@smallwebco/tinypivot-vue 1.0.64 → 1.0.65

package/dist/p256-D44eOAG2.js

@@ -0,0 +1,1395 @@
+import { b as tt, i as St, h as ut, a as Kt, c as z, d as we, H as ge, e as Yt, t as be, f as ye, g as Zt, r as kt, s as me, j as pe, k as Ee } from "./sha2-BnbuxHg9.js";
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const It = /* @__PURE__ */ BigInt(0), vt = /* @__PURE__ */ BigInt(1);
+function lt(e, n = "") {
+  if (typeof e != "boolean") {
+    const r = n && `"${n}"`;
+    throw new Error(r + "expected boolean, got type=" + typeof e);
+  }
+  return e;
+}
+function D(e, n, r = "") {
+  const t = St(e), f = e == null ? void 0 : e.length, o = n !== void 0;
+  if (!t || o && f !== n) {
+    const i = r && `"${r}" `, l = o ? ` of length ${n}` : "", u = t ? `length=${f}` : `type=${typeof e}`;
+    throw new Error(i + "expected Uint8Array" + l + ", got " + u);
+  }
+  return e;
+}
+function ct(e) {
+  const n = e.toString(16);
+  return n.length & 1 ? "0" + n : n;
+}
+function Ct(e) {
+  if (typeof e != "string")
+    throw new Error("hex string expected, got " + typeof e);
+  return e === "" ? It : BigInt("0x" + e);
+}
+function ht(e) {
+  return Ct(tt(e));
+}
+function Mt(e) {
+  return Kt(e), Ct(tt(Uint8Array.from(e).reverse()));
+}
+function Nt(e, n) {
+  return ut(e.toString(16).padStart(n * 2, "0"));
+}
+function zt(e, n) {
+  return Nt(e, n).reverse();
+}
+function K(e, n, r) {
+  let t;
+  if (typeof n == "string")
+    try {
+      t = ut(n);
+    } catch (f) {
+      throw new Error(e + " must be hex string or Uint8Array, cause: " + f);
+    }
+  else if (St(n))
+    t = Uint8Array.from(n);
+  else
+    throw new Error(e + " must be hex string or Uint8Array");
+  return t.length, t;
+}
+const bt = (e) => typeof e == "bigint" && It <= e;
+function Be(e, n, r) {
+  return bt(e) && bt(n) && bt(r) && n <= e && e < r;
+}
+function ve(e, n, r, t) {
+  if (!Be(n, r, t))
+    throw new Error("expected valid " + e + ": " + r + " <= n < " + t + ", got " + n);
+}
+function Xt(e) {
+  let n;
+  for (n = 0; e > It; e >>= vt, n += 1)
+    ;
+  return n;
+}
+const ft = (e) => (vt << BigInt(e)) - vt;
+function xe(e, n, r) {
+  if (typeof e != "number" || e < 2)
+    throw new Error("hashLen must be a number");
+  if (typeof n != "number" || n < 2)
+    throw new Error("qByteLen must be a number");
+  if (typeof r != "function")
+    throw new Error("hmacFn must be a function");
+  const t = (h) => new Uint8Array(h), f = (h) => Uint8Array.of(h);
+  let o = t(e), i = t(e), l = 0;
+  const u = () => {
+    o.fill(1), i.fill(0), l = 0;
+  }, g = (...h) => r(i, o, ...h), p = (h = t(0)) => {
+    i = g(f(0), h), o = g(), h.length !== 0 && (i = g(f(1), h), o = g());
+  }, I = () => {
+    if (l++ >= 1e3)
+      throw new Error("drbg: tried 1000 values");
+    let h = 0;
+    const B = [];
+    for (; h < n; ) {
+      o = g();
+      const x = o.slice();
+      B.push(x), h += o.length;
+    }
+    return z(...B);
+  };
+  return (h, B) => {
+    u(), p(h);
+    let x;
+    for (; !(x = B(I())); )
+      p();
+    return u(), x;
+  };
+}
+function Rt(e, n, r = {}) {
+  if (!e || typeof e != "object")
+    throw new Error("expected valid options object");
+  function t(f, o, i) {
+    const l = e[f];
+    if (i && l === void 0)
+      return;
+    const u = typeof l;
+    if (u !== o || l === null)
+      throw new Error(`param "${f}" is invalid: expected ${o}, got ${u}`);
+  }
+  Object.entries(n).forEach(([f, o]) => t(f, o, !1)), Object.entries(r).forEach(([f, o]) => t(f, o, !0));
+}
+function Ht(e) {
+  const n = /* @__PURE__ */ new WeakMap();
+  return (r, ...t) => {
+    const f = n.get(r);
+    if (f !== void 0)
+      return f;
+    const o = e(r, ...t);
+    return n.set(r, o), o;
+  };
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const Y = BigInt(0), j = BigInt(1), G = /* @__PURE__ */ BigInt(2), Dt = /* @__PURE__ */ BigInt(3), Gt = /* @__PURE__ */ BigInt(4), Ft = /* @__PURE__ */ BigInt(5), Se = /* @__PURE__ */ BigInt(7), Wt = /* @__PURE__ */ BigInt(8), Ie = /* @__PURE__ */ BigInt(9), Pt = /* @__PURE__ */ BigInt(16);
+function k(e, n) {
+  const r = e % n;
+  return r >= Y ? r : n + r;
+}
+function Ut(e, n) {
+  if (e === Y)
+    throw new Error("invert: expected non-zero number");
+  if (n <= Y)
+    throw new Error("invert: expected positive modulus, got " + n);
+  let r = k(e, n), t = n, f = Y, o = j;
+  for (; r !== Y; ) {
+    const l = t / r, u = t % r, g = f - o * l;
+    t = r, r = u, f = o, o = g;
+  }
+  if (t !== j)
+    throw new Error("invert: does not exist");
+  return k(f, n);
+}
+function At(e, n, r) {
+  if (!e.eql(e.sqr(n), r))
+    throw new Error("Cannot find square root");
+}
+function Qt(e, n) {
+  const r = (e.ORDER + j) / Gt, t = e.pow(n, r);
+  return At(e, t, n), t;
+}
+function Ne(e, n) {
+  const r = (e.ORDER - Ft) / Wt, t = e.mul(n, G), f = e.pow(t, r), o = e.mul(n, f), i = e.mul(e.mul(o, G), f), l = e.mul(o, e.sub(i, e.ONE));
+  return At(e, l, n), l;
+}
+function Re(e) {
+  const n = W(e), r = Jt(e), t = r(n, n.neg(n.ONE)), f = r(n, t), o = r(n, n.neg(t)), i = (e + Se) / Pt;
+  return (l, u) => {
+    let g = l.pow(u, i), p = l.mul(g, t);
+    const I = l.mul(g, f), c = l.mul(g, o), h = l.eql(l.sqr(p), u), B = l.eql(l.sqr(I), u);
+    g = l.cmov(g, p, h), p = l.cmov(c, I, B);
+    const x = l.eql(l.sqr(p), u), q = l.cmov(g, p, x);
+    return At(l, q, u), q;
+  };
+}
+function Jt(e) {
+  if (e < Dt)
+    throw new Error("sqrt is not defined for small field");
+  let n = e - j, r = 0;
+  for (; n % G === Y; )
+    n /= G, r++;
+  let t = G;
+  const f = W(e);
+  for (; Lt(f, t) === 1; )
+    if (t++ > 1e3)
+      throw new Error("Cannot find square root: probably non-prime P");
+  if (r === 1)
+    return Qt;
+  let o = f.pow(t, n);
+  const i = (n + j) / G;
+  return function(u, g) {
+    if (u.is0(g))
+      return g;
+    if (Lt(u, g) !== 1)
+      throw new Error("Cannot find square root");
+    let p = r, I = u.mul(u.ONE, o), c = u.pow(g, n), h = u.pow(g, i);
+    for (; !u.eql(c, u.ONE); ) {
+      if (u.is0(c))
+        return u.ZERO;
+      let B = 1, x = u.sqr(c);
+      for (; !u.eql(x, u.ONE); )
+        if (B++, x = u.sqr(x), B === p)
+          throw new Error("Cannot find square root");
+      const q = j << BigInt(p - B - 1), L = u.pow(I, q);
+      p = B, I = u.sqr(L), c = u.mul(c, I), h = u.mul(h, L);
+    }
+    return h;
+  };
+}
+function Ae(e) {
+  return e % Gt === Dt ? Qt : e % Wt === Ft ? Ne : e % Pt === Ie ? Re(e) : Jt(e);
+}
+const Oe = [
+  "create",
+  "isValid",
+  "is0",
+  "neg",
+  "inv",
+  "sqrt",
+  "sqr",
+  "eql",
+  "add",
+  "sub",
+  "mul",
+  "pow",
+  "div",
+  "addN",
+  "subN",
+  "mulN",
+  "sqrN"
+];
+function qe(e) {
+  const n = {
+    ORDER: "bigint",
+    MASK: "bigint",
+    BYTES: "number",
+    BITS: "number"
+  }, r = Oe.reduce((t, f) => (t[f] = "function", t), n);
+  return Rt(e, r), e;
+}
+function _e(e, n, r) {
+  if (r < Y)
+    throw new Error("invalid exponent, negatives unsupported");
+  if (r === Y)
+    return e.ONE;
+  if (r === j)
+    return n;
+  let t = e.ONE, f = n;
+  for (; r > Y; )
+    r & j && (t = e.mul(t, f)), f = e.sqr(f), r >>= j;
+  return t;
+}
+function te(e, n, r = !1) {
+  const t = new Array(n.length).fill(r ? e.ZERO : void 0), f = n.reduce((i, l, u) => e.is0(l) ? i : (t[u] = i, e.mul(i, l)), e.ONE), o = e.inv(f);
+  return n.reduceRight((i, l, u) => e.is0(l) ? i : (t[u] = e.mul(i, t[u]), e.mul(i, l)), o), t;
+}
+function Lt(e, n) {
+  const r = (e.ORDER - j) / G, t = e.pow(n, r), f = e.eql(t, e.ONE), o = e.eql(t, e.ZERO), i = e.eql(t, e.neg(e.ONE));
+  if (!f && !o && !i)
+    throw new Error("invalid Legendre symbol result");
+  return f ? 1 : o ? 0 : -1;
+}
+function ee(e, n) {
+  n !== void 0 && we(n);
+  const r = n !== void 0 ? n : e.toString(2).length, t = Math.ceil(r / 8);
+  return { nBitLength: r, nByteLength: t };
+}
+function W(e, n, r = !1, t = {}) {
+  if (e <= Y)
+    throw new Error("invalid field: expected ORDER > 0, got " + e);
+  let f, o, i = !1, l;
+  if (typeof n == "object" && n != null) {
+    if (t.sqrt || r)
+      throw new Error("cannot specify opts in two arguments");
+    const c = n;
+    c.BITS && (f = c.BITS), c.sqrt && (o = c.sqrt), typeof c.isLE == "boolean" && (r = c.isLE), typeof c.modFromBytes == "boolean" && (i = c.modFromBytes), l = c.allowedLengths;
+  } else
+    typeof n == "number" && (f = n), t.sqrt && (o = t.sqrt);
+  const { nBitLength: u, nByteLength: g } = ee(e, f);
+  if (g > 2048)
+    throw new Error("invalid field: expected ORDER of <= 2048 bytes");
+  let p;
+  const I = Object.freeze({
+    ORDER: e,
+    isLE: r,
+    BITS: u,
+    BYTES: g,
+    MASK: ft(u),
+    ZERO: Y,
+    ONE: j,
+    allowedLengths: l,
+    create: (c) => k(c, e),
+    isValid: (c) => {
+      if (typeof c != "bigint")
+        throw new Error("invalid field element: expected bigint, got " + typeof c);
+      return Y <= c && c < e;
+    },
+    is0: (c) => c === Y,
+    // is valid and invertible
+    isValidNot0: (c) => !I.is0(c) && I.isValid(c),
+    isOdd: (c) => (c & j) === j,
+    neg: (c) => k(-c, e),
+    eql: (c, h) => c === h,
+    sqr: (c) => k(c * c, e),
+    add: (c, h) => k(c + h, e),
+    sub: (c, h) => k(c - h, e),
+    mul: (c, h) => k(c * h, e),
+    pow: (c, h) => _e(I, c, h),
+    div: (c, h) => k(c * Ut(h, e), e),
+    // Same as above, but doesn't normalize
+    sqrN: (c) => c * c,
+    addN: (c, h) => c + h,
+    subN: (c, h) => c - h,
+    mulN: (c, h) => c * h,
+    inv: (c) => Ut(c, e),
+    sqrt: o || ((c) => (p || (p = Ae(e)), p(I, c))),
+    toBytes: (c) => r ? zt(c, g) : Nt(c, g),
+    fromBytes: (c, h = !0) => {
+      if (l) {
+        if (!l.includes(c.length) || c.length > g)
+          throw new Error("Field.fromBytes: expected " + l + " bytes, got " + c.length);
+        const x = new Uint8Array(g);
+        x.set(c, r ? 0 : x.length - c.length), c = x;
+      }
+      if (c.length !== g)
+        throw new Error("Field.fromBytes: expected " + g + " bytes, got " + c.length);
+      let B = r ? Mt(c) : ht(c);
+      if (i && (B = k(B, e)), !h && !I.isValid(B))
+        throw new Error("invalid field element: outside of range 0..ORDER");
+      return B;
+    },
+    // TODO: we don't need it here, move out to separate fn
+    invertBatch: (c) => te(I, c),
+    // We can't move this out because Fp6, Fp12 implement it
+    // and it's unclear what to return in there.
+    cmov: (c, h, B) => B ? h : c
+  });
+  return Object.freeze(I);
+}
+function ne(e) {
+  if (typeof e != "bigint")
+    throw new Error("field order must be bigint");
+  const n = e.toString(2).length;
+  return Math.ceil(n / 8);
+}
+function re(e) {
+  const n = ne(e);
+  return n + Math.ceil(n / 2);
+}
+function Ze(e, n, r = !1) {
+  const t = e.length, f = ne(n), o = re(n);
+  if (t < 16 || t < o || t > 1024)
+    throw new Error("expected " + o + "-1024 bytes of input, got " + t);
+  const i = r ? Mt(e) : ht(e), l = k(i, n - j) + j;
+  return r ? zt(l, f) : Nt(l, f);
+}
+class fe extends ge {
+  constructor(n, r) {
+    super(), this.finished = !1, this.destroyed = !1, Yt(n);
+    const t = be(r);
+    if (this.iHash = n.create(), typeof this.iHash.update != "function")
+      throw new Error("Expected instance of class which extends utils.Hash");
+    this.blockLen = this.iHash.blockLen, this.outputLen = this.iHash.outputLen;
+    const f = this.blockLen, o = new Uint8Array(f);
+    o.set(t.length > f ? n.create().update(t).digest() : t);
+    for (let i = 0; i < o.length; i++)
+      o[i] ^= 54;
+    this.iHash.update(o), this.oHash = n.create();
+    for (let i = 0; i < o.length; i++)
+      o[i] ^= 106;
+    this.oHash.update(o), ye(o);
+  }
+  update(n) {
+    return Zt(this), this.iHash.update(n), this;
+  }
+  digestInto(n) {
+    Zt(this), Kt(n, this.outputLen), this.finished = !0, this.iHash.digestInto(n), this.oHash.update(n), this.oHash.digestInto(n), this.destroy();
+  }
+  digest() {
+    const n = new Uint8Array(this.oHash.outputLen);
+    return this.digestInto(n), n;
+  }
+  _cloneInto(n) {
+    n || (n = Object.create(Object.getPrototypeOf(this), {}));
+    const { oHash: r, iHash: t, finished: f, destroyed: o, blockLen: i, outputLen: l } = this;
+    return n = n, n.finished = f, n.destroyed = o, n.blockLen = i, n.outputLen = l, n.oHash = r._cloneInto(n.oHash), n.iHash = t._cloneInto(n.iHash), n;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+  destroy() {
+    this.destroyed = !0, this.oHash.destroy(), this.iHash.destroy();
+  }
+}
+const oe = (e, n, r) => new fe(e, n).update(r).digest();
+oe.create = (e, n) => new fe(e, n);
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const nt = BigInt(0), F = BigInt(1);
+function dt(e, n) {
+  const r = n.negate();
+  return e ? r : n;
+}
+function yt(e, n) {
+  const r = te(e.Fp, n.map((t) => t.Z));
+  return n.map((t, f) => e.fromAffine(t.toAffine(r[f])));
+}
+function ie(e, n) {
+  if (!Number.isSafeInteger(e) || e <= 0 || e > n)
+    throw new Error("invalid window size, expected [1.." + n + "], got W=" + e);
+}
+function mt(e, n) {
+  ie(e, n);
+  const r = Math.ceil(n / e) + 1, t = 2 ** (e - 1), f = 2 ** e, o = ft(e), i = BigInt(e);
+  return { windows: r, windowSize: t, mask: o, maxNumber: f, shiftBy: i };
+}
+function Vt(e, n, r) {
+  const { windowSize: t, mask: f, maxNumber: o, shiftBy: i } = r;
+  let l = Number(e & f), u = e >> i;
+  l > t && (l -= o, u += F);
+  const g = n * t, p = g + Math.abs(l) - 1, I = l === 0, c = l < 0, h = n % 2 !== 0;
+  return { nextN: u, offset: p, isZero: I, isNeg: c, isNegF: h, offsetF: g };
+}
+function He(e, n) {
+  if (!Array.isArray(e))
+    throw new Error("array expected");
+  e.forEach((r, t) => {
+    if (!(r instanceof n))
+      throw new Error("invalid point at index " + t);
+  });
+}
+function Ue(e, n) {
+  if (!Array.isArray(e))
+    throw new Error("array of scalars expected");
+  e.forEach((r, t) => {
+    if (!n.isValid(r))
+      throw new Error("invalid scalar at index " + t);
+  });
+}
+const pt = /* @__PURE__ */ new WeakMap(), se = /* @__PURE__ */ new WeakMap();
+function Et(e) {
+  return se.get(e) || 1;
+}
+function Tt(e) {
+  if (e !== nt)
+    throw new Error("invalid wNAF");
+}
+class Le {
+  // Parametrized with a given Point class (not individual point)
+  constructor(n, r) {
+    this.BASE = n.BASE, this.ZERO = n.ZERO, this.Fn = n.Fn, this.bits = r;
+  }
+  // non-const time multiplication ladder
+  _unsafeLadder(n, r, t = this.ZERO) {
+    let f = n;
+    for (; r > nt; )
+      r & F && (t = t.add(f)), f = f.double(), r >>= F;
+    return t;
+  }
+  /**
+   * Creates a wNAF precomputation window. Used for caching.
+   * Default window size is set by `utils.precompute()` and is equal to 8.
+   * Number of precomputed points depends on the curve size:
+   * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
+   * - 𝑊 is the window size
+   * - 𝑛 is the bitlength of the curve order.
+   * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
+   * @param point Point instance
+   * @param W window size
+   * @returns precomputed point tables flattened to a single array
+   */
+  precomputeWindow(n, r) {
+    const { windows: t, windowSize: f } = mt(r, this.bits), o = [];
+    let i = n, l = i;
+    for (let u = 0; u < t; u++) {
+      l = i, o.push(l);
+      for (let g = 1; g < f; g++)
+        l = l.add(i), o.push(l);
+      i = l.double();
+    }
+    return o;
+  }
+  /**
+   * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
+   * More compact implementation:
+   * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
+   * @returns real and fake (for const-time) points
+   */
+  wNAF(n, r, t) {
+    if (!this.Fn.isValid(t))
+      throw new Error("invalid scalar");
+    let f = this.ZERO, o = this.BASE;
+    const i = mt(n, this.bits);
+    for (let l = 0; l < i.windows; l++) {
+      const { nextN: u, offset: g, isZero: p, isNeg: I, isNegF: c, offsetF: h } = Vt(t, l, i);
+      t = u, p ? o = o.add(dt(c, r[h])) : f = f.add(dt(I, r[g]));
+    }
+    return Tt(t), { p: f, f: o };
+  }
+  /**
+   * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
+   * @param acc accumulator point to add result of multiplication
+   * @returns point
+   */
+  wNAFUnsafe(n, r, t, f = this.ZERO) {
+    const o = mt(n, this.bits);
+    for (let i = 0; i < o.windows && t !== nt; i++) {
+      const { nextN: l, offset: u, isZero: g, isNeg: p } = Vt(t, i, o);
+      if (t = l, !g) {
+        const I = r[u];
+        f = f.add(p ? I.negate() : I);
+      }
+    }
+    return Tt(t), f;
+  }
+  getPrecomputes(n, r, t) {
+    let f = pt.get(r);
+    return f || (f = this.precomputeWindow(r, n), n !== 1 && (typeof t == "function" && (f = t(f)), pt.set(r, f))), f;
+  }
+  cached(n, r, t) {
+    const f = Et(n);
+    return this.wNAF(f, this.getPrecomputes(f, n, t), r);
+  }
+  unsafe(n, r, t, f) {
+    const o = Et(n);
+    return o === 1 ? this._unsafeLadder(n, r, f) : this.wNAFUnsafe(o, this.getPrecomputes(o, n, t), r, f);
+  }
+  // We calculate precomputes for elliptic curve point multiplication
+  // using windowed method. This specifies window size and
+  // stores precomputed values. Usually only base point would be precomputed.
+  createCache(n, r) {
+    ie(r, this.bits), se.set(n, r), pt.delete(n);
+  }
+  hasCache(n) {
+    return Et(n) !== 1;
+  }
+}
+function Ve(e, n, r, t) {
+  let f = n, o = e.ZERO, i = e.ZERO;
+  for (; r > nt || t > nt; )
+    r & F && (o = o.add(f)), t & F && (i = i.add(f)), f = f.double(), r >>= F, t >>= F;
+  return { p1: o, p2: i };
+}
+function Te(e, n, r, t) {
+  He(r, e), Ue(t, n);
+  const f = r.length, o = t.length;
+  if (f !== o)
+    throw new Error("arrays of points and scalars must have equal length");
+  const i = e.ZERO, l = Xt(BigInt(f));
+  let u = 1;
+  l > 12 ? u = l - 3 : l > 4 ? u = l - 2 : l > 0 && (u = 2);
+  const g = ft(u), p = new Array(Number(g) + 1).fill(i), I = Math.floor((n.BITS - 1) / u) * u;
+  let c = i;
+  for (let h = I; h >= 0; h -= u) {
+    p.fill(i);
+    for (let x = 0; x < o; x++) {
+      const q = t[x], L = Number(q >> BigInt(h) & g);
+      p[L] = p[L].add(r[x]);
+    }
+    let B = i;
+    for (let x = p.length - 1, q = i; x > 0; x--)
+      q = q.add(p[x]), B = B.add(q);
+    if (c = c.add(B), h !== 0)
+      for (let x = 0; x < u; x++)
+        c = c.double();
+  }
+  return c;
+}
+function jt(e, n, r) {
+  if (n) {
+    if (n.ORDER !== e)
+      throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
+    return qe(n), n;
+  } else
+    return W(e, { isLE: r });
+}
+function je(e, n, r = {}, t) {
+  if (t === void 0 && (t = e === "edwards"), !n || typeof n != "object")
+    throw new Error(`expected valid ${e} CURVE object`);
+  for (const u of ["p", "n", "h"]) {
+    const g = n[u];
+    if (!(typeof g == "bigint" && g > nt))
+      throw new Error(`CURVE.${u} must be positive bigint`);
+  }
+  const f = jt(n.p, r.Fp, t), o = jt(n.n, r.Fn, t), l = ["Gx", "Gy", "a", "b"];
+  for (const u of l)
+    if (!f.isValid(n[u]))
+      throw new Error(`CURVE.${u} must be valid field element of CURVE.Fp`);
+  return n = Object.freeze(Object.assign({}, n)), { CURVE: n, Fp: f, Fn: o };
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const $t = (e, n) => (e + (e >= 0 ? n : -n) / ce) / n;
+function $e(e, n, r) {
+  const [[t, f], [o, i]] = n, l = $t(i * e, r), u = $t(-f * e, r);
+  let g = e - l * t - u * o, p = -l * f - u * i;
+  const I = g < M, c = p < M;
+  I && (g = -g), c && (p = -p);
+  const h = ft(Math.ceil(Xt(r) / 2)) + et;
+  if (g < M || g >= h || p < M || p >= h)
+    throw new Error("splitScalar (endomorphism): failed, k=" + e);
+  return { k1neg: I, k1: g, k2neg: c, k2: p };
+}
+function xt(e) {
+  if (!["compact", "recovered", "der"].includes(e))
+    throw new Error('Signature format must be "compact", "recovered", or "der"');
+  return e;
+}
+function Bt(e, n) {
+  const r = {};
+  for (let t of Object.keys(n))
+    r[t] = e[t] === void 0 ? n[t] : e[t];
+  return lt(r.lowS, "lowS"), lt(r.prehash, "prehash"), r.format !== void 0 && xt(r.format), r;
+}
+class Ke extends Error {
+  constructor(n = "") {
+    super(n);
+  }
+}
+const C = {
+  // asn.1 DER encoding utils
+  Err: Ke,
+  // Basic building block is TLV (Tag-Length-Value)
+  _tlv: {
+    encode: (e, n) => {
+      const { Err: r } = C;
+      if (e < 0 || e > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (n.length & 1)
+        throw new r("tlv.encode: unpadded data");
+      const t = n.length / 2, f = ct(t);
+      if (f.length / 2 & 128)
+        throw new r("tlv.encode: long form length too big");
+      const o = t > 127 ? ct(f.length / 2 | 128) : "";
+      return ct(e) + o + f + n;
+    },
+    // v - value, l - left bytes (unparsed)
+    decode(e, n) {
+      const { Err: r } = C;
+      let t = 0;
+      if (e < 0 || e > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (n.length < 2 || n[t++] !== e)
+        throw new r("tlv.decode: wrong tlv");
+      const f = n[t++], o = !!(f & 128);
+      let i = 0;
+      if (!o)
+        i = f;
+      else {
+        const u = f & 127;
+        if (!u)
+          throw new r("tlv.decode(long): indefinite length not supported");
+        if (u > 4)
+          throw new r("tlv.decode(long): byte length is too big");
+        const g = n.subarray(t, t + u);
+        if (g.length !== u)
+          throw new r("tlv.decode: length bytes not complete");
+        if (g[0] === 0)
+          throw new r("tlv.decode(long): zero leftmost byte");
+        for (const p of g)
+          i = i << 8 | p;
+        if (t += u, i < 128)
+          throw new r("tlv.decode(long): not minimal encoding");
+      }
+      const l = n.subarray(t, t + i);
+      if (l.length !== i)
+        throw new r("tlv.decode: wrong value length");
+      return { v: l, l: n.subarray(t + i) };
+    }
+  },
+  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
+  // since we always use positive integers here. It must always be empty:
+  // - add zero byte if exists
+  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
+  _int: {
+    encode(e) {
+      const { Err: n } = C;
+      if (e < M)
+        throw new n("integer: negative integers are not allowed");
+      let r = ct(e);
+      if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1)
+        throw new n("unexpected DER parsing assertion: unpadded hex");
+      return r;
+    },
+    decode(e) {
+      const { Err: n } = C;
+      if (e[0] & 128)
+        throw new n("invalid signature integer: negative");
+      if (e[0] === 0 && !(e[1] & 128))
+        throw new n("invalid signature integer: unnecessary leading zero");
+      return ht(e);
+    }
+  },
+  toSig(e) {
+    const { Err: n, _int: r, _tlv: t } = C, f = K("signature", e), { v: o, l: i } = t.decode(48, f);
+    if (i.length)
+      throw new n("invalid signature: left bytes after parsing");
+    const { v: l, l: u } = t.decode(2, o), { v: g, l: p } = t.decode(2, u);
+    if (p.length)
+      throw new n("invalid signature: left bytes after parsing");
+    return { r: r.decode(l), s: r.decode(g) };
+  },
+  hexFromSig(e) {
+    const { _tlv: n, _int: r } = C, t = n.encode(2, r.encode(e.r)), f = n.encode(2, r.encode(e.s)), o = t + f;
+    return n.encode(48, o);
+  }
+}, M = BigInt(0), et = BigInt(1), ce = BigInt(2), at = BigInt(3), Ye = BigInt(4);
+function J(e, n) {
+  const { BYTES: r } = e;
+  let t;
+  if (typeof n == "bigint")
+    t = n;
+  else {
+    let f = K("private key", n);
+    try {
+      t = e.fromBytes(f);
+    } catch {
+      throw new Error(`invalid private key: expected ui8a of size ${r}, got ${typeof n}`);
+    }
+  }
+  if (!e.isValidNot0(t))
+    throw new Error("invalid private key: out of range [1..N-1]");
+  return t;
+}
+function ke(e, n = {}) {
+  const r = je("weierstrass", e, n), { Fp: t, Fn: f } = r;
+  let o = r.CURVE;
+  const { h: i, n: l } = o;
+  Rt(n, {}, {
+    allowInfinityPoint: "boolean",
+    clearCofactor: "function",
+    isTorsionFree: "function",
+    fromBytes: "function",
+    toBytes: "function",
+    endo: "object",
+    wrapPrivateKey: "boolean"
+  });
+  const { endo: u } = n;
+  if (u && (!t.is0(o.a) || typeof u.beta != "bigint" || !Array.isArray(u.basises)))
+    throw new Error('invalid endo: expected "beta": bigint and "basises": array');
+  const g = ue(t, f);
+  function p() {
+    if (!t.isOdd)
+      throw new Error("compression is not supported: Field does not have .isOdd()");
+  }
+  function I(A, d, a) {
+    const { x: s, y: w } = d.toAffine(), b = t.toBytes(s);
+    if (lt(a, "isCompressed"), a) {
+      p();
+      const E = !t.isOdd(w);
+      return z(ae(E), b);
+    } else
+      return z(Uint8Array.of(4), b, t.toBytes(w));
+  }
+  function c(A) {
+    D(A, void 0, "Point");
+    const { publicKey: d, publicKeyUncompressed: a } = g, s = A.length, w = A[0], b = A.subarray(1);
+    if (s === d && (w === 2 || w === 3)) {
+      const E = t.fromBytes(b);
+      if (!t.isValid(E))
+        throw new Error("bad point: is not on curve, wrong x");
+      const m = x(E);
+      let y;
+      try {
+        y = t.sqrt(m);
+      } catch (H) {
+        const O = H instanceof Error ? ": " + H.message : "";
+        throw new Error("bad point: is not on curve, sqrt error" + O);
+      }
+      p();
+      const v = t.isOdd(y);
+      return (w & 1) === 1 !== v && (y = t.neg(y)), { x: E, y };
+    } else if (s === a && w === 4) {
+      const E = t.BYTES, m = t.fromBytes(b.subarray(0, E)), y = t.fromBytes(b.subarray(E, E * 2));
+      if (!q(m, y))
+        throw new Error("bad point: is not on curve");
+      return { x: m, y };
+    } else
+      throw new Error(`bad point: got length ${s}, expected compressed=${d} or uncompressed=${a}`);
+  }
+  const h = n.toBytes || I, B = n.fromBytes || c;
+  function x(A) {
+    const d = t.sqr(A), a = t.mul(d, A);
+    return t.add(t.add(a, t.mul(A, o.a)), o.b);
+  }
+  function q(A, d) {
+    const a = t.sqr(d), s = x(A);
+    return t.eql(a, s);
+  }
+  if (!q(o.Gx, o.Gy))
+    throw new Error("bad curve params: generator point");
+  const L = t.mul(t.pow(o.a, at), Ye), wt = t.mul(t.sqr(o.b), BigInt(27));
+  if (t.is0(t.add(L, wt)))
+    throw new Error("bad curve params: a or b");
+  function V(A, d, a = !1) {
+    if (!t.isValid(d) || a && t.is0(d))
+      throw new Error(`bad point coordinate ${A}`);
+    return d;
+  }
+  function rt(A) {
+    if (!(A instanceof N))
+      throw new Error("ProjectivePoint expected");
+  }
+  function P(A) {
+    if (!u || !u.basises)
+      throw new Error("no endo");
+    return $e(A, u.basises, f.ORDER);
+  }
+  const gt = Ht((A, d) => {
+    const { X: a, Y: s, Z: w } = A;
+    if (t.eql(w, t.ONE))
+      return { x: a, y: s };
+    const b = A.is0();
+    d == null && (d = b ? t.ONE : t.inv(w));
+    const E = t.mul(a, d), m = t.mul(s, d), y = t.mul(w, d);
+    if (b)
+      return { x: t.ZERO, y: t.ZERO };
+    if (!t.eql(y, t.ONE))
+      throw new Error("invZ was invalid");
+    return { x: E, y: m };
+  }), ot = Ht((A) => {
+    if (A.is0()) {
+      if (n.allowInfinityPoint && !t.is0(A.Y))
+        return;
+      throw new Error("bad point: ZERO");
+    }
+    const { x: d, y: a } = A.toAffine();
+    if (!t.isValid(d) || !t.isValid(a))
+      throw new Error("bad point: x or y not field elements");
+    if (!q(d, a))
+      throw new Error("bad point: equation left != right");
+    if (!A.isTorsionFree())
+      throw new Error("bad point: not in prime-order subgroup");
+    return !0;
+  });
+  function Q(A, d, a, s, w) {
+    return a = new N(t.mul(a.X, A), a.Y, a.Z), d = dt(s, d), a = dt(w, a), d.add(a);
+  }
+  class N {
+    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
+    constructor(d, a, s) {
+      this.X = V("x", d), this.Y = V("y", a, !0), this.Z = V("z", s), Object.freeze(this);
+    }
+    static CURVE() {
+      return o;
+    }
+    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
+    static fromAffine(d) {
+      const { x: a, y: s } = d || {};
+      if (!d || !t.isValid(a) || !t.isValid(s))
+        throw new Error("invalid affine point");
+      if (d instanceof N)
+        throw new Error("projective point not allowed");
+      return t.is0(a) && t.is0(s) ? N.ZERO : new N(a, s, t.ONE);
+    }
+    static fromBytes(d) {
+      const a = N.fromAffine(B(D(d, void 0, "point")));
+      return a.assertValidity(), a;
+    }
+    static fromHex(d) {
+      return N.fromBytes(K("pointHex", d));
+    }
+    get x() {
+      return this.toAffine().x;
+    }
+    get y() {
+      return this.toAffine().y;
+    }
+    /**
+     *
+     * @param windowSize
+     * @param isLazy true will defer table computation until the first multiplication
+     * @returns
+     */
+    precompute(d = 8, a = !0) {
+      return X.createCache(this, d), a || this.multiply(at), this;
+    }
+    // TODO: return `this`
+    /** A point on curve is valid if it conforms to equation. */
+    assertValidity() {
+      ot(this);
+    }
+    hasEvenY() {
+      const { y: d } = this.toAffine();
+      if (!t.isOdd)
+        throw new Error("Field doesn't support isOdd");
+      return !t.isOdd(d);
+    }
+    /** Compare one point to another. */
+    equals(d) {
+      rt(d);
+      const { X: a, Y: s, Z: w } = this, { X: b, Y: E, Z: m } = d, y = t.eql(t.mul(a, m), t.mul(b, w)), v = t.eql(t.mul(s, m), t.mul(E, w));
+      return y && v;
+    }
+    /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
+    negate() {
+      return new N(this.X, t.neg(this.Y), this.Z);
+    }
+    // Renes-Costello-Batina exception-free doubling formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 3
+    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
+    double() {
+      const { a: d, b: a } = o, s = t.mul(a, at), { X: w, Y: b, Z: E } = this;
+      let m = t.ZERO, y = t.ZERO, v = t.ZERO, S = t.mul(w, w), H = t.mul(b, b), O = t.mul(E, E), R = t.mul(w, b);
+      return R = t.add(R, R), v = t.mul(w, E), v = t.add(v, v), m = t.mul(d, v), y = t.mul(s, O), y = t.add(m, y), m = t.sub(H, y), y = t.add(H, y), y = t.mul(m, y), m = t.mul(R, m), v = t.mul(s, v), O = t.mul(d, O), R = t.sub(S, O), R = t.mul(d, R), R = t.add(R, v), v = t.add(S, S), S = t.add(v, S), S = t.add(S, O), S = t.mul(S, R), y = t.add(y, S), O = t.mul(b, E), O = t.add(O, O), S = t.mul(O, R), m = t.sub(m, S), v = t.mul(O, H), v = t.add(v, v), v = t.add(v, v), new N(m, y, v);
+    }
+    // Renes-Costello-Batina exception-free addition formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 1
+    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
+    add(d) {
+      rt(d);
+      const { X: a, Y: s, Z: w } = this, { X: b, Y: E, Z: m } = d;
+      let y = t.ZERO, v = t.ZERO, S = t.ZERO;
+      const H = o.a, O = t.mul(o.b, at);
+      let R = t.mul(a, b), _ = t.mul(s, E), U = t.mul(w, m), $ = t.add(a, s), Z = t.add(b, E);
+      $ = t.mul($, Z), Z = t.add(R, _), $ = t.sub($, Z), Z = t.add(a, w);
+      let T = t.add(b, m);
+      return Z = t.mul(Z, T), T = t.add(R, U), Z = t.sub(Z, T), T = t.add(s, w), y = t.add(E, m), T = t.mul(T, y), y = t.add(_, U), T = t.sub(T, y), S = t.mul(H, Z), y = t.mul(O, U), S = t.add(y, S), y = t.sub(_, S), S = t.add(_, S), v = t.mul(y, S), _ = t.add(R, R), _ = t.add(_, R), U = t.mul(H, U), Z = t.mul(O, Z), _ = t.add(_, U), U = t.sub(R, U), U = t.mul(H, U), Z = t.add(Z, U), R = t.mul(_, Z), v = t.add(v, R), R = t.mul(T, Z), y = t.mul($, y), y = t.sub(y, R), R = t.mul($, _), S = t.mul(T, S), S = t.add(S, R), new N(y, v, S);
+    }
+    subtract(d) {
+      return this.add(d.negate());
+    }
+    is0() {
+      return this.equals(N.ZERO);
+    }
+    /**
+     * Constant time multiplication.
+     * Uses wNAF method. Windowed method may be 10% faster,
+     * but takes 2x longer to generate and consumes 2x memory.
+     * Uses precomputes when available.
+     * Uses endomorphism for Koblitz curves.
+     * @param scalar by which the point would be multiplied
+     * @returns New point
+     */
+    multiply(d) {
+      const { endo: a } = n;
+      if (!f.isValidNot0(d))
+        throw new Error("invalid scalar: out of range");
+      let s, w;
+      const b = (E) => X.cached(this, E, (m) => yt(N, m));
+      if (a) {
+        const { k1neg: E, k1: m, k2neg: y, k2: v } = P(d), { p: S, f: H } = b(m), { p: O, f: R } = b(v);
+        w = H.add(R), s = Q(a.beta, S, O, E, y);
+      } else {
+        const { p: E, f: m } = b(d);
+        s = E, w = m;
+      }
+      return yt(N, [s, w])[0];
+    }
+    /**
+     * Non-constant-time multiplication. Uses double-and-add algorithm.
+     * It's faster, but should only be used when you don't care about
+     * an exposed secret key e.g. sig verification, which works over *public* keys.
+     */
+    multiplyUnsafe(d) {
+      const { endo: a } = n, s = this;
+      if (!f.isValid(d))
+        throw new Error("invalid scalar: out of range");
+      if (d === M || s.is0())
+        return N.ZERO;
+      if (d === et)
+        return s;
+      if (X.hasCache(this))
+        return this.multiply(d);
+      if (a) {
+        const { k1neg: w, k1: b, k2neg: E, k2: m } = P(d), { p1: y, p2: v } = Ve(N, s, b, m);
+        return Q(a.beta, y, v, w, E);
+      } else
+        return X.unsafe(s, d);
+    }
+    multiplyAndAddUnsafe(d, a, s) {
+      const w = this.multiplyUnsafe(a).add(d.multiplyUnsafe(s));
+      return w.is0() ? void 0 : w;
+    }
+    /**
+     * Converts Projective point to affine (x, y) coordinates.
+     * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
+     */
+    toAffine(d) {
+      return gt(this, d);
+    }
+    /**
+     * Checks whether Point is free of torsion elements (is in prime subgroup).
+     * Always torsion-free for cofactor=1 curves.
+     */
+    isTorsionFree() {
+      const { isTorsionFree: d } = n;
+      return i === et ? !0 : d ? d(N, this) : X.unsafe(this, l).is0();
+    }
+    clearCofactor() {
+      const { clearCofactor: d } = n;
+      return i === et ? this : d ? d(N, this) : this.multiplyUnsafe(i);
+    }
+    isSmallOrder() {
+      return this.multiplyUnsafe(i).is0();
+    }
+    toBytes(d = !0) {
+      return lt(d, "isCompressed"), this.assertValidity(), h(N, this, d);
+    }
+    toHex(d = !0) {
+      return tt(this.toBytes(d));
+    }
+    toString() {
+      return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
+    }
+    // TODO: remove
+    get px() {
+      return this.X;
+    }
+    get py() {
+      return this.X;
+    }
+    get pz() {
+      return this.Z;
+    }
+    toRawBytes(d = !0) {
+      return this.toBytes(d);
+    }
+    _setWindowSize(d) {
+      this.precompute(d);
+    }
+    static normalizeZ(d) {
+      return yt(N, d);
+    }
+    static msm(d, a) {
+      return Te(N, f, d, a);
+    }
+    static fromPrivateKey(d) {
+      return N.BASE.multiply(J(f, d));
+    }
+  }
+  N.BASE = new N(o.Gx, o.Gy, t.ONE), N.ZERO = new N(t.ZERO, t.ONE, t.ZERO), N.Fp = t, N.Fn = f;
+  const it = f.BITS, X = new Le(N, n.endo ? Math.ceil(it / 2) : it);
+  return N.BASE.precompute(8), N;
+}
+function ae(e) {
+  return Uint8Array.of(e ? 2 : 3);
+}
+function ue(e, n) {
+  return {
+    secretKey: n.BYTES,
+    publicKey: 1 + e.BYTES,
+    publicKeyUncompressed: 1 + 2 * e.BYTES,
+    publicKeyHasPrefix: !0,
+    signature: 2 * n.BYTES
+  };
+}
+function Ce(e, n = {}) {
+  const { Fn: r } = e, t = n.randomBytes || kt, f = Object.assign(ue(e.Fp, r), { seed: re(r.ORDER) });
+  function o(h) {
+    try {
+      return !!J(r, h);
+    } catch {
+      return !1;
+    }
+  }
+  function i(h, B) {
+    const { publicKey: x, publicKeyUncompressed: q } = f;
+    try {
+      const L = h.length;
+      return B === !0 && L !== x || B === !1 && L !== q ? !1 : !!e.fromBytes(h);
+    } catch {
+      return !1;
+    }
+  }
+  function l(h = t(f.seed)) {
+    return Ze(D(h, f.seed, "seed"), r.ORDER);
+  }
+  function u(h, B = !0) {
+    return e.BASE.multiply(J(r, h)).toBytes(B);
+  }
+  function g(h) {
+    const B = l(h);
+    return { secretKey: B, publicKey: u(B) };
+  }
+  function p(h) {
+    if (typeof h == "bigint")
+      return !1;
+    if (h instanceof e)
+      return !0;
+    const { secretKey: B, publicKey: x, publicKeyUncompressed: q } = f;
+    if (r.allowedLengths || B === x)
+      return;
+    const L = K("key", h).length;
+    return L === x || L === q;
+  }
+  function I(h, B, x = !0) {
+    if (p(h) === !0)
+      throw new Error("first arg must be private key");
+    if (p(B) === !1)
+      throw new Error("second arg must be public key");
+    const q = J(r, h);
+    return e.fromHex(B).multiply(q).toBytes(x);
+  }
+  return Object.freeze({ getPublicKey: u, getSharedSecret: I, keygen: g, Point: e, utils: {
+    isValidSecretKey: o,
+    isValidPublicKey: i,
+    randomSecretKey: l,
+    // TODO: remove
+    isValidPrivateKey: o,
+    randomPrivateKey: l,
+    normPrivateKeyToScalar: (h) => J(r, h),
+    precompute(h = 8, B = e.BASE) {
+      return B.precompute(h, !1);
+    }
+  }, lengths: f });
+}
+function Me(e, n, r = {}) {
+  Yt(n), Rt(r, {}, {
+    hmac: "function",
+    lowS: "boolean",
+    randomBytes: "function",
+    bits2int: "function",
+    bits2int_modN: "function"
+  });
+  const t = r.randomBytes || kt, f = r.hmac || ((a, ...s) => oe(n, a, z(...s))), { Fp: o, Fn: i } = e, { ORDER: l, BITS: u } = i, { keygen: g, getPublicKey: p, getSharedSecret: I, utils: c, lengths: h } = Ce(e, r), B = {
+    prehash: !1,
+    lowS: typeof r.lowS == "boolean" ? r.lowS : !1,
+    format: void 0,
+    //'compact' as ECDSASigFormat,
+    extraEntropy: !1
+  }, x = "compact";
+  function q(a) {
+    const s = l >> et;
+    return a > s;
+  }
+  function L(a, s) {
+    if (!i.isValidNot0(s))
+      throw new Error(`invalid signature ${a}: out of range 1..Point.Fn.ORDER`);
+    return s;
+  }
+  function wt(a, s) {
+    xt(s);
+    const w = h.signature, b = s === "compact" ? w : s === "recovered" ? w + 1 : void 0;
+    return D(a, b, `${s} signature`);
+  }
+  class V {
+    constructor(s, w, b) {
+      this.r = L("r", s), this.s = L("s", w), b != null && (this.recovery = b), Object.freeze(this);
+    }
+    static fromBytes(s, w = x) {
+      wt(s, w);
+      let b;
+      if (w === "der") {
+        const { r: v, s: S } = C.toSig(D(s));
+        return new V(v, S);
+      }
+      w === "recovered" && (b = s[0], w = "compact", s = s.subarray(1));
+      const E = i.BYTES, m = s.subarray(0, E), y = s.subarray(E, E * 2);
+      return new V(i.fromBytes(m), i.fromBytes(y), b);
+    }
+    static fromHex(s, w) {
+      return this.fromBytes(ut(s), w);
+    }
+    addRecoveryBit(s) {
+      return new V(this.r, this.s, s);
+    }
+    recoverPublicKey(s) {
+      const w = o.ORDER, { r: b, s: E, recovery: m } = this;
+      if (m == null || ![0, 1, 2, 3].includes(m))
+        throw new Error("recovery id invalid");
+      if (l * ce < w && m > 1)
+        throw new Error("recovery id is ambiguous for h>1 curve");
+      const v = m === 2 || m === 3 ? b + l : b;
+      if (!o.isValid(v))
+        throw new Error("recovery id 2 or 3 invalid");
+      const S = o.toBytes(v), H = e.fromBytes(z(ae((m & 1) === 0), S)), O = i.inv(v), R = P(K("msgHash", s)), _ = i.create(-R * O), U = i.create(E * O), $ = e.BASE.multiplyUnsafe(_).add(H.multiplyUnsafe(U));
+      if ($.is0())
+        throw new Error("point at infinify");
+      return $.assertValidity(), $;
+    }
+    // Signatures should be low-s, to prevent malleability.
+    hasHighS() {
+      return q(this.s);
+    }
+    toBytes(s = x) {
+      if (xt(s), s === "der")
+        return ut(C.hexFromSig(this));
+      const w = i.toBytes(this.r), b = i.toBytes(this.s);
+      if (s === "recovered") {
+        if (this.recovery == null)
+          throw new Error("recovery bit must be present");
+        return z(Uint8Array.of(this.recovery), w, b);
+      }
+      return z(w, b);
+    }
+    toHex(s) {
+      return tt(this.toBytes(s));
+    }
+    // TODO: remove
+    assertValidity() {
+    }
+    static fromCompact(s) {
+      return V.fromBytes(K("sig", s), "compact");
+    }
+    static fromDER(s) {
+      return V.fromBytes(K("sig", s), "der");
+    }
+    normalizeS() {
+      return this.hasHighS() ? new V(this.r, i.neg(this.s), this.recovery) : this;
+    }
+    toDERRawBytes() {
+      return this.toBytes("der");
+    }
+    toDERHex() {
+      return tt(this.toBytes("der"));
+    }
+    toCompactRawBytes() {
+      return this.toBytes("compact");
+    }
+    toCompactHex() {
+      return tt(this.toBytes("compact"));
+    }
+  }
+  const rt = r.bits2int || function(s) {
+    if (s.length > 8192)
+      throw new Error("input is too large");
+    const w = ht(s), b = s.length * 8 - u;
+    return b > 0 ? w >> BigInt(b) : w;
+  }, P = r.bits2int_modN || function(s) {
+    return i.create(rt(s));
+  }, gt = ft(u);
+  function ot(a) {
+    return ve("num < 2^" + u, a, M, gt), i.toBytes(a);
+  }
+  function Q(a, s) {
+    return D(a, void 0, "message"), s ? D(n(a), void 0, "prehashed message") : a;
+  }
+  function N(a, s, w) {
+    if (["recovered", "canonical"].some((_) => _ in w))
+      throw new Error("sign() legacy options not supported");
+    const { lowS: b, prehash: E, extraEntropy: m } = Bt(w, B);
+    a = Q(a, E);
+    const y = P(a), v = J(i, s), S = [ot(v), ot(y)];
+    if (m != null && m !== !1) {
+      const _ = m === !0 ? t(h.secretKey) : m;
+      S.push(K("extraEntropy", _));
+    }
+    const H = z(...S), O = y;
+    function R(_) {
+      const U = rt(_);
+      if (!i.isValidNot0(U))
+        return;
+      const $ = i.inv(U), Z = e.BASE.multiply(U).toAffine(), T = i.create(Z.x);
+      if (T === M)
+        return;
+      const st = i.create($ * i.create(O + T * v));
+      if (st === M)
+        return;
+      let qt = (Z.x === T ? 0 : 2) | Number(Z.y & et), _t = st;
+      return b && q(st) && (_t = i.neg(st), qt ^= 1), new V(T, _t, qt);
+    }
+    return { seed: H, k2sig: R };
+  }
+  function it(a, s, w = {}) {
+    a = K("message", a);
+    const { seed: b, k2sig: E } = N(a, s, w);
+    return xe(n.outputLen, i.BYTES, f)(b, E);
+  }
+  function X(a) {
+    let s;
+    const w = typeof a == "string" || St(a), b = !w && a !== null && typeof a == "object" && typeof a.r == "bigint" && typeof a.s == "bigint";
+    if (!w && !b)
+      throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
+    if (b)
+      s = new V(a.r, a.s);
+    else if (w) {
+      try {
+        s = V.fromBytes(K("sig", a), "der");
+      } catch (E) {
+        if (!(E instanceof C.Err))
+          throw E;
+      }
+      if (!s)
+        try {
+          s = V.fromBytes(K("sig", a), "compact");
+        } catch {
+          return !1;
+        }
+    }
+    return s || !1;
+  }
+  function A(a, s, w, b = {}) {
+    const { lowS: E, prehash: m, format: y } = Bt(b, B);
+    if (w = K("publicKey", w), s = Q(K("message", s), m), "strict" in b)
+      throw new Error("options.strict was renamed to lowS");
+    const v = y === void 0 ? X(a) : V.fromBytes(K("sig", a), y);
+    if (v === !1)
+      return !1;
+    try {
+      const S = e.fromBytes(w);
+      if (E && v.hasHighS())
+        return !1;
+      const { r: H, s: O } = v, R = P(s), _ = i.inv(O), U = i.create(R * _), $ = i.create(H * _), Z = e.BASE.multiplyUnsafe(U).add(S.multiplyUnsafe($));
+      return Z.is0() ? !1 : i.create(Z.x) === H;
+    } catch {
+      return !1;
+    }
+  }
+  function d(a, s, w = {}) {
+    const { prehash: b } = Bt(w, B);
+    return s = Q(s, b), V.fromBytes(a, "recovered").recoverPublicKey(s).toBytes();
+  }
+  return Object.freeze({
+    keygen: g,
+    getPublicKey: p,
+    getSharedSecret: I,
+    utils: c,
+    lengths: h,
+    Point: e,
+    sign: it,
+    verify: A,
+    recoverPublicKey: d,
+    Signature: V,
+    hash: n
+  });
+}
+function ze(e) {
+  const n = {
+    a: e.a,
+    b: e.b,
+    p: e.Fp.ORDER,
+    n: e.n,
+    h: e.h,
+    Gx: e.Gx,
+    Gy: e.Gy
+  }, r = e.Fp;
+  let t = e.allowedPrivateKeyLengths ? Array.from(new Set(e.allowedPrivateKeyLengths.map((i) => Math.ceil(i / 2)))) : void 0;
+  const f = W(n.n, {
+    BITS: e.nBitLength,
+    allowedLengths: t,
+    modFromBytes: e.wrapPrivateKey
+  }), o = {
+    Fp: r,
+    Fn: f,
+    allowInfinityPoint: e.allowInfinityPoint,
+    endo: e.endo,
+    isTorsionFree: e.isTorsionFree,
+    clearCofactor: e.clearCofactor,
+    fromBytes: e.fromBytes,
+    toBytes: e.toBytes
+  };
+  return { CURVE: n, curveOpts: o };
+}
+function Xe(e) {
+  const { CURVE: n, curveOpts: r } = ze(e), t = {
+    hmac: e.hmac,
+    randomBytes: e.randomBytes,
+    lowS: e.lowS,
+    bits2int: e.bits2int,
+    bits2int_modN: e.bits2int_modN
+  };
+  return { CURVE: n, curveOpts: r, hash: e.hash, ecdsaOpts: t };
+}
+function De(e, n) {
+  const r = n.Point;
+  return Object.assign({}, n, {
+    ProjectivePoint: r,
+    CURVE: Object.assign({}, e, ee(r.Fn.ORDER, r.Fn.BITS))
+  });
+}
+function Ge(e) {
+  const { CURVE: n, curveOpts: r, hash: t, ecdsaOpts: f } = Xe(e), o = ke(n, r), i = Me(o, t, f);
+  return De(e, i);
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function Ot(e, n) {
+  const r = (t) => Ge({ ...e, hash: t });
+  return { ...r(n), create: r };
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const le = {
+  p: BigInt("0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff"),
+  n: BigInt("0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551"),
+  h: BigInt(1),
+  a: BigInt("0xffffffff00000001000000000000000000000000fffffffffffffffffffffffc"),
+  b: BigInt("0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b"),
+  Gx: BigInt("0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296"),
+  Gy: BigInt("0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5")
+}, de = {
+  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff"),
+  n: BigInt("0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973"),
+  h: BigInt(1),
+  a: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000fffffffc"),
+  b: BigInt("0xb3312fa7e23ee7e4988e056be3f82d19181d9c6efe8141120314088f5013875ac656398d8a2ed19d2a85c8edd3ec2aef"),
+  Gx: BigInt("0xaa87ca22be8b05378eb1c71ef320ad746e1d3b628ba79b9859f741e082542a385502f25dbf55296c3a545e3872760ab7"),
+  Gy: BigInt("0x3617de4a96262c6f5d9e98bf9292dc29f8f41dbd289a147ce9da3113b5f0b8c00a60b1ce1d7e819d7a431d7c90ea0e5f")
+}, he = {
+  p: BigInt("0x1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"),
+  n: BigInt("0x01fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffa51868783bf2f966b7fcc0148f709a5d03bb5c9b8899c47aebb6fb71e91386409"),
+  h: BigInt(1),
+  a: BigInt("0x1fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffc"),
+  b: BigInt("0x0051953eb9618e1c9a1f929a21a0b68540eea2da725b99b315f3b8b489918ef109e156193951ec7e937b1652c0bd3bb1bf073573df883d2c34f1ef451fd46b503f00"),
+  Gx: BigInt("0x00c6858e06b70404e9cd9e3ecb662395b4429c648139053fb521f828af606b4d3dbaa14b5e77efe75928fe1dc127a2ffa8de3348b3c1856a429bf97e7e31c2e5bd66"),
+  Gy: BigInt("0x011839296a789a3bc0045c8a5fb42c7d1bd998f54449579b446817afbd17273e662c97ee72995ef42640c550b9013fad0761353c7086a272c24088be94769fd16650")
+}, Fe = W(le.p), We = W(de.p), Pe = W(he.p), Qe = Ot({ ...le, Fp: Fe, lowS: !1 }, me);
+Ot({ ...de, Fp: We, lowS: !1 }, pe);
+Ot({ ...he, Fp: Pe, lowS: !1, allowedPrivateKeyLengths: [130, 131, 132] }, Ee);
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const tn = Qe;
+export {
+  tn as p256
+};
+//# sourceMappingURL=p256-D44eOAG2.js.map