npm - @neuraiproject/neurai-message - Versions diffs - 0.8.0 → 0.9.0 - Mend

@neuraiproject/neurai-message 0.8.0 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/README.md +40 -8
package/dist/NeuraiMessage.global.js +12837 -0
package/dist/browser.mjs +12810 -0
package/dist/index.cjs +2901 -0
package/dist/index.d.ts +1 -0
package/dist/index.mjs +2890 -0
package/dist/main.js +10421 -16548
package/dist/module.js +10783 -16914
package/dist/src/browser-shims.d.ts +1 -0
package/dist/src/browser.d.ts +1 -0
package/dist/src/core.d.ts +6 -0
package/dist/src/global.d.ts +8 -0
package/dist/src/index.d.ts +1 -0
package/dist/src/legacy-message.d.ts +6 -0
package/index.ts +1 -256
package/package.json +33 -19
package/src/browser-shims.ts +9 -0
package/src/browser.ts +1 -0
package/src/core.ts +257 -0
package/src/global.ts +15 -0
package/src/index.ts +1 -0
package/src/legacy-message.ts +140 -0
package/{test.js → test.spec.js} +5 -7
package/tsconfig.json +6 -3
package/vitest.config.mjs +7 -0
package/dist/main.js.map +0 -1
package/dist/module.js.map +0 -1
package/dist/types.d.ts +0 -8
package/dist/types.d.ts.map +0 -1

package/dist/index.mjs ADDED Viewed

@@ -0,0 +1,2890 @@
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
+  get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
+}) : x)(function(x) {
+  if (typeof require !== "undefined") return require.apply(this, arguments);
+  throw Error('Dynamic require of "' + x + '" is not supported');
+});
+var __commonJS = (cb, mod) => function __require2() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+// node_modules/create-hash/index.js
+var require_create_hash = __commonJS({
+  "node_modules/create-hash/index.js"(exports, module) {
+    module.exports = __require("crypto").createHash;
+  }
+});
+// node_modules/bech32/dist/index.js
+var require_dist = __commonJS({
+  "node_modules/bech32/dist/index.js"(exports) {
+    "use strict";
+    Object.defineProperty(exports, "__esModule", { value: true });
+    exports.bech32m = exports.bech32 = void 0;
+    var ALPHABET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l";
+    var ALPHABET_MAP = {};
+    for (let z = 0; z < ALPHABET.length; z++) {
+      const x = ALPHABET.charAt(z);
+      ALPHABET_MAP[x] = z;
+    }
+    function polymodStep(pre) {
+      const b = pre >> 25;
+      return (pre & 33554431) << 5 ^ -(b >> 0 & 1) & 996825010 ^ -(b >> 1 & 1) & 642813549 ^ -(b >> 2 & 1) & 513874426 ^ -(b >> 3 & 1) & 1027748829 ^ -(b >> 4 & 1) & 705979059;
+    }
+    function prefixChk(prefix) {
+      let chk = 1;
+      for (let i = 0; i < prefix.length; ++i) {
+        const c = prefix.charCodeAt(i);
+        if (c < 33 || c > 126)
+          return "Invalid prefix (" + prefix + ")";
+        chk = polymodStep(chk) ^ c >> 5;
+      }
+      chk = polymodStep(chk);
+      for (let i = 0; i < prefix.length; ++i) {
+        const v = prefix.charCodeAt(i);
+        chk = polymodStep(chk) ^ v & 31;
+      }
+      return chk;
+    }
+    function convert(data, inBits, outBits, pad) {
+      let value = 0;
+      let bits = 0;
+      const maxV = (1 << outBits) - 1;
+      const result = [];
+      for (let i = 0; i < data.length; ++i) {
+        value = value << inBits | data[i];
+        bits += inBits;
+        while (bits >= outBits) {
+          bits -= outBits;
+          result.push(value >> bits & maxV);
+        }
+      }
+      if (pad) {
+        if (bits > 0) {
+          result.push(value << outBits - bits & maxV);
+        }
+      } else {
+        if (bits >= inBits)
+          return "Excess padding";
+        if (value << outBits - bits & maxV)
+          return "Non-zero padding";
+      }
+      return result;
+    }
+    function toWords(bytes) {
+      return convert(bytes, 8, 5, true);
+    }
+    function fromWordsUnsafe(words) {
+      const res = convert(words, 5, 8, false);
+      if (Array.isArray(res))
+        return res;
+    }
+    function fromWords(words) {
+      const res = convert(words, 5, 8, false);
+      if (Array.isArray(res))
+        return res;
+      throw new Error(res);
+    }
+    function getLibraryFromEncoding(encoding) {
+      let ENCODING_CONST;
+      if (encoding === "bech32") {
+        ENCODING_CONST = 1;
+      } else {
+        ENCODING_CONST = 734539939;
+      }
+      function encode(prefix, words, LIMIT) {
+        LIMIT = LIMIT || 90;
+        if (prefix.length + 7 + words.length > LIMIT)
+          throw new TypeError("Exceeds length limit");
+        prefix = prefix.toLowerCase();
+        let chk = prefixChk(prefix);
+        if (typeof chk === "string")
+          throw new Error(chk);
+        let result = prefix + "1";
+        for (let i = 0; i < words.length; ++i) {
+          const x = words[i];
+          if (x >> 5 !== 0)
+            throw new Error("Non 5-bit word");
+          chk = polymodStep(chk) ^ x;
+          result += ALPHABET.charAt(x);
+        }
+        for (let i = 0; i < 6; ++i) {
+          chk = polymodStep(chk);
+        }
+        chk ^= ENCODING_CONST;
+        for (let i = 0; i < 6; ++i) {
+          const v = chk >> (5 - i) * 5 & 31;
+          result += ALPHABET.charAt(v);
+        }
+        return result;
+      }
+      function __decode(str, LIMIT) {
+        LIMIT = LIMIT || 90;
+        if (str.length < 8)
+          return str + " too short";
+        if (str.length > LIMIT)
+          return "Exceeds length limit";
+        const lowered = str.toLowerCase();
+        const uppered = str.toUpperCase();
+        if (str !== lowered && str !== uppered)
+          return "Mixed-case string " + str;
+        str = lowered;
+        const split2 = str.lastIndexOf("1");
+        if (split2 === -1)
+          return "No separator character for " + str;
+        if (split2 === 0)
+          return "Missing prefix for " + str;
+        const prefix = str.slice(0, split2);
+        const wordChars = str.slice(split2 + 1);
+        if (wordChars.length < 6)
+          return "Data too short";
+        let chk = prefixChk(prefix);
+        if (typeof chk === "string")
+          return chk;
+        const words = [];
+        for (let i = 0; i < wordChars.length; ++i) {
+          const c = wordChars.charAt(i);
+          const v = ALPHABET_MAP[c];
+          if (v === void 0)
+            return "Unknown character " + c;
+          chk = polymodStep(chk) ^ v;
+          if (i + 6 >= wordChars.length)
+            continue;
+          words.push(v);
+        }
+        if (chk !== ENCODING_CONST)
+          return "Invalid checksum for " + str;
+        return { prefix, words };
+      }
+      function decodeUnsafe(str, LIMIT) {
+        const res = __decode(str, LIMIT);
+        if (typeof res === "object")
+          return res;
+      }
+      function decode(str, LIMIT) {
+        const res = __decode(str, LIMIT);
+        if (typeof res === "object")
+          return res;
+        throw new Error(res);
+      }
+      return {
+        decodeUnsafe,
+        decode,
+        encode,
+        toWords,
+        fromWordsUnsafe,
+        fromWords
+      };
+    }
+    exports.bech32 = getLibraryFromEncoding("bech32");
+    exports.bech32m = getLibraryFromEncoding("bech32m");
+  }
+});
+// node_modules/safe-buffer/index.js
+var require_safe_buffer = __commonJS({
+  "node_modules/safe-buffer/index.js"(exports, module) {
+    var buffer = __require("buffer");
+    var Buffer4 = buffer.Buffer;
+    function copyProps(src, dst) {
+      for (var key in src) {
+        dst[key] = src[key];
+      }
+    }
+    if (Buffer4.from && Buffer4.alloc && Buffer4.allocUnsafe && Buffer4.allocUnsafeSlow) {
+      module.exports = buffer;
+    } else {
+      copyProps(buffer, exports);
+      exports.Buffer = SafeBuffer;
+    }
+    function SafeBuffer(arg, encodingOrOffset, length) {
+      return Buffer4(arg, encodingOrOffset, length);
+    }
+    SafeBuffer.prototype = Object.create(Buffer4.prototype);
+    copyProps(Buffer4, SafeBuffer);
+    SafeBuffer.from = function(arg, encodingOrOffset, length) {
+      if (typeof arg === "number") {
+        throw new TypeError("Argument must not be a number");
+      }
+      return Buffer4(arg, encodingOrOffset, length);
+    };
+    SafeBuffer.alloc = function(size, fill, encoding) {
+      if (typeof size !== "number") {
+        throw new TypeError("Argument must be a number");
+      }
+      var buf = Buffer4(size);
+      if (fill !== void 0) {
+        if (typeof encoding === "string") {
+          buf.fill(fill, encoding);
+        } else {
+          buf.fill(fill);
+        }
+      } else {
+        buf.fill(0);
+      }
+      return buf;
+    };
+    SafeBuffer.allocUnsafe = function(size) {
+      if (typeof size !== "number") {
+        throw new TypeError("Argument must be a number");
+      }
+      return Buffer4(size);
+    };
+    SafeBuffer.allocUnsafeSlow = function(size) {
+      if (typeof size !== "number") {
+        throw new TypeError("Argument must be a number");
+      }
+      return buffer.SlowBuffer(size);
+    };
+  }
+});
+// node_modules/base-x/src/index.js
+var require_src = __commonJS({
+  "node_modules/base-x/src/index.js"(exports, module) {
+    "use strict";
+    var _Buffer = require_safe_buffer().Buffer;
+    function base(ALPHABET) {
+      if (ALPHABET.length >= 255) {
+        throw new TypeError("Alphabet too long");
+      }
+      var BASE_MAP = new Uint8Array(256);
+      for (var j = 0; j < BASE_MAP.length; j++) {
+        BASE_MAP[j] = 255;
+      }
+      for (var i = 0; i < ALPHABET.length; i++) {
+        var x = ALPHABET.charAt(i);
+        var xc = x.charCodeAt(0);
+        if (BASE_MAP[xc] !== 255) {
+          throw new TypeError(x + " is ambiguous");
+        }
+        BASE_MAP[xc] = i;
+      }
+      var BASE = ALPHABET.length;
+      var LEADER = ALPHABET.charAt(0);
+      var FACTOR = Math.log(BASE) / Math.log(256);
+      var iFACTOR = Math.log(256) / Math.log(BASE);
+      function encode(source) {
+        if (Array.isArray(source) || source instanceof Uint8Array) {
+          source = _Buffer.from(source);
+        }
+        if (!_Buffer.isBuffer(source)) {
+          throw new TypeError("Expected Buffer");
+        }
+        if (source.length === 0) {
+          return "";
+        }
+        var zeroes = 0;
+        var length = 0;
+        var pbegin = 0;
+        var pend = source.length;
+        while (pbegin !== pend && source[pbegin] === 0) {
+          pbegin++;
+          zeroes++;
+        }
+        var size = (pend - pbegin) * iFACTOR + 1 >>> 0;
+        var b58 = new Uint8Array(size);
+        while (pbegin !== pend) {
+          var carry = source[pbegin];
+          var i2 = 0;
+          for (var it1 = size - 1; (carry !== 0 || i2 < length) && it1 !== -1; it1--, i2++) {
+            carry += 256 * b58[it1] >>> 0;
+            b58[it1] = carry % BASE >>> 0;
+            carry = carry / BASE >>> 0;
+          }
+          if (carry !== 0) {
+            throw new Error("Non-zero carry");
+          }
+          length = i2;
+          pbegin++;
+        }
+        var it2 = size - length;
+        while (it2 !== size && b58[it2] === 0) {
+          it2++;
+        }
+        var str = LEADER.repeat(zeroes);
+        for (; it2 < size; ++it2) {
+          str += ALPHABET.charAt(b58[it2]);
+        }
+        return str;
+      }
+      function decodeUnsafe(source) {
+        if (typeof source !== "string") {
+          throw new TypeError("Expected String");
+        }
+        if (source.length === 0) {
+          return _Buffer.alloc(0);
+        }
+        var psz = 0;
+        var zeroes = 0;
+        var length = 0;
+        while (source[psz] === LEADER) {
+          zeroes++;
+          psz++;
+        }
+        var size = (source.length - psz) * FACTOR + 1 >>> 0;
+        var b256 = new Uint8Array(size);
+        while (psz < source.length) {
+          var charCode = source.charCodeAt(psz);
+          if (charCode > 255) {
+            return;
+          }
+          var carry = BASE_MAP[charCode];
+          if (carry === 255) {
+            return;
+          }
+          var i2 = 0;
+          for (var it3 = size - 1; (carry !== 0 || i2 < length) && it3 !== -1; it3--, i2++) {
+            carry += BASE * b256[it3] >>> 0;
+            b256[it3] = carry % 256 >>> 0;
+            carry = carry / 256 >>> 0;
+          }
+          if (carry !== 0) {
+            throw new Error("Non-zero carry");
+          }
+          length = i2;
+          psz++;
+        }
+        var it4 = size - length;
+        while (it4 !== size && b256[it4] === 0) {
+          it4++;
+        }
+        var vch = _Buffer.allocUnsafe(zeroes + (size - it4));
+        vch.fill(0, 0, zeroes);
+        var j2 = zeroes;
+        while (it4 !== size) {
+          vch[j2++] = b256[it4++];
+        }
+        return vch;
+      }
+      function decode(string) {
+        var buffer = decodeUnsafe(string);
+        if (buffer) {
+          return buffer;
+        }
+        throw new Error("Non-base" + BASE + " character");
+      }
+      return {
+        encode,
+        decodeUnsafe,
+        decode
+      };
+    }
+    module.exports = base;
+  }
+});
+// node_modules/bs58/index.js
+var require_bs58 = __commonJS({
+  "node_modules/bs58/index.js"(exports, module) {
+    var basex = require_src();
+    var ALPHABET = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+    module.exports = basex(ALPHABET);
+  }
+});
+// node_modules/bs58check/base.js
+var require_base = __commonJS({
+  "node_modules/bs58check/base.js"(exports, module) {
+    "use strict";
+    var base58 = require_bs58();
+    var Buffer4 = require_safe_buffer().Buffer;
+    module.exports = function(checksumFn) {
+      function encode(payload) {
+        var checksum = checksumFn(payload);
+        return base58.encode(Buffer4.concat([
+          payload,
+          checksum
+        ], payload.length + 4));
+      }
+      function decodeRaw(buffer) {
+        var payload = buffer.slice(0, -4);
+        var checksum = buffer.slice(-4);
+        var newChecksum = checksumFn(payload);
+        if (checksum[0] ^ newChecksum[0] | checksum[1] ^ newChecksum[1] | checksum[2] ^ newChecksum[2] | checksum[3] ^ newChecksum[3]) return;
+        return payload;
+      }
+      function decodeUnsafe(string) {
+        var buffer = base58.decodeUnsafe(string);
+        if (!buffer) return;
+        return decodeRaw(buffer);
+      }
+      function decode(string) {
+        var buffer = base58.decode(string);
+        var payload = decodeRaw(buffer, checksumFn);
+        if (!payload) throw new Error("Invalid checksum");
+        return payload;
+      }
+      return {
+        encode,
+        decode,
+        decodeUnsafe
+      };
+    };
+  }
+});
+// node_modules/bs58check/index.js
+var require_bs58check = __commonJS({
+  "node_modules/bs58check/index.js"(exports, module) {
+    "use strict";
+    var createHash3 = require_create_hash();
+    var bs58checkBase = require_base();
+    function sha256x2(buffer) {
+      var tmp = createHash3("sha256").update(buffer).digest();
+      return createHash3("sha256").update(tmp).digest();
+    }
+    module.exports = bs58checkBase(sha256x2);
+  }
+});
+// node_modules/varuint-bitcoin/index.js
+var require_varuint_bitcoin = __commonJS({
+  "node_modules/varuint-bitcoin/index.js"(exports, module) {
+    "use strict";
+    var Buffer4 = require_safe_buffer().Buffer;
+    var MAX_SAFE_INTEGER = 9007199254740991;
+    function checkUInt53(n) {
+      if (n < 0 || n > MAX_SAFE_INTEGER || n % 1 !== 0) throw new RangeError("value out of range");
+    }
+    function encode(number, buffer, offset) {
+      checkUInt53(number);
+      if (!buffer) buffer = Buffer4.allocUnsafe(encodingLength(number));
+      if (!Buffer4.isBuffer(buffer)) throw new TypeError("buffer must be a Buffer instance");
+      if (!offset) offset = 0;
+      if (number < 253) {
+        buffer.writeUInt8(number, offset);
+        encode.bytes = 1;
+      } else if (number <= 65535) {
+        buffer.writeUInt8(253, offset);
+        buffer.writeUInt16LE(number, offset + 1);
+        encode.bytes = 3;
+      } else if (number <= 4294967295) {
+        buffer.writeUInt8(254, offset);
+        buffer.writeUInt32LE(number, offset + 1);
+        encode.bytes = 5;
+      } else {
+        buffer.writeUInt8(255, offset);
+        buffer.writeUInt32LE(number >>> 0, offset + 1);
+        buffer.writeUInt32LE(number / 4294967296 | 0, offset + 5);
+        encode.bytes = 9;
+      }
+      return buffer;
+    }
+    function decode(buffer, offset) {
+      if (!Buffer4.isBuffer(buffer)) throw new TypeError("buffer must be a Buffer instance");
+      if (!offset) offset = 0;
+      var first = buffer.readUInt8(offset);
+      if (first < 253) {
+        decode.bytes = 1;
+        return first;
+      } else if (first === 253) {
+        decode.bytes = 3;
+        return buffer.readUInt16LE(offset + 1);
+      } else if (first === 254) {
+        decode.bytes = 5;
+        return buffer.readUInt32LE(offset + 1);
+      } else {
+        decode.bytes = 9;
+        var lo = buffer.readUInt32LE(offset + 1);
+        var hi = buffer.readUInt32LE(offset + 5);
+        var number = hi * 4294967296 + lo;
+        checkUInt53(number);
+        return number;
+      }
+    }
+    function encodingLength(number) {
+      checkUInt53(number);
+      return number < 253 ? 1 : number <= 65535 ? 3 : number <= 4294967295 ? 5 : 9;
+    }
+    module.exports = { encode, decode, encodingLength };
+  }
+});
+// src/core.ts
+var import_create_hash2 = __toESM(require_create_hash());
+var import_bech322 = __toESM(require_dist());
+import { Buffer as Buffer3 } from "buffer";
+// node_modules/@noble/hashes/utils.js
+function isBytes(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function anumber(n, title = "") {
+  if (!Number.isSafeInteger(n) || n < 0) {
+    const prefix = title && `"${title}" `;
+    throw new Error(`${prefix}expected integer >= 0, got ${n}`);
+  }
+}
+function abytes(value, length, title = "") {
+  const bytes = isBytes(value);
+  const len = value?.length;
+  const needsLen = length !== void 0;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    throw new Error(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+}
+function ahash(h) {
+  if (typeof h !== "function" || typeof h.create !== "function")
+    throw new Error("Hash must wrapped by utils.createHasher");
+  anumber(h.outputLen);
+  anumber(h.blockLen);
+}
+function aexists(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance) {
+  abytes(out, void 0, "digestInto() output");
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error('"digestInto() output" expected to be of length >=' + min);
+  }
+}
+function u32(arr) {
+  return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));
+}
+function clean(...arrays) {
+  for (let i = 0; i < arrays.length; i++) {
+    arrays[i].fill(0);
+  }
+}
+function createView(arr) {
+  return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+function rotr(word, shift) {
+  return word << 32 - shift | word >>> shift;
+}
+var isLE = /* @__PURE__ */ (() => new Uint8Array(new Uint32Array([287454020]).buffer)[0] === 68)();
+function byteSwap(word) {
+  return word << 24 & 4278190080 | word << 8 & 16711680 | word >>> 8 & 65280 | word >>> 24 & 255;
+}
+function byteSwap32(arr) {
+  for (let i = 0; i < arr.length; i++) {
+    arr[i] = byteSwap(arr[i]);
+  }
+  return arr;
+}
+var swap32IfBE = isLE ? (u) => u : byteSwap32;
+function concatBytes(...arrays) {
+  let sum = 0;
+  for (let i = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    abytes(a);
+    sum += a.length;
+  }
+  const res = new Uint8Array(sum);
+  for (let i = 0, pad = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    res.set(a, pad);
+    pad += a.length;
+  }
+  return res;
+}
+function createHasher(hashCons, info = {}) {
+  const hashC = (msg, opts) => hashCons(opts).update(msg).digest();
+  const tmp = hashCons(void 0);
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = (opts) => hashCons(opts);
+  Object.assign(hashC, info);
+  return Object.freeze(hashC);
+}
+function randomBytes(bytesLength = 32) {
+  const cr2 = typeof globalThis === "object" ? globalThis.crypto : null;
+  if (typeof cr2?.getRandomValues !== "function")
+    throw new Error("crypto.getRandomValues must be defined");
+  return cr2.getRandomValues(new Uint8Array(bytesLength));
+}
+var oidNist = (suffix) => ({
+  oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, suffix])
+});
+// node_modules/@noble/curves/utils.js
+function abool(value, title = "") {
+  if (typeof value !== "boolean") {
+    const prefix = title && `"${title}" `;
+    throw new Error(prefix + "expected boolean, got type=" + typeof value);
+  }
+  return value;
+}
+// node_modules/@noble/hashes/_u64.js
+var U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+var _32n = /* @__PURE__ */ BigInt(32);
+function fromBig(n, le = false) {
+  if (le)
+    return { h: Number(n & U32_MASK64), l: Number(n >> _32n & U32_MASK64) };
+  return { h: Number(n >> _32n & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+}
+function split(lst, le = false) {
+  const len = lst.length;
+  let Ah = new Uint32Array(len);
+  let Al = new Uint32Array(len);
+  for (let i = 0; i < len; i++) {
+    const { h, l } = fromBig(lst[i], le);
+    [Ah[i], Al[i]] = [h, l];
+  }
+  return [Ah, Al];
+}
+var rotlSH = (h, l, s) => h << s | l >>> 32 - s;
+var rotlSL = (h, l, s) => l << s | h >>> 32 - s;
+var rotlBH = (h, l, s) => l << s - 32 | h >>> 64 - s;
+var rotlBL = (h, l, s) => h << s - 32 | l >>> 64 - s;
+// node_modules/@noble/hashes/sha3.js
+var _0n = BigInt(0);
+var _1n = BigInt(1);
+var _2n = BigInt(2);
+var _7n = BigInt(7);
+var _256n = BigInt(256);
+var _0x71n = BigInt(113);
+var SHA3_PI = [];
+var SHA3_ROTL = [];
+var _SHA3_IOTA = [];
+for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
+  [x, y] = [y, (2 * x + 3 * y) % 5];
+  SHA3_PI.push(2 * (5 * y + x));
+  SHA3_ROTL.push((round + 1) * (round + 2) / 2 % 64);
+  let t = _0n;
+  for (let j = 0; j < 7; j++) {
+    R = (R << _1n ^ (R >> _7n) * _0x71n) % _256n;
+    if (R & _2n)
+      t ^= _1n << (_1n << BigInt(j)) - _1n;
+  }
+  _SHA3_IOTA.push(t);
+}
+var IOTAS = split(_SHA3_IOTA, true);
+var SHA3_IOTA_H = IOTAS[0];
+var SHA3_IOTA_L = IOTAS[1];
+var rotlH = (h, l, s) => s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s);
+var rotlL = (h, l, s) => s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s);
+function keccakP(s, rounds = 24) {
+  const B = new Uint32Array(5 * 2);
+  for (let round = 24 - rounds; round < 24; round++) {
+    for (let x = 0; x < 10; x++)
+      B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
+    for (let x = 0; x < 10; x += 2) {
+      const idx1 = (x + 8) % 10;
+      const idx0 = (x + 2) % 10;
+      const B0 = B[idx0];
+      const B1 = B[idx0 + 1];
+      const Th = rotlH(B0, B1, 1) ^ B[idx1];
+      const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
+      for (let y = 0; y < 50; y += 10) {
+        s[x + y] ^= Th;
+        s[x + y + 1] ^= Tl;
+      }
+    }
+    let curH = s[2];
+    let curL = s[3];
+    for (let t = 0; t < 24; t++) {
+      const shift = SHA3_ROTL[t];
+      const Th = rotlH(curH, curL, shift);
+      const Tl = rotlL(curH, curL, shift);
+      const PI = SHA3_PI[t];
+      curH = s[PI];
+      curL = s[PI + 1];
+      s[PI] = Th;
+      s[PI + 1] = Tl;
+    }
+    for (let y = 0; y < 50; y += 10) {
+      for (let x = 0; x < 10; x++)
+        B[x] = s[y + x];
+      for (let x = 0; x < 10; x++)
+        s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
+    }
+    s[0] ^= SHA3_IOTA_H[round];
+    s[1] ^= SHA3_IOTA_L[round];
+  }
+  clean(B);
+}
+var Keccak = class _Keccak {
+  // NOTE: we accept arguments in bytes instead of bits here.
+  constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
+    __publicField(this, "state");
+    __publicField(this, "pos", 0);
+    __publicField(this, "posOut", 0);
+    __publicField(this, "finished", false);
+    __publicField(this, "state32");
+    __publicField(this, "destroyed", false);
+    __publicField(this, "blockLen");
+    __publicField(this, "suffix");
+    __publicField(this, "outputLen");
+    __publicField(this, "enableXOF", false);
+    __publicField(this, "rounds");
+    this.blockLen = blockLen;
+    this.suffix = suffix;
+    this.outputLen = outputLen;
+    this.enableXOF = enableXOF;
+    this.rounds = rounds;
+    anumber(outputLen, "outputLen");
+    if (!(0 < blockLen && blockLen < 200))
+      throw new Error("only keccak-f1600 function is supported");
+    this.state = new Uint8Array(200);
+    this.state32 = u32(this.state);
+  }
+  clone() {
+    return this._cloneInto();
+  }
+  keccak() {
+    swap32IfBE(this.state32);
+    keccakP(this.state32, this.rounds);
+    swap32IfBE(this.state32);
+    this.posOut = 0;
+    this.pos = 0;
+  }
+  update(data) {
+    aexists(this);
+    abytes(data);
+    const { blockLen, state } = this;
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      for (let i = 0; i < take; i++)
+        state[this.pos++] ^= data[pos++];
+      if (this.pos === blockLen)
+        this.keccak();
+    }
+    return this;
+  }
+  finish() {
+    if (this.finished)
+      return;
+    this.finished = true;
+    const { state, suffix, pos, blockLen } = this;
+    state[pos] ^= suffix;
+    if ((suffix & 128) !== 0 && pos === blockLen - 1)
+      this.keccak();
+    state[blockLen - 1] ^= 128;
+    this.keccak();
+  }
+  writeInto(out) {
+    aexists(this, false);
+    abytes(out);
+    this.finish();
+    const bufferOut = this.state;
+    const { blockLen } = this;
+    for (let pos = 0, len = out.length; pos < len; ) {
+      if (this.posOut >= blockLen)
+        this.keccak();
+      const take = Math.min(blockLen - this.posOut, len - pos);
+      out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
+      this.posOut += take;
+      pos += take;
+    }
+    return out;
+  }
+  xofInto(out) {
+    if (!this.enableXOF)
+      throw new Error("XOF is not possible for this instance");
+    return this.writeInto(out);
+  }
+  xof(bytes) {
+    anumber(bytes);
+    return this.xofInto(new Uint8Array(bytes));
+  }
+  digestInto(out) {
+    aoutput(out, this);
+    if (this.finished)
+      throw new Error("digest() was already called");
+    this.writeInto(out);
+    this.destroy();
+    return out;
+  }
+  digest() {
+    return this.digestInto(new Uint8Array(this.outputLen));
+  }
+  destroy() {
+    this.destroyed = true;
+    clean(this.state);
+  }
+  _cloneInto(to) {
+    const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
+    to || (to = new _Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
+    to.state32.set(this.state32);
+    to.pos = this.pos;
+    to.posOut = this.posOut;
+    to.finished = this.finished;
+    to.rounds = rounds;
+    to.suffix = suffix;
+    to.outputLen = outputLen;
+    to.enableXOF = enableXOF;
+    to.destroyed = this.destroyed;
+    return to;
+  }
+};
+var genShake = (suffix, blockLen, outputLen, info = {}) => createHasher((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === void 0 ? outputLen : opts.dkLen, true), info);
+var shake128 = /* @__PURE__ */ genShake(31, 168, 16, /* @__PURE__ */ oidNist(11));
+var shake256 = /* @__PURE__ */ genShake(31, 136, 32, /* @__PURE__ */ oidNist(12));
+// node_modules/@noble/curves/abstract/fft.js
+function checkU32(n) {
+  if (!Number.isSafeInteger(n) || n < 0 || n > 4294967295)
+    throw new Error("wrong u32 integer:" + n);
+  return n;
+}
+function isPowerOfTwo(x) {
+  checkU32(x);
+  return (x & x - 1) === 0 && x !== 0;
+}
+function reverseBits(n, bits) {
+  checkU32(n);
+  let reversed = 0;
+  for (let i = 0; i < bits; i++, n >>>= 1)
+    reversed = reversed << 1 | n & 1;
+  return reversed;
+}
+function log2(n) {
+  checkU32(n);
+  return 31 - Math.clz32(n);
+}
+function bitReversalInplace(values) {
+  const n = values.length;
+  if (n < 2 || !isPowerOfTwo(n))
+    throw new Error("n must be a power of 2 and greater than 1. Got " + n);
+  const bits = log2(n);
+  for (let i = 0; i < n; i++) {
+    const j = reverseBits(i, bits);
+    if (i < j) {
+      const tmp = values[i];
+      values[i] = values[j];
+      values[j] = tmp;
+    }
+  }
+  return values;
+}
+var FFTCore = (F2, coreOpts) => {
+  const { N: N3, roots, dit, invertButterflies = false, skipStages = 0, brp = true } = coreOpts;
+  const bits = log2(N3);
+  if (!isPowerOfTwo(N3))
+    throw new Error("FFT: Polynomial size should be power of two");
+  const isDit = dit !== invertButterflies;
+  isDit;
+  return (values) => {
+    if (values.length !== N3)
+      throw new Error("FFT: wrong Polynomial length");
+    if (dit && brp)
+      bitReversalInplace(values);
+    for (let i = 0, g = 1; i < bits - skipStages; i++) {
+      const s = dit ? i + 1 + skipStages : bits - i;
+      const m = 1 << s;
+      const m2 = m >> 1;
+      const stride = N3 >> s;
+      for (let k = 0; k < N3; k += m) {
+        for (let j = 0, grp = g++; j < m2; j++) {
+          const rootPos = invertButterflies ? dit ? N3 - grp : grp : j * stride;
+          const i0 = k + j;
+          const i1 = k + j + m2;
+          const omega = roots[rootPos];
+          const b = values[i1];
+          const a = values[i0];
+          if (isDit) {
+            const t = F2.mul(b, omega);
+            values[i0] = F2.add(a, t);
+            values[i1] = F2.sub(a, t);
+          } else if (invertButterflies) {
+            values[i0] = F2.add(b, a);
+            values[i1] = F2.mul(F2.sub(b, a), omega);
+          } else {
+            values[i0] = F2.add(a, b);
+            values[i1] = F2.mul(F2.sub(a, b), omega);
+          }
+        }
+      }
+    }
+    if (!dit && brp)
+      bitReversalInplace(values);
+    return values;
+  };
+};
+// node_modules/@noble/post-quantum/utils.js
+var abytesDoc = abytes;
+var randomBytes2 = randomBytes;
+function equalBytes(a, b) {
+  if (a.length !== b.length)
+    return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++)
+    diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+function validateOpts(opts) {
+  if (Object.prototype.toString.call(opts) !== "[object Object]")
+    throw new TypeError("expected valid options object");
+}
+function validateVerOpts(opts) {
+  validateOpts(opts);
+  if (opts.context !== void 0)
+    abytes(opts.context, void 0, "opts.context");
+}
+function validateSigOpts(opts) {
+  validateVerOpts(opts);
+  if (opts.extraEntropy !== false && opts.extraEntropy !== void 0)
+    abytes(opts.extraEntropy, void 0, "opts.extraEntropy");
+}
+function splitCoder(label, ...lengths2) {
+  const getLength = (c) => typeof c === "number" ? c : c.bytesLen;
+  const bytesLen = lengths2.reduce((sum, a) => sum + getLength(a), 0);
+  return {
+    bytesLen,
+    encode: (bufs) => {
+      const res = new Uint8Array(bytesLen);
+      for (let i = 0, pos = 0; i < lengths2.length; i++) {
+        const c = lengths2[i];
+        const l = getLength(c);
+        const b = typeof c === "number" ? bufs[i] : c.encode(bufs[i]);
+        abytes(b, l, label);
+        res.set(b, pos);
+        if (typeof c !== "number")
+          b.fill(0);
+        pos += l;
+      }
+      return res;
+    },
+    decode: (buf) => {
+      abytes(buf, bytesLen, label);
+      const res = [];
+      for (const c of lengths2) {
+        const l = getLength(c);
+        const b = buf.subarray(0, l);
+        res.push(typeof c === "number" ? b : c.decode(b));
+        buf = buf.subarray(l);
+      }
+      return res;
+    }
+  };
+}
+function vecCoder(c, vecLen) {
+  const bytesLen = vecLen * c.bytesLen;
+  return {
+    bytesLen,
+    encode: (u) => {
+      if (u.length !== vecLen)
+        throw new RangeError(`vecCoder.encode: wrong length=${u.length}. Expected: ${vecLen}`);
+      const res = new Uint8Array(bytesLen);
+      for (let i = 0, pos = 0; i < u.length; i++) {
+        const b = c.encode(u[i]);
+        res.set(b, pos);
+        b.fill(0);
+        pos += b.length;
+      }
+      return res;
+    },
+    decode: (a) => {
+      abytes(a, bytesLen);
+      const r = [];
+      for (let i = 0; i < a.length; i += c.bytesLen)
+        r.push(c.decode(a.subarray(i, i + c.bytesLen)));
+      return r;
+    }
+  };
+}
+function cleanBytes(...list) {
+  for (const t of list) {
+    if (Array.isArray(t))
+      for (const b of t)
+        b.fill(0);
+    else
+      t.fill(0);
+  }
+}
+function getMask(bits) {
+  if (!Number.isSafeInteger(bits) || bits < 0 || bits > 32)
+    throw new RangeError(`expected bits in [0..32], got ${bits}`);
+  return bits === 32 ? 4294967295 : ~(-1 << bits) >>> 0;
+}
+var EMPTY = /* @__PURE__ */ Uint8Array.of();
+function getMessage(msg, ctx = EMPTY) {
+  abytes(msg);
+  abytes(ctx);
+  if (ctx.length > 255)
+    throw new RangeError("context should be 255 bytes or less");
+  return concatBytes(new Uint8Array([0, ctx.length]), ctx, msg);
+}
+var oidNistP = /* @__PURE__ */ Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2]);
+function checkHash(hash, requiredStrength = 0) {
+  if (!hash.oid || !equalBytes(hash.oid.subarray(0, 10), oidNistP))
+    throw new Error("hash.oid is invalid: expected NIST hash");
+  const collisionResistance = hash.outputLen * 8 / 2;
+  if (requiredStrength > collisionResistance) {
+    throw new Error("Pre-hash security strength too low: " + collisionResistance + ", required: " + requiredStrength);
+  }
+}
+function getMessagePrehash(hash, msg, ctx = EMPTY) {
+  abytes(msg);
+  abytes(ctx);
+  if (ctx.length > 255)
+    throw new RangeError("context should be 255 bytes or less");
+  const hashed = hash(msg);
+  return concatBytes(new Uint8Array([1, ctx.length]), ctx, hash.oid, hashed);
+}
+// node_modules/@noble/post-quantum/_crystals.js
+var genCrystals = (opts) => {
+  const { newPoly: newPoly2, N: N3, Q: Q2, F: F2, ROOT_OF_UNITY: ROOT_OF_UNITY2, brvBits, isKyber } = opts;
+  const mod = (a, modulo = Q2) => {
+    const result = a % modulo | 0;
+    return (result >= 0 ? result | 0 : modulo + result | 0) | 0;
+  };
+  const smod = (a, modulo = Q2) => {
+    const r = mod(a, modulo) | 0;
+    return (r > modulo >> 1 ? r - modulo | 0 : r) | 0;
+  };
+  function getZettas() {
+    const out = newPoly2(N3);
+    for (let i = 0; i < N3; i++) {
+      const b = reverseBits(i, brvBits);
+      const p = BigInt(ROOT_OF_UNITY2) ** BigInt(b) % BigInt(Q2);
+      out[i] = Number(p) | 0;
+    }
+    return out;
+  }
+  const nttZetas = getZettas();
+  const field = {
+    add: (a, b) => mod((a | 0) + (b | 0)) | 0,
+    sub: (a, b) => mod((a | 0) - (b | 0)) | 0,
+    mul: (a, b) => mod((a | 0) * (b | 0)) | 0,
+    inv: (_a) => {
+      throw new Error("not implemented");
+    }
+  };
+  const nttOpts = {
+    N: N3,
+    roots: nttZetas,
+    invertButterflies: true,
+    skipStages: isKyber ? 1 : 0,
+    brp: false
+  };
+  const dif = FFTCore(field, { dit: false, ...nttOpts });
+  const dit = FFTCore(field, { dit: true, ...nttOpts });
+  const NTT = {
+    encode: (r) => {
+      return dif(r);
+    },
+    decode: (r) => {
+      dit(r);
+      for (let i = 0; i < r.length; i++)
+        r[i] = mod(F2 * r[i]);
+      return r;
+    }
+  };
+  const bitsCoder = (d, c) => {
+    const mask = getMask(d);
+    const bytesLen = d * (N3 / 8);
+    return {
+      bytesLen,
+      encode: (poly) => {
+        const r = new Uint8Array(bytesLen);
+        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < poly.length; i++) {
+          buf |= (c.encode(poly[i]) & mask) << bufLen;
+          bufLen += d;
+          for (; bufLen >= 8; bufLen -= 8, buf >>= 8)
+            r[pos++] = buf & getMask(bufLen);
+        }
+        return r;
+      },
+      decode: (bytes) => {
+        const r = newPoly2(N3);
+        for (let i = 0, buf = 0, bufLen = 0, pos = 0; i < bytes.length; i++) {
+          buf |= bytes[i] << bufLen;
+          bufLen += 8;
+          for (; bufLen >= d; bufLen -= d, buf >>= d)
+            r[pos++] = c.decode(buf & mask);
+        }
+        return r;
+      }
+    };
+  };
+  return { mod, smod, nttZetas, NTT, bitsCoder };
+};
+var createXofShake = (shake) => (seed, blockLen) => {
+  if (!blockLen)
+    blockLen = shake.blockLen;
+  const _seed = new Uint8Array(seed.length + 2);
+  _seed.set(seed);
+  const seedLen = seed.length;
+  const buf = new Uint8Array(blockLen);
+  let h = shake.create({});
+  let calls = 0;
+  let xofs = 0;
+  return {
+    stats: () => ({ calls, xofs }),
+    get: (x, y) => {
+      _seed[seedLen + 0] = x;
+      _seed[seedLen + 1] = y;
+      h.destroy();
+      h = shake.create({}).update(_seed);
+      calls++;
+      return () => {
+        xofs++;
+        return h.xofInto(buf);
+      };
+    },
+    clean: () => {
+      h.destroy();
+      cleanBytes(buf, _seed);
+    }
+  };
+};
+var XOF128 = /* @__PURE__ */ createXofShake(shake128);
+var XOF256 = /* @__PURE__ */ createXofShake(shake256);
+// node_modules/@noble/post-quantum/ml-dsa.js
+function validateInternalOpts(opts) {
+  validateOpts(opts);
+  if (opts.externalMu !== void 0)
+    abool(opts.externalMu, "opts.externalMu");
+}
+var N = 256;
+var Q = 8380417;
+var ROOT_OF_UNITY = 1753;
+var F = 8347681;
+var D = 13;
+var GAMMA2_1 = Math.floor((Q - 1) / 88) | 0;
+var GAMMA2_2 = Math.floor((Q - 1) / 32) | 0;
+var PARAMS = /* @__PURE__ */ (() => ({
+  2: { K: 4, L: 4, D, GAMMA1: 2 ** 17, GAMMA2: GAMMA2_1, TAU: 39, ETA: 2, OMEGA: 80 },
+  3: { K: 6, L: 5, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 49, ETA: 4, OMEGA: 55 },
+  5: { K: 8, L: 7, D, GAMMA1: 2 ** 19, GAMMA2: GAMMA2_2, TAU: 60, ETA: 2, OMEGA: 75 }
+}))();
+var newPoly = (n) => new Int32Array(n);
+var crystals = /* @__PURE__ */ genCrystals({
+  N,
+  Q,
+  F,
+  ROOT_OF_UNITY,
+  newPoly,
+  isKyber: false,
+  brvBits: 8
+});
+var id = (n) => n;
+var polyCoder = (d, compress = id, verify = id) => crystals.bitsCoder(d, {
+  encode: (i) => compress(verify(i)),
+  decode: (i) => verify(compress(i))
+});
+var polyAdd = (a, b) => {
+  for (let i = 0; i < a.length; i++)
+    a[i] = crystals.mod(a[i] + b[i]);
+  return a;
+};
+var polySub = (a, b) => {
+  for (let i = 0; i < a.length; i++)
+    a[i] = crystals.mod(a[i] - b[i]);
+  return a;
+};
+var polyShiftl = (p) => {
+  for (let i = 0; i < N; i++)
+    p[i] <<= D;
+  return p;
+};
+var polyChknorm = (p, B) => {
+  for (let i = 0; i < N; i++)
+    if (Math.abs(crystals.smod(p[i])) >= B)
+      return true;
+  return false;
+};
+var MultiplyNTTs = (a, b) => {
+  const c = newPoly(N);
+  for (let i = 0; i < a.length; i++)
+    c[i] = crystals.mod(a[i] * b[i]);
+  return c;
+};
+function RejNTTPoly(xof) {
+  const r = newPoly(N);
+  for (let j = 0; j < N; ) {
+    const b = xof();
+    if (b.length % 3)
+      throw new Error("RejNTTPoly: unaligned block");
+    for (let i = 0; j < N && i <= b.length - 3; i += 3) {
+      const t = (b[i + 0] | b[i + 1] << 8 | b[i + 2] << 16) & 8388607;
+      if (t < Q)
+        r[j++] = t;
+    }
+  }
+  return r;
+}
+function getDilithium(opts) {
+  const { K, L: L3, GAMMA1, GAMMA2, TAU, ETA, OMEGA } = opts;
+  const { CRH_BYTES, TR_BYTES, C_TILDE_BYTES, XOF128: XOF1282, XOF256: XOF2562, securityLevel } = opts;
+  if (![2, 4].includes(ETA))
+    throw new Error("Wrong ETA");
+  if (![1 << 17, 1 << 19].includes(GAMMA1))
+    throw new Error("Wrong GAMMA1");
+  if (![GAMMA2_1, GAMMA2_2].includes(GAMMA2))
+    throw new Error("Wrong GAMMA2");
+  const BETA = TAU * ETA;
+  const decompose = (r) => {
+    const rPlus = crystals.mod(r);
+    const r0 = crystals.smod(rPlus, 2 * GAMMA2) | 0;
+    if (rPlus - r0 === Q - 1)
+      return { r1: 0 | 0, r0: r0 - 1 | 0 };
+    const r1 = Math.floor((rPlus - r0) / (2 * GAMMA2)) | 0;
+    return { r1, r0 };
+  };
+  const HighBits = (r) => decompose(r).r1;
+  const LowBits = (r) => decompose(r).r0;
+  const MakeHint = (z, r) => {
+    const res0 = z <= GAMMA2 || z > Q - GAMMA2 || z === Q - GAMMA2 && r === 0 ? 0 : 1;
+    return res0;
+  };
+  const UseHint = (h, r) => {
+    const m = Math.floor((Q - 1) / (2 * GAMMA2));
+    const { r1, r0 } = decompose(r);
+    if (h === 1)
+      return r0 > 0 ? crystals.mod(r1 + 1, m) | 0 : crystals.mod(r1 - 1, m) | 0;
+    return r1 | 0;
+  };
+  const Power2Round = (r) => {
+    const rPlus = crystals.mod(r);
+    const r0 = crystals.smod(rPlus, 2 ** D) | 0;
+    return { r1: Math.floor((rPlus - r0) / 2 ** D) | 0, r0 };
+  };
+  const hintCoder = {
+    bytesLen: OMEGA + K,
+    encode: (h) => {
+      if (h === false)
+        throw new Error("hint.encode: hint is false");
+      const res = new Uint8Array(OMEGA + K);
+      for (let i = 0, k = 0; i < K; i++) {
+        for (let j = 0; j < N; j++)
+          if (h[i][j] !== 0)
+            res[k++] = j;
+        res[OMEGA + i] = k;
+      }
+      return res;
+    },
+    decode: (buf) => {
+      const h = [];
+      let k = 0;
+      for (let i = 0; i < K; i++) {
+        const hi = newPoly(N);
+        if (buf[OMEGA + i] < k || buf[OMEGA + i] > OMEGA)
+          return false;
+        for (let j = k; j < buf[OMEGA + i]; j++) {
+          if (j > k && buf[j] <= buf[j - 1])
+            return false;
+          hi[buf[j]] = 1;
+        }
+        k = buf[OMEGA + i];
+        h.push(hi);
+      }
+      for (let j = k; j < OMEGA; j++)
+        if (buf[j] !== 0)
+          return false;
+      return h;
+    }
+  };
+  const ETACoder = polyCoder(ETA === 2 ? 3 : 4, (i) => ETA - i, (i) => {
+    if (!(-ETA <= i && i <= ETA))
+      throw new Error(`malformed key s1/s3 ${i} outside of ETA range [${-ETA}, ${ETA}]`);
+    return i;
+  });
+  const T0Coder = polyCoder(13, (i) => (1 << D - 1) - i);
+  const T1Coder = polyCoder(10);
+  const ZCoder = polyCoder(GAMMA1 === 1 << 17 ? 18 : 20, (i) => crystals.smod(GAMMA1 - i));
+  const W1Coder = polyCoder(GAMMA2 === GAMMA2_1 ? 6 : 4);
+  const W1Vec = vecCoder(W1Coder, K);
+  const publicCoder = splitCoder("publicKey", 32, vecCoder(T1Coder, K));
+  const secretCoder = splitCoder("secretKey", 32, 32, TR_BYTES, vecCoder(ETACoder, L3), vecCoder(ETACoder, K), vecCoder(T0Coder, K));
+  const sigCoder = splitCoder("signature", C_TILDE_BYTES, vecCoder(ZCoder, L3), hintCoder);
+  const CoefFromHalfByte = ETA === 2 ? (n) => n < 15 ? 2 - n % 5 : false : (n) => n < 9 ? 4 - n : false;
+  function RejBoundedPoly(xof) {
+    const r = newPoly(N);
+    for (let j = 0; j < N; ) {
+      const b = xof();
+      for (let i = 0; j < N && i < b.length; i += 1) {
+        const d1 = CoefFromHalfByte(b[i] & 15);
+        const d2 = CoefFromHalfByte(b[i] >> 4 & 15);
+        if (d1 !== false)
+          r[j++] = d1;
+        if (j < N && d2 !== false)
+          r[j++] = d2;
+      }
+    }
+    return r;
+  }
+  const SampleInBall = (seed) => {
+    const pre = newPoly(N);
+    const s = shake256.create({}).update(seed);
+    const buf = new Uint8Array(shake256.blockLen);
+    s.xofInto(buf);
+    const masks = buf.slice(0, 8);
+    for (let i = N - TAU, pos = 8, maskPos = 0, maskBit = 0; i < N; i++) {
+      let b = i + 1;
+      for (; b > i; ) {
+        b = buf[pos++];
+        if (pos < shake256.blockLen)
+          continue;
+        s.xofInto(buf);
+        pos = 0;
+      }
+      pre[i] = pre[b];
+      pre[b] = 1 - ((masks[maskPos] >> maskBit++ & 1) << 1);
+      if (maskBit >= 8) {
+        maskPos++;
+        maskBit = 0;
+      }
+    }
+    return pre;
+  };
+  const polyPowerRound = (p) => {
+    const res0 = newPoly(N);
+    const res1 = newPoly(N);
+    for (let i = 0; i < p.length; i++) {
+      const { r0, r1 } = Power2Round(p[i]);
+      res0[i] = r0;
+      res1[i] = r1;
+    }
+    return { r0: res0, r1: res1 };
+  };
+  const polyUseHint = (u, h) => {
+    for (let i = 0; i < N; i++)
+      u[i] = UseHint(h[i], u[i]);
+    return u;
+  };
+  const polyMakeHint = (a, b) => {
+    const v = newPoly(N);
+    let cnt = 0;
+    for (let i = 0; i < N; i++) {
+      const h = MakeHint(a[i], b[i]);
+      v[i] = h;
+      cnt += h;
+    }
+    return { v, cnt };
+  };
+  const signRandBytes = 32;
+  const seedCoder = splitCoder("seed", 32, 64, 32);
+  const internal = {
+    info: { type: "internal-ml-dsa" },
+    lengths: {
+      secretKey: secretCoder.bytesLen,
+      publicKey: publicCoder.bytesLen,
+      seed: 32,
+      signature: sigCoder.bytesLen,
+      signRand: signRandBytes
+    },
+    keygen: (seed) => {
+      const seedDst = new Uint8Array(32 + 2);
+      const randSeed = seed === void 0;
+      if (randSeed)
+        seed = randomBytes2(32);
+      abytesDoc(seed, 32, "seed");
+      seedDst.set(seed);
+      if (randSeed)
+        cleanBytes(seed);
+      seedDst[32] = K;
+      seedDst[33] = L3;
+      const [rho, rhoPrime, K_] = seedCoder.decode(shake256(seedDst, { dkLen: seedCoder.bytesLen }));
+      const xofPrime = XOF2562(rhoPrime);
+      const s1 = [];
+      for (let i = 0; i < L3; i++)
+        s1.push(RejBoundedPoly(xofPrime.get(i & 255, i >> 8 & 255)));
+      const s2 = [];
+      for (let i = L3; i < L3 + K; i++)
+        s2.push(RejBoundedPoly(xofPrime.get(i & 255, i >> 8 & 255)));
+      const s1Hat = s1.map((i) => crystals.NTT.encode(i.slice()));
+      const t0 = [];
+      const t1 = [];
+      const xof = XOF1282(rho);
+      const t = newPoly(N);
+      for (let i = 0; i < K; i++) {
+        cleanBytes(t);
+        for (let j = 0; j < L3; j++) {
+          const aij = RejNTTPoly(xof.get(j, i));
+          polyAdd(t, MultiplyNTTs(aij, s1Hat[j]));
+        }
+        crystals.NTT.decode(t);
+        const { r0, r1 } = polyPowerRound(polyAdd(t, s2[i]));
+        t0.push(r0);
+        t1.push(r1);
+      }
+      const publicKey = publicCoder.encode([rho, t1]);
+      const tr = shake256(publicKey, { dkLen: TR_BYTES });
+      const secretKey = secretCoder.encode([rho, K_, tr, s1, s2, t0]);
+      xof.clean();
+      xofPrime.clean();
+      cleanBytes(rho, rhoPrime, K_, s1, s2, s1Hat, t, t0, t1, tr, seedDst);
+      return { publicKey, secretKey };
+    },
+    getPublicKey: (secretKey) => {
+      const [rho, _K, _tr, s1, s2, _t0] = secretCoder.decode(secretKey);
+      const xof = XOF1282(rho);
+      const s1Hat = s1.map((p) => crystals.NTT.encode(p.slice()));
+      const t1 = [];
+      const tmp = newPoly(N);
+      for (let i = 0; i < K; i++) {
+        tmp.fill(0);
+        for (let j = 0; j < L3; j++) {
+          const aij = RejNTTPoly(xof.get(j, i));
+          polyAdd(tmp, MultiplyNTTs(aij, s1Hat[j]));
+        }
+        crystals.NTT.decode(tmp);
+        polyAdd(tmp, s2[i]);
+        const { r1 } = polyPowerRound(tmp);
+        t1.push(r1);
+      }
+      xof.clean();
+      cleanBytes(tmp, s1Hat, _t0, s1, s2);
+      return publicCoder.encode([rho, t1]);
+    },
+    // NOTE: random is optional.
+    sign: (msg, secretKey, opts2 = {}) => {
+      validateSigOpts(opts2);
+      validateInternalOpts(opts2);
+      let { extraEntropy: random, externalMu = false } = opts2;
+      const [rho, _K, tr, s1, s2, t0] = secretCoder.decode(secretKey);
+      const A = [];
+      const xof = XOF1282(rho);
+      for (let i = 0; i < K; i++) {
+        const pv = [];
+        for (let j = 0; j < L3; j++)
+          pv.push(RejNTTPoly(xof.get(j, i)));
+        A.push(pv);
+      }
+      xof.clean();
+      for (let i = 0; i < L3; i++)
+        crystals.NTT.encode(s1[i]);
+      for (let i = 0; i < K; i++) {
+        crystals.NTT.encode(s2[i]);
+        crystals.NTT.encode(t0[i]);
+      }
+      const mu = externalMu ? msg : (
+        // 6: µ ← H(tr||M, 512)
+        //    ▷ Compute message representative µ
+        shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest()
+      );
+      const rnd = random === false ? new Uint8Array(32) : random === void 0 ? randomBytes2(signRandBytes) : random;
+      abytesDoc(rnd, 32, "extraEntropy");
+      const rhoprime = shake256.create({ dkLen: CRH_BYTES }).update(_K).update(rnd).update(mu).digest();
+      abytesDoc(rhoprime, CRH_BYTES);
+      const x256 = XOF2562(rhoprime, ZCoder.bytesLen);
+      main_loop: for (let kappa = 0; ; ) {
+        const y = [];
+        for (let i = 0; i < L3; i++, kappa++)
+          y.push(ZCoder.decode(x256.get(kappa & 255, kappa >> 8)()));
+        const z = y.map((i) => crystals.NTT.encode(i.slice()));
+        const w = [];
+        for (let i = 0; i < K; i++) {
+          const wi = newPoly(N);
+          for (let j = 0; j < L3; j++)
+            polyAdd(wi, MultiplyNTTs(A[i][j], z[j]));
+          crystals.NTT.decode(wi);
+          w.push(wi);
+        }
+        const w1 = w.map((j) => j.map(HighBits));
+        const cTilde = shake256.create({ dkLen: C_TILDE_BYTES }).update(mu).update(W1Vec.encode(w1)).digest();
+        const cHat = crystals.NTT.encode(SampleInBall(cTilde));
+        const cs1 = s1.map((i) => MultiplyNTTs(i, cHat));
+        for (let i = 0; i < L3; i++) {
+          polyAdd(crystals.NTT.decode(cs1[i]), y[i]);
+          if (polyChknorm(cs1[i], GAMMA1 - BETA))
+            continue main_loop;
+        }
+        let cnt = 0;
+        const h = [];
+        for (let i = 0; i < K; i++) {
+          const cs2 = crystals.NTT.decode(MultiplyNTTs(s2[i], cHat));
+          const r0 = polySub(w[i], cs2).map(LowBits);
+          if (polyChknorm(r0, GAMMA2 - BETA))
+            continue main_loop;
+          const ct0 = crystals.NTT.decode(MultiplyNTTs(t0[i], cHat));
+          if (polyChknorm(ct0, GAMMA2))
+            continue main_loop;
+          polyAdd(r0, ct0);
+          const hint = polyMakeHint(r0, w1[i]);
+          h.push(hint.v);
+          cnt += hint.cnt;
+        }
+        if (cnt > OMEGA)
+          continue;
+        x256.clean();
+        const res = sigCoder.encode([cTilde, cs1, h]);
+        cleanBytes(cTilde, cs1, h, cHat, w1, w, z, y, rhoprime, s1, s2, t0, ...A);
+        if (!externalMu)
+          cleanBytes(mu);
+        return res;
+      }
+      throw new Error("Unreachable code path reached, report this error");
+    },
+    verify: (sig, msg, publicKey, opts2 = {}) => {
+      validateInternalOpts(opts2);
+      const { externalMu = false } = opts2;
+      const [rho, t1] = publicCoder.decode(publicKey);
+      const tr = shake256(publicKey, { dkLen: TR_BYTES });
+      if (sig.length !== sigCoder.bytesLen)
+        return false;
+      const [cTilde, z, h] = sigCoder.decode(sig);
+      if (h === false)
+        return false;
+      for (let i = 0; i < L3; i++)
+        if (polyChknorm(z[i], GAMMA1 - BETA))
+          return false;
+      const mu = externalMu ? msg : (
+        // 7: µ ← H(tr||M, 512)
+        shake256.create({ dkLen: CRH_BYTES }).update(tr).update(msg).digest()
+      );
+      const c = crystals.NTT.encode(SampleInBall(cTilde));
+      const zNtt = z.map((i) => i.slice());
+      for (let i = 0; i < L3; i++)
+        crystals.NTT.encode(zNtt[i]);
+      const wTick1 = [];
+      const xof = XOF1282(rho);
+      for (let i = 0; i < K; i++) {
+        const ct12d = MultiplyNTTs(crystals.NTT.encode(polyShiftl(t1[i])), c);
+        const Az = newPoly(N);
+        for (let j = 0; j < L3; j++) {
+          const aij = RejNTTPoly(xof.get(j, i));
+          polyAdd(Az, MultiplyNTTs(aij, zNtt[j]));
+        }
+        const wApprox = crystals.NTT.decode(polySub(Az, ct12d));
+        wTick1.push(polyUseHint(wApprox, h[i]));
+      }
+      xof.clean();
+      const c2 = shake256.create({ dkLen: C_TILDE_BYTES }).update(mu).update(W1Vec.encode(wTick1)).digest();
+      for (const t of h) {
+        const sum = t.reduce((acc, i) => acc + i, 0);
+        if (!(sum <= OMEGA))
+          return false;
+      }
+      for (const t of z)
+        if (polyChknorm(t, GAMMA1 - BETA))
+          return false;
+      return equalBytes(cTilde, c2);
+    }
+  };
+  return {
+    info: { type: "ml-dsa" },
+    internal,
+    securityLevel,
+    keygen: internal.keygen,
+    lengths: internal.lengths,
+    getPublicKey: internal.getPublicKey,
+    sign: (msg, secretKey, opts2 = {}) => {
+      validateSigOpts(opts2);
+      const M2 = getMessage(msg, opts2.context);
+      const res = internal.sign(M2, secretKey, opts2);
+      cleanBytes(M2);
+      return res;
+    },
+    verify: (sig, msg, publicKey, opts2 = {}) => {
+      validateVerOpts(opts2);
+      return internal.verify(sig, getMessage(msg, opts2.context), publicKey);
+    },
+    prehash: (hash) => {
+      checkHash(hash, securityLevel);
+      return {
+        info: { type: "hashml-dsa" },
+        securityLevel,
+        lengths: internal.lengths,
+        keygen: internal.keygen,
+        getPublicKey: internal.getPublicKey,
+        sign: (msg, secretKey, opts2 = {}) => {
+          validateSigOpts(opts2);
+          const M2 = getMessagePrehash(hash, msg, opts2.context);
+          const res = internal.sign(M2, secretKey, opts2);
+          cleanBytes(M2);
+          return res;
+        },
+        verify: (sig, msg, publicKey, opts2 = {}) => {
+          validateVerOpts(opts2);
+          return internal.verify(sig, getMessagePrehash(hash, msg, opts2.context), publicKey);
+        }
+      };
+    }
+  };
+}
+var ml_dsa44 = /* @__PURE__ */ (() => getDilithium({
+  ...PARAMS[2],
+  CRH_BYTES: 64,
+  TR_BYTES: 64,
+  C_TILDE_BYTES: 32,
+  XOF128,
+  XOF256,
+  securityLevel: 128
+}))();
+// src/legacy-message.ts
+import { Buffer as Buffer2 } from "buffer";
+// node_modules/@noble/hashes/hmac.js
+var _HMAC = class {
+  constructor(hash, key) {
+    __publicField(this, "oHash");
+    __publicField(this, "iHash");
+    __publicField(this, "blockLen");
+    __publicField(this, "outputLen");
+    __publicField(this, "finished", false);
+    __publicField(this, "destroyed", false);
+    ahash(hash);
+    abytes(key, void 0, "key");
+    this.iHash = hash.create();
+    if (typeof this.iHash.update !== "function")
+      throw new Error("Expected instance of class which extends utils.Hash");
+    this.blockLen = this.iHash.blockLen;
+    this.outputLen = this.iHash.outputLen;
+    const blockLen = this.blockLen;
+    const pad = new Uint8Array(blockLen);
+    pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
+    for (let i = 0; i < pad.length; i++)
+      pad[i] ^= 54;
+    this.iHash.update(pad);
+    this.oHash = hash.create();
+    for (let i = 0; i < pad.length; i++)
+      pad[i] ^= 54 ^ 92;
+    this.oHash.update(pad);
+    clean(pad);
+  }
+  update(buf) {
+    aexists(this);
+    this.iHash.update(buf);
+    return this;
+  }
+  digestInto(out) {
+    aexists(this);
+    abytes(out, this.outputLen, "output");
+    this.finished = true;
+    this.iHash.digestInto(out);
+    this.oHash.update(out);
+    this.oHash.digestInto(out);
+    this.destroy();
+  }
+  digest() {
+    const out = new Uint8Array(this.oHash.outputLen);
+    this.digestInto(out);
+    return out;
+  }
+  _cloneInto(to) {
+    to || (to = Object.create(Object.getPrototypeOf(this), {}));
+    const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
+    to = to;
+    to.finished = finished;
+    to.destroyed = destroyed;
+    to.blockLen = blockLen;
+    to.outputLen = outputLen;
+    to.oHash = oHash._cloneInto(to.oHash);
+    to.iHash = iHash._cloneInto(to.iHash);
+    return to;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+  destroy() {
+    this.destroyed = true;
+    this.oHash.destroy();
+    this.iHash.destroy();
+  }
+};
+var hmac = (hash, key, message) => new _HMAC(hash, key).update(message).digest();
+hmac.create = (hash, key) => new _HMAC(hash, key);
+// node_modules/@noble/hashes/_md.js
+function Chi(a, b, c) {
+  return a & b ^ ~a & c;
+}
+function Maj(a, b, c) {
+  return a & b ^ a & c ^ b & c;
+}
+var HashMD = class {
+  constructor(blockLen, outputLen, padOffset, isLE2) {
+    __publicField(this, "blockLen");
+    __publicField(this, "outputLen");
+    __publicField(this, "padOffset");
+    __publicField(this, "isLE");
+    // For partial updates less than block size
+    __publicField(this, "buffer");
+    __publicField(this, "view");
+    __publicField(this, "finished", false);
+    __publicField(this, "length", 0);
+    __publicField(this, "pos", 0);
+    __publicField(this, "destroyed", false);
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.padOffset = padOffset;
+    this.isLE = isLE2;
+    this.buffer = new Uint8Array(blockLen);
+    this.view = createView(this.buffer);
+  }
+  update(data) {
+    aexists(this);
+    abytes(data);
+    const { view, buffer, blockLen } = this;
+    const len = data.length;
+    for (let pos = 0; pos < len; ) {
+      const take = Math.min(blockLen - this.pos, len - pos);
+      if (take === blockLen) {
+        const dataView = createView(data);
+        for (; blockLen <= len - pos; pos += blockLen)
+          this.process(dataView, pos);
+        continue;
+      }
+      buffer.set(data.subarray(pos, pos + take), this.pos);
+      this.pos += take;
+      pos += take;
+      if (this.pos === blockLen) {
+        this.process(view, 0);
+        this.pos = 0;
+      }
+    }
+    this.length += data.length;
+    this.roundClean();
+    return this;
+  }
+  digestInto(out) {
+    aexists(this);
+    aoutput(out, this);
+    this.finished = true;
+    const { buffer, view, blockLen, isLE: isLE2 } = this;
+    let { pos } = this;
+    buffer[pos++] = 128;
+    clean(this.buffer.subarray(pos));
+    if (this.padOffset > blockLen - pos) {
+      this.process(view, 0);
+      pos = 0;
+    }
+    for (let i = pos; i < blockLen; i++)
+      buffer[i] = 0;
+    view.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE2);
+    this.process(view, 0);
+    const oview = createView(out);
+    const len = this.outputLen;
+    if (len % 4)
+      throw new Error("_sha2: outputLen must be aligned to 32bit");
+    const outLen = len / 4;
+    const state = this.get();
+    if (outLen > state.length)
+      throw new Error("_sha2: outputLen bigger than state");
+    for (let i = 0; i < outLen; i++)
+      oview.setUint32(4 * i, state[i], isLE2);
+  }
+  digest() {
+    const { buffer, outputLen } = this;
+    this.digestInto(buffer);
+    const res = buffer.slice(0, outputLen);
+    this.destroy();
+    return res;
+  }
+  _cloneInto(to) {
+    to || (to = new this.constructor());
+    to.set(...this.get());
+    const { blockLen, buffer, length, finished, destroyed, pos } = this;
+    to.destroyed = destroyed;
+    to.finished = finished;
+    to.length = length;
+    to.pos = pos;
+    if (length % blockLen)
+      to.buffer.set(buffer);
+    return to;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+};
+var SHA256_IV = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]);
+// node_modules/@noble/hashes/sha2.js
+var SHA256_K = /* @__PURE__ */ Uint32Array.from([
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+]);
+var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
+var SHA2_32B = class extends HashMD {
+  constructor(outputLen) {
+    super(64, outputLen, 8, false);
+  }
+  get() {
+    const { A, B, C: C2, D: D2, E, F: F2, G: G2, H } = this;
+    return [A, B, C2, D2, E, F2, G2, H];
+  }
+  // prettier-ignore
+  set(A, B, C2, D2, E, F2, G2, H) {
+    this.A = A | 0;
+    this.B = B | 0;
+    this.C = C2 | 0;
+    this.D = D2 | 0;
+    this.E = E | 0;
+    this.F = F2 | 0;
+    this.G = G2 | 0;
+    this.H = H | 0;
+  }
+  process(view, offset) {
+    for (let i = 0; i < 16; i++, offset += 4)
+      SHA256_W[i] = view.getUint32(offset, false);
+    for (let i = 16; i < 64; i++) {
+      const W15 = SHA256_W[i - 15];
+      const W2 = SHA256_W[i - 2];
+      const s0 = rotr(W15, 7) ^ rotr(W15, 18) ^ W15 >>> 3;
+      const s1 = rotr(W2, 17) ^ rotr(W2, 19) ^ W2 >>> 10;
+      SHA256_W[i] = s1 + SHA256_W[i - 7] + s0 + SHA256_W[i - 16] | 0;
+    }
+    let { A, B, C: C2, D: D2, E, F: F2, G: G2, H } = this;
+    for (let i = 0; i < 64; i++) {
+      const sigma1 = rotr(E, 6) ^ rotr(E, 11) ^ rotr(E, 25);
+      const T1 = H + sigma1 + Chi(E, F2, G2) + SHA256_K[i] + SHA256_W[i] | 0;
+      const sigma0 = rotr(A, 2) ^ rotr(A, 13) ^ rotr(A, 22);
+      const T2 = sigma0 + Maj(A, B, C2) | 0;
+      H = G2;
+      G2 = F2;
+      F2 = E;
+      E = D2 + T1 | 0;
+      D2 = C2;
+      C2 = B;
+      B = A;
+      A = T1 + T2 | 0;
+    }
+    A = A + this.A | 0;
+    B = B + this.B | 0;
+    C2 = C2 + this.C | 0;
+    D2 = D2 + this.D | 0;
+    E = E + this.E | 0;
+    F2 = F2 + this.F | 0;
+    G2 = G2 + this.G | 0;
+    H = H + this.H | 0;
+    this.set(A, B, C2, D2, E, F2, G2, H);
+  }
+  roundClean() {
+    clean(SHA256_W);
+  }
+  destroy() {
+    this.set(0, 0, 0, 0, 0, 0, 0, 0);
+    clean(this.buffer);
+  }
+};
+var _SHA256 = class extends SHA2_32B {
+  constructor() {
+    super(32);
+    // We cannot use array here since array allows indexing by variable
+    // which means optimizer/compiler cannot use registers.
+    __publicField(this, "A", SHA256_IV[0] | 0);
+    __publicField(this, "B", SHA256_IV[1] | 0);
+    __publicField(this, "C", SHA256_IV[2] | 0);
+    __publicField(this, "D", SHA256_IV[3] | 0);
+    __publicField(this, "E", SHA256_IV[4] | 0);
+    __publicField(this, "F", SHA256_IV[5] | 0);
+    __publicField(this, "G", SHA256_IV[6] | 0);
+    __publicField(this, "H", SHA256_IV[7] | 0);
+  }
+};
+var sha256 = /* @__PURE__ */ createHasher(
+  () => new _SHA256(),
+  /* @__PURE__ */ oidNist(1)
+);
+// node_modules/@noble/secp256k1/index.js
+var secp256k1_CURVE = {
+  p: 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2fn,
+  n: 0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141n,
+  h: 1n,
+  a: 0n,
+  b: 7n,
+  Gx: 0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798n,
+  Gy: 0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8n
+};
+var { p: P, n: N2, Gx, Gy, b: _b } = secp256k1_CURVE;
+var L = 32;
+var L2 = 64;
+var lengths = {
+  publicKey: L + 1,
+  publicKeyUncompressed: L2 + 1,
+  signature: L2,
+  seed: L + L / 2
+};
+var captureTrace = (...args) => {
+  if ("captureStackTrace" in Error && typeof Error.captureStackTrace === "function") {
+    Error.captureStackTrace(...args);
+  }
+};
+var err = (message = "") => {
+  const e = new Error(message);
+  captureTrace(e, err);
+  throw e;
+};
+var isBig = (n) => typeof n === "bigint";
+var isStr = (s) => typeof s === "string";
+var isBytes2 = (a) => a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+var abytes2 = (value, length, title = "") => {
+  const bytes = isBytes2(value);
+  const len = value?.length;
+  const needsLen = length !== void 0;
+  if (!bytes || needsLen && len !== length) {
+    const prefix = title && `"${title}" `;
+    const ofLen = needsLen ? ` of length ${length}` : "";
+    const got = bytes ? `length=${len}` : `type=${typeof value}`;
+    err(prefix + "expected Uint8Array" + ofLen + ", got " + got);
+  }
+  return value;
+};
+var u8n = (len) => new Uint8Array(len);
+var padh = (n, pad) => n.toString(16).padStart(pad, "0");
+var bytesToHex = (b) => Array.from(abytes2(b)).map((e) => padh(e, 2)).join("");
+var C = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+var _ch = (ch) => {
+  if (ch >= C._0 && ch <= C._9)
+    return ch - C._0;
+  if (ch >= C.A && ch <= C.F)
+    return ch - (C.A - 10);
+  if (ch >= C.a && ch <= C.f)
+    return ch - (C.a - 10);
+  return;
+};
+var hexToBytes = (hex) => {
+  const e = "hex invalid";
+  if (!isStr(hex))
+    return err(e);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    return err(e);
+  const array = u8n(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = _ch(hex.charCodeAt(hi));
+    const n2 = _ch(hex.charCodeAt(hi + 1));
+    if (n1 === void 0 || n2 === void 0)
+      return err(e);
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+};
+var cr = () => globalThis?.crypto;
+var subtle = () => cr()?.subtle ?? err("crypto.subtle must be defined, consider polyfill");
+var concatBytes2 = (...arrs) => {
+  const r = u8n(arrs.reduce((sum, a) => sum + abytes2(a).length, 0));
+  let pad = 0;
+  arrs.forEach((a) => {
+    r.set(a, pad);
+    pad += a.length;
+  });
+  return r;
+};
+var randomBytes3 = (len = L) => {
+  const c = cr();
+  return c.getRandomValues(u8n(len));
+};
+var big = BigInt;
+var arange = (n, min, max, msg = "bad number: out of range") => isBig(n) && min <= n && n < max ? n : err(msg);
+var M = (a, b = P) => {
+  const r = a % b;
+  return r >= 0n ? r : b + r;
+};
+var modN = (a) => M(a, N2);
+var invert = (num, md) => {
+  if (num === 0n || md <= 0n)
+    err("no inverse n=" + num + " mod=" + md);
+  let a = M(num, md), b = md, x = 0n, y = 1n, u = 1n, v = 0n;
+  while (a !== 0n) {
+    const q = b / a, r = b % a;
+    const m = x - u * q, n = y - v * q;
+    b = a, a = r, x = u, y = v, u = m, v = n;
+  }
+  return b === 1n ? M(x, md) : err("no inverse");
+};
+var callHash = (name) => {
+  const fn = hashes[name];
+  if (typeof fn !== "function")
+    err("hashes." + name + " not set");
+  return fn;
+};
+var apoint = (p) => p instanceof Point ? p : err("Point expected");
+var koblitz = (x) => M(M(x * x) * x + _b);
+var FpIsValid = (n) => arange(n, 0n, P);
+var FpIsValidNot0 = (n) => arange(n, 1n, P);
+var FnIsValidNot0 = (n) => arange(n, 1n, N2);
+var isEven = (y) => (y & 1n) === 0n;
+var u8of = (n) => Uint8Array.of(n);
+var getPrefix = (y) => u8of(isEven(y) ? 2 : 3);
+var lift_x = (x) => {
+  const c = koblitz(FpIsValidNot0(x));
+  let r = 1n;
+  for (let num = c, e = (P + 1n) / 4n; e > 0n; e >>= 1n) {
+    if (e & 1n)
+      r = r * num % P;
+    num = num * num % P;
+  }
+  return M(r * r) === c ? r : err("sqrt invalid");
+};
+var _Point = class _Point {
+  constructor(X, Y, Z) {
+    __publicField(this, "X");
+    __publicField(this, "Y");
+    __publicField(this, "Z");
+    this.X = FpIsValid(X);
+    this.Y = FpIsValidNot0(Y);
+    this.Z = FpIsValid(Z);
+    Object.freeze(this);
+  }
+  static CURVE() {
+    return secp256k1_CURVE;
+  }
+  /** Create 3d xyz point from 2d xy. (0, 0) => (0, 1, 0), not (0, 0, 1) */
+  static fromAffine(ap) {
+    const { x, y } = ap;
+    return x === 0n && y === 0n ? I : new _Point(x, y, 1n);
+  }
+  /** Convert Uint8Array or hex string to Point. */
+  static fromBytes(bytes) {
+    abytes2(bytes);
+    const { publicKey: comp, publicKeyUncompressed: uncomp } = lengths;
+    let p = void 0;
+    const length = bytes.length;
+    const head = bytes[0];
+    const tail = bytes.subarray(1);
+    const x = sliceBytesNumBE(tail, 0, L);
+    if (length === comp && (head === 2 || head === 3)) {
+      let y = lift_x(x);
+      const evenY = isEven(y);
+      const evenH = isEven(big(head));
+      if (evenH !== evenY)
+        y = M(-y);
+      p = new _Point(x, y, 1n);
+    }
+    if (length === uncomp && head === 4)
+      p = new _Point(x, sliceBytesNumBE(tail, L, L2), 1n);
+    return p ? p.assertValidity() : err("bad point: not on curve");
+  }
+  static fromHex(hex) {
+    return _Point.fromBytes(hexToBytes(hex));
+  }
+  get x() {
+    return this.toAffine().x;
+  }
+  get y() {
+    return this.toAffine().y;
+  }
+  /** Equality check: compare points P&Q. */
+  equals(other) {
+    const { X: X1, Y: Y1, Z: Z1 } = this;
+    const { X: X2, Y: Y2, Z: Z2 } = apoint(other);
+    const X1Z2 = M(X1 * Z2);
+    const X2Z1 = M(X2 * Z1);
+    const Y1Z2 = M(Y1 * Z2);
+    const Y2Z1 = M(Y2 * Z1);
+    return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;
+  }
+  is0() {
+    return this.equals(I);
+  }
+  /** Flip point over y coordinate. */
+  negate() {
+    return new _Point(this.X, M(-this.Y), this.Z);
+  }
+  /** Point doubling: P+P, complete formula. */
+  double() {
+    return this.add(this);
+  }
+  /**
+   * Point addition: P+Q, complete, exception-free formula
+   * (Renes-Costello-Batina, algo 1 of [2015/1060](https://eprint.iacr.org/2015/1060)).
+   * Cost: `12M + 0S + 3*a + 3*b3 + 23add`.
+   */
+  // prettier-ignore
+  add(other) {
+    const { X: X1, Y: Y1, Z: Z1 } = this;
+    const { X: X2, Y: Y2, Z: Z2 } = apoint(other);
+    const a = 0n;
+    const b = _b;
+    let X3 = 0n, Y3 = 0n, Z3 = 0n;
+    const b3 = M(b * 3n);
+    let t0 = M(X1 * X2), t1 = M(Y1 * Y2), t2 = M(Z1 * Z2), t3 = M(X1 + Y1);
+    let t4 = M(X2 + Y2);
+    t3 = M(t3 * t4);
+    t4 = M(t0 + t1);
+    t3 = M(t3 - t4);
+    t4 = M(X1 + Z1);
+    let t5 = M(X2 + Z2);
+    t4 = M(t4 * t5);
+    t5 = M(t0 + t2);
+    t4 = M(t4 - t5);
+    t5 = M(Y1 + Z1);
+    X3 = M(Y2 + Z2);
+    t5 = M(t5 * X3);
+    X3 = M(t1 + t2);
+    t5 = M(t5 - X3);
+    Z3 = M(a * t4);
+    X3 = M(b3 * t2);
+    Z3 = M(X3 + Z3);
+    X3 = M(t1 - Z3);
+    Z3 = M(t1 + Z3);
+    Y3 = M(X3 * Z3);
+    t1 = M(t0 + t0);
+    t1 = M(t1 + t0);
+    t2 = M(a * t2);
+    t4 = M(b3 * t4);
+    t1 = M(t1 + t2);
+    t2 = M(t0 - t2);
+    t2 = M(a * t2);
+    t4 = M(t4 + t2);
+    t0 = M(t1 * t4);
+    Y3 = M(Y3 + t0);
+    t0 = M(t5 * t4);
+    X3 = M(t3 * X3);
+    X3 = M(X3 - t0);
+    t0 = M(t3 * t1);
+    Z3 = M(t5 * Z3);
+    Z3 = M(Z3 + t0);
+    return new _Point(X3, Y3, Z3);
+  }
+  subtract(other) {
+    return this.add(apoint(other).negate());
+  }
+  /**
+   * Point-by-scalar multiplication. Scalar must be in range 1 <= n < CURVE.n.
+   * Uses {@link wNAF} for base point.
+   * Uses fake point to mitigate side-channel leakage.
+   * @param n scalar by which point is multiplied
+   * @param safe safe mode guards against timing attacks; unsafe mode is faster
+   */
+  multiply(n, safe = true) {
+    if (!safe && n === 0n)
+      return I;
+    FnIsValidNot0(n);
+    if (n === 1n)
+      return this;
+    if (this.equals(G))
+      return wNAF(n).p;
+    let p = I;
+    let f = G;
+    for (let d = this; n > 0n; d = d.double(), n >>= 1n) {
+      if (n & 1n)
+        p = p.add(d);
+      else if (safe)
+        f = f.add(d);
+    }
+    return p;
+  }
+  multiplyUnsafe(scalar) {
+    return this.multiply(scalar, false);
+  }
+  /** Convert point to 2d xy affine point. (X, Y, Z) ∋ (x=X/Z, y=Y/Z) */
+  toAffine() {
+    const { X: x, Y: y, Z: z } = this;
+    if (this.equals(I))
+      return { x: 0n, y: 0n };
+    if (z === 1n)
+      return { x, y };
+    const iz = invert(z, P);
+    if (M(z * iz) !== 1n)
+      err("inverse invalid");
+    return { x: M(x * iz), y: M(y * iz) };
+  }
+  /** Checks if the point is valid and on-curve. */
+  assertValidity() {
+    const { x, y } = this.toAffine();
+    FpIsValidNot0(x);
+    FpIsValidNot0(y);
+    return M(y * y) === koblitz(x) ? this : err("bad point: not on curve");
+  }
+  /** Converts point to 33/65-byte Uint8Array. */
+  toBytes(isCompressed = true) {
+    const { x, y } = this.assertValidity().toAffine();
+    const x32b = numTo32b(x);
+    if (isCompressed)
+      return concatBytes2(getPrefix(y), x32b);
+    return concatBytes2(u8of(4), x32b, numTo32b(y));
+  }
+  toHex(isCompressed) {
+    return bytesToHex(this.toBytes(isCompressed));
+  }
+};
+__publicField(_Point, "BASE");
+__publicField(_Point, "ZERO");
+var Point = _Point;
+var G = new Point(Gx, Gy, 1n);
+var I = new Point(0n, 1n, 0n);
+Point.BASE = G;
+Point.ZERO = I;
+var doubleScalarMulUns = (R, u1, u2) => {
+  return G.multiply(u1, false).add(R.multiply(u2, false)).assertValidity();
+};
+var bytesToNumBE = (b) => big("0x" + (bytesToHex(b) || "0"));
+var sliceBytesNumBE = (b, from, to) => bytesToNumBE(b.subarray(from, to));
+var B256 = 2n ** 256n;
+var numTo32b = (num) => hexToBytes(padh(arange(num, 0n, B256), L2));
+var secretKeyToScalar = (secretKey) => {
+  const num = bytesToNumBE(abytes2(secretKey, L, "secret key"));
+  return arange(num, 1n, N2, "invalid secret key: outside of range");
+};
+var highS = (n) => n > N2 >> 1n;
+var getPublicKey = (privKey, isCompressed = true) => {
+  return G.multiply(secretKeyToScalar(privKey)).toBytes(isCompressed);
+};
+var assertRecoveryBit = (recovery) => {
+  if (![0, 1, 2, 3].includes(recovery))
+    err("recovery id must be valid and present");
+};
+var assertSigFormat = (format) => {
+  if (format != null && !ALL_SIG.includes(format))
+    err(`Signature format must be one of: ${ALL_SIG.join(", ")}`);
+  if (format === SIG_DER)
+    err('Signature format "der" is not supported: switch to noble-curves');
+};
+var assertSigLength = (sig, format = SIG_COMPACT) => {
+  assertSigFormat(format);
+  const SL = lengths.signature;
+  const RL = SL + 1;
+  let msg = `Signature format "${format}" expects Uint8Array with length `;
+  if (format === SIG_COMPACT && sig.length !== SL)
+    err(msg + SL);
+  if (format === SIG_RECOVERED && sig.length !== RL)
+    err(msg + RL);
+};
+var Signature = class _Signature {
+  constructor(r, s, recovery) {
+    __publicField(this, "r");
+    __publicField(this, "s");
+    __publicField(this, "recovery");
+    this.r = FnIsValidNot0(r);
+    this.s = FnIsValidNot0(s);
+    if (recovery != null)
+      this.recovery = recovery;
+    Object.freeze(this);
+  }
+  static fromBytes(b, format = SIG_COMPACT) {
+    assertSigLength(b, format);
+    let rec;
+    if (format === SIG_RECOVERED) {
+      rec = b[0];
+      b = b.subarray(1);
+    }
+    const r = sliceBytesNumBE(b, 0, L);
+    const s = sliceBytesNumBE(b, L, L2);
+    return new _Signature(r, s, rec);
+  }
+  addRecoveryBit(bit) {
+    return new _Signature(this.r, this.s, bit);
+  }
+  hasHighS() {
+    return highS(this.s);
+  }
+  toBytes(format = SIG_COMPACT) {
+    const { r, s, recovery } = this;
+    const res = concatBytes2(numTo32b(r), numTo32b(s));
+    if (format === SIG_RECOVERED) {
+      assertRecoveryBit(recovery);
+      return concatBytes2(Uint8Array.of(recovery), res);
+    }
+    return res;
+  }
+};
+var bits2int = (bytes) => {
+  const delta = bytes.length * 8 - 256;
+  if (delta > 1024)
+    err("msg invalid");
+  const num = bytesToNumBE(bytes);
+  return delta > 0 ? num >> big(delta) : num;
+};
+var bits2int_modN = (bytes) => modN(bits2int(abytes2(bytes)));
+var SIG_COMPACT = "compact";
+var SIG_RECOVERED = "recovered";
+var SIG_DER = "der";
+var ALL_SIG = [SIG_COMPACT, SIG_RECOVERED, SIG_DER];
+var defaultSignOpts = {
+  lowS: true,
+  prehash: true,
+  format: SIG_COMPACT,
+  extraEntropy: false
+};
+var _sha = "SHA-256";
+var hashes = {
+  hmacSha256Async: async (key, message) => {
+    const s = subtle();
+    const name = "HMAC";
+    const k = await s.importKey("raw", key, { name, hash: { name: _sha } }, false, ["sign"]);
+    return u8n(await s.sign(name, k, message));
+  },
+  hmacSha256: void 0,
+  sha256Async: async (msg) => u8n(await subtle().digest(_sha, msg)),
+  sha256: void 0
+};
+var prepMsg = (msg, opts, async_) => {
+  abytes2(msg, void 0, "message");
+  if (!opts.prehash)
+    return msg;
+  return async_ ? hashes.sha256Async(msg) : callHash("sha256")(msg);
+};
+var NULL = u8n(0);
+var byte0 = u8of(0);
+var byte1 = u8of(1);
+var _maxDrbgIters = 1e3;
+var _drbgErr = "drbg: tried max amount of iterations";
+var hmacDrbg = (seed, pred) => {
+  let v = u8n(L);
+  let k = u8n(L);
+  let i = 0;
+  const reset = () => {
+    v.fill(1);
+    k.fill(0);
+  };
+  const h = (...b) => callHash("hmacSha256")(k, concatBytes2(v, ...b));
+  const reseed = (seed2 = NULL) => {
+    k = h(byte0, seed2);
+    v = h();
+    if (seed2.length === 0)
+      return;
+    k = h(byte1, seed2);
+    v = h();
+  };
+  const gen = () => {
+    if (i++ >= _maxDrbgIters)
+      err(_drbgErr);
+    v = h();
+    return v;
+  };
+  reset();
+  reseed(seed);
+  let res = void 0;
+  while (!(res = pred(gen())))
+    reseed();
+  reset();
+  return res;
+};
+var _sign = (messageHash, secretKey, opts, hmacDrbg2) => {
+  let { lowS, extraEntropy } = opts;
+  const int2octets = numTo32b;
+  const h1i = bits2int_modN(messageHash);
+  const h1o = int2octets(h1i);
+  const d = secretKeyToScalar(secretKey);
+  const seedArgs = [int2octets(d), h1o];
+  if (extraEntropy != null && extraEntropy !== false) {
+    const e = extraEntropy === true ? randomBytes3(L) : extraEntropy;
+    seedArgs.push(abytes2(e, void 0, "extraEntropy"));
+  }
+  const seed = concatBytes2(...seedArgs);
+  const m = h1i;
+  const k2sig = (kBytes) => {
+    const k = bits2int(kBytes);
+    if (!(1n <= k && k < N2))
+      return;
+    const ik = invert(k, N2);
+    const q = G.multiply(k).toAffine();
+    const r = modN(q.x);
+    if (r === 0n)
+      return;
+    const s = modN(ik * modN(m + r * d));
+    if (s === 0n)
+      return;
+    let recovery = (q.x === r ? 0 : 2) | Number(q.y & 1n);
+    let normS = s;
+    if (lowS && highS(s)) {
+      normS = modN(-s);
+      recovery ^= 1;
+    }
+    const sig = new Signature(r, normS, recovery);
+    return sig.toBytes(opts.format);
+  };
+  return hmacDrbg2(seed, k2sig);
+};
+var setDefaults = (opts) => {
+  const res = {};
+  Object.keys(defaultSignOpts).forEach((k) => {
+    res[k] = opts[k] ?? defaultSignOpts[k];
+  });
+  return res;
+};
+var sign = (message, secretKey, opts = {}) => {
+  opts = setDefaults(opts);
+  message = prepMsg(message, opts, false);
+  return _sign(message, secretKey, opts, hmacDrbg);
+};
+var _recover = (signature, messageHash) => {
+  const sig = Signature.fromBytes(signature, "recovered");
+  const { r, s, recovery } = sig;
+  assertRecoveryBit(recovery);
+  const h = bits2int_modN(abytes2(messageHash, L));
+  const radj = recovery === 2 || recovery === 3 ? r + N2 : r;
+  FpIsValidNot0(radj);
+  const head = getPrefix(big(recovery));
+  const Rb = concatBytes2(head, numTo32b(radj));
+  const R = Point.fromBytes(Rb);
+  const ir = invert(radj, N2);
+  const u1 = modN(-h * ir);
+  const u2 = modN(s * ir);
+  const point = doubleScalarMulUns(R, u1, u2);
+  return point.toBytes();
+};
+var recoverPublicKey = (signature, message, opts = {}) => {
+  message = prepMsg(message, setDefaults(opts), false);
+  return _recover(signature, message);
+};
+var randomSecretKey = (seed = randomBytes3(lengths.seed)) => {
+  abytes2(seed);
+  if (seed.length < lengths.seed || seed.length > 1024)
+    err("expected 40-1024b");
+  const num = M(bytesToNumBE(seed), N2 - 1n);
+  return numTo32b(num + 1n);
+};
+var createKeygen = (getPublicKey2) => (seed) => {
+  const secretKey = randomSecretKey(seed);
+  return { secretKey, publicKey: getPublicKey2(secretKey) };
+};
+var keygen = createKeygen(getPublicKey);
+var extpubSchnorr = (priv) => {
+  const d_ = secretKeyToScalar(priv);
+  const p = G.multiply(d_);
+  const { x, y } = p.assertValidity().toAffine();
+  const d = isEven(y) ? d_ : modN(-d_);
+  const px = numTo32b(x);
+  return { d, px };
+};
+var pubSchnorr = (secretKey) => {
+  return extpubSchnorr(secretKey).px;
+};
+var keygenSchnorr = createKeygen(pubSchnorr);
+var W = 8;
+var scalarBits = 256;
+var pwindows = Math.ceil(scalarBits / W) + 1;
+var pwindowSize = 2 ** (W - 1);
+var precompute = () => {
+  const points = [];
+  let p = G;
+  let b = p;
+  for (let w = 0; w < pwindows; w++) {
+    b = p;
+    points.push(b);
+    for (let i = 1; i < pwindowSize; i++) {
+      b = b.add(p);
+      points.push(b);
+    }
+    p = b.double();
+  }
+  return points;
+};
+var Gpows = void 0;
+var ctneg = (cnd, p) => {
+  const n = p.negate();
+  return cnd ? n : p;
+};
+var wNAF = (n) => {
+  const comp = Gpows || (Gpows = precompute());
+  let p = I;
+  let f = G;
+  const pow_2_w = 2 ** W;
+  const maxNum = pow_2_w;
+  const mask = big(pow_2_w - 1);
+  const shiftBy = big(W);
+  for (let w = 0; w < pwindows; w++) {
+    let wbits = Number(n & mask);
+    n >>= shiftBy;
+    if (wbits > pwindowSize) {
+      wbits -= maxNum;
+      n += 1n;
+    }
+    const off = w * pwindowSize;
+    const offF = off;
+    const offP = off + Math.abs(wbits) - 1;
+    const isEven2 = w % 2 !== 0;
+    const isNeg = wbits < 0;
+    if (wbits === 0) {
+      f = f.add(ctneg(isEven2, comp[offF]));
+    } else {
+      p = p.add(ctneg(isNeg, comp[offP]));
+    }
+  }
+  if (n !== 0n)
+    err("invalid wnaf");
+  return { p, f };
+};
+// src/legacy-message.ts
+var import_bech32 = __toESM(require_dist());
+var import_bs58check = __toESM(require_bs58check());
+var import_create_hash = __toESM(require_create_hash());
+var import_varuint_bitcoin = __toESM(require_varuint_bitcoin());
+hashes.hmacSha256 = (key, msg) => hmac(sha256, key, msg);
+hashes.sha256 = sha256;
+function sha2562(bytes) {
+  return (0, import_create_hash.default)("sha256").update(bytes).digest();
+}
+function hash256(bytes) {
+  return sha2562(sha2562(bytes));
+}
+function hash160(bytes) {
+  return (0, import_create_hash.default)("ripemd160").update(sha2562(bytes)).digest();
+}
+function encodeCompactSignature(signature, recovery, compressed) {
+  let header = recovery + 27;
+  if (compressed) {
+    header += 4;
+  }
+  return Buffer2.concat([Buffer2.from([header]), Buffer2.from(signature)]);
+}
+function decodeCompactSignature(buffer) {
+  if (buffer.length !== 65) {
+    throw new Error("Invalid signature length");
+  }
+  const flagByte = buffer.readUInt8(0) - 27;
+  if (flagByte < 0 || flagByte > 15) {
+    throw new Error("Invalid signature parameter");
+  }
+  return {
+    compressed: !!(flagByte & 12),
+    recovery: flagByte & 3,
+    signature: buffer.subarray(1),
+    segwitType: !(flagByte & 8) ? null : !(flagByte & 4) ? "p2sh(p2wpkh)" : "p2wpkh"
+  };
+}
+function decodeBech32Address(address) {
+  const result = import_bech32.bech32.decode(address);
+  return Buffer2.from(import_bech32.bech32.fromWords(result.words.slice(1)));
+}
+function segwitRedeemHash(publicKeyHash) {
+  const redeemScript = Buffer2.concat([
+    Buffer2.from("0014", "hex"),
+    Buffer2.from(publicKeyHash)
+  ]);
+  return hash160(redeemScript);
+}
+function magicHash(message, messagePrefix) {
+  const prefix = Buffer2.isBuffer(messagePrefix) ? messagePrefix : Buffer2.from(messagePrefix, "utf8");
+  const payload = Buffer2.isBuffer(message) ? message : Buffer2.from(message, "utf8");
+  const messageVISize = import_varuint_bitcoin.default.encodingLength(payload.length);
+  const buffer = Buffer2.allocUnsafe(prefix.length + messageVISize + payload.length);
+  prefix.copy(buffer, 0);
+  import_varuint_bitcoin.default.encode(payload.length, buffer, prefix.length);
+  payload.copy(buffer, prefix.length + messageVISize);
+  return hash256(buffer);
+}
+function signLegacyMessage(message, privateKey, compressed, messagePrefix) {
+  const hash = magicHash(message, messagePrefix);
+  const recoveredSignature = sign(hash, Buffer2.from(privateKey), {
+    prehash: false,
+    format: "recovered"
+  });
+  return encodeCompactSignature(
+    recoveredSignature.subarray(1),
+    recoveredSignature[0],
+    compressed
+  );
+}
+function verifyLegacyCompactMessage(message, address, signature, messagePrefix) {
+  const parsed = decodeCompactSignature(Buffer2.from(signature));
+  const hash = magicHash(message, messagePrefix);
+  const recoveredSignature = Buffer2.concat([
+    Buffer2.from([parsed.recovery]),
+    Buffer2.from(parsed.signature)
+  ]);
+  const publicKey = Buffer2.from(
+    recoverPublicKey(recoveredSignature, hash, {
+      prehash: false
+    })
+  );
+  const normalizedPublicKey = parsed.compressed ? publicKey : Buffer2.from(Point.fromBytes(publicKey).toBytes(false));
+  const publicKeyHash = hash160(normalizedPublicKey);
+  if (parsed.segwitType === "p2sh(p2wpkh)") {
+    return segwitRedeemHash(publicKeyHash).equals(
+      Buffer2.from(import_bs58check.default.decode(address).slice(1))
+    );
+  }
+  if (parsed.segwitType === "p2wpkh") {
+    return publicKeyHash.equals(decodeBech32Address(address));
+  }
+  return publicKeyHash.equals(Buffer2.from(import_bs58check.default.decode(address).slice(1)));
+}
+// src/core.ts
+var MESSAGE_MAGIC = "Neurai Signed Message:\n";
+var PQ_MESSAGE_SIGNATURE_PREFIX = 53;
+var PQ_SERIALIZED_PUBKEY_PREFIX = 5;
+var PQ_PUBLIC_KEY_LENGTH = 1312;
+var PQ_SERIALIZED_PUBKEY_LENGTH = 1 + PQ_PUBLIC_KEY_LENGTH;
+var PQ_SIGNATURE_LENGTH = 2420;
+var LEGACY_MESSAGE_PREFIX = String.fromCharCode(Buffer3.byteLength(MESSAGE_MAGIC, "utf8")) + MESSAGE_MAGIC;
+function encodeCompactSize(value) {
+  if (!Number.isInteger(value) || value < 0) {
+    throw new Error("CompactSize value must be a non-negative integer");
+  }
+  if (value < 253) {
+    return Buffer3.from([value]);
+  }
+  if (value <= 65535) {
+    const buffer = Buffer3.alloc(3);
+    buffer[0] = 253;
+    buffer.writeUInt16LE(value, 1);
+    return buffer;
+  }
+  if (value <= 4294967295) {
+    const buffer = Buffer3.alloc(5);
+    buffer[0] = 254;
+    buffer.writeUInt32LE(value, 1);
+    return buffer;
+  }
+  throw new Error("CompactSize values above uint32 are not supported");
+}
+function decodeCompactSize(buffer, offset) {
+  if (offset >= buffer.length) {
+    throw new Error("Unexpected end of CompactSize data");
+  }
+  const first = buffer[offset];
+  if (first < 253) {
+    return { value: first, offset: offset + 1 };
+  }
+  if (first === 253) {
+    if (offset + 3 > buffer.length) {
+      throw new Error("Unexpected end of CompactSize uint16 data");
+    }
+    return { value: buffer.readUInt16LE(offset + 1), offset: offset + 3 };
+  }
+  if (first === 254) {
+    if (offset + 5 > buffer.length) {
+      throw new Error("Unexpected end of CompactSize uint32 data");
+    }
+    return { value: buffer.readUInt32LE(offset + 1), offset: offset + 5 };
+  }
+  if (first === 255) {
+    throw new Error("CompactSize uint64 is not supported");
+  }
+  throw new Error("Invalid CompactSize prefix");
+}
+function sha2563(bytes) {
+  return (0, import_create_hash2.default)("sha256").update(bytes).digest();
+}
+function hash2562(bytes) {
+  return sha2563(sha2563(bytes));
+}
+function hash1602(bytes) {
+  return (0, import_create_hash2.default)("ripemd160").update(sha2563(bytes)).digest();
+}
+function encodeMessageHash(message) {
+  const messageBytes = Buffer3.from(message, "utf8");
+  const magicBytes = Buffer3.from(MESSAGE_MAGIC, "utf8");
+  const payload = Buffer3.concat([
+    encodeCompactSize(magicBytes.length),
+    magicBytes,
+    encodeCompactSize(messageBytes.length),
+    messageBytes
+  ]);
+  return hash2562(payload);
+}
+function toSignatureBuffer(signature) {
+  return typeof signature === "string" ? Buffer3.from(signature, "base64") : Buffer3.from(signature);
+}
+function normalizePQPublicKey(publicKey) {
+  const buffer = Buffer3.from(publicKey);
+  if (buffer.length === PQ_SERIALIZED_PUBKEY_LENGTH && buffer[0] === PQ_SERIALIZED_PUBKEY_PREFIX) {
+    return buffer;
+  }
+  if (buffer.length === PQ_PUBLIC_KEY_LENGTH) {
+    return Buffer3.concat([Buffer3.from([PQ_SERIALIZED_PUBKEY_PREFIX]), buffer]);
+  }
+  throw new Error("Invalid PQ public key length");
+}
+function isPQMessageSignature(signature) {
+  const buffer = toSignatureBuffer(signature);
+  return buffer.length > 0 && buffer[0] === PQ_MESSAGE_SIGNATURE_PREFIX;
+}
+function decodePQAddress(address) {
+  const decoded = import_bech322.bech32m.decode(address);
+  if (decoded.words.length === 0) {
+    throw new Error("Invalid bech32m address");
+  }
+  return {
+    prefix: decoded.prefix,
+    version: decoded.words[0],
+    program: Buffer3.from(import_bech322.bech32m.fromWords(decoded.words.slice(1)))
+  };
+}
+function sign2(message, privateKey, compressed = true) {
+  const signature = signLegacyMessage(
+    message,
+    Buffer3.from(privateKey),
+    compressed,
+    LEGACY_MESSAGE_PREFIX
+  );
+  return signature.toString("base64");
+}
+function signPQMessage(message, privateKey, publicKey) {
+  const serializedPublicKey = normalizePQPublicKey(publicKey);
+  const hash = encodeMessageHash(message);
+  const pqSignature = Buffer3.from(ml_dsa44.sign(hash, Buffer3.from(privateKey)));
+  const payload = Buffer3.concat([
+    Buffer3.from([PQ_MESSAGE_SIGNATURE_PREFIX]),
+    encodeCompactSize(serializedPublicKey.length),
+    serializedPublicKey,
+    encodeCompactSize(pqSignature.length),
+    pqSignature
+  ]);
+  return payload.toString("base64");
+}
+function verifyLegacyMessage(message, address, signature) {
+  try {
+    return verifyLegacyCompactMessage(
+      message,
+      address,
+      toSignatureBuffer(signature),
+      LEGACY_MESSAGE_PREFIX
+    );
+  } catch {
+    return false;
+  }
+}
+function verifyPQMessage(message, address, signature) {
+  try {
+    const payload = toSignatureBuffer(signature);
+    let offset = 0;
+    if (payload[offset++] !== PQ_MESSAGE_SIGNATURE_PREFIX) {
+      return false;
+    }
+    const publicKeyLength = decodeCompactSize(payload, offset);
+    offset = publicKeyLength.offset;
+    const serializedPublicKey = payload.subarray(
+      offset,
+      offset + publicKeyLength.value
+    );
+    offset += publicKeyLength.value;
+    const signatureLength = decodeCompactSize(payload, offset);
+    offset = signatureLength.offset;
+    const pqSignature = payload.subarray(offset, offset + signatureLength.value);
+    offset += signatureLength.value;
+    if (offset !== payload.length) {
+      return false;
+    }
+    if (serializedPublicKey.length !== PQ_SERIALIZED_PUBKEY_LENGTH || serializedPublicKey[0] !== PQ_SERIALIZED_PUBKEY_PREFIX || pqSignature.length !== PQ_SIGNATURE_LENGTH) {
+      return false;
+    }
+    const decodedAddress = decodePQAddress(address);
+    if (decodedAddress.version !== 1 || decodedAddress.program.length !== 20) {
+      return false;
+    }
+    const expectedProgram = hash1602(serializedPublicKey);
+    if (!expectedProgram.equals(decodedAddress.program)) {
+      return false;
+    }
+    return ml_dsa44.verify(
+      pqSignature,
+      encodeMessageHash(message),
+      serializedPublicKey.subarray(1)
+    );
+  } catch {
+    return false;
+  }
+}
+function verifyMessage(message, address, signature) {
+  return isPQMessageSignature(signature) ? verifyPQMessage(message, address, signature) : verifyLegacyMessage(message, address, signature);
+}
+export {
+  sign2 as sign,
+  signPQMessage,
+  verifyLegacyMessage,
+  verifyMessage,
+  verifyPQMessage
+};
+/*! Bundled license information:
+safe-buffer/index.js:
+  (*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> *)
+@noble/hashes/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+@noble/curves/utils.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+@noble/post-quantum/utils.js:
+@noble/post-quantum/_crystals.js:
+@noble/post-quantum/ml-dsa.js:
+  (*! noble-post-quantum - MIT License (c) 2024 Paul Miller (paulmillr.com) *)
+@noble/secp256k1/index.js:
+  (*! noble-secp256k1 - MIT License (c) 2019 Paul Miller (paulmillr.com) *)
+*/