@zoralabs/protocol-deployments 0.7.2 → 0.7.6

package/dist/{secp256k1-VMQNAPXV.js → secp256k1-XP7IUONI.js}

@@ -1,99 +1,41 @@
 import {
-  __export
-} from "./chunk-PR4QN5HX.js";
+  Hash,
+  aInRange,
+  abool,
+  abytes,
+  abytes2,
+  aexists,
+  ahash,
+  anumber,
+  aoutput,
+  bitLen,
+  bitMask,
+  bytesToHex,
+  bytesToNumberBE,
+  bytesToNumberLE,
+  clean,
+  concatBytes,
+  concatBytes2,
+  createHasher,
+  createHmacDrbg,
+  createView,
+  ensureBytes,
+  hexToBytes,
+  inRange,
+  isBytes,
+  memoized,
+  numberToBytesBE,
+  numberToBytesLE,
+  numberToHexUnpadded,
+  randomBytes,
+  rotr,
+  toBytes,
+  utf8ToBytes,
+  validateObject
+} from "./chunk-BYTNVMX7.js";
+import "./chunk-PR4QN5HX.js";
 
-// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/_assert.js
-function anumber(n) {
-  if (!Number.isSafeInteger(n) || n < 0)
-    throw new Error("positive integer expected, got " + n);
-}
-function isBytes(a) {
-  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-}
-function abytes(b, ...lengths) {
-  if (!isBytes(b))
-    throw new Error("Uint8Array expected");
-  if (lengths.length > 0 && !lengths.includes(b.length))
-    throw new Error("Uint8Array expected of length " + lengths + ", got length=" + b.length);
-}
-function ahash(h) {
-  if (typeof h !== "function" || typeof h.create !== "function")
-    throw new Error("Hash should be wrapped by utils.wrapConstructor");
-  anumber(h.outputLen);
-  anumber(h.blockLen);
-}
-function aexists(instance, checkFinished = true) {
-  if (instance.destroyed)
-    throw new Error("Hash instance has been destroyed");
-  if (checkFinished && instance.finished)
-    throw new Error("Hash#digest() has already been called");
-}
-function aoutput(out, instance) {
-  abytes(out);
-  const min = instance.outputLen;
-  if (out.length < min) {
-    throw new Error("digestInto() expects output buffer of length at least " + min);
-  }
-}
-
-// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/cryptoNode.js
-import * as nc from "crypto";
-var crypto = nc && typeof nc === "object" && "webcrypto" in nc ? nc.webcrypto : nc && typeof nc === "object" && "randomBytes" in nc ? nc : void 0;
-
-// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/utils.js
-var createView = (arr) => new DataView(arr.buffer, arr.byteOffset, arr.byteLength);
-var rotr = (word, shift) => word << 32 - shift | word >>> shift;
-function utf8ToBytes(str) {
-  if (typeof str !== "string")
-    throw new Error("utf8ToBytes expected string, got " + typeof str);
-  return new Uint8Array(new TextEncoder().encode(str));
-}
-function toBytes(data) {
-  if (typeof data === "string")
-    data = utf8ToBytes(data);
-  abytes(data);
-  return data;
-}
-function concatBytes(...arrays) {
-  let sum = 0;
-  for (let i = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    abytes(a);
-    sum += a.length;
-  }
-  const res = new Uint8Array(sum);
-  for (let i = 0, pad = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    res.set(a, pad);
-    pad += a.length;
-  }
-  return res;
-}
-var Hash = class {
-  // Safe version that clones internal state
-  clone() {
-    return this._cloneInto();
-  }
-};
-function wrapConstructor(hashCons) {
-  const hashC = (msg) => hashCons().update(toBytes(msg)).digest();
-  const tmp = hashCons();
-  hashC.outputLen = tmp.outputLen;
-  hashC.blockLen = tmp.blockLen;
-  hashC.create = () => hashCons();
-  return hashC;
-}
-function randomBytes(bytesLength = 32) {
-  if (crypto && typeof crypto.getRandomValues === "function") {
-    return crypto.getRandomValues(new Uint8Array(bytesLength));
-  }
-  if (crypto && typeof crypto.randomBytes === "function") {
-    return crypto.randomBytes(bytesLength);
-  }
-  throw new Error("crypto.getRandomValues must be defined");
-}
-
-// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/_md.js
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/_md.js
 function setBigUint64(view, byteOffset, value, isLE) {
   if (typeof view.setBigUint64 === "function")
     return view.setBigUint64(byteOffset, value, isLE);
@@ -106,26 +48,31 @@ function setBigUint64(view, byteOffset, value, isLE) {
   view.setUint32(byteOffset + h, wh, isLE);
   view.setUint32(byteOffset + l, wl, isLE);
 }
-var Chi = (a, b, c) => a & b ^ ~a & c;
-var Maj = (a, b, c) => a & b ^ a & c ^ b & c;
+function Chi(a, b, c) {
+  return a & b ^ ~a & c;
+}
+function Maj(a, b, c) {
+  return a & b ^ a & c ^ b & c;
+}
 var HashMD = class extends Hash {
   constructor(blockLen, outputLen, padOffset, isLE) {
     super();
-    this.blockLen = blockLen;
-    this.outputLen = outputLen;
-    this.padOffset = padOffset;
-    this.isLE = isLE;
     this.finished = false;
     this.length = 0;
     this.pos = 0;
     this.destroyed = false;
+    this.blockLen = blockLen;
+    this.outputLen = outputLen;
+    this.padOffset = padOffset;
+    this.isLE = isLE;
     this.buffer = new Uint8Array(blockLen);
     this.view = createView(this.buffer);
   }
   update(data) {
     aexists(this);
-    const { view, buffer, blockLen } = this;
     data = toBytes(data);
+    abytes(data);
+    const { view, buffer, blockLen } = this;
     const len = data.length;
     for (let pos = 0; pos < len; ) {
       const take = Math.min(blockLen - this.pos, len - pos);
@@ -154,7 +101,7 @@ var HashMD = class extends Hash {
     const { buffer, view, blockLen, isLE } = this;
     let { pos } = this;
     buffer[pos++] = 128;
-    this.buffer.subarray(pos).fill(0);
+    clean(this.buffer.subarray(pos));
     if (this.padOffset > blockLen - pos) {
       this.process(view, 0);
       pos = 0;
@@ -185,18 +132,31 @@ var HashMD = class extends Hash {
     to || (to = new this.constructor());
     to.set(...this.get());
     const { blockLen, buffer, length, finished, destroyed, pos } = this;
+    to.destroyed = destroyed;
+    to.finished = finished;
     to.length = length;
     to.pos = pos;
-    to.finished = finished;
-    to.destroyed = destroyed;
     if (length % blockLen)
       to.buffer.set(buffer);
     return to;
   }
+  clone() {
+    return this._cloneInto();
+  }
 };
+var SHA256_IV = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]);
 
-// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/sha256.js
-var SHA256_K = /* @__PURE__ */ new Uint32Array([
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/sha2.js
+var SHA256_K = /* @__PURE__ */ Uint32Array.from([
   1116352408,
   1899447441,
   3049323471,
@@ -262,20 +222,10 @@ var SHA256_K = /* @__PURE__ */ new Uint32Array([
   3204031479,
   3329325298
 ]);
-var SHA256_IV = /* @__PURE__ */ new Uint32Array([
-  1779033703,
-  3144134277,
-  1013904242,
-  2773480762,
-  1359893119,
-  2600822924,
-  528734635,
-  1541459225
-]);
 var SHA256_W = /* @__PURE__ */ new Uint32Array(64);
 var SHA256 = class extends HashMD {
-  constructor() {
-    super(64, 32, 8, false);
+  constructor(outputLen = 32) {
+    super(64, outputLen, 8, false);
     this.A = SHA256_IV[0] | 0;
     this.B = SHA256_IV[1] | 0;
     this.C = SHA256_IV[2] | 0;
@@ -336,16 +286,16 @@ var SHA256 = class extends HashMD {
     this.set(A, B, C, D, E, F, G, H);
   }
   roundClean() {
-    SHA256_W.fill(0);
+    clean(SHA256_W);
   }
   destroy() {
     this.set(0, 0, 0, 0, 0, 0, 0, 0);
-    this.buffer.fill(0);
+    clean(this.buffer);
   }
 };
-var sha256 = /* @__PURE__ */ wrapConstructor(() => new SHA256());
+var sha256 = /* @__PURE__ */ createHasher(() => new SHA256());
 
-// ../../node_modules/.pnpm/@noble+hashes@1.6.0/node_modules/@noble/hashes/esm/hmac.js
+// ../../node_modules/.pnpm/@noble+hashes@1.8.0/node_modules/@noble/hashes/esm/hmac.js
 var HMAC = class extends Hash {
   constructor(hash, _key) {
     super();
@@ -368,7 +318,7 @@ var HMAC = class extends Hash {
     for (let i = 0; i < pad.length; i++)
       pad[i] ^= 54 ^ 92;
     this.oHash.update(pad);
-    pad.fill(0);
+    clean(pad);
   }
   update(buf) {
     aexists(this);
@@ -401,6 +351,9 @@ var HMAC = class extends Hash {
     to.iHash = iHash._cloneInto(to.iHash);
     return to;
   }
+  clone() {
+    return this._cloneInto();
+  }
   destroy() {
     this.destroyed = true;
     this.oHash.destroy();
@@ -410,321 +363,35 @@ var HMAC = class extends Hash {
 var hmac = (hash, key, message) => new HMAC(hash, key).update(message).digest();
 hmac.create = (hash, key) => new HMAC(hash, key);
 
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/utils.js
-var utils_exports = {};
-__export(utils_exports, {
-  aInRange: () => aInRange,
-  abool: () => abool,
-  abytes: () => abytes2,
-  bitGet: () => bitGet,
-  bitLen: () => bitLen,
-  bitMask: () => bitMask,
-  bitSet: () => bitSet,
-  bytesToHex: () => bytesToHex,
-  bytesToNumberBE: () => bytesToNumberBE,
-  bytesToNumberLE: () => bytesToNumberLE,
-  concatBytes: () => concatBytes2,
-  createHmacDrbg: () => createHmacDrbg,
-  ensureBytes: () => ensureBytes,
-  equalBytes: () => equalBytes,
-  hexToBytes: () => hexToBytes,
-  hexToNumber: () => hexToNumber,
-  inRange: () => inRange,
-  isBytes: () => isBytes2,
-  memoized: () => memoized,
-  notImplemented: () => notImplemented,
-  numberToBytesBE: () => numberToBytesBE,
-  numberToBytesLE: () => numberToBytesLE,
-  numberToHexUnpadded: () => numberToHexUnpadded,
-  numberToVarBytesBE: () => numberToVarBytesBE,
-  utf8ToBytes: () => utf8ToBytes2,
-  validateObject: () => validateObject
-});
-var _0n = /* @__PURE__ */ BigInt(0);
-var _1n = /* @__PURE__ */ BigInt(1);
+// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/modular.js
+var _0n = BigInt(0);
+var _1n = BigInt(1);
 var _2n = /* @__PURE__ */ BigInt(2);
-function isBytes2(a) {
-  return a instanceof Uint8Array || ArrayBuffer.isView(a) && a.constructor.name === "Uint8Array";
-}
-function abytes2(item) {
-  if (!isBytes2(item))
-    throw new Error("Uint8Array expected");
-}
-function abool(title, value) {
-  if (typeof value !== "boolean")
-    throw new Error(title + " boolean expected, got " + value);
-}
-var hexes = /* @__PURE__ */ Array.from({ length: 256 }, (_, i) => i.toString(16).padStart(2, "0"));
-function bytesToHex(bytes) {
-  abytes2(bytes);
-  let hex = "";
-  for (let i = 0; i < bytes.length; i++) {
-    hex += hexes[bytes[i]];
-  }
-  return hex;
-}
-function numberToHexUnpadded(num2) {
-  const hex = num2.toString(16);
-  return hex.length & 1 ? "0" + hex : hex;
-}
-function hexToNumber(hex) {
-  if (typeof hex !== "string")
-    throw new Error("hex string expected, got " + typeof hex);
-  return hex === "" ? _0n : BigInt("0x" + hex);
-}
-var asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
-function asciiToBase16(ch) {
-  if (ch >= asciis._0 && ch <= asciis._9)
-    return ch - asciis._0;
-  if (ch >= asciis.A && ch <= asciis.F)
-    return ch - (asciis.A - 10);
-  if (ch >= asciis.a && ch <= asciis.f)
-    return ch - (asciis.a - 10);
-  return;
-}
-function hexToBytes(hex) {
-  if (typeof hex !== "string")
-    throw new Error("hex string expected, got " + typeof hex);
-  const hl = hex.length;
-  const al = hl / 2;
-  if (hl % 2)
-    throw new Error("hex string expected, got unpadded hex of length " + hl);
-  const array = new Uint8Array(al);
-  for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {
-    const n1 = asciiToBase16(hex.charCodeAt(hi));
-    const n2 = asciiToBase16(hex.charCodeAt(hi + 1));
-    if (n1 === void 0 || n2 === void 0) {
-      const char = hex[hi] + hex[hi + 1];
-      throw new Error('hex string expected, got non-hex character "' + char + '" at index ' + hi);
-    }
-    array[ai] = n1 * 16 + n2;
-  }
-  return array;
-}
-function bytesToNumberBE(bytes) {
-  return hexToNumber(bytesToHex(bytes));
-}
-function bytesToNumberLE(bytes) {
-  abytes2(bytes);
-  return hexToNumber(bytesToHex(Uint8Array.from(bytes).reverse()));
-}
-function numberToBytesBE(n, len) {
-  return hexToBytes(n.toString(16).padStart(len * 2, "0"));
-}
-function numberToBytesLE(n, len) {
-  return numberToBytesBE(n, len).reverse();
-}
-function numberToVarBytesBE(n) {
-  return hexToBytes(numberToHexUnpadded(n));
-}
-function ensureBytes(title, hex, expectedLength) {
-  let res;
-  if (typeof hex === "string") {
-    try {
-      res = hexToBytes(hex);
-    } catch (e) {
-      throw new Error(title + " must be hex string or Uint8Array, cause: " + e);
-    }
-  } else if (isBytes2(hex)) {
-    res = Uint8Array.from(hex);
-  } else {
-    throw new Error(title + " must be hex string or Uint8Array");
-  }
-  const len = res.length;
-  if (typeof expectedLength === "number" && len !== expectedLength)
-    throw new Error(title + " of length " + expectedLength + " expected, got " + len);
-  return res;
-}
-function concatBytes2(...arrays) {
-  let sum = 0;
-  for (let i = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    abytes2(a);
-    sum += a.length;
-  }
-  const res = new Uint8Array(sum);
-  for (let i = 0, pad = 0; i < arrays.length; i++) {
-    const a = arrays[i];
-    res.set(a, pad);
-    pad += a.length;
-  }
-  return res;
-}
-function equalBytes(a, b) {
-  if (a.length !== b.length)
-    return false;
-  let diff = 0;
-  for (let i = 0; i < a.length; i++)
-    diff |= a[i] ^ b[i];
-  return diff === 0;
-}
-function utf8ToBytes2(str) {
-  if (typeof str !== "string")
-    throw new Error("string expected");
-  return new Uint8Array(new TextEncoder().encode(str));
-}
-var isPosBig = (n) => typeof n === "bigint" && _0n <= n;
-function inRange(n, min, max) {
-  return isPosBig(n) && isPosBig(min) && isPosBig(max) && min <= n && n < max;
-}
-function aInRange(title, n, min, max) {
-  if (!inRange(n, min, max))
-    throw new Error("expected valid " + title + ": " + min + " <= n < " + max + ", got " + n);
-}
-function bitLen(n) {
-  let len;
-  for (len = 0; n > _0n; n >>= _1n, len += 1)
-    ;
-  return len;
-}
-function bitGet(n, pos) {
-  return n >> BigInt(pos) & _1n;
-}
-function bitSet(n, pos, value) {
-  return n | (value ? _1n : _0n) << BigInt(pos);
-}
-var bitMask = (n) => (_2n << BigInt(n - 1)) - _1n;
-var u8n = (data) => new Uint8Array(data);
-var u8fr = (arr) => Uint8Array.from(arr);
-function createHmacDrbg(hashLen, qByteLen, hmacFn) {
-  if (typeof hashLen !== "number" || hashLen < 2)
-    throw new Error("hashLen must be a number");
-  if (typeof qByteLen !== "number" || qByteLen < 2)
-    throw new Error("qByteLen must be a number");
-  if (typeof hmacFn !== "function")
-    throw new Error("hmacFn must be a function");
-  let v = u8n(hashLen);
-  let k = u8n(hashLen);
-  let i = 0;
-  const reset = () => {
-    v.fill(1);
-    k.fill(0);
-    i = 0;
-  };
-  const h = (...b) => hmacFn(k, v, ...b);
-  const reseed = (seed = u8n()) => {
-    k = h(u8fr([0]), seed);
-    v = h();
-    if (seed.length === 0)
-      return;
-    k = h(u8fr([1]), seed);
-    v = h();
-  };
-  const gen = () => {
-    if (i++ >= 1e3)
-      throw new Error("drbg: tried 1000 values");
-    let len = 0;
-    const out = [];
-    while (len < qByteLen) {
-      v = h();
-      const sl = v.slice();
-      out.push(sl);
-      len += v.length;
-    }
-    return concatBytes2(...out);
-  };
-  const genUntil = (seed, pred) => {
-    reset();
-    reseed(seed);
-    let res = void 0;
-    while (!(res = pred(gen())))
-      reseed();
-    reset();
-    return res;
-  };
-  return genUntil;
-}
-var validatorFns = {
-  bigint: (val) => typeof val === "bigint",
-  function: (val) => typeof val === "function",
-  boolean: (val) => typeof val === "boolean",
-  string: (val) => typeof val === "string",
-  stringOrUint8Array: (val) => typeof val === "string" || isBytes2(val),
-  isSafeInteger: (val) => Number.isSafeInteger(val),
-  array: (val) => Array.isArray(val),
-  field: (val, object) => object.Fp.isValid(val),
-  hash: (val) => typeof val === "function" && Number.isSafeInteger(val.outputLen)
-};
-function validateObject(object, validators, optValidators = {}) {
-  const checkField = (fieldName, type, isOptional) => {
-    const checkVal = validatorFns[type];
-    if (typeof checkVal !== "function")
-      throw new Error("invalid validator function");
-    const val = object[fieldName];
-    if (isOptional && val === void 0)
-      return;
-    if (!checkVal(val, object)) {
-      throw new Error("param " + String(fieldName) + " is invalid. Expected " + type + ", got " + val);
-    }
-  };
-  for (const [fieldName, type] of Object.entries(validators))
-    checkField(fieldName, type, false);
-  for (const [fieldName, type] of Object.entries(optValidators))
-    checkField(fieldName, type, true);
-  return object;
-}
-var notImplemented = () => {
-  throw new Error("not implemented");
-};
-function memoized(fn) {
-  const map = /* @__PURE__ */ new WeakMap();
-  return (arg, ...args) => {
-    const val = map.get(arg);
-    if (val !== void 0)
-      return val;
-    const computed = fn(arg, ...args);
-    map.set(arg, computed);
-    return computed;
-  };
-}
-
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/modular.js
-var _0n2 = BigInt(0);
-var _1n2 = BigInt(1);
-var _2n2 = /* @__PURE__ */ BigInt(2);
 var _3n = /* @__PURE__ */ BigInt(3);
 var _4n = /* @__PURE__ */ BigInt(4);
 var _5n = /* @__PURE__ */ BigInt(5);
 var _8n = /* @__PURE__ */ BigInt(8);
-var _9n = /* @__PURE__ */ BigInt(9);
-var _16n = /* @__PURE__ */ BigInt(16);
 function mod(a, b) {
   const result = a % b;
-  return result >= _0n2 ? result : b + result;
-}
-function pow(num2, power, modulo) {
-  if (power < _0n2)
-    throw new Error("invalid exponent, negatives unsupported");
-  if (modulo <= _0n2)
-    throw new Error("invalid modulus");
-  if (modulo === _1n2)
-    return _0n2;
-  let res = _1n2;
-  while (power > _0n2) {
-    if (power & _1n2)
-      res = res * num2 % modulo;
-    num2 = num2 * num2 % modulo;
-    power >>= _1n2;
-  }
-  return res;
+  return result >= _0n ? result : b + result;
 }
 function pow2(x, power, modulo) {
   let res = x;
-  while (power-- > _0n2) {
+  while (power-- > _0n) {
     res *= res;
     res %= modulo;
   }
   return res;
 }
 function invert(number, modulo) {
-  if (number === _0n2)
+  if (number === _0n)
     throw new Error("invert: expected non-zero number");
-  if (modulo <= _0n2)
+  if (modulo <= _0n)
     throw new Error("invert: expected positive modulus, got " + modulo);
   let a = mod(number, modulo);
   let b = modulo;
-  let x = _0n2, y = _1n2, u = _1n2, v = _0n2;
-  while (a !== _0n2) {
+  let x = _0n, y = _1n, u = _1n, v = _0n;
+  while (a !== _0n) {
     const q = b / a;
     const r = b % a;
     const m = x - u * q;
@@ -732,79 +399,82 @@ function invert(number, modulo) {
     b = a, a = r, x = u, y = v, u = m, v = n;
   }
   const gcd = b;
-  if (gcd !== _1n2)
+  if (gcd !== _1n)
     throw new Error("invert: does not exist");
   return mod(x, modulo);
 }
+function sqrt3mod4(Fp, n) {
+  const p1div4 = (Fp.ORDER + _1n) / _4n;
+  const root = Fp.pow(n, p1div4);
+  if (!Fp.eql(Fp.sqr(root), n))
+    throw new Error("Cannot find square root");
+  return root;
+}
+function sqrt5mod8(Fp, n) {
+  const p5div8 = (Fp.ORDER - _5n) / _8n;
+  const n2 = Fp.mul(n, _2n);
+  const v = Fp.pow(n2, p5div8);
+  const nv = Fp.mul(n, v);
+  const i = Fp.mul(Fp.mul(nv, _2n), v);
+  const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
+  if (!Fp.eql(Fp.sqr(root), n))
+    throw new Error("Cannot find square root");
+  return root;
+}
 function tonelliShanks(P) {
-  const legendreC = (P - _1n2) / _2n2;
-  let Q, S, Z;
-  for (Q = P - _1n2, S = 0; Q % _2n2 === _0n2; Q /= _2n2, S++)
-    ;
-  for (Z = _2n2; Z < P && pow(Z, legendreC, P) !== P - _1n2; Z++) {
-    if (Z > 1e3)
-      throw new Error("Cannot find square root: likely non-prime P");
-  }
-  if (S === 1) {
-    const p1div4 = (P + _1n2) / _4n;
-    return function tonelliFast(Fp, n) {
-      const root = Fp.pow(n, p1div4);
-      if (!Fp.eql(Fp.sqr(root), n))
-        throw new Error("Cannot find square root");
-      return root;
-    };
-  }
-  const Q1div2 = (Q + _1n2) / _2n2;
+  if (P < BigInt(3))
+    throw new Error("sqrt is not defined for small field");
+  let Q = P - _1n;
+  let S = 0;
+  while (Q % _2n === _0n) {
+    Q /= _2n;
+    S++;
+  }
+  let Z = _2n;
+  const _Fp = Field(P);
+  while (FpLegendre(_Fp, Z) === 1) {
+    if (Z++ > 1e3)
+      throw new Error("Cannot find square root: probably non-prime P");
+  }
+  if (S === 1)
+    return sqrt3mod4;
+  let cc = _Fp.pow(Z, Q);
+  const Q1div2 = (Q + _1n) / _2n;
   return function tonelliSlow(Fp, n) {
-    if (Fp.pow(n, legendreC) === Fp.neg(Fp.ONE))
+    if (Fp.is0(n))
+      return n;
+    if (FpLegendre(Fp, n) !== 1)
       throw new Error("Cannot find square root");
-    let r = S;
-    let g = Fp.pow(Fp.mul(Fp.ONE, Z), Q);
-    let x = Fp.pow(n, Q1div2);
-    let b = Fp.pow(n, Q);
-    while (!Fp.eql(b, Fp.ONE)) {
-      if (Fp.eql(b, Fp.ZERO))
+    let M = S;
+    let c = Fp.mul(Fp.ONE, cc);
+    let t = Fp.pow(n, Q);
+    let R = Fp.pow(n, Q1div2);
+    while (!Fp.eql(t, Fp.ONE)) {
+      if (Fp.is0(t))
         return Fp.ZERO;
-      let m = 1;
-      for (let t2 = Fp.sqr(b); m < r; m++) {
-        if (Fp.eql(t2, Fp.ONE))
-          break;
-        t2 = Fp.sqr(t2);
+      let i = 1;
+      let t_tmp = Fp.sqr(t);
+      while (!Fp.eql(t_tmp, Fp.ONE)) {
+        i++;
+        t_tmp = Fp.sqr(t_tmp);
+        if (i === M)
+          throw new Error("Cannot find square root");
       }
-      const ge = Fp.pow(g, _1n2 << BigInt(r - m - 1));
-      g = Fp.sqr(ge);
-      x = Fp.mul(x, ge);
-      b = Fp.mul(b, g);
-      r = m;
-    }
-    return x;
+      const exponent = _1n << BigInt(M - i - 1);
+      const b = Fp.pow(c, exponent);
+      M = i;
+      c = Fp.sqr(b);
+      t = Fp.mul(t, c);
+      R = Fp.mul(R, b);
+    }
+    return R;
   };
 }
 function FpSqrt(P) {
-  if (P % _4n === _3n) {
-    const p1div4 = (P + _1n2) / _4n;
-    return function sqrt3mod4(Fp, n) {
-      const root = Fp.pow(n, p1div4);
-      if (!Fp.eql(Fp.sqr(root), n))
-        throw new Error("Cannot find square root");
-      return root;
-    };
-  }
-  if (P % _8n === _5n) {
-    const c1 = (P - _5n) / _8n;
-    return function sqrt5mod8(Fp, n) {
-      const n2 = Fp.mul(n, _2n2);
-      const v = Fp.pow(n2, c1);
-      const nv = Fp.mul(n, v);
-      const i = Fp.mul(Fp.mul(nv, _2n2), v);
-      const root = Fp.mul(nv, Fp.sub(i, Fp.ONE));
-      if (!Fp.eql(Fp.sqr(root), n))
-        throw new Error("Cannot find square root");
-      return root;
-    };
-  }
-  if (P % _16n === _9n) {
-  }
+  if (P % _4n === _3n)
+    return sqrt3mod4;
+  if (P % _8n === _5n)
+    return sqrt5mod8;
   return tonelliShanks(P);
 }
 var FIELD_FIELDS = [
@@ -839,47 +509,59 @@ function validateField(field) {
   }, initial);
   return validateObject(field, opts);
 }
-function FpPow(f, num2, power) {
-  if (power < _0n2)
+function FpPow(Fp, num2, power) {
+  if (power < _0n)
     throw new Error("invalid exponent, negatives unsupported");
-  if (power === _0n2)
-    return f.ONE;
-  if (power === _1n2)
+  if (power === _0n)
+    return Fp.ONE;
+  if (power === _1n)
     return num2;
-  let p = f.ONE;
+  let p = Fp.ONE;
   let d = num2;
-  while (power > _0n2) {
-    if (power & _1n2)
-      p = f.mul(p, d);
-    d = f.sqr(d);
-    power >>= _1n2;
+  while (power > _0n) {
+    if (power & _1n)
+      p = Fp.mul(p, d);
+    d = Fp.sqr(d);
+    power >>= _1n;
   }
   return p;
 }
-function FpInvertBatch(f, nums) {
-  const tmp = new Array(nums.length);
-  const lastMultiplied = nums.reduce((acc, num2, i) => {
-    if (f.is0(num2))
+function FpInvertBatch(Fp, nums, passZero = false) {
+  const inverted = new Array(nums.length).fill(passZero ? Fp.ZERO : void 0);
+  const multipliedAcc = nums.reduce((acc, num2, i) => {
+    if (Fp.is0(num2))
       return acc;
-    tmp[i] = acc;
-    return f.mul(acc, num2);
-  }, f.ONE);
-  const inverted = f.inv(lastMultiplied);
+    inverted[i] = acc;
+    return Fp.mul(acc, num2);
+  }, Fp.ONE);
+  const invertedAcc = Fp.inv(multipliedAcc);
   nums.reduceRight((acc, num2, i) => {
-    if (f.is0(num2))
+    if (Fp.is0(num2))
       return acc;
-    tmp[i] = f.mul(acc, tmp[i]);
-    return f.mul(acc, num2);
-  }, inverted);
-  return tmp;
+    inverted[i] = Fp.mul(acc, inverted[i]);
+    return Fp.mul(acc, num2);
+  }, invertedAcc);
+  return inverted;
+}
+function FpLegendre(Fp, n) {
+  const p1mod2 = (Fp.ORDER - _1n) / _2n;
+  const powered = Fp.pow(n, p1mod2);
+  const yes = Fp.eql(powered, Fp.ONE);
+  const zero = Fp.eql(powered, Fp.ZERO);
+  const no = Fp.eql(powered, Fp.neg(Fp.ONE));
+  if (!yes && !zero && !no)
+    throw new Error("invalid Legendre symbol result");
+  return yes ? 1 : zero ? 0 : -1;
 }
 function nLength(n, nBitLength) {
+  if (nBitLength !== void 0)
+    anumber(nBitLength);
   const _nBitLength = nBitLength !== void 0 ? nBitLength : n.toString(2).length;
   const nByteLength = Math.ceil(_nBitLength / 8);
   return { nBitLength: _nBitLength, nByteLength };
 }
 function Field(ORDER, bitLen2, isLE = false, redef = {}) {
-  if (ORDER <= _0n2)
+  if (ORDER <= _0n)
     throw new Error("invalid field: expected ORDER > 0, got " + ORDER);
   const { nBitLength: BITS, nByteLength: BYTES } = nLength(ORDER, bitLen2);
   if (BYTES > 2048)
@@ -887,19 +569,20 @@ function Field(ORDER, bitLen2, isLE = false, redef = {}) {
   let sqrtP;
   const f = Object.freeze({
     ORDER,
+    isLE,
     BITS,
     BYTES,
     MASK: bitMask(BITS),
-    ZERO: _0n2,
-    ONE: _1n2,
+    ZERO: _0n,
+    ONE: _1n,
     create: (num2) => mod(num2, ORDER),
     isValid: (num2) => {
       if (typeof num2 !== "bigint")
         throw new Error("invalid field element: expected bigint, got " + typeof num2);
-      return _0n2 <= num2 && num2 < ORDER;
+      return _0n <= num2 && num2 < ORDER;
     },
-    is0: (num2) => num2 === _0n2,
-    isOdd: (num2) => (num2 & _1n2) === _1n2,
+    is0: (num2) => num2 === _0n,
+    isOdd: (num2) => (num2 & _1n) === _1n,
     neg: (num2) => mod(-num2, ORDER),
     eql: (lhs, rhs) => lhs === rhs,
     sqr: (num2) => mod(num2 * num2, ORDER),
@@ -919,16 +602,17 @@ function Field(ORDER, bitLen2, isLE = false, redef = {}) {
         sqrtP = FpSqrt(ORDER);
       return sqrtP(f, n);
     }),
-    invertBatch: (lst) => FpInvertBatch(f, lst),
-    // TODO: do we really need constant cmov?
-    // We don't have const-time bigints anyway, so probably will be not very useful
-    cmov: (a, b, c) => c ? b : a,
     toBytes: (num2) => isLE ? numberToBytesLE(num2, BYTES) : numberToBytesBE(num2, BYTES),
     fromBytes: (bytes) => {
       if (bytes.length !== BYTES)
         throw new Error("Field.fromBytes: expected " + BYTES + " bytes, got " + bytes.length);
       return isLE ? bytesToNumberLE(bytes) : bytesToNumberBE(bytes);
-    }
+    },
+    // TODO: we don't need it here, move out to separate fn
+    invertBatch: (lst) => FpInvertBatch(f, lst),
+    // We can't move this out because Fp6, Fp12 implement it
+    // and it's unclear what to return in there.
+    cmov: (a, b, c) => c ? b : a
   });
   return Object.freeze(f);
 }
@@ -948,14 +632,14 @@ function mapHashToField(key, fieldOrder, isLE = false) {
   const minLen = getMinHashLength(fieldOrder);
   if (len < 16 || len < minLen || len > 1024)
     throw new Error("expected " + minLen + "-1024 bytes of input, got " + len);
-  const num2 = isLE ? bytesToNumberBE(key) : bytesToNumberLE(key);
-  const reduced = mod(num2, fieldOrder - _1n2) + _1n2;
+  const num2 = isLE ? bytesToNumberLE(key) : bytesToNumberBE(key);
+  const reduced = mod(num2, fieldOrder - _1n) + _1n;
   return isLE ? numberToBytesLE(reduced, fieldLen) : numberToBytesBE(reduced, fieldLen);
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/curve.js
-var _0n3 = BigInt(0);
-var _1n3 = BigInt(1);
+// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/curve.js
+var _0n2 = BigInt(0);
+var _1n2 = BigInt(1);
 function constTimeNegate(condition, item) {
   const neg = item.negate();
   return condition ? neg : item;
@@ -964,11 +648,30 @@ function validateW(W, bits) {
   if (!Number.isSafeInteger(W) || W <= 0 || W > bits)
     throw new Error("invalid window size, expected [1.." + bits + "], got W=" + W);
 }
-function calcWOpts(W, bits) {
-  validateW(W, bits);
-  const windows = Math.ceil(bits / W) + 1;
+function calcWOpts(W, scalarBits) {
+  validateW(W, scalarBits);
+  const windows = Math.ceil(scalarBits / W) + 1;
   const windowSize = 2 ** (W - 1);
-  return { windows, windowSize };
+  const maxNumber = 2 ** W;
+  const mask = bitMask(W);
+  const shiftBy = BigInt(W);
+  return { windows, windowSize, mask, maxNumber, shiftBy };
+}
+function calcOffsets(n, window, wOpts) {
+  const { windowSize, mask, maxNumber, shiftBy } = wOpts;
+  let wbits = Number(n & mask);
+  let nextN = n >> shiftBy;
+  if (wbits > windowSize) {
+    wbits -= maxNumber;
+    nextN += _1n2;
+  }
+  const offsetStart = window * windowSize;
+  const offset = offsetStart + Math.abs(wbits) - 1;
+  const isZero = wbits === 0;
+  const isNeg = wbits < 0;
+  const isNegF = window % 2 !== 0;
+  const offsetF = offsetStart;
+  return { nextN, offset, isZero, isNeg, isNegF, offsetF };
 }
 function validateMSMPoints(points, c) {
   if (!Array.isArray(points))
@@ -1000,11 +703,11 @@ function wNAF(c, bits) {
     // non-const time multiplication ladder
     unsafeLadder(elm, n, p = c.ZERO) {
       let d = elm;
-      while (n > _0n3) {
-        if (n & _1n3)
+      while (n > _0n2) {
+        if (n & _1n2)
           p = p.add(d);
         d = d.double();
-        n >>= _1n3;
+        n >>= _1n2;
       }
       return p;
     },
@@ -1044,28 +747,16 @@ function wNAF(c, bits) {
      * @returns real and fake (for const-time) points
      */
     wNAF(W, precomputes, n) {
-      const { windows, windowSize } = calcWOpts(W, bits);
       let p = c.ZERO;
       let f = c.BASE;
-      const mask = BigInt(2 ** W - 1);
-      const maxNumber = 2 ** W;
-      const shiftBy = BigInt(W);
-      for (let window = 0; window < windows; window++) {
-        const offset = window * windowSize;
-        let wbits = Number(n & mask);
-        n >>= shiftBy;
-        if (wbits > windowSize) {
-          wbits -= maxNumber;
-          n += _1n3;
-        }
-        const offset1 = offset;
-        const offset2 = offset + Math.abs(wbits) - 1;
-        const cond1 = window % 2 !== 0;
-        const cond2 = wbits < 0;
-        if (wbits === 0) {
-          f = f.add(constTimeNegate(cond1, precomputes[offset1]));
+      const wo = calcWOpts(W, bits);
+      for (let window = 0; window < wo.windows; window++) {
+        const { nextN, offset, isZero, isNeg, isNegF, offsetF } = calcOffsets(n, window, wo);
+        n = nextN;
+        if (isZero) {
+          f = f.add(constTimeNegate(isNegF, precomputes[offsetF]));
         } else {
-          p = p.add(constTimeNegate(cond2, precomputes[offset2]));
+          p = p.add(constTimeNegate(isNeg, precomputes[offset]));
         }
       }
       return { p, f };
@@ -1079,26 +770,18 @@ function wNAF(c, bits) {
      * @returns point
      */
     wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {
-      const { windows, windowSize } = calcWOpts(W, bits);
-      const mask = BigInt(2 ** W - 1);
-      const maxNumber = 2 ** W;
-      const shiftBy = BigInt(W);
-      for (let window = 0; window < windows; window++) {
-        const offset = window * windowSize;
-        if (n === _0n3)
+      const wo = calcWOpts(W, bits);
+      for (let window = 0; window < wo.windows; window++) {
+        if (n === _0n2)
           break;
-        let wbits = Number(n & mask);
-        n >>= shiftBy;
-        if (wbits > windowSize) {
-          wbits -= maxNumber;
-          n += _1n3;
-        }
-        if (wbits === 0)
+        const { nextN, offset, isZero, isNeg } = calcOffsets(n, window, wo);
+        n = nextN;
+        if (isZero) {
           continue;
-        let curr = precomputes[offset + Math.abs(wbits) - 1];
-        if (wbits < 0)
-          curr = curr.negate();
-        acc = acc.add(curr);
+        } else {
+          const item = precomputes[offset];
+          acc = acc.add(isNeg ? item.negate() : item);
+        }
       }
       return acc;
     },
@@ -1134,20 +817,28 @@ function wNAF(c, bits) {
 function pippenger(c, fieldN, points, scalars) {
   validateMSMPoints(points, c);
   validateMSMScalars(scalars, fieldN);
-  if (points.length !== scalars.length)
+  const plength = points.length;
+  const slength = scalars.length;
+  if (plength !== slength)
     throw new Error("arrays of points and scalars must have equal length");
   const zero = c.ZERO;
-  const wbits = bitLen(BigInt(points.length));
-  const windowSize = wbits > 12 ? wbits - 3 : wbits > 4 ? wbits - 2 : wbits ? 2 : 1;
-  const MASK = (1 << windowSize) - 1;
-  const buckets = new Array(MASK + 1).fill(zero);
+  const wbits = bitLen(BigInt(plength));
+  let windowSize = 1;
+  if (wbits > 12)
+    windowSize = wbits - 3;
+  else if (wbits > 4)
+    windowSize = wbits - 2;
+  else if (wbits > 0)
+    windowSize = 2;
+  const MASK = bitMask(windowSize);
+  const buckets = new Array(Number(MASK) + 1).fill(zero);
   const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) * windowSize;
   let sum = zero;
   for (let i = lastBits; i >= 0; i -= windowSize) {
     buckets.fill(zero);
-    for (let j = 0; j < scalars.length; j++) {
+    for (let j = 0; j < slength; j++) {
       const scalar = scalars[j];
-      const wbits2 = Number(scalar >> BigInt(i) & BigInt(MASK));
+      const wbits2 = Number(scalar >> BigInt(i) & MASK);
       buckets[wbits2] = buckets[wbits2].add(points[j]);
     }
     let resI = zero;
@@ -1180,7 +871,7 @@ function validateBasic(curve) {
   });
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/weierstrass.js
+// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/weierstrass.js
 function validateSigVerOpts(opts) {
   if (opts.lowS !== void 0)
     abool("lowS", opts.lowS);
@@ -1193,33 +884,33 @@ function validatePointOpts(curve) {
     a: "field",
     b: "field"
   }, {
+    allowInfinityPoint: "boolean",
     allowedPrivateKeyLengths: "array",
-    wrapPrivateKey: "boolean",
-    isTorsionFree: "function",
     clearCofactor: "function",
-    allowInfinityPoint: "boolean",
     fromBytes: "function",
-    toBytes: "function"
+    isTorsionFree: "function",
+    toBytes: "function",
+    wrapPrivateKey: "boolean"
   });
   const { endo, Fp, a } = opts;
   if (endo) {
     if (!Fp.eql(a, Fp.ZERO)) {
-      throw new Error("invalid endomorphism, can only be defined for Koblitz curves that have a=0");
+      throw new Error("invalid endo: CURVE.a must be 0");
     }
     if (typeof endo !== "object" || typeof endo.beta !== "bigint" || typeof endo.splitScalar !== "function") {
-      throw new Error("invalid endomorphism, expected beta: bigint and splitScalar: function");
+      throw new Error('invalid endo: expected "beta": bigint and "splitScalar": function');
     }
   }
   return Object.freeze({ ...opts });
 }
-var { bytesToNumberBE: b2n, hexToBytes: h2b } = utils_exports;
+var DERErr = class extends Error {
+  constructor(m = "") {
+    super(m);
+  }
+};
 var DER = {
   // asn.1 DER encoding utils
-  Err: class DERErr extends Error {
-    constructor(m = "") {
-      super(m);
-    }
-  },
+  Err: DERErr,
   // Basic building block is TLV (Tag-Length-Value)
   _tlv: {
     encode: (tag, data) => {
@@ -1279,7 +970,7 @@ var DER = {
   _int: {
     encode(num2) {
       const { Err: E } = DER;
-      if (num2 < _0n4)
+      if (num2 < _0n3)
         throw new E("integer: negative integers are not allowed");
       let hex = numberToHexUnpadded(num2);
       if (Number.parseInt(hex[0], 16) & 8)
@@ -1294,13 +985,12 @@ var DER = {
         throw new E("invalid signature integer: negative");
       if (data[0] === 0 && !(data[1] & 128))
         throw new E("invalid signature integer: unnecessary leading zero");
-      return b2n(data);
+      return bytesToNumberBE(data);
     }
   },
   toSig(hex) {
     const { Err: E, _int: int, _tlv: tlv } = DER;
-    const data = typeof hex === "string" ? h2b(hex) : hex;
-    abytes2(data);
+    const data = ensureBytes("signature", hex);
     const { v: seqBytes, l: seqLeftBytes } = tlv.decode(48, data);
     if (seqLeftBytes.length)
       throw new E("invalid signature: left bytes after parsing");
@@ -1318,9 +1008,12 @@ var DER = {
     return tlv.encode(48, seq);
   }
 };
-var _0n4 = BigInt(0);
-var _1n4 = BigInt(1);
-var _2n3 = BigInt(2);
+function numToSizedHex(num2, size) {
+  return bytesToHex(numberToBytesBE(num2, size));
+}
+var _0n3 = BigInt(0);
+var _1n3 = BigInt(1);
+var _2n2 = BigInt(2);
 var _3n2 = BigInt(3);
 var _4n2 = BigInt(4);
 function weierstrassPoints(opts) {
@@ -1343,15 +1036,24 @@ function weierstrassPoints(opts) {
     const x3 = Fp.mul(x2, x);
     return Fp.add(Fp.add(x3, Fp.mul(x, a)), b);
   }
-  if (!Fp.eql(Fp.sqr(CURVE.Gy), weierstrassEquation(CURVE.Gx)))
-    throw new Error("bad generator point: equation left != right");
+  function isValidXY(x, y) {
+    const left = Fp.sqr(y);
+    const right = weierstrassEquation(x);
+    return Fp.eql(left, right);
+  }
+  if (!isValidXY(CURVE.Gx, CURVE.Gy))
+    throw new Error("bad curve params: generator point");
+  const _4a3 = Fp.mul(Fp.pow(CURVE.a, _3n2), _4n2);
+  const _27b2 = Fp.mul(Fp.sqr(CURVE.b), BigInt(27));
+  if (Fp.is0(Fp.add(_4a3, _27b2)))
+    throw new Error("bad curve params: a or b");
   function isWithinCurveOrder(num2) {
-    return inRange(num2, _1n4, CURVE.n);
+    return inRange(num2, _1n3, CURVE.n);
   }
   function normPrivateKeyToScalar(key) {
     const { allowedPrivateKeyLengths: lengths, nByteLength, wrapPrivateKey, n: N } = CURVE;
     if (lengths && typeof key !== "bigint") {
-      if (isBytes2(key))
+      if (isBytes(key))
         key = bytesToHex(key);
       if (typeof key !== "string" || !lengths.includes(key.length))
         throw new Error("invalid private key");
@@ -1365,10 +1067,10 @@ function weierstrassPoints(opts) {
     }
     if (wrapPrivateKey)
       num2 = mod(num2, N);
-    aInRange("private key", num2, _1n4, N);
+    aInRange("private key", num2, _1n3, N);
     return num2;
   }
-  function assertPrjPoint(other) {
+  function aprjpoint(other) {
     if (!(other instanceof Point2))
       throw new Error("ProjectivePoint expected");
   }
@@ -1397,9 +1099,7 @@ function weierstrassPoints(opts) {
     const { x, y } = p.toAffine();
     if (!Fp.isValid(x) || !Fp.isValid(y))
       throw new Error("bad point: x or y not FE");
-    const left = Fp.sqr(y);
-    const right = weierstrassEquation(x);
-    if (!Fp.eql(left, right))
+    if (!isValidXY(x, y))
       throw new Error("bad point: equation left != right");
     if (!p.isTorsionFree())
       throw new Error("bad point: not in prime-order subgroup");
@@ -1407,15 +1107,15 @@ function weierstrassPoints(opts) {
   });
   class Point2 {
     constructor(px, py, pz) {
-      this.px = px;
-      this.py = py;
-      this.pz = pz;
       if (px == null || !Fp.isValid(px))
         throw new Error("x required");
-      if (py == null || !Fp.isValid(py))
+      if (py == null || !Fp.isValid(py) || Fp.is0(py))
         throw new Error("y required");
       if (pz == null || !Fp.isValid(pz))
         throw new Error("z required");
+      this.px = px;
+      this.py = py;
+      this.pz = pz;
       Object.freeze(this);
     }
     // Does not validate if the point is on-curve.
@@ -1444,7 +1144,7 @@ function weierstrassPoints(opts) {
      * Optimization: converts a list of projective points to a list of identical points with Z=1.
      */
     static normalizeZ(points) {
-      const toInv = Fp.invertBatch(points.map((p) => p.pz));
+      const toInv = FpInvertBatch(Fp, points.map((p) => p.pz));
       return points.map((p, i) => p.toAffine(toInv[i])).map(Point2.fromAffine);
     }
     /**
@@ -1482,7 +1182,7 @@ function weierstrassPoints(opts) {
      * Compare one point to another.
      */
     equals(other) {
-      assertPrjPoint(other);
+      aprjpoint(other);
       const { px: X1, py: Y1, pz: Z1 } = this;
       const { px: X2, py: Y2, pz: Z2 } = other;
       const U1 = Fp.eql(Fp.mul(X1, Z2), Fp.mul(X2, Z1));
@@ -1542,7 +1242,7 @@ function weierstrassPoints(opts) {
     // https://eprint.iacr.org/2015/1060, algorithm 1
     // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
     add(other) {
-      assertPrjPoint(other);
+      aprjpoint(other);
       const { px: X1, py: Y1, pz: Z1 } = this;
       const { px: X2, py: Y2, pz: Z2 } = other;
       let X3 = Fp.ZERO, Y3 = Fp.ZERO, Z3 = Fp.ZERO;
@@ -1605,33 +1305,33 @@ function weierstrassPoints(opts) {
      * an exposed private key e.g. sig verification, which works over *public* keys.
      */
     multiplyUnsafe(sc) {
-      const { endo, n: N } = CURVE;
-      aInRange("scalar", sc, _0n4, N);
+      const { endo: endo2, n: N } = CURVE;
+      aInRange("scalar", sc, _0n3, N);
       const I = Point2.ZERO;
-      if (sc === _0n4)
+      if (sc === _0n3)
         return I;
-      if (this.is0() || sc === _1n4)
+      if (this.is0() || sc === _1n3)
         return this;
-      if (!endo || wnaf.hasPrecomputes(this))
+      if (!endo2 || wnaf.hasPrecomputes(this))
         return wnaf.wNAFCachedUnsafe(this, sc, Point2.normalizeZ);
-      let { k1neg, k1, k2neg, k2 } = endo.splitScalar(sc);
+      let { k1neg, k1, k2neg, k2 } = endo2.splitScalar(sc);
       let k1p = I;
       let k2p = I;
       let d = this;
-      while (k1 > _0n4 || k2 > _0n4) {
-        if (k1 & _1n4)
+      while (k1 > _0n3 || k2 > _0n3) {
+        if (k1 & _1n3)
           k1p = k1p.add(d);
-        if (k2 & _1n4)
+        if (k2 & _1n3)
           k2p = k2p.add(d);
         d = d.double();
-        k1 >>= _1n4;
-        k2 >>= _1n4;
+        k1 >>= _1n3;
+        k2 >>= _1n3;
       }
       if (k1neg)
         k1p = k1p.negate();
       if (k2neg)
         k2p = k2p.negate();
-      k2p = new Point2(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
+      k2p = new Point2(Fp.mul(k2p.px, endo2.beta), k2p.py, k2p.pz);
       return k1p.add(k2p);
     }
     /**
@@ -1644,16 +1344,16 @@ function weierstrassPoints(opts) {
      * @returns New point
      */
     multiply(scalar) {
-      const { endo, n: N } = CURVE;
-      aInRange("scalar", scalar, _1n4, N);
+      const { endo: endo2, n: N } = CURVE;
+      aInRange("scalar", scalar, _1n3, N);
       let point, fake;
-      if (endo) {
-        const { k1neg, k1, k2neg, k2 } = endo.splitScalar(scalar);
+      if (endo2) {
+        const { k1neg, k1, k2neg, k2 } = endo2.splitScalar(scalar);
         let { p: k1p, f: f1p } = this.wNAF(k1);
         let { p: k2p, f: f2p } = this.wNAF(k2);
         k1p = wnaf.constTimeNegate(k1neg, k1p);
         k2p = wnaf.constTimeNegate(k2neg, k2p);
-        k2p = new Point2(Fp.mul(k2p.px, endo.beta), k2p.py, k2p.pz);
+        k2p = new Point2(Fp.mul(k2p.px, endo2.beta), k2p.py, k2p.pz);
         point = k1p.add(k2p);
         fake = f1p.add(f2p);
       } else {
@@ -1671,7 +1371,7 @@ function weierstrassPoints(opts) {
      */
     multiplyAndAddUnsafe(Q, a, b) {
       const G = Point2.BASE;
-      const mul = (P, a2) => a2 === _0n4 || a2 === _1n4 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
+      const mul = (P, a2) => a2 === _0n3 || a2 === _1n3 || !P.equals(G) ? P.multiplyUnsafe(a2) : P.multiply(a2);
       const sum = mul(this, a).add(mul(Q, b));
       return sum.is0() ? void 0 : sum;
     }
@@ -1683,7 +1383,7 @@ function weierstrassPoints(opts) {
     }
     isTorsionFree() {
       const { h: cofactor, isTorsionFree } = CURVE;
-      if (cofactor === _1n4)
+      if (cofactor === _1n3)
         return true;
       if (isTorsionFree)
         return isTorsionFree(Point2, this);
@@ -1691,7 +1391,7 @@ function weierstrassPoints(opts) {
     }
     clearCofactor() {
       const { h: cofactor, clearCofactor } = CURVE;
-      if (cofactor === _1n4)
+      if (cofactor === _1n3)
         return this;
       if (clearCofactor)
         return clearCofactor(Point2, this);
@@ -1709,8 +1409,8 @@ function weierstrassPoints(opts) {
   }
   Point2.BASE = new Point2(CURVE.Gx, CURVE.Gy, Fp.ONE);
   Point2.ZERO = new Point2(Fp.ZERO, Fp.ONE, Fp.ZERO);
-  const _bits = CURVE.nBitLength;
-  const wnaf = wNAF(Point2, CURVE.endo ? Math.ceil(_bits / 2) : _bits);
+  const { endo, nBitLength } = CURVE;
+  const wnaf = wNAF(Point2, endo ? Math.ceil(nBitLength / 2) : nBitLength);
   return {
     CURVE,
     ProjectivePoint: Point2,
@@ -1734,7 +1434,7 @@ function validateOpts(curve) {
 }
 function weierstrass(curveDef) {
   const CURVE = validateOpts(curveDef);
-  const { Fp, n: CURVE_ORDER } = CURVE;
+  const { Fp, n: CURVE_ORDER, nByteLength, nBitLength } = CURVE;
   const compressedLen = Fp.BYTES + 1;
   const uncompressedLen = 2 * Fp.BYTES + 1;
   function modN2(a) {
@@ -1762,7 +1462,7 @@ function weierstrass(curveDef) {
       const tail = bytes.subarray(1);
       if (len === compressedLen && (head === 2 || head === 3)) {
         const x = bytesToNumberBE(tail);
-        if (!inRange(x, _1n4, Fp.ORDER))
+        if (!inRange(x, _1n3, Fp.ORDER))
           throw new Error("Point is not on curve");
         const y2 = weierstrassEquation(x);
         let y;
@@ -1772,7 +1472,7 @@ function weierstrass(curveDef) {
           const suffix = sqrtError instanceof Error ? ": " + sqrtError.message : "";
           throw new Error("Point is not on curve" + suffix);
         }
-        const isYOdd = (y & _1n4) === _1n4;
+        const isYOdd = (y & _1n3) === _1n3;
         const isHeadOdd = (head & 1) === 1;
         if (isHeadOdd !== isYOdd)
           y = Fp.neg(y);
@@ -1788,9 +1488,8 @@ function weierstrass(curveDef) {
       }
     }
   });
-  const numToNByteStr = (num2) => bytesToHex(numberToBytesBE(num2, CURVE.nByteLength));
   function isBiggerThanHalfOrder(number) {
-    const HALF = CURVE_ORDER >> _1n4;
+    const HALF = CURVE_ORDER >> _1n3;
     return number > HALF;
   }
   function normalizeS(s) {
@@ -1799,14 +1498,17 @@ function weierstrass(curveDef) {
   const slcNum = (b, from, to) => bytesToNumberBE(b.slice(from, to));
   class Signature {
     constructor(r, s, recovery) {
+      aInRange("r", r, _1n3, CURVE_ORDER);
+      aInRange("s", s, _1n3, CURVE_ORDER);
       this.r = r;
       this.s = s;
-      this.recovery = recovery;
-      this.assertValidity();
+      if (recovery != null)
+        this.recovery = recovery;
+      Object.freeze(this);
     }
     // pair (bytes of r, bytes of s)
     static fromCompact(hex) {
-      const l = CURVE.nByteLength;
+      const l = nByteLength;
       hex = ensureBytes("compactSignature", hex, l * 2);
       return new Signature(slcNum(hex, 0, l), slcNum(hex, l, 2 * l));
     }
@@ -1816,9 +1518,11 @@ function weierstrass(curveDef) {
       const { r, s } = DER.toSig(ensureBytes("DER", hex));
       return new Signature(r, s);
     }
+    /**
+     * @todo remove
+     * @deprecated
+     */
     assertValidity() {
-      aInRange("r", this.r, _1n4, CURVE_ORDER);
-      aInRange("s", this.s, _1n4, CURVE_ORDER);
     }
     addRecoveryBit(recovery) {
       return new Signature(this.r, this.s, recovery);
@@ -1832,7 +1536,7 @@ function weierstrass(curveDef) {
       if (radj >= Fp.ORDER)
         throw new Error("recovery id 2 or 3 invalid");
       const prefix = (rec & 1) === 0 ? "02" : "03";
-      const R = Point2.fromHex(prefix + numToNByteStr(radj));
+      const R = Point2.fromHex(prefix + numToSizedHex(radj, Fp.BYTES));
       const ir = invN(radj);
       const u1 = modN2(-h * ir);
       const u2 = modN2(s * ir);
@@ -1854,14 +1558,15 @@ function weierstrass(curveDef) {
       return hexToBytes(this.toDERHex());
     }
     toDERHex() {
-      return DER.hexFromSig({ r: this.r, s: this.s });
+      return DER.hexFromSig(this);
     }
     // padded bytes of r, then padded bytes of s
     toCompactRawBytes() {
       return hexToBytes(this.toCompactHex());
     }
     toCompactHex() {
-      return numToNByteStr(this.r) + numToNByteStr(this.s);
+      const l = nByteLength;
+      return numToSizedHex(this.r, l) + numToSizedHex(this.s, l);
     }
   }
   const utils = {
@@ -1900,21 +1605,25 @@ function weierstrass(curveDef) {
     return Point2.fromPrivateKey(privateKey).toRawBytes(isCompressed);
   }
   function isProbPub(item) {
-    const arr = isBytes2(item);
-    const str = typeof item === "string";
-    const len = (arr || str) && item.length;
-    if (arr)
-      return len === compressedLen || len === uncompressedLen;
-    if (str)
-      return len === 2 * compressedLen || len === 2 * uncompressedLen;
+    if (typeof item === "bigint")
+      return false;
     if (item instanceof Point2)
       return true;
-    return false;
+    const arr = ensureBytes("key", item);
+    const len = arr.length;
+    const fpl = Fp.BYTES;
+    const compLen = fpl + 1;
+    const uncompLen = 2 * fpl + 1;
+    if (CURVE.allowedPrivateKeyLengths || nByteLength === compLen) {
+      return void 0;
+    } else {
+      return len === compLen || len === uncompLen;
+    }
   }
   function getSharedSecret(privateA, publicB, isCompressed = true) {
-    if (isProbPub(privateA))
+    if (isProbPub(privateA) === true)
       throw new Error("first arg must be private key");
-    if (!isProbPub(publicB))
+    if (isProbPub(publicB) === false)
       throw new Error("second arg must be public key");
     const b = Point2.fromHex(publicB);
     return b.multiply(normPrivateKeyToScalar(privateA)).toRawBytes(isCompressed);
@@ -1923,16 +1632,16 @@ function weierstrass(curveDef) {
     if (bytes.length > 8192)
       throw new Error("input is too large");
     const num2 = bytesToNumberBE(bytes);
-    const delta = bytes.length * 8 - CURVE.nBitLength;
+    const delta = bytes.length * 8 - nBitLength;
     return delta > 0 ? num2 >> BigInt(delta) : num2;
   };
   const bits2int_modN = CURVE.bits2int_modN || function(bytes) {
     return modN2(bits2int(bytes));
   };
-  const ORDER_MASK = bitMask(CURVE.nBitLength);
+  const ORDER_MASK = bitMask(nBitLength);
   function int2octets(num2) {
-    aInRange("num < 2^" + CURVE.nBitLength, num2, _0n4, ORDER_MASK);
-    return numberToBytesBE(num2, CURVE.nByteLength);
+    aInRange("num < 2^" + nBitLength, num2, _0n3, ORDER_MASK);
+    return numberToBytesBE(num2, nByteLength);
   }
   function prepSig(msgHash, privateKey, opts = defaultSigOpts) {
     if (["recovered", "canonical"].some((k) => k in opts))
@@ -1961,12 +1670,12 @@ function weierstrass(curveDef) {
       const ik = invN(k);
       const q = Point2.BASE.multiply(k).toAffine();
       const r = modN2(q.x);
-      if (r === _0n4)
+      if (r === _0n3)
         return;
       const s = modN2(ik * modN2(m + r * d));
-      if (s === _0n4)
+      if (s === _0n3)
         return;
-      let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n4);
+      let recovery = (q.x === r ? 0 : 2) | Number(q.y & _1n3);
       let normS = s;
       if (lowS && isBiggerThanHalfOrder(s)) {
         normS = normalizeS(s);
@@ -1995,7 +1704,7 @@ function weierstrass(curveDef) {
       throw new Error("options.strict was renamed to lowS");
     if (format !== void 0 && format !== "compact" && format !== "der")
       throw new Error("format must be compact or der");
-    const isHex = typeof sg === "string" || isBytes2(sg);
+    const isHex = typeof sg === "string" || isBytes(sg);
     const isObj = !isHex && !format && typeof sg === "object" && sg !== null && typeof sg.r === "bigint" && typeof sg.s === "bigint";
     if (!isHex && !isObj)
       throw new Error("invalid signature, expected Uint8Array, hex string or Signature instance");
@@ -2049,18 +1758,18 @@ function weierstrass(curveDef) {
 }
 function SWUFpSqrtRatio(Fp, Z) {
   const q = Fp.ORDER;
-  let l = _0n4;
-  for (let o = q - _1n4; o % _2n3 === _0n4; o /= _2n3)
-    l += _1n4;
+  let l = _0n3;
+  for (let o = q - _1n3; o % _2n2 === _0n3; o /= _2n2)
+    l += _1n3;
   const c1 = l;
-  const _2n_pow_c1_1 = _2n3 << c1 - _1n4 - _1n4;
-  const _2n_pow_c1 = _2n_pow_c1_1 * _2n3;
-  const c2 = (q - _1n4) / _2n_pow_c1;
-  const c3 = (c2 - _1n4) / _2n3;
-  const c4 = _2n_pow_c1 - _1n4;
+  const _2n_pow_c1_1 = _2n2 << c1 - _1n3 - _1n3;
+  const _2n_pow_c1 = _2n_pow_c1_1 * _2n2;
+  const c2 = (q - _1n3) / _2n_pow_c1;
+  const c3 = (c2 - _1n3) / _2n2;
+  const c4 = _2n_pow_c1 - _1n3;
   const c5 = _2n_pow_c1_1;
   const c6 = Fp.pow(Z, c2);
-  const c7 = Fp.pow(Z, (c2 + _1n4) / _2n3);
+  const c7 = Fp.pow(Z, (c2 + _1n3) / _2n2);
   let sqrtRatio = (u, v) => {
     let tv1 = c6;
     let tv2 = Fp.pow(v, c4);
@@ -2078,9 +1787,9 @@ function SWUFpSqrtRatio(Fp, Z) {
     tv5 = Fp.mul(tv4, tv1);
     tv3 = Fp.cmov(tv2, tv3, isQR);
     tv4 = Fp.cmov(tv5, tv4, isQR);
-    for (let i = c1; i > _1n4; i--) {
-      let tv52 = i - _2n3;
-      tv52 = _2n3 << tv52 - _1n4;
+    for (let i = c1; i > _1n3; i--) {
+      let tv52 = i - _2n2;
+      tv52 = _2n2 << tv52 - _1n3;
       let tvv5 = Fp.pow(tv4, tv52);
       const e1 = Fp.eql(tvv5, Fp.ONE);
       tv2 = Fp.mul(tv3, tv1);
@@ -2142,12 +1851,13 @@ function mapToCurveSimpleSWU(Fp, opts) {
     y = Fp.cmov(y, value, isValid);
     const e1 = Fp.isOdd(u) === Fp.isOdd(y);
     y = Fp.cmov(Fp.neg(y), y, e1);
-    x = Fp.div(x, tv4);
+    const tv4_inv = FpInvertBatch(Fp, [tv4], true)[0];
+    x = Fp.mul(x, tv4_inv);
     return { x, y };
   };
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/_shortw_utils.js
+// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/_shortw_utils.js
 function getHash(hash) {
   return {
     hash,
@@ -2157,10 +1867,10 @@ function getHash(hash) {
 }
 function createCurve(curveDef, defHash) {
   const create = (hash) => weierstrass({ ...curveDef, ...getHash(hash) });
-  return Object.freeze({ ...create(defHash), create });
+  return { ...create(defHash), create };
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/abstract/hash-to-curve.js
+// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/abstract/hash-to-curve.js
 var os2ip = bytesToNumberBE;
 function i2osp(value, length) {
   anum(value);
@@ -2190,7 +1900,7 @@ function expand_message_xmd(msg, DST, lenInBytes, H) {
   abytes2(DST);
   anum(lenInBytes);
   if (DST.length > 255)
-    DST = H(concatBytes2(utf8ToBytes2("H2C-OVERSIZE-DST-"), DST));
+    DST = H(concatBytes2(utf8ToBytes("H2C-OVERSIZE-DST-"), DST));
   const { outputLen: b_in_bytes, blockLen: r_in_bytes } = H;
   const ell = Math.ceil(lenInBytes / b_in_bytes);
   if (lenInBytes > 65535 || ell > 255)
@@ -2214,7 +1924,7 @@ function expand_message_xof(msg, DST, lenInBytes, k, H) {
   anum(lenInBytes);
   if (DST.length > 255) {
     const dkLen = Math.ceil(2 * k / 8);
-    DST = H.create({ dkLen }).update(utf8ToBytes2("H2C-OVERSIZE-DST-")).update(DST).digest();
+    DST = H.create({ dkLen }).update(utf8ToBytes("H2C-OVERSIZE-DST-")).update(DST).digest();
   }
   if (lenInBytes > 65535 || DST.length > 255)
     throw new Error("expand_message_xof: invalid lenInBytes");
@@ -2231,7 +1941,7 @@ function hash_to_field(msg, count, options) {
   const { p, k, m, hash, expand, DST: _DST } = options;
   abytes2(msg);
   anum(count);
-  const DST = typeof _DST === "string" ? utf8ToBytes2(_DST) : _DST;
+  const DST = typeof _DST === "string" ? utf8ToBytes(_DST) : _DST;
   const log2p = p.toString(2).length;
   const L = Math.ceil((log2p + k) / 8);
   const len_in_bytes = count * m * L;
@@ -2258,56 +1968,63 @@ function hash_to_field(msg, count, options) {
   return u;
 }
 function isogenyMap(field, map) {
-  const COEFF = map.map((i) => Array.from(i).reverse());
+  const coeff = map.map((i) => Array.from(i).reverse());
   return (x, y) => {
-    const [xNum, xDen, yNum, yDen] = COEFF.map((val) => val.reduce((acc, i) => field.add(field.mul(acc, x), i)));
-    x = field.div(xNum, xDen);
-    y = field.mul(y, field.div(yNum, yDen));
+    const [xn, xd, yn, yd] = coeff.map((val) => val.reduce((acc, i) => field.add(field.mul(acc, x), i)));
+    const [xd_inv, yd_inv] = FpInvertBatch(field, [xd, yd], true);
+    x = field.mul(xn, xd_inv);
+    y = field.mul(y, field.mul(yn, yd_inv));
     return { x, y };
   };
 }
-function createHasher(Point2, mapToCurve, def) {
+function createHasher2(Point2, mapToCurve, defaults) {
   if (typeof mapToCurve !== "function")
     throw new Error("mapToCurve() must be defined");
+  function map(num2) {
+    return Point2.fromAffine(mapToCurve(num2));
+  }
+  function clear(initial) {
+    const P = initial.clearCofactor();
+    if (P.equals(Point2.ZERO))
+      return Point2.ZERO;
+    P.assertValidity();
+    return P;
+  }
   return {
+    defaults,
     // Encodes byte string to elliptic curve.
     // hash_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
     hashToCurve(msg, options) {
-      const u = hash_to_field(msg, 2, { ...def, DST: def.DST, ...options });
-      const u0 = Point2.fromAffine(mapToCurve(u[0]));
-      const u1 = Point2.fromAffine(mapToCurve(u[1]));
-      const P = u0.add(u1).clearCofactor();
-      P.assertValidity();
-      return P;
+      const u = hash_to_field(msg, 2, { ...defaults, DST: defaults.DST, ...options });
+      const u0 = map(u[0]);
+      const u1 = map(u[1]);
+      return clear(u0.add(u1));
     },
     // Encodes byte string to elliptic curve.
     // encode_to_curve from https://www.rfc-editor.org/rfc/rfc9380#section-3
     encodeToCurve(msg, options) {
-      const u = hash_to_field(msg, 1, { ...def, DST: def.encodeDST, ...options });
-      const P = Point2.fromAffine(mapToCurve(u[0])).clearCofactor();
-      P.assertValidity();
-      return P;
+      const u = hash_to_field(msg, 1, { ...defaults, DST: defaults.encodeDST, ...options });
+      return clear(map(u[0]));
     },
     // Same as encodeToCurve, but without hash
     mapToCurve(scalars) {
       if (!Array.isArray(scalars))
-        throw new Error("mapToCurve: expected array of bigints");
+        throw new Error("expected array of bigints");
       for (const i of scalars)
         if (typeof i !== "bigint")
-          throw new Error("mapToCurve: expected array of bigints");
-      const P = Point2.fromAffine(mapToCurve(scalars)).clearCofactor();
-      P.assertValidity();
-      return P;
+          throw new Error("expected array of bigints");
+      return clear(map(scalars));
     }
   };
 }
 
-// ../../node_modules/.pnpm/@noble+curves@1.7.0/node_modules/@noble/curves/esm/secp256k1.js
+// ../../node_modules/.pnpm/@noble+curves@1.9.1/node_modules/@noble/curves/esm/secp256k1.js
 var secp256k1P = BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f");
 var secp256k1N = BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141");
-var _1n5 = BigInt(1);
-var _2n4 = BigInt(2);
-var divNearest = (a, b) => (a + b / _2n4) / b;
+var _0n4 = BigInt(0);
+var _1n4 = BigInt(1);
+var _2n3 = BigInt(2);
+var divNearest = (a, b) => (a + b / _2n3) / b;
 function sqrtMod(y) {
   const P = secp256k1P;
   const _3n3 = BigInt(3), _6n = BigInt(6), _11n = BigInt(11), _22n = BigInt(22);
@@ -2316,7 +2033,7 @@ function sqrtMod(y) {
   const b3 = b2 * b2 * y % P;
   const b6 = pow2(b3, _3n3, P) * b3 % P;
   const b9 = pow2(b6, _3n3, P) * b3 % P;
-  const b11 = pow2(b9, _2n4, P) * b2 % P;
+  const b11 = pow2(b9, _2n3, P) * b2 % P;
   const b22 = pow2(b11, _11n, P) * b11 % P;
   const b44 = pow2(b22, _22n, P) * b22 % P;
   const b88 = pow2(b44, _44n, P) * b44 % P;
@@ -2325,40 +2042,29 @@ function sqrtMod(y) {
   const b223 = pow2(b220, _3n3, P) * b3 % P;
   const t1 = pow2(b223, _23n, P) * b22 % P;
   const t2 = pow2(t1, _6n, P) * b2 % P;
-  const root = pow2(t2, _2n4, P);
+  const root = pow2(t2, _2n3, P);
   if (!Fpk1.eql(Fpk1.sqr(root), y))
     throw new Error("Cannot find square root");
   return root;
 }
 var Fpk1 = Field(secp256k1P, void 0, void 0, { sqrt: sqrtMod });
 var secp256k1 = createCurve({
-  a: BigInt(0),
-  // equation params: a, b
+  a: _0n4,
   b: BigInt(7),
-  // Seem to be rigid: bitcointalk.org/index.php?topic=289795.msg3183975#msg3183975
   Fp: Fpk1,
-  // Field's prime: 2n**256n - 2n**32n - 2n**9n - 2n**8n - 2n**7n - 2n**6n - 2n**4n - 1n
   n: secp256k1N,
-  // Curve order, total count of valid points in the field
-  // Base point (x, y) aka generator point
   Gx: BigInt("55066263022277343669578718895168534326250603453777594175500187360389116729240"),
   Gy: BigInt("32670510020758816978083085130507043184471273380659243275938904335757337482424"),
   h: BigInt(1),
-  // Cofactor
   lowS: true,
   // Allow only low-S signatures by default in sign() and verify()
-  /**
-   * secp256k1 belongs to Koblitz curves: it has efficiently computable endomorphism.
-   * Endomorphism uses 2x less RAM, speeds up precomputation by 2x and ECDH / key recovery by 20%.
-   * For precomputed wNAF it trades off 1/2 init time & 1/3 ram for 20% perf hit.
-   * Explanation: https://gist.github.com/paulmillr/eb670806793e84df628a7c434a873066
-   */
   endo: {
+    // Endomorphism, see above
     beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
     splitScalar: (k) => {
       const n = secp256k1N;
       const a1 = BigInt("0x3086d221a7d46bcde86c90e49284eb15");
-      const b1 = -_1n5 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
+      const b1 = -_1n4 * BigInt("0xe4437ed6010e88286f547fa90abfe4c3");
       const a2 = BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8");
       const b2 = a1;
       const POW_2_128 = BigInt("0x100000000000000000000000000000000");
@@ -2379,7 +2085,6 @@ var secp256k1 = createCurve({
     }
   }
 }, sha256);
-var _0n5 = BigInt(0);
 var TAGGED_HASH_PREFIXES = {};
 function taggedHash(tag, ...messages) {
   let tagP = TAGGED_HASH_PREFIXES[tag];
@@ -2394,7 +2099,7 @@ var pointToBytes = (point) => point.toRawBytes(true).slice(1);
 var numTo32b = (n) => numberToBytesBE(n, 32);
 var modP = (x) => mod(x, secp256k1P);
 var modN = (x) => mod(x, secp256k1N);
-var Point = secp256k1.ProjectivePoint;
+var Point = /* @__PURE__ */ (() => secp256k1.ProjectivePoint)();
 var GmulAdd = (Q, a, b) => Point.BASE.multiplyAndAddUnsafe(Q, a, b);
 function schnorrGetExtPubKey(priv) {
   let d_ = secp256k1.utils.normPrivateKeyToScalar(priv);
@@ -2403,13 +2108,13 @@ function schnorrGetExtPubKey(priv) {
   return { scalar, bytes: pointToBytes(p) };
 }
 function lift_x(x) {
-  aInRange("x", x, _1n5, secp256k1P);
+  aInRange("x", x, _1n4, secp256k1P);
   const xx = modP(x * x);
   const c = modP(xx * x + BigInt(7));
   let y = sqrtMod(c);
-  if (y % _2n4 !== _0n5)
+  if (y % _2n3 !== _0n4)
     y = modP(-y);
-  const p = new Point(x, y, _1n5);
+  const p = new Point(x, y, _1n4);
   p.assertValidity();
   return p;
 }
@@ -2427,7 +2132,7 @@ function schnorrSign(message, privateKey, auxRand = randomBytes(32)) {
   const t = numTo32b(d ^ num(taggedHash("BIP0340/aux", a)));
   const rand = taggedHash("BIP0340/nonce", t, px, m);
   const k_ = modN(num(rand));
-  if (k_ === _0n5)
+  if (k_ === _0n4)
     throw new Error("sign failed: k is zero");
   const { bytes: rx, scalar: k } = schnorrGetExtPubKey(k_);
   const e = challenge(rx, px, m);
@@ -2445,10 +2150,10 @@ function schnorrVerify(signature, message, publicKey) {
   try {
     const P = lift_x(num(pub));
     const r = num(sig.subarray(0, 32));
-    if (!inRange(r, _1n5, secp256k1P))
+    if (!inRange(r, _1n4, secp256k1P))
       return false;
     const s = num(sig.subarray(32, 64));
-    if (!inRange(s, _1n5, secp256k1N))
+    if (!inRange(s, _1n4, secp256k1N))
       return false;
     const e = challenge(numTo32b(r), pointToBytes(P), m);
     const R = GmulAdd(P, s, modN(-e));
@@ -2509,7 +2214,7 @@ var mapSWU = /* @__PURE__ */ (() => mapToCurveSimpleSWU(Fpk1, {
   B: BigInt("1771"),
   Z: Fpk1.create(BigInt("-11"))
 }))();
-var htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalars) => {
+var secp256k1_hasher = /* @__PURE__ */ (() => createHasher2(secp256k1.ProjectivePoint, (scalars) => {
   const { x, y } = mapSWU(Fpk1.create(scalars[0]));
   return isoMap(x, y);
 }, {
@@ -2521,20 +2226,17 @@ var htf = /* @__PURE__ */ (() => createHasher(secp256k1.ProjectivePoint, (scalar
   expand: "xmd",
   hash: sha256
 }))();
-var hashToCurve = /* @__PURE__ */ (() => htf.hashToCurve)();
-var encodeToCurve = /* @__PURE__ */ (() => htf.encodeToCurve)();
+var hashToCurve = /* @__PURE__ */ (() => secp256k1_hasher.hashToCurve)();
+var encodeToCurve = /* @__PURE__ */ (() => secp256k1_hasher.encodeToCurve)();
 export {
   encodeToCurve,
   hashToCurve,
   schnorr,
-  secp256k1
+  secp256k1,
+  secp256k1_hasher
 };
 /*! Bundled license information:
 
-@noble/hashes/esm/utils.js:
-  (*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
-
-@noble/curves/esm/abstract/utils.js:
 @noble/curves/esm/abstract/modular.js:
 @noble/curves/esm/abstract/curve.js:
 @noble/curves/esm/abstract/weierstrass.js:
@@ -2542,4 +2244,4 @@ export {
 @noble/curves/esm/secp256k1.js:
   (*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) *)
 */
-//# sourceMappingURL=secp256k1-VMQNAPXV.js.map
+//# sourceMappingURL=secp256k1-XP7IUONI.js.map