@umbra-privacy/sdk 1.0.0 → 2.0.0

package/dist/chunk-Y55PYKXH.cjs

@@ -0,0 +1,595 @@
+'use strict';
+
+var chunkDMPMQ74B_cjs = require('./chunk-DMPMQ74B.cjs');
+var chunk5GUSMQ74_cjs = require('./chunk-5GUSMQ74.cjs');
+var chunkQJAUUYZU_cjs = require('./chunk-QJAUUYZU.cjs');
+var chunkLTCKPTZC_cjs = require('./chunk-LTCKPTZC.cjs');
+var chunkPK6SKIKE_cjs = require('./chunk-PK6SKIKE.cjs');
+
+// src/math/bn254/types.ts
+var BN254_FIELD_PRIME = 21888242871839275222246405745257275088548364400416034343698204186575808495617n;
+function assertBn254FieldElement(value, name = "value") {
+  const variableName = name;
+  if (typeof value !== "bigint") {
+    throw new chunkQJAUUYZU_cjs.CryptographyAssertionError(`${variableName}: Expected bigint, got ${typeof value}`, {
+      value,
+      expectedType: "Bn254FieldElement"
+    });
+  }
+  if (value < 0n) {
+    throw new chunkQJAUUYZU_cjs.CryptographyAssertionError(`${variableName}: Value ${String(value)} is negative`, {
+      value,
+      expectedType: "Bn254FieldElement",
+      constraint: "value >= 0"
+    });
+  }
+  if (value >= BN254_FIELD_PRIME) {
+    throw new chunkQJAUUYZU_cjs.CryptographyAssertionError(`${variableName}: Value exceeds BN254 field prime`, {
+      value,
+      expectedType: "Bn254FieldElement",
+      constraint: `value < ${String(BN254_FIELD_PRIME)}`
+    });
+  }
+}
+chunkPK6SKIKE_cjs.__name(assertBn254FieldElement, "assertBn254FieldElement");
+
+// src/math/bn254/field-arithmetic.ts
+var N64 = 64n;
+var MASK64 = 0xffffffffffffffffn;
+var P_LIMBS = [
+  0x43e1f593f0000001n,
+  // limb 0 (bits 0-63)
+  0x2833e84879b97091n,
+  // limb 1 (bits 64-127)
+  0xb85045b68181585dn,
+  // limb 2 (bits 128-191)
+  0x30644e72e131a029n
+  // limb 3 (bits 192-255)
+];
+var P_PRIME = 0xc2e1f593efffffffn;
+var R2_LIMBS = [
+  0x1bb8e645ae216da7n,
+  0x53fe3ab1e35c59e3n,
+  0x8c49833d53bb8085n,
+  0x0216d0b17f4e44a5n
+];
+var ONE_MONT = [
+  0xac96341c4ffffffbn,
+  0x36fc76959f60cd29n,
+  0x666ea36f7879462en,
+  0x0e0a77c19a07df2fn
+];
+function ctSelect(bit, x, y) {
+  const mask = -bit;
+  return x & mask | y & ~mask;
+}
+chunkPK6SKIKE_cjs.__name(ctSelect, "ctSelect");
+function bigintToLimbs(value) {
+  return [
+    value & MASK64,
+    value >> N64 & MASK64,
+    value >> N64 * 2n & MASK64,
+    value >> N64 * 3n & MASK64
+  ];
+}
+chunkPK6SKIKE_cjs.__name(bigintToLimbs, "bigintToLimbs");
+function limbsToBigint(limbs) {
+  return limbs[0] + (limbs[1] << N64) + (limbs[2] << N64 * 2n) + (limbs[3] << N64 * 3n);
+}
+chunkPK6SKIKE_cjs.__name(limbsToBigint, "limbsToBigint");
+function addModuleLimbs(a, b) {
+  const t = [0n, 0n, 0n, 0n];
+  let carry = 0n;
+  for (let index = 0; index < 4; index++) {
+    const sum = a[index] + b[index] + carry;
+    t[index] = sum & MASK64;
+    carry = sum >> N64;
+  }
+  const tCarry = carry;
+  const d = [0n, 0n, 0n, 0n];
+  let borrow = 0n;
+  for (let index = 0; index < 4; index++) {
+    const sub = t[index] - P_LIMBS[index] - borrow;
+    d[index] = sub & MASK64;
+    borrow = -(sub >> N64);
+  }
+  const useD = tCarry | 1n - borrow;
+  return [
+    ctSelect(useD, d[0], t[0]),
+    ctSelect(useD, d[1], t[1]),
+    ctSelect(useD, d[2], t[2]),
+    ctSelect(useD, d[3], t[3])
+  ];
+}
+chunkPK6SKIKE_cjs.__name(addModuleLimbs, "addModuleLimbs");
+function subModuleLimbs(a, b) {
+  const out = [0n, 0n, 0n, 0n];
+  let borrow = 0n;
+  for (let index = 0; index < 4; index++) {
+    const sub = a[index] - b[index] - borrow;
+    out[index] = sub & MASK64;
+    borrow = -(sub >> N64);
+  }
+  const mask = -borrow;
+  let carry = 0n;
+  for (let index = 0; index < 4; index++) {
+    const addValue = P_LIMBS[index] & mask;
+    const sum = out[index] + addValue + carry;
+    out[index] = sum & MASK64;
+    carry = sum >> N64;
+  }
+  return [out[0], out[1], out[2], out[3]];
+}
+chunkPK6SKIKE_cjs.__name(subModuleLimbs, "subModuleLimbs");
+function montgomeryMulLimbs(a, b) {
+  const t = [0n, 0n, 0n, 0n, 0n, 0n, 0n, 0n, 0n];
+  for (let index = 0; index < 4; index++) {
+    let carry = 0n;
+    for (let innerIndex = 0; innerIndex < 4; innerIndex++) {
+      const sum = t[index + innerIndex] + a[index] * b[innerIndex] + carry;
+      t[index + innerIndex] = sum & MASK64;
+      carry = sum >> N64;
+    }
+    t[index + 4] = t[index + 4] + carry;
+    const m = t[index] * P_PRIME & MASK64;
+    let carryRed = 0n;
+    for (let innerIndex = 0; innerIndex < 4; innerIndex++) {
+      const sum = t[index + innerIndex] + m * P_LIMBS[innerIndex] + carryRed;
+      t[index + innerIndex] = sum & MASK64;
+      carryRed = sum >> N64;
+    }
+    const sumUp = t[index + 4] + carryRed;
+    t[index + 4] = sumUp & MASK64;
+    t[index + 5] = t[index + 5] + (sumUp >> N64);
+  }
+  const result = [t[4], t[5], t[6], t[7]];
+  const subResult = [0n, 0n, 0n, 0n];
+  let borrow = 0n;
+  for (let k = 0; k < 4; k++) {
+    const s = result[k] - P_LIMBS[k] - borrow;
+    subResult[k] = s & MASK64;
+    borrow = -(s >> N64);
+  }
+  const useSub = 1n - borrow;
+  return [
+    ctSelect(useSub, subResult[0], result[0]),
+    ctSelect(useSub, subResult[1], result[1]),
+    ctSelect(useSub, subResult[2], result[2]),
+    ctSelect(useSub, subResult[3], result[3])
+  ];
+}
+chunkPK6SKIKE_cjs.__name(montgomeryMulLimbs, "montgomeryMulLimbs");
+function toMontgomery(a) {
+  return montgomeryMulLimbs(a, R2_LIMBS);
+}
+chunkPK6SKIKE_cjs.__name(toMontgomery, "toMontgomery");
+function fromMontgomery(a) {
+  const one = [1n, 0n, 0n, 0n];
+  return montgomeryMulLimbs(a, one);
+}
+chunkPK6SKIKE_cjs.__name(fromMontgomery, "fromMontgomery");
+function negModuleLimbs(a) {
+  const isZero = (a[0] | a[1] | a[2] | a[3]) === 0n ? 1n : 0n;
+  const result = subModuleLimbs(P_LIMBS, a);
+  return [
+    ctSelect(isZero, 0n, result[0]),
+    ctSelect(isZero, 0n, result[1]),
+    ctSelect(isZero, 0n, result[2]),
+    ctSelect(isZero, 0n, result[3])
+  ];
+}
+chunkPK6SKIKE_cjs.__name(negModuleLimbs, "negModuleLimbs");
+function moduleExpMontgomery(base, exp) {
+  let result = ONE_MONT;
+  let current = base;
+  while (exp > 0n) {
+    if ((exp & 1n) === 1n) {
+      result = montgomeryMulLimbs(result, current);
+    }
+    current = montgomeryMulLimbs(current, current);
+    exp >>= 1n;
+  }
+  return result;
+}
+chunkPK6SKIKE_cjs.__name(moduleExpMontgomery, "moduleExpMontgomery");
+var bn254ModuloAdd = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a, b) => {
+  const aLimbs = bigintToLimbs(a);
+  const bLimbs = bigintToLimbs(b);
+  const resultLimbs = addModuleLimbs(aLimbs, bLimbs);
+  return limbsToBigint(resultLimbs);
+}, "bn254ModuloAdd");
+var bn254ModuloSub = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a, b) => {
+  const aLimbs = bigintToLimbs(a);
+  const bLimbs = bigintToLimbs(b);
+  const resultLimbs = subModuleLimbs(aLimbs, bLimbs);
+  return limbsToBigint(resultLimbs);
+}, "bn254ModuloSub");
+var bn254ModuloMul = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a, b) => {
+  const aLimbs = bigintToLimbs(a);
+  const bLimbs = bigintToLimbs(b);
+  const aMont = toMontgomery(aLimbs);
+  const bMont = toMontgomery(bLimbs);
+  const resultMont = montgomeryMulLimbs(aMont, bMont);
+  const resultLimbs = fromMontgomery(resultMont);
+  return limbsToBigint(resultLimbs);
+}, "bn254ModuloMul");
+var bn254ModuloNeg = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a) => {
+  const aLimbs = bigintToLimbs(a);
+  const resultLimbs = negModuleLimbs(aLimbs);
+  return limbsToBigint(resultLimbs);
+}, "bn254ModuloNeg");
+var bn254ModuloInv = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a) => {
+  if (a === 0n) {
+    throw new Error("Cannot compute modular inverse of zero");
+  }
+  const aLimbs = bigintToLimbs(a);
+  const aMont = toMontgomery(aLimbs);
+  const exp = BN254_FIELD_PRIME - 2n;
+  const resultMont = moduleExpMontgomery(aMont, exp);
+  const resultLimbs = fromMontgomery(resultMont);
+  return limbsToBigint(resultLimbs);
+}, "bn254ModuloInv");
+var cachedModuleAdder = null;
+var cachedModuleSubtractor = null;
+var cachedModuleMultiplier = null;
+var cachedModuleNegator = null;
+var cachedModuleInverter = null;
+function getBn254ModularAdder() {
+  cachedModuleAdder ??= bn254ModuloAdd;
+  return cachedModuleAdder;
+}
+chunkPK6SKIKE_cjs.__name(getBn254ModularAdder, "getBn254ModularAdder");
+function getBn254ModularSubtractor() {
+  cachedModuleSubtractor ??= bn254ModuloSub;
+  return cachedModuleSubtractor;
+}
+chunkPK6SKIKE_cjs.__name(getBn254ModularSubtractor, "getBn254ModularSubtractor");
+function getBn254ModularMultiplier() {
+  cachedModuleMultiplier ??= bn254ModuloMul;
+  return cachedModuleMultiplier;
+}
+chunkPK6SKIKE_cjs.__name(getBn254ModularMultiplier, "getBn254ModularMultiplier");
+function getBn254ModularNegator() {
+  cachedModuleNegator ??= bn254ModuloNeg;
+  return cachedModuleNegator;
+}
+chunkPK6SKIKE_cjs.__name(getBn254ModularNegator, "getBn254ModularNegator");
+function getBn254ModularInverter() {
+  cachedModuleInverter ??= bn254ModuloInv;
+  return cachedModuleInverter;
+}
+chunkPK6SKIKE_cjs.__name(getBn254ModularInverter, "getBn254ModularInverter");
+function computeBn254LimbwiseSumInverse(limbs) {
+  const sum = (limbs.low + limbs.middle + limbs.high) % BN254_FIELD_PRIME;
+  if (sum === 0n) {
+    throw new Error(
+      "Cannot compute modular inverse of zero sum. The sum of Base85 limbs must be non-zero."
+    );
+  }
+  const inverse = bn254ModuloInv(sum);
+  assertBn254FieldElement(inverse);
+  return inverse;
+}
+chunkPK6SKIKE_cjs.__name(computeBn254LimbwiseSumInverse, "computeBn254LimbwiseSumInverse");
+
+// src/math/bn254/field-element-sampler.ts
+var N642 = 64n;
+var MASK642 = 0xffffffffffffffffn;
+var P_LIMBS2 = [
+  0x43e1f593f0000001n,
+  // limb 0 (bits 0-63)
+  0x2833e84879b97091n,
+  // limb 1 (bits 64-127)
+  0xb85045b68181585dn,
+  // limb 2 (bits 128-191)
+  0x30644e72e131a029n
+  // limb 3 (bits 192-255)
+];
+var R_MOD_P = 6350874878119819312338956282401532410528162663560392320966563075034087161851n;
+function ctSelect2(bit, x, y) {
+  const mask = -bit;
+  return x & mask | y & ~mask;
+}
+chunkPK6SKIKE_cjs.__name(ctSelect2, "ctSelect");
+function bigintToLimbs2(value) {
+  return [
+    value & MASK642,
+    value >> N642 & MASK642,
+    value >> N642 * 2n & MASK642,
+    value >> N642 * 3n & MASK642
+  ];
+}
+chunkPK6SKIKE_cjs.__name(bigintToLimbs2, "bigintToLimbs");
+function limbsToBigint2(limbs) {
+  return limbs[0] + (limbs[1] << N642) + (limbs[2] << N642 * 2n) + (limbs[3] << N642 * 3n);
+}
+chunkPK6SKIKE_cjs.__name(limbsToBigint2, "limbsToBigint");
+function conditionalSubtractP(limbs) {
+  const [l0, l1, l2, l3] = limbs;
+  const [p0, p1, p2, p3] = P_LIMBS2;
+  const sub0 = l0 - p0;
+  const d0 = sub0 & MASK642;
+  const borrow0 = -(sub0 >> N642) & 1n;
+  const sub1 = l1 - p1 - borrow0;
+  const d1 = sub1 & MASK642;
+  const borrow1 = -(sub1 >> N642) & 1n;
+  const sub2 = l2 - p2 - borrow1;
+  const d2 = sub2 & MASK642;
+  const borrow2 = -(sub2 >> N642) & 1n;
+  const sub3 = l3 - p3 - borrow2;
+  const d3 = sub3 & MASK642;
+  const borrow3 = -(sub3 >> N642) & 1n;
+  const useOriginal = borrow3;
+  return [
+    ctSelect2(useOriginal, l0, d0),
+    ctSelect2(useOriginal, l1, d1),
+    ctSelect2(useOriginal, l2, d2),
+    ctSelect2(useOriginal, l3, d3)
+  ];
+}
+chunkPK6SKIKE_cjs.__name(conditionalSubtractP, "conditionalSubtractP");
+function reduce256(value) {
+  let limbs = bigintToLimbs2(value);
+  limbs = conditionalSubtractP(limbs);
+  limbs = conditionalSubtractP(limbs);
+  limbs = conditionalSubtractP(limbs);
+  limbs = conditionalSubtractP(limbs);
+  limbs = conditionalSubtractP(limbs);
+  return limbsToBigint2(limbs);
+}
+chunkPK6SKIKE_cjs.__name(reduce256, "reduce256");
+function bytesToBigintBE(bytes, offset) {
+  const slice = bytes.slice(offset, offset + chunkLTCKPTZC_cjs.U256_BYTE_LENGTH);
+  const u256BeBytes = chunkDMPMQ74B_cjs.createU256BeBytes(slice);
+  return chunk5GUSMQ74_cjs.decodeU256BeBytesToU256(u256BeBytes);
+}
+chunkPK6SKIKE_cjs.__name(bytesToBigintBE, "bytesToBigintBE");
+function getBn254FieldElementSampler(deps) {
+  const { modAdd: moduleAdd = bn254ModuloAdd, modMul: moduleMul = bn254ModuloMul } = deps ?? {};
+  return (input) => {
+    const high = bytesToBigintBE(input, 0);
+    const low = bytesToBigintBE(input, 32);
+    const lowReduced = reduce256(low);
+    const highReduced = reduce256(high);
+    const highTimesR = moduleMul(highReduced, R_MOD_P);
+    const result = moduleAdd(highTimesR, lowReduced);
+    return result;
+  };
+}
+chunkPK6SKIKE_cjs.__name(getBn254FieldElementSampler, "getBn254FieldElementSampler");
+var bn254FieldElementSampler = getBn254FieldElementSampler();
+
+// src/math/curve25519/types.ts
+var CURVE25519_FIELD_PRIME = (1n << 255n) - 19n;
+
+// src/math/curve25519/field-arithmetic.ts
+var N643 = 64n;
+var MASK643 = 0xffffffffffffffffn;
+var P_LIMBS3 = [
+  0xffffffffffffffedn,
+  // limb 0 (bits 0-63): 2^64 - 19
+  0xffffffffffffffffn,
+  // limb 1 (bits 64-127): all 1s
+  0xffffffffffffffffn,
+  // limb 2 (bits 128-191): all 1s
+  0x7fffffffffffffffn
+  // limb 3 (bits 192-255): 2^63 - 1
+];
+function ctSelect3(bit, x, y) {
+  const mask = -bit;
+  return x & mask | y & ~mask;
+}
+chunkPK6SKIKE_cjs.__name(ctSelect3, "ctSelect");
+function bigintToLimbs3(value) {
+  return [
+    value & MASK643,
+    value >> N643 & MASK643,
+    value >> N643 * 2n & MASK643,
+    value >> N643 * 3n & MASK643
+  ];
+}
+chunkPK6SKIKE_cjs.__name(bigintToLimbs3, "bigintToLimbs");
+function limbsToBigint3(limbs) {
+  return limbs[0] + (limbs[1] << N643) + (limbs[2] << N643 * 2n) + (limbs[3] << N643 * 3n);
+}
+chunkPK6SKIKE_cjs.__name(limbsToBigint3, "limbsToBigint");
+function addModuleLimbs2(a, b) {
+  const t = [0n, 0n, 0n, 0n];
+  let carry = 0n;
+  for (let index = 0; index < 4; index++) {
+    const sum = a[index] + b[index] + carry;
+    t[index] = sum & MASK643;
+    carry = sum >> N643;
+  }
+  const tCarry = carry;
+  const d = [0n, 0n, 0n, 0n];
+  let borrow = 0n;
+  for (let index = 0; index < 4; index++) {
+    const sub = t[index] - P_LIMBS3[index] - borrow;
+    d[index] = sub & MASK643;
+    borrow = -(sub >> N643);
+  }
+  const useD = tCarry | 1n - borrow;
+  return [
+    ctSelect3(useD, d[0], t[0]),
+    ctSelect3(useD, d[1], t[1]),
+    ctSelect3(useD, d[2], t[2]),
+    ctSelect3(useD, d[3], t[3])
+  ];
+}
+chunkPK6SKIKE_cjs.__name(addModuleLimbs2, "addModuleLimbs");
+function subModuleLimbs2(a, b) {
+  const out = [0n, 0n, 0n, 0n];
+  let borrow = 0n;
+  for (let index = 0; index < 4; index++) {
+    const sub = a[index] - b[index] - borrow;
+    out[index] = sub & MASK643;
+    borrow = -(sub >> N643);
+  }
+  const mask = -borrow;
+  let carry = 0n;
+  for (let index = 0; index < 4; index++) {
+    const addValue = P_LIMBS3[index] & mask;
+    const sum = out[index] + addValue + carry;
+    out[index] = sum & MASK643;
+    carry = sum >> N643;
+  }
+  return [out[0], out[1], out[2], out[3]];
+}
+chunkPK6SKIKE_cjs.__name(subModuleLimbs2, "subModuleLimbs");
+function mulModuleLimbs(a, b) {
+  const aBig = limbsToBigint3(a);
+  const bBig = limbsToBigint3(b);
+  const product = aBig * bBig % CURVE25519_FIELD_PRIME;
+  return bigintToLimbs3(product);
+}
+chunkPK6SKIKE_cjs.__name(mulModuleLimbs, "mulModuleLimbs");
+function moduleExpLimbs(base, exp) {
+  let result = [1n, 0n, 0n, 0n];
+  let current = base;
+  while (exp > 0n) {
+    if ((exp & 1n) === 1n) {
+      result = mulModuleLimbs(result, current);
+    }
+    current = mulModuleLimbs(current, current);
+    exp >>= 1n;
+  }
+  return result;
+}
+chunkPK6SKIKE_cjs.__name(moduleExpLimbs, "moduleExpLimbs");
+var curve25519ModuloAdd = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a, b) => {
+  const aLimbs = bigintToLimbs3(a);
+  const bLimbs = bigintToLimbs3(b);
+  const resultLimbs = addModuleLimbs2(aLimbs, bLimbs);
+  return limbsToBigint3(resultLimbs);
+}, "curve25519ModuloAdd");
+var curve25519ModuloSub = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a, b) => {
+  const aLimbs = bigintToLimbs3(a);
+  const bLimbs = bigintToLimbs3(b);
+  const resultLimbs = subModuleLimbs2(aLimbs, bLimbs);
+  return limbsToBigint3(resultLimbs);
+}, "curve25519ModuloSub");
+var curve25519ModuloMul = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a, b) => {
+  const aLimbs = bigintToLimbs3(a);
+  const bLimbs = bigintToLimbs3(b);
+  const resultLimbs = mulModuleLimbs(aLimbs, bLimbs);
+  return limbsToBigint3(resultLimbs);
+}, "curve25519ModuloMul");
+var curve25519ModuloInv = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((a) => {
+  if (a === 0n) {
+    throw new Error("Cannot compute modular inverse of zero");
+  }
+  const aLimbs = bigintToLimbs3(a);
+  const exp = CURVE25519_FIELD_PRIME - 2n;
+  const resultLimbs = moduleExpLimbs(aLimbs, exp);
+  return limbsToBigint3(resultLimbs);
+}, "curve25519ModuloInv");
+var curve25519ModuloPow = /* @__PURE__ */ chunkPK6SKIKE_cjs.__name((base, exp) => {
+  if (exp === 0n) {
+    return 1n;
+  }
+  const baseLimbs = bigintToLimbs3(base);
+  const resultLimbs = moduleExpLimbs(baseLimbs, exp);
+  return limbsToBigint3(resultLimbs);
+}, "curve25519ModuloPow");
+var cachedModuleAddFunction = null;
+var cachedModuleSubFunction = null;
+var cachedModuleMulFunction = null;
+var cachedModuleInvFunction = null;
+var cachedModulePowFunction = null;
+function getCurve25519ModularAddFunction() {
+  cachedModuleAddFunction ??= curve25519ModuloAdd;
+  return cachedModuleAddFunction;
+}
+chunkPK6SKIKE_cjs.__name(getCurve25519ModularAddFunction, "getCurve25519ModularAddFunction");
+function getCurve25519ModularSubFunction() {
+  cachedModuleSubFunction ??= curve25519ModuloSub;
+  return cachedModuleSubFunction;
+}
+chunkPK6SKIKE_cjs.__name(getCurve25519ModularSubFunction, "getCurve25519ModularSubFunction");
+function getCurve25519ModularMulFunction() {
+  cachedModuleMulFunction ??= curve25519ModuloMul;
+  return cachedModuleMulFunction;
+}
+chunkPK6SKIKE_cjs.__name(getCurve25519ModularMulFunction, "getCurve25519ModularMulFunction");
+function getCurve25519ModularInvFunction() {
+  cachedModuleInvFunction ??= curve25519ModuloInv;
+  return cachedModuleInvFunction;
+}
+chunkPK6SKIKE_cjs.__name(getCurve25519ModularInvFunction, "getCurve25519ModularInvFunction");
+function getCurve25519ModularPowFunction() {
+  cachedModulePowFunction ??= curve25519ModuloPow;
+  return cachedModulePowFunction;
+}
+chunkPK6SKIKE_cjs.__name(getCurve25519ModularPowFunction, "getCurve25519ModularPowFunction");
+var R_MOD_P_CURVE25519 = 38n;
+function reduce256Curve25519(value) {
+  const [l0, l1, l2, l3] = bigintToLimbs3(value);
+  const [p0, p1, p2, p3] = P_LIMBS3;
+  const sub0 = l0 - p0;
+  const d0 = sub0 & MASK643;
+  const borrow0 = -(sub0 >> N643) & 1n;
+  const sub1 = l1 - p1 - borrow0;
+  const d1 = sub1 & MASK643;
+  const borrow1 = -(sub1 >> N643) & 1n;
+  const sub2 = l2 - p2 - borrow1;
+  const d2 = sub2 & MASK643;
+  const borrow2 = -(sub2 >> N643) & 1n;
+  const sub3 = l3 - p3 - borrow2;
+  const d3 = sub3 & MASK643;
+  const borrow3 = -(sub3 >> N643) & 1n;
+  const useOriginal = borrow3;
+  return limbsToBigint3([
+    ctSelect3(useOriginal, l0, d0),
+    ctSelect3(useOriginal, l1, d1),
+    ctSelect3(useOriginal, l2, d2),
+    ctSelect3(useOriginal, l3, d3)
+  ]);
+}
+chunkPK6SKIKE_cjs.__name(reduce256Curve25519, "reduce256Curve25519");
+function bytesToBigintBECurve25519(bytes, offset) {
+  const slice = bytes.slice(offset, offset + chunkLTCKPTZC_cjs.U256_BYTE_LENGTH);
+  const u256BeBytes = chunkDMPMQ74B_cjs.createU256BeBytes(slice);
+  return chunk5GUSMQ74_cjs.decodeU256BeBytesToU256(u256BeBytes);
+}
+chunkPK6SKIKE_cjs.__name(bytesToBigintBECurve25519, "bytesToBigintBECurve25519");
+function getCurve25519FieldElementSampler(deps) {
+  const { modAdd: moduleAdd = curve25519ModuloAdd, modMul: moduleMul = curve25519ModuloMul } = deps ?? {};
+  return (input) => {
+    const high = bytesToBigintBECurve25519(input, 0);
+    const low = bytesToBigintBECurve25519(input, 32);
+    const lowReduced = reduce256Curve25519(low);
+    const highReduced = reduce256Curve25519(high);
+    const highTimesR = moduleMul(highReduced, R_MOD_P_CURVE25519);
+    const result = moduleAdd(highTimesR, lowReduced);
+    return result;
+  };
+}
+chunkPK6SKIKE_cjs.__name(getCurve25519FieldElementSampler, "getCurve25519FieldElementSampler");
+var curve25519FieldElementSampler = getCurve25519FieldElementSampler();
+
+exports.BN254_FIELD_PRIME = BN254_FIELD_PRIME;
+exports.CURVE25519_FIELD_PRIME = CURVE25519_FIELD_PRIME;
+exports.assertBn254FieldElement = assertBn254FieldElement;
+exports.bn254FieldElementSampler = bn254FieldElementSampler;
+exports.computeBn254LimbwiseSumInverse = computeBn254LimbwiseSumInverse;
+exports.curve25519FieldElementSampler = curve25519FieldElementSampler;
+exports.curve25519ModuloAdd = curve25519ModuloAdd;
+exports.curve25519ModuloInv = curve25519ModuloInv;
+exports.curve25519ModuloMul = curve25519ModuloMul;
+exports.curve25519ModuloPow = curve25519ModuloPow;
+exports.curve25519ModuloSub = curve25519ModuloSub;
+exports.getBn254FieldElementSampler = getBn254FieldElementSampler;
+exports.getBn254ModularAdder = getBn254ModularAdder;
+exports.getBn254ModularInverter = getBn254ModularInverter;
+exports.getBn254ModularMultiplier = getBn254ModularMultiplier;
+exports.getBn254ModularNegator = getBn254ModularNegator;
+exports.getBn254ModularSubtractor = getBn254ModularSubtractor;
+exports.getCurve25519FieldElementSampler = getCurve25519FieldElementSampler;
+exports.getCurve25519ModularAddFunction = getCurve25519ModularAddFunction;
+exports.getCurve25519ModularInvFunction = getCurve25519ModularInvFunction;
+exports.getCurve25519ModularMulFunction = getCurve25519ModularMulFunction;
+exports.getCurve25519ModularPowFunction = getCurve25519ModularPowFunction;
+exports.getCurve25519ModularSubFunction = getCurve25519ModularSubFunction;
+//# sourceMappingURL=chunk-Y55PYKXH.cjs.map
+//# sourceMappingURL=chunk-Y55PYKXH.cjs.map