@zoralabs/protocol-deployments 0.6.4-PRE.0 → 0.6.4

package/dist/{secp256k1-XP7IUONI.js → secp256k1-QZA5SALG.js}

@@ -1,41 +1,99 @@
 import {
-  Hash,
-  aInRange,
-  abool,
-  abytes,
-  abytes2,
-  aexists,
-  ahash,
-  anumber,
-  aoutput,
-  bitLen,
-  bitMask,
-  bytesToHex,
-  bytesToNumberBE,
-  bytesToNumberLE,
-  clean,
-  concatBytes,
-  concatBytes2,
-  createHasher,
-  createHmacDrbg,
-  createView,
-  ensureBytes,
-  hexToBytes,
-  inRange,
-  isBytes,
-  memoized,
-  numberToBytesBE,
-  numberToBytesLE,
-  numberToHexUnpadded,
-  randomBytes,
-  rotr,
-  toBytes,
-  utf8ToBytes,
-  validateObject
-} from "./chunk-BYTNVMX7.js";
-import "./chunk-PR4QN5HX.js";
+  __export
+} from "./chunk-PR4QN5HX.js";
 
-// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/_md.js
+// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/_assert.js
+function anumber(n) {
+  if (!Number.isSafeInteger(n) || n < 0)
+    throw new Error("positive integer expected, got " + n);
+}
+function isBytes(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abytes(b, ...lengths) {
+  if (!isBytes(b))
+    throw new Error("Uint8Array expected");
+  if (lengths.length > 0 && !lengths.includes(b.length))
+    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
+}
+function ahash(h) {
+  if (typeof h !== "function" || typeof h.create !== "function")
+    throw new Error("Hash should be wrapped by utils.wrapConstructor");
+  anumber(h.outputLen);
+  anumber(h.blockLen);
+}
+function aexists(instance, checkFinished = true) {
+  if (instance.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (checkFinished && instance.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function aoutput(out, instance) {
+  abytes(out);
+  const min = instance.outputLen;
+  if (out.length < min) {
+    throw new Error("digestInto() expects output buffer of length at least " + min);
+  }
+}
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/cryptoNode.js
+import * as nc from "node:crypto";
+var crypto = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && "randomBytes" in nc ? nc : void 0;
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/utils.js
+var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
+var rotr = (word, shift) => word << 32 - shift | word >>> shift;
+function utf8ToBytes(str) {
+  if (typeof str !== "string")
+    throw new Error("utf8ToBytes expected string, got " + typeof str);
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+function toBytes(data) {
+  if (typeof data === "string")
+    data = utf8ToBytes(data);
+  abytes(data);
+  return data;
+}
+function concatBytes(...arrays) {
+  let sum = 0;
+  for (let i = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    abytes(a);
+    sum += a.length;
+  }
+  const res = new Uint8Array(sum);
+  for (let i = 0, pad = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    res.set(a, pad);
+    pad += a.length;
+  }
+  return res;
+}
+var Hash = class {
+  // Safe version that clones internal state
+  clone() {
+    return this._cloneInto();
+  }
+};
+function wrapConstructor(hashCons) {
+  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
+  const tmp = hashCons();
+  hashC.outputLen = tmp.outputLen;
+  hashC.blockLen = tmp.blockLen;
+  hashC.create = () => hashCons();
+  return hashC;
+}
+function randomBytes(bytesLength = 32) {
+  if (crypto && typeof crypto.getRandomValues === "function") {
+    return crypto.getRandomValues(new Uint8Array(bytesLength));
+  }
+  if (crypto && typeof crypto.randomBytes === "function") {
+    return crypto.randomBytes(bytesLength);
+  }
+  throw new Error("crypto.getRandomValues must be defined");
+}
+
+// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/_md.js
 function setBigUint64(view, byteOffset, value, isLE) {
   if (typeof view.setBigUint64 === "function")
     return view.setBigUint64(byteOffset, value, isLE);
@@ -48,31 +106,26 @@ function setBigUint64(view, byteOffset, value, isLE) {
   view.setUint32(byteOffset + h, wh, isLE);
   view.setUint32(byteOffset + l, wl, isLE);
 }
-function Chi(a, b, c) {
-  return a & b ^ ~a & c;
-}
-function Maj(a, b, c) {
-  return a & b ^ a & c ^ b & c;
-}
+var Chi = (a, b, c) => a & b ^ ~a & c;
+var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
 var HashMD = class extends Hash {
   constructor(blockLen, outputLen, padOffset, isLE) {
     super();
-    this.finished = false;
-    this.length = 0;
-    this.pos = 0;
-    this.destroyed = false;
     this.blockLen = blockLen;
     this.outputLen = outputLen;
     this.padOffset = padOffset;
     this.isLE = isLE;
+    this.finished = false;
+    this.length = 0;
+    this.pos = 0;
+    this.destroyed = false;
     this.buffer = new Uint8Array(blockLen);
     this.view = createView(this.buffer);
   }
   update(data) {
     aexists(this);
-    data = toBytes(data);
-    abytes(data);
     const { view, buffer, blockLen } = this;
+    data = toBytes(data);
     const len = data.length;
     for (let pos = 0; pos < len; ) {
       const take = Math.min(blockLen - this.pos, len - pos);
@@ -101,7 +154,7 @@ var HashMD = class extends Hash {
     const { buffer, view, blockLen, isLE } = this;
     let { pos } = this;
     buffer[pos++] = 128;
-    clean(this.buffer.subarray(pos));
+    this.buffer.subarray(pos).fill(0);
     if (this.padOffset > blockLen - pos) {
       this.process(view, 0);
       pos = 0;
@@ -132,31 +185,18 @@ var HashMD = class extends Hash {
     to || (to = new this.constructor());
     to.set(...this.get());
     const { blockLen, buffer, length, finished, destroyed, pos } = this;
-    to.destroyed = destroyed;
-    to.finished = finished;
     to.length = length;
     to.pos = pos;
+    to.finished = finished;
+    to.destroyed = destroyed;
     if (length % blockLen)
       to.buffer.set(buffer);
     return to;
   }
-  clone() {
-    return this._cloneInto();
-  }
 };
-var SHA256_IV = /* @__PURE__ */ Uint32Array.from([
-  1779033703,
-  3144134277,
-  1013904242,
-  2773480762,
-  1359893119,
-  2600822924,
-  528734635,
-  1541459225
-]);
 
-// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha2.js
-var SHA256_K = /* @__PURE__ */ Uint32Array.from([
+// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/sha256.js
+var SHA256_K = /* @__PURE__ */ new Uint32Array([
   1116352408,
   1899447441,
   3049323471,
@@ -222,10 +262,20 @@ var SHA256_K = /* @__PURE__ */ Uint32Array.from([
   3204031479,
   3329325298
 ]);
+var SHA256_IV = /* @__PURE__ */ new Uint32Array([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]);
 var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
 var SHA256 = class extends HashMD {
-  constructor(outputLen = 32) {
-    super(64, outputLen, 8, false);
+  constructor() {
+    super(64, 32, 8, false);
     this.A = SHA256_IV[0] | 0;
     this.B = SHA256_IV[1] | 0;
     this.C = SHA256_IV[2] | 0;
@@ -286,16 +336,16 @@ var SHA256 = class extends HashMD {
     this.set(A, B, C, D, E, F, G, H);
   }
   roundClean() {
-    clean(SHA256_W);
+    SHA256_W.fill(0);
   }
   destroy() {
     this.set(0, 0, 0, 0, 0, 0, 0, 0);
-    clean(this.buffer);
+    this.buffer.fill(0);
   }
 };
-var sha256 = /* @__PURE__ */ createHasher(() => new SHA256());
+var sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
 
-// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/hmac.js
+// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/hmac.js
 var HMAC = class extends Hash {
   constructor(hash, _key) {
     super();
@@ -318,7 +368,7 @@ var HMAC = class extends Hash {
     for (let i = 0; i < pad.length; i++)
       pad[i] ^= 54 ^ 92;
     this.oHash.update(pad);
-    clean(pad);
+    pad.fill(0);
   }
   update(buf) {
     aexists(this);
@@ -351,9 +401,6 @@ var HMAC = class extends Hash {
     to.iHash = iHash._cloneInto(to.iHash);
     return to;
   }
-  clone() {
-    return this._cloneInto();
-  }
   destroy() {
     this.destroyed = true;
     this.oHash.destroy();
@@ -363,35 +410,321 @@ var HMAC = class extends Hash {
 var hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
 hmac.create = (hash, key) => new HMAC(hash, key);
 
-// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/modular.js
-var _0n = BigInt(0);
-var _1n = BigInt(1);
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/utils.js
+var utils_exports = {};
+__export(utils_exports, {
+  aInRange: () => aInRange,
+  abool: () => abool,
+  abytes: () => abytes2,
+  bitGet: () => bitGet,
+  bitLen: () => bitLen,
+  bitMask: () => bitMask,
+  bitSet: () => bitSet,
+  bytesToHex: () => bytesToHex,
+  bytesToNumberBE: () => bytesToNumberBE,
+  bytesToNumberLE: () => bytesToNumberLE,
+  concatBytes: () => concatBytes2,
+  createHmacDrbg: () => createHmacDrbg,
+  ensureBytes: () => ensureBytes,
+  equalBytes: () => equalBytes,
+  hexToBytes: () => hexToBytes,
+  hexToNumber: () => hexToNumber,
+  inRange: () => inRange,
+  isBytes: () => isBytes2,
+  memoized: () => memoized,
+  notImplemented: () => notImplemented,
+  numberToBytesBE: () => numberToBytesBE,
+  numberToBytesLE: () => numberToBytesLE,
+  numberToHexUnpadded: () => numberToHexUnpadded,
+  numberToVarBytesBE: () => numberToVarBytesBE,
+  utf8ToBytes: () => utf8ToBytes2,
+  validateObject: () => validateObject
+});
+var _0n = /* @__PURE__ */ BigInt(0);
+var _1n = /* @__PURE__ */ BigInt(1);
 var _2n = /* @__PURE__ */ BigInt(2);
+function isBytes2(a) {
+  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
+}
+function abytes2(item) {
+  if (!isBytes2(item))
+    throw new Error("Uint8Array expected");
+}
+function abool(title, value) {
+  if (typeof value !== "boolean")
+    throw new Error(title + " boolean expected, got " + value);
+}
+var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
+function bytesToHex(bytes) {
+  abytes2(bytes);
+  let hex = "";
+  for (let i = 0; i < bytes.length; i++) {
+    hex += hexes[bytes[i]];
+  }
+  return hex;
+}
+function numberToHexUnpadded(num2) {
+  const hex = num2.toString(16);
+  return hex.length & 1 ? "0" + hex : hex;
+}
+function hexToNumber(hex) {
+  if (typeof hex !== "string")
+    throw new Error("hex string expected, got " + typeof hex);
+  return hex === "" ? _0n : BigInt("0x" + hex);
+}
+var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function asciiToBase16(ch) {
+  if (ch >= asciis._0 && ch <= asciis._9)
+    return ch - asciis._0;
+  if (ch >= asciis.A && ch <= asciis.F)
+    return ch - (asciis.A - 10);
+  if (ch >= asciis.a && ch <= asciis.f)
+    return ch - (asciis.a - 10);
+  return;
+}
+function hexToBytes(hex) {
+  if (typeof hex !== "string")
+    throw new Error("hex string expected, got " + typeof hex);
+  const hl = hex.length;
+  const al = hl / 2;
+  if (hl % 2)
+    throw new Error("hex string expected, got unpadded hex of length " + hl);
+  const array = new Uint8Array(al);
+  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
+    const n1 = asciiToBase16(hex.charCodeAt(hi));
+    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
+    if (n1 === void 0 || n2 === void 0) {
+      const char = hex[hi] + hex[hi + 1];
+      throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
+    }
+    array[ai] = n1 * 16 + n2;
+  }
+  return array;
+}
+function bytesToNumberBE(bytes) {
+  return hexToNumber(bytesToHex(bytes));
+}
+function bytesToNumberLE(bytes) {
+  abytes2(bytes);
+  return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
+}
+function numberToBytesBE(n, len) {
+  return hexToBytes(n.toString(16).padStart(len * 2, "0"));
+}
+function numberToBytesLE(n, len) {
+  return numberToBytesBE(n, len).reverse();
+}
+function numberToVarBytesBE(n) {
+  return hexToBytes(numberToHexUnpadded(n));
+}
+function ensureBytes(title, hex, expectedLength) {
+  let res;
+  if (typeof hex === "string") {
+    try {
+      res = hexToBytes(hex);
+    } catch (e) {
+      throw new Error(title + " must be hex string or Uint8Array, cause: " + e);
+    }
+  } else if (isBytes2(hex)) {
+    res = Uint8Array.from(hex);
+  } else {
+    throw new Error(title + " must be hex string or Uint8Array");
+  }
+  const len = res.length;
+  if (typeof expectedLength === "number" && len !== expectedLength)
+    throw new Error(title + " of length " + expectedLength + " expected, got " + len);
+  return res;
+}
+function concatBytes2(...arrays) {
+  let sum = 0;
+  for (let i = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    abytes2(a);
+    sum += a.length;
+  }
+  const res = new Uint8Array(sum);
+  for (let i = 0, pad = 0; i < arrays.length; i++) {
+    const a = arrays[i];
+    res.set(a, pad);
+    pad += a.length;
+  }
+  return res;
+}
+function equalBytes(a, b) {
+  if (a.length !== b.length)
+    return false;
+  let diff = 0;
+  for (let i = 0; i < a.length; i++)
+    diff |= a[i] ^ b[i];
+  return diff === 0;
+}
+function utf8ToBytes2(str) {
+  if (typeof str !== "string")
+    throw new Error("string expected");
+  return new Uint8Array(new TextEncoder().encode(str));
+}
+var isPosBig = (n) => typeof n === "bigint" && _0n <= n;
+function inRange(n, min, max) {
+  return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
+}
+function aInRange(title, n, min, max) {
+  if (!inRange(n, min, max))
+    throw new Error("expected valid " + title + ": " + min + " <= n < " + max + ", got " + n);
+}
+function bitLen(n) {
+  let len;
+  for (len = 0; n > _0n; n >>= _1n, len += 1)
+    ;
+  return len;
+}
+function bitGet(n, pos) {
+  return n >> BigInt(pos) & _1n;
+}
+function bitSet(n, pos, value) {
+  return n | (value ? _1n : _0n) << BigInt(pos);
+}
+var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
+var u8n = (data) => new Uint8Array(data);
+var u8fr = (arr) => Uint8Array.from(arr);
+function createHmacDrbg(hashLen, qByteLen, hmacFn) {
+  if (typeof hashLen !== "number" || hashLen < 2)
+    throw new Error("hashLen must be a number");
+  if (typeof qByteLen !== "number" || qByteLen < 2)
+    throw new Error("qByteLen must be a number");
+  if (typeof hmacFn !== "function")
+    throw new Error("hmacFn must be a function");
+  let v = u8n(hashLen);
+  let k = u8n(hashLen);
+  let i = 0;
+  const reset = () => {
+    v.fill(1);
+    k.fill(0);
+    i = 0;
+  };
+  const h = (...b) => hmacFn(k, v, ...b);
+  const reseed = (seed = u8n()) => {
+    k = h(u8fr([0]), seed);
+    v = h();
+    if (seed.length === 0)
+      return;
+    k = h(u8fr([1]), seed);
+    v = h();
+  };
+  const gen = () => {
+    if (i++ >= 1e3)
+      throw new Error("drbg: tried 1000 values");
+    let len = 0;
+    const out = [];
+    while (len < qByteLen) {
+      v = h();
+      const sl = v.slice();
+      out.push(sl);
+      len += v.length;
+    }
+    return concatBytes2(...out);
+  };
+  const genUntil = (seed, pred) => {
+    reset();
+    reseed(seed);
+    let res = void 0;
+    while (!(res = pred(gen())))
+      reseed();
+    reset();
+    return res;
+  };
+  return genUntil;
+}
+var validatorFns = {
+  bigint: (val) => typeof val === "bigint",
+  function: (val) => typeof val === "function",
+  boolean: (val) => typeof val === "boolean",
+  string: (val) => typeof val === "string",
+  stringOrUint8Array: (val) => typeof val === "string" || isBytes2(val),
+  isSafeInteger: (val) => Number.isSafeInteger(val),
+  array: (val) => Array.isArray(val),
+  field: (val, object) => object.Fp.isValid(val),
+  hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
+};
+function validateObject(object, validators, optValidators = {}) {
+  const checkField = (fieldName, type, isOptional) => {
+    const checkVal = validatorFns[type];
+    if (typeof checkVal !== "function")
+      throw new Error("invalid validator function");
+    const val = object[fieldName];
+    if (isOptional && val === void 0)
+      return;
+    if (!checkVal(val, object)) {
+      throw new Error("param " + String(fieldName) + " is invalid. Expected " + type + ", got " + val);
+    }
+  };
+  for (const [fieldName, type] of Object.entries(validators))
+    checkField(fieldName, type, false);
+  for (const [fieldName, type] of Object.entries(optValidators))
+    checkField(fieldName, type, true);
+  return object;
+}
+var notImplemented = () => {
+  throw new Error("not implemented");
+};
+function memoized(fn) {
+  const map = /* @__PURE__ */ new WeakMap();
+  return (arg, ...args) => {
+    const val = map.get(arg);
+    if (val !== void 0)
+      return val;
+    const computed = fn(arg, ...args);
+    map.set(arg, computed);
+    return computed;
+  };
+}
+
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/modular.js
+var _0n2 = BigInt(0);
+var _1n2 = BigInt(1);
+var _2n2 = /* @__PURE__ */ BigInt(2);
 var _3n = /* @__PURE__ */ BigInt(3);
 var _4n = /* @__PURE__ */ BigInt(4);
 var _5n = /* @__PURE__ */ BigInt(5);
 var _8n = /* @__PURE__ */ BigInt(8);
+var _9n = /* @__PURE__ */ BigInt(9);
+var _16n = /* @__PURE__ */ BigInt(16);
 function mod(a, b) {
   const result = a % b;
-  return result >= _0n ? result : b + result;
+  return result >= _0n2 ? result : b + result;
+}
+function pow(num2, power, modulo) {
+  if (power < _0n2)
+    throw new Error("invalid exponent, negatives unsupported");
+  if (modulo <= _0n2)
+    throw new Error("invalid modulus");
+  if (modulo === _1n2)
+    return _0n2;
+  let res = _1n2;
+  while (power > _0n2) {
+    if (power & _1n2)
+      res = res * num2 % modulo;
+    num2 = num2 * num2 % modulo;
+    power >>= _1n2;
+  }
+  return res;
 }
 function pow2(x, power, modulo) {
   let res = x;
-  while (power-- > _0n) {
+  while (power-- > _0n2) {
     res *= res;
     res %= modulo;
   }
   return res;
 }
 function invert(number, modulo) {
-  if (number === _0n)
+  if (number === _0n2)
     throw new Error("invert: expected non-zero number");
-  if (modulo <= _0n)
+  if (modulo <= _0n2)
     throw new Error("invert: expected positive modulus, got " + modulo);
   let a = mod(number, modulo);
   let b = modulo;
-  let x = _0n, y = _1n, u = _1n, v = _0n;
-  while (a !== _0n) {
+  let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
+  while (a !== _0n2) {
     const q = b / a;
     const r = b % a;
     const m = x - u * q;
@@ -399,82 +732,79 @@ function invert(number, modulo) {
     b = a, a = r, x = u, y = v, u = m, v = n;
   }
   const gcd = b;
-  if (gcd !== _1n)
+  if (gcd !== _1n2)
     throw new Error("invert: does not exist");
   return mod(x, modulo);
 }
-function sqrt3mod4(Fp, n) {
-  const p1div4 = (Fp.ORDER + _1n) / _4n;
-  const root = Fp.pow(n, p1div4);
-  if (!Fp.eql(Fp.sqr(root), n))
-    throw new Error("Cannot find square root");
-  return root;
-}
-function sqrt5mod8(Fp, n) {
-  const p5div8 = (Fp.ORDER - _5n) / _8n;
-  const n2 = Fp.mul(n, _2n);
-  const v = Fp.pow(n2, p5div8);
-  const nv = Fp.mul(n, v);
-  const i = Fp.mul(Fp.mul(nv, _2n), v);
-  const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
-  if (!Fp.eql(Fp.sqr(root), n))
-    throw new Error("Cannot find square root");
-  return root;
-}
 function tonelliShanks(P) {
-  if (P < BigInt(3))
-    throw new Error("sqrt is not defined for small field");
-  let Q = P - _1n;
-  let S = 0;
-  while (Q % _2n === _0n) {
-    Q /= _2n;
-    S++;
-  }
-  let Z = _2n;
-  const _Fp = Field(P);
-  while (FpLegendre(_Fp, Z) === 1) {
-    if (Z++ > 1e3)
-      throw new Error("Cannot find square root: probably non-prime P");
-  }
-  if (S === 1)
-    return sqrt3mod4;
-  let cc = _Fp.pow(Z, Q);
-  const Q1div2 = (Q + _1n) / _2n;
+  const legendreC = (P - _1n2) / _2n2;
+  let Q, S, Z;
+  for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
+    ;
+  for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++) {
+    if (Z > 1e3)
+      throw new Error("Cannot find square root: likely non-prime P");
+  }
+  if (S === 1) {
+    const p1div4 = (P + _1n2) / _4n;
+    return function tonelliFast(Fp, n) {
+      const root = Fp.pow(n, p1div4);
+      if (!Fp.eql(Fp.sqr(root), n))
+        throw new Error("Cannot find square root");
+      return root;
+    };
+  }
+  const Q1div2 = (Q + _1n2) / _2n2;
   return function tonelliSlow(Fp, n) {
-    if (Fp.is0(n))
-      return n;
-    if (FpLegendre(Fp, n) !== 1)
+    if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))
       throw new Error("Cannot find square root");
-    let M = S;
-    let c = Fp.mul(Fp.ONE, cc);
-    let t = Fp.pow(n, Q);
-    let R = Fp.pow(n, Q1div2);
-    while (!Fp.eql(t, Fp.ONE)) {
-      if (Fp.is0(t))
+    let r = S;
+    let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q);
+    let x = Fp.pow(n, Q1div2);
+    let b = Fp.pow(n, Q);
+    while (!Fp.eql(b, Fp.ONE)) {
+      if (Fp.eql(b, Fp.ZERO))
         return Fp.ZERO;
-      let i = 1;
-      let t_tmp = Fp.sqr(t);
-      while (!Fp.eql(t_tmp, Fp.ONE)) {
-        i++;
-        t_tmp = Fp.sqr(t_tmp);
-        if (i === M)
-          throw new Error("Cannot find square root");
+      let m = 1;
+      for (let t2 = Fp.sqr(b); m < r; m++) {
+        if (Fp.eql(t2, Fp.ONE))
+          break;
+        t2 = Fp.sqr(t2);
       }
-      const exponent = _1n << BigInt(M - i - 1);
-      const b = Fp.pow(c, exponent);
-      M = i;
-      c = Fp.sqr(b);
-      t = Fp.mul(t, c);
-      R = Fp.mul(R, b);
-    }
-    return R;
+      const ge = Fp.pow(g, _1n2 << BigInt(r - m - 1));
+      g = Fp.sqr(ge);
+      x = Fp.mul(x, ge);
+      b = Fp.mul(b, g);
+      r = m;
+    }
+    return x;
   };
 }
 function FpSqrt(P) {
-  if (P % _4n === _3n)
-    return sqrt3mod4;
-  if (P % _8n === _5n)
-    return sqrt5mod8;
+  if (P % _4n === _3n) {
+    const p1div4 = (P + _1n2) / _4n;
+    return function sqrt3mod4(Fp, n) {
+      const root = Fp.pow(n, p1div4);
+      if (!Fp.eql(Fp.sqr(root), n))
+        throw new Error("Cannot find square root");
+      return root;
+    };
+  }
+  if (P % _8n === _5n) {
+    const c1 = (P - _5n) / _8n;
+    return function sqrt5mod8(Fp, n) {
+      const n2 = Fp.mul(n, _2n2);
+      const v = Fp.pow(n2, c1);
+      const nv = Fp.mul(n, v);
+      const i = Fp.mul(Fp.mul(nv, _2n2), v);
+      const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
+      if (!Fp.eql(Fp.sqr(root), n))
+        throw new Error("Cannot find square root");
+      return root;
+    };
+  }
+  if (P % _16n === _9n) {
+  }
   return tonelliShanks(P);
 }
 var FIELD_FIELDS = [
@@ -509,59 +839,47 @@ function validateField(field) {
   }, initial);
   return validateObject(field, opts);
 }
-function FpPow(Fp, num2, power) {
-  if (power < _0n)
+function FpPow(f, num2, power) {
+  if (power < _0n2)
     throw new Error("invalid exponent, negatives unsupported");
-  if (power === _0n)
-    return Fp.ONE;
-  if (power === _1n)
+  if (power === _0n2)
+    return f.ONE;
+  if (power === _1n2)
     return num2;
-  let p = Fp.ONE;
+  let p = f.ONE;
   let d = num2;
-  while (power > _0n) {
-    if (power & _1n)
-      p = Fp.mul(p, d);
-    d = Fp.sqr(d);
-    power >>= _1n;
+  while (power > _0n2) {
+    if (power & _1n2)
+      p = f.mul(p, d);
+    d = f.sqr(d);
+    power >>= _1n2;
   }
   return p;
 }
-function FpInvertBatch(Fp, nums, passZero = false) {
-  const inverted = new Array(nums.length).fill(passZero ? Fp.ZERO : void 0);
-  const multipliedAcc = nums.reduce((acc, num2, i) => {
-    if (Fp.is0(num2))
+function FpInvertBatch(f, nums) {
+  const tmp = new Array(nums.length);
+  const lastMultiplied = nums.reduce((acc, num2, i) => {
+    if (f.is0(num2))
       return acc;
-    inverted[i] = acc;
-    return Fp.mul(acc, num2);
-  }, Fp.ONE);
-  const invertedAcc = Fp.inv(multipliedAcc);
+    tmp[i] = acc;
+    return f.mul(acc, num2);
+  }, f.ONE);
+  const inverted = f.inv(lastMultiplied);
   nums.reduceRight((acc, num2, i) => {
-    if (Fp.is0(num2))
+    if (f.is0(num2))
       return acc;
-    inverted[i] = Fp.mul(acc, inverted[i]);
-    return Fp.mul(acc, num2);
-  }, invertedAcc);
-  return inverted;
-}
-function FpLegendre(Fp, n) {
-  const p1mod2 = (Fp.ORDER - _1n) / _2n;
-  const powered = Fp.pow(n, p1mod2);
-  const yes = Fp.eql(powered, Fp.ONE);
-  const zero = Fp.eql(powered, Fp.ZERO);
-  const no = Fp.eql(powered, Fp.neg(Fp.ONE));
-  if (!yes && !zero && !no)
-    throw new Error("invalid Legendre symbol result");
-  return yes ? 1 : zero ? 0 : -1;
+    tmp[i] = f.mul(acc, tmp[i]);
+    return f.mul(acc, num2);
+  }, inverted);
+  return tmp;
 }
 function nLength(n, nBitLength) {
-  if (nBitLength !== void 0)
-    anumber(nBitLength);
   const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
   const nByteLength = Math.ceil(_nBitLength / 8);
   return { nBitLength: _nBitLength, nByteLength };
 }
 function Field(ORDER, bitLen2, isLE = false, redef = {}) {
-  if (ORDER <= _0n)
+  if (ORDER <= _0n2)
     throw new Error("invalid field: expected ORDER > 0, got " + ORDER);
   const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
   if (BYTES > 2048)
@@ -569,20 +887,19 @@ function Field(ORDER, bitLen2, isLE = false, redef = {}) {
   let sqrtP;
   const f = Object.freeze({
     ORDER,
-    isLE,
     BITS,
     BYTES,
     MASK: bitMask(BITS),
-    ZERO: _0n,
-    ONE: _1n,
+    ZERO: _0n2,
+    ONE: _1n2,
     create: (num2) => mod(num2, ORDER),
     isValid: (num2) => {
       if (typeof num2 !== "bigint")
         throw new Error("invalid field element: expected bigint, got " + typeof num2);
-      return _0n <= num2 && num2 < ORDER;
+      return _0n2 <= num2 && num2 < ORDER;
     },
-    is0: (num2) => num2 === _0n,
-    isOdd: (num2) => (num2 & _1n) === _1n,
+    is0: (num2) => num2 === _0n2,
+    isOdd: (num2) => (num2 & _1n2) === _1n2,
     neg: (num2) => mod(-num2, ORDER),
     eql: (lhs, rhs) => lhs === rhs,
     sqr: (num2) => mod(num2 * num2, ORDER),
@@ -602,17 +919,16 @@ function Field(ORDER, bitLen2, isLE = false, redef = {}) {
         sqrtP = FpSqrt(ORDER);
       return sqrtP(f, n);
     }),
+    invertBatch: (lst) => FpInvertBatch(f, lst),
+    // TODO: do we really need constant cmov?
+    // We don't have const-time bigints anyway, so probably will be not very useful
+    cmov: (a, b, c) => c ? b : a,
     toBytes: (num2) => isLE ? numberToBytesLE(num2, BYTES) : numberToBytesBE(num2, BYTES),
     fromBytes: (bytes) => {
       if (bytes.length !== BYTES)
         throw new Error("Field.fromBytes: expected " + BYTES + " bytes, got " + bytes.length);
       return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
-    },
-    // TODO: we don't need it here, move out to separate fn
-    invertBatch: (lst) => FpInvertBatch(f, lst),
-    // We can't move this out because Fp6, Fp12 implement it
-    // and it's unclear what to return in there.
-    cmov: (a, b, c) => c ? b : a
+    }
   });
   return Object.freeze(f);
 }
@@ -632,14 +948,14 @@ function mapHashToField(key, fieldOrder, isLE = false) {
   const minLen = getMinHashLength(fieldOrder);
   if (len < 16 || len < minLen || len > 1024)
     throw new Error("expected " + minLen + "-1024 bytes of input, got " + len);
-  const num2 = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);
-  const reduced = mod(num2, fieldOrder - _1n) + _1n;
+  const num2 = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);
+  const reduced = mod(num2, fieldOrder - _1n2) + _1n2;
   return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/curve.js
-var _0n2 = BigInt(0);
-var _1n2 = BigInt(1);
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/curve.js
+var _0n3 = BigInt(0);
+var _1n3 = BigInt(1);
 function constTimeNegate(condition, item) {
   const neg = item.negate();
   return condition ? neg : item;
@@ -648,30 +964,11 @@ function validateW(W, bits) {
   if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
     throw new Error("invalid window size, expected [1.." + bits + "], got W=" + W);
 }
-function calcWOpts(W, scalarBits) {
-  validateW(W, scalarBits);
-  const windows = Math.ceil(scalarBits / W) + 1;
+function calcWOpts(W, bits) {
+  validateW(W, bits);
+  const windows = Math.ceil(bits / W) + 1;
   const windowSize = 2 ** (W - 1);
-  const maxNumber = 2 ** W;
-  const mask = bitMask(W);
-  const shiftBy = BigInt(W);
-  return { windows, windowSize, mask, maxNumber, shiftBy };
-}
-function calcOffsets(n, window, wOpts) {
-  const { windowSize, mask, maxNumber, shiftBy } = wOpts;
-  let wbits = Number(n & mask);
-  let nextN = n >> shiftBy;
-  if (wbits > windowSize) {
-    wbits -= maxNumber;
-    nextN += _1n2;
-  }
-  const offsetStart = window * windowSize;
-  const offset = offsetStart + Math.abs(wbits) - 1;
-  const isZero = wbits === 0;
-  const isNeg = wbits < 0;
-  const isNegF = window % 2 !== 0;
-  const offsetF = offsetStart;
-  return { nextN, offset, isZero, isNeg, isNegF, offsetF };
+  return { windows, windowSize };
 }
 function validateMSMPoints(points, c) {
   if (!Array.isArray(points))
@@ -703,11 +1000,11 @@ function wNAF(c, bits) {
     // non-const time multiplication ladder
     unsafeLadder(elm, n, p = c.ZERO) {
       let d = elm;
-      while (n > _0n2) {
-        if (n & _1n2)
+      while (n > _0n3) {
+        if (n & _1n3)
           p = p.add(d);
         d = d.double();
-        n >>= _1n2;
+        n >>= _1n3;
       }
       return p;
     },
@@ -747,16 +1044,28 @@ function wNAF(c, bits) {
      * @returns real and fake (for const-time) points
      */
     wNAF(W, precomputes, n) {
+      const { windows, windowSize } = calcWOpts(W, bits);
       let p = c.ZERO;
       let f = c.BASE;
-      const wo = calcWOpts(W, bits);
-      for (let window = 0; window < wo.windows; window++) {
-        const { nextN, offset, isZero, isNeg, isNegF, offsetF } = calcOffsets(n, window, wo);
-        n = nextN;
-        if (isZero) {
-          f = f.add(constTimeNegate(isNegF, precomputes[offsetF]));
+      const mask = BigInt(2 ** W - 1);
+      const maxNumber = 2 ** W;
+      const shiftBy = BigInt(W);
+      for (let window = 0; window < windows; window++) {
+        const offset = window * windowSize;
+        let wbits = Number(n & mask);
+        n >>= shiftBy;
+        if (wbits > windowSize) {
+          wbits -= maxNumber;
+          n += _1n3;
+        }
+        const offset1 = offset;
+        const offset2 = offset + Math.abs(wbits) - 1;
+        const cond1 = window % 2 !== 0;
+        const cond2 = wbits < 0;
+        if (wbits === 0) {
+          f = f.add(constTimeNegate(cond1, precomputes[offset1]));
         } else {
-          p = p.add(constTimeNegate(isNeg, precomputes[offset]));
+          p = p.add(constTimeNegate(cond2, precomputes[offset2]));
         }
       }
       return { p, f };
@@ -770,18 +1079,26 @@ function wNAF(c, bits) {
      * @returns point
      */
     wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
-      const wo = calcWOpts(W, bits);
-      for (let window = 0; window < wo.windows; window++) {
-        if (n === _0n2)
+      const { windows, windowSize } = calcWOpts(W, bits);
+      const mask = BigInt(2 ** W - 1);
+      const maxNumber = 2 ** W;
+      const shiftBy = BigInt(W);
+      for (let window = 0; window < windows; window++) {
+        const offset = window * windowSize;
+        if (n === _0n3)
           break;
-        const { nextN, offset, isZero, isNeg } = calcOffsets(n, window, wo);
-        n = nextN;
-        if (isZero) {
-          continue;
-        } else {
-          const item = precomputes[offset];
-          acc = acc.add(isNeg ? item.negate() : item);
+        let wbits = Number(n & mask);
+        n >>= shiftBy;
+        if (wbits > windowSize) {
+          wbits -= maxNumber;
+          n += _1n3;
         }
+        if (wbits === 0)
+          continue;
+        let curr = precomputes[offset + Math.abs(wbits) - 1];
+        if (wbits < 0)
+          curr = curr.negate();
+        acc = acc.add(curr);
       }
       return acc;
     },
@@ -817,28 +1134,20 @@ function wNAF(c, bits) {
 function pippenger(c, fieldN, points, scalars) {
   validateMSMPoints(points, c);
   validateMSMScalars(scalars, fieldN);
-  const plength = points.length;
-  const slength = scalars.length;
-  if (plength !== slength)
+  if (points.length !== scalars.length)
     throw new Error("arrays of points and scalars must have equal length");
   const zero = c.ZERO;
-  const wbits = bitLen(BigInt(plength));
-  let windowSize = 1;
-  if (wbits > 12)
-    windowSize = wbits - 3;
-  else if (wbits > 4)
-    windowSize = wbits - 2;
-  else if (wbits > 0)
-    windowSize = 2;
-  const MASK = bitMask(windowSize);
-  const buckets = new Array(Number(MASK) + 1).fill(zero);
+  const wbits = bitLen(BigInt(points.length));
+  const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1;
+  const MASK = (1 << windowSize) - 1;
+  const buckets = new Array(MASK + 1).fill(zero);
   const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) * windowSize;
   let sum = zero;
   for (let i = lastBits; i >= 0; i -= windowSize) {
     buckets.fill(zero);
-    for (let j = 0; j < slength; j++) {
+    for (let j = 0; j < scalars.length; j++) {
       const scalar = scalars[j];
-      const wbits2 = Number(scalar >> BigInt(i) & MASK);
+      const wbits2 = Number(scalar >> BigInt(i) & BigInt(MASK));
       buckets[wbits2] = buckets[wbits2].add(points[j]);
     }
     let resI = zero;
@@ -871,7 +1180,7 @@ function validateBasic(curve) {
   });
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/weierstrass.js
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/weierstrass.js
 function validateSigVerOpts(opts) {
   if (opts.lowS !== void 0)
     abool("lowS", opts.lowS);
@@ -884,33 +1193,33 @@ function validatePointOpts(curve) {
     a: "field",
     b: "field"
   }, {
-    allowInfinityPoint: "boolean",
     allowedPrivateKeyLengths: "array",
+    wrapPrivateKey: "boolean",
+    isTorsionFree: "function",
     clearCofactor: "function",
+    allowInfinityPoint: "boolean",
     fromBytes: "function",
-    isTorsionFree: "function",
-    toBytes: "function",
-    wrapPrivateKey: "boolean"
+    toBytes: "function"
   });
   const { endo, Fp, a } = opts;
   if (endo) {
     if (!Fp.eql(a, Fp.ZERO)) {
-      throw new Error("invalid endo: CURVE.a must be 0");
+      throw new Error("invalid endomorphism, can only be defined for Koblitz curves that have a=0");
     }
     if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
-      throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function');
+      throw new Error("invalid endomorphism, expected beta: bigint and splitScalar: function");
     }
   }
   return Object.freeze({ ...opts });
 }
-var DERErr = class extends Error {
-  constructor(m = "") {
-    super(m);
-  }
-};
+var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
 var DER = {
   // asn.1 DER encoding utils
-  Err: DERErr,
+  Err: class DERErr extends Error {
+    constructor(m = "") {
+      super(m);
+    }
+  },
   // Basic building block is TLV (Tag-Length-Value)
   _tlv: {
     encode: (tag, data) => {
@@ -970,7 +1279,7 @@ var DER = {
   _int: {
     encode(num2) {
       const { Err: E } = DER;
-      if (num2 < _0n3)
+      if (num2 < _0n4)
         throw new E("integer: negative integers are not allowed");
       let hex = numberToHexUnpadded(num2);
       if (Number.parseInt(hex[0], 16) & 8)
@@ -985,12 +1294,13 @@ var DER = {
         throw new E("invalid signature integer: negative");
       if (data[0] === 0 && !(data[1] & 128))
         throw new E("invalid signature integer: unnecessary leading zero");
-      return bytesToNumberBE(data);
+      return b2n(data);
     }
   },
   toSig(hex) {
     const { Err: E, _int: int, _tlv: tlv } = DER;
-    const data = ensureBytes("signature", hex);
+    const data = typeof hex === "string" ? h2b(hex) : hex;
+    abytes2(data);
     const { v: seqBytes, l: seqLeftBytes } = tlv.decode(48, data);
     if (seqLeftBytes.length)
       throw new E("invalid signature: left bytes after parsing");
@@ -1008,12 +1318,9 @@ var DER = {
     return tlv.encode(48, seq);
   }
 };
-function numToSizedHex(num2, size) {
-  return bytesToHex(numberToBytesBE(num2, size));
-}
-var _0n3 = BigInt(0);
-var _1n3 = BigInt(1);
-var _2n2 = BigInt(2);
+var _0n4 = BigInt(0);
+var _1n4 = BigInt(1);
+var _2n3 = BigInt(2);
 var _3n2 = BigInt(3);
 var _4n2 = BigInt(4);
 function weierstrassPoints(opts) {
@@ -1036,24 +1343,15 @@ function weierstrassPoints(opts) {
     const x3 = Fp.mul(x2, x);
     return Fp.add(Fp.add(x3, Fp.mul(x, a)), b);
   }
-  function isValidXY(x, y) {
-    const left = Fp.sqr(y);
-    const right = weierstrassEquation(x);
-    return Fp.eql(left, right);
-  }
-  if (!isValidXY(CURVE.Gx, CURVE.Gy))
-    throw new Error("bad curve params: generator point");
-  const _4a3 = Fp.mul(Fp.pow(CURVE.a, _3n2), _4n2);
-  const _27b2 = Fp.mul(Fp.sqr(CURVE.b), BigInt(27));
-  if (Fp.is0(Fp.add(_4a3, _27b2)))
-    throw new Error("bad curve params: a or b");
+  if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
+    throw new Error("bad generator point: equation left != right");
   function isWithinCurveOrder(num2) {
-    return inRange(num2, _1n3, CURVE.n);
+    return inRange(num2, _1n4, CURVE.n);
   }
   function normPrivateKeyToScalar(key) {
     const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;
     if (lengths && typeof key !== "bigint") {
-      if (isBytes(key))
+      if (isBytes2(key))
         key = bytesToHex(key);
       if (typeof key !== "string" || !lengths.includes(key.length))
         throw new Error("invalid private key");
@@ -1067,10 +1365,10 @@ function weierstrassPoints(opts) {
     }
     if (wrapPrivateKey)
       num2 = mod(num2, N);
-    aInRange("private key", num2, _1n3, N);
+    aInRange("private key", num2, _1n4, N);
     return num2;
   }
-  function aprjpoint(other) {
+  function assertPrjPoint(other) {
     if (!(other instanceof Point2))
       throw new Error("ProjectivePoint expected");
   }
@@ -1099,7 +1397,9 @@ function weierstrassPoints(opts) {
     const { x, y } = p.toAffine();
     if (!Fp.isValid(x) || !Fp.isValid(y))
       throw new Error("bad point: x or y not FE");
-    if (!isValidXY(x, y))
+    const left = Fp.sqr(y);
+    const right = weierstrassEquation(x);
+    if (!Fp.eql(left, right))
       throw new Error("bad point: equation left != right");
     if (!p.isTorsionFree())
       throw new Error("bad point: not in prime-order subgroup");
@@ -1107,15 +1407,15 @@ function weierstrassPoints(opts) {
   });
   class Point2 {
     constructor(px, py, pz) {
+      this.px = px;
+      this.py = py;
+      this.pz = pz;
       if (px == null || !Fp.isValid(px))
         throw new Error("x required");
-      if (py == null || !Fp.isValid(py) || Fp.is0(py))
+      if (py == null || !Fp.isValid(py))
         throw new Error("y required");
       if (pz == null || !Fp.isValid(pz))
         throw new Error("z required");
-      this.px = px;
-      this.py = py;
-      this.pz = pz;
       Object.freeze(this);
     }
     // Does not validate if the point is on-curve.
@@ -1144,7 +1444,7 @@ function weierstrassPoints(opts) {
      * Optimization: converts a list of projective points to a list of identical points with Z=1.
      */
     static normalizeZ(points) {
-      const toInv = FpInvertBatch(Fp, points.map((p) => p.pz));
+      const toInv = Fp.invertBatch(points.map((p) => p.pz));
       return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
     }
     /**
@@ -1182,7 +1482,7 @@ function weierstrassPoints(opts) {
      * Compare one point to another.
      */
     equals(other) {
-      aprjpoint(other);
+      assertPrjPoint(other);
       const { px: X1, py: Y1, pz: Z1 } = this;
       const { px: X2, py: Y2, pz: Z2 } = other;
       const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));
@@ -1242,7 +1542,7 @@ function weierstrassPoints(opts) {
     // https://eprint.iacr.org/2015/1060, algorithm 1
     // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
     add(other) {
-      aprjpoint(other);
+      assertPrjPoint(other);
       const { px: X1, py: Y1, pz: Z1 } = this;
       const { px: X2, py: Y2, pz: Z2 } = other;
       let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO;
@@ -1305,33 +1605,33 @@ function weierstrassPoints(opts) {
      * an exposed private key e.g. sig verification, which works over *public* keys.
      */
     multiplyUnsafe(sc) {
-      const { endo: endo2, n: N } = CURVE;
-      aInRange("scalar", sc, _0n3, N);
+      const { endo, n: N } = CURVE;
+      aInRange("scalar", sc, _0n4, N);
       const I = Point2.ZERO;
-      if (sc === _0n3)
+      if (sc === _0n4)
         return I;
-      if (this.is0() || sc === _1n3)
+      if (this.is0() || sc === _1n4)
         return this;
-      if (!endo2 || wnaf.hasPrecomputes(this))
+      if (!endo || wnaf.hasPrecomputes(this))
         return wnaf.wNAFCachedUnsafe(this, sc, Point2.normalizeZ);
-      let { k1neg, k1, k2neg, k2 } = endo2.splitScalar(sc);
+      let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
       let k1p = I;
       let k2p = I;
       let d = this;
-      while (k1 > _0n3 || k2 > _0n3) {
-        if (k1 & _1n3)
+      while (k1 > _0n4 || k2 > _0n4) {
+        if (k1 & _1n4)
           k1p = k1p.add(d);
-        if (k2 & _1n3)
+        if (k2 & _1n4)
           k2p = k2p.add(d);
         d = d.double();
-        k1 >>= _1n3;
-        k2 >>= _1n3;
+        k1 >>= _1n4;
+        k2 >>= _1n4;
       }
       if (k1neg)
         k1p = k1p.negate();
       if (k2neg)
         k2p = k2p.negate();
-      k2p = new Point2(Fp.mul(k2p.px, endo2.beta), k2p.py, k2p.pz);
+      k2p = new Point2(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
       return k1p.add(k2p);
     }
     /**
@@ -1344,16 +1644,16 @@ function weierstrassPoints(opts) {
      * @returns New point
      */
     multiply(scalar) {
-      const { endo: endo2, n: N } = CURVE;
-      aInRange("scalar", scalar, _1n3, N);
+      const { endo, n: N } = CURVE;
+      aInRange("scalar", scalar, _1n4, N);
       let point, fake;
-      if (endo2) {
-        const { k1neg, k1, k2neg, k2 } = endo2.splitScalar(scalar);
+      if (endo) {
+        const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);
         let { p: k1p, f: f1p } = this.wNAF(k1);
         let { p: k2p, f: f2p } = this.wNAF(k2);
         k1p = wnaf.constTimeNegate(k1neg, k1p);
         k2p = wnaf.constTimeNegate(k2neg, k2p);
-        k2p = new Point2(Fp.mul(k2p.px, endo2.beta), k2p.py, k2p.pz);
+        k2p = new Point2(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
         point = k1p.add(k2p);
         fake = f1p.add(f2p);
       } else {
@@ -1371,7 +1671,7 @@ function weierstrassPoints(opts) {
      */
     multiplyAndAddUnsafe(Q, a, b) {
       const G = Point2.BASE;
-      const mul = (P, a2) => a2 === _0n3 || a2 === _1n3 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
+      const mul = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
       const sum = mul(this, a).add(mul(Q, b));
       return sum.is0() ? void 0 : sum;
     }
@@ -1383,7 +1683,7 @@ function weierstrassPoints(opts) {
     }
     isTorsionFree() {
       const { h: cofactor, isTorsionFree } = CURVE;
-      if (cofactor === _1n3)
+      if (cofactor === _1n4)
         return true;
       if (isTorsionFree)
         return isTorsionFree(Point2, this);
@@ -1391,7 +1691,7 @@ function weierstrassPoints(opts) {
     }
     clearCofactor() {
       const { h: cofactor, clearCofactor } = CURVE;
-      if (cofactor === _1n3)
+      if (cofactor === _1n4)
         return this;
       if (clearCofactor)
         return clearCofactor(Point2, this);
@@ -1409,8 +1709,8 @@ function weierstrassPoints(opts) {
   }
   Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp.ONE);
   Point2.ZERO = new Point2(Fp.ZERO, Fp.ONE, Fp.ZERO);
-  const { endo, nBitLength } = CURVE;
-  const wnaf = wNAF(Point2, endo ? Math.ceil(nBitLength / 2) : nBitLength);
+  const _bits = CURVE.nBitLength;
+  const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
   return {
     CURVE,
     ProjectivePoint: Point2,
@@ -1434,7 +1734,7 @@ function validateOpts(curve) {
 }
 function weierstrass(curveDef) {
   const CURVE = validateOpts(curveDef);
-  const { Fp, n: CURVE_ORDER, nByteLength, nBitLength } = CURVE;
+  const { Fp, n: CURVE_ORDER } = CURVE;
   const compressedLen = Fp.BYTES + 1;
   const uncompressedLen = 2 * Fp.BYTES + 1;
   function modN2(a) {
@@ -1462,7 +1762,7 @@ function weierstrass(curveDef) {
       const tail = bytes.subarray(1);
       if (len === compressedLen && (head === 2 || head === 3)) {
         const x = bytesToNumberBE(tail);
-        if (!inRange(x, _1n3, Fp.ORDER))
+        if (!inRange(x, _1n4, Fp.ORDER))
           throw new Error("Point is not on curve");
         const y2 = weierstrassEquation(x);
         let y;
@@ -1472,7 +1772,7 @@ function weierstrass(curveDef) {
           const suffix = sqrtError instanceof Error ? ": " + sqrtError.message : "";
           throw new Error("Point is not on curve" + suffix);
         }
-        const isYOdd = (y & _1n3) === _1n3;
+        const isYOdd = (y & _1n4) === _1n4;
         const isHeadOdd = (head & 1) === 1;
         if (isHeadOdd !== isYOdd)
           y = Fp.neg(y);
@@ -1488,8 +1788,9 @@ function weierstrass(curveDef) {
       }
     }
   });
+  const numToNByteStr = (num2) => bytesToHex(numberToBytesBE(num2, CURVE.nByteLength));
   function isBiggerThanHalfOrder(number) {
-    const HALF = CURVE_ORDER >> _1n3;
+    const HALF = CURVE_ORDER >> _1n4;
     return number > HALF;
   }
   function normalizeS(s) {
@@ -1498,17 +1799,14 @@ function weierstrass(curveDef) {
   const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to));
   class Signature {
     constructor(r, s, recovery) {
-      aInRange("r", r, _1n3, CURVE_ORDER);
-      aInRange("s", s, _1n3, CURVE_ORDER);
       this.r = r;
       this.s = s;
-      if (recovery != null)
-        this.recovery = recovery;
-      Object.freeze(this);
+      this.recovery = recovery;
+      this.assertValidity();
     }
     // pair (bytes of r, bytes of s)
     static fromCompact(hex) {
-      const l = nByteLength;
+      const l = CURVE.nByteLength;
       hex = ensureBytes("compactSignature", hex, l * 2);
       return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
     }
@@ -1518,11 +1816,9 @@ function weierstrass(curveDef) {
       const { r, s } = DER.toSig(ensureBytes("DER", hex));
       return new Signature(r, s);
     }
-    /**
-     * @todo remove
-     * @deprecated
-     */
     assertValidity() {
+      aInRange("r", this.r, _1n4, CURVE_ORDER);
+      aInRange("s", this.s, _1n4, CURVE_ORDER);
     }
     addRecoveryBit(recovery) {
       return new Signature(this.r, this.s, recovery);
@@ -1536,7 +1832,7 @@ function weierstrass(curveDef) {
       if (radj >= Fp.ORDER)
         throw new Error("recovery id 2 or 3 invalid");
       const prefix = (rec & 1) === 0 ? "02" : "03";
-      const R = Point2.fromHex(prefix + numToSizedHex(radj, Fp.BYTES));
+      const R = Point2.fromHex(prefix + numToNByteStr(radj));
       const ir = invN(radj);
       const u1 = modN2(-h * ir);
       const u2 = modN2(s * ir);
@@ -1558,15 +1854,14 @@ function weierstrass(curveDef) {
       return hexToBytes(this.toDERHex());
     }
     toDERHex() {
-      return DER.hexFromSig(this);
+      return DER.hexFromSig({ r: this.r, s: this.s });
     }
     // padded bytes of r, then padded bytes of s
     toCompactRawBytes() {
       return hexToBytes(this.toCompactHex());
     }
     toCompactHex() {
-      const l = nByteLength;
-      return numToSizedHex(this.r, l) + numToSizedHex(this.s, l);
+      return numToNByteStr(this.r) + numToNByteStr(this.s);
     }
   }
   const utils = {
@@ -1605,25 +1900,21 @@ function weierstrass(curveDef) {
     return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
   }
   function isProbPub(item) {
-    if (typeof item === "bigint")
-      return false;
+    const arr = isBytes2(item);
+    const str = typeof item === "string";
+    const len = (arr || str) && item.length;
+    if (arr)
+      return len === compressedLen || len === uncompressedLen;
+    if (str)
+      return len === 2 * compressedLen || len === 2 * uncompressedLen;
     if (item instanceof Point2)
       return true;
-    const arr = ensureBytes("key", item);
-    const len = arr.length;
-    const fpl = Fp.BYTES;
-    const compLen = fpl + 1;
-    const uncompLen = 2 * fpl + 1;
-    if (CURVE.allowedPrivateKeyLengths || nByteLength === compLen) {
-      return void 0;
-    } else {
-      return len === compLen || len === uncompLen;
-    }
+    return false;
   }
   function getSharedSecret(privateA, publicB, isCompressed = true) {
-    if (isProbPub(privateA) === true)
+    if (isProbPub(privateA))
       throw new Error("first arg must be private key");
-    if (isProbPub(publicB) === false)
+    if (!isProbPub(publicB))
       throw new Error("second arg must be public key");
     const b = Point2.fromHex(publicB);
     return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
@@ -1632,16 +1923,16 @@ function weierstrass(curveDef) {
     if (bytes.length > 8192)
       throw new Error("input is too large");
     const num2 = bytesToNumberBE(bytes);
-    const delta = bytes.length * 8 - nBitLength;
+    const delta = bytes.length * 8 - CURVE.nBitLength;
     return delta > 0 ? num2 >> BigInt(delta) : num2;
   };
   const bits2int_modN = CURVE.bits2int_modN || function(bytes) {
     return modN2(bits2int(bytes));
   };
-  const ORDER_MASK = bitMask(nBitLength);
+  const ORDER_MASK = bitMask(CURVE.nBitLength);
   function int2octets(num2) {
-    aInRange("num < 2^" + nBitLength, num2, _0n3, ORDER_MASK);
-    return numberToBytesBE(num2, nByteLength);
+    aInRange("num < 2^" + CURVE.nBitLength, num2, _0n4, ORDER_MASK);
+    return numberToBytesBE(num2, CURVE.nByteLength);
   }
   function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
     if (["recovered", "canonical"].some((k) => k in opts))
@@ -1670,12 +1961,12 @@ function weierstrass(curveDef) {
       const ik = invN(k);
       const q = Point2.BASE.multiply(k).toAffine();
       const r = modN2(q.x);
-      if (r === _0n3)
+      if (r === _0n4)
         return;
       const s = modN2(ik * modN2(m + r * d));
-      if (s === _0n3)
+      if (s === _0n4)
         return;
-      let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n3);
+      let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
       let normS = s;
       if (lowS && isBiggerThanHalfOrder(s)) {
         normS = normalizeS(s);
@@ -1704,7 +1995,7 @@ function weierstrass(curveDef) {
       throw new Error("options.strict was renamed to lowS");
     if (format !== void 0 && format !== "compact" && format !== "der")
       throw new Error("format must be compact or der");
-    const isHex = typeof sg === "string" || isBytes(sg);
+    const isHex = typeof sg === "string" || isBytes2(sg);
     const isObj = !isHex && !format && typeof sg === "object" && sg !== null && typeof sg.r === "bigint" && typeof sg.s === "bigint";
     if (!isHex && !isObj)
       throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
@@ -1758,18 +2049,18 @@ function weierstrass(curveDef) {
 }
 function SWUFpSqrtRatio(Fp, Z) {
   const q = Fp.ORDER;
-  let l = _0n3;
-  for (let o = q - _1n3; o % _2n2 === _0n3; o /= _2n2)
-    l += _1n3;
+  let l = _0n4;
+  for (let o = q - _1n4; o % _2n3 === _0n4; o /= _2n3)
+    l += _1n4;
   const c1 = l;
-  const _2n_pow_c1_1 = _2n2 << c1 - _1n3 - _1n3;
-  const _2n_pow_c1 = _2n_pow_c1_1 * _2n2;
-  const c2 = (q - _1n3) / _2n_pow_c1;
-  const c3 = (c2 - _1n3) / _2n2;
-  const c4 = _2n_pow_c1 - _1n3;
+  const _2n_pow_c1_1 = _2n3 << c1 - _1n4 - _1n4;
+  const _2n_pow_c1 = _2n_pow_c1_1 * _2n3;
+  const c2 = (q - _1n4) / _2n_pow_c1;
+  const c3 = (c2 - _1n4) / _2n3;
+  const c4 = _2n_pow_c1 - _1n4;
   const c5 = _2n_pow_c1_1;
   const c6 = Fp.pow(Z, c2);
-  const c7 = Fp.pow(Z, (c2 + _1n3) / _2n2);
+  const c7 = Fp.pow(Z, (c2 + _1n4) / _2n3);
   let sqrtRatio = (u, v) => {
     let tv1 = c6;
     let tv2 = Fp.pow(v, c4);
@@ -1787,9 +2078,9 @@ function SWUFpSqrtRatio(Fp, Z) {
     tv5 = Fp.mul(tv4, tv1);
     tv3 = Fp.cmov(tv2, tv3, isQR);
     tv4 = Fp.cmov(tv5, tv4, isQR);
-    for (let i = c1; i > _1n3; i--) {
-      let tv52 = i - _2n2;
-      tv52 = _2n2 << tv52 - _1n3;
+    for (let i = c1; i > _1n4; i--) {
+      let tv52 = i - _2n3;
+      tv52 = _2n3 << tv52 - _1n4;
       let tvv5 = Fp.pow(tv4, tv52);
       const e1 = Fp.eql(tvv5, Fp.ONE);
       tv2 = Fp.mul(tv3, tv1);
@@ -1851,13 +2142,12 @@ function mapToCurveSimpleSWU(Fp, opts) {
     y = Fp.cmov(y, value, isValid);
     const e1 = Fp.isOdd(u) === Fp.isOdd(y);
     y = Fp.cmov(Fp.neg(y), y, e1);
-    const tv4_inv = FpInvertBatch(Fp, [tv4], true)[0];
-    x = Fp.mul(x, tv4_inv);
+    x = Fp.div(x, tv4);
     return { x, y };
   };
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/_shortw_utils.js
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/_shortw_utils.js
 function getHash(hash) {
   return {
     hash,
@@ -1867,10 +2157,10 @@ function getHash(hash) {
 }
 function createCurve(curveDef, defHash) {
   const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
-  return { ...create(defHash), create };
+  return Object.freeze({ ...create(defHash), create });
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/hash-to-curve.js
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/hash-to-curve.js
 var os2ip = bytesToNumberBE;
 function i2osp(value, length) {
   anum(value);
@@ -1900,7 +2190,7 @@ function expand_message_xmd(msg, DST, lenInBytes, H) {
   abytes2(DST);
   anum(lenInBytes);
   if (DST.length > 255)
-    DST = H(concatBytes2(utf8ToBytes("H2C-OVERSIZE-DST-"), DST));
+    DST = H(concatBytes2(utf8ToBytes2("H2C-OVERSIZE-DST-"), DST));
   const { outputLen: b_in_bytes, blockLen: r_in_bytes } = H;
   const ell = Math.ceil(lenInBytes / b_in_bytes);
   if (lenInBytes > 65535 || ell > 255)
@@ -1924,7 +2214,7 @@ function expand_message_xof(msg, DST, lenInBytes, k, H) {
   anum(lenInBytes);
   if (DST.length > 255) {
     const dkLen = Math.ceil(2 * k / 8);
-    DST = H.create({ dkLen }).update(utf8ToBytes("H2C-OVERSIZE-DST-")).update(DST).digest();
+    DST = H.create({ dkLen }).update(utf8ToBytes2("H2C-OVERSIZE-DST-")).update(DST).digest();
   }
   if (lenInBytes > 65535 || DST.length > 255)
     throw new Error("expand_message_xof: invalid lenInBytes");
@@ -1941,7 +2231,7 @@ function hash_to_field(msg, count, options) {
   const { p, k, m, hash, expand, DST: _DST } = options;
   abytes2(msg);
   anum(count);
-  const DST = typeof _DST === "string" ? utf8ToBytes(_DST) : _DST;
+  const DST = typeof _DST === "string" ? utf8ToBytes2(_DST) : _DST;
   const log2p = p.toString(2).length;
   const L = Math.ceil((log2p + k) / 8);
   const len_in_bytes = count * m * L;
@@ -1968,63 +2258,56 @@ function hash_to_field(msg, count, options) {
   return u;
 }
 function isogenyMap(field, map) {
-  const coeff = map.map((i) => Array.from(i).reverse());
+  const COEFF = map.map((i) => Array.from(i).reverse());
   return (x, y) => {
-    const [xn, xd, yn, yd] = coeff.map((val) => val.reduce((acc, i) => field.add(field.mul(acc, x), i)));
-    const [xd_inv, yd_inv] = FpInvertBatch(field, [xd, yd], true);
-    x = field.mul(xn, xd_inv);
-    y = field.mul(y, field.mul(yn, yd_inv));
+    const [xNum, xDen, yNum, yDen] = COEFF.map((val) => val.reduce((acc, i) => field.add(field.mul(acc, x), i)));
+    x = field.div(xNum, xDen);
+    y = field.mul(y, field.div(yNum, yDen));
     return { x, y };
   };
 }
-function createHasher2(Point2, mapToCurve, defaults) {
+function createHasher(Point2, mapToCurve, def) {
   if (typeof mapToCurve !== "function")
     throw new Error("mapToCurve() must be defined");
-  function map(num2) {
-    return Point2.fromAffine(mapToCurve(num2));
-  }
-  function clear(initial) {
-    const P = initial.clearCofactor();
-    if (P.equals(Point2.ZERO))
-      return Point2.ZERO;
-    P.assertValidity();
-    return P;
-  }
   return {
-    defaults,
     // Encodes byte string to elliptic curve.
     // hash_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
     hashToCurve(msg, options) {
-      const u = hash_to_field(msg, 2, { ...defaults, DST: defaults.DST, ...options });
-      const u0 = map(u[0]);
-      const u1 = map(u[1]);
-      return clear(u0.add(u1));
+      const u = hash_to_field(msg, 2, { ...def, DST: def.DST, ...options });
+      const u0 = Point2.fromAffine(mapToCurve(u[0]));
+      const u1 = Point2.fromAffine(mapToCurve(u[1]));
+      const P = u0.add(u1).clearCofactor();
+      P.assertValidity();
+      return P;
     },
     // Encodes byte string to elliptic curve.
     // encode_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
     encodeToCurve(msg, options) {
-      const u = hash_to_field(msg, 1, { ...defaults, DST: defaults.encodeDST, ...options });
-      return clear(map(u[0]));
+      const u = hash_to_field(msg, 1, { ...def, DST: def.encodeDST, ...options });
+      const P = Point2.fromAffine(mapToCurve(u[0])).clearCofactor();
+      P.assertValidity();
+      return P;
     },
     // Same as encodeToCurve, but without hash
     mapToCurve(scalars) {
       if (!Array.isArray(scalars))
-        throw new Error("expected array of bigints");
+        throw new Error("mapToCurve: expected array of bigints");
       for (const i of scalars)
         if (typeof i !== "bigint")
-          throw new Error("expected array of bigints");
-      return clear(map(scalars));
+          throw new Error("mapToCurve: expected array of bigints");
+      const P = Point2.fromAffine(mapToCurve(scalars)).clearCofactor();
+      P.assertValidity();
+      return P;
     }
   };
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/secp256k1.js
+// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/secp256k1.js
 var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
 var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
-var _0n4 = BigInt(0);
-var _1n4 = BigInt(1);
-var _2n3 = BigInt(2);
-var divNearest = (a, b) => (a + b / _2n3) / b;
+var _1n5 = BigInt(1);
+var _2n4 = BigInt(2);
+var divNearest = (a, b) => (a + b / _2n4) / b;
 function sqrtMod(y) {
   const P = secp256k1P;
   const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
@@ -2033,7 +2316,7 @@ function sqrtMod(y) {
   const b3 = b2 * b2 * y % P;
   const b6 = pow2(b3, _3n3, P) * b3 % P;
   const b9 = pow2(b6, _3n3, P) * b3 % P;
-  const b11 = pow2(b9, _2n3, P) * b2 % P;
+  const b11 = pow2(b9, _2n4, P) * b2 % P;
   const b22 = pow2(b11, _11n, P) * b11 % P;
   const b44 = pow2(b22, _22n, P) * b22 % P;
   const b88 = pow2(b44, _44n, P) * b44 % P;
@@ -2042,29 +2325,40 @@ function sqrtMod(y) {
   const b223 = pow2(b220, _3n3, P) * b3 % P;
   const t1 = pow2(b223, _23n, P) * b22 % P;
   const t2 = pow2(t1, _6n, P) * b2 % P;
-  const root = pow2(t2, _2n3, P);
+  const root = pow2(t2, _2n4, P);
   if (!Fpk1.eql(Fpk1.sqr(root), y))
     throw new Error("Cannot find square root");
   return root;
 }
 var Fpk1 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
 var secp256k1 = createCurve({
-  a: _0n4,
+  a: BigInt(0),
+  // equation params: a, b
   b: BigInt(7),
+  // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
   Fp: Fpk1,
+  // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
   n: secp256k1N,
+  // Curve order, total count of valid points in the field
+  // Base point (x, y) aka generator point
   Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
   Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
   h: BigInt(1),
+  // Cofactor
   lowS: true,
   // Allow only low-S signatures by default in sign() and verify()
+  /**
+   * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
+   * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
+   * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
+   * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
+   */
   endo: {
-    // Endomorphism, see above
     beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
     splitScalar: (k) => {
       const n = secp256k1N;
       const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
-      const b1 = -_1n4 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
+      const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
       const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
       const b2 = a1;
       const POW_2_128 = BigInt("0x100000000000000000000000000000000");
@@ -2085,6 +2379,7 @@ var secp256k1 = createCurve({
     }
   }
 }, sha256);
+var _0n5 = BigInt(0);
 var TAGGED_HASH_PREFIXES = {};
 function taggedHash(tag, ...messages) {
   let tagP = TAGGED_HASH_PREFIXES[tag];
@@ -2099,7 +2394,7 @@ var pointToBytes = (point) => point.toRawBytes(true).slice(1);
 var numTo32b = (n) => numberToBytesBE(n, 32);
 var modP = (x) => mod(x, secp256k1P);
 var modN = (x) => mod(x, secp256k1N);
-var Point = /* @__PURE__ */ (() => secp256k1.ProjectivePoint)();
+var Point = secp256k1.ProjectivePoint;
 var GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
 function schnorrGetExtPubKey(priv) {
   let d_ = secp256k1.utils.normPrivateKeyToScalar(priv);
@@ -2108,13 +2403,13 @@ function schnorrGetExtPubKey(priv) {
   return { scalar, bytes: pointToBytes(p) };
 }
 function lift_x(x) {
-  aInRange("x", x, _1n4, secp256k1P);
+  aInRange("x", x, _1n5, secp256k1P);
   const xx = modP(x * x);
   const c = modP(xx * x + BigInt(7));
   let y = sqrtMod(c);
-  if (y % _2n3 !== _0n4)
+  if (y % _2n4 !== _0n5)
     y = modP(-y);
-  const p = new Point(x, y, _1n4);
+  const p = new Point(x, y, _1n5);
   p.assertValidity();
   return p;
 }
@@ -2132,7 +2427,7 @@ function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
   const t = numTo32b(d ^ num(taggedHash("BIP0340/aux", a)));
   const rand = taggedHash("BIP0340/nonce", t, px, m);
   const k_ = modN(num(rand));
-  if (k_ === _0n4)
+  if (k_ === _0n5)
     throw new Error("sign failed: k is zero");
   const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_);
   const e = challenge(rx, px, m);
@@ -2150,10 +2445,10 @@ function schnorrVerify(signature, message, publicKey) {
   try {
     const P = lift_x(num(pub));
     const r = num(sig.subarray(0, 32));
-    if (!inRange(r, _1n4, secp256k1P))
+    if (!inRange(r, _1n5, secp256k1P))
       return false;
     const s = num(sig.subarray(32, 64));
-    if (!inRange(s, _1n4, secp256k1N))
+    if (!inRange(s, _1n5, secp256k1N))
       return false;
     const e = challenge(numTo32b(r), pointToBytes(P), m);
     const R = GmulAdd(P, s, modN(-e));
@@ -2214,7 +2509,7 @@ var mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fpk1, {
   B: BigInt("1771"),
   Z: Fpk1.create(BigInt("-11"))
 }))();
-var secp256k1_hasher = /* @__PURE__ */ (() => createHasher2(secp256k1.ProjectivePoint, (scalars) => {
+var htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {
   const { x, y } = mapSWU(Fpk1.create(scalars[0]));
   return isoMap(x, y);
 }, {
@@ -2226,22 +2521,35 @@ var secp256k1_hasher = /* @__PURE__ */ (() => createHasher2(secp256k1.Projective
   expand: "xmd",
   hash: sha256
 }))();
-var hashToCurve = /* @__PURE__ */ (() => secp256k1_hasher.hashToCurve)();
-var encodeToCurve = /* @__PURE__ */ (() => secp256k1_hasher.encodeToCurve)();
+var hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();
+var encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();
 export {
   encodeToCurve,
   hashToCurve,
   schnorr,
-  secp256k1,
-  secp256k1_hasher
+  secp256k1
 };
 /*! Bundled license information:
 
+@noble/hashes/esm/utils.js:
+  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
+@noble/curves/esm/abstract/utils.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
 @noble/curves/esm/abstract/modular.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
 @noble/curves/esm/abstract/curve.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
 @noble/curves/esm/abstract/weierstrass.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
 @noble/curves/esm/_shortw_utils.js:
+  (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
+
 @noble/curves/esm/secp256k1.js:
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
-//# sourceMappingURL=secp256k1-XP7IUONI.js.map
+//# sourceMappingURL=secp256k1-QZA5SALG.js.map