@pufferfinance/puffer-sdk 1.23.1 → 1.24.1

package/dist/secp256k1-DGP4Y7VW.js

@@ -0,0 +1,1291 @@
+import { f as xt, g as Tt, j as at, k as st, l as F, H as Jt, m as te, o as ee, q as ne, r as qt, u as re, v as oe, w as ie } from "./constants-BweLzNUt.js";
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const St = /* @__PURE__ */ BigInt(0), Et = /* @__PURE__ */ BigInt(1);
+function lt(e, n) {
+  if (typeof n != "boolean")
+    throw new Error(e + " boolean expected, got " + n);
+}
+function ft(e) {
+  const n = e.toString(16);
+  return n.length & 1 ? "0" + n : n;
+}
+function kt(e) {
+  if (typeof e != "string")
+    throw new Error("hex string expected, got " + typeof e);
+  return e === "" ? St : BigInt("0x" + e);
+}
+function dt(e) {
+  return kt(st(e));
+}
+function jt(e) {
+  return at(e), kt(st(Uint8Array.from(e).reverse()));
+}
+function It(e, n) {
+  return xt(e.toString(16).padStart(n * 2, "0"));
+}
+function Ut(e, n) {
+  return It(e, n).reverse();
+}
+function $(e, n, t) {
+  let r;
+  if (typeof n == "string")
+    try {
+      r = xt(n);
+    } catch (i) {
+      throw new Error(e + " must be hex string or Uint8Array, cause: " + i);
+    }
+  else if (Tt(n))
+    r = Uint8Array.from(n);
+  else
+    throw new Error(e + " must be hex string or Uint8Array");
+  const s = r.length;
+  if (typeof t == "number" && s !== t)
+    throw new Error(e + " of length " + t + " expected, got " + s);
+  return r;
+}
+const mt = (e) => typeof e == "bigint" && St <= e;
+function se(e, n, t) {
+  return mt(e) && mt(n) && mt(t) && n <= e && e < t;
+}
+function fe(e, n, t, r) {
+  if (!se(n, t, r))
+    throw new Error("expected valid " + e + ": " + t + " <= n < " + r + ", got " + n);
+}
+function ce(e) {
+  let n;
+  for (n = 0; e > St; e >>= Et, n += 1)
+    ;
+  return n;
+}
+const ht = (e) => (Et << BigInt(e)) - Et;
+function ae(e, n, t) {
+  if (typeof e != "number" || e < 2)
+    throw new Error("hashLen must be a number");
+  if (typeof n != "number" || n < 2)
+    throw new Error("qByteLen must be a number");
+  if (typeof t != "function")
+    throw new Error("hmacFn must be a function");
+  const r = (S) => new Uint8Array(S), s = (S) => Uint8Array.of(S);
+  let i = r(e), o = r(e), a = 0;
+  const l = () => {
+    i.fill(1), o.fill(0), a = 0;
+  }, g = (...S) => t(o, i, ...S), f = (S = r(0)) => {
+    o = g(s(0), S), i = g(), S.length !== 0 && (o = g(s(1), S), i = g());
+  }, E = () => {
+    if (a++ >= 1e3)
+      throw new Error("drbg: tried 1000 values");
+    let S = 0;
+    const _ = [];
+    for (; S < n; ) {
+      i = g();
+      const N = i.slice();
+      _.push(N), S += i.length;
+    }
+    return F(..._);
+  };
+  return (S, _) => {
+    l(), f(S);
+    let N;
+    for (; !(N = _(E())); )
+      f();
+    return l(), N;
+  };
+}
+function Nt(e, n, t = {}) {
+  if (!e || typeof e != "object")
+    throw new Error("expected valid options object");
+  function r(s, i, o) {
+    const a = e[s];
+    if (o && a === void 0)
+      return;
+    const l = typeof a;
+    if (l !== i || a === null)
+      throw new Error(`param "${s}" is invalid: expected ${i}, got ${l}`);
+  }
+  Object.entries(n).forEach(([s, i]) => r(s, i, !1)), Object.entries(t).forEach(([s, i]) => r(s, i, !0));
+}
+function At(e) {
+  const n = /* @__PURE__ */ new WeakMap();
+  return (t, ...r) => {
+    const s = n.get(t);
+    if (s !== void 0)
+      return s;
+    const i = e(t, ...r);
+    return n.set(t, i), i;
+  };
+}
+class Mt extends Jt {
+  constructor(n, t) {
+    super(), this.finished = !1, this.destroyed = !1, te(n);
+    const r = ee(t);
+    if (this.iHash = n.create(), typeof this.iHash.update != "function")
+      throw new Error("Expected instance of class which extends utils.Hash");
+    this.blockLen = this.iHash.blockLen, this.outputLen = this.iHash.outputLen;
+    const s = this.blockLen, i = new Uint8Array(s);
+    i.set(r.length > s ? n.create().update(r).digest() : r);
+    for (let o = 0; o < i.length; o++)
+      i[o] ^= 54;
+    this.iHash.update(i), this.oHash = n.create();
+    for (let o = 0; o < i.length; o++)
+      i[o] ^= 106;
+    this.oHash.update(i), ne(i);
+  }
+  update(n) {
+    return qt(this), this.iHash.update(n), this;
+  }
+  digestInto(n) {
+    qt(this), at(n, this.outputLen), this.finished = !0, this.iHash.digestInto(n), this.oHash.update(n), this.oHash.digestInto(n), this.destroy();
+  }
+  digest() {
+    const n = new Uint8Array(this.oHash.outputLen);
+    return this.digestInto(n), n;
+  }
+  _cloneInto(n) {
+    n || (n = Object.create(Object.getPrototypeOf(this), {}));
+    const { oHash: t, iHash: r, finished: s, destroyed: i, blockLen: o, outputLen: a } = this;
+    return n = n, n.finished = s, n.destroyed = i, n.blockLen = o, n.outputLen = a, n.oHash = t._cloneInto(n.oHash), n.iHash = r._cloneInto(n.iHash), n;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+  destroy() {
+    this.destroyed = !0, this.oHash.destroy(), this.iHash.destroy();
+  }
+}
+const $t = (e, n, t) => new Mt(e, n).update(t).digest();
+$t.create = (e, n) => new Mt(e, n);
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const j = BigInt(0), k = BigInt(1), P = /* @__PURE__ */ BigInt(2), le = /* @__PURE__ */ BigInt(3), Ct = /* @__PURE__ */ BigInt(4), Vt = /* @__PURE__ */ BigInt(5), Kt = /* @__PURE__ */ BigInt(8);
+function C(e, n) {
+  const t = e % n;
+  return t >= j ? t : n + t;
+}
+function M(e, n, t) {
+  let r = e;
+  for (; n-- > j; )
+    r *= r, r %= t;
+  return r;
+}
+function _t(e, n) {
+  if (e === j)
+    throw new Error("invert: expected non-zero number");
+  if (n <= j)
+    throw new Error("invert: expected positive modulus, got " + n);
+  let t = C(e, n), r = n, s = j, i = k;
+  for (; t !== j; ) {
+    const a = r / t, l = r % t, g = s - i * a;
+    r = t, t = l, s = i, i = g;
+  }
+  if (r !== k)
+    throw new Error("invert: does not exist");
+  return C(s, n);
+}
+function Yt(e, n) {
+  const t = (e.ORDER + k) / Ct, r = e.pow(n, t);
+  if (!e.eql(e.sqr(r), n))
+    throw new Error("Cannot find square root");
+  return r;
+}
+function ue(e, n) {
+  const t = (e.ORDER - Vt) / Kt, r = e.mul(n, P), s = e.pow(r, t), i = e.mul(n, s), o = e.mul(e.mul(i, P), s), a = e.mul(i, e.sub(o, e.ONE));
+  if (!e.eql(e.sqr(a), n))
+    throw new Error("Cannot find square root");
+  return a;
+}
+function de(e) {
+  if (e < BigInt(3))
+    throw new Error("sqrt is not defined for small field");
+  let n = e - k, t = 0;
+  for (; n % P === j; )
+    n /= P, t++;
+  let r = P;
+  const s = wt(e);
+  for (; Ht(s, r) === 1; )
+    if (r++ > 1e3)
+      throw new Error("Cannot find square root: probably non-prime P");
+  if (t === 1)
+    return Yt;
+  let i = s.pow(r, n);
+  const o = (n + k) / P;
+  return function(l, g) {
+    if (l.is0(g))
+      return g;
+    if (Ht(l, g) !== 1)
+      throw new Error("Cannot find square root");
+    let f = t, E = l.mul(l.ONE, i), x = l.pow(g, n), S = l.pow(g, o);
+    for (; !l.eql(x, l.ONE); ) {
+      if (l.is0(x))
+        return l.ZERO;
+      let _ = 1, N = l.sqr(x);
+      for (; !l.eql(N, l.ONE); )
+        if (_++, N = l.sqr(N), _ === f)
+          throw new Error("Cannot find square root");
+      const L = k << BigInt(f - _ - 1), U = l.pow(E, L);
+      f = _, E = l.sqr(U), x = l.mul(x, E), S = l.mul(S, U);
+    }
+    return S;
+  };
+}
+function he(e) {
+  return e % Ct === le ? Yt : e % Kt === Vt ? ue : de(e);
+}
+const we = [
+  "create",
+  "isValid",
+  "is0",
+  "neg",
+  "inv",
+  "sqrt",
+  "sqr",
+  "eql",
+  "add",
+  "sub",
+  "mul",
+  "pow",
+  "div",
+  "addN",
+  "subN",
+  "mulN",
+  "sqrN"
+];
+function ge(e) {
+  const n = {
+    ORDER: "bigint",
+    MASK: "bigint",
+    BYTES: "number",
+    BITS: "number"
+  }, t = we.reduce((r, s) => (r[s] = "function", r), n);
+  return Nt(e, t), e;
+}
+function me(e, n, t) {
+  if (t < j)
+    throw new Error("invalid exponent, negatives unsupported");
+  if (t === j)
+    return e.ONE;
+  if (t === k)
+    return n;
+  let r = e.ONE, s = n;
+  for (; t > j; )
+    t & k && (r = e.mul(r, s)), s = e.sqr(s), t >>= k;
+  return r;
+}
+function Dt(e, n, t = !1) {
+  const r = new Array(n.length).fill(t ? e.ZERO : void 0), s = n.reduce((o, a, l) => e.is0(a) ? o : (r[l] = o, e.mul(o, a)), e.ONE), i = e.inv(s);
+  return n.reduceRight((o, a, l) => e.is0(a) ? o : (r[l] = e.mul(o, r[l]), e.mul(o, a)), i), r;
+}
+function Ht(e, n) {
+  const t = (e.ORDER - k) / P, r = e.pow(n, t), s = e.eql(r, e.ONE), i = e.eql(r, e.ZERO), o = e.eql(r, e.neg(e.ONE));
+  if (!s && !i && !o)
+    throw new Error("invalid Legendre symbol result");
+  return s ? 1 : i ? 0 : -1;
+}
+function ye(e, n) {
+  n !== void 0 && re(n);
+  const t = n !== void 0 ? n : e.toString(2).length, r = Math.ceil(t / 8);
+  return { nBitLength: t, nByteLength: r };
+}
+function wt(e, n, t = !1, r = {}) {
+  if (e <= j)
+    throw new Error("invalid field: expected ORDER > 0, got " + e);
+  let s, i;
+  if (typeof n == "object" && n != null) {
+    if (r.sqrt || t)
+      throw new Error("cannot specify opts in two arguments");
+    const f = n;
+    f.BITS && (s = f.BITS), f.sqrt && (i = f.sqrt), typeof f.isLE == "boolean" && (t = f.isLE);
+  } else
+    typeof n == "number" && (s = n), r.sqrt && (i = r.sqrt);
+  const { nBitLength: o, nByteLength: a } = ye(e, s);
+  if (a > 2048)
+    throw new Error("invalid field: expected ORDER of <= 2048 bytes");
+  let l;
+  const g = Object.freeze({
+    ORDER: e,
+    isLE: t,
+    BITS: o,
+    BYTES: a,
+    MASK: ht(o),
+    ZERO: j,
+    ONE: k,
+    create: (f) => C(f, e),
+    isValid: (f) => {
+      if (typeof f != "bigint")
+        throw new Error("invalid field element: expected bigint, got " + typeof f);
+      return j <= f && f < e;
+    },
+    is0: (f) => f === j,
+    // is valid and invertible
+    isValidNot0: (f) => !g.is0(f) && g.isValid(f),
+    isOdd: (f) => (f & k) === k,
+    neg: (f) => C(-f, e),
+    eql: (f, E) => f === E,
+    sqr: (f) => C(f * f, e),
+    add: (f, E) => C(f + E, e),
+    sub: (f, E) => C(f - E, e),
+    mul: (f, E) => C(f * E, e),
+    pow: (f, E) => me(g, f, E),
+    div: (f, E) => C(f * _t(E, e), e),
+    // Same as above, but doesn't normalize
+    sqrN: (f) => f * f,
+    addN: (f, E) => f + E,
+    subN: (f, E) => f - E,
+    mulN: (f, E) => f * E,
+    inv: (f) => _t(f, e),
+    sqrt: i || ((f) => (l || (l = he(e)), l(g, f))),
+    toBytes: (f) => t ? Ut(f, a) : It(f, a),
+    fromBytes: (f) => {
+      if (f.length !== a)
+        throw new Error("Field.fromBytes: expected " + a + " bytes, got " + f.length);
+      return t ? jt(f) : dt(f);
+    },
+    // TODO: we don't need it here, move out to separate fn
+    invertBatch: (f) => Dt(g, f),
+    // We can't move this out because Fp6, Fp12 implement it
+    // and it's unclear what to return in there.
+    cmov: (f, E, x) => x ? E : f
+  });
+  return Object.freeze(g);
+}
+function Gt(e) {
+  if (typeof e != "bigint")
+    throw new Error("field order must be bigint");
+  const n = e.toString(2).length;
+  return Math.ceil(n / 8);
+}
+function Ft(e) {
+  const n = Gt(e);
+  return n + Math.ceil(n / 2);
+}
+function pe(e, n, t = !1) {
+  const r = e.length, s = Gt(n), i = Ft(n);
+  if (r < 16 || r < i || r > 1024)
+    throw new Error("expected " + i + "-1024 bytes of input, got " + r);
+  const o = t ? jt(e) : dt(e), a = C(o, n - k) + k;
+  return t ? Ut(a, s) : It(a, s);
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const et = BigInt(0), X = BigInt(1);
+function rt(e, n) {
+  const t = n.negate();
+  return e ? t : n;
+}
+function be(e, n, t) {
+  const r = (o) => o.pz, s = Dt(e.Fp, t.map(r));
+  return t.map((o, a) => o.toAffine(s[a])).map(e.fromAffine);
+}
+function Pt(e, n) {
+  if (!Number.isSafeInteger(e) || e <= 0 || e > n)
+    throw new Error("invalid window size, expected [1.." + n + "], got W=" + e);
+}
+function yt(e, n) {
+  Pt(e, n);
+  const t = Math.ceil(n / e) + 1, r = 2 ** (e - 1), s = 2 ** e, i = ht(e), o = BigInt(e);
+  return { windows: t, windowSize: r, mask: i, maxNumber: s, shiftBy: o };
+}
+function Ot(e, n, t) {
+  const { windowSize: r, mask: s, maxNumber: i, shiftBy: o } = t;
+  let a = Number(e & s), l = e >> o;
+  a > r && (a -= i, l += X);
+  const g = n * r, f = g + Math.abs(a) - 1, E = a === 0, x = a < 0, S = n % 2 !== 0;
+  return { nextN: l, offset: f, isZero: E, isNeg: x, isNegF: S, offsetF: g };
+}
+function Ee(e, n) {
+  if (!Array.isArray(e))
+    throw new Error("array expected");
+  e.forEach((t, r) => {
+    if (!(t instanceof n))
+      throw new Error("invalid point at index " + r);
+  });
+}
+function Be(e, n) {
+  if (!Array.isArray(e))
+    throw new Error("array of scalars expected");
+  e.forEach((t, r) => {
+    if (!n.isValid(t))
+      throw new Error("invalid scalar at index " + r);
+  });
+}
+const pt = /* @__PURE__ */ new WeakMap(), Xt = /* @__PURE__ */ new WeakMap();
+function bt(e) {
+  return Xt.get(e) || 1;
+}
+function Zt(e) {
+  if (e !== et)
+    throw new Error("invalid wNAF");
+}
+function ve(e, n) {
+  return {
+    constTimeNegate: rt,
+    hasPrecomputes(t) {
+      return bt(t) !== 1;
+    },
+    // non-const time multiplication ladder
+    unsafeLadder(t, r, s = e.ZERO) {
+      let i = t;
+      for (; r > et; )
+        r & X && (s = s.add(i)), i = i.double(), r >>= X;
+      return s;
+    },
+    /**
+     * Creates a wNAF precomputation window. Used for caching.
+     * Default window size is set by `utils.precompute()` and is equal to 8.
+     * Number of precomputed points depends on the curve size:
+     * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
+     * - 𝑊 is the window size
+     * - 𝑛 is the bitlength of the curve order.
+     * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
+     * @param elm Point instance
+     * @param W window size
+     * @returns precomputed point tables flattened to a single array
+     */
+    precomputeWindow(t, r) {
+      const { windows: s, windowSize: i } = yt(r, n), o = [];
+      let a = t, l = a;
+      for (let g = 0; g < s; g++) {
+        l = a, o.push(l);
+        for (let f = 1; f < i; f++)
+          l = l.add(a), o.push(l);
+        a = l.double();
+      }
+      return o;
+    },
+    /**
+     * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
+     * @param W window size
+     * @param precomputes precomputed tables
+     * @param n scalar (we don't check here, but should be less than curve order)
+     * @returns real and fake (for const-time) points
+     */
+    wNAF(t, r, s) {
+      let i = e.ZERO, o = e.BASE;
+      const a = yt(t, n);
+      for (let l = 0; l < a.windows; l++) {
+        const { nextN: g, offset: f, isZero: E, isNeg: x, isNegF: S, offsetF: _ } = Ot(s, l, a);
+        s = g, E ? o = o.add(rt(S, r[_])) : i = i.add(rt(x, r[f]));
+      }
+      return Zt(s), { p: i, f: o };
+    },
+    /**
+     * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
+     * @param W window size
+     * @param precomputes precomputed tables
+     * @param n scalar (we don't check here, but should be less than curve order)
+     * @param acc accumulator point to add result of multiplication
+     * @returns point
+     */
+    wNAFUnsafe(t, r, s, i = e.ZERO) {
+      const o = yt(t, n);
+      for (let a = 0; a < o.windows && s !== et; a++) {
+        const { nextN: l, offset: g, isZero: f, isNeg: E } = Ot(s, a, o);
+        if (s = l, !f) {
+          const x = r[g];
+          i = i.add(E ? x.negate() : x);
+        }
+      }
+      return Zt(s), i;
+    },
+    getPrecomputes(t, r, s) {
+      let i = pt.get(r);
+      return i || (i = this.precomputeWindow(r, t), t !== 1 && (typeof s == "function" && (i = s(i)), pt.set(r, i))), i;
+    },
+    wNAFCached(t, r, s) {
+      const i = bt(t);
+      return this.wNAF(i, this.getPrecomputes(i, t, s), r);
+    },
+    wNAFCachedUnsafe(t, r, s, i) {
+      const o = bt(t);
+      return o === 1 ? this.unsafeLadder(t, r, i) : this.wNAFUnsafe(o, this.getPrecomputes(o, t, s), r, i);
+    },
+    // We calculate precomputes for elliptic curve point multiplication
+    // using windowed method. This specifies window size and
+    // stores precomputed values. Usually only base point would be precomputed.
+    setWindowSize(t, r) {
+      Pt(r, n), Xt.set(t, r), pt.delete(t);
+    }
+  };
+}
+function xe(e, n, t, r) {
+  let s = n, i = e.ZERO, o = e.ZERO;
+  for (; t > et || r > et; )
+    t & X && (i = i.add(s)), r & X && (o = o.add(s)), s = s.double(), t >>= X, r >>= X;
+  return { p1: i, p2: o };
+}
+function Se(e, n, t, r) {
+  Ee(t, e), Be(r, n);
+  const s = t.length, i = r.length;
+  if (s !== i)
+    throw new Error("arrays of points and scalars must have equal length");
+  const o = e.ZERO, a = ce(BigInt(s));
+  let l = 1;
+  a > 12 ? l = a - 3 : a > 4 ? l = a - 2 : a > 0 && (l = 2);
+  const g = ht(l), f = new Array(Number(g) + 1).fill(o), E = Math.floor((n.BITS - 1) / l) * l;
+  let x = o;
+  for (let S = E; S >= 0; S -= l) {
+    f.fill(o);
+    for (let N = 0; N < i; N++) {
+      const L = r[N], U = Number(L >> BigInt(S) & g);
+      f[U] = f[U].add(t[N]);
+    }
+    let _ = o;
+    for (let N = f.length - 1, L = o; N > 0; N--)
+      L = L.add(f[N]), _ = _.add(L);
+    if (x = x.add(_), S !== 0)
+      for (let N = 0; N < l; N++)
+        x = x.double();
+  }
+  return x;
+}
+function Rt(e, n) {
+  if (n) {
+    if (n.ORDER !== e)
+      throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
+    return ge(n), n;
+  } else
+    return wt(e);
+}
+function Ie(e, n, t = {}) {
+  if (!n || typeof n != "object")
+    throw new Error(`expected valid ${e} CURVE object`);
+  for (const a of ["p", "n", "h"]) {
+    const l = n[a];
+    if (!(typeof l == "bigint" && l > et))
+      throw new Error(`CURVE.${a} must be positive bigint`);
+  }
+  const r = Rt(n.p, t.Fp), s = Rt(n.n, t.Fn), o = ["Gx", "Gy", "a", "b"];
+  for (const a of o)
+    if (!r.isValid(n[a]))
+      throw new Error(`CURVE.${a} must be valid field element of CURVE.Fp`);
+  return { Fp: r, Fn: s };
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function Lt(e) {
+  e.lowS !== void 0 && lt("lowS", e.lowS), e.prehash !== void 0 && lt("prehash", e.prehash);
+}
+class Ne extends Error {
+  constructor(n = "") {
+    super(n);
+  }
+}
+const V = {
+  // asn.1 DER encoding utils
+  Err: Ne,
+  // Basic building block is TLV (Tag-Length-Value)
+  _tlv: {
+    encode: (e, n) => {
+      const { Err: t } = V;
+      if (e < 0 || e > 256)
+        throw new t("tlv.encode: wrong tag");
+      if (n.length & 1)
+        throw new t("tlv.encode: unpadded data");
+      const r = n.length / 2, s = ft(r);
+      if (s.length / 2 & 128)
+        throw new t("tlv.encode: long form length too big");
+      const i = r > 127 ? ft(s.length / 2 | 128) : "";
+      return ft(e) + i + s + n;
+    },
+    // v - value, l - left bytes (unparsed)
+    decode(e, n) {
+      const { Err: t } = V;
+      let r = 0;
+      if (e < 0 || e > 256)
+        throw new t("tlv.encode: wrong tag");
+      if (n.length < 2 || n[r++] !== e)
+        throw new t("tlv.decode: wrong tlv");
+      const s = n[r++], i = !!(s & 128);
+      let o = 0;
+      if (!i)
+        o = s;
+      else {
+        const l = s & 127;
+        if (!l)
+          throw new t("tlv.decode(long): indefinite length not supported");
+        if (l > 4)
+          throw new t("tlv.decode(long): byte length is too big");
+        const g = n.subarray(r, r + l);
+        if (g.length !== l)
+          throw new t("tlv.decode: length bytes not complete");
+        if (g[0] === 0)
+          throw new t("tlv.decode(long): zero leftmost byte");
+        for (const f of g)
+          o = o << 8 | f;
+        if (r += l, o < 128)
+          throw new t("tlv.decode(long): not minimal encoding");
+      }
+      const a = n.subarray(r, r + o);
+      if (a.length !== o)
+        throw new t("tlv.decode: wrong value length");
+      return { v: a, l: n.subarray(r + o) };
+    }
+  },
+  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
+  // since we always use positive integers here. It must always be empty:
+  // - add zero byte if exists
+  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
+  _int: {
+    encode(e) {
+      const { Err: n } = V;
+      if (e < ot)
+        throw new n("integer: negative integers are not allowed");
+      let t = ft(e);
+      if (Number.parseInt(t[0], 16) & 8 && (t = "00" + t), t.length & 1)
+        throw new n("unexpected DER parsing assertion: unpadded hex");
+      return t;
+    },
+    decode(e) {
+      const { Err: n } = V;
+      if (e[0] & 128)
+        throw new n("invalid signature integer: negative");
+      if (e[0] === 0 && !(e[1] & 128))
+        throw new n("invalid signature integer: unnecessary leading zero");
+      return dt(e);
+    }
+  },
+  toSig(e) {
+    const { Err: n, _int: t, _tlv: r } = V, s = $("signature", e), { v: i, l: o } = r.decode(48, s);
+    if (o.length)
+      throw new n("invalid signature: left bytes after parsing");
+    const { v: a, l } = r.decode(2, i), { v: g, l: f } = r.decode(2, l);
+    if (f.length)
+      throw new n("invalid signature: left bytes after parsing");
+    return { r: t.decode(a), s: t.decode(g) };
+  },
+  hexFromSig(e) {
+    const { _tlv: n, _int: t } = V, r = n.encode(2, t.encode(e.r)), s = n.encode(2, t.encode(e.s)), i = r + s;
+    return n.encode(48, i);
+  }
+}, ot = BigInt(0), it = BigInt(1), qe = BigInt(2), ct = BigInt(3), Ae = BigInt(4);
+function _e(e, n, t) {
+  function r(s) {
+    const i = e.sqr(s), o = e.mul(i, s);
+    return e.add(e.add(o, e.mul(s, n)), t);
+  }
+  return r;
+}
+function Wt(e, n, t) {
+  const { BYTES: r } = e;
+  function s(i) {
+    let o;
+    if (typeof i == "bigint")
+      o = i;
+    else {
+      let a = $("private key", i);
+      if (n) {
+        if (!n.includes(a.length * 2))
+          throw new Error("invalid private key");
+        const l = new Uint8Array(r);
+        l.set(a, l.length - a.length), a = l;
+      }
+      try {
+        o = e.fromBytes(a);
+      } catch {
+        throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof i}`);
+      }
+    }
+    if (t && (o = e.create(o)), !e.isValidNot0(o))
+      throw new Error("invalid private key: out of range [1..N-1]");
+    return o;
+  }
+  return s;
+}
+function He(e, n = {}) {
+  const { Fp: t, Fn: r } = Ie("weierstrass", e, n), { h: s, n: i } = e;
+  Nt(n, {}, {
+    allowInfinityPoint: "boolean",
+    clearCofactor: "function",
+    isTorsionFree: "function",
+    fromBytes: "function",
+    toBytes: "function",
+    endo: "object",
+    wrapPrivateKey: "boolean"
+  });
+  const { endo: o } = n;
+  if (o && (!t.is0(e.a) || typeof o.beta != "bigint" || typeof o.splitScalar != "function"))
+    throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function');
+  function a() {
+    if (!t.isOdd)
+      throw new Error("compression is not supported: Field does not have .isOdd()");
+  }
+  function l(H, c, h) {
+    const { x: u, y: d } = c.toAffine(), w = t.toBytes(u);
+    if (lt("isCompressed", h), h) {
+      a();
+      const p = !t.isOdd(d);
+      return F(Qt(p), w);
+    } else
+      return F(Uint8Array.of(4), w, t.toBytes(d));
+  }
+  function g(H) {
+    at(H);
+    const c = t.BYTES, h = c + 1, u = 2 * c + 1, d = H.length, w = H[0], p = H.subarray(1);
+    if (d === h && (w === 2 || w === 3)) {
+      const m = t.fromBytes(p);
+      if (!t.isValid(m))
+        throw new Error("bad point: is not on curve, wrong x");
+      const y = x(m);
+      let B;
+      try {
+        B = t.sqrt(y);
+      } catch (q) {
+        const v = q instanceof Error ? ": " + q.message : "";
+        throw new Error("bad point: is not on curve, sqrt error" + v);
+      }
+      a();
+      const b = t.isOdd(B);
+      return (w & 1) === 1 !== b && (B = t.neg(B)), { x: m, y: B };
+    } else if (d === u && w === 4) {
+      const m = t.fromBytes(p.subarray(c * 0, c * 1)), y = t.fromBytes(p.subarray(c * 1, c * 2));
+      if (!S(m, y))
+        throw new Error("bad point: is not on curve");
+      return { x: m, y };
+    } else
+      throw new Error(`bad point: got length ${d}, expected compressed=${h} or uncompressed=${u}`);
+  }
+  const f = n.toBytes || l, E = n.fromBytes || g, x = _e(t, e.a, e.b);
+  function S(H, c) {
+    const h = t.sqr(c), u = x(H);
+    return t.eql(h, u);
+  }
+  if (!S(e.Gx, e.Gy))
+    throw new Error("bad curve params: generator point");
+  const _ = t.mul(t.pow(e.a, ct), Ae), N = t.mul(t.sqr(e.b), BigInt(27));
+  if (t.is0(t.add(_, N)))
+    throw new Error("bad curve params: a or b");
+  function L(H, c, h = !1) {
+    if (!t.isValid(c) || h && t.is0(c))
+      throw new Error(`bad point coordinate ${H}`);
+    return c;
+  }
+  function U(H) {
+    if (!(H instanceof I))
+      throw new Error("ProjectivePoint expected");
+  }
+  const W = At((H, c) => {
+    const { px: h, py: u, pz: d } = H;
+    if (t.eql(d, t.ONE))
+      return { x: h, y: u };
+    const w = H.is0();
+    c == null && (c = w ? t.ONE : t.inv(d));
+    const p = t.mul(h, c), m = t.mul(u, c), y = t.mul(d, c);
+    if (w)
+      return { x: t.ZERO, y: t.ZERO };
+    if (!t.eql(y, t.ONE))
+      throw new Error("invZ was invalid");
+    return { x: p, y: m };
+  }), Y = At((H) => {
+    if (H.is0()) {
+      if (n.allowInfinityPoint && !t.is0(H.py))
+        return;
+      throw new Error("bad point: ZERO");
+    }
+    const { x: c, y: h } = H.toAffine();
+    if (!t.isValid(c) || !t.isValid(h))
+      throw new Error("bad point: x or y not field elements");
+    if (!S(c, h))
+      throw new Error("bad point: equation left != right");
+    if (!H.isTorsionFree())
+      throw new Error("bad point: not in prime-order subgroup");
+    return !0;
+  });
+  function Q(H, c, h, u, d) {
+    return h = new I(t.mul(h.px, H), h.py, h.pz), c = rt(u, c), h = rt(d, h), c.add(h);
+  }
+  class I {
+    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
+    constructor(c, h, u) {
+      this.px = L("x", c), this.py = L("y", h, !0), this.pz = L("z", u), Object.freeze(this);
+    }
+    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
+    static fromAffine(c) {
+      const { x: h, y: u } = c || {};
+      if (!c || !t.isValid(h) || !t.isValid(u))
+        throw new Error("invalid affine point");
+      if (c instanceof I)
+        throw new Error("projective point not allowed");
+      return t.is0(h) && t.is0(u) ? I.ZERO : new I(h, u, t.ONE);
+    }
+    get x() {
+      return this.toAffine().x;
+    }
+    get y() {
+      return this.toAffine().y;
+    }
+    static normalizeZ(c) {
+      return be(I, "pz", c);
+    }
+    static fromBytes(c) {
+      return at(c), I.fromHex(c);
+    }
+    /** Converts hash string or Uint8Array to Point. */
+    static fromHex(c) {
+      const h = I.fromAffine(E($("pointHex", c)));
+      return h.assertValidity(), h;
+    }
+    /** Multiplies generator point by privateKey. */
+    static fromPrivateKey(c) {
+      const h = Wt(r, n.allowedPrivateKeyLengths, n.wrapPrivateKey);
+      return I.BASE.multiply(h(c));
+    }
+    /** Multiscalar Multiplication */
+    static msm(c, h) {
+      return Se(I, r, c, h);
+    }
+    /**
+     *
+     * @param windowSize
+     * @param isLazy true will defer table computation until the first multiplication
+     * @returns
+     */
+    precompute(c = 8, h = !0) {
+      return K.setWindowSize(this, c), h || this.multiply(ct), this;
+    }
+    /** "Private method", don't use it directly */
+    _setWindowSize(c) {
+      this.precompute(c);
+    }
+    // TODO: return `this`
+    /** A point on curve is valid if it conforms to equation. */
+    assertValidity() {
+      Y(this);
+    }
+    hasEvenY() {
+      const { y: c } = this.toAffine();
+      if (!t.isOdd)
+        throw new Error("Field doesn't support isOdd");
+      return !t.isOdd(c);
+    }
+    /** Compare one point to another. */
+    equals(c) {
+      U(c);
+      const { px: h, py: u, pz: d } = this, { px: w, py: p, pz: m } = c, y = t.eql(t.mul(h, m), t.mul(w, d)), B = t.eql(t.mul(u, m), t.mul(p, d));
+      return y && B;
+    }
+    /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
+    negate() {
+      return new I(this.px, t.neg(this.py), this.pz);
+    }
+    // Renes-Costello-Batina exception-free doubling formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 3
+    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
+    double() {
+      const { a: c, b: h } = e, u = t.mul(h, ct), { px: d, py: w, pz: p } = this;
+      let m = t.ZERO, y = t.ZERO, B = t.ZERO, b = t.mul(d, d), O = t.mul(w, w), q = t.mul(p, p), v = t.mul(d, w);
+      return v = t.add(v, v), B = t.mul(d, p), B = t.add(B, B), m = t.mul(c, B), y = t.mul(u, q), y = t.add(m, y), m = t.sub(O, y), y = t.add(O, y), y = t.mul(m, y), m = t.mul(v, m), B = t.mul(u, B), q = t.mul(c, q), v = t.sub(b, q), v = t.mul(c, v), v = t.add(v, B), B = t.add(b, b), b = t.add(B, b), b = t.add(b, q), b = t.mul(b, v), y = t.add(y, b), q = t.mul(w, p), q = t.add(q, q), b = t.mul(q, v), m = t.sub(m, b), B = t.mul(q, O), B = t.add(B, B), B = t.add(B, B), new I(m, y, B);
+    }
+    // Renes-Costello-Batina exception-free addition formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 1
+    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
+    add(c) {
+      U(c);
+      const { px: h, py: u, pz: d } = this, { px: w, py: p, pz: m } = c;
+      let y = t.ZERO, B = t.ZERO, b = t.ZERO;
+      const O = e.a, q = t.mul(e.b, ct);
+      let v = t.mul(h, w), Z = t.mul(u, p), R = t.mul(d, m), z = t.add(h, u), A = t.add(w, p);
+      z = t.mul(z, A), A = t.add(v, Z), z = t.sub(z, A), A = t.add(h, d);
+      let T = t.add(w, m);
+      return A = t.mul(A, T), T = t.add(v, R), A = t.sub(A, T), T = t.add(u, d), y = t.add(p, m), T = t.mul(T, y), y = t.add(Z, R), T = t.sub(T, y), b = t.mul(O, A), y = t.mul(q, R), b = t.add(y, b), y = t.sub(Z, b), b = t.add(Z, b), B = t.mul(y, b), Z = t.add(v, v), Z = t.add(Z, v), R = t.mul(O, R), A = t.mul(q, A), Z = t.add(Z, R), R = t.sub(v, R), R = t.mul(O, R), A = t.add(A, R), v = t.mul(Z, A), B = t.add(B, v), v = t.mul(T, A), y = t.mul(z, y), y = t.sub(y, v), v = t.mul(z, Z), b = t.mul(T, b), b = t.add(b, v), new I(y, B, b);
+    }
+    subtract(c) {
+      return this.add(c.negate());
+    }
+    is0() {
+      return this.equals(I.ZERO);
+    }
+    /**
+     * Constant time multiplication.
+     * Uses wNAF method. Windowed method may be 10% faster,
+     * but takes 2x longer to generate and consumes 2x memory.
+     * Uses precomputes when available.
+     * Uses endomorphism for Koblitz curves.
+     * @param scalar by which the point would be multiplied
+     * @returns New point
+     */
+    multiply(c) {
+      const { endo: h } = n;
+      if (!r.isValidNot0(c))
+        throw new Error("invalid scalar: out of range");
+      let u, d;
+      const w = (p) => K.wNAFCached(this, p, I.normalizeZ);
+      if (h) {
+        const { k1neg: p, k1: m, k2neg: y, k2: B } = h.splitScalar(c), { p: b, f: O } = w(m), { p: q, f: v } = w(B);
+        d = O.add(v), u = Q(h.beta, b, q, p, y);
+      } else {
+        const { p, f: m } = w(c);
+        u = p, d = m;
+      }
+      return I.normalizeZ([u, d])[0];
+    }
+    /**
+     * Non-constant-time multiplication. Uses double-and-add algorithm.
+     * It's faster, but should only be used when you don't care about
+     * an exposed private key e.g. sig verification, which works over *public* keys.
+     */
+    multiplyUnsafe(c) {
+      const { endo: h } = n, u = this;
+      if (!r.isValid(c))
+        throw new Error("invalid scalar: out of range");
+      if (c === ot || u.is0())
+        return I.ZERO;
+      if (c === it)
+        return u;
+      if (K.hasPrecomputes(this))
+        return this.multiply(c);
+      if (h) {
+        const { k1neg: d, k1: w, k2neg: p, k2: m } = h.splitScalar(c), { p1: y, p2: B } = xe(I, u, w, m);
+        return Q(h.beta, y, B, d, p);
+      } else
+        return K.wNAFCachedUnsafe(u, c);
+    }
+    multiplyAndAddUnsafe(c, h, u) {
+      const d = this.multiplyUnsafe(h).add(c.multiplyUnsafe(u));
+      return d.is0() ? void 0 : d;
+    }
+    /**
+     * Converts Projective point to affine (x, y) coordinates.
+     * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
+     */
+    toAffine(c) {
+      return W(this, c);
+    }
+    /**
+     * Checks whether Point is free of torsion elements (is in prime subgroup).
+     * Always torsion-free for cofactor=1 curves.
+     */
+    isTorsionFree() {
+      const { isTorsionFree: c } = n;
+      return s === it ? !0 : c ? c(I, this) : K.wNAFCachedUnsafe(this, i).is0();
+    }
+    clearCofactor() {
+      const { clearCofactor: c } = n;
+      return s === it ? this : c ? c(I, this) : this.multiplyUnsafe(s);
+    }
+    toBytes(c = !0) {
+      return lt("isCompressed", c), this.assertValidity(), f(I, this, c);
+    }
+    /** @deprecated use `toBytes` */
+    toRawBytes(c = !0) {
+      return this.toBytes(c);
+    }
+    toHex(c = !0) {
+      return st(this.toBytes(c));
+    }
+    toString() {
+      return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
+    }
+  }
+  I.BASE = new I(e.Gx, e.Gy, t.ONE), I.ZERO = new I(t.ZERO, t.ONE, t.ZERO), I.Fp = t, I.Fn = r;
+  const D = r.BITS, K = ve(I, n.endo ? Math.ceil(D / 2) : D);
+  return I;
+}
+function Qt(e) {
+  return Uint8Array.of(e ? 2 : 3);
+}
+function Oe(e, n, t = {}) {
+  Nt(n, { hash: "function" }, {
+    hmac: "function",
+    lowS: "boolean",
+    randomBytes: "function",
+    bits2int: "function",
+    bits2int_modN: "function"
+  });
+  const r = n.randomBytes || oe, s = n.hmac || ((u, ...d) => $t(n.hash, u, F(...d))), { Fp: i, Fn: o } = e, { ORDER: a, BITS: l } = o;
+  function g(u) {
+    const d = a >> it;
+    return u > d;
+  }
+  function f(u) {
+    return g(u) ? o.neg(u) : u;
+  }
+  function E(u, d) {
+    if (!o.isValidNot0(d))
+      throw new Error(`invalid signature ${u}: out of range 1..CURVE.n`);
+  }
+  class x {
+    constructor(d, w, p) {
+      E("r", d), E("s", w), this.r = d, this.s = w, p != null && (this.recovery = p), Object.freeze(this);
+    }
+    // pair (bytes of r, bytes of s)
+    static fromCompact(d) {
+      const w = o.BYTES, p = $("compactSignature", d, w * 2);
+      return new x(o.fromBytes(p.subarray(0, w)), o.fromBytes(p.subarray(w, w * 2)));
+    }
+    // DER encoded ECDSA signature
+    // https://bitcoin.stackexchange.com/questions/57644/what-are-the-parts-of-a-bitcoin-transaction-input-script
+    static fromDER(d) {
+      const { r: w, s: p } = V.toSig($("DER", d));
+      return new x(w, p);
+    }
+    /**
+     * @todo remove
+     * @deprecated
+     */
+    assertValidity() {
+    }
+    addRecoveryBit(d) {
+      return new x(this.r, this.s, d);
+    }
+    // ProjPointType<bigint>
+    recoverPublicKey(d) {
+      const w = i.ORDER, { r: p, s: m, recovery: y } = this;
+      if (y == null || ![0, 1, 2, 3].includes(y))
+        throw new Error("recovery id invalid");
+      if (a * qe < w && y > 1)
+        throw new Error("recovery id is ambiguous for h>1 curve");
+      const b = y === 2 || y === 3 ? p + a : p;
+      if (!i.isValid(b))
+        throw new Error("recovery id 2 or 3 invalid");
+      const O = i.toBytes(b), q = e.fromHex(F(Qt((y & 1) === 0), O)), v = o.inv(b), Z = Y($("msgHash", d)), R = o.create(-Z * v), z = o.create(m * v), A = e.BASE.multiplyUnsafe(R).add(q.multiplyUnsafe(z));
+      if (A.is0())
+        throw new Error("point at infinify");
+      return A.assertValidity(), A;
+    }
+    // Signatures should be low-s, to prevent malleability.
+    hasHighS() {
+      return g(this.s);
+    }
+    normalizeS() {
+      return this.hasHighS() ? new x(this.r, o.neg(this.s), this.recovery) : this;
+    }
+    toBytes(d) {
+      if (d === "compact")
+        return F(o.toBytes(this.r), o.toBytes(this.s));
+      if (d === "der")
+        return xt(V.hexFromSig(this));
+      throw new Error("invalid format");
+    }
+    // DER-encoded
+    toDERRawBytes() {
+      return this.toBytes("der");
+    }
+    toDERHex() {
+      return st(this.toBytes("der"));
+    }
+    // padded bytes of r, then padded bytes of s
+    toCompactRawBytes() {
+      return this.toBytes("compact");
+    }
+    toCompactHex() {
+      return st(this.toBytes("compact"));
+    }
+  }
+  const S = Wt(o, t.allowedPrivateKeyLengths, t.wrapPrivateKey), _ = {
+    isValidPrivateKey(u) {
+      try {
+        return S(u), !0;
+      } catch {
+        return !1;
+      }
+    },
+    normPrivateKeyToScalar: S,
+    /**
+     * Produces cryptographically secure private key from random of size
+     * (groupLen + ceil(groupLen / 2)) with modulo bias being negligible.
+     */
+    randomPrivateKey: () => {
+      const u = a;
+      return pe(r(Ft(u)), u);
+    },
+    precompute(u = 8, d = e.BASE) {
+      return d.precompute(u, !1);
+    }
+  };
+  function N(u, d = !0) {
+    return e.fromPrivateKey(u).toBytes(d);
+  }
+  function L(u) {
+    if (typeof u == "bigint")
+      return !1;
+    if (u instanceof e)
+      return !0;
+    const w = $("key", u).length, p = i.BYTES, m = p + 1, y = 2 * p + 1;
+    if (!(t.allowedPrivateKeyLengths || o.BYTES === m))
+      return w === m || w === y;
+  }
+  function U(u, d, w = !0) {
+    if (L(u) === !0)
+      throw new Error("first arg must be private key");
+    if (L(d) === !1)
+      throw new Error("second arg must be public key");
+    return e.fromHex(d).multiply(S(u)).toBytes(w);
+  }
+  const W = n.bits2int || function(u) {
+    if (u.length > 8192)
+      throw new Error("input is too large");
+    const d = dt(u), w = u.length * 8 - l;
+    return w > 0 ? d >> BigInt(w) : d;
+  }, Y = n.bits2int_modN || function(u) {
+    return o.create(W(u));
+  }, Q = ht(l);
+  function I(u) {
+    return fe("num < 2^" + l, u, ot, Q), o.toBytes(u);
+  }
+  function D(u, d, w = K) {
+    if (["recovered", "canonical"].some((z) => z in w))
+      throw new Error("sign() legacy options not supported");
+    const { hash: p } = n;
+    let { lowS: m, prehash: y, extraEntropy: B } = w;
+    m == null && (m = !0), u = $("msgHash", u), Lt(w), y && (u = $("prehashed msgHash", p(u)));
+    const b = Y(u), O = S(d), q = [I(O), I(b)];
+    if (B != null && B !== !1) {
+      const z = B === !0 ? r(i.BYTES) : B;
+      q.push($("extraEntropy", z));
+    }
+    const v = F(...q), Z = b;
+    function R(z) {
+      const A = W(z);
+      if (!o.isValidNot0(A))
+        return;
+      const T = o.inv(A), nt = e.BASE.multiply(A).toAffine(), J = o.create(nt.x);
+      if (J === ot)
+        return;
+      const G = o.create(T * o.create(Z + J * O));
+      if (G === ot)
+        return;
+      let gt = (nt.x === J ? 0 : 2) | Number(nt.y & it), tt = G;
+      return m && g(G) && (tt = f(G), gt ^= 1), new x(J, tt, gt);
+    }
+    return { seed: v, k2sig: R };
+  }
+  const K = { lowS: n.lowS, prehash: !1 }, H = { lowS: n.lowS, prehash: !1 };
+  function c(u, d, w = K) {
+    const { seed: p, k2sig: m } = D(u, d, w);
+    return ae(n.hash.outputLen, o.BYTES, s)(p, m);
+  }
+  e.BASE.precompute(8);
+  function h(u, d, w, p = H) {
+    const m = u;
+    d = $("msgHash", d), w = $("publicKey", w), Lt(p);
+    const { lowS: y, prehash: B, format: b } = p;
+    if ("strict" in p)
+      throw new Error("options.strict was renamed to lowS");
+    if (b !== void 0 && !["compact", "der", "js"].includes(b))
+      throw new Error('format must be "compact", "der" or "js"');
+    const O = typeof m == "string" || Tt(m), q = !O && !b && typeof m == "object" && m !== null && typeof m.r == "bigint" && typeof m.s == "bigint";
+    if (!O && !q)
+      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
+    let v, Z;
+    try {
+      if (q)
+        if (b === void 0 || b === "js")
+          v = new x(m.r, m.s);
+        else
+          throw new Error("invalid format");
+      if (O) {
+        try {
+          b !== "compact" && (v = x.fromDER(m));
+        } catch (tt) {
+          if (!(tt instanceof V.Err))
+            throw tt;
+        }
+        !v && b !== "der" && (v = x.fromCompact(m));
+      }
+      Z = e.fromHex(w);
+    } catch {
+      return !1;
+    }
+    if (!v || y && v.hasHighS())
+      return !1;
+    B && (d = n.hash(d));
+    const { r: R, s: z } = v, A = Y(d), T = o.inv(z), nt = o.create(A * T), J = o.create(R * T), G = e.BASE.multiplyUnsafe(nt).add(Z.multiplyUnsafe(J));
+    return G.is0() ? !1 : o.create(G.x) === R;
+  }
+  return Object.freeze({
+    getPublicKey: N,
+    getSharedSecret: U,
+    sign: c,
+    verify: h,
+    utils: _,
+    Point: e,
+    Signature: x
+  });
+}
+function Ze(e) {
+  const n = {
+    a: e.a,
+    b: e.b,
+    p: e.Fp.ORDER,
+    n: e.n,
+    h: e.h,
+    Gx: e.Gx,
+    Gy: e.Gy
+  }, t = e.Fp, r = wt(n.n, e.nBitLength), s = {
+    Fp: t,
+    Fn: r,
+    allowedPrivateKeyLengths: e.allowedPrivateKeyLengths,
+    allowInfinityPoint: e.allowInfinityPoint,
+    endo: e.endo,
+    wrapPrivateKey: e.wrapPrivateKey,
+    isTorsionFree: e.isTorsionFree,
+    clearCofactor: e.clearCofactor,
+    fromBytes: e.fromBytes,
+    toBytes: e.toBytes
+  };
+  return { CURVE: n, curveOpts: s };
+}
+function Re(e) {
+  const { CURVE: n, curveOpts: t } = Ze(e), r = {
+    hash: e.hash,
+    hmac: e.hmac,
+    randomBytes: e.randomBytes,
+    lowS: e.lowS,
+    bits2int: e.bits2int,
+    bits2int_modN: e.bits2int_modN
+  };
+  return { CURVE: n, curveOpts: t, ecdsaOpts: r };
+}
+function Le(e, n) {
+  return Object.assign({}, n, {
+    ProjectivePoint: n.Point,
+    CURVE: e
+  });
+}
+function ze(e) {
+  const { CURVE: n, curveOpts: t, ecdsaOpts: r } = Re(e), s = He(n, t), i = Oe(s, r, t);
+  return Le(e, i);
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function Te(e, n) {
+  const t = (r) => ze({ ...e, hash: r });
+  return { ...t(n), create: t };
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const ut = {
+  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
+  n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
+  h: BigInt(1),
+  a: BigInt(0),
+  b: BigInt(7),
+  Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
+  Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
+};
+BigInt(0);
+const ke = BigInt(1), Bt = BigInt(2), zt = (e, n) => (e + n / Bt) / n;
+function je(e) {
+  const n = ut.p, t = BigInt(3), r = BigInt(6), s = BigInt(11), i = BigInt(22), o = BigInt(23), a = BigInt(44), l = BigInt(88), g = e * e * e % n, f = g * g * e % n, E = M(f, t, n) * f % n, x = M(E, t, n) * f % n, S = M(x, Bt, n) * g % n, _ = M(S, s, n) * S % n, N = M(_, i, n) * _ % n, L = M(N, a, n) * N % n, U = M(L, l, n) * L % n, W = M(U, a, n) * N % n, Y = M(W, t, n) * f % n, Q = M(Y, o, n) * _ % n, I = M(Q, r, n) * g % n, D = M(I, Bt, n);
+  if (!vt.eql(vt.sqr(D), e))
+    throw new Error("Cannot find square root");
+  return D;
+}
+const vt = wt(ut.p, void 0, void 0, { sqrt: je }), Me = Te({
+  ...ut,
+  Fp: vt,
+  lowS: !0,
+  // Allow only low-S signatures by default in sign() and verify()
+  endo: {
+    // Endomorphism, see above
+    beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
+    splitScalar: (e) => {
+      const n = ut.n, t = BigInt("0x3086d221a7d46bcde86c90e49284eb15"), r = -ke * BigInt("0xe4437ed6010e88286f547fa90abfe4c3"), s = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), i = t, o = BigInt("0x100000000000000000000000000000000"), a = zt(i * e, n), l = zt(-r * e, n);
+      let g = C(e - a * t - l * s, n), f = C(-a * r - l * i, n);
+      const E = g > o, x = f > o;
+      if (E && (g = n - g), x && (f = n - f), g > o || f > o)
+        throw new Error("splitScalar: Endomorphism failed, k=" + e);
+      return { k1neg: E, k1: g, k2neg: x, k2: f };
+    }
+  }
+}, ie);
+export {
+  Me as secp256k1
+};
+//# sourceMappingURL=secp256k1-DGP4Y7VW.js.map