@noble/curves 1.9.5 → 2.0.0-beta.1

package/esm/abstract/modular.js

@@ -1,530 +0,0 @@
-/**
- * Utils for modular division and fields.
- * Field over 11 is a finite (Galois) field is integer number operations `mod 11`.
- * There is no division: it is replaced by modular multiplicative inverse.
- * @module
- */
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-import { _validateObject, anumber, bitMask, bytesToNumberBE, bytesToNumberLE, ensureBytes, numberToBytesBE, numberToBytesLE, } from "../utils.js";
-// prettier-ignore
-const _0n = BigInt(0), _1n = BigInt(1), _2n = /* @__PURE__ */ BigInt(2), _3n = /* @__PURE__ */ BigInt(3);
-// prettier-ignore
-const _4n = /* @__PURE__ */ BigInt(4), _5n = /* @__PURE__ */ BigInt(5), _7n = /* @__PURE__ */ BigInt(7);
-// prettier-ignore
-const _8n = /* @__PURE__ */ BigInt(8), _9n = /* @__PURE__ */ BigInt(9), _16n = /* @__PURE__ */ BigInt(16);
-// Calculates a modulo b
-export function mod(a, b) {
-    const result = a % b;
-    return result >= _0n ? result : b + result;
-}
-/**
- * Efficiently raise num to power and do modular division.
- * Unsafe in some contexts: uses ladder, so can expose bigint bits.
- * @example
- * pow(2n, 6n, 11n) // 64n % 11n == 9n
- */
-export function pow(num, power, modulo) {
-    return FpPow(Field(modulo), num, power);
-}
-/** Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` */
-export function pow2(x, power, modulo) {
-    let res = x;
-    while (power-- > _0n) {
-        res *= res;
-        res %= modulo;
-    }
-    return res;
-}
-/**
- * Inverses number over modulo.
- * Implemented using [Euclidean GCD](https://brilliant.org/wiki/extended-euclidean-algorithm/).
- */
-export function invert(number, modulo) {
-    if (number === _0n)
-        throw new Error('invert: expected non-zero number');
-    if (modulo <= _0n)
-        throw new Error('invert: expected positive modulus, got ' + modulo);
-    // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower.
-    let a = mod(number, modulo);
-    let b = modulo;
-    // prettier-ignore
-    let x = _0n, y = _1n, u = _1n, v = _0n;
-    while (a !== _0n) {
-        // JIT applies optimization if those two lines follow each other
-        const q = b / a;
-        const r = b % a;
-        const m = x - u * q;
-        const n = y - v * q;
-        // prettier-ignore
-        b = a, a = r, x = u, y = v, u = m, v = n;
-    }
-    const gcd = b;
-    if (gcd !== _1n)
-        throw new Error('invert: does not exist');
-    return mod(x, modulo);
-}
-function assertIsSquare(Fp, root, n) {
-    if (!Fp.eql(Fp.sqr(root), n))
-        throw new Error('Cannot find square root');
-}
-// Not all roots are possible! Example which will throw:
-// const NUM =
-// n = 72057594037927816n;
-// Fp = Field(BigInt('0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab'));
-function sqrt3mod4(Fp, n) {
-    const p1div4 = (Fp.ORDER + _1n) / _4n;
-    const root = Fp.pow(n, p1div4);
-    assertIsSquare(Fp, root, n);
-    return root;
-}
-function sqrt5mod8(Fp, n) {
-    const p5div8 = (Fp.ORDER - _5n) / _8n;
-    const n2 = Fp.mul(n, _2n);
-    const v = Fp.pow(n2, p5div8);
-    const nv = Fp.mul(n, v);
-    const i = Fp.mul(Fp.mul(nv, _2n), v);
-    const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
-    assertIsSquare(Fp, root, n);
-    return root;
-}
-// Based on RFC9380, Kong algorithm
-// prettier-ignore
-function sqrt9mod16(P) {
-    const Fp_ = Field(P);
-    const tn = tonelliShanks(P);
-    const c1 = tn(Fp_, Fp_.neg(Fp_.ONE)); //  1. c1 = sqrt(-1) in F, i.e., (c1^2) == -1 in F
-    const c2 = tn(Fp_, c1); //  2. c2 = sqrt(c1) in F, i.e., (c2^2) == c1 in F
-    const c3 = tn(Fp_, Fp_.neg(c1)); //  3. c3 = sqrt(-c1) in F, i.e., (c3^2) == -c1 in F
-    const c4 = (P + _7n) / _16n; //  4. c4 = (q + 7) / 16        # Integer arithmetic
-    return (Fp, n) => {
-        let tv1 = Fp.pow(n, c4); //  1. tv1 = x^c4
-        let tv2 = Fp.mul(tv1, c1); //  2. tv2 = c1 * tv1
-        const tv3 = Fp.mul(tv1, c2); //  3. tv3 = c2 * tv1
-        const tv4 = Fp.mul(tv1, c3); //  4. tv4 = c3 * tv1
-        const e1 = Fp.eql(Fp.sqr(tv2), n); //  5.  e1 = (tv2^2) == x
-        const e2 = Fp.eql(Fp.sqr(tv3), n); //  6.  e2 = (tv3^2) == x
-        tv1 = Fp.cmov(tv1, tv2, e1); //  7. tv1 = CMOV(tv1, tv2, e1)  # Select tv2 if (tv2^2) == x
-        tv2 = Fp.cmov(tv4, tv3, e2); //  8. tv2 = CMOV(tv4, tv3, e2)  # Select tv3 if (tv3^2) == x
-        const e3 = Fp.eql(Fp.sqr(tv2), n); //  9.  e3 = (tv2^2) == x
-        const root = Fp.cmov(tv1, tv2, e3); // 10.  z = CMOV(tv1, tv2, e3)   # Select sqrt from tv1 & tv2
-        assertIsSquare(Fp, root, n);
-        return root;
-    };
-}
-/**
- * Tonelli-Shanks square root search algorithm.
- * 1. https://eprint.iacr.org/2012/685.pdf (page 12)
- * 2. Square Roots from 1; 24, 51, 10 to Dan Shanks
- * @param P field order
- * @returns function that takes field Fp (created from P) and number n
- */
-export function tonelliShanks(P) {
-    // Initialization (precomputation).
-    // Caching initialization could boost perf by 7%.
-    if (P < _3n)
-        throw new Error('sqrt is not defined for small field');
-    // Factor P - 1 = Q * 2^S, where Q is odd
-    let Q = P - _1n;
-    let S = 0;
-    while (Q % _2n === _0n) {
-        Q /= _2n;
-        S++;
-    }
-    // Find the first quadratic non-residue Z >= 2
-    let Z = _2n;
-    const _Fp = Field(P);
-    while (FpLegendre(_Fp, Z) === 1) {
-        // Basic primality test for P. After x iterations, chance of
-        // not finding quadratic non-residue is 2^x, so 2^1000.
-        if (Z++ > 1000)
-            throw new Error('Cannot find square root: probably non-prime P');
-    }
-    // Fast-path; usually done before Z, but we do "primality test".
-    if (S === 1)
-        return sqrt3mod4;
-    // Slow-path
-    // TODO: test on Fp2 and others
-    let cc = _Fp.pow(Z, Q); // c = z^Q
-    const Q1div2 = (Q + _1n) / _2n;
-    return function tonelliSlow(Fp, n) {
-        if (Fp.is0(n))
-            return n;
-        // Check if n is a quadratic residue using Legendre symbol
-        if (FpLegendre(Fp, n) !== 1)
-            throw new Error('Cannot find square root');
-        // Initialize variables for the main loop
-        let M = S;
-        let c = Fp.mul(Fp.ONE, cc); // c = z^Q, move cc from field _Fp into field Fp
-        let t = Fp.pow(n, Q); // t = n^Q, first guess at the fudge factor
-        let R = Fp.pow(n, Q1div2); // R = n^((Q+1)/2), first guess at the square root
-        // Main loop
-        // while t != 1
-        while (!Fp.eql(t, Fp.ONE)) {
-            if (Fp.is0(t))
-                return Fp.ZERO; // if t=0 return R=0
-            let i = 1;
-            // Find the smallest i >= 1 such that t^(2^i) ≡ 1 (mod P)
-            let t_tmp = Fp.sqr(t); // t^(2^1)
-            while (!Fp.eql(t_tmp, Fp.ONE)) {
-                i++;
-                t_tmp = Fp.sqr(t_tmp); // t^(2^2)...
-                if (i === M)
-                    throw new Error('Cannot find square root');
-            }
-            // Calculate the exponent for b: 2^(M - i - 1)
-            const exponent = _1n << BigInt(M - i - 1); // bigint is important
-            const b = Fp.pow(c, exponent); // b = 2^(M - i - 1)
-            // Update variables
-            M = i;
-            c = Fp.sqr(b); // c = b^2
-            t = Fp.mul(t, c); // t = (t * b^2)
-            R = Fp.mul(R, b); // R = R*b
-        }
-        return R;
-    };
-}
-/**
- * Square root for a finite field. Will try optimized versions first:
- *
- * 1. P ≡ 3 (mod 4)
- * 2. P ≡ 5 (mod 8)
- * 3. P ≡ 9 (mod 16)
- * 4. Tonelli-Shanks algorithm
- *
- * Different algorithms can give different roots, it is up to user to decide which one they want.
- * For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).
- */
-export function FpSqrt(P) {
-    // P ≡ 3 (mod 4) => √n = n^((P+1)/4)
-    if (P % _4n === _3n)
-        return sqrt3mod4;
-    // P ≡ 5 (mod 8) => Atkin algorithm, page 10 of https://eprint.iacr.org/2012/685.pdf
-    if (P % _8n === _5n)
-        return sqrt5mod8;
-    // P ≡ 9 (mod 16) => Kong algorithm, page 11 of https://eprint.iacr.org/2012/685.pdf (algorithm 4)
-    if (P % _16n === _9n)
-        return sqrt9mod16(P);
-    // Tonelli-Shanks algorithm
-    return tonelliShanks(P);
-}
-// Little-endian check for first LE bit (last BE bit);
-export const isNegativeLE = (num, modulo) => (mod(num, modulo) & _1n) === _1n;
-// prettier-ignore
-const FIELD_FIELDS = [
-    'create', 'isValid', 'is0', 'neg', 'inv', 'sqrt', 'sqr',
-    'eql', 'add', 'sub', 'mul', 'pow', 'div',
-    'addN', 'subN', 'mulN', 'sqrN'
-];
-export function validateField(field) {
-    const initial = {
-        ORDER: 'bigint',
-        MASK: 'bigint',
-        BYTES: 'number',
-        BITS: 'number',
-    };
-    const opts = FIELD_FIELDS.reduce((map, val) => {
-        map[val] = 'function';
-        return map;
-    }, initial);
-    _validateObject(field, opts);
-    // const max = 16384;
-    // if (field.BYTES < 1 || field.BYTES > max) throw new Error('invalid field');
-    // if (field.BITS < 1 || field.BITS > 8 * max) throw new Error('invalid field');
-    return field;
-}
-// Generic field functions
-/**
- * Same as `pow` but for Fp: non-constant-time.
- * Unsafe in some contexts: uses ladder, so can expose bigint bits.
- */
-export function FpPow(Fp, num, power) {
-    if (power < _0n)
-        throw new Error('invalid exponent, negatives unsupported');
-    if (power === _0n)
-        return Fp.ONE;
-    if (power === _1n)
-        return num;
-    let p = Fp.ONE;
-    let d = num;
-    while (power > _0n) {
-        if (power & _1n)
-            p = Fp.mul(p, d);
-        d = Fp.sqr(d);
-        power >>= _1n;
-    }
-    return p;
-}
-/**
- * Efficiently invert an array of Field elements.
- * Exception-free. Will return `undefined` for 0 elements.
- * @param passZero map 0 to 0 (instead of undefined)
- */
-export function FpInvertBatch(Fp, nums, passZero = false) {
-    const inverted = new Array(nums.length).fill(passZero ? Fp.ZERO : undefined);
-    // Walk from first to last, multiply them by each other MOD p
-    const multipliedAcc = nums.reduce((acc, num, i) => {
-        if (Fp.is0(num))
-            return acc;
-        inverted[i] = acc;
-        return Fp.mul(acc, num);
-    }, Fp.ONE);
-    // Invert last element
-    const invertedAcc = Fp.inv(multipliedAcc);
-    // Walk from last to first, multiply them by inverted each other MOD p
-    nums.reduceRight((acc, num, i) => {
-        if (Fp.is0(num))
-            return acc;
-        inverted[i] = Fp.mul(acc, inverted[i]);
-        return Fp.mul(acc, num);
-    }, invertedAcc);
-    return inverted;
-}
-// TODO: remove
-export function FpDiv(Fp, lhs, rhs) {
-    return Fp.mul(lhs, typeof rhs === 'bigint' ? invert(rhs, Fp.ORDER) : Fp.inv(rhs));
-}
-/**
- * Legendre symbol.
- * Legendre constant is used to calculate Legendre symbol (a | p)
- * which denotes the value of a^((p-1)/2) (mod p).
- *
- * * (a | p) ≡ 1    if a is a square (mod p), quadratic residue
- * * (a | p) ≡ -1   if a is not a square (mod p), quadratic non residue
- * * (a | p) ≡ 0    if a ≡ 0 (mod p)
- */
-export function FpLegendre(Fp, n) {
-    // We can use 3rd argument as optional cache of this value
-    // but seems unneeded for now. The operation is very fast.
-    const p1mod2 = (Fp.ORDER - _1n) / _2n;
-    const powered = Fp.pow(n, p1mod2);
-    const yes = Fp.eql(powered, Fp.ONE);
-    const zero = Fp.eql(powered, Fp.ZERO);
-    const no = Fp.eql(powered, Fp.neg(Fp.ONE));
-    if (!yes && !zero && !no)
-        throw new Error('invalid Legendre symbol result');
-    return yes ? 1 : zero ? 0 : -1;
-}
-// This function returns True whenever the value x is a square in the field F.
-export function FpIsSquare(Fp, n) {
-    const l = FpLegendre(Fp, n);
-    return l === 1;
-}
-// CURVE.n lengths
-export function nLength(n, nBitLength) {
-    // Bit size, byte size of CURVE.n
-    if (nBitLength !== undefined)
-        anumber(nBitLength);
-    const _nBitLength = nBitLength !== undefined ? nBitLength : n.toString(2).length;
-    const nByteLength = Math.ceil(_nBitLength / 8);
-    return { nBitLength: _nBitLength, nByteLength };
-}
-/**
- * Creates a finite field. Major performance optimizations:
- * * 1. Denormalized operations like mulN instead of mul.
- * * 2. Identical object shape: never add or remove keys.
- * * 3. `Object.freeze`.
- * Fragile: always run a benchmark on a change.
- * Security note: operations don't check 'isValid' for all elements for performance reasons,
- * it is caller responsibility to check this.
- * This is low-level code, please make sure you know what you're doing.
- *
- * Note about field properties:
- * * CHARACTERISTIC p = prime number, number of elements in main subgroup.
- * * ORDER q = similar to cofactor in curves, may be composite `q = p^m`.
- *
- * @param ORDER field order, probably prime, or could be composite
- * @param bitLen how many bits the field consumes
- * @param isLE (default: false) if encoding / decoding should be in little-endian
- * @param redef optional faster redefinitions of sqrt and other methods
- */
-export function Field(ORDER, bitLenOrOpts, // TODO: use opts only in v2?
-isLE = false, opts = {}) {
-    if (ORDER <= _0n)
-        throw new Error('invalid field: expected ORDER > 0, got ' + ORDER);
-    let _nbitLength = undefined;
-    let _sqrt = undefined;
-    let modFromBytes = false;
-    let allowedLengths = undefined;
-    if (typeof bitLenOrOpts === 'object' && bitLenOrOpts != null) {
-        if (opts.sqrt || isLE)
-            throw new Error('cannot specify opts in two arguments');
-        const _opts = bitLenOrOpts;
-        if (_opts.BITS)
-            _nbitLength = _opts.BITS;
-        if (_opts.sqrt)
-            _sqrt = _opts.sqrt;
-        if (typeof _opts.isLE === 'boolean')
-            isLE = _opts.isLE;
-        if (typeof _opts.modFromBytes === 'boolean')
-            modFromBytes = _opts.modFromBytes;
-        allowedLengths = _opts.allowedLengths;
-    }
-    else {
-        if (typeof bitLenOrOpts === 'number')
-            _nbitLength = bitLenOrOpts;
-        if (opts.sqrt)
-            _sqrt = opts.sqrt;
-    }
-    const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, _nbitLength);
-    if (BYTES > 2048)
-        throw new Error('invalid field: expected ORDER of <= 2048 bytes');
-    let sqrtP; // cached sqrtP
-    const f = Object.freeze({
-        ORDER,
-        isLE,
-        BITS,
-        BYTES,
-        MASK: bitMask(BITS),
-        ZERO: _0n,
-        ONE: _1n,
-        allowedLengths: allowedLengths,
-        create: (num) => mod(num, ORDER),
-        isValid: (num) => {
-            if (typeof num !== 'bigint')
-                throw new Error('invalid field element: expected bigint, got ' + typeof num);
-            return _0n <= num && num < ORDER; // 0 is valid element, but it's not invertible
-        },
-        is0: (num) => num === _0n,
-        // is valid and invertible
-        isValidNot0: (num) => !f.is0(num) && f.isValid(num),
-        isOdd: (num) => (num & _1n) === _1n,
-        neg: (num) => mod(-num, ORDER),
-        eql: (lhs, rhs) => lhs === rhs,
-        sqr: (num) => mod(num * num, ORDER),
-        add: (lhs, rhs) => mod(lhs + rhs, ORDER),
-        sub: (lhs, rhs) => mod(lhs - rhs, ORDER),
-        mul: (lhs, rhs) => mod(lhs * rhs, ORDER),
-        pow: (num, power) => FpPow(f, num, power),
-        div: (lhs, rhs) => mod(lhs * invert(rhs, ORDER), ORDER),
-        // Same as above, but doesn't normalize
-        sqrN: (num) => num * num,
-        addN: (lhs, rhs) => lhs + rhs,
-        subN: (lhs, rhs) => lhs - rhs,
-        mulN: (lhs, rhs) => lhs * rhs,
-        inv: (num) => invert(num, ORDER),
-        sqrt: _sqrt ||
-            ((n) => {
-                if (!sqrtP)
-                    sqrtP = FpSqrt(ORDER);
-                return sqrtP(f, n);
-            }),
-        toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),
-        fromBytes: (bytes, skipValidation = true) => {
-            if (allowedLengths) {
-                if (!allowedLengths.includes(bytes.length) || bytes.length > BYTES) {
-                    throw new Error('Field.fromBytes: expected ' + allowedLengths + ' bytes, got ' + bytes.length);
-                }
-                const padded = new Uint8Array(BYTES);
-                // isLE add 0 to right, !isLE to the left.
-                padded.set(bytes, isLE ? 0 : padded.length - bytes.length);
-                bytes = padded;
-            }
-            if (bytes.length !== BYTES)
-                throw new Error('Field.fromBytes: expected ' + BYTES + ' bytes, got ' + bytes.length);
-            let scalar = isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
-            if (modFromBytes)
-                scalar = mod(scalar, ORDER);
-            if (!skipValidation)
-                if (!f.isValid(scalar))
-                    throw new Error('invalid field element: outside of range 0..ORDER');
-            // NOTE: we don't validate scalar here, please use isValid. This done such way because some
-            // protocol may allow non-reduced scalar that reduced later or changed some other way.
-            return scalar;
-        },
-        // TODO: we don't need it here, move out to separate fn
-        invertBatch: (lst) => FpInvertBatch(f, lst),
-        // We can't move this out because Fp6, Fp12 implement it
-        // and it's unclear what to return in there.
-        cmov: (a, b, c) => (c ? b : a),
-    });
-    return Object.freeze(f);
-}
-// Generic random scalar, we can do same for other fields if via Fp2.mul(Fp2.ONE, Fp2.random)?
-// This allows unsafe methods like ignore bias or zero. These unsafe, but often used in different protocols (if deterministic RNG).
-// which mean we cannot force this via opts.
-// Not sure what to do with randomBytes, we can accept it inside opts if wanted.
-// Probably need to export getMinHashLength somewhere?
-// random(bytes?: Uint8Array, unsafeAllowZero = false, unsafeAllowBias = false) {
-//   const LEN = !unsafeAllowBias ? getMinHashLength(ORDER) : BYTES;
-//   if (bytes === undefined) bytes = randomBytes(LEN); // _opts.randomBytes?
-//   const num = isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
-//   // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0
-//   const reduced = unsafeAllowZero ? mod(num, ORDER) : mod(num, ORDER - _1n) + _1n;
-//   return reduced;
-// },
-export function FpSqrtOdd(Fp, elm) {
-    if (!Fp.isOdd)
-        throw new Error("Field doesn't have isOdd");
-    const root = Fp.sqrt(elm);
-    return Fp.isOdd(root) ? root : Fp.neg(root);
-}
-export function FpSqrtEven(Fp, elm) {
-    if (!Fp.isOdd)
-        throw new Error("Field doesn't have isOdd");
-    const root = Fp.sqrt(elm);
-    return Fp.isOdd(root) ? Fp.neg(root) : root;
-}
-/**
- * "Constant-time" private key generation utility.
- * Same as mapKeyToField, but accepts less bytes (40 instead of 48 for 32-byte field).
- * Which makes it slightly more biased, less secure.
- * @deprecated use `mapKeyToField` instead
- */
-export function hashToPrivateScalar(hash, groupOrder, isLE = false) {
-    hash = ensureBytes('privateHash', hash);
-    const hashLen = hash.length;
-    const minLen = nLength(groupOrder).nByteLength + 8;
-    if (minLen < 24 || hashLen < minLen || hashLen > 1024)
-        throw new Error('hashToPrivateScalar: expected ' + minLen + '-1024 bytes of input, got ' + hashLen);
-    const num = isLE ? bytesToNumberLE(hash) : bytesToNumberBE(hash);
-    return mod(num, groupOrder - _1n) + _1n;
-}
-/**
- * Returns total number of bytes consumed by the field element.
- * For example, 32 bytes for usual 256-bit weierstrass curve.
- * @param fieldOrder number of field elements, usually CURVE.n
- * @returns byte length of field
- */
-export function getFieldBytesLength(fieldOrder) {
-    if (typeof fieldOrder !== 'bigint')
-        throw new Error('field order must be bigint');
-    const bitLength = fieldOrder.toString(2).length;
-    return Math.ceil(bitLength / 8);
-}
-/**
- * Returns minimal amount of bytes that can be safely reduced
- * by field order.
- * Should be 2^-128 for 128-bit curve such as P256.
- * @param fieldOrder number of field elements, usually CURVE.n
- * @returns byte length of target hash
- */
-export function getMinHashLength(fieldOrder) {
-    const length = getFieldBytesLength(fieldOrder);
-    return length + Math.ceil(length / 2);
-}
-/**
- * "Constant-time" private key generation utility.
- * Can take (n + n/2) or more bytes of uniform input e.g. from CSPRNG or KDF
- * and convert them into private scalar, with the modulo bias being negligible.
- * Needs at least 48 bytes of input for 32-byte private key.
- * https://research.kudelskisecurity.com/2020/07/28/the-definitive-guide-to-modulo-bias-and-how-to-avoid-it/
- * FIPS 186-5, A.2 https://csrc.nist.gov/publications/detail/fips/186/5/final
- * RFC 9380, https://www.rfc-editor.org/rfc/rfc9380#section-5
- * @param hash hash output from SHA3 or a similar function
- * @param groupOrder size of subgroup - (e.g. secp256k1.CURVE.n)
- * @param isLE interpret hash bytes as LE num
- * @returns valid private scalar
- */
-export function mapHashToField(key, fieldOrder, isLE = false) {
-    const len = key.length;
-    const fieldLen = getFieldBytesLength(fieldOrder);
-    const minLen = getMinHashLength(fieldOrder);
-    // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.
-    if (len < 16 || len < minLen || len > 1024)
-        throw new Error('expected ' + minLen + '-1024 bytes of input, got ' + len);
-    const num = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);
-    // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0
-    const reduced = mod(num, fieldOrder - _1n) + _1n;
-    return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
-}
-//# sourceMappingURL=modular.js.map

package/esm/abstract/modular.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"modular.js","sourceRoot":"","sources":["../../src/abstract/modular.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,sEAAsE;AACtE,OAAO,EACL,eAAe,EACf,OAAO,EACP,OAAO,EACP,eAAe,EACf,eAAe,EACf,WAAW,EACX,eAAe,EACf,eAAe,GAChB,MAAM,aAAa,CAAC;AAErB,kBAAkB;AAClB,MAAM,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACzG,kBAAkB;AAClB,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AACxG,kBAAkB;AAClB,MAAM,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,GAAG,eAAe,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,IAAI,GAAG,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;AAE1G,wBAAwB;AACxB,MAAM,UAAU,GAAG,CAAC,CAAS,EAAE,CAAS;IACtC,MAAM,MAAM,GAAG,CAAC,GAAG,CAAC,CAAC;IACrB,OAAO,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;AAC7C,CAAC;AACD;;;;;GAKG;AACH,MAAM,UAAU,GAAG,CAAC,GAAW,EAAE,KAAa,EAAE,MAAc;IAC5D,OAAO,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;AAC1C,CAAC;AAED,4DAA4D;AAC5D,MAAM,UAAU,IAAI,CAAC,CAAS,EAAE,KAAa,EAAE,MAAc;IAC3D,IAAI,GAAG,GAAG,CAAC,CAAC;IACZ,OAAO,KAAK,EAAE,GAAG,GAAG,EAAE,CAAC;QACrB,GAAG,IAAI,GAAG,CAAC;QACX,GAAG,IAAI,MAAM,CAAC;IAChB,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,MAAM,CAAC,MAAc,EAAE,MAAc;IACnD,IAAI,MAAM,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACxE,IAAI,MAAM,IAAI,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,MAAM,CAAC,CAAC;IACvF,kFAAkF;IAClF,IAAI,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC5B,IAAI,CAAC,GAAG,MAAM,CAAC;IACf,kBAAkB;IAClB,IAAI,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,GAAG,GAAG,CAAC;IACvC,OAAO,CAAC,KAAK,GAAG,EAAE,CAAC;QACjB,gEAAgE;QAChE,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAChB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QACpB,kBAAkB;QAClB,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC;IAC3C,CAAC;IACD,MAAM,GAAG,GAAG,CAAC,CAAC;IACd,IAAI,GAAG,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC3D,OAAO,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;AACxB,CAAC;AAED,SAAS,cAAc,CAAI,EAAa,EAAE,IAAO,EAAE,CAAI;IACrD,IAAI,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;AAC3E,CAAC;AAED,wDAAwD;AACxD,cAAc;AACd,0BAA0B;AAC1B,4HAA4H;AAC5H,SAAS,SAAS,CAAI,EAAa,EAAE,CAAI;IACvC,MAAM,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IACtC,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAC/B,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,SAAS,CAAI,EAAa,EAAE,CAAI;IACvC,MAAM,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IACtC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;IAC1B,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,MAAM,CAAC,CAAC;IAC7B,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACxB,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,IAAI,CAAC;AACd,CAAC;AAED,mCAAmC;AACnC,kBAAkB;AAClB,SAAS,UAAU,CAAC,CAAS;IAC3B,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,MAAM,EAAE,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC5B,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAA,kDAAkD;IACvF,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAc,kDAAkD;IACvF,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAK,oDAAoD;IACzF,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAS,oDAAoD;IACzF,OAAO,CAAI,EAAa,EAAE,CAAI,EAAE,EAAE;QAChC,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAW,iBAAiB;QACpD,IAAI,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAS,qBAAqB;QACxD,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAO,qBAAqB;QACxD,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAO,qBAAqB;QACxD,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,yBAAyB;QAC5D,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,yBAAyB;QAC5D,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAO,6DAA6D;QAChG,GAAG,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAO,6DAA6D;QAChG,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,yBAAyB;QAC5D,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC,CAAA,6DAA6D;QAChG,cAAc,CAAC,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QAC5B,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,aAAa,CAAC,CAAS;IACrC,mCAAmC;IACnC,iDAAiD;IACjD,IAAI,CAAC,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACpE,yCAAyC;IACzC,IAAI,CAAC,GAAG,CAAC,GAAG,GAAG,CAAC;IAChB,IAAI,CAAC,GAAG,CAAC,CAAC;IACV,OAAO,CAAC,GAAG,GAAG,KAAK,GAAG,EAAE,CAAC;QACvB,CAAC,IAAI,GAAG,CAAC;QACT,CAAC,EAAE,CAAC;IACN,CAAC;IAED,8CAA8C;IAC9C,IAAI,CAAC,GAAG,GAAG,CAAC;IACZ,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,OAAO,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;QAChC,4DAA4D;QAC5D,uDAAuD;QACvD,IAAI,CAAC,EAAE,GAAG,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;IACnF,CAAC;IACD,gEAAgE;IAChE,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAC;IAE9B,YAAY;IACZ,+BAA+B;IAC/B,IAAI,EAAE,GAAG,GAAG,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU;IAClC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IAC/B,OAAO,SAAS,WAAW,CAAI,EAAa,EAAE,CAAI;QAChD,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;QACxB,0DAA0D;QAC1D,IAAI,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAExE,yCAAyC;QACzC,IAAI,CAAC,GAAG,CAAC,CAAC;QACV,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,CAAC,gDAAgD;QAC5E,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,2CAA2C;QACjE,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,CAAC,kDAAkD;QAE7E,YAAY;QACZ,eAAe;QACf,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;YAC1B,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;gBAAE,OAAO,EAAE,CAAC,IAAI,CAAC,CAAC,oBAAoB;YACnD,IAAI,CAAC,GAAG,CAAC,CAAC;YAEV,yDAAyD;YACzD,IAAI,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU;YACjC,OAAO,CAAC,EAAE,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC;gBAC9B,CAAC,EAAE,CAAC;gBACJ,KAAK,GAAG,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa;gBACpC,IAAI,CAAC,KAAK,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;YAC1D,CAAC;YAED,8CAA8C;YAC9C,MAAM,QAAQ,GAAG,GAAG,IAAI,MAAM,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,sBAAsB;YACjE,MAAM,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC,oBAAoB;YAEnD,mBAAmB;YACnB,CAAC,GAAG,CAAC,CAAC;YACN,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,UAAU;YACzB,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB;YAClC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,UAAU;QAC9B,CAAC;QACD,OAAO,CAAC,CAAC;IACX,CAAC,CAAC;AACJ,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,MAAM,CAAC,CAAS;IAC9B,oCAAoC;IACpC,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG;QAAE,OAAO,SAAS,CAAC;IACtC,oFAAoF;IACpF,IAAI,CAAC,GAAG,GAAG,KAAK,GAAG;QAAE,OAAO,SAAS,CAAC;IACtC,kGAAkG;IAClG,IAAI,CAAC,GAAG,IAAI,KAAK,GAAG;QAAE,OAAO,UAAU,CAAC,CAAC,CAAC,CAAC;IAC3C,2BAA2B;IAC3B,OAAO,aAAa,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED,sDAAsD;AACtD,MAAM,CAAC,MAAM,YAAY,GAAG,CAAC,GAAW,EAAE,MAAc,EAAW,EAAE,CACnE,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,GAAG,GAAG,CAAC,KAAK,GAAG,CAAC;AA8CnC,kBAAkB;AAClB,MAAM,YAAY,GAAG;IACnB,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK;IACvD,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK;IACxC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM;CACtB,CAAC;AACX,MAAM,UAAU,aAAa,CAAI,KAAgB;IAC/C,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,QAAQ;QACd,KAAK,EAAE,QAAQ;QACf,IAAI,EAAE,QAAQ;KACW,CAAC;IAC5B,MAAM,IAAI,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAW,EAAE,EAAE;QACpD,GAAG,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC;QACtB,OAAO,GAAG,CAAC;IACb,CAAC,EAAE,OAAO,CAAC,CAAC;IACZ,eAAe,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;IAC7B,qBAAqB;IACrB,8EAA8E;IAC9E,gFAAgF;IAChF,OAAO,KAAK,CAAC;AACf,CAAC;AAED,0BAA0B;AAE1B;;;GAGG;AACH,MAAM,UAAU,KAAK,CAAI,EAAa,EAAE,GAAM,EAAE,KAAa;IAC3D,IAAI,KAAK,GAAG,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;IAC5E,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,EAAE,CAAC,GAAG,CAAC;IACjC,IAAI,KAAK,KAAK,GAAG;QAAE,OAAO,GAAG,CAAC;IAC9B,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC;IACf,IAAI,CAAC,GAAG,GAAG,CAAC;IACZ,OAAO,KAAK,GAAG,GAAG,EAAE,CAAC;QACnB,IAAI,KAAK,GAAG,GAAG;YAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACd,KAAK,KAAK,GAAG,CAAC;IAChB,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,aAAa,CAAI,EAAa,EAAE,IAAS,EAAE,QAAQ,GAAG,KAAK;IACzE,MAAM,QAAQ,GAAG,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;IAC7E,6DAA6D;IAC7D,MAAM,aAAa,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;QAChD,IAAI,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;QAC5B,QAAQ,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC;QAClB,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IACX,sBAAsB;IACtB,MAAM,WAAW,GAAG,EAAE,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;IAC1C,sEAAsE;IACtE,IAAI,CAAC,WAAW,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,EAAE;QAC/B,IAAI,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,GAAG,CAAC;QAC5B,QAAQ,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;QACvC,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1B,CAAC,EAAE,WAAW,CAAC,CAAC;IAChB,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED,eAAe;AACf,MAAM,UAAU,KAAK,CAAI,EAAa,EAAE,GAAM,EAAE,GAAe;IAC7D,OAAO,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,CAAC;AACpF,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,UAAU,CAAI,EAAa,EAAE,CAAI;IAC/C,0DAA0D;IAC1D,0DAA0D;IAC1D,MAAM,MAAM,GAAG,CAAC,EAAE,CAAC,KAAK,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IACtC,MAAM,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC;IACpC,MAAM,IAAI,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC;IACtC,MAAM,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3C,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAC5E,OAAO,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;AACjC,CAAC;AAED,8EAA8E;AAC9E,MAAM,UAAU,UAAU,CAAI,EAAa,EAAE,CAAI;IAC/C,MAAM,CAAC,GAAG,UAAU,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAC5B,OAAO,CAAC,KAAK,CAAC,CAAC;AACjB,CAAC;AAGD,kBAAkB;AAClB,MAAM,UAAU,OAAO,CAAC,CAAS,EAAE,UAAmB;IACpD,iCAAiC;IACjC,IAAI,UAAU,KAAK,SAAS;QAAE,OAAO,CAAC,UAAU,CAAC,CAAC;IAClD,MAAM,WAAW,GAAG,UAAU,KAAK,SAAS,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IACjF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;IAC/C,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,CAAC;AAClD,CAAC;AAWD;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,KAAK,CACnB,KAAa,EACb,YAAiC,EAAE,6BAA6B;AAChE,IAAI,GAAG,KAAK,EACZ,OAA0B,EAAE;IAE5B,IAAI,KAAK,IAAI,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,yCAAyC,GAAG,KAAK,CAAC,CAAC;IACrF,IAAI,WAAW,GAAuB,SAAS,CAAC;IAChD,IAAI,KAAK,GAAuB,SAAS,CAAC;IAC1C,IAAI,YAAY,GAAY,KAAK,CAAC;IAClC,IAAI,cAAc,GAAkC,SAAS,CAAC;IAC9D,IAAI,OAAO,YAAY,KAAK,QAAQ,IAAI,YAAY,IAAI,IAAI,EAAE,CAAC;QAC7D,IAAI,IAAI,CAAC,IAAI,IAAI,IAAI;YAAE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC/E,MAAM,KAAK,GAAG,YAAY,CAAC;QAC3B,IAAI,KAAK,CAAC,IAAI;YAAE,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC;QACzC,IAAI,KAAK,CAAC,IAAI;YAAE,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC;QACnC,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,SAAS;YAAE,IAAI,GAAG,KAAK,CAAC,IAAI,CAAC;QACvD,IAAI,OAAO,KAAK,CAAC,YAAY,KAAK,SAAS;YAAE,YAAY,GAAG,KAAK,CAAC,YAAY,CAAC;QAC/E,cAAc,GAAG,KAAK,CAAC,cAAc,CAAC;IACxC,CAAC;SAAM,CAAC;QACN,IAAI,OAAO,YAAY,KAAK,QAAQ;YAAE,WAAW,GAAG,YAAY,CAAC;QACjE,IAAI,IAAI,CAAC,IAAI;YAAE,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC;IACnC,CAAC;IACD,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;IAC7E,IAAI,KAAK,GAAG,IAAI;QAAE,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpF,IAAI,KAAgC,CAAC,CAAC,eAAe;IACrD,MAAM,CAAC,GAAsB,MAAM,CAAC,MAAM,CAAC;QACzC,KAAK;QACL,IAAI;QACJ,IAAI;QACJ,KAAK;QACL,IAAI,EAAE,OAAO,CAAC,IAAI,CAAC;QACnB,IAAI,EAAE,GAAG;QACT,GAAG,EAAE,GAAG;QACR,cAAc,EAAE,cAAc;QAC9B,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC;QAChC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACf,IAAI,OAAO,GAAG,KAAK,QAAQ;gBACzB,MAAM,IAAI,KAAK,CAAC,8CAA8C,GAAG,OAAO,GAAG,CAAC,CAAC;YAC/E,OAAO,GAAG,IAAI,GAAG,IAAI,GAAG,GAAG,KAAK,CAAC,CAAC,8CAA8C;QAClF,CAAC;QACD,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,GAAG;QACzB,0BAA0B;QAC1B,WAAW,EAAE,CAAC,GAAW,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;QAC3D,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,GAAG,GAAG,CAAC,KAAK,GAAG;QACnC,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC;QAC9B,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,KAAK,GAAG;QAE9B,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,KAAK,CAAC;QACnC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,KAAK,CAAC;QACxC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,KAAK,CAAC;QACxC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,GAAG,GAAG,EAAE,KAAK,CAAC;QACxC,GAAG,EAAE,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,EAAE,KAAK,CAAC;QACzC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,GAAG,GAAG,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,KAAK,CAAC;QAEvD,uCAAuC;QACvC,IAAI,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG;QACxB,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG;QAC7B,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG;QAC7B,IAAI,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG,GAAG,GAAG;QAE7B,GAAG,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC;QAChC,IAAI,EACF,KAAK;YACL,CAAC,CAAC,CAAC,EAAE,EAAE;gBACL,IAAI,CAAC,KAAK;oBAAE,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;gBAClC,OAAO,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;YACrB,CAAC,CAAC;QACJ,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACpF,SAAS,EAAE,CAAC,KAAK,EAAE,cAAc,GAAG,IAAI,EAAE,EAAE;YAC1C,IAAI,cAAc,EAAE,CAAC;gBACnB,IAAI,CAAC,cAAc,CAAC,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,MAAM,GAAG,KAAK,EAAE,CAAC;oBACnE,MAAM,IAAI,KAAK,CACb,4BAA4B,GAAG,cAAc,GAAG,cAAc,GAAG,KAAK,CAAC,MAAM,CAC9E,CAAC;gBACJ,CAAC;gBACD,MAAM,MAAM,GAAG,IAAI,UAAU,CAAC,KAAK,CAAC,CAAC;gBACrC,0CAA0C;gBAC1C,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC3D,KAAK,GAAG,MAAM,CAAC;YACjB,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,KAAK,KAAK;gBACxB,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,KAAK,GAAG,cAAc,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC;YACxF,IAAI,MAAM,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;YACpE,IAAI,YAAY;gBAAE,MAAM,GAAG,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC9C,IAAI,CAAC,cAAc;gBACjB,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC;oBAAE,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;YAC9F,2FAA2F;YAC3F,sFAAsF;YACtF,OAAO,MAAM,CAAC;QAChB,CAAC;QACD,uDAAuD;QACvD,WAAW,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,EAAE,GAAG,CAAC;QAC3C,wDAAwD;QACxD,4CAA4C;QAC5C,IAAI,EAAE,CAAC,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;KACpB,CAAC,CAAC;IACd,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;AAC1B,CAAC;AAED,8FAA8F;AAC9F,mIAAmI;AACnI,4CAA4C;AAC5C,gFAAgF;AAChF,sDAAsD;AACtD,iFAAiF;AACjF,oEAAoE;AACpE,6EAA6E;AAC7E,wEAAwE;AACxE,oFAAoF;AACpF,qFAAqF;AACrF,oBAAoB;AACpB,KAAK;AAEL,MAAM,UAAU,SAAS,CAAI,EAAa,EAAE,GAAM;IAChD,IAAI,CAAC,EAAE,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,UAAU,CAAI,EAAa,EAAE,GAAM;IACjD,IAAI,CAAC,EAAE,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC3D,MAAM,IAAI,GAAG,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;AAC9C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CACjC,IAAyB,EACzB,UAAkB,EAClB,IAAI,GAAG,KAAK;IAEZ,IAAI,GAAG,WAAW,CAAC,aAAa,EAAE,IAAI,CAAC,CAAC;IACxC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC,WAAW,GAAG,CAAC,CAAC;IACnD,IAAI,MAAM,GAAG,EAAE,IAAI,OAAO,GAAG,MAAM,IAAI,OAAO,GAAG,IAAI;QACnD,MAAM,IAAI,KAAK,CACb,gCAAgC,GAAG,MAAM,GAAG,4BAA4B,GAAG,OAAO,CACnF,CAAC;IACJ,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC;IACjE,OAAO,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;AAC1C,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAkB;IACpD,IAAI,OAAO,UAAU,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAClF,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;IAChD,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;AAClC,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,UAAkB;IACjD,MAAM,MAAM,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IAC/C,OAAO,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACxC,CAAC;AAED;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,cAAc,CAAC,GAAe,EAAE,UAAkB,EAAE,IAAI,GAAG,KAAK;IAC9E,MAAM,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC;IACvB,MAAM,QAAQ,GAAG,mBAAmB,CAAC,UAAU,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,gBAAgB,CAAC,UAAU,CAAC,CAAC;IAC5C,iGAAiG;IACjG,IAAI,GAAG,GAAG,EAAE,IAAI,GAAG,GAAG,MAAM,IAAI,GAAG,GAAG,IAAI;QACxC,MAAM,IAAI,KAAK,CAAC,WAAW,GAAG,MAAM,GAAG,4BAA4B,GAAG,GAAG,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC;IAC/D,+EAA+E;IAC/E,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,EAAE,UAAU,GAAG,GAAG,CAAC,GAAG,GAAG,CAAC;IACjD,OAAO,IAAI,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACxF,CAAC"}

package/esm/abstract/montgomery.d.ts

@@ -1,30 +0,0 @@
-import type { CurveLengths } from './curve.ts';
-type Hex = string | Uint8Array;
-export type CurveType = {
-    P: bigint;
-    type: 'x25519' | 'x448';
-    adjustScalarBytes: (bytes: Uint8Array) => Uint8Array;
-    powPminus2: (x: bigint) => bigint;
-    randomBytes?: (bytesLength?: number) => Uint8Array;
-};
-export type MontgomeryECDH = {
-    scalarMult: (scalar: Hex, u: Hex) => Uint8Array;
-    scalarMultBase: (scalar: Hex) => Uint8Array;
-    getSharedSecret: (secretKeyA: Hex, publicKeyB: Hex) => Uint8Array;
-    getPublicKey: (secretKey: Hex) => Uint8Array;
-    utils: {
-        randomSecretKey: () => Uint8Array;
-        /** @deprecated use `randomSecretKey` */
-        randomPrivateKey: () => Uint8Array;
-    };
-    GuBytes: Uint8Array;
-    lengths: CurveLengths;
-    keygen: (seed?: Uint8Array) => {
-        secretKey: Uint8Array;
-        publicKey: Uint8Array;
-    };
-};
-export type CurveFn = MontgomeryECDH;
-export declare function montgomery(curveDef: CurveType): MontgomeryECDH;
-export {};
-//# sourceMappingURL=montgomery.d.ts.map

package/esm/abstract/montgomery.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"montgomery.d.ts","sourceRoot":"","sources":["../../src/abstract/montgomery.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAM/C,KAAK,GAAG,GAAG,MAAM,GAAG,UAAU,CAAC;AAE/B,MAAM,MAAM,SAAS,GAAG;IACtB,CAAC,EAAE,MAAM,CAAC;IACV,IAAI,EAAE,QAAQ,GAAG,MAAM,CAAC;IACxB,iBAAiB,EAAE,CAAC,KAAK,EAAE,UAAU,KAAK,UAAU,CAAC;IACrD,UAAU,EAAE,CAAC,CAAC,EAAE,MAAM,KAAK,MAAM,CAAC;IAClC,WAAW,CAAC,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,KAAK,UAAU,CAAC;CACpD,CAAC;AAEF,MAAM,MAAM,cAAc,GAAG;IAC3B,UAAU,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,KAAK,UAAU,CAAC;IAChD,cAAc,EAAE,CAAC,MAAM,EAAE,GAAG,KAAK,UAAU,CAAC;IAC5C,eAAe,EAAE,CAAC,UAAU,EAAE,GAAG,EAAE,UAAU,EAAE,GAAG,KAAK,UAAU,CAAC;IAClE,YAAY,EAAE,CAAC,SAAS,EAAE,GAAG,KAAK,UAAU,CAAC;IAC7C,KAAK,EAAE;QACL,eAAe,EAAE,MAAM,UAAU,CAAC;QAClC,wCAAwC;QACxC,gBAAgB,EAAE,MAAM,UAAU,CAAC;KACpC,CAAC;IACF,OAAO,EAAE,UAAU,CAAC;IACpB,OAAO,EAAE,YAAY,CAAC;IACtB,MAAM,EAAE,CAAC,IAAI,CAAC,EAAE,UAAU,KAAK;QAAE,SAAS,EAAE,UAAU,CAAC;QAAC,SAAS,EAAE,UAAU,CAAA;KAAE,CAAC;CACjF,CAAC;AACF,MAAM,MAAM,OAAO,GAAG,cAAc,CAAC;AAUrC,wBAAgB,UAAU,CAAC,QAAQ,EAAE,SAAS,GAAG,cAAc,CAyI9D"}