shogun-core 6.2.4 → 6.3.0

package/dist/browser/defaultVendors-node_modules_noble_curves_esm_ed448_js.shogun-core.js

@@ -2,285 +2,37 @@
 (this["webpackChunkShogunCore"] = this["webpackChunkShogunCore"] || []).push([["defaultVendors-node_modules_noble_curves_esm_ed448_js"],{
 
 /***/ "./node_modules/@noble/curves/esm/ed448.js":
-/*!*************************************************************!*\
-  !*** ./node_modules/@noble/curves/esm/ed448.js + 1 modules ***!
-  \*************************************************************/
+/*!*************************************************!*\
+  !*** ./node_modules/@noble/curves/esm/ed448.js ***!
+  \*************************************************/
 /***/ ((__unused_webpack___webpack_module__, __webpack_exports__, __webpack_require__) => {
 
-// ESM COMPAT FLAG
 __webpack_require__.r(__webpack_exports__);
-
-// EXPORTS
-__webpack_require__.d(__webpack_exports__, {
-  DecafPoint: () => (/* binding */ DecafPoint),
-  E448: () => (/* binding */ E448),
-  ED448_TORSION_SUBGROUP: () => (/* binding */ ED448_TORSION_SUBGROUP),
-  decaf448: () => (/* binding */ decaf448),
-  decaf448_hasher: () => (/* binding */ decaf448_hasher),
-  ed448: () => (/* binding */ ed448),
-  ed448_hasher: () => (/* binding */ ed448_hasher),
-  ed448ph: () => (/* binding */ ed448ph),
-  edwardsToMontgomery: () => (/* binding */ edwardsToMontgomery),
-  edwardsToMontgomeryPub: () => (/* binding */ edwardsToMontgomeryPub),
-  encodeToCurve: () => (/* binding */ encodeToCurve),
-  hashToCurve: () => (/* binding */ hashToCurve),
-  hashToDecaf448: () => (/* binding */ hashToDecaf448),
-  hash_to_decaf448: () => (/* binding */ hash_to_decaf448),
-  x448: () => (/* binding */ x448)
-});
-
-// EXTERNAL MODULE: ./node_modules/@noble/hashes/esm/_u64.js
-var _u64 = __webpack_require__("./node_modules/@noble/hashes/esm/_u64.js");
-// EXTERNAL MODULE: ./node_modules/@noble/hashes/esm/utils.js + 1 modules
-var utils = __webpack_require__("./node_modules/@noble/hashes/esm/utils.js");
-;// ./node_modules/@noble/hashes/esm/sha3.js
-/**
- * SHA3 (keccak) hash function, based on a new "Sponge function" design.
- * Different from older hashes, the internal state is bigger than output size.
- *
- * Check out [FIPS-202](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf),
- * [Website](https://keccak.team/keccak.html),
- * [the differences between SHA-3 and Keccak](https://crypto.stackexchange.com/questions/15727/what-are-the-key-differences-between-the-draft-sha-3-standard-and-the-keccak-sub).
- *
- * Check out `sha3-addons` module for cSHAKE, k12, and others.
- * @module
- */
-
-// prettier-ignore
-
-// No __PURE__ annotations in sha3 header:
-// EVERYTHING is in fact used on every export.
-// Various per round constants calculations
-const _0n = BigInt(0);
-const _1n = BigInt(1);
-const _2n = BigInt(2);
-const _7n = BigInt(7);
-const _256n = BigInt(256);
-const _0x71n = BigInt(0x71);
-const SHA3_PI = [];
-const SHA3_ROTL = [];
-const _SHA3_IOTA = [];
-for (let round = 0, R = _1n, x = 1, y = 0; round < 24; round++) {
-    // Pi
-    [x, y] = [y, (2 * x + 3 * y) % 5];
-    SHA3_PI.push(2 * (5 * y + x));
-    // Rotational
-    SHA3_ROTL.push((((round + 1) * (round + 2)) / 2) % 64);
-    // Iota
-    let t = _0n;
-    for (let j = 0; j < 7; j++) {
-        R = ((R << _1n) ^ ((R >> _7n) * _0x71n)) % _256n;
-        if (R & _2n)
-            t ^= _1n << ((_1n << /* @__PURE__ */ BigInt(j)) - _1n);
-    }
-    _SHA3_IOTA.push(t);
-}
-const IOTAS = (0,_u64.split)(_SHA3_IOTA, true);
-const SHA3_IOTA_H = IOTAS[0];
-const SHA3_IOTA_L = IOTAS[1];
-// Left rotation (without 0, 32, 64)
-const rotlH = (h, l, s) => (s > 32 ? (0,_u64.rotlBH)(h, l, s) : (0,_u64.rotlSH)(h, l, s));
-const rotlL = (h, l, s) => (s > 32 ? (0,_u64.rotlBL)(h, l, s) : (0,_u64.rotlSL)(h, l, s));
-/** `keccakf1600` internal function, additionally allows to adjust round count. */
-function keccakP(s, rounds = 24) {
-    const B = new Uint32Array(5 * 2);
-    // NOTE: all indices are x2 since we store state as u32 instead of u64 (bigints to slow in js)
-    for (let round = 24 - rounds; round < 24; round++) {
-        // Theta θ
-        for (let x = 0; x < 10; x++)
-            B[x] = s[x] ^ s[x + 10] ^ s[x + 20] ^ s[x + 30] ^ s[x + 40];
-        for (let x = 0; x < 10; x += 2) {
-            const idx1 = (x + 8) % 10;
-            const idx0 = (x + 2) % 10;
-            const B0 = B[idx0];
-            const B1 = B[idx0 + 1];
-            const Th = rotlH(B0, B1, 1) ^ B[idx1];
-            const Tl = rotlL(B0, B1, 1) ^ B[idx1 + 1];
-            for (let y = 0; y < 50; y += 10) {
-                s[x + y] ^= Th;
-                s[x + y + 1] ^= Tl;
-            }
-        }
-        // Rho (ρ) and Pi (π)
-        let curH = s[2];
-        let curL = s[3];
-        for (let t = 0; t < 24; t++) {
-            const shift = SHA3_ROTL[t];
-            const Th = rotlH(curH, curL, shift);
-            const Tl = rotlL(curH, curL, shift);
-            const PI = SHA3_PI[t];
-            curH = s[PI];
-            curL = s[PI + 1];
-            s[PI] = Th;
-            s[PI + 1] = Tl;
-        }
-        // Chi (χ)
-        for (let y = 0; y < 50; y += 10) {
-            for (let x = 0; x < 10; x++)
-                B[x] = s[y + x];
-            for (let x = 0; x < 10; x++)
-                s[y + x] ^= ~B[(x + 2) % 10] & B[(x + 4) % 10];
-        }
-        // Iota (ι)
-        s[0] ^= SHA3_IOTA_H[round];
-        s[1] ^= SHA3_IOTA_L[round];
-    }
-    (0,utils.clean)(B);
-}
-/** Keccak sponge function. */
-class Keccak extends utils.Hash {
-    // NOTE: we accept arguments in bytes instead of bits here.
-    constructor(blockLen, suffix, outputLen, enableXOF = false, rounds = 24) {
-        super();
-        this.pos = 0;
-        this.posOut = 0;
-        this.finished = false;
-        this.destroyed = false;
-        this.enableXOF = false;
-        this.blockLen = blockLen;
-        this.suffix = suffix;
-        this.outputLen = outputLen;
-        this.enableXOF = enableXOF;
-        this.rounds = rounds;
-        // Can be passed from user as dkLen
-        (0,utils.anumber)(outputLen);
-        // 1600 = 5x5 matrix of 64bit.  1600 bits === 200 bytes
-        // 0 < blockLen < 200
-        if (!(0 < blockLen && blockLen < 200))
-            throw new Error('only keccak-f1600 function is supported');
-        this.state = new Uint8Array(200);
-        this.state32 = (0,utils.u32)(this.state);
-    }
-    clone() {
-        return this._cloneInto();
-    }
-    keccak() {
-        (0,utils.swap32IfBE)(this.state32);
-        keccakP(this.state32, this.rounds);
-        (0,utils.swap32IfBE)(this.state32);
-        this.posOut = 0;
-        this.pos = 0;
-    }
-    update(data) {
-        (0,utils.aexists)(this);
-        data = (0,utils.toBytes)(data);
-        (0,utils.abytes)(data);
-        const { blockLen, state } = this;
-        const len = data.length;
-        for (let pos = 0; pos < len;) {
-            const take = Math.min(blockLen - this.pos, len - pos);
-            for (let i = 0; i < take; i++)
-                state[this.pos++] ^= data[pos++];
-            if (this.pos === blockLen)
-                this.keccak();
-        }
-        return this;
-    }
-    finish() {
-        if (this.finished)
-            return;
-        this.finished = true;
-        const { state, suffix, pos, blockLen } = this;
-        // Do the padding
-        state[pos] ^= suffix;
-        if ((suffix & 0x80) !== 0 && pos === blockLen - 1)
-            this.keccak();
-        state[blockLen - 1] ^= 0x80;
-        this.keccak();
-    }
-    writeInto(out) {
-        (0,utils.aexists)(this, false);
-        (0,utils.abytes)(out);
-        this.finish();
-        const bufferOut = this.state;
-        const { blockLen } = this;
-        for (let pos = 0, len = out.length; pos < len;) {
-            if (this.posOut >= blockLen)
-                this.keccak();
-            const take = Math.min(blockLen - this.posOut, len - pos);
-            out.set(bufferOut.subarray(this.posOut, this.posOut + take), pos);
-            this.posOut += take;
-            pos += take;
-        }
-        return out;
-    }
-    xofInto(out) {
-        // Sha3/Keccak usage with XOF is probably mistake, only SHAKE instances can do XOF
-        if (!this.enableXOF)
-            throw new Error('XOF is not possible for this instance');
-        return this.writeInto(out);
-    }
-    xof(bytes) {
-        (0,utils.anumber)(bytes);
-        return this.xofInto(new Uint8Array(bytes));
-    }
-    digestInto(out) {
-        (0,utils.aoutput)(out, this);
-        if (this.finished)
-            throw new Error('digest() was already called');
-        this.writeInto(out);
-        this.destroy();
-        return out;
-    }
-    digest() {
-        return this.digestInto(new Uint8Array(this.outputLen));
-    }
-    destroy() {
-        this.destroyed = true;
-        (0,utils.clean)(this.state);
-    }
-    _cloneInto(to) {
-        const { blockLen, suffix, outputLen, rounds, enableXOF } = this;
-        to || (to = new Keccak(blockLen, suffix, outputLen, enableXOF, rounds));
-        to.state32.set(this.state32);
-        to.pos = this.pos;
-        to.posOut = this.posOut;
-        to.finished = this.finished;
-        to.rounds = rounds;
-        // Suffix can change in cSHAKE
-        to.suffix = suffix;
-        to.outputLen = outputLen;
-        to.enableXOF = enableXOF;
-        to.destroyed = this.destroyed;
-        return to;
-    }
-}
-const gen = (suffix, blockLen, outputLen) => (0,utils.createHasher)(() => new Keccak(blockLen, suffix, outputLen));
-/** SHA3-224 hash function. */
-const sha3_224 = /* @__PURE__ */ (() => gen(0x06, 144, 224 / 8))();
-/** SHA3-256 hash function. Different from keccak-256. */
-const sha3_256 = /* @__PURE__ */ (() => gen(0x06, 136, 256 / 8))();
-/** SHA3-384 hash function. */
-const sha3_384 = /* @__PURE__ */ (() => gen(0x06, 104, 384 / 8))();
-/** SHA3-512 hash function. */
-const sha3_512 = /* @__PURE__ */ (() => gen(0x06, 72, 512 / 8))();
-/** keccak-224 hash function. */
-const keccak_224 = /* @__PURE__ */ (() => gen(0x01, 144, 224 / 8))();
-/** keccak-256 hash function. Different from SHA3-256. */
-const keccak_256 = /* @__PURE__ */ (() => gen(0x01, 136, 256 / 8))();
-/** keccak-384 hash function. */
-const keccak_384 = /* @__PURE__ */ (() => gen(0x01, 104, 384 / 8))();
-/** keccak-512 hash function. */
-const keccak_512 = /* @__PURE__ */ (() => gen(0x01, 72, 512 / 8))();
-const genShake = (suffix, blockLen, outputLen) => (0,utils.createXOFer)((opts = {}) => new Keccak(blockLen, suffix, opts.dkLen === undefined ? outputLen : opts.dkLen, true));
-/** SHAKE128 XOF with 128-bit security. */
-const shake128 = /* @__PURE__ */ (() => genShake(0x1f, 168, 128 / 8))();
-/** SHAKE256 XOF with 256-bit security. */
-const shake256 = /* @__PURE__ */ (() => genShake(0x1f, 136, 256 / 8))();
-//# sourceMappingURL=sha3.js.map
-// EXTERNAL MODULE: ./node_modules/@noble/curves/esm/abstract/curve.js
-var curve = __webpack_require__("./node_modules/@noble/curves/esm/abstract/curve.js");
-// EXTERNAL MODULE: ./node_modules/@noble/curves/esm/abstract/edwards.js
-var edwards = __webpack_require__("./node_modules/@noble/curves/esm/abstract/edwards.js");
-// EXTERNAL MODULE: ./node_modules/@noble/curves/esm/abstract/hash-to-curve.js
-var hash_to_curve = __webpack_require__("./node_modules/@noble/curves/esm/abstract/hash-to-curve.js");
-// EXTERNAL MODULE: ./node_modules/@noble/curves/esm/abstract/modular.js
-var modular = __webpack_require__("./node_modules/@noble/curves/esm/abstract/modular.js");
-// EXTERNAL MODULE: ./node_modules/@noble/curves/esm/abstract/montgomery.js
-var montgomery = __webpack_require__("./node_modules/@noble/curves/esm/abstract/montgomery.js");
-// EXTERNAL MODULE: ./node_modules/@noble/curves/esm/utils.js
-var esm_utils = __webpack_require__("./node_modules/@noble/curves/esm/utils.js");
-;// ./node_modules/@noble/curves/esm/ed448.js
+/* harmony export */ __webpack_require__.d(__webpack_exports__, {
+/* harmony export */   DecafPoint: () => (/* binding */ DecafPoint),
+/* harmony export */   E448: () => (/* binding */ E448),
+/* harmony export */   ED448_TORSION_SUBGROUP: () => (/* binding */ ED448_TORSION_SUBGROUP),
+/* harmony export */   decaf448: () => (/* binding */ decaf448),
+/* harmony export */   decaf448_hasher: () => (/* binding */ decaf448_hasher),
+/* harmony export */   ed448: () => (/* binding */ ed448),
+/* harmony export */   ed448_hasher: () => (/* binding */ ed448_hasher),
+/* harmony export */   ed448ph: () => (/* binding */ ed448ph),
+/* harmony export */   edwardsToMontgomery: () => (/* binding */ edwardsToMontgomery),
+/* harmony export */   edwardsToMontgomeryPub: () => (/* binding */ edwardsToMontgomeryPub),
+/* harmony export */   encodeToCurve: () => (/* binding */ encodeToCurve),
+/* harmony export */   hashToCurve: () => (/* binding */ hashToCurve),
+/* harmony export */   hashToDecaf448: () => (/* binding */ hashToDecaf448),
+/* harmony export */   hash_to_decaf448: () => (/* binding */ hash_to_decaf448),
+/* harmony export */   x448: () => (/* binding */ x448)
+/* harmony export */ });
+/* harmony import */ var _noble_hashes_sha3_js__WEBPACK_IMPORTED_MODULE_0__ = __webpack_require__(/*! @noble/hashes/sha3.js */ "./node_modules/@noble/hashes/esm/sha3.js");
+/* harmony import */ var _noble_hashes_utils_js__WEBPACK_IMPORTED_MODULE_1__ = __webpack_require__(/*! @noble/hashes/utils.js */ "./node_modules/@noble/hashes/esm/utils.js");
+/* harmony import */ var _abstract_curve_js__WEBPACK_IMPORTED_MODULE_2__ = __webpack_require__(/*! ./abstract/curve.js */ "./node_modules/@noble/curves/esm/abstract/curve.js");
+/* harmony import */ var _abstract_edwards_js__WEBPACK_IMPORTED_MODULE_3__ = __webpack_require__(/*! ./abstract/edwards.js */ "./node_modules/@noble/curves/esm/abstract/edwards.js");
+/* harmony import */ var _abstract_hash_to_curve_js__WEBPACK_IMPORTED_MODULE_4__ = __webpack_require__(/*! ./abstract/hash-to-curve.js */ "./node_modules/@noble/curves/esm/abstract/hash-to-curve.js");
+/* harmony import */ var _abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__ = __webpack_require__(/*! ./abstract/modular.js */ "./node_modules/@noble/curves/esm/abstract/modular.js");
+/* harmony import */ var _abstract_montgomery_js__WEBPACK_IMPORTED_MODULE_6__ = __webpack_require__(/*! ./abstract/montgomery.js */ "./node_modules/@noble/curves/esm/abstract/montgomery.js");
+/* harmony import */ var _utils_js__WEBPACK_IMPORTED_MODULE_7__ = __webpack_require__(/*! ./utils.js */ "./node_modules/@noble/curves/esm/utils.js");
 /**
  * Edwards448 (not Ed448-Goldilocks) curve with following addons:
  * - X448 ECDH
@@ -321,10 +73,10 @@ const E448_CURVE = Object.assign({}, ed448_CURVE, {
     Gx: BigInt('0x79a70b2b70400553ae7c9df416c792c61128751ac92969240c25a07d728bdc93e21f7787ed6972249de732f38496cd11698713093e9c04fc'),
     Gy: BigInt('0x7fffffffffffffffffffffffffffffffffffffffffffffffffffffff80000000000000000000000000000000000000000000000000000001'),
 });
-const shake256_114 = /* @__PURE__ */ (0,utils.createHasher)(() => shake256.create({ dkLen: 114 }));
-const shake256_64 = /* @__PURE__ */ (0,utils.createHasher)(() => shake256.create({ dkLen: 64 }));
+const shake256_114 = /* @__PURE__ */ (0,_noble_hashes_utils_js__WEBPACK_IMPORTED_MODULE_1__.createHasher)(() => _noble_hashes_sha3_js__WEBPACK_IMPORTED_MODULE_0__.shake256.create({ dkLen: 114 }));
+const shake256_64 = /* @__PURE__ */ (0,_noble_hashes_utils_js__WEBPACK_IMPORTED_MODULE_1__.createHasher)(() => _noble_hashes_sha3_js__WEBPACK_IMPORTED_MODULE_0__.shake256.create({ dkLen: 64 }));
 // prettier-ignore
-const ed448_1n = BigInt(1), ed448_2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);
+const _1n = BigInt(1), _2n = BigInt(2), _3n = BigInt(3), _4n = BigInt(4), _11n = BigInt(11);
 // prettier-ignore
 const _22n = BigInt(22), _44n = BigInt(44), _88n = BigInt(88), _223n = BigInt(223);
 // powPminus3div4 calculates z = x^k mod p, where k = (p-3)/4.
@@ -334,17 +86,17 @@ function ed448_pow_Pminus3div4(x) {
     const P = ed448_CURVE.p;
     const b2 = (x * x * x) % P;
     const b3 = (b2 * b2 * x) % P;
-    const b6 = ((0,modular.pow2)(b3, _3n, P) * b3) % P;
-    const b9 = ((0,modular.pow2)(b6, _3n, P) * b3) % P;
-    const b11 = ((0,modular.pow2)(b9, ed448_2n, P) * b2) % P;
-    const b22 = ((0,modular.pow2)(b11, _11n, P) * b11) % P;
-    const b44 = ((0,modular.pow2)(b22, _22n, P) * b22) % P;
-    const b88 = ((0,modular.pow2)(b44, _44n, P) * b44) % P;
-    const b176 = ((0,modular.pow2)(b88, _88n, P) * b88) % P;
-    const b220 = ((0,modular.pow2)(b176, _44n, P) * b44) % P;
-    const b222 = ((0,modular.pow2)(b220, ed448_2n, P) * b2) % P;
-    const b223 = ((0,modular.pow2)(b222, ed448_1n, P) * x) % P;
-    return ((0,modular.pow2)(b223, _223n, P) * b222) % P;
+    const b6 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b3, _3n, P) * b3) % P;
+    const b9 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b6, _3n, P) * b3) % P;
+    const b11 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b9, _2n, P) * b2) % P;
+    const b22 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b11, _11n, P) * b11) % P;
+    const b44 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b22, _22n, P) * b22) % P;
+    const b88 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b44, _44n, P) * b44) % P;
+    const b176 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b88, _88n, P) * b88) % P;
+    const b220 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b176, _44n, P) * b44) % P;
+    const b222 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b220, _2n, P) * b2) % P;
+    const b223 = ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b222, _1n, P) * x) % P;
+    return ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(b223, _223n, P) * b222) % P;
 }
 function adjustScalarBytes(bytes) {
     // Section 5: Likewise, for X448, set the two least significant bits of the first byte to 0,
@@ -365,31 +117,31 @@ function uvRatio(u, v) {
     // following trick, to use a single modular powering for both the
     // inversion of v and the square root:
     // x = (u/v)^((p+1)/4)   = u³v(u⁵v³)^((p-3)/4)   (mod p)
-    const u2v = (0,modular.mod)(u * u * v, P); // u²v
-    const u3v = (0,modular.mod)(u2v * u, P); // u³v
-    const u5v3 = (0,modular.mod)(u3v * u2v * v, P); // u⁵v³
+    const u2v = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(u * u * v, P); // u²v
+    const u3v = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(u2v * u, P); // u³v
+    const u5v3 = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(u3v * u2v * v, P); // u⁵v³
     const root = ed448_pow_Pminus3div4(u5v3);
-    const x = (0,modular.mod)(u3v * root, P);
+    const x = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(u3v * root, P);
     // Verify that root is exists
-    const x2 = (0,modular.mod)(x * x, P); // x²
+    const x2 = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(x * x, P); // x²
     // If vx² = u, the recovered x-coordinate is x.  Otherwise, no
     // square root exists, and the decoding fails.
-    return { isValid: (0,modular.mod)(x2 * v, P) === u, value: x };
+    return { isValid: (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(x2 * v, P) === u, value: x };
 }
 // Finite field 2n**448n - 2n**224n - 1n
 // The value fits in 448 bits, but we use 456-bit (57-byte) elements because of bitflags.
 // - ed25519 fits in 255 bits, allowing using last 1 byte for specifying bit flag of point negation.
 // - ed448 fits in 448 bits. We can't use last 1 byte: we can only use a bit 224 in the middle.
-const Fp = /* @__PURE__ */ (() => (0,modular.Field)(ed448_CURVE.p, { BITS: 456, isLE: true }))();
-const Fn = /* @__PURE__ */ (() => (0,modular.Field)(ed448_CURVE.n, { BITS: 456, isLE: true }))();
+const Fp = /* @__PURE__ */ (() => (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.Field)(ed448_CURVE.p, { BITS: 456, isLE: true }))();
+const Fn = /* @__PURE__ */ (() => (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.Field)(ed448_CURVE.n, { BITS: 456, isLE: true }))();
 // decaf448 uses 448-bit (56-byte) keys
-const Fp448 = /* @__PURE__ */ (() => (0,modular.Field)(ed448_CURVE.p, { BITS: 448, isLE: true }))();
-const Fn448 = /* @__PURE__ */ (() => (0,modular.Field)(ed448_CURVE.n, { BITS: 448, isLE: true }))();
+const Fp448 = /* @__PURE__ */ (() => (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.Field)(ed448_CURVE.p, { BITS: 448, isLE: true }))();
+const Fn448 = /* @__PURE__ */ (() => (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.Field)(ed448_CURVE.n, { BITS: 448, isLE: true }))();
 // SHAKE256(dom4(phflag,context)||x, 114)
 function dom4(data, ctx, phflag) {
     if (ctx.length > 255)
         throw new Error('context must be smaller than 255, got: ' + ctx.length);
-    return (0,utils.concatBytes)((0,esm_utils.asciiToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
+    return (0,_noble_hashes_utils_js__WEBPACK_IMPORTED_MODULE_1__.concatBytes)((0,_utils_js__WEBPACK_IMPORTED_MODULE_7__.asciiToBytes)('SigEd448'), new Uint8Array([phflag ? 1 : 0, ctx.length]), ctx, data);
 }
 // const ed448_eddsa_opts = { adjustScalarBytes, domain: dom4 };
 // const ed448_Point = edwards(ed448_CURVE, { Fp, Fn, uvRatio });
@@ -412,10 +164,10 @@ const ED448_DEF = /* @__PURE__ */ (() => ({
  * const sig = ed448.sign(msg, secretKey);
  * const isValid = ed448.verify(sig, msg, publicKey);
  */
-const ed448 = (0,edwards.twistedEdwards)(ED448_DEF);
+const ed448 = (0,_abstract_edwards_js__WEBPACK_IMPORTED_MODULE_3__.twistedEdwards)(ED448_DEF);
 // There is no ed448ctx, since ed448 supports ctx by default
 /** Prehashed version of ed448. Accepts already-hashed messages in sign() and verify(). */
-const ed448ph = /* @__PURE__ */ (() => (0,edwards.twistedEdwards)({
+const ed448ph = /* @__PURE__ */ (() => (0,_abstract_edwards_js__WEBPACK_IMPORTED_MODULE_3__.twistedEdwards)({
     ...ED448_DEF,
     prehash: shake256_64,
 }))();
@@ -424,7 +176,7 @@ const ed448ph = /* @__PURE__ */ (() => (0,edwards.twistedEdwards)({
  * E448 != edwards448 used in ed448.
  * E448 is birationally equivalent to edwards448.
  */
-const E448 = (0,edwards.edwards)(E448_CURVE);
+const E448 = (0,_abstract_edwards_js__WEBPACK_IMPORTED_MODULE_3__.edwards)(E448_CURVE);
 /**
  * ECDH using curve448 aka x448.
  * x448 has 56-byte keys as per RFC 7748, while
@@ -432,13 +184,13 @@ const E448 = (0,edwards.edwards)(E448_CURVE);
  */
 const x448 = /* @__PURE__ */ (() => {
     const P = ed448_CURVE.p;
-    return (0,montgomery.montgomery)({
+    return (0,_abstract_montgomery_js__WEBPACK_IMPORTED_MODULE_6__.montgomery)({
         P,
         type: 'x448',
         powPminus2: (x) => {
             const Pminus3div4 = ed448_pow_Pminus3div4(x);
-            const Pminus3 = (0,modular.pow2)(Pminus3div4, ed448_2n, P);
-            return (0,modular.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2
+            const Pminus3 = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.pow2)(Pminus3div4, _2n, P);
+            return (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.mod)(Pminus3 * x, P); // Pminus3 * x = Pminus2
         },
         adjustScalarBytes,
     });
@@ -513,18 +265,18 @@ function map_to_curve_elligator2_edwards448(u) {
     xEd = Fp.cmov(xEd, Fp.ONE, e); // 35. xEd = CMOV(xEd, 1, e)
     yEn = Fp.cmov(yEn, Fp.ONE, e); // 36. yEn = CMOV(yEn, 1, e)
     yEd = Fp.cmov(yEd, Fp.ONE, e); // 37. yEd = CMOV(yEd, 1, e)
-    const inv = (0,modular.FpInvertBatch)(Fp, [xEd, yEd], true); // batch division
+    const inv = (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.FpInvertBatch)(Fp, [xEd, yEd], true); // batch division
     return { x: Fp.mul(xEn, inv[0]), y: Fp.mul(yEn, inv[1]) }; // 38. return (xEn, xEd, yEn, yEd)
 }
 /** Hashing / encoding to ed448 points / field. RFC 9380 methods. */
-const ed448_hasher = /* @__PURE__ */ (() => (0,hash_to_curve.createHasher)(ed448.Point, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {
+const ed448_hasher = /* @__PURE__ */ (() => (0,_abstract_hash_to_curve_js__WEBPACK_IMPORTED_MODULE_4__.createHasher)(ed448.Point, (scalars) => map_to_curve_elligator2_edwards448(scalars[0]), {
     DST: 'edwards448_XOF:SHAKE256_ELL2_RO_',
     encodeDST: 'edwards448_XOF:SHAKE256_ELL2_NU_',
     p: Fp.ORDER,
     m: 1,
     k: 224,
     expand: 'xof',
-    hash: shake256,
+    hash: _noble_hashes_sha3_js__WEBPACK_IMPORTED_MODULE_0__.shake256,
 }))();
 // 1-d
 const ONE_MINUS_D = /* @__PURE__ */ BigInt('39082');
@@ -535,7 +287,7 @@ const SQRT_MINUS_D = /* @__PURE__ */ BigInt('98944233647732219769177004876929019
 // 1 / √(-d)
 const INVSQRT_MINUS_D = /* @__PURE__ */ BigInt('315019913931389607337177038330951043522456072897266928557328499619017160722351061360252776265186336876723201881398623946864393857820716');
 // Calculates 1/√(number)
-const invertSqrt = (number) => uvRatio(ed448_1n, number);
+const invertSqrt = (number) => uvRatio(_1n, number);
 /**
  * Elligator map for hash-to-curve of decaf448.
  * Described in [RFC9380](https://www.rfc-editor.org/rfc/rfc9380#appendix-C)
@@ -546,28 +298,28 @@ function calcElligatorDecafMap(r0) {
     const P = Fp.ORDER;
     const mod = (n) => Fp.create(n);
     const r = mod(-(r0 * r0)); // 1
-    const u0 = mod(d * (r - ed448_1n)); // 2
-    const u1 = mod((u0 + ed448_1n) * (u0 - r)); // 3
-    const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + ed448_1n) * u1)); // 4
+    const u0 = mod(d * (r - _1n)); // 2
+    const u1 = mod((u0 + _1n) * (u0 - r)); // 3
+    const { isValid: was_square, value: v } = uvRatio(ONE_MINUS_TWO_D, mod((r + _1n) * u1)); // 4
     let v_prime = v; // 5
     if (!was_square)
         v_prime = mod(r0 * v);
-    let sgn = ed448_1n; // 6
+    let sgn = _1n; // 6
     if (!was_square)
-        sgn = mod(-ed448_1n);
-    const s = mod(v_prime * (r + ed448_1n)); // 7
+        sgn = mod(-_1n);
+    const s = mod(v_prime * (r + _1n)); // 7
     let s_abs = s;
-    if ((0,modular.isNegativeLE)(s, P))
+    if ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.isNegativeLE)(s, P))
         s_abs = mod(-s);
     const s2 = s * s;
-    const W0 = mod(s_abs * ed448_2n); // 8
-    const W1 = mod(s2 + ed448_1n); // 9
-    const W2 = mod(s2 - ed448_1n); // 10
-    const W3 = mod(v_prime * s * (r - ed448_1n) * ONE_MINUS_TWO_D + sgn); // 11
+    const W0 = mod(s_abs * _2n); // 8
+    const W1 = mod(s2 + _1n); // 9
+    const W2 = mod(s2 - _1n); // 10
+    const W3 = mod(v_prime * s * (r - _1n) * ONE_MINUS_TWO_D + sgn); // 11
     return new ed448.Point(mod(W0 * W3), mod(W2 * W1), mod(W1 * W3), mod(W0 * W2));
 }
 function decaf448_map(bytes) {
-    (0,utils.abytes)(bytes, 112);
+    (0,_noble_hashes_utils_js__WEBPACK_IMPORTED_MODULE_1__.abytes)(bytes, 112);
     const skipValidation = true;
     // Note: Similar to the field element decoding described in
     // [RFC7748], and unlike the field element decoding described in
@@ -585,7 +337,7 @@ function decaf448_map(bytes) {
  * but it should work in its own namespace: do not combine those two.
  * See [RFC9496](https://www.rfc-editor.org/rfc/rfc9496).
  */
-class _DecafPoint extends edwards.PrimeEdwardsPoint {
+class _DecafPoint extends _abstract_edwards_js__WEBPACK_IMPORTED_MODULE_3__.PrimeEdwardsPoint {
     constructor(ep) {
         super(ep);
     }
@@ -601,32 +353,32 @@ class _DecafPoint extends edwards.PrimeEdwardsPoint {
     }
     /** @deprecated use `import { decaf448_hasher } from '@noble/curves/ed448.js';` */
     static hashToCurve(hex) {
-        return decaf448_map((0,esm_utils.ensureBytes)('decafHash', hex, 112));
+        return decaf448_map((0,_utils_js__WEBPACK_IMPORTED_MODULE_7__.ensureBytes)('decafHash', hex, 112));
     }
     static fromBytes(bytes) {
-        (0,utils.abytes)(bytes, 56);
+        (0,_noble_hashes_utils_js__WEBPACK_IMPORTED_MODULE_1__.abytes)(bytes, 56);
         const { d } = ed448_CURVE;
         const P = Fp.ORDER;
         const mod = (n) => Fp448.create(n);
         const s = Fp448.fromBytes(bytes);
         // 1. Check that s_bytes is the canonical encoding of a field element, or else abort.
         // 2. Check that s is non-negative, or else abort
-        if (!(0,esm_utils.equalBytes)(Fn448.toBytes(s), bytes) || (0,modular.isNegativeLE)(s, P))
+        if (!(0,_utils_js__WEBPACK_IMPORTED_MODULE_7__.equalBytes)(Fn448.toBytes(s), bytes) || (0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.isNegativeLE)(s, P))
             throw new Error('invalid decaf448 encoding 1');
         const s2 = mod(s * s); // 1
-        const u1 = mod(ed448_1n + s2); // 2
+        const u1 = mod(_1n + s2); // 2
         const u1sq = mod(u1 * u1);
         const u2 = mod(u1sq - _4n * d * s2); // 3
         const { isValid, value: invsqrt } = invertSqrt(mod(u2 * u1sq)); // 4
         let u3 = mod((s + s) * invsqrt * u1 * SQRT_MINUS_D); // 5
-        if ((0,modular.isNegativeLE)(u3, P))
+        if ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.isNegativeLE)(u3, P))
             u3 = mod(-u3);
         const x = mod(u3 * invsqrt * u2 * INVSQRT_MINUS_D); // 6
-        const y = mod((ed448_1n - s2) * invsqrt * u1); // 7
+        const y = mod((_1n - s2) * invsqrt * u1); // 7
         const t = mod(x * y); // 8
         if (!isValid)
             throw new Error('invalid decaf448 encoding 2');
-        return new _DecafPoint(new ed448.Point(x, y, ed448_1n, t));
+        return new _DecafPoint(new ed448.Point(x, y, _1n, t));
     }
     /**
      * Converts decaf-encoded string to decaf point.
@@ -634,11 +386,11 @@ class _DecafPoint extends edwards.PrimeEdwardsPoint {
      * @param hex Decaf-encoded 56 bytes. Not every 56-byte string is valid decaf encoding
      */
     static fromHex(hex) {
-        return _DecafPoint.fromBytes((0,esm_utils.ensureBytes)('decafHex', hex, 56));
+        return _DecafPoint.fromBytes((0,_utils_js__WEBPACK_IMPORTED_MODULE_7__.ensureBytes)('decafHex', hex, 56));
     }
     /** @deprecated use `import { pippenger } from '@noble/curves/abstract/curve.js';` */
     static msm(points, scalars) {
-        return (0,curve.pippenger)(_DecafPoint, Fn, points, scalars);
+        return (0,_abstract_curve_js__WEBPACK_IMPORTED_MODULE_2__.pippenger)(_DecafPoint, Fn, points, scalars);
     }
     /**
      * Encodes decaf point to Uint8Array.
@@ -652,11 +404,11 @@ class _DecafPoint extends edwards.PrimeEdwardsPoint {
         const x2 = mod(X * X);
         const { value: invsqrt } = invertSqrt(mod(u1 * ONE_MINUS_D * x2)); // 2
         let ratio = mod(invsqrt * u1 * SQRT_MINUS_D); // 3
-        if ((0,modular.isNegativeLE)(ratio, P))
+        if ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.isNegativeLE)(ratio, P))
             ratio = mod(-ratio);
         const u2 = mod(INVSQRT_MINUS_D * ratio * Z - T); // 4
         let s = mod(ONE_MINUS_D * invsqrt * X * u2); // 5
-        if ((0,modular.isNegativeLE)(s, P))
+        if ((0,_abstract_modular_js__WEBPACK_IMPORTED_MODULE_5__.isNegativeLE)(s, P))
             s = mod(-s);
         return Fn448.toBytes(s);
     }
@@ -678,7 +430,7 @@ class _DecafPoint extends edwards.PrimeEdwardsPoint {
 // The following gymnastics is done because typescript strips comments otherwise
 // prettier-ignore
 _DecafPoint.BASE = 
-/* @__PURE__ */ (() => new _DecafPoint(ed448.Point.BASE).multiplyUnsafe(ed448_2n))();
+/* @__PURE__ */ (() => new _DecafPoint(ed448.Point.BASE).multiplyUnsafe(_2n))();
 // prettier-ignore
 _DecafPoint.ZERO = 
 /* @__PURE__ */ (() => new _DecafPoint(ed448.Point.ZERO))();
@@ -693,15 +445,15 @@ const decaf448 = { Point: _DecafPoint };
 const decaf448_hasher = {
     hashToCurve(msg, options) {
         const DST = options?.DST || 'decaf448_XOF:SHAKE256_D448MAP_RO_';
-        return decaf448_map((0,hash_to_curve.expand_message_xof)(msg, DST, 112, 224, shake256));
+        return decaf448_map((0,_abstract_hash_to_curve_js__WEBPACK_IMPORTED_MODULE_4__.expand_message_xof)(msg, DST, 112, 224, _noble_hashes_sha3_js__WEBPACK_IMPORTED_MODULE_0__.shake256));
     },
     // Warning: has big modulo bias of 2^-64.
     // RFC is invalid. RFC says "use 64-byte xof", while for 2^-112 bias
     // it must use 84-byte xof (56+56/2), not 64.
-    hashToScalar(msg, options = { DST: hash_to_curve._DST_scalar }) {
+    hashToScalar(msg, options = { DST: _abstract_hash_to_curve_js__WEBPACK_IMPORTED_MODULE_4__._DST_scalar }) {
         // Can't use `Fn448.fromBytes()`. 64-byte input => 56-byte field element
-        const xof = (0,hash_to_curve.expand_message_xof)(msg, options.DST, 64, 256, shake256);
-        return Fn448.create((0,esm_utils.bytesToNumberLE)(xof));
+        const xof = (0,_abstract_hash_to_curve_js__WEBPACK_IMPORTED_MODULE_4__.expand_message_xof)(msg, options.DST, 64, 256, _noble_hashes_sha3_js__WEBPACK_IMPORTED_MODULE_0__.shake256);
+        return Fn448.create((0,_utils_js__WEBPACK_IMPORTED_MODULE_7__.bytesToNumberLE)(xof));
     },
 };
 // export const decaf448_oprf: OPRF = createORPF({
@@ -735,7 +487,7 @@ const hashToDecaf448 = /* @__PURE__ */ (() => decaf448_hasher.hashToCurve)();
 const hash_to_decaf448 = /* @__PURE__ */ (() => decaf448_hasher.hashToCurve)();
 /** @deprecated use `ed448.utils.toMontgomery` */
 function edwardsToMontgomeryPub(edwardsPub) {
-    return ed448.utils.toMontgomery((0,esm_utils.ensureBytes)('pub', edwardsPub));
+    return ed448.utils.toMontgomery((0,_utils_js__WEBPACK_IMPORTED_MODULE_7__.ensureBytes)('pub', edwardsPub));
 }
 /** @deprecated use `ed448.utils.toMontgomery` */
 const edwardsToMontgomery = edwardsToMontgomeryPub;