@noble/curves 1.9.0 → 1.9.2

package/abstract/fft.js

@@ -0,0 +1,438 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FFTCore = void 0;
+exports.isPowerOfTwo = isPowerOfTwo;
+exports.nextPowerOfTwo = nextPowerOfTwo;
+exports.reverseBits = reverseBits;
+exports.log2 = log2;
+exports.bitReversalInplace = bitReversalInplace;
+exports.bitReversalPermutation = bitReversalPermutation;
+exports.rootsOfUnity = rootsOfUnity;
+exports.FFT = FFT;
+exports.poly = poly;
+function checkU32(n) {
+    // 0xff_ff_ff_ff
+    if (!Number.isSafeInteger(n) || n < 0 || n > 0xffffffff)
+        throw new Error('wrong u32 integer:' + n);
+    return n;
+}
+/** Checks if integer is in form of `1 << X` */
+function isPowerOfTwo(x) {
+    checkU32(x);
+    return (x & (x - 1)) === 0 && x !== 0;
+}
+function nextPowerOfTwo(n) {
+    checkU32(n);
+    if (n <= 1)
+        return 1;
+    return (1 << (log2(n - 1) + 1)) >>> 0;
+}
+function reverseBits(n, bits) {
+    checkU32(n);
+    let reversed = 0;
+    for (let i = 0; i < bits; i++, n >>>= 1)
+        reversed = (reversed << 1) | (n & 1);
+    return reversed;
+}
+/** Similar to `bitLen(x)-1` but much faster for small integers, like indices */
+function log2(n) {
+    checkU32(n);
+    return 31 - Math.clz32(n);
+}
+/**
+ * Moves lowest bit to highest position, which at first step splits
+ * array on even and odd indices, then it applied again to each part,
+ * which is core of fft
+ */
+function bitReversalInplace(values) {
+    const n = values.length;
+    if (n < 2 || !isPowerOfTwo(n))
+        throw new Error('n must be a power of 2 and greater than 1. Got ' + n);
+    const bits = log2(n);
+    for (let i = 0; i < n; i++) {
+        const j = reverseBits(i, bits);
+        if (i < j) {
+            const tmp = values[i];
+            values[i] = values[j];
+            values[j] = tmp;
+        }
+    }
+    return values;
+}
+function bitReversalPermutation(values) {
+    return bitReversalInplace(values.slice());
+}
+const _1n = /** @__PURE__ */ BigInt(1);
+function findGenerator(field) {
+    let G = BigInt(2);
+    for (; field.eql(field.pow(G, field.ORDER >> _1n), field.ONE); G++)
+        ;
+    return G;
+}
+/** We limit roots up to 2**31, which is a lot: 2-billion polynomimal should be rare. */
+function rootsOfUnity(field, generator) {
+    // Factor field.ORDER-1 as oddFactor * 2^powerOfTwo
+    let oddFactor = field.ORDER - _1n;
+    let powerOfTwo = 0;
+    for (; (oddFactor & _1n) !== _1n; powerOfTwo++, oddFactor >>= _1n)
+        ;
+    // Find non quadratic residue
+    let G = generator !== undefined ? BigInt(generator) : findGenerator(field);
+    // Powers of generator
+    const omegas = new Array(powerOfTwo + 1);
+    omegas[powerOfTwo] = field.pow(G, oddFactor);
+    for (let i = powerOfTwo; i > 0; i--)
+        omegas[i - 1] = field.sqr(omegas[i]);
+    // Compute all roots of unity for powers up to maxPower
+    const rootsCache = [];
+    const checkBits = (bits) => {
+        checkU32(bits);
+        if (bits > 31 || bits > powerOfTwo)
+            throw new Error('rootsOfUnity: wrong bits ' + bits + ' powerOfTwo=' + powerOfTwo);
+        return bits;
+    };
+    const precomputeRoots = (maxPower) => {
+        checkBits(maxPower);
+        for (let power = maxPower; power >= 0; power--) {
+            if (rootsCache[power])
+                continue; // Skip if we've already computed roots for this power
+            const rootsAtPower = [];
+            for (let j = 0, cur = field.ONE; j < 2 ** power; j++, cur = field.mul(cur, omegas[power]))
+                rootsAtPower.push(cur);
+            rootsCache[power] = rootsAtPower;
+        }
+        return rootsCache[maxPower];
+    };
+    const brpCache = new Map();
+    const inverseCache = new Map();
+    // NOTE: we use bits instead of power, because power = 2**bits,
+    // but power is not neccesary isPowerOfTwo(power)!
+    return {
+        roots: (bits) => {
+            const b = checkBits(bits);
+            return precomputeRoots(b);
+        },
+        brp(bits) {
+            const b = checkBits(bits);
+            if (brpCache.has(b))
+                return brpCache.get(b);
+            else {
+                const res = bitReversalPermutation(this.roots(b));
+                brpCache.set(b, res);
+                return res;
+            }
+        },
+        inverse(bits) {
+            const b = checkBits(bits);
+            if (inverseCache.has(b))
+                return inverseCache.get(b);
+            else {
+                const res = field.invertBatch(this.roots(b));
+                inverseCache.set(b, res);
+                return res;
+            }
+        },
+        omega: (bits) => omegas[checkBits(bits)],
+        clear: () => {
+            rootsCache.splice(0, rootsCache.length);
+            brpCache.clear();
+        },
+    };
+}
+/**
+ * Constructs different flavors of FFT. radix2 implementation of low level mutating API. Flavors:
+ *
+ * - DIT (Decimation-in-Time): Bottom-Up (leaves -> root), Cool-Turkey
+ * - DIF (Decimation-in-Frequency): Top-Down (root -> leaves), Gentleman–Sande
+ *
+ * DIT takes brp input, returns natural output.
+ * DIF takes natural input, returns brp output.
+ *
+ * The output is actually identical. Time / frequence distinction is not meaningful
+ * for Polynomial multiplication in fields.
+ * Which means if protocol supports/needs brp output/inputs, then we can skip this step.
+ *
+ * Cyclic NTT: Rq = Zq[x]/(x^n-1). butterfly_DIT+loop_DIT OR butterfly_DIF+loop_DIT, roots are omega
+ * Negacyclic NTT: Rq = Zq[x]/(x^n+1). butterfly_DIT+loop_DIF, at least for mlkem / mldsa
+ */
+const FFTCore = (F, coreOpts) => {
+    const { N, roots, dit, invertButterflies = false, skipStages = 0, brp = true } = coreOpts;
+    const bits = log2(N);
+    if (!isPowerOfTwo(N))
+        throw new Error('FFT: Polynomial size should be power of two');
+    const isDit = dit !== invertButterflies;
+    isDit;
+    return (values) => {
+        if (values.length !== N)
+            throw new Error('FFT: wrong Polynomial length');
+        if (dit && brp)
+            bitReversalInplace(values);
+        for (let i = 0, g = 1; i < bits - skipStages; i++) {
+            // For each stage s (sub-FFT length m = 2^s)
+            const s = dit ? i + 1 + skipStages : bits - i;
+            const m = 1 << s;
+            const m2 = m >> 1;
+            const stride = N >> s;
+            // Loop over each subarray of length m
+            for (let k = 0; k < N; k += m) {
+                // Loop over each butterfly within the subarray
+                for (let j = 0, grp = g++; j < m2; j++) {
+                    const rootPos = invertButterflies ? (dit ? N - grp : grp) : j * stride;
+                    const i0 = k + j;
+                    const i1 = k + j + m2;
+                    const omega = roots[rootPos];
+                    const b = values[i1];
+                    const a = values[i0];
+                    // Inlining gives us 10% perf in kyber vs functions
+                    if (isDit) {
+                        const t = F.mul(b, omega); // Standard DIT butterfly
+                        values[i0] = F.add(a, t);
+                        values[i1] = F.sub(a, t);
+                    }
+                    else if (invertButterflies) {
+                        values[i0] = F.add(b, a); // DIT loop + inverted butterflies (Kyber decode)
+                        values[i1] = F.mul(F.sub(b, a), omega);
+                    }
+                    else {
+                        values[i0] = F.add(a, b); // Standard DIF butterfly
+                        values[i1] = F.mul(F.sub(a, b), omega);
+                    }
+                }
+            }
+        }
+        if (!dit && brp)
+            bitReversalInplace(values);
+        return values;
+    };
+};
+exports.FFTCore = FFTCore;
+/**
+ * NTT aka FFT over finite field (NOT over complex numbers).
+ * Naming mirrors other libraries.
+ */
+function FFT(roots, opts) {
+    const getLoop = (N, roots, brpInput = false, brpOutput = false) => {
+        if (brpInput && brpOutput) {
+            // we cannot optimize this case, but lets support it anyway
+            return (values) => (0, exports.FFTCore)(opts, { N, roots, dit: false, brp: false })(bitReversalInplace(values));
+        }
+        if (brpInput)
+            return (0, exports.FFTCore)(opts, { N, roots, dit: true, brp: false });
+        if (brpOutput)
+            return (0, exports.FFTCore)(opts, { N, roots, dit: false, brp: false });
+        return (0, exports.FFTCore)(opts, { N, roots, dit: true, brp: true }); // all natural
+    };
+    return {
+        direct(values, brpInput = false, brpOutput = false) {
+            const N = values.length;
+            if (!isPowerOfTwo(N))
+                throw new Error('FFT: Polynomial size should be power of two');
+            const bits = log2(N);
+            return getLoop(N, roots.roots(bits), brpInput, brpOutput)(values.slice());
+        },
+        inverse(values, brpInput = false, brpOutput = false) {
+            const N = values.length;
+            const bits = log2(N);
+            const res = getLoop(N, roots.inverse(bits), brpInput, brpOutput)(values.slice());
+            const ivm = opts.inv(BigInt(values.length)); // scale
+            // we can get brp output if we use dif instead of dit!
+            for (let i = 0; i < res.length; i++)
+                res[i] = opts.mul(res[i], ivm);
+            // Allows to re-use non-inverted roots, but is VERY fragile
+            // return [res[0]].concat(res.slice(1).reverse());
+            // inverse calculated as pow(-1), which transforms into ω^{-kn} (-> reverses indices)
+            return res;
+        },
+    };
+}
+function poly(field, roots, create, fft, length) {
+    const F = field;
+    const _create = create ||
+        ((len, elm) => new Array(len).fill(elm ?? F.ZERO));
+    const isPoly = (x) => Array.isArray(x) || ArrayBuffer.isView(x);
+    const checkLength = (...lst) => {
+        if (!lst.length)
+            return 0;
+        for (const i of lst)
+            if (!isPoly(i))
+                throw new Error('poly: not polynomial: ' + i);
+        const L = lst[0].length;
+        for (let i = 1; i < lst.length; i++)
+            if (lst[i].length !== L)
+                throw new Error(`poly: mismatched lengths ${L} vs ${lst[i].length}`);
+        if (length !== undefined && L !== length)
+            throw new Error(`poly: expected fixed length ${length}, got ${L}`);
+        return L;
+    };
+    function findOmegaIndex(x, n, brp = false) {
+        const bits = log2(n);
+        const omega = brp ? roots.brp(bits) : roots.roots(bits);
+        for (let i = 0; i < n; i++)
+            if (F.eql(x, omega[i]))
+                return i;
+        return -1;
+    }
+    // TODO: mutating versions for mlkem/mldsa
+    return {
+        roots,
+        create: _create,
+        length,
+        extend: (a, len) => {
+            checkLength(a);
+            const out = _create(len, F.ZERO);
+            for (let i = 0; i < a.length; i++)
+                out[i] = a[i];
+            return out;
+        },
+        degree: (a) => {
+            checkLength(a);
+            for (let i = a.length - 1; i >= 0; i--)
+                if (!F.is0(a[i]))
+                    return i;
+            return -1;
+        },
+        add: (a, b) => {
+            const len = checkLength(a, b);
+            const out = _create(len);
+            for (let i = 0; i < len; i++)
+                out[i] = F.add(a[i], b[i]);
+            return out;
+        },
+        sub: (a, b) => {
+            const len = checkLength(a, b);
+            const out = _create(len);
+            for (let i = 0; i < len; i++)
+                out[i] = F.sub(a[i], b[i]);
+            return out;
+        },
+        dot: (a, b) => {
+            const len = checkLength(a, b);
+            const out = _create(len);
+            for (let i = 0; i < len; i++)
+                out[i] = F.mul(a[i], b[i]);
+            return out;
+        },
+        mul: (a, b) => {
+            if (isPoly(b)) {
+                const len = checkLength(a, b);
+                if (fft) {
+                    const A = fft.direct(a, false, true);
+                    const B = fft.direct(b, false, true);
+                    for (let i = 0; i < A.length; i++)
+                        A[i] = F.mul(A[i], B[i]);
+                    return fft.inverse(A, true, false);
+                }
+                else {
+                    // NOTE: this is quadratic and mostly for compat tests with FFT
+                    const res = _create(len);
+                    for (let i = 0; i < len; i++) {
+                        for (let j = 0; j < len; j++) {
+                            const k = (i + j) % len; // wrap mod length
+                            res[k] = F.add(res[k], F.mul(a[i], b[j]));
+                        }
+                    }
+                    return res;
+                }
+            }
+            else {
+                const out = _create(checkLength(a));
+                for (let i = 0; i < out.length; i++)
+                    out[i] = F.mul(a[i], b);
+                return out;
+            }
+        },
+        convolve(a, b) {
+            const len = nextPowerOfTwo(a.length + b.length - 1);
+            return this.mul(this.extend(a, len), this.extend(b, len));
+        },
+        shift(p, factor) {
+            const out = _create(checkLength(p));
+            out[0] = p[0];
+            for (let i = 1, power = F.ONE; i < p.length; i++) {
+                power = F.mul(power, factor);
+                out[i] = F.mul(p[i], power);
+            }
+            return out;
+        },
+        clone: (a) => {
+            checkLength(a);
+            const out = _create(a.length);
+            for (let i = 0; i < a.length; i++)
+                out[i] = a[i];
+            return out;
+        },
+        eval: (a, basis) => {
+            checkLength(a);
+            let acc = F.ZERO;
+            for (let i = 0; i < a.length; i++)
+                acc = F.add(acc, F.mul(a[i], basis[i]));
+            return acc;
+        },
+        monomial: {
+            basis: (x, n) => {
+                const out = _create(n);
+                let pow = F.ONE;
+                for (let i = 0; i < n; i++) {
+                    out[i] = pow;
+                    pow = F.mul(pow, x);
+                }
+                return out;
+            },
+            eval: (a, x) => {
+                checkLength(a);
+                // Same as eval(a, monomialBasis(x, a.length)), but it is faster this way
+                let acc = F.ZERO;
+                for (let i = a.length - 1; i >= 0; i--)
+                    acc = F.add(F.mul(acc, x), a[i]);
+                return acc;
+            },
+        },
+        lagrange: {
+            basis: (x, n, brp = false, weights) => {
+                const bits = log2(n);
+                const cache = weights || brp ? roots.brp(bits) : roots.roots(bits); // [ω⁰, ω¹, ..., ωⁿ⁻¹]
+                const out = _create(n);
+                // Fast Kronecker-δ shortcut
+                const idx = findOmegaIndex(x, n, brp);
+                if (idx !== -1) {
+                    out[idx] = F.ONE;
+                    return out;
+                }
+                const tm = F.pow(x, BigInt(n));
+                const c = F.mul(F.sub(tm, F.ONE), F.inv(BigInt(n))); // c = (xⁿ - 1)/n
+                const denom = _create(n);
+                for (let i = 0; i < n; i++)
+                    denom[i] = F.sub(x, cache[i]);
+                const inv = F.invertBatch(denom);
+                for (let i = 0; i < n; i++)
+                    out[i] = F.mul(c, F.mul(cache[i], inv[i]));
+                return out;
+            },
+            eval(a, x, brp = false) {
+                checkLength(a);
+                const idx = findOmegaIndex(x, a.length, brp);
+                if (idx !== -1)
+                    return a[idx]; // fast path
+                const L = this.basis(x, a.length, brp); // Lᵢ(x)
+                let acc = F.ZERO;
+                for (let i = 0; i < a.length; i++)
+                    if (!F.is0(a[i]))
+                        acc = F.add(acc, F.mul(a[i], L[i]));
+                return acc;
+            },
+        },
+        vanishing(roots) {
+            checkLength(roots);
+            const out = _create(roots.length + 1, F.ZERO);
+            out[0] = F.ONE;
+            for (const r of roots) {
+                const neg = F.neg(r);
+                for (let j = out.length - 1; j > 0; j--)
+                    out[j] = F.add(F.mul(out[j], neg), out[j - 1]);
+                out[0] = F.mul(out[0], neg);
+            }
+            return out;
+        },
+    };
+}
+//# sourceMappingURL=fft.js.map

package/abstract/fft.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fft.js","sourceRoot":"","sources":["../src/abstract/fft.ts"],"names":[],"mappings":";;;AAsBA,oCAGC;AAED,wCAIC;AAED,kCAKC;AAGD,oBAGC;AAOD,gDAcC;AAED,wDAEC;AAiBD,oCAiEC;AAkGD,kBAoCC;AA0DD,oBA+KC;AAxfD,SAAS,QAAQ,CAAC,CAAS;IACzB,gBAAgB;IAChB,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,UAAU;QACrD,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,CAAC,CAAC,CAAC;IAC5C,OAAO,CAAC,CAAC;AACX,CAAC;AAED,+CAA+C;AAC/C,SAAgB,YAAY,CAAC,CAAS;IACpC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACZ,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,cAAc,CAAC,CAAS;IACtC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACZ,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,CAAC;IACrB,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED,SAAgB,WAAW,CAAC,CAAS,EAAE,IAAY;IACjD,QAAQ,CAAC,CAAC,CAAC,CAAC;IACZ,IAAI,QAAQ,GAAG,CAAC,CAAC;IACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,EAAE,EAAE,CAAC,MAAM,CAAC;QAAE,QAAQ,GAAG,CAAC,QAAQ,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;IAC9E,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,gFAAgF;AAChF,SAAgB,IAAI,CAAC,CAAS;IAC5B,QAAQ,CAAC,CAAC,CAAC,CAAC;IACZ,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AAC5B,CAAC;AAED;;;;GAIG;AACH,SAAgB,kBAAkB,CAAkC,MAAS;IAC3E,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;IACxB,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,iDAAiD,GAAG,CAAC,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;QAC3B,MAAM,CAAC,GAAG,WAAW,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;QAC/B,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC;YACV,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;YACtB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QAClB,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,sBAAsB,CAAI,MAAW;IACnD,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,EAAE,CAAQ,CAAC;AACnD,CAAC;AAED,MAAM,GAAG,GAAG,gBAAgB,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACvC,SAAS,aAAa,CAAC,KAAqB;IAC1C,IAAI,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC;IAClB,OAAO,KAAK,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,IAAI,GAAG,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAC,CAAC;IACpE,OAAO,CAAC,CAAC;AACX,CAAC;AASD,wFAAwF;AACxF,SAAgB,YAAY,CAAC,KAAqB,EAAE,SAAkB;IACpE,mDAAmD;IACnD,IAAI,SAAS,GAAG,KAAK,CAAC,KAAK,GAAG,GAAG,CAAC;IAClC,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,OAAO,CAAC,SAAS,GAAG,GAAG,CAAC,KAAK,GAAG,EAAE,UAAU,EAAE,EAAE,SAAS,KAAK,GAAG;QAAC,CAAC;IAEnE,6BAA6B;IAC7B,IAAI,CAAC,GAAG,SAAS,KAAK,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;IAC3E,sBAAsB;IACtB,MAAM,MAAM,GAAa,IAAI,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;IACnD,MAAM,CAAC,UAAU,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC7C,KAAK,IAAI,CAAC,GAAG,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;QAAE,MAAM,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1E,uDAAuD;IACvD,MAAM,UAAU,GAAe,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,CAAC,IAAY,EAAE,EAAE;QACjC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACf,IAAI,IAAI,GAAG,EAAE,IAAI,IAAI,GAAG,UAAU;YAChC,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,IAAI,GAAG,cAAc,GAAG,UAAU,CAAC,CAAC;QACpF,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;IACF,MAAM,eAAe,GAAG,CAAC,QAAgB,EAAE,EAAE;QAC3C,SAAS,CAAC,QAAQ,CAAC,CAAC;QACpB,KAAK,IAAI,KAAK,GAAG,QAAQ,EAAE,KAAK,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,CAAC;YAC/C,IAAI,UAAU,CAAC,KAAK,CAAC;gBAAE,SAAS,CAAC,sDAAsD;YACvF,MAAM,YAAY,GAAa,EAAE,CAAC;YAClC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,IAAI,KAAK,EAAE,CAAC,EAAE,EAAE,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;gBACvF,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YACzB,UAAU,CAAC,KAAK,CAAC,GAAG,YAAY,CAAC;QACnC,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC9B,CAAC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,GAAG,EAAoB,CAAC;IAC7C,MAAM,YAAY,GAAG,IAAI,GAAG,EAAoB,CAAC;IAEjD,+DAA+D;IAC/D,kDAAkD;IAClD,OAAO;QACL,KAAK,EAAE,CAAC,IAAY,EAAY,EAAE;YAChC,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1B,OAAO,eAAe,CAAC,CAAC,CAAC,CAAC;QAC5B,CAAC;QACD,GAAG,CAAC,IAAY;YACd,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1B,IAAI,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,OAAO,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;iBACxC,CAAC;gBACJ,MAAM,GAAG,GAAG,sBAAsB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAClD,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACrB,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,OAAO,CAAC,IAAY;YAClB,MAAM,CAAC,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;YAC1B,IAAI,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,OAAO,YAAY,CAAC,GAAG,CAAC,CAAC,CAAE,CAAC;iBAChD,CAAC;gBACJ,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC7C,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBACzB,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,KAAK,EAAE,CAAC,IAAY,EAAU,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACxD,KAAK,EAAE,GAAS,EAAE;YAChB,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,UAAU,CAAC,MAAM,CAAC,CAAC;YACxC,QAAQ,CAAC,KAAK,EAAE,CAAC;QACnB,CAAC;KACF,CAAC;AACJ,CAAC;AA4BD;;;;;;;;;;;;;;;GAeG;AACI,MAAM,OAAO,GAAG,CAAO,CAAgB,EAAE,QAAwB,EAAkB,EAAE;IAC1F,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,iBAAiB,GAAG,KAAK,EAAE,UAAU,GAAG,CAAC,EAAE,GAAG,GAAG,IAAI,EAAE,GAAG,QAAQ,CAAC;IAC1F,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;IACrB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;IACrF,MAAM,KAAK,GAAG,GAAG,KAAK,iBAAiB,CAAC;IACxC,KAAK,CAAC;IACN,OAAO,CAA0B,MAAS,EAAK,EAAE;QAC/C,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QACzE,IAAI,GAAG,IAAI,GAAG;YAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC3C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,IAAI,GAAG,UAAU,EAAE,CAAC,EAAE,EAAE,CAAC;YAClD,4CAA4C;YAC5C,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;YAC9C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACjB,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;YAClB,MAAM,MAAM,GAAG,CAAC,IAAI,CAAC,CAAC;YACtB,sCAAsC;YACtC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC;gBAC9B,+CAA+C;gBAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC;oBACvC,MAAM,OAAO,GAAG,iBAAiB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;oBACvE,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;oBACjB,MAAM,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;oBACtB,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;oBAC7B,MAAM,CAAC,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;oBACrB,MAAM,CAAC,GAAG,MAAM,CAAC,EAAE,CAAC,CAAC;oBACrB,mDAAmD;oBACnD,IAAI,KAAK,EAAE,CAAC;wBACV,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,yBAAyB;wBACpD,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;wBACzB,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;oBAC3B,CAAC;yBAAM,IAAI,iBAAiB,EAAE,CAAC;wBAC7B,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,iDAAiD;wBAC3E,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;oBACzC,CAAC;yBAAM,CAAC;wBACN,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,yBAAyB;wBACnD,MAAM,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;oBACzC,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;QACD,IAAI,CAAC,GAAG,IAAI,GAAG;YAAE,kBAAkB,CAAC,MAAM,CAAC,CAAC;QAC5C,OAAO,MAAM,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC,CAAC;AA3CW,QAAA,OAAO,WA2ClB;AAOF;;;GAGG;AACH,SAAgB,GAAG,CAAI,KAAmB,EAAE,IAAwB;IAClE,MAAM,OAAO,GAAG,CACd,CAAS,EACT,KAAyB,EACzB,QAAQ,GAAG,KAAK,EAChB,SAAS,GAAG,KAAK,EAC4B,EAAE;QAC/C,IAAI,QAAQ,IAAI,SAAS,EAAE,CAAC;YAC1B,2DAA2D;YAC3D,OAAO,CAAC,MAAM,EAAE,EAAE,CAChB,IAAA,eAAO,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,CAAC;QACpF,CAAC;QACD,IAAI,QAAQ;YAAE,OAAO,IAAA,eAAO,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QACxE,IAAI,SAAS;YAAE,OAAO,IAAA,eAAO,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1E,OAAO,IAAA,eAAO,EAAC,IAAI,EAAE,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,cAAc;IAC1E,CAAC,CAAC;IACF,OAAO;QACL,MAAM,CAA0B,MAAS,EAAE,QAAQ,GAAG,KAAK,EAAE,SAAS,GAAG,KAAK;YAC5E,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;YACxB,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC;YACrF,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,OAAO,OAAO,CAAC,CAAC,EAAE,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAI,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,OAAO,CAA0B,MAAS,EAAE,QAAQ,GAAG,KAAK,EAAE,SAAS,GAAG,KAAK;YAC7E,MAAM,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC;YACxB,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;YACrB,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,EAAE,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC;YACjF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,QAAQ;YACrD,sDAAsD;YACtD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YACpE,2DAA2D;YAC3D,kDAAkD;YAClD,qFAAqF;YACrF,OAAO,GAAG,CAAC;QACb,CAAC;KACF,CAAC;AACJ,CAAC;AA0DD,SAAgB,IAAI,CAClB,KAAgB,EAChB,KAAmB,EACnB,MAA2B,EAC3B,GAAmB,EACnB,MAAe;IAEf,MAAM,CAAC,GAAG,KAAK,CAAC;IAChB,MAAM,OAAO,GACX,MAAM;QACL,CAAC,CAAC,GAAW,EAAE,GAAO,EAAiB,EAAE,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,CAG3E,CAAC;IAEL,MAAM,MAAM,GAAG,CAAC,CAAM,EAAU,EAAE,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAC7E,MAAM,WAAW,GAAG,CAAC,GAAG,GAAQ,EAAU,EAAE;QAC1C,IAAI,CAAC,GAAG,CAAC,MAAM;YAAE,OAAO,CAAC,CAAC;QAC1B,KAAK,MAAM,CAAC,IAAI,GAAG;YAAE,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,CAAC,CAAC;QACnF,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACxB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;YACjC,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;gBAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;QAChG,IAAI,MAAM,KAAK,SAAS,IAAI,CAAC,KAAK,MAAM;YACtC,MAAM,IAAI,KAAK,CAAC,+BAA+B,MAAM,SAAS,CAAC,EAAE,CAAC,CAAC;QACrE,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;IACF,SAAS,cAAc,CAAC,CAAI,EAAE,CAAS,EAAE,GAAG,GAAG,KAAK;QAClD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,KAAK,GAAG,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACxD,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;YAAE,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAM,CAAC;gBAAE,OAAO,CAAC,CAAC;QAClE,OAAO,CAAC,CAAC,CAAC;IACZ,CAAC;IACD,0CAA0C;IAC1C,OAAO;QACL,KAAK;QACL,MAAM,EAAE,OAAO;QACf,MAAM;QACN,MAAM,EAAE,CAAC,CAAI,EAAE,GAAW,EAAK,EAAE;YAC/B,WAAW,CAAC,CAAC,CAAC,CAAC;YACf,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YACjC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,MAAM,EAAE,CAAC,CAAI,EAAU,EAAE;YACvB,WAAW,CAAC,CAAC,CAAC,CAAC;YACf,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;gBAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAAE,OAAO,CAAC,CAAC;YACnE,OAAO,CAAC,CAAC,CAAC;QACZ,CAAC;QACD,GAAG,EAAE,CAAC,CAAI,EAAE,CAAI,EAAK,EAAE;YACrB,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,GAAG,EAAE,CAAC,CAAI,EAAE,CAAI,EAAK,EAAE;YACrB,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,GAAG,EAAE,CAAC,CAAI,EAAE,CAAI,EAAK,EAAE;YACrB,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YAC9B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,GAAG,EAAE,CAAC,CAAI,EAAE,CAAQ,EAAK,EAAE;YACzB,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC;gBACd,MAAM,GAAG,GAAG,WAAW,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC9B,IAAI,GAAG,EAAE,CAAC;oBACR,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;oBACrC,MAAM,CAAC,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;oBACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;wBAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;oBAC5D,OAAO,GAAG,CAAC,OAAO,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAM,CAAC;gBAC1C,CAAC;qBAAM,CAAC;oBACN,+DAA+D;oBAC/D,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;oBACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC7B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;4BAC7B,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,kBAAkB;4BAC3C,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;wBAC5C,CAAC;oBACH,CAAC;oBACD,OAAO,GAAG,CAAC;gBACb,CAAC;YACH,CAAC;iBAAM,CAAC;gBACN,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;gBACpC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE;oBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;gBAC7D,OAAO,GAAG,CAAC;YACb,CAAC;QACH,CAAC;QACD,QAAQ,CAAC,CAAI,EAAE,CAAI;YACjB,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;YACpD,OAAO,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;QAC5D,CAAC;QACD,KAAK,CAAC,CAAI,EAAE,MAAc;YACxB,MAAM,GAAG,GAAG,OAAO,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;YACpC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,KAAK,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACjD,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;gBAC7B,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC;YAC9B,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,KAAK,EAAE,CAAC,CAAI,EAAK,EAAE;YACjB,WAAW,CAAC,CAAC,CAAC,CAAC;YACf,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC;YAC9B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACjD,OAAO,GAAG,CAAC;QACb,CAAC;QACD,IAAI,EAAE,CAAC,CAAI,EAAE,KAAQ,EAAK,EAAE;YAC1B,WAAW,CAAC,CAAC,CAAC,CAAC;YACf,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC;YACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;gBAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC3E,OAAO,GAAG,CAAC;QACb,CAAC;QACD,QAAQ,EAAE;YACR,KAAK,EAAE,CAAC,CAAI,EAAE,CAAS,EAAK,EAAE;gBAC5B,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACvB,IAAI,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC;gBAChB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,GAAG,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;oBACb,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;gBACtB,CAAC;gBACD,OAAO,GAAG,CAAC;YACb,CAAC;YACD,IAAI,EAAE,CAAC,CAAI,EAAE,CAAI,EAAK,EAAE;gBACtB,WAAW,CAAC,CAAC,CAAC,CAAC;gBACf,yEAAyE;gBACzE,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,KAAK,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,EAAE;oBAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzE,OAAO,GAAG,CAAC;YACb,CAAC;SACF;QACD,QAAQ,EAAE;YACR,KAAK,EAAE,CAAC,CAAI,EAAE,CAAS,EAAE,GAAG,GAAG,KAAK,EAAE,OAAW,EAAK,EAAE;gBACtD,MAAM,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;gBACrB,MAAM,KAAK,GAAG,OAAO,IAAI,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,sBAAsB;gBAC1F,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACvB,4BAA4B;gBAC5B,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC;gBACtC,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;oBACf,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;oBACjB,OAAO,GAAG,CAAC;gBACb,CAAC;gBACD,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC/B,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAM,CAAC,CAAC,CAAC,CAAC,iBAAiB;gBAC3E,MAAM,KAAK,GAAG,OAAO,CAAC,CAAC,CAAC,CAAC;gBACzB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;oBAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,KAAK,CAAC,CAAC,CAAM,CAAC,CAAC;gBAC/D,MAAM,GAAG,GAAG,CAAC,CAAC,WAAW,CAAC,KAAmB,CAAC,CAAC;gBAC/C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;oBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAM,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC5E,OAAO,GAAG,CAAC;YACb,CAAC;YACD,IAAI,CAAC,CAAI,EAAE,CAAI,EAAE,GAAG,GAAG,KAAK;gBAC1B,WAAW,CAAC,CAAC,CAAC,CAAC;gBACf,MAAM,GAAG,GAAG,cAAc,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;gBAC7C,IAAI,GAAG,KAAK,CAAC,CAAC;oBAAE,OAAO,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,YAAY;gBAC3C,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,CAAC,QAAQ;gBAChD,IAAI,GAAG,GAAG,CAAC,CAAC,IAAI,CAAC;gBACjB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;oBAAE,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;wBAAE,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;gBACzF,OAAO,GAAG,CAAC;YACb,CAAC;SACF;QACD,SAAS,CAAC,KAAQ;YAChB,WAAW,CAAC,KAAK,CAAC,CAAC;YACnB,MAAM,GAAG,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC;YAC9C,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC;YACf,KAAK,MAAM,CAAC,IAAI,KAAK,EAAE,CAAC;gBACtB,MAAM,GAAG,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACrB,KAAK,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE;oBAAE,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACxF,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAC9B,CAAC;YACD,OAAO,GAAG,CAAC;QACb,CAAC;KACF,CAAC;AACJ,CAAC"}

package/abstract/hash-to-curve.d.ts

@@ -5,9 +5,9 @@
  * @module
  */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+import type { CHash } from '../utils.ts';
 import type { AffinePoint, Group, GroupConstructor } from './curve.ts';
 import { type IField } from './modular.ts';
-import type { CHash } from './utils.ts';
 export type UnicodeOrBytes = string | Uint8Array;
 /**
  * * `DST` is a domain separation tag, defined in section 2.2.5
@@ -17,14 +17,19 @@ export type UnicodeOrBytes = string | Uint8Array;
  * * `expand` is `xmd` (SHA2, SHA3, BLAKE) or `xof` (SHAKE, BLAKE-XOF)
  * * `hash` conforming to `utils.CHash` interface, with `outputLen` / `blockLen` props
  */
-export type Opts = {
+export type H2COpts = {
     DST: UnicodeOrBytes;
+    expand: 'xmd' | 'xof';
+    hash: CHash;
     p: bigint;
     m: number;
     k: number;
+};
+export type H2CHashOpts = {
     expand: 'xmd' | 'xof';
     hash: CHash;
 };
+export type Opts = H2COpts;
 /**
  * Produces a uniformly random byte string using a cryptographic hash function H that outputs b bits.
  * [RFC 9380 5.3.1](https://www.rfc-editor.org/rfc/rfc9380#section-5.3.1).
@@ -46,7 +51,7 @@ export declare function expand_message_xof(msg: Uint8Array, DST: Uint8Array, len
  * @param options `{DST: string, p: bigint, m: number, k: number, expand: 'xmd' | 'xof', hash: H}`, see above
  * @returns [u_0, ..., u_(count - 1)], a list of field elements.
  */
-export declare function hash_to_field(msg: Uint8Array, count: number, options: Opts): bigint[][];
+export declare function hash_to_field(msg: Uint8Array, count: number, options: H2COpts): bigint[][];
 export type XY<T> = (x: T, y: T) => {
     x: T;
     y: T;
@@ -67,18 +72,27 @@ export type MapToCurve<T> = (scalar: bigint[]) => AffinePoint<T>;
 export type htfBasicOpts = {
     DST: UnicodeOrBytes;
 };
-export type HTFMethod<T> = (msg: Uint8Array, options?: htfBasicOpts) => H2CPoint<T>;
+export type H2CMethod<T> = (msg: Uint8Array, options?: htfBasicOpts) => H2CPoint<T>;
+export type HTFMethod<T> = H2CMethod<T>;
 export type MapMethod<T> = (scalars: bigint[]) => H2CPoint<T>;
-export type Hasher<T> = {
-    hashToCurve: HTFMethod<T>;
-    encodeToCurve: HTFMethod<T>;
+/**
+ * RFC 9380 methods, with cofactor clearing. See https://www.rfc-editor.org/rfc/rfc9380#section-3.
+ *
+ * * hashToCurve: `map(hash(input))`, encodes RANDOM bytes to curve (WITH hashing)
+ * * encodeToCurve: `map(hash(input))`, encodes NON-UNIFORM bytes to curve (WITH hashing)
+ * * mapToCurve: `map(scalars)`, encodes NON-UNIFORM scalars to curve (NO hashing)
+ */
+export type H2CHasher<T> = {
+    hashToCurve: H2CMethod<T>;
+    encodeToCurve: H2CMethod<T>;
     mapToCurve: MapMethod<T>;
-    defaults: Opts & {
+    defaults: H2COpts & {
         encodeDST?: UnicodeOrBytes;
     };
 };
-/** Creates hash-to-curve methods from EC Point and mapToCurve function. */
-export declare function createHasher<T>(Point: H2CPointConstructor<T>, mapToCurve: MapToCurve<T>, defaults: Opts & {
+export type Hasher<T> = H2CHasher<T>;
+/** Creates hash-to-curve methods from EC Point and mapToCurve function. See {@link H2CHasher}. */
+export declare function createHasher<T>(Point: H2CPointConstructor<T>, mapToCurve: MapToCurve<T>, defaults: H2COpts & {
     encodeDST?: UnicodeOrBytes;
-}): Hasher<T>;
+}): H2CHasher<T>;
 //# sourceMappingURL=hash-to-curve.d.ts.map

package/abstract/hash-to-curve.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hash-to-curve.d.ts","sourceRoot":"","sources":["../src/abstract/hash-to-curve.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,sEAAsE;AACtE,OAAO,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACvE,OAAO,EAAiB,KAAK,MAAM,EAAO,MAAM,cAAc,CAAC;AAC/D,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,YAAY,CAAC;AAGxC,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,CAAC;AAEjD;;;;;;;GAOG;AACH,MAAM,MAAM,IAAI,GAAG;IACjB,GAAG,EAAE,cAAc,CAAC;IACpB,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,MAAM,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,KAAK,CAAC;CACb,CAAC;AA8BF;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,EACf,UAAU,EAAE,MAAM,EAClB,CAAC,EAAE,KAAK,GACP,UAAU,CAqBZ;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,EACf,UAAU,EAAE,MAAM,EAClB,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,KAAK,GACP,UAAU,CAqBZ;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,GAAG,MAAM,EAAE,EAAE,CAqCvF;AAED,MAAM,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK;IAAE,CAAC,EAAE,CAAC,CAAC;IAAC,CAAC,EAAE,CAAC,CAAA;CAAE,CAAC;AACnD,MAAM,MAAM,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;AAC9C,wBAAgB,UAAU,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAgBnF;AAED,sFAAsF;AACtF,MAAM,WAAW,QAAQ,CAAC,CAAC,CAAE,SAAQ,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IACtC,aAAa,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC7B,cAAc,IAAI,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB,CAAC,CAAC,CAAE,SAAQ,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC3E,UAAU,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;CAC7C;AAED,MAAM,MAAM,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC;AAIjE,MAAM,MAAM,YAAY,GAAG;IAAE,GAAG,EAAE,cAAc,CAAA;CAAE,CAAC;AACnD,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;AACpF,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;AAC9D,MAAM,MAAM,MAAM,CAAC,CAAC,IAAI;IACtB,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1B,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACzB,QAAQ,EAAE,IAAI,GAAG;QAAE,SAAS,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC;CACjD,CAAC;AAEF,2EAA2E;AAC3E,wBAAgB,YAAY,CAAC,CAAC,EAC5B,KAAK,EAAE,mBAAmB,CAAC,CAAC,CAAC,EAC7B,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,EACzB,QAAQ,EAAE,IAAI,GAAG;IAAE,SAAS,CAAC,EAAE,cAAc,CAAA;CAAE,GAC9C,MAAM,CAAC,CAAC,CAAC,CAuCX"}
+{"version":3,"file":"hash-to-curve.d.ts","sourceRoot":"","sources":["../src/abstract/hash-to-curve.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,sEAAsE;AACtE,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AAUzC,OAAO,KAAK,EAAE,WAAW,EAAE,KAAK,EAAE,gBAAgB,EAAE,MAAM,YAAY,CAAC;AACvE,OAAO,EAAiB,KAAK,MAAM,EAAO,MAAM,cAAc,CAAC;AAE/D,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,CAAC;AAEjD;;;;;;;GAOG;AACH,MAAM,MAAM,OAAO,GAAG;IACpB,GAAG,EAAE,cAAc,CAAC;IACpB,MAAM,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,KAAK,CAAC;IACZ,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;IACV,CAAC,EAAE,MAAM,CAAC;CACX,CAAC;AACF,MAAM,MAAM,WAAW,GAAG;IACxB,MAAM,EAAE,KAAK,GAAG,KAAK,CAAC;IACtB,IAAI,EAAE,KAAK,CAAC;CACb,CAAC;AAEF,MAAM,MAAM,IAAI,GAAG,OAAO,CAAC;AA8B3B;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,EACf,UAAU,EAAE,MAAM,EAClB,CAAC,EAAE,KAAK,GACP,UAAU,CAqBZ;AAED;;;;;;GAMG;AACH,wBAAgB,kBAAkB,CAChC,GAAG,EAAE,UAAU,EACf,GAAG,EAAE,UAAU,EACf,UAAU,EAAE,MAAM,EAClB,CAAC,EAAE,MAAM,EACT,CAAC,EAAE,KAAK,GACP,UAAU,CAqBZ;AAED;;;;;;;GAOG;AACH,wBAAgB,aAAa,CAAC,GAAG,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,MAAM,EAAE,EAAE,CAuC1F;AAED,MAAM,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,KAAK;IAAE,CAAC,EAAE,CAAC,CAAC;IAAC,CAAC,EAAE,CAAC,CAAA;CAAE,CAAC;AACnD,MAAM,MAAM,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;AAC9C,wBAAgB,UAAU,CAAC,CAAC,EAAE,CAAC,SAAS,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,GAAG,EAAE,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAgBnF;AAED,sFAAsF;AACtF,MAAM,WAAW,QAAQ,CAAC,CAAC,CAAE,SAAQ,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IACrD,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACnC,QAAQ,CAAC,EAAE,CAAC,EAAE,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;IACtC,aAAa,IAAI,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC7B,cAAc,IAAI,IAAI,CAAC;CACxB;AAED,MAAM,WAAW,mBAAmB,CAAC,CAAC,CAAE,SAAQ,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC3E,UAAU,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC,CAAC,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;CAC7C;AAED,MAAM,MAAM,UAAU,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,KAAK,WAAW,CAAC,CAAC,CAAC,CAAC;AAIjE,MAAM,MAAM,YAAY,GAAG;IAAE,GAAG,EAAE,cAAc,CAAA;CAAE,CAAC;AACnD,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;AAEpF,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC;AACxC,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;AAC9D;;;;;;GAMG;AACH,MAAM,MAAM,SAAS,CAAC,CAAC,IAAI;IACzB,WAAW,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IAC1B,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IAC5B,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC,CAAC;IACzB,QAAQ,EAAE,OAAO,GAAG;QAAE,SAAS,CAAC,EAAE,cAAc,CAAA;KAAE,CAAC;CACpD,CAAC;AAEF,MAAM,MAAM,MAAM,CAAC,CAAC,IAAI,SAAS,CAAC,CAAC,CAAC,CAAC;AAErC,kGAAkG;AAClG,wBAAgB,YAAY,CAAC,CAAC,EAC5B,KAAK,EAAE,mBAAmB,CAAC,CAAC,CAAC,EAC7B,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC,EACzB,QAAQ,EAAE,OAAO,GAAG;IAAE,SAAS,CAAC,EAAE,cAAc,CAAA;CAAE,GACjD,SAAS,CAAC,CAAC,CAAC,CAoCd"}

package/abstract/hash-to-curve.js

@@ -5,8 +5,8 @@ exports.expand_message_xof = expand_message_xof;
 exports.hash_to_field = hash_to_field;
 exports.isogenyMap = isogenyMap;
 exports.createHasher = createHasher;
+const utils_ts_1 = require("../utils.js");
 const modular_ts_1 = require("./modular.js");
-const utils_ts_1 = require("./utils.js");
 // Octet Stream to Integer. "spec" implementation of os2ip is 2.5x slower vs bytesToNumberBE.
 const os2ip = utils_ts_1.bytesToNumberBE;
 // Integer to Octet Stream (numberToBytesBE)
@@ -97,14 +97,17 @@ function expand_message_xof(msg, DST, lenInBytes, k, H) {
  * @returns [u_0, ..., u_(count - 1)], a list of field elements.
  */
 function hash_to_field(msg, count, options) {
-    (0, utils_ts_1.validateObject)(options, {
-        DST: 'stringOrUint8Array',
+    (0, utils_ts_1._validateObject)(options, {
         p: 'bigint',
-        m: 'isSafeInteger',
-        k: 'isSafeInteger',
-        hash: 'hash',
+        m: 'number',
+        k: 'number',
+        hash: 'function',
     });
     const { p, k, m, hash, expand, DST: _DST } = options;
+    if (!(0, utils_ts_1.isBytes)(_DST) && typeof _DST !== 'string')
+        throw new Error('DST must be string or uint8array');
+    if (!(0, utils_ts_1.isHash)(options.hash))
+        throw new Error('expected valid hash');
     (0, utils_ts_1.abytes)(msg);
     anum(count);
     const DST = typeof _DST === 'string' ? (0, utils_ts_1.utf8ToBytes)(_DST) : _DST;
@@ -152,7 +155,7 @@ function isogenyMap(field, map) {
         return { x, y };
     };
 }
-/** Creates hash-to-curve methods from EC Point and mapToCurve function. */
+/** Creates hash-to-curve methods from EC Point and mapToCurve function. See {@link H2CHasher}. */
 function createHasher(Point, mapToCurve, defaults) {
     if (typeof mapToCurve !== 'function')
         throw new Error('mapToCurve() must be defined');
@@ -168,21 +171,21 @@ function createHasher(Point, mapToCurve, defaults) {
     }
     return {
         defaults,
-        // Encodes byte string to elliptic curve.
-        // hash_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
         hashToCurve(msg, options) {
-            const u = hash_to_field(msg, 2, { ...defaults, DST: defaults.DST, ...options });
+            const dst = defaults.DST ? defaults.DST : {};
+            const opts = Object.assign({}, defaults, dst, options);
+            const u = hash_to_field(msg, 2, opts);
             const u0 = map(u[0]);
             const u1 = map(u[1]);
             return clear(u0.add(u1));
         },
-        // Encodes byte string to elliptic curve.
-        // encode_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
         encodeToCurve(msg, options) {
-            const u = hash_to_field(msg, 1, { ...defaults, DST: defaults.encodeDST, ...options });
+            const dst = defaults.encodeDST ? defaults.encodeDST : {};
+            const opts = Object.assign({}, defaults, dst, options);
+            const u = hash_to_field(msg, 1, opts);
             return clear(map(u[0]));
         },
-        // Same as encodeToCurve, but without hash
+        /** See {@link H2CHasher} */
         mapToCurve(scalars) {
             if (!Array.isArray(scalars))
                 throw new Error('expected array of bigints');