@taquito/sapling 24.3.0-beta.0 → 24.3.0-beta.2

package/dist/taquito-sapling.umd.js

@@ -1,8 +1,8 @@
 (function (global, factory) {
-    typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('bignumber.js'), require('@taquito/taquito'), require('@taquito/utils'), require('@taquito/core'), require('@airgap/sapling-wasm'), require('blakejs'), require('@stablelib/nacl'), require('@stablelib/random'), require('typedarray-to-buffer'), require('pbkdf2'), require('bip39')) :
-    typeof define === 'function' && define.amd ? define(['exports', 'bignumber.js', '@taquito/taquito', '@taquito/utils', '@taquito/core', '@airgap/sapling-wasm', 'blakejs', '@stablelib/nacl', '@stablelib/random', 'typedarray-to-buffer', 'pbkdf2', 'bip39'], factory) :
-    (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.taquitoSapling = {}, global.BigNumber, global.taquito, global.utils, global.core, global.sapling, global.blake, global.nacl, global.random, global.toBuffer, global.pbkdf2, global.bip39));
-})(this, (function (exports, BigNumber, taquito, utils, core, sapling, blake, nacl, random, toBuffer, pbkdf2, bip39) { 'use strict';
+    typeof exports === 'object' && typeof module !== 'undefined' ? factory(exports, require('bignumber.js'), require('@taquito/taquito'), require('@taquito/utils'), require('@taquito/core'), require('@airgap/sapling-wasm'), require('blakejs'), require('@stablelib/nacl'), require('@stablelib/random'), require('typedarray-to-buffer')) :
+    typeof define === 'function' && define.amd ? define(['exports', 'bignumber.js', '@taquito/taquito', '@taquito/utils', '@taquito/core', '@airgap/sapling-wasm', 'blakejs', '@stablelib/nacl', '@stablelib/random', 'typedarray-to-buffer'], factory) :
+    (global = typeof globalThis !== 'undefined' ? globalThis : global || self, factory(global.taquitoSapling = {}, global.BigNumber, global.taquito, global.utils, global.core, global.sapling, global.blake, global.nacl, global.random, global.toBuffer));
+})(this, (function (exports, BigNumber, taquito, utils, core, sapling, blake, nacl, random, toBuffer) { 'use strict';
 
     function _interopNamespaceDefault(e) {
         var n = Object.create(null);
@@ -22,7 +22,6 @@
     }
 
     var sapling__namespace = /*#__PURE__*/_interopNamespaceDefault(sapling);
-    var bip39__namespace = /*#__PURE__*/_interopNamespaceDefault(bip39);
 
     /******************************************************************************
     Copyright (c) Microsoft Corporation.
@@ -908,6 +907,647 @@
     }
     _SaplingTransactionBuilder_inMemorySpendingKey = new WeakMap(), _SaplingTransactionBuilder_inMemoryProvingKey = new WeakMap(), _SaplingTransactionBuilder_saplingForger = new WeakMap(), _SaplingTransactionBuilder_contractAddress = new WeakMap(), _SaplingTransactionBuilder_saplingId = new WeakMap(), _SaplingTransactionBuilder_memoSize = new WeakMap(), _SaplingTransactionBuilder_readProvider = new WeakMap(), _SaplingTransactionBuilder_saplingWrapper = new WeakMap(), _SaplingTransactionBuilder_chainId = new WeakMap(), _SaplingTransactionBuilder_saplingState = new WeakMap();
 
+    /**
+     * Utilities for hex, bytes, CSPRNG.
+     * @module
+     */
+    /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+    /** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */
+    function isBytes(a) {
+        return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
+    }
+    /** Asserts something is positive integer. */
+    function anumber(n, title = '') {
+        if (!Number.isSafeInteger(n) || n < 0) {
+            const prefix = title && `"${title}" `;
+            throw new Error(`${prefix}expected integer >= 0, got ${n}`);
+        }
+    }
+    /** Asserts something is Uint8Array. */
+    function abytes(value, length, title = '') {
+        const bytes = isBytes(value);
+        const len = value?.length;
+        const needsLen = length !== undefined;
+        if (!bytes || (needsLen && len !== length)) {
+            const prefix = title && `"${title}" `;
+            const ofLen = needsLen ? ` of length ${length}` : '';
+            const got = bytes ? `length=${len}` : `type=${typeof value}`;
+            throw new Error(prefix + 'expected Uint8Array' + ofLen + ', got ' + got);
+        }
+        return value;
+    }
+    /** Asserts something is hash */
+    function ahash(h) {
+        if (typeof h !== 'function' || typeof h.create !== 'function')
+            throw new Error('Hash must wrapped by utils.createHasher');
+        anumber(h.outputLen);
+        anumber(h.blockLen);
+    }
+    /** Asserts a hash instance has not been destroyed / finished */
+    function aexists(instance, checkFinished = true) {
+        if (instance.destroyed)
+            throw new Error('Hash instance has been destroyed');
+        if (checkFinished && instance.finished)
+            throw new Error('Hash#digest() has already been called');
+    }
+    /** Asserts output is properly-sized byte array */
+    function aoutput(out, instance) {
+        abytes(out, undefined, 'digestInto() output');
+        const min = instance.outputLen;
+        if (out.length < min) {
+            throw new Error('"digestInto() output" expected to be of length >=' + min);
+        }
+    }
+    /** Zeroize a byte array. Warning: JS provides no guarantees. */
+    function clean(...arrays) {
+        for (let i = 0; i < arrays.length; i++) {
+            arrays[i].fill(0);
+        }
+    }
+    /** Create DataView of an array for easy byte-level manipulation. */
+    function createView(arr) {
+        return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+    }
+    /**
+     * There is no setImmediate in browser and setTimeout is slow.
+     * Call of async fn will return Promise, which will be fullfiled only on
+     * next scheduler queue processing step and this is exactly what we need.
+     */
+    const nextTick = async () => { };
+    /** Returns control to thread each 'tick' ms to avoid blocking. */
+    async function asyncLoop(iters, tick, cb) {
+        let ts = Date.now();
+        for (let i = 0; i < iters; i++) {
+            cb(i);
+            // Date.now() is not monotonic, so in case if clock goes backwards we return return control too
+            const diff = Date.now() - ts;
+            if (diff >= 0 && diff < tick)
+                continue;
+            await nextTick();
+            ts += diff;
+        }
+    }
+    /**
+     * Converts string to bytes using UTF8 encoding.
+     * Built-in doesn't validate input to be string: we do the check.
+     * @example utf8ToBytes('abc') // Uint8Array.from([97, 98, 99])
+     */
+    function utf8ToBytes(str) {
+        if (typeof str !== 'string')
+            throw new Error('string expected');
+        return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
+    }
+    /**
+     * Helper for KDFs: consumes uint8array or string.
+     * When string is passed, does utf8 decoding, using TextDecoder.
+     */
+    function kdfInputToBytes(data, errorTitle = '') {
+        if (typeof data === 'string')
+            return utf8ToBytes(data);
+        return abytes(data, undefined, errorTitle);
+    }
+    /** Merges default options and passed options. */
+    function checkOpts(defaults, opts) {
+        if (opts !== undefined && {}.toString.call(opts) !== '[object Object]')
+            throw new Error('options must be object or undefined');
+        const merged = Object.assign(defaults, opts);
+        return merged;
+    }
+    /** Creates function with outputLen, blockLen, create properties from a class constructor. */
+    function createHasher(hashCons, info = {}) {
+        const hashC = (msg, opts) => hashCons(opts).update(msg).digest();
+        const tmp = hashCons(undefined);
+        hashC.outputLen = tmp.outputLen;
+        hashC.blockLen = tmp.blockLen;
+        hashC.create = (opts) => hashCons(opts);
+        Object.assign(hashC, info);
+        return Object.freeze(hashC);
+    }
+    /** Creates OID opts for NIST hashes, with prefix 06 09 60 86 48 01 65 03 04 02. */
+    const oidNist = (suffix) => ({
+        oid: Uint8Array.from([0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, suffix]),
+    });
+
+    /**
+     * HMAC: RFC2104 message authentication code.
+     * @module
+     */
+    /** Internal class for HMAC. */
+    class _HMAC {
+        oHash;
+        iHash;
+        blockLen;
+        outputLen;
+        finished = false;
+        destroyed = false;
+        constructor(hash, key) {
+            ahash(hash);
+            abytes(key, undefined, 'key');
+            this.iHash = hash.create();
+            if (typeof this.iHash.update !== 'function')
+                throw new Error('Expected instance of class which extends utils.Hash');
+            this.blockLen = this.iHash.blockLen;
+            this.outputLen = this.iHash.outputLen;
+            const blockLen = this.blockLen;
+            const pad = new Uint8Array(blockLen);
+            // blockLen can be bigger than outputLen
+            pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
+            for (let i = 0; i < pad.length; i++)
+                pad[i] ^= 0x36;
+            this.iHash.update(pad);
+            // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone
+            this.oHash = hash.create();
+            // Undo internal XOR && apply outer XOR
+            for (let i = 0; i < pad.length; i++)
+                pad[i] ^= 0x36 ^ 0x5c;
+            this.oHash.update(pad);
+            clean(pad);
+        }
+        update(buf) {
+            aexists(this);
+            this.iHash.update(buf);
+            return this;
+        }
+        digestInto(out) {
+            aexists(this);
+            abytes(out, this.outputLen, 'output');
+            this.finished = true;
+            this.iHash.digestInto(out);
+            this.oHash.update(out);
+            this.oHash.digestInto(out);
+            this.destroy();
+        }
+        digest() {
+            const out = new Uint8Array(this.oHash.outputLen);
+            this.digestInto(out);
+            return out;
+        }
+        _cloneInto(to) {
+            // Create new instance without calling constructor since key already in state and we don't know it.
+            to ||= Object.create(Object.getPrototypeOf(this), {});
+            const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
+            to = to;
+            to.finished = finished;
+            to.destroyed = destroyed;
+            to.blockLen = blockLen;
+            to.outputLen = outputLen;
+            to.oHash = oHash._cloneInto(to.oHash);
+            to.iHash = iHash._cloneInto(to.iHash);
+            return to;
+        }
+        clone() {
+            return this._cloneInto();
+        }
+        destroy() {
+            this.destroyed = true;
+            this.oHash.destroy();
+            this.iHash.destroy();
+        }
+    }
+    /**
+     * HMAC: RFC2104 message authentication code.
+     * @param hash - function that would be used e.g. sha256
+     * @param key - message key
+     * @param message - message data
+     * @example
+     * import { hmac } from '@noble/hashes/hmac';
+     * import { sha256 } from '@noble/hashes/sha2';
+     * const mac1 = hmac(sha256, 'key', 'message');
+     */
+    const hmac = (hash, key, message) => new _HMAC(hash, key).update(message).digest();
+    hmac.create = (hash, key) => new _HMAC(hash, key);
+
+    /**
+     * PBKDF (RFC 2898). Can be used to create a key from password and salt.
+     * @module
+     */
+    // Common start and end for sync/async functions
+    function pbkdf2Init(hash, _password, _salt, _opts) {
+        ahash(hash);
+        const opts = checkOpts({ dkLen: 32, asyncTick: 10 }, _opts);
+        const { c, dkLen, asyncTick } = opts;
+        anumber(c, 'c');
+        anumber(dkLen, 'dkLen');
+        anumber(asyncTick, 'asyncTick');
+        if (c < 1)
+            throw new Error('iterations (c) must be >= 1');
+        const password = kdfInputToBytes(_password, 'password');
+        const salt = kdfInputToBytes(_salt, 'salt');
+        // DK = PBKDF2(PRF, Password, Salt, c, dkLen);
+        const DK = new Uint8Array(dkLen);
+        // U1 = PRF(Password, Salt + INT_32_BE(i))
+        const PRF = hmac.create(hash, password);
+        const PRFSalt = PRF._cloneInto().update(salt);
+        return { c, dkLen, asyncTick, DK, PRF, PRFSalt };
+    }
+    function pbkdf2Output(PRF, PRFSalt, DK, prfW, u) {
+        PRF.destroy();
+        PRFSalt.destroy();
+        if (prfW)
+            prfW.destroy();
+        clean(u);
+        return DK;
+    }
+    /**
+     * PBKDF2-HMAC: RFC 2898 key derivation function
+     * @param hash - hash function that would be used e.g. sha256
+     * @param password - password from which a derived key is generated
+     * @param salt - cryptographic salt
+     * @param opts - {c, dkLen} where c is work factor and dkLen is output message size
+     * @example
+     * const key = pbkdf2(sha256, 'password', 'salt', { dkLen: 32, c: Math.pow(2, 18) });
+     */
+    function pbkdf2(hash, password, salt, opts) {
+        const { c, dkLen, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
+        let prfW; // Working copy
+        const arr = new Uint8Array(4);
+        const view = createView(arr);
+        const u = new Uint8Array(PRF.outputLen);
+        // DK = T1 + T2 + ⋯ + Tdklen/hlen
+        for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
+            // Ti = F(Password, Salt, c, i)
+            const Ti = DK.subarray(pos, pos + PRF.outputLen);
+            view.setInt32(0, ti, false);
+            // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
+            // U1 = PRF(Password, Salt + INT_32_BE(i))
+            (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
+            Ti.set(u.subarray(0, Ti.length));
+            for (let ui = 1; ui < c; ui++) {
+                // Uc = PRF(Password, Uc−1)
+                PRF._cloneInto(prfW).update(u).digestInto(u);
+                for (let i = 0; i < Ti.length; i++)
+                    Ti[i] ^= u[i];
+            }
+        }
+        return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
+    }
+    /**
+     * PBKDF2-HMAC: RFC 2898 key derivation function. Async version.
+     * @example
+     * await pbkdf2Async(sha256, 'password', 'salt', { dkLen: 32, c: 500_000 });
+     */
+    async function pbkdf2Async(hash, password, salt, opts) {
+        const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
+        let prfW; // Working copy
+        const arr = new Uint8Array(4);
+        const view = createView(arr);
+        const u = new Uint8Array(PRF.outputLen);
+        // DK = T1 + T2 + ⋯ + Tdklen/hlen
+        for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
+            // Ti = F(Password, Salt, c, i)
+            const Ti = DK.subarray(pos, pos + PRF.outputLen);
+            view.setInt32(0, ti, false);
+            // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
+            // U1 = PRF(Password, Salt + INT_32_BE(i))
+            (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
+            Ti.set(u.subarray(0, Ti.length));
+            await asyncLoop(c - 1, asyncTick, () => {
+                // Uc = PRF(Password, Uc−1)
+                PRF._cloneInto(prfW).update(u).digestInto(u);
+                for (let i = 0; i < Ti.length; i++)
+                    Ti[i] ^= u[i];
+            });
+        }
+        return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
+    }
+
+    /**
+     * Internal Merkle-Damgard hash utils.
+     * @module
+     */
+    /**
+     * Merkle-Damgard hash construction base class.
+     * Could be used to create MD5, RIPEMD, SHA1, SHA2.
+     */
+    class HashMD {
+        blockLen;
+        outputLen;
+        padOffset;
+        isLE;
+        // For partial updates less than block size
+        buffer;
+        view;
+        finished = false;
+        length = 0;
+        pos = 0;
+        destroyed = false;
+        constructor(blockLen, outputLen, padOffset, isLE) {
+            this.blockLen = blockLen;
+            this.outputLen = outputLen;
+            this.padOffset = padOffset;
+            this.isLE = isLE;
+            this.buffer = new Uint8Array(blockLen);
+            this.view = createView(this.buffer);
+        }
+        update(data) {
+            aexists(this);
+            abytes(data);
+            const { view, buffer, blockLen } = this;
+            const len = data.length;
+            for (let pos = 0; pos < len;) {
+                const take = Math.min(blockLen - this.pos, len - pos);
+                // Fast path: we have at least one block in input, cast it to view and process
+                if (take === blockLen) {
+                    const dataView = createView(data);
+                    for (; blockLen <= len - pos; pos += blockLen)
+                        this.process(dataView, pos);
+                    continue;
+                }
+                buffer.set(data.subarray(pos, pos + take), this.pos);
+                this.pos += take;
+                pos += take;
+                if (this.pos === blockLen) {
+                    this.process(view, 0);
+                    this.pos = 0;
+                }
+            }
+            this.length += data.length;
+            this.roundClean();
+            return this;
+        }
+        digestInto(out) {
+            aexists(this);
+            aoutput(out, this);
+            this.finished = true;
+            // Padding
+            // We can avoid allocation of buffer for padding completely if it
+            // was previously not allocated here. But it won't change performance.
+            const { buffer, view, blockLen, isLE } = this;
+            let { pos } = this;
+            // append the bit '1' to the message
+            buffer[pos++] = 0b10000000;
+            clean(this.buffer.subarray(pos));
+            // we have less than padOffset left in buffer, so we cannot put length in
+            // current block, need process it and pad again
+            if (this.padOffset > blockLen - pos) {
+                this.process(view, 0);
+                pos = 0;
+            }
+            // Pad until full block byte with zeros
+            for (let i = pos; i < blockLen; i++)
+                buffer[i] = 0;
+            // Note: sha512 requires length to be 128bit integer, but length in JS will overflow before that
+            // You need to write around 2 exabytes (u64_max / 8 / (1024**6)) for this to happen.
+            // So we just write lowest 64 bits of that value.
+            view.setBigUint64(blockLen - 8, BigInt(this.length * 8), isLE);
+            this.process(view, 0);
+            const oview = createView(out);
+            const len = this.outputLen;
+            // NOTE: we do division by 4 later, which must be fused in single op with modulo by JIT
+            if (len % 4)
+                throw new Error('_sha2: outputLen must be aligned to 32bit');
+            const outLen = len / 4;
+            const state = this.get();
+            if (outLen > state.length)
+                throw new Error('_sha2: outputLen bigger than state');
+            for (let i = 0; i < outLen; i++)
+                oview.setUint32(4 * i, state[i], isLE);
+        }
+        digest() {
+            const { buffer, outputLen } = this;
+            this.digestInto(buffer);
+            const res = buffer.slice(0, outputLen);
+            this.destroy();
+            return res;
+        }
+        _cloneInto(to) {
+            to ||= new this.constructor();
+            to.set(...this.get());
+            const { blockLen, buffer, length, finished, destroyed, pos } = this;
+            to.destroyed = destroyed;
+            to.finished = finished;
+            to.length = length;
+            to.pos = pos;
+            if (length % blockLen)
+                to.buffer.set(buffer);
+            return to;
+        }
+        clone() {
+            return this._cloneInto();
+        }
+    }
+    /** Initial SHA512 state. Bits 0..64 of frac part of sqrt of primes 2..19 */
+    const SHA512_IV = /* @__PURE__ */ Uint32Array.from([
+        0x6a09e667, 0xf3bcc908, 0xbb67ae85, 0x84caa73b, 0x3c6ef372, 0xfe94f82b, 0xa54ff53a, 0x5f1d36f1,
+        0x510e527f, 0xade682d1, 0x9b05688c, 0x2b3e6c1f, 0x1f83d9ab, 0xfb41bd6b, 0x5be0cd19, 0x137e2179,
+    ]);
+
+    /**
+     * Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.
+     * @todo re-check https://issues.chromium.org/issues/42212588
+     * @module
+     */
+    const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
+    const _32n = /* @__PURE__ */ BigInt(32);
+    function fromBig(n, le = false) {
+        if (le)
+            return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
+        return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
+    }
+    function split(lst, le = false) {
+        const len = lst.length;
+        let Ah = new Uint32Array(len);
+        let Al = new Uint32Array(len);
+        for (let i = 0; i < len; i++) {
+            const { h, l } = fromBig(lst[i], le);
+            [Ah[i], Al[i]] = [h, l];
+        }
+        return [Ah, Al];
+    }
+    // for Shift in [0, 32)
+    const shrSH = (h, _l, s) => h >>> s;
+    const shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
+    // Right rotate for Shift in [1, 32)
+    const rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));
+    const rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);
+    // Right rotate for Shift in (32, 64), NOTE: 32 is special case.
+    const rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));
+    const rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));
+    // JS uses 32-bit signed integers for bitwise operations which means we cannot
+    // simple take carry out of low bit sum by shift, we need to use division.
+    function add(Ah, Al, Bh, Bl) {
+        const l = (Al >>> 0) + (Bl >>> 0);
+        return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };
+    }
+    // Addition with more than 2 elements
+    const add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);
+    const add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;
+    const add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);
+    const add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;
+    const add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);
+    const add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;
+
+    /**
+     * SHA2 hash function. A.k.a. sha256, sha384, sha512, sha512_224, sha512_256.
+     * SHA256 is the fastest hash implementable in JS, even faster than Blake3.
+     * Check out [RFC 4634](https://www.rfc-editor.org/rfc/rfc4634) and
+     * [FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).
+     * @module
+     */
+    // SHA2-512 is slower than sha256 in js because u64 operations are slow.
+    // Round contants
+    // First 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409
+    // prettier-ignore
+    const K512 = /* @__PURE__ */ (() => split([
+        '0x428a2f98d728ae22', '0x7137449123ef65cd', '0xb5c0fbcfec4d3b2f', '0xe9b5dba58189dbbc',
+        '0x3956c25bf348b538', '0x59f111f1b605d019', '0x923f82a4af194f9b', '0xab1c5ed5da6d8118',
+        '0xd807aa98a3030242', '0x12835b0145706fbe', '0x243185be4ee4b28c', '0x550c7dc3d5ffb4e2',
+        '0x72be5d74f27b896f', '0x80deb1fe3b1696b1', '0x9bdc06a725c71235', '0xc19bf174cf692694',
+        '0xe49b69c19ef14ad2', '0xefbe4786384f25e3', '0x0fc19dc68b8cd5b5', '0x240ca1cc77ac9c65',
+        '0x2de92c6f592b0275', '0x4a7484aa6ea6e483', '0x5cb0a9dcbd41fbd4', '0x76f988da831153b5',
+        '0x983e5152ee66dfab', '0xa831c66d2db43210', '0xb00327c898fb213f', '0xbf597fc7beef0ee4',
+        '0xc6e00bf33da88fc2', '0xd5a79147930aa725', '0x06ca6351e003826f', '0x142929670a0e6e70',
+        '0x27b70a8546d22ffc', '0x2e1b21385c26c926', '0x4d2c6dfc5ac42aed', '0x53380d139d95b3df',
+        '0x650a73548baf63de', '0x766a0abb3c77b2a8', '0x81c2c92e47edaee6', '0x92722c851482353b',
+        '0xa2bfe8a14cf10364', '0xa81a664bbc423001', '0xc24b8b70d0f89791', '0xc76c51a30654be30',
+        '0xd192e819d6ef5218', '0xd69906245565a910', '0xf40e35855771202a', '0x106aa07032bbd1b8',
+        '0x19a4c116b8d2d0c8', '0x1e376c085141ab53', '0x2748774cdf8eeb99', '0x34b0bcb5e19b48a8',
+        '0x391c0cb3c5c95a63', '0x4ed8aa4ae3418acb', '0x5b9cca4f7763e373', '0x682e6ff3d6b2b8a3',
+        '0x748f82ee5defb2fc', '0x78a5636f43172f60', '0x84c87814a1f0ab72', '0x8cc702081a6439ec',
+        '0x90befffa23631e28', '0xa4506cebde82bde9', '0xbef9a3f7b2c67915', '0xc67178f2e372532b',
+        '0xca273eceea26619c', '0xd186b8c721c0c207', '0xeada7dd6cde0eb1e', '0xf57d4f7fee6ed178',
+        '0x06f067aa72176fba', '0x0a637dc5a2c898a6', '0x113f9804bef90dae', '0x1b710b35131c471b',
+        '0x28db77f523047d84', '0x32caab7b40c72493', '0x3c9ebe0a15c9bebc', '0x431d67c49c100d4c',
+        '0x4cc5d4becb3e42b6', '0x597f299cfc657e2a', '0x5fcb6fab3ad6faec', '0x6c44198c4a475817'
+    ].map(n => BigInt(n))))();
+    const SHA512_Kh = /* @__PURE__ */ (() => K512[0])();
+    const SHA512_Kl = /* @__PURE__ */ (() => K512[1])();
+    // Reusable temporary buffers
+    const SHA512_W_H = /* @__PURE__ */ new Uint32Array(80);
+    const SHA512_W_L = /* @__PURE__ */ new Uint32Array(80);
+    /** Internal 64-byte base SHA2 hash class. */
+    class SHA2_64B extends HashMD {
+        constructor(outputLen) {
+            super(128, outputLen, 16, false);
+        }
+        // prettier-ignore
+        get() {
+            const { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+            return [Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl];
+        }
+        // prettier-ignore
+        set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl) {
+            this.Ah = Ah | 0;
+            this.Al = Al | 0;
+            this.Bh = Bh | 0;
+            this.Bl = Bl | 0;
+            this.Ch = Ch | 0;
+            this.Cl = Cl | 0;
+            this.Dh = Dh | 0;
+            this.Dl = Dl | 0;
+            this.Eh = Eh | 0;
+            this.El = El | 0;
+            this.Fh = Fh | 0;
+            this.Fl = Fl | 0;
+            this.Gh = Gh | 0;
+            this.Gl = Gl | 0;
+            this.Hh = Hh | 0;
+            this.Hl = Hl | 0;
+        }
+        process(view, offset) {
+            // Extend the first 16 words into the remaining 64 words w[16..79] of the message schedule array
+            for (let i = 0; i < 16; i++, offset += 4) {
+                SHA512_W_H[i] = view.getUint32(offset);
+                SHA512_W_L[i] = view.getUint32((offset += 4));
+            }
+            for (let i = 16; i < 80; i++) {
+                // s0 := (w[i-15] rightrotate 1) xor (w[i-15] rightrotate 8) xor (w[i-15] rightshift 7)
+                const W15h = SHA512_W_H[i - 15] | 0;
+                const W15l = SHA512_W_L[i - 15] | 0;
+                const s0h = rotrSH(W15h, W15l, 1) ^ rotrSH(W15h, W15l, 8) ^ shrSH(W15h, W15l, 7);
+                const s0l = rotrSL(W15h, W15l, 1) ^ rotrSL(W15h, W15l, 8) ^ shrSL(W15h, W15l, 7);
+                // s1 := (w[i-2] rightrotate 19) xor (w[i-2] rightrotate 61) xor (w[i-2] rightshift 6)
+                const W2h = SHA512_W_H[i - 2] | 0;
+                const W2l = SHA512_W_L[i - 2] | 0;
+                const s1h = rotrSH(W2h, W2l, 19) ^ rotrBH(W2h, W2l, 61) ^ shrSH(W2h, W2l, 6);
+                const s1l = rotrSL(W2h, W2l, 19) ^ rotrBL(W2h, W2l, 61) ^ shrSL(W2h, W2l, 6);
+                // SHA256_W[i] = s0 + s1 + SHA256_W[i - 7] + SHA256_W[i - 16];
+                const SUMl = add4L(s0l, s1l, SHA512_W_L[i - 7], SHA512_W_L[i - 16]);
+                const SUMh = add4H(SUMl, s0h, s1h, SHA512_W_H[i - 7], SHA512_W_H[i - 16]);
+                SHA512_W_H[i] = SUMh | 0;
+                SHA512_W_L[i] = SUMl | 0;
+            }
+            let { Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl } = this;
+            // Compression function main loop, 80 rounds
+            for (let i = 0; i < 80; i++) {
+                // S1 := (e rightrotate 14) xor (e rightrotate 18) xor (e rightrotate 41)
+                const sigma1h = rotrSH(Eh, El, 14) ^ rotrSH(Eh, El, 18) ^ rotrBH(Eh, El, 41);
+                const sigma1l = rotrSL(Eh, El, 14) ^ rotrSL(Eh, El, 18) ^ rotrBL(Eh, El, 41);
+                //const T1 = (H + sigma1 + Chi(E, F, G) + SHA256_K[i] + SHA256_W[i]) | 0;
+                const CHIh = (Eh & Fh) ^ (~Eh & Gh);
+                const CHIl = (El & Fl) ^ (~El & Gl);
+                // T1 = H + sigma1 + Chi(E, F, G) + SHA512_K[i] + SHA512_W[i]
+                // prettier-ignore
+                const T1ll = add5L(Hl, sigma1l, CHIl, SHA512_Kl[i], SHA512_W_L[i]);
+                const T1h = add5H(T1ll, Hh, sigma1h, CHIh, SHA512_Kh[i], SHA512_W_H[i]);
+                const T1l = T1ll | 0;
+                // S0 := (a rightrotate 28) xor (a rightrotate 34) xor (a rightrotate 39)
+                const sigma0h = rotrSH(Ah, Al, 28) ^ rotrBH(Ah, Al, 34) ^ rotrBH(Ah, Al, 39);
+                const sigma0l = rotrSL(Ah, Al, 28) ^ rotrBL(Ah, Al, 34) ^ rotrBL(Ah, Al, 39);
+                const MAJh = (Ah & Bh) ^ (Ah & Ch) ^ (Bh & Ch);
+                const MAJl = (Al & Bl) ^ (Al & Cl) ^ (Bl & Cl);
+                Hh = Gh | 0;
+                Hl = Gl | 0;
+                Gh = Fh | 0;
+                Gl = Fl | 0;
+                Fh = Eh | 0;
+                Fl = El | 0;
+                ({ h: Eh, l: El } = add(Dh | 0, Dl | 0, T1h | 0, T1l | 0));
+                Dh = Ch | 0;
+                Dl = Cl | 0;
+                Ch = Bh | 0;
+                Cl = Bl | 0;
+                Bh = Ah | 0;
+                Bl = Al | 0;
+                const All = add3L(T1l, sigma0l, MAJl);
+                Ah = add3H(All, T1h, sigma0h, MAJh);
+                Al = All | 0;
+            }
+            // Add the compressed chunk to the current hash value
+            ({ h: Ah, l: Al } = add(this.Ah | 0, this.Al | 0, Ah | 0, Al | 0));
+            ({ h: Bh, l: Bl } = add(this.Bh | 0, this.Bl | 0, Bh | 0, Bl | 0));
+            ({ h: Ch, l: Cl } = add(this.Ch | 0, this.Cl | 0, Ch | 0, Cl | 0));
+            ({ h: Dh, l: Dl } = add(this.Dh | 0, this.Dl | 0, Dh | 0, Dl | 0));
+            ({ h: Eh, l: El } = add(this.Eh | 0, this.El | 0, Eh | 0, El | 0));
+            ({ h: Fh, l: Fl } = add(this.Fh | 0, this.Fl | 0, Fh | 0, Fl | 0));
+            ({ h: Gh, l: Gl } = add(this.Gh | 0, this.Gl | 0, Gh | 0, Gl | 0));
+            ({ h: Hh, l: Hl } = add(this.Hh | 0, this.Hl | 0, Hh | 0, Hl | 0));
+            this.set(Ah, Al, Bh, Bl, Ch, Cl, Dh, Dl, Eh, El, Fh, Fl, Gh, Gl, Hh, Hl);
+        }
+        roundClean() {
+            clean(SHA512_W_H, SHA512_W_L);
+        }
+        destroy() {
+            clean(this.buffer);
+            this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+        }
+    }
+    /** Internal SHA2-512 hash class. */
+    class _SHA512 extends SHA2_64B {
+        Ah = SHA512_IV[0] | 0;
+        Al = SHA512_IV[1] | 0;
+        Bh = SHA512_IV[2] | 0;
+        Bl = SHA512_IV[3] | 0;
+        Ch = SHA512_IV[4] | 0;
+        Cl = SHA512_IV[5] | 0;
+        Dh = SHA512_IV[6] | 0;
+        Dl = SHA512_IV[7] | 0;
+        Eh = SHA512_IV[8] | 0;
+        El = SHA512_IV[9] | 0;
+        Fh = SHA512_IV[10] | 0;
+        Fl = SHA512_IV[11] | 0;
+        Gh = SHA512_IV[12] | 0;
+        Gl = SHA512_IV[13] | 0;
+        Hh = SHA512_IV[14] | 0;
+        Hl = SHA512_IV[15] | 0;
+        constructor() {
+            super(64);
+        }
+    }
+    /** SHA2-512 hash function from RFC 4634. */
+    const sha512 = /* @__PURE__ */ createHasher(() => new _SHA512(), 
+    /* @__PURE__ */ oidNist(0x03));
+
     function decryptKey(spendingKey, password) {
         const [keyArr, pre] = (() => {
             try {
@@ -931,7 +1571,7 @@
             }
             const salt = toBuffer(keyArr.slice(0, 8));
             const encryptedSk = toBuffer(keyArr.slice(8));
-            const encryptionKey = pbkdf2.pbkdf2Sync(password, salt, 32768, 32, 'sha512');
+            const encryptionKey = pbkdf2(sha512, password, salt, { c: 32768, dkLen: 32 });
             // Zero nonce is safe: fresh random salt per encryption produces unique PBKDF2-derived key.
             // See: https://gitlab.com/tezos/tezos/-/blob/master/src/lib_signer_backends/encrypted.ml
             const decrypted = nacl.openSecretBox(new Uint8Array(encryptionKey), new Uint8Array(24), // zero nonce - uniqueness provided by per-encryption derived key
@@ -1011,6 +1651,38 @@
     }
     _InMemoryViewingKey_fullViewingKey = new WeakMap();
 
+    /*! scure-bip39 - MIT License (c) 2022 Patricio Palladino, Paul Miller (paulmillr.com) */
+    // Normalization replaces equivalent sequences of characters
+    // so that any two texts that are equivalent will be reduced
+    // to the same sequence of code points, called the normal form of the original text.
+    // https://tonsky.me/blog/unicode/#why-is-a----
+    function nfkd(str) {
+        if (typeof str !== 'string')
+            throw new TypeError('invalid mnemonic type: ' + typeof str);
+        return str.normalize('NFKD');
+    }
+    function normalize(str) {
+        const norm = nfkd(str);
+        const words = norm.split(' ');
+        if (![12, 15, 18, 21, 24].includes(words.length))
+            throw new Error('Invalid mnemonic');
+        return { nfkd: norm, words };
+    }
+    const psalt = (passphrase) => nfkd('mnemonic' + passphrase);
+    /**
+     * Irreversible: Uses KDF to derive 64 bytes of key data from mnemonic + optional password.
+     * @param mnemonic 12-24 words
+     * @param passphrase string that will additionally protect the key
+     * @returns 64 bytes of key data
+     * @example
+     * const mnem = 'legal winner thank year wave sausage worth useful legal winner thank yellow';
+     * await mnemonicToSeed(mnem, 'password');
+     * // new Uint8Array([...64 bytes])
+     */
+    function mnemonicToSeed(mnemonic, passphrase = '') {
+        return pbkdf2Async(sha512, normalize(mnemonic).nfkd, psalt(passphrase), { c: 2048, dkLen: 64 });
+    }
+
     var _InMemorySpendingKey_spendingKeyBuf, _InMemorySpendingKey_saplingViewingKey;
     /**
      * holds the spending key, create proof and signature for spend descriptions
@@ -1036,7 +1708,7 @@
          */
         static async fromMnemonic(mnemonic, derivationPath = 'm/') {
             // no password passed here. password provided only changes from sask -> MMXj
-            const fullSeed = await bip39__namespace.mnemonicToSeed(mnemonic);
+            const fullSeed = await mnemonicToSeed(mnemonic);
             const first32 = fullSeed.slice(0, 32);
             const second32 = fullSeed.slice(32);
             // reduce seed bytes must be 32 bytes reflecting both halves