@waku/discovery 0.0.7-c41b319.0 → 0.0.7-c43cec2.0

package/bundle/index.js

@@ -259,10 +259,6 @@ var EConnectionStateEvents;
 
 const DNS_DISCOVERY_TAG = "@waku/bootstrap";
 
-var HealthStatusChangeEvents;
-(function (HealthStatusChangeEvents) {
-    HealthStatusChangeEvents["StatusChange"] = "health:change";
-})(HealthStatusChangeEvents || (HealthStatusChangeEvents = {}));
 var HealthStatus;
 (function (HealthStatus) {
     HealthStatus["Unhealthy"] = "Unhealthy";
@@ -274,55 +270,43 @@ function isDefined(value) {
     return Boolean(value);
 }
 
-/**
- * Internal assertion helpers.
- * @module
- */
-/** Asserts something is positive integer. */
-function anumber(n) {
+function number(n) {
     if (!Number.isSafeInteger(n) || n < 0)
-        throw new Error('positive integer expected, got ' + n);
+        throw new Error(`positive integer expected, not ${n}`);
 }
-/** Is number an Uint8Array? Copied from utils for perf. */
+// copied from utils
 function isBytes$2(a) {
-    return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
+    return (a instanceof Uint8Array ||
+        (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
 }
-/** Asserts something is Uint8Array. */
-function abytes$1(b, ...lengths) {
+function bytes(b, ...lengths) {
     if (!isBytes$2(b))
         throw new Error('Uint8Array expected');
     if (lengths.length > 0 && !lengths.includes(b.length))
-        throw new Error('Uint8Array expected of length ' + lengths + ', got length=' + b.length);
+        throw new Error(`Uint8Array expected of length ${lengths}, not of length=${b.length}`);
 }
-/** Asserts something is hash */
-function ahash(h) {
+function hash(h) {
     if (typeof h !== 'function' || typeof h.create !== 'function')
         throw new Error('Hash should be wrapped by utils.wrapConstructor');
-    anumber(h.outputLen);
-    anumber(h.blockLen);
+    number(h.outputLen);
+    number(h.blockLen);
 }
-/** Asserts a hash instance has not been destroyed / finished */
-function aexists(instance, checkFinished = true) {
+function exists(instance, checkFinished = true) {
     if (instance.destroyed)
         throw new Error('Hash instance has been destroyed');
     if (checkFinished && instance.finished)
         throw new Error('Hash#digest() has already been called');
 }
-/** Asserts output is properly-sized byte array */
-function aoutput(out, instance) {
-    abytes$1(out);
+function output(out, instance) {
+    bytes(out);
     const min = instance.outputLen;
     if (out.length < min) {
-        throw new Error('digestInto() expects output buffer of length at least ' + min);
+        throw new Error(`digestInto() expects output buffer of length at least ${min}`);
     }
 }
 
 const crypto$2 = typeof globalThis === 'object' && 'crypto' in globalThis ? globalThis.crypto : undefined;
 
-/**
- * Utilities for hex, bytes, CSPRNG.
- * @module
- */
 /*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 // We use WebCrypto aka globalThis.crypto, which exists in browsers and node.js 16+.
 // node.js versions earlier than v19 don't declare it in global scope.
@@ -331,20 +315,16 @@ const crypto$2 = typeof globalThis === 'object' && 'crypto' in globalThis ? glob
 // Makes the utils un-importable in browsers without a bundler.
 // Once node.js 18 is deprecated (2025-04-30), we can just drop the import.
 // Cast array to view
-function createView(arr) {
-    return new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
-}
-/** The rotate right (circular right shift) operation for uint32 */
-function rotr(word, shift) {
-    return (word << (32 - shift)) | (word >>> shift);
-}
+const createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+// The rotate right (circular right shift) operation for uint32
+const rotr = (word, shift) => (word << (32 - shift)) | (word >>> shift);
+new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44;
 /**
- * Convert JS string to byte array.
  * @example utf8ToBytes('abc') // new Uint8Array([97, 98, 99])
  */
 function utf8ToBytes$2(str) {
     if (typeof str !== 'string')
-        throw new Error('utf8ToBytes expected string, got ' + typeof str);
+        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
     return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
 }
 /**
@@ -355,7 +335,7 @@ function utf8ToBytes$2(str) {
 function toBytes$1(data) {
     if (typeof data === 'string')
         data = utf8ToBytes$2(data);
-    abytes$1(data);
+    bytes(data);
     return data;
 }
 /**
@@ -365,7 +345,7 @@ function concatBytes$2(...arrays) {
     let sum = 0;
     for (let i = 0; i < arrays.length; i++) {
         const a = arrays[i];
-        abytes$1(a);
+        bytes(a);
         sum += a.length;
     }
     const res = new Uint8Array(sum);
@@ -376,14 +356,13 @@ function concatBytes$2(...arrays) {
     }
     return res;
 }
-/** For runtime check if class implements interface */
+// For runtime check if class implements interface
 class Hash {
     // Safe version that clones internal state
     clone() {
         return this._cloneInto();
     }
 }
-/** Wraps hash function, creating an interface on top of it */
 function wrapConstructor(hashCons) {
     const hashC = (msg) => hashCons().update(toBytes$1(msg)).digest();
     const tmp = hashCons();
@@ -392,7 +371,9 @@ function wrapConstructor(hashCons) {
     hashC.create = () => hashCons();
     return hashC;
 }
-/** Cryptographically secure PRNG. Uses internal OS-level `crypto.getRandomValues`. */
+/**
+ * Secure PRNG. Uses `crypto.getRandomValues`, which defers to OS.
+ */
 function randomBytes(bytesLength = 32) {
     if (crypto$2 && typeof crypto$2.getRandomValues === 'function') {
         return crypto$2.getRandomValues(new Uint8Array(bytesLength));
@@ -405,10 +386,8 @@ function randomBytes(bytesLength = 32) {
 }
 
 /**
- * Internal Merkle-Damgard hash utils.
- * @module
+ * Polyfill for Safari 14
  */
-/** Polyfill for Safari 14. https://caniuse.com/mdn-javascript_builtins_dataview_setbiguint64 */
 function setBigUint64(view, byteOffset, value, isLE) {
     if (typeof view.setBigUint64 === 'function')
         return view.setBigUint64(byteOffset, value, isLE);
@@ -421,14 +400,14 @@ function setBigUint64(view, byteOffset, value, isLE) {
     view.setUint32(byteOffset + h, wh, isLE);
     view.setUint32(byteOffset + l, wl, isLE);
 }
-/** Choice: a ? b : c */
-function Chi(a, b, c) {
-    return (a & b) ^ (~a & c);
-}
-/** Majority function, true if any two inputs is true. */
-function Maj(a, b, c) {
-    return (a & b) ^ (a & c) ^ (b & c);
-}
+/**
+ * Choice: a ? b : c
+ */
+const Chi = (a, b, c) => (a & b) ^ (~a & c);
+/**
+ * Majority function, true if any two inputs is true
+ */
+const Maj = (a, b, c) => (a & b) ^ (a & c) ^ (b & c);
 /**
  * Merkle-Damgard hash construction base class.
  * Could be used to create MD5, RIPEMD, SHA1, SHA2.
@@ -448,7 +427,7 @@ class HashMD extends Hash {
         this.view = createView(this.buffer);
     }
     update(data) {
-        aexists(this);
+        exists(this);
         const { view, buffer, blockLen } = this;
         data = toBytes$1(data);
         const len = data.length;
@@ -474,8 +453,8 @@ class HashMD extends Hash {
         return this;
     }
     digestInto(out) {
-        aexists(this);
-        aoutput(out, this);
+        exists(this);
+        output(out, this);
         this.finished = true;
         // Padding
         // We can avoid allocation of buffer for padding completely if it
@@ -532,16 +511,10 @@ class HashMD extends Hash {
     }
 }
 
-/**
- * SHA2-256 a.k.a. sha256. In JS, it is the fastest hash, even faster than Blake3.
- *
- * To break sha256 using birthday attack, attackers need to try 2^128 hashes.
- * BTC network is doing 2^70 hashes/sec (2^95 hashes/year) as per 2025.
- *
- * Check out [FIPS 180-4](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf).
- * @module
- */
-/** Round constants: first 32 bits of fractional parts of the cube roots of the first 64 primes 2..311). */
+// SHA2-256 need to try 2^128 hashes to execute birthday attack.
+// BTC network is doing 2^67 hashes/sec as per early 2023.
+// Round constants:
+// first 32 bits of the fractional parts of the cube roots of the first 64 primes 2..311)
 // prettier-ignore
 const SHA256_K = /* @__PURE__ */ new Uint32Array([
     0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5,
@@ -553,15 +526,14 @@ const SHA256_K = /* @__PURE__ */ new Uint32Array([
     0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3,
     0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2
 ]);
-/** Initial state: first 32 bits of fractional parts of the square roots of the first 8 primes 2..19. */
+// Initial state:
+// first 32 bits of the fractional parts of the square roots of the first 8 primes 2..19
 // prettier-ignore
 const SHA256_IV = /* @__PURE__ */ new Uint32Array([
     0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19
 ]);
-/**
- * Temporary buffer, not used to store anything between runs.
- * Named this way because it matches specification.
- */
+// Temporary buffer, not used to store anything between runs
+// Named this way because it matches specification.
 const SHA256_W = /* @__PURE__ */ new Uint32Array(64);
 class SHA256 extends HashMD {
     constructor() {
@@ -638,7 +610,10 @@ class SHA256 extends HashMD {
         this.buffer.fill(0);
     }
 }
-/** SHA2-256 hash function */
+/**
+ * SHA2-256 hash function
+ * @param message - data that would be hashed
+ */
 const sha256$1 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
 
 function equals$2(aa, bb) {
@@ -1290,7 +1265,7 @@ new TextDecoder();
 
 /* eslint-disable */
 var encode_1 = encode$7;
-var MSB$1 = 0x80, MSBALL = -128, INT = Math.pow(2, 31);
+var MSB$1 = 0x80, REST$1 = 0x7F, MSBALL = ~REST$1, INT = Math.pow(2, 31);
 /**
  * @param {number} num
  * @param {number[]} out
@@ -1314,7 +1289,7 @@ function encode$7(num, out, offset) {
     return out;
 }
 var decode$8 = read$1;
-var MSB$1$1 = 0x80, REST$1 = 0x7F;
+var MSB$1$1 = 0x80, REST$1$1 = 0x7F;
 /**
  * @param {string | any[]} buf
  * @param {number} offset
@@ -1329,8 +1304,8 @@ function read$1(buf, offset) {
         }
         b = buf[counter++];
         res += shift < 28
-            ? (b & REST$1) << shift
-            : (b & REST$1) * Math.pow(2, shift);
+            ? (b & REST$1$1) << shift
+            : (b & REST$1$1) * Math.pow(2, shift);
         shift += 7;
     } while (b >= MSB$1$1);
     // @ts-ignore
@@ -2375,62 +2350,24 @@ function setup(env) {
 		createDebug.names = [];
 		createDebug.skips = [];
 
-		const split = (typeof namespaces === 'string' ? namespaces : '')
-			.trim()
-			.replace(' ', ',')
-			.split(',')
-			.filter(Boolean);
+		let i;
+		const split = (typeof namespaces === 'string' ? namespaces : '').split(/[\s,]+/);
+		const len = split.length;
 
-		for (const ns of split) {
-			if (ns[0] === '-') {
-				createDebug.skips.push(ns.slice(1));
-			} else {
-				createDebug.names.push(ns);
+		for (i = 0; i < len; i++) {
+			if (!split[i]) {
+				// ignore empty strings
+				continue;
 			}
-		}
-	}
 
-	/**
-	 * Checks if the given string matches a namespace template, honoring
-	 * asterisks as wildcards.
-	 *
-	 * @param {String} search
-	 * @param {String} template
-	 * @return {Boolean}
-	 */
-	function matchesTemplate(search, template) {
-		let searchIndex = 0;
-		let templateIndex = 0;
-		let starIndex = -1;
-		let matchIndex = 0;
-
-		while (searchIndex < search.length) {
-			if (templateIndex < template.length && (template[templateIndex] === search[searchIndex] || template[templateIndex] === '*')) {
-				// Match character or proceed with wildcard
-				if (template[templateIndex] === '*') {
-					starIndex = templateIndex;
-					matchIndex = searchIndex;
-					templateIndex++; // Skip the '*'
-				} else {
-					searchIndex++;
-					templateIndex++;
-				}
-			} else if (starIndex !== -1) { // eslint-disable-line no-negated-condition
-				// Backtrack to the last '*' and try to match more characters
-				templateIndex = starIndex + 1;
-				matchIndex++;
-				searchIndex = matchIndex;
+			namespaces = split[i].replace(/\*/g, '.*?');
+
+			if (namespaces[0] === '-') {
+				createDebug.skips.push(new RegExp('^' + namespaces.slice(1) + '$'));
 			} else {
-				return false; // No match
+				createDebug.names.push(new RegExp('^' + namespaces + '$'));
 			}
 		}
-
-		// Handle trailing '*' in template
-		while (templateIndex < template.length && template[templateIndex] === '*') {
-			templateIndex++;
-		}
-
-		return templateIndex === template.length;
 	}
 
 	/**
@@ -2441,8 +2378,8 @@ function setup(env) {
 	*/
 	function disable() {
 		const namespaces = [
-			...createDebug.names,
-			...createDebug.skips.map(namespace => '-' + namespace)
+			...createDebug.names.map(toNamespace),
+			...createDebug.skips.map(toNamespace).map(namespace => '-' + namespace)
 		].join(',');
 		createDebug.enable('');
 		return namespaces;
@@ -2456,14 +2393,21 @@ function setup(env) {
 	* @api public
 	*/
 	function enabled(name) {
-		for (const skip of createDebug.skips) {
-			if (matchesTemplate(name, skip)) {
+		if (name[name.length - 1] === '*') {
+			return true;
+		}
+
+		let i;
+		let len;
+
+		for (i = 0, len = createDebug.skips.length; i < len; i++) {
+			if (createDebug.skips[i].test(name)) {
 				return false;
 			}
 		}
 
-		for (const ns of createDebug.names) {
-			if (matchesTemplate(name, ns)) {
+		for (i = 0, len = createDebug.names.length; i < len; i++) {
+			if (createDebug.names[i].test(name)) {
 				return true;
 			}
 		}
@@ -2471,6 +2415,19 @@ function setup(env) {
 		return false;
 	}
 
+	/**
+	* Convert regexp to namespace
+	*
+	* @param {RegExp} regxep
+	* @return {String} namespace
+	* @api private
+	*/
+	function toNamespace(regexp) {
+		return regexp.toString()
+			.substring(2, regexp.toString().length - 2)
+			.replace(/\.\*\?$/, '*');
+	}
+
 	/**
 	* Coerce `val`.
 	*
@@ -2632,7 +2589,6 @@ var common = setup;
 
 		// Is webkit? http://stackoverflow.com/a/16459606/376773
 		// document is undefined in react-native: https://github.com/facebook/react-native/pull/1632
-		// eslint-disable-next-line no-return-assign
 		return (typeof document !== 'undefined' && document.documentElement && document.documentElement.style && document.documentElement.style.WebkitAppearance) ||
 			// Is firebug? http://stackoverflow.com/a/398120/376773
 			(typeof window !== 'undefined' && window.console && (window.console.firebug || (window.console.exception && window.console.table))) ||
@@ -3073,10 +3029,10 @@ class JacobianPoint {
             const cond1 = window % 2 !== 0;
             const cond2 = wbits < 0;
             if (wbits === 0) {
-                f = f.add(constTimeNegate$1(cond1, precomputes[offset1]));
+                f = f.add(constTimeNegate(cond1, precomputes[offset1]));
             }
             else {
-                p = p.add(constTimeNegate$1(cond2, precomputes[offset2]));
+                p = p.add(constTimeNegate(cond2, precomputes[offset2]));
             }
         }
         return { p, f };
@@ -3089,8 +3045,8 @@ class JacobianPoint {
             const { k1neg, k1, k2neg, k2 } = endo.splitScalar(n);
             let { p: k1p, f: f1p } = this.wNAF(k1, affinePoint);
             let { p: k2p, f: f2p } = this.wNAF(k2, affinePoint);
-            k1p = constTimeNegate$1(k1neg, k1p);
-            k2p = constTimeNegate$1(k2neg, k2p);
+            k1p = constTimeNegate(k1neg, k1p);
+            k2p = constTimeNegate(k2neg, k2p);
             k2p = new JacobianPoint(mod$1(k2p.x * endo.beta), k2p.y, k2p.z);
             point = k1p.add(k2p);
             fake = f1p.add(f2p);
@@ -3122,7 +3078,7 @@ class JacobianPoint {
 }
 JacobianPoint.BASE = new JacobianPoint(CURVE.Gx, CURVE.Gy, _1n$7);
 JacobianPoint.ZERO = new JacobianPoint(_0n$5, _1n$7, _0n$5);
-function constTimeNegate$1(condition, item) {
+function constTimeNegate(condition, item) {
     const neg = item.negate();
     return condition ? neg : item;
 }
@@ -5042,7 +4998,7 @@ function parseIPv6(input) {
     return parser.new(input).parseWith(() => parser.readIPv6Addr());
 }
 /** Parse `input` into IPv4 or IPv6 bytes. */
-function parseIP(input, mapIPv4ToIPv6 = false) {
+function parseIP(input) {
     // strip zone index if it is present
     if (input.includes("%")) {
         input = input.split("%")[0];
@@ -5050,14 +5006,7 @@ function parseIP(input, mapIPv4ToIPv6 = false) {
     if (input.length > MAX_IPV6_LENGTH) {
         return undefined;
     }
-    const addr = parser.new(input).parseWith(() => parser.readIPAddr());
-    if (!addr) {
-        return undefined;
-    }
-    if (mapIPv4ToIPv6 && addr.length === 4) {
-        return Uint8Array.from([0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0xff, 0xff, addr[0], addr[1], addr[2], addr[3]]);
-    }
-    return addr;
+    return parser.new(input).parseWith(() => parser.readIPAddr());
 }
 
 /** Check if `input` is IPv4. */
@@ -5245,13 +5194,17 @@ function getProtocol(proto) {
     throw new Error(`invalid protocol id type: ${typeof proto}`);
 }
 
+/**
+ * @packageDocumentation
+ *
+ * Provides methods for converting
+ */
 getProtocol('ip4');
 getProtocol('ip6');
 getProtocol('ipcidr');
 /**
  * Convert [code,Uint8Array] to string
  */
-// eslint-disable-next-line complexity
 function convertToString(proto, buf) {
     const protocol = getProtocol(proto);
     switch (protocol.code) {
@@ -5260,8 +5213,6 @@ function convertToString(proto, buf) {
             return bytes2ip(buf);
         case 42: // ipv6zone
             return bytes2str(buf);
-        case 43: // ipcidr
-            return toString$6(buf, 'base10');
         case 6: // tcp
         case 273: // udp
         case 33: // dccp
@@ -5289,7 +5240,6 @@ function convertToString(proto, buf) {
             return toString$6(buf, 'base16'); // no clue. convert to hex
     }
 }
-// eslint-disable-next-line complexity
 function convertToBytes(proto, str) {
     const protocol = getProtocol(proto);
     switch (protocol.code) {
@@ -5299,8 +5249,6 @@ function convertToBytes(proto, str) {
             return ip2bytes(str);
         case 42: // ipv6zone
             return str2bytes(str);
-        case 43: // ipcidr
-            return fromString(str, 'base10');
         case 6: // tcp
         case 273: // udp
         case 33: // dccp
@@ -5595,6 +5543,19 @@ function ParseError(str) {
     return new Error('Error parsing address: ' + str);
 }
 
+/**
+ * @packageDocumentation
+ *
+ * An implementation of a Multiaddr in JavaScript
+ *
+ * @example
+ *
+ * ```js
+ * import { multiaddr } from '@multiformats/multiaddr'
+ *
+ * const ma = multiaddr('/ip4/127.0.0.1/tcp/1234')
+ * ```
+ */
 const inspect$2 = Symbol.for('nodejs.util.inspect.custom');
 const symbol$1 = Symbol.for('@multiformats/js-multiaddr/multiaddr');
 const DNS_CODES = [
@@ -5706,20 +5667,10 @@ class Multiaddr {
         return this.#tuples.map(([code]) => getProtocol(code).name);
     }
     tuples() {
-        return this.#tuples.map(([code, value]) => {
-            if (value == null) {
-                return [code];
-            }
-            return [code, value];
-        });
+        return this.#tuples;
     }
     stringTuples() {
-        return this.#stringTuples.map(([code, value]) => {
-            if (value == null) {
-                return [code];
-            }
-            return [code, value];
-        });
+        return this.#stringTuples;
     }
     encapsulate(addr) {
         addr = new Multiaddr(addr);
@@ -5849,8 +5800,10 @@ class Multiaddr {
  *
  * ```TypeScript
  * import { multiaddr } from '@multiformats/multiaddr'
+ * const addr =  multiaddr("/ip4/127.0.0.1/udp/1234")
+ * // Multiaddr(/ip4/127.0.0.1/udp/1234)
  *
- * const addr = multiaddr('/ip4/127.0.0.1/udp/1234')
+ * const addr = multiaddr("/ip4/127.0.0.1/udp/1234")
  * // Multiaddr(/ip4/127.0.0.1/udp/1234)
  *
  * addr.bytes
@@ -5889,9 +5842,9 @@ class Multiaddr {
  *
  * ```TypeScript
  * import { multiaddr, resolvers } from '@multiformats/multiaddr'
- * import { dnsaddrResolver } from '@multiformats/multiaddr/resolvers'
+ * import { dnsaddr } from '@multiformats/multiaddr/resolvers'
  *
- * resolvers.set('dnsaddr', dnsaddrResolver)
+ * resolvers.set('dnsaddr', dnsaddr)
  *
  * const ma = multiaddr('/dnsaddr/bootstrap.libp2p.io')
  *
@@ -5900,7 +5853,7 @@ class Multiaddr {
  *   signal: AbortSignal.timeout(5000)
  * })
  *
- * console.info(resolved)
+ * console.info(await ma.resolve(resolved)
  * // [Multiaddr('/ip4/147.75...'), Multiaddr('/ip4/147.75...'), Multiaddr('/ip4/147.75...')...]
  * ```
  *
@@ -5914,9 +5867,7 @@ class Multiaddr {
  * import { dnsJsonOverHttps } from '@multiformats/dns/resolvers'
  *
  * const resolver = dns({
- *   resolvers: {
- *     '.': dnsJsonOverHttps('https://cloudflare-dns.com/dns-query')
- *   }
+ *   '.': dnsJsonOverHttps('https://cloudflare-dns.com/dns-query')
  * })
  *
  * const ma = multiaddr('/dnsaddr/bootstrap.libp2p.io')
@@ -6002,13 +5953,9 @@ function locationMultiaddrFromEnrFields(enr, protocol) {
     return multiaddrFromFields(isIpv6 ? "ip6" : "ip4", protoName, ipVal, protoVal);
 }
 
-/**
- * Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.
- * @todo re-check https://issues.chromium.org/issues/42212588
- * @module
- */
 const U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);
 const _32n = /* @__PURE__ */ BigInt(32);
+// We are not using BigUint64Array, because they are extremely slow as per 2022
 function fromBig(n, le = false) {
     if (le)
         return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
@@ -6065,13 +6012,6 @@ const u64 = {
     add, add3L, add3H, add4L, add4H, add5H, add5L,
 };
 
-/**
- * SHA2-512 a.k.a. sha512 and sha384. It is slower than sha256 in js because u64 operations are slow.
- *
- * Check out [RFC 4634](https://datatracker.ietf.org/doc/html/rfc4634) and
- * [the paper on truncated SHA512/256](https://eprint.iacr.org/2010/548.pdf).
- * @module
- */
 // Round contants (first 32 bits of the fractional parts of the cube roots of the first 80 primes 2..409):
 // prettier-ignore
 const [SHA512_Kh, SHA512_Kl] = /* @__PURE__ */ (() => u64.split([
@@ -6226,13 +6166,8 @@ class SHA512 extends HashMD {
         this.set(0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
     }
 }
-/** SHA2-512 hash function. */
 const sha512 = /* @__PURE__ */ wrapConstructor(() => new SHA512());
 
-/**
- * Hex, bytes and number utilities.
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 // 100 lines of code in the file are duplicated from noble-hashes (utils).
 // This is OK: `abstract` directory does not use noble-hashes.
@@ -6242,7 +6177,8 @@ const _0n$4 = /* @__PURE__ */ BigInt(0);
 const _1n$6 = /* @__PURE__ */ BigInt(1);
 const _2n$4 = /* @__PURE__ */ BigInt(2);
 function isBytes$1(a) {
-    return a instanceof Uint8Array || (ArrayBuffer.isView(a) && a.constructor.name === 'Uint8Array');
+    return (a instanceof Uint8Array ||
+        (a != null && typeof a === 'object' && a.constructor.name === 'Uint8Array'));
 }
 function abytes(item) {
     if (!isBytes$1(item))
@@ -6250,7 +6186,7 @@ function abytes(item) {
 }
 function abool(title, value) {
     if (typeof value !== 'boolean')
-        throw new Error(title + ' boolean expected, got ' + value);
+        throw new Error(`${title} must be valid boolean, got "${value}".`);
 }
 // Array where index 0xf0 (240) is mapped to string 'f0'
 const hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, '0'));
@@ -6268,22 +6204,23 @@ function bytesToHex(bytes) {
 }
 function numberToHexUnpadded(num) {
     const hex = num.toString(16);
-    return hex.length & 1 ? '0' + hex : hex;
+    return hex.length & 1 ? `0${hex}` : hex;
 }
 function hexToNumber(hex) {
     if (typeof hex !== 'string')
         throw new Error('hex string expected, got ' + typeof hex);
-    return hex === '' ? _0n$4 : BigInt('0x' + hex); // Big Endian
+    // Big Endian
+    return BigInt(hex === '' ? '0' : `0x${hex}`);
 }
 // We use optimized technique to convert hex string to byte array
-const asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
-function asciiToBase16(ch) {
-    if (ch >= asciis._0 && ch <= asciis._9)
-        return ch - asciis._0; // '2' => 50-48
-    if (ch >= asciis.A && ch <= asciis.F)
-        return ch - (asciis.A - 10); // 'B' => 66-(65-10)
-    if (ch >= asciis.a && ch <= asciis.f)
-        return ch - (asciis.a - 10); // 'b' => 98-(97-10)
+const asciis = { _0: 48, _9: 57, _A: 65, _F: 70, _a: 97, _f: 102 };
+function asciiToBase16(char) {
+    if (char >= asciis._0 && char <= asciis._9)
+        return char - asciis._0;
+    if (char >= asciis._A && char <= asciis._F)
+        return char - (asciis._A - 10);
+    if (char >= asciis._a && char <= asciis._f)
+        return char - (asciis._a - 10);
     return;
 }
 /**
@@ -6295,7 +6232,7 @@ function hexToBytes(hex) {
     const hl = hex.length;
     const al = hl / 2;
     if (hl % 2)
-        throw new Error('hex string expected, got unpadded hex of length ' + hl);
+        throw new Error('padded hex string expected, got unpadded hex of length ' + hl);
     const array = new Uint8Array(al);
     for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
         const n1 = asciiToBase16(hex.charCodeAt(hi));
@@ -6304,7 +6241,7 @@ function hexToBytes(hex) {
             const char = hex[hi] + hex[hi + 1];
             throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
         }
-        array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163
+        array[ai] = n1 * 16 + n2;
     }
     return array;
 }
@@ -6342,7 +6279,7 @@ function ensureBytes(title, hex, expectedLength) {
             res = hexToBytes(hex);
         }
         catch (e) {
-            throw new Error(title + ' must be hex string or Uint8Array, cause: ' + e);
+            throw new Error(`${title} must be valid hex string, got "${hex}". Cause: ${e}`);
         }
     }
     else if (isBytes$1(hex)) {
@@ -6351,11 +6288,11 @@ function ensureBytes(title, hex, expectedLength) {
         res = Uint8Array.from(hex);
     }
     else {
-        throw new Error(title + ' must be hex string or Uint8Array');
+        throw new Error(`${title} must be hex string or Uint8Array`);
     }
     const len = res.length;
     if (typeof expectedLength === 'number' && len !== expectedLength)
-        throw new Error(title + ' of length ' + expectedLength + ' expected, got ' + len);
+        throw new Error(`${title} expected ${expectedLength} bytes, got ${len}`);
     return res;
 }
 /**
@@ -6390,7 +6327,7 @@ function equalBytes(a, b) {
  */
 function utf8ToBytes(str) {
     if (typeof str !== 'string')
-        throw new Error('string expected');
+        throw new Error(`utf8ToBytes expected string, got ${typeof str}`);
     return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809
 }
 // Is positive bigint
@@ -6410,7 +6347,7 @@ function aInRange(title, n, min, max) {
     // - b would commonly require subtraction:  `inRange('x', x, 0n, P - 1n)`
     // - our way is the cleanest:               `inRange('x', x, 0n, P)
     if (!inRange(n, min, max))
-        throw new Error('expected valid ' + title + ': ' + min + ' <= n < ' + max + ', got ' + n);
+        throw new Error(`expected valid ${title}: ${min} <= n < ${max}, got ${typeof n} ${n}`);
 }
 // Bit operations
 /**
@@ -6520,12 +6457,12 @@ function validateObject(object, validators, optValidators = {}) {
     const checkField = (fieldName, type, isOptional) => {
         const checkVal = validatorFns[type];
         if (typeof checkVal !== 'function')
-            throw new Error('invalid validator function');
+            throw new Error(`Invalid validator "${type}", expected function`);
         const val = object[fieldName];
         if (isOptional && val === undefined)
             return;
         if (!checkVal(val, object)) {
-            throw new Error('param ' + String(fieldName) + ' is invalid. Expected ' + type + ', got ' + val);
+            throw new Error(`Invalid param ${String(fieldName)}=${val} (${typeof val}), expected ${type}`);
         }
     };
     for (const [fieldName, type] of Object.entries(validators))
@@ -6594,17 +6531,14 @@ var ut = /*#__PURE__*/Object.freeze({
     validateObject: validateObject
 });
 
-/**
- * Utils for modular division and finite fields.
- * A finite field over 11 is integer number operations `mod 11`.
- * There is no division: it is replaced by modular multiplicative inverse.
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// Utilities for modular arithmetics and finite fields
 // prettier-ignore
-const _0n$3 = BigInt(0), _1n$5 = BigInt(1), _2n$3 = /* @__PURE__ */ BigInt(2), _3n$1 = /* @__PURE__ */ BigInt(3);
+const _0n$3 = BigInt(0), _1n$5 = BigInt(1), _2n$3 = BigInt(2), _3n$1 = BigInt(3);
 // prettier-ignore
-const _4n = /* @__PURE__ */ BigInt(4), _5n$1 = /* @__PURE__ */ BigInt(5), _8n$2 = /* @__PURE__ */ BigInt(8);
+const _4n = BigInt(4), _5n$1 = BigInt(5), _8n$2 = BigInt(8);
+// prettier-ignore
+BigInt(9); BigInt(16);
 // Calculates a modulo b
 function mod(a, b) {
     const result = a % b;
@@ -6613,15 +6547,13 @@ function mod(a, b) {
 /**
  * Efficiently raise num to power and do modular division.
  * Unsafe in some contexts: uses ladder, so can expose bigint bits.
- * @todo use field version && remove
  * @example
  * pow(2n, 6n, 11n) // 64n % 11n == 9n
  */
+// TODO: use field version && remove
 function pow(num, power, modulo) {
-    if (power < _0n$3)
-        throw new Error('invalid exponent, negatives unsupported');
-    if (modulo <= _0n$3)
-        throw new Error('invalid modulus');
+    if (modulo <= _0n$3 || power < _0n$3)
+        throw new Error('Expected power/modulo > 0');
     if (modulo === _1n$5)
         return _0n$3;
     let res = _1n$5;
@@ -6633,7 +6565,7 @@ function pow(num, power, modulo) {
     }
     return res;
 }
-/** Does `x^(2^power)` mod p. `pow2(30, 4)` == `30^(2^4)` */
+// Does x ^ (2 ^ power) mod p. pow2(30, 4) == 30 ^ (2 ^ 4)
 function pow2(x, power, modulo) {
     let res = x;
     while (power-- > _0n$3) {
@@ -6642,15 +6574,12 @@ function pow2(x, power, modulo) {
     }
     return res;
 }
-/**
- * Inverses number over modulo.
- * Implemented using [Euclidean GCD](https://brilliant.org/wiki/extended-euclidean-algorithm/).
- */
+// Inverses number over modulo
 function invert(number, modulo) {
-    if (number === _0n$3)
-        throw new Error('invert: expected non-zero number');
-    if (modulo <= _0n$3)
-        throw new Error('invert: expected positive modulus, got ' + modulo);
+    if (number === _0n$3 || modulo <= _0n$3) {
+        throw new Error(`invert: expected positive integers, got n=${number} mod=${modulo}`);
+    }
+    // Euclidean GCD https://brilliant.org/wiki/extended-euclidean-algorithm/
     // Fermat's little theorem "CT-like" version inv(n) = n^(m-2) mod m is 30x slower.
     let a = mod(number, modulo);
     let b = modulo;
@@ -6690,11 +6619,8 @@ function tonelliShanks(P) {
     for (Q = P - _1n$5, S = 0; Q % _2n$3 === _0n$3; Q /= _2n$3, S++)
         ;
     // Step 2: Select a non-square z such that (z | p) ≡ -1 and set c ≡ zq
-    for (Z = _2n$3; Z < P && pow(Z, legendreC, P) !== P - _1n$5; Z++) {
-        // Crash instead of infinity loop, we cannot reasonable count until P.
-        if (Z > 1000)
-            throw new Error('Cannot find square root: likely non-prime P');
-    }
+    for (Z = _2n$3; Z < P && pow(Z, legendreC, P) !== P - _1n$5; Z++)
+        ;
     // Fast-path
     if (S === 1) {
         const p1div4 = (P + _1n$5) / _4n;
@@ -6736,18 +6662,9 @@ function tonelliShanks(P) {
         return x;
     };
 }
-/**
- * Square root for a finite field. It will try to check if optimizations are applicable and fall back to 4:
- *
- * 1. P ≡ 3 (mod 4)
- * 2. P ≡ 5 (mod 8)
- * 3. P ≡ 9 (mod 16)
- * 4. Tonelli-Shanks algorithm
- *
- * Different algorithms can give different roots, it is up to user to decide which one they want.
- * For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).
- */
 function FpSqrt(P) {
+    // NOTE: different algorithms can give different roots, it is up to user to decide which one they want.
+    // For example there is FpSqrtOdd/FpSqrtEven to choice root based on oddness (used for hash-to-curve).
     // P ≡ 3 (mod 4)
     // √n = n^((P+1)/4)
     if (P % _4n === _3n$1) {
@@ -6811,7 +6728,7 @@ function FpPow(f, num, power) {
     // Should have same speed as pow for bigints
     // TODO: benchmark!
     if (power < _0n$3)
-        throw new Error('invalid exponent, negatives unsupported');
+        throw new Error('Expected power > 0');
     if (power === _0n$3)
         return f.ONE;
     if (power === _1n$5)
@@ -6858,15 +6775,15 @@ function nLength(n, nBitLength) {
     return { nBitLength: _nBitLength, nByteLength };
 }
 /**
- * Initializes a finite field over prime.
+ * Initializes a finite field over prime. **Non-primes are not supported.**
+ * Do not init in loop: slow. Very fragile: always run a benchmark on a change.
  * Major performance optimizations:
  * * a) denormalized operations like mulN instead of mul
  * * b) same object shape: never add or remove keys
  * * c) Object.freeze
- * Fragile: always run a benchmark on a change.
- * Security note: operations don't check 'isValid' for all elements for performance reasons,
+ * NOTE: operations don't check 'isValid' for all elements for performance reasons,
  * it is caller responsibility to check this.
- * This is low-level code, please make sure you know what you're doing.
+ * This is low-level code, please make sure you know what you doing.
  * @param ORDER prime positive bigint
  * @param bitLen how many bits the field consumes
  * @param isLE (def: false) if encoding / decoding should be in little-endian
@@ -6874,14 +6791,13 @@ function nLength(n, nBitLength) {
  */
 function Field(ORDER, bitLen, isLE = false, redef = {}) {
     if (ORDER <= _0n$3)
-        throw new Error('invalid field: expected ORDER > 0, got ' + ORDER);
+        throw new Error(`Expected Field ORDER > 0, got ${ORDER}`);
     const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen);
     if (BYTES > 2048)
-        throw new Error('invalid field: expected ORDER of <= 2048 bytes');
-    let sqrtP; // cached sqrtP
+        throw new Error('Field lengths over 2048 bytes are not supported');
+    const sqrtP = FpSqrt(ORDER);
     const f = Object.freeze({
         ORDER,
-        isLE,
         BITS,
         BYTES,
         MASK: bitMask(BITS),
@@ -6890,7 +6806,7 @@ function Field(ORDER, bitLen, isLE = false, redef = {}) {
         create: (num) => mod(num, ORDER),
         isValid: (num) => {
             if (typeof num !== 'bigint')
-                throw new Error('invalid field element: expected bigint, got ' + typeof num);
+                throw new Error(`Invalid field element: expected bigint, got ${typeof num}`);
             return _0n$3 <= num && num < ORDER; // 0 is valid element, but it's not invertible
         },
         is0: (num) => num === _0n$3,
@@ -6909,12 +6825,7 @@ function Field(ORDER, bitLen, isLE = false, redef = {}) {
         subN: (lhs, rhs) => lhs - rhs,
         mulN: (lhs, rhs) => lhs * rhs,
         inv: (num) => invert(num, ORDER),
-        sqrt: redef.sqrt ||
-            ((n) => {
-                if (!sqrtP)
-                    sqrtP = FpSqrt(ORDER);
-                return sqrtP(f, n);
-            }),
+        sqrt: redef.sqrt || ((n) => sqrtP(f, n)),
         invertBatch: (lst) => FpInvertBatch(f, lst),
         // TODO: do we really need constant cmov?
         // We don't have const-time bigints anyway, so probably will be not very useful
@@ -6922,7 +6833,7 @@ function Field(ORDER, bitLen, isLE = false, redef = {}) {
         toBytes: (num) => (isLE ? numberToBytesLE(num, BYTES) : numberToBytesBE(num, BYTES)),
         fromBytes: (bytes) => {
             if (bytes.length !== BYTES)
-                throw new Error('Field.fromBytes: expected ' + BYTES + ' bytes, got ' + bytes.length);
+                throw new Error(`Fp.fromBytes: expected ${BYTES}, got ${bytes.length}`);
             return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
         },
     });
@@ -6970,80 +6881,52 @@ function mapHashToField(key, fieldOrder, isLE = false) {
     const minLen = getMinHashLength(fieldOrder);
     // No small numbers: need to understand bias story. No huge numbers: easier to detect JS timings.
     if (len < 16 || len < minLen || len > 1024)
-        throw new Error('expected ' + minLen + '-1024 bytes of input, got ' + len);
-    const num = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);
+        throw new Error(`expected ${minLen}-1024 bytes of input, got ${len}`);
+    const num = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);
     // `mod(x, 11)` can sometimes produce 0. `mod(x, 10) + 1` is the same, but no 0
     const reduced = mod(num, fieldOrder - _1n$5) + _1n$5;
     return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
 }
 
-/**
- * Methods for elliptic curve multiplication by scalars.
- * Contains wNAF, pippenger
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// Abelian group utilities
 const _0n$2 = BigInt(0);
 const _1n$4 = BigInt(1);
-function constTimeNegate(condition, item) {
-    const neg = item.negate();
-    return condition ? neg : item;
-}
-function validateW(W, bits) {
-    if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
-        throw new Error('invalid window size, expected [1..' + bits + '], got W=' + W);
-}
-function calcWOpts(W, bits) {
-    validateW(W, bits);
-    const windows = Math.ceil(bits / W) + 1; // +1, because
-    const windowSize = 2 ** (W - 1); // -1 because we skip zero
-    return { windows, windowSize };
-}
-function validateMSMPoints(points, c) {
-    if (!Array.isArray(points))
-        throw new Error('array expected');
-    points.forEach((p, i) => {
-        if (!(p instanceof c))
-            throw new Error('invalid point at index ' + i);
-    });
-}
-function validateMSMScalars(scalars, field) {
-    if (!Array.isArray(scalars))
-        throw new Error('array of scalars expected');
-    scalars.forEach((s, i) => {
-        if (!field.isValid(s))
-            throw new Error('invalid scalar at index ' + i);
-    });
-}
 // Since points in different groups cannot be equal (different object constructor),
 // we can have single place to store precomputes
 const pointPrecomputes = new WeakMap();
 const pointWindowSizes = new WeakMap(); // This allows use make points immutable (nothing changes inside)
-function getW(P) {
-    return pointWindowSizes.get(P) || 1;
-}
-/**
- * Elliptic curve multiplication of Point by scalar. Fragile.
- * Scalars should always be less than curve order: this should be checked inside of a curve itself.
- * Creates precomputation tables for fast multiplication:
- * - private scalar is split by fixed size windows of W bits
- * - every window point is collected from window's table & added to accumulator
- * - since windows are different, same point inside tables won't be accessed more than once per calc
- * - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
- * - +1 window is neccessary for wNAF
- * - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
- *
- * @todo Research returning 2d JS array of windows, instead of a single window.
- * This would allow windows to be in different memory locations
- */
+// Elliptic curve multiplication of Point by scalar. Fragile.
+// Scalars should always be less than curve order: this should be checked inside of a curve itself.
+// Creates precomputation tables for fast multiplication:
+// - private scalar is split by fixed size windows of W bits
+// - every window point is collected from window's table & added to accumulator
+// - since windows are different, same point inside tables won't be accessed more than once per calc
+// - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)
+// - +1 window is neccessary for wNAF
+// - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication
+// TODO: Research returning 2d JS array of windows, instead of a single window. This would allow
+// windows to be in different memory locations
 function wNAF(c, bits) {
+    const constTimeNegate = (condition, item) => {
+        const neg = item.negate();
+        return condition ? neg : item;
+    };
+    const validateW = (W) => {
+        if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
+            throw new Error(`Wrong window size=${W}, should be [1..${bits}]`);
+    };
+    const opts = (W) => {
+        validateW(W);
+        const windows = Math.ceil(bits / W) + 1; // +1, because
+        const windowSize = 2 ** (W - 1); // -1 because we skip zero
+        return { windows, windowSize };
+    };
     return {
         constTimeNegate,
-        hasPrecomputes(elm) {
-            return getW(elm) !== 1;
-        },
         // non-const time multiplication ladder
-        unsafeLadder(elm, n, p = c.ZERO) {
+        unsafeLadder(elm, n) {
+            let p = c.ZERO;
             let d = elm;
             while (n > _0n$2) {
                 if (n & _1n$4)
@@ -7061,12 +6944,10 @@ function wNAF(c, bits) {
          * - 𝑊 is the window size
          * - 𝑛 is the bitlength of the curve order.
          * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
-         * @param elm Point instance
-         * @param W window size
          * @returns precomputed point tables flattened to a single array
          */
         precomputeWindow(elm, W) {
-            const { windows, windowSize } = calcWOpts(W, bits);
+            const { windows, windowSize } = opts(W);
             const points = [];
             let p = elm;
             let base = p;
@@ -7092,7 +6973,7 @@ function wNAF(c, bits) {
         wNAF(W, precomputes, n) {
             // TODO: maybe check that scalar is less than group order? wNAF behavious is undefined otherwise
             // But need to carefully remove other checks before wNAF. ORDER == bits here
-            const { windows, windowSize } = calcWOpts(W, bits);
+            const { windows, windowSize } = opts(W);
             let p = c.ZERO;
             let f = c.BASE;
             const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.
@@ -7136,44 +7017,8 @@ function wNAF(c, bits) {
             // which makes it less const-time: around 1 bigint multiply.
             return { p, f };
         },
-        /**
-         * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
-         * @param W window size
-         * @param precomputes precomputed tables
-         * @param n scalar (we don't check here, but should be less than curve order)
-         * @param acc accumulator point to add result of multiplication
-         * @returns point
-         */
-        wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
-            const { windows, windowSize } = calcWOpts(W, bits);
-            const mask = BigInt(2 ** W - 1); // Create mask with W ones: 0b1111 for W=4 etc.
-            const maxNumber = 2 ** W;
-            const shiftBy = BigInt(W);
-            for (let window = 0; window < windows; window++) {
-                const offset = window * windowSize;
-                if (n === _0n$2)
-                    break; // No need to go over empty scalar
-                // Extract W bits.
-                let wbits = Number(n & mask);
-                // Shift number by W bits.
-                n >>= shiftBy;
-                // If the bits are bigger than max size, we'll split those.
-                // +224 => 256 - 32
-                if (wbits > windowSize) {
-                    wbits -= maxNumber;
-                    n += _1n$4;
-                }
-                if (wbits === 0)
-                    continue;
-                let curr = precomputes[offset + Math.abs(wbits) - 1]; // -1 because we skip zero
-                if (wbits < 0)
-                    curr = curr.negate();
-                // NOTE: by re-using acc, we can save a lot of additions in case of MSM
-                acc = acc.add(curr);
-            }
-            return acc;
-        },
-        getPrecomputes(W, P, transform) {
+        wNAFCached(P, n, transform) {
+            const W = pointWindowSizes.get(P) || 1;
             // Calculate precomputes on a first run, reuse them after
             let comp = pointPrecomputes.get(P);
             if (!comp) {
@@ -7181,66 +7026,62 @@ function wNAF(c, bits) {
                 if (W !== 1)
                     pointPrecomputes.set(P, transform(comp));
             }
-            return comp;
-        },
-        wNAFCached(P, n, transform) {
-            const W = getW(P);
-            return this.wNAF(W, this.getPrecomputes(W, P, transform), n);
-        },
-        wNAFCachedUnsafe(P, n, transform, prev) {
-            const W = getW(P);
-            if (W === 1)
-                return this.unsafeLadder(P, n, prev); // For W=1 ladder is ~x2 faster
-            return this.wNAFUnsafe(W, this.getPrecomputes(W, P, transform), n, prev);
+            return this.wNAF(W, comp, n);
         },
         // We calculate precomputes for elliptic curve point multiplication
         // using windowed method. This specifies window size and
         // stores precomputed values. Usually only base point would be precomputed.
         setWindowSize(P, W) {
-            validateW(W, bits);
+            validateW(W);
             pointWindowSizes.set(P, W);
             pointPrecomputes.delete(P);
         },
     };
 }
 /**
- * Pippenger algorithm for multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).
+ * Pippenger algorithm for multi-scalar multiplication (MSM).
+ * MSM is basically (Pa + Qb + Rc + ...).
  * 30x faster vs naive addition on L=4096, 10x faster with precomputes.
  * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.
  * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.
  * @param c Curve Point constructor
- * @param fieldN field over CURVE.N - important that it's not over CURVE.P
+ * @param field field over CURVE.N - important that it's not over CURVE.P
  * @param points array of L curve points
  * @param scalars array of L scalars (aka private keys / bigints)
  */
-function pippenger(c, fieldN, points, scalars) {
+function pippenger(c, field, points, scalars) {
     // If we split scalars by some window (let's say 8 bits), every chunk will only
     // take 256 buckets even if there are 4096 scalars, also re-uses double.
     // TODO:
     // - https://eprint.iacr.org/2024/750.pdf
     // - https://tches.iacr.org/index.php/TCHES/article/view/10287
     // 0 is accepted in scalars
-    validateMSMPoints(points, c);
-    validateMSMScalars(scalars, fieldN);
-    if (points.length !== scalars.length)
+    if (!Array.isArray(points) || !Array.isArray(scalars) || scalars.length !== points.length)
         throw new Error('arrays of points and scalars must have equal length');
-    const zero = c.ZERO;
+    scalars.forEach((s, i) => {
+        if (!field.isValid(s))
+            throw new Error(`wrong scalar at index ${i}`);
+    });
+    points.forEach((p, i) => {
+        if (!(p instanceof c))
+            throw new Error(`wrong point at index ${i}`);
+    });
     const wbits = bitLen(BigInt(points.length));
     const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1; // in bits
     const MASK = (1 << windowSize) - 1;
-    const buckets = new Array(MASK + 1).fill(zero); // +1 for zero array
-    const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) * windowSize;
-    let sum = zero;
+    const buckets = new Array(MASK + 1).fill(c.ZERO); // +1 for zero array
+    const lastBits = Math.floor((field.BITS - 1) / windowSize) * windowSize;
+    let sum = c.ZERO;
     for (let i = lastBits; i >= 0; i -= windowSize) {
-        buckets.fill(zero);
+        buckets.fill(c.ZERO);
         for (let j = 0; j < scalars.length; j++) {
             const scalar = scalars[j];
             const wbits = Number((scalar >> BigInt(i)) & BigInt(MASK));
             buckets[wbits] = buckets[wbits].add(points[j]);
         }
-        let resI = zero; // not using this will do small speed-up, but will lose ct
+        let resI = c.ZERO; // not using this will do small speed-up, but will lose ct
         // Skip first bucket, because it is zero
-        for (let j = buckets.length - 1, sumI = zero; j > 0; j--) {
+        for (let j = buckets.length - 1, sumI = c.ZERO; j > 0; j--) {
             sumI = sumI.add(buckets[j]);
             resI = resI.add(sumI);
         }
@@ -7270,12 +7111,8 @@ function validateBasic(curve) {
     });
 }
 
-/**
- * Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y².
- * For design rationale of types / exports, see weierstrass module documentation.
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y²
 // Be friendly to bad ECMAScript parsers by not using bigint literals
 // prettier-ignore
 const _0n$1 = BigInt(0), _1n$3 = BigInt(1), _2n$2 = BigInt(2), _8n$1 = BigInt(8);
@@ -7307,10 +7144,6 @@ function validateOpts$1(curve) {
 function twistedEdwards(curveDef) {
     const CURVE = validateOpts$1(curveDef);
     const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;
-    // Important:
-    // There are some places where Fp.BYTES is used instead of nByteLength.
-    // So far, everything has been tested with curves of Fp.BYTES == nByteLength.
-    // TODO: test and find curves which behave otherwise.
     const MASK = _2n$2 << (BigInt(nByteLength * 8) - _1n$3);
     const modP = Fp.create; // Function overrides
     const Fn = Field(CURVE.n, CURVE.nBitLength);
@@ -7524,15 +7357,16 @@ function twistedEdwards(curveDef) {
         // It's faster, but should only be used when you don't care about
         // an exposed private key e.g. sig verification.
         // Does NOT allow scalars higher than CURVE.n.
-        // Accepts optional accumulator to merge with multiply (important for sparse scalars)
-        multiplyUnsafe(scalar, acc = Point.ZERO) {
+        multiplyUnsafe(scalar) {
             const n = scalar;
             aInRange('scalar', n, _0n$1, CURVE_ORDER); // 0 <= scalar < L
             if (n === _0n$1)
                 return I;
-            if (this.is0() || n === _1n$3)
+            if (this.equals(I) || n === _1n$3)
                 return this;
-            return wnaf.wNAFCachedUnsafe(this, n, Point.normalizeZ, acc);
+            if (this.equals(G))
+                return this.wNAF(n).p;
+            return wnaf.unsafeLadder(this, n);
         }
         // Checks if point is of small order.
         // If you add something to small order point, you will have "dirty"
@@ -7566,9 +7400,8 @@ function twistedEdwards(curveDef) {
             abool('zip215', zip215);
             const normed = hex.slice(); // copy again, we'll manipulate it
             const lastByte = hex[len - 1]; // select last byte
-            normed[len - 1] = lastByte & -129; // clear last bit
+            normed[len - 1] = lastByte & ~0x80; // clear last bit
             const y = bytesToNumberLE(normed);
-            // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.
             // RFC8032 prohibits >= p, but ZIP215 doesn't
             // zip215=true:  0 <= y < MASK (2^256 for ed25519)
             // zip215=false: 0 <= y < P (2^255-19 for ed25519)
@@ -7617,7 +7450,7 @@ function twistedEdwards(curveDef) {
     }
     /** Convenience method that creates public key and other stuff. RFC8032 5.1.5 */
     function getExtendedPublicKey(key) {
-        const len = Fp.BYTES;
+        const len = nByteLength;
         key = ensureBytes('private key', key, len);
         // Hash private key with curve's hash function to produce uniformingly random input
         // Check byte lengths: ensure(64, h(ensure(32, key)))
@@ -7650,29 +7483,23 @@ function twistedEdwards(curveDef) {
         const s = modN(r + k * scalar); // S = (r + k * s) mod L
         aInRange('signature.s', s, _0n$1, CURVE_ORDER); // 0 <= s < l
         const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES));
-        return ensureBytes('result', res, Fp.BYTES * 2); // 64-byte signature
+        return ensureBytes('result', res, nByteLength * 2); // 64-byte signature
     }
     const verifyOpts = VERIFY_DEFAULT;
-    /**
-     * Verifies EdDSA signature against message and public key. RFC8032 5.1.7.
-     * An extended group equation is checked.
-     */
     function verify(sig, msg, publicKey, options = verifyOpts) {
         const { context, zip215 } = options;
         const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.
         sig = ensureBytes('signature', sig, 2 * len); // An extended group equation is checked.
         msg = ensureBytes('message', msg);
-        publicKey = ensureBytes('publicKey', publicKey, len);
         if (zip215 !== undefined)
             abool('zip215', zip215);
         if (prehash)
             msg = prehash(msg); // for ed25519ph, etc
         const s = bytesToNumberLE(sig.slice(len, 2 * len));
+        // zip215: true is good for consensus-critical apps and allows points < 2^256
+        // zip215: false follows RFC8032 / NIST186-5 and restricts points to CURVE.p
         let A, R, SB;
         try {
-            // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.
-            // zip215=true:  0 <= y < MASK (2^256 for ed25519)
-            // zip215=false: 0 <= y < P (2^255-19 for ed25519)
             A = Point.fromHex(publicKey, zip215);
             R = Point.fromHex(sig.slice(0, len), zip215);
             SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside
@@ -7684,7 +7511,6 @@ function twistedEdwards(curveDef) {
             return false;
         const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);
         const RkA = R.add(A.multiplyUnsafe(k));
-        // Extended group equation
         // [8][S]B = [8]R + [8][k]A'
         return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);
     }
@@ -7715,14 +7541,13 @@ function twistedEdwards(curveDef) {
     };
 }
 
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 /**
  * ed25519 Twisted Edwards curve with following addons:
  * - X25519 ECDH
  * - Ristretto cofactor elimination
  * - Elligator hash-to-group / point indistinguishability
- * @module
  */
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const ED25519_P = BigInt('57896044618658097711785492504343953926634992332820282019728792003956564819949');
 // √(-1) aka √(a) aka 2^((p-1)/4)
 const ED25519_SQRT_M1 = /* @__PURE__ */ BigInt('19681161376707505956807079304988542015446066515923890162744021073123829784752');
@@ -7781,7 +7606,7 @@ function uvRatio(u, v) {
         x = mod(-x, P);
     return { isValid: useRoot1 || useRoot2, value: x };
 }
-const Fp = /* @__PURE__ */ (() => Field(ED25519_P, undefined, true))();
+const Fp$1 = /* @__PURE__ */ (() => Field(ED25519_P, undefined, true))();
 const ed25519Defaults = /* @__PURE__ */ (() => ({
     // Param: a
     a: BigInt(-1), // Fp.create(-1) is proper; our way still works and is faster
@@ -7789,7 +7614,7 @@ const ed25519Defaults = /* @__PURE__ */ (() => ({
     // Negative number is P - number, and division is invert(number, P)
     d: BigInt('37095705934669439343138083508754565189542113879843219016388785533085940283555'),
     // Finite field 𝔽p over which we'll do calculations; 2n**255n - 19n
-    Fp,
+    Fp: Fp$1,
     // Subgroup order: how many points curve has
     // 2n**252n + 27742317777372353535851937790883648493n;
     n: BigInt('7237005577332262213973186563042994240857116359379907606001950938285454250989'),
@@ -7808,14 +7633,6 @@ const ed25519Defaults = /* @__PURE__ */ (() => ({
 }))();
 /**
  * ed25519 curve with EdDSA signatures.
- * @example
- * import { ed25519 } from '@noble/curves/ed25519';
- * const priv = ed25519.utils.randomPrivateKey();
- * const pub = ed25519.getPublicKey(priv);
- * const msg = new TextEncoder().encode('hello');
- * const sig = ed25519.sign(msg, priv);
- * ed25519.verify(sig, msg, pub); // Default mode: follows ZIP215
- * ed25519.verify(sig, msg, pub, { zip215: false }); // RFC8032 / FIPS 186-5
  */
 const ed25519 = /* @__PURE__ */ (() => twistedEdwards(ed25519Defaults))();
 
@@ -9213,7 +9030,7 @@ var PrivateKey;
 /*!
  * MIT License
  * 
- * Copyright (c) 2017-2024 Peculiar Ventures, LLC
+ * Copyright (c) 2017-2022 Peculiar Ventures, LLC
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -9325,7 +9142,7 @@ class BufferSourceConverter {
 }
 
 const STRING_TYPE = "string";
-const HEX_REGEX = /^[0-9a-f\s]+$/i;
+const HEX_REGEX = /^[0-9a-f]+$/i;
 const BASE64_REGEX = /^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/;
 const BASE64URL_REGEX = /^[a-zA-Z0-9-_]+$/;
 class Utf8Converter {
@@ -9559,7 +9376,7 @@ class Convert {
         return base64;
     }
     static formatString(data) {
-        return (data === null || data === undefined ? undefined : data.replace(/[\n\r\t ]/g, "")) || "";
+        return (data === null || data === void 0 ? void 0 : data.replace(/[\n\r\t ]/g, "")) || "";
     }
 }
 Convert.DEFAULT_UTF8_ENCODING = "utf8";
@@ -9815,7 +9632,7 @@ function HexBlock(BaseClass) {
                 var _a;
                 super(...args);
                 const params = args[0] || {};
-                this.isHexOnly = (_a = params.isHexOnly) !== null && _a !== undefined ? _a : false;
+                this.isHexOnly = (_a = params.isHexOnly) !== null && _a !== void 0 ? _a : false;
                 this.valueHexView = params.valueHex ? BufferSourceConverter_1.toUint8Array(params.valueHex) : EMPTY_VIEW;
             }
             get valueHex() {
@@ -9905,11 +9722,11 @@ class LocalIdentificationBlock extends HexBlock(LocalBaseBlock) {
         var _a, _b, _c, _d;
         super();
         if (idBlock) {
-            this.isHexOnly = (_a = idBlock.isHexOnly) !== null && _a !== undefined ? _a : false;
+            this.isHexOnly = (_a = idBlock.isHexOnly) !== null && _a !== void 0 ? _a : false;
             this.valueHexView = idBlock.valueHex ? BufferSourceConverter_1.toUint8Array(idBlock.valueHex) : EMPTY_VIEW;
-            this.tagClass = (_b = idBlock.tagClass) !== null && _b !== undefined ? _b : -1;
-            this.tagNumber = (_c = idBlock.tagNumber) !== null && _c !== undefined ? _c : -1;
-            this.isConstructed = (_d = idBlock.isConstructed) !== null && _d !== undefined ? _d : false;
+            this.tagClass = (_b = idBlock.tagClass) !== null && _b !== void 0 ? _b : -1;
+            this.tagNumber = (_c = idBlock.tagNumber) !== null && _c !== void 0 ? _c : -1;
+            this.isConstructed = (_d = idBlock.isConstructed) !== null && _d !== void 0 ? _d : false;
         }
         else {
             this.tagClass = -1;
@@ -10076,9 +9893,9 @@ class LocalLengthBlock extends LocalBaseBlock {
     constructor({ lenBlock = {}, } = {}) {
         var _a, _b, _c;
         super();
-        this.isIndefiniteForm = (_a = lenBlock.isIndefiniteForm) !== null && _a !== undefined ? _a : false;
-        this.longFormUsed = (_b = lenBlock.longFormUsed) !== null && _b !== undefined ? _b : false;
-        this.length = (_c = lenBlock.length) !== null && _c !== undefined ? _c : 0;
+        this.isIndefiniteForm = (_a = lenBlock.isIndefiniteForm) !== null && _a !== void 0 ? _a : false;
+        this.longFormUsed = (_b = lenBlock.longFormUsed) !== null && _b !== void 0 ? _b : false;
+        this.length = (_c = lenBlock.length) !== null && _c !== void 0 ? _c : 0;
     }
     fromBER(inputBuffer, inputOffset, inputLength) {
         const view = BufferSourceConverter_1.toUint8Array(inputBuffer);
@@ -10850,7 +10667,7 @@ var _a$r;
 class OctetString extends BaseBlock {
     constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
         var _b, _c;
-        (_b = parameters.isConstructed) !== null && _b !== undefined ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === undefined ? undefined : _c.length));
+        (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length));
         super({
             idBlock: {
                 isConstructed: parameters.isConstructed,
@@ -11011,7 +10828,7 @@ var _a$q;
 class BitString extends BaseBlock {
     constructor({ idBlock = {}, lenBlock = {}, ...parameters } = {}) {
         var _b, _c;
-        (_b = parameters.isConstructed) !== null && _b !== undefined ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === undefined ? undefined : _c.length));
+        (_b = parameters.isConstructed) !== null && _b !== void 0 ? _b : (parameters.isConstructed = !!((_c = parameters.value) === null || _c === void 0 ? void 0 : _c.length));
         super({
             idBlock: {
                 isConstructed: parameters.isConstructed,
@@ -12213,7 +12030,7 @@ class GeneralizedTime extends UTCTime {
     constructor(parameters = {}) {
         var _b;
         super(parameters);
-        (_b = this.millisecond) !== null && _b !== undefined ? _b : (this.millisecond = 0);
+        (_b = this.millisecond) !== null && _b !== void 0 ? _b : (this.millisecond = 0);
         this.idBlock.tagClass = 1;
         this.idBlock.tagNumber = 24;
     }
@@ -12564,8 +12381,8 @@ function pkixToJwk(bytes) {
     const values = result.valueBlock.value[1].valueBlock.value[0].valueBlock.value;
     return {
         kty: 'RSA',
-        n: asn1jsIntegerToBase64(values[0]),
-        e: asn1jsIntegerToBase64(values[1])
+        n: toString$6(bnToBuf(values[0].toBigInt()), 'base64url'),
+        e: toString$6(bnToBuf(values[1].toBigInt()), 'base64url')
     };
 }
 /**
@@ -12601,13 +12418,21 @@ function jwkToPkix(jwk) {
     const der = root.toBER();
     return new Uint8Array(der, 0, der.byteLength);
 }
-function asn1jsIntegerToBase64(int) {
-    let buf = int.valueBlock.valueHexView;
-    // chrome rejects values with leading 0s
-    while (buf[0] === 0) {
-        buf = buf.subarray(1);
+function bnToBuf(bn) {
+    let hex = bn.toString(16);
+    if (hex.length % 2 > 0) {
+        hex = `0${hex}`;
+    }
+    const len = hex.length / 2;
+    const u8 = new Uint8Array(len);
+    let i = 0;
+    let j = 0;
+    while (i < len) {
+        u8[i] = parseInt(hex.slice(j, j + 2), 16);
+        i += 1;
+        j += 2;
     }
-    return toString$6(buf, 'base64url');
+    return u8;
 }
 function bufToBn(u8) {
     const hex = [];
@@ -12636,18 +12461,15 @@ function pkixToRSAPublicKey(bytes) {
     return new RSAPublicKey(jwk, digest);
 }
 
-/**
- * HMAC: RFC2104 message authentication code.
- * @module
- */
+// HMAC (RFC 2104)
 class HMAC extends Hash {
-    constructor(hash, _key) {
+    constructor(hash$1, _key) {
         super();
         this.finished = false;
         this.destroyed = false;
-        ahash(hash);
+        hash(hash$1);
         const key = toBytes$1(_key);
-        this.iHash = hash.create();
+        this.iHash = hash$1.create();
         if (typeof this.iHash.update !== 'function')
             throw new Error('Expected instance of class which extends utils.Hash');
         this.blockLen = this.iHash.blockLen;
@@ -12655,12 +12477,12 @@ class HMAC extends Hash {
         const blockLen = this.blockLen;
         const pad = new Uint8Array(blockLen);
         // blockLen can be bigger than outputLen
-        pad.set(key.length > blockLen ? hash.create().update(key).digest() : key);
+        pad.set(key.length > blockLen ? hash$1.create().update(key).digest() : key);
         for (let i = 0; i < pad.length; i++)
             pad[i] ^= 0x36;
         this.iHash.update(pad);
         // By doing update (processing of first block) of outer hash here we can re-use it between multiple calls via clone
-        this.oHash = hash.create();
+        this.oHash = hash$1.create();
         // Undo internal XOR && apply outer XOR
         for (let i = 0; i < pad.length; i++)
             pad[i] ^= 0x36 ^ 0x5c;
@@ -12668,13 +12490,13 @@ class HMAC extends Hash {
         pad.fill(0);
     }
     update(buf) {
-        aexists(this);
+        exists(this);
         this.iHash.update(buf);
         return this;
     }
     digestInto(out) {
-        aexists(this);
-        abytes$1(out, this.outputLen);
+        exists(this);
+        bytes(out, this.outputLen);
         this.finished = true;
         this.iHash.digestInto(out);
         this.oHash.update(out);
@@ -12718,33 +12540,8 @@ class HMAC extends Hash {
 const hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
 hmac.create = (hash, key) => new HMAC(hash, key);
 
-/**
- * Short Weierstrass curve methods. The formula is: y² = x³ + ax + b.
- *
- * ### Design rationale for types
- *
- * * Interaction between classes from different curves should fail:
- *   `k256.Point.BASE.add(p256.Point.BASE)`
- * * For this purpose we want to use `instanceof` operator, which is fast and works during runtime
- * * Different calls of `curve()` would return different classes -
- *   `curve(params) !== curve(params)`: if somebody decided to monkey-patch their curve,
- *   it won't affect others
- *
- * TypeScript can't infer types for classes created inside a function. Classes is one instance
- * of nominative types in TypeScript and interfaces only check for shape, so it's hard to create
- * unique type for every function call.
- *
- * We can use generic types via some param, like curve opts, but that would:
- *     1. Enable interaction between `curve(params)` and `curve(params)` (curves of same params)
- *     which is hard to debug.
- *     2. Params can be generic and we can't enforce them to be constant value:
- *     if somebody creates curve from non-constant params,
- *     it would be allowed to interact with other curves with non-constant params
- *
- * @todo https://www.typescriptlang.org/docs/handbook/release-notes/typescript-2-7.html#unique-symbol
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+// Short Weierstrass curve. The formula is: y² = x³ + ax + b
 function validateSigVerOpts(opts) {
     if (opts.lowS !== undefined)
         abool('lowS', opts.lowS);
@@ -12768,22 +12565,17 @@ function validatePointOpts(curve) {
     const { endo, Fp, a } = opts;
     if (endo) {
         if (!Fp.eql(a, Fp.ZERO)) {
-            throw new Error('invalid endomorphism, can only be defined for Koblitz curves that have a=0');
+            throw new Error('Endomorphism can only be defined for Koblitz curves that have a=0');
         }
         if (typeof endo !== 'object' ||
             typeof endo.beta !== 'bigint' ||
             typeof endo.splitScalar !== 'function') {
-            throw new Error('invalid endomorphism, expected beta: bigint and splitScalar: function');
+            throw new Error('Expected endomorphism with beta: bigint and splitScalar: function');
         }
     }
     return Object.freeze({ ...opts });
 }
 const { bytesToNumberBE: b2n, hexToBytes: h2b } = ut;
-class DERErr extends Error {
-    constructor(m = '') {
-        super(m);
-    }
-}
 /**
  * ASN.1 DER encoding utilities. ASN is very complex & fragile. Format:
  *
@@ -12793,7 +12585,11 @@ class DERErr extends Error {
  */
 const DER = {
     // asn.1 DER encoding utils
-    Err: DERErr,
+    Err: class DERErr extends Error {
+        constructor(m = '') {
+            super(m);
+        }
+    },
     // Basic building block is TLV (Tag-Length-Value)
     _tlv: {
         encode: (tag, data) => {
@@ -12808,8 +12604,7 @@ const DER = {
                 throw new E('tlv.encode: long form length too big');
             // length of length with long form flag
             const lenLen = dataLen > 127 ? numberToHexUnpadded((len.length / 2) | 128) : '';
-            const t = numberToHexUnpadded(tag);
-            return t + lenLen + len + data;
+            return `${numberToHexUnpadded(tag)}${lenLen}${len}${data}`;
         },
         // v - value, l - left bytes (unparsed)
         decode(tag, data) {
@@ -12862,15 +12657,15 @@ const DER = {
             if (Number.parseInt(hex[0], 16) & 0b1000)
                 hex = '00' + hex;
             if (hex.length & 1)
-                throw new E('unexpected DER parsing assertion: unpadded hex');
+                throw new E('unexpected assertion');
             return hex;
         },
         decode(data) {
             const { Err: E } = DER;
             if (data[0] & 128)
-                throw new E('invalid signature integer: negative');
+                throw new E('Invalid signature integer: negative');
             if (data[0] === 0x00 && !(data[1] & 128))
-                throw new E('invalid signature integer: unnecessary leading zero');
+                throw new E('Invalid signature integer: unnecessary leading zero');
             return b2n(data);
         },
     },
@@ -12881,18 +12676,16 @@ const DER = {
         abytes(data);
         const { v: seqBytes, l: seqLeftBytes } = tlv.decode(0x30, data);
         if (seqLeftBytes.length)
-            throw new E('invalid signature: left bytes after parsing');
+            throw new E('Invalid signature: left bytes after parsing');
         const { v: rBytes, l: rLeftBytes } = tlv.decode(0x02, seqBytes);
         const { v: sBytes, l: sLeftBytes } = tlv.decode(0x02, rLeftBytes);
         if (sLeftBytes.length)
-            throw new E('invalid signature: left bytes after parsing');
+            throw new E('Invalid signature: left bytes after parsing');
         return { r: int.decode(rBytes), s: int.decode(sBytes) };
     },
     hexFromSig(sig) {
         const { _tlv: tlv, _int: int } = DER;
-        const rs = tlv.encode(0x02, int.encode(sig.r));
-        const ss = tlv.encode(0x02, int.encode(sig.s));
-        const seq = rs + ss;
+        const seq = `${tlv.encode(0x02, int.encode(sig.r))}${tlv.encode(0x02, int.encode(sig.s))}`;
         return tlv.encode(0x30, seq);
     },
 };
@@ -12946,7 +12739,7 @@ function weierstrassPoints(opts) {
                 key = bytesToHex(key);
             // Normalize to hex string, pad. E.g. P521 would norm 130-132 char hex to 132-char bytes
             if (typeof key !== 'string' || !lengths.includes(key.length))
-                throw new Error('invalid private key');
+                throw new Error('Invalid key');
             key = key.padStart(nByteLength * 2, '0');
         }
         let num;
@@ -12957,7 +12750,7 @@ function weierstrassPoints(opts) {
                     : bytesToNumberBE(ensureBytes('private key', key, nByteLength));
         }
         catch (error) {
-            throw new Error('invalid private key, expected hex or ' + nByteLength + ' bytes, got ' + typeof key);
+            throw new Error(`private key must be ${nByteLength} bytes, hex or bigint, not ${typeof key}`);
         }
         if (wrapPrivateKey)
             num = mod(num, N); // disabled by default, enabled for BLS
@@ -12997,7 +12790,7 @@ function weierstrassPoints(opts) {
         if (p.is0()) {
             // (0, 1, 0) aka ZERO is invalid in most contexts.
             // In BLS, ZERO can be serialized, so we allow it.
-            // (0, 0, 0) is invalid representation of ZERO.
+            // (0, 0, 0) is wrong representation of ZERO and is always invalid.
             if (CURVE.allowInfinityPoint && !Fp.is0(p.py))
                 return;
             throw new Error('bad point: ZERO');
@@ -13221,17 +13014,16 @@ function weierstrassPoints(opts) {
          * an exposed private key e.g. sig verification, which works over *public* keys.
          */
         multiplyUnsafe(sc) {
-            const { endo, n: N } = CURVE;
-            aInRange('scalar', sc, _0n, N);
+            aInRange('scalar', sc, _0n, CURVE.n);
             const I = Point.ZERO;
             if (sc === _0n)
                 return I;
-            if (this.is0() || sc === _1n$1)
+            if (sc === _1n$1)
                 return this;
-            // Case a: no endomorphism. Case b: has precomputes.
-            if (!endo || wnaf.hasPrecomputes(this))
-                return wnaf.wNAFCachedUnsafe(this, sc, Point.normalizeZ);
-            // Case c: endomorphism
+            const { endo } = CURVE;
+            if (!endo)
+                return wnaf.unsafeLadder(this, sc);
+            // Apply endomorphism
             let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
             let k1p = I;
             let k2p = I;
@@ -13417,9 +13209,7 @@ function weierstrass(curveDef) {
                 return { x, y };
             }
             else {
-                const cl = compressedLen;
-                const ul = uncompressedLen;
-                throw new Error('invalid Point, expected length of ' + cl + ', or uncompressed ' + ul + ', got ' + len);
+                throw new Error(`Point of length ${len} was invalid. Expected ${compressedLen} compressed bytes or ${uncompressedLen} uncompressed bytes`);
             }
         },
     });
@@ -13584,9 +13374,6 @@ function weierstrass(curveDef) {
     // int2octets can't be used; pads small msgs with 0: unacceptatble for trunc as per RFC vectors
     const bits2int = CURVE.bits2int ||
         function (bytes) {
-            // Our custom check "just in case"
-            if (bytes.length > 8192)
-                throw new Error('input is too large');
             // For curves with nBitLength % 8 !== 0: bits2octets(bits2octets(m)) !== bits2octets(m)
             // for some cases, since bytes.length * 8 is not actual bitLength.
             const num = bytesToNumberBE(bytes); // check for == u8 done here
@@ -13603,15 +13390,15 @@ function weierstrass(curveDef) {
      * Converts to bytes. Checks if num in `[0..ORDER_MASK-1]` e.g.: `[0..2^256-1]`.
      */
     function int2octets(num) {
-        aInRange('num < 2^' + CURVE.nBitLength, num, _0n, ORDER_MASK);
+        aInRange(`num < 2^${CURVE.nBitLength}`, num, _0n, ORDER_MASK);
         // works with order, can have different size than numToField!
         return numberToBytesBE(num, CURVE.nByteLength);
     }
     // Steps A, D of RFC6979 3.2
     // Creates RFC6979 seed; converts msg/privKey to numbers.
     // Used only in sign, not in verify.
-    // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order,
-    // this will be invalid at least for P521. Also it can be bigger for P224 + SHA256
+    // NOTE: we cannot assume here that msgHash has same amount of bytes as curve order, this will be wrong at least for P521.
+    // Also it can be bigger for P224 + SHA256
     function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
         if (['recovered', 'canonical'].some((k) => k in opts))
             throw new Error('sign() legacy options not supported');
@@ -13705,48 +13492,39 @@ function weierstrass(curveDef) {
         const sg = signature;
         msgHash = ensureBytes('msgHash', msgHash);
         publicKey = ensureBytes('publicKey', publicKey);
-        const { lowS, prehash, format } = opts;
-        // Verify opts, deduce signature format
-        validateSigVerOpts(opts);
         if ('strict' in opts)
             throw new Error('options.strict was renamed to lowS');
-        if (format !== undefined && format !== 'compact' && format !== 'der')
-            throw new Error('format must be compact or der');
-        const isHex = typeof sg === 'string' || isBytes$1(sg);
-        const isObj = !isHex &&
-            !format &&
-            typeof sg === 'object' &&
-            sg !== null &&
-            typeof sg.r === 'bigint' &&
-            typeof sg.s === 'bigint';
-        if (!isHex && !isObj)
-            throw new Error('invalid signature, expected Uint8Array, hex string or Signature instance');
+        validateSigVerOpts(opts);
+        const { lowS, prehash } = opts;
         let _sig = undefined;
         let P;
         try {
-            if (isObj)
-                _sig = new Signature(sg.r, sg.s);
-            if (isHex) {
+            if (typeof sg === 'string' || isBytes$1(sg)) {
                 // Signature can be represented in 2 ways: compact (2*nByteLength) & DER (variable-length).
                 // Since DER can also be 2*nByteLength bytes, we check for it first.
                 try {
-                    if (format !== 'compact')
-                        _sig = Signature.fromDER(sg);
+                    _sig = Signature.fromDER(sg);
                 }
                 catch (derError) {
                     if (!(derError instanceof DER.Err))
                         throw derError;
-                }
-                if (!_sig && format !== 'der')
                     _sig = Signature.fromCompact(sg);
+                }
+            }
+            else if (typeof sg === 'object' && typeof sg.r === 'bigint' && typeof sg.s === 'bigint') {
+                const { r, s } = sg;
+                _sig = new Signature(r, s);
+            }
+            else {
+                throw new Error('PARSE');
             }
             P = Point.fromHex(publicKey);
         }
         catch (error) {
+            if (error.message === 'PARSE')
+                throw new Error(`signature must be Signature instance, Uint8Array or hex string`);
             return false;
         }
-        if (!_sig)
-            return false;
         if (lowS && _sig.hasHighS())
             return false;
         if (prehash)
@@ -13774,12 +13552,8 @@ function weierstrass(curveDef) {
     };
 }
 
-/**
- * Utilities for short weierstrass curves, combined with noble-hashes.
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-/** connects noble-curves to noble-hashes */
+// connects noble-curves to noble-hashes
 function getHash(hash) {
     return {
         hash,
@@ -13789,21 +13563,9 @@ function getHash(hash) {
 }
 function createCurve(curveDef, defHash) {
     const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
-    return { ...create(defHash), create };
+    return Object.freeze({ ...create(defHash), create });
 }
 
-/**
- * NIST secp256k1. See [pdf](https://www.secg.org/sec2-v2.pdf).
- *
- * Seems to be rigid (not backdoored)
- * [as per discussion](https://bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975).
- *
- * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
- * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
- * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
- * [See explanation](https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066).
- * @module
- */
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
 const secp256k1P = BigInt('0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f');
 const secp256k1N = BigInt('0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141');
@@ -13834,35 +13596,31 @@ function sqrtMod(y) {
     const t1 = (pow2(b223, _23n, P) * b22) % P;
     const t2 = (pow2(t1, _6n, P) * b2) % P;
     const root = pow2(t2, _2n, P);
-    if (!Fpk1.eql(Fpk1.sqr(root), y))
+    if (!Fp.eql(Fp.sqr(root), y))
         throw new Error('Cannot find square root');
     return root;
 }
-const Fpk1 = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
+const Fp = Field(secp256k1P, undefined, undefined, { sqrt: sqrtMod });
 /**
  * secp256k1 short weierstrass curve and ECDSA signatures over it.
- *
- * @example
- * import { secp256k1 } from '@noble/curves/secp256k1';
- *
- * const priv = secp256k1.utils.randomPrivateKey();
- * const pub = secp256k1.getPublicKey(priv);
- * const msg = new Uint8Array(32).fill(1); // message hash (not message) in ecdsa
- * const sig = secp256k1.sign(msg, priv); // `{prehash: true}` option is available
- * const isValid = secp256k1.verify(sig, msg, pub) === true;
  */
 const secp256k1 = createCurve({
     a: BigInt(0), // equation params: a, b
-    b: BigInt(7),
-    Fp: Fpk1, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
+    b: BigInt(7), // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
+    Fp, // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
     n: secp256k1N, // Curve order, total count of valid points in the field
     // Base point (x, y) aka generator point
     Gx: BigInt('55066263022277343669578718895168534326250603453777594175500187360389116729240'),
     Gy: BigInt('32670510020758816978083085130507043184471273380659243275938904335757337482424'),
     h: BigInt(1), // Cofactor
     lowS: true, // Allow only low-S signatures by default in sign() and verify()
+    /**
+     * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
+     * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
+     * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
+     * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
+     */
     endo: {
-        // Endomorphism, see above
         beta: BigInt('0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee'),
         splitScalar: (k) => {
             const n = secp256k1N;
@@ -15876,9 +15634,9 @@ function _copyActual (source, target, targetStart, sourceStart, sourceEnd) {
 const QUERY_FLAG = 0;
 const RESPONSE_FLAG = 1 << 15;
 const FLUSH_MASK = 1 << 15;
-const NOT_FLUSH_MASK = -32769;
+const NOT_FLUSH_MASK = ~FLUSH_MASK;
 const QU_MASK = 1 << 15;
-const NOT_QU_MASK = -32769;
+const NOT_QU_MASK = ~QU_MASK;
 
 function codec ({ bytes = 0, encode, decode, encodingLength }) {
   encode.bytes = bytes;
@@ -20285,36 +20043,36 @@ class StreamManager {
         this.log = new Logger$1(`stream-manager:${multicodec}`);
         this.addEventListener("peer:update", this.handlePeerUpdateStreamPool);
     }
-    async getStream(peerId) {
-        const peerIdStr = peerId.toString();
-        const scheduledStream = this.streamPool.get(peerIdStr);
+    async getStream(peer) {
+        const peerId = peer.id.toString();
+        const scheduledStream = this.streamPool.get(peerId);
         if (scheduledStream) {
-            this.streamPool.delete(peerIdStr);
+            this.streamPool.delete(peerId);
             await scheduledStream;
         }
-        let stream = this.getOpenStreamForCodec(peerId);
+        let stream = this.getOpenStreamForCodec(peer.id);
         if (stream) {
-            this.log.info(`Found existing stream peerId=${peerIdStr} multicodec=${this.multicodec}`);
-            this.lockStream(peerIdStr, stream);
+            this.log.info(`Found existing stream peerId=${peer.id.toString()} multicodec=${this.multicodec}`);
+            this.lockStream(peer.id.toString(), stream);
             return stream;
         }
-        stream = await this.createStream(peerId);
-        this.lockStream(peerIdStr, stream);
+        stream = await this.createStream(peer);
+        this.lockStream(peer.id.toString(), stream);
         return stream;
     }
-    async createStream(peerId, retries = 0) {
-        const connections = this.getConnections(peerId);
+    async createStream(peer, retries = 0) {
+        const connections = this.getConnections(peer.id);
         const connection = selectOpenConnection(connections);
         if (!connection) {
-            throw new Error(`Failed to get a connection to the peer peerId=${peerId.toString()} multicodec=${this.multicodec}`);
+            throw new Error(`Failed to get a connection to the peer peerId=${peer.id.toString()} multicodec=${this.multicodec}`);
         }
         let lastError;
         let stream;
         for (let i = 0; i < retries + 1; i++) {
             try {
-                this.log.info(`Attempting to create a stream for peerId=${peerId.toString()} multicodec=${this.multicodec}`);
+                this.log.info(`Attempting to create a stream for peerId=${peer.id.toString()} multicodec=${this.multicodec}`);
                 stream = await connection.newStream(this.multicodec);
-                this.log.info(`Created stream for peerId=${peerId.toString()} multicodec=${this.multicodec}`);
+                this.log.info(`Created stream for peerId=${peer.id.toString()} multicodec=${this.multicodec}`);
                 break;
             }
             catch (error) {
@@ -20322,7 +20080,8 @@ class StreamManager {
             }
         }
         if (!stream) {
-            throw new Error(`Failed to create a new stream for ${peerId.toString()} -- ` + lastError);
+            throw new Error(`Failed to create a new stream for ${peer.id.toString()} -- ` +
+                lastError);
         }
         return stream;
     }
@@ -20334,7 +20093,7 @@ class StreamManager {
         }
         try {
             this.ongoingCreation.add(peerId);
-            await this.createStream(peer.id);
+            await this.createStream(peer);
         }
         catch (error) {
             this.log.error(`Failed to createStreamWithLock:`, error);
@@ -20407,8 +20166,8 @@ class BaseProtocol {
         this.removeLibp2pEventListener = components.events.removeEventListener.bind(components.events);
         this.streamManager = new StreamManager(multicodec, components.connectionManager.getConnections.bind(components.connectionManager), this.addLibp2pEventListener);
     }
-    async getStream(peerId) {
-        return this.streamManager.getStream(peerId);
+    async getStream(peer) {
+        return this.streamManager.getStream(peer);
     }
 }
 
@@ -24035,105 +23794,6 @@ var WakuMetadataResponse;
     };
 })(WakuMetadataResponse || (WakuMetadataResponse = {}));
 
-/* eslint-disable import/export */
-/* eslint-disable complexity */
-/* eslint-disable @typescript-eslint/no-namespace */
-/* eslint-disable @typescript-eslint/no-unnecessary-boolean-literal-compare */
-/* eslint-disable @typescript-eslint/no-empty-interface */
-var SdsMessage;
-(function (SdsMessage) {
-    let _codec;
-    SdsMessage.codec = () => {
-        if (_codec == null) {
-            _codec = message((obj, w, opts = {}) => {
-                if (opts.lengthDelimited !== false) {
-                    w.fork();
-                }
-                if ((obj.messageId != null && obj.messageId !== '')) {
-                    w.uint32(18);
-                    w.string(obj.messageId);
-                }
-                if ((obj.channelId != null && obj.channelId !== '')) {
-                    w.uint32(26);
-                    w.string(obj.channelId);
-                }
-                if (obj.lamportTimestamp != null) {
-                    w.uint32(80);
-                    w.int32(obj.lamportTimestamp);
-                }
-                if (obj.causalHistory != null) {
-                    for (const value of obj.causalHistory) {
-                        w.uint32(90);
-                        w.string(value);
-                    }
-                }
-                if (obj.bloomFilter != null) {
-                    w.uint32(98);
-                    w.bytes(obj.bloomFilter);
-                }
-                if (obj.content != null) {
-                    w.uint32(162);
-                    w.bytes(obj.content);
-                }
-                if (opts.lengthDelimited !== false) {
-                    w.ldelim();
-                }
-            }, (reader, length, opts = {}) => {
-                const obj = {
-                    messageId: '',
-                    channelId: '',
-                    causalHistory: []
-                };
-                const end = length == null ? reader.len : reader.pos + length;
-                while (reader.pos < end) {
-                    const tag = reader.uint32();
-                    switch (tag >>> 3) {
-                        case 2: {
-                            obj.messageId = reader.string();
-                            break;
-                        }
-                        case 3: {
-                            obj.channelId = reader.string();
-                            break;
-                        }
-                        case 10: {
-                            obj.lamportTimestamp = reader.int32();
-                            break;
-                        }
-                        case 11: {
-                            if (opts.limits?.causalHistory != null && obj.causalHistory.length === opts.limits.causalHistory) {
-                                throw new MaxLengthError('Decode error - map field "causalHistory" had too many elements');
-                            }
-                            obj.causalHistory.push(reader.string());
-                            break;
-                        }
-                        case 12: {
-                            obj.bloomFilter = reader.bytes();
-                            break;
-                        }
-                        case 20: {
-                            obj.content = reader.bytes();
-                            break;
-                        }
-                        default: {
-                            reader.skipType(tag & 7);
-                            break;
-                        }
-                    }
-                }
-                return obj;
-            });
-        }
-        return _codec;
-    };
-    SdsMessage.encode = (obj) => {
-        return encodeMessage(obj, SdsMessage.codec());
-    };
-    SdsMessage.decode = (buf, opts) => {
-        return decodeMessage(buf, SdsMessage.codec(), opts);
-    };
-})(SdsMessage || (SdsMessage = {}));
-
 /**
  * PeerExchangeRPC represents a message conforming to the Waku Peer Exchange protocol
  */
@@ -24203,7 +23863,7 @@ class WakuPeerExchange extends BaseProtocol {
         }
         let stream;
         try {
-            stream = await this.getStream(peerId);
+            stream = await this.getStream(peer);
         }
         catch (err) {
             log$2.error("Failed to get stream", err);
@@ -24418,7 +24078,7 @@ class PeerExchangeDiscovery extends TypedEventEmitter {
         const existingShardInfoBytes = peer.metadata.get("shardInfo");
         if (existingShardInfoBytes) {
             const existingShardInfo = decodeRelayShard(existingShardInfoBytes);
-            {
+            if (existingShardInfo || shardInfo) {
                 hasShardDiff =
                     existingShardInfo.clusterId !== shardInfo?.clusterId ||
                         existingShardInfo.shards.some((shard) => !shardInfo?.shards.includes(shard));