npm - shogun-core - Versions diffs - 5.2.0 → 5.2.2 - Mend

shogun-core 5.2.0 → 5.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (186) hide show

package/README.md +145 -1143
package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js +1220 -0
package/dist/browser/defaultVendors-node_modules_hpke_chacha20poly1305_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js +844 -0
package/dist/browser/defaultVendors-node_modules_hpke_hybridkem-x-wing_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js +2335 -0
package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_ciphers_chacha_js.shogun-core.js +999 -0
package/dist/browser/defaultVendors-node_modules_noble_ciphers_chacha_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_curve_js-node_modules_noble_curves_esm_-1ce4ed.shogun-core.js +1651 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_curve_js-node_modules_noble_curves_esm_-1ce4ed.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_edwards_js-node_modules_noble_curves_es-a82056.shogun-core.js +825 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_abstract_edwards_js-node_modules_noble_curves_es-a82056.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed25519_js.shogun-core.js +508 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed25519_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js +747 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_nist_js.shogun-core.js +1608 -0
package/dist/browser/defaultVendors-node_modules_noble_curves_esm_nist_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_noble_post-quantum_ml-dsa_js.shogun-core.js +2117 -0
package/dist/browser/defaultVendors-node_modules_noble_post-quantum_ml-dsa_js.shogun-core.js.map +1 -0
package/dist/browser/defaultVendors-node_modules_openpgp_dist_openpgp_min_mjs.shogun-core.js +86 -0
package/dist/browser/defaultVendors-node_modules_openpgp_dist_openpgp_min_mjs.shogun-core.js.map +1 -0
package/dist/browser/node_modules_hpke_ml-kem_esm_mod_js.shogun-core.js +539 -0
package/dist/browser/node_modules_hpke_ml-kem_esm_mod_js.shogun-core.js.map +1 -0
package/dist/browser/shogun-core.js +160386 -0
package/dist/browser/shogun-core.js.map +1 -0
package/dist/config/simplified-config.js +236 -0
package/dist/core.js +329 -0
package/dist/crypto/asymmetric.js +99 -0
package/dist/crypto/double-ratchet.js +370 -0
package/dist/crypto/file-encryption.js +213 -0
package/dist/crypto/hashing.js +87 -0
package/dist/crypto/index.js +34 -0
package/dist/crypto/mls-codec.js +202 -0
package/dist/crypto/mls.js +550 -0
package/dist/crypto/pgp.js +390 -0
package/dist/crypto/random-generation.js +341 -0
package/dist/crypto/sframe.js +350 -0
package/dist/crypto/signal-protocol.js +376 -0
package/dist/crypto/symmetric.js +91 -0
package/dist/crypto/types.js +2 -0
package/dist/crypto/utils.js +140 -0
package/dist/examples/auth-test.js +253 -0
package/dist/examples/crypto-identity-example.js +151 -0
package/dist/examples/crypto-working-test.js +83 -0
package/dist/examples/double-ratchet-test.js +155 -0
package/dist/examples/mls-advanced-example.js +294 -0
package/dist/examples/mls-sframe-test.js +304 -0
package/dist/examples/pgp-example.js +200 -0
package/dist/examples/quick-auth-test.js +61 -0
package/dist/examples/random-generation-test.js +151 -0
package/dist/examples/signal-protocol-test.js +38 -0
package/dist/examples/simple-api-test.js +114 -0
package/dist/examples/simple-crypto-identity-example.js +84 -0
package/dist/examples/timeout-test.js +227 -0
package/dist/examples/zkproof-credentials-example.js +212 -0
package/dist/examples/zkproof-example.js +201 -0
package/dist/gundb/api.js +435 -0
package/dist/gundb/crypto.js +283 -0
package/dist/gundb/db.js +1946 -0
package/dist/gundb/derive.js +232 -0
package/dist/gundb/errors.js +76 -0
package/dist/gundb/index.js +22 -0
package/dist/gundb/rxjs.js +447 -0
package/dist/gundb/types.js +5 -0
package/dist/index.js +58 -0
package/dist/interfaces/common.js +2 -0
package/dist/interfaces/events.js +40 -0
package/dist/interfaces/plugin.js +2 -0
package/dist/interfaces/shogun.js +37 -0
package/dist/managers/AuthManager.js +226 -0
package/dist/managers/CoreInitializer.js +228 -0
package/dist/managers/CryptoIdentityManager.js +366 -0
package/dist/managers/EventManager.js +70 -0
package/dist/managers/PluginManager.js +299 -0
package/dist/plugins/base.js +50 -0
package/dist/plugins/index.js +32 -0
package/dist/plugins/nostr/index.js +20 -0
package/dist/plugins/nostr/nostrConnector.js +419 -0
package/dist/plugins/nostr/nostrConnectorPlugin.js +453 -0
package/dist/plugins/nostr/nostrSigner.js +319 -0
package/dist/plugins/nostr/types.js +2 -0
package/dist/plugins/smartwallet/index.js +18 -0
package/dist/plugins/smartwallet/smartWalletPlugin.js +511 -0
package/dist/plugins/smartwallet/types.js +2 -0
package/dist/plugins/web3/index.js +20 -0
package/dist/plugins/web3/types.js +2 -0
package/dist/plugins/web3/web3Connector.js +533 -0
package/dist/plugins/web3/web3ConnectorPlugin.js +455 -0
package/dist/plugins/web3/web3Signer.js +314 -0
package/dist/plugins/webauthn/index.js +19 -0
package/dist/plugins/webauthn/types.js +14 -0
package/dist/plugins/webauthn/webauthn.js +496 -0
package/dist/plugins/webauthn/webauthnPlugin.js +489 -0
package/dist/plugins/webauthn/webauthnSigner.js +310 -0
package/dist/plugins/zkproof/index.js +53 -0
package/dist/plugins/zkproof/types.js +2 -0
package/dist/plugins/zkproof/zkCredentials.js +213 -0
package/dist/plugins/zkproof/zkProofConnector.js +198 -0
package/dist/plugins/zkproof/zkProofPlugin.js +272 -0
package/dist/storage/storage.js +145 -0
package/dist/types/config/simplified-config.d.ts +114 -0
package/dist/types/core.d.ts +305 -0
package/dist/types/crypto/asymmetric.d.ts +6 -0
package/dist/types/crypto/double-ratchet.d.ts +22 -0
package/dist/types/crypto/file-encryption.d.ts +19 -0
package/dist/types/crypto/hashing.d.ts +9 -0
package/dist/types/crypto/index.d.ts +13 -0
package/dist/types/crypto/mls-codec.d.ts +39 -0
package/dist/types/crypto/mls.d.ts +130 -0
package/dist/types/crypto/pgp.d.ts +95 -0
package/dist/types/crypto/random-generation.d.ts +35 -0
package/dist/types/crypto/sframe.d.ts +102 -0
package/dist/types/crypto/signal-protocol.d.ts +26 -0
package/dist/types/crypto/symmetric.d.ts +9 -0
package/dist/types/crypto/types.d.ts +144 -0
package/dist/types/crypto/utils.d.ts +22 -0
package/dist/types/examples/auth-test.d.ts +8 -0
package/dist/types/examples/crypto-identity-example.d.ts +5 -0
package/dist/types/examples/crypto-working-test.d.ts +1 -0
package/dist/types/examples/double-ratchet-test.d.ts +1 -0
package/dist/types/examples/mls-advanced-example.d.ts +53 -0
package/dist/types/examples/mls-sframe-test.d.ts +1 -0
package/dist/types/examples/pgp-example.d.ts +75 -0
package/dist/types/examples/quick-auth-test.d.ts +8 -0
package/dist/types/examples/random-generation-test.d.ts +1 -0
package/dist/types/examples/signal-protocol-test.d.ts +1 -0
package/dist/types/examples/simple-api-test.d.ts +10 -0
package/dist/types/examples/simple-crypto-identity-example.d.ts +6 -0
package/dist/types/examples/timeout-test.d.ts +8 -0
package/dist/types/examples/zkproof-credentials-example.d.ts +12 -0
package/dist/types/examples/zkproof-example.d.ts +11 -0
package/dist/types/gundb/api.d.ts +185 -0
package/dist/types/gundb/crypto.d.ts +95 -0
package/dist/types/gundb/db.d.ts +397 -0
package/dist/types/gundb/derive.d.ts +21 -0
package/dist/types/gundb/errors.d.ts +42 -0
package/dist/types/gundb/index.d.ts +3 -0
package/dist/types/gundb/rxjs.d.ts +110 -0
package/dist/types/gundb/types.d.ts +255 -0
package/dist/types/index.d.ts +16 -0
package/dist/types/interfaces/common.d.ts +85 -0
package/dist/types/interfaces/events.d.ts +131 -0
package/dist/types/interfaces/plugin.d.ts +162 -0
package/dist/types/interfaces/shogun.d.ts +208 -0
package/dist/types/managers/AuthManager.d.ts +72 -0
package/dist/types/managers/CoreInitializer.d.ts +40 -0
package/dist/types/managers/CryptoIdentityManager.d.ts +102 -0
package/dist/types/managers/EventManager.d.ts +49 -0
package/dist/types/managers/PluginManager.d.ts +145 -0
package/dist/types/plugins/base.d.ts +35 -0
package/dist/types/plugins/index.d.ts +18 -0
package/dist/types/plugins/nostr/index.d.ts +4 -0
package/dist/types/plugins/nostr/nostrConnector.d.ts +119 -0
package/dist/types/plugins/nostr/nostrConnectorPlugin.d.ts +163 -0
package/dist/types/plugins/nostr/nostrSigner.d.ts +105 -0
package/dist/types/plugins/nostr/types.d.ts +122 -0
package/dist/types/plugins/smartwallet/index.d.ts +2 -0
package/dist/types/plugins/smartwallet/smartWalletPlugin.d.ts +67 -0
package/dist/types/plugins/smartwallet/types.d.ts +80 -0
package/dist/types/plugins/web3/index.d.ts +4 -0
package/dist/types/plugins/web3/types.d.ts +107 -0
package/dist/types/plugins/web3/web3Connector.d.ts +129 -0
package/dist/types/plugins/web3/web3ConnectorPlugin.d.ts +160 -0
package/dist/types/plugins/web3/web3Signer.d.ts +114 -0
package/dist/types/plugins/webauthn/index.d.ts +3 -0
package/dist/types/plugins/webauthn/types.d.ts +183 -0
package/dist/types/plugins/webauthn/webauthn.d.ts +129 -0
package/dist/types/plugins/webauthn/webauthnPlugin.d.ts +179 -0
package/dist/types/plugins/webauthn/webauthnSigner.d.ts +91 -0
package/dist/types/plugins/zkproof/index.d.ts +48 -0
package/dist/types/plugins/zkproof/types.d.ts +123 -0
package/dist/types/plugins/zkproof/zkCredentials.d.ts +112 -0
package/dist/types/plugins/zkproof/zkProofConnector.d.ts +46 -0
package/dist/types/plugins/zkproof/zkProofPlugin.d.ts +76 -0
package/dist/types/storage/storage.d.ts +51 -0
package/dist/types/utils/errorHandler.d.ts +119 -0
package/dist/types/utils/eventEmitter.d.ts +39 -0
package/dist/types/utils/seedPhrase.d.ts +50 -0
package/dist/types/utils/validation.d.ts +27 -0
package/dist/utils/errorHandler.js +246 -0
package/dist/utils/eventEmitter.js +79 -0
package/dist/utils/seedPhrase.js +97 -0
package/dist/utils/validation.js +81 -0
package/package.json +10 -57

package/dist/browser/defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"defaultVendors-node_modules_mlkem_esm_mod_js.shogun-core.js","mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;AClBA;AACA;AACA;AACA;AACA;AACO;AACA;AACA;AACP;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;ACjCA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,SAAS;AAC7B,gBAAgB,OAAO;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,aAAa;AACb;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACiL;AACjL;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2CAAe,GAAG,EAAC;;;AC7FnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACO;AACP;AACA,oCAAoC,MAAM;AAC1C,2BAA2B,OAAO,2BAA2B,EAAE;AAC/D;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA,oCAAoC,MAAM;AAC1C,+CAA+C,OAAO;AACtD,sCAAsC,IAAI,YAAY,aAAa;AACnE;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACO;AACP;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP;AACO;AACP,oBAAoB,gBAAgB;AACpC;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB;AACjB;AACA;AACA,+BAA+B;AAC/B;AACA,qCAAqC;AACrC;AACA,qCAAqC;AACrC;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B,SAAS;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA,0DAA0D;AAC1D;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACO;AACP;AACA,oBAAoB,mBAAmB;AACvC;AACA;AACA;AACA;AACA;AACA,6BAA6B,mBAAmB;AAChD;AACA;AACA;AACA;AACA;AACA;AACO,yCAAyC;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,CAAC;;;ACjMD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACkE;AAClE;AAC+G;AAC/G;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB;AACvB,2CAA2C,YAAY;AACvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,OAAO;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,KAAK;AACnB;AACA;AACA;AACA,qCAAqC,MAAM,YAAY,MAAM;AAC7D,qCAAqC,MAAM,YAAY,MAAM;AAC7D;AACO;AACP;AACA;AACA,kCAAkC,YAAY;AAC9C;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,QAAQ;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,QAAQ;AAChC,4BAA4B,QAAQ;AACpC;AACA,4BAA4B,QAAQ;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,KAAK;AACT;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,OAAO;AACf;AACA;AACA;AACA;AACA;AACA;AACA,uBAAuB,GAAG;AAC1B;AACA;AACA;AACA;AACA;AACA,QAAQ,UAAU;AAClB;AACA,QAAQ,UAAU;AAClB;AACA;AACA;AACA;AACA,QAAQ,OAAO;AACf,QAAQ,MAAM;AACd,gBAAgB,kBAAkB;AAClC;AACA,0BAA0B,UAAU;AACpC;AACA,4BAA4B,UAAU;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,+BAA+B;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,OAAO;AACf,QAAQ,MAAM;AACd;AACA;AACA,gBAAgB,WAAW;AAC3B,4CAA4C,UAAU;AACtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,OAAO;AACf;AACA;AACA;AACA,QAAQ,OAAO;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,QAAQ,KAAK;AACb;AACA;AACA,gBAAgB,iDAAiD;AACjE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,yDAAyD,KAAK,YAAY;AAC1E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP,gBAAgB,OAAO;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP,gBAAgB,OAAO;AACvB;AACO;AACP;AACO;AACP;AACO;AACP;AACO;AACP,wDAAwD,KAAK,YAAY,WAAW;AACpF;AACO;AACP;AACA,wCAAwC,OAAO;AAC/C;AACO;AACP;AACA,wCAAwC,OAAO;AAC/C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;;;ACvUwE;;;ACAxE;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA,SAAS;AACT,KAAK;AACL;;;ACxD4C;AACP;AAC9B,SAAS,UAAI;AACpB;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA,oBAAoB,cAAc;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA,oBAAoB,cAAc;AAClC;AACA;AACA;AACA;AACA;AACA;AACO;AACP,eAAe,aAAqB;AACpC;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,YAAY,QAAQ,qJAAgB,EAAE;AACtD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP,WAAW,QAAQ,UAAU,YAAY;AACzC;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;;;AChHA;AACA;AACA;AACA;AACA;AACmE;AACC;AAC3B;AAC8F;AACvI;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,YAAY;AACxB;AACA,eAAe,YAAY,cAAc;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO;AACP;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA,qCAAqC,iBAAiB;AACtD;AACA;AACA,gBAAgB;AAChB;AACA,6BAA6B,gBAAgB;AAC7C;AACA;AACA;AACA,gBAAgB,WAAW;AAC3B;AACA,mBAAmB,WAAW,cAAc;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA;AACA,qCAAqC,iBAAiB;AACtD;AACA;AACA;AACA,gBAAgB;AAChB;AACA,2BAA2B,gBAAgB;AAC3C;AACA;AACA;AACA,gBAAgB,WAAW;AAC3B;AACA,mBAAmB,WAAW,cAAc;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA;AACA,qCAAqC,iBAAiB;AACtD;AACA;AACA;AACA;AACA,gBAAgB;AAChB;AACA,qBAAqB,gBAAgB;AACrC;AACA;AACA;AACA,gBAAgB,WAAW;AAC3B;AACA,mBAAmB,WAAW,cAAc;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,kCAAkC;AAClC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA;AACA,qCAAqC,iBAAiB;AACtD;AACA,4CAA4C,YAAY;AACxD;AACA;AACA,gBAAgB;AAChB;AACA,qBAAqB,gBAAgB;AACrC;AACA;AACA;AACA,gBAAgB,WAAW;AAC3B;AACA,mBAAmB,WAAW,cAAc;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,mBAAmB,mBAAmB;AACtC;AACA;AACA,sBAAsB,UAAU;AAChC;AACA;AACA;AACA;AACA;AACA,iBAAiB,eAAe;AAChC;AACA;AACA;AACA;AACA;AACA,0BAA0B,UAAU;AACpC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA,oBAAoB,aAAG;AACvB;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,uDAAuD;AACvD,wBAAwB,aAAa;AACrC;AACA;AACA;AACA,aAAa,eAAe;AAC5B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA,mBAAmB,aAAG;AACtB;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,aAAG;AACf,YAAY,aAAG;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iCAAiC,aAAa;AAC9C;AACA,4BAA4B,aAAa;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,8EAA8E,CAAC;AAC/E,qCAAqC;AACrC,iCAAiC;AACjC,6BAA6B,CAAC,IAAI;AAClC,+DAA+D;AAC/D,mEAAmE,CAAC,SAAS;AAC7E,gDAAgD;AAChD,6CAA6C;AAC7C;AACA,sCAAsC,IAAI,CAAC,EAAE;AAC7C,uDAAuD;AACvD;AACA,sCAAsC;AACtC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,UAAU;AAClC,8BAA8B,GAAG,cAAc,CAAC;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,UAAU;AAClC,8BAA8B,GAAG,cAAc,CAAC;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,aAAa;AAC7C,4BAA4B,IAAI,CAAC,MAAM;AACvC,gCAAgC,OAAO;AACvC,8BAA8B,YAAY,IAAI;AAC9C,uDAAuD,CAAC,QAAQ,CAAC;AACjE;AACA;AACA,mDAAmD,YAAY,kBAAkB;AACjF;AACA,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,IAAI,CAAC,MAAM;AAC3C,4BAA4B,OAAO;AACnC,uBAAuB,UAAI,wBAAwB,CAAC,QAAQ,CAAC;AAC7D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA,gCAAgC,aAAa;AAC7C,4BAA4B,IAAI,CAAC,MAAM;AACvC,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD;AACA,gCAAgC,OAAO;AACvC,sCAAsC,KAAK,IAAI,MAAM,mBAAmB,MAAM,CAAC,CAAC;AAChF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,IAAI,CAAC,MAAM;AAC3C,2BAA2B,KAAK,GAAG,MAAM,eAAe,MAAM,CAAC,CAAC;AAChE,2BAA2B,KAAK,GAAG,MAAM,eAAe,MAAM,CAAC,CAAC;AAChE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,QAAQ;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ;AACnB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,iBAAiB,QAAQ,UAAU,WAAW;AAC9C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,WAAW,QAAQ,UAAU,YAAY;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,6BAA6B;AAC7B;AACA,oBAAoB,IAAI,CAAC,MAAM;AAC/B;AACA,aAAa,MAAM;AACnB,aAAa,MAAM;AACnB;AACA,uBAAuB,UAAI,WAAW;AACtC,uBAAuB,UAAI,YAAY,UAAI;AAC3C,uBAAuB,UAAI;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,MAAM;AAC/B,mBAAmB,KAAK,GAAG,MAAM,wBAAwB,MAAM;AAC/D,uBAAuB,KAAK,GAAG,MAAM,wBAAwB,MAAM;AACnE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,MAAM;AAC/B;AACA,wBAAwB,OAAO;AAC/B,mBAAmB,MAAM,wBAAwB,MAAM,CAAC,CAAC;AACzD,gBAAgB,MAAM,CAAC,CAAC;AACxB,sBAAsB,UAAI;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,sCAAsC;AACtC,cAAc;AACd,oBAAoB,IAAI,CAAC,MAAM;AAC/B,wBAAwB,OAAO;AAC/B,wBAAwB,KAAK;AAC7B,kCAAkC,KAAK,EAAE,CAAC;AAC1C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB;AACpB,sBAAsB,6BAA6B;AACnD;AACA,gBAAgB,MAAM,qBAAqB,MAAM;AACjD,gBAAgB,MAAM,yBAAyB,MAAM;AACrD;AACA;AACA;AACA,mBAAmB,CAAC;AACpB;AACA;AACA;AACA;AACA;AACA,gCAAgC,CAAC;AACjC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,MAAM;AAC/B,YAAY,aAAa;AACzB;AACA;AACA,wBAAwB,OAAO;AAC/B,gBAAgB,KAAK;AACrB,gBAAgB,KAAK;AACrB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oCAAoC,QAAQ;AAC5C;AACA,4BAA4B,aAAa;AACzC,yBAAyB,SAAS;AAClC;AACA;AACA,4BAA4B,eAAe;AAC3C;AACA,oDAAoD;AACpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,qDAAqD,IAAI;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,EAAE;AAC3B;AACA;AACA;AACA;AACA,yCAAyC;AACzC;AACA,iBAAiB,QAAQ;AACzB;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2BAA2B,CAAC,QAAQ,CAAC;AACrC;AACA,YAAY,CAAC;AACb;AACA;AACA,4DAA4D;AAC5D;AACA;AACA;AACA;AACA;AACA;AACA;AACA,cAAc,KAAK,CAAC,KAAK,MAAM,KAAK;AACpC,gBAAgB,CAAC;AACjB;AACA;AACA,WAAW,KAAK;AAChB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB;AACpB,oBAAoB,IAAI,CAAC,EAAE;AAC3B,uCAAuC,KAAK,SAAS,KAAK;AAC1D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,cAAc;AAClC;AACA,YAAY,aAAG;AACf;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,MAAM;AAC/B,gFAAgF,SAAS;AACzF,iFAAiF,SAAS;AAC1F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAG;AACZ;AACA,oBAAoB,IAAI,CAAC,EAAE;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,EAAE;AAC3B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,2BAA2B,UAAU;AACrC,4BAA4B,aAAa;AACzC,yBAAyB,aAAa;AACtC;AACA,4BAA4B,eAAe;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gBAAgB,SAAS;AACzB,8BAA8B,aAAa;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,EAAE;AAC3B,gBAAgB,CAAC,EAAE;AACnB;AACA;AACA;AACA,+BAA+B,CAAC;AAChC;AACA;AACA;;;ACrhCA;AACA;AACA;AACA;AACA;AACgC;AACW;AACY;AACvD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,WAAW;AACvB;AACA,eAAe,WAAW,cAAc;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,uBAAuB,SAAS;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,sCAAsC,CAAC;AACvC;AACA,qDAAqD,CAAC;AACtD,2CAA2C,CAAC;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,UAAU;AAClC,mBAAmB,mBAAU,CAAC,GAAG,cAAc,CAAC;AAChD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,mBAAU;AACnB;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,MAAM;AAC/B,YAAY,aAAa;AACzB;AACA;AACA;AACA,wBAAwB,OAAO;AAC/B,gBAAgB,KAAK;AACrB,gBAAgB,KAAK;AACrB;AACA;AACA;AACA;AACA;;;ACpHA;AACA;AACA;AACA;AACA;AACgC;AACW;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,WAAW;AACvB;AACA,eAAe,WAAW,cAAc;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,uBAAuB,SAAS;AACvC;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,sCAAsC,CAAC;AACvC;AACA,qDAAqD,CAAC;AACtD,2CAA2C,CAAC;AAC5C;AACA;;;ACxEA;AACA;AACA;AACA;AACA;AACmC;AACQ;AACc;AACzD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,YAAY,YAAY;AACxB;AACA,eAAe,YAAY,cAAc;AACzC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,wBAAwB,SAAS;AACxC;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT;AACA;AACA;AACA;AACA;AACA,SAAS;AACT,sCAAsC,CAAC;AACvC;AACA,qDAAqD,CAAC;AACtD,2CAA2C,CAAC;AAC5C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,aAAa;AAC7C,4BAA4B,IAAI,CAAC,MAAM;AACvC,gCAAgC,OAAO;AACvC,2BAA2B,MAAM,IAAI,MAAM,2BAA2B,MAAM,CAAC,CAAC;AAC9E,wBAAwB,MAAM,CAAC,CAAC;AAChC;AACA,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B,0BAA0B,UAAI;AAC9B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,IAAI,CAAC,MAAM;AAC3C,4BAA4B,OAAO;AACnC,uBAAuB,UAAI,GAAG,MAAM,uBAAuB,MAAM,CAAC,CAAC,SAAS,MAAM,CAAC,CAAC;AACpF;AACA,sBAAsB,UAAI;AAC1B,sBAAsB,UAAI;AAC1B,sBAAsB,UAAI;AAC1B,sBAAsB,UAAI;AAC1B,sBAAsB,UAAI;AAC1B;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,wBAAwB,aAAa;AACrC;AACA;AACA;AACA,gCAAgC,aAAa;AAC7C,4BAA4B,IAAI,CAAC,MAAM;AACvC,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,qBAAqB,MAAM;AAC3B,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,qBAAqB,MAAM;AAC3B,wBAAwB,MAAM,qBAAqB,MAAM;AACzD,wBAAwB,MAAM,qBAAqB,MAAM;AACzD;AACA,gCAAgC,OAAO;AACvC,uCAAuC,MAAM,iBAAiB,CAAC;AAC/D;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,gCAAgC,IAAI,CAAC,MAAM;AAC3C;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,4BAA4B,OAAO;AACnC,+BAA+B,KAAK,GAAG,MAAM,cAAc,MAAM,CAAC,CAAC;AACnE;AACA;AACA;AACA;AACA;;;ACtM6C;AACA;AACA;AACE;AAC6B","sources":["webpack://ShogunCore/./node_modules/mlkem/esm/src/errors.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/consts.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/sha3/_u64.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/sha3/utils.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/sha3/sha3.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/deps.js","webpack://ShogunCore/./node_modules/mlkem/esm/_dnt.shims.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/utils.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/mlKemBase.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/mlKem512.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/mlKem768.js","webpack://ShogunCore/./node_modules/mlkem/esm/src/mlKem1024.js","webpack://ShogunCore/./node_modules/mlkem/esm/mod.js"],"sourcesContent":["/**\n * The base error class of kyber-ts.\n */\nexport class MlKemError extends Error {\n constructor(e) {\n let message;\n if (e instanceof Error) {\n message = e.message;\n }\n else if (typeof e === \"string\") {\n message = e;\n }\n else {\n message = \"\";\n }\n super(message);\n this.name = this.constructor.name;\n }\n}\n","/**\n * This implementation is based on https://github.com/antontutoveanu/crystals-kyber-javascript,\n * which was deveploped under the MIT licence below:\n * https://github.com/antontutoveanu/crystals-kyber-javascript/blob/main/LICENSE\n */\nexport const N = 256;\nexport const Q = 3329;\nexport const Q_INV = 62209;\n// deno-fmt-ignore\nexport const NTT_ZETAS = [\n 2285, 2571, 2970, 1812, 1493, 1422, 287, 202, 3158, 622, 1577, 182, 962,\n 2127, 1855, 1468, 573, 2004, 264, 383, 2500, 1458, 1727, 3199, 2648, 1017,\n 732, 608, 1787, 411, 3124, 1758, 1223, 652, 2777, 1015, 2036, 1491, 3047,\n 1785, 516, 3321, 3009, 2663, 1711, 2167, 126, 1469, 2476, 3239, 3058, 830,\n 107, 1908, 3082, 2378, 2931, 961, 1821, 2604, 448, 2264, 677, 2054, 2226,\n 430, 555, 843, 2078, 871, 1550, 105, 422, 587, 177, 3094, 3038, 2869, 1574,\n 1653, 3083, 778, 1159, 3182, 2552, 1483, 2727, 1119, 1739, 644, 2457, 349,\n 418, 329, 3173, 3254, 817, 1097, 603, 610, 1322, 2044, 1864, 384, 2114, 3193,\n 1218, 1994, 2455, 220, 2142, 1670, 2144, 1799, 2051, 794, 1819, 2475, 2459,\n 478, 3221, 3021, 996, 991, 958, 1869, 1522, 1628,\n];\n// deno-fmt-ignore\nexport const NTT_ZETAS_INV = [\n 1701, 1807, 1460, 2371, 2338, 2333, 308, 108, 2851, 870, 854, 1510, 2535,\n 1278, 1530, 1185, 1659, 1187, 3109, 874, 1335, 2111, 136, 1215, 2945, 1465,\n 1285, 2007, 2719, 2726, 2232, 2512, 75, 156, 3000, 2911, 2980, 872, 2685,\n 1590, 2210, 602, 1846, 777, 147, 2170, 2551, 246, 1676, 1755, 460, 291, 235,\n 3152, 2742, 2907, 3224, 1779, 2458, 1251, 2486, 2774, 2899, 1103, 1275, 2652,\n 1065, 2881, 725, 1508, 2368, 398, 951, 247, 1421, 3222, 2499, 271, 90, 853,\n 1860, 3203, 1162, 1618, 666, 320, 8, 2813, 1544, 282, 1838, 1293, 2314, 552,\n 2677, 2106, 1571, 205, 2918, 1542, 2721, 2597, 2312, 681, 130, 1602, 1871,\n 829, 2946, 3065, 1325, 2756, 1861, 1474, 1202, 2367, 3147, 1752, 2707, 171,\n 3127, 3042, 1907, 1836, 1517, 359, 758, 1441,\n];\n","/**\n * This file is based on noble-hashes (https://github.com/paulmillr/noble-hashes).\n *\n * noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-hashes/blob/4e358a46d682adfb005ae6314ec999f2513086b9/src/_u64.ts\n */\n/**\n * Internal helpers for u64. BigUint64Array is too slow as per 2025, so we implement it using Uint32Array.\n * @todo re-check https://issues.chromium.org/issues/42212588\n * @module\n */\nconst U32_MASK64 = /* @__PURE__ */ BigInt(2 ** 32 - 1);\nconst _32n = /* @__PURE__ */ BigInt(32);\nfunction fromBig(n, le = false) {\n if (le) {\n return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };\n }\n return {\n h: Number((n >> _32n) & U32_MASK64) | 0,\n l: Number(n & U32_MASK64) | 0,\n };\n}\nfunction split(lst, le = false) {\n const len = lst.length;\n const Ah = new Uint32Array(len);\n const Al = new Uint32Array(len);\n for (let i = 0; i < len; i++) {\n const { h, l } = fromBig(lst[i], le);\n [Ah[i], Al[i]] = [h, l];\n }\n return [Ah, Al];\n}\nconst toBig = (h, l) => (BigInt(h >>> 0) << _32n) | BigInt(l >>> 0);\n// for Shift in [0, 32)\nconst shrSH = (h, _l, s) => h >>> s;\nconst shrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in [1, 32)\nconst rotrSH = (h, l, s) => (h >>> s) | (l << (32 - s));\nconst rotrSL = (h, l, s) => (h << (32 - s)) | (l >>> s);\n// Right rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotrBH = (h, l, s) => (h << (64 - s)) | (l >>> (s - 32));\nconst rotrBL = (h, l, s) => (h >>> (s - 32)) | (l << (64 - s));\n// Right rotate for shift===32 (just swaps l&h)\nconst rotr32H = (_h, l) => l;\nconst rotr32L = (h, _l) => h;\n// Left rotate for Shift in [1, 32)\nconst rotlSH = (h, l, s) => (h << s) | (l >>> (32 - s));\nconst rotlSL = (h, l, s) => (l << s) | (h >>> (32 - s));\n// Left rotate for Shift in (32, 64), NOTE: 32 is special case.\nconst rotlBH = (h, l, s) => (l << (s - 32)) | (h >>> (64 - s));\nconst rotlBL = (h, l, s) => (h << (s - 32)) | (l >>> (64 - s));\n// JS uses 32-bit signed integers for bitwise operations which means we cannot\n// simple take carry out of low bit sum by shift, we need to use division.\nfunction add(Ah, Al, Bh, Bl) {\n const l = (Al >>> 0) + (Bl >>> 0);\n return { h: (Ah + Bh + ((l / 2 ** 32) | 0)) | 0, l: l | 0 };\n}\n// Addition with more than 2 elements\nconst add3L = (Al, Bl, Cl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0);\nconst add3H = (low, Ah, Bh, Ch) => (Ah + Bh + Ch + ((low / 2 ** 32) | 0)) | 0;\nconst add4L = (Al, Bl, Cl, Dl) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0);\nconst add4H = (low, Ah, Bh, Ch, Dh) => (Ah + Bh + Ch + Dh + ((low / 2 ** 32) | 0)) | 0;\nconst add5L = (Al, Bl, Cl, Dl, El) => (Al >>> 0) + (Bl >>> 0) + (Cl >>> 0) + (Dl >>> 0) + (El >>> 0);\nconst add5H = (low, Ah, Bh, Ch, Dh, Eh) => (Ah + Bh + Ch + Dh + Eh + ((low / 2 ** 32) | 0)) | 0;\n// prettier-ignore\nexport { add, add3H, add3L, add4H, add4L, add5H, add5L, fromBig, rotlBH, rotlBL, rotlSH, rotlSL, rotr32H, rotr32L, rotrBH, rotrBL, rotrSH, rotrSL, shrSH, shrSL, split, toBig, };\n// prettier-ignore\nconst u64 = {\n fromBig,\n split,\n toBig,\n shrSH,\n shrSL,\n rotrSH,\n rotrSL,\n rotrBH,\n rotrBL,\n rotr32H,\n rotr32L,\n rotlSH,\n rotlSL,\n rotlBH,\n rotlBL,\n add,\n add3L,\n add3H,\n add4L,\n add4H,\n add5H,\n add5L,\n};\nexport default u64;\n","// deno-lint-ignore-file no-explicit-any\n/**\n * This file is based on noble-hashes (https://github.com/paulmillr/noble-hashes).\n *\n * noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-hashes/blob/4e358a46d682adfb005ae6314ec999f2513086b9/src/utils.ts\n */\n/**\n * Utilities for hex, bytes, CSPRNG.\n * @module\n */\n/*! noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com) */\n/** Checks if something is Uint8Array. Be careful: nodejs Buffer will return true. */\nexport function isBytes(a) {\n return a instanceof Uint8Array ||\n (ArrayBuffer.isView(a) && a.constructor.name === \"Uint8Array\");\n}\n/** Asserts something is positive integer. */\nexport function anumber(n, title = \"\") {\n if (!Number.isSafeInteger(n) || n < 0) {\n const prefix = title && `\"${title}\" `;\n throw new Error(`${prefix}expected integer >0, got ${n}`);\n }\n}\n/** Asserts something is Uint8Array. */\nexport function abytes(value, length, title = \"\") {\n const bytes = isBytes(value);\n const len = value?.length;\n const needsLen = length !== undefined;\n if (!bytes || (needsLen && len !== length)) {\n const prefix = title && `\"${title}\" `;\n const ofLen = needsLen ? ` of length ${length}` : \"\";\n const got = bytes ? `length=${len}` : `type=${typeof value}`;\n throw new Error(prefix + \"expected Uint8Array\" + ofLen + \", got \" + got);\n }\n return value;\n}\n/** Asserts a hash instance has not been destroyed / finished */\nexport function aexists(instance, checkFinished = true) {\n if (instance.destroyed)\n throw new Error(\"Hash instance has been destroyed\");\n if (checkFinished && instance.finished) {\n throw new Error(\"Hash#digest() has already been called\");\n }\n}\n/** Asserts output is properly-sized byte array */\nexport function aoutput(out, instance) {\n abytes(out, undefined, \"digestInto() output\");\n const min = instance.outputLen;\n if (out.length < min) {\n throw new Error('\"digestInto() output\" expected to be of length >=' + min);\n }\n}\n/** Cast u8 / u16 / u32 to u32. */\nexport function u32(arr) {\n return new Uint32Array(arr.buffer, arr.byteOffset, Math.floor(arr.byteLength / 4));\n}\n/** Zeroize a byte array. Warning: JS provides no guarantees. */\nexport function clean(...arrays) {\n for (let i = 0; i < arrays.length; i++) {\n arrays[i].fill(0);\n }\n}\n/** Is current platform little-endian? Most are. Big-Endian platform: IBM */\nexport const isLE = \n/* @__PURE__ */ (() => new Uint8Array(new Uint32Array([0x11223344]).buffer)[0] === 0x44)();\n/** The byte swap operation for uint32 */\nexport function byteSwap(word) {\n return (((word << 24) & 0xff000000) |\n ((word << 8) & 0xff0000) |\n ((word >>> 8) & 0xff00) |\n ((word >>> 24) & 0xff));\n}\n/** Conditionally byte swap if on a big-endian platform */\nexport const swap8IfBE = isLE\n ? (n) => n\n : (n) => byteSwap(n);\n/** @deprecated */\nexport const byteSwapIfBE = swap8IfBE;\n/** In place byte swap for Uint32Array */\nexport function byteSwap32(arr) {\n for (let i = 0; i < arr.length; i++) {\n arr[i] = byteSwap(arr[i]);\n }\n return arr;\n}\nexport const swap32IfBE = isLE\n ? (u) => u\n : byteSwap32;\n// Built-in hex conversion https://caniuse.com/mdn-javascript_builtins_uint8array_fromhex\nconst hasHexBuiltin = /* @__PURE__ */ (() => \n// @ts-ignore: to check the existence of the method\ntypeof Uint8Array.from([]).toHex === \"function\" &&\n // @ts-ignore: to check the existence of the method\n typeof Uint8Array.fromHex === \"function\")();\n// We use optimized technique to convert hex string to byte array\nconst asciis = { _0: 48, _9: 57, A: 65, F: 70, a: 97, f: 102 };\nfunction asciiToBase16(ch) {\n if (ch >= asciis._0 && ch <= asciis._9)\n return ch - asciis._0; // '2' => 50-48\n if (ch >= asciis.A && ch <= asciis.F)\n return ch - (asciis.A - 10); // 'B' => 66-(65-10)\n if (ch >= asciis.a && ch <= asciis.f)\n return ch - (asciis.a - 10); // 'b' => 98-(97-10)\n return;\n}\n/**\n * Convert hex string to byte array. Uses built-in function, when available.\n * @example hexToBytes('cafe0123') // Uint8Array.from([0xca, 0xfe, 0x01, 0x23])\n */\nexport function hexToBytes(hex) {\n if (typeof hex !== \"string\") {\n throw new Error(\"hex string expected, got \" + typeof hex);\n }\n // @ts-ignore: to check the existence of the method\n if (hasHexBuiltin)\n return Uint8Array.fromHex(hex);\n const hl = hex.length;\n const al = hl / 2;\n if (hl % 2) {\n throw new Error(\"hex string expected, got unpadded hex of length \" + hl);\n }\n const array = new Uint8Array(al);\n for (let ai = 0, hi = 0; ai < al; ai++, hi += 2) {\n const n1 = asciiToBase16(hex.charCodeAt(hi));\n const n2 = asciiToBase16(hex.charCodeAt(hi + 1));\n if (n1 === undefined || n2 === undefined) {\n const char = hex[hi] + hex[hi + 1];\n throw new Error('hex string expected, got non-hex character \"' + char + '\" at index ' +\n hi);\n }\n array[ai] = n1 * 16 + n2; // multiply first octet, e.g. 'a3' => 10*16+3 => 160 + 3 => 163\n }\n return array;\n}\n/**\n * Converts string to bytes using UTF8 encoding.\n * @example utf8ToBytes('abc') // Uint8Array.from([97, 98, 99])\n */\nexport function utf8ToBytes(str) {\n if (typeof str !== \"string\")\n throw new Error(\"string expected\");\n return new Uint8Array(new TextEncoder().encode(str)); // https://bugzil.la/1681809\n}\n/**\n * Converts bytes to string using UTF8 encoding.\n * @example bytesToUtf8(Uint8Array.from([97, 98, 99])) // 'abc'\n */\nexport function bytesToUtf8(bytes) {\n return new TextDecoder().decode(bytes);\n}\n/** Copies several Uint8Arrays into one. */\nexport function concatBytes(...arrays) {\n let sum = 0;\n for (let i = 0; i < arrays.length; i++) {\n const a = arrays[i];\n abytes(a);\n sum += a.length;\n }\n const res = new Uint8Array(sum);\n for (let i = 0, pad = 0; i < arrays.length; i++) {\n const a = arrays[i];\n res.set(a, pad);\n pad += a.length;\n }\n return res;\n}\nexport function createHasher(hashCons, info = {}) {\n const hashC = (msg, opts) => hashCons(opts).update(msg).digest();\n const tmp = hashCons(undefined);\n hashC.outputLen = tmp.outputLen;\n hashC.blockLen = tmp.blockLen;\n hashC.create = (opts) => hashCons(opts);\n Object.assign(hashC, info);\n return Object.freeze(hashC);\n}\n// 06 09 60 86 48 01 65 03 04 02\nexport const oidNist = (suffix) => ({\n oid: Uint8Array.from([\n 0x06,\n 0x09,\n 0x60,\n 0x86,\n 0x48,\n 0x01,\n 0x65,\n 0x03,\n 0x04,\n 0x02,\n suffix,\n ]),\n});\n","/**\n * This file is based on noble-hashes (https://github.com/paulmillr/noble-hashes).\n *\n * noble-hashes - MIT License (c) 2022 Paul Miller (paulmillr.com)\n *\n * The original file is located at:\n * https://github.com/paulmillr/noble-hashes/blob/4e358a46d682adfb005ae6314ec999f2513086b9/src/sha3.ts\n */\n/**\n * SHA3 (keccak) hash function, based on a new \"Sponge function\" design.\n * Different from older hashes, the internal state is bigger than output size.\n *\n * Check out [FIPS-202](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf),\n * [Website](https://keccak.team/keccak.html),\n * [the differences between SHA-3 and Keccak](https://crypto.stackexchange.com/questions/15727/what-are-the-key-differences-between-the-draft-sha-3-standard-and-the-keccak-sub).\n *\n * Check out `sha3-addons` module for cSHAKE, k12, and others.\n * @module\n */\nimport { rotlBH, rotlBL, rotlSH, rotlSL, split } from \"./_u64.js\";\n// prettier-ignore\nimport { abytes, aexists, anumber, aoutput, clean, createHasher, oidNist, swap32IfBE, u32, } from \"./utils.js\";\n// No __PURE__ annotations in sha3 header:\n// EVERYTHING is in fact used on every export.\n// Various per round constants calculations\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nconst _2n = BigInt(2);\nconst _7n = BigInt(7);\nconst _256n = BigInt(256);\nconst _0x71n = BigInt(0x71);\nconst SHA3_PI = [];\nconst SHA3_ROTL = [];\nconst _SHA3_IOTA = []; // no pure annotation: var is always used\nfor (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {\n // Pi\n [x, y] = [y, (2 * x + 3 * y) % 5];\n SHA3_PI.push(2 * (5 * y + x));\n // Rotational\n SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);\n // Iota\n let t = _0n;\n for (let j = 0; j < 7; j++) {\n R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;\n if (R & _2n)\n t ^= _1n << ((_1n << BigInt(j)) - _1n);\n }\n _SHA3_IOTA.push(t);\n}\nconst IOTAS = split(_SHA3_IOTA, true);\nconst SHA3_IOTA_H = IOTAS[0];\nconst SHA3_IOTA_L = IOTAS[1];\n// Left rotation (without 0, 32, 64)\nconst rotlH = (h, l, s) => (s > 32 ? rotlBH(h, l, s) : rotlSH(h, l, s));\nconst rotlL = (h, l, s) => (s > 32 ? rotlBL(h, l, s) : rotlSL(h, l, s));\n/** `keccakf1600` internal function, additionally allows to adjust round count. */\nexport function keccakP(s, rounds = 24) {\n const B = new Uint32Array(5 * 2);\n // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)\n for (let round = 24 - rounds; round < 24; round++) {\n // Theta θ\n for (let x = 0; x < 10; x++) {\n B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];\n }\n for (let x = 0; x < 10; x += 2) {\n const idx1 = (x + 8) % 10;\n const idx0 = (x + 2) % 10;\n const B0 = B[idx0];\n const B1 = B[idx0 + 1];\n const Th = rotlH(B0, B1, 1) ^ B[idx1];\n const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];\n for (let y = 0; y < 50; y += 10) {\n s[x + y] ^= Th;\n s[x + y + 1] ^= Tl;\n }\n }\n // Rho (ρ) and Pi (π)\n let curH = s[2];\n let curL = s[3];\n for (let t = 0; t < 24; t++) {\n const shift = SHA3_ROTL[t];\n const Th = rotlH(curH, curL, shift);\n const Tl = rotlL(curH, curL, shift);\n const PI = SHA3_PI[t];\n curH = s[PI];\n curL = s[PI + 1];\n s[PI] = Th;\n s[PI + 1] = Tl;\n }\n // Chi (χ)\n for (let y = 0; y < 50; y += 10) {\n for (let x = 0; x < 10; x++)\n B[x] = s[y + x];\n for (let x = 0; x < 10; x++) {\n s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];\n }\n }\n // Iota (ι)\n s[0] ^= SHA3_IOTA_H[round];\n s[1] ^= SHA3_IOTA_L[round];\n }\n clean(B);\n}\n/** Keccak sponge function. */\nexport class Keccak {\n // NOTE: we accept arguments in bytes instead of bits here.\n constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {\n Object.defineProperty(this, \"state\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n Object.defineProperty(this, \"pos\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"posOut\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"finished\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: false\n });\n Object.defineProperty(this, \"state32\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n Object.defineProperty(this, \"destroyed\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: false\n });\n Object.defineProperty(this, \"blockLen\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n Object.defineProperty(this, \"suffix\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n Object.defineProperty(this, \"outputLen\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n Object.defineProperty(this, \"enableXOF\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: false\n });\n Object.defineProperty(this, \"rounds\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: void 0\n });\n this.blockLen = blockLen;\n this.suffix = suffix;\n this.outputLen = outputLen;\n this.enableXOF = enableXOF;\n this.rounds = rounds;\n // Can be passed from user as dkLen\n anumber(outputLen, \"outputLen\");\n // 1600 = 5x5 matrix of 64bit. 1600 bits === 200 bytes\n // 0 < blockLen < 200\n if (!(0 < blockLen && blockLen < 200)) {\n throw new Error(\"only keccak-f1600 function is supported\");\n }\n this.state = new Uint8Array(200);\n this.state32 = u32(this.state);\n }\n clone() {\n return this._cloneInto();\n }\n keccak() {\n swap32IfBE(this.state32);\n keccakP(this.state32, this.rounds);\n swap32IfBE(this.state32);\n this.posOut = 0;\n this.pos = 0;\n }\n update(data) {\n aexists(this);\n abytes(data);\n const { blockLen, state } = this;\n const len = data.length;\n for (let pos = 0; pos < len;) {\n const take = Math.min(blockLen - this.pos, len - pos);\n for (let i = 0; i < take; i++)\n state[this.pos++] ^= data[pos++];\n if (this.pos === blockLen)\n this.keccak();\n }\n return this;\n }\n finish() {\n if (this.finished)\n return;\n this.finished = true;\n const { state, suffix, pos, blockLen } = this;\n // Do the padding\n state[pos] ^= suffix;\n if ((suffix & 0x80) !== 0 && pos === blockLen - 1)\n this.keccak();\n state[blockLen - 1] ^= 0x80;\n this.keccak();\n }\n writeInto(out) {\n aexists(this, false);\n abytes(out);\n this.finish();\n const bufferOut = this.state;\n const { blockLen } = this;\n for (let pos = 0, len = out.length; pos < len;) {\n if (this.posOut >= blockLen)\n this.keccak();\n const take = Math.min(blockLen - this.posOut, len - pos);\n out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);\n this.posOut += take;\n pos += take;\n }\n return out;\n }\n xofInto(out) {\n // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF\n if (!this.enableXOF) {\n throw new Error(\"XOF is not possible for this instance\");\n }\n return this.writeInto(out);\n }\n xof(bytes) {\n anumber(bytes);\n return this.xofInto(new Uint8Array(bytes));\n }\n digestInto(out) {\n aoutput(out, this);\n if (this.finished)\n throw new Error(\"digest() was already called\");\n this.writeInto(out);\n this.destroy();\n return out;\n }\n digest() {\n return this.digestInto(new Uint8Array(this.outputLen));\n }\n destroy() {\n this.destroyed = true;\n clean(this.state);\n }\n _cloneInto(to) {\n const { blockLen, suffix, outputLen, rounds, enableXOF } = this;\n to ||= new Keccak(blockLen, suffix, outputLen, enableXOF, rounds);\n to.state32.set(this.state32);\n to.pos = this.pos;\n to.posOut = this.posOut;\n to.finished = this.finished;\n to.rounds = rounds;\n // Suffix can change in cSHAKE\n to.suffix = suffix;\n to.outputLen = outputLen;\n to.enableXOF = enableXOF;\n to.destroyed = this.destroyed;\n return to;\n }\n}\nconst genKeccak = (suffix, blockLen, outputLen, info = {}) => createHasher(() => new Keccak(blockLen, suffix, outputLen), info);\n// /** SHA3-224 hash function. */\n// export const sha3_224: CHash = /* @__PURE__ */ genKeccak(\n// 0x06,\n// 144,\n// 28,\n// /* @__PURE__ */ oidNist(0x07),\n// );\n/** SHA3-256 hash function. Different from keccak-256. */\nexport const sha3_256 = /* @__PURE__ */ genKeccak(0x06, 136, 32, \n/* @__PURE__ */ oidNist(0x08));\n// /** SHA3-384 hash function. */\n// export const sha3_384: CHash = /* @__PURE__ */ genKeccak(\n// 0x06,\n// 104,\n// 48,\n// /* @__PURE__ */ oidNist(0x09),\n// );\n/** SHA3-512 hash function. */\nexport const sha3_512 = /* @__PURE__ */ genKeccak(0x06, 72, 64, \n/* @__PURE__ */ oidNist(0x0a));\n/** keccak-224 hash function. */\nexport const keccak_224 = /* @__PURE__ */ genKeccak(0x01, 144, 28);\n/** keccak-256 hash function. Different from SHA3-256. */\nexport const keccak_256 = /* @__PURE__ */ genKeccak(0x01, 136, 32);\n/** keccak-384 hash function. */\nexport const keccak_384 = /* @__PURE__ */ genKeccak(0x01, 104, 48);\n/** keccak-512 hash function. */\nexport const keccak_512 = /* @__PURE__ */ genKeccak(0x01, 72, 64);\nconst genShake = (suffix, blockLen, outputLen, info = {}) => createHasher((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true), info);\n/** SHAKE128 XOF with 128-bit security. */\nexport const shake128 = \n/* @__PURE__ */\ngenShake(0x1f, 168, 16, /* @__PURE__ */ oidNist(0x0b));\n/** SHAKE256 XOF with 256-bit security. */\nexport const shake256 = \n/* @__PURE__ */\ngenShake(0x1f, 136, 32, /* @__PURE__ */ oidNist(0x0c));\n// /** SHAKE128 XOF with 256-bit output (NIST version). */\n// export const shake128_32: CHashXOF<Keccak, ShakeOpts> =\n// /* @__PURE__ */\n// genShake(0x1f, 168, 32, /* @__PURE__ */ oidNist(0x0b));\n// /** SHAKE256 XOF with 512-bit output (NIST version). */\n// export const shake256_64: CHashXOF<Keccak, ShakeOpts> =\n// /* @__PURE__ */\n// genShake(0x1f, 136, 64, /* @__PURE__ */ oidNist(0x0c));\n","export { sha3_256, sha3_512, shake128, shake256 } from \"./sha3/sha3.js\";\n","const dntGlobals = {};\nexport const dntGlobalThis = createMergeProxy(globalThis, dntGlobals);\nfunction createMergeProxy(baseObj, extObj) {\n return new Proxy(baseObj, {\n get(_target, prop, _receiver) {\n if (prop in extObj) {\n return extObj[prop];\n }\n else {\n return baseObj[prop];\n }\n },\n set(_target, prop, value) {\n if (prop in extObj) {\n delete extObj[prop];\n }\n baseObj[prop] = value;\n return true;\n },\n deleteProperty(_target, prop) {\n let success = false;\n if (prop in extObj) {\n delete extObj[prop];\n success = true;\n }\n if (prop in baseObj) {\n delete baseObj[prop];\n success = true;\n }\n return success;\n },\n ownKeys(_target) {\n const baseKeys = Reflect.ownKeys(baseObj);\n const extKeys = Reflect.ownKeys(extObj);\n const extKeysSet = new Set(extKeys);\n return [...baseKeys.filter((k) => !extKeysSet.has(k)), ...extKeys];\n },\n defineProperty(_target, prop, desc) {\n if (prop in extObj) {\n delete extObj[prop];\n }\n Reflect.defineProperty(baseObj, prop, desc);\n return true;\n },\n getOwnPropertyDescriptor(_target, prop) {\n if (prop in extObj) {\n return Reflect.getOwnPropertyDescriptor(extObj, prop);\n }\n else {\n return Reflect.getOwnPropertyDescriptor(baseObj, prop);\n }\n },\n has(_target, prop) {\n return prop in extObj || prop in baseObj;\n },\n });\n}\n","import * as dntShim from \"../_dnt.shims.js\";\nimport { shake256 } from \"./deps.js\";\nexport function byte(n) {\n return n % 256;\n}\nexport function int16(n) {\n const end = -32768;\n const start = 32767;\n if (n >= end && n <= start) {\n return n;\n }\n if (n < end) {\n n = n + 32769;\n n = n % 65536;\n return start + n;\n }\n // if (n > start) {\n n = n - 32768;\n n = n % 65536;\n return end + n;\n}\nexport function uint16(n) {\n return n % 65536;\n}\nexport function int32(n) {\n const end = -2147483648;\n const start = 2147483647;\n if (n >= end && n <= start) {\n return n;\n }\n if (n < end) {\n n = n + 2147483649;\n n = n % 4294967296;\n return start + n;\n }\n // if (n > start) {\n n = n - 2147483648;\n n = n % 4294967296;\n return end + n;\n}\n// any bit operations to be done in uint32 must have >>> 0\n// javascript calculates bitwise in SIGNED 32 bit so you need to convert\nexport function uint32(n) {\n return n % 4294967296;\n}\n/**\n * compares two arrays\n * @returns 1 if they are the same or 0 if not\n */\nexport function constantTimeCompare(x, y) {\n // check array lengths\n if (x.length != y.length) {\n return 0;\n }\n const v = new Uint8Array([0]);\n for (let i = 0; i < x.length; i++) {\n v[0] |= x[i] ^ y[i];\n }\n // constantTimeByteEq\n const z = new Uint8Array([0]);\n z[0] = ~(v[0] ^ z[0]);\n z[0] &= z[0] >> 4;\n z[0] &= z[0] >> 2;\n z[0] &= z[0] >> 1;\n return z[0];\n}\nexport function equalUint8Array(x, y) {\n if (x.length != y.length) {\n return false;\n }\n for (let i = 0; i < x.length; i++) {\n if (x[i] !== y[i]) {\n return false;\n }\n }\n return true;\n}\nexport async function loadCrypto() {\n if (typeof dntShim.dntGlobalThis !== \"undefined\" && globalThis.crypto !== undefined) {\n // Browsers, Node.js >= v19, Cloudflare Workers, Bun, etc.\n return globalThis.crypto;\n }\n // Node.js <= v18\n try {\n // @ts-ignore: to ignore \"crypto\"\n const { webcrypto } = await import(\"crypto\"); // node:crypto\n return webcrypto;\n }\n catch (_e) {\n throw new Error(\"failed to load Crypto\");\n }\n}\n// prf provides a pseudo-random function (PRF) which returns\n// a byte array of length `l`, using the provided key and nonce\n// to instantiate the PRF's underlying hash function.\nexport function prf(len, seed, nonce) {\n return shake256.create({ dkLen: len }).update(seed).update(new Uint8Array([nonce])).digest();\n}\n// byteopsLoad24 returns a 32-bit unsigned integer loaded from byte x.\nexport function byteopsLoad24(x) {\n let r = uint32(x[0]);\n r |= uint32(x[1]) << 8;\n r |= uint32(x[2]) << 16;\n return r;\n}\n// byteopsLoad32 returns a 32-bit unsigned integer loaded from byte x.\nexport function byteopsLoad32(x) {\n let r = uint32(x[0]);\n r |= uint32(x[1]) << 8;\n r |= uint32(x[2]) << 16;\n r |= uint32(x[3]) << 24;\n return uint32(r);\n}\n","/**\n * This implementation is based on https://github.com/antontutoveanu/crystals-kyber-javascript,\n * which was deveploped under the MIT licence below:\n * https://github.com/antontutoveanu/crystals-kyber-javascript/blob/main/LICENSE\n */\nimport { sha3_256, sha3_512, shake128, shake256 } from \"./deps.js\";\nimport { N, NTT_ZETAS, NTT_ZETAS_INV, Q, Q_INV } from \"./consts.js\";\nimport { MlKemError } from \"./errors.js\";\nimport { byte, byteopsLoad32, constantTimeCompare, equalUint8Array, int16, int32, loadCrypto, prf, uint16, uint32, } from \"./utils.js\";\n/**\n * Represents the base class for the ML-KEM key encapsulation mechanism.\n *\n * This class provides the base implementation for the ML-KEM key encapsulation mechanism.\n *\n * @remarks\n *\n * This class is not intended to be used directly. Instead, use one of the subclasses:\n *\n * @example\n *\n * ```ts\n * // Using jsr:\n * import { MlKemBase } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKemBase } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * class MlKem768 extends MlKemBase {\n * protected _k = 3;\n * protected _du = 10;\n * protected _dv = 4;\n * protected _eta1 = 2;\n * protected _eta2 = 2;\n *\n * constructor() {\n * super();\n * this._skSize = 12 * this._k * N / 8;\n * this._pkSize = this._skSize + 32;\n * this._compressedUSize = this._k * this._du * N / 8;\n * this._compressedVSize = this._dv * N / 8;\n * }\n * }\n *\n * const kyber = new MlKem768();\n * ```\n */\nexport class MlKemBase {\n /**\n * Creates a new instance of the MlKemBase class.\n */\n constructor() {\n Object.defineProperty(this, \"_api\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: undefined\n });\n Object.defineProperty(this, \"_k\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_du\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_dv\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_eta1\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_eta2\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_skSize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_pkSize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_compressedUSize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n Object.defineProperty(this, \"_compressedVSize\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 0\n });\n }\n /**\n * Generates a keypair [publicKey, privateKey].\n *\n * If an error occurred, throws {@link MlKemError}.\n *\n * @returns A kaypair [publicKey, privateKey].\n * @throws {@link MlKemError}\n *\n * @example Generates a {@link MlKem768} keypair.\n *\n * ```ts\n * // Using jsr:\n * import { MlKem768 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem768 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const kyber = new MlKem768();\n * const [pk, sk] = await kyber.generateKeyPair();\n * ```\n */\n async generateKeyPair() {\n await this._setup();\n try {\n const rnd = new Uint8Array(64);\n this._api.getRandomValues(rnd);\n return this._deriveKeyPair(rnd);\n }\n catch (e) {\n throw new MlKemError(e);\n }\n }\n /**\n * Derives a keypair [publicKey, privateKey] deterministically from a 64-octet seed.\n *\n * If an error occurred, throws {@link MlKemError}.\n *\n * @param seed A 64-octet seed for the deterministic key generation.\n * @returns A kaypair [publicKey, privateKey].\n * @throws {@link MlKemError}\n *\n * @example Derives a {@link MlKem768} keypair deterministically.\n *\n * ```ts\n * // Using jsr:\n * import { MlKem768 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem768 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const kyber = new MlKem768();\n * const seed = new Uint8Array(64);\n * globalThis.crypto.getRandomValues(seed);\n * const [pk, sk] = await kyber.deriveKeyPair(seed);\n * ```\n */\n async deriveKeyPair(seed) {\n await this._setup();\n try {\n if (seed.byteLength !== 64) {\n throw new Error(\"seed must be 64 bytes in length\");\n }\n return this._deriveKeyPair(seed);\n }\n catch (e) {\n throw new MlKemError(e);\n }\n }\n /**\n * Generates a shared secret from the encapsulated ciphertext and the private key.\n *\n * If an error occurred, throws {@link MlKemError}.\n *\n * @param pk A public key.\n * @param seed An optional 32-octet seed for the deterministic shared secret generation.\n * @returns A ciphertext (encapsulated public key) and a shared secret.\n * @throws {@link MlKemError}\n *\n * @example The {@link MlKem768} encapsulation.\n *\n * ```ts\n * // Using jsr:\n * import { MlKem768 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem768 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const kyber = new MlKem768();\n * const [pk, sk] = await kyber.generateKeyPair();\n * const [ct, ss] = await kyber.encap(pk);\n * ```\n */\n async encap(pk, seed) {\n await this._setup();\n try {\n // validate key type; the modulo is checked in `_encap`.\n if (pk.length !== 384 * this._k + 32) {\n throw new Error(\"invalid encapsulation key\");\n }\n const m = this._getSeed(seed);\n const [k, r] = g(m, h(pk));\n const ct = this._encap(pk, m, r);\n return [ct, k];\n }\n catch (e) {\n throw new MlKemError(e);\n }\n }\n /**\n * Generates a ciphertext for the public key and a shared secret.\n *\n * If an error occurred, throws {@link MlKemError}.\n *\n * @param ct A ciphertext generated by {@link encap}.\n * @param sk A private key.\n * @returns A shared secret.\n * @throws {@link MlKemError}\n *\n * @example The {@link MlKem768} decapsulation.\n *\n * ```ts\n * // Using jsr:\n * import { MlKem768 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem768 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const kyber = new MlKem768();\n * const [pk, sk] = await kyber.generateKeyPair();\n * const [ct, ssS] = await kyber.encap(pk);\n * const ssR = await kyber.decap(ct, sk);\n * // ssS === ssR\n * ```\n */\n async decap(ct, sk) {\n await this._setup();\n try {\n // ciphertext type check\n if (ct.byteLength !== this._compressedUSize + this._compressedVSize) {\n throw new Error(\"Invalid ct size\");\n }\n // decapsulation key type check\n if (sk.length !== 768 * this._k + 96) {\n throw new Error(\"Invalid decapsulation key\");\n }\n const sk2 = sk.subarray(0, this._skSize);\n const pk = sk.subarray(this._skSize, this._skSize + this._pkSize);\n const hpk = sk.subarray(this._skSize + this._pkSize, this._skSize + this._pkSize + 32);\n const z = sk.subarray(this._skSize + this._pkSize + 32, this._skSize + this._pkSize + 64);\n const m2 = this._decap(ct, sk2);\n const [k2, r2] = g(m2, hpk);\n const kBar = kdf(z, ct);\n const ct2 = this._encap(pk, m2, r2);\n return constantTimeCompare(ct, ct2) === 1 ? k2 : kBar;\n }\n catch (e) {\n throw new MlKemError(e);\n }\n }\n /**\n * Sets up the MlKemBase instance by loading the necessary crypto library.\n * If the crypto library is already loaded, this method does nothing.\n * @returns {Promise<void>} A promise that resolves when the setup is complete.\n */\n async _setup() {\n if (this._api !== undefined) {\n return;\n }\n this._api = await loadCrypto();\n }\n /**\n * Returns a Uint8Array seed for cryptographic operations.\n * If no seed is provided, a random seed of length 32 bytes is generated.\n * If a seed is provided, it must be exactly 32 bytes in length.\n *\n * @param seed - Optional seed for cryptographic operations.\n * @returns A Uint8Array seed.\n * @throws Error if the provided seed is not 32 bytes in length.\n */\n _getSeed(seed) {\n if (seed == undefined) {\n const s = new Uint8Array(32);\n this._api.getRandomValues(s);\n return s;\n }\n if (seed.byteLength !== 32) {\n throw new Error(\"seed must be 32 bytes in length\");\n }\n return seed;\n }\n /**\n * Derives a key pair from a given seed.\n *\n * @param seed - The seed used for key derivation.\n * @returns An array containing the public key and secret key.\n */\n _deriveKeyPair(seed) {\n const cpaSeed = seed.subarray(0, 32);\n const z = seed.subarray(32, 64);\n const [pk, skBody] = this._deriveCpaKeyPair(cpaSeed);\n const pkh = h(pk);\n const sk = new Uint8Array(this._skSize + this._pkSize + 64);\n sk.set(skBody, 0);\n sk.set(pk, this._skSize);\n sk.set(pkh, this._skSize + this._pkSize);\n sk.set(z, this._skSize + this._pkSize + 32);\n return [pk, sk];\n }\n // indcpaKeyGen generates public and private keys for the CPA-secure\n // public-key encryption scheme underlying ML-KEM.\n /**\n * Derives a CPA key pair using the provided CPA seed.\n *\n * @param cpaSeed - The CPA seed used for key derivation.\n * @returns An array containing the public key and private key.\n */\n _deriveCpaKeyPair(cpaSeed) {\n const [publicSeed, noiseSeed] = g(cpaSeed, new Uint8Array([this._k]));\n const a = this._sampleMatrix(publicSeed, false);\n const s = this._sampleNoise1(noiseSeed, 0, this._k);\n const e = this._sampleNoise1(noiseSeed, this._k, this._k);\n // perform number theoretic transform on secret s\n for (let i = 0; i < this._k; i++) {\n s[i] = ntt(s[i]);\n s[i] = reduce(s[i]);\n e[i] = ntt(e[i]);\n }\n // KEY COMPUTATION\n // pk = A*s + e\n const pk = new Array(this._k);\n for (let i = 0; i < this._k; i++) {\n pk[i] = polyToMont(multiply(a[i], s));\n pk[i] = add(pk[i], e[i]);\n pk[i] = reduce(pk[i]);\n }\n // PUBLIC KEY\n // turn polynomials into byte arrays\n const pubKey = new Uint8Array(this._pkSize);\n for (let i = 0; i < this._k; i++) {\n pubKey.set(polyToBytes(pk[i]), i * 384);\n }\n // append public seed\n pubKey.set(publicSeed, this._skSize);\n // PRIVATE KEY\n // turn polynomials into byte arrays\n const privKey = new Uint8Array(this._skSize);\n for (let i = 0; i < this._k; i++) {\n privKey.set(polyToBytes(s[i]), i * 384);\n }\n return [pubKey, privKey];\n }\n // _encap is the encapsulation function of the CPA-secure\n // public-key encryption scheme underlying ML-KEM.\n /**\n * Encapsulates a message using the ML-KEM encryption scheme.\n *\n * @param pk - The public key.\n * @param msg - The message to be encapsulated.\n * @param seed - The seed used for generating random values.\n * @returns The encapsulated message as a Uint8Array.\n */\n _encap(pk, msg, seed) {\n const tHat = new Array(this._k);\n const pkCheck = new Uint8Array(384 * this._k); // to validate the pk modulo (see input validation at NIST draft 6.2)\n for (let i = 0; i < this._k; i++) {\n tHat[i] = polyFromBytes(pk.subarray(i * 384, (i + 1) * 384));\n pkCheck.set(polyToBytes(tHat[i]), i * 384);\n }\n if (!equalUint8Array(pk.subarray(0, pkCheck.length), pkCheck)) {\n throw new Error(\"invalid encapsulation key\");\n }\n const rho = pk.subarray(this._skSize);\n const a = this._sampleMatrix(rho, true);\n const r = this._sampleNoise1(seed, 0, this._k);\n const e1 = this._sampleNoise2(seed, this._k, this._k);\n const e2 = this._sampleNoise2(seed, this._k * 2, 1)[0];\n // perform number theoretic transform on random vector r\n for (let i = 0; i < this._k; i++) {\n r[i] = ntt(r[i]);\n r[i] = reduce(r[i]);\n }\n // u = A*r + e1\n const u = new Array(this._k);\n for (let i = 0; i < this._k; i++) {\n u[i] = multiply(a[i], r);\n u[i] = nttInverse(u[i]);\n u[i] = add(u[i], e1[i]);\n u[i] = reduce(u[i]);\n }\n // v = tHat*r + e2 + m\n const m = polyFromMsg(msg);\n let v = multiply(tHat, r);\n v = nttInverse(v);\n v = add(v, e2);\n v = add(v, m);\n v = reduce(v);\n // compress\n const ret = new Uint8Array(this._compressedUSize + this._compressedVSize);\n this._compressU(ret.subarray(0, this._compressedUSize), u);\n this._compressV(ret.subarray(this._compressedUSize), v);\n return ret;\n }\n // indcpaDecrypt is the decryption function of the CPA-secure\n // public-key encryption scheme underlying ML-KEM.\n /**\n * Decapsulates the ciphertext using the provided secret key.\n *\n * @param ct - The ciphertext to be decapsulated.\n * @param sk - The secret key used for decapsulation.\n * @returns The decapsulated message as a Uint8Array.\n */\n _decap(ct, sk) {\n // extract ciphertext\n const u = this._decompressU(ct.subarray(0, this._compressedUSize));\n const v = this._decompressV(ct.subarray(this._compressedUSize));\n const privateKeyPolyvec = this._polyvecFromBytes(sk);\n for (let i = 0; i < this._k; i++) {\n u[i] = ntt(u[i]);\n }\n let mp = multiply(privateKeyPolyvec, u);\n mp = nttInverse(mp);\n mp = subtract(v, mp);\n mp = reduce(mp);\n return polyToMsg(mp);\n }\n // generateMatrixA deterministically generates a matrix `A` (or the transpose of `A`)\n // from a seed. Entries of the matrix are polynomials that look uniformly random.\n // Performs rejection sampling on the output of an extendable-output function (XOF).\n /**\n * Generates a sample matrix based on the provided seed and transposition flag.\n *\n * @param seed - The seed used for generating the matrix.\n * @param transposed - A flag indicating whether the matrix should be transposed or not.\n * @returns The generated sample matrix.\n */\n _sampleMatrix(seed, transposed) {\n const a = new Array(this._k);\n const transpose = new Uint8Array(2);\n for (let ctr = 0, i = 0; i < this._k; i++) {\n a[i] = new Array(this._k);\n for (let j = 0; j < this._k; j++) {\n // set if transposed matrix or not\n if (transposed) {\n transpose[0] = i;\n transpose[1] = j;\n }\n else {\n transpose[0] = j;\n transpose[1] = i;\n }\n const output = xof(seed, transpose);\n // run rejection sampling on the output from above\n const result = indcpaRejUniform(output.subarray(0, 504), 504, N);\n a[i][j] = result[0]; // the result here is an NTT-representation\n ctr = result[1]; // keeps track of index of output array from sampling function\n while (ctr < N) { // if the polynomial hasnt been filled yet with mod q entries\n const outputn = output.subarray(504, 672); // take last 168 bytes of byte array from xof\n const result1 = indcpaRejUniform(outputn, 168, N - ctr); // run sampling function again\n const missing = result1[0]; // here is additional mod q polynomial coefficients\n const ctrn = result1[1]; // how many coefficients were accepted and are in the output\n // starting at last position of output array from first sampling function until 256 is reached\n for (let k = ctr; k < N; k++) {\n a[i][j][k] = missing[k - ctr]; // fill rest of array with the additional coefficients until full\n }\n ctr = ctr + ctrn; // update index\n }\n }\n }\n return a;\n }\n /**\n * Generates a 2D array of noise samples.\n *\n * @param sigma - The noise parameter.\n * @param offset - The offset value.\n * @param size - The size of the array.\n * @returns The generated 2D array of noise samples.\n */\n _sampleNoise1(sigma, offset, size) {\n const r = new Array(size);\n for (let i = 0; i < size; i++) {\n r[i] = byteopsCbd(prf(this._eta1 * N / 4, sigma, offset), this._eta1);\n offset++;\n }\n return r;\n }\n /**\n * Generates a 2-dimensional array of noise samples.\n *\n * @param sigma - The noise parameter.\n * @param offset - The offset value.\n * @param size - The size of the array.\n * @returns The generated 2-dimensional array of noise samples.\n */\n _sampleNoise2(sigma, offset, size) {\n const r = new Array(size);\n for (let i = 0; i < size; i++) {\n r[i] = byteopsCbd(prf(this._eta2 * N / 4, sigma, offset), this._eta2);\n offset++;\n }\n return r;\n }\n // polyvecFromBytes deserializes a vector of polynomials.\n /**\n * Converts a Uint8Array to a 2D array of numbers representing a polynomial vector.\n * Each element in the resulting array represents a polynomial.\n * @param a The Uint8Array to convert.\n * @returns The 2D array of numbers representing the polynomial vector.\n */\n _polyvecFromBytes(a) {\n const r = new Array(this._k);\n for (let i = 0; i < this._k; i++) {\n r[i] = polyFromBytes(a.subarray(i * 384, (i + 1) * 384));\n }\n return r;\n }\n // compressU lossily compresses and serializes a vector of polynomials.\n /**\n * Compresses the given array of coefficients into a Uint8Array.\n *\n * @param r - The output Uint8Array.\n * @param u - The array of coefficients.\n * @returns The compressed Uint8Array.\n */\n _compressU(r, u) {\n const t = new Array(4);\n for (let rr = 0, i = 0; i < this._k; i++) {\n for (let j = 0; j < N / 4; j++) {\n for (let k = 0; k < 4; k++) {\n // parse {0,...,3328} to {0,...,1023}\n t[k] = (((u[i][4 * j + k] << 10) + Q / 2) / Q) &\n 0b1111111111;\n }\n // converts 4 12-bit coefficients {0,...,3328} to 5 8-bit bytes {0,...,255}\n // 48 bits down to 40 bits per block\n r[rr++] = byte(t[0] >> 0);\n r[rr++] = byte((t[0] >> 8) | (t[1] << 2));\n r[rr++] = byte((t[1] >> 6) | (t[2] << 4));\n r[rr++] = byte((t[2] >> 4) | (t[3] << 6));\n r[rr++] = byte(t[3] >> 2);\n }\n }\n return r;\n }\n // compressV lossily compresses and subsequently serializes a polynomial.\n /**\n * Compresses the given array of numbers into a Uint8Array.\n *\n * @param r - The Uint8Array to store the compressed values.\n * @param v - The array of numbers to compress.\n * @returns The compressed Uint8Array.\n */\n _compressV(r, v) {\n // const r = new Uint8Array(128);\n const t = new Uint8Array(8);\n for (let rr = 0, i = 0; i < N / 8; i++) {\n for (let j = 0; j < 8; j++) {\n t[j] = byte(((v[8 * i + j] << 4) + Q / 2) / Q) & 0b1111;\n }\n r[rr++] = t[0] | (t[1] << 4);\n r[rr++] = t[2] | (t[3] << 4);\n r[rr++] = t[4] | (t[5] << 4);\n r[rr++] = t[6] | (t[7] << 4);\n }\n return r;\n }\n // decompressU de-serializes and decompresses a vector of polynomials and\n // represents the approximate inverse of compress1. Since compression is lossy,\n // the results of decompression will may not match the original vector of polynomials.\n /**\n * Decompresses a Uint8Array into a two-dimensional array of numbers.\n *\n * @param a The Uint8Array to decompress.\n * @returns The decompressed two-dimensional array.\n */\n _decompressU(a) {\n const r = new Array(this._k);\n for (let i = 0; i < this._k; i++) {\n r[i] = new Array(384);\n }\n const t = new Array(4);\n for (let aa = 0, i = 0; i < this._k; i++) {\n for (let j = 0; j < N / 4; j++) {\n t[0] = (uint16(a[aa + 0]) >> 0) | (uint16(a[aa + 1]) << 8);\n t[1] = (uint16(a[aa + 1]) >> 2) | (uint16(a[aa + 2]) << 6);\n t[2] = (uint16(a[aa + 2]) >> 4) | (uint16(a[aa + 3]) << 4);\n t[3] = (uint16(a[aa + 3]) >> 6) | (uint16(a[aa + 4]) << 2);\n aa = aa + 5;\n for (let k = 0; k < 4; k++) {\n r[i][4 * j + k] = int16((((uint32(t[k] & 0x3FF)) * (uint32(Q))) + 512) >> 10);\n }\n }\n }\n return r;\n }\n // decompressV de-serializes and subsequently decompresses a polynomial,\n // representing the approximate inverse of compress2.\n // Note that compression is lossy, and thus decompression will not match the\n // original input.\n /**\n * Decompresses a Uint8Array into an array of numbers.\n *\n * @param a - The Uint8Array to decompress.\n * @returns An array of numbers.\n */\n _decompressV(a) {\n const r = new Array(384);\n for (let aa = 0, i = 0; i < N / 2; i++, aa++) {\n r[2 * i + 0] = int16(((uint16(a[aa] & 15) * uint16(Q)) + 8) >> 4);\n r[2 * i + 1] = int16(((uint16(a[aa] >> 4) * uint16(Q)) + 8) >> 4);\n }\n return r;\n }\n}\n/**\n * Computes the hash of the input array `a` and an optional input array `b`.\n * Returns an array containing two Uint8Arrays, representing the first 32 bytes and the next 32 bytes of the hash digest.\n * @param a - The input array to be hashed.\n * @param b - An optional input array to be hashed along with `a`.\n * @returns An array containing two Uint8Arrays representing the hash digest.\n */\nfunction g(a, b) {\n const hash = sha3_512.create().update(a);\n if (b !== undefined) {\n hash.update(b);\n }\n const res = hash.digest();\n return [res.subarray(0, 32), res.subarray(32, 64)];\n}\n/**\n * Computes the SHA3-256 hash of the given message.\n *\n * @param msg - The input message as a Uint8Array.\n * @returns The computed hash as a Uint8Array.\n */\nfunction h(msg) {\n return sha3_256.create().update(msg).digest();\n}\n/**\n * Key Derivation Function (KDF) that takes an input array `a` and an optional input array `b`.\n * It uses the SHAKE256 hash function to derive a 32-byte output.\n *\n * @param a - The input array.\n * @param b - The optional input array.\n * @returns The derived key as a Uint8Array.\n */\nfunction kdf(a, b) {\n const hash = shake256.create({ dkLen: 32 }).update(a);\n if (b !== undefined) {\n hash.update(b);\n }\n return hash.digest();\n}\n/**\n * Computes the extendable-output function (XOF) using the SHAKE128 algorithm.\n *\n * @param seed - The seed value for the XOF.\n * @param transpose - The transpose value for the XOF.\n * @returns The computed XOF value as a Uint8Array.\n */\nfunction xof(seed, transpose) {\n return shake128.create({ dkLen: 672 }).update(seed).update(transpose)\n .digest();\n}\n// polyToBytes serializes a polynomial into an array of bytes.\n/**\n * Converts a polynomial represented by an array of numbers to a Uint8Array.\n * Each coefficient of the polynomial is reduced modulo q.\n *\n * @param a - The array representing the polynomial.\n * @returns The Uint8Array representation of the polynomial.\n */\nfunction polyToBytes(a) {\n let t0 = 0;\n let t1 = 0;\n const r = new Uint8Array(384);\n const a2 = subtractQ(a); // Returns: a - q if a >= q, else a (each coefficient of the polynomial)\n // for 0-127\n for (let i = 0; i < N / 2; i++) {\n // get two coefficient entries in the polynomial\n t0 = uint16(a2[2 * i]);\n t1 = uint16(a2[2 * i + 1]);\n // convert the 2 coefficient into 3 bytes\n r[3 * i + 0] = byte(t0 >> 0); // byte() does mod 256 of the input (output value 0-255)\n r[3 * i + 1] = byte(t0 >> 8) | byte(t1 << 4);\n r[3 * i + 2] = byte(t1 >> 4);\n }\n return r;\n}\n// polyFromBytes de-serialises an array of bytes into a polynomial,\n// and represents the inverse of polyToBytes.\n/**\n * Converts a Uint8Array to an array of numbers representing a polynomial.\n * Each element in the array represents a coefficient of the polynomial.\n * The input array `a` should have a length of 384.\n * The function performs bitwise operations to extract the coefficients from the input array.\n * @param a The Uint8Array to convert to a polynomial.\n * @returns An array of numbers representing the polynomial.\n */\nfunction polyFromBytes(a) {\n const r = new Array(384).fill(0);\n for (let i = 0; i < N / 2; i++) {\n r[2 * i] = int16(((uint16(a[3 * i + 0]) >> 0) | (uint16(a[3 * i + 1]) << 8)) & 0xFFF);\n r[2 * i + 1] = int16(((uint16(a[3 * i + 1]) >> 4) | (uint16(a[3 * i + 2]) << 4)) & 0xFFF);\n }\n return r;\n}\n// polyToMsg converts a polynomial to a 32-byte message\n// and represents the inverse of polyFromMsg.\n/**\n * Converts a polynomial to a message represented as a Uint8Array.\n * @param a - The polynomial to convert.\n * @returns The message as a Uint8Array.\n */\nfunction polyToMsg(a) {\n const msg = new Uint8Array(32);\n let t;\n const a2 = subtractQ(a);\n for (let i = 0; i < N / 8; i++) {\n msg[i] = 0;\n for (let j = 0; j < 8; j++) {\n t = (((uint16(a2[8 * i + j]) << 1) + uint16(Q / 2)) /\n uint16(Q)) & 1;\n msg[i] |= byte(t << j);\n }\n }\n return msg;\n}\n// polyFromMsg converts a 32-byte message to a polynomial.\n/**\n * Converts a Uint8Array message to an array of numbers representing a polynomial.\n * Each element in the array is an int16 (0-65535).\n *\n * @param msg - The Uint8Array message to convert.\n * @returns An array of numbers representing the polynomial.\n */\nfunction polyFromMsg(msg) {\n const r = new Array(384).fill(0); // each element is int16 (0-65535)\n let mask; // int16\n for (let i = 0; i < N / 8; i++) {\n for (let j = 0; j < 8; j++) {\n mask = -1 * int16((msg[i] >> j) & 1);\n r[8 * i + j] = mask & int16((Q + 1) / 2);\n }\n }\n return r;\n}\n// indcpaRejUniform runs rejection sampling on uniform random bytes\n// to generate uniform random integers modulo `Q`.\n/**\n * Generates an array of random numbers from a given buffer, rejecting values greater than a specified threshold.\n *\n * @param buf - The input buffer containing random bytes.\n * @param bufl - The length of the input buffer.\n * @param len - The desired length of the output array.\n * @returns An array of random numbers and the actual length of the output array.\n */\nfunction indcpaRejUniform(buf, bufl, len) {\n const r = new Array(384).fill(0);\n let ctr = 0;\n let val0, val1; // d1, d2 in kyber documentation\n for (let pos = 0; ctr < len && pos + 3 <= bufl;) {\n // compute d1 and d2\n val0 = (uint16((buf[pos]) >> 0) | (uint16(buf[pos + 1]) << 8)) & 0xFFF;\n val1 = (uint16((buf[pos + 1]) >> 4) | (uint16(buf[pos + 2]) << 4)) & 0xFFF;\n // increment input buffer index by 3\n pos = pos + 3;\n // if d1 is less than 3329\n if (val0 < Q) {\n // assign to d1\n r[ctr] = val0;\n // increment position of output array\n ctr = ctr + 1;\n }\n if (ctr < len && val1 < Q) {\n r[ctr] = val1;\n ctr = ctr + 1;\n }\n }\n return [r, ctr];\n}\n// byteopsCbd computes a polynomial with coefficients distributed\n// according to a centered binomial distribution with parameter PARAMS_ETA,\n// given an array of uniformly random bytes.\n/**\n * Converts a Uint8Array buffer to an array of numbers using the CBD operation.\n * @param buf - The input Uint8Array buffer.\n * @param eta - The value used in the CBD operation.\n * @returns An array of numbers obtained from the CBD operation.\n */\nfunction byteopsCbd(buf, eta) {\n let t, d;\n let a, b;\n const r = new Array(384).fill(0);\n for (let i = 0; i < N / 8; i++) {\n t = byteopsLoad32(buf.subarray(4 * i, buf.length));\n d = t & 0x55555555;\n d = d + ((t >> 1) & 0x55555555);\n for (let j = 0; j < 8; j++) {\n a = int16((d >> (4 * j + 0)) & 0x3);\n b = int16((d >> (4 * j + eta)) & 0x3);\n r[8 * i + j] = a - b;\n }\n }\n return r;\n}\n// ntt performs an inplace number-theoretic transform (NTT) in `Rq`.\n// The input is in standard order, the output is in bit-reversed order.\n/**\n * Performs the Number Theoretic Transform (NTT) on an array of numbers.\n *\n * @param r - The input array of numbers.\n * @returns The transformed array of numbers.\n */\nfunction ntt(r) {\n // 128, 64, 32, 16, 8, 4, 2\n for (let j = 0, k = 1, l = 128; l >= 2; l >>= 1) {\n // 0,\n for (let start = 0; start < 256; start = j + l) {\n const zeta = NTT_ZETAS[k];\n k = k + 1;\n // for each element in the subsections (128, 64, 32, 16, 8, 4, 2) starting at an offset\n for (j = start; j < start + l; j++) {\n // compute the modular multiplication of the zeta and each element in the subsection\n const t = nttFqMul(zeta, r[j + l]); // t is mod q\n // overwrite each element in the subsection as the opposite subsection element minus t\n r[j + l] = r[j] - t;\n // add t back again to the opposite subsection\n r[j] = r[j] + t;\n }\n }\n }\n return r;\n}\n// nttFqMul performs multiplication followed by Montgomery reduction\n// and returns a 16-bit integer congruent to `a*b*R^{-1} mod Q`.\n/**\n * Performs an NTT (Number Theoretic Transform) multiplication on two numbers in Fq.\n * @param a The first number.\n * @param b The second number.\n * @returns The result of the NTT multiplication.\n */\nfunction nttFqMul(a, b) {\n return byteopsMontgomeryReduce(a * b);\n}\n// reduce applies Barrett reduction to all coefficients of a polynomial.\n/**\n * Reduces each element in the given array using the barrett function.\n *\n * @param r - The array to be reduced.\n * @returns The reduced array.\n */\nfunction reduce(r) {\n for (let i = 0; i < N; i++) {\n r[i] = barrett(r[i]);\n }\n return r;\n}\n// barrett computes a Barrett reduction; given\n// a integer `a`, returns a integer congruent to\n// `a mod Q` in {0,...,Q}.\n/**\n * Performs the Barrett reduction algorithm on the given number.\n *\n * @param a - The number to be reduced.\n * @returns The result of the reduction.\n */\nfunction barrett(a) {\n const v = ((1 << 24) + Q / 2) / Q;\n let t = v * a >> 24;\n t = t * Q;\n return a - t;\n}\n// byteopsMontgomeryReduce computes a Montgomery reduction; given\n// a 32-bit integer `a`, returns `a * R^-1 mod Q` where `R=2^16`.\n/**\n * Performs Montgomery reduction on a given number.\n * @param a - The number to be reduced.\n * @returns The reduced number.\n */\nfunction byteopsMontgomeryReduce(a) {\n const u = int16(int32(a) * Q_INV);\n let t = u * Q;\n t = a - t;\n t >>= 16;\n return int16(t);\n}\n// polyToMont performs the in-place conversion of all coefficients\n// of a polynomial from the normal domain to the Montgomery domain.\n/**\n * Converts a polynomial to the Montgomery domain.\n *\n * @param r - The polynomial to be converted.\n * @returns The polynomial in the Montgomery domain.\n */\nfunction polyToMont(r) {\n // let f = int16(((uint64(1) << 32)) % uint64(Q));\n const f = 1353; // if Q changes then this needs to be updated\n for (let i = 0; i < N; i++) {\n r[i] = byteopsMontgomeryReduce(int32(r[i]) * int32(f));\n }\n return r;\n}\n// pointwise-multiplies elements of polynomial-vectors\n// `a` and `b`, accumulates the results into `r`, and then multiplies by `2^-16`.\n/**\n * Multiplies two matrices element-wise and returns the result.\n * @param a - The first matrix.\n * @param b - The second matrix.\n * @returns The resulting matrix after element-wise multiplication.\n */\nfunction multiply(a, b) {\n let r = polyBaseMulMontgomery(a[0], b[0]);\n let t;\n for (let i = 1; i < a.length; i++) {\n t = polyBaseMulMontgomery(a[i], b[i]);\n r = add(r, t);\n }\n return reduce(r);\n}\n// polyBaseMulMontgomery performs the multiplication of two polynomials\n// in the number-theoretic transform (NTT) domain.\n/**\n * Performs polynomial base multiplication in Montgomery domain.\n * @param a - The first polynomial array.\n * @param b - The second polynomial array.\n * @returns The result of the polynomial base multiplication.\n */\nfunction polyBaseMulMontgomery(a, b) {\n let rx, ry;\n for (let i = 0; i < N / 4; i++) {\n rx = nttBaseMul(a[4 * i + 0], a[4 * i + 1], b[4 * i + 0], b[4 * i + 1], NTT_ZETAS[64 + i]);\n ry = nttBaseMul(a[4 * i + 2], a[4 * i + 3], b[4 * i + 2], b[4 * i + 3], -NTT_ZETAS[64 + i]);\n a[4 * i + 0] = rx[0];\n a[4 * i + 1] = rx[1];\n a[4 * i + 2] = ry[0];\n a[4 * i + 3] = ry[1];\n }\n return a;\n}\n// nttBaseMul performs the multiplication of polynomials\n// in `Zq[X]/(X^2-zeta)`. Used for multiplication of elements\n// in `Rq` in the number-theoretic transformation domain.\n/**\n * Performs NTT base multiplication.\n *\n * @param a0 - The first coefficient of the first polynomial.\n * @param a1 - The second coefficient of the first polynomial.\n * @param b0 - The first coefficient of the second polynomial.\n * @param b1 - The second coefficient of the second polynomial.\n * @param zeta - The zeta value used in the multiplication.\n * @returns An array containing the result of the multiplication.\n */\nfunction nttBaseMul(a0, a1, b0, b1, zeta) {\n const r = new Array(2);\n r[0] = nttFqMul(a1, b1);\n r[0] = nttFqMul(r[0], zeta);\n r[0] += nttFqMul(a0, b0);\n r[1] = nttFqMul(a0, b1);\n r[1] += nttFqMul(a1, b0);\n return r;\n}\n// adds two polynomials.\n/**\n * Adds two arrays element-wise.\n * @param a - The first array.\n * @param b - The second array.\n * @returns The resulting array after element-wise addition.\n */\nfunction add(a, b) {\n const c = new Array(384);\n for (let i = 0; i < N; i++) {\n c[i] = a[i] + b[i];\n }\n return c;\n}\n// subtracts two polynomials.\n/**\n * Subtracts the elements of array b from array a.\n *\n * @param a - The array from which to subtract.\n * @param b - The array to subtract.\n * @returns The resulting array after subtraction.\n */\nfunction subtract(a, b) {\n for (let i = 0; i < N; i++) {\n a[i] -= b[i];\n }\n return a;\n}\n// nttInverse performs an inplace inverse number-theoretic transform (NTT)\n// in `Rq` and multiplication by Montgomery factor 2^16.\n// The input is in bit-reversed order, the output is in standard order.\n/**\n * Performs the inverse Number Theoretic Transform (NTT) on the given array.\n *\n * @param r - The input array to perform the inverse NTT on.\n * @returns The array after performing the inverse NTT.\n */\nfunction nttInverse(r) {\n let j = 0;\n for (let k = 0, l = 2; l <= 128; l <<= 1) {\n for (let start = 0; start < 256; start = j + l) {\n const zeta = NTT_ZETAS_INV[k];\n k = k + 1;\n for (j = start; j < start + l; j++) {\n const t = r[j];\n r[j] = barrett(t + r[j + l]);\n r[j + l] = t - r[j + l];\n r[j + l] = nttFqMul(zeta, r[j + l]);\n }\n }\n }\n for (j = 0; j < 256; j++) {\n r[j] = nttFqMul(r[j], NTT_ZETAS_INV[127]);\n }\n return r;\n}\n// subtractQ applies the conditional subtraction of q to each coefficient of a polynomial.\n// if a is 3329 then convert to 0\n// Returns: a - q if a >= q, else a\n/**\n * Subtracts the value of Q from each element in the given array.\n * The result should be a negative integer for each element.\n * If the leftmost bit is 0 (positive number), the value of Q is added back.\n *\n * @param r - The array to subtract Q from.\n * @returns The resulting array after the subtraction.\n */\nfunction subtractQ(r) {\n for (let i = 0; i < N; i++) {\n r[i] -= Q; // should result in a negative integer\n // push left most signed bit to right most position\n // javascript does bitwise operations in signed 32 bit\n // add q back again if left most bit was 0 (positive number)\n r[i] += (r[i] >> 31) & Q;\n }\n return r;\n}\n","/**\n * This implementation is based on https://github.com/antontutoveanu/crystals-kyber-javascript,\n * which was deveploped under the MIT licence below:\n * https://github.com/antontutoveanu/crystals-kyber-javascript/blob/main/LICENSE\n */\nimport { N } from \"./consts.js\";\nimport { MlKemBase } from \"./mlKemBase.js\";\nimport { byteopsLoad24, int16, prf } from \"./utils.js\";\n/**\n * Represents the MlKem512 class.\n *\n * This class extends the MlKemBase class and provides specific implementation for MlKem512.\n *\n * @remarks\n *\n * MlKem512 is a specific implementation of the ML-KEM key encapsulation mechanism.\n *\n * @example\n *\n * ```ts\n * // Using jsr:\n * import { MlKem512 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem512 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const recipient = new MlKem512();\n * const [pkR, skR] = await recipient.generateKeyPair();\n *\n * const sender = new MlKem512();\n * const [ct, ssS] = await sender.encap(pkR);\n *\n * const ssR = await recipient.decap(ct, skR);\n * // ssS === ssR\n * ```\n */\nexport class MlKem512 extends MlKemBase {\n /**\n * Constructs a new instance of the MlKem512 class.\n */\n constructor() {\n super();\n Object.defineProperty(this, \"_k\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 2\n });\n Object.defineProperty(this, \"_du\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 10\n });\n Object.defineProperty(this, \"_dv\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 4\n });\n Object.defineProperty(this, \"_eta1\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 3\n });\n Object.defineProperty(this, \"_eta2\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 2\n });\n this._skSize = 12 * this._k * N / 8;\n this._pkSize = this._skSize + 32;\n this._compressedUSize = this._k * this._du * N / 8;\n this._compressedVSize = this._dv * N / 8;\n }\n /**\n * Samples a vector of polynomials from a seed.\n * @internal\n * @param sigma - The seed.\n * @param offset - The offset.\n * @param size - The size.\n * @returns The sampled vector of polynomials.\n */\n _sampleNoise1(sigma, offset, size) {\n const r = new Array(size);\n for (let i = 0; i < size; i++) {\n r[i] = byteopsCbd(prf(this._eta1 * N / 4, sigma, offset), this._eta1);\n offset++;\n }\n return r;\n }\n}\n/**\n * Performs the byte operations for the Cbd function.\n *\n * @param buf - The input buffer.\n * @param eta - The value of eta.\n * @returns An array of numbers representing the result of the byte operations.\n */\nfunction byteopsCbd(buf, eta) {\n let t, d;\n let a, b;\n const r = new Array(384).fill(0);\n for (let i = 0; i < N / 4; i++) {\n t = byteopsLoad24(buf.subarray(3 * i, buf.length));\n d = t & 0x00249249;\n d = d + ((t >> 1) & 0x00249249);\n d = d + ((t >> 2) & 0x00249249);\n for (let j = 0; j < 4; j++) {\n a = int16((d >> (6 * j + 0)) & 0x7);\n b = int16((d >> (6 * j + eta)) & 0x7);\n r[4 * i + j] = a - b;\n }\n }\n return r;\n}\n","/**\n * This implementation is based on https://github.com/antontutoveanu/crystals-kyber-javascript,\n * which was deveploped under the MIT licence below:\n * https://github.com/antontutoveanu/crystals-kyber-javascript/blob/main/LICENSE\n */\nimport { N } from \"./consts.js\";\nimport { MlKemBase } from \"./mlKemBase.js\";\n/**\n * Represents the MlKem768 class, which extends the MlKemBase class.\n *\n * This class extends the MlKemBase class and provides specific implementation for MlKem768.\n *\n * @remarks\n *\n * MlKem768 is a specific implementation of the ML-KEM key encapsulation mechanism.\n *\n * @example\n *\n * ```ts\n * // Using jsr:\n * import { MlKem768 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem768 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const recipient = new MlKem768();\n * const [pkR, skR] = await recipient.generateKeyPair();\n *\n * const sender = new MlKem768();\n * const [ct, ssS] = await sender.encap(pkR);\n *\n * const ssR = await recipient.decap(ct, skR);\n * // ssS === ssR\n * ```\n */\nexport class MlKem768 extends MlKemBase {\n constructor() {\n super();\n Object.defineProperty(this, \"_k\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 3\n });\n Object.defineProperty(this, \"_du\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 10\n });\n Object.defineProperty(this, \"_dv\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 4\n });\n Object.defineProperty(this, \"_eta1\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 2\n });\n Object.defineProperty(this, \"_eta2\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 2\n });\n this._skSize = 12 * this._k * N / 8;\n this._pkSize = this._skSize + 32;\n this._compressedUSize = this._k * this._du * N / 8;\n this._compressedVSize = this._dv * N / 8;\n }\n}\n","/**\n * This implementation is based on https://github.com/antontutoveanu/crystals-kyber-javascript,\n * which was deveploped under the MIT licence below:\n * https://github.com/antontutoveanu/crystals-kyber-javascript/blob/main/LICENSE\n */\nimport { N, Q } from \"./consts.js\";\nimport { MlKemBase } from \"./mlKemBase.js\";\nimport { byte, int16, uint16, uint32 } from \"./utils.js\";\n/**\n * Represents the MlKem1024 class, which extends the MlKemBase class.\n *\n * This class extends the MlKemBase class and provides specific implementation for MlKem1024.\n *\n * @remarks\n *\n * MlKem1024 is a specific implementation of the ML-KEM key encapsulation mechanism.\n *\n * @example\n *\n * ```ts\n * // Using jsr:\n * import { MlKem1024 } from \"@dajiaji/mlkem\";\n * // Using npm:\n * // import { MlKem1024 } from \"mlkem\"; // or \"crystals-kyber-js\"\n *\n * const recipient = new MlKem1024();\n * const [pkR, skR] = await recipient.generateKeyPair();\n *\n * const sender = new MlKem1024();\n * const [ct, ssS] = await sender.encap(pkR);\n *\n * const ssR = await recipient.decap(ct, skR);\n * // ssS === ssR\n * ```\n */\nexport class MlKem1024 extends MlKemBase {\n /**\n * Constructs a new instance of the MlKem1024 class.\n */\n constructor() {\n super();\n Object.defineProperty(this, \"_k\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 4\n });\n Object.defineProperty(this, \"_du\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 11\n });\n Object.defineProperty(this, \"_dv\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 5\n });\n Object.defineProperty(this, \"_eta1\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 2\n });\n Object.defineProperty(this, \"_eta2\", {\n enumerable: true,\n configurable: true,\n writable: true,\n value: 2\n });\n this._skSize = 12 * this._k * N / 8;\n this._pkSize = this._skSize + 32;\n this._compressedUSize = this._k * this._du * N / 8;\n this._compressedVSize = this._dv * N / 8;\n }\n // compressU lossily compresses and serializes a vector of polynomials.\n /**\n * Lossily compresses and serializes a vector of polynomials.\n *\n * @param u - The vector of polynomials to compress.\n * @returns The compressed and serialized data as a Uint8Array.\n */\n _compressU(r, u) {\n const t = new Array(8);\n for (let rr = 0, i = 0; i < this._k; i++) {\n for (let j = 0; j < N / 8; j++) {\n for (let k = 0; k < 8; k++) {\n t[k] = uint16((((uint32(u[i][8 * j + k]) << 11) + uint32(Q / 2)) /\n uint32(Q)) & 0x7ff);\n }\n r[rr++] = byte(t[0] >> 0);\n r[rr++] = byte((t[0] >> 8) | (t[1] << 3));\n r[rr++] = byte((t[1] >> 5) | (t[2] << 6));\n r[rr++] = byte(t[2] >> 2);\n r[rr++] = byte((t[2] >> 10) | (t[3] << 1));\n r[rr++] = byte((t[3] >> 7) | (t[4] << 4));\n r[rr++] = byte((t[4] >> 4) | (t[5] << 7));\n r[rr++] = byte(t[5] >> 1);\n r[rr++] = byte((t[5] >> 9) | (t[6] << 2));\n r[rr++] = byte((t[6] >> 6) | (t[7] << 5));\n r[rr++] = byte(t[7] >> 3);\n }\n }\n return r;\n }\n // compressV lossily compresses and subsequently serializes a polynomial.\n /**\n * Lossily compresses and serializes a polynomial.\n *\n * @param r - The output buffer to store the compressed data.\n * @param v - The polynomial to compress.\n * @returns The compressed and serialized data as a Uint8Array.\n */\n _compressV(r, v) {\n const t = new Uint8Array(8);\n for (let rr = 0, i = 0; i < N / 8; i++) {\n for (let j = 0; j < 8; j++) {\n t[j] = byte(((uint32(v[8 * i + j]) << 5) + uint32(Q / 2)) / uint32(Q)) & 31;\n }\n r[rr++] = byte((t[0] >> 0) | (t[1] << 5));\n r[rr++] = byte((t[1] >> 3) | (t[2] << 2) | (t[3] << 7));\n r[rr++] = byte((t[3] >> 1) | (t[4] << 4));\n r[rr++] = byte((t[4] >> 4) | (t[5] << 1) | (t[6] << 6));\n r[rr++] = byte((t[6] >> 2) | (t[7] << 3));\n }\n return r;\n }\n // decompressU de-serializes and decompresses a vector of polynomials and\n // represents the approximate inverse of compress1. Since compression is lossy,\n // the results of decompression will may not match the original vector of polynomials.\n /**\n * Deserializes and decompresses a vector of polynomials.\n * This is the approximate inverse of the `_compressU` method.\n * Since compression is lossy, the decompressed data may not match the original vector of polynomials.\n *\n * @param a - The compressed and serialized data as a Uint8Array.\n * @returns The decompressed vector of polynomials.\n */\n _decompressU(a) {\n const r = new Array(this._k);\n for (let i = 0; i < this._k; i++) {\n r[i] = new Array(384);\n }\n const t = new Array(8);\n for (let aa = 0, i = 0; i < this._k; i++) {\n for (let j = 0; j < N / 8; j++) {\n t[0] = (uint16(a[aa + 0]) >> 0) | (uint16(a[aa + 1]) << 8);\n t[1] = (uint16(a[aa + 1]) >> 3) | (uint16(a[aa + 2]) << 5);\n t[2] = (uint16(a[aa + 2]) >> 6) | (uint16(a[aa + 3]) << 2) |\n (uint16(a[aa + 4]) << 10);\n t[3] = (uint16(a[aa + 4]) >> 1) | (uint16(a[aa + 5]) << 7);\n t[4] = (uint16(a[aa + 5]) >> 4) | (uint16(a[aa + 6]) << 4);\n t[5] = (uint16(a[aa + 6]) >> 7) | (uint16(a[aa + 7]) << 1) |\n (uint16(a[aa + 8]) << 9);\n t[6] = (uint16(a[aa + 8]) >> 2) | (uint16(a[aa + 9]) << 6);\n t[7] = (uint16(a[aa + 9]) >> 5) | (uint16(a[aa + 10]) << 3);\n aa = aa + 11;\n for (let k = 0; k < 8; k++) {\n r[i][8 * j + k] = (uint32(t[k] & 0x7FF) * Q + 1024) >> 11;\n }\n }\n }\n return r;\n }\n // decompressV de-serializes and subsequently decompresses a polynomial,\n // representing the approximate inverse of compress2.\n // Note that compression is lossy, and thus decompression will not match the\n // original input.\n /**\n * Decompresses a given polynomial, representing the approximate inverse of\n * compress2, in Uint8Array into an array of numbers.\n *\n * Note that compression is lossy, and thus decompression will not match the\n * original input.\n *\n * @param a - The Uint8Array to decompress.\n * @returns An array of numbers obtained from the decompression process.\n */\n _decompressV(a) {\n const r = new Array(384);\n const t = new Array(8);\n for (let aa = 0, i = 0; i < N / 8; i++) {\n t[0] = a[aa + 0] >> 0;\n t[1] = (a[aa + 0] >> 5) | (a[aa + 1] << 3);\n t[2] = a[aa + 1] >> 2;\n t[3] = (a[aa + 1] >> 7) | (a[aa + 2] << 1);\n t[4] = (a[aa + 2] >> 4) | (a[aa + 3] << 4);\n t[5] = a[aa + 3] >> 1;\n t[6] = (a[aa + 3] >> 6) | (a[aa + 4] << 2);\n t[7] = a[aa + 4] >> 3;\n aa = aa + 5;\n for (let j = 0; j < 8; j++) {\n r[8 * i + j] = int16(((uint32(t[j] & 31) * uint32(Q)) + 16) >> 5);\n }\n }\n return r;\n }\n}\n","export { MlKemError } from \"./src/errors.js\";\nexport { MlKem512 } from \"./src/mlKem512.js\";\nexport { MlKem768 } from \"./src/mlKem768.js\";\nexport { MlKem1024 } from \"./src/mlKem1024.js\";\nexport { sha3_256, sha3_512, shake128, shake256 } from \"./src/sha3/sha3.js\";\n"],"names":[],"sourceRoot":""}