne),ce=n.sub(ce,v),k=n.mul(te,F),v=n.mul(G,ne),k=n.add(v,k),v=n.sub($,k),k=n.add($,k),R=n.mul(v,k),$=n.add(K,K),$=n.add($,K),ne=n.mul(te,ne),F=n.mul(G,F),$=n.add($,ne),ne=n.sub(K,ne),ne=n.mul(te,ne),F=n.add(F,ne),K=n.mul($,F),R=n.add(R,K),K=n.mul(ce,F),v=n.mul(we,v),v=n.sub(v,K),K=n.mul(we,$),k=n.mul(ce,k),k=n.add(k,K),new H(v,R,k)}subtract(g){return this.add(g.negate())}is0(){return this.equals(H.ZERO)}multiply(g){let{endo:w}=t;if(!o.isValidNot0(g))throw new Error("invalid scalar: out of range");let y,p,E=S=>ue.cached(this,S,I=>(0,Oe.normalizeZ)(H,I));if(w){let{k1neg:S,k1:I,k2neg:v,k2:R}=M(g),{p:k,f:te}=E(I),{p:G,f:K}=E(R);p=te.add(K),y=j(w.beta,k,G,S,v)}else{let{p:S,f:I}=E(g);y=S,p=I}return(0,Oe.normalizeZ)(H,[y,p])[0]}multiplyUnsafe(g){let{endo:w}=t,y=this;if(!o.isValid(g))throw new Error("invalid scalar: out of range");if(g===Be||y.is0())return H.ZERO;if(g===re)return y;if(ue.hasCache(this))return this.multiply(g);if(w){let{k1neg:p,k1:E,k2neg:S,k2:I}=M(g),{p1:v,p2:R}=(0,Oe.mulEndoUnsafe)(H,y,E,I);return j(w.beta,v,R,p,S)}else return ue.unsafe(y,g)}multiplyAndAddUnsafe(g,w,y){let p=this.multiplyUnsafe(w).add(g.multiplyUnsafe(y));return p.is0()?void 0:p}toAffine(g){return Y(this,g)}isTorsionFree(){let{isTorsionFree:g}=t;return i===re?!0:g?g(H,this):ue.unsafe(this,c).is0()}clearCofactor(){let{clearCofactor:g}=t;return i===re?this:g?g(H,this):this.multiplyUnsafe(i)}isSmallOrder(){return this.multiplyUnsafe(i).is0()}toBytes(g=!0){return(0,A._abool2)(g,"isCompressed"),this.assertValidity(),u(H,this,g)}toHex(g=!0){return(0,A.bytesToHex)(this.toBytes(g))}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get px(){return this.X}get py(){return this.X}get pz(){return this.Z}toRawBytes(g=!0){return this.toBytes(g)}_setWindowSize(g){this.precompute(g)}static normalizeZ(g){return(0,Oe.normalizeZ)(H,g)}static msm(g,w){return(0,Oe.pippenger)(H,o,g,w)}static fromPrivateKey(g){return H.BASE.multiply(ke(o,g))}}H.BASE=new H(s.Gx,s.Gy,n.ONE),H.ZERO=new H(n.ZERO,n.ONE,n.ZERO),H.Fp=n,H.Fn=o;let be=o.BITS,ue=new Oe.wNAF(H,t.endo?Math.ceil(be/2):be);return H.BASE.precompute(8),H}function jr(e){return Uint8Array.of(e?2:3)}function Zr(e,t){let r=e.ORDER,n=Be;for(let b=r-re;b%He===Be;b/=He)n+=re;let o=n,s=He<<o-re-re,i=s*He,c=(r-re)/i,a=(c-re)/He,l=i-re,d=s,h=e.pow(t,c),f=e.pow(t,(c+re)/He),u=(b,m)=>{let _=h,T=e.pow(m,l),q=e.sqr(T);q=e.mul(q,m);let x=e.mul(b,q);x=e.pow(x,a),x=e.mul(x,T),T=e.mul(x,m),q=e.mul(x,b);let N=e.mul(q,T);x=e.pow(N,d);let M=e.eql(x,e.ONE);T=e.mul(q,f),x=e.mul(N,_),q=e.cmov(T,q,M),N=e.cmov(x,N,M);for(let Y=o;Y>re;Y--){let Z=Y-He;Z=He<<Z-re;let j=e.pow(N,Z),H=e.eql(j,e.ONE);T=e.mul(q,_),_=e.mul(_,_),j=e.mul(N,_),q=e.cmov(T,q,H),N=e.cmov(j,N,H)}return{isValid:M,value:q}};if(e.ORDER%gn===rt){let b=(e.ORDER-rt)/gn,m=e.sqrt(e.neg(t));u=(_,T)=>{let q=e.sqr(T),x=e.mul(_,T);q=e.mul(q,x);let N=e.pow(q,b);N=e.mul(N,x);let M=e.mul(N,m),Y=e.mul(e.sqr(N),T),Z=e.eql(Y,_),j=e.cmov(M,N,Z);return{isValid:Z,value:j}}}return u}function si(e,t){(0,ot.validateField)(e);let{A:r,B:n,Z:o}=t;if(!e.isValid(r)||!e.isValid(n)||!e.isValid(o))throw new Error("mapToCurveSimpleSWU: invalid opts");let s=Zr(e,o);if(!e.isOdd)throw new Error("Field does not have .isOdd()");return i=>{let c,a,l,d,h,f,u,b;c=e.sqr(i),c=e.mul(c,o),a=e.sqr(c),a=e.add(a,c),l=e.add(a,e.ONE),l=e.mul(l,n),d=e.cmov(o,e.neg(a),!e.eql(a,e.ZERO)),d=e.mul(d,r),a=e.sqr(l),f=e.sqr(d),h=e.mul(f,r),a=e.add(a,h),a=e.mul(a,l),f=e.mul(f,d),h=e.mul(f,n),a=e.add(a,h),u=e.mul(c,l);let{isValid:m,value:_}=s(a,f);b=e.mul(c,i),b=e.mul(b,_),u=e.cmov(u,l,m),b=e.cmov(b,_,m);let T=e.isOdd(i)===e.isOdd(b);b=e.cmov(e.neg(b),b,T);let q=(0,ot.FpInvertBatch)(e,[d],!0)[0];return u=e.mul(u,q),{x:u,y:b}}}function zr(e,t){return{secretKey:t.BYTES,publicKey:1+e.BYTES,publicKeyUncompressed:1+2*e.BYTES,publicKeyHasPrefix:!0,signature:2*t.BYTES}}function Gr(e,t={}){let{Fn:r}=e,n=t.randomBytes||A.randomBytes,o=Object.assign(zr(e.Fp,r),{seed:(0,ot.getMinHashLength)(r.ORDER)});function s(u){try{return!!ke(r,u)}catch{return!1}}function i(u,b){let{publicKey:m,publicKeyUncompressed:_}=o;try{let T=u.length;return b===!0&&T!==m||b===!1&&T!==_?!1:!!e.fromBytes(u)}catch{return!1}}function c(u=n(o.seed)){return(0,ot.mapHashToField)((0,A._abytes2)(u,o.seed,"seed"),r.ORDER)}function a(u,b=!0){return e.BASE.multiply(ke(r,u)).toBytes(b)}function l(u){let b=c(u);return{secretKey:b,publicKey:a(b)}}function d(u){if(typeof u=="bigint")return!1;if(u instanceof e)return!0;let{secretKey:b,publicKey:m,publicKeyUncompressed:_}=o;if(r.allowedLengths||b===m)return;let T=(0,A.ensureBytes)("key",u).length;return T===m||T===_}function h(u,b,m=!0){if(d(u)===!0)throw new Error("first arg must be private key");if(d(b)===!1)throw new Error("second arg must be public key");let _=ke(r,u);return e.fromHex(b).multiply(_).toBytes(m)}return Object.freeze({getPublicKey:a,getSharedSecret:h,keygen:l,Point:e,utils:{isValidSecretKey:s,isValidPublicKey:i,randomSecretKey:c,isValidPrivateKey:s,randomPrivateKey:c,normPrivateKeyToScalar:u=>ke(r,u),precompute(u=8,b=e.BASE){return b.precompute(u,!1)}},lengths:o})}function Wr(e,t,r={}){(0,oi.ahash)(t),(0,A._validateObject)(r,{},{hmac:"function",lowS:"boolean",randomBytes:"function",bits2int:"function",bits2int_modN:"function"});let n=r.randomBytes||A.randomBytes,o=r.hmac||((w,...y)=>(0,ri.hmac)(t,w,(0,A.concatBytes)(...y))),{Fp:s,Fn:i}=e,{ORDER:c,BITS:a}=i,{keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u}=Gr(e,r),b={prehash:!1,lowS:typeof r.lowS=="boolean"?r.lowS:!1,format:void 0,extraEntropy:!1},m="compact";function _(w){let y=c>>re;return w>y}function T(w,y){if(!i.isValidNot0(y))throw new Error(`invalid signature ${w}: out of range 1..Point.Fn.ORDER`);return y}function q(w,y){wn(y);let p=u.signature,E=y==="compact"?p:y==="recovered"?p+1:void 0;return(0,A._abytes2)(w,E,`${y} signature`)}class x{constructor(y,p,E){this.r=T("r",y),this.s=T("s",p),E!=null&&(this.recovery=E),Object.freeze(this)}static fromBytes(y,p=m){q(y,p);let E;if(p==="der"){let{r:R,s:k}=W.DER.toSig((0,A._abytes2)(y));return new x(R,k)}p==="recovered"&&(E=y[0],p="compact",y=y.subarray(1));let S=i.BYTES,I=y.subarray(0,S),v=y.subarray(S,S*2);return new x(i.fromBytes(I),i.fromBytes(v),E)}static fromHex(y,p){return this.fromBytes((0,A.hexToBytes)(y),p)}addRecoveryBit(y){return new x(this.r,this.s,y)}recoverPublicKey(y){let p=s.ORDER,{r:E,s:S,recovery:I}=this;if(I==null||![0,1,2,3].includes(I))throw new Error("recovery id invalid");if(c*He<p&&I>1)throw new Error("recovery id is ambiguous for h>1 curve");let R=I===2||I===3?E+c:E;if(!s.isValid(R))throw new Error("recovery id 2 or 3 invalid");let k=s.toBytes(R),te=e.fromBytes((0,A.concatBytes)(jr((I&1)===0),k)),G=i.inv(R),K=M((0,A.ensureBytes)("msgHash",y)),$=i.create(-K*G),ne=i.create(S*G),we=e.BASE.multiplyUnsafe($).add(te.multiplyUnsafe(ne));if(we.is0())throw new Error("point at infinify");return we.assertValidity(),we}hasHighS(){return _(this.s)}toBytes(y=m){if(wn(y),y==="der")return(0,A.hexToBytes)(W.DER.hexFromSig(this));let p=i.toBytes(this.r),E=i.toBytes(this.s);if(y==="recovered"){if(this.recovery==null)throw new Error("recovery bit must be present");return(0,A.concatBytes)(Uint8Array.of(this.recovery),p,E)}return(0,A.concatBytes)(p,E)}toHex(y){return(0,A.bytesToHex)(this.toBytes(y))}assertValidity(){}static fromCompact(y){return x.fromBytes((0,A.ensureBytes)("sig",y),"compact")}static fromDER(y){return x.fromBytes((0,A.ensureBytes)("sig",y),"der")}normalizeS(){return this.hasHighS()?new x(this.r,i.neg(this.s),this.recovery):this}toDERRawBytes(){return this.toBytes("der")}toDERHex(){return(0,A.bytesToHex)(this.toBytes("der"))}toCompactRawBytes(){return this.toBytes("compact")}toCompactHex(){return(0,A.bytesToHex)(this.toBytes("compact"))}}let N=r.bits2int||function(y){if(y.length>8192)throw new Error("input is too large");let p=(0,A.bytesToNumberBE)(y),E=y.length*8-a;return E>0?p>>BigInt(E):p},M=r.bits2int_modN||function(y){return i.create(N(y))},Y=(0,A.bitMask)(a);function Z(w){return(0,A.aInRange)("num < 2^"+a,w,Be,Y),i.toBytes(w)}function j(w,y){return(0,A._abytes2)(w,void 0,"message"),y?(0,A._abytes2)(t(w),void 0,"prehashed message"):w}function H(w,y,p){if(["recovered","canonical"].some($=>$ in p))throw new Error("sign() legacy options not supported");let{lowS:E,prehash:S,extraEntropy:I}=bn(p,b);w=j(w,S);let v=M(w),R=ke(i,y),k=[Z(R),Z(v)];if(I!=null&&I!==!1){let $=I===!0?n(u.secretKey):I;k.push((0,A.ensureBytes)("extraEntropy",$))}let te=(0,A.concatBytes)(...k),G=v;function K($){let ne=N($);if(!i.isValidNot0(ne))return;let we=i.inv(ne),F=e.BASE.multiply(ne).toAffine(),ce=i.create(F.x);if(ce===Be)return;let St=i.create(we*i.create(G+ce*R));if(St===Be)return;let kn=(F.x===ce?0:2)|Number(F.y&re),Pn=St;return E&&_(St)&&(Pn=i.neg(St),kn^=1),new x(ce,Pn,kn)}return{seed:te,k2sig:K}}function be(w,y,p={}){w=(0,A.ensureBytes)("message",w);let{seed:E,k2sig:S}=H(w,y,p);return(0,A.createHmacDrbg)(t.outputLen,i.BYTES,o)(E,S)}function ue(w){let y,p=typeof w=="string"||(0,A.isBytes)(w),E=!p&&w!==null&&typeof w=="object"&&typeof w.r=="bigint"&&typeof w.s=="bigint";if(!p&&!E)throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");if(E)y=new x(w.r,w.s);else if(p){try{y=x.fromBytes((0,A.ensureBytes)("sig",w),"der")}catch(S){if(!(S instanceof W.DER.Err))throw S}if(!y)try{y=x.fromBytes((0,A.ensureBytes)("sig",w),"compact")}catch{return!1}}return y||!1}function C(w,y,p,E={}){let{lowS:S,prehash:I,format:v}=bn(E,b);if(p=(0,A.ensureBytes)("publicKey",p),y=j((0,A.ensureBytes)("message",y),I),"strict"in E)throw new Error("options.strict was renamed to lowS");let R=v===void 0?ue(w):x.fromBytes((0,A.ensureBytes)("sig",w),v);if(R===!1)return!1;try{let k=e.fromBytes(p);if(S&&R.hasHighS())return!1;let{r:te,s:G}=R,K=M(y),$=i.inv(G),ne=i.create(K*$),we=i.create(te*$),F=e.BASE.multiplyUnsafe(ne).add(k.multiplyUnsafe(we));return F.is0()?!1:i.create(F.x)===te}catch{return!1}}function g(w,y,p={}){let{prehash:E}=bn(p,b);return y=j(y,E),x.fromBytes(w,"recovered").recoverPublicKey(y).toBytes()}return Object.freeze({keygen:l,getPublicKey:d,getSharedSecret:h,utils:f,lengths:u,Point:e,sign:be,verify:C,recoverPublicKey:g,Signature:x,hash:t})}function ii(e){let{CURVE:t,curveOpts:r}=Xr(e),n=mn(t,r);return ai(e,n)}function Xr(e){let t={a:e.a,b:e.b,p:e.Fp.ORDER,n:e.n,h:e.h,Gx:e.Gx,Gy:e.Gy},r=e.Fp,n=e.allowedPrivateKeyLengths?Array.from(new Set(e.allowedPrivateKeyLengths.map(i=>Math.ceil(i/2)))):void 0,o=(0,ot.Field)(t.n,{BITS:e.nBitLength,allowedLengths:n,modFromBytes:e.wrapPrivateKey}),s={Fp:r,Fn:o,allowInfinityPoint:e.allowInfinityPoint,endo:e.endo,isTorsionFree:e.isTorsionFree,clearCofactor:e.clearCofactor,fromBytes:e.fromBytes,toBytes:e.toBytes};return{CURVE:t,curveOpts:s}}function ci(e){let{CURVE:t,curveOpts:r}=Xr(e),n={hmac:e.hmac,randomBytes:e.randomBytes,lowS:e.lowS,bits2int:e.bits2int,bits2int_modN:e.bits2int_modN};return{CURVE:t,curveOpts:r,hash:e.hash,ecdsaOpts:n}}function Yr(e,t,r){function n(o){let s=e.sqr(o),i=e.mul(s,o);return e.add(e.add(i,e.mul(o,t)),r)}return n}function ai(e,t){let{Fp:r,Fn:n}=t;function o(i){return(0,A.inRange)(i,re,n.ORDER)}let s=Yr(r,e.a,e.b);return Object.assign({},{CURVE:e,Point:t,ProjectivePoint:t,normPrivateKeyToScalar:i=>ke(n,i),weierstrassEquation:s,isWithinCurveOrder:o})}function fi(e,t){let r=t.Point;return Object.assign({},t,{ProjectivePoint:r,CURVE:Object.assign({},e,(0,ot.nLength)(r.Fn.ORDER,r.Fn.BITS))})}function ui(e){let{CURVE:t,curveOpts:r,hash:n,ecdsaOpts:o}=ci(e),s=mn(t,r),i=Wr(s,n,o);return fi(e,i)}});var $r=le(Pt=>{"use strict";Object.defineProperty(Pt,"__esModule",{value:!0});Pt.getHash=di;Pt.createCurve=hi;var li=pn();function di(e){return{hash:e}}function hi(e,t){let r=n=>(0,li.weierstrass)({...e,hash:n});return{...r(t),create:r}}});var to=le(Ie=>{"use strict";Object.defineProperty(Ie,"__esModule",{value:!0});Ie._DST_scalar=void 0;Ie.expand_message_xmd=Jr;Ie.expand_message_xof=eo;Ie.hash_to_field=Mt;Ie.isogenyMap=wi;Ie.createHasher=gi;var oe=Ye(),Fr=tt(),yi=oe.bytesToNumberBE;function Pe(e,t){if(bt(e),bt(t),e<0||e>=1<<8*t)throw new Error("invalid I2OSP input: "+e);let r=Array.from({length:t}).fill(0);for(let n=t-1;n>=0;n--)r[n]=e&255,e>>>=8;return new Uint8Array(r)}function bi(e,t){let r=new Uint8Array(e.length);for(let n=0;n<e.length;n++)r[n]=e[n]^t[n];return r}function bt(e){if(!Number.isSafeInteger(e))throw new Error("number expected")}function Qr(e){if(!(0,oe.isBytes)(e)&&typeof e!="string")throw new Error("DST must be Uint8Array or string");return typeof e=="string"?(0,oe.utf8ToBytes)(e):e}function Jr(e,t,r,n){(0,oe.abytes)(e),bt(r),t=Qr(t),t.length>255&&(t=n((0,oe.concatBytes)((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-"),t)));let{outputLen:o,blockLen:s}=n,i=Math.ceil(r/o);if(r>65535||i>255)throw new Error("expand_message_xmd: invalid lenInBytes");let c=(0,oe.concatBytes)(t,Pe(t.length,1)),a=Pe(0,s),l=Pe(r,2),d=new Array(i),h=n((0,oe.concatBytes)(a,e,l,Pe(0,1),c));d[0]=n((0,oe.concatBytes)(h,Pe(1,1),c));for(let u=1;u<=i;u++){let b=[bi(h,d[u-1]),Pe(u+1,1),c];d[u]=n((0,oe.concatBytes)(...b))}return(0,oe.concatBytes)(...d).slice(0,r)}function eo(e,t,r,n,o){if((0,oe.abytes)(e),bt(r),t=Qr(t),t.length>255){let s=Math.ceil(2*n/8);t=o.create({dkLen:s}).update((0,oe.utf8ToBytes)("H2C-OVERSIZE-DST-")).update(t).digest()}if(r>65535||t.length>255)throw new Error("expand_message_xof: invalid lenInBytes");return o.create({dkLen:r}).update(e).update(Pe(r,2)).update(t).update(Pe(t.length,1)).digest()}function Mt(e,t,r){(0,oe._validateObject)(r,{p:"bigint",m:"number",k:"number",hash:"function"});let{p:n,k:o,m:s,hash:i,expand:c,DST:a}=r;if(!(0,oe.isHash)(r.hash))throw new Error("expected valid hash");(0,oe.abytes)(e),bt(t);let l=n.toString(2).length,d=Math.ceil((l+o)/8),h=t*s*d,f;if(c==="xmd")f=Jr(e,a,h,i);else if(c==="xof")f=eo(e,a,h,o,i);else if(c==="_internal_pass")f=e;else throw new Error('expand must be "xmd" or "xof"');let u=new Array(t);for(let b=0;b<t;b++){let m=new Array(s);for(let _=0;_<s;_++){let T=d*(_+b*s),q=f.subarray(T,T+d);m[_]=(0,Fr.mod)(yi(q),n)}u[b]=m}return u}function wi(e,t){let r=t.map(n=>Array.from(n).reverse());return(n,o)=>{let[s,i,c,a]=r.map(h=>h.reduce((f,u)=>e.add(e.mul(f,n),u))),[l,d]=(0,Fr.FpInvertBatch)(e,[i,a],!0);return n=e.mul(s,l),o=e.mul(o,e.mul(c,d)),{x:n,y:o}}}Ie._DST_scalar=(0,oe.utf8ToBytes)("HashToScalar-");function gi(e,t,r){if(typeof t!="function")throw new Error("mapToCurve() must be defined");function n(s){return e.fromAffine(t(s))}function o(s){let i=s.clearCofactor();return i.equals(e.ZERO)?e.ZERO:(i.assertValidity(),i)}return{defaults:r,hashToCurve(s,i){let c=Object.assign({},r,i),a=Mt(s,2,c),l=n(a[0]),d=n(a[1]);return o(l.add(d))},encodeToCurve(s,i){let c=r.encodeDST?{DST:r.encodeDST}:{},a=Object.assign({},r,c,i),l=Mt(s,1,a),d=n(l[0]);return o(d)},mapToCurve(s){if(!Array.isArray(s))throw new Error("expected array of bigints");for(let i of s)if(typeof i!="bigint")throw new Error("expected array of bigints");return o(n(s))},hashToScalar(s,i){let c=e.Fn.ORDER,a=Object.assign({},r,{p:c,m:1,DST:Ie._DST_scalar},i);return Mt(s,1,a)[0][0]}}}});var lo=le(se=>{"use strict";Object.defineProperty(se,"__esModule",{value:!0});se.encodeToCurve=se.hashToCurve=se.secp256k1_hasher=se.schnorr=se.secp256k1=void 0;var Kt=xr(),so=qe(),mi=$r(),io=to(),ye=tt(),co=pn(),pe=Ye(),st={p:BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),n:BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),h:BigInt(1),a:BigInt(0),b:BigInt(7),Gx:BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),Gy:BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")},pi={beta:BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),basises:[[BigInt("0x3086d221a7d46bcde86c90e49284eb15"),-BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],[BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"),BigInt("0x3086d221a7d46bcde86c90e49284eb15")]]},xi=BigInt(0),no=BigInt(1),xn=BigInt(2);function Ei(e){let t=st.p,r=BigInt(3),n=BigInt(6),o=BigInt(11),s=BigInt(22),i=BigInt(23),c=BigInt(44),a=BigInt(88),l=e*e*e%t,d=l*l*e%t,h=(0,ye.pow2)(d,r,t)*d%t,f=(0,ye.pow2)(h,r,t)*d%t,u=(0,ye.pow2)(f,xn,t)*l%t,b=(0,ye.pow2)(u,o,t)*u%t,m=(0,ye.pow2)(b,s,t)*b%t,_=(0,ye.pow2)(m,c,t)*m%t,T=(0,ye.pow2)(_,a,t)*_%t,q=(0,ye.pow2)(T,c,t)*m%t,x=(0,ye.pow2)(q,r,t)*d%t,N=(0,ye.pow2)(x,i,t)*b%t,M=(0,ye.pow2)(N,n,t)*l%t,Y=(0,ye.pow2)(M,xn,t);if(!Le.eql(Le.sqr(Y),e))throw new Error("Cannot find square root");return Y}var Le=(0,ye.Field)(st.p,{sqrt:Ei});se.secp256k1=(0,mi.createCurve)({...st,Fp:Le,lowS:!0,endo:pi},Kt.sha256);var ro={};function Dt(e,...t){let r=ro[e];if(r===void 0){let n=(0,Kt.sha256)((0,pe.utf8ToBytes)(e));r=(0,pe.concatBytes)(n,n),ro[e]=r}return(0,Kt.sha256)((0,pe.concatBytes)(r,...t))}var Bn=e=>e.toBytes(!0).slice(1),it=se.secp256k1.Point,_n=e=>e%xn===xi;function En(e){let{Fn:t,BASE:r}=it,n=(0,co._normFnElement)(t,e),o=r.multiply(n);return{scalar:_n(o.y)?n:t.neg(n),bytes:Bn(o)}}function ao(e){let t=Le;if(!t.isValidNot0(e))throw new Error("invalid x: Fail if x \u2265 p");let r=t.create(e*e),n=t.create(r*e+BigInt(7)),o=t.sqrt(n);_n(o)||(o=t.neg(o));let s=it.fromAffine({x:e,y:o});return s.assertValidity(),s}var wt=pe.bytesToNumberBE;function fo(...e){return it.Fn.create(wt(Dt("BIP0340/challenge",...e)))}function oo(e){return En(e).bytes}function Bi(e,t,r=(0,so.randomBytes)(32)){let{Fn:n}=it,o=(0,pe.ensureBytes)("message",e),{bytes:s,scalar:i}=En(t),c=(0,pe.ensureBytes)("auxRand",r,32),a=n.toBytes(i^wt(Dt("BIP0340/aux",c))),l=Dt("BIP0340/nonce",a,s,o),{bytes:d,scalar:h}=En(l),f=fo(d,s,o),u=new Uint8Array(64);if(u.set(d,0),u.set(n.toBytes(n.create(h+f*i)),32),!uo(u,o,s))throw new Error("sign: Invalid signature produced");return u}function uo(e,t,r){let{Fn:n,BASE:o}=it,s=(0,pe.ensureBytes)("signature",e,64),i=(0,pe.ensureBytes)("message",t),c=(0,pe.ensureBytes)("publicKey",r,32);try{let a=ao(wt(c)),l=wt(s.subarray(0,32));if(!(0,pe.inRange)(l,no,st.p))return!1;let d=wt(s.subarray(32,64));if(!(0,pe.inRange)(d,no,st.n))return!1;let h=fo(n.toBytes(l),Bn(a),i),f=o.multiplyUnsafe(d).add(a.multiplyUnsafe(n.neg(h))),{x:u,y:b}=f.toAffine();return!(f.is0()||!_n(b)||u!==l)}catch{return!1}}se.schnorr=(()=>{let r=(o=(0,so.randomBytes)(48))=>(0,ye.mapHashToField)(o,st.n);se.secp256k1.utils.randomSecretKey;function n(o){let s=r(o);return{secretKey:s,publicKey:oo(s)}}return{keygen:n,getPublicKey:oo,sign:Bi,verify:uo,Point:it,utils:{randomSecretKey:r,randomPrivateKey:r,taggedHash:Dt,lift_x:ao,pointToBytes:Bn,numberToBytesBE:pe.numberToBytesBE,bytesToNumberBE:pe.bytesToNumberBE,mod:ye.mod},lengths:{secretKey:32,publicKey:32,publicKeyHasPrefix:!1,signature:32*2,seed:48}}})();var _i=(0,io.isogenyMap)(Le,[["0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa8c7","0x7d3d4c80bc321d5b9f315cea7fd44c5d595d2fc0bf63b92dfff1044f17c6581","0x534c328d23f234e6e2a413deca25caece4506144037c40314ecbd0b53d9dd262","0x8e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38e38daaaaa88c"],["0xd35771193d94918a9ca34ccbb7b640dd86cd409542f8487d9fe6b745781eb49b","0xedadc6f64383dc1df7c4b2d51b54225406d36b641f5e41bbc52a56612a8c6d14","0x0000000000000000000000000000000000000000000000000000000000000001"],["0x4bda12f684bda12f684bda12f684bda12f684bda12f684bda12f684b8e38e23c","0xc75e0c32d5cb7c0fa9d0a54b12a0a6d5647ab046d686da6fdffc90fc201d71a3","0x29a6194691f91a73715209ef6512e576722830a201be2018a765e85a9ecee931","0x2f684bda12f684bda12f684bda12f684bda12f684bda12f684bda12f38e38d84"],["0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffff93b","0x7a06534bb8bdb49fd5e9e6632722c2989467c1bfc8e8d978dfb425d2685c2573","0x6484aa716545ca2cf3a70c3fa8fe337e0a3d21162f0d6299a7bf8192bfd2a76f","0x0000000000000000000000000000000000000000000000000000000000000001"]].map(e=>e.map(t=>BigInt(t)))),vi=(0,co.mapToCurveSimpleSWU)(Le,{A:BigInt("0x3f8731abdd661adca08a5558f0f5d272e953d363cb6f0e5d405447c01a444533"),B:BigInt("1771"),Z:Le.create(BigInt("-11"))});se.secp256k1_hasher=(0,io.createHasher)(se.secp256k1.Point,e=>{let{x:t,y:r}=vi(Le.create(e[0]));return _i(t,r)},{DST:"secp256k1_XMD:SHA-256_SSWU_RO_",encodeDST:"secp256k1_XMD:SHA-256_SSWU_NU_",p:Le.ORDER,m:1,k:128,expand:"xmd",hash:Kt.sha256});se.hashToCurve=se.secp256k1_hasher.hashToCurve;se.encodeToCurve=se.secp256k1_hasher.encodeToCurve});var ho=le(B=>{"use strict";Object.defineProperty(B,"__esModule",{value:!0});B.isHash=B.validateObject=B.memoized=B.notImplemented=B.createHmacDrbg=B.bitMask=B.bitSet=B.bitGet=B.bitLen=B.aInRange=B.inRange=B.asciiToBytes=B.copyBytes=B.equalBytes=B.ensureBytes=B.numberToVarBytesBE=B.numberToBytesLE=B.numberToBytesBE=B.bytesToNumberLE=B.bytesToNumberBE=B.hexToNumber=B.numberToHexUnpadded=B.abool=B.utf8ToBytes=B.randomBytes=B.isBytes=B.hexToBytes=B.concatBytes=B.bytesToUtf8=B.bytesToHex=B.anumber=B.abytes=void 0;var D=Ye();B.abytes=D.abytes;B.anumber=D.anumber;B.bytesToHex=D.bytesToHex;B.bytesToUtf8=D.bytesToUtf8;B.concatBytes=D.concatBytes;B.hexToBytes=D.hexToBytes;B.isBytes=D.isBytes;B.randomBytes=D.randomBytes;B.utf8ToBytes=D.utf8ToBytes;B.abool=D.abool;B.numberToHexUnpadded=D.numberToHexUnpadded;B.hexToNumber=D.hexToNumber;B.bytesToNumberBE=D.bytesToNumberBE;B.bytesToNumberLE=D.bytesToNumberLE;B.numberToBytesBE=D.numberToBytesBE;B.numberToBytesLE=D.numberToBytesLE;B.numberToVarBytesBE=D.numberToVarBytesBE;B.ensureBytes=D.ensureBytes;B.equalBytes=D.equalBytes;B.copyBytes=D.copyBytes;B.asciiToBytes=D.asciiToBytes;B.inRange=D.inRange;B.aInRange=D.aInRange;B.bitLen=D.bitLen;B.bitGet=D.bitGet;B.bitSet=D.bitSet;B.bitMask=D.bitMask;B.createHmacDrbg=D.createHmacDrbg;B.notImplemented=D.notImplemented;B.memoized=D.memoized;B.validateObject=D.validateObject;B.isHash=D.isHash});var Bo=le(Q=>{"use strict";var ie=lo(),Si=tt(),Ai=ho();function bo(e){var t=Object.create(null);return e&&Object.keys(e).forEach(function(r){if(r!=="default"){var n=Object.getOwnPropertyDescriptor(e,r);Object.defineProperty(t,r,n.get?n:{enumerable:!0,get:function(){return e[r]}})}}),t.default=e,Object.freeze(t)}var wo=bo(Si),Me=bo(Ai),Sn=ie.secp256k1.ProjectivePoint,De="Expected Private",je="Expected Point",xt="Expected Tweak",Hi="Expected Hash",gt="Expected Signature",An="Expected Extra Data (32 bytes)",Et="Expected Scalar",Ii="Bad Recovery Id",Ti=32,Ui=32,vn=new Uint8Array([255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,254,186,174,220,230,175,72,160,59,191,210,94,140,208,54,65,65]),Oi=32,Li=new Uint8Array(32),Ri=new Uint8Array([0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1,69,81,35,25,80,183,95,196,64,45,161,114,47,201,186,238]),qi=BigInt(1);function Ci(e){return e instanceof Uint8Array}function mt(e,t){for(let r=0;r<32;++r)if(e[r]!==t[r])return e[r]<t[r]?-1:1;return 0}function yo(e){return mt(e,Li)===0}function Bt(e){return!(!(e instanceof Uint8Array)||e.length!==Ui||mt(e,vn)>=0)}function Hn(e){return e instanceof Uint8Array&&e.length===64&&mt(e.subarray(0,32),vn)<0&&mt(e.subarray(32,64),vn)<0}function Vi(e){return Ci(e)&&e.length===64&&mt(e.subarray(0,32),Ri)<0}function Ni(e){return!(yo(e.subarray(0,32))||yo(e.subarray(32,64)))}function ct(e){return e instanceof Uint8Array&&e.length===Ti}function In(e){return e===void 0||e instanceof Uint8Array&&e.length===Oi}function Tn(e){let t;if(typeof e=="bigint")t=e;else if(typeof e=="number"&&Number.isSafeInteger(e)&&e>=0)t=BigInt(e);else if(typeof e=="string"){if(e.length!==64)throw new Error("Expected 32 bytes of private scalar");t=Me.hexToNumber(e)}else if(e instanceof Uint8Array){if(e.length!==32)throw new Error("Expected 32 bytes of private scalar");t=Me.bytesToNumberBE(e)}else throw new TypeError("Expected valid private scalar");if(t<0)throw new Error("Expected private scalar >= 0");return t}function Un(e){return ie.secp256k1.utils.normPrivateKeyToScalar(e)}function ki(e,t){let r=Un(e),n=Tn(t),o=Me.numberToBytesBE(wo.mod(r+n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Pi(e,t){let r=Un(e),n=Tn(t),o=Me.numberToBytesBE(wo.mod(r-n,ie.secp256k1.CURVE.n),32);return ie.secp256k1.utils.isValidPrivateKey(o)?o:null}function Mi(e){let t=Un(e),r=Me.numberToBytesBE(ie.secp256k1.CURVE.n-t,32);return ie.secp256k1.utils.isValidPrivateKey(r)?r:null}function go(e,t,r){let n=pt(e),o=Tn(t),s=Sn.BASE.multiplyAndAddUnsafe(n,o,qi);if(!s)throw new Error("Tweaked point at infinity");return s.toRawBytes(r)}function Ki(e,t,r){let n=pt(e),o=typeof t=="string"?t:Me.bytesToHex(t),s=Me.hexToNumber(o);return n.multiply(s).toRawBytes(r)}function at(e,t){return e===void 0?t!==void 0?po(t):!0:!!e}function Qe(e){try{return e()}catch{return null}}function mo(e){return ie.schnorr.utils.lift_x(Me.bytesToNumberBE(e))}function pt(e){return e.length===32?mo(e):Sn.fromHex(e)}function On(e,t){if(e.length===32!==t)return!1;try{return t?!!mo(e):!!Sn.fromHex(e)}catch{return!1}}function Ke(e){return On(e,!1)}function po(e){return On(e,!1)&&e.length===33}function Re(e){return ie.secp256k1.utils.isValidPrivateKey(e)}function jt(e){return On(e,!0)}function Di(e,t){if(!jt(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>{let r=go(e,t,!0);return{parity:r[0]%2===1?1:0,xOnlyPubkey:r.slice(1)}})}function xo(e){if(!Ke(e))throw new Error(je);return e.slice(1,33)}function Eo(e,t){if(!Re(e))throw new Error(De);return Qe(()=>ie.secp256k1.getPublicKey(e,at(t)))}function ji(e){if(!Re(e))throw new Error(De);return xo(Eo(e))}function Zi(e,t){if(!Ke(e))throw new Error(je);return pt(e).toRawBytes(at(t,e))}function zi(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>Ki(e,t,at(r,e)))}function Gi(e,t,r){if(!Ke(e)||!Ke(t))throw new Error(je);return Qe(()=>{let n=pt(e),o=pt(t);return n.equals(o.negate())?null:n.add(o).toRawBytes(at(r,e))})}function Wi(e,t,r){if(!Ke(e))throw new Error(je);if(!Bt(t))throw new Error(xt);return Qe(()=>go(e,t,at(r,e)))}function Xi(e,t){if(!Re(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>ki(e,t))}function Yi(e,t){if(!Re(e))throw new Error(De);if(!Bt(t))throw new Error(xt);return Qe(()=>Pi(e,t))}function $i(e){if(!Re(e))throw new Error(De);return Mi(e)}function Fi(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);return ie.secp256k1.sign(e,t,{extraEntropy:r}).toCompactRawBytes()}function Qi(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);let n=ie.secp256k1.sign(e,t,{extraEntropy:r});return{signature:n.toCompactRawBytes(),recoveryId:n.recovery}}function Ji(e,t,r){if(!Re(t))throw new Error(De);if(!ct(e))throw new Error(Et);if(!In(r))throw new Error(An);return ie.schnorr.sign(e,t,r)}function ec(e,t,r,n){if(!ct(e))throw new Error(Hi);if(!Hn(t)||!Ni(t))throw new Error(gt);if(r&2&&!Vi(t))throw new Error(Ii);if(!jt(t.subarray(0,32)))throw new Error(gt);let s=ie.secp256k1.Signature.fromCompact(t).addRecoveryBit(r).recoverPublicKey(e);if(!s)throw new Error(gt);return s.toRawBytes(at(n))}function tc(e,t,r,n){if(!Ke(t))throw new Error(je);if(!Hn(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.secp256k1.verify(r,e,t,{lowS:n})}function nc(e,t,r){if(!jt(t))throw new Error(je);if(!Hn(r))throw new Error(gt);if(!ct(e))throw new Error(Et);return ie.schnorr.verify(r,e,t)}Q.isPoint=Ke;Q.isPointCompressed=po;Q.isPrivate=Re;Q.isXOnlyPoint=jt;Q.pointAdd=Gi;Q.pointAddScalar=Wi;Q.pointCompress=Zi;Q.pointFromScalar=Eo;Q.pointMultiply=zi;Q.privateAdd=Xi;Q.privateNegate=$i;Q.privateSub=Yi;Q.recover=ec;Q.sign=Fi;Q.signRecoverable=Qi;Q.signSchnorr=Ji;Q.verify=tc;Q.verifySchnorr=nc;Q.xOnlyPointAddTweak=Di;Q.xOnlyPointFromPoint=xo;Q.xOnlyPointFromScalar=ji});var cc={};ko(cc,{base58Decode:()=>Vn,buildDepinMessage:()=>Uo,bytesToHex:()=>ve,decryptDepinReceiveEncryptedPayload:()=>Nn,doubleSha256:()=>Gt,hash160:()=>Wt,hexToBytes:()=>_e,isWIF:()=>vt,sha256:()=>Ze,unwrapMessageFromServer:()=>Lo,wifToHex:()=>_t,wrapMessageForServer:()=>Oo});var ze=Po(Bo());function Cn(e){if(e<0)throw new Error("CompactSize cannot be negative");if(e<253)return new Uint8Array([e]);if(e<=65535){let t=new Uint8Array(3);return t[0]=253,t[1]=e&255,t[2]=e>>8&255,t}else if(e<=4294967295){let t=new Uint8Array(5);return t[0]=254,t[1]=e&255,t[2]=e>>8&255,t[3]=e>>16&255,t[4]=e>>24&255,t}else{let t=new Uint8Array(9);t[0]=255;let r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[1]=r&255,t[2]=r>>8&255,t[3]=r>>16&255,t[4]=r>>24&255,t[5]=n&255,t[6]=n>>8&255,t[7]=n>>16&255,t[8]=n>>24&255,t}}function Zt(e){let r=new TextEncoder().encode(e);return xe(Cn(r.length),r)}function ft(e){return xe(Cn(e.length),e)}function _o(e){let t=new Uint8Array(8),r=e>>>0,n=Math.floor(e/4294967296)>>>0;return t[0]=r&255,t[1]=r>>8&255,t[2]=r>>16&255,t[3]=r>>24&255,t[4]=n&255,t[5]=n>>8&255,t[6]=n>>16&255,t[7]=n>>24&255,t}function xe(...e){let t=e.reduce((o,s)=>o+s.length,0),r=new Uint8Array(t),n=0;for(let o of e)r.set(o,n),n+=o.length;return r}function _e(e){if(e.length%2!==0)throw new Error("Hex must have even length");let t=new Uint8Array(e.length/2);for(let r=0;r<e.length;r+=2)t[r/2]=parseInt(e.substr(r,2),16);return t}function ve(e){return Array.from(e).map(t=>t.toString(16).padStart(2,"0")).join("")}function zt(e){if(typeof e!="string")return null;let t=e.trim().toLowerCase(),r=t.startsWith("0x")?t.slice(2):t;return r.length===0||!/^[0-9a-f]+$/.test(r)||r.length%2!==0?null:r}function Ho(e,t){if(t>=e.length)throw new Error("CompactSize: out of bounds");let r=e[t];if(r<253)return{value:r,offset:t+1};if(r===253){if(t+3>e.length)throw new Error("CompactSize: truncated uint16");return{value:e[t+1]|e[t+2]<<8,offset:t+3}}if(r===254){if(t+5>e.length)throw new Error("CompactSize: truncated uint32");return{value:(e[t+1]|e[t+2]<<8|e[t+3]<<16|e[t+4]<<24)>>>0,offset:t+5}}if(t+9>e.length)throw new Error("CompactSize: truncated uint64");let n=0n;for(let o=0;o<8;o++)n|=BigInt(e[t+1+o])<<8n*BigInt(o);if(n>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("CompactSize: value too large");return{value:Number(n),offset:t+9}}function Ln(e,t){let{value:r,offset:n}=Ho(e,t);if(n+r>e.length)throw new Error("Vector: truncated");return{data:e.slice(n,n+r),offset:n+r}}function rc(e){if(!(e instanceof Uint8Array))throw new Error("deserializeEciesMessage: invalid input");let t=0,r=Ln(e,t),n=r.data;if(t=r.offset,n.length!==33&&n.length!==65)throw new Error("Invalid ephemeral pubkey length: "+n.length);let o=Ln(e,t),s=o.data;t=o.offset;let i=Ho(e,t),c=i.value;t=i.offset;let a=new Map;for(let l=0;l<c;l++){if(t+20>e.length)throw new Error("recipientKeys: truncated keyid");let d=e.slice(t,t+20);t+=20;let h=Ln(e,t);t=h.offset,a.set(ve(d),h.data)}return{ephemeralPubKey:n,encryptedPayload:s,recipientKeys:a}}function vo(e){if(e.length!==64)throw new Error("Raw signature must be 64 bytes");let t=e.slice(0,32),r=e.slice(32,64);function n(c){let a=0;for(;a<c.length-1&&c[a]===0&&!(c[a+1]&128);)a++;let l=c.slice(a),h=(l[0]&128)!==0?xe(new Uint8Array([0]),l):l;return xe(new Uint8Array([2,h.length]),h)}let o=n(t),s=n(r),i=o.length+s.length;return xe(new Uint8Array([48,i]),o,s)}var oc="123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";function Vn(e){let t=[];for(let r=0;r<e.length;r++){let n=oc.indexOf(e[r]);if(n===-1)throw new Error("Invalid Base58 character: "+e[r]);let o=n;for(let s=0;s<t.length;s++)o+=t[s]*58,t[s]=o&255,o>>=8;for(;o>0;)t.push(o&255),o>>=8}for(let r=0;r<e.length&&e[r]==="1";r++)t.push(0);return new Uint8Array(t.reverse())}async function _t(e){let t=Vn(e);if(t.length<37)throw new Error("Invalid WIF: too short");let r=t.slice(0,-4),n=t.slice(-4),o=await Gt(r);for(let i=0;i<4;i++)if(n[i]!==o[i])throw new Error("Invalid WIF: checksum mismatch");let s;if(r.length===34)s=r.slice(1,33);else if(r.length===33)s=r.slice(1,33);else throw new Error("Invalid WIF: unexpected length "+r.length);return ve(s)}function vt(e){return/^[5KLcT][1-9A-HJ-NP-Za-km-z]{50,51}$/.test(e)}async function Ze(e){let t=await crypto.subtle.digest("SHA-256",e);return new Uint8Array(t)}async function Gt(e){let t=await Ze(e);return Ze(t)}function sc(e){let t=1732584193,r=4023233417,n=2562383102,o=271733878,s=3285377520,i=[0,1518500249,1859775393,2400959708,2840853838],c=[1352829926,1548603684,1836072691,2053994217,0],a=[0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,7,4,13,1,10,6,15,3,12,0,9,5,2,14,11,8,3,10,14,4,9,15,8,1,2,7,0,6,13,11,5,12,1,9,11,10,0,8,12,4,13,3,7,15,14,5,6,2,4,0,5,9,7,12,2,10,14,1,3,8,11,6,15,13],l=[5,14,7,0,9,2,11,4,13,6,15,8,1,10,3,12,6,11,3,7,0,13,5,10,14,15,8,12,4,9,1,2,15,5,1,3,7,14,6,9,11,8,12,2,10,0,4,13,8,6,4,1,3,11,15,0,5,12,2,13,9,7,10,14,12,15,10,4,1,5,8,7,6,2,13,14,0,3,9,11],d=[11,14,15,12,5,8,7,9,11,13,14,15,6,7,9,8,7,6,8,13,11,9,7,15,7,12,15,9,11,7,13,12,11,13,6,7,14,9,13,15,14,8,13,6,5,12,7,5,11,12,14,15,14,15,9,8,9,14,5,6,8,6,5,12,9,15,5,11,6,8,13,12,5,12,13,14,11,8,5,6],h=[8,9,9,11,13,15,15,5,7,7,8,11,14,14,12,6,9,13,15,7,12,8,9,11,7,7,12,7,6,15,13,11,9,7,15,11,8,6,6,14,12,13,5,14,13,13,7,5,15,5,8,11,14,14,6,14,6,9,12,9,12,5,15,8,8,5,12,9,12,5,14,6,8,13,6,5,15,13,11,11];function f(N,M){return(N<<M|N>>>32-M)>>>0}let u=e.length*8,b=(64-(e.length+9)%64)%64,m=new Uint8Array(e.length+1+b+8);m.set(e),m[e.length]=128,new DataView(m.buffer).setUint32(m.length-8,u,!0);let T=m.length/64;for(let N=0;N<T;N++){let M=new Uint32Array(16);for(let E=0;E<16;E++){let S=N*64+E*4;M[E]=m[S]|m[S+1]<<8|m[S+2]<<16|m[S+3]<<24}let Y=t,Z=r,j=n,H=o,be=s,ue=t,C=r,g=n,w=o,y=s;for(let E=0;E<80;E++){let S=Math.floor(E/16),I,v;S===0?(I=Z^j^H,v=C^(g|~w)):S===1?(I=Z&j|~Z&H,v=C&w|g&~w):S===2?(I=(Z|~j)^H,v=(C|~g)^w):S===3?(I=Z&H|j&~H,v=C&g|~C&w):(I=Z^(j|~H),v=C^g^w);let R=f(Y+I+M[a[E]]+i[S]>>>0,d[E])+be>>>0;Y=be,be=H,H=f(j,10),j=Z,Z=R;let k=f(ue+v+M[l[E]]+c[S]>>>0,h[E])+y>>>0;ue=y,y=w,w=f(g,10),g=C,C=k}let p=r+j+w>>>0;r=n+H+y>>>0,n=o+be+ue>>>0,o=s+Y+C>>>0,s=t+Z+g>>>0,t=p}let q=new Uint8Array(20),x=new DataView(q.buffer);return x.setUint32(0,t,!0),x.setUint32(4,r,!0),x.setUint32(8,n,!0),x.setUint32(12,o,!0),x.setUint32(16,s,!0),q}async function Wt(e){let t=await Ze(e);return sc(t)}async function qn(e,t){let r=new Uint8Array(t),n=0,o=1;for(;n<t;){let s=new Uint8Array(4);s[0]=o>>24&255,s[1]=o>>16&255,s[2]=o>>8&255,s[3]=o&255;let i=xe(e,s),c=await Ze(i),a=t-n,l=Math.min(a,32);r.set(c.slice(0,l),n),n+=l,o++}return r}function Rn(e){let t=new Uint8Array(e);return crypto.getRandomValues(t),t}async function So(e,t,r){if(t.length!==32)throw new Error("Key must be 32 bytes");if(r.length!==12)throw new Error("Nonce must be 12 bytes");let n=await crypto.subtle.importKey("raw",t,{name:"AES-GCM"},!1,["encrypt"]),o=await crypto.subtle.encrypt({name:"AES-GCM",iv:r,tagLength:128},n,e),s=new Uint8Array(o),i=s.slice(0,-16),c=s.slice(-16);return{ciphertext:i,tag:c}}async function Ao(e,t,r,n){if(t.length!==32)throw new Error("Key must be 32 bytes");if(r.length!==12)throw new Error("Nonce must be 12 bytes");if(n.length!==16)throw new Error("Tag must be 16 bytes");let o=await crypto.subtle.importKey("raw",t,{name:"AES-GCM"},!1,["decrypt"]),s=xe(e,n),i=await crypto.subtle.decrypt({name:"AES-GCM",iv:r,tagLength:128},o,s);return new Uint8Array(i)}async function ic(e){if(typeof e!="string"||e.length===0)throw new Error("Private key is required");if(vt(e)){let r=await _t(e);return _e(r)}let t=zt(e);if(!t)throw new Error("Private key must be WIF or 64-hex");if(t.length!==64)throw new Error("Private key must be 32 bytes (64 hex chars)");return _e(t)}async function Nn(e,t){if(!globalThis.crypto?.subtle)throw new Error("WebCrypto (crypto.subtle) is required for decrypt");let r=zt(e);if(!r)throw new Error("Invalid encryptedPayloadHex");let n=_e(r),o=rc(n),s=await ic(t),i=ze.pointFromScalar(s,!0);if(!(i instanceof Uint8Array)||i.length!==33)throw new Error("Failed to derive recipient public key");let c=await Wt(i),a=ve(c),l=ve(c.slice().reverse()),d=o.recipientKeys.get(a)??o.recipientKeys.get(l);if(!d||d.length<60)return null;let h=d.slice(0,12),f=d.slice(12,d.length-16),u=d.slice(d.length-16),b=ze.pointMultiply(o.ephemeralPubKey,s,!0),m=await Ze(b),_=await qn(m,32),T;try{T=await Ao(f,_,h,u)}catch{return null}if(T.length!==32)return null;let q=o.encryptedPayload;if(q.length<29)return null;let x=q.slice(0,12),N=q.slice(12,q.length-16),M=q.slice(q.length-16),Y;try{Y=await Ao(N,T,x,M)}catch{return null}return new TextDecoder().decode(Y)}async function Io(e,t){let r=Rn(32),n=ze.pointFromScalar(r,!0);if(!(n instanceof Uint8Array)||n.length!==33)throw new Error("Failed to generate ephemeral public key");let o=await qn(r,32),s=Rn(12),{ciphertext:i,tag:c}=await So(e,o,s),a=xe(s,i,c),l=new Map;for(let d of t){if(!(d instanceof Uint8Array)||d.length!==33)throw new Error("Recipient pubkey must be 33 bytes compressed");let h=ze.pointMultiply(d,r,!0),f=await Ze(h),u=await qn(f,32),b=Rn(12),{ciphertext:m,tag:_}=await So(o,u,b),T=xe(b,m,_),q=await Wt(d),x=ve(q);l.set(x,T)}return{ephemeralPubKey:n,encryptedPayload:a,recipientKeys:l}}function To(e){let t=[];t.push(ft(e.ephemeralPubKey)),t.push(ft(e.encryptedPayload));let r=Array.from(e.recipientKeys.entries()).map(([n,o])=>{let s=_e(n);if(s.length!==20)throw new Error("recipient key hash160 must be 20 bytes");return{keyBytes:s,recipientPackage:o}});r.sort((n,o)=>{for(let s=0;s<20;s++)if(n.keyBytes[s]!==o.keyBytes[s])return n.keyBytes[s]-o.keyBytes[s];return 0}),t.push(Cn(r.length));for(let{keyBytes:n,recipientPackage:o}of r)t.push(n),t.push(ft(o));return xe(...t)}async function Uo(e){if(!e.token)throw new Error("Token is required");if(!e.senderAddress)throw new Error("Sender address is required");if(!e.senderPubKey||e.senderPubKey.length!==66)throw new Error("Sender public key must be 66 hex characters");let t=e.privateKey;if(!t)throw new Error("Private key is required");if(vt(t)&&(console.log("Detected WIF format, converting to hex..."),t=await _t(t),console.log("Private key converted successfully")),t.length!==64)throw new Error("Private key must be 64 hex characters (or WIF format)");if(!e.message)throw new Error("Message is required");if(!e.recipientPubKeys||e.recipientPubKeys.length===0)throw new Error("At least one recipient is required");if(!e.timestamp||e.timestamp<=0)throw new Error("Timestamp must be positive");let r=_e(t),n=_e(e.senderPubKey),o=e.recipientPubKeys.map(_=>{if(_.length!==66)throw new Error("Recipient pubkey must be 66 hex chars");return _e(_)}),s=e.senderPubKey.toLowerCase();e.recipientPubKeys.some(_=>_.toLowerCase()===s)||o.push(n);let c=new TextEncoder().encode(e.message),a=await Io(c,o),l=To(a),d=xe(Zt(e.token),Zt(e.senderAddress),_o(e.timestamp),ft(l)),h=await Gt(d),f=ve(h.slice().reverse()),u=ze.sign(h,r),b;if(u instanceof Uint8Array)u.length===64?b=vo(u):b=u;else if(typeof u=="object"&&u.toDER)b=u.toDER();else if(typeof u=="object"&&u.signature)u.signature.length===64?b=vo(u.signature):b=u.signature;else throw new Error("Unknown signature format from secp256k1.sign()");let m=xe(Zt(e.token),Zt(e.senderAddress),_o(e.timestamp),ft(b),ft(l));return{hex:ve(m),messageHash:f,messageHashBytes:ve(h),encryptedSize:l.length,recipientCount:o.length}}async function Oo(e,t,r){if(!e||!t||!r)throw new Error("messageHex, serverPubKeyHex, and senderAddress are required");let n=zt(e),o=zt(t);if(!n)throw new Error("Invalid messageHex");if(!o)throw new Error("Invalid serverPubKeyHex");let s=_e(n),i=_e(o);if(i.length!==33)throw new Error("Server public key must be 33 bytes compressed");let c=await Io(s,[i]),a=To(c);return{sender:r,encrypted:ve(a)}}async function Lo(e,t){if(!e||!t)throw new Error("encryptedHex and recipientPrivateKey are required");let r=t;return vt(r)&&(r=await _t(r)),await Nn(e,r)}typeof globalThis<"u"&&(globalThis.neuraiDepinMsg={buildDepinMessage:Uo,wrapMessageForServer:Oo,unwrapMessageFromServer:Lo,decryptDepinReceiveEncryptedPayload:Nn,wifToHex:_t,isWIF:vt,utils:{hexToBytes:_e,bytesToHex:ve,sha256:Ze,doubleSha256:Gt,hash160:Wt,base58Decode:Vn}});return Mo(cc);})();
 /*! Bundled license information:
 @noble/hashes/utils.js:

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@neuraiproject/neurai-depin-msg",
-  "version": "1.0.1",
+  "version": "2.1.0",
   "description": "Build and serialize DePIN encrypted messages for Neurai blockchain",
   "main": "dist/neurai-depin-msg.min.js",
   "browser": "dist/neurai-depin-msg.min.js",
@@ -36,4 +36,4 @@
   "publishConfig": {
     "access": "public"
   }
-}
+}

package/src/index.js CHANGED Viewed

@@ -428,6 +428,64 @@ async function aes256CbcDecrypt(ciphertext, key, iv) {
   return new Uint8Array(plaintext);
 }
+/**
+ * AES-256-GCM encryption
+ * @param {Uint8Array} plaintext
+ * @param {Uint8Array} key - 32 bytes
+ * @param {Uint8Array} nonce - 12 bytes
+ * @returns {Promise<{ciphertext: Uint8Array, tag: Uint8Array}>}
+ */
+async function aes256GcmEncrypt(plaintext, key, nonce) {
+  if (key.length !== 32) throw new Error('Key must be 32 bytes');
+  if (nonce.length !== 12) throw new Error('Nonce must be 12 bytes');
+  const cryptoKey = await crypto.subtle.importKey(
+    'raw', key, { name: 'AES-GCM' }, false, ['encrypt']
+  );
+  const encrypted = await crypto.subtle.encrypt(
+    { name: 'AES-GCM', iv: nonce, tagLength: 128 },
+    cryptoKey,
+    plaintext
+  );
+  const encryptedArray = new Uint8Array(encrypted);
+  // WebCrypto appends the 16-byte auth tag at the end
+  const ciphertext = encryptedArray.slice(0, -16);
+  const tag = encryptedArray.slice(-16);
+  return { ciphertext, tag };
+}
+/**
+ * AES-256-GCM decryption
+ * @param {Uint8Array} ciphertext
+ * @param {Uint8Array} key - 32 bytes
+ * @param {Uint8Array} nonce - 12 bytes
+ * @param {Uint8Array} tag - 16 bytes
+ * @returns {Promise<Uint8Array>}
+ */
+async function aes256GcmDecrypt(ciphertext, key, nonce, tag) {
+  if (key.length !== 32) throw new Error('Key must be 32 bytes');
+  if (nonce.length !== 12) throw new Error('Nonce must be 12 bytes');
+  if (tag.length !== 16) throw new Error('Tag must be 16 bytes');
+  const cryptoKey = await crypto.subtle.importKey(
+    'raw', key, { name: 'AES-GCM' }, false, ['decrypt']
+  );
+  // Concatenate ciphertext and tag for WebCrypto
+  const combined = concatBytes(ciphertext, tag);
+  const decrypted = await crypto.subtle.decrypt(
+    { name: 'AES-GCM', iv: nonce, tagLength: 128 },
+    cryptoKey,
+    combined
+  );
+  return new Uint8Array(decrypted);
+}
 async function hmacSha256(key, data) {
   const cryptoKey = await crypto.subtle.importKey(
     'raw',
@@ -485,43 +543,40 @@ async function decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipien
   const recipientPackage = msg.recipientKeys.get(keyIdHex) ?? msg.recipientKeys.get(keyIdHexReversed);
   if (!recipientPackage) return null;
-  if (recipientPackage.length < 16 + 32 + 32) return null;
+  // GCM format: Nonce(12) + encrypted_key(32) + Tag(16) = 60 bytes minimum
+  if (recipientPackage.length < 12 + 32 + 16) return null;
-  const recipientIV = recipientPackage.slice(0, 16);
-  const encryptedAESKey = recipientPackage.slice(16, recipientPackage.length - 32);
-  const recipientHmac = recipientPackage.slice(recipientPackage.length - 32);
+  const recipientNonce = recipientPackage.slice(0, 12);
+  const encryptedAESKey = recipientPackage.slice(12, recipientPackage.length - 16);
+  const recipientTag = recipientPackage.slice(recipientPackage.length - 16);
   // ECDH secret must match Core's ecdh module: SHA256(compressed(shared_point))
   const sharedPointCompressed = secp256k1.pointMultiply(msg.ephemeralPubKey, recipientPrivKeyBytes, true);
   const sharedSecret = await sha256(sharedPointCompressed);
   const encKey = await kdfSha256(sharedSecret, 32);
-  const expectedRecipientHmac = await hmacSha256(encKey, encryptedAESKey);
-  if (!timingSafeEqual(expectedRecipientHmac, recipientHmac)) return null;
-  let aesKeyRaw;
+  // Decrypt AES key with GCM (tag verified automatically)
+  let aesKey;
   try {
-    aesKeyRaw = await aes256CbcDecrypt(encryptedAESKey, encKey, recipientIV);
+    aesKey = await aes256GcmDecrypt(encryptedAESKey, encKey, recipientNonce, recipientTag);
   } catch {
-    return null;
+    return null; // Authentication failed
   }
-  if (aesKeyRaw.length < 32) return null;
-  const aesKey = aesKeyRaw.slice(0, 32);
+  if (aesKey.length !== 32) return null;
   const payload = msg.encryptedPayload;
-  if (payload.length < 16 + 1 + 32) return null;
-  const iv = payload.slice(0, 16);
-  const ciphertext = payload.slice(16, payload.length - 32);
-  const payloadHmac = payload.slice(payload.length - 32);
-  const expectedPayloadHmac = await hmacSha256(aesKey, ciphertext);
-  if (!timingSafeEqual(expectedPayloadHmac, payloadHmac)) return null;
+  // GCM format: Nonce(12) + ciphertext + Tag(16) = 28 bytes minimum
+  if (payload.length < 12 + 1 + 16) return null;
+  const payloadNonce = payload.slice(0, 12);
+  const ciphertext = payload.slice(12, payload.length - 16);
+  const payloadTag = payload.slice(payload.length - 16);
+  // Decrypt payload with GCM (tag verified automatically)
   let plaintextBytes;
   try {
-    plaintextBytes = await aes256CbcDecrypt(ciphertext, aesKey, iv);
+    plaintextBytes = await aes256GcmDecrypt(ciphertext, aesKey, payloadNonce, payloadTag);
   } catch {
-    return null;
+    return null; // Authentication failed
   }
   const decoder = new TextDecoder();
@@ -533,11 +588,11 @@ async function decryptDepinReceiveEncryptedPayload(encryptedPayloadHex, recipien
 // ============================================
 async function eciesEncrypt(plaintext, recipientPubKeys) {
-  // Neurai Core-compatible hybrid ECIES (see src/depinecies.cpp)
+  // Neurai Core-compatible hybrid ECIES with AES-256-GCM (see src/depinecies.cpp)
   // - Ephemeral keypair per message
   // - AES key derived from ephemeral privkey via KDF_SHA256
-  // - Payload: [IV(16) || ciphertext || HMAC_SHA256(aesKey, ciphertext)]
-  // - Per-recipient package: [recipientIV(16) || AES256_CBC(encKey, aesKey) || HMAC_SHA256(encKey, encryptedAESKey)]
+  // - Payload: [Nonce(12) || ciphertext || Tag(16)]
+  // - Per-recipient package: [Nonce(12) || AES256_GCM(encKey, aesKey) || Tag(16)]
   // - encKey derived from ECDH secret (secp256k1_ecdh default), then KDF_SHA256
   // Generate ephemeral key pair
@@ -550,13 +605,12 @@ async function eciesEncrypt(plaintext, recipientPubKeys) {
   // Derive AES key from ephemeral private key (matches KDF_SHA256 in C++)
   const aesKey = await kdfSha256(ephemeralPrivKey, 32);
-  // Encrypt message with AES-256-CBC (PKCS7 padding)
-  const iv = randomBytes(16);
-  const ciphertext = await aes256CbcEncrypt(plaintext, aesKey, iv);
+  // Encrypt message with AES-256-GCM (no padding needed)
+  const nonce = randomBytes(12);
+  const { ciphertext, tag } = await aes256GcmEncrypt(plaintext, aesKey, nonce);
-  // HMAC over ciphertext only (matches C++)
-  const payloadHmac = await hmacSha256(aesKey, ciphertext);
-  const payload = concatBytes(iv, ciphertext, payloadHmac);
+  // Payload format: [Nonce(12) || ciphertext || Tag(16)]
+  const payload = concatBytes(nonce, ciphertext, tag);
   // For each recipient, encrypt the AES key
   const recipientKeys = new Map();
@@ -574,14 +628,12 @@ async function eciesEncrypt(plaintext, recipientPubKeys) {
     // Derive per-recipient encryption key
     const encKey = await kdfSha256(sharedSecret, 32);
-    // Encrypt the AES key using AES-256-CBC with random per-recipient IV
-    const recipientIV = randomBytes(16);
-    const encryptedAESKey = await aes256CbcEncrypt(aesKey, encKey, recipientIV);
+    // Encrypt the AES key using AES-256-GCM with random per-recipient nonce
+    const recipientNonce = randomBytes(12);
+    const { ciphertext: encryptedAESKey, tag: recipientTag } = await aes256GcmEncrypt(aesKey, encKey, recipientNonce);
-    // HMAC over encrypted AES key
-    const recipientHmac = await hmacSha256(encKey, encryptedAESKey);
-    const recipientPackage = concatBytes(recipientIV, encryptedAESKey, recipientHmac);
+    // Recipient package format: [Nonce(12) || encrypted_aes_key(32) || Tag(16)]
+    const recipientPackage = concatBytes(recipientNonce, encryptedAESKey, recipientTag);
     // Map key is address hash160 (CKeyID): Hash160(serialized pubkey)
     const keyHash = await hash160(recipientPubKey);
@@ -750,9 +802,62 @@ async function buildDepinMessage(params) {
   };
 }
+/**
+ * wrapMessageForServer
+ * Encrypts a serialized CDepinMessage hex for the server's public key.
+ */
+async function wrapMessageForServer(messageHex, serverPubKeyHex, senderAddress) {
+  if (!messageHex || !serverPubKeyHex || !senderAddress) {
+    throw new Error('messageHex, serverPubKeyHex, and senderAddress are required');
+  }
+  const normalizedMsg = normalizeHex(messageHex);
+  const normalizedServerPk = normalizeHex(serverPubKeyHex);
+  if (!normalizedMsg) throw new Error('Invalid messageHex');
+  if (!normalizedServerPk) throw new Error('Invalid serverPubKeyHex');
+  const messageBytes = hexToBytes(normalizedMsg);
+  const serverPubKey = hexToBytes(normalizedServerPk);
+  if (serverPubKey.length !== 33) {
+    throw new Error('Server public key must be 33 bytes compressed');
+  }
+  // ECIES encrypt specifically for the server's pool key
+  const eciesMsg = await eciesEncrypt(messageBytes, [serverPubKey]);
+  const serializedECIES = serializeEciesMessage(eciesMsg);
+  return {
+    sender: senderAddress,
+    encrypted: bytesToHex(serializedECIES)
+  };
+}
+/**
+ * unwrapMessageFromServer
+ * Decrypts a full privacy-wrapped response (serialized JSON array) from depinreceivemsg.
+ */
+async function unwrapMessageFromServer(encryptedHex, recipientPrivateKeyWifOrHex) {
+    if (!encryptedHex || !recipientPrivateKeyWifOrHex) {
+        throw new Error('encryptedHex and recipientPrivateKey are required');
+    }
+    let privKeyHex = recipientPrivateKeyWifOrHex;
+    if (isWIF(privKeyHex)) {
+        privKeyHex = await wifToHex(privKeyHex);
+    }
+    const decrypted = await decryptDepinReceiveEncryptedPayload(encryptedHex, privKeyHex);
+    return decrypted; // Returns the JSON string containing the message array
+}
 // Export for browser (IIFE global)
 export {
   buildDepinMessage,
+  wrapMessageForServer,
+  unwrapMessageFromServer,
   decryptDepinReceiveEncryptedPayload,
   wifToHex,
   isWIF,
@@ -768,6 +873,8 @@ export {
 if (typeof globalThis !== 'undefined') {
   globalThis.neuraiDepinMsg = {
     buildDepinMessage,
+    wrapMessageForServer,
+    unwrapMessageFromServer,
     decryptDepinReceiveEncryptedPayload,
     wifToHex,
     isWIF,