npm - digiid-ts - Versions diffs - 1.1.0 → 2.0.0 - Mend

digiid-ts 1.1.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/digiid-ts.es.js CHANGED Viewed

@@ -1,97 +1,2079 @@
-import { randomBytes as f } from "crypto";
-import * as m from "bitcoinjs-message";
-class e extends Error {
-  constructor(r) {
-    super(r), this.name = "DigiIDError";
+var Te = Object.defineProperty;
+var Me = (e, t, r) => t in e ? Te(e, t, { enumerable: !0, configurable: !0, writable: !0, value: r }) : e[t] = r;
+var m = (e, t, r) => Me(e, typeof t != "symbol" ? t + "" : t, r);
+import { randomBytes as Ye } from "crypto";
+class C extends Error {
+  constructor(t) {
+    super(t), this.name = "DigiIDError";
   }
 }
-async function U(t, r, i) {
-  const c = `DigiByte Signed Message:
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function Vt(e) {
+  return e instanceof Uint8Array || ArrayBuffer.isView(e) && e.constructor.name === "Uint8Array";
+}
+function ut(e, t = "") {
+  if (!Number.isSafeInteger(e) || e < 0) {
+    const r = t && `"${t}" `;
+    throw new Error(`${r}expected integer >= 0, got ${e}`);
+  }
+}
+function N(e, t, r = "") {
+  const n = Vt(e), s = e == null ? void 0 : e.length, i = t !== void 0;
+  if (!n || i && s !== t) {
+    const o = r && `"${r}" `, c = i ? ` of length ${t}` : "", f = n ? `length=${s}` : `type=${typeof e}`;
+    throw new Error(o + "expected Uint8Array" + c + ", got " + f);
+  }
+  return e;
+}
+function ae(e) {
+  if (typeof e != "function" || typeof e.create != "function")
+    throw new Error("Hash must wrapped by utils.createHasher");
+  ut(e.outputLen), ut(e.blockLen);
+}
+function Bt(e, t = !0) {
+  if (e.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (t && e.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function je(e, t) {
+  N(e, void 0, "digestInto() output");
+  const r = t.outputLen;
+  if (e.length < r)
+    throw new Error('"digestInto() output" expected to be of length >=' + r);
+}
+function vt(...e) {
+  for (let t = 0; t < e.length; t++)
+    e[t].fill(0);
+}
+function Ot(e) {
+  return new DataView(e.buffer, e.byteOffset, e.byteLength);
+}
+function P(e, t) {
+  return e << 32 - t | e >>> t;
+}
+const ue = /* @ts-ignore */ typeof Uint8Array.from([]).toHex == "function" && typeof Uint8Array.fromHex == "function", Ke = /* @__PURE__ */ Array.from({ length: 256 }, (e, t) => t.toString(16).padStart(2, "0"));
+function Lt(e) {
+  if (N(e), ue)
+    return e.toHex();
+  let t = "";
+  for (let r = 0; r < e.length; r++)
+    t += Ke[e[r]];
+  return t;
+}
+const J = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };
+function Wt(e) {
+  if (e >= J._0 && e <= J._9)
+    return e - J._0;
+  if (e >= J.A && e <= J.F)
+    return e - (J.A - 10);
+  if (e >= J.a && e <= J.f)
+    return e - (J.a - 10);
+}
+function Rt(e) {
+  if (typeof e != "string")
+    throw new Error("hex string expected, got " + typeof e);
+  if (ue)
+    return Uint8Array.fromHex(e);
+  const t = e.length, r = t / 2;
+  if (t % 2)
+    throw new Error("hex string expected, got unpadded hex of length " + t);
+  const n = new Uint8Array(r);
+  for (let s = 0, i = 0; s < r; s++, i += 2) {
+    const o = Wt(e.charCodeAt(i)), c = Wt(e.charCodeAt(i + 1));
+    if (o === void 0 || c === void 0) {
+      const f = e[i] + e[i + 1];
+      throw new Error('hex string expected, got non-hex character "' + f + '" at index ' + i);
+    }
+    n[s] = o * 16 + c;
+  }
+  return n;
+}
+function it(...e) {
+  let t = 0;
+  for (let n = 0; n < e.length; n++) {
+    const s = e[n];
+    N(s), t += s.length;
+  }
+  const r = new Uint8Array(t);
+  for (let n = 0, s = 0; n < e.length; n++) {
+    const i = e[n];
+    r.set(i, s), s += i.length;
+  }
+  return r;
+}
+function Ge(e, t = {}) {
+  const r = (s, i) => e(i).update(s).digest(), n = e(void 0);
+  return r.outputLen = n.outputLen, r.blockLen = n.blockLen, r.create = (s) => e(s), Object.assign(r, t), Object.freeze(r);
+}
+function le(e = 32) {
+  const t = typeof globalThis == "object" ? globalThis.crypto : null;
+  if (typeof (t == null ? void 0 : t.getRandomValues) != "function")
+    throw new Error("crypto.getRandomValues must be defined");
+  return t.getRandomValues(new Uint8Array(e));
+}
+const Xe = (e) => ({
+  oid: Uint8Array.from([6, 9, 96, 134, 72, 1, 101, 3, 4, 2, e])
+});
+function ze(e, t, r) {
+  return e & t ^ ~e & r;
+}
+function Fe(e, t, r) {
+  return e & t ^ e & r ^ t & r;
+}
+let We = class {
+  constructor(t, r, n, s) {
+    m(this, "blockLen");
+    m(this, "outputLen");
+    m(this, "padOffset");
+    m(this, "isLE");
+    // For partial updates less than block size
+    m(this, "buffer");
+    m(this, "view");
+    m(this, "finished", !1);
+    m(this, "length", 0);
+    m(this, "pos", 0);
+    m(this, "destroyed", !1);
+    this.blockLen = t, this.outputLen = r, this.padOffset = n, this.isLE = s, this.buffer = new Uint8Array(t), this.view = Ot(this.buffer);
+  }
+  update(t) {
+    Bt(this), N(t);
+    const { view: r, buffer: n, blockLen: s } = this, i = t.length;
+    for (let o = 0; o < i; ) {
+      const c = Math.min(s - this.pos, i - o);
+      if (c === s) {
+        const f = Ot(t);
+        for (; s <= i - o; o += s)
+          this.process(f, o);
+        continue;
+      }
+      n.set(t.subarray(o, o + c), this.pos), this.pos += c, o += c, this.pos === s && (this.process(r, 0), this.pos = 0);
+    }
+    return this.length += t.length, this.roundClean(), this;
+  }
+  digestInto(t) {
+    Bt(this), je(t, this), this.finished = !0;
+    const { buffer: r, view: n, blockLen: s, isLE: i } = this;
+    let { pos: o } = this;
+    r[o++] = 128, vt(this.buffer.subarray(o)), this.padOffset > s - o && (this.process(n, 0), o = 0);
+    for (let d = o; d < s; d++)
+      r[d] = 0;
+    n.setBigUint64(s - 8, BigInt(this.length * 8), i), this.process(n, 0);
+    const c = Ot(t), f = this.outputLen;
+    if (f % 4)
+      throw new Error("_sha2: outputLen must be aligned to 32bit");
+    const a = f / 4, h = this.get();
+    if (a > h.length)
+      throw new Error("_sha2: outputLen bigger than state");
+    for (let d = 0; d < a; d++)
+      c.setUint32(4 * d, h[d], i);
+  }
+  digest() {
+    const { buffer: t, outputLen: r } = this;
+    this.digestInto(t);
+    const n = t.slice(0, r);
+    return this.destroy(), n;
+  }
+  _cloneInto(t) {
+    t || (t = new this.constructor()), t.set(...this.get());
+    const { blockLen: r, buffer: n, length: s, finished: i, destroyed: o, pos: c } = this;
+    return t.destroyed = o, t.finished = i, t.length = s, t.pos = c, s % r && t.buffer.set(n), t;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+};
+const et = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]), Pe = /* @__PURE__ */ Uint32Array.from([
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+]), nt = /* @__PURE__ */ new Uint32Array(64);
+class Qe extends We {
+  constructor(t) {
+    super(64, t, 8, !1);
+  }
+  get() {
+    const { A: t, B: r, C: n, D: s, E: i, F: o, G: c, H: f } = this;
+    return [t, r, n, s, i, o, c, f];
+  }
+  // prettier-ignore
+  set(t, r, n, s, i, o, c, f) {
+    this.A = t | 0, this.B = r | 0, this.C = n | 0, this.D = s | 0, this.E = i | 0, this.F = o | 0, this.G = c | 0, this.H = f | 0;
+  }
+  process(t, r) {
+    for (let d = 0; d < 16; d++, r += 4)
+      nt[d] = t.getUint32(r, !1);
+    for (let d = 16; d < 64; d++) {
+      const y = nt[d - 15], g = nt[d - 2], x = P(y, 7) ^ P(y, 18) ^ y >>> 3, U = P(g, 17) ^ P(g, 19) ^ g >>> 10;
+      nt[d] = U + nt[d - 7] + x + nt[d - 16] | 0;
+    }
+    let { A: n, B: s, C: i, D: o, E: c, F: f, G: a, H: h } = this;
+    for (let d = 0; d < 64; d++) {
+      const y = P(c, 6) ^ P(c, 11) ^ P(c, 25), g = h + y + ze(c, f, a) + Pe[d] + nt[d] | 0, U = (P(n, 2) ^ P(n, 13) ^ P(n, 22)) + Fe(n, s, i) | 0;
+      h = a, a = f, f = c, c = o + g | 0, o = i, i = s, s = n, n = g + U | 0;
+    }
+    n = n + this.A | 0, s = s + this.B | 0, i = i + this.C | 0, o = o + this.D | 0, c = c + this.E | 0, f = f + this.F | 0, a = a + this.G | 0, h = h + this.H | 0, this.set(n, s, i, o, c, f, a, h);
+  }
+  roundClean() {
+    vt(nt);
+  }
+  destroy() {
+    this.set(0, 0, 0, 0, 0, 0, 0, 0), vt(this.buffer);
+  }
+}
+class Je extends Qe {
+  constructor() {
+    super(32);
+    // We cannot use array here since array allows indexing by variable
+    // which means optimizer/compiler cannot use registers.
+    m(this, "A", et[0] | 0);
+    m(this, "B", et[1] | 0);
+    m(this, "C", et[2] | 0);
+    m(this, "D", et[3] | 0);
+    m(this, "E", et[4] | 0);
+    m(this, "F", et[5] | 0);
+    m(this, "G", et[6] | 0);
+    m(this, "H", et[7] | 0);
+  }
+}
+const tn = /* @__PURE__ */ Ge(
+  () => new Je(),
+  /* @__PURE__ */ Xe(1)
+);
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const Tt = /* @__PURE__ */ BigInt(0), $t = /* @__PURE__ */ BigInt(1);
+function At(e, t = "") {
+  if (typeof e != "boolean") {
+    const r = t && `"${t}" `;
+    throw new Error(r + "expected boolean, got type=" + typeof e);
+  }
+  return e;
+}
+function de(e) {
+  if (typeof e == "bigint") {
+    if (!Et(e))
+      throw new Error("positive bigint expected, got " + e);
+  } else
+    ut(e);
+  return e;
+}
+function pt(e) {
+  const t = de(e).toString(16);
+  return t.length & 1 ? "0" + t : t;
+}
+function he(e) {
+  if (typeof e != "string")
+    throw new Error("hex string expected, got " + typeof e);
+  return e === "" ? Tt : BigInt("0x" + e);
+}
+function Ut(e) {
+  return he(Lt(e));
+}
+function ge(e) {
+  return he(Lt(en(N(e)).reverse()));
+}
+function Mt(e, t) {
+  ut(t), e = de(e);
+  const r = Rt(e.toString(16).padStart(t * 2, "0"));
+  if (r.length !== t)
+    throw new Error("number too large");
+  return r;
+}
+function we(e, t) {
+  return Mt(e, t).reverse();
+}
+function en(e) {
+  return Uint8Array.from(e);
+}
+const Et = (e) => typeof e == "bigint" && Tt <= e;
+function nn(e, t, r) {
+  return Et(e) && Et(t) && Et(r) && t <= e && e < r;
+}
+function rn(e, t, r, n) {
+  if (!nn(t, r, n))
+    throw new Error("expected valid " + e + ": " + r + " <= n < " + n + ", got " + t);
+}
+function sn(e) {
+  let t;
+  for (t = 0; e > Tt; e >>= $t, t += 1)
+    ;
+  return t;
+}
+const Yt = (e) => ($t << BigInt(e)) - $t;
+function on(e, t, r) {
+  if (ut(e, "hashLen"), ut(t, "qByteLen"), typeof r != "function")
+    throw new Error("hmacFn must be a function");
+  const n = (I) => new Uint8Array(I), s = Uint8Array.of(), i = Uint8Array.of(0), o = Uint8Array.of(1), c = 1e3;
+  let f = n(e), a = n(e), h = 0;
+  const d = () => {
+    f.fill(1), a.fill(0), h = 0;
+  }, y = (...I) => r(a, it(f, ...I)), g = (I = s) => {
+    a = y(i, I), f = y(), I.length !== 0 && (a = y(o, I), f = y());
+  }, x = () => {
+    if (h++ >= c)
+      throw new Error("drbg: tried max amount of iterations");
+    let I = 0;
+    const O = [];
+    for (; I < t; ) {
+      f = y();
+      const j = f.slice();
+      O.push(j), I += f.length;
+    }
+    return it(...O);
+  };
+  return (I, O) => {
+    d(), g(I);
+    let j;
+    for (; !(j = O(x())); )
+      g();
+    return d(), j;
+  };
+}
+function jt(e, t = {}, r = {}) {
+  if (!e || typeof e != "object")
+    throw new Error("expected valid options object");
+  function n(i, o, c) {
+    const f = e[i];
+    if (c && f === void 0)
+      return;
+    const a = typeof f;
+    if (a !== o || f === null)
+      throw new Error(`param "${i}" is invalid: expected ${o}, got ${a}`);
+  }
+  const s = (i, o) => Object.entries(i).forEach(([c, f]) => n(c, f, o));
+  s(t, !1), s(r, !0);
+}
+function Pt(e) {
+  const t = /* @__PURE__ */ new WeakMap();
+  return (r, ...n) => {
+    const s = t.get(r);
+    if (s !== void 0)
+      return s;
+    const i = e(r, ...n);
+    return t.set(r, i), i;
+  };
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const Y = /* @__PURE__ */ BigInt(0), M = /* @__PURE__ */ BigInt(1), ft = /* @__PURE__ */ BigInt(2), be = /* @__PURE__ */ BigInt(3), pe = /* @__PURE__ */ BigInt(4), ye = /* @__PURE__ */ BigInt(5), cn = /* @__PURE__ */ BigInt(7), xe = /* @__PURE__ */ BigInt(8), fn = /* @__PURE__ */ BigInt(9), me = /* @__PURE__ */ BigInt(16);
+function F(e, t) {
+  const r = e % t;
+  return r >= Y ? r : t + r;
+}
+function X(e, t, r) {
+  let n = e;
+  for (; t-- > Y; )
+    n *= n, n %= r;
+  return n;
+}
+function Qt(e, t) {
+  if (e === Y)
+    throw new Error("invert: expected non-zero number");
+  if (t <= Y)
+    throw new Error("invert: expected positive modulus, got " + t);
+  let r = F(e, t), n = t, s = Y, i = M;
+  for (; r !== Y; ) {
+    const c = n / r, f = n % r, a = s - i * c;
+    n = r, r = f, s = i, i = a;
+  }
+  if (n !== M)
+    throw new Error("invert: does not exist");
+  return F(s, t);
+}
+function Kt(e, t, r) {
+  if (!e.eql(e.sqr(t), r))
+    throw new Error("Cannot find square root");
+}
+function Ee(e, t) {
+  const r = (e.ORDER + M) / pe, n = e.pow(t, r);
+  return Kt(e, n, t), n;
+}
+function an(e, t) {
+  const r = (e.ORDER - ye) / xe, n = e.mul(t, ft), s = e.pow(n, r), i = e.mul(t, s), o = e.mul(e.mul(i, ft), s), c = e.mul(i, e.sub(o, e.ONE));
+  return Kt(e, c, t), c;
+}
+function un(e) {
+  const t = St(e), r = Be(e), n = r(t, t.neg(t.ONE)), s = r(t, n), i = r(t, t.neg(n)), o = (e + cn) / me;
+  return (c, f) => {
+    let a = c.pow(f, o), h = c.mul(a, n);
+    const d = c.mul(a, s), y = c.mul(a, i), g = c.eql(c.sqr(h), f), x = c.eql(c.sqr(d), f);
+    a = c.cmov(a, h, g), h = c.cmov(y, d, x);
+    const U = c.eql(c.sqr(h), f), I = c.cmov(a, h, U);
+    return Kt(c, I, f), I;
+  };
+}
+function Be(e) {
+  if (e < be)
+    throw new Error("sqrt is not defined for small field");
+  let t = e - M, r = 0;
+  for (; t % ft === Y; )
+    t /= ft, r++;
+  let n = ft;
+  const s = St(e);
+  for (; Jt(s, n) === 1; )
+    if (n++ > 1e3)
+      throw new Error("Cannot find square root: probably non-prime P");
+  if (r === 1)
+    return Ee;
+  let i = s.pow(n, t);
+  const o = (t + M) / ft;
+  return function(f, a) {
+    if (f.is0(a))
+      return a;
+    if (Jt(f, a) !== 1)
+      throw new Error("Cannot find square root");
+    let h = r, d = f.mul(f.ONE, i), y = f.pow(a, t), g = f.pow(a, o);
+    for (; !f.eql(y, f.ONE); ) {
+      if (f.is0(y))
+        return f.ZERO;
+      let x = 1, U = f.sqr(y);
+      for (; !f.eql(U, f.ONE); )
+        if (x++, U = f.sqr(U), x === h)
+          throw new Error("Cannot find square root");
+      const I = M << BigInt(h - x - 1), O = f.pow(d, I);
+      h = x, d = f.sqr(O), y = f.mul(y, d), g = f.mul(g, O);
+    }
+    return g;
+  };
+}
+function ln(e) {
+  return e % pe === be ? Ee : e % xe === ye ? an : e % me === fn ? un(e) : Be(e);
+}
+const dn = [
+  "create",
+  "isValid",
+  "is0",
+  "neg",
+  "inv",
+  "sqrt",
+  "sqr",
+  "eql",
+  "add",
+  "sub",
+  "mul",
+  "pow",
+  "div",
+  "addN",
+  "subN",
+  "mulN",
+  "sqrN"
+];
+function hn(e) {
+  const t = {
+    ORDER: "bigint",
+    BYTES: "number",
+    BITS: "number"
+  }, r = dn.reduce((n, s) => (n[s] = "function", n), t);
+  return jt(e, r), e;
+}
+function gn(e, t, r) {
+  if (r < Y)
+    throw new Error("invalid exponent, negatives unsupported");
+  if (r === Y)
+    return e.ONE;
+  if (r === M)
+    return t;
+  let n = e.ONE, s = t;
+  for (; r > Y; )
+    r & M && (n = e.mul(n, s)), s = e.sqr(s), r >>= M;
+  return n;
+}
+function ve(e, t, r = !1) {
+  const n = new Array(t.length).fill(r ? e.ZERO : void 0), s = t.reduce((o, c, f) => e.is0(c) ? o : (n[f] = o, e.mul(o, c)), e.ONE), i = e.inv(s);
+  return t.reduceRight((o, c, f) => e.is0(c) ? o : (n[f] = e.mul(o, n[f]), e.mul(o, c)), i), n;
+}
+function Jt(e, t) {
+  const r = (e.ORDER - M) / ft, n = e.pow(t, r), s = e.eql(n, e.ONE), i = e.eql(n, e.ZERO), o = e.eql(n, e.neg(e.ONE));
+  if (!s && !i && !o)
+    throw new Error("invalid Legendre symbol result");
+  return s ? 1 : i ? 0 : -1;
+}
+function wn(e, t) {
+  t !== void 0 && ut(t);
+  const r = t !== void 0 ? t : e.toString(2).length, n = Math.ceil(r / 8);
+  return { nBitLength: r, nByteLength: n };
+}
+class bn {
+  constructor(t, r = {}) {
+    m(this, "ORDER");
+    m(this, "BITS");
+    m(this, "BYTES");
+    m(this, "isLE");
+    m(this, "ZERO", Y);
+    m(this, "ONE", M);
+    m(this, "_lengths");
+    m(this, "_sqrt");
+    // cached sqrt
+    m(this, "_mod");
+    var o;
+    if (t <= Y)
+      throw new Error("invalid field: expected ORDER > 0, got " + t);
+    let n;
+    this.isLE = !1, r != null && typeof r == "object" && (typeof r.BITS == "number" && (n = r.BITS), typeof r.sqrt == "function" && (this.sqrt = r.sqrt), typeof r.isLE == "boolean" && (this.isLE = r.isLE), r.allowedLengths && (this._lengths = (o = r.allowedLengths) == null ? void 0 : o.slice()), typeof r.modFromBytes == "boolean" && (this._mod = r.modFromBytes));
+    const { nBitLength: s, nByteLength: i } = wn(t, n);
+    if (i > 2048)
+      throw new Error("invalid field: expected ORDER of <= 2048 bytes");
+    this.ORDER = t, this.BITS = s, this.BYTES = i, this._sqrt = void 0, Object.preventExtensions(this);
+  }
+  create(t) {
+    return F(t, this.ORDER);
+  }
+  isValid(t) {
+    if (typeof t != "bigint")
+      throw new Error("invalid field element: expected bigint, got " + typeof t);
+    return Y <= t && t < this.ORDER;
+  }
+  is0(t) {
+    return t === Y;
+  }
+  // is valid and invertible
+  isValidNot0(t) {
+    return !this.is0(t) && this.isValid(t);
+  }
+  isOdd(t) {
+    return (t & M) === M;
+  }
+  neg(t) {
+    return F(-t, this.ORDER);
+  }
+  eql(t, r) {
+    return t === r;
+  }
+  sqr(t) {
+    return F(t * t, this.ORDER);
+  }
+  add(t, r) {
+    return F(t + r, this.ORDER);
+  }
+  sub(t, r) {
+    return F(t - r, this.ORDER);
+  }
+  mul(t, r) {
+    return F(t * r, this.ORDER);
+  }
+  pow(t, r) {
+    return gn(this, t, r);
+  }
+  div(t, r) {
+    return F(t * Qt(r, this.ORDER), this.ORDER);
+  }
+  // Same as above, but doesn't normalize
+  sqrN(t) {
+    return t * t;
+  }
+  addN(t, r) {
+    return t + r;
+  }
+  subN(t, r) {
+    return t - r;
+  }
+  mulN(t, r) {
+    return t * r;
+  }
+  inv(t) {
+    return Qt(t, this.ORDER);
+  }
+  sqrt(t) {
+    return this._sqrt || (this._sqrt = ln(this.ORDER)), this._sqrt(this, t);
+  }
+  toBytes(t) {
+    return this.isLE ? we(t, this.BYTES) : Mt(t, this.BYTES);
+  }
+  fromBytes(t, r = !1) {
+    N(t);
+    const { _lengths: n, BYTES: s, isLE: i, ORDER: o, _mod: c } = this;
+    if (n) {
+      if (!n.includes(t.length) || t.length > s)
+        throw new Error("Field.fromBytes: expected " + n + " bytes, got " + t.length);
+      const a = new Uint8Array(s);
+      a.set(t, i ? 0 : a.length - t.length), t = a;
+    }
+    if (t.length !== s)
+      throw new Error("Field.fromBytes: expected " + s + " bytes, got " + t.length);
+    let f = i ? ge(t) : Ut(t);
+    if (c && (f = F(f, o)), !r && !this.isValid(f))
+      throw new Error("invalid field element: outside of range 0..ORDER");
+    return f;
+  }
+  // TODO: we don't need it here, move out to separate fn
+  invertBatch(t) {
+    return ve(this, t);
+  }
+  // We can't move this out because Fp6, Fp12 implement it
+  // and it's unclear what to return in there.
+  cmov(t, r, n) {
+    return n ? r : t;
+  }
+}
+function St(e, t = {}) {
+  return new bn(e, t);
+}
+function Re(e) {
+  if (typeof e != "bigint")
+    throw new Error("field order must be bigint");
+  const t = e.toString(2).length;
+  return Math.ceil(t / 8);
+}
+function Ae(e) {
+  const t = Re(e);
+  return t + Math.ceil(t / 2);
+}
+function pn(e, t, r = !1) {
+  N(e);
+  const n = e.length, s = Re(t), i = Ae(t);
+  if (n < 16 || n < i || n > 1024)
+    throw new Error("expected " + i + "-1024 bytes of input, got " + n);
+  const o = r ? ge(e) : Ut(e), c = F(o, t - M) + M;
+  return r ? we(c, s) : Mt(c, s);
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const dt = /* @__PURE__ */ BigInt(0), at = /* @__PURE__ */ BigInt(1);
+function It(e, t) {
+  const r = t.negate();
+  return e ? r : t;
+}
+function te(e, t) {
+  const r = ve(e.Fp, t.map((n) => n.Z));
+  return t.map((n, s) => e.fromAffine(n.toAffine(r[s])));
+}
+function Ie(e, t) {
+  if (!Number.isSafeInteger(e) || e <= 0 || e > t)
+    throw new Error("invalid window size, expected [1.." + t + "], got W=" + e);
+}
+function Ht(e, t) {
+  Ie(e, t);
+  const r = Math.ceil(t / e) + 1, n = 2 ** (e - 1), s = 2 ** e, i = Yt(e), o = BigInt(e);
+  return { windows: r, windowSize: n, mask: i, maxNumber: s, shiftBy: o };
+}
+function ee(e, t, r) {
+  const { windowSize: n, mask: s, maxNumber: i, shiftBy: o } = r;
+  let c = Number(e & s), f = e >> o;
+  c > n && (c -= i, f += at);
+  const a = t * n, h = a + Math.abs(c) - 1, d = c === 0, y = c < 0, g = t % 2 !== 0;
+  return { nextN: f, offset: h, isZero: d, isNeg: y, isNegF: g, offsetF: a };
+}
+const qt = /* @__PURE__ */ new WeakMap(), Le = /* @__PURE__ */ new WeakMap();
+function Nt(e) {
+  return Le.get(e) || 1;
+}
+function ne(e) {
+  if (e !== dt)
+    throw new Error("invalid wNAF");
+}
+class yn {
+  // Parametrized with a given Point class (not individual point)
+  constructor(t, r) {
+    m(this, "BASE");
+    m(this, "ZERO");
+    m(this, "Fn");
+    m(this, "bits");
+    this.BASE = t.BASE, this.ZERO = t.ZERO, this.Fn = t.Fn, this.bits = r;
+  }
+  // non-const time multiplication ladder
+  _unsafeLadder(t, r, n = this.ZERO) {
+    let s = t;
+    for (; r > dt; )
+      r & at && (n = n.add(s)), s = s.double(), r >>= at;
+    return n;
+  }
+  /**
+   * Creates a wNAF precomputation window. Used for caching.
+   * Default window size is set by `utils.precompute()` and is equal to 8.
+   * Number of precomputed points depends on the curve size:
+   * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:
+   * - 𝑊 is the window size
+   * - 𝑛 is the bitlength of the curve order.
+   * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.
+   * @param point Point instance
+   * @param W window size
+   * @returns precomputed point tables flattened to a single array
+   */
+  precomputeWindow(t, r) {
+    const { windows: n, windowSize: s } = Ht(r, this.bits), i = [];
+    let o = t, c = o;
+    for (let f = 0; f < n; f++) {
+      c = o, i.push(c);
+      for (let a = 1; a < s; a++)
+        c = c.add(o), i.push(c);
+      o = c.double();
+    }
+    return i;
+  }
+  /**
+   * Implements ec multiplication using precomputed tables and w-ary non-adjacent form.
+   * More compact implementation:
+   * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541
+   * @returns real and fake (for const-time) points
+   */
+  wNAF(t, r, n) {
+    if (!this.Fn.isValid(n))
+      throw new Error("invalid scalar");
+    let s = this.ZERO, i = this.BASE;
+    const o = Ht(t, this.bits);
+    for (let c = 0; c < o.windows; c++) {
+      const { nextN: f, offset: a, isZero: h, isNeg: d, isNegF: y, offsetF: g } = ee(n, c, o);
+      n = f, h ? i = i.add(It(y, r[g])) : s = s.add(It(d, r[a]));
+    }
+    return ne(n), { p: s, f: i };
+  }
+  /**
+   * Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.
+   * @param acc accumulator point to add result of multiplication
+   * @returns point
+   */
+  wNAFUnsafe(t, r, n, s = this.ZERO) {
+    const i = Ht(t, this.bits);
+    for (let o = 0; o < i.windows && n !== dt; o++) {
+      const { nextN: c, offset: f, isZero: a, isNeg: h } = ee(n, o, i);
+      if (n = c, !a) {
+        const d = r[f];
+        s = s.add(h ? d.negate() : d);
+      }
+    }
+    return ne(n), s;
+  }
+  getPrecomputes(t, r, n) {
+    let s = qt.get(r);
+    return s || (s = this.precomputeWindow(r, t), t !== 1 && (typeof n == "function" && (s = n(s)), qt.set(r, s))), s;
+  }
+  cached(t, r, n) {
+    const s = Nt(t);
+    return this.wNAF(s, this.getPrecomputes(s, t, n), r);
+  }
+  unsafe(t, r, n, s) {
+    const i = Nt(t);
+    return i === 1 ? this._unsafeLadder(t, r, s) : this.wNAFUnsafe(i, this.getPrecomputes(i, t, n), r, s);
+  }
+  // We calculate precomputes for elliptic curve point multiplication
+  // using windowed method. This specifies window size and
+  // stores precomputed values. Usually only base point would be precomputed.
+  createCache(t, r) {
+    Ie(r, this.bits), Le.set(t, r), qt.delete(t);
+  }
+  hasCache(t) {
+    return Nt(t) !== 1;
+  }
+}
+function xn(e, t, r, n) {
+  let s = t, i = e.ZERO, o = e.ZERO;
+  for (; r > dt || n > dt; )
+    r & at && (i = i.add(s)), n & at && (o = o.add(s)), s = s.double(), r >>= at, n >>= at;
+  return { p1: i, p2: o };
+}
+function re(e, t, r) {
+  if (t) {
+    if (t.ORDER !== e)
+      throw new Error("Field.ORDER must match order: Fp == p, Fn == n");
+    return hn(t), t;
+  } else
+    return St(e, { isLE: r });
+}
+function mn(e, t, r = {}, n) {
+  if (n === void 0 && (n = e === "edwards"), !t || typeof t != "object")
+    throw new Error(`expected valid ${e} CURVE object`);
+  for (const f of ["p", "n", "h"]) {
+    const a = t[f];
+    if (!(typeof a == "bigint" && a > dt))
+      throw new Error(`CURVE.${f} must be positive bigint`);
+  }
+  const s = re(t.p, r.Fp, n), i = re(t.n, r.Fn, n), c = ["Gx", "Gy", "a", "b"];
+  for (const f of c)
+    if (!s.isValid(t[f]))
+      throw new Error(`CURVE.${f} must be valid field element of CURVE.Fp`);
+  return t = Object.freeze(Object.assign({}, t)), { CURVE: t, Fp: s, Fn: i };
+}
+function En(e, t) {
+  return function(n) {
+    const s = e(n);
+    return { secretKey: s, publicKey: t(s) };
+  };
+}
+class Ue {
+  constructor(t, r) {
+    m(this, "oHash");
+    m(this, "iHash");
+    m(this, "blockLen");
+    m(this, "outputLen");
+    m(this, "finished", !1);
+    m(this, "destroyed", !1);
+    if (ae(t), N(r, void 0, "key"), this.iHash = t.create(), typeof this.iHash.update != "function")
+      throw new Error("Expected instance of class which extends utils.Hash");
+    this.blockLen = this.iHash.blockLen, this.outputLen = this.iHash.outputLen;
+    const n = this.blockLen, s = new Uint8Array(n);
+    s.set(r.length > n ? t.create().update(r).digest() : r);
+    for (let i = 0; i < s.length; i++)
+      s[i] ^= 54;
+    this.iHash.update(s), this.oHash = t.create();
+    for (let i = 0; i < s.length; i++)
+      s[i] ^= 106;
+    this.oHash.update(s), vt(s);
+  }
+  update(t) {
+    return Bt(this), this.iHash.update(t), this;
+  }
+  digestInto(t) {
+    Bt(this), N(t, this.outputLen, "output"), this.finished = !0, this.iHash.digestInto(t), this.oHash.update(t), this.oHash.digestInto(t), this.destroy();
+  }
+  digest() {
+    const t = new Uint8Array(this.oHash.outputLen);
+    return this.digestInto(t), t;
+  }
+  _cloneInto(t) {
+    t || (t = Object.create(Object.getPrototypeOf(this), {}));
+    const { oHash: r, iHash: n, finished: s, destroyed: i, blockLen: o, outputLen: c } = this;
+    return t = t, t.finished = s, t.destroyed = i, t.blockLen = o, t.outputLen = c, t.oHash = r._cloneInto(t.oHash), t.iHash = n._cloneInto(t.iHash), t;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+  destroy() {
+    this.destroyed = !0, this.oHash.destroy(), this.iHash.destroy();
+  }
+}
+const Se = (e, t, r) => new Ue(e, t).update(r).digest();
+Se.create = (e, t) => new Ue(e, t);
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const se = (e, t) => (e + (e >= 0 ? t : -t) / _e) / t;
+function Bn(e, t, r) {
+  const [[n, s], [i, o]] = t, c = se(o * e, r), f = se(-s * e, r);
+  let a = e - c * n - f * i, h = -c * s - f * o;
+  const d = a < tt, y = h < tt;
+  d && (a = -a), y && (h = -h);
+  const g = Yt(Math.ceil(sn(r) / 2)) + lt;
+  if (a < tt || a >= g || h < tt || h >= g)
+    throw new Error("splitScalar (endomorphism): failed, k=" + e);
+  return { k1neg: d, k1: a, k2neg: y, k2: h };
+}
+function Zt(e) {
+  if (!["compact", "recovered", "der"].includes(e))
+    throw new Error('Signature format must be "compact", "recovered", or "der"');
+  return e;
+}
+function Dt(e, t) {
+  const r = {};
+  for (let n of Object.keys(t))
+    r[n] = e[n] === void 0 ? t[n] : e[n];
+  return At(r.lowS, "lowS"), At(r.prehash, "prehash"), r.format !== void 0 && Zt(r.format), r;
+}
+class vn extends Error {
+  constructor(t = "") {
+    super(t);
+  }
+}
+const ot = {
+  // asn.1 DER encoding utils
+  Err: vn,
+  // Basic building block is TLV (Tag-Length-Value)
+  _tlv: {
+    encode: (e, t) => {
+      const { Err: r } = ot;
+      if (e < 0 || e > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (t.length & 1)
+        throw new r("tlv.encode: unpadded data");
+      const n = t.length / 2, s = pt(n);
+      if (s.length / 2 & 128)
+        throw new r("tlv.encode: long form length too big");
+      const i = n > 127 ? pt(s.length / 2 | 128) : "";
+      return pt(e) + i + s + t;
+    },
+    // v - value, l - left bytes (unparsed)
+    decode(e, t) {
+      const { Err: r } = ot;
+      let n = 0;
+      if (e < 0 || e > 256)
+        throw new r("tlv.encode: wrong tag");
+      if (t.length < 2 || t[n++] !== e)
+        throw new r("tlv.decode: wrong tlv");
+      const s = t[n++], i = !!(s & 128);
+      let o = 0;
+      if (!i)
+        o = s;
+      else {
+        const f = s & 127;
+        if (!f)
+          throw new r("tlv.decode(long): indefinite length not supported");
+        if (f > 4)
+          throw new r("tlv.decode(long): byte length is too big");
+        const a = t.subarray(n, n + f);
+        if (a.length !== f)
+          throw new r("tlv.decode: length bytes not complete");
+        if (a[0] === 0)
+          throw new r("tlv.decode(long): zero leftmost byte");
+        for (const h of a)
+          o = o << 8 | h;
+        if (n += f, o < 128)
+          throw new r("tlv.decode(long): not minimal encoding");
+      }
+      const c = t.subarray(n, n + o);
+      if (c.length !== o)
+        throw new r("tlv.decode: wrong value length");
+      return { v: c, l: t.subarray(n + o) };
+    }
+  },
+  // https://crypto.stackexchange.com/a/57734 Leftmost bit of first byte is 'negative' flag,
+  // since we always use positive integers here. It must always be empty:
+  // - add zero byte if exists
+  // - if next byte doesn't have a flag, leading zero is not allowed (minimal encoding)
+  _int: {
+    encode(e) {
+      const { Err: t } = ot;
+      if (e < tt)
+        throw new t("integer: negative integers are not allowed");
+      let r = pt(e);
+      if (Number.parseInt(r[0], 16) & 8 && (r = "00" + r), r.length & 1)
+        throw new t("unexpected DER parsing assertion: unpadded hex");
+      return r;
+    },
+    decode(e) {
+      const { Err: t } = ot;
+      if (e[0] & 128)
+        throw new t("invalid signature integer: negative");
+      if (e[0] === 0 && !(e[1] & 128))
+        throw new t("invalid signature integer: unnecessary leading zero");
+      return Ut(e);
+    }
+  },
+  toSig(e) {
+    const { Err: t, _int: r, _tlv: n } = ot, s = N(e, void 0, "signature"), { v: i, l: o } = n.decode(48, s);
+    if (o.length)
+      throw new t("invalid signature: left bytes after parsing");
+    const { v: c, l: f } = n.decode(2, i), { v: a, l: h } = n.decode(2, f);
+    if (h.length)
+      throw new t("invalid signature: left bytes after parsing");
+    return { r: r.decode(c), s: r.decode(a) };
+  },
+  hexFromSig(e) {
+    const { _tlv: t, _int: r } = ot, n = t.encode(2, r.encode(e.r)), s = t.encode(2, r.encode(e.s)), i = n + s;
+    return t.encode(48, i);
+  }
+}, tt = BigInt(0), lt = BigInt(1), _e = BigInt(2), yt = BigInt(3), Rn = BigInt(4);
+function An(e, t = {}) {
+  const r = mn("weierstrass", e, t), { Fp: n, Fn: s } = r;
+  let i = r.CURVE;
+  const { h: o, n: c } = i;
+  jt(t, {}, {
+    allowInfinityPoint: "boolean",
+    clearCofactor: "function",
+    isTorsionFree: "function",
+    fromBytes: "function",
+    toBytes: "function",
+    endo: "object"
+  });
+  const { endo: f } = t;
+  if (f && (!n.is0(i.a) || typeof f.beta != "bigint" || !Array.isArray(f.basises)))
+    throw new Error('invalid endo: expected "beta": bigint and "basises": array');
+  const a = He(n, s);
+  function h() {
+    if (!n.isOdd)
+      throw new Error("compression is not supported: Field does not have .isOdd()");
+  }
+  function d(S, l, u) {
+    const { x: w, y: p } = l.toAffine(), B = n.toBytes(w);
+    if (At(u, "isCompressed"), u) {
+      h();
+      const E = !n.isOdd(p);
+      return it(Oe(E), B);
+    } else
+      return it(Uint8Array.of(4), B, n.toBytes(p));
+  }
+  function y(S) {
+    N(S, void 0, "Point");
+    const { publicKey: l, publicKeyUncompressed: u } = a, w = S.length, p = S[0], B = S.subarray(1);
+    if (w === l && (p === 2 || p === 3)) {
+      const E = n.fromBytes(B);
+      if (!n.isValid(E))
+        throw new Error("bad point: is not on curve, wrong x");
+      const v = U(E);
+      let b;
+      try {
+        b = n.sqrt(v);
+      } catch (D) {
+        const H = D instanceof Error ? ": " + D.message : "";
+        throw new Error("bad point: is not on curve, sqrt error" + H);
+      }
+      h();
+      const R = n.isOdd(b);
+      return (p & 1) === 1 !== R && (b = n.neg(b)), { x: E, y: b };
+    } else if (w === u && p === 4) {
+      const E = n.BYTES, v = n.fromBytes(B.subarray(0, E)), b = n.fromBytes(B.subarray(E, E * 2));
+      if (!I(v, b))
+        throw new Error("bad point: is not on curve");
+      return { x: v, y: b };
+    } else
+      throw new Error(`bad point: got length ${w}, expected compressed=${l} or uncompressed=${u}`);
+  }
+  const g = t.toBytes || d, x = t.fromBytes || y;
+  function U(S) {
+    const l = n.sqr(S), u = n.mul(l, S);
+    return n.add(n.add(u, n.mul(S, i.a)), i.b);
+  }
+  function I(S, l) {
+    const u = n.sqr(l), w = U(S);
+    return n.eql(u, w);
+  }
+  if (!I(i.Gx, i.Gy))
+    throw new Error("bad curve params: generator point");
+  const O = n.mul(n.pow(i.a, yt), Rn), j = n.mul(n.sqr(i.b), BigInt(27));
+  if (n.is0(n.add(O, j)))
+    throw new Error("bad curve params: a or b");
+  function W(S, l, u = !1) {
+    if (!n.isValid(l) || u && n.is0(l))
+      throw new Error(`bad point coordinate ${S}`);
+    return l;
+  }
+  function Z(S) {
+    if (!(S instanceof z))
+      throw new Error("Weierstrass Point expected");
+  }
+  function k(S) {
+    if (!f || !f.basises)
+      throw new Error("no endo");
+    return Bn(S, f.basises, s.ORDER);
+  }
+  const G = Pt((S, l) => {
+    const { X: u, Y: w, Z: p } = S;
+    if (n.eql(p, n.ONE))
+      return { x: u, y: w };
+    const B = S.is0();
+    l == null && (l = B ? n.ONE : n.inv(p));
+    const E = n.mul(u, l), v = n.mul(w, l), b = n.mul(p, l);
+    if (B)
+      return { x: n.ZERO, y: n.ZERO };
+    if (!n.eql(b, n.ONE))
+      throw new Error("invZ was invalid");
+    return { x: E, y: v };
+  }), _t = Pt((S) => {
+    if (S.is0()) {
+      if (t.allowInfinityPoint && !n.is0(S.Y))
+        return;
+      throw new Error("bad point: ZERO");
+    }
+    const { x: l, y: u } = S.toAffine();
+    if (!n.isValid(l) || !n.isValid(u))
+      throw new Error("bad point: x or y not field elements");
+    if (!I(l, u))
+      throw new Error("bad point: equation left != right");
+    if (!S.isTorsionFree())
+      throw new Error("bad point: not in prime-order subgroup");
+    return !0;
+  });
+  function ht(S, l, u, w, p) {
+    return u = new z(n.mul(u.X, S), u.Y, u.Z), l = It(w, l), u = It(p, u), l.add(u);
+  }
+  const _ = class _ {
+    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
+    constructor(l, u, w) {
+      m(this, "X");
+      m(this, "Y");
+      m(this, "Z");
+      this.X = W("x", l), this.Y = W("y", u, !0), this.Z = W("z", w), Object.freeze(this);
+    }
+    static CURVE() {
+      return i;
+    }
+    /** Does NOT validate if the point is valid. Use `.assertValidity()`. */
+    static fromAffine(l) {
+      const { x: u, y: w } = l || {};
+      if (!l || !n.isValid(u) || !n.isValid(w))
+        throw new Error("invalid affine point");
+      if (l instanceof _)
+        throw new Error("projective point not allowed");
+      return n.is0(u) && n.is0(w) ? _.ZERO : new _(u, w, n.ONE);
+    }
+    static fromBytes(l) {
+      const u = _.fromAffine(x(N(l, void 0, "point")));
+      return u.assertValidity(), u;
+    }
+    static fromHex(l) {
+      return _.fromBytes(Rt(l));
+    }
+    get x() {
+      return this.toAffine().x;
+    }
+    get y() {
+      return this.toAffine().y;
+    }
+    /**
+     *
+     * @param windowSize
+     * @param isLazy true will defer table computation until the first multiplication
+     * @returns
+     */
+    precompute(l = 8, u = !0) {
+      return ct.createCache(this, l), u || this.multiply(yt), this;
+    }
+    // TODO: return `this`
+    /** A point on curve is valid if it conforms to equation. */
+    assertValidity() {
+      _t(this);
+    }
+    hasEvenY() {
+      const { y: l } = this.toAffine();
+      if (!n.isOdd)
+        throw new Error("Field doesn't support isOdd");
+      return !n.isOdd(l);
+    }
+    /** Compare one point to another. */
+    equals(l) {
+      Z(l);
+      const { X: u, Y: w, Z: p } = this, { X: B, Y: E, Z: v } = l, b = n.eql(n.mul(u, v), n.mul(B, p)), R = n.eql(n.mul(w, v), n.mul(E, p));
+      return b && R;
+    }
+    /** Flips point to one corresponding to (x, -y) in Affine coordinates. */
+    negate() {
+      return new _(this.X, n.neg(this.Y), this.Z);
+    }
+    // Renes-Costello-Batina exception-free doubling formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 3
+    // Cost: 8M + 3S + 3*a + 2*b3 + 15add.
+    double() {
+      const { a: l, b: u } = i, w = n.mul(u, yt), { X: p, Y: B, Z: E } = this;
+      let v = n.ZERO, b = n.ZERO, R = n.ZERO, L = n.mul(p, p), D = n.mul(B, B), H = n.mul(E, E), A = n.mul(p, B);
+      return A = n.add(A, A), R = n.mul(p, E), R = n.add(R, R), v = n.mul(l, R), b = n.mul(w, H), b = n.add(v, b), v = n.sub(D, b), b = n.add(D, b), b = n.mul(v, b), v = n.mul(A, v), R = n.mul(w, R), H = n.mul(l, H), A = n.sub(L, H), A = n.mul(l, A), A = n.add(A, R), R = n.add(L, L), L = n.add(R, L), L = n.add(L, H), L = n.mul(L, A), b = n.add(b, L), H = n.mul(B, E), H = n.add(H, H), L = n.mul(H, A), v = n.sub(v, L), R = n.mul(H, D), R = n.add(R, R), R = n.add(R, R), new _(v, b, R);
+    }
+    // Renes-Costello-Batina exception-free addition formula.
+    // There is 30% faster Jacobian formula, but it is not complete.
+    // https://eprint.iacr.org/2015/1060, algorithm 1
+    // Cost: 12M + 0S + 3*a + 3*b3 + 23add.
+    add(l) {
+      Z(l);
+      const { X: u, Y: w, Z: p } = this, { X: B, Y: E, Z: v } = l;
+      let b = n.ZERO, R = n.ZERO, L = n.ZERO;
+      const D = i.a, H = n.mul(i.b, yt);
+      let A = n.mul(u, B), $ = n.mul(w, E), V = n.mul(p, v), K = n.add(u, w), q = n.add(B, E);
+      K = n.mul(K, q), q = n.add(A, $), K = n.sub(K, q), q = n.add(u, p);
+      let T = n.add(B, v);
+      return q = n.mul(q, T), T = n.add(A, V), q = n.sub(q, T), T = n.add(w, p), b = n.add(E, v), T = n.mul(T, b), b = n.add($, V), T = n.sub(T, b), L = n.mul(D, q), b = n.mul(H, V), L = n.add(b, L), b = n.sub($, L), L = n.add($, L), R = n.mul(b, L), $ = n.add(A, A), $ = n.add($, A), V = n.mul(D, V), q = n.mul(H, q), $ = n.add($, V), V = n.sub(A, V), V = n.mul(D, V), q = n.add(q, V), A = n.mul($, q), R = n.add(R, A), A = n.mul(T, q), b = n.mul(K, b), b = n.sub(b, A), A = n.mul(K, $), L = n.mul(T, L), L = n.add(L, A), new _(b, R, L);
+    }
+    subtract(l) {
+      return this.add(l.negate());
+    }
+    is0() {
+      return this.equals(_.ZERO);
+    }
+    /**
+     * Constant time multiplication.
+     * Uses wNAF method. Windowed method may be 10% faster,
+     * but takes 2x longer to generate and consumes 2x memory.
+     * Uses precomputes when available.
+     * Uses endomorphism for Koblitz curves.
+     * @param scalar by which the point would be multiplied
+     * @returns New point
+     */
+    multiply(l) {
+      const { endo: u } = t;
+      if (!s.isValidNot0(l))
+        throw new Error("invalid scalar: out of range");
+      let w, p;
+      const B = (E) => ct.cached(this, E, (v) => te(_, v));
+      if (u) {
+        const { k1neg: E, k1: v, k2neg: b, k2: R } = k(l), { p: L, f: D } = B(v), { p: H, f: A } = B(R);
+        p = D.add(A), w = ht(u.beta, L, H, E, b);
+      } else {
+        const { p: E, f: v } = B(l);
+        w = E, p = v;
+      }
+      return te(_, [w, p])[0];
+    }
+    /**
+     * Non-constant-time multiplication. Uses double-and-add algorithm.
+     * It's faster, but should only be used when you don't care about
+     * an exposed secret key e.g. sig verification, which works over *public* keys.
+     */
+    multiplyUnsafe(l) {
+      const { endo: u } = t, w = this;
+      if (!s.isValid(l))
+        throw new Error("invalid scalar: out of range");
+      if (l === tt || w.is0())
+        return _.ZERO;
+      if (l === lt)
+        return w;
+      if (ct.hasCache(this))
+        return this.multiply(l);
+      if (u) {
+        const { k1neg: p, k1: B, k2neg: E, k2: v } = k(l), { p1: b, p2: R } = xn(_, w, B, v);
+        return ht(u.beta, b, R, p, E);
+      } else
+        return ct.unsafe(w, l);
+    }
+    /**
+     * Converts Projective point to affine (x, y) coordinates.
+     * @param invertedZ Z^-1 (inverted zero) - optional, precomputation is useful for invertBatch
+     */
+    toAffine(l) {
+      return G(this, l);
+    }
+    /**
+     * Checks whether Point is free of torsion elements (is in prime subgroup).
+     * Always torsion-free for cofactor=1 curves.
+     */
+    isTorsionFree() {
+      const { isTorsionFree: l } = t;
+      return o === lt ? !0 : l ? l(_, this) : ct.unsafe(this, c).is0();
+    }
+    clearCofactor() {
+      const { clearCofactor: l } = t;
+      return o === lt ? this : l ? l(_, this) : this.multiplyUnsafe(o);
+    }
+    isSmallOrder() {
+      return this.multiplyUnsafe(o).is0();
+    }
+    toBytes(l = !0) {
+      return At(l, "isCompressed"), this.assertValidity(), g(_, this, l);
+    }
+    toHex(l = !0) {
+      return Lt(this.toBytes(l));
+    }
+    toString() {
+      return `<Point ${this.is0() ? "ZERO" : this.toHex()}>`;
+    }
+  };
+  // base / generator point
+  m(_, "BASE", new _(i.Gx, i.Gy, n.ONE)), // zero / infinity / identity point
+  m(_, "ZERO", new _(n.ZERO, n.ONE, n.ZERO)), // 0, 1, 0
+  // math field
+  m(_, "Fp", n), // scalar field
+  m(_, "Fn", s);
+  let z = _;
+  const bt = s.BITS, ct = new yn(z, t.endo ? Math.ceil(bt / 2) : bt);
+  return z.BASE.precompute(8), z;
+}
+function Oe(e) {
+  return Uint8Array.of(e ? 2 : 3);
+}
+function He(e, t) {
+  return {
+    secretKey: t.BYTES,
+    publicKey: 1 + e.BYTES,
+    publicKeyUncompressed: 1 + 2 * e.BYTES,
+    publicKeyHasPrefix: !0,
+    signature: 2 * t.BYTES
+  };
+}
+function In(e, t = {}) {
+  const { Fn: r } = e, n = t.randomBytes || le, s = Object.assign(He(e.Fp, r), { seed: Ae(r.ORDER) });
+  function i(g) {
+    try {
+      const x = r.fromBytes(g);
+      return r.isValidNot0(x);
+    } catch {
+      return !1;
+    }
+  }
+  function o(g, x) {
+    const { publicKey: U, publicKeyUncompressed: I } = s;
+    try {
+      const O = g.length;
+      return x === !0 && O !== U || x === !1 && O !== I ? !1 : !!e.fromBytes(g);
+    } catch {
+      return !1;
+    }
+  }
+  function c(g = n(s.seed)) {
+    return pn(N(g, s.seed, "seed"), r.ORDER);
+  }
+  function f(g, x = !0) {
+    return e.BASE.multiply(r.fromBytes(g)).toBytes(x);
+  }
+  function a(g) {
+    const { secretKey: x, publicKey: U, publicKeyUncompressed: I } = s;
+    if (!Vt(g) || "_lengths" in r && r._lengths || x === U)
+      return;
+    const O = N(g, void 0, "key").length;
+    return O === U || O === I;
+  }
+  function h(g, x, U = !0) {
+    if (a(g) === !0)
+      throw new Error("first arg must be private key");
+    if (a(x) === !1)
+      throw new Error("second arg must be public key");
+    const I = r.fromBytes(g);
+    return e.fromBytes(x).multiply(I).toBytes(U);
+  }
+  const d = {
+    isValidSecretKey: i,
+    isValidPublicKey: o,
+    randomSecretKey: c
+  }, y = En(c, f);
+  return Object.freeze({ getPublicKey: f, getSharedSecret: h, keygen: y, Point: e, utils: d, lengths: s });
+}
+function Ln(e, t, r = {}) {
+  ae(t), jt(r, {}, {
+    hmac: "function",
+    lowS: "boolean",
+    randomBytes: "function",
+    bits2int: "function",
+    bits2int_modN: "function"
+  }), r = Object.assign({}, r);
+  const n = r.randomBytes || le, s = r.hmac || ((l, u) => Se(t, l, u)), { Fp: i, Fn: o } = e, { ORDER: c, BITS: f } = o, { keygen: a, getPublicKey: h, getSharedSecret: d, utils: y, lengths: g } = In(e, r), x = {
+    prehash: !0,
+    lowS: typeof r.lowS == "boolean" ? r.lowS : !0,
+    format: "compact",
+    extraEntropy: !1
+  }, U = c * _e < i.ORDER;
+  function I(l) {
+    const u = c >> lt;
+    return l > u;
+  }
+  function O(l, u) {
+    if (!o.isValidNot0(u))
+      throw new Error(`invalid signature ${l}: out of range 1..Point.Fn.ORDER`);
+    return u;
+  }
+  function j() {
+    if (U)
+      throw new Error('"recovered" sig type is not supported for cofactor >2 curves');
+  }
+  function W(l, u) {
+    Zt(u);
+    const w = g.signature, p = u === "compact" ? w : u === "recovered" ? w + 1 : void 0;
+    return N(l, p);
+  }
+  class Z {
+    constructor(u, w, p) {
+      m(this, "r");
+      m(this, "s");
+      m(this, "recovery");
+      if (this.r = O("r", u), this.s = O("s", w), p != null) {
+        if (j(), ![0, 1, 2, 3].includes(p))
+          throw new Error("invalid recovery id");
+        this.recovery = p;
+      }
+      Object.freeze(this);
+    }
+    static fromBytes(u, w = x.format) {
+      W(u, w);
+      let p;
+      if (w === "der") {
+        const { r: b, s: R } = ot.toSig(N(u));
+        return new Z(b, R);
+      }
+      w === "recovered" && (p = u[0], w = "compact", u = u.subarray(1));
+      const B = g.signature / 2, E = u.subarray(0, B), v = u.subarray(B, B * 2);
+      return new Z(o.fromBytes(E), o.fromBytes(v), p);
+    }
+    static fromHex(u, w) {
+      return this.fromBytes(Rt(u), w);
+    }
+    assertRecovery() {
+      const { recovery: u } = this;
+      if (u == null)
+        throw new Error("invalid recovery id: must be present");
+      return u;
+    }
+    addRecoveryBit(u) {
+      return new Z(this.r, this.s, u);
+    }
+    recoverPublicKey(u) {
+      const { r: w, s: p } = this, B = this.assertRecovery(), E = B === 2 || B === 3 ? w + c : w;
+      if (!i.isValid(E))
+        throw new Error("invalid recovery id: sig.r+curve.n != R.x");
+      const v = i.toBytes(E), b = e.fromBytes(it(Oe((B & 1) === 0), v)), R = o.inv(E), L = G(N(u, void 0, "msgHash")), D = o.create(-L * R), H = o.create(p * R), A = e.BASE.multiplyUnsafe(D).add(b.multiplyUnsafe(H));
+      if (A.is0())
+        throw new Error("invalid recovery: point at infinify");
+      return A.assertValidity(), A;
+    }
+    // Signatures should be low-s, to prevent malleability.
+    hasHighS() {
+      return I(this.s);
+    }
+    toBytes(u = x.format) {
+      if (Zt(u), u === "der")
+        return Rt(ot.hexFromSig(this));
+      const { r: w, s: p } = this, B = o.toBytes(w), E = o.toBytes(p);
+      return u === "recovered" ? (j(), it(Uint8Array.of(this.assertRecovery()), B, E)) : it(B, E);
+    }
+    toHex(u) {
+      return Lt(this.toBytes(u));
+    }
+  }
+  const k = r.bits2int || function(u) {
+    if (u.length > 8192)
+      throw new Error("input is too large");
+    const w = Ut(u), p = u.length * 8 - f;
+    return p > 0 ? w >> BigInt(p) : w;
+  }, G = r.bits2int_modN || function(u) {
+    return o.create(k(u));
+  }, _t = Yt(f);
+  function ht(l) {
+    return rn("num < 2^" + f, l, tt, _t), o.toBytes(l);
+  }
+  function z(l, u) {
+    return N(l, void 0, "message"), u ? N(t(l), void 0, "prehashed message") : l;
+  }
+  function bt(l, u, w) {
+    const { lowS: p, prehash: B, extraEntropy: E } = Dt(w, x);
+    l = z(l, B);
+    const v = G(l), b = o.fromBytes(u);
+    if (!o.isValidNot0(b))
+      throw new Error("invalid private key");
+    const R = [ht(b), ht(v)];
+    if (E != null && E !== !1) {
+      const A = E === !0 ? n(g.secretKey) : E;
+      R.push(N(A, void 0, "extraEntropy"));
+    }
+    const L = it(...R), D = v;
+    function H(A) {
+      const $ = k(A);
+      if (!o.isValidNot0($))
+        return;
+      const V = o.inv($), K = e.BASE.multiply($).toAffine(), q = o.create(K.x);
+      if (q === tt)
+        return;
+      const T = o.create(V * o.create(D + q * b));
+      if (T === tt)
+        return;
+      let zt = (K.x === q ? 0 : 2) | Number(K.y & lt), Ft = T;
+      return p && I(T) && (Ft = o.neg(T), zt ^= 1), new Z(q, Ft, U ? void 0 : zt);
+    }
+    return { seed: L, k2sig: H };
+  }
+  function ct(l, u, w = {}) {
+    const { seed: p, k2sig: B } = bt(l, u, w);
+    return on(t.outputLen, o.BYTES, s)(p, B).toBytes(w.format);
+  }
+  function _(l, u, w, p = {}) {
+    const { lowS: B, prehash: E, format: v } = Dt(p, x);
+    if (w = N(w, void 0, "publicKey"), u = z(u, E), !Vt(l)) {
+      const b = l instanceof Z ? ", use sig.toBytes()" : "";
+      throw new Error("verify expects Uint8Array signature" + b);
+    }
+    W(l, v);
+    try {
+      const b = Z.fromBytes(l, v), R = e.fromBytes(w);
+      if (B && b.hasHighS())
+        return !1;
+      const { r: L, s: D } = b, H = G(u), A = o.inv(D), $ = o.create(H * A), V = o.create(L * A), K = e.BASE.multiplyUnsafe($).add(R.multiplyUnsafe(V));
+      return K.is0() ? !1 : o.create(K.x) === L;
+    } catch {
+      return !1;
+    }
+  }
+  function S(l, u, w = {}) {
+    const { prehash: p } = Dt(w, x);
+    return u = z(u, p), Z.fromBytes(l, "recovered").recoverPublicKey(u).toBytes();
+  }
+  return Object.freeze({
+    keygen: a,
+    getPublicKey: h,
+    getSharedSecret: d,
+    utils: y,
+    lengths: g,
+    Point: e,
+    sign: ct,
+    verify: _,
+    recoverPublicKey: S,
+    Signature: Z,
+    hash: t
+  });
+}
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+const Gt = {
+  p: BigInt("0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f"),
+  n: BigInt("0xfffffffffffffffffffffffffffffffebaaedce6af48a03bbfd25e8cd0364141"),
+  h: BigInt(1),
+  a: BigInt(0),
+  b: BigInt(7),
+  Gx: BigInt("0x79be667ef9dcbbac55a06295ce870b07029bfcdb2dce28d959f2815b16f81798"),
+  Gy: BigInt("0x483ada7726a3c4655da4fbfc0e1108a8fd17b448a68554199c47d08ffb10d4b8")
+}, Un = {
+  beta: BigInt("0x7ae96a2b657c07106e64479eac3434e99cf0497512f58995c1396c28719501ee"),
+  basises: [
+    [BigInt("0x3086d221a7d46bcde86c90e49284eb15"), -BigInt("0xe4437ed6010e88286f547fa90abfe4c3")],
+    [BigInt("0x114ca50f7a8e2f3f657c1108d9d44cfd8"), BigInt("0x3086d221a7d46bcde86c90e49284eb15")]
+  ]
+}, oe = /* @__PURE__ */ BigInt(2);
+function Sn(e) {
+  const t = Gt.p, r = BigInt(3), n = BigInt(6), s = BigInt(11), i = BigInt(22), o = BigInt(23), c = BigInt(44), f = BigInt(88), a = e * e * e % t, h = a * a * e % t, d = X(h, r, t) * h % t, y = X(d, r, t) * h % t, g = X(y, oe, t) * a % t, x = X(g, s, t) * g % t, U = X(x, i, t) * x % t, I = X(U, c, t) * U % t, O = X(I, f, t) * I % t, j = X(O, c, t) * U % t, W = X(j, r, t) * h % t, Z = X(W, o, t) * x % t, k = X(Z, n, t) * a % t, G = X(k, oe, t);
+  if (!Ct.eql(Ct.sqr(G), e))
+    throw new Error("Cannot find square root");
+  return G;
+}
+const Ct = St(Gt.p, { sqrt: Sn }), _n = /* @__PURE__ */ An(Gt, {
+  Fp: Ct,
+  endo: Un
+}), On = /* @__PURE__ */ Ln(_n, tn);
+/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */
+function Hn(e) {
+  return e instanceof Uint8Array || ArrayBuffer.isView(e) && e.constructor.name === "Uint8Array";
+}
+function Xt(e, ...t) {
+  if (!Hn(e))
+    throw new Error("Uint8Array expected");
+  if (t.length > 0 && !t.includes(e.length))
+    throw new Error("Uint8Array expected of length " + t + ", got length=" + e.length);
+}
+function ie(e, t = !0) {
+  if (e.destroyed)
+    throw new Error("Hash instance has been destroyed");
+  if (t && e.finished)
+    throw new Error("Hash#digest() has already been called");
+}
+function qn(e, t) {
+  Xt(e);
+  const r = t.outputLen;
+  if (e.length < r)
+    throw new Error("digestInto() expects output buffer of length at least " + r);
+}
+function gt(...e) {
+  for (let t = 0; t < e.length; t++)
+    e[t].fill(0);
+}
+function kt(e) {
+  return new DataView(e.buffer, e.byteOffset, e.byteLength);
+}
+function Q(e, t) {
+  return e << 32 - t | e >>> t;
+}
+function xt(e, t) {
+  return e << t | e >>> 32 - t >>> 0;
+}
+function Nn(e) {
+  if (typeof e != "string")
+    throw new Error("string expected");
+  return new Uint8Array(new TextEncoder().encode(e));
+}
+function qe(e) {
+  return typeof e == "string" && (e = Nn(e)), Xt(e), e;
+}
+class Dn {
+}
+function Ne(e) {
+  const t = (n) => e().update(qe(n)).digest(), r = e();
+  return t.outputLen = r.outputLen, t.blockLen = r.blockLen, t.create = () => e(), t;
+}
+function kn(e, t, r, n) {
+  if (typeof e.setBigUint64 == "function")
+    return e.setBigUint64(t, r, n);
+  const s = BigInt(32), i = BigInt(4294967295), o = Number(r >> s & i), c = Number(r & i), f = n ? 4 : 0, a = n ? 0 : 4;
+  e.setUint32(t + f, o, n), e.setUint32(t + a, c, n);
+}
+function $n(e, t, r) {
+  return e & t ^ ~e & r;
+}
+function Zn(e, t, r) {
+  return e & t ^ e & r ^ t & r;
+}
+class De extends Dn {
+  constructor(t, r, n, s) {
+    super(), this.finished = !1, this.length = 0, this.pos = 0, this.destroyed = !1, this.blockLen = t, this.outputLen = r, this.padOffset = n, this.isLE = s, this.buffer = new Uint8Array(t), this.view = kt(this.buffer);
+  }
+  update(t) {
+    ie(this), t = qe(t), Xt(t);
+    const { view: r, buffer: n, blockLen: s } = this, i = t.length;
+    for (let o = 0; o < i; ) {
+      const c = Math.min(s - this.pos, i - o);
+      if (c === s) {
+        const f = kt(t);
+        for (; s <= i - o; o += s)
+          this.process(f, o);
+        continue;
+      }
+      n.set(t.subarray(o, o + c), this.pos), this.pos += c, o += c, this.pos === s && (this.process(r, 0), this.pos = 0);
+    }
+    return this.length += t.length, this.roundClean(), this;
+  }
+  digestInto(t) {
+    ie(this), qn(t, this), this.finished = !0;
+    const { buffer: r, view: n, blockLen: s, isLE: i } = this;
+    let { pos: o } = this;
+    r[o++] = 128, gt(this.buffer.subarray(o)), this.padOffset > s - o && (this.process(n, 0), o = 0);
+    for (let d = o; d < s; d++)
+      r[d] = 0;
+    kn(n, s - 8, BigInt(this.length * 8), i), this.process(n, 0);
+    const c = kt(t), f = this.outputLen;
+    if (f % 4)
+      throw new Error("_sha2: outputLen should be aligned to 32bit");
+    const a = f / 4, h = this.get();
+    if (a > h.length)
+      throw new Error("_sha2: outputLen bigger than state");
+    for (let d = 0; d < a; d++)
+      c.setUint32(4 * d, h[d], i);
+  }
+  digest() {
+    const { buffer: t, outputLen: r } = this;
+    this.digestInto(t);
+    const n = t.slice(0, r);
+    return this.destroy(), n;
+  }
+  _cloneInto(t) {
+    t || (t = new this.constructor()), t.set(...this.get());
+    const { blockLen: r, buffer: n, length: s, finished: i, destroyed: o, pos: c } = this;
+    return t.destroyed = o, t.finished = i, t.length = s, t.pos = c, s % r && t.buffer.set(n), t;
+  }
+  clone() {
+    return this._cloneInto();
+  }
+}
+const rt = /* @__PURE__ */ Uint32Array.from([
+  1779033703,
+  3144134277,
+  1013904242,
+  2773480762,
+  1359893119,
+  2600822924,
+  528734635,
+  1541459225
+]), Cn = /* @__PURE__ */ Uint8Array.from([
+  7,
+  4,
+  13,
+  1,
+  10,
+  6,
+  15,
+  3,
+  12,
+  0,
+  9,
+  5,
+  2,
+  14,
+  11,
+  8
+]), ke = Uint8Array.from(new Array(16).fill(0).map((e, t) => t)), Vn = ke.map((e) => (9 * e + 5) % 16), $e = /* @__PURE__ */ (() => {
+  const r = [[ke], [Vn]];
+  for (let n = 0; n < 4; n++)
+    for (let s of r)
+      s.push(s[n].map((i) => Cn[i]));
+  return r;
+})(), Ze = $e[0], Ce = $e[1], Ve = /* @__PURE__ */ [
+  [11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8],
+  [12, 13, 11, 15, 6, 9, 9, 7, 12, 15, 11, 13, 7, 8, 7, 7],
+  [13, 15, 14, 11, 7, 7, 6, 8, 13, 14, 13, 12, 5, 5, 6, 9],
+  [14, 11, 12, 14, 8, 6, 5, 5, 15, 12, 15, 14, 9, 9, 8, 6],
+  [15, 12, 13, 13, 9, 5, 8, 6, 14, 11, 12, 11, 8, 6, 5, 5]
+].map((e) => Uint8Array.from(e)), Tn = /* @__PURE__ */ Ze.map((e, t) => e.map((r) => Ve[t][r])), Mn = /* @__PURE__ */ Ce.map((e, t) => e.map((r) => Ve[t][r])), Yn = /* @__PURE__ */ Uint32Array.from([
+  0,
+  1518500249,
+  1859775393,
+  2400959708,
+  2840853838
+]), jn = /* @__PURE__ */ Uint32Array.from([
+  1352829926,
+  1548603684,
+  1836072691,
+  2053994217,
+  0
+]);
+function ce(e, t, r, n) {
+  return e === 0 ? t ^ r ^ n : e === 1 ? t & r | ~t & n : e === 2 ? (t | ~r) ^ n : e === 3 ? t & n | r & ~n : t ^ (r | ~n);
+}
+const mt = /* @__PURE__ */ new Uint32Array(16);
+class Kn extends De {
+  constructor() {
+    super(64, 20, 8, !0), this.h0 = 1732584193, this.h1 = -271733879, this.h2 = -1732584194, this.h3 = 271733878, this.h4 = -1009589776;
+  }
+  get() {
+    const { h0: t, h1: r, h2: n, h3: s, h4: i } = this;
+    return [t, r, n, s, i];
+  }
+  set(t, r, n, s, i) {
+    this.h0 = t | 0, this.h1 = r | 0, this.h2 = n | 0, this.h3 = s | 0, this.h4 = i | 0;
+  }
+  process(t, r) {
+    for (let g = 0; g < 16; g++, r += 4)
+      mt[g] = t.getUint32(r, !0);
+    let n = this.h0 | 0, s = n, i = this.h1 | 0, o = i, c = this.h2 | 0, f = c, a = this.h3 | 0, h = a, d = this.h4 | 0, y = d;
+    for (let g = 0; g < 5; g++) {
+      const x = 4 - g, U = Yn[g], I = jn[g], O = Ze[g], j = Ce[g], W = Tn[g], Z = Mn[g];
+      for (let k = 0; k < 16; k++) {
+        const G = xt(n + ce(g, i, c, a) + mt[O[k]] + U, W[k]) + d | 0;
+        n = d, d = a, a = xt(c, 10) | 0, c = i, i = G;
+      }
+      for (let k = 0; k < 16; k++) {
+        const G = xt(s + ce(x, o, f, h) + mt[j[k]] + I, Z[k]) + y | 0;
+        s = y, y = h, h = xt(f, 10) | 0, f = o, o = G;
+      }
+    }
+    this.set(this.h1 + c + h | 0, this.h2 + a + y | 0, this.h3 + d + s | 0, this.h4 + n + o | 0, this.h0 + i + f | 0);
+  }
+  roundClean() {
+    gt(mt);
+  }
+  destroy() {
+    this.destroyed = !0, gt(this.buffer), this.set(0, 0, 0, 0, 0);
+  }
+}
+const Gn = /* @__PURE__ */ Ne(() => new Kn()), Xn = Gn, zn = /* @__PURE__ */ Uint32Array.from([
+  1116352408,
+  1899447441,
+  3049323471,
+  3921009573,
+  961987163,
+  1508970993,
+  2453635748,
+  2870763221,
+  3624381080,
+  310598401,
+  607225278,
+  1426881987,
+  1925078388,
+  2162078206,
+  2614888103,
+  3248222580,
+  3835390401,
+  4022224774,
+  264347078,
+  604807628,
+  770255983,
+  1249150122,
+  1555081692,
+  1996064986,
+  2554220882,
+  2821834349,
+  2952996808,
+  3210313671,
+  3336571891,
+  3584528711,
+  113926993,
+  338241895,
+  666307205,
+  773529912,
+  1294757372,
+  1396182291,
+  1695183700,
+  1986661051,
+  2177026350,
+  2456956037,
+  2730485921,
+  2820302411,
+  3259730800,
+  3345764771,
+  3516065817,
+  3600352804,
+  4094571909,
+  275423344,
+  430227734,
+  506948616,
+  659060556,
+  883997877,
+  958139571,
+  1322822218,
+  1537002063,
+  1747873779,
+  1955562222,
+  2024104815,
+  2227730452,
+  2361852424,
+  2428436474,
+  2756734187,
+  3204031479,
+  3329325298
+]), st = /* @__PURE__ */ new Uint32Array(64);
+class Fn extends De {
+  constructor(t = 32) {
+    super(64, t, 8, !1), this.A = rt[0] | 0, this.B = rt[1] | 0, this.C = rt[2] | 0, this.D = rt[3] | 0, this.E = rt[4] | 0, this.F = rt[5] | 0, this.G = rt[6] | 0, this.H = rt[7] | 0;
+  }
+  get() {
+    const { A: t, B: r, C: n, D: s, E: i, F: o, G: c, H: f } = this;
+    return [t, r, n, s, i, o, c, f];
+  }
+  // prettier-ignore
+  set(t, r, n, s, i, o, c, f) {
+    this.A = t | 0, this.B = r | 0, this.C = n | 0, this.D = s | 0, this.E = i | 0, this.F = o | 0, this.G = c | 0, this.H = f | 0;
+  }
+  process(t, r) {
+    for (let d = 0; d < 16; d++, r += 4)
+      st[d] = t.getUint32(r, !1);
+    for (let d = 16; d < 64; d++) {
+      const y = st[d - 15], g = st[d - 2], x = Q(y, 7) ^ Q(y, 18) ^ y >>> 3, U = Q(g, 17) ^ Q(g, 19) ^ g >>> 10;
+      st[d] = U + st[d - 7] + x + st[d - 16] | 0;
+    }
+    let { A: n, B: s, C: i, D: o, E: c, F: f, G: a, H: h } = this;
+    for (let d = 0; d < 64; d++) {
+      const y = Q(c, 6) ^ Q(c, 11) ^ Q(c, 25), g = h + y + $n(c, f, a) + zn[d] + st[d] | 0, U = (Q(n, 2) ^ Q(n, 13) ^ Q(n, 22)) + Zn(n, s, i) | 0;
+      h = a, a = f, f = c, c = o + g | 0, o = i, i = s, s = n, n = g + U | 0;
+    }
+    n = n + this.A | 0, s = s + this.B | 0, i = i + this.C | 0, o = o + this.D | 0, c = c + this.E | 0, f = f + this.F | 0, a = a + this.G | 0, h = h + this.H | 0, this.set(n, s, i, o, c, f, a, h);
+  }
+  roundClean() {
+    gt(st);
+  }
+  destroy() {
+    this.set(0, 0, 0, 0, 0, 0, 0, 0), gt(this.buffer);
+  }
+}
+const Wn = /* @__PURE__ */ Ne(() => new Fn()), wt = Wn, Pn = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+function Qn(e) {
+  const t = [0];
+  for (let r = 0; r < e.length; r++) {
+    const n = e[r];
+    if (!n) continue;
+    const s = Pn.indexOf(n);
+    if (s === -1) throw new Error("Invalid base58 character");
+    for (let o = 0; o < t.length; o++)
+      t[o] *= 58;
+    t[0] += s;
+    let i = 0;
+    for (let o = 0; o < t.length; o++) {
+      const c = t[o];
+      t[o] = c + i, i = t[o] >> 8, t[o] &= 255;
+    }
+    for (; i > 0; )
+      t.push(i & 255), i >>= 8;
+  }
+  for (let r = 0; r < e.length && e[r] === "1"; r++)
+    t.push(0);
+  return new Uint8Array(t.reverse());
+}
+function Jn(e) {
+  const t = "qpzry9x8gf2tvdw0s3jn54khce6mua7l", n = e.toLowerCase().split("1");
+  if (n.length !== 2) return null;
+  const s = n[0], i = n[1];
+  if (!s || !i || s !== "dgb") return null;
+  const o = [];
+  for (const h of i) {
+    const d = t.indexOf(h);
+    if (d === -1) return null;
+    o.push(d);
+  }
+  const c = o.slice(0, -6);
+  if (c.length < 1) return null;
+  const f = c[0];
+  if (f === void 0) return null;
+  const a = tr(c.slice(1), 5, 8);
+  return a ? { version: f, program: new Uint8Array(a) } : null;
+}
+function tr(e, t, r, n) {
+  let s = 0, i = 0;
+  const o = [], c = (1 << r) - 1;
+  for (const f of e) {
+    if (f < 0 || f >> t !== 0) return null;
+    for (s = s << t | f, i += t; i >= r; )
+      i -= r, o.push(s >> i & c);
+  }
+  return i >= t || s << r - i & c ? null : o;
+}
+function er(e, t) {
+  const r = new TextEncoder().encode(t), n = new Uint8Array([r.length]), s = new TextEncoder().encode(e), i = [];
+  let o = s.length;
+  if (o < 253)
+    i.push(o);
+  else if (o <= 65535)
+    i.push(253, o & 255, o >> 8 & 255);
+  else if (o <= 4294967295)
+    i.push(
+      254,
+      o & 255,
+      o >> 8 & 255,
+      o >> 16 & 255,
+      o >> 24 & 255
+    );
+  else
+    throw new Error("Message too long");
+  const c = new Uint8Array(i), f = n.length + r.length + c.length + s.length, a = new Uint8Array(f);
+  let h = 0;
+  return a.set(n, h), h += n.length, a.set(r, h), h += r.length, a.set(c, h), h += c.length, a.set(s, h), wt(wt(a));
+}
+function nr(e, t) {
+  if (t.length !== 65)
+    throw new Error("Invalid signature length");
+  const r = t[0];
+  if (r === void 0) throw new Error("Invalid signature");
+  const n = r - 27, s = n >= 4;
+  if (n % 4 > 3)
+    throw new Error("Invalid recovery ID");
+  const o = t.slice(1, 33), c = t.slice(33, 65), f = new On.Signature(
+    BigInt("0x" + Array.from(o).map((a) => a.toString(16).padStart(2, "0")).join("")),
+    BigInt("0x" + Array.from(c).map((a) => a.toString(16).padStart(2, "0")).join(""))
+  );
+  try {
+    return [f.recoverPublicKey(e).toHex(s)].map((h) => {
+      const d = new Uint8Array(h.length / 2);
+      for (let y = 0; y < h.length; y += 2)
+        d[y / 2] = parseInt(h.slice(y, y + 2), 16);
+      return d;
+    });
+  } catch {
+    throw new Error("Failed to recover public key");
+  }
+}
+function fe(e) {
+  return Xn(wt(e));
+}
+function rr(e, t) {
+  if (e.startsWith("D") || e.startsWith("S"))
+    try {
+      const r = Qn(e);
+      if (r.length < 25) return !1;
+      const n = r.slice(0, -4), s = r.slice(-4), o = wt(wt(n)).slice(0, 4);
+      if (!s.every((a, h) => a === o[h]))
+        return !1;
+      const c = n.slice(1), f = fe(t);
+      return c.every((a, h) => a === f[h]);
+    } catch {
+      return !1;
+    }
+  if (e.toLowerCase().startsWith("dgb1"))
+    try {
+      const r = Jn(e);
+      if (!r) return !1;
+      const { version: n, program: s } = r;
+      if (n === 0) {
+        const i = fe(t);
+        return s.every((o, c) => o === i[c]);
+      }
+      return !1;
+    } catch {
+      return !1;
+    }
+  return !1;
+}
+async function sr(e, t, r) {
+  const n = `DigiByte Signed Message:
 `;
   try {
-    return !!m.verify(
-      t,
-      // The message that was signed (the DigiID URI)
-      r,
-      // The DigiByte address (D..., S..., or dgb1...)
-      i,
-      // The signature string (Base64 encoded)
-      c,
-      // The DigiByte specific message prefix
-      !0
-      // Set checkSegwitAlways to true to handle all address types correctly
-    );
-  } catch (a) {
-    const s = a instanceof Error ? a.message : String(a);
-    throw new e(`Signature verification failed: ${s}`);
+    const s = Uint8Array.from(atob(r), (c) => c.charCodeAt(0));
+    if (s.length !== 65)
+      throw new Error("Invalid signature length");
+    const i = er(e, n), o = nr(i, s);
+    for (const c of o)
+      if (rr(t, c))
+        return !0;
+    return !1;
+  } catch (s) {
+    const i = s instanceof Error ? s.message : String(s);
+    throw new C(`Signature verification failed: ${i}`);
   }
 }
-function b(t = 16) {
-  return f(t).toString("hex");
+function or(e = 16) {
+  return Ye(e).toString("hex");
 }
-function k(t) {
-  if (!t.callbackUrl)
-    throw new e("Callback URL is required.");
-  let r;
+function ar(e) {
+  if (!e.callbackUrl)
+    throw new C("Callback URL is required.");
+  let t;
   try {
-    r = new URL(t.callbackUrl);
+    t = new URL(e.callbackUrl);
   } catch (o) {
-    throw new e(`Invalid callback URL: ${o.message}`);
-  }
-  const i = r.host + r.pathname, c = t.nonce || b(), a = t.unsecure ? "1" : "0";
-  if (t.unsecure && r.protocol !== "http:")
-    throw new e("Unsecure flag is true, but callback URL does not use http protocol.");
-  if (!t.unsecure && r.protocol !== "https:")
-    throw new e("Callback URL must use https protocol unless unsecure flag is set to true.");
-  return `digiid://${i}?x=${c}&u=${a}`;
-}
-async function R(t, r) {
-  const { address: i, uri: c, signature: a } = t, { expectedCallbackUrl: s, expectedNonce: o } = r;
-  if (!i || !c || !a)
-    throw new e("Missing required callback data: address, uri, or signature.");
-  let l;
+    throw new C(`Invalid callback URL: ${o.message}`);
+  }
+  const r = t.host + t.pathname, n = e.nonce || or(), s = e.unsecure ? "1" : "0";
+  if (e.unsecure && t.protocol !== "http:")
+    throw new C("Unsecure flag is true, but callback URL does not use http protocol.");
+  if (!e.unsecure && t.protocol !== "https:")
+    throw new C("Callback URL must use https protocol unless unsecure flag is set to true.");
+  return `digiid://${r}?x=${n}&u=${s}`;
+}
+async function ur(e, t) {
+  const { address: r, uri: n, signature: s } = e, { expectedCallbackUrl: i, expectedNonce: o } = t;
+  if (!r || !n || !s)
+    throw new C("Missing required callback data: address, uri, or signature.");
+  let c;
   try {
-    const n = c.replace(/^digiid:/, "http:");
-    l = new URL(n);
-  } catch (n) {
-    throw new e(`Invalid URI received in callback: ${n.message}`);
-  }
-  const u = l.searchParams.get("x"), h = l.searchParams.get("u"), g = l.host + l.pathname;
-  if (u === null || h === null)
-    throw new e("URI missing nonce (x) or unsecure (u) parameter.");
+    const x = n.replace(/^digiid:/, "http:");
+    c = new URL(x);
+  } catch (x) {
+    throw new C(`Invalid URI received in callback: ${x.message}`);
+  }
+  const f = c.searchParams.get("x"), a = c.searchParams.get("u"), h = c.host + c.pathname;
+  if (f === null || a === null)
+    throw new C("URI missing nonce (x) or unsecure (u) parameter.");
   let d;
   try {
-    d = typeof s == "string" ? new URL(s) : s;
-  } catch (n) {
-    throw new e(`Invalid expectedCallbackUrl provided: ${n.message}`);
-  }
-  const p = d.host + d.pathname;
-  if (g !== p)
-    throw new e(`Callback URL mismatch: URI contained "${g}", expected "${p}"`);
-  const w = d.protocol;
-  if (h === "1" && w !== "http:")
-    throw new e("URI indicates unsecure (u=1), but expectedCallbackUrl is not http.");
-  if (h === "0" && w !== "https:")
-    throw new e("URI indicates secure (u=0), but expectedCallbackUrl is not https.");
-  if (o && u !== o)
-    throw new e(`Nonce mismatch: URI contained "${u}", expected "${o}". Possible replay attack.`);
+    d = typeof i == "string" ? new URL(i) : i;
+  } catch (x) {
+    throw new C(`Invalid expectedCallbackUrl provided: ${x.message}`);
+  }
+  const y = d.host + d.pathname;
+  if (h !== y)
+    throw new C(`Callback URL mismatch: URI contained "${h}", expected "${y}"`);
+  const g = d.protocol;
+  if (a === "1" && g !== "http:")
+    throw new C("URI indicates unsecure (u=1), but expectedCallbackUrl is not http.");
+  if (a === "0" && g !== "https:")
+    throw new C("URI indicates secure (u=0), but expectedCallbackUrl is not https.");
+  if (o && f !== o)
+    throw new C(`Nonce mismatch: URI contained "${f}", expected "${o}". Possible replay attack.`);
   try {
-    if (!await U(c, i, a))
-      throw new e("Invalid signature.");
-  } catch (n) {
-    throw n instanceof e ? n : new e(`Unexpected error during signature verification: ${n.message}`);
+    if (!await sr(n, r, s))
+      throw new C("Invalid signature.");
+  } catch (x) {
+    throw x instanceof C ? x : new C(`Unexpected error during signature verification: ${x.message}`);
   }
   return {
     isValid: !0,
-    address: i,
-    nonce: u
+    address: r,
+    nonce: f
     // Return the nonce from the URI
   };
 }
 export {
-  e as DigiIDError,
-  U as _internalVerifySignature,
-  k as generateDigiIDUri,
-  R as verifyDigiIDCallback
+  C as DigiIDError,
+  sr as _internalVerifySignature,
+  ar as generateDigiIDUri,
+  ur as verifyDigiIDCallback
 };
 //# sourceMappingURL=digiid-ts.es.js.map