@waku/discovery 0.0.6-f599932.0 → 0.0.7-09108d9.0

package/bundle/index.js

@@ -19,6 +19,10 @@
  */
 const peerDiscoverySymbol = Symbol.for('@libp2p/peer-discovery');
 
+/**
+ * All PeerId implementations must use this symbol as the name of a property
+ * with a boolean `true` value
+ */
 const peerIdSymbol = Symbol.for('@libp2p/peer-id');
 
 /**
@@ -26,31 +30,55 @@ const peerIdSymbol = Symbol.for('@libp2p/peer-id');
  * usually in response to the `abort` event being emitted by an
  * AbortSignal.
  */
-class CodeError extends Error {
-    code;
-    props;
-    constructor(message, code, props) {
+/**
+ * Thrown when invalid parameters are passed to a function or method call
+ */
+class InvalidParametersError extends Error {
+    static name = 'InvalidParametersError';
+    constructor(message = 'Invalid parameters') {
         super(message);
-        this.code = code;
-        this.name = props?.name ?? 'CodeError';
-        this.props = props ?? {}; // eslint-disable-line @typescript-eslint/consistent-type-assertions
+        this.name = 'InvalidParametersError';
     }
 }
-class AggregateCodeError extends AggregateError {
-    code;
-    props;
-    constructor(errors, message, code, props) {
-        super(errors, message);
-        this.code = code;
-        this.name = props?.name ?? 'AggregateCodeError';
-        this.props = props ?? {}; // eslint-disable-line @typescript-eslint/consistent-type-assertions
+/**
+ * Thrown when a public key is invalid
+ */
+class InvalidPublicKeyError extends Error {
+    static name = 'InvalidPublicKeyError';
+    constructor(message = 'Invalid public key') {
+        super(message);
+        this.name = 'InvalidPublicKeyError';
+    }
+}
+/**
+ * Thrown when an invalid multihash is encountered
+ */
+class InvalidMultihashError extends Error {
+    static name = 'InvalidMultihashError';
+    constructor(message = 'Invalid Multihash') {
+        super(message);
+        this.name = 'InvalidMultihashError';
+    }
+}
+/**
+ * Thrown when and attempt to operate on an unsupported key was made
+ */
+class UnsupportedKeyTypeError extends Error {
+    static name = 'UnsupportedKeyTypeError';
+    constructor(message = 'Unsupported key type') {
+        super(message);
+        this.name = 'UnsupportedKeyTypeError';
     }
 }
 
-/** Noop for browser compatibility */
+/**
+ * Noop for browser compatibility
+ */
 function setMaxListeners$1() { }
 
-// create a setMaxListeners that doesn't break browser usage
+/**
+ * Create a setMaxListeners that doesn't break browser usage
+ */
 const setMaxListeners = (n, ...eventTargets) => {
     try {
         setMaxListeners$1(n, ...eventTargets);
@@ -114,7 +142,6 @@ class TypedEventEmitter extends EventTarget {
         return this.dispatchEvent(new CustomEvent(type, detail));
     }
 }
-const CustomEvent = globalThis.CustomEvent;
 
 var Protocols;
 (function (Protocols) {
@@ -125,43 +152,24 @@ var Protocols;
 })(Protocols || (Protocols = {}));
 var ProtocolError;
 (function (ProtocolError) {
-    /** Could not determine the origin of the fault. Best to check connectivity and try again */
+    //
+    // GENERAL ERRORS SECTION
+    //
+    /**
+     * Could not determine the origin of the fault. Best to check connectivity and try again
+     * */
     ProtocolError["GENERIC_FAIL"] = "Generic error";
     /**
-     * Failure to protobuf encode the message. This is not recoverable and needs
-     * further investigation.
+     * The remote peer rejected the message. Information provided by the remote peer
+     * is logged. Review message validity, or mitigation for `NO_PEER_AVAILABLE`
+     * or `DECODE_FAILED` can be used.
      */
-    ProtocolError["ENCODE_FAILED"] = "Failed to encode";
+    ProtocolError["REMOTE_PEER_REJECTED"] = "Remote peer rejected";
     /**
      * Failure to protobuf decode the message. May be due to a remote peer issue,
      * ensuring that messages are sent via several peer enable mitigation of this error.
      */
     ProtocolError["DECODE_FAILED"] = "Failed to decode";
-    /**
-     * The message payload is empty, making the message invalid. Ensure that a non-empty
-     * payload is set on the outgoing message.
-     */
-    ProtocolError["EMPTY_PAYLOAD"] = "Payload is empty";
-    /**
-     * The message size is above the maximum message size allowed on the Waku Network.
-     * Compressing the message or using an alternative strategy for large messages is recommended.
-     */
-    ProtocolError["SIZE_TOO_BIG"] = "Size is too big";
-    /**
-     * The PubsubTopic passed to the send function is not configured on the Waku node.
-     * Please ensure that the PubsubTopic is used when initializing the Waku node.
-     */
-    ProtocolError["TOPIC_NOT_CONFIGURED"] = "Topic not configured";
-    /**
-     * The pubsub topic configured on the decoder does not match the pubsub topic setup on the protocol.
-     * Ensure that the pubsub topic used for decoder creation is the same as the one used for protocol.
-     */
-    ProtocolError["TOPIC_DECODER_MISMATCH"] = "Topic decoder mismatch";
-    /**
-     * The topics passed in the decoders do not match each other, or don't exist at all.
-     * Ensure that all the pubsub topics used in the decoders are valid and match each other.
-     */
-    ProtocolError["INVALID_DECODER_TOPICS"] = "Invalid decoder topics";
     /**
      * Failure to find a peer with suitable protocols. This may due to a connection issue.
      * Mitigation can be: retrying after a given time period, display connectivity issue
@@ -179,37 +187,51 @@ var ProtocolError;
      * or `DECODE_FAILED` can be used.
      */
     ProtocolError["NO_RESPONSE"] = "No response received";
+    //
+    // SEND ERRORS SECTION
+    //
     /**
-     * The remote peer rejected the message. Information provided by the remote peer
-     * is logged. Review message validity, or mitigation for `NO_PEER_AVAILABLE`
-     * or `DECODE_FAILED` can be used.
+     * Failure to protobuf encode the message. This is not recoverable and needs
+     * further investigation.
      */
-    ProtocolError["REMOTE_PEER_REJECTED"] = "Remote peer rejected";
+    ProtocolError["ENCODE_FAILED"] = "Failed to encode";
     /**
-     * The protocol request timed out without a response. This may be due to a connection issue.
-     * Mitigation can be: retrying after a given time period
+     * The message payload is empty, making the message invalid. Ensure that a non-empty
+     * payload is set on the outgoing message.
      */
-    ProtocolError["REQUEST_TIMEOUT"] = "Request timeout";
+    ProtocolError["EMPTY_PAYLOAD"] = "Payload is empty";
     /**
-     * Missing credentials info message.
-     * nwaku: https://github.com/waku-org/nwaku/blob/c3cb06ac6c03f0f382d3941ea53b330f6a8dd127/waku/waku_rln_relay/group_manager/group_manager_base.nim#L186
+     * The message size is above the maximum message size allowed on the Waku Network.
+     * Compressing the message or using an alternative strategy for large messages is recommended.
      */
-    ProtocolError["RLN_IDENTITY_MISSING"] = "Identity credentials are not set";
+    ProtocolError["SIZE_TOO_BIG"] = "Size is too big";
     /**
-     * Membership index missing info message.
-     * nwaku: https://github.com/waku-org/nwaku/blob/c3cb06ac6c03f0f382d3941ea53b330f6a8dd127/waku/waku_rln_relay/group_manager/group_manager_base.nim#L188
+     * The PubsubTopic passed to the send function is not configured on the Waku node.
+     * Please ensure that the PubsubTopic is used when initializing the Waku node.
      */
-    ProtocolError["RLN_MEMBERSHIP_INDEX"] = "Membership index is not set";
+    ProtocolError["TOPIC_NOT_CONFIGURED"] = "Topic not configured";
     /**
-     * Message limit is missing.
-     * nwaku: https://github.com/waku-org/nwaku/blob/c3cb06ac6c03f0f382d3941ea53b330f6a8dd127/waku/waku_rln_relay/group_manager/group_manager_base.nim#L190
+     * Fails when
      */
-    ProtocolError["RLN_LIMIT_MISSING"] = "User message limit is not set";
+    ProtocolError["STREAM_ABORTED"] = "Stream aborted";
     /**
      * General proof generation error message.
      * nwaku: https://github.com/waku-org/nwaku/blob/c3cb06ac6c03f0f382d3941ea53b330f6a8dd127/waku/waku_rln_relay/group_manager/group_manager_base.nim#L201C19-L201C42
      */
     ProtocolError["RLN_PROOF_GENERATION"] = "Proof generation failed";
+    //
+    // RECEIVE ERRORS SECTION
+    //
+    /**
+     * The pubsub topic configured on the decoder does not match the pubsub topic setup on the protocol.
+     * Ensure that the pubsub topic used for decoder creation is the same as the one used for protocol.
+     */
+    ProtocolError["TOPIC_DECODER_MISMATCH"] = "Topic decoder mismatch";
+    /**
+     * The topics passed in the decoders do not match each other, or don't exist at all.
+     * Ensure that all the pubsub topics used in the decoders are valid and match each other.
+     */
+    ProtocolError["INVALID_DECODER_TOPICS"] = "Invalid decoder topics";
 })(ProtocolError || (ProtocolError = {}));
 
 var Tags;
@@ -232,6 +254,10 @@ var EConnectionStateEvents;
 
 const DNS_DISCOVERY_TAG = "@waku/bootstrap";
 
+var HealthStatusChangeEvents;
+(function (HealthStatusChangeEvents) {
+    HealthStatusChangeEvents["StatusChange"] = "health:change";
+})(HealthStatusChangeEvents || (HealthStatusChangeEvents = {}));
 var HealthStatus;
 (function (HealthStatus) {
     HealthStatus["Unhealthy"] = "Unhealthy";
@@ -243,43 +269,55 @@ function isDefined(value) {
     return Boolean(value);
 }
 
-function number(n) {
+/**
+ * Internal assertion helpers.
+ * @module
+ */
+/** Asserts something is positive integer. */
+function anumber(n) {
     if (!Number.isSafeInteger(n) || n < 0)
-        throw new Error(`positive integer expected, not ${n}`);
+        throw new Error('positive integer expected, got ' + n);
 }
-// copied from utils
+/** Is number an Uint8Array? Copied from utils for perf. */
 function isBytes$2(a) {
-    return (a instanceof Uint8Array ||
-        (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
+    return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
 }
-function bytes(b, ...lengths) {
+/** Asserts something is Uint8Array. */
+function abytes$1(b, ...lengths) {
     if (!isBytes$2(b))
         throw new Error('Uint8Array expected');
     if (lengths.length > 0 && !lengths.includes(b.length))
-        throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);
+        throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);
 }
-function hash(h) {
+/** Asserts something is hash */
+function ahash(h) {
     if (typeof h !== 'function' || typeof h.create !== 'function')
         throw new Error('Hash should be wrapped by utils.wrapConstructor');
-    number(h.outputLen);
-    number(h.blockLen);
+    anumber(h.outputLen);
+    anumber(h.blockLen);
 }
-function exists(instance, checkFinished = true) {
+/** Asserts a hash instance has not been destroyed / finished */
+function aexists(instance, checkFinished = true) {
     if (instance.destroyed)
         throw new Error('Hash instance has been destroyed');
     if (checkFinished && instance.finished)
         throw new Error('Hash#digest() has already been called');
 }
-function output(out, instance) {
-    bytes(out);
+/** Asserts output is properly-sized byte array */
+function aoutput(out, instance) {
+    abytes$1(out);
     const min = instance.outputLen;
     if (out.length < min) {
-        throw new Error(`digestInto() expects output buffer of length at least ${min}`);
+        throw new Error('digestInto() expects output buffer of length at least ' + min);
     }
 }
 
 const crypto$2 = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;
 
+/**
+ * Utilities for hex, bytes, CSPRNG.
+ * @module
+ */
 /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
 // node.js versions earlier than v19 don't declare it in global scope.
@@ -288,33 +326,20 @@ const crypto$2 = typeof globalThis === 'object' && 'crypto' in globalThis ? glob
 // Makes the utils un-importable in browsers without a bundler.
 // Once node.js 18 is deprecated (2025-04-30), we can just drop the import.
 // Cast array to view
-const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
-// The rotate right (circular right shift) operation for uint32
-const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
-new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
-// There is no setImmediate in browser and setTimeout is slow.
-// call of async fn will return Promise, which will be fullfiled only on
-// next scheduler queue processing step and this is exactly what we need.
-const nextTick = async () => { };
-// Returns control to thread each 'tick' ms to avoid blocking
-async function asyncLoop(iters, tick, cb) {
-    let ts = Date.now();
-    for (let i = 0; i < iters; i++) {
-        cb(i);
-        // Date.now() is not monotonic, so in case if clock goes backwards we return return control too
-        const diff = Date.now() - ts;
-        if (diff >= 0 && diff < tick)
-            continue;
-        await nextTick();
-        ts += diff;
-    }
+function createView(arr) {
+    return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+}
+/** The rotate right (circular right shift) operation for uint32 */
+function rotr(word, shift) {
+    return (word << (32 - shift)) | (word >>> shift);
 }
 /**
+ * Convert JS string to byte array.
  * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
  */
 function utf8ToBytes$2(str) {
     if (typeof str !== 'string')
-        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+        throw new Error('utf8ToBytes expected string, got ' + typeof str);
     return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
 }
 /**
@@ -325,7 +350,7 @@ function utf8ToBytes$2(str) {
 function toBytes$1(data) {
     if (typeof data === 'string')
         data = utf8ToBytes$2(data);
-    bytes(data);
+    abytes$1(data);
     return data;
 }
 /**
@@ -335,7 +360,7 @@ function concatBytes$2(...arrays) {
     let sum = 0;
     for (let i = 0; i < arrays.length; i++) {
         const a = arrays[i];
-        bytes(a);
+        abytes$1(a);
         sum += a.length;
     }
     const res = new Uint8Array(sum);
@@ -346,20 +371,14 @@ function concatBytes$2(...arrays) {
     }
     return res;
 }
-// For runtime check if class implements interface
+/** For runtime check if class implements interface */
 class Hash {
     // Safe version that clones internal state
     clone() {
         return this._cloneInto();
     }
 }
-const toStr = {}.toString;
-function checkOpts(defaults, opts) {
-    if (opts !== undefined && toStr.call(opts) !== '[object Object]')
-        throw new Error('Options should be object or undefined');
-    const merged = Object.assign(defaults, opts);
-    return merged;
-}
+/** Wraps hash function, creating an interface on top of it */
 function wrapConstructor(hashCons) {
     const hashC = (msg) => hashCons().update(toBytes$1(msg)).digest();
     const tmp = hashCons();
@@ -368,17 +387,23 @@ function wrapConstructor(hashCons) {
     hashC.create = () => hashCons();
     return hashC;
 }
-/**
- * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.
- */
-function randomBytes$1(bytesLength = 32) {
+/** Cryptographically secure PRNG. Uses internal OS-level `crypto.getRandomValues`. */
+function randomBytes(bytesLength = 32) {
     if (crypto$2 && typeof crypto$2.getRandomValues === 'function') {
         return crypto$2.getRandomValues(new Uint8Array(bytesLength));
     }
+    // Legacy Node.js compatibility
+    if (crypto$2 && typeof crypto$2.randomBytes === 'function') {
+        return crypto$2.randomBytes(bytesLength);
+    }
     throw new Error('crypto.getRandomValues must be defined');
 }
 
-// Polyfill for Safari 14
+/**
+ * Internal Merkle-Damgard hash utils.
+ * @module
+ */
+/** Polyfill for Safari 14. https://caniuse.com/mdn-javascript_builtins_dataview_setbiguint64 */
 function setBigUint64(view, byteOffset, value, isLE) {
     if (typeof view.setBigUint64 === 'function')
         return view.setBigUint64(byteOffset, value, isLE);
@@ -391,10 +416,14 @@ function setBigUint64(view, byteOffset, value, isLE) {
     view.setUint32(byteOffset + h, wh, isLE);
     view.setUint32(byteOffset + l, wl, isLE);
 }
-// Choice: a ? b : c
-const Chi = (a, b, c) => (a & b) ^ (~a & c);
-// Majority function, true if any two inpust is true
-const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
+/** Choice: a ? b : c */
+function Chi(a, b, c) {
+    return (a & b) ^ (~a & c);
+}
+/** Majority function, true if any two inputs is true. */
+function Maj(a, b, c) {
+    return (a & b) ^ (a & c) ^ (b & c);
+}
 /**
  * Merkle-Damgard hash construction base class.
  * Could be used to create MD5, RIPEMD, SHA1, SHA2.
@@ -414,7 +443,7 @@ class HashMD extends Hash {
         this.view = createView(this.buffer);
     }
     update(data) {
-        exists(this);
+        aexists(this);
         const { view, buffer, blockLen } = this;
         data = toBytes$1(data);
         const len = data.length;
@@ -440,8 +469,8 @@ class HashMD extends Hash {
         return this;
     }
     digestInto(out) {
-        exists(this);
-        output(out, this);
+        aexists(this);
+        aoutput(out, this);
         this.finished = true;
         // Padding
         // We can avoid allocation of buffer for padding completely if it
@@ -498,10 +527,16 @@ class HashMD extends Hash {
     }
 }
 
-// SHA2-256 need to try 2^128 hashes to execute birthday attack.
-// BTC network is doing 2^67 hashes/sec as per early 2023.
-// Round constants:
-// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
+/**
+ * SHA2-256 a.k.a. sha256. In JS, it is the fastest hash, even faster than Blake3.
+ *
+ * To break sha256 using birthday attack, attackers need to try 2^128 hashes.
+ * BTC network is doing 2^70 hashes/sec (2^95 hashes/year) as per 2025.
+ *
+ * Check out [FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).
+ * @module
+ */
+/** Round constants: first 32 bits of fractional parts of the cube roots of the first 64 primes 2..311). */
 // prettier-ignore
 const SHA256_K = /* @__PURE__ */ new Uint32Array([
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
@@ -513,14 +548,15 @@ const SHA256_K = /* @__PURE__ */ new Uint32Array([
     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
 ]);
-// Initial state:
-// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
+/** Initial state: first 32 bits of fractional parts of the square roots of the first 8 primes 2..19. */
 // prettier-ignore
 const SHA256_IV = /* @__PURE__ */ new Uint32Array([
     0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
 ]);
-// Temporary buffer, not used to store anything between runs
-// Named this way because it matches specification.
+/**
+ * Temporary buffer, not used to store anything between runs.
+ * Named this way because it matches specification.
+ */
 const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
 class SHA256 extends HashMD {
     constructor() {
@@ -597,10 +633,7 @@ class SHA256 extends HashMD {
         this.buffer.fill(0);
     }
 }
-/**
- * SHA2-256 hash function
- * @param message - data that would be hashed
- */
+/** SHA2-256 hash function */
 const sha256$1 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
 
 function equals$2(aa, bb) {
@@ -838,11 +871,12 @@ class Decoder {
     constructor(name, prefix, baseDecode) {
         this.name = name;
         this.prefix = prefix;
+        const prefixCodePoint = prefix.codePointAt(0);
         /* c8 ignore next 3 */
-        if (prefix.codePointAt(0) === undefined) {
+        if (prefixCodePoint === undefined) {
             throw new Error('Invalid prefix character');
         }
-        this.prefixCodePoint = prefix.codePointAt(0);
+        this.prefixCodePoint = prefixCodePoint;
         this.baseDecode = baseDecode;
     }
     decode(text) {
@@ -1046,7 +1080,14 @@ var base2$1 = /*#__PURE__*/Object.freeze({
 
 const alphabet = Array.from('🚀🪐☄🛰🌌🌑🌒🌓🌔🌕🌖🌗🌘🌍🌏🌎🐉☀💻🖥💾💿😂❤😍🤣😊🙏💕😭😘👍😅👏😁🔥🥰💔💖💙😢🤔😆🙄💪😉☺👌🤗💜😔😎😇🌹🤦🎉💞✌✨🤷😱😌🌸🙌😋💗💚😏💛🙂💓🤩😄😀🖤😃💯🙈👇🎶😒🤭❣😜💋👀😪😑💥🙋😞😩😡🤪👊🥳😥🤤👉💃😳✋😚😝😴🌟😬🙃🍀🌷😻😓⭐✅🥺🌈😈🤘💦✔😣🏃💐☹🎊💘😠☝😕🌺🎂🌻😐🖕💝🙊😹🗣💫💀👑🎵🤞😛🔴😤🌼😫⚽🤙☕🏆🤫👈😮🙆🍻🍃🐶💁😲🌿🧡🎁⚡🌞🎈❌✊👋😰🤨😶🤝🚶💰🍓💢🤟🙁🚨💨🤬✈🎀🍺🤓😙💟🌱😖👶🥴▶➡❓💎💸⬇😨🌚🦋😷🕺⚠🙅😟😵👎🤲🤠🤧📌🔵💅🧐🐾🍒😗🤑🌊🤯🐷☎💧😯💆👆🎤🙇🍑❄🌴💣🐸💌📍🥀🤢👅💡💩👐📸👻🤐🤮🎼🥵🚩🍎🍊👼💍📣🥂');
 const alphabetBytesToChars = (alphabet.reduce((p, c, i) => { p[i] = c; return p; }, ([])));
-const alphabetCharsToBytes = (alphabet.reduce((p, c, i) => { p[c.codePointAt(0)] = i; return p; }, ([])));
+const alphabetCharsToBytes = (alphabet.reduce((p, c, i) => {
+    const codePoint = c.codePointAt(0);
+    if (codePoint == null) {
+        throw new Error(`Invalid character: ${c}`);
+    }
+    p[codePoint] = i;
+    return p;
+}, ([])));
 function encode$8(data) {
     return data.reduce((p, c) => {
         p += alphabetBytesToChars[c];
@@ -1056,8 +1097,12 @@ function encode$8(data) {
 function decode$9(str) {
     const byts = [];
     for (const char of str) {
-        const byt = alphabetCharsToBytes[char.codePointAt(0)];
-        if (byt === undefined) {
+        const codePoint = char.codePointAt(0);
+        if (codePoint == null) {
+            throw new Error(`Invalid character: ${char}`);
+        }
+        const byt = alphabetCharsToBytes[codePoint];
+        if (byt == null) {
             throw new Error(`Non-base256emoji character: ${char}`);
         }
         byts.push(byt);
@@ -1240,7 +1285,7 @@ new TextDecoder();
 
 /* eslint-disable */
 var encode_1 = encode$7;
-var MSB$1 = 0x80, REST$1 = 0x7F, MSBALL = ~REST$1, INT = Math.pow(2, 31);
+var MSB$1 = 0x80, MSBALL = -128, INT = Math.pow(2, 31);
 /**
  * @param {number} num
  * @param {number[]} out
@@ -1264,7 +1309,7 @@ function encode$7(num, out, offset) {
     return out;
 }
 var decode$8 = read$1;
-var MSB$1$1 = 0x80, REST$1$1 = 0x7F;
+var MSB$1$1 = 0x80, REST$1 = 0x7F;
 /**
  * @param {string | any[]} buf
  * @param {number} offset
@@ -1279,8 +1324,8 @@ function read$1(buf, offset) {
         }
         b = buf[counter++];
         res += shift < 28
-            ? (b & REST$1$1) << shift
-            : (b & REST$1$1) * Math.pow(2, shift);
+            ? (b & REST$1) << shift
+            : (b & REST$1) * Math.pow(2, shift);
         shift += 7;
     } while (b >= MSB$1$1);
     // @ts-ignore
@@ -1330,7 +1375,7 @@ function encodingLength$3(int) {
 /**
  * Creates a multihash digest.
  */
-function create$1(code, digest) {
+function create(code, digest) {
     const size = digest.byteLength;
     const sizeOffset = encodingLength$3(code);
     const digestOffset = sizeOffset + encodingLength$3(size);
@@ -1389,7 +1434,7 @@ const code = 0x0;
 const name$1 = 'identity';
 const encode$6 = coerce;
 function digest(input) {
-    return create$1(code, encode$6(input));
+    return create(code, encode$6(input));
 }
 const identity = { code, name: name$1, encode: encode$6, digest };
 
@@ -1413,9 +1458,9 @@ class Hasher {
         if (input instanceof Uint8Array) {
             const result = this.encode(input);
             return result instanceof Uint8Array
-                ? create$1(this.code, result)
+                ? create(this.code, result)
                 /* c8 ignore next 1 */
-                : result.then(digest => create$1(this.code, digest));
+                : result.then(digest => create(this.code, digest));
         }
         else {
             throw Error('Unknown type, must be binary type');
@@ -1515,7 +1560,7 @@ class CID {
         switch (this.version) {
             case 0: {
                 const { code, digest } = this.multihash;
-                const multihash = create$1(code, digest);
+                const multihash = create(code, digest);
                 return (CID.createV1(this.code, multihash));
             }
             case 1: {
@@ -1745,9 +1790,13 @@ function parseCIDtoBytes(source, base) {
             const decoder = base ?? base32$2;
             return [base32$2.prefix, decoder.decode(source)];
         }
+        case base36.prefix: {
+            const decoder = base ?? base36;
+            return [base36.prefix, decoder.decode(source)];
+        }
         default: {
             if (base == null) {
-                throw Error('To parse non base32 or base58btc encoded CID multibase decoder must be provided');
+                throw Error('To parse non base32, base36 or base58btc encoded CID multibase decoder must be provided');
             }
             return [source[0], base.decode(source)];
         }
@@ -2014,7 +2063,7 @@ function requireMs () {
 	 * @api public
 	 */
 
-	ms = function(val, options) {
+	ms = function (val, options) {
 	  options = options || {};
 	  var type = typeof val;
 	  if (type === 'string' && val.length > 0) {
@@ -2321,24 +2370,62 @@ function setup(env) {
 		createDebug.names = [];
 		createDebug.skips = [];
 
-		let i;
-		const split = (typeof namespaces === 'string' ? namespaces : '').split(/[\s,]+/);
-		const len = split.length;
+		const split = (typeof namespaces === 'string' ? namespaces : '')
+			.trim()
+			.replace(' ', ',')
+			.split(',')
+			.filter(Boolean);
 
-		for (i = 0; i < len; i++) {
-			if (!split[i]) {
-				// ignore empty strings
-				continue;
+		for (const ns of split) {
+			if (ns[0] === '-') {
+				createDebug.skips.push(ns.slice(1));
+			} else {
+				createDebug.names.push(ns);
 			}
+		}
+	}
 
-			namespaces = split[i].replace(/\*/g, '.*?');
-
-			if (namespaces[0] === '-') {
-				createDebug.skips.push(new RegExp('^' + namespaces.slice(1) + '$'));
+	/**
+	 * Checks if the given string matches a namespace template, honoring
+	 * asterisks as wildcards.
+	 *
+	 * @param {String} search
+	 * @param {String} template
+	 * @return {Boolean}
+	 */
+	function matchesTemplate(search, template) {
+		let searchIndex = 0;
+		let templateIndex = 0;
+		let starIndex = -1;
+		let matchIndex = 0;
+
+		while (searchIndex < search.length) {
+			if (templateIndex < template.length && (template[templateIndex] === search[searchIndex] || template[templateIndex] === '*')) {
+				// Match character or proceed with wildcard
+				if (template[templateIndex] === '*') {
+					starIndex = templateIndex;
+					matchIndex = searchIndex;
+					templateIndex++; // Skip the '*'
+				} else {
+					searchIndex++;
+					templateIndex++;
+				}
+			} else if (starIndex !== -1) { // eslint-disable-line no-negated-condition
+				// Backtrack to the last '*' and try to match more characters
+				templateIndex = starIndex + 1;
+				matchIndex++;
+				searchIndex = matchIndex;
 			} else {
-				createDebug.names.push(new RegExp('^' + namespaces + '$'));
+				return false; // No match
 			}
 		}
+
+		// Handle trailing '*' in template
+		while (templateIndex < template.length && template[templateIndex] === '*') {
+			templateIndex++;
+		}
+
+		return templateIndex === template.length;
 	}
 
 	/**
@@ -2349,8 +2436,8 @@ function setup(env) {
 	*/
 	function disable() {
 		const namespaces = [
-			...createDebug.names.map(toNamespace),
-			...createDebug.skips.map(toNamespace).map(namespace => '-' + namespace)
+			...createDebug.names,
+			...createDebug.skips.map(namespace => '-' + namespace)
 		].join(',');
 		createDebug.enable('');
 		return namespaces;
@@ -2364,21 +2451,14 @@ function setup(env) {
 	* @api public
 	*/
 	function enabled(name) {
-		if (name[name.length - 1] === '*') {
-			return true;
-		}
-
-		let i;
-		let len;
-
-		for (i = 0, len = createDebug.skips.length; i < len; i++) {
-			if (createDebug.skips[i].test(name)) {
+		for (const skip of createDebug.skips) {
+			if (matchesTemplate(name, skip)) {
 				return false;
 			}
 		}
 
-		for (i = 0, len = createDebug.names.length; i < len; i++) {
-			if (createDebug.names[i].test(name)) {
+		for (const ns of createDebug.names) {
+			if (matchesTemplate(name, ns)) {
 				return true;
 			}
 		}
@@ -2386,19 +2466,6 @@ function setup(env) {
 		return false;
 	}
 
-	/**
-	* Convert regexp to namespace
-	*
-	* @param {RegExp} regxep
-	* @return {String} namespace
-	* @api private
-	*/
-	function toNamespace(regexp) {
-		return regexp.toString()
-			.substring(2, regexp.toString().length - 2)
-			.replace(/\.\*\?$/, '*');
-	}
-
 	/**
 	* Coerce `val`.
 	*
@@ -2560,6 +2627,7 @@ var common = setup;
 
 		// Is webkit? http://stackoverflow.com/a/16459606/376773
 		// document is undefined in react-native: https://github.com/facebook/react-native/pull/1632
+		// eslint-disable-next-line no-return-assign
 		return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) ||
 			// Is firebug? http://stackoverflow.com/a/398120/376773
 			(typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) ||
@@ -2707,7 +2775,6 @@ var debug = /*@__PURE__*/getDefaultExportFromCjs(browserExports);
 
 const APP_NAME = "waku";
 let Logger$1 = class Logger {
-    _debug;
     _info;
     _warn;
     _error;
@@ -2715,14 +2782,10 @@ let Logger$1 = class Logger {
         return prefix ? `${APP_NAME}:${level}:${prefix}` : `${APP_NAME}:${level}`;
     }
     constructor(prefix) {
-        this._debug = debug(Logger.createDebugNamespace("debug", prefix));
         this._info = debug(Logger.createDebugNamespace("info", prefix));
         this._warn = debug(Logger.createDebugNamespace("warn", prefix));
         this._error = debug(Logger.createDebugNamespace("error", prefix));
     }
-    get debug() {
-        return this._debug;
-    }
     get info() {
         return this._info;
     }
@@ -3005,10 +3068,10 @@ class JacobianPoint {
             const cond1 = window % 2 !== 0;
             const cond2 = wbits < 0;
             if (wbits === 0) {
-                f = f.add(constTimeNegate(cond1, precomputes[offset1]));
+                f = f.add(constTimeNegate$1(cond1, precomputes[offset1]));
             }
             else {
-                p = p.add(constTimeNegate(cond2, precomputes[offset2]));
+                p = p.add(constTimeNegate$1(cond2, precomputes[offset2]));
             }
         }
         return { p, f };
@@ -3021,8 +3084,8 @@ class JacobianPoint {
             const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
             let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
             let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
-            k1p = constTimeNegate(k1neg, k1p);
-            k2p = constTimeNegate(k2neg, k2p);
+            k1p = constTimeNegate$1(k1neg, k1p);
+            k2p = constTimeNegate$1(k2neg, k2p);
             k2p = new JacobianPoint(mod$1(k2p.x * endo.beta), k2p.y, k2p.z);
             point = k1p.add(k2p);
             fake = f1p.add(f2p);
@@ -3054,7 +3117,7 @@ class JacobianPoint {
 }
 JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n$7);
 JacobianPoint.ZERO = new JacobianPoint(_0n$5, _1n$7, _0n$5);
-function constTimeNegate(condition, item) {
+function constTimeNegate$1(condition, item) {
     const neg = item.negate();
     return condition ? neg : item;
 }
@@ -4974,7 +5037,7 @@ function parseIPv6(input) {
     return parser.new(input).parseWith(() => parser.readIPv6Addr());
 }
 /** Parse `input` into IPv4 or IPv6 bytes. */
-function parseIP(input) {
+function parseIP(input, mapIPv4ToIPv6 = false) {
     // strip zone index if it is present
     if (input.includes("%")) {
         input = input.split("%")[0];
@@ -4982,7 +5045,14 @@ function parseIP(input) {
     if (input.length > MAX_IPV6_LENGTH) {
         return undefined;
     }
-    return parser.new(input).parseWith(() => parser.readIPAddr());
+    const addr = parser.new(input).parseWith(() => parser.readIPAddr());
+    if (!addr) {
+        return undefined;
+    }
+    if (mapIPv4ToIPv6 && addr.length === 4) {
+        return Uint8Array.from([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, addr[0], addr[1], addr[2], addr[3]]);
+    }
+    return addr;
 }
 
 /** Check if `input` is IPv4. */
@@ -5170,17 +5240,13 @@ function getProtocol(proto) {
     throw new Error(`invalid protocol id type: ${typeof proto}`);
 }
 
-/**
- * @packageDocumentation
- *
- * Provides methods for converting
- */
 getProtocol('ip4');
 getProtocol('ip6');
 getProtocol('ipcidr');
 /**
  * Convert [code,Uint8Array] to string
  */
+// eslint-disable-next-line complexity
 function convertToString(proto, buf) {
     const protocol = getProtocol(proto);
     switch (protocol.code) {
@@ -5189,6 +5255,8 @@ function convertToString(proto, buf) {
             return bytes2ip(buf);
         case 42: // ipv6zone
             return bytes2str(buf);
+        case 43: // ipcidr
+            return toString$6(buf, 'base10');
         case 6: // tcp
         case 273: // udp
         case 33: // dccp
@@ -5216,6 +5284,7 @@ function convertToString(proto, buf) {
             return toString$6(buf, 'base16'); // no clue. convert to hex
     }
 }
+// eslint-disable-next-line complexity
 function convertToBytes(proto, str) {
     const protocol = getProtocol(proto);
     switch (protocol.code) {
@@ -5225,6 +5294,8 @@ function convertToBytes(proto, str) {
             return ip2bytes(str);
         case 42: // ipv6zone
             return str2bytes(str);
+        case 43: // ipcidr
+            return fromString(str, 'base10');
         case 6: // tcp
         case 273: // udp
         case 33: // dccp
@@ -5519,20 +5590,7 @@ function ParseError(str) {
     return new Error('Error parsing address: ' + str);
 }
 
-/**
- * @packageDocumentation
- *
- * An implementation of a Multiaddr in JavaScript
- *
- * @example
- *
- * ```js
- * import { multiaddr } from '@multiformats/multiaddr'
- *
- * const ma = multiaddr('/ip4/127.0.0.1/tcp/1234')
- * ```
- */
-const inspect$1 = Symbol.for('nodejs.util.inspect.custom');
+const inspect$2 = Symbol.for('nodejs.util.inspect.custom');
 const symbol$1 = Symbol.for('@multiformats/js-multiaddr/multiaddr');
 const DNS_CODES = [
     getProtocol('dns').code,
@@ -5540,6 +5598,12 @@ const DNS_CODES = [
     getProtocol('dns6').code,
     getProtocol('dnsaddr').code
 ];
+class NoAvailableResolverError extends Error {
+    constructor(message = 'No available resolver') {
+        super(message);
+        this.name = 'NoAvailableResolverError';
+    }
+}
 /**
  * Creates a {@link Multiaddr} from a {@link MultiaddrInput}
  */
@@ -5637,10 +5701,20 @@ class Multiaddr {
         return this.#tuples.map(([code]) => getProtocol(code).name);
     }
     tuples() {
-        return this.#tuples;
+        return this.#tuples.map(([code, value]) => {
+            if (value == null) {
+                return [code];
+            }
+            return [code, value];
+        });
     }
     stringTuples() {
-        return this.#stringTuples;
+        return this.#stringTuples.map(([code, value]) => {
+            if (value == null) {
+                return [code];
+            }
+            return [code, value];
+        });
     }
     encapsulate(addr) {
         addr = new Multiaddr(addr);
@@ -5709,7 +5783,7 @@ class Multiaddr {
         }
         const resolver = resolvers$1.get(resolvableProto.name);
         if (resolver == null) {
-            throw new CodeError(`no available resolver for ${resolvableProto.name}`, 'ERR_NO_AVAILABLE_RESOLVER');
+            throw new NoAvailableResolverError(`no available resolver for ${resolvableProto.name}`);
         }
         const result = await resolver(this, options);
         return result.map(str => multiaddr(str));
@@ -5750,7 +5824,7 @@ class Multiaddr {
      * // 'Multiaddr(/ip4/127.0.0.1/tcp/4001)'
      * ```
      */
-    [inspect$1]() {
+    [inspect$2]() {
         return `Multiaddr(${this.#string})`;
     }
 }
@@ -5770,10 +5844,8 @@ class Multiaddr {
  *
  * ```TypeScript
  * import { multiaddr } from '@multiformats/multiaddr'
- * const addr =  multiaddr("/ip4/127.0.0.1/udp/1234")
- * // Multiaddr(/ip4/127.0.0.1/udp/1234)
  *
- * const addr = multiaddr("/ip4/127.0.0.1/udp/1234")
+ * const addr = multiaddr('/ip4/127.0.0.1/udp/1234')
  * // Multiaddr(/ip4/127.0.0.1/udp/1234)
  *
  * addr.bytes
@@ -5812,9 +5884,9 @@ class Multiaddr {
  *
  * ```TypeScript
  * import { multiaddr, resolvers } from '@multiformats/multiaddr'
- * import { dnsaddr } from '@multiformats/multiaddr/resolvers'
+ * import { dnsaddrResolver } from '@multiformats/multiaddr/resolvers'
  *
- * resolvers.set('dnsaddr', dnsaddr)
+ * resolvers.set('dnsaddr', dnsaddrResolver)
  *
  * const ma = multiaddr('/dnsaddr/bootstrap.libp2p.io')
  *
@@ -5823,7 +5895,7 @@ class Multiaddr {
  *   signal: AbortSignal.timeout(5000)
  * })
  *
- * console.info(await ma.resolve(resolved)
+ * console.info(resolved)
  * // [Multiaddr('/ip4/147.75...'), Multiaddr('/ip4/147.75...'), Multiaddr('/ip4/147.75...')...]
  * ```
  *
@@ -5837,7 +5909,9 @@ class Multiaddr {
  * import { dnsJsonOverHttps } from '@multiformats/dns/resolvers'
  *
  * const resolver = dns({
- *   '.': dnsJsonOverHttps('https://cloudflare-dns.com/dns-query')
+ *   resolvers: {
+ *     '.': dnsJsonOverHttps('https://cloudflare-dns.com/dns-query')
+ *   }
  * })
  *
  * const ma = multiaddr('/dnsaddr/bootstrap.libp2p.io')
@@ -5923,18 +5997,13 @@ function locationMultiaddrFromEnrFields(enr, protocol) {
     return multiaddrFromFields(isIpv6 ? "ip6" : "ip4", protoName, ipVal, protoVal);
 }
 
-function isPromise$1(thing) {
-    if (thing == null) {
-        return false;
-    }
-    return typeof thing.then === 'function' &&
-        typeof thing.catch === 'function' &&
-        typeof thing.finally === 'function';
-}
-
+/**
+ * Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.
+ * @todo re-check https://issues.chromium.org/issues/42212588
+ * @module
+ */
 const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
 const _32n = /* @__PURE__ */ BigInt(32);
-// We are not using BigUint64Array, because they are extremely slow as per 2022
 function fromBig(n, le = false) {
     if (le)
         return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
@@ -5991,6 +6060,13 @@ const u64 = {
     add, add3L, add3H, add4L, add4H, add5H, add5L,
 };
 
+/**
+ * SHA2-512 a.k.a. sha512 and sha384. It is slower than sha256 in js because u64 operations are slow.
+ *
+ * Check out [RFC 4634](https://datatracker.ietf.org/doc/html/rfc4634) and
+ * [the paper on truncated SHA512/256](https://eprint.iacr.org/2010/548.pdf).
+ * @module
+ */
 // Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):
 // prettier-ignore
 const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([
@@ -6145,8 +6221,13 @@ class SHA512 extends HashMD {
         this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
     }
 }
+/** SHA2-512 hash function. */
 const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());
 
+/**
+ * Hex, bytes and number utilities.
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 // 100 lines of code in the file are duplicated from noble-hashes (utils).
 // This is OK: `abstract` directory does not use noble-hashes.
@@ -6156,8 +6237,7 @@ const _0n$4 = /* @__PURE__ */ BigInt(0);
 const _1n$6 = /* @__PURE__ */ BigInt(1);
 const _2n$4 = /* @__PURE__ */ BigInt(2);
 function isBytes$1(a) {
-    return (a instanceof Uint8Array ||
-        (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
+    return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
 }
 function abytes(item) {
     if (!isBytes$1(item))
@@ -6165,7 +6245,7 @@ function abytes(item) {
 }
 function abool(title, value) {
     if (typeof value !== 'boolean')
-        throw new Error(`${title} must be valid boolean, got "${value}".`);
+        throw new Error(title + ' boolean expected, got ' + value);
 }
 // Array where index 0xf0 (240) is mapped to string 'f0'
 const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
@@ -6183,23 +6263,22 @@ function bytesToHex(bytes) {
 }
 function numberToHexUnpadded(num) {
     const hex = num.toString(16);
-    return hex.length & 1 ? `0${hex}` : hex;
+    return hex.length & 1 ? '0' + hex : hex;
 }
 function hexToNumber(hex) {
     if (typeof hex !== 'string')
         throw new Error('hex string expected, got ' + typeof hex);
-    // Big Endian
-    return BigInt(hex === '' ? '0' : `0x${hex}`);
+    return hex === '' ? _0n$4 : BigInt('0x' + hex); // Big Endian
 }
 // We use optimized technique to convert hex string to byte array
-const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };
-function asciiToBase16(char) {
-    if (char >= asciis._0 && char <= asciis._9)
-        return char - asciis._0;
-    if (char >= asciis._A && char <= asciis._F)
-        return char - (asciis._A - 10);
-    if (char >= asciis._a && char <= asciis._f)
-        return char - (asciis._a - 10);
+const asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function asciiToBase16(ch) {
+    if (ch >= asciis._0 && ch <= asciis._9)
+        return ch - asciis._0; // '2' => 50-48
+    if (ch >= asciis.A && ch <= asciis.F)
+        return ch - (asciis.A - 10); // 'B' => 66-(65-10)
+    if (ch >= asciis.a && ch <= asciis.f)
+        return ch - (asciis.a - 10); // 'b' => 98-(97-10)
     return;
 }
 /**
@@ -6211,7 +6290,7 @@ function hexToBytes(hex) {
     const hl = hex.length;
     const al = hl / 2;
     if (hl % 2)
-        throw new Error('padded hex string expected, got unpadded hex of length ' + hl);
+        throw new Error('hex string expected, got unpadded hex of length ' + hl);
     const array = new Uint8Array(al);
     for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
         const n1 = asciiToBase16(hex.charCodeAt(hi));
@@ -6220,7 +6299,7 @@ function hexToBytes(hex) {
             const char = hex[hi] + hex[hi + 1];
             throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
         }
-        array[ai] = n1 * 16 + n2;
+        array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163
     }
     return array;
 }
@@ -6258,7 +6337,7 @@ function ensureBytes(title, hex, expectedLength) {
             res = hexToBytes(hex);
         }
         catch (e) {
-            throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
+            throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);
         }
     }
     else if (isBytes$1(hex)) {
@@ -6267,11 +6346,11 @@ function ensureBytes(title, hex, expectedLength) {
         res = Uint8Array.from(hex);
     }
     else {
-        throw new Error(`${title} must be hex string or Uint8Array`);
+        throw new Error(title + ' must be hex string or Uint8Array');
     }
     const len = res.length;
     if (typeof expectedLength === 'number' && len !== expectedLength)
-        throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
+        throw new Error(title + ' of length ' + expectedLength + ' expected, got ' + len);
     return res;
 }
 /**
@@ -6306,7 +6385,7 @@ function equalBytes(a, b) {
  */
 function utf8ToBytes(str) {
     if (typeof str !== 'string')
-        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
+        throw new Error('string expected');
     return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
 }
 // Is positive bigint
@@ -6326,7 +6405,7 @@ function aInRange(title, n, min, max) {
     // - b would commonly require subtraction:  `inRange('x', x, 0n, P - 1n)`
     // - our way is the cleanest:               `inRange('x', x, 0n, P)
     if (!inRange(n, min, max))
-        throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);
+        throw new Error('expected valid ' + title + ': ' + min + ' <= n < ' + max + ', got ' + n);
 }
 // Bit operations
 /**
@@ -6436,12 +6515,12 @@ function validateObject(object, validators, optValidators = {}) {
     const checkField = (fieldName, type, isOptional) => {
         const checkVal = validatorFns[type];
         if (typeof checkVal !== 'function')
-            throw new Error(`Invalid validator "${type}", expected function`);
+            throw new Error('invalid validator function');
         const val = object[fieldName];
         if (isOptional && val === undefined)
             return;
         if (!checkVal(val, object)) {
-            throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
+            throw new Error('param ' + String(fieldName) + ' is invalid. Expected ' + type + ', got ' + val);
         }
     };
     for (const [fieldName, type] of Object.entries(validators))
@@ -6510,14 +6589,17 @@ var ut = /*#__PURE__*/Object.freeze({
     validateObject: validateObject
 });
 
+/**
+ * Utils for modular division and finite fields.
+ * A finite field over 11 is integer number operations `mod 11`.
+ * There is no division: it is replaced by modular multiplicative inverse.
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// Utilities for modular arithmetics and finite fields
 // prettier-ignore
-const _0n$3 = BigInt(0), _1n$5 = BigInt(1), _2n$3 = BigInt(2), _3n$1 = BigInt(3);
+const _0n$3 = BigInt(0), _1n$5 = BigInt(1), _2n$3 = /* @__PURE__ */ BigInt(2), _3n$1 = /* @__PURE__ */ BigInt(3);
 // prettier-ignore
-const _4n = BigInt(4), _5n$1 = BigInt(5), _8n$2 = BigInt(8);
-// prettier-ignore
-BigInt(9); BigInt(16);
+const _4n = /* @__PURE__ */ BigInt(4), _5n$1 = /* @__PURE__ */ BigInt(5), _8n$2 = /* @__PURE__ */ BigInt(8);
 // Calculates a modulo b
 function mod(a, b) {
     const result = a % b;
@@ -6526,13 +6608,15 @@ function mod(a, b) {
 /**
  * Efficiently raise num to power and do modular division.
  * Unsafe in some contexts: uses ladder, so can expose bigint bits.
+ * @todo use field version && remove
  * @example
  * pow(2n, 6n, 11n) // 64n % 11n == 9n
  */
-// TODO: use field version && remove
 function pow(num, power, modulo) {
-    if (modulo <= _0n$3 || power < _0n$3)
-        throw new Error('Expected power/modulo > 0');
+    if (power < _0n$3)
+        throw new Error('invalid exponent, negatives unsupported');
+    if (modulo <= _0n$3)
+        throw new Error('invalid modulus');
     if (modulo === _1n$5)
         return _0n$3;
     let res = _1n$5;
@@ -6544,7 +6628,7 @@ function pow(num, power, modulo) {
     }
     return res;
 }
-// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)
+/** Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` */
 function pow2(x, power, modulo) {
     let res = x;
     while (power-- > _0n$3) {
@@ -6553,12 +6637,15 @@ function pow2(x, power, modulo) {
     }
     return res;
 }
-// Inverses number over modulo
+/**
+ * Inverses number over modulo.
+ * Implemented using [Euclidean GCD](https://brilliant.org/wiki/extended-euclidean-algorithm/).
+ */
 function invert(number, modulo) {
-    if (number === _0n$3 || modulo <= _0n$3) {
-        throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
-    }
-    // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/
+    if (number === _0n$3)
+        throw new Error('invert: expected non-zero number');
+    if (modulo <= _0n$3)
+        throw new Error('invert: expected positive modulus, got ' + modulo);
     // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower.
     let a = mod(number, modulo);
     let b = modulo;
@@ -6598,8 +6685,11 @@ function tonelliShanks(P) {
     for (Q = P - _1n$5, S = 0; Q % _2n$3 === _0n$3; Q /= _2n$3, S++)
         ;
     // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq
-    for (Z = _2n$3; Z < P && pow(Z, legendreC, P) !== P - _1n$5; Z++)
-        ;
+    for (Z = _2n$3; Z < P && pow(Z, legendreC, P) !== P - _1n$5; Z++) {
+        // Crash instead of infinity loop, we cannot reasonable count until P.
+        if (Z > 1000)
+            throw new Error('Cannot find square root: likely non-prime P');
+    }
     // Fast-path
     if (S === 1) {
         const p1div4 = (P + _1n$5) / _4n;
@@ -6641,9 +6731,18 @@ function tonelliShanks(P) {
         return x;
     };
 }
+/**
+ * Square root for a finite field. It will try to check if optimizations are applicable and fall back to 4:
+ *
+ * 1. P ≡ 3 (mod 4)
+ * 2. P ≡ 5 (mod 8)
+ * 3. P ≡ 9 (mod 16)
+ * 4. Tonelli-Shanks algorithm
+ *
+ * Different algorithms can give different roots, it is up to user to decide which one they want.
+ * For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).
+ */
 function FpSqrt(P) {
-    // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.
-    // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).
     // P ≡ 3 (mod 4)
     // √n = n^((P+1)/4)
     if (P % _4n === _3n$1) {
@@ -6707,7 +6806,7 @@ function FpPow(f, num, power) {
     // Should have same speed as pow for bigints
     // TODO: benchmark!
     if (power < _0n$3)
-        throw new Error('Expected power > 0');
+        throw new Error('invalid exponent, negatives unsupported');
     if (power === _0n$3)
         return f.ONE;
     if (power === _1n$5)
@@ -6754,15 +6853,15 @@ function nLength(n, nBitLength) {
     return { nBitLength: _nBitLength, nByteLength };
 }
 /**
- * Initializes a finite field over prime. **Non-primes are not supported.**
- * Do not init in loop: slow. Very fragile: always run a benchmark on a change.
+ * Initializes a finite field over prime.
  * Major performance optimizations:
  * * a) denormalized operations like mulN instead of mul
  * * b) same object shape: never add or remove keys
  * * c) Object.freeze
- * NOTE: operations don't check 'isValid' for all elements for performance reasons,
+ * Fragile: always run a benchmark on a change.
+ * Security note: operations don't check 'isValid' for all elements for performance reasons,
  * it is caller responsibility to check this.
- * This is low-level code, please make sure you know what you doing.
+ * This is low-level code, please make sure you know what you're doing.
  * @param ORDER prime positive bigint
  * @param bitLen how many bits the field consumes
  * @param isLE (def: false) if encoding / decoding should be in little-endian
@@ -6770,13 +6869,14 @@ function nLength(n, nBitLength) {
  */
 function Field(ORDER, bitLen, isLE = false, redef = {}) {
     if (ORDER <= _0n$3)
-        throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);
+        throw new Error('invalid field: expected ORDER > 0, got ' + ORDER);
     const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);
     if (BYTES > 2048)
-        throw new Error('Field lengths over 2048 bytes are not supported');
-    const sqrtP = FpSqrt(ORDER);
+        throw new Error('invalid field: expected ORDER of <= 2048 bytes');
+    let sqrtP; // cached sqrtP
     const f = Object.freeze({
         ORDER,
+        isLE,
         BITS,
         BYTES,
         MASK: bitMask(BITS),
@@ -6785,7 +6885,7 @@ function Field(ORDER, bitLen, isLE = false, redef = {}) {
         create: (num) => mod(num, ORDER),
         isValid: (num) => {
             if (typeof num !== 'bigint')
-                throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
+                throw new Error('invalid field element: expected bigint, got ' + typeof num);
             return _0n$3 <= num && num < ORDER; // 0 is valid element, but it's not invertible
         },
         is0: (num) => num === _0n$3,
@@ -6804,7 +6904,12 @@ function Field(ORDER, bitLen, isLE = false, redef = {}) {
         subN: (lhs, rhs) => lhs - rhs,
         mulN: (lhs, rhs) => lhs * rhs,
         inv: (num) => invert(num, ORDER),
-        sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
+        sqrt: redef.sqrt ||
+            ((n) => {
+                if (!sqrtP)
+                    sqrtP = FpSqrt(ORDER);
+                return sqrtP(f, n);
+            }),
         invertBatch: (lst) => FpInvertBatch(f, lst),
         // TODO: do we really need constant cmov?
         // We don't have const-time bigints anyway, so probably will be not very useful
@@ -6812,7 +6917,7 @@ function Field(ORDER, bitLen, isLE = false, redef = {}) {
         toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),
         fromBytes: (bytes) => {
             if (bytes.length !== BYTES)
-                throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);
+                throw new Error('Field.fromBytes: expected ' + BYTES + ' bytes, got ' + bytes.length);
             return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
         },
     });
@@ -6860,52 +6965,80 @@ function mapHashToField(key, fieldOrder, isLE = false) {
     const minLen = getMinHashLength(fieldOrder);
     // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.
     if (len < 16 || len < minLen || len > 1024)
-        throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);
-    const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);
+        throw new Error('expected ' + minLen + '-1024 bytes of input, got ' + len);
+    const num = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);
     // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0
     const reduced = mod(num, fieldOrder - _1n$5) + _1n$5;
     return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
 }
 
+/**
+ * Methods for elliptic curve multiplication by scalars.
+ * Contains wNAF, pippenger
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// Abelian group utilities
 const _0n$2 = BigInt(0);
 const _1n$4 = BigInt(1);
+function constTimeNegate(condition, item) {
+    const neg = item.negate();
+    return condition ? neg : item;
+}
+function validateW(W, bits) {
+    if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
+        throw new Error('invalid window size, expected [1..' + bits + '], got W=' + W);
+}
+function calcWOpts(W, bits) {
+    validateW(W, bits);
+    const windows = Math.ceil(bits / W) + 1; // +1, because
+    const windowSize = 2 ** (W - 1); // -1 because we skip zero
+    return { windows, windowSize };
+}
+function validateMSMPoints(points, c) {
+    if (!Array.isArray(points))
+        throw new Error('array expected');
+    points.forEach((p, i) => {
+        if (!(p instanceof c))
+            throw new Error('invalid point at index ' + i);
+    });
+}
+function validateMSMScalars(scalars, field) {
+    if (!Array.isArray(scalars))
+        throw new Error('array of scalars expected');
+    scalars.forEach((s, i) => {
+        if (!field.isValid(s))
+            throw new Error('invalid scalar at index ' + i);
+    });
+}
 // Since points in different groups cannot be equal (different object constructor),
 // we can have single place to store precomputes
 const pointPrecomputes = new WeakMap();
 const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)
-// Elliptic curve multiplication of Point by scalar. Fragile.
-// Scalars should always be less than curve order: this should be checked inside of a curve itself.
-// Creates precomputation tables for fast multiplication:
-// - private scalar is split by fixed size windows of W bits
-// - every window point is collected from window's table & added to accumulator
-// - since windows are different, same point inside tables won't be accessed more than once per calc
-// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
-// - +1 window is neccessary for wNAF
-// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
-// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow
-// windows to be in different memory locations
+function getW(P) {
+    return pointWindowSizes.get(P) || 1;
+}
+/**
+ * Elliptic curve multiplication of Point by scalar. Fragile.
+ * Scalars should always be less than curve order: this should be checked inside of a curve itself.
+ * Creates precomputation tables for fast multiplication:
+ * - private scalar is split by fixed size windows of W bits
+ * - every window point is collected from window's table & added to accumulator
+ * - since windows are different, same point inside tables won't be accessed more than once per calc
+ * - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
+ * - +1 window is neccessary for wNAF
+ * - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
+ *
+ * @todo Research returning 2d JS array of windows, instead of a single window.
+ * This would allow windows to be in different memory locations
+ */
 function wNAF(c, bits) {
-    const constTimeNegate = (condition, item) => {
-        const neg = item.negate();
-        return condition ? neg : item;
-    };
-    const validateW = (W) => {
-        if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
-            throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);
-    };
-    const opts = (W) => {
-        validateW(W);
-        const windows = Math.ceil(bits / W) + 1; // +1, because
-        const windowSize = 2 ** (W - 1); // -1 because we skip zero
-        return { windows, windowSize };
-    };
     return {
         constTimeNegate,
+        hasPrecomputes(elm) {
+            return getW(elm) !== 1;
+        },
         // non-const time multiplication ladder
-        unsafeLadder(elm, n) {
-            let p = c.ZERO;
+        unsafeLadder(elm, n, p = c.ZERO) {
             let d = elm;
             while (n > _0n$2) {
                 if (n & _1n$4)
@@ -6923,10 +7056,12 @@ function wNAF(c, bits) {
          * - 𝑊 is the window size
          * - 𝑛 is the bitlength of the curve order.
          * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
+         * @param elm Point instance
+         * @param W window size
          * @returns precomputed point tables flattened to a single array
          */
         precomputeWindow(elm, W) {
-            const { windows, windowSize } = opts(W);
+            const { windows, windowSize } = calcWOpts(W, bits);
             const points = [];
             let p = elm;
             let base = p;
@@ -6952,7 +7087,7 @@ function wNAF(c, bits) {
         wNAF(W, precomputes, n) {
             // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise
             // But need to carefully remove other checks before wNAF. ORDER == bits here
-            const { windows, windowSize } = opts(W);
+            const { windows, windowSize } = calcWOpts(W, bits);
             let p = c.ZERO;
             let f = c.BASE;
             const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.
@@ -6996,8 +7131,44 @@ function wNAF(c, bits) {
             // which makes it less const-time: around 1 bigint multiply.
             return { p, f };
         },
-        wNAFCached(P, n, transform) {
-            const W = pointWindowSizes.get(P) || 1;
+        /**
+         * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
+         * @param W window size
+         * @param precomputes precomputed tables
+         * @param n scalar (we don't check here, but should be less than curve order)
+         * @param acc accumulator point to add result of multiplication
+         * @returns point
+         */
+        wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
+            const { windows, windowSize } = calcWOpts(W, bits);
+            const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.
+            const maxNumber = 2 ** W;
+            const shiftBy = BigInt(W);
+            for (let window = 0; window < windows; window++) {
+                const offset = window * windowSize;
+                if (n === _0n$2)
+                    break; // No need to go over empty scalar
+                // Extract W bits.
+                let wbits = Number(n & mask);
+                // Shift number by W bits.
+                n >>= shiftBy;
+                // If the bits are bigger than max size, we'll split those.
+                // +224 => 256 - 32
+                if (wbits > windowSize) {
+                    wbits -= maxNumber;
+                    n += _1n$4;
+                }
+                if (wbits === 0)
+                    continue;
+                let curr = precomputes[offset + Math.abs(wbits) - 1]; // -1 because we skip zero
+                if (wbits < 0)
+                    curr = curr.negate();
+                // NOTE: by re-using acc, we can save a lot of additions in case of MSM
+                acc = acc.add(curr);
+            }
+            return acc;
+        },
+        getPrecomputes(W, P, transform) {
             // Calculate precomputes on a first run, reuse them after
             let comp = pointPrecomputes.get(P);
             if (!comp) {
@@ -7005,18 +7176,76 @@ function wNAF(c, bits) {
                 if (W !== 1)
                     pointPrecomputes.set(P, transform(comp));
             }
-            return this.wNAF(W, comp, n);
+            return comp;
+        },
+        wNAFCached(P, n, transform) {
+            const W = getW(P);
+            return this.wNAF(W, this.getPrecomputes(W, P, transform), n);
+        },
+        wNAFCachedUnsafe(P, n, transform, prev) {
+            const W = getW(P);
+            if (W === 1)
+                return this.unsafeLadder(P, n, prev); // For W=1 ladder is ~x2 faster
+            return this.wNAFUnsafe(W, this.getPrecomputes(W, P, transform), n, prev);
         },
         // We calculate precomputes for elliptic curve point multiplication
         // using windowed method. This specifies window size and
         // stores precomputed values. Usually only base point would be precomputed.
         setWindowSize(P, W) {
-            validateW(W);
+            validateW(W, bits);
             pointWindowSizes.set(P, W);
             pointPrecomputes.delete(P);
         },
     };
 }
+/**
+ * Pippenger algorithm for multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).
+ * 30x faster vs naive addition on L=4096, 10x faster with precomputes.
+ * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.
+ * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.
+ * @param c Curve Point constructor
+ * @param fieldN field over CURVE.N - important that it's not over CURVE.P
+ * @param points array of L curve points
+ * @param scalars array of L scalars (aka private keys / bigints)
+ */
+function pippenger(c, fieldN, points, scalars) {
+    // If we split scalars by some window (let's say 8 bits), every chunk will only
+    // take 256 buckets even if there are 4096 scalars, also re-uses double.
+    // TODO:
+    // - https://eprint.iacr.org/2024/750.pdf
+    // - https://tches.iacr.org/index.php/TCHES/article/view/10287
+    // 0 is accepted in scalars
+    validateMSMPoints(points, c);
+    validateMSMScalars(scalars, fieldN);
+    if (points.length !== scalars.length)
+        throw new Error('arrays of points and scalars must have equal length');
+    const zero = c.ZERO;
+    const wbits = bitLen(BigInt(points.length));
+    const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits
+    const MASK = (1 << windowSize) - 1;
+    const buckets = new Array(MASK + 1).fill(zero); // +1 for zero array
+    const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) * windowSize;
+    let sum = zero;
+    for (let i = lastBits; i >= 0; i -= windowSize) {
+        buckets.fill(zero);
+        for (let j = 0; j < scalars.length; j++) {
+            const scalar = scalars[j];
+            const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));
+            buckets[wbits] = buckets[wbits].add(points[j]);
+        }
+        let resI = zero; // not using this will do small speed-up, but will lose ct
+        // Skip first bucket, because it is zero
+        for (let j = buckets.length - 1, sumI = zero; j > 0; j--) {
+            sumI = sumI.add(buckets[j]);
+            resI = resI.add(sumI);
+        }
+        sum = sum.add(resI);
+        if (i !== 0)
+            for (let j = 0; j < windowSize; j++)
+                sum = sum.double();
+    }
+    return sum;
+}
 function validateBasic(curve) {
     validateField(curve.Fp);
     validateObject(curve, {
@@ -7036,8 +7265,12 @@ function validateBasic(curve) {
     });
 }
 
+/**
+ * Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y².
+ * For design rationale of types / exports, see weierstrass module documentation.
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²
 // Be friendly to bad ECMAScript parsers by not using bigint literals
 // prettier-ignore
 const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n$1 = BigInt(8);
@@ -7069,8 +7302,13 @@ function validateOpts$1(curve) {
 function twistedEdwards(curveDef) {
     const CURVE = validateOpts$1(curveDef);
     const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;
+    // Important:
+    // There are some places where Fp.BYTES is used instead of nByteLength.
+    // So far, everything has been tested with curves of Fp.BYTES == nByteLength.
+    // TODO: test and find curves which behave otherwise.
     const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3);
     const modP = Fp.create; // Function overrides
+    const Fn = Field(CURVE.n, CURVE.nBitLength);
     // sqrt(u/v)
     const uvRatio = CURVE.uvRatio ||
         ((u, v) => {
@@ -7169,6 +7407,10 @@ function twistedEdwards(curveDef) {
             const toInv = Fp.invertBatch(points.map((p) => p.ez));
             return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);
         }
+        // Multiscalar Multiplication
+        static msm(points, scalars) {
+            return pippenger(Point, Fn, points, scalars);
+        }
         // "Private method", don't use it directly
         _setWindowSize(windowSize) {
             wnaf.setWindowSize(this, windowSize);
@@ -7277,16 +7519,15 @@ function twistedEdwards(curveDef) {
         // It's faster, but should only be used when you don't care about
         // an exposed private key e.g. sig verification.
         // Does NOT allow scalars higher than CURVE.n.
-        multiplyUnsafe(scalar) {
+        // Accepts optional accumulator to merge with multiply (important for sparse scalars)
+        multiplyUnsafe(scalar, acc = Point.ZERO) {
             const n = scalar;
             aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L
             if (n === _0n$1)
                 return I;
-            if (this.equals(I) || n === _1n$3)
+            if (this.is0() || n === _1n$3)
                 return this;
-            if (this.equals(G))
-                return this.wNAF(n).p;
-            return wnaf.unsafeLadder(this, n);
+            return wnaf.wNAFCachedUnsafe(this, n, Point.normalizeZ, acc);
         }
         // Checks if point is of small order.
         // If you add something to small order point, you will have "dirty"
@@ -7320,8 +7561,9 @@ function twistedEdwards(curveDef) {
             abool('zip215', zip215);
             const normed = hex.slice(); // copy again, we'll manipulate it
             const lastByte = hex[len - 1]; // select last byte
-            normed[len - 1] = lastByte & ~0x80; // clear last bit
+            normed[len - 1] = lastByte & -129; // clear last bit
             const y = bytesToNumberLE(normed);
+            // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.
             // RFC8032 prohibits >= p, but ZIP215 doesn't
             // zip215=true:  0 <= y < MASK (2^256 for ed25519)
             // zip215=false: 0 <= y < P (2^255-19 for ed25519)
@@ -7370,7 +7612,7 @@ function twistedEdwards(curveDef) {
     }
     /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */
     function getExtendedPublicKey(key) {
-        const len = nByteLength;
+        const len = Fp.BYTES;
         key = ensureBytes('private key', key, len);
         // Hash private key with curve's hash function to produce uniformingly random input
         // Check byte lengths: ensure(64, h(ensure(32, key)))
@@ -7403,23 +7645,29 @@ function twistedEdwards(curveDef) {
         const s = modN(r + k * scalar); // S = (r + k * s) mod L
         aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l
         const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES));
-        return ensureBytes('result', res, nByteLength * 2); // 64-byte signature
+        return ensureBytes('result', res, Fp.BYTES * 2); // 64-byte signature
     }
     const verifyOpts = VERIFY_DEFAULT;
+    /**
+     * Verifies EdDSA signature against message and public key. RFC8032 5.1.7.
+     * An extended group equation is checked.
+     */
     function verify(sig, msg, publicKey, options = verifyOpts) {
         const { context, zip215 } = options;
         const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.
         sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.
         msg = ensureBytes('message', msg);
+        publicKey = ensureBytes('publicKey', publicKey, len);
         if (zip215 !== undefined)
             abool('zip215', zip215);
         if (prehash)
             msg = prehash(msg); // for ed25519ph, etc
         const s = bytesToNumberLE(sig.slice(len, 2 * len));
-        // zip215: true is good for consensus-critical apps and allows points < 2^256
-        // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p
         let A, R, SB;
         try {
+            // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.
+            // zip215=true:  0 <= y < MASK (2^256 for ed25519)
+            // zip215=false: 0 <= y < P (2^255-19 for ed25519)
             A = Point.fromHex(publicKey, zip215);
             R = Point.fromHex(sig.slice(0, len), zip215);
             SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside
@@ -7431,6 +7679,7 @@ function twistedEdwards(curveDef) {
             return false;
         const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);
         const RkA = R.add(A.multiplyUnsafe(k));
+        // Extended group equation
         // [8][S]B = [8]R + [8][k]A'
         return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);
     }
@@ -7461,13 +7710,14 @@ function twistedEdwards(curveDef) {
     };
 }
 
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 /**
  * ed25519 Twisted Edwards curve with following addons:
  * - X25519 ECDH
  * - Ristretto cofactor elimination
  * - Elligator hash-to-group / point indistinguishability
+ * @module
  */
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const ED25519_P = BigInt('57896044618658097711785492504343953926634992332820282019728792003956564819949');
 // √(-1) aka √(a) aka 2^((p-1)/4)
 const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752');
@@ -7526,7 +7776,7 @@ function uvRatio(u, v) {
         x = mod(-x, P);
     return { isValid: useRoot1 || useRoot2, value: x };
 }
-const Fp$1 = /* @__PURE__ */ (() => Field(ED25519_P, undefined, true))();
+const Fp = /* @__PURE__ */ (() => Field(ED25519_P, undefined, true))();
 const ed25519Defaults = /* @__PURE__ */ (() => ({
     // Param: a
     a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster
@@ -7534,7 +7784,7 @@ const ed25519Defaults = /* @__PURE__ */ (() => ({
     // Negative number is P - number, and division is invert(number, P)
     d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'),
     // Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n
-    Fp: Fp$1,
+    Fp,
     // Subgroup order: how many points curve has
     // 2n**252n + 27742317777372353535851937790883648493n;
     n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'),
@@ -7544,7 +7794,7 @@ const ed25519Defaults = /* @__PURE__ */ (() => ({
     Gx: BigInt('15112221349535400772501151409588531511454012693041857206046113283949847762202'),
     Gy: BigInt('46316835694926478169428394003475163141307993866256225615783033603165251855960'),
     hash: sha512,
-    randomBytes: randomBytes$1,
+    randomBytes,
     adjustScalarBytes,
     // dom2
     // Ratio of u to v. Allows us to combine inversion and square root. Uses algo from RFC8032 5.1.3.
@@ -7553,180 +7803,58 @@ const ed25519Defaults = /* @__PURE__ */ (() => ({
 }))();
 /**
  * ed25519 curve with EdDSA signatures.
+ * @example
+ * import { ed25519 } from '@noble/curves/ed25519';
+ * const priv = ed25519.utils.randomPrivateKey();
+ * const pub = ed25519.getPublicKey(priv);
+ * const msg = new TextEncoder().encode('hello');
+ * const sig = ed25519.sign(msg, priv);
+ * ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215
+ * ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5
  */
 const ed25519 = /* @__PURE__ */ (() => twistedEdwards(ed25519Defaults))();
 
 const PUBLIC_KEY_BYTE_LENGTH = 32;
-const PRIVATE_KEY_BYTE_LENGTH = 64; // private key is actually 32 bytes but for historical reasons we concat private and public keys
-const KEYS_BYTE_LENGTH = 32;
-function generateKey$2() {
-    // the actual private key (32 bytes)
-    const privateKeyRaw = ed25519.utils.randomPrivateKey();
-    const publicKey = ed25519.getPublicKey(privateKeyRaw);
-    // concatenated the public key to the private key
-    const privateKey = concatKeys(privateKeyRaw, publicKey);
-    return {
-        privateKey,
-        publicKey
-    };
-}
-/**
- * Generate keypair from a 32 byte uint8array
- */
-function generateKeyFromSeed(seed) {
-    if (seed.length !== KEYS_BYTE_LENGTH) {
-        throw new TypeError('"seed" must be 32 bytes in length.');
-    }
-    else if (!(seed instanceof Uint8Array)) {
-        throw new TypeError('"seed" must be a node.js Buffer, or Uint8Array.');
-    }
-    // based on node forges algorithm, the seed is used directly as private key
-    const privateKeyRaw = seed;
-    const publicKey = ed25519.getPublicKey(privateKeyRaw);
-    const privateKey = concatKeys(privateKeyRaw, publicKey);
-    return {
-        privateKey,
-        publicKey
-    };
-}
-function hashAndSign$2(privateKey, msg) {
-    const privateKeyRaw = privateKey.subarray(0, KEYS_BYTE_LENGTH);
-    return ed25519.sign(msg instanceof Uint8Array ? msg : msg.subarray(), privateKeyRaw);
-}
 function hashAndVerify$2(publicKey, sig, msg) {
     return ed25519.verify(sig, msg instanceof Uint8Array ? msg : msg.subarray(), publicKey);
 }
-function concatKeys(privateKeyRaw, publicKey) {
-    const privateKey = new Uint8Array(PRIVATE_KEY_BYTE_LENGTH);
-    for (let i = 0; i < KEYS_BYTE_LENGTH; i++) {
-        privateKey[i] = privateKeyRaw[i];
-        privateKey[KEYS_BYTE_LENGTH + i] = publicKey[i];
-    }
-    return privateKey;
-}
 
-/* eslint-env browser */
-// Check native crypto exists and is enabled (In insecure context `self.crypto`
-// exists but `self.crypto.subtle` does not).
-var webcrypto = {
-    get(win = globalThis) {
-        const nativeCrypto = win.crypto;
-        if (nativeCrypto?.subtle == null) {
-            throw Object.assign(new Error('Missing Web Crypto API. ' +
-                'The most likely cause of this error is that this page is being accessed ' +
-                'from an insecure context (i.e. not HTTPS). For more information and ' +
-                'possible resolutions see ' +
-                'https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/README.md#web-crypto-api'), { code: 'ERR_MISSING_WEB_CRYPTO' });
-        }
-        return nativeCrypto;
+class Ed25519PublicKey {
+    type = 'Ed25519';
+    raw;
+    constructor(key) {
+        this.raw = ensureEd25519Key(key, PUBLIC_KEY_BYTE_LENGTH);
     }
-};
-
-// WebKit on Linux does not support deriving a key from an empty PBKDF2 key.
-// So, as a workaround, we provide the generated key as a constant. We test that
-// this generated key is accurate in test/workaround.spec.ts
-// Generated via:
-// await crypto.subtle.exportKey('jwk',
-//   await crypto.subtle.deriveKey(
-//     { name: 'PBKDF2', salt: new Uint8Array(16), iterations: 32767, hash: { name: 'SHA-256' } },
-//     await crypto.subtle.importKey('raw', new Uint8Array(0), { name: 'PBKDF2' }, false, ['deriveKey']),
-//     { name: 'AES-GCM', length: 128 }, true, ['encrypt', 'decrypt'])
-// )
-const derivedEmptyPasswordKey = { alg: 'A128GCM', ext: true, k: 'scm9jmO_4BJAgdwWGVulLg', key_ops: ['encrypt', 'decrypt'], kty: 'oct' };
-// Based off of code from https://github.com/luke-park/SecureCompatibleEncryptionExamples
-function create(opts) {
-    const algorithm = 'AES-GCM';
-    let keyLength = 16;
-    const nonceLength = 12;
-    const digest = 'SHA-256';
-    const saltLength = 16;
-    const iterations = 32767;
-    const crypto = webcrypto.get();
-    keyLength *= 8; // Browser crypto uses bits instead of bytes
-    /**
-     * Uses the provided password to derive a pbkdf2 key. The key
-     * will then be used to encrypt the data.
-     */
-    async function encrypt(data, password) {
-        const salt = crypto.getRandomValues(new Uint8Array(saltLength));
-        const nonce = crypto.getRandomValues(new Uint8Array(nonceLength));
-        const aesGcm = { name: algorithm, iv: nonce };
-        if (typeof password === 'string') {
-            password = fromString(password);
-        }
-        let cryptoKey;
-        if (password.length === 0) {
-            cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['encrypt']);
-            try {
-                const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
-                const runtimeDerivedEmptyPassword = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey']);
-                cryptoKey = await crypto.subtle.deriveKey(deriveParams, runtimeDerivedEmptyPassword, { name: algorithm, length: keyLength }, true, ['encrypt']);
-            }
-            catch {
-                cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['encrypt']);
-            }
-        }
-        else {
-            // Derive a key using PBKDF2.
-            const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
-            const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey']);
-            cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['encrypt']);
-        }
-        // Encrypt the string.
-        const ciphertext = await crypto.subtle.encrypt(aesGcm, cryptoKey, data);
-        return concat$1([salt, aesGcm.iv, new Uint8Array(ciphertext)]);
+    toMultihash() {
+        return identity.digest(publicKeyToProtobuf(this));
     }
-    /**
-     * Uses the provided password to derive a pbkdf2 key. The key
-     * will then be used to decrypt the data. The options used to create
-     * this decryption cipher must be the same as those used to create
-     * the encryption cipher.
-     */
-    async function decrypt(data, password) {
-        const salt = data.subarray(0, saltLength);
-        const nonce = data.subarray(saltLength, saltLength + nonceLength);
-        const ciphertext = data.subarray(saltLength + nonceLength);
-        const aesGcm = { name: algorithm, iv: nonce };
-        if (typeof password === 'string') {
-            password = fromString(password);
-        }
-        let cryptoKey;
-        if (password.length === 0) {
-            try {
-                const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
-                const runtimeDerivedEmptyPassword = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey']);
-                cryptoKey = await crypto.subtle.deriveKey(deriveParams, runtimeDerivedEmptyPassword, { name: algorithm, length: keyLength }, true, ['decrypt']);
-            }
-            catch {
-                cryptoKey = await crypto.subtle.importKey('jwk', derivedEmptyPasswordKey, { name: 'AES-GCM' }, true, ['decrypt']);
-            }
+    toCID() {
+        return CID.createV1(114, this.toMultihash());
+    }
+    toString() {
+        return base58btc.encode(this.toMultihash().bytes).substring(1);
+    }
+    equals(key) {
+        if (key == null || !(key.raw instanceof Uint8Array)) {
+            return false;
         }
-        else {
-            // Derive the key using PBKDF2.
-            const deriveParams = { name: 'PBKDF2', salt, iterations, hash: { name: digest } };
-            const rawKey = await crypto.subtle.importKey('raw', password, { name: 'PBKDF2' }, false, ['deriveKey']);
-            cryptoKey = await crypto.subtle.deriveKey(deriveParams, rawKey, { name: algorithm, length: keyLength }, true, ['decrypt']);
-        }
-        // Decrypt the string.
-        const plaintext = await crypto.subtle.decrypt(aesGcm, cryptoKey, ciphertext);
-        return new Uint8Array(plaintext);
-    }
-    const cipher = {
-        encrypt,
-        decrypt
-    };
-    return cipher;
+        return equals(this.raw, key.raw);
+    }
+    verify(data, sig) {
+        return hashAndVerify$2(this.raw, sig, data);
+    }
 }
 
-/**
- * Exports the given PrivateKey as a base64 encoded string.
- * The PrivateKey is encrypted via a password derived PBKDF2 key
- * leveraging the aes-gcm cipher algorithm.
- */
-async function exporter(privateKey, password) {
-    const cipher = create();
-    const encryptedKey = await cipher.encrypt(privateKey, password);
-    return base64.encode(encryptedKey);
+function unmarshalEd25519PublicKey(bytes) {
+    bytes = ensureEd25519Key(bytes, PUBLIC_KEY_BYTE_LENGTH);
+    return new Ed25519PublicKey(bytes);
+}
+function ensureEd25519Key(key, length) {
+    key = Uint8Array.from(key ?? []);
+    if (key.length !== length) {
+        throw new InvalidParametersError(`Key must be a Uint8Array of length ${length}, got ${key.length}`);
+    }
+    return key;
 }
 
 const f32 = new Float32Array([-0]);
@@ -8959,13 +9087,13 @@ var KeyType;
 (function (KeyType) {
     KeyType["RSA"] = "RSA";
     KeyType["Ed25519"] = "Ed25519";
-    KeyType["Secp256k1"] = "Secp256k1";
+    KeyType["secp256k1"] = "secp256k1";
 })(KeyType || (KeyType = {}));
 var __KeyTypeValues;
 (function (__KeyTypeValues) {
     __KeyTypeValues[__KeyTypeValues["RSA"] = 0] = "RSA";
     __KeyTypeValues[__KeyTypeValues["Ed25519"] = 1] = "Ed25519";
-    __KeyTypeValues[__KeyTypeValues["Secp256k1"] = 2] = "Secp256k1";
+    __KeyTypeValues[__KeyTypeValues["secp256k1"] = 2] = "secp256k1";
 })(__KeyTypeValues || (__KeyTypeValues = {}));
 (function (KeyType) {
     KeyType.codec = () => {
@@ -8992,21 +9120,24 @@ var PublicKey;
                 if (opts.lengthDelimited !== false) {
                     w.ldelim();
                 }
-            }, (reader, length) => {
+            }, (reader, length, opts = {}) => {
                 const obj = {};
                 const end = length == null ? reader.len : reader.pos + length;
                 while (reader.pos < end) {
                     const tag = reader.uint32();
                     switch (tag >>> 3) {
-                        case 1:
+                        case 1: {
                             obj.Type = KeyType.codec().decode(reader);
                             break;
-                        case 2:
+                        }
+                        case 2: {
                             obj.Data = reader.bytes();
                             break;
-                        default:
+                        }
+                        default: {
                             reader.skipType(tag & 7);
                             break;
+                        }
                     }
                 }
                 return obj;
@@ -9017,8 +9148,8 @@ var PublicKey;
     PublicKey.encode = (obj) => {
         return encodeMessage(obj, PublicKey.codec());
     };
-    PublicKey.decode = (buf) => {
-        return decodeMessage(buf, PublicKey.codec());
+    PublicKey.decode = (buf, opts) => {
+        return decodeMessage(buf, PublicKey.codec(), opts);
     };
 })(PublicKey || (PublicKey = {}));
 var PrivateKey;
@@ -9041,21 +9172,24 @@ var PrivateKey;
                 if (opts.lengthDelimited !== false) {
                     w.ldelim();
                 }
-            }, (reader, length) => {
+            }, (reader, length, opts = {}) => {
                 const obj = {};
                 const end = length == null ? reader.len : reader.pos + length;
                 while (reader.pos < end) {
                     const tag = reader.uint32();
                     switch (tag >>> 3) {
-                        case 1:
+                        case 1: {
                             obj.Type = KeyType.codec().decode(reader);
                             break;
-                        case 2:
+                        }
+                        case 2: {
                             obj.Data = reader.bytes();
                             break;
-                        default:
+                        }
+                        default: {
                             reader.skipType(tag & 7);
                             break;
+                        }
                     }
                 }
                 return obj;
@@ -9066,286 +9200,15 @@ var PrivateKey;
     PrivateKey.encode = (obj) => {
         return encodeMessage(obj, PrivateKey.codec());
     };
-    PrivateKey.decode = (buf) => {
-        return decodeMessage(buf, PrivateKey.codec());
+    PrivateKey.decode = (buf, opts) => {
+        return decodeMessage(buf, PrivateKey.codec(), opts);
     };
 })(PrivateKey || (PrivateKey = {}));
 
-class Ed25519PublicKey {
-    _key;
-    constructor(key) {
-        this._key = ensureKey(key, PUBLIC_KEY_BYTE_LENGTH);
-    }
-    verify(data, sig) {
-        return hashAndVerify$2(this._key, sig, data);
-    }
-    marshal() {
-        return this._key;
-    }
-    get bytes() {
-        return PublicKey.encode({
-            Type: KeyType.Ed25519,
-            Data: this.marshal()
-        }).subarray();
-    }
-    equals(key) {
-        return equals(this.bytes, key.bytes);
-    }
-    hash() {
-        const p = sha256.digest(this.bytes);
-        if (isPromise$1(p)) {
-            return p.then(({ bytes }) => bytes);
-        }
-        return p.bytes;
-    }
-}
-class Ed25519PrivateKey {
-    _key;
-    _publicKey;
-    // key       - 64 byte Uint8Array containing private key
-    // publicKey - 32 byte Uint8Array containing public key
-    constructor(key, publicKey) {
-        this._key = ensureKey(key, PRIVATE_KEY_BYTE_LENGTH);
-        this._publicKey = ensureKey(publicKey, PUBLIC_KEY_BYTE_LENGTH);
-    }
-    sign(message) {
-        return hashAndSign$2(this._key, message);
-    }
-    get public() {
-        return new Ed25519PublicKey(this._publicKey);
-    }
-    marshal() {
-        return this._key;
-    }
-    get bytes() {
-        return PrivateKey.encode({
-            Type: KeyType.Ed25519,
-            Data: this.marshal()
-        }).subarray();
-    }
-    equals(key) {
-        return equals(this.bytes, key.bytes);
-    }
-    async hash() {
-        const p = sha256.digest(this.bytes);
-        let bytes;
-        if (isPromise$1(p)) {
-            ({ bytes } = await p);
-        }
-        else {
-            bytes = p.bytes;
-        }
-        return bytes;
-    }
-    /**
-     * Gets the ID of the key.
-     *
-     * The key id is the base58 encoding of the identity multihash containing its public key.
-     * The public key is a protobuf encoding containing a type and the DER encoding
-     * of the PKCS SubjectPublicKeyInfo.
-     *
-     * @returns {Promise<string>}
-     */
-    async id() {
-        const encoding = identity.digest(this.public.bytes);
-        return base58btc.encode(encoding.bytes).substring(1);
-    }
-    /**
-     * Exports the key into a password protected `format`
-     */
-    async export(password, format = 'libp2p-key') {
-        if (format === 'libp2p-key') {
-            return exporter(this.bytes, password);
-        }
-        else {
-            throw new CodeError(`export format '${format}' is not supported`, 'ERR_INVALID_EXPORT_FORMAT');
-        }
-    }
-}
-function unmarshalEd25519PrivateKey(bytes) {
-    // Try the old, redundant public key version
-    if (bytes.length > PRIVATE_KEY_BYTE_LENGTH) {
-        bytes = ensureKey(bytes, PRIVATE_KEY_BYTE_LENGTH + PUBLIC_KEY_BYTE_LENGTH);
-        const privateKeyBytes = bytes.subarray(0, PRIVATE_KEY_BYTE_LENGTH);
-        const publicKeyBytes = bytes.subarray(PRIVATE_KEY_BYTE_LENGTH, bytes.length);
-        return new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes);
-    }
-    bytes = ensureKey(bytes, PRIVATE_KEY_BYTE_LENGTH);
-    const privateKeyBytes = bytes.subarray(0, PRIVATE_KEY_BYTE_LENGTH);
-    const publicKeyBytes = bytes.subarray(PUBLIC_KEY_BYTE_LENGTH);
-    return new Ed25519PrivateKey(privateKeyBytes, publicKeyBytes);
-}
-function unmarshalEd25519PublicKey(bytes) {
-    bytes = ensureKey(bytes, PUBLIC_KEY_BYTE_LENGTH);
-    return new Ed25519PublicKey(bytes);
-}
-async function generateKeyPair$2() {
-    const { privateKey, publicKey } = generateKey$2();
-    return new Ed25519PrivateKey(privateKey, publicKey);
-}
-async function generateKeyPairFromSeed(seed) {
-    const { privateKey, publicKey } = generateKeyFromSeed(seed);
-    return new Ed25519PrivateKey(privateKey, publicKey);
-}
-function ensureKey(key, length) {
-    key = Uint8Array.from(key ?? []);
-    if (key.length !== length) {
-        throw new CodeError(`Key must be a Uint8Array of length ${length}, got ${key.length}`, 'ERR_INVALID_KEY_TYPE');
-    }
-    return key;
-}
-
-var Ed25519 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    Ed25519PrivateKey: Ed25519PrivateKey,
-    Ed25519PublicKey: Ed25519PublicKey,
-    generateKeyPair: generateKeyPair$2,
-    generateKeyPairFromSeed: generateKeyPairFromSeed,
-    unmarshalEd25519PrivateKey: unmarshalEd25519PrivateKey,
-    unmarshalEd25519PublicKey: unmarshalEd25519PublicKey
-});
-
-/**
- * Generates a Uint8Array with length `number` populated by random bytes
- */
-function randomBytes(length) {
-    if (isNaN(length) || length <= 0) {
-        throw new CodeError('random bytes length must be a Number bigger than 0', 'ERR_INVALID_LENGTH');
-    }
-    return randomBytes$1(length);
-}
-
-// HMAC (RFC 2104)
-class HMAC extends Hash {
-    constructor(hash$1, _key) {
-        super();
-        this.finished = false;
-        this.destroyed = false;
-        hash(hash$1);
-        const key = toBytes$1(_key);
-        this.iHash = hash$1.create();
-        if (typeof this.iHash.update !== 'function')
-            throw new Error('Expected instance of class which extends utils.Hash');
-        this.blockLen = this.iHash.blockLen;
-        this.outputLen = this.iHash.outputLen;
-        const blockLen = this.blockLen;
-        const pad = new Uint8Array(blockLen);
-        // blockLen can be bigger than outputLen
-        pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key);
-        for (let i = 0; i < pad.length; i++)
-            pad[i] ^= 0x36;
-        this.iHash.update(pad);
-        // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone
-        this.oHash = hash$1.create();
-        // Undo internal XOR && apply outer XOR
-        for (let i = 0; i < pad.length; i++)
-            pad[i] ^= 0x36 ^ 0x5c;
-        this.oHash.update(pad);
-        pad.fill(0);
-    }
-    update(buf) {
-        exists(this);
-        this.iHash.update(buf);
-        return this;
-    }
-    digestInto(out) {
-        exists(this);
-        bytes(out, this.outputLen);
-        this.finished = true;
-        this.iHash.digestInto(out);
-        this.oHash.update(out);
-        this.oHash.digestInto(out);
-        this.destroy();
-    }
-    digest() {
-        const out = new Uint8Array(this.oHash.outputLen);
-        this.digestInto(out);
-        return out;
-    }
-    _cloneInto(to) {
-        // Create new instance without calling constructor since key already in state and we don't know it.
-        to || (to = Object.create(Object.getPrototypeOf(this), {}));
-        const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
-        to = to;
-        to.finished = finished;
-        to.destroyed = destroyed;
-        to.blockLen = blockLen;
-        to.outputLen = outputLen;
-        to.oHash = oHash._cloneInto(to.oHash);
-        to.iHash = iHash._cloneInto(to.iHash);
-        return to;
-    }
-    destroy() {
-        this.destroyed = true;
-        this.oHash.destroy();
-        this.iHash.destroy();
-    }
-}
-/**
- * HMAC: RFC2104 message authentication code.
- * @param hash - function that would be used e.g. sha256
- * @param key - message key
- * @param message - message data
- */
-const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
-hmac.create = (hash, key) => new HMAC(hash, key);
-
-// Common prologue and epilogue for sync/async functions
-function pbkdf2Init(hash$1, _password, _salt, _opts) {
-    hash(hash$1);
-    const opts = checkOpts({ dkLen: 32, asyncTick: 10 }, _opts);
-    const { c, dkLen, asyncTick } = opts;
-    number(c);
-    number(dkLen);
-    number(asyncTick);
-    if (c < 1)
-        throw new Error('PBKDF2: iterations (c) should be >= 1');
-    const password = toBytes$1(_password);
-    const salt = toBytes$1(_salt);
-    // DK = PBKDF2(PRF, Password, Salt, c, dkLen);
-    const DK = new Uint8Array(dkLen);
-    // U1 = PRF(Password, Salt + INT_32_BE(i))
-    const PRF = hmac.create(hash$1, password);
-    const PRFSalt = PRF._cloneInto().update(salt);
-    return { c, dkLen, asyncTick, DK, PRF, PRFSalt };
-}
-function pbkdf2Output(PRF, PRFSalt, DK, prfW, u) {
-    PRF.destroy();
-    PRFSalt.destroy();
-    if (prfW)
-        prfW.destroy();
-    u.fill(0);
-    return DK;
-}
-async function pbkdf2Async(hash, password, salt, opts) {
-    const { c, dkLen, asyncTick, DK, PRF, PRFSalt } = pbkdf2Init(hash, password, salt, opts);
-    let prfW; // Working copy
-    const arr = new Uint8Array(4);
-    const view = createView(arr);
-    const u = new Uint8Array(PRF.outputLen);
-    // DK = T1 + T2 + ⋯ + Tdklen/hlen
-    for (let ti = 1, pos = 0; pos < dkLen; ti++, pos += PRF.outputLen) {
-        // Ti = F(Password, Salt, c, i)
-        const Ti = DK.subarray(pos, pos + PRF.outputLen);
-        view.setInt32(0, ti, false);
-        // F(Password, Salt, c, i) = U1 ^ U2 ^ ⋯ ^ Uc
-        // U1 = PRF(Password, Salt + INT_32_BE(i))
-        (prfW = PRFSalt._cloneInto(prfW)).update(arr).digestInto(u);
-        Ti.set(u.subarray(0, Ti.length));
-        await asyncLoop(c - 1, asyncTick, () => {
-            // Uc = PRF(Password, Uc−1)
-            PRF._cloneInto(prfW).update(u).digestInto(u);
-            for (let i = 0; i < Ti.length; i++)
-                Ti[i] ^= u[i];
-        });
-    }
-    return pbkdf2Output(PRF, PRFSalt, DK, prfW, u);
-}
-
 /*!
  * MIT License
  * 
- * Copyright (c) 2017-2022 Peculiar Ventures, LLC
+ * Copyright (c) 2017-2024 Peculiar Ventures, LLC
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -9457,7 +9320,7 @@ class BufferSourceConverter {
 }
 
 const STRING_TYPE = "string";
-const HEX_REGEX = /^[0-9a-f]+$/i;
+const HEX_REGEX = /^[0-9a-f\s]+$/i;
 const BASE64_REGEX = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
 const BASE64URL_REGEX = /^[a-zA-Z0-9-_]+$/;
 class Utf8Converter {
@@ -9691,7 +9554,7 @@ class Convert {
         return base64;
     }
     static formatString(data) {
-        return (data === null || data === void 0 ? void 0 : data.replace(/[\n\r\t ]/g, "")) || "";
+        return (data === null || data === undefined ? undefined : data.replace(/[\n\r\t ]/g, "")) || "";
     }
 }
 Convert.DEFAULT_UTF8_ENCODING = "utf8";
@@ -9947,7 +9810,7 @@ function HexBlock(BaseClass) {
                 var _a;
                 super(...args);
                 const params = args[0] || {};
-                this.isHexOnly = (_a = params.isHexOnly) !== null && _a !== void 0 ? _a : false;
+                this.isHexOnly = (_a = params.isHexOnly) !== null && _a !== undefined ? _a : false;
                 this.valueHexView = params.valueHex ? BufferSourceConverter_1.toUint8Array(params.valueHex) : EMPTY_VIEW;
             }
             get valueHex() {
@@ -10037,11 +9900,11 @@ class LocalIdentificationBlock extends HexBlock(LocalBaseBlock) {
         var _a, _b, _c, _d;
         super();
         if (idBlock) {
-            this.isHexOnly = (_a = idBlock.isHexOnly) !== null && _a !== void 0 ? _a : false;
+            this.isHexOnly = (_a = idBlock.isHexOnly) !== null && _a !== undefined ? _a : false;
             this.valueHexView = idBlock.valueHex ? BufferSourceConverter_1.toUint8Array(idBlock.valueHex) : EMPTY_VIEW;
-            this.tagClass = (_b = idBlock.tagClass) !== null && _b !== void 0 ? _b : -1;
-            this.tagNumber = (_c = idBlock.tagNumber) !== null && _c !== void 0 ? _c : -1;
-            this.isConstructed = (_d = idBlock.isConstructed) !== null && _d !== void 0 ? _d : false;
+            this.tagClass = (_b = idBlock.tagClass) !== null && _b !== undefined ? _b : -1;
+            this.tagNumber = (_c = idBlock.tagNumber) !== null && _c !== undefined ? _c : -1;
+            this.isConstructed = (_d = idBlock.isConstructed) !== null && _d !== undefined ? _d : false;
         }
         else {
             this.tagClass = -1;
@@ -10208,9 +10071,9 @@ class LocalLengthBlock extends LocalBaseBlock {
     constructor({ lenBlock = {}, } = {}) {
         var _a, _b, _c;
         super();
-        this.isIndefiniteForm = (_a = lenBlock.isIndefiniteForm) !== null && _a !== void 0 ? _a : false;
-        this.longFormUsed = (_b = lenBlock.longFormUsed) !== null && _b !== void 0 ? _b : false;
-        this.length = (_c = lenBlock.length) !== null && _c !== void 0 ? _c : 0;
+        this.isIndefiniteForm = (_a = lenBlock.isIndefiniteForm) !== null && _a !== undefined ? _a : false;
+        this.longFormUsed = (_b = lenBlock.longFormUsed) !== null && _b !== undefined ? _b : false;
+        this.length = (_c = lenBlock.length) !== null && _c !== undefined ? _c : 0;
     }
     fromBER(inputBuffer, inputOffset, inputLength) {
         const view = BufferSourceConverter_1.toUint8Array(inputBuffer);
@@ -10982,7 +10845,7 @@ var _a$r;
 class OctetString extends BaseBlock {
     constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
         var _b, _c;
-        (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length));
+        (_b = parameters.isConstructed) !== null && _b !== undefined ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === undefined ? undefined : _c.length));
         super({
             idBlock: {
                 isConstructed: parameters.isConstructed,
@@ -11143,7 +11006,7 @@ var _a$q;
 class BitString extends BaseBlock {
     constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
         var _b, _c;
-        (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length));
+        (_b = parameters.isConstructed) !== null && _b !== undefined ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === undefined ? undefined : _c.length));
         super({
             idBlock: {
                 isConstructed: parameters.isConstructed,
@@ -12345,7 +12208,7 @@ class GeneralizedTime extends UTCTime {
     constructor(parameters = {}) {
         var _b;
         super(parameters);
-        (_b = this.millisecond) !== null && _b !== void 0 ? _b : (this.millisecond = 0);
+        (_b = this.millisecond) !== null && _b !== undefined ? _b : (this.millisecond = 0);
         this.idBlock.tagClass = 1;
         this.idBlock.tagNumber = 24;
     }
@@ -12593,78 +12456,127 @@ _a = TIME;
 TIME.NAME = "TIME";
 
 /**
- * Convert a PKCS#1 in ASN1 DER format to a JWK key
+ * Signing a message failed
  */
-function pkcs1ToJwk(bytes) {
-    const { result } = fromBER(bytes);
-    // @ts-expect-error this looks fragile but DER is a canonical format so we are
-    // safe to have deeply property chains like this
-    const values = result.valueBlock.value;
-    const key = {
-        n: toString$6(bnToBuf(values[1].toBigInt()), 'base64url'),
-        e: toString$6(bnToBuf(values[2].toBigInt()), 'base64url'),
-        d: toString$6(bnToBuf(values[3].toBigInt()), 'base64url'),
-        p: toString$6(bnToBuf(values[4].toBigInt()), 'base64url'),
-        q: toString$6(bnToBuf(values[5].toBigInt()), 'base64url'),
-        dp: toString$6(bnToBuf(values[6].toBigInt()), 'base64url'),
-        dq: toString$6(bnToBuf(values[7].toBigInt()), 'base64url'),
-        qi: toString$6(bnToBuf(values[8].toBigInt()), 'base64url'),
-        kty: 'RSA',
-        alg: 'RS256'
-    };
-    return key;
-}
 /**
- * Convert a JWK key into PKCS#1 in ASN1 DER format
+ * Verifying a message signature failed
  */
-function jwkToPkcs1(jwk) {
-    if (jwk.n == null || jwk.e == null || jwk.d == null || jwk.p == null || jwk.q == null || jwk.dp == null || jwk.dq == null || jwk.qi == null) {
-        throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS');
+class VerificationError extends Error {
+    constructor(message = 'An error occurred while verifying a message') {
+        super(message);
+        this.name = 'VerificationError';
     }
-    const root = new Sequence({
-        value: [
-            new Integer({ value: 0 }),
-            Integer.fromBigInt(bufToBn(fromString(jwk.n, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.e, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.d, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.p, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.q, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.dp, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.dq, 'base64url'))),
-            Integer.fromBigInt(bufToBn(fromString(jwk.qi, 'base64url')))
-        ]
-    });
-    const der = root.toBER();
-    return new Uint8Array(der, 0, der.byteLength);
 }
 /**
- * Convert a PKCIX in ASN1 DER format to a JWK key
+ * WebCrypto was not available in the current context
  */
-function pkixToJwk(bytes) {
-    const { result } = fromBER(bytes);
-    // @ts-expect-error this looks fragile but DER is a canonical format so we are
-    // safe to have deeply property chains like this
-    const values = result.valueBlock.value[1].valueBlock.value[0].valueBlock.value;
-    return {
-        kty: 'RSA',
-        n: toString$6(bnToBuf(values[0].toBigInt()), 'base64url'),
-        e: toString$6(bnToBuf(values[1].toBigInt()), 'base64url')
-    };
+class WebCryptoMissingError extends Error {
+    constructor(message = 'Missing Web Crypto API') {
+        super(message);
+        this.name = 'WebCryptoMissingError';
+    }
 }
-/**
- * Convert a JWK key to PKCIX in ASN1 DER format
- */
-function jwkToPkix(jwk) {
-    if (jwk.n == null || jwk.e == null) {
-        throw new CodeError('JWK was missing components', 'ERR_INVALID_PARAMETERS');
+
+/* eslint-env browser */
+// Check native crypto exists and is enabled (In insecure context `self.crypto`
+// exists but `self.crypto.subtle` does not).
+var webcrypto = {
+    get(win = globalThis) {
+        const nativeCrypto = win.crypto;
+        if (nativeCrypto?.subtle == null) {
+            throw new WebCryptoMissingError('Missing Web Crypto API. ' +
+                'The most likely cause of this error is that this page is being accessed ' +
+                'from an insecure context (i.e. not HTTPS). For more information and ' +
+                'possible resolutions see ' +
+                'https://github.com/libp2p/js-libp2p/blob/main/packages/crypto/README.md#web-crypto-api');
+        }
+        return nativeCrypto;
     }
-    const root = new Sequence({
-        value: [
-            new Sequence({
-                value: [
-                    // rsaEncryption
-                    new ObjectIdentifier({
-                        value: '1.2.840.113549.1.1.1'
+};
+
+async function hashAndVerify$1(key, sig, msg) {
+    const publicKey = await webcrypto.get().subtle.importKey('jwk', key, {
+        name: 'RSASSA-PKCS1-v1_5',
+        hash: { name: 'SHA-256' }
+    }, false, ['verify']);
+    return webcrypto.get().subtle.verify({ name: 'RSASSA-PKCS1-v1_5' }, publicKey, sig, msg instanceof Uint8Array ? msg : msg.subarray());
+}
+function rsaKeySize(jwk) {
+    if (jwk.kty !== 'RSA') {
+        throw new InvalidParametersError('invalid key type');
+    }
+    else if (jwk.n == null) {
+        throw new InvalidParametersError('invalid key modulus');
+    }
+    const bytes = fromString(jwk.n, 'base64url');
+    return bytes.length * 8;
+}
+
+class RSAPublicKey {
+    type = 'RSA';
+    _key;
+    _raw;
+    _multihash;
+    constructor(key, digest) {
+        this._key = key;
+        this._multihash = digest;
+    }
+    get raw() {
+        if (this._raw == null) {
+            this._raw = jwkToPkix(this._key);
+        }
+        return this._raw;
+    }
+    toMultihash() {
+        return this._multihash;
+    }
+    toCID() {
+        return CID.createV1(114, this._multihash);
+    }
+    toString() {
+        return base58btc.encode(this.toMultihash().bytes).substring(1);
+    }
+    equals(key) {
+        if (key == null || !(key.raw instanceof Uint8Array)) {
+            return false;
+        }
+        return equals(this.raw, key.raw);
+    }
+    verify(data, sig) {
+        return hashAndVerify$1(this._key, sig, data);
+    }
+}
+
+const MAX_RSA_KEY_SIZE = 8192;
+const SHA2_256_CODE = 0x12;
+/**
+ * Convert a PKIX in ASN1 DER format to a JWK key
+ */
+function pkixToJwk(bytes) {
+    const { result } = fromBER(bytes);
+    // @ts-expect-error this looks fragile but DER is a canonical format so we are
+    // safe to have deeply property chains like this
+    const values = result.valueBlock.value[1].valueBlock.value[0].valueBlock.value;
+    return {
+        kty: 'RSA',
+        n: asn1jsIntegerToBase64(values[0]),
+        e: asn1jsIntegerToBase64(values[1])
+    };
+}
+/**
+ * Convert a JWK key to PKIX in ASN1 DER format
+ */
+function jwkToPkix(jwk) {
+    if (jwk.n == null || jwk.e == null) {
+        throw new InvalidParametersError('JWK was missing components');
+    }
+    const root = new Sequence({
+        value: [
+            new Sequence({
+                value: [
+                    // rsaEncryption
+                    new ObjectIdentifier({
+                        value: '1.2.840.113549.1.1.1'
                     }),
                     new Null()
                 ]
@@ -12684,21 +12596,13 @@ function jwkToPkix(jwk) {
     const der = root.toBER();
     return new Uint8Array(der, 0, der.byteLength);
 }
-function bnToBuf(bn) {
-    let hex = bn.toString(16);
-    if (hex.length % 2 > 0) {
-        hex = `0${hex}`;
-    }
-    const len = hex.length / 2;
-    const u8 = new Uint8Array(len);
-    let i = 0;
-    let j = 0;
-    while (i < len) {
-        u8[i] = parseInt(hex.slice(j, j + 2), 16);
-        i += 1;
-        j += 2;
+function asn1jsIntegerToBase64(int) {
+    let buf = int.valueBlock.valueHexView;
+    // chrome rejects values with leading 0s
+    while (buf[0] === 0) {
+        buf = buf.subarray(1);
     }
-    return u8;
+    return toString$6(buf, 'base64url');
 }
 function bufToBn(u8) {
     const hex = [];
@@ -12711,331 +12615,131 @@ function bufToBn(u8) {
     });
     return BigInt('0x' + hex.join(''));
 }
-const SALT_LENGTH = 16;
-const KEY_SIZE = 32;
-const ITERATIONS = 10000;
-async function exportToPem(privateKey, password) {
-    const crypto = webcrypto.get();
-    // PrivateKeyInfo
-    const keyWrapper = new Sequence({
-        value: [
-            // version (0)
-            new Integer({ value: 0 }),
-            // privateKeyAlgorithm
-            new Sequence({
-                value: [
-                    // rsaEncryption OID
-                    new ObjectIdentifier({
-                        value: '1.2.840.113549.1.1.1'
-                    }),
-                    new Null()
-                ]
-            }),
-            // PrivateKey
-            new OctetString({
-                valueHex: privateKey.marshal()
-            })
-        ]
-    });
-    const keyBuf = keyWrapper.toBER();
-    const keyArr = new Uint8Array(keyBuf, 0, keyBuf.byteLength);
-    const salt = randomBytes(SALT_LENGTH);
-    const encryptionKey = await pbkdf2Async(sha512, password, salt, {
-        c: ITERATIONS,
-        dkLen: KEY_SIZE
-    });
-    const iv = randomBytes(16);
-    const cryptoKey = await crypto.subtle.importKey('raw', encryptionKey, 'AES-CBC', false, ['encrypt']);
-    const encrypted = await crypto.subtle.encrypt({
-        name: 'AES-CBC',
-        iv
-    }, cryptoKey, keyArr);
-    const pbkdf2Params = new Sequence({
-        value: [
-            // salt
-            new OctetString({ valueHex: salt }),
-            // iteration count
-            new Integer({ value: ITERATIONS }),
-            // key length
-            new Integer({ value: KEY_SIZE }),
-            // AlgorithmIdentifier
-            new Sequence({
-                value: [
-                    // hmacWithSHA512
-                    new ObjectIdentifier({ value: '1.2.840.113549.2.11' }),
-                    new Null()
-                ]
-            })
-        ]
-    });
-    const encryptionAlgorithm = new Sequence({
-        value: [
-            // pkcs5PBES2
-            new ObjectIdentifier({
-                value: '1.2.840.113549.1.5.13'
-            }),
-            new Sequence({
-                value: [
-                    // keyDerivationFunc
-                    new Sequence({
-                        value: [
-                            // pkcs5PBKDF2
-                            new ObjectIdentifier({
-                                value: '1.2.840.113549.1.5.12'
-                            }),
-                            // PBKDF2-params
-                            pbkdf2Params
-                        ]
-                    }),
-                    // encryptionScheme
-                    new Sequence({
-                        value: [
-                            // aes256-CBC
-                            new ObjectIdentifier({
-                                value: '2.16.840.1.101.3.4.1.42'
-                            }),
-                            // iv
-                            new OctetString({
-                                valueHex: iv
-                            })
-                        ]
-                    })
-                ]
-            })
-        ]
-    });
-    const finalWrapper = new Sequence({
-        value: [
-            encryptionAlgorithm,
-            new OctetString({ valueHex: encrypted })
-        ]
-    });
-    const finalWrapperBuf = finalWrapper.toBER();
-    const finalWrapperArr = new Uint8Array(finalWrapperBuf, 0, finalWrapperBuf.byteLength);
-    return [
-        '-----BEGIN ENCRYPTED PRIVATE KEY-----',
-        ...toString$6(finalWrapperArr, 'base64pad').split(/(.{64})/).filter(Boolean),
-        '-----END ENCRYPTED PRIVATE KEY-----'
-    ].join('\n');
-}
-
-async function generateKey$1(bits) {
-    const pair = await webcrypto.get().subtle.generateKey({
-        name: 'RSASSA-PKCS1-v1_5',
-        modulusLength: bits,
-        publicExponent: new Uint8Array([0x01, 0x00, 0x01]),
-        hash: { name: 'SHA-256' }
-    }, true, ['sign', 'verify']);
-    const keys = await exportKey(pair);
-    return {
-        privateKey: keys[0],
-        publicKey: keys[1]
-    };
-}
-// Takes a jwk key
-async function unmarshalPrivateKey$1(key) {
-    const privateKey = await webcrypto.get().subtle.importKey('jwk', key, {
-        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
-    }, true, ['sign']);
-    const pair = [
-        privateKey,
-        await derivePublicFromPrivate(key)
-    ];
-    const keys = await exportKey({
-        privateKey: pair[0],
-        publicKey: pair[1]
-    });
-    return {
-        privateKey: keys[0],
-        publicKey: keys[1]
-    };
-}
-async function hashAndSign$1(key, msg) {
-    const privateKey = await webcrypto.get().subtle.importKey('jwk', key, {
-        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
-    }, false, ['sign']);
-    const sig = await webcrypto.get().subtle.sign({ name: 'RSASSA-PKCS1-v1_5' }, privateKey, msg instanceof Uint8Array ? msg : msg.subarray());
-    return new Uint8Array(sig, 0, sig.byteLength);
-}
-async function hashAndVerify$1(key, sig, msg) {
-    const publicKey = await webcrypto.get().subtle.importKey('jwk', key, {
-        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
-    }, false, ['verify']);
-    return webcrypto.get().subtle.verify({ name: 'RSASSA-PKCS1-v1_5' }, publicKey, sig, msg instanceof Uint8Array ? msg : msg.subarray());
-}
-async function exportKey(pair) {
-    if (pair.privateKey == null || pair.publicKey == null) {
-        throw new CodeError('Private and public key are required', 'ERR_INVALID_PARAMETERS');
-    }
-    return Promise.all([
-        webcrypto.get().subtle.exportKey('jwk', pair.privateKey),
-        webcrypto.get().subtle.exportKey('jwk', pair.publicKey)
-    ]);
-}
-async function derivePublicFromPrivate(jwKey) {
-    return webcrypto.get().subtle.importKey('jwk', {
-        kty: jwKey.kty,
-        n: jwKey.n,
-        e: jwKey.e
-    }, {
-        name: 'RSASSA-PKCS1-v1_5',
-        hash: { name: 'SHA-256' }
-    }, true, ['verify']);
-}
-function keySize(jwk) {
-    if (jwk.kty !== 'RSA') {
-        throw new CodeError('invalid key type', 'ERR_INVALID_KEY_TYPE');
-    }
-    else if (jwk.n == null) {
-        throw new CodeError('invalid key modulus', 'ERR_INVALID_KEY_MODULUS');
+/**
+ * Turn PKIX bytes to a PublicKey
+ */
+function pkixToRSAPublicKey(bytes) {
+    const jwk = pkixToJwk(bytes);
+    if (rsaKeySize(jwk) > MAX_RSA_KEY_SIZE) {
+        throw new InvalidPublicKeyError('Key size is too large');
     }
-    const bytes = fromString(jwk.n, 'base64url');
-    return bytes.length * 8;
+    const hash = sha256$1(PublicKey.encode({
+        Type: KeyType.RSA,
+        Data: bytes
+    }));
+    const digest = create(SHA2_256_CODE, hash);
+    return new RSAPublicKey(jwk, digest);
 }
 
-const MAX_RSA_KEY_SIZE = 8192;
-class RsaPublicKey {
-    _key;
-    constructor(key) {
-        this._key = key;
-    }
-    verify(data, sig) {
-        return hashAndVerify$1(this._key, sig, data);
-    }
-    marshal() {
-        return jwkToPkix(this._key);
-    }
-    get bytes() {
-        return PublicKey.encode({
-            Type: KeyType.RSA,
-            Data: this.marshal()
-        }).subarray();
-    }
-    equals(key) {
-        return equals(this.bytes, key.bytes);
-    }
-    hash() {
-        const p = sha256.digest(this.bytes);
-        if (isPromise$1(p)) {
-            return p.then(({ bytes }) => bytes);
-        }
-        return p.bytes;
-    }
-}
-class RsaPrivateKey {
-    _key;
-    _publicKey;
-    constructor(key, publicKey) {
-        this._key = key;
-        this._publicKey = publicKey;
-    }
-    genSecret() {
-        return randomBytes(16);
-    }
-    sign(message) {
-        return hashAndSign$1(this._key, message);
-    }
-    get public() {
-        if (this._publicKey == null) {
-            throw new CodeError('public key not provided', 'ERR_PUBKEY_NOT_PROVIDED');
-        }
-        return new RsaPublicKey(this._publicKey);
-    }
-    marshal() {
-        return jwkToPkcs1(this._key);
-    }
-    get bytes() {
-        return PrivateKey.encode({
-            Type: KeyType.RSA,
-            Data: this.marshal()
-        }).subarray();
-    }
-    equals(key) {
-        return equals(this.bytes, key.bytes);
-    }
-    hash() {
-        const p = sha256.digest(this.bytes);
-        if (isPromise$1(p)) {
-            return p.then(({ bytes }) => bytes);
-        }
-        return p.bytes;
-    }
-    /**
-     * Gets the ID of the key.
-     *
-     * The key id is the base58 encoding of the SHA-256 multihash of its public key.
-     * The public key is a protobuf encoding containing a type and the DER encoding
-     * of the PKCS SubjectPublicKeyInfo.
-     */
-    async id() {
-        const hash = await this.public.hash();
-        return toString$6(hash, 'base58btc');
+/**
+ * HMAC: RFC2104 message authentication code.
+ * @module
+ */
+class HMAC extends Hash {
+    constructor(hash, _key) {
+        super();
+        this.finished = false;
+        this.destroyed = false;
+        ahash(hash);
+        const key = toBytes$1(_key);
+        this.iHash = hash.create();
+        if (typeof this.iHash.update !== 'function')
+            throw new Error('Expected instance of class which extends utils.Hash');
+        this.blockLen = this.iHash.blockLen;
+        this.outputLen = this.iHash.outputLen;
+        const blockLen = this.blockLen;
+        const pad = new Uint8Array(blockLen);
+        // blockLen can be bigger than outputLen
+        pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
+        for (let i = 0; i < pad.length; i++)
+            pad[i] ^= 0x36;
+        this.iHash.update(pad);
+        // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone
+        this.oHash = hash.create();
+        // Undo internal XOR && apply outer XOR
+        for (let i = 0; i < pad.length; i++)
+            pad[i] ^= 0x36 ^ 0x5c;
+        this.oHash.update(pad);
+        pad.fill(0);
     }
-    /**
-     * Exports the key as libp2p-key - a aes-gcm encrypted value with the key
-     * derived from the password.
-     *
-     * To export it as a password protected PEM file, please use the `exportPEM`
-     * function from `@libp2p/rsa`.
-     */
-    async export(password, format = 'pkcs-8') {
-        if (format === 'pkcs-8') {
-            return exportToPem(this, password);
-        }
-        else if (format === 'libp2p-key') {
-            return exporter(this.bytes, password);
-        }
-        else {
-            throw new CodeError(`export format '${format}' is not supported`, 'ERR_INVALID_EXPORT_FORMAT');
-        }
+    update(buf) {
+        aexists(this);
+        this.iHash.update(buf);
+        return this;
     }
-}
-async function unmarshalRsaPrivateKey(bytes) {
-    const jwk = pkcs1ToJwk(bytes);
-    if (keySize(jwk) > MAX_RSA_KEY_SIZE) {
-        throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE');
+    digestInto(out) {
+        aexists(this);
+        abytes$1(out, this.outputLen);
+        this.finished = true;
+        this.iHash.digestInto(out);
+        this.oHash.update(out);
+        this.oHash.digestInto(out);
+        this.destroy();
     }
-    const keys = await unmarshalPrivateKey$1(jwk);
-    return new RsaPrivateKey(keys.privateKey, keys.publicKey);
-}
-function unmarshalRsaPublicKey(bytes) {
-    const jwk = pkixToJwk(bytes);
-    if (keySize(jwk) > MAX_RSA_KEY_SIZE) {
-        throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE');
+    digest() {
+        const out = new Uint8Array(this.oHash.outputLen);
+        this.digestInto(out);
+        return out;
     }
-    return new RsaPublicKey(jwk);
-}
-async function fromJwk(jwk) {
-    if (keySize(jwk) > MAX_RSA_KEY_SIZE) {
-        throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE');
+    _cloneInto(to) {
+        // Create new instance without calling constructor since key already in state and we don't know it.
+        to || (to = Object.create(Object.getPrototypeOf(this), {}));
+        const { oHash, iHash, finished, destroyed, blockLen, outputLen } = this;
+        to = to;
+        to.finished = finished;
+        to.destroyed = destroyed;
+        to.blockLen = blockLen;
+        to.outputLen = outputLen;
+        to.oHash = oHash._cloneInto(to.oHash);
+        to.iHash = iHash._cloneInto(to.iHash);
+        return to;
     }
-    const keys = await unmarshalPrivateKey$1(jwk);
-    return new RsaPrivateKey(keys.privateKey, keys.publicKey);
-}
-async function generateKeyPair$1(bits) {
-    if (bits > MAX_RSA_KEY_SIZE) {
-        throw new CodeError('key size is too large', 'ERR_KEY_SIZE_TOO_LARGE');
+    destroy() {
+        this.destroyed = true;
+        this.oHash.destroy();
+        this.iHash.destroy();
     }
-    const keys = await generateKey$1(bits);
-    return new RsaPrivateKey(keys.privateKey, keys.publicKey);
 }
+/**
+ * HMAC: RFC2104 message authentication code.
+ * @param hash - function that would be used e.g. sha256
+ * @param key - message key
+ * @param message - message data
+ * @example
+ * import { hmac } from '@noble/hashes/hmac';
+ * import { sha256 } from '@noble/hashes/sha2';
+ * const mac1 = hmac(sha256, 'key', 'message');
+ */
+const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
+hmac.create = (hash, key) => new HMAC(hash, key);
 
-var RSA = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    MAX_RSA_KEY_SIZE: MAX_RSA_KEY_SIZE,
-    RsaPrivateKey: RsaPrivateKey,
-    RsaPublicKey: RsaPublicKey,
-    fromJwk: fromJwk,
-    generateKeyPair: generateKeyPair$1,
-    unmarshalRsaPrivateKey: unmarshalRsaPrivateKey,
-    unmarshalRsaPublicKey: unmarshalRsaPublicKey
-});
-
+/**
+ * Short Weierstrass curve methods. The formula is: y² = x³ + ax + b.
+ *
+ * ### Design rationale for types
+ *
+ * * Interaction between classes from different curves should fail:
+ *   `k256.Point.BASE.add(p256.Point.BASE)`
+ * * For this purpose we want to use `instanceof` operator, which is fast and works during runtime
+ * * Different calls of `curve()` would return different classes -
+ *   `curve(params) !== curve(params)`: if somebody decided to monkey-patch their curve,
+ *   it won't affect others
+ *
+ * TypeScript can't infer types for classes created inside a function. Classes is one instance
+ * of nominative types in TypeScript and interfaces only check for shape, so it's hard to create
+ * unique type for every function call.
+ *
+ * We can use generic types via some param, like curve opts, but that would:
+ *     1. Enable interaction between `curve(params)` and `curve(params)` (curves of same params)
+ *     which is hard to debug.
+ *     2. Params can be generic and we can't enforce them to be constant value:
+ *     if somebody creates curve from non-constant params,
+ *     it would be allowed to interact with other curves with non-constant params
+ *
+ * @todo https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#unique-symbol
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// Short Weierstrass curve. The formula is: y² = x³ + ax + b
 function validateSigVerOpts(opts) {
     if (opts.lowS !== undefined)
         abool('lowS', opts.lowS);
@@ -13059,73 +12763,132 @@ function validatePointOpts(curve) {
     const { endo, Fp, a } = opts;
     if (endo) {
         if (!Fp.eql(a, Fp.ZERO)) {
-            throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');
+            throw new Error('invalid endomorphism, can only be defined for Koblitz curves that have a=0');
         }
         if (typeof endo !== 'object' ||
             typeof endo.beta !== 'bigint' ||
             typeof endo.splitScalar !== 'function') {
-            throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');
+            throw new Error('invalid endomorphism, expected beta: bigint and splitScalar: function');
         }
     }
     return Object.freeze({ ...opts });
 }
-// ASN.1 DER encoding utilities
 const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;
+class DERErr extends Error {
+    constructor(m = '') {
+        super(m);
+    }
+}
+/**
+ * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:
+ *
+ *     [0x30 (SEQUENCE), bytelength, 0x02 (INTEGER), intLength, R, 0x02 (INTEGER), intLength, S]
+ *
+ * Docs: https://letsencrypt.org/docs/a-warm-welcome-to-asn1-and-der/, https://luca.ntop.org/Teaching/Appunti/asn1.html
+ */
 const DER = {
     // asn.1 DER encoding utils
-    Err: class DERErr extends Error {
-        constructor(m = '') {
-            super(m);
-        }
+    Err: DERErr,
+    // Basic building block is TLV (Tag-Length-Value)
+    _tlv: {
+        encode: (tag, data) => {
+            const { Err: E } = DER;
+            if (tag < 0 || tag > 256)
+                throw new E('tlv.encode: wrong tag');
+            if (data.length & 1)
+                throw new E('tlv.encode: unpadded data');
+            const dataLen = data.length / 2;
+            const len = numberToHexUnpadded(dataLen);
+            if ((len.length / 2) & 128)
+                throw new E('tlv.encode: long form length too big');
+            // length of length with long form flag
+            const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : '';
+            const t = numberToHexUnpadded(tag);
+            return t + lenLen + len + data;
+        },
+        // v - value, l - left bytes (unparsed)
+        decode(tag, data) {
+            const { Err: E } = DER;
+            let pos = 0;
+            if (tag < 0 || tag > 256)
+                throw new E('tlv.encode: wrong tag');
+            if (data.length < 2 || data[pos++] !== tag)
+                throw new E('tlv.decode: wrong tlv');
+            const first = data[pos++];
+            const isLong = !!(first & 128); // First bit of first length byte is flag for short/long form
+            let length = 0;
+            if (!isLong)
+                length = first;
+            else {
+                // Long form: [longFlag(1bit), lengthLength(7bit), length (BE)]
+                const lenLen = first & 127;
+                if (!lenLen)
+                    throw new E('tlv.decode(long): indefinite length not supported');
+                if (lenLen > 4)
+                    throw new E('tlv.decode(long): byte length is too big'); // this will overflow u32 in js
+                const lengthBytes = data.subarray(pos, pos + lenLen);
+                if (lengthBytes.length !== lenLen)
+                    throw new E('tlv.decode: length bytes not complete');
+                if (lengthBytes[0] === 0)
+                    throw new E('tlv.decode(long): zero leftmost byte');
+                for (const b of lengthBytes)
+                    length = (length << 8) | b;
+                pos += lenLen;
+                if (length < 128)
+                    throw new E('tlv.decode(long): not minimal encoding');
+            }
+            const v = data.subarray(pos, pos + length);
+            if (v.length !== length)
+                throw new E('tlv.decode: wrong value length');
+            return { v, l: data.subarray(pos + length) };
+        },
     },
-    _parseInt(data) {
-        const { Err: E } = DER;
-        if (data.length < 2 || data[0] !== 0x02)
-            throw new E('Invalid signature integer tag');
-        const len = data[1];
-        const res = data.subarray(2, len + 2);
-        if (!len || res.length !== len)
-            throw new E('Invalid signature integer: wrong length');
-        // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
-        // since we always use positive integers here. It must always be empty:
-        // - add zero byte if exists
-        // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
-        if (res[0] & 0b10000000)
-            throw new E('Invalid signature integer: negative');
-        if (res[0] === 0x00 && !(res[1] & 0b10000000))
-            throw new E('Invalid signature integer: unnecessary leading zero');
-        return { d: b2n(res), l: data.subarray(len + 2) }; // d is data, l is left
+    // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
+    // since we always use positive integers here. It must always be empty:
+    // - add zero byte if exists
+    // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
+    _int: {
+        encode(num) {
+            const { Err: E } = DER;
+            if (num < _0n)
+                throw new E('integer: negative integers are not allowed');
+            let hex = numberToHexUnpadded(num);
+            // Pad with zero byte if negative flag is present
+            if (Number.parseInt(hex[0], 16) & 0b1000)
+                hex = '00' + hex;
+            if (hex.length & 1)
+                throw new E('unexpected DER parsing assertion: unpadded hex');
+            return hex;
+        },
+        decode(data) {
+            const { Err: E } = DER;
+            if (data[0] & 128)
+                throw new E('invalid signature integer: negative');
+            if (data[0] === 0x00 && !(data[1] & 128))
+                throw new E('invalid signature integer: unnecessary leading zero');
+            return b2n(data);
+        },
     },
     toSig(hex) {
         // parse DER signature
-        const { Err: E } = DER;
+        const { Err: E, _int: int, _tlv: tlv } = DER;
         const data = typeof hex === 'string' ? h2b(hex) : hex;
         abytes(data);
-        let l = data.length;
-        if (l < 2 || data[0] != 0x30)
-            throw new E('Invalid signature tag');
-        if (data[1] !== l - 2)
-            throw new E('Invalid signature: incorrect length');
-        const { d: r, l: sBytes } = DER._parseInt(data.subarray(2));
-        const { d: s, l: rBytesLeft } = DER._parseInt(sBytes);
-        if (rBytesLeft.length)
-            throw new E('Invalid signature: left bytes after parsing');
-        return { r, s };
+        const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);
+        if (seqLeftBytes.length)
+            throw new E('invalid signature: left bytes after parsing');
+        const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);
+        const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);
+        if (sLeftBytes.length)
+            throw new E('invalid signature: left bytes after parsing');
+        return { r: int.decode(rBytes), s: int.decode(sBytes) };
     },
     hexFromSig(sig) {
-        // Add leading zero if first byte has negative bit enabled. More details in '_parseInt'
-        const slice = (s) => (Number.parseInt(s[0], 16) & 0b1000 ? '00' + s : s);
-        const h = (num) => {
-            const hex = num.toString(16);
-            return hex.length & 1 ? `0${hex}` : hex;
-        };
-        const s = slice(h(sig.s));
-        const r = slice(h(sig.r));
-        const shl = s.length / 2;
-        const rhl = r.length / 2;
-        const sl = h(shl);
-        const rl = h(rhl);
-        return `30${h(rhl + shl + 4)}02${rl}${r}02${sl}${s}`;
+        const { _tlv: tlv, _int: int } = DER;
+        const rs = tlv.encode(0x02, int.encode(sig.r));
+        const ss = tlv.encode(0x02, int.encode(sig.s));
+        const seq = rs + ss;
+        return tlv.encode(0x30, seq);
     },
 };
 // Be friendly to bad ECMAScript parsers by not using bigint literals
@@ -13134,6 +12897,7 @@ const _0n = BigInt(0), _1n$1 = BigInt(1); BigInt(2); const _3n = BigInt(3); BigI
 function weierstrassPoints(opts) {
     const CURVE = validatePointOpts(opts);
     const { Fp } = CURVE; // All curves has same field / group length as for now, but they can differ
+    const Fn = Field(CURVE.n, CURVE.nBitLength);
     const toBytes = CURVE.toBytes ||
         ((_c, point, _isCompressed) => {
             const a = point.toAffine();
@@ -13177,7 +12941,7 @@ function weierstrassPoints(opts) {
                 key = bytesToHex(key);
             // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes
             if (typeof key !== 'string' || !lengths.includes(key.length))
-                throw new Error('Invalid key');
+                throw new Error('invalid private key');
             key = key.padStart(nByteLength * 2, '0');
         }
         let num;
@@ -13188,7 +12952,7 @@ function weierstrassPoints(opts) {
                     : bytesToNumberBE(ensureBytes('private key', key, nByteLength));
         }
         catch (error) {
-            throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
+            throw new Error('invalid private key, expected hex or ' + nByteLength + ' bytes, got ' + typeof key);
         }
         if (wrapPrivateKey)
             num = mod(num, N); // disabled by default, enabled for BLS
@@ -13228,7 +12992,7 @@ function weierstrassPoints(opts) {
         if (p.is0()) {
             // (0, 1, 0) aka ZERO is invalid in most contexts.
             // In BLS, ZERO can be serialized, so we allow it.
-            // (0, 0, 0) is wrong representation of ZERO and is always invalid.
+            // (0, 0, 0) is invalid representation of ZERO.
             if (CURVE.allowInfinityPoint && !Fp.is0(p.py))
                 return;
             throw new Error('bad point: ZERO');
@@ -13307,6 +13071,10 @@ function weierstrassPoints(opts) {
         static fromPrivateKey(privateKey) {
             return Point.BASE.multiply(normPrivateKeyToScalar(privateKey));
         }
+        // Multiscalar Multiplication
+        static msm(points, scalars) {
+            return pippenger(Point, Fn, points, scalars);
+        }
         // "Private method", don't use it directly
         _setWindowSize(windowSize) {
             wnaf.setWindowSize(this, windowSize);
@@ -13448,16 +13216,17 @@ function weierstrassPoints(opts) {
          * an exposed private key e.g. sig verification, which works over *public* keys.
          */
         multiplyUnsafe(sc) {
-            aInRange('scalar', sc, _0n, CURVE.n);
+            const { endo, n: N } = CURVE;
+            aInRange('scalar', sc, _0n, N);
             const I = Point.ZERO;
             if (sc === _0n)
                 return I;
-            if (sc === _1n$1)
+            if (this.is0() || sc === _1n$1)
                 return this;
-            const { endo } = CURVE;
-            if (!endo)
-                return wnaf.unsafeLadder(this, sc);
-            // Apply endomorphism
+            // Case a: no endomorphism. Case b: has precomputes.
+            if (!endo || wnaf.hasPrecomputes(this))
+                return wnaf.wNAFCachedUnsafe(this, sc, Point.normalizeZ);
+            // Case c: endomorphism
             let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
             let k1p = I;
             let k2p = I;
@@ -13643,7 +13412,9 @@ function weierstrass(curveDef) {
                 return { x, y };
             }
             else {
-                throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
+                const cl = compressedLen;
+                const ul = uncompressedLen;
+                throw new Error('invalid Point, expected length of ' + cl + ', or uncompressed ' + ul + ', got ' + len);
             }
         },
     });
@@ -13808,6 +13579,9 @@ function weierstrass(curveDef) {
     // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors
     const bits2int = CURVE.bits2int ||
         function (bytes) {
+            // Our custom check "just in case"
+            if (bytes.length > 8192)
+                throw new Error('input is too large');
             // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)
             // for some cases, since bytes.length * 8 is not actual bitLength.
             const num = bytesToNumberBE(bytes); // check for == u8 done here
@@ -13824,15 +13598,15 @@ function weierstrass(curveDef) {
      * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.
      */
     function int2octets(num) {
-        aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);
+        aInRange('num < 2^' + CURVE.nBitLength, num, _0n, ORDER_MASK);
         // works with order, can have different size than numToField!
         return numberToBytesBE(num, CURVE.nByteLength);
     }
     // Steps A, D of RFC6979 3.2
     // Creates RFC6979 seed; converts msg/privKey to numbers.
     // Used only in sign, not in verify.
-    // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.
-    // Also it can be bigger for P224 + SHA256
+    // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order,
+    // this will be invalid at least for P521. Also it can be bigger for P224 + SHA256
     function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
         if (['recovered', 'canonical'].some((k) => k in opts))
             throw new Error('sign() legacy options not supported');
@@ -13926,39 +13700,48 @@ function weierstrass(curveDef) {
         const sg = signature;
         msgHash = ensureBytes('msgHash', msgHash);
         publicKey = ensureBytes('publicKey', publicKey);
+        const { lowS, prehash, format } = opts;
+        // Verify opts, deduce signature format
+        validateSigVerOpts(opts);
         if ('strict' in opts)
             throw new Error('options.strict was renamed to lowS');
-        validateSigVerOpts(opts);
-        const { lowS, prehash } = opts;
+        if (format !== undefined && format !== 'compact' && format !== 'der')
+            throw new Error('format must be compact or der');
+        const isHex = typeof sg === 'string' || isBytes$1(sg);
+        const isObj = !isHex &&
+            !format &&
+            typeof sg === 'object' &&
+            sg !== null &&
+            typeof sg.r === 'bigint' &&
+            typeof sg.s === 'bigint';
+        if (!isHex && !isObj)
+            throw new Error('invalid signature, expected Uint8Array, hex string or Signature instance');
         let _sig = undefined;
         let P;
         try {
-            if (typeof sg === 'string' || isBytes$1(sg)) {
+            if (isObj)
+                _sig = new Signature(sg.r, sg.s);
+            if (isHex) {
                 // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).
                 // Since DER can also be 2*nByteLength bytes, we check for it first.
                 try {
-                    _sig = Signature.fromDER(sg);
+                    if (format !== 'compact')
+                        _sig = Signature.fromDER(sg);
                 }
                 catch (derError) {
                     if (!(derError instanceof DER.Err))
                         throw derError;
-                    _sig = Signature.fromCompact(sg);
                 }
-            }
-            else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {
-                const { r, s } = sg;
-                _sig = new Signature(r, s);
-            }
-            else {
-                throw new Error('PARSE');
+                if (!_sig && format !== 'der')
+                    _sig = Signature.fromCompact(sg);
             }
             P = Point.fromHex(publicKey);
         }
         catch (error) {
-            if (error.message === 'PARSE')
-                throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
             return false;
         }
+        if (!_sig)
+            return false;
         if (lowS && _sig.hasHighS())
             return false;
         if (prehash)
@@ -13986,20 +13769,36 @@ function weierstrass(curveDef) {
     };
 }
 
+/**
+ * Utilities for short weierstrass curves, combined with noble-hashes.
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-// connects noble-curves to noble-hashes
+/** connects noble-curves to noble-hashes */
 function getHash(hash) {
     return {
         hash,
         hmac: (key, ...msgs) => hmac(hash, key, concatBytes$2(...msgs)),
-        randomBytes: randomBytes$1,
+        randomBytes,
     };
 }
 function createCurve(curveDef, defHash) {
     const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
-    return Object.freeze({ ...create(defHash), create });
+    return { ...create(defHash), create };
 }
 
+/**
+ * NIST secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
+ *
+ * Seems to be rigid (not backdoored)
+ * [as per discussion](https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975).
+ *
+ * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
+ * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
+ * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
+ * [See explanation](https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066).
+ * @module
+ */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
 const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');
@@ -14030,31 +13829,35 @@ function sqrtMod(y) {
     const t1 = (pow2(b223, _23n, P) * b22) % P;
     const t2 = (pow2(t1, _6n, P) * b2) % P;
     const root = pow2(t2, _2n, P);
-    if (!Fp.eql(Fp.sqr(root), y))
+    if (!Fpk1.eql(Fpk1.sqr(root), y))
         throw new Error('Cannot find square root');
     return root;
 }
-const Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
+const Fpk1 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
 /**
  * secp256k1 short weierstrass curve and ECDSA signatures over it.
+ *
+ * @example
+ * import { secp256k1 } from '@noble/curves/secp256k1';
+ *
+ * const priv = secp256k1.utils.randomPrivateKey();
+ * const pub = secp256k1.getPublicKey(priv);
+ * const msg = new Uint8Array(32).fill(1); // message hash (not message) in ecdsa
+ * const sig = secp256k1.sign(msg, priv); // `{prehash: true}` option is available
+ * const isValid = secp256k1.verify(sig, msg, pub) === true;
  */
 const secp256k1 = createCurve({
     a: BigInt(0), // equation params: a, b
-    b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
-    Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
+    b: BigInt(7),
+    Fp: Fpk1, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
     n: secp256k1N, // Curve order, total count of valid points in the field
     // Base point (x, y) aka generator point
     Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
     Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
     h: BigInt(1), // Cofactor
     lowS: true, // Allow only low-S signatures by default in sign() and verify()
-    /**
-     * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
-     * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
-     * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
-     * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
-     */
     endo: {
+        // Endomorphism, see above
         beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
         splitScalar: (k) => {
             const n = secp256k1N;
@@ -14085,27 +13888,15 @@ const secp256k1 = createCurve({
 BigInt(0);
 secp256k1.ProjectivePoint;
 
-function generateKey() {
-    return secp256k1.utils.randomPrivateKey();
-}
-/**
- * Hash and sign message with private key
- */
-function hashAndSign(key, msg) {
-    const p = sha256.digest(msg instanceof Uint8Array ? msg : msg.subarray());
-    if (isPromise$1(p)) {
-        return p.then(({ digest }) => secp256k1.sign(digest, key).toDERRawBytes())
-            .catch(err => {
-            throw new CodeError(String(err), 'ERR_INVALID_INPUT');
-        });
-    }
-    try {
-        return secp256k1.sign(p.digest, key).toDERRawBytes();
-    }
-    catch (err) {
-        throw new CodeError(String(err), 'ERR_INVALID_INPUT');
+function isPromise$1(thing) {
+    if (thing == null) {
+        return false;
     }
+    return typeof thing.then === 'function' &&
+        typeof thing.catch === 'function' &&
+        typeof thing.finally === 'function';
 }
+
 /**
  * Hash message and verify signature with public key
  */
@@ -14114,231 +13905,112 @@ function hashAndVerify(key, sig, msg) {
     if (isPromise$1(p)) {
         return p.then(({ digest }) => secp256k1.verify(sig, digest, key))
             .catch(err => {
-            throw new CodeError(String(err), 'ERR_INVALID_INPUT');
+            throw new VerificationError(String(err));
         });
     }
     try {
         return secp256k1.verify(sig, p.digest, key);
     }
     catch (err) {
-        throw new CodeError(String(err), 'ERR_INVALID_INPUT');
-    }
-}
-function compressPublicKey(key) {
-    const point = secp256k1.ProjectivePoint.fromHex(key).toRawBytes(true);
-    return point;
-}
-function validatePrivateKey(key) {
-    try {
-        secp256k1.getPublicKey(key, true);
-    }
-    catch (err) {
-        throw new CodeError(String(err), 'ERR_INVALID_PRIVATE_KEY');
-    }
-}
-function validatePublicKey(key) {
-    try {
-        secp256k1.ProjectivePoint.fromHex(key);
-    }
-    catch (err) {
-        throw new CodeError(String(err), 'ERR_INVALID_PUBLIC_KEY');
-    }
-}
-function computePublicKey(privateKey) {
-    try {
-        return secp256k1.getPublicKey(privateKey, true);
-    }
-    catch (err) {
-        throw new CodeError(String(err), 'ERR_INVALID_PRIVATE_KEY');
+        throw new VerificationError(String(err));
     }
 }
 
 class Secp256k1PublicKey {
+    type = 'secp256k1';
+    raw;
     _key;
     constructor(key) {
-        validatePublicKey(key);
-        this._key = key;
-    }
-    verify(data, sig) {
-        return hashAndVerify(this._key, sig, data);
-    }
-    marshal() {
-        return compressPublicKey(this._key);
+        this._key = validateSecp256k1PublicKey(key);
+        this.raw = compressSecp256k1PublicKey(this._key);
     }
-    get bytes() {
-        return PublicKey.encode({
-            Type: KeyType.Secp256k1,
-            Data: this.marshal()
-        }).subarray();
+    toMultihash() {
+        return identity.digest(publicKeyToProtobuf(this));
     }
-    equals(key) {
-        return equals(this.bytes, key.bytes);
-    }
-    async hash() {
-        const p = sha256.digest(this.bytes);
-        let bytes;
-        if (isPromise$1(p)) {
-            ({ bytes } = await p);
-        }
-        else {
-            bytes = p.bytes;
-        }
-        return bytes;
-    }
-}
-class Secp256k1PrivateKey {
-    _key;
-    _publicKey;
-    constructor(key, publicKey) {
-        this._key = key;
-        this._publicKey = publicKey ?? computePublicKey(key);
-        validatePrivateKey(this._key);
-        validatePublicKey(this._publicKey);
-    }
-    sign(message) {
-        return hashAndSign(this._key, message);
-    }
-    get public() {
-        return new Secp256k1PublicKey(this._publicKey);
-    }
-    marshal() {
-        return this._key;
+    toCID() {
+        return CID.createV1(114, this.toMultihash());
     }
-    get bytes() {
-        return PrivateKey.encode({
-            Type: KeyType.Secp256k1,
-            Data: this.marshal()
-        }).subarray();
+    toString() {
+        return base58btc.encode(this.toMultihash().bytes).substring(1);
     }
     equals(key) {
-        return equals(this.bytes, key.bytes);
-    }
-    hash() {
-        const p = sha256.digest(this.bytes);
-        if (isPromise$1(p)) {
-            return p.then(({ bytes }) => bytes);
+        if (key == null || !(key.raw instanceof Uint8Array)) {
+            return false;
         }
-        return p.bytes;
-    }
-    /**
-     * Gets the ID of the key.
-     *
-     * The key id is the base58 encoding of the SHA-256 multihash of its public key.
-     * The public key is a protobuf encoding containing a type and the DER encoding
-     * of the PKCS SubjectPublicKeyInfo.
-     */
-    async id() {
-        const hash = await this.public.hash();
-        return toString$6(hash, 'base58btc');
+        return equals(this.raw, key.raw);
     }
-    /**
-     * Exports the key into a password protected `format`
-     */
-    async export(password, format = 'libp2p-key') {
-        if (format === 'libp2p-key') {
-            return exporter(this.bytes, password);
-        }
-        else {
-            throw new CodeError(`export format '${format}' is not supported`, 'ERR_INVALID_EXPORT_FORMAT');
-        }
+    verify(data, sig) {
+        return hashAndVerify(this._key, sig, data);
     }
 }
-function unmarshalSecp256k1PrivateKey(bytes) {
-    return new Secp256k1PrivateKey(bytes);
-}
+
 function unmarshalSecp256k1PublicKey(bytes) {
     return new Secp256k1PublicKey(bytes);
 }
-async function generateKeyPair() {
-    const privateKeyBytes = generateKey();
-    return new Secp256k1PrivateKey(privateKeyBytes);
+function compressSecp256k1PublicKey(key) {
+    const point = secp256k1.ProjectivePoint.fromHex(key).toRawBytes(true);
+    return point;
+}
+function validateSecp256k1PublicKey(key) {
+    try {
+        secp256k1.ProjectivePoint.fromHex(key);
+        return key;
+    }
+    catch (err) {
+        throw new InvalidPublicKeyError(String(err));
+    }
 }
 
-var Secp256k1 = /*#__PURE__*/Object.freeze({
-    __proto__: null,
-    Secp256k1PrivateKey: Secp256k1PrivateKey,
-    Secp256k1PublicKey: Secp256k1PublicKey,
-    generateKeyPair: generateKeyPair,
-    unmarshalSecp256k1PrivateKey: unmarshalSecp256k1PrivateKey,
-    unmarshalSecp256k1PublicKey: unmarshalSecp256k1PublicKey
-});
-
 /**
  * @packageDocumentation
  *
- * **Supported Key Types**
- *
- * The {@link generateKeyPair}, {@link marshalPublicKey}, and {@link marshalPrivateKey} functions accept a string `type` argument.
+ * ## Supported Key Types
  *
  * Currently the `'RSA'`, `'ed25519'`, and `secp256k1` types are supported, although ed25519 and secp256k1 keys support only signing and verification of messages.
  *
  * For encryption / decryption support, RSA keys should be used.
  */
-const supportedKeys = {
-    rsa: RSA,
-    ed25519: Ed25519,
-    secp256k1: Secp256k1
-};
-function unsupportedKey(type) {
-    const supported = Object.keys(supportedKeys).join(' / ');
-    return new CodeError(`invalid or unsupported key type ${type}. Must be ${supported}`, 'ERR_UNSUPPORTED_KEY_TYPE');
-}
-function typeToKey(type) {
-    type = type.toLowerCase();
-    if (type === 'rsa' || type === 'ed25519' || type === 'secp256k1') {
-        return supportedKeys[type];
-    }
-    throw unsupportedKey(type);
-}
 /**
- * Converts a protobuf serialized public key into its representative object
+ * Creates a public key from the raw key bytes
  */
-function unmarshalPublicKey(buf) {
-    const decoded = PublicKey.decode(buf);
-    const data = decoded.Data ?? new Uint8Array();
-    switch (decoded.Type) {
-        case KeyType.RSA:
-            return supportedKeys.rsa.unmarshalRsaPublicKey(data);
-        case KeyType.Ed25519:
-            return supportedKeys.ed25519.unmarshalEd25519PublicKey(data);
-        case KeyType.Secp256k1:
-            return supportedKeys.secp256k1.unmarshalSecp256k1PublicKey(data);
-        default:
-            throw unsupportedKey(decoded.Type ?? 'unknown');
+function publicKeyFromRaw(buf) {
+    if (buf.byteLength === 32) {
+        return unmarshalEd25519PublicKey(buf);
+    }
+    else if (buf.byteLength === 33) {
+        return unmarshalSecp256k1PublicKey(buf);
+    }
+    else {
+        return pkixToRSAPublicKey(buf);
     }
 }
 /**
- * Converts a public key object into a protobuf serialized public key
- */
-function marshalPublicKey(key, type) {
-    type = (type ?? 'rsa').toLowerCase();
-    typeToKey(type); // check type
-    return key.bytes;
-}
-/**
- * Converts a protobuf serialized private key into its representative object
+ * Creates a public key from an identity multihash which contains a protobuf
+ * encoded Ed25519 or secp256k1 public key.
+ *
+ * RSA keys are not supported as in practice we they are not stored in identity
+ * multihashes since the hash would be very large.
  */
-async function unmarshalPrivateKey(buf) {
-    const decoded = PrivateKey.decode(buf);
-    const data = decoded.Data ?? new Uint8Array();
-    switch (decoded.Type) {
-        case KeyType.RSA:
-            return supportedKeys.rsa.unmarshalRsaPrivateKey(data);
+function publicKeyFromMultihash(digest) {
+    const { Type, Data } = PublicKey.decode(digest.digest);
+    const data = Data ?? new Uint8Array();
+    switch (Type) {
         case KeyType.Ed25519:
-            return supportedKeys.ed25519.unmarshalEd25519PrivateKey(data);
-        case KeyType.Secp256k1:
-            return supportedKeys.secp256k1.unmarshalSecp256k1PrivateKey(data);
+            return unmarshalEd25519PublicKey(data);
+        case KeyType.secp256k1:
+            return unmarshalSecp256k1PublicKey(data);
         default:
-            throw unsupportedKey(decoded.Type ?? 'RSA');
+            throw new UnsupportedKeyTypeError();
     }
 }
 /**
- * Converts a private key object into a protobuf serialized private key
+ * Converts a public key object into a protobuf serialized public key
  */
-function marshalPrivateKey(key, type) {
-    type = (type ?? 'rsa').toLowerCase();
-    typeToKey(type); // check type
-    return key.bytes;
+function publicKeyToProtobuf(key) {
+    return PublicKey.encode({
+        Type: KeyType[key.type],
+        Data: key.raw
+    });
 }
 
 /**
@@ -14356,26 +14028,17 @@ function marshalPrivateKey(key, type) {
  * console.log(peer.toString()) // "12D3K..."
  * ```
  */
-const inspect = Symbol.for('nodejs.util.inspect.custom');
-const baseDecoder = Object
-    .values(bases)
-    .map(codec => codec.decoder)
-    // @ts-expect-error https://github.com/multiformats/js-multiformats/issues/141
-    .reduce((acc, curr) => acc.or(curr), bases.identity.decoder);
+const inspect$1 = Symbol.for('nodejs.util.inspect.custom');
 // these values are from https://github.com/multiformats/multicodec/blob/master/table.csv
-const LIBP2P_KEY_CODE = 0x72;
-const MARSHALLED_ED225519_PUBLIC_KEY_LENGTH = 36;
-const MARSHALLED_SECP256K1_PUBLIC_KEY_LENGTH = 37;
-class PeerIdImpl {
+const LIBP2P_KEY_CODE$1 = 0x72;
+let PeerIdImpl$1 = class PeerIdImpl {
     type;
     multihash;
-    privateKey;
     publicKey;
     string;
     constructor(init) {
         this.type = init.type;
         this.multihash = init.multihash;
-        this.privateKey = init.privateKey;
         // mark string cache as non-enumerable
         Object.defineProperty(this, 'string', {
             enumerable: false,
@@ -14392,17 +14055,14 @@ class PeerIdImpl {
         }
         return this.string;
     }
+    toMultihash() {
+        return this.multihash;
+    }
     // return self-describing String representation
     // in default format from RFC 0001: https://github.com/libp2p/specs/pull/209
     toCID() {
-        return CID.createV1(LIBP2P_KEY_CODE, this.multihash);
+        return CID.createV1(LIBP2P_KEY_CODE$1, this.multihash);
     }
-    toBytes() {
-        return this.multihash.bytes;
-    }
-    /**
-     * Returns Multiaddr as a JSON string
-     */
     toJSON() {
         return this.toString();
     }
@@ -14417,10 +14077,10 @@ class PeerIdImpl {
             return equals(this.multihash.bytes, id);
         }
         else if (typeof id === 'string') {
-            return peerIdFromString(id).equals(this);
+            return this.toString() === id;
         }
-        else if (id?.multihash?.bytes != null) {
-            return equals(this.multihash.bytes, id.multihash.bytes);
+        else if (id?.toMultihash()?.bytes != null) {
+            return equals(this.multihash.bytes, id.toMultihash().bytes);
         }
         else {
             throw new Error('not valid Id');
@@ -14438,145 +14098,79 @@ class PeerIdImpl {
      * // 'PeerId(QmFoo)'
      * ```
      */
-    [inspect]() {
+    [inspect$1]() {
         return `PeerId(${this.toString()})`;
     }
-}
-class RSAPeerIdImpl extends PeerIdImpl {
+};
+let RSAPeerId$1 = class RSAPeerId extends PeerIdImpl$1 {
     type = 'RSA';
     publicKey;
     constructor(init) {
         super({ ...init, type: 'RSA' });
         this.publicKey = init.publicKey;
     }
-}
-class Ed25519PeerIdImpl extends PeerIdImpl {
+};
+let Ed25519PeerId$1 = class Ed25519PeerId extends PeerIdImpl$1 {
     type = 'Ed25519';
     publicKey;
     constructor(init) {
         super({ ...init, type: 'Ed25519' });
-        this.publicKey = init.multihash.digest;
+        this.publicKey = init.publicKey;
     }
-}
-class Secp256k1PeerIdImpl extends PeerIdImpl {
+};
+let Secp256k1PeerId$1 = class Secp256k1PeerId extends PeerIdImpl$1 {
     type = 'secp256k1';
     publicKey;
     constructor(init) {
         super({ ...init, type: 'secp256k1' });
-        this.publicKey = init.multihash.digest;
-    }
-}
-// these values are from https://github.com/multiformats/multicodec/blob/master/table.csv
-const TRANSPORT_IPFS_GATEWAY_HTTP_CODE = 0x0920;
-class URLPeerIdImpl {
-    type = 'url';
-    multihash;
-    privateKey;
-    publicKey;
-    url;
-    constructor(url) {
-        this.url = url.toString();
-        this.multihash = identity.digest(fromString(this.url));
-    }
-    [inspect]() {
-        return `PeerId(${this.url})`;
-    }
-    [peerIdSymbol] = true;
-    toString() {
-        return this.toCID().toString();
-    }
-    toCID() {
-        return CID.createV1(TRANSPORT_IPFS_GATEWAY_HTTP_CODE, this.multihash);
-    }
-    toBytes() {
-        return this.toCID().bytes;
-    }
-    equals(other) {
-        if (other == null) {
-            return false;
-        }
-        if (other instanceof Uint8Array) {
-            other = toString$6(other);
-        }
-        return other.toString() === this.toString();
-    }
-}
-function peerIdFromString(str, decoder) {
-    if (str.charAt(0) === '1' || str.charAt(0) === 'Q') {
-        // identity hash ed25519/secp256k1 key or sha2-256 hash of
-        // rsa public key - base58btc encoded either way
-        const multihash = decode$6(base58btc.decode(`z${str}`));
-        if (str.startsWith('12D')) {
-            return new Ed25519PeerIdImpl({ multihash });
-        }
-        else if (str.startsWith('16U')) {
-            return new Secp256k1PeerIdImpl({ multihash });
-        }
-        else {
-            return new RSAPeerIdImpl({ multihash });
-        }
-    }
-    return peerIdFromBytes(baseDecoder.decode(str));
-}
-function peerIdFromBytes(buf) {
-    try {
-        const multihash = decode$6(buf);
-        if (multihash.code === identity.code) {
-            if (multihash.digest.length === MARSHALLED_ED225519_PUBLIC_KEY_LENGTH) {
-                return new Ed25519PeerIdImpl({ multihash });
-            }
-            else if (multihash.digest.length === MARSHALLED_SECP256K1_PUBLIC_KEY_LENGTH) {
-                return new Secp256k1PeerIdImpl({ multihash });
-            }
-        }
-        if (multihash.code === sha256.code) {
-            return new RSAPeerIdImpl({ multihash });
-        }
-    }
-    catch {
-        return peerIdFromCID(CID.decode(buf));
-    }
-    throw new Error('Supplied PeerID CID is invalid');
-}
-function peerIdFromCID(cid) {
-    if (cid?.multihash == null || cid.version == null || (cid.version === 1 && (cid.code !== LIBP2P_KEY_CODE) && cid.code !== TRANSPORT_IPFS_GATEWAY_HTTP_CODE)) {
-        throw new Error('Supplied PeerID CID is invalid');
-    }
-    if (cid.code === TRANSPORT_IPFS_GATEWAY_HTTP_CODE) {
-        const url = toString$6(cid.multihash.digest);
-        return new URLPeerIdImpl(new URL(url));
-    }
-    const multihash = cid.multihash;
-    if (multihash.code === sha256.code) {
-        return new RSAPeerIdImpl({ multihash: cid.multihash });
-    }
-    else if (multihash.code === identity.code) {
-        if (multihash.digest.length === MARSHALLED_ED225519_PUBLIC_KEY_LENGTH) {
-            return new Ed25519PeerIdImpl({ multihash: cid.multihash });
-        }
-        else if (multihash.digest.length === MARSHALLED_SECP256K1_PUBLIC_KEY_LENGTH) {
-            return new Secp256k1PeerIdImpl({ multihash: cid.multihash });
-        }
+        this.publicKey = init.publicKey;
     }
-    throw new Error('Supplied PeerID CID is invalid');
-}
+};
+
 /**
- * @param publicKey - A marshalled public key
- * @param privateKey - A marshalled private key
+ * @packageDocumentation
+ *
+ * An implementation of a peer id
+ *
+ * @example
+ *
+ * ```TypeScript
+ * import { peerIdFromString } from '@libp2p/peer-id'
+ * const peer = peerIdFromString('12D3KooWKnDdG3iXw9eTFijk3EWSunZcFi54Zka4wmtqtt6rPxc8')
+ *
+ * console.log(peer.toCID()) // CID(bafzaa...)
+ * console.log(peer.toString()) // "12D3K..."
+ * ```
  */
-async function peerIdFromKeys(publicKey, privateKey) {
-    if (publicKey.length === MARSHALLED_ED225519_PUBLIC_KEY_LENGTH) {
-        return new Ed25519PeerIdImpl({ multihash: create$1(identity.code, publicKey), privateKey });
+function peerIdFromPublicKey(publicKey) {
+    if (publicKey.type === 'Ed25519') {
+        return new Ed25519PeerId$1({
+            multihash: publicKey.toCID().multihash,
+            publicKey
+        });
+    }
+    else if (publicKey.type === 'secp256k1') {
+        return new Secp256k1PeerId$1({
+            multihash: publicKey.toCID().multihash,
+            publicKey
+        });
     }
-    if (publicKey.length === MARSHALLED_SECP256K1_PUBLIC_KEY_LENGTH) {
-        return new Secp256k1PeerIdImpl({ multihash: create$1(identity.code, publicKey), privateKey });
+    else if (publicKey.type === 'RSA') {
+        return new RSAPeerId$1({
+            multihash: publicKey.toCID().multihash,
+            publicKey
+        });
     }
-    return new RSAPeerIdImpl({ multihash: await sha256.digest(publicKey), publicKey, privateKey });
+    throw new UnsupportedKeyTypeError();
 }
 
+const ERR_TYPE_NOT_IMPLEMENTED = "Keypair type not implemented";
 function createPeerIdFromPublicKey(publicKey) {
-    const _publicKey = new supportedKeys.secp256k1.Secp256k1PublicKey(publicKey);
-    return peerIdFromKeys(_publicKey.bytes, undefined);
+    const pubKey = publicKeyFromRaw(publicKey);
+    if (pubKey.type !== "secp256k1") {
+        throw new Error(ERR_TYPE_NOT_IMPLEMENTED);
+    }
+    return peerIdFromPublicKey(pubKey);
 }
 
 function decodeMultiaddrs(bytes) {
@@ -14823,12 +14417,12 @@ var TransportProtocolPerIpVersion;
 class ENR extends RawEnr {
     static RECORD_PREFIX = "enr:";
     peerId;
-    static async create(kvs = {}, seq = BigInt(1), signature) {
+    static create(kvs = {}, seq = BigInt(1), signature) {
         const enr = new ENR(kvs, seq, signature);
         try {
             const publicKey = enr.publicKey;
             if (publicKey) {
-                enr.peerId = await createPeerIdFromPublicKey(publicKey);
+                enr.peerId = createPeerIdFromPublicKey(publicKey);
             }
         }
         catch (e) {
@@ -15593,7 +15187,7 @@ async function fromValues(values) {
         }
     }
     const _seq = decodeSeq(seq);
-    const enr = await ENR.create(obj, _seq, signature);
+    const enr = ENR.create(obj, _seq, signature);
     checkSignature(seq, kvs, enr, signature);
     return enr;
 }
@@ -16277,9 +15871,9 @@ function _copyActual (source, target, targetStart, sourceStart, sourceEnd) {
 const QUERY_FLAG = 0;
 const RESPONSE_FLAG = 1 << 15;
 const FLUSH_MASK = 1 << 15;
-const NOT_FLUSH_MASK = ~FLUSH_MASK;
+const NOT_FLUSH_MASK = -32769;
 const QU_MASK = 1 << 15;
-const NOT_QU_MASK = ~QU_MASK;
+const NOT_QU_MASK = -32769;
 
 function codec ({ bytes = 0, encode, decode, encodingLength }) {
   encode.bytes = bytes;
@@ -20664,190 +20258,128 @@ function wakuDnsDiscovery(enrUrls, wantedNodeCapabilityCount = DEFAULT_NODE_REQU
     return (components) => new PeerDiscoveryDns(components, { enrUrls, wantedNodeCapabilityCount });
 }
 
-/**
- * Function to sort peers by latency from lowest to highest
- * @param peerStore - The Libp2p PeerStore
- * @param peers - The list of peers to choose from
- * @returns Sorted array of peers by latency
- */
-async function sortPeersByLatency(peerStore, peers) {
-    if (peers.length === 0)
-        return [];
-    const results = await Promise.all(peers.map(async (peer) => {
-        try {
-            const pingBytes = (await peerStore.get(peer.id)).metadata.get("ping");
-            if (!pingBytes)
-                return { peer, ping: Infinity };
-            const ping = Number(bytesToUtf8(pingBytes));
-            return { peer, ping };
-        }
-        catch (error) {
-            return { peer, ping: Infinity };
-        }
-    }));
-    // filter out null values
-    const validResults = results.filter((result) => result !== null);
-    return validResults
-        .sort((a, b) => a.ping - b.ping)
-        .map((result) => result.peer);
-}
-/**
- * Returns the list of peers that supports the given protocol.
- */
-async function getPeersForProtocol(peerStore, protocols) {
-    const peers = [];
-    await peerStore.forEach((peer) => {
-        for (let i = 0; i < protocols.length; i++) {
-            if (peer.protocols.includes(protocols[i])) {
-                peers.push(peer);
-                break;
-            }
-        }
-    });
-    return peers;
-}
-
-/**
- * Retrieves a list of peers based on the specified criteria:
- * 1. If numPeers is 0, return all peers
- * 2. Bootstrap peers are prioritized
- * 3. Non-bootstrap peers are randomly selected to fill up to numPeers
- *
- * @param peers - The list of peers to filter from.
- * @param numPeers - The total number of peers to retrieve. If 0, all peers are returned, irrespective of `maxBootstrapPeers`.
- * @param maxBootstrapPeers - The maximum number of bootstrap peers to retrieve.
- * @returns An array of peers based on the specified criteria.
- */
-function filterPeersByDiscovery(peers, numPeers, maxBootstrapPeers) {
-    // Collect the bootstrap peers up to the specified maximum
-    let bootstrapPeers = peers
-        .filter((peer) => peer.tags.has(Tags.BOOTSTRAP))
-        .slice(0, maxBootstrapPeers);
-    // If numPeers is less than the number of bootstrap peers, adjust the bootstrapPeers array
-    if (numPeers > 0 && numPeers < bootstrapPeers.length) {
-        bootstrapPeers = bootstrapPeers.slice(0, numPeers);
-    }
-    // Collect non-bootstrap peers
-    const nonBootstrapPeers = peers.filter((peer) => !peer.tags.has(Tags.BOOTSTRAP));
-    // If numPeers is 0, return all peers
-    if (numPeers === 0) {
-        return [...bootstrapPeers, ...nonBootstrapPeers];
-    }
-    // Initialize the list of selected peers with the bootstrap peers
-    const selectedPeers = [...bootstrapPeers];
-    // Fill up to numPeers with remaining random peers if needed
-    while (selectedPeers.length < numPeers && nonBootstrapPeers.length > 0) {
-        const randomIndex = Math.floor(Math.random() * nonBootstrapPeers.length);
-        const randomPeer = nonBootstrapPeers.splice(randomIndex, 1)[0];
-        selectedPeers.push(randomPeer);
-    }
-    return selectedPeers;
-}
-
-function selectConnection(connections) {
-    if (!connections.length)
-        return;
-    if (connections.length === 1)
-        return connections[0];
-    let latestConnection;
-    connections.forEach((connection) => {
-        if (connection.status === "open") {
-            if (!latestConnection) {
-                latestConnection = connection;
-            }
-            else if (connection.timeline.open > latestConnection.timeline.open) {
-                latestConnection = connection;
-            }
-        }
-    });
-    return latestConnection;
+function selectOpenConnection(connections) {
+    return connections
+        .filter((c) => c.status === "open")
+        .sort((left, right) => right.timeline.open - left.timeline.open)
+        .at(0);
 }
 
-const CONNECTION_TIMEOUT = 5_000;
-const RETRY_BACKOFF_BASE = 1_000;
-const MAX_RETRIES = 3;
+const STREAM_LOCK_KEY = "consumed";
 class StreamManager {
     multicodec;
     getConnections;
     addEventListener;
-    streamPool;
     log;
+    ongoingCreation = new Set();
+    streamPool = new Map();
     constructor(multicodec, getConnections, addEventListener) {
         this.multicodec = multicodec;
         this.getConnections = getConnections;
         this.addEventListener = addEventListener;
         this.log = new Logger$1(`stream-manager:${multicodec}`);
-        this.streamPool = new Map();
         this.addEventListener("peer:update", this.handlePeerUpdateStreamPool);
     }
-    async getStream(peer) {
-        const peerIdStr = peer.id.toString();
-        const streamPromise = this.streamPool.get(peerIdStr);
-        if (!streamPromise) {
-            return this.createStream(peer);
+    async getStream(peerId) {
+        const peerIdStr = peerId.toString();
+        const scheduledStream = this.streamPool.get(peerIdStr);
+        if (scheduledStream) {
+            this.streamPool.delete(peerIdStr);
+            await scheduledStream;
+        }
+        let stream = this.getOpenStreamForCodec(peerId);
+        if (stream) {
+            this.log.info(`Found existing stream peerId=${peerIdStr} multicodec=${this.multicodec}`);
+            this.lockStream(peerIdStr, stream);
+            return stream;
+        }
+        stream = await this.createStream(peerId);
+        this.lockStream(peerIdStr, stream);
+        return stream;
+    }
+    async createStream(peerId, retries = 0) {
+        const connections = this.getConnections(peerId);
+        const connection = selectOpenConnection(connections);
+        if (!connection) {
+            throw new Error(`Failed to get a connection to the peer peerId=${peerId.toString()} multicodec=${this.multicodec}`);
         }
-        this.streamPool.delete(peerIdStr);
-        this.prepareStream(peer);
-        try {
-            const stream = await streamPromise;
-            if (stream && stream.status !== "closed") {
-                return stream;
+        let lastError;
+        let stream;
+        for (let i = 0; i < retries + 1; i++) {
+            try {
+                this.log.info(`Attempting to create a stream for peerId=${peerId.toString()} multicodec=${this.multicodec}`);
+                stream = await connection.newStream(this.multicodec);
+                this.log.info(`Created stream for peerId=${peerId.toString()} multicodec=${this.multicodec}`);
+                break;
+            }
+            catch (error) {
+                lastError = error;
             }
         }
+        if (!stream) {
+            throw new Error(`Failed to create a new stream for ${peerId.toString()} -- ` + lastError);
+        }
+        return stream;
+    }
+    async createStreamWithLock(peer) {
+        const peerId = peer.id.toString();
+        if (this.ongoingCreation.has(peerId)) {
+            this.log.info(`Skipping creation of a stream due to lock for peerId=${peerId} multicodec=${this.multicodec}`);
+            return;
+        }
+        try {
+            this.ongoingCreation.add(peerId);
+            await this.createStream(peer.id);
+        }
         catch (error) {
-            this.log.warn(`Failed to get stream for ${peerIdStr} -- `, error);
-            this.log.warn("Attempting to create a new stream for the peer");
+            this.log.error(`Failed to createStreamWithLock:`, error);
+        }
+        finally {
+            this.ongoingCreation.delete(peerId);
+        }
+        return;
+    }
+    handlePeerUpdateStreamPool = (evt) => {
+        const { peer } = evt.detail;
+        if (!peer.protocols.includes(this.multicodec)) {
+            return;
+        }
+        const stream = this.getOpenStreamForCodec(peer.id);
+        if (stream) {
+            return;
+        }
+        this.scheduleNewStream(peer);
+    };
+    scheduleNewStream(peer) {
+        this.log.info(`Scheduling creation of a stream for peerId=${peer.id.toString()} multicodec=${this.multicodec}`);
+        // abandon previous attempt
+        if (this.streamPool.has(peer.id.toString())) {
+            this.streamPool.delete(peer.id.toString());
         }
-        return this.createStream(peer);
+        this.streamPool.set(peer.id.toString(), this.createStreamWithLock(peer));
     }
-    async createStream(peer, retries = 0) {
-        const connections = this.getConnections(peer.id);
-        const connection = selectConnection(connections);
+    getOpenStreamForCodec(peerId) {
+        const connections = this.getConnections(peerId);
+        const connection = selectOpenConnection(connections);
         if (!connection) {
-            throw new Error("Failed to get a connection to the peer");
+            return;
         }
-        try {
-            return await connection.newStream(this.multicodec);
+        const stream = connection.streams.find((s) => s.protocol === this.multicodec);
+        if (!stream) {
+            return;
         }
-        catch (error) {
-            if (retries < MAX_RETRIES) {
-                const backoff = RETRY_BACKOFF_BASE * Math.pow(2, retries);
-                await new Promise((resolve) => setTimeout(resolve, backoff));
-                return this.createStream(peer, retries + 1);
-            }
-            throw new Error(`Failed to create a new stream for ${peer.id.toString()} -- ` + error);
+        const isStreamUnusable = ["done", "closed", "closing"].includes(stream.writeStatus || "");
+        if (isStreamUnusable || this.isStreamLocked(stream)) {
+            return;
         }
+        return stream;
     }
-    prepareStream(peer) {
-        const timeoutPromise = new Promise((resolve) => setTimeout(resolve, CONNECTION_TIMEOUT));
-        const streamPromise = Promise.race([
-            this.createStream(peer),
-            timeoutPromise.then(() => {
-                throw new Error("Connection timeout");
-            })
-        ]).catch((error) => {
-            this.log.error(`Failed to prepare a new stream for ${peer.id.toString()} -- `, error);
-        });
-        this.streamPool.set(peer.id.toString(), streamPromise);
+    lockStream(peerId, stream) {
+        this.log.info(`Locking stream for peerId:${peerId}\tstreamId:${stream.id}`);
+        stream.metadata[STREAM_LOCK_KEY] = true;
     }
-    handlePeerUpdateStreamPool = (evt) => {
-        const { peer } = evt.detail;
-        if (peer.protocols.includes(this.multicodec)) {
-            const isConnected = this.isConnectedTo(peer.id);
-            if (isConnected) {
-                this.log.info(`Preemptively opening a stream to ${peer.id.toString()}`);
-                this.prepareStream(peer);
-            }
-            else {
-                const peerIdStr = peer.id.toString();
-                this.streamPool.delete(peerIdStr);
-                this.log.info(`Removed pending stream for disconnected peer ${peerIdStr}`);
-            }
-        }
-    };
-    isConnectedTo(peerId) {
-        const connections = this.getConnections(peerId);
-        return connections.some((connection) => connection.status === "open");
+    isStreamLocked(stream) {
+        return !!stream.metadata[STREAM_LOCK_KEY];
     }
 }
 
@@ -20858,66 +20390,20 @@ class StreamManager {
 class BaseProtocol {
     multicodec;
     components;
-    log;
     pubsubTopics;
     addLibp2pEventListener;
     removeLibp2pEventListener;
     streamManager;
-    constructor(multicodec, components, log, pubsubTopics) {
+    constructor(multicodec, components, pubsubTopics) {
         this.multicodec = multicodec;
         this.components = components;
-        this.log = log;
         this.pubsubTopics = pubsubTopics;
         this.addLibp2pEventListener = components.events.addEventListener.bind(components.events);
         this.removeLibp2pEventListener = components.events.removeEventListener.bind(components.events);
         this.streamManager = new StreamManager(multicodec, components.connectionManager.getConnections.bind(components.connectionManager), this.addLibp2pEventListener);
     }
-    async getStream(peer) {
-        return this.streamManager.getStream(peer);
-    }
-    //TODO: move to SDK
-    /**
-     * Returns known peers from the address book (`libp2p.peerStore`) that support
-     * the class protocol. Waku may or may not be currently connected to these
-     * peers.
-     */
-    async allPeers() {
-        return getPeersForProtocol(this.components.peerStore, [this.multicodec]);
-    }
-    async connectedPeers(withOpenStreams = false) {
-        const peers = await this.allPeers();
-        return peers.filter((peer) => {
-            const connections = this.components.connectionManager.getConnections(peer.id);
-            if (withOpenStreams) {
-                return connections.some((c) => c.streams.some((s) => s.protocol === this.multicodec));
-            }
-            return connections.length > 0;
-        });
-    }
-    /**
-     * Retrieves a list of connected peers that support the protocol. The list is sorted by latency.
-     *
-     * @param numPeers - The total number of peers to retrieve. If 0, all peers are returned.
-     * @param maxBootstrapPeers - The maximum number of bootstrap peers to retrieve.
-     * @returns A list of peers that support the protocol sorted by latency. By default, returns all peers available, including bootstrap.
-     */
-    async getPeers({ numPeers, maxBootstrapPeers } = {
-        maxBootstrapPeers: 0,
-        numPeers: 0
-    }) {
-        // Retrieve all connected peers that support the protocol & shard (if configured)
-        const allAvailableConnectedPeers = await this.connectedPeers();
-        // Filter the peers based on discovery & number of peers requested
-        const filteredPeers = filterPeersByDiscovery(allAvailableConnectedPeers, numPeers, maxBootstrapPeers);
-        // Sort the peers by latency
-        const sortedFilteredPeers = await sortPeersByLatency(this.components.peerStore, filteredPeers);
-        if (sortedFilteredPeers.length === 0) {
-            this.log.warn("No peers found. Ensure you have a connection to the network.");
-        }
-        if (sortedFilteredPeers.length < numPeers) {
-            this.log.warn(`Only ${sortedFilteredPeers.length} peers found. Requested ${numPeers}.`);
-        }
-        return sortedFilteredPeers;
+    async getStream(peerId) {
+        return this.streamManager.getStream(peerId);
     }
 }
 
@@ -24544,6 +24030,105 @@ var WakuMetadataResponse;
     };
 })(WakuMetadataResponse || (WakuMetadataResponse = {}));
 
+/* eslint-disable import/export */
+/* eslint-disable complexity */
+/* eslint-disable @typescript-eslint/no-namespace */
+/* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
+/* eslint-disable @typescript-eslint/no-empty-interface */
+var SdsMessage;
+(function (SdsMessage) {
+    let _codec;
+    SdsMessage.codec = () => {
+        if (_codec == null) {
+            _codec = message((obj, w, opts = {}) => {
+                if (opts.lengthDelimited !== false) {
+                    w.fork();
+                }
+                if ((obj.messageId != null && obj.messageId !== '')) {
+                    w.uint32(18);
+                    w.string(obj.messageId);
+                }
+                if ((obj.channelId != null && obj.channelId !== '')) {
+                    w.uint32(26);
+                    w.string(obj.channelId);
+                }
+                if (obj.lamportTimestamp != null) {
+                    w.uint32(80);
+                    w.int32(obj.lamportTimestamp);
+                }
+                if (obj.causalHistory != null) {
+                    for (const value of obj.causalHistory) {
+                        w.uint32(90);
+                        w.string(value);
+                    }
+                }
+                if (obj.bloomFilter != null) {
+                    w.uint32(98);
+                    w.bytes(obj.bloomFilter);
+                }
+                if (obj.content != null) {
+                    w.uint32(162);
+                    w.bytes(obj.content);
+                }
+                if (opts.lengthDelimited !== false) {
+                    w.ldelim();
+                }
+            }, (reader, length, opts = {}) => {
+                const obj = {
+                    messageId: '',
+                    channelId: '',
+                    causalHistory: []
+                };
+                const end = length == null ? reader.len : reader.pos + length;
+                while (reader.pos < end) {
+                    const tag = reader.uint32();
+                    switch (tag >>> 3) {
+                        case 2: {
+                            obj.messageId = reader.string();
+                            break;
+                        }
+                        case 3: {
+                            obj.channelId = reader.string();
+                            break;
+                        }
+                        case 10: {
+                            obj.lamportTimestamp = reader.int32();
+                            break;
+                        }
+                        case 11: {
+                            if (opts.limits?.causalHistory != null && obj.causalHistory.length === opts.limits.causalHistory) {
+                                throw new MaxLengthError('Decode error - map field "causalHistory" had too many elements');
+                            }
+                            obj.causalHistory.push(reader.string());
+                            break;
+                        }
+                        case 12: {
+                            obj.bloomFilter = reader.bytes();
+                            break;
+                        }
+                        case 20: {
+                            obj.content = reader.bytes();
+                            break;
+                        }
+                        default: {
+                            reader.skipType(tag & 7);
+                            break;
+                        }
+                    }
+                }
+                return obj;
+            });
+        }
+        return _codec;
+    };
+    SdsMessage.encode = (obj) => {
+        return encodeMessage(obj, SdsMessage.codec());
+    };
+    SdsMessage.decode = (buf, opts) => {
+        return decodeMessage(buf, SdsMessage.codec(), opts);
+    };
+})(SdsMessage || (SdsMessage = {}));
+
 /**
  * PeerExchangeRPC represents a message conforming to the Waku Peer Exchange protocol
  */
@@ -24594,7 +24179,7 @@ class WakuPeerExchange extends BaseProtocol {
      * @param components - libp2p components
      */
     constructor(components, pubsubTopics) {
-        super(PeerExchangeCodec, components, log$2, pubsubTopics);
+        super(PeerExchangeCodec, components, pubsubTopics);
     }
     /**
      * Make a peer exchange query to a peer
@@ -24613,7 +24198,7 @@ class WakuPeerExchange extends BaseProtocol {
         }
         let stream;
         try {
-            stream = await this.getStream(peer);
+            stream = await this.getStream(peerId);
         }
         catch (err) {
             log$2.error("Failed to get stream", err);
@@ -24828,7 +24413,7 @@ class PeerExchangeDiscovery extends TypedEventEmitter {
         const existingShardInfoBytes = peer.metadata.get("shardInfo");
         if (existingShardInfoBytes) {
             const existingShardInfo = decodeRelayShard(existingShardInfoBytes);
-            if (existingShardInfo || shardInfo) {
+            {
                 hasShardDiff =
                     existingShardInfo.clusterId !== shardInfo?.clusterId ||
                         existingShardInfo.shards.some((shard) => !shardInfo?.shards.includes(shard));
@@ -24844,50 +24429,210 @@ function wakuPeerExchangeDiscovery(pubsubTopics) {
 /**
  * @packageDocumentation
  *
- * Generate, import, and export PeerIDs.
- *
- * A Peer ID is the SHA-256 [multihash](https://github.com/multiformats/multihash) of a public key.
- *
- * The public key is a base64 encoded string of a protobuf containing an RSA DER buffer. This uses a node buffer to pass the base64 encoded public key protobuf to the multihash for ID generation.
+ * An implementation of a peer id
  *
  * @example
  *
  * ```TypeScript
- * import { createEd25519PeerId } from '@libp2p/peer-id-factory'
- *
- * const peerId = await createEd25519PeerId()
- * console.log(peerId.toString())
- * ```
+ * import { peerIdFromString } from '@libp2p/peer-id'
+ * const peer = peerIdFromString('k51qzi5uqu5dkwkqm42v9j9kqcam2jiuvloi16g72i4i4amoo2m8u3ol3mqu6s')
  *
- * ```bash
- * 12D3KooWRm8J3iL796zPFi2EtGGtUJn58AG67gcqzMFHZnnsTzqD
+ * console.log(peer.toCID()) // CID(bafzaa...)
+ * console.log(peer.toString()) // "12D3K..."
  * ```
  */
-async function createFromPubKey(publicKey) {
-    return peerIdFromKeys(marshalPublicKey(publicKey));
+const inspect = Symbol.for('nodejs.util.inspect.custom');
+// these values are from https://github.com/multiformats/multicodec/blob/master/table.csv
+const LIBP2P_KEY_CODE = 0x72;
+class PeerIdImpl {
+    type;
+    multihash;
+    publicKey;
+    string;
+    constructor(init) {
+        this.type = init.type;
+        this.multihash = init.multihash;
+        // mark string cache as non-enumerable
+        Object.defineProperty(this, 'string', {
+            enumerable: false,
+            writable: true
+        });
+    }
+    get [Symbol.toStringTag]() {
+        return `PeerId(${this.toString()})`;
+    }
+    [peerIdSymbol] = true;
+    toString() {
+        if (this.string == null) {
+            this.string = base58btc.encode(this.multihash.bytes).slice(1);
+        }
+        return this.string;
+    }
+    toMultihash() {
+        return this.multihash;
+    }
+    // return self-describing String representation
+    // in default format from RFC 0001: https://github.com/libp2p/specs/pull/209
+    toCID() {
+        return CID.createV1(LIBP2P_KEY_CODE, this.multihash);
+    }
+    toJSON() {
+        return this.toString();
+    }
+    /**
+     * Checks the equality of `this` peer against a given PeerId
+     */
+    equals(id) {
+        if (id == null) {
+            return false;
+        }
+        if (id instanceof Uint8Array) {
+            return equals(this.multihash.bytes, id);
+        }
+        else if (typeof id === 'string') {
+            return this.toString() === id;
+        }
+        else if (id?.toMultihash()?.bytes != null) {
+            return equals(this.multihash.bytes, id.toMultihash().bytes);
+        }
+        else {
+            throw new Error('not valid Id');
+        }
+    }
+    /**
+     * Returns PeerId as a human-readable string
+     * https://nodejs.org/api/util.html#utilinspectcustom
+     *
+     * @example
+     * ```TypeScript
+     * import { peerIdFromString } from '@libp2p/peer-id'
+     *
+     * console.info(peerIdFromString('QmFoo'))
+     * // 'PeerId(QmFoo)'
+     * ```
+     */
+    [inspect]() {
+        return `PeerId(${this.toString()})`;
+    }
+}
+class RSAPeerId extends PeerIdImpl {
+    type = 'RSA';
+    publicKey;
+    constructor(init) {
+        super({ ...init, type: 'RSA' });
+        this.publicKey = init.publicKey;
+    }
+}
+class Ed25519PeerId extends PeerIdImpl {
+    type = 'Ed25519';
+    publicKey;
+    constructor(init) {
+        super({ ...init, type: 'Ed25519' });
+        this.publicKey = init.publicKey;
+    }
 }
-async function createFromPrivKey(privateKey) {
-    return peerIdFromKeys(marshalPublicKey(privateKey.public), marshalPrivateKey(privateKey));
+class Secp256k1PeerId extends PeerIdImpl {
+    type = 'secp256k1';
+    publicKey;
+    constructor(init) {
+        super({ ...init, type: 'secp256k1' });
+        this.publicKey = init.publicKey;
+    }
 }
-async function createFromJSON(obj) {
-    return createFromParts(fromString(obj.id, 'base58btc'), obj.privKey != null ? fromString(obj.privKey, 'base64pad') : undefined, obj.pubKey != null ? fromString(obj.pubKey, 'base64pad') : undefined);
+// these values are from https://github.com/multiformats/multicodec/blob/master/table.csv
+const TRANSPORT_IPFS_GATEWAY_HTTP_CODE = 0x0920;
+class URLPeerId {
+    type = 'url';
+    multihash;
+    publicKey;
+    url;
+    constructor(url) {
+        this.url = url.toString();
+        this.multihash = identity.digest(fromString(this.url));
+    }
+    [inspect]() {
+        return `PeerId(${this.url})`;
+    }
+    [peerIdSymbol] = true;
+    toString() {
+        return this.toCID().toString();
+    }
+    toMultihash() {
+        return this.multihash;
+    }
+    toCID() {
+        return CID.createV1(TRANSPORT_IPFS_GATEWAY_HTTP_CODE, this.toMultihash());
+    }
+    toJSON() {
+        return this.toString();
+    }
+    equals(other) {
+        if (other == null) {
+            return false;
+        }
+        if (other instanceof Uint8Array) {
+            other = toString$6(other);
+        }
+        return other.toString() === this.toString();
+    }
 }
-async function createFromParts(multihash, privKey, pubKey) {
-    if (privKey != null) {
-        const key = await unmarshalPrivateKey(privKey);
-        return createFromPrivKey(key);
+
+/**
+ * @packageDocumentation
+ *
+ * An implementation of a peer id
+ *
+ * @example
+ *
+ * ```TypeScript
+ * import { peerIdFromString } from '@libp2p/peer-id'
+ * const peer = peerIdFromString('k51qzi5uqu5dkwkqm42v9j9kqcam2jiuvloi16g72i4i4amoo2m8u3ol3mqu6s')
+ *
+ * console.log(peer.toCID()) // CID(bafzaa...)
+ * console.log(peer.toString()) // "12D3K..."
+ * ```
+ */
+function peerIdFromString(str, decoder) {
+    let multihash;
+    if (str.charAt(0) === '1' || str.charAt(0) === 'Q') {
+        // identity hash ed25519/secp256k1 key or sha2-256 hash of
+        // rsa public key - base58btc encoded either way
+        multihash = decode$6(base58btc.decode(`z${str}`));
+    }
+    else {
+        {
+            throw new InvalidParametersError('Please pass a multibase decoder for strings that do not start with "1" or "Q"');
+        }
     }
-    else if (pubKey != null) {
-        const key = unmarshalPublicKey(pubKey);
-        return createFromPubKey(key);
+    return peerIdFromMultihash(multihash);
+}
+function peerIdFromMultihash(multihash) {
+    if (isSha256Multihash(multihash)) {
+        return new RSAPeerId({ multihash });
     }
-    const peerId = peerIdFromBytes(multihash);
-    if (peerId.type !== 'Ed25519' && peerId.type !== 'secp256k1' && peerId.type !== 'RSA') {
-        // should not be possible since `multihash` is derived from keys and these
-        // are the cryptographic peer id types
-        throw new Error('Supplied PeerID is invalid');
+    else if (isIdentityMultihash(multihash)) {
+        try {
+            const publicKey = publicKeyFromMultihash(multihash);
+            if (publicKey.type === 'Ed25519') {
+                return new Ed25519PeerId({ multihash, publicKey });
+            }
+            else if (publicKey.type === 'secp256k1') {
+                return new Secp256k1PeerId({ multihash, publicKey });
+            }
+        }
+        catch (err) {
+            // was not Ed or secp key, try URL
+            const url = toString$6(multihash.digest);
+            return new URLPeerId(new URL(url));
+        }
     }
-    return peerId;
+    throw new InvalidMultihashError('Supplied PeerID Multihash is invalid');
+}
+function isIdentityMultihash(multihash) {
+    return multihash.code === identity.code;
+}
+function isSha256Multihash(multihash) {
+    return multihash.code === sha256.code;
 }
 
 const log = new Logger$1("peer-exchange-discovery");
@@ -24915,7 +24660,7 @@ class LocalPeerCacheDiscovery extends TypedEventEmitter {
         log.info("Starting Local Storage Discovery");
         this.components.events.addEventListener("peer:identify", this.handleNewPeers);
         for (const { id: idStr, address } of this.peers) {
-            const peerId = await createFromJSON({ id: idStr });
+            const peerId = peerIdFromString(idStr);
             if (await this.components.peerStore.has(peerId))
                 continue;
             await this.components.peerStore.save(peerId, {