shamir-mnemonic-ts 1.0.0

package/dist/src/shamir.js

@@ -0,0 +1,486 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.RANDOM_BYTES = exports.EncryptedMasterSecret = exports.ShareGroup = void 0;
+exports.decodeMnemonics = decodeMnemonics;
+exports.splitEms = splitEms;
+exports.generateMnemonics = generateMnemonics;
+exports.recoverEms = recoverEms;
+exports.combineMnemonics = combineMnemonics;
+var crypto = __importStar(require("crypto"));
+var cipher = __importStar(require("./cipher"));
+var constants_1 = require("./constants");
+var share_1 = require("./share");
+var utils_1 = require("./utils");
+var ShareGroup = /** @class */ (function () {
+    function ShareGroup() {
+        this._shares = new Set();
+    }
+    ShareGroup.prototype[Symbol.iterator] = function () {
+        return this._shares.values();
+    };
+    Object.defineProperty(ShareGroup.prototype, "length", {
+        get: function () {
+            return this._shares.size;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    Object.defineProperty(ShareGroup.prototype, "isEmpty", {
+        get: function () {
+            return this._shares.size === 0;
+        },
+        enumerable: false,
+        configurable: true
+    });
+    ShareGroup.prototype.has = function (obj) {
+        // Check by value equality, not reference
+        for (var _i = 0, _a = this._shares; _i < _a.length; _i++) {
+            var share = _a[_i];
+            if (share.identifier === obj.identifier &&
+                share.extendable === obj.extendable &&
+                share.iterationExponent === obj.iterationExponent &&
+                share.groupIndex === obj.groupIndex &&
+                share.groupThreshold === obj.groupThreshold &&
+                share.groupCount === obj.groupCount &&
+                share.index === obj.index &&
+                share.memberThreshold === obj.memberThreshold &&
+                share.value.equals(obj.value)) {
+                return true;
+            }
+        }
+        return false;
+    };
+    ShareGroup.prototype.add = function (share) {
+        if (this._shares.size > 0 && !this._groupParametersMatch(share)) {
+            var existing = Array.from(this._shares)[0];
+            var existingParams = existing.groupParameters();
+            var newParams = share.groupParameters();
+            var fields = [
+                'identifier',
+                'extendable',
+                'iterationExponent',
+                'groupIndex',
+                'groupThreshold',
+                'groupCount',
+                'memberThreshold',
+            ];
+            for (var _i = 0, fields_1 = fields; _i < fields_1.length; _i++) {
+                var field = fields_1[_i];
+                if (existingParams[field] !== newParams[field]) {
+                    throw new utils_1.MnemonicError("Invalid set of mnemonics. The ".concat(field, " parameters don't match."));
+                }
+            }
+        }
+        this._shares.add(share);
+    };
+    ShareGroup.prototype._groupParametersMatch = function (share) {
+        if (this._shares.size === 0) {
+            return true;
+        }
+        var existing = Array.from(this._shares)[0];
+        var existingParams = existing.groupParameters();
+        var newParams = share.groupParameters();
+        return (existingParams.identifier === newParams.identifier &&
+            existingParams.extendable === newParams.extendable &&
+            existingParams.iterationExponent === newParams.iterationExponent &&
+            existingParams.groupIndex === newParams.groupIndex &&
+            existingParams.groupThreshold === newParams.groupThreshold &&
+            existingParams.groupCount === newParams.groupCount &&
+            existingParams.memberThreshold === newParams.memberThreshold);
+    };
+    ShareGroup.prototype.toRawShares = function () {
+        return Array.from(this._shares).map(function (s) { return ({ x: s.index, data: s.value }); });
+    };
+    ShareGroup.prototype.getMinimalGroup = function () {
+        var group = new ShareGroup();
+        var sharesArray = Array.from(this._shares);
+        var threshold = this.memberThreshold();
+        group._shares = new Set(sharesArray.slice(0, threshold));
+        return group;
+    };
+    ShareGroup.prototype.commonParameters = function () {
+        return Array.from(this._shares)[0].commonParameters();
+    };
+    ShareGroup.prototype.groupParameters = function () {
+        return Array.from(this._shares)[0].groupParameters();
+    };
+    ShareGroup.prototype.memberThreshold = function () {
+        return Array.from(this._shares)[0].memberThreshold;
+    };
+    ShareGroup.prototype.isComplete = function () {
+        if (this._shares.size === 0) {
+            return false;
+        }
+        return this._shares.size >= this.memberThreshold();
+    };
+    return ShareGroup;
+}());
+exports.ShareGroup = ShareGroup;
+var EncryptedMasterSecret = /** @class */ (function () {
+    function EncryptedMasterSecret(identifier, extendable, iterationExponent, ciphertext) {
+        this.identifier = identifier;
+        this.extendable = extendable;
+        this.iterationExponent = iterationExponent;
+        this.ciphertext = ciphertext;
+    }
+    EncryptedMasterSecret.fromMasterSecret = function (masterSecret, passphrase, identifier, extendable, iterationExponent) {
+        var ciphertext = cipher.encrypt(masterSecret, passphrase, iterationExponent, identifier, extendable);
+        return new EncryptedMasterSecret(identifier, extendable, iterationExponent, ciphertext);
+    };
+    EncryptedMasterSecret.prototype.decrypt = function (passphrase) {
+        return cipher.decrypt(this.ciphertext, passphrase, this.iterationExponent, this.identifier, this.extendable);
+    };
+    return EncryptedMasterSecret;
+}());
+exports.EncryptedMasterSecret = EncryptedMasterSecret;
+var RANDOM_BYTES = function (length) {
+    return crypto.randomBytes(length);
+};
+exports.RANDOM_BYTES = RANDOM_BYTES;
+/** Source of random bytes. Can be overriden for deterministic testing. */
+function _precomputeExpLog() {
+    var exp = new Array(255).fill(0);
+    var log = new Array(256).fill(0);
+    var poly = 1;
+    for (var i = 0; i < 255; i++) {
+        exp[i] = poly;
+        log[poly] = i;
+        // Multiply poly by the polynomial x + 1.
+        poly = (poly << 1) ^ poly;
+        // Reduce poly by x^8 + x^4 + x^3 + x + 1.
+        if (poly & 0x100) {
+            poly ^= 0x11B;
+        }
+    }
+    return [exp, log];
+}
+var _a = _precomputeExpLog(), EXP_TABLE = _a[0], LOG_TABLE = _a[1];
+function _interpolate(shares, x) {
+    /**
+     * Returns f(x) given the Shamir shares (x_1, f(x_1)), ... , (x_k, f(x_k)).
+     * @param shares The Shamir shares.
+     * @param x The x coordinate of the result.
+     * @return Evaluations of the polynomials in x.
+     */
+    var xCoordinates = new Set(shares.map(function (share) { return share.x; }));
+    if (xCoordinates.size !== shares.length) {
+        throw new utils_1.MnemonicError('Invalid set of shares. Share indices must be unique.');
+    }
+    var shareValueLengths = new Set(shares.map(function (share) { return share.data.length; }));
+    if (shareValueLengths.size !== 1) {
+        throw new utils_1.MnemonicError('Invalid set of shares. All share values must have the same length.');
+    }
+    if (xCoordinates.has(x)) {
+        for (var _i = 0, shares_1 = shares; _i < shares_1.length; _i++) {
+            var share = shares_1[_i];
+            if (share.x === x) {
+                return share.data;
+            }
+        }
+    }
+    // Logarithm of the product of (x_i - x) for i = 1, ... , k.
+    var logProd = 0;
+    for (var _a = 0, shares_2 = shares; _a < shares_2.length; _a++) {
+        var share = shares_2[_a];
+        logProd = (logProd + LOG_TABLE[share.x ^ x]) % 255;
+    }
+    var resultLength = Array.from(shareValueLengths)[0];
+    var result = Buffer.alloc(resultLength);
+    for (var _b = 0, shares_3 = shares; _b < shares_3.length; _b++) {
+        var share = shares_3[_b];
+        // The logarithm of the Lagrange basis polynomial evaluated at x.
+        var logBasisEval = logProd;
+        logBasisEval = (logBasisEval - LOG_TABLE[share.x ^ x] + 255) % 255;
+        var sumOther = 0;
+        for (var _c = 0, shares_4 = shares; _c < shares_4.length; _c++) {
+            var other = shares_4[_c];
+            if (other.x !== share.x) {
+                sumOther = (sumOther + LOG_TABLE[share.x ^ other.x]) % 255;
+            }
+        }
+        logBasisEval = (logBasisEval - sumOther + 255) % 255;
+        for (var i = 0; i < resultLength; i++) {
+            var shareVal = share.data[i];
+            if (shareVal !== 0) {
+                result[i] ^= EXP_TABLE[(LOG_TABLE[shareVal] + logBasisEval) % 255];
+            }
+        }
+    }
+    return result;
+}
+function _createDigest(randomData, sharedSecret) {
+    var hmac = crypto.createHmac('sha256', randomData);
+    hmac.update(sharedSecret);
+    return hmac.digest().slice(0, constants_1.DIGEST_LENGTH_BYTES);
+}
+function _splitSecret(threshold, shareCount, sharedSecret) {
+    if (threshold < 1) {
+        throw new Error('The requested threshold must be a positive integer.');
+    }
+    if (threshold > shareCount) {
+        throw new Error('The requested threshold must not exceed the number of shares.');
+    }
+    if (shareCount > constants_1.MAX_SHARE_COUNT) {
+        throw new Error("The requested number of shares must not exceed ".concat(constants_1.MAX_SHARE_COUNT, "."));
+    }
+    // If the threshold is 1, then the digest of the shared secret is not used.
+    if (threshold === 1) {
+        return Array.from({ length: shareCount }, function (_, i) { return ({
+            x: i,
+            data: sharedSecret,
+        }); });
+    }
+    var randomShareCount = threshold - 2;
+    var shares = Array.from({ length: randomShareCount }, function (_, i) { return ({
+        x: i,
+        data: (0, exports.RANDOM_BYTES)(sharedSecret.length),
+    }); });
+    var randomPart = (0, exports.RANDOM_BYTES)(sharedSecret.length - constants_1.DIGEST_LENGTH_BYTES);
+    var digest = _createDigest(randomPart, sharedSecret);
+    var baseShares = __spreadArray(__spreadArray([], shares, true), [
+        { x: constants_1.DIGEST_INDEX, data: Buffer.concat([digest, randomPart]) },
+        { x: constants_1.SECRET_INDEX, data: sharedSecret },
+    ], false);
+    for (var i = randomShareCount; i < shareCount; i++) {
+        shares.push({ x: i, data: _interpolate(baseShares, i) });
+    }
+    return shares;
+}
+function _recoverSecret(threshold, shares) {
+    // If the threshold is 1, then the digest of the shared secret is not used.
+    if (threshold === 1) {
+        return shares[0].data;
+    }
+    var sharedSecret = _interpolate(shares, constants_1.SECRET_INDEX);
+    var digestShare = _interpolate(shares, constants_1.DIGEST_INDEX);
+    var digest = digestShare.slice(0, constants_1.DIGEST_LENGTH_BYTES);
+    var randomPart = digestShare.slice(constants_1.DIGEST_LENGTH_BYTES);
+    if (!digest.equals(_createDigest(randomPart, sharedSecret))) {
+        throw new utils_1.MnemonicError('Invalid digest of the shared secret.');
+    }
+    return sharedSecret;
+}
+function decodeMnemonics(mnemonics) {
+    var commonParams = [];
+    var groups = new Map();
+    for (var _i = 0, mnemonics_1 = mnemonics; _i < mnemonics_1.length; _i++) {
+        var mnemonic = mnemonics_1[_i];
+        var share = share_1.Share.fromMnemonic(mnemonic);
+        var params = share.commonParameters();
+        commonParams.push(params);
+        if (!groups.has(share.groupIndex)) {
+            groups.set(share.groupIndex, new ShareGroup());
+        }
+        var group = groups.get(share.groupIndex);
+        group.add(share);
+    }
+    if (commonParams.length === 0) {
+        throw new utils_1.MnemonicError('The list of mnemonics is empty.');
+    }
+    var firstParams = commonParams[0];
+    for (var _a = 0, commonParams_1 = commonParams; _a < commonParams_1.length; _a++) {
+        var params = commonParams_1[_a];
+        if (params.identifier !== firstParams.identifier ||
+            params.extendable !== firstParams.extendable ||
+            params.iterationExponent !== firstParams.iterationExponent ||
+            params.groupThreshold !== firstParams.groupThreshold ||
+            params.groupCount !== firstParams.groupCount) {
+            throw new utils_1.MnemonicError('Invalid set of mnemonics. ' +
+                "All mnemonics must begin with the same ".concat(constants_1.ID_EXP_LENGTH_WORDS, " words, ") +
+                'must have the same group threshold and the same group count.');
+        }
+    }
+    return groups;
+}
+function splitEms(groupThreshold, groups, encryptedMasterSecret) {
+    /**
+     * Split an Encrypted Master Secret into mnemonic shares.
+     *
+     * This function is a counterpart to `recoverEms`, and it is used as a subroutine in
+     * `generateMnemonics`. The input is an *already encrypted* Master Secret (EMS), so it
+     * is possible to encrypt the Master Secret in advance and perform the splitting later.
+     *
+     * @param groupThreshold The number of groups required to reconstruct the master secret.
+     * @param groups A list of (member_threshold, member_count) pairs for each group, where member_count
+     *   is the number of shares to generate for the group and member_threshold is the number of members required to
+     *   reconstruct the group secret.
+     * @param encryptedMasterSecret The encrypted master secret to split.
+     * @return List of groups of mnemonics.
+     */
+    if (encryptedMasterSecret.ciphertext.length * 8 < constants_1.MIN_STRENGTH_BITS) {
+        throw new Error('The length of the master secret must be ' +
+            "at least ".concat((0, utils_1.bitsToBytes)(constants_1.MIN_STRENGTH_BITS), " bytes."));
+    }
+    if (groupThreshold > groups.length) {
+        throw new Error('The requested group threshold must not exceed the number of groups.');
+    }
+    if (groups.some(function (_a) {
+        var memberThreshold = _a[0], memberCount = _a[1];
+        return memberThreshold === 1 && memberCount > 1;
+    })) {
+        throw new Error('Creating multiple member shares with member threshold 1 is not allowed. ' +
+            'Use 1-of-1 member sharing instead.');
+    }
+    var groupShares = _splitSecret(groupThreshold, groups.length, encryptedMasterSecret.ciphertext);
+    return groups.map(function (_a, groupIndex) {
+        var memberThreshold = _a[0], memberCount = _a[1];
+        var groupSecret = groupShares[groupIndex].data;
+        var memberShares = _splitSecret(memberThreshold, memberCount, groupSecret);
+        return memberShares.map(function (_a) {
+            var memberIndex = _a.x, value = _a.data;
+            return new share_1.Share(encryptedMasterSecret.identifier, encryptedMasterSecret.extendable, encryptedMasterSecret.iterationExponent, groupIndex, groupThreshold, groups.length, memberIndex, memberThreshold, value);
+        });
+    });
+}
+function _randomIdentifier() {
+    /** Returns a random identifier with the given bit length. */
+    var identifierBytes = (0, exports.RANDOM_BYTES)((0, utils_1.bitsToBytes)(constants_1.ID_LENGTH_BITS));
+    var identifier = 0;
+    for (var i = 0; i < identifierBytes.length; i++) {
+        identifier = (identifier << 8) | identifierBytes[i];
+    }
+    // Mask to ID_LENGTH_BITS
+    return identifier & ((1 << constants_1.ID_LENGTH_BITS) - 1);
+}
+function generateMnemonics(groupThreshold, groups, masterSecret, passphrase, extendable, iterationExponent) {
+    if (passphrase === void 0) { passphrase = Buffer.alloc(0); }
+    if (extendable === void 0) { extendable = true; }
+    if (iterationExponent === void 0) { iterationExponent = 1; }
+    /**
+     * Split a master secret into mnemonic shares using Shamir's secret sharing scheme.
+     *
+     * The supplied Master Secret is encrypted by the passphrase (empty passphrase is used
+     * if none is provided) and split into a set of mnemonic shares.
+     *
+     * This is the user-friendly method to back up a pre-existing secret with the Shamir
+     * scheme, optionally protected by a passphrase.
+     *
+     * @param groupThreshold The number of groups required to reconstruct the master secret.
+     * @param groups A list of (member_threshold, member_count) pairs for each group, where member_count
+     *   is the number of shares to generate for the group and member_threshold is the number of members required to
+     *   reconstruct the group secret.
+     * @param masterSecret The master secret to split.
+     * @param passphrase The passphrase used to encrypt the master secret.
+     * @param iterationExponent The encryption iteration exponent.
+     * @return List of groups mnemonics.
+     */
+    // Validate passphrase contains only printable ASCII characters (code points 32-126)
+    for (var i = 0; i < passphrase.length; i++) {
+        var code = passphrase[i];
+        if (code < 32 || code > 126) {
+            throw new Error('The passphrase must contain only printable ASCII characters (code points 32-126).');
+        }
+    }
+    var identifier = _randomIdentifier();
+    var encryptedMasterSecret = EncryptedMasterSecret.fromMasterSecret(masterSecret, passphrase, identifier, extendable, iterationExponent);
+    var groupedShares = splitEms(groupThreshold, groups, encryptedMasterSecret);
+    return groupedShares.map(function (group) { return group.map(function (share) { return share.mnemonic(); }); });
+}
+function recoverEms(groups) {
+    /**
+     * Combine shares, recover metadata and the Encrypted Master Secret.
+     *
+     * This function is a counterpart to `splitEms`, and it is used as a subroutine in
+     * `combineMnemonics`. It returns the EMS itself and data required for its decryption,
+     * except for the passphrase. It is thus possible to defer decryption of the Master
+     * Secret to a later time.
+     *
+     * @param groups Set of shares classified into groups.
+     * @return Encrypted Master Secret
+     */
+    if (groups.size === 0) {
+        throw new utils_1.MnemonicError('The set of shares is empty.');
+    }
+    var firstGroup = Array.from(groups.values())[0];
+    var params = firstGroup.commonParameters();
+    if (groups.size < params.groupThreshold) {
+        throw new utils_1.MnemonicError('Insufficient number of mnemonic groups. ' +
+            "The required number of groups is ".concat(params.groupThreshold, "."));
+    }
+    if (groups.size !== params.groupThreshold) {
+        throw new utils_1.MnemonicError('Wrong number of mnemonic groups. ' +
+            "Expected ".concat(params.groupThreshold, " groups, ") +
+            "but ".concat(groups.size, " were provided."));
+    }
+    for (var _i = 0, _a = groups.values(); _i < _a.length; _i++) {
+        var group = _a[_i];
+        if (group.length !== group.memberThreshold()) {
+            var shareWords = Array.from(group)[0].words();
+            var prefix = shareWords.slice(0, constants_1.GROUP_PREFIX_LENGTH_WORDS).join(' ');
+            throw new utils_1.MnemonicError('Wrong number of mnemonics. ' +
+                "Expected ".concat(group.memberThreshold(), " mnemonics starting with \"").concat(prefix, " ...\", ") +
+                "but ".concat(group.length, " were provided."));
+        }
+    }
+    var groupShares = Array.from(groups.entries()).map(function (_a) {
+        var groupIndex = _a[0], group = _a[1];
+        return ({
+            x: groupIndex,
+            data: _recoverSecret(group.memberThreshold(), group.toRawShares()),
+        });
+    });
+    var ciphertext = _recoverSecret(params.groupThreshold, groupShares);
+    return new EncryptedMasterSecret(params.identifier, params.extendable, params.iterationExponent, ciphertext);
+}
+function combineMnemonics(mnemonics, passphrase) {
+    if (passphrase === void 0) { passphrase = Buffer.alloc(0); }
+    /**
+     * Combine mnemonic shares to obtain the master secret which was previously split
+     * using Shamir's secret sharing scheme.
+     *
+     * This is the user-friendly method to recover a backed-up secret optionally protected
+     * by a passphrase.
+     *
+     * @param mnemonics List of mnemonics.
+     * @param passphrase The passphrase used to encrypt the master secret.
+     * @return The master secret.
+     */
+    if (!mnemonics || Array.from(mnemonics).length === 0) {
+        throw new utils_1.MnemonicError('The list of mnemonics is empty.');
+    }
+    var groups = decodeMnemonics(mnemonics);
+    var encryptedMasterSecret = recoverEms(groups);
+    return encryptedMasterSecret.decrypt(passphrase);
+}

package/dist/src/share.js

@@ -0,0 +1,196 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Share = void 0;
+var rs1024 = __importStar(require("./rs1024"));
+var wordlist = __importStar(require("./wordlist"));
+var constants_1 = require("./constants");
+var utils_1 = require("./utils");
+function _intToWordIndices(value, length) {
+    /** Converts an integer value to a list of base 1024 indices in big endian order. */
+    return Array.from((0, utils_1.intToIndices)(value, length, constants_1.RADIX_BITS));
+}
+function _intFromWordIndices(indices) {
+    /** Converts a list of base 1024 indices in big endian order to an integer value. */
+    var value = 0;
+    for (var _i = 0, indices_1 = indices; _i < indices_1.length; _i++) {
+        var index = indices_1[_i];
+        value = value * constants_1.RADIX + index;
+    }
+    return value;
+}
+function _customizationString(extendable) {
+    return extendable ? constants_1.CUSTOMIZATION_STRING_EXTENDABLE : constants_1.CUSTOMIZATION_STRING_ORIG;
+}
+var Share = /** @class */ (function () {
+    function Share(identifier, extendable, iterationExponent, groupIndex, groupThreshold, groupCount, index, memberThreshold, value) {
+        this.identifier = identifier;
+        this.extendable = extendable;
+        this.iterationExponent = iterationExponent;
+        this.groupIndex = groupIndex;
+        this.groupThreshold = groupThreshold;
+        this.groupCount = groupCount;
+        this.index = index;
+        this.memberThreshold = memberThreshold;
+        this.value = value;
+    }
+    Share.prototype.commonParameters = function () {
+        /** Return values that uniquely identify a matching set of shares. */
+        return {
+            identifier: this.identifier,
+            extendable: this.extendable,
+            iterationExponent: this.iterationExponent,
+            groupThreshold: this.groupThreshold,
+            groupCount: this.groupCount,
+        };
+    };
+    Share.prototype.groupParameters = function () {
+        /** Return values that uniquely identify shares belonging to the same group. */
+        return {
+            identifier: this.identifier,
+            extendable: this.extendable,
+            iterationExponent: this.iterationExponent,
+            groupIndex: this.groupIndex,
+            groupThreshold: this.groupThreshold,
+            groupCount: this.groupCount,
+            memberThreshold: this.memberThreshold,
+        };
+    };
+    Share.prototype._encodeIdExp = function () {
+        var idExpInt = this.identifier << (constants_1.ITERATION_EXP_LENGTH_BITS + constants_1.EXTENDABLE_FLAG_LENGTH_BITS);
+        idExpInt += (this.extendable ? 1 : 0) << constants_1.ITERATION_EXP_LENGTH_BITS;
+        idExpInt += this.iterationExponent;
+        return _intToWordIndices(idExpInt, constants_1.ID_EXP_LENGTH_WORDS);
+    };
+    Share.prototype._encodeShareParams = function () {
+        // each value is 4 bits, for 20 bits total
+        var val = this.groupIndex;
+        val <<= 4;
+        val += this.groupThreshold - 1;
+        val <<= 4;
+        val += this.groupCount - 1;
+        val <<= 4;
+        val += this.index;
+        val <<= 4;
+        val += this.memberThreshold - 1;
+        // group parameters are 2 words
+        return _intToWordIndices(val, 2);
+    };
+    Share.prototype.words = function () {
+        /** Convert share data to a share mnemonic. */
+        var valueWordCount = (0, utils_1.bitsToWords)(this.value.length * 8);
+        // Convert Buffer to big-endian integer (using BigInt to handle large values)
+        var valueInt = 0n;
+        for (var i = 0; i < this.value.length; i++) {
+            valueInt = (valueInt << 8n) | BigInt(this.value[i]);
+        }
+        // Convert BigInt to number array for _intToWordIndices
+        // For very large values, we need to handle this differently
+        var valueData = [];
+        var tempValue = valueInt;
+        for (var i = 0; i < valueWordCount; i++) {
+            valueData.unshift(Number(tempValue & 1023n));
+            tempValue = tempValue >> 10n;
+        }
+        var shareData = this._encodeIdExp().concat(this._encodeShareParams()).concat(valueData);
+        var checksum = rs1024.createChecksum(shareData, _customizationString(this.extendable));
+        return Array.from(wordlist.wordsFromIndices(shareData.concat(checksum)));
+    };
+    Share.prototype.mnemonic = function () {
+        /** Convert share data to a share mnemonic. */
+        return this.words().join(' ');
+    };
+    Share.fromMnemonic = function (mnemonic) {
+        /** Convert a share mnemonic to share data. */
+        var mnemonicData = wordlist.mnemonicToIndices(mnemonic);
+        if (mnemonicData.length < constants_1.MIN_MNEMONIC_LENGTH_WORDS) {
+            throw new utils_1.MnemonicError("Invalid mnemonic length. The length of each mnemonic " +
+                "must be at least ".concat(constants_1.MIN_MNEMONIC_LENGTH_WORDS, " words."));
+        }
+        var paddingLen = (constants_1.RADIX_BITS * (mnemonicData.length - constants_1.METADATA_LENGTH_WORDS)) % 16;
+        if (paddingLen > 8) {
+            throw new utils_1.MnemonicError('Invalid mnemonic length.');
+        }
+        var idExpData = mnemonicData.slice(0, constants_1.ID_EXP_LENGTH_WORDS);
+        var idExpInt = _intFromWordIndices(idExpData);
+        var identifier = idExpInt >> (constants_1.EXTENDABLE_FLAG_LENGTH_BITS + constants_1.ITERATION_EXP_LENGTH_BITS);
+        var extendable = Boolean((idExpInt >> constants_1.ITERATION_EXP_LENGTH_BITS) & 1);
+        var iterationExponent = idExpInt & ((1 << constants_1.ITERATION_EXP_LENGTH_BITS) - 1);
+        if (!rs1024.verifyChecksum(mnemonicData, _customizationString(extendable))) {
+            var prefix = mnemonic.split(/\s+/).slice(0, constants_1.ID_EXP_LENGTH_WORDS + 2).join(' ');
+            throw new utils_1.MnemonicError("Invalid mnemonic checksum for \"".concat(prefix, " ...\"."));
+        }
+        var shareParamsData = mnemonicData.slice(constants_1.ID_EXP_LENGTH_WORDS, constants_1.ID_EXP_LENGTH_WORDS + 2);
+        var shareParamsInt = _intFromWordIndices(shareParamsData);
+        var shareParams = Array.from((0, utils_1.intToIndices)(shareParamsInt, 5, 4));
+        var groupIndex = shareParams[0], groupThreshold = shareParams[1], groupCount = shareParams[2], index = shareParams[3], memberThreshold = shareParams[4];
+        if (groupCount < groupThreshold) {
+            var prefix = mnemonic.split(/\s+/).slice(0, constants_1.ID_EXP_LENGTH_WORDS + 2).join(' ');
+            throw new utils_1.MnemonicError("Invalid mnemonic \"".concat(prefix, " ...\". Group threshold cannot be greater than group count."));
+        }
+        var valueData = mnemonicData.slice(constants_1.ID_EXP_LENGTH_WORDS + 2, mnemonicData.length - rs1024.CHECKSUM_LENGTH_WORDS);
+        var valueByteCount = (0, utils_1.bitsToBytes)(constants_1.RADIX_BITS * valueData.length - paddingLen);
+        // Convert word indices to BigInt (base 1024)
+        var valueInt = 0n;
+        for (var _i = 0, valueData_1 = valueData; _i < valueData_1.length; _i++) {
+            var index_1 = valueData_1[_i];
+            valueInt = valueInt * 1024n + BigInt(index_1);
+        }
+        // Convert BigInt to Buffer in big-endian format
+        var value;
+        try {
+            value = Buffer.allocUnsafe(valueByteCount);
+            var tempValue = valueInt;
+            for (var i = valueByteCount - 1; i >= 0; i--) {
+                value[i] = Number(tempValue & 0xffn);
+                tempValue = tempValue >> 8n;
+            }
+            if (tempValue !== 0n) {
+                var prefix = mnemonic.split(/\s+/).slice(0, constants_1.ID_EXP_LENGTH_WORDS + 2).join(' ');
+                throw new utils_1.MnemonicError("Invalid mnemonic padding for \"".concat(prefix, " ...\"."));
+            }
+        }
+        catch (error) {
+            if (error instanceof utils_1.MnemonicError) {
+                throw error;
+            }
+            var prefix = mnemonic.split(/\s+/).slice(0, constants_1.ID_EXP_LENGTH_WORDS + 2).join(' ');
+            throw new utils_1.MnemonicError("Invalid mnemonic padding for \"".concat(prefix, " ...\"."));
+        }
+        return new Share(identifier, extendable, iterationExponent, groupIndex, groupThreshold + 1, groupCount + 1, index, memberThreshold + 1, value);
+    };
+    return Share;
+}());
+exports.Share = Share;