diff --git a/README.md b/README.md index ef51b8dc..f1ce91af 100644 --- a/README.md +++ b/README.md @@ -288,7 +288,7 @@ This information fits with our mental map of the circuit we created: we had two snarkjs r1cs print circuit.r1cs circuit.sym ``` -To double check, we print the constraints of the circuit. +To double-check, we print the constraints of the circuit. You should see a thousand constraints of the form: @@ -318,7 +318,7 @@ EOT Now, we use the Javascript/WASM program created by `circom` in the directory *circuit_js* to create the witness (values of all the wires) for our inputs: ```sh -circuit_js$ node generate_witness.js circuit.wasm ../input.json ../witness.wtns +node generate_witness.js circuit.wasm ../input.json ../witness.wtns ``` We can check if the generated witness complies with the `r1cs` file with the following command: @@ -481,7 +481,7 @@ snarkjs fflonk verify verification_key.json public.json proof.json snarkjs groth16 verify verification_key.json public.json proof.json ``` -We use the this command to verify the proof, passing in the `verification_key` we exported earlier. +We use this command to verify the proof, passing in the `verification_key` we exported earlier. If all is well, you should see that `OK` has been outputted to your console. This signifies the proof is valid. @@ -610,7 +610,7 @@ the Random Beacon Model](https://eprint.iacr.org/2017/1050.pdf) - [Perpetual Powers of Tau](https://github.com/weijiekoh/perpetualpowersoftau) - [Powers of Tau](https://github.com/ebfull/powersoftau) - [Trusted setup ceremonies explored](https://www.zeroknowledge.fm/133) -- [Simple react projct using snarkjs](https://github.com/LHerskind/snarkjs-react) +- [Simple react project using snarkjs](https://github.com/LHerskind/snarkjs-react) ## Final note diff --git a/build/browser.esm.js b/build/browser.esm.js index e56aa88c..eb258985 100644 --- a/build/browser.esm.js +++ b/build/browser.esm.js @@ -872,8 +872,8 @@ class BigMemFile { } } -const O_TRUNC = 1024; -const O_CREAT = 512; +const O_TRUNC = 512; +const O_CREAT = 64; const O_RDWR = 2; const O_RDONLY = 0; @@ -1131,6 +1131,13 @@ async function getCurveFromName(name) { } +var curves = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCurveFromR: getCurveFromR, + getCurveFromQ: getCurveFromQ, + getCurveFromName: getCurveFromName +}); + var commonjsGlobal = typeof globalThis !== 'undefined' ? globalThis : typeof window !== 'undefined' ? window : typeof global !== 'undefined' ? global : typeof self !== 'undefined' ? self : {}; var blake2bWasm = {exports: {}}; @@ -2756,7 +2763,7 @@ async function readContribution$1(fd, curve, toObject) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; @@ -3110,7 +3117,7 @@ async function buildABC1(curve, zkey, witness, coeffs, logger) { } /* -async function buldABC(curve, zkey, witness, coeffs, logger) { +async function buildABC(curve, zkey, witness, coeffs, logger) { const concurrency = curve.tm.concurrency; const sCoef = 4*3 + zkey.n8r; @@ -3315,13 +3322,13 @@ limitations under the License. */ function flatArray(a) { - var res = []; + let res = []; fillArray(res, a); return res; function fillArray(res, a) { if (Array.isArray(a)) { - for (let i=0; i0) { - res.unshift(0); - i--; - } + let i = size - res.length; + while (i > 0) { + res.unshift(0); + i--; + } } return res; } @@ -3373,31 +3380,10 @@ function toArray32(s,size) { /* globals WebAssembly */ async function builder(code, options) { - - options = options || {}; - - let memorySize = 32767; - let memory; - let memoryAllocated = false; - while (!memoryAllocated){ - try{ - memory = new WebAssembly.Memory({initial:memorySize}); - memoryAllocated = true; - } catch(err){ - if(memorySize === 1){ - throw err; - } - console.warn("Could not allocate " + memorySize * 1024 * 64 + " bytes. This may cause severe instability. Trying with " + memorySize * 1024 * 64 / 2 + " bytes"); - memorySize = Math.floor(memorySize/2); - } - } - - const wasmModule = await WebAssembly.compile(code); - + let instance; let wc; - - let errStr = ""; - let msgStr = ""; + let memory; + options = options || {}; // Only circom 2 implements version lookup through exports in the WASM // We default to `1` and update if we see the `getVersion` export (major version) @@ -3405,122 +3391,157 @@ async function builder(code, options) { let majorVersion = 1; // After Circom 2.0.7, Blaine added exported functions for getting minor and patch versions let minorVersion = 0; - // If we can't lookup the patch version, assume the lowest + // If we can't look up the patch version, assume the lowest let patchVersion = 0; - const instance = await WebAssembly.instantiate(wasmModule, { - env: { - "memory": memory - }, - runtime: { - exceptionHandler: function(code) { - let err; - if (code == 1) { - err = "Signal not found. "; - } else if (code == 2) { - err = "Too many signals set. "; - } else if (code == 3) { - err = "Signal already set. "; - } else if (code == 4) { - err = "Assert Failed. "; - } else if (code == 5) { - err = "Not enough memory. "; - } else if (code == 6) { - err = "Input signal array access exceeds the size. "; - } else { - err = "Unknown error. "; + // If code is already prepared WebAssembly.Instance, we use it directly + if (code instanceof WebAssembly.Instance) { + instance = code; + } else { + + let memorySize = 32767; + + if (options.memorySize) { + // make sure we have int + memorySize = parseInt(options.memorySize); + if (memorySize < 0) { + throw new Error("Invalid memory size"); + } + } + + let memoryAllocated = false; + while (!memoryAllocated) { + try { + memory = new WebAssembly.Memory({initial: memorySize}); + memoryAllocated = true; + } catch (err) { + if (memorySize <= 1) { + throw err; } - console.error("ERROR: ", code, errStr); - throw new Error(err + errStr); - }, - // A new way of logging messages was added in Circom 2.0.7 that requires 2 new imports - // `printErrorMessage` and `writeBufferMessage`. - printErrorMessage: function() { - errStr += getMessage() + "\n"; + console.warn("Could not allocate " + memorySize * 1024 * 64 + " bytes. This may cause severe instability. Trying with " + memorySize * 1024 * 64 / 2 + " bytes"); + memorySize = Math.floor(memorySize / 2); + } + } + + const wasmModule = await WebAssembly.compile(code); + + let errStr = ""; + let msgStr = ""; + + instance = await WebAssembly.instantiate(wasmModule, { + env: { + "memory": memory }, - writeBufferMessage: function() { - const msg = getMessage(); - // Any calls to `log()` will always end with a `\n`, so that's when we print and reset - if (msg === "\n") { - console.log(msgStr); - msgStr = ""; - } else { - // If we've buffered other content, put a space in between the items - if (msgStr !== "") { - msgStr += " "; + runtime: { + exceptionHandler: function (code) { + let err; + if (code === 1) { + err = "Signal not found. "; + } else if (code === 2) { + err = "Too many signals set. "; + } else if (code === 3) { + err = "Signal already set. "; + } else if (code === 4) { + err = "Assert Failed. "; + } else if (code === 5) { + err = "Not enough memory. "; + } else if (code === 6) { + err = "Input signal array access exceeds the size. "; + } else { + err = "Unknown error. "; + } + console.error("ERROR: ", code, errStr); + throw new Error(err + errStr); + }, + // A new way of logging messages was added in Circom 2.0.7 that requires 2 new imports + // `printErrorMessage` and `writeBufferMessage`. + printErrorMessage: function () { + errStr += getMessage() + "\n"; + }, + writeBufferMessage: function () { + const msg = getMessage(); + // Any calls to `log()` will always end with a `\n`, so that's when we print and reset + if (msg === "\n") { + console.log(msgStr); + msgStr = ""; + } else { + // If we've buffered other content, put a space in between the items + if (msgStr !== "") { + msgStr += " "; + } + // Then append the message to the message we are creating + msgStr += msg; + } + }, + showSharedRWMemory: function () { + const shared_rw_memory_size = instance.exports.getFieldNumLen32(); + const arr = new Uint32Array(shared_rw_memory_size); + for (let j = 0; j < shared_rw_memory_size; j++) { + arr[shared_rw_memory_size - 1 - j] = instance.exports.readSharedRWMemory(j); } - // Then append the message to the message we are creating - msgStr += msg; - } - }, - showSharedRWMemory: function() { - const shared_rw_memory_size = instance.exports.getFieldNumLen32(); - const arr = new Uint32Array(shared_rw_memory_size); - for (let j=0; j= 2 && (minorVersion >= 1 || patchVersion >= 7)) { - // If we've buffered other content, put a space in between the items - if (msgStr !== "") { - msgStr += " "; + // In circom 2.0.7, they changed the log() function to allow strings and changed the + // output API. This smoothes over the breaking change. + if (majorVersion >= 2 && (minorVersion >= 1 || patchVersion >= 7)) { + // If we've buffered other content, put a space in between the items + if (msgStr !== "") { + msgStr += " "; + } + // Then append the value to the message we are creating + const msg = (Scalar.fromArray(arr, 0x100000000).toString()); + msgStr += msg; + } else { + console.log(Scalar.fromArray(arr, 0x100000000)); + } + }, + error: function (code, pstr, a, b, c, d) { + let errStr; + if (code === 7) { + errStr = p2str(pstr) + " " + wc.getFr(b).toString() + " != " + wc.getFr(c).toString() + " " + p2str(d); + } else if (code === 9) { + errStr = p2str(pstr) + " " + wc.getFr(b).toString() + " " + p2str(c); + } else if ((code === 5) && (options.sym)) { + errStr = p2str(pstr) + " " + options.sym.labelIdx2Name[c]; + } else { + errStr = p2str(pstr) + " " + a + " " + b + " " + c + " " + d; + } + console.log("ERROR: ", code, errStr); + throw new Error(errStr); + }, + log: function (a) { + console.log(wc.getFr(a).toString()); + }, + logGetSignal: function (signal, pVal) { + if (options.logGetSignal) { + options.logGetSignal(signal, wc.getFr(pVal)); + } + }, + logSetSignal: function (signal, pVal) { + if (options.logSetSignal) { + options.logSetSignal(signal, wc.getFr(pVal)); + } + }, + logStartComponent: function (cIdx) { + if (options.logStartComponent) { + options.logStartComponent(cIdx); + } + }, + logFinishComponent: function (cIdx) { + if (options.logFinishComponent) { + options.logFinishComponent(cIdx); } - // Then append the value to the message we are creating - const msg = (Scalar.fromArray(arr, 0x100000000).toString()); - msgStr += msg; - } else { - console.log(Scalar.fromArray(arr, 0x100000000)); - } - }, - error: function(code, pstr, a,b,c,d) { - let errStr; - if (code == 7) { - errStr=p2str(pstr) + " " + wc.getFr(b).toString() + " != " + wc.getFr(c).toString() + " " +p2str(d); - } else if (code == 9) { - errStr=p2str(pstr) + " " + wc.getFr(b).toString() + " " +p2str(c); - } else if ((code == 5)&&(options.sym)) { - errStr=p2str(pstr)+ " " + options.sym.labelIdx2Name[c]; - } else { - errStr=p2str(pstr)+ " " + a + " " + b + " " + c + " " + d; - } - console.log("ERROR: ", code, errStr); - throw new Error(errStr); - }, - log: function(a) { - console.log(wc.getFr(a).toString()); - }, - logGetSignal: function(signal, pVal) { - if (options.logGetSignal) { - options.logGetSignal(signal, wc.getFr(pVal) ); - } - }, - logSetSignal: function(signal, pVal) { - if (options.logSetSignal) { - options.logSetSignal(signal, wc.getFr(pVal) ); - } - }, - logStartComponent: function(cIdx) { - if (options.logStartComponent) { - options.logStartComponent(cIdx); - } - }, - logFinishComponent: function(cIdx) { - if (options.logFinishComponent) { - options.logFinishComponent(cIdx); } } - } - }); + }); + } - if (typeof instance.exports.getVersion == 'function') { + if (typeof instance.exports.getVersion == "function") { majorVersion = instance.exports.getVersion(); } - if (typeof instance.exports.getMinorVersion == 'function') { + if (typeof instance.exports.getMinorVersion == "function") { minorVersion = instance.exports.getMinorVersion(); } - if (typeof instance.exports.getPatchVersion == 'function') { + if (typeof instance.exports.getPatchVersion == "function") { patchVersion = instance.exports.getPatchVersion(); } @@ -3544,9 +3565,9 @@ async function builder(code, options) { return wc; function getMessage() { - var message = ""; - var c = instance.exports.getMessageChar(); - while ( c != 0 ) { + let message = ""; + let c = instance.exports.getMessageChar(); + while (c !== 0) { message += String.fromCharCode(c); c = instance.exports.getMessageChar(); } @@ -3558,11 +3579,12 @@ async function builder(code, options) { const bytes = []; - for (let i=0; i8[p+i]>0; i++) bytes.push(i8[p+i]); + for (let i = 0; i8[p + i] > 0; i++) bytes.push(i8[p + i]); return String.fromCharCode.apply(null, bytes); } } + class WitnessCalculatorCircom1 { constructor(memory, instance, sanityCheck) { this.memory = memory; @@ -3573,8 +3595,8 @@ class WitnessCalculatorCircom1 { const pRawPrime = this.instance.exports.getPRawPrime(); const arr = new Array(this.n32); - for (let i=0; i> 2) + i]; + for (let i = 0; i < this.n32; i++) { + arr[this.n32 - 1 - i] = this.i32[(pRawPrime >> 2) + i]; } this.prime = Scalar.fromArray(arr, 0x100000000); @@ -3583,8 +3605,8 @@ class WitnessCalculatorCircom1 { this.mask32 = Scalar.fromString("FFFFFFFF", 16); this.NVars = this.instance.exports.getNVars(); - this.n64 = Math.floor((this.Fr.bitLength - 1) / 64)+1; - this.R = this.Fr.e( Scalar.shiftLeft(1 , this.n64*64)); + this.n64 = Math.floor((this.Fr.bitLength - 1) / 64) + 1; + this.R = this.Fr.e(Scalar.shiftLeft(1, this.n64 * 64)); this.RInv = this.Fr.inv(this.R); this.sanityCheck = sanityCheck; } @@ -3598,10 +3620,10 @@ class WitnessCalculatorCircom1 { const pSigOffset = this.allocInt(); const pFr = this.allocFr(); const keys = Object.keys(input); - keys.forEach( (k) => { + keys.forEach((k) => { const h = fnvHash(k); - const hMSB = parseInt(h.slice(0,8), 16); - const hLSB = parseInt(h.slice(8,16), 16); + const hMSB = parseInt(h.slice(0, 8), 16); + const hLSB = parseInt(h.slice(8, 16), 16); try { this.instance.exports.getSignalOffset32(pSigOffset, 0, hMSB, hLSB); } catch (err) { @@ -3609,7 +3631,7 @@ class WitnessCalculatorCircom1 { } const sigOffset = this.getInt(pSigOffset); const fArr = flatArray(input[k]); - for (let i=0; i>2]; + return this.i32[p >> 2]; } setInt(p, v) { - this.i32[p>>2] = v; + this.i32[p >> 2] = v; } getFr(p) { const self = this; - const idx = (p>>2); + const idx = (p >> 2); if (self.i32[idx + 1] & 0x80000000) { const arr = new Array(self.n32); - for (let i=0; i> 2)] = 0; self.i32[(p >> 2) + 1] = 0x80000000; const arr = Scalar.toArray(v, 0x100000000); - for (let i=0; i=0) { + if (idx >= 0) { self.i32[(p >> 2) + 2 + i] = arr[idx]; } else { self.i32[(p >> 2) + 2 + i] = 0; @@ -3747,8 +3768,8 @@ class WitnessCalculatorCircom2 { this.instance.exports.getRawPrime(); const arr = new Uint32Array(this.n32); - for (let i=0; i { + let input_counter = 0; + keys.forEach((k) => { const h = fnvHash(k); - const hMSB = parseInt(h.slice(0,8), 16); - const hLSB = parseInt(h.slice(8,16), 16); + const hMSB = parseInt(h.slice(0, 8), 16); + const hLSB = parseInt(h.slice(8, 16), 16); const fArr = flatArray(input[k]); // Slight deviation from https://github.com/iden3/circom/blob/v2.1.6/code_producers/src/wasm_elements/common/witness_calculator.js // because I don't know when this exported function was added - if (typeof this.instance.exports.getInputSignalSize === 'function') { + if (typeof this.instance.exports.getInputSignalSize === "function") { let signalSize = this.instance.exports.getInputSignalSize(hMSB, hLSB); - if (signalSize < 0){ + if (signalSize < 0) { throw new Error(`Signal ${k} not found\n`); } if (fArr.length < signalSize) { @@ -3785,13 +3806,13 @@ class WitnessCalculatorCircom2 { throw new Error(`Too many values for input signal ${k}\n`); } } - for (let i=0; i. */ -async function challengeContribute(curve, challengeFilename, responesFileName, entropy, logger) { +async function challengeContribute(curve, challengeFilename, responseFileName, entropy, logger) { await blake2bWasm.exports.ready(); const fdFrom = await readExisting(challengeFilename); @@ -5567,7 +5588,7 @@ async function challengeContribute(curve, challengeFilename, responesFileName, e const rng = await getRandomRng(entropy); - const fdTo = await createOverride(responesFileName); + const fdTo = await createOverride(responseFileName); // Calculate the hash const challengeHasher = blake2bWasm.exports(64); @@ -5647,7 +5668,7 @@ async function beacon$1(oldPtauFilename, newPTauFilename, name, beaconHashStr,n return false; } if (beaconHash.length>=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -7145,7 +7166,7 @@ async function wtnsCheck(r1csFilename, wtnsFilename, logger) { logger.info(" WITNESS CHECK"); logger.info(` Curve: ${r1cs.curve.name}`); logger.info(` Vars (wires): ${r1cs.nVars}`); - logger.info(` Ouputs: ${r1cs.nOutputs}`); + logger.info(` Outputs: ${r1cs.nOutputs}`); logger.info(` Public Inputs: ${r1cs.nPubInputs}`); logger.info(` Private Inputs: ${r1cs.nPrvInputs}`); logger.info(` Labels: ${r1cs.nLabels}`); @@ -7533,7 +7554,7 @@ async function newZKey(r1csName, ptauName, zkeyName, logger) { if (cirPower < curve.Fr.s) { let sTauG1 = await readSection(fdPTau, sectionsPTau, 12, (domainSize*2-1)*sG1, domainSize*2*sG1); for (let i=0; i< domainSize; i++) { - if ((logger)&&(i%10000 == 0)) logger.debug(`spliting buffer: ${i}/${domainSize}`); + if ((logger)&&(i%10000 == 0)) logger.debug(`splitting buffer: ${i}/${domainSize}`); const buff = sTauG1.slice( (i*2+1)*sG1, (i*2+1)*sG1 + sG1 ); buffOut.set(buff, i*sG1); } @@ -7975,7 +7996,7 @@ async function phase2exportMPCParams(zkeyName, mpcparamsName, logger) { buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", logger); buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.Fr.w[zkey.power+1], "jacobian", "affine", logger); - // Remove last element. (The degree of H will be allways m-2) + // Remove last element. (The degree of H will be always m-2) buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1); buffBasesH_Tau = await curve.G1.batchLEMtoU(buffBasesH_Tau); await writePointArray("G1", buffBasesH_Tau); @@ -8114,9 +8135,9 @@ async function phase2importMPCParams(zkeyNameOld, mpcparamsName, zkeyNameNew, na // csHash newMPCParams.csHash = await fdMPCParams.read(64); - const nConttributions = await fdMPCParams.readUBE32(); + const nContributions = await fdMPCParams.readUBE32(); newMPCParams.contributions = []; - for (let i=0; i=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -8939,11 +8960,11 @@ async function beacon(zkeyNameOld, zkeyNameNew, name, beaconHashStr, numIteratio const contributionHasher = blake2bWasm.exports(64); hashPubKey(contributionHasher, curve, curContribution); - const contribuionHash = contributionHasher.digest(); + const contributionHash = contributionHasher.digest(); - if (logger) logger.info(formatHash(contribuionHash, "Contribution Hash: ")); + if (logger) logger.info(formatHash(contributionHash, "Contribution Hash: ")); - return contribuionHash; + return contributionHash; } async function zkeyExportJson(zkeyFileName) { @@ -8974,7 +8995,7 @@ async function zkeyExportJson(zkeyFileName) { along with snarkJS. If not, see . */ -async function bellmanContribute(curve, challengeFilename, responesFileName, entropy, logger) { +async function bellmanContribute(curve, challengeFilename, responseFileName, entropy, logger) { await blake2bWasm.exports.ready(); const rng = await getRandomRng(entropy); @@ -8986,7 +9007,7 @@ async function bellmanContribute(curve, challengeFilename, responesFileName, ent const sG2 = curve.G2.F.n8*2; const fdFrom = await readExisting(challengeFilename); - const fdTo = await createOverride(responesFileName); + const fdTo = await createOverride(responseFileName); await copy(sG1); // alpha1 @@ -9041,9 +9062,9 @@ async function bellmanContribute(curve, challengeFilename, responesFileName, ent mpcParams.csHash = await fdFrom.read(64); transcriptHasher.update(mpcParams.csHash); - const nConttributions = await fdFrom.readUBE32(); + const nContributions = await fdFrom.readUBE32(); mpcParams.contributions = []; - for (let i=0; i ... "); - console.log(" or snarkjs ... "); + console.log(" or snarkjs ... "); console.log(""); console.log("Type snarkjs --help to get more information for that command"); console.log(""); @@ -1010,7 +1010,7 @@ async function readContribution$1(fd, curve) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; @@ -1373,9 +1373,9 @@ async function importResponse(oldPtauFilename, contributionFilename, newPTauFile if (name) currentContribution.name = name; const sG1 = curve.F1.n8*2; - const scG1 = curve.F1.n8; // Compresed size + const scG1 = curve.F1.n8; // Compressed size const sG2 = curve.F2.n8*2; - const scG2 = curve.F2.n8; // Compresed size + const scG2 = curve.F2.n8; // Compressed size const fdResponse = await fastFile__namespace.readExisting(contributionFilename); @@ -1408,7 +1408,7 @@ async function importResponse(oldPtauFilename, contributionFilename, newPTauFile } if(!hashIsEqual(contributionPreviousHash,lastChallengeHash)) - throw new Error("Wrong contribution. this contribution is not based on the previus hash"); + throw new Error("Wrong contribution. This contribution is not based on the previous hash"); const hasherResponse = new Blake2b__default["default"](64); hasherResponse.update(contributionPreviousHash); @@ -2074,7 +2074,7 @@ async function verify(tauFilename, logger) { /* This function creates a new section in the fdTo file with id idSection. - It multiplies the pooints in fdFrom by first, first*inc, first*inc^2, .... + It multiplies the points in fdFrom by first, first*inc, first*inc^2, .... nPoint Times. It also updates the newChallengeHasher with the new points */ @@ -2148,7 +2148,7 @@ async function applyKeyToChallengeSection(fdOld, fdNew, responseHasher, curve, g along with snarkJS. If not, see . */ -async function challengeContribute(curve, challengeFilename, responesFileName, entropy, logger) { +async function challengeContribute(curve, challengeFilename, responseFileName, entropy, logger) { await Blake2b__default["default"].ready(); const fdFrom = await fastFile__namespace.readExisting(challengeFilename); @@ -2169,7 +2169,7 @@ async function challengeContribute(curve, challengeFilename, responesFileName, e const rng = await getRandomRng(entropy); - const fdTo = await fastFile__namespace.createOverride(responesFileName); + const fdTo = await fastFile__namespace.createOverride(responseFileName); // Calculate the hash const challengeHasher = Blake2b__default["default"](64); @@ -2249,7 +2249,7 @@ async function beacon$1(oldPtauFilename, newPTauFilename, name, beaconHashStr,n return false; } if (beaconHash.length>=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -3283,7 +3283,7 @@ async function newZKey(r1csName, ptauName, zkeyName, logger) { if (cirPower < curve.Fr.s) { let sTauG1 = await binFileUtils.readSection(fdPTau, sectionsPTau, 12, (domainSize*2-1)*sG1, domainSize*2*sG1); for (let i=0; i< domainSize; i++) { - if ((logger)&&(i%10000 == 0)) logger.debug(`spliting buffer: ${i}/${domainSize}`); + if ((logger)&&(i%10000 == 0)) logger.debug(`splitting buffer: ${i}/${domainSize}`); const buff = sTauG1.slice( (i*2+1)*sG1, (i*2+1)*sG1 + sG1 ); buffOut.set(buff, i*sG1); } @@ -4088,7 +4088,7 @@ async function readContribution(fd, curve, toObject) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; @@ -4214,7 +4214,7 @@ async function phase2exportMPCParams(zkeyName, mpcparamsName, logger) { buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", logger); buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.Fr.w[zkey.power+1], "jacobian", "affine", logger); - // Remove last element. (The degree of H will be allways m-2) + // Remove last element. (The degree of H will be always m-2) buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1); buffBasesH_Tau = await curve.G1.batchLEMtoU(buffBasesH_Tau); await writePointArray("G1", buffBasesH_Tau); @@ -4353,9 +4353,9 @@ async function phase2importMPCParams(zkeyNameOld, mpcparamsName, zkeyNameNew, na // csHash newMPCParams.csHash = await fdMPCParams.read(64); - const nConttributions = await fdMPCParams.readUBE32(); + const nContributions = await fdMPCParams.readUBE32(); newMPCParams.contributions = []; - for (let i=0; i=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -5178,11 +5178,11 @@ async function beacon(zkeyNameOld, zkeyNameNew, name, beaconHashStr, numIteratio const contributionHasher = Blake2b__default["default"](64); hashPubKey(contributionHasher, curve, curContribution); - const contribuionHash = contributionHasher.digest(); + const contributionHash = contributionHasher.digest(); - if (logger) logger.info(formatHash(contribuionHash, "Contribution Hash: ")); + if (logger) logger.info(formatHash(contributionHash, "Contribution Hash: ")); - return contribuionHash; + return contributionHash; } async function zkeyExportJson$1(zkeyFileName) { @@ -5213,7 +5213,7 @@ async function zkeyExportJson$1(zkeyFileName) { along with snarkJS. If not, see . */ -async function bellmanContribute(curve, challengeFilename, responesFileName, entropy, logger) { +async function bellmanContribute(curve, challengeFilename, responseFileName, entropy, logger) { await Blake2b__default["default"].ready(); const rng = await getRandomRng(entropy); @@ -5225,7 +5225,7 @@ async function bellmanContribute(curve, challengeFilename, responesFileName, ent const sG2 = curve.G2.F.n8*2; const fdFrom = await fastFile__namespace.readExisting(challengeFilename); - const fdTo = await fastFile__namespace.createOverride(responesFileName); + const fdTo = await fastFile__namespace.createOverride(responseFileName); await copy(sG1); // alpha1 @@ -5280,9 +5280,9 @@ async function bellmanContribute(curve, challengeFilename, responesFileName, ent mpcParams.csHash = await fdFrom.read(64); transcriptHasher.update(mpcParams.csHash); - const nConttributions = await fdFrom.readUBE32(); + const nContributions = await fdFrom.readUBE32(); mpcParams.contributions = []; - for (let i=0; i", - description: "Generate diferent powers of tau with smoller sizes ", + description: "Generate different powers of tau with smaller sizes ", longDescription: " This process generates smaller ptau files from a bigger power ptau", alias: ["ptt"], options: "-verbose|v", @@ -12617,7 +12617,7 @@ const commands = [ }, { cmd: "wtns check [circuit.r1cs] [[witness.wtns]", - description: "Check if a specific witness of a circuit fullfills the r1cs constraints", + description: "Check if a specific witness of a circuit fulfills the r1cs constraints", alias: ["wchk"], action: wtnsCheck }, @@ -12808,7 +12808,7 @@ TODO COMMANDS }, { cmd: "witness verify ", - description: "Verify a witness agains a r1cs", + description: "Verify a witness against a r1cs", alias: ["wv"], action: witnessVerify }, @@ -12881,7 +12881,7 @@ async function wtnsCalculate(params, options) { const input = JSON.parse(await fs__default["default"].promises.readFile(inputName, "utf8")); - await wtnsCalculate$1(input, wasmName, witnessName); + await wtnsCalculate$1(input, wasmName, witnessName, {}); return 0; } diff --git a/build/main.cjs b/build/main.cjs index deeb7fb5..c956f7ed 100644 --- a/build/main.cjs +++ b/build/main.cjs @@ -89,6 +89,13 @@ async function getCurveFromName(name) { } +var curves = /*#__PURE__*/Object.freeze({ + __proto__: null, + getCurveFromR: getCurveFromR, + getCurveFromQ: getCurveFromQ, + getCurveFromName: getCurveFromName +}); + /* Copyright 2018 0KIMS association. @@ -687,7 +694,7 @@ async function readContribution$1(fd, curve, toObject) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; @@ -1041,7 +1048,7 @@ async function buildABC1(curve, zkey, witness, coeffs, logger) { } /* -async function buldABC(curve, zkey, witness, coeffs, logger) { +async function buildABC(curve, zkey, witness, coeffs, logger) { const concurrency = curve.tm.concurrency; const sCoef = 4*3 + zkey.n8r; @@ -1254,7 +1261,7 @@ async function wtnsCalculate(_input, wasmFileName, wtnsFileName, options) { const wasm = await fdWasm.read(fdWasm.totalSize); await fdWasm.close(); - const wc = await circom_runtime.WitnessCalculatorBuilder(wasm); + const wc = await circom_runtime.WitnessCalculatorBuilder(wasm, options); if (wc.circom_version() == 1) { const w = await wc.calculateBinWitness(input); @@ -1746,7 +1753,7 @@ async function readContribution(fd, curve) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; @@ -2109,9 +2116,9 @@ async function importResponse(oldPtauFilename, contributionFilename, newPTauFile if (name) currentContribution.name = name; const sG1 = curve.F1.n8*2; - const scG1 = curve.F1.n8; // Compresed size + const scG1 = curve.F1.n8; // Compressed size const sG2 = curve.F2.n8*2; - const scG2 = curve.F2.n8; // Compresed size + const scG2 = curve.F2.n8; // Compressed size const fdResponse = await fastFile__namespace.readExisting(contributionFilename); @@ -2144,7 +2151,7 @@ async function importResponse(oldPtauFilename, contributionFilename, newPTauFile } if(!hashIsEqual(contributionPreviousHash,lastChallengeHash)) - throw new Error("Wrong contribution. this contribution is not based on the previus hash"); + throw new Error("Wrong contribution. This contribution is not based on the previous hash"); const hasherResponse = new Blake2b__default["default"](64); hasherResponse.update(contributionPreviousHash); @@ -2810,7 +2817,7 @@ async function verify(tauFilename, logger) { /* This function creates a new section in the fdTo file with id idSection. - It multiplies the pooints in fdFrom by first, first*inc, first*inc^2, .... + It multiplies the points in fdFrom by first, first*inc, first*inc^2, .... nPoint Times. It also updates the newChallengeHasher with the new points */ @@ -2884,7 +2891,7 @@ async function applyKeyToChallengeSection(fdOld, fdNew, responseHasher, curve, g along with snarkJS. If not, see . */ -async function challengeContribute(curve, challengeFilename, responesFileName, entropy, logger) { +async function challengeContribute(curve, challengeFilename, responseFileName, entropy, logger) { await Blake2b__default["default"].ready(); const fdFrom = await fastFile__namespace.readExisting(challengeFilename); @@ -2905,7 +2912,7 @@ async function challengeContribute(curve, challengeFilename, responesFileName, e const rng = await getRandomRng(entropy); - const fdTo = await fastFile__namespace.createOverride(responesFileName); + const fdTo = await fastFile__namespace.createOverride(responseFileName); // Calculate the hash const challengeHasher = Blake2b__default["default"](64); @@ -2985,7 +2992,7 @@ async function beacon$1(oldPtauFilename, newPTauFilename, name, beaconHashStr,n return false; } if (beaconHash.length>=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -4133,7 +4140,7 @@ async function wtnsCheck(r1csFilename, wtnsFilename, logger) { logger.info(" WITNESS CHECK"); logger.info(` Curve: ${r1cs.curve.name}`); logger.info(` Vars (wires): ${r1cs.nVars}`); - logger.info(` Ouputs: ${r1cs.nOutputs}`); + logger.info(` Outputs: ${r1cs.nOutputs}`); logger.info(` Public Inputs: ${r1cs.nPubInputs}`); logger.info(` Private Inputs: ${r1cs.nPrvInputs}`); logger.info(` Labels: ${r1cs.nLabels}`); @@ -4519,7 +4526,7 @@ async function newZKey(r1csName, ptauName, zkeyName, logger) { if (cirPower < curve.Fr.s) { let sTauG1 = await binFileUtils.readSection(fdPTau, sectionsPTau, 12, (domainSize*2-1)*sG1, domainSize*2*sG1); for (let i=0; i< domainSize; i++) { - if ((logger)&&(i%10000 == 0)) logger.debug(`spliting buffer: ${i}/${domainSize}`); + if ((logger)&&(i%10000 == 0)) logger.debug(`splitting buffer: ${i}/${domainSize}`); const buff = sTauG1.slice( (i*2+1)*sG1, (i*2+1)*sG1 + sG1 ); buffOut.set(buff, i*sG1); } @@ -4961,7 +4968,7 @@ async function phase2exportMPCParams(zkeyName, mpcparamsName, logger) { buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", logger); buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.Fr.w[zkey.power+1], "jacobian", "affine", logger); - // Remove last element. (The degree of H will be allways m-2) + // Remove last element. (The degree of H will be always m-2) buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1); buffBasesH_Tau = await curve.G1.batchLEMtoU(buffBasesH_Tau); await writePointArray("G1", buffBasesH_Tau); @@ -5100,9 +5107,9 @@ async function phase2importMPCParams(zkeyNameOld, mpcparamsName, zkeyNameNew, na // csHash newMPCParams.csHash = await fdMPCParams.read(64); - const nConttributions = await fdMPCParams.readUBE32(); + const nContributions = await fdMPCParams.readUBE32(); newMPCParams.contributions = []; - for (let i=0; i=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -5925,11 +5932,11 @@ async function beacon(zkeyNameOld, zkeyNameNew, name, beaconHashStr, numIteratio const contributionHasher = Blake2b__default["default"](64); hashPubKey(contributionHasher, curve, curContribution); - const contribuionHash = contributionHasher.digest(); + const contributionHash = contributionHasher.digest(); - if (logger) logger.info(formatHash(contribuionHash, "Contribution Hash: ")); + if (logger) logger.info(formatHash(contributionHash, "Contribution Hash: ")); - return contribuionHash; + return contributionHash; } async function zkeyExportJson(zkeyFileName) { @@ -5960,7 +5967,7 @@ async function zkeyExportJson(zkeyFileName) { along with snarkJS. If not, see . */ -async function bellmanContribute(curve, challengeFilename, responesFileName, entropy, logger) { +async function bellmanContribute(curve, challengeFilename, responseFileName, entropy, logger) { await Blake2b__default["default"].ready(); const rng = await getRandomRng(entropy); @@ -5972,7 +5979,7 @@ async function bellmanContribute(curve, challengeFilename, responesFileName, ent const sG2 = curve.G2.F.n8*2; const fdFrom = await fastFile__namespace.readExisting(challengeFilename); - const fdTo = await fastFile__namespace.createOverride(responesFileName); + const fdTo = await fastFile__namespace.createOverride(responseFileName); await copy(sG1); // alpha1 @@ -6027,9 +6034,9 @@ async function bellmanContribute(curve, challengeFilename, responesFileName, ent mpcParams.csHash = await fdFrom.read(64); transcriptHasher.update(mpcParams.csHash); - const nConttributions = await fdFrom.readUBE32(); + const nContributions = await fdFrom.readUBE32(); mpcParams.contributions = []; - for (let i=0; i0) { - res.unshift(0); - i--; - } + let i = size - res.length; + while (i > 0) { + res.unshift(0); + i--; + } } return res; } @@ -19915,31 +19922,10 @@ var snarkjs = (function (exports) { /* globals WebAssembly */ async function builder(code, options) { - - options = options || {}; - - let memorySize = 32767; - let memory; - let memoryAllocated = false; - while (!memoryAllocated){ - try{ - memory = new WebAssembly.Memory({initial:memorySize}); - memoryAllocated = true; - } catch(err){ - if(memorySize === 1){ - throw err; - } - console.warn("Could not allocate " + memorySize * 1024 * 64 + " bytes. This may cause severe instability. Trying with " + memorySize * 1024 * 64 / 2 + " bytes"); - memorySize = Math.floor(memorySize/2); - } - } - - const wasmModule = await WebAssembly.compile(code); - + let instance; let wc; - - let errStr = ""; - let msgStr = ""; + let memory; + options = options || {}; // Only circom 2 implements version lookup through exports in the WASM // We default to `1` and update if we see the `getVersion` export (major version) @@ -19947,122 +19933,157 @@ var snarkjs = (function (exports) { let majorVersion = 1; // After Circom 2.0.7, Blaine added exported functions for getting minor and patch versions let minorVersion = 0; - // If we can't lookup the patch version, assume the lowest + // If we can't look up the patch version, assume the lowest let patchVersion = 0; - const instance = await WebAssembly.instantiate(wasmModule, { - env: { - "memory": memory - }, - runtime: { - exceptionHandler: function(code) { - let err; - if (code == 1) { - err = "Signal not found. "; - } else if (code == 2) { - err = "Too many signals set. "; - } else if (code == 3) { - err = "Signal already set. "; - } else if (code == 4) { - err = "Assert Failed. "; - } else if (code == 5) { - err = "Not enough memory. "; - } else if (code == 6) { - err = "Input signal array access exceeds the size. "; - } else { - err = "Unknown error. "; + // If code is already prepared WebAssembly.Instance, we use it directly + if (code instanceof WebAssembly.Instance) { + instance = code; + } else { + + let memorySize = 32767; + + if (options.memorySize) { + // make sure we have int + memorySize = parseInt(options.memorySize); + if (memorySize < 0) { + throw new Error("Invalid memory size"); + } + } + + let memoryAllocated = false; + while (!memoryAllocated) { + try { + memory = new WebAssembly.Memory({initial: memorySize}); + memoryAllocated = true; + } catch (err) { + if (memorySize <= 1) { + throw err; } - console.error("ERROR: ", code, errStr); - throw new Error(err + errStr); - }, - // A new way of logging messages was added in Circom 2.0.7 that requires 2 new imports - // `printErrorMessage` and `writeBufferMessage`. - printErrorMessage: function() { - errStr += getMessage() + "\n"; + console.warn("Could not allocate " + memorySize * 1024 * 64 + " bytes. This may cause severe instability. Trying with " + memorySize * 1024 * 64 / 2 + " bytes"); + memorySize = Math.floor(memorySize / 2); + } + } + + const wasmModule = await WebAssembly.compile(code); + + let errStr = ""; + let msgStr = ""; + + instance = await WebAssembly.instantiate(wasmModule, { + env: { + "memory": memory }, - writeBufferMessage: function() { - const msg = getMessage(); - // Any calls to `log()` will always end with a `\n`, so that's when we print and reset - if (msg === "\n") { - console.log(msgStr); - msgStr = ""; - } else { - // If we've buffered other content, put a space in between the items - if (msgStr !== "") { - msgStr += " "; + runtime: { + exceptionHandler: function (code) { + let err; + if (code === 1) { + err = "Signal not found. "; + } else if (code === 2) { + err = "Too many signals set. "; + } else if (code === 3) { + err = "Signal already set. "; + } else if (code === 4) { + err = "Assert Failed. "; + } else if (code === 5) { + err = "Not enough memory. "; + } else if (code === 6) { + err = "Input signal array access exceeds the size. "; + } else { + err = "Unknown error. "; + } + console.error("ERROR: ", code, errStr); + throw new Error(err + errStr); + }, + // A new way of logging messages was added in Circom 2.0.7 that requires 2 new imports + // `printErrorMessage` and `writeBufferMessage`. + printErrorMessage: function () { + errStr += getMessage() + "\n"; + }, + writeBufferMessage: function () { + const msg = getMessage(); + // Any calls to `log()` will always end with a `\n`, so that's when we print and reset + if (msg === "\n") { + console.log(msgStr); + msgStr = ""; + } else { + // If we've buffered other content, put a space in between the items + if (msgStr !== "") { + msgStr += " "; + } + // Then append the message to the message we are creating + msgStr += msg; + } + }, + showSharedRWMemory: function () { + const shared_rw_memory_size = instance.exports.getFieldNumLen32(); + const arr = new Uint32Array(shared_rw_memory_size); + for (let j = 0; j < shared_rw_memory_size; j++) { + arr[shared_rw_memory_size - 1 - j] = instance.exports.readSharedRWMemory(j); } - // Then append the message to the message we are creating - msgStr += msg; - } - }, - showSharedRWMemory: function() { - const shared_rw_memory_size = instance.exports.getFieldNumLen32(); - const arr = new Uint32Array(shared_rw_memory_size); - for (let j=0; j= 2 && (minorVersion >= 1 || patchVersion >= 7)) { - // If we've buffered other content, put a space in between the items - if (msgStr !== "") { - msgStr += " "; + // In circom 2.0.7, they changed the log() function to allow strings and changed the + // output API. This smoothes over the breaking change. + if (majorVersion >= 2 && (minorVersion >= 1 || patchVersion >= 7)) { + // If we've buffered other content, put a space in between the items + if (msgStr !== "") { + msgStr += " "; + } + // Then append the value to the message we are creating + const msg = (Scalar.fromArray(arr, 0x100000000).toString()); + msgStr += msg; + } else { + console.log(Scalar.fromArray(arr, 0x100000000)); + } + }, + error: function (code, pstr, a, b, c, d) { + let errStr; + if (code === 7) { + errStr = p2str(pstr) + " " + wc.getFr(b).toString() + " != " + wc.getFr(c).toString() + " " + p2str(d); + } else if (code === 9) { + errStr = p2str(pstr) + " " + wc.getFr(b).toString() + " " + p2str(c); + } else if ((code === 5) && (options.sym)) { + errStr = p2str(pstr) + " " + options.sym.labelIdx2Name[c]; + } else { + errStr = p2str(pstr) + " " + a + " " + b + " " + c + " " + d; + } + console.log("ERROR: ", code, errStr); + throw new Error(errStr); + }, + log: function (a) { + console.log(wc.getFr(a).toString()); + }, + logGetSignal: function (signal, pVal) { + if (options.logGetSignal) { + options.logGetSignal(signal, wc.getFr(pVal)); + } + }, + logSetSignal: function (signal, pVal) { + if (options.logSetSignal) { + options.logSetSignal(signal, wc.getFr(pVal)); + } + }, + logStartComponent: function (cIdx) { + if (options.logStartComponent) { + options.logStartComponent(cIdx); + } + }, + logFinishComponent: function (cIdx) { + if (options.logFinishComponent) { + options.logFinishComponent(cIdx); } - // Then append the value to the message we are creating - const msg = (Scalar.fromArray(arr, 0x100000000).toString()); - msgStr += msg; - } else { - console.log(Scalar.fromArray(arr, 0x100000000)); - } - }, - error: function(code, pstr, a,b,c,d) { - let errStr; - if (code == 7) { - errStr=p2str(pstr) + " " + wc.getFr(b).toString() + " != " + wc.getFr(c).toString() + " " +p2str(d); - } else if (code == 9) { - errStr=p2str(pstr) + " " + wc.getFr(b).toString() + " " +p2str(c); - } else if ((code == 5)&&(options.sym)) { - errStr=p2str(pstr)+ " " + options.sym.labelIdx2Name[c]; - } else { - errStr=p2str(pstr)+ " " + a + " " + b + " " + c + " " + d; - } - console.log("ERROR: ", code, errStr); - throw new Error(errStr); - }, - log: function(a) { - console.log(wc.getFr(a).toString()); - }, - logGetSignal: function(signal, pVal) { - if (options.logGetSignal) { - options.logGetSignal(signal, wc.getFr(pVal) ); - } - }, - logSetSignal: function(signal, pVal) { - if (options.logSetSignal) { - options.logSetSignal(signal, wc.getFr(pVal) ); - } - }, - logStartComponent: function(cIdx) { - if (options.logStartComponent) { - options.logStartComponent(cIdx); - } - }, - logFinishComponent: function(cIdx) { - if (options.logFinishComponent) { - options.logFinishComponent(cIdx); } } - } - }); + }); + } - if (typeof instance.exports.getVersion == 'function') { + if (typeof instance.exports.getVersion == "function") { majorVersion = instance.exports.getVersion(); } - if (typeof instance.exports.getMinorVersion == 'function') { + if (typeof instance.exports.getMinorVersion == "function") { minorVersion = instance.exports.getMinorVersion(); } - if (typeof instance.exports.getPatchVersion == 'function') { + if (typeof instance.exports.getPatchVersion == "function") { patchVersion = instance.exports.getPatchVersion(); } @@ -20086,9 +20107,9 @@ var snarkjs = (function (exports) { return wc; function getMessage() { - var message = ""; - var c = instance.exports.getMessageChar(); - while ( c != 0 ) { + let message = ""; + let c = instance.exports.getMessageChar(); + while (c !== 0) { message += String.fromCharCode(c); c = instance.exports.getMessageChar(); } @@ -20100,11 +20121,12 @@ var snarkjs = (function (exports) { const bytes = []; - for (let i=0; i8[p+i]>0; i++) bytes.push(i8[p+i]); + for (let i = 0; i8[p + i] > 0; i++) bytes.push(i8[p + i]); return String.fromCharCode.apply(null, bytes); } } + class WitnessCalculatorCircom1 { constructor(memory, instance, sanityCheck) { this.memory = memory; @@ -20115,8 +20137,8 @@ var snarkjs = (function (exports) { const pRawPrime = this.instance.exports.getPRawPrime(); const arr = new Array(this.n32); - for (let i=0; i> 2) + i]; + for (let i = 0; i < this.n32; i++) { + arr[this.n32 - 1 - i] = this.i32[(pRawPrime >> 2) + i]; } this.prime = Scalar.fromArray(arr, 0x100000000); @@ -20125,8 +20147,8 @@ var snarkjs = (function (exports) { this.mask32 = Scalar.fromString("FFFFFFFF", 16); this.NVars = this.instance.exports.getNVars(); - this.n64 = Math.floor((this.Fr.bitLength - 1) / 64)+1; - this.R = this.Fr.e( Scalar.shiftLeft(1 , this.n64*64)); + this.n64 = Math.floor((this.Fr.bitLength - 1) / 64) + 1; + this.R = this.Fr.e(Scalar.shiftLeft(1, this.n64 * 64)); this.RInv = this.Fr.inv(this.R); this.sanityCheck = sanityCheck; } @@ -20140,10 +20162,10 @@ var snarkjs = (function (exports) { const pSigOffset = this.allocInt(); const pFr = this.allocFr(); const keys = Object.keys(input); - keys.forEach( (k) => { + keys.forEach((k) => { const h = fnvHash(k); - const hMSB = parseInt(h.slice(0,8), 16); - const hLSB = parseInt(h.slice(8,16), 16); + const hMSB = parseInt(h.slice(0, 8), 16); + const hLSB = parseInt(h.slice(8, 16), 16); try { this.instance.exports.getSignalOffset32(pSigOffset, 0, hMSB, hLSB); } catch (err) { @@ -20151,7 +20173,7 @@ var snarkjs = (function (exports) { } const sigOffset = this.getInt(pSigOffset); const fArr = flatArray(input[k]); - for (let i=0; i>2]; + return this.i32[p >> 2]; } setInt(p, v) { - this.i32[p>>2] = v; + this.i32[p >> 2] = v; } getFr(p) { const self = this; - const idx = (p>>2); + const idx = (p >> 2); if (self.i32[idx + 1] & 0x80000000) { const arr = new Array(self.n32); - for (let i=0; i> 2)] = 0; self.i32[(p >> 2) + 1] = 0x80000000; const arr = Scalar.toArray(v, 0x100000000); - for (let i=0; i=0) { + if (idx >= 0) { self.i32[(p >> 2) + 2 + i] = arr[idx]; } else { self.i32[(p >> 2) + 2 + i] = 0; @@ -20289,8 +20310,8 @@ var snarkjs = (function (exports) { this.instance.exports.getRawPrime(); const arr = new Uint32Array(this.n32); - for (let i=0; i { + let input_counter = 0; + keys.forEach((k) => { const h = fnvHash(k); - const hMSB = parseInt(h.slice(0,8), 16); - const hLSB = parseInt(h.slice(8,16), 16); + const hMSB = parseInt(h.slice(0, 8), 16); + const hLSB = parseInt(h.slice(8, 16), 16); const fArr = flatArray(input[k]); // Slight deviation from https://github.com/iden3/circom/blob/v2.1.6/code_producers/src/wasm_elements/common/witness_calculator.js // because I don't know when this exported function was added - if (typeof this.instance.exports.getInputSignalSize === 'function') { + if (typeof this.instance.exports.getInputSignalSize === "function") { let signalSize = this.instance.exports.getInputSignalSize(hMSB, hLSB); - if (signalSize < 0){ + if (signalSize < 0) { throw new Error(`Signal ${k} not found\n`); } if (fArr.length < signalSize) { @@ -20327,13 +20348,13 @@ var snarkjs = (function (exports) { throw new Error(`Too many values for input signal ${k}\n`); } } - for (let i=0; i. */ - async function challengeContribute(curve, challengeFilename, responesFileName, entropy, logger) { + async function challengeContribute(curve, challengeFilename, responseFileName, entropy, logger) { await blake2bWasm.exports.ready(); const fdFrom = await readExisting(challengeFilename); @@ -22109,7 +22130,7 @@ var snarkjs = (function (exports) { const rng = await getRandomRng(entropy); - const fdTo = await createOverride(responesFileName); + const fdTo = await createOverride(responseFileName); // Calculate the hash const challengeHasher = blake2bWasm.exports(64); @@ -22189,7 +22210,7 @@ var snarkjs = (function (exports) { return false; } if (beaconHash.length>=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -23687,7 +23708,7 @@ var snarkjs = (function (exports) { logger.info(" WITNESS CHECK"); logger.info(` Curve: ${r1cs.curve.name}`); logger.info(` Vars (wires): ${r1cs.nVars}`); - logger.info(` Ouputs: ${r1cs.nOutputs}`); + logger.info(` Outputs: ${r1cs.nOutputs}`); logger.info(` Public Inputs: ${r1cs.nPubInputs}`); logger.info(` Private Inputs: ${r1cs.nPrvInputs}`); logger.info(` Labels: ${r1cs.nLabels}`); @@ -24073,7 +24094,7 @@ var snarkjs = (function (exports) { if (cirPower < curve.Fr.s) { let sTauG1 = await readSection(fdPTau, sectionsPTau, 12, (domainSize*2-1)*sG1, domainSize*2*sG1); for (let i=0; i< domainSize; i++) { - if ((logger)&&(i%10000 == 0)) logger.debug(`spliting buffer: ${i}/${domainSize}`); + if ((logger)&&(i%10000 == 0)) logger.debug(`splitting buffer: ${i}/${domainSize}`); const buff = sTauG1.slice( (i*2+1)*sG1, (i*2+1)*sG1 + sG1 ); buffOut.set(buff, i*sG1); } @@ -24515,7 +24536,7 @@ var snarkjs = (function (exports) { buffBasesH_Tau = await curve.G1.fft(buffBasesH_Lodd, "affine", "jacobian", logger); buffBasesH_Tau = await curve.G1.batchApplyKey(buffBasesH_Tau, curve.Fr.neg(curve.Fr.e(2)), curve.Fr.w[zkey.power+1], "jacobian", "affine", logger); - // Remove last element. (The degree of H will be allways m-2) + // Remove last element. (The degree of H will be always m-2) buffBasesH_Tau = buffBasesH_Tau.slice(0, buffBasesH_Tau.byteLength - sG1); buffBasesH_Tau = await curve.G1.batchLEMtoU(buffBasesH_Tau); await writePointArray("G1", buffBasesH_Tau); @@ -24654,9 +24675,9 @@ var snarkjs = (function (exports) { // csHash newMPCParams.csHash = await fdMPCParams.read(64); - const nConttributions = await fdMPCParams.readUBE32(); + const nContributions = await fdMPCParams.readUBE32(); newMPCParams.contributions = []; - for (let i=0; i=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -25479,11 +25500,11 @@ var snarkjs = (function (exports) { const contributionHasher = blake2bWasm.exports(64); hashPubKey(contributionHasher, curve, curContribution); - const contribuionHash = contributionHasher.digest(); + const contributionHash = contributionHasher.digest(); - if (logger) logger.info(formatHash(contribuionHash, "Contribution Hash: ")); + if (logger) logger.info(formatHash(contributionHash, "Contribution Hash: ")); - return contribuionHash; + return contributionHash; } async function zkeyExportJson(zkeyFileName) { @@ -25514,7 +25535,7 @@ var snarkjs = (function (exports) { along with snarkJS. If not, see . */ - async function bellmanContribute(curve, challengeFilename, responesFileName, entropy, logger) { + async function bellmanContribute(curve, challengeFilename, responseFileName, entropy, logger) { await blake2bWasm.exports.ready(); const rng = await getRandomRng(entropy); @@ -25526,7 +25547,7 @@ var snarkjs = (function (exports) { const sG2 = curve.G2.F.n8*2; const fdFrom = await readExisting(challengeFilename); - const fdTo = await createOverride(responesFileName); + const fdTo = await createOverride(responseFileName); await copy(sG1); // alpha1 @@ -25581,9 +25602,9 @@ var snarkjs = (function (exports) { mpcParams.csHash = await fdFrom.read(64); transcriptHasher.update(mpcParams.csHash); - const nConttributions = await fdFrom.readUBE32(); + const nContributions = await fdFrom.readUBE32(); mpcParams.contributions = []; - for (let i=0; i>BigInt(e)}const c=r,d=s;function u(t){return(BigInt(t)&BigInt(1))==BigInt(1)}function g(t){let e=BigInt(t);const a=[];for(;e;)e&BigInt(1)?a.push(1):a.push(0),e>>=BigInt(1);return a}function f(t){if(t>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("Number too big");return Number(t)}function h(t,e){return BigInt(t)+BigInt(e)}function _(t,e){return BigInt(t)-BigInt(e)}function p(t){return-BigInt(t)}function m(t,e){return BigInt(t)*BigInt(e)}function w(t,e){return BigInt(t)**BigInt(e)}function L(t,e){return BigInt(t)/BigInt(e)}function b(t,e){return BigInt(t)%BigInt(e)}function y(t,e){return BigInt(t)==BigInt(e)}function A(t,e){return BigInt(t)>BigInt(e)}function C(t,e){return BigInt(t)>=BigInt(e)}function I(t,e){return BigInt(t)&BigInt(e)}function F(t,e,a,i){const o="0000000"+a.toString(16),n=new Uint32Array(t.buffer,t.byteOffset+e,i/4),l=1+(4*(o.length-7)-1>>5);for(let t=0;t>5);for(let t=0;tn[n.length-e-1]=t.toString(16).padStart(8,"0"))),a(n.join(""),16)}function v(t,e,i){i=i||t.byteLength,e=e||0;const o=new DataView(t.buffer,t.byteOffset+e,i),n=new Array(i/4);for(let t=0;t=0?BigInt(t):-BigInt(t)},add:h,band:I,bitLength:o,bits:g,bor:function(t,e){return BigInt(t)|BigInt(e)},bxor:function(t,e){return BigInt(t)^BigInt(e)},div:L,e:i,eq:y,exp:function(t,e){return BigInt(t)**BigInt(e)},fromArray:function(t,e){let a=BigInt(0);e=BigInt(e);for(let i=0;i>=BigInt(1)}return a},neg:p,neq:function(t,e){return BigInt(t)!=BigInt(e)},one:G,pow:w,shiftLeft:r,shiftRight:s,shl:c,shr:d,square:function(t){return BigInt(t)*BigInt(t)},sub:_,toArray:function(t,e){const a=[];let i=BigInt(t);for(e=BigInt(e);i;)a.unshift(Number(i%e)),i/=e;return a},toLEBuff:S,toNumber:f,toRprBE:x,toRprLE:F,toString:B,zero:P});function T(t,e,a){if(l(a))return t.one;const i=g(a);if(0==i.length)return t.one;let o=e;for(let a=i.length-2;a>=0;a--)o=t.square(o),i[a]&&(o=t.mul(o,e));return o}function U(t){if(t.m%2==1)if(y(b(t.p,4),1))if(y(b(t.p,8),1))if(y(b(t.p,16),1))!function(t){t.sqrt_q=w(t.p,t.m),t.sqrt_s=0,t.sqrt_t=_(t.sqrt_q,1);for(;!u(t.sqrt_t);)t.sqrt_s=t.sqrt_s+1,t.sqrt_t=L(t.sqrt_t,2);let e=t.one;for(;t.eq(e,t.one);){const a=t.random();t.sqrt_z=t.pow(a,t.sqrt_t),e=t.pow(t.sqrt_z,2**(t.sqrt_s-1))}t.sqrt_tm1d2=L(_(t.sqrt_t,1),2),t.sqrt=function(t){const e=this;if(e.isZero(t))return e.zero;let a=e.pow(t,e.sqrt_tm1d2);const i=e.pow(e.mul(e.square(a),t),2**(e.sqrt_s-1));if(e.eq(i,e.negone))return null;let o=e.sqrt_s,n=e.mul(t,a),l=e.mul(n,a),r=e.sqrt_z;for(;!e.eq(l,e.one);){let t=e.square(l),i=1;for(;!e.eq(t,e.one);)t=e.square(t),i++;a=r;for(let t=0;t>>0,t[o]=(t[o]^t[e])>>>0,t[o]=(t[o]<<16|t[o]>>>16&65535)>>>0,t[i]=t[i]+t[o]>>>0,t[a]=(t[a]^t[i])>>>0,t[a]=(t[a]<<12|t[a]>>>20&4095)>>>0,t[e]=t[e]+t[a]>>>0,t[o]=(t[o]^t[e])>>>0,t[o]=(t[o]<<8|t[o]>>>24&255)>>>0,t[i]=t[i]+t[o]>>>0,t[a]=(t[a]^t[i])>>>0,t[a]=(t[a]<<7|t[a]>>>25&127)>>>0}class Q{constructor(t){t=t||[0,0,0,0,0,0,0,0],this.state=[1634760805,857760878,2036477234,1797285236,t[0],t[1],t[2],t[3],t[4],t[5],t[6],t[7],0,0,0,0],this.idx=16,this.buff=new Array(16)}nextU32(){return 16==this.idx&&this.update(),this.buff[this.idx++]}nextU64(){return h(m(this.nextU32(),4294967296),this.nextU32())}nextBool(){return 1==(1&this.nextU32())}update(){for(let t=0;t<16;t++)this.buff[t]=this.state[t];for(let e=0;e<10;e++)z(t=this.buff,0,4,8,12),z(t,1,5,9,13),z(t,2,6,10,14),z(t,3,7,11,15),z(t,0,5,10,15),z(t,1,6,11,12),z(t,2,7,8,13),z(t,3,4,9,14);var t;for(let t=0;t<16;t++)this.buff[t]=this.buff[t]+this.state[t]>>>0;this.idx=0,this.state[12]=this.state[12]+1>>>0,0==this.state[12]&&(this.state[13]=this.state[13]+1>>>0,0==this.state[13]&&(this.state[14]=this.state[14]+1>>>0,0==this.state[14]&&(this.state[15]=this.state[15]+1>>>0)))}}function q(t){let e=new Uint8Array(t);if(void 0!==globalThis.crypto)globalThis.crypto.getRandomValues(e);else for(let a=0;a>>0;return e}let M=null;function k(){return M||(M=new Q(function(){const t=q(32),e=new Uint32Array(t.buffer),a=[];for(let t=0;t<8;t++)a.push(e[t]);return a}()),M)}class R{constructor(t,e,a){this.F=e,this.G=t,this.opMulGF=a;let i=e.sqrt_t||e.t,o=e.sqrt_s||e.s,n=e.one;for(;e.eq(e.pow(n,e.half),e.one);)n=e.add(n,e.one);this.w=new Array(o+1),this.wi=new Array(o+1),this.w[o]=this.F.pow(n,i),this.wi[o]=this.F.inv(this.w[o]);let l=o-1;for(;l>=0;)this.w[l]=this.F.square(this.w[l+1]),this.wi[l]=this.F.square(this.wi[l+1]),l--;this.roots=[],this._setRoots(Math.min(o,15))}_setRoots(t){for(let e=t;e>=0&&!this.roots[e];e--){let t=this.F.one;const a=1<>1,r=N(t,e,a-1,i,2*o),s=N(t,e,a-1,i+o,2*o),c=new Array(n);for(let e=0;e>this.one,this.bitLength=o(this.p),this.mask=(this.one<>this.one;this.nqr=this.two;let a=this.pow(this.nqr,e);for(;!this.eq(a,this.negone);)this.nqr=this.nqr+this.one,a=this.pow(this.nqr,e);for(this.s=0,this.t=this.negone;(this.t&this.one)==this.zero;)this.s=this.s+1,this.t=this.t>>this.one;this.nqr_to_t=this.pow(this.nqr,this.t),U(this),this.FFT=new R(this,this,this.mul.bind(this)),this.fft=this.FFT.fft.bind(this.FFT),this.ifft=this.FFT.ifft.bind(this.FFT),this.w=this.FFT.w,this.wi=this.FFT.wi,this.shift=this.square(this.nqr),this.k=this.exp(this.nqr,2**this.s)}e(t,e){let a;if(e?16==e&&(a=BigInt("0x"+t)):a=BigInt(t),a<0){let t=-a;return t>=this.p&&(t%=this.p),this.p-t}return a>=this.p?a%this.p:a}add(t,e){const a=t+e;return a>=this.p?a-this.p:a}sub(t,e){return t>=e?t-e:this.p-e+t}neg(t){return t?this.p-t:t}mul(t,e){return t*e%this.p}mulScalar(t,e){return t*this.e(e)%this.p}square(t){return t*t%this.p}eq(t,e){return t==e}neq(t,e){return t!=e}lt(t,e){return(t>this.half?t-this.p:t)<(e>this.half?e-this.p:e)}gt(t,e){return(t>this.half?t-this.p:t)>(e>this.half?e-this.p:e)}leq(t,e){return(t>this.half?t-this.p:t)<=(e>this.half?e-this.p:e)}geq(t,e){return(t>this.half?t-this.p:t)>=(e>this.half?e-this.p:e)}div(t,e){return this.mul(t,this.inv(e))}idiv(t,e){if(!e)throw new Error("Division by zero");return t/e}inv(t){if(!t)throw new Error("Division by zero");let e=this.zero,a=this.p,i=this.one,o=t%this.p;for(;o;){let t=a/o;[e,i]=[i,e-t*i],[a,o]=[o,a-t*o]}return e=this.p?a-this.p:a}bor(t,e){const a=(t|e)&this.mask;return a>=this.p?a-this.p:a}bxor(t,e){const a=(t^e)&this.mask;return a>=this.p?a-this.p:a}bnot(t){const e=t^this.mask;return e>=this.p?e-this.p:e}shl(t,e){if(Number(e)=this.p?a-this.p:a}{const a=this.p-e;return Number(a)>a:this.zero}}shr(t,e){if(Number(e)>e;{const a=this.p-e;if(Number(a)=this.p?e-this.p:e}return 0}}land(t,e){return t&&e?this.one:this.zero}lor(t,e){return t||e?this.one:this.zero}lnot(t){return t?this.zero:this.one}sqrt_old(t){if(t==this.zero)return this.zero;if(this.pow(t,this.negone>>this.one)!=this.one)return null;let e=this.s,a=this.nqr_to_t,i=this.pow(t,this.t),o=this.pow(t,this.add(this.t,this.one)>>this.one);for(;i!=this.one;){let t=this.square(i),n=1;for(;t!=this.one;)n++,t=this.square(t);let l=a;for(let t=0;tthis.p>>this.one&&(o=this.neg(o)),o}normalize(t,e){if((t=BigInt(t,e))<0){let e=-t;return e>=this.p&&(e%=this.p),this.p-e}return t>=this.p?t%this.p:t}random(){const t=2*this.bitLength/8;let e=this.zero;for(let a=0;athis.half&&10==e){a="-"+(this.p-t).toString(e)}else a=t.toString(e);return a}isZero(t){return t==this.zero}fromRng(t){let e;do{e=this.zero;for(let a=0;a=this.p);return e=e*this.Ri%this.p,e}fft(t){return this.FFT.fft(t)}ifft(t){return this.FFT.ifft(t)}toRprLE(t,e,a){F(t,e,a,8*this.n64)}toRprBE(t,e,a){x(t,e,a,8*this.n64)}toRprBEM(t,e,a){return this.toRprBE(t,e,this.mul(this.R,a))}toRprLEM(t,e,a){return this.toRprLE(t,e,this.mul(this.R,a))}fromRprLE(t,e){return E(t,e,this.n8)}fromRprBE(t,e){return v(t,e,this.n8)}fromRprLEM(t,e){return this.mul(this.fromRprLE(t,e),this.Ri)}fromRprBEM(t,e){return this.mul(this.fromRprBE(t,e),this.Ri)}toObject(t){return t}}var V={bigInt2BytesLE:function(t,e){const a=Array(e);let i=BigInt(t);for(let t=0;t>=8n;return a},bigInt2U32LE:function(t,e){const a=Array(e);let i=BigInt(t);for(let t=0;t>=32n;return a},isOcamNum:function(t){return!!Array.isArray(t)&&(3==t.length&&("number"==typeof t[0]&&("number"==typeof t[1]&&!!Array.isArray(t[2]))))}},K=function(t,e,a,i,o,n,l){const r=t.addFunction(e);r.addParam("base","i32"),r.addParam("scalar","i32"),r.addParam("scalarLength","i32"),r.addParam("r","i32"),r.addLocal("i","i32"),r.addLocal("b","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(a));r.addCode(s.if(s.i32_eqz(s.getLocal("scalarLength")),[...s.call(l,s.getLocal("r")),...s.ret([])])),r.addCode(s.call(n,s.getLocal("base"),c)),r.addCode(s.call(l,s.getLocal("r"))),r.addCode(s.setLocal("i",s.getLocal("scalarLength"))),r.addCode(s.block(s.loop(s.setLocal("i",s.i32_sub(s.getLocal("i"),s.i32_const(1))),s.setLocal("b",s.i32_load8_u(s.i32_add(s.getLocal("scalar"),s.getLocal("i")))),...function(){const t=[];for(let e=0;e<8;e++)t.push(...s.call(o,s.getLocal("r"),s.getLocal("r")),...s.if(s.i32_ge_u(s.getLocal("b"),s.i32_const(128>>e)),[...s.setLocal("b",s.i32_sub(s.getLocal("b"),s.i32_const(128>>e))),...s.call(i,s.getLocal("r"),c,s.getLocal("r"))]));return t}(),s.br_if(1,s.i32_eqz(s.getLocal("i"))),s.br(0))))},j=function(t,e){const a=8*t.modules[e].n64,i=t.addFunction(e+"_batchInverse");i.addParam("pIn","i32"),i.addParam("inStep","i32"),i.addParam("n","i32"),i.addParam("pOut","i32"),i.addParam("outStep","i32"),i.addLocal("itAux","i32"),i.addLocal("itIn","i32"),i.addLocal("itOut","i32"),i.addLocal("i","i32");const o=i.getCodeBuilder(),n=o.i32_const(t.alloc(a));i.addCode(o.setLocal("itAux",o.i32_load(o.i32_const(0))),o.i32_store(o.i32_const(0),o.i32_add(o.getLocal("itAux"),o.i32_mul(o.i32_add(o.getLocal("n"),o.i32_const(1)),o.i32_const(a))))),i.addCode(o.call(e+"_one",o.getLocal("itAux")),o.setLocal("itIn",o.getLocal("pIn")),o.setLocal("itAux",o.i32_add(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("i",o.i32_const(0)),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("i"),o.getLocal("n"))),o.if(o.call(e+"_isZero",o.getLocal("itIn")),o.call(e+"_copy",o.i32_sub(o.getLocal("itAux"),o.i32_const(a)),o.getLocal("itAux")),o.call(e+"_mul",o.getLocal("itIn"),o.i32_sub(o.getLocal("itAux"),o.i32_const(a)),o.getLocal("itAux"))),o.setLocal("itIn",o.i32_add(o.getLocal("itIn"),o.getLocal("inStep"))),o.setLocal("itAux",o.i32_add(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("i",o.i32_add(o.getLocal("i"),o.i32_const(1))),o.br(0))),o.setLocal("itIn",o.i32_sub(o.getLocal("itIn"),o.getLocal("inStep"))),o.setLocal("itAux",o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("itOut",o.i32_add(o.getLocal("pOut"),o.i32_mul(o.i32_sub(o.getLocal("n"),o.i32_const(1)),o.getLocal("outStep")))),o.call(e+"_inverse",o.getLocal("itAux"),o.getLocal("itAux")),o.block(o.loop(o.br_if(1,o.i32_eqz(o.getLocal("i"))),o.if(o.call(e+"_isZero",o.getLocal("itIn")),[...o.call(e+"_copy",o.getLocal("itAux"),o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),...o.call(e+"_zero",o.getLocal("itOut"))],[...o.call(e+"_copy",o.i32_sub(o.getLocal("itAux"),o.i32_const(a)),n),...o.call(e+"_mul",o.getLocal("itAux"),o.getLocal("itIn"),o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),...o.call(e+"_mul",o.getLocal("itAux"),n,o.getLocal("itOut"))]),o.setLocal("itIn",o.i32_sub(o.getLocal("itIn"),o.getLocal("inStep"))),o.setLocal("itOut",o.i32_sub(o.getLocal("itOut"),o.getLocal("outStep"))),o.setLocal("itAux",o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("i",o.i32_sub(o.getLocal("i"),o.i32_const(1))),o.br(0)))),i.addCode(o.i32_store(o.i32_const(0),o.getLocal("itAux")))};var H=function(t,e,a,i,o,n){void 0===n&&(n=ie?1:-1}function J(t){return t*t}function X(t){return t%2n!==0n}function tt(t){return t%2n===0n}function et(t){return t<0n}function at(t){return t>0n}function it(t){return et(t)?t.toString(2).length-1:t.toString(2).length}function ot(t){return t<0n?-t:t}function nt(t){return 1n===ot(t)}function lt(t,e){for(var a,i,o,n=0n,l=1n,r=e,s=ot(t);0n!==s;)a=r/s,i=n,o=r,n=l,r=s,l=i-a*l,s=o-a*s;if(!nt(r))throw new Error(t.toString()+" and "+e.toString()+" are not co-prime");return-1===Y(n,0n)&&(n+=e),et(t)?-n:n}function rt(t,e,a){if(0n===a)throw new Error("Cannot take modPow with modulus 0");var i=1n,o=t%a;for(et(e)&&(e*=-1n,o=lt(o,a));at(e);){if(0n===o)return 0n;X(e)&&(i=i*o%a),e/=2n,o=J(o)%a}return i}function st(t,e){return 0n!==e&&(!!nt(e)||(0===function(t,e){return(t=t>=0n?t:-t)===(e=e>=0n?e:-e)?0:t>e?1:-1}(e,2n)?tt(t):t%e===0n))}function ct(t,e){for(var a,i,o,n=function(t){return t-1n}(t),l=n,r=0;tt(l);)l/=2n,r++;t:for(i=0;i>1&&i>1,t>>1)))),e.addCode(a.setLocal(s,a.i64_add(a.getLocal(s),a.i64_shr_u(a.getLocal(r),a.i64_const(32)))))),t>0&&(e.addCode(a.setLocal(r,a.i64_add(a.i64_and(a.getLocal(r),a.i64_const(4294967295)),a.i64_and(a.getLocal(c),a.i64_const(4294967295))))),e.addCode(a.setLocal(s,a.i64_add(a.i64_add(a.getLocal(s),a.i64_shr_u(a.getLocal(r),a.i64_const(32))),a.getLocal(d))))),e.addCode(a.i64_store32(a.getLocal("r"),4*t,a.getLocal(r))),e.addCode(a.setLocal(c,a.getLocal(s)),a.setLocal(d,a.i64_shr_u(a.getLocal(c),a.i64_const(32))))}e.addCode(a.i64_store32(a.getLocal("r"),4*o*2-4,a.getLocal(c)))}(),function(){const e=t.addFunction(i+"_squareOld");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(i+"_mul",a.getLocal("x"),a.getLocal("x"),a.getLocal("r")))}(),function(){!function(){const e=t.addFunction(i+"__mul1");e.addParam("px","i32"),e.addParam("y","i64"),e.addParam("pr","i32"),e.addLocal("c","i64");const a=e.getCodeBuilder();e.addCode(a.setLocal("c",a.i64_mul(a.i64_load32_u(a.getLocal("px"),0,0),a.getLocal("y")))),e.addCode(a.i64_store32(a.getLocal("pr"),0,0,a.getLocal("c")));for(let t=1;t>1n,p=t.alloc(r,ut.bigInt2BytesLE(_,r)),m=_+1n,w=t.alloc(r,ut.bigInt2BytesLE(m,r));t.modules[s]={pq:d,pR2:u,n64:n,q:o,pOne:g,pZero:f,pePlusOne:w};let L=2n;if(Lt(o))for(;wt(L,_,o)!==h;)L+=1n;let b=0,y=h;for(;!bt(y)&&0n!==y;)b++,y>>=1n;const A=t.alloc(r,ut.bigInt2BytesLE(y,r)),C=wt(L,y,o),I=t.alloc(ut.bigInt2BytesLE((C<>1n,x=t.alloc(r,ut.bigInt2BytesLE(F,r));return t.exportFunction(c+"_copy",s+"_copy"),t.exportFunction(c+"_zero",s+"_zero"),t.exportFunction(c+"_isZero",s+"_isZero"),t.exportFunction(c+"_eq",s+"_eq"),function(){const e=t.addFunction(s+"_isOne");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder();e.addCode(a.ret(a.call(c+"_eq",a.getLocal("x"),a.i32_const(g))))}(),function(){const e=t.addFunction(s+"_add");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.if(a.call(c+"_add",a.getLocal("x"),a.getLocal("y"),a.getLocal("r")),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),a.if(a.call(c+"_gte",a.getLocal("r"),a.i32_const(d)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))))))}(),function(){const e=t.addFunction(s+"_sub");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.if(a.call(c+"_sub",a.getLocal("x"),a.getLocal("y"),a.getLocal("r")),a.drop(a.call(c+"_add",a.getLocal("r"),a.i32_const(d),a.getLocal("r")))))}(),function(){const e=t.addFunction(s+"_neg");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_sub",a.i32_const(f),a.getLocal("x"),a.getLocal("r")))}(),function(){const e=t.alloc(l*l*8),a=t.addFunction(s+"_mReduct");a.addParam("t","i32"),a.addParam("r","i32"),a.addLocal("np32","i64"),a.addLocal("c","i64"),a.addLocal("m","i64");const i=a.getCodeBuilder(),n=Number(0x100000000n-mt(o,0x100000000n));a.addCode(i.setLocal("np32",i.i64_const(n)));for(let t=0;t=l&&e.addCode(a.i64_store32(a.getLocal("r"),4*(t-l),a.getLocal(h))),[h,_]=[_,h],e.addCode(a.setLocal(_,a.i64_shr_u(a.getLocal(h),a.i64_const(32))))}e.addCode(a.i64_store32(a.getLocal("r"),4*l-4,a.getLocal(h))),e.addCode(a.if(a.i32_wrap_i64(a.getLocal(_)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),a.if(a.call(c+"_gte",a.getLocal("r"),a.i32_const(d)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))))))}(),function(){const e=t.addFunction(s+"_square");e.addParam("x","i32"),e.addParam("r","i32"),e.addLocal("c0","i64"),e.addLocal("c1","i64"),e.addLocal("c0_old","i64"),e.addLocal("c1_old","i64"),e.addLocal("np32","i64");for(let t=0;t>1&&i>1,t>>1)))),e.addCode(a.setLocal(h,a.i64_add(a.getLocal(h),a.i64_shr_u(a.getLocal(f),a.i64_const(32)))))),t>0&&(e.addCode(a.setLocal(f,a.i64_add(a.i64_and(a.getLocal(f),a.i64_const(4294967295)),a.i64_and(a.getLocal(_),a.i64_const(4294967295))))),e.addCode(a.setLocal(h,a.i64_add(a.i64_add(a.getLocal(h),a.i64_shr_u(a.getLocal(f),a.i64_const(32))),a.getLocal(p)))));for(let i=Math.max(1,t-l+1);i<=t&&i=l&&e.addCode(a.i64_store32(a.getLocal("r"),4*(t-l),a.getLocal(f))),e.addCode(a.setLocal(_,a.getLocal(h)),a.setLocal(p,a.i64_shr_u(a.getLocal(_),a.i64_const(32))))}e.addCode(a.i64_store32(a.getLocal("r"),4*l-4,a.getLocal(_))),e.addCode(a.if(a.i32_wrap_i64(a.getLocal(p)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),a.if(a.call(c+"_gte",a.getLocal("r"),a.i32_const(d)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))))))}(),function(){const e=t.addFunction(s+"_squareOld");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_mul",a.getLocal("x"),a.getLocal("x"),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_toMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_mul",a.getLocal("x"),a.i32_const(u),a.getLocal("r")))}(),function(){const e=t.alloc(2*r),a=t.addFunction(s+"_fromMontgomery");a.addParam("x","i32"),a.addParam("r","i32");const i=a.getCodeBuilder();a.addCode(i.call(c+"_copy",i.getLocal("x"),i.i32_const(e))),a.addCode(i.call(c+"_zero",i.i32_const(e+r))),a.addCode(i.call(s+"_mReduct",i.i32_const(e),i.getLocal("r")))}(),function(){const e=t.addFunction(s+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r));e.addCode(a.call(s+"_fromMontgomery",a.getLocal("x"),i),a.call(c+"_gte",i,a.i32_const(w)))}(),function(){const e=t.addFunction(s+"_sign");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r));e.addCode(a.if(a.call(c+"_isZero",a.getLocal("x")),a.ret(a.i32_const(0))),a.call(s+"_fromMontgomery",a.getLocal("x"),i),a.if(a.call(c+"_gte",i,a.i32_const(w)),a.ret(a.i32_const(-1))),a.ret(a.i32_const(1)))}(),function(){const e=t.addFunction(s+"_inverse");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_fromMontgomery",a.getLocal("x"),a.getLocal("r"))),e.addCode(a.call(c+"_inverseMod",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),e.addCode(a.call(s+"_toMontgomery",a.getLocal("r"),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_one");e.addParam("pr","i32");const a=e.getCodeBuilder();e.addCode(a.call(c+"_copy",a.i32_const(g),a.getLocal("pr")))}(),function(){const e=t.addFunction(s+"_load");e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32"),e.addLocal("p","i32"),e.addLocal("l","i32"),e.addLocal("i","i32"),e.addLocal("j","i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r)),o=t.alloc(r),n=a.i32_const(o);e.addCode(a.call(c+"_zero",a.getLocal("r")),a.setLocal("i",a.i32_const(r)),a.setLocal("p",a.getLocal("scalar")),a.block(a.loop(a.br_if(1,a.i32_gt_u(a.getLocal("i"),a.getLocal("scalarLen"))),a.if(a.i32_eq(a.getLocal("i"),a.i32_const(r)),a.call(s+"_one",i),a.call(s+"_mul",i,a.i32_const(u),i)),a.call(s+"_mul",a.getLocal("p"),i,n),a.call(s+"_add",a.getLocal("r"),n,a.getLocal("r")),a.setLocal("p",a.i32_add(a.getLocal("p"),a.i32_const(r))),a.setLocal("i",a.i32_add(a.getLocal("i"),a.i32_const(r))),a.br(0))),a.setLocal("l",a.i32_rem_u(a.getLocal("scalarLen"),a.i32_const(r))),a.if(a.i32_eqz(a.getLocal("l")),a.ret([])),a.call(c+"_zero",n),a.setLocal("j",a.i32_const(0)),a.block(a.loop(a.br_if(1,a.i32_eq(a.getLocal("j"),a.getLocal("l"))),a.i32_store8(a.getLocal("j"),o,a.i32_load8_u(a.getLocal("p"))),a.setLocal("p",a.i32_add(a.getLocal("p"),a.i32_const(1))),a.setLocal("j",a.i32_add(a.getLocal("j"),a.i32_const(1))),a.br(0))),a.if(a.i32_eq(a.getLocal("i"),a.i32_const(r)),a.call(s+"_one",i),a.call(s+"_mul",i,a.i32_const(u),i)),a.call(s+"_mul",n,i,n),a.call(s+"_add",a.getLocal("r"),n,a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_timesScalar");e.addParam("x","i32"),e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r));e.addCode(a.call(s+"_load",a.getLocal("scalar"),a.getLocal("scalarLen"),i),a.call(s+"_toMontgomery",i,i),a.call(s+"_mul",a.getLocal("x"),i,a.getLocal("r")))}(),ft(t,s),ht(t,s+"_batchToMontgomery",s+"_toMontgomery",r,r),ht(t,s+"_batchFromMontgomery",s+"_fromMontgomery",r,r),ht(t,s+"_batchNeg",s+"_neg",r,r),_t(t,s+"_batchAdd",s+"_add",r,r),_t(t,s+"_batchSub",s+"_sub",r,r),_t(t,s+"_batchMul",s+"_mul",r,r),t.exportFunction(s+"_add"),t.exportFunction(s+"_sub"),t.exportFunction(s+"_neg"),t.exportFunction(s+"_isNegative"),t.exportFunction(s+"_isOne"),t.exportFunction(s+"_sign"),t.exportFunction(s+"_mReduct"),t.exportFunction(s+"_mul"),t.exportFunction(s+"_square"),t.exportFunction(s+"_squareOld"),t.exportFunction(s+"_fromMontgomery"),t.exportFunction(s+"_toMontgomery"),t.exportFunction(s+"_inverse"),t.exportFunction(s+"_one"),t.exportFunction(s+"_load"),t.exportFunction(s+"_timesScalar"),gt(t,s+"_exp",r,s+"_mul",s+"_square",c+"_copy",s+"_one"),t.exportFunction(s+"_exp"),t.exportFunction(s+"_batchInverse"),Lt(o)&&(!function(){const e=t.addFunction(s+"_sqrt");e.addParam("n","i32"),e.addParam("r","i32"),e.addLocal("m","i32"),e.addLocal("i","i32"),e.addLocal("j","i32");const a=e.getCodeBuilder(),i=a.i32_const(g),o=a.i32_const(t.alloc(r)),n=a.i32_const(t.alloc(r)),l=a.i32_const(t.alloc(r)),c=a.i32_const(t.alloc(r)),d=a.i32_const(t.alloc(r));e.addCode(a.if(a.call(s+"_isZero",a.getLocal("n")),a.ret(a.call(s+"_zero",a.getLocal("r")))),a.setLocal("m",a.i32_const(b)),a.call(s+"_copy",a.i32_const(I),o),a.call(s+"_exp",a.getLocal("n"),a.i32_const(A),a.i32_const(r),n),a.call(s+"_exp",a.getLocal("n"),a.i32_const(x),a.i32_const(r),l),a.block(a.loop(a.br_if(1,a.call(s+"_eq",n,i)),a.call(s+"_square",n,c),a.setLocal("i",a.i32_const(1)),a.block(a.loop(a.br_if(1,a.call(s+"_eq",c,i)),a.call(s+"_square",c,c),a.setLocal("i",a.i32_add(a.getLocal("i"),a.i32_const(1))),a.br(0))),a.call(s+"_copy",o,d),a.setLocal("j",a.i32_sub(a.i32_sub(a.getLocal("m"),a.getLocal("i")),a.i32_const(1))),a.block(a.loop(a.br_if(1,a.i32_eqz(a.getLocal("j"))),a.call(s+"_square",d,d),a.setLocal("j",a.i32_sub(a.getLocal("j"),a.i32_const(1))),a.br(0))),a.setLocal("m",a.getLocal("i")),a.call(s+"_square",d,o),a.call(s+"_mul",n,o,n),a.call(s+"_mul",l,d,l),a.br(0))),a.if(a.call(s+"_isNegative",l),a.call(s+"_neg",l,a.getLocal("r")),a.call(s+"_copy",l,a.getLocal("r"))))}(),function(){const e=t.addFunction(s+"_isSquare");e.addParam("n","i32"),e.setReturnType("i32");const a=e.getCodeBuilder(),i=a.i32_const(g),o=a.i32_const(t.alloc(r));e.addCode(a.if(a.call(s+"_isZero",a.getLocal("n")),a.ret(a.i32_const(1))),a.call(s+"_exp",a.getLocal("n"),a.i32_const(p),a.i32_const(r),o),a.call(s+"_eq",o,i))}(),t.exportFunction(s+"_sqrt"),t.exportFunction(s+"_isSquare")),t.exportFunction(s+"_batchToMontgomery"),t.exportFunction(s+"_batchFromMontgomery"),s};const Ct=At,{bitLength:It}=W;var Ft=function(t,e,a,i,o){const n=BigInt(e),l=Math.floor((It(n-1n)-1)/64)+1,r=8*l,s=a||"f1";if(t.modules[s])return s;t.modules[s]={n64:l};const c=o||"int",d=Ct(t,n,i,c),u=t.modules[d].pR2,g=t.modules[d].pq,f=t.modules[d].pePlusOne;return function(){const e=t.alloc(r),a=t.addFunction(s+"_mul");a.addParam("x","i32"),a.addParam("y","i32"),a.addParam("r","i32");const i=a.getCodeBuilder();a.addCode(i.call(d+"_mul",i.getLocal("x"),i.getLocal("y"),i.i32_const(e))),a.addCode(i.call(d+"_mul",i.i32_const(e),i.i32_const(u),i.getLocal("r")))}(),function(){const e=t.addFunction(s+"_square");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_mul",a.getLocal("x"),a.getLocal("x"),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_inverse");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(c+"_inverseMod",a.getLocal("x"),a.i32_const(g),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder();e.addCode(a.call(c+"_gte",a.getLocal("x"),a.i32_const(f)))}(),t.exportFunction(d+"_add",s+"_add"),t.exportFunction(d+"_sub",s+"_sub"),t.exportFunction(d+"_neg",s+"_neg"),t.exportFunction(s+"_mul"),t.exportFunction(s+"_square"),t.exportFunction(s+"_inverse"),t.exportFunction(s+"_isNegative"),t.exportFunction(d+"_copy",s+"_copy"),t.exportFunction(d+"_zero",s+"_zero"),t.exportFunction(d+"_one",s+"_one"),t.exportFunction(d+"_isZero",s+"_isZero"),t.exportFunction(d+"_eq",s+"_eq"),s};const xt=K,Et=j,vt=V;var Bt=function(t,e,a,i){if(t.modules[a])return a;const o=8*t.modules[i].n64,n=t.modules[i].q;return t.modules[a]={n64:2*t.modules[i].n64},function(){const e=t.addFunction(a+"_isZero");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.i32_and(n.call(i+"_isZero",l),n.call(i+"_isZero",r)))}(),function(){const e=t.addFunction(a+"_isOne");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.ret(n.i32_and(n.call(i+"_isOne",l),n.call(i+"_isZero",r))))}(),function(){const e=t.addFunction(a+"_zero");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.call(i+"_zero",l),n.call(i+"_zero",r))}(),function(){const e=t.addFunction(a+"_one");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.call(i+"_one",l),n.call(i+"_zero",r))}(),function(){const e=t.addFunction(a+"_copy");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_copy",l,s),n.call(i+"_copy",r,c))}(),function(){const n=t.addFunction(a+"_mul");n.addParam("x","i32"),n.addParam("y","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.getLocal("y"),d=l.i32_add(l.getLocal("y"),l.i32_const(o)),u=l.getLocal("r"),g=l.i32_add(l.getLocal("r"),l.i32_const(o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o)),_=l.i32_const(t.alloc(o)),p=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_mul",r,c,f),l.call(i+"_mul",s,d,h),l.call(i+"_add",r,s,_),l.call(i+"_add",c,d,p),l.call(i+"_mul",_,p,_),l.call(e,h,u),l.call(i+"_add",f,u,u),l.call(i+"_add",f,h,g),l.call(i+"_sub",_,g,g))}(),function(){const e=t.addFunction(a+"_mul1");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_mul",l,s,c),n.call(i+"_mul",r,s,d))}(),function(){const n=t.addFunction(a+"_square");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.getLocal("r"),d=l.i32_add(l.getLocal("r"),l.i32_const(o)),u=l.i32_const(t.alloc(o)),g=l.i32_const(t.alloc(o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_mul",r,s,u),l.call(i+"_add",r,s,g),l.call(e,s,f),l.call(i+"_add",r,f,f),l.call(e,u,h),l.call(i+"_add",h,u,h),l.call(i+"_mul",g,f,c),l.call(i+"_sub",c,h,c),l.call(i+"_add",u,u,d))}(),function(){const e=t.addFunction(a+"_add");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.i32_add(n.getLocal("y"),n.i32_const(o)),d=n.getLocal("r"),u=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_add",l,s,d),n.call(i+"_add",r,c,u))}(),function(){const e=t.addFunction(a+"_sub");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.i32_add(n.getLocal("y"),n.i32_const(o)),d=n.getLocal("r"),u=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_sub",l,s,d),n.call(i+"_sub",r,c,u))}(),function(){const e=t.addFunction(a+"_neg");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_neg",l,s),n.call(i+"_neg",r,c))}(),function(){const e=t.addFunction(a+"_conjugate");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_copy",l,s),n.call(i+"_neg",r,c))}(),function(){const e=t.addFunction(a+"_toMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_toMontgomery",l,s),n.call(i+"_toMontgomery",r,c))}(),function(){const e=t.addFunction(a+"_fromMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_fromMontgomery",l,s),n.call(i+"_fromMontgomery",r,c))}(),function(){const e=t.addFunction(a+"_eq");e.addParam("x","i32"),e.addParam("y","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.i32_add(n.getLocal("y"),n.i32_const(o));e.addCode(n.i32_and(n.call(i+"_eq",l,s),n.call(i+"_eq",r,c)))}(),function(){const n=t.addFunction(a+"_inverse");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.getLocal("r"),d=l.i32_add(l.getLocal("r"),l.i32_const(o)),u=l.i32_const(t.alloc(o)),g=l.i32_const(t.alloc(o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_square",r,u),l.call(i+"_square",s,g),l.call(e,g,f),l.call(i+"_sub",u,f,f),l.call(i+"_inverse",f,h),l.call(i+"_mul",r,h,c),l.call(i+"_mul",s,h,d),l.call(i+"_neg",d,d))}(),function(){const e=t.addFunction(a+"_timesScalar");e.addParam("x","i32"),e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_timesScalar",l,n.getLocal("scalar"),n.getLocal("scalarLen"),s),n.call(i+"_timesScalar",r,n.getLocal("scalar"),n.getLocal("scalarLen"),c))}(),function(){const e=t.addFunction(a+"_sign");e.addParam("x","i32"),e.addLocal("s","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.setLocal("s",n.call(i+"_sign",r)),n.if(n.getLocal("s"),n.ret(n.getLocal("s"))),n.ret(n.call(i+"_sign",l)))}(),function(){const e=t.addFunction(a+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.if(n.call(i+"_isZero",r),n.ret(n.call(i+"_isNegative",l))),n.ret(n.call(i+"_isNegative",r)))}(),t.exportFunction(a+"_isZero"),t.exportFunction(a+"_isOne"),t.exportFunction(a+"_zero"),t.exportFunction(a+"_one"),t.exportFunction(a+"_copy"),t.exportFunction(a+"_mul"),t.exportFunction(a+"_mul1"),t.exportFunction(a+"_square"),t.exportFunction(a+"_add"),t.exportFunction(a+"_sub"),t.exportFunction(a+"_neg"),t.exportFunction(a+"_sign"),t.exportFunction(a+"_conjugate"),t.exportFunction(a+"_fromMontgomery"),t.exportFunction(a+"_toMontgomery"),t.exportFunction(a+"_eq"),t.exportFunction(a+"_inverse"),Et(t,a),xt(t,a+"_exp",2*o,a+"_mul",a+"_square",a+"_copy",a+"_one"),function(){const e=t.addFunction(a+"_sqrt");e.addParam("a","i32"),e.addParam("pr","i32");const l=e.getCodeBuilder(),r=l.i32_const(t.alloc(vt.bigInt2BytesLE((BigInt(n||0)-3n)/4n,o))),s=l.i32_const(t.alloc(vt.bigInt2BytesLE((BigInt(n||0)-1n)/2n,o))),c=l.getLocal("a"),d=l.i32_const(t.alloc(2*o)),u=l.i32_const(t.alloc(2*o)),g=l.i32_const(t.alloc(2*o)),f=t.alloc(2*o),h=l.i32_const(f),_=l.i32_const(f),p=l.i32_const(f+o),m=l.i32_const(t.alloc(2*o)),w=l.i32_const(t.alloc(2*o));e.addCode(l.call(a+"_one",h),l.call(a+"_neg",h,h),l.call(a+"_exp",c,r,l.i32_const(o),d),l.call(a+"_square",d,u),l.call(a+"_mul",c,u,u),l.call(a+"_conjugate",u,g),l.call(a+"_mul",g,u,g),l.if(l.call(a+"_eq",g,h),l.unreachable()),l.call(a+"_mul",d,c,m),l.if(l.call(a+"_eq",u,h),[...l.call(i+"_zero",_),...l.call(i+"_one",p),...l.call(a+"_mul",h,m,l.getLocal("pr"))],[...l.call(a+"_one",w),...l.call(a+"_add",w,u,w),...l.call(a+"_exp",w,s,l.i32_const(o),w),...l.call(a+"_mul",w,m,l.getLocal("pr"))]))}(),function(){const e=t.addFunction(a+"_isSquare");e.addParam("a","i32"),e.setReturnType("i32");const i=e.getCodeBuilder(),l=i.i32_const(t.alloc(vt.bigInt2BytesLE((BigInt(n||0)-3n)/4n,o))),r=i.getLocal("a"),s=i.i32_const(t.alloc(2*o)),c=i.i32_const(t.alloc(2*o)),d=i.i32_const(t.alloc(2*o)),u=t.alloc(2*o),g=i.i32_const(u);e.addCode(i.call(a+"_one",g),i.call(a+"_neg",g,g),i.call(a+"_exp",r,l,i.i32_const(o),s),i.call(a+"_square",s,c),i.call(a+"_mul",r,c,c),i.call(a+"_conjugate",c,d),i.call(a+"_mul",d,c,d),i.if(i.call(a+"_eq",d,g),i.ret(i.i32_const(0))),i.ret(i.i32_const(1)))}(),t.exportFunction(a+"_exp"),t.exportFunction(a+"_timesScalar"),t.exportFunction(a+"_batchInverse"),t.exportFunction(a+"_sqrt"),t.exportFunction(a+"_isSquare"),t.exportFunction(a+"_isNegative"),a};const St=K,Pt=j;var Gt=function(t,e,a,i){if(t.modules[a])return a;const o=8*t.modules[i].n64;return t.modules[a]={n64:3*t.modules[i].n64},function(){const e=t.addFunction(a+"_isZero");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.i32_and(n.i32_and(n.call(i+"_isZero",l),n.call(i+"_isZero",r)),n.call(i+"_isZero",s)))}(),function(){const e=t.addFunction(a+"_isOne");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.ret(n.i32_and(n.i32_and(n.call(i+"_isOne",l),n.call(i+"_isZero",r)),n.call(i+"_isZero",s))))}(),function(){const e=t.addFunction(a+"_zero");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.call(i+"_zero",l),n.call(i+"_zero",r),n.call(i+"_zero",s))}(),function(){const e=t.addFunction(a+"_one");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.call(i+"_one",l),n.call(i+"_zero",r),n.call(i+"_zero",s))}(),function(){const e=t.addFunction(a+"_copy");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_copy",l,c),n.call(i+"_copy",r,d),n.call(i+"_copy",s,u))}(),function(){const n=t.addFunction(a+"_mul");n.addParam("x","i32"),n.addParam("y","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.i32_add(l.getLocal("x"),l.i32_const(2*o)),d=l.getLocal("y"),u=l.i32_add(l.getLocal("y"),l.i32_const(o)),g=l.i32_add(l.getLocal("y"),l.i32_const(2*o)),f=l.getLocal("r"),h=l.i32_add(l.getLocal("r"),l.i32_const(o)),_=l.i32_add(l.getLocal("r"),l.i32_const(2*o)),p=l.i32_const(t.alloc(o)),m=l.i32_const(t.alloc(o)),w=l.i32_const(t.alloc(o)),L=l.i32_const(t.alloc(o)),b=l.i32_const(t.alloc(o)),y=l.i32_const(t.alloc(o)),A=l.i32_const(t.alloc(o)),C=l.i32_const(t.alloc(o)),I=l.i32_const(t.alloc(o)),F=l.i32_const(t.alloc(o)),x=l.i32_const(t.alloc(o)),E=l.i32_const(t.alloc(o)),v=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_mul",r,d,p),l.call(i+"_mul",s,u,m),l.call(i+"_mul",c,g,w),l.call(i+"_add",r,s,L),l.call(i+"_add",d,u,b),l.call(i+"_add",r,c,y),l.call(i+"_add",d,g,A),l.call(i+"_add",s,c,C),l.call(i+"_add",u,g,I),l.call(i+"_add",p,m,F),l.call(i+"_add",p,w,x),l.call(i+"_add",m,w,E),l.call(i+"_mul",C,I,f),l.call(i+"_sub",f,E,f),l.call(e,f,f),l.call(i+"_add",p,f,f),l.call(i+"_mul",L,b,h),l.call(i+"_sub",h,F,h),l.call(e,w,v),l.call(i+"_add",h,v,h),l.call(i+"_mul",y,A,_),l.call(i+"_sub",_,x,_),l.call(i+"_add",_,m,_))}(),function(){const n=t.addFunction(a+"_square");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.i32_add(l.getLocal("x"),l.i32_const(2*o)),d=l.getLocal("r"),u=l.i32_add(l.getLocal("r"),l.i32_const(o)),g=l.i32_add(l.getLocal("r"),l.i32_const(2*o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o)),_=l.i32_const(t.alloc(o)),p=l.i32_const(t.alloc(o)),m=l.i32_const(t.alloc(o)),w=l.i32_const(t.alloc(o)),L=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_square",r,f),l.call(i+"_mul",r,s,h),l.call(i+"_add",h,h,_),l.call(i+"_sub",r,s,p),l.call(i+"_add",p,c,p),l.call(i+"_square",p,p),l.call(i+"_mul",s,c,m),l.call(i+"_add",m,m,w),l.call(i+"_square",c,L),l.call(e,w,d),l.call(i+"_add",f,d,d),l.call(e,L,u),l.call(i+"_add",_,u,u),l.call(i+"_add",f,L,g),l.call(i+"_sub",w,g,g),l.call(i+"_add",p,g,g),l.call(i+"_add",_,g,g))}(),function(){const e=t.addFunction(a+"_add");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("y"),d=n.i32_add(n.getLocal("y"),n.i32_const(o)),u=n.i32_add(n.getLocal("y"),n.i32_const(2*o)),g=n.getLocal("r"),f=n.i32_add(n.getLocal("r"),n.i32_const(o)),h=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_add",l,c,g),n.call(i+"_add",r,d,f),n.call(i+"_add",s,u,h))}(),function(){const e=t.addFunction(a+"_sub");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("y"),d=n.i32_add(n.getLocal("y"),n.i32_const(o)),u=n.i32_add(n.getLocal("y"),n.i32_const(2*o)),g=n.getLocal("r"),f=n.i32_add(n.getLocal("r"),n.i32_const(o)),h=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_sub",l,c,g),n.call(i+"_sub",r,d,f),n.call(i+"_sub",s,u,h))}(),function(){const e=t.addFunction(a+"_neg");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_neg",l,c),n.call(i+"_neg",r,d),n.call(i+"_neg",s,u))}(),function(){const e=t.addFunction(a+"_sign");e.addParam("x","i32"),e.addLocal("s","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.setLocal("s",n.call(i+"_sign",s)),n.if(n.getLocal("s"),n.ret(n.getLocal("s"))),n.setLocal("s",n.call(i+"_sign",r)),n.if(n.getLocal("s"),n.ret(n.getLocal("s"))),n.ret(n.call(i+"_sign",l)))}(),function(){const e=t.addFunction(a+"_toMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_toMontgomery",l,c),n.call(i+"_toMontgomery",r,d),n.call(i+"_toMontgomery",s,u))}(),function(){const e=t.addFunction(a+"_fromMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_fromMontgomery",l,c),n.call(i+"_fromMontgomery",r,d),n.call(i+"_fromMontgomery",s,u))}(),function(){const e=t.addFunction(a+"_eq");e.addParam("x","i32"),e.addParam("y","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("y"),d=n.i32_add(n.getLocal("y"),n.i32_const(o)),u=n.i32_add(n.getLocal("y"),n.i32_const(2*o));e.addCode(n.i32_and(n.i32_and(n.call(i+"_eq",l,c),n.call(i+"_eq",r,d)),n.call(i+"_eq",s,u)))}(),function(){const n=t.addFunction(a+"_inverse");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.i32_add(l.getLocal("x"),l.i32_const(2*o)),d=l.getLocal("r"),u=l.i32_add(l.getLocal("r"),l.i32_const(o)),g=l.i32_add(l.getLocal("r"),l.i32_const(2*o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o)),_=l.i32_const(t.alloc(o)),p=l.i32_const(t.alloc(o)),m=l.i32_const(t.alloc(o)),w=l.i32_const(t.alloc(o)),L=l.i32_const(t.alloc(o)),b=l.i32_const(t.alloc(o)),y=l.i32_const(t.alloc(o)),A=l.i32_const(t.alloc(o)),C=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_square",r,f),l.call(i+"_square",s,h),l.call(i+"_square",c,_),l.call(i+"_mul",r,s,p),l.call(i+"_mul",r,c,m),l.call(i+"_mul",s,c,w),l.call(e,w,L),l.call(i+"_sub",f,L,L),l.call(e,_,b),l.call(i+"_sub",b,p,b),l.call(i+"_sub",h,m,y),l.call(i+"_mul",c,b,A),l.call(i+"_mul",s,y,C),l.call(i+"_add",A,C,A),l.call(e,A,A),l.call(i+"_mul",r,L,C),l.call(i+"_add",C,A,A),l.call(i+"_inverse",A,A),l.call(i+"_mul",A,L,d),l.call(i+"_mul",A,b,u),l.call(i+"_mul",A,y,g))}(),function(){const e=t.addFunction(a+"_timesScalar");e.addParam("x","i32"),e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_timesScalar",l,n.getLocal("scalar"),n.getLocal("scalarLen"),c),n.call(i+"_timesScalar",r,n.getLocal("scalar"),n.getLocal("scalarLen"),d),n.call(i+"_timesScalar",s,n.getLocal("scalar"),n.getLocal("scalarLen"),u))}(),function(){const e=t.addFunction(a+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.if(n.call(i+"_isZero",s),n.if(n.call(i+"_isZero",r),n.ret(n.call(i+"_isNegative",l)),n.ret(n.call(i+"_isNegative",r)))),n.ret(n.call(i+"_isNegative",s)))}(),t.exportFunction(a+"_isZero"),t.exportFunction(a+"_isOne"),t.exportFunction(a+"_zero"),t.exportFunction(a+"_one"),t.exportFunction(a+"_copy"),t.exportFunction(a+"_mul"),t.exportFunction(a+"_square"),t.exportFunction(a+"_add"),t.exportFunction(a+"_sub"),t.exportFunction(a+"_neg"),t.exportFunction(a+"_sign"),t.exportFunction(a+"_fromMontgomery"),t.exportFunction(a+"_toMontgomery"),t.exportFunction(a+"_eq"),t.exportFunction(a+"_inverse"),Pt(t,a),St(t,a+"_exp",3*o,a+"_mul",a+"_square",a+"_copy",a+"_one"),t.exportFunction(a+"_exp"),t.exportFunction(a+"_timesScalar"),t.exportFunction(a+"_batchInverse"),t.exportFunction(a+"_isNegative"),a};const Ot=function(t,e,a,i,o,n,l,r){const s=t.addFunction(e);s.addParam("base","i32"),s.addParam("scalar","i32"),s.addParam("scalarLength","i32"),s.addParam("r","i32"),s.addLocal("old0","i32"),s.addLocal("nbits","i32"),s.addLocal("i","i32"),s.addLocal("last","i32"),s.addLocal("cur","i32"),s.addLocal("carry","i32"),s.addLocal("p","i32");const c=s.getCodeBuilder(),d=c.i32_const(t.alloc(a));function u(t){return c.i32_and(c.i32_shr_u(c.i32_load(c.i32_add(c.getLocal("scalar"),c.i32_and(c.i32_shr_u(t,c.i32_const(3)),c.i32_const(4294967292)))),c.i32_and(t,c.i32_const(31))),c.i32_const(1))}function g(t){return[...c.i32_store8(c.getLocal("p"),c.i32_const(t)),...c.setLocal("p",c.i32_add(c.getLocal("p"),c.i32_const(1)))]}s.addCode(c.if(c.i32_eqz(c.getLocal("scalarLength")),[...c.call(r,c.getLocal("r")),...c.ret([])]),c.setLocal("nbits",c.i32_shl(c.getLocal("scalarLength"),c.i32_const(3))),c.setLocal("old0",c.i32_load(c.i32_const(0))),c.setLocal("p",c.getLocal("old0")),c.i32_store(c.i32_const(0),c.i32_and(c.i32_add(c.i32_add(c.getLocal("old0"),c.i32_const(32)),c.getLocal("nbits")),c.i32_const(4294967288))),c.setLocal("i",c.i32_const(1)),c.setLocal("last",u(c.i32_const(0))),c.setLocal("carry",c.i32_const(0)),c.block(c.loop(c.br_if(1,c.i32_eq(c.getLocal("i"),c.getLocal("nbits"))),c.setLocal("cur",u(c.getLocal("i"))),c.if(c.getLocal("last"),c.if(c.getLocal("cur"),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(1)],[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(255)]),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(255)],[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(0)),...g(1)])),c.if(c.getLocal("cur"),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(0)],[...c.setLocal("last",c.i32_const(1)),...c.setLocal("carry",c.i32_const(0)),...g(0)]),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(1)),...c.setLocal("carry",c.i32_const(0)),...g(0)],[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(0)),...g(0)]))),c.setLocal("i",c.i32_add(c.getLocal("i"),c.i32_const(1))),c.br(0))),c.if(c.getLocal("last"),c.if(c.getLocal("carry"),[...g(255),...g(0),...g(1)],[...g(1)]),c.if(c.getLocal("carry"),[...g(0),...g(1)])),c.setLocal("p",c.i32_sub(c.getLocal("p"),c.i32_const(1))),c.call(l,c.getLocal("base"),d),c.call(r,c.getLocal("r")),c.block(c.loop(c.call(o,c.getLocal("r"),c.getLocal("r")),c.setLocal("cur",c.i32_load8_u(c.getLocal("p"))),c.if(c.getLocal("cur"),c.if(c.i32_eq(c.getLocal("cur"),c.i32_const(1)),c.call(i,c.getLocal("r"),d,c.getLocal("r")),c.call(n,c.getLocal("r"),d,c.getLocal("r")))),c.br_if(1,c.i32_eq(c.getLocal("old0"),c.getLocal("p"))),c.setLocal("p",c.i32_sub(c.getLocal("p"),c.i32_const(1))),c.br(0))),c.i32_store(c.i32_const(0),c.getLocal("old0")))},Tt=H,Ut=function(t,e,a,i,o){const n=8*t.modules[e].n64;function l(){const i=t.addFunction(a);i.addParam("pBases","i32"),i.addParam("pScalars","i32"),i.addParam("scalarSize","i32"),i.addParam("n","i32"),i.addParam("pr","i32"),i.addLocal("chunkSize","i32"),i.addLocal("nChunks","i32"),i.addLocal("itScalar","i32"),i.addLocal("endScalar","i32"),i.addLocal("itBase","i32"),i.addLocal("itBit","i32"),i.addLocal("i","i32"),i.addLocal("j","i32"),i.addLocal("nTable","i32"),i.addLocal("pTable","i32"),i.addLocal("idx","i32"),i.addLocal("pIdxTable","i32");const o=i.getCodeBuilder(),l=o.i32_const(t.alloc(n)),r=t.alloc([17,17,17,17,17,17,17,17,17,17,16,16,15,14,13,13,12,11,10,9,8,7,7,6,5,4,3,2,1,1,1,1]);i.addCode(o.call(e+"_zero",o.getLocal("pr")),o.if(o.i32_eqz(o.getLocal("n")),o.ret([])),o.setLocal("chunkSize",o.i32_load8_u(o.i32_clz(o.getLocal("n")),r)),o.setLocal("nChunks",o.i32_add(o.i32_div_u(o.i32_sub(o.i32_shl(o.getLocal("scalarSize"),o.i32_const(3)),o.i32_const(1)),o.getLocal("chunkSize")),o.i32_const(1))),o.setLocal("itBit",o.i32_mul(o.i32_sub(o.getLocal("nChunks"),o.i32_const(1)),o.getLocal("chunkSize"))),o.block(o.loop(o.br_if(1,o.i32_lt_s(o.getLocal("itBit"),o.i32_const(0))),o.if(o.i32_eqz(o.call(e+"_isZero",o.getLocal("pr"))),[...o.setLocal("j",o.i32_const(0)),...o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("j"),o.getLocal("chunkSize"))),o.call(e+"_double",o.getLocal("pr"),o.getLocal("pr")),o.setLocal("j",o.i32_add(o.getLocal("j"),o.i32_const(1))),o.br(0)))]),o.call(a+"_chunk",o.getLocal("pBases"),o.getLocal("pScalars"),o.getLocal("scalarSize"),o.getLocal("n"),o.getLocal("itBit"),o.getLocal("chunkSize"),l),o.call(e+"_add",o.getLocal("pr"),l,o.getLocal("pr")),o.setLocal("itBit",o.i32_sub(o.getLocal("itBit"),o.getLocal("chunkSize"))),o.br(0))))}!function(){const e=t.addFunction(a+"_getChunk");e.addParam("pScalar","i32"),e.addParam("scalarSize","i32"),e.addParam("startBit","i32"),e.addParam("chunkSize","i32"),e.addLocal("bitsToEnd","i32"),e.addLocal("mask","i32"),e.setReturnType("i32");const i=e.getCodeBuilder();e.addCode(i.setLocal("bitsToEnd",i.i32_sub(i.i32_mul(i.getLocal("scalarSize"),i.i32_const(8)),i.getLocal("startBit"))),i.if(i.i32_gt_s(i.getLocal("chunkSize"),i.getLocal("bitsToEnd")),i.setLocal("mask",i.i32_sub(i.i32_shl(i.i32_const(1),i.getLocal("bitsToEnd")),i.i32_const(1))),i.setLocal("mask",i.i32_sub(i.i32_shl(i.i32_const(1),i.getLocal("chunkSize")),i.i32_const(1)))),i.i32_and(i.i32_shr_u(i.i32_load(i.i32_add(i.getLocal("pScalar"),i.i32_shr_u(i.getLocal("startBit"),i.i32_const(3))),0,0),i.i32_and(i.getLocal("startBit"),i.i32_const(7))),i.getLocal("mask")))}(),function(){const i=t.addFunction(a+"_reduceTable");i.addParam("pTable","i32"),i.addParam("p","i32"),i.addLocal("half","i32"),i.addLocal("it1","i32"),i.addLocal("it2","i32"),i.addLocal("pAcc","i32");const o=i.getCodeBuilder();i.addCode(o.if(o.i32_eq(o.getLocal("p"),o.i32_const(1)),o.ret([])),o.setLocal("half",o.i32_shl(o.i32_const(1),o.i32_sub(o.getLocal("p"),o.i32_const(1)))),o.setLocal("it1",o.getLocal("pTable")),o.setLocal("it2",o.i32_add(o.getLocal("pTable"),o.i32_mul(o.getLocal("half"),o.i32_const(n)))),o.setLocal("pAcc",o.i32_sub(o.getLocal("it2"),o.i32_const(n))),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("it1"),o.getLocal("pAcc"))),o.call(e+"_add",o.getLocal("it1"),o.getLocal("it2"),o.getLocal("it1")),o.call(e+"_add",o.getLocal("pAcc"),o.getLocal("it2"),o.getLocal("pAcc")),o.setLocal("it1",o.i32_add(o.getLocal("it1"),o.i32_const(n))),o.setLocal("it2",o.i32_add(o.getLocal("it2"),o.i32_const(n))),o.br(0))),o.call(a+"_reduceTable",o.getLocal("pTable"),o.i32_sub(o.getLocal("p"),o.i32_const(1))),o.setLocal("p",o.i32_sub(o.getLocal("p"),o.i32_const(1))),o.block(o.loop(o.br_if(1,o.i32_eqz(o.getLocal("p"))),o.call(e+"_double",o.getLocal("pAcc"),o.getLocal("pAcc")),o.setLocal("p",o.i32_sub(o.getLocal("p"),o.i32_const(1))),o.br(0))),o.call(e+"_add",o.getLocal("pTable"),o.getLocal("pAcc"),o.getLocal("pTable")))}(),function(){const l=t.addFunction(a+"_chunk");l.addParam("pBases","i32"),l.addParam("pScalars","i32"),l.addParam("scalarSize","i32"),l.addParam("n","i32"),l.addParam("startBit","i32"),l.addParam("chunkSize","i32"),l.addParam("pr","i32"),l.addLocal("nChunks","i32"),l.addLocal("itScalar","i32"),l.addLocal("endScalar","i32"),l.addLocal("itBase","i32"),l.addLocal("i","i32"),l.addLocal("j","i32"),l.addLocal("nTable","i32"),l.addLocal("pTable","i32"),l.addLocal("idx","i32"),l.addLocal("pIdxTable","i32");const r=l.getCodeBuilder();l.addCode(r.if(r.i32_eqz(r.getLocal("n")),[...r.call(e+"_zero",r.getLocal("pr")),...r.ret([])]),r.setLocal("nTable",r.i32_shl(r.i32_const(1),r.getLocal("chunkSize"))),r.setLocal("pTable",r.i32_load(r.i32_const(0))),r.i32_store(r.i32_const(0),r.i32_add(r.getLocal("pTable"),r.i32_mul(r.getLocal("nTable"),r.i32_const(n)))),r.setLocal("j",r.i32_const(0)),r.block(r.loop(r.br_if(1,r.i32_eq(r.getLocal("j"),r.getLocal("nTable"))),r.call(e+"_zero",r.i32_add(r.getLocal("pTable"),r.i32_mul(r.getLocal("j"),r.i32_const(n)))),r.setLocal("j",r.i32_add(r.getLocal("j"),r.i32_const(1))),r.br(0))),r.setLocal("itBase",r.getLocal("pBases")),r.setLocal("itScalar",r.getLocal("pScalars")),r.setLocal("endScalar",r.i32_add(r.getLocal("pScalars"),r.i32_mul(r.getLocal("n"),r.getLocal("scalarSize")))),r.block(r.loop(r.br_if(1,r.i32_eq(r.getLocal("itScalar"),r.getLocal("endScalar"))),r.setLocal("idx",r.call(a+"_getChunk",r.getLocal("itScalar"),r.getLocal("scalarSize"),r.getLocal("startBit"),r.getLocal("chunkSize"))),r.if(r.getLocal("idx"),[...r.setLocal("pIdxTable",r.i32_add(r.getLocal("pTable"),r.i32_mul(r.i32_sub(r.getLocal("idx"),r.i32_const(1)),r.i32_const(n)))),...r.call(i,r.getLocal("pIdxTable"),r.getLocal("itBase"),r.getLocal("pIdxTable"))]),r.setLocal("itScalar",r.i32_add(r.getLocal("itScalar"),r.getLocal("scalarSize"))),r.setLocal("itBase",r.i32_add(r.getLocal("itBase"),r.i32_const(o))),r.br(0))),r.call(a+"_reduceTable",r.getLocal("pTable"),r.getLocal("chunkSize")),r.call(e+"_copy",r.getLocal("pTable"),r.getLocal("pr")),r.i32_store(r.i32_const(0),r.getLocal("pTable")))}(),l(),t.exportFunction(a),t.exportFunction(a+"_chunk")};var zt=function(t,e,a,i){const o=t.modules[a].n64,n=8*o;if(t.modules[e])return e;return t.modules[e]={n64:3*o},function(){const i=t.addFunction(e+"_isZeroAffine");i.addParam("p1","i32"),i.setReturnType("i32");const o=i.getCodeBuilder();i.addCode(o.i32_and(o.call(a+"_isZero",o.getLocal("p1")),o.call(a+"_isZero",o.i32_add(o.getLocal("p1"),o.i32_const(n)))))}(),function(){const i=t.addFunction(e+"_isZero");i.addParam("p1","i32"),i.setReturnType("i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_isZero",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))))}(),function(){const i=t.addFunction(e+"_zeroAffine");i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_zero",o.getLocal("pr"))),i.addCode(o.call(a+"_zero",o.i32_add(o.getLocal("pr"),o.i32_const(n))))}(),function(){const i=t.addFunction(e+"_zero");i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_zero",o.getLocal("pr"))),i.addCode(o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(n)))),i.addCode(o.call(a+"_zero",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))))}(),function(){const a=t.addFunction(e+"_copyAffine");a.addParam("ps","i32"),a.addParam("pd","i32");const i=a.getCodeBuilder();for(let t=0;t<2*o;t++)a.addCode(i.i64_store(i.getLocal("pd"),8*t,i.i64_load(i.getLocal("ps"),8*t)))}(),function(){const a=t.addFunction(e+"_copy");a.addParam("ps","i32"),a.addParam("pd","i32");const i=a.getCodeBuilder();for(let t=0;t<3*o;t++)a.addCode(i.i64_store(i.getLocal("pd"),8*t,i.i64_load(i.getLocal("ps"),8*t)))}(),function(){const i=t.addFunction(e+"_toJacobian");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.getLocal("pr"),c=o.i32_add(o.getLocal("pr"),o.i32_const(n)),d=o.i32_add(o.getLocal("pr"),o.i32_const(2*n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("p1")),o.call(e+"_zero",o.getLocal("pr")),[...o.call(a+"_one",d),...o.call(a+"_copy",r,c),...o.call(a+"_copy",l,s)]))}(),function(){const i=t.addFunction(e+"_eqAffine");i.addParam("p1","i32"),i.addParam("p2","i32"),i.setReturnType("i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder();i.addCode(o.ret(o.i32_and(o.call(a+"_eq",o.getLocal("p1"),o.getLocal("p2")),o.call(a+"_eq",o.i32_add(o.getLocal("p1"),o.i32_const(n)),o.i32_add(o.getLocal("p2"),o.i32_const(n))))))}(),function(){const i=t.addFunction(e+"_eqMixed");i.addParam("p1","i32"),i.addParam("p2","i32"),i.setReturnType("i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n)),u=o.i32_const(t.alloc(n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),o.ret(o.call(e+"_isZeroAffine",o.getLocal("p2")))),o.if(o.call(e+"_isZeroAffine",o.getLocal("p2")),o.ret(o.i32_const(0))),o.if(o.call(a+"_isOne",s),o.ret(o.call(e+"_eqAffine",o.getLocal("p1"),o.getLocal("p2")))),o.call(a+"_square",s,u),o.call(a+"_mul",c,u,g),o.call(a+"_mul",s,u,f),o.call(a+"_mul",d,f,h),o.if(o.call(a+"_eq",l,g),o.if(o.call(a+"_eq",r,h),o.ret(o.i32_const(1)))),o.ret(o.i32_const(0)))}(),function(){const i=t.addFunction(e+"_eq");i.addParam("p1","i32"),i.addParam("p2","i32"),i.setReturnType("i32"),i.addLocal("z1","i32"),i.addLocal("z2","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n));i.addCode(o.setLocal("z2",o.i32_add(o.getLocal("p2"),o.i32_const(2*n))));const u=o.getLocal("z2"),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),o.ret(o.call(e+"_isZero",o.getLocal("p2")))),o.if(o.call(e+"_isZero",o.getLocal("p2")),o.ret(o.i32_const(0))),o.if(o.call(a+"_isOne",s),o.ret(o.call(e+"_eqMixed",o.getLocal("p2"),o.getLocal("p1")))),o.if(o.call(a+"_isOne",u),o.ret(o.call(e+"_eqMixed",o.getLocal("p1"),o.getLocal("p2")))),o.call(a+"_square",s,g),o.call(a+"_square",u,f),o.call(a+"_mul",l,f,h),o.call(a+"_mul",c,g,_),o.call(a+"_mul",s,g,p),o.call(a+"_mul",u,f,m),o.call(a+"_mul",r,m,w),o.call(a+"_mul",d,p,L),o.if(o.call(a+"_eq",h,_),o.if(o.call(a+"_eq",w,L),o.ret(o.i32_const(1)))),o.ret(o.i32_const(0)))}(),function(){const i=t.addFunction(e+"_doubleAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.getLocal("pr"),c=o.i32_add(o.getLocal("pr"),o.i32_const(n)),d=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),u=o.i32_const(t.alloc(n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("p1")),[...o.call(e+"_toJacobian",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.call(a+"_square",l,u),o.call(a+"_square",r,g),o.call(a+"_square",g,f),o.call(a+"_add",l,g,h),o.call(a+"_square",h,h),o.call(a+"_sub",h,u,h),o.call(a+"_sub",h,f,h),o.call(a+"_add",h,h,h),o.call(a+"_add",u,u,_),o.call(a+"_add",_,u,_),o.call(a+"_add",r,r,d),o.call(a+"_square",_,s),o.call(a+"_sub",s,h,s),o.call(a+"_sub",s,h,s),o.call(a+"_add",f,f,p),o.call(a+"_add",p,p,p),o.call(a+"_add",p,p,p),o.call(a+"_sub",h,s,c),o.call(a+"_mul",c,_,c),o.call(a+"_sub",c,p,c))}(),function(){const i=t.addFunction(e+"_double");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(e+"_copy",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(a+"_isOne",s),[...o.ret(o.call(e+"_doubleAffine",o.getLocal("p1"),o.getLocal("pr"))),...o.ret([])]),o.call(a+"_square",l,g),o.call(a+"_square",r,f),o.call(a+"_square",f,h),o.call(a+"_add",l,f,_),o.call(a+"_square",_,_),o.call(a+"_sub",_,g,_),o.call(a+"_sub",_,h,_),o.call(a+"_add",_,_,_),o.call(a+"_add",g,g,p),o.call(a+"_add",p,g,p),o.call(a+"_square",p,m),o.call(a+"_mul",r,s,w),o.call(a+"_add",_,_,c),o.call(a+"_sub",m,c,c),o.call(a+"_add",h,h,L),o.call(a+"_add",L,L,L),o.call(a+"_add",L,L,L),o.call(a+"_sub",_,c,d),o.call(a+"_mul",d,p,d),o.call(a+"_sub",d,L,d),o.call(a+"_add",w,w,u))}(),function(){const i=t.addFunction(e+"_addAffine");i.addParam("p1","i32"),i.addParam("p2","i32"),i.addParam("pr","i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("p2"),c=o.i32_add(o.getLocal("p2"),o.i32_const(n)),d=o.getLocal("pr"),u=o.i32_add(o.getLocal("pr"),o.i32_const(n)),g=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n)),b=o.i32_const(t.alloc(n)),y=o.i32_const(t.alloc(n)),A=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("p1")),[...o.call(e+"_copyAffine",o.getLocal("p2"),o.getLocal("pr")),...o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))),...o.ret([])]),o.if(o.call(e+"_isZeroAffine",o.getLocal("p2")),[...o.call(e+"_copyAffine",o.getLocal("p1"),o.getLocal("pr")),...o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))),...o.ret([])]),o.if(o.call(a+"_eq",l,s),o.if(o.call(a+"_eq",r,c),[...o.call(e+"_doubleAffine",o.getLocal("p2"),o.getLocal("pr")),...o.ret([])])),o.call(a+"_sub",s,l,f),o.call(a+"_sub",c,r,_),o.call(a+"_square",f,h),o.call(a+"_add",h,h,p),o.call(a+"_add",p,p,p),o.call(a+"_mul",f,p,m),o.call(a+"_add",_,_,w),o.call(a+"_mul",l,p,b),o.call(a+"_square",w,L),o.call(a+"_add",b,b,y),o.call(a+"_sub",L,m,d),o.call(a+"_sub",d,y,d),o.call(a+"_mul",r,m,A),o.call(a+"_add",A,A,A),o.call(a+"_sub",b,d,u),o.call(a+"_mul",u,w,u),o.call(a+"_sub",u,A,u),o.call(a+"_add",f,f,g))}(),function(){const i=t.addFunction(e+"_addMixed");i.addParam("p1","i32"),i.addParam("p2","i32"),i.addParam("pr","i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n)),u=o.getLocal("pr"),g=o.i32_add(o.getLocal("pr"),o.i32_const(n)),f=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n)),b=o.i32_const(t.alloc(n)),y=o.i32_const(t.alloc(n)),A=o.i32_const(t.alloc(n)),C=o.i32_const(t.alloc(n)),I=o.i32_const(t.alloc(n)),F=o.i32_const(t.alloc(n)),x=o.i32_const(t.alloc(n)),E=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(e+"_copyAffine",o.getLocal("p2"),o.getLocal("pr")),...o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))),...o.ret([])]),o.if(o.call(e+"_isZeroAffine",o.getLocal("p2")),[...o.call(e+"_copy",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(a+"_isOne",s),[...o.call(e+"_addAffine",l,c,u),...o.ret([])]),o.call(a+"_square",s,h),o.call(a+"_mul",c,h,_),o.call(a+"_mul",s,h,p),o.call(a+"_mul",d,p,m),o.if(o.call(a+"_eq",l,_),o.if(o.call(a+"_eq",r,m),[...o.call(e+"_doubleAffine",o.getLocal("p2"),o.getLocal("pr")),...o.ret([])])),o.call(a+"_sub",_,l,w),o.call(a+"_sub",m,r,b),o.call(a+"_square",w,L),o.call(a+"_add",L,L,y),o.call(a+"_add",y,y,y),o.call(a+"_mul",w,y,A),o.call(a+"_add",b,b,C),o.call(a+"_mul",l,y,F),o.call(a+"_square",C,I),o.call(a+"_add",F,F,x),o.call(a+"_sub",I,A,u),o.call(a+"_sub",u,x,u),o.call(a+"_mul",r,A,E),o.call(a+"_add",E,E,E),o.call(a+"_sub",F,u,g),o.call(a+"_mul",g,C,g),o.call(a+"_sub",g,E,g),o.call(a+"_add",s,w,f),o.call(a+"_square",f,f),o.call(a+"_sub",f,h,f),o.call(a+"_sub",f,L,f))}(),function(){const i=t.addFunction(e+"_add");i.addParam("p1","i32"),i.addParam("p2","i32"),i.addParam("pr","i32"),i.addLocal("z1","i32"),i.addLocal("z2","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n));i.addCode(o.setLocal("z2",o.i32_add(o.getLocal("p2"),o.i32_const(2*n))));const u=o.getLocal("z2"),g=o.getLocal("pr"),f=o.i32_add(o.getLocal("pr"),o.i32_const(n)),h=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n)),b=o.i32_const(t.alloc(n)),y=o.i32_const(t.alloc(n)),A=o.i32_const(t.alloc(n)),C=o.i32_const(t.alloc(n)),I=o.i32_const(t.alloc(n)),F=o.i32_const(t.alloc(n)),x=o.i32_const(t.alloc(n)),E=o.i32_const(t.alloc(n)),v=o.i32_const(t.alloc(n)),B=o.i32_const(t.alloc(n)),S=o.i32_const(t.alloc(n)),P=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(e+"_copy",o.getLocal("p2"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(e+"_isZero",o.getLocal("p2")),[...o.call(e+"_copy",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(a+"_isOne",s),[...o.call(e+"_addMixed",c,l,g),...o.ret([])]),o.if(o.call(a+"_isOne",u),[...o.call(e+"_addMixed",l,c,g),...o.ret([])]),o.call(a+"_square",s,_),o.call(a+"_square",u,p),o.call(a+"_mul",l,p,m),o.call(a+"_mul",c,_,w),o.call(a+"_mul",s,_,L),o.call(a+"_mul",u,p,b),o.call(a+"_mul",r,b,y),o.call(a+"_mul",d,L,A),o.if(o.call(a+"_eq",m,w),o.if(o.call(a+"_eq",y,A),[...o.call(e+"_double",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])])),o.call(a+"_sub",w,m,C),o.call(a+"_sub",A,y,I),o.call(a+"_add",C,C,F),o.call(a+"_square",F,F),o.call(a+"_mul",C,F,x),o.call(a+"_add",I,I,E),o.call(a+"_mul",m,F,B),o.call(a+"_square",E,v),o.call(a+"_add",B,B,S),o.call(a+"_sub",v,x,g),o.call(a+"_sub",g,S,g),o.call(a+"_mul",y,x,P),o.call(a+"_add",P,P,P),o.call(a+"_sub",B,g,f),o.call(a+"_mul",f,E,f),o.call(a+"_sub",f,P,f),o.call(a+"_add",s,u,h),o.call(a+"_square",h,h),o.call(a+"_sub",h,_,h),o.call(a+"_sub",h,p,h),o.call(a+"_mul",h,C,h))}(),function(){const i=t.addFunction(e+"_negAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.getLocal("pr"),c=o.i32_add(o.getLocal("pr"),o.i32_const(n));i.addCode(o.call(a+"_copy",l,s),o.call(a+"_neg",r,c))}(),function(){const i=t.addFunction(e+"_neg");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_add(o.getLocal("pr"),o.i32_const(2*n));i.addCode(o.call(a+"_copy",l,c),o.call(a+"_neg",r,d),o.call(a+"_copy",s,u))}(),function(){const a=t.addFunction(e+"_subAffine");a.addParam("p1","i32"),a.addParam("p2","i32"),a.addParam("pr","i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(3*n));a.addCode(i.call(e+"_negAffine",i.getLocal("p2"),o),i.call(e+"_addAffine",i.getLocal("p1"),o,i.getLocal("pr")))}(),function(){const a=t.addFunction(e+"_subMixed");a.addParam("p1","i32"),a.addParam("p2","i32"),a.addParam("pr","i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(3*n));a.addCode(i.call(e+"_negAffine",i.getLocal("p2"),o),i.call(e+"_addMixed",i.getLocal("p1"),o,i.getLocal("pr")))}(),function(){const a=t.addFunction(e+"_sub");a.addParam("p1","i32"),a.addParam("p2","i32"),a.addParam("pr","i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(3*n));a.addCode(i.call(e+"_neg",i.getLocal("p2"),o),i.call(e+"_add",i.getLocal("p1"),o,i.getLocal("pr")))}(),function(){const i=t.addFunction(e+"_fromMontgomeryAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_fromMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<2;t++)i.addCode(o.call(a+"_fromMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_fromMontgomery");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_fromMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<3;t++)i.addCode(o.call(a+"_fromMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_toMontgomeryAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_toMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<2;t++)i.addCode(o.call(a+"_toMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_toMontgomery");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_toMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<3;t++)i.addCode(o.call(a+"_toMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_toAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_const(t.alloc(n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(a+"_zero",c),...o.call(a+"_zero",d)],[...o.call(a+"_inverse",s,u),...o.call(a+"_square",u,g),...o.call(a+"_mul",u,g,f),...o.call(a+"_mul",l,g,c),...o.call(a+"_mul",r,f,d)]))}(),function(){const o=t.addFunction(e+"_inCurveAffine");o.addParam("pIn","i32"),o.setReturnType("i32");const l=o.getCodeBuilder(),r=l.getLocal("pIn"),s=l.i32_add(l.getLocal("pIn"),l.i32_const(n)),c=l.i32_const(t.alloc(n)),d=l.i32_const(t.alloc(n));o.addCode(l.call(a+"_square",s,c),l.call(a+"_square",r,d),l.call(a+"_mul",r,d,d),l.call(a+"_add",d,l.i32_const(i),d),l.ret(l.call(a+"_eq",c,d)))}(),function(){const a=t.addFunction(e+"_inCurve");a.addParam("pIn","i32"),a.setReturnType("i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(2*n));a.addCode(i.call(e+"_toAffine",i.getLocal("pIn"),o),i.ret(i.call(e+"_inCurveAffine",o)))}(),function(){const i=t.addFunction(e+"_batchToAffine");i.addParam("pIn","i32"),i.addParam("n","i32"),i.addParam("pOut","i32"),i.addLocal("pAux","i32"),i.addLocal("itIn","i32"),i.addLocal("itAux","i32"),i.addLocal("itOut","i32"),i.addLocal("i","i32");const o=i.getCodeBuilder(),l=o.i32_const(t.alloc(n));i.addCode(o.setLocal("pAux",o.i32_load(o.i32_const(0))),o.i32_store(o.i32_const(0),o.i32_add(o.getLocal("pAux"),o.i32_mul(o.getLocal("n"),o.i32_const(n)))),o.call(a+"_batchInverse",o.i32_add(o.getLocal("pIn"),o.i32_const(2*n)),o.i32_const(3*n),o.getLocal("n"),o.getLocal("pAux"),o.i32_const(n)),o.setLocal("itIn",o.getLocal("pIn")),o.setLocal("itAux",o.getLocal("pAux")),o.setLocal("itOut",o.getLocal("pOut")),o.setLocal("i",o.i32_const(0)),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("i"),o.getLocal("n"))),o.if(o.call(a+"_isZero",o.getLocal("itAux")),[...o.call(a+"_zero",o.getLocal("itOut")),...o.call(a+"_zero",o.i32_add(o.getLocal("itOut"),o.i32_const(n)))],[...o.call(a+"_mul",o.getLocal("itAux"),o.i32_add(o.getLocal("itIn"),o.i32_const(n)),l),...o.call(a+"_square",o.getLocal("itAux"),o.getLocal("itAux")),...o.call(a+"_mul",o.getLocal("itAux"),o.getLocal("itIn"),o.getLocal("itOut")),...o.call(a+"_mul",o.getLocal("itAux"),l,o.i32_add(o.getLocal("itOut"),o.i32_const(n)))]),o.setLocal("itIn",o.i32_add(o.getLocal("itIn"),o.i32_const(3*n))),o.setLocal("itOut",o.i32_add(o.getLocal("itOut"),o.i32_const(2*n))),o.setLocal("itAux",o.i32_add(o.getLocal("itAux"),o.i32_const(n))),o.setLocal("i",o.i32_add(o.getLocal("i"),o.i32_const(1))),o.br(0))),o.i32_store(o.i32_const(0),o.getLocal("pAux")))}(),function(){const i=t.addFunction(e+"_normalize");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),o.call(e+"_zero",o.getLocal("pr")),[...o.call(a+"_inverse",s,g),...o.call(a+"_square",g,f),...o.call(a+"_mul",g,f,h),...o.call(a+"_mul",l,f,c),...o.call(a+"_mul",r,h,d),...o.call(a+"_one",u)]))}(),function(){const a=t.addFunction(e+"__reverseBytes");a.addParam("pIn","i32"),a.addParam("n","i32"),a.addParam("pOut","i32"),a.addLocal("itOut","i32"),a.addLocal("itIn","i32");const i=a.getCodeBuilder();a.addCode(i.setLocal("itOut",i.i32_sub(i.i32_add(i.getLocal("pOut"),i.getLocal("n")),i.i32_const(1))),i.setLocal("itIn",i.getLocal("pIn")),i.block(i.loop(i.br_if(1,i.i32_lt_s(i.getLocal("itOut"),i.getLocal("pOut"))),i.i32_store8(i.getLocal("itOut"),i.i32_load8_u(i.getLocal("itIn"))),i.setLocal("itOut",i.i32_sub(i.getLocal("itOut"),i.i32_const(1))),i.setLocal("itIn",i.i32_add(i.getLocal("itIn"),i.i32_const(1))),i.br(0))))}(),function(){const a=t.addFunction(e+"_LEMtoU");a.addParam("pIn","i32"),a.addParam("pOut","i32");const i=a.getCodeBuilder(),o=t.alloc(2*n),l=i.i32_const(o),r=i.i32_const(o),s=i.i32_const(o+n);a.addCode(i.if(i.call(e+"_isZeroAffine",i.getLocal("pIn")),[...i.call(e+"_zeroAffine",i.getLocal("pOut")),...i.ret([])]),i.call(e+"_fromMontgomeryAffine",i.getLocal("pIn"),l),i.call(e+"__reverseBytes",r,i.i32_const(n),i.getLocal("pOut")),i.call(e+"__reverseBytes",s,i.i32_const(n),i.i32_add(i.getLocal("pOut"),i.i32_const(n))))}(),function(){const i=t.addFunction(e+"_LEMtoC");i.addParam("pIn","i32"),i.addParam("pOut","i32");const o=i.getCodeBuilder(),l=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("pIn")),[...o.call(a+"_zero",o.getLocal("pOut")),...o.i32_store8(o.getLocal("pOut"),o.i32_const(64)),...o.ret([])]),o.call(a+"_fromMontgomery",o.getLocal("pIn"),l),o.call(e+"__reverseBytes",l,o.i32_const(n),o.getLocal("pOut")),o.if(o.i32_eq(o.call(a+"_sign",o.i32_add(o.getLocal("pIn"),o.i32_const(n))),o.i32_const(-1)),o.i32_store8(o.getLocal("pOut"),o.i32_or(o.i32_load8_u(o.getLocal("pOut")),o.i32_const(128)))))}(),function(){const a=t.addFunction(e+"_UtoLEM");a.addParam("pIn","i32"),a.addParam("pOut","i32");const i=a.getCodeBuilder(),o=t.alloc(2*n),l=i.i32_const(o),r=i.i32_const(o),s=i.i32_const(o+n);a.addCode(i.if(i.i32_and(i.i32_load8_u(i.getLocal("pIn")),i.i32_const(64)),[...i.call(e+"_zeroAffine",i.getLocal("pOut")),...i.ret([])]),i.call(e+"__reverseBytes",i.getLocal("pIn"),i.i32_const(n),r),i.call(e+"__reverseBytes",i.i32_add(i.getLocal("pIn"),i.i32_const(n)),i.i32_const(n),s),i.call(e+"_toMontgomeryAffine",l,i.getLocal("pOut")))}(),function(){const o=t.addFunction(e+"_CtoLEM");o.addParam("pIn","i32"),o.addParam("pOut","i32"),o.addLocal("firstByte","i32"),o.addLocal("greatest","i32");const l=o.getCodeBuilder(),r=t.alloc(2*n),s=l.i32_const(r),c=l.i32_const(r+n);o.addCode(l.setLocal("firstByte",l.i32_load8_u(l.getLocal("pIn"))),l.if(l.i32_and(l.getLocal("firstByte"),l.i32_const(64)),[...l.call(e+"_zeroAffine",l.getLocal("pOut")),...l.ret([])]),l.setLocal("greatest",l.i32_and(l.getLocal("firstByte"),l.i32_const(128))),l.call(a+"_copy",l.getLocal("pIn"),c),l.i32_store8(c,l.i32_and(l.getLocal("firstByte"),l.i32_const(63))),l.call(e+"__reverseBytes",c,l.i32_const(n),s),l.call(a+"_toMontgomery",s,l.getLocal("pOut")),l.call(a+"_square",l.getLocal("pOut"),c),l.call(a+"_mul",l.getLocal("pOut"),c,c),l.call(a+"_add",c,l.i32_const(i),c),l.call(a+"_sqrt",c,c),l.call(a+"_neg",c,s),l.if(l.i32_eq(l.call(a+"_sign",c),l.i32_const(-1)),l.if(l.getLocal("greatest"),l.call(a+"_copy",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n))),l.call(a+"_neg",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n)))),l.if(l.getLocal("greatest"),l.call(a+"_neg",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n))),l.call(a+"_copy",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n))))))}(),Tt(t,e+"_batchLEMtoU",e+"_LEMtoU",2*n,2*n),Tt(t,e+"_batchLEMtoC",e+"_LEMtoC",2*n,n),Tt(t,e+"_batchUtoLEM",e+"_UtoLEM",2*n,2*n),Tt(t,e+"_batchCtoLEM",e+"_CtoLEM",n,2*n,!0),Tt(t,e+"_batchToJacobian",e+"_toJacobian",2*n,3*n,!0),Ut(t,e,e+"_multiexp",e+"_add",3*n),Ut(t,e,e+"_multiexpAffine",e+"_addMixed",2*n),Ot(t,e+"_timesScalar",3*n,e+"_add",e+"_double",e+"_sub",e+"_copy",e+"_zero"),Ot(t,e+"_timesScalarAffine",2*n,e+"_addMixed",e+"_double",e+"_subMixed",e+"_copyAffine",e+"_zero"),t.exportFunction(e+"_isZero"),t.exportFunction(e+"_isZeroAffine"),t.exportFunction(e+"_eq"),t.exportFunction(e+"_eqMixed"),t.exportFunction(e+"_eqAffine"),t.exportFunction(e+"_copy"),t.exportFunction(e+"_copyAffine"),t.exportFunction(e+"_zero"),t.exportFunction(e+"_zeroAffine"),t.exportFunction(e+"_double"),t.exportFunction(e+"_doubleAffine"),t.exportFunction(e+"_add"),t.exportFunction(e+"_addMixed"),t.exportFunction(e+"_addAffine"),t.exportFunction(e+"_neg"),t.exportFunction(e+"_negAffine"),t.exportFunction(e+"_sub"),t.exportFunction(e+"_subMixed"),t.exportFunction(e+"_subAffine"),t.exportFunction(e+"_fromMontgomery"),t.exportFunction(e+"_fromMontgomeryAffine"),t.exportFunction(e+"_toMontgomery"),t.exportFunction(e+"_toMontgomeryAffine"),t.exportFunction(e+"_timesScalar"),t.exportFunction(e+"_timesScalarAffine"),t.exportFunction(e+"_normalize"),t.exportFunction(e+"_LEMtoU"),t.exportFunction(e+"_LEMtoC"),t.exportFunction(e+"_UtoLEM"),t.exportFunction(e+"_CtoLEM"),t.exportFunction(e+"_batchLEMtoU"),t.exportFunction(e+"_batchLEMtoC"),t.exportFunction(e+"_batchUtoLEM"),t.exportFunction(e+"_batchCtoLEM"),t.exportFunction(e+"_toAffine"),t.exportFunction(e+"_toJacobian"),t.exportFunction(e+"_batchToAffine"),t.exportFunction(e+"_batchToJacobian"),t.exportFunction(e+"_inCurve"),t.exportFunction(e+"_inCurveAffine"),e};const{isOdd:Qt,modInv:qt,modPow:Mt}=W,kt=V;var Rt=function(t,e,a,i,o){const n=8*t.modules[i].n64,l=8*t.modules[a].n64,r=t.modules[i].q;let s=r-1n,c=0;for(;!Qt(s);)c++,s>>=1n;let d=2n;for(;1n===Mt(d,r>>1n,r);)d+=1n;const u=new Array(c+1);u[c]=Mt(d,s,r);let g=c-1;for(;g>=0;)u[g]=Mt(u[g+1],2n,r),g--;const f=[],h=(1n<>a);return e}const F=Array(256);for(let t=0;t<256;t++)F[t]=I(t);const x=t.alloc(F);function E(){const a=t.addFunction(e+"_fft");a.addParam("px","i32"),a.addParam("n","i32"),a.addLocal("bits","i32");const o=a.getCodeBuilder(),l=o.i32_const(t.alloc(n));a.addCode(o.setLocal("bits",o.call(e+"__log2",o.getLocal("n"))),o.call(i+"_one",l),o.call(e+"_rawfft",o.getLocal("px"),o.getLocal("bits"),o.i32_const(0),l))}!function(){const a=t.addFunction(e+"__rev");a.addParam("x","i32"),a.addParam("bits","i32"),a.setReturnType("i32");const i=a.getCodeBuilder();a.addCode(i.i32_rotl(i.i32_add(i.i32_add(i.i32_shl(i.i32_load8_u(i.i32_and(i.getLocal("x"),i.i32_const(255)),x,0),i.i32_const(24)),i.i32_shl(i.i32_load8_u(i.i32_and(i.i32_shr_u(i.getLocal("x"),i.i32_const(8)),i.i32_const(255)),x,0),i.i32_const(16))),i.i32_add(i.i32_shl(i.i32_load8_u(i.i32_and(i.i32_shr_u(i.getLocal("x"),i.i32_const(16)),i.i32_const(255)),x,0),i.i32_const(8)),i.i32_load8_u(i.i32_and(i.i32_shr_u(i.getLocal("x"),i.i32_const(24)),i.i32_const(255)),x,0))),i.getLocal("bits")))}(),function(){const i=t.addFunction(e+"__reversePermutation");i.addParam("px","i32"),i.addParam("bits","i32"),i.addLocal("n","i32"),i.addLocal("i","i32"),i.addLocal("ri","i32"),i.addLocal("idx1","i32"),i.addLocal("idx2","i32");const o=i.getCodeBuilder(),n=o.i32_const(t.alloc(l));i.addCode(o.setLocal("n",o.i32_shl(o.i32_const(1),o.getLocal("bits"))),o.setLocal("i",o.i32_const(0)),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("i"),o.getLocal("n"))),o.setLocal("idx1",o.i32_add(o.getLocal("px"),o.i32_mul(o.getLocal("i"),o.i32_const(l)))),o.setLocal("ri",o.call(e+"__rev",o.getLocal("i"),o.getLocal("bits"))),o.setLocal("idx2",o.i32_add(o.getLocal("px"),o.i32_mul(o.getLocal("ri"),o.i32_const(l)))),o.if(o.i32_lt_u(o.getLocal("i"),o.getLocal("ri")),[...o.call(a+"_copy",o.getLocal("idx1"),n),...o.call(a+"_copy",o.getLocal("idx2"),o.getLocal("idx1")),...o.call(a+"_copy",n,o.getLocal("idx2"))]),o.setLocal("i",o.i32_add(o.getLocal("i"),o.i32_const(1))),o.br(0))))}(),function(){const n=t.addFunction(e+"__fftFinal");n.addParam("px","i32"),n.addParam("bits","i32"),n.addParam("reverse","i32"),n.addParam("mulFactor","i32"),n.addLocal("n","i32"),n.addLocal("ndiv2","i32"),n.addLocal("pInv2","i32"),n.addLocal("i","i32"),n.addLocal("mask","i32"),n.addLocal("idx1","i32"),n.addLocal("idx2","i32");const r=n.getCodeBuilder(),s=r.i32_const(t.alloc(l));n.addCode(r.if(r.i32_and(r.i32_eqz(r.getLocal("reverse")),r.call(i+"_isOne",r.getLocal("mulFactor"))),r.ret([])),r.setLocal("n",r.i32_shl(r.i32_const(1),r.getLocal("bits"))),r.setLocal("mask",r.i32_sub(r.getLocal("n"),r.i32_const(1))),r.setLocal("i",r.i32_const(1)),r.setLocal("ndiv2",r.i32_shr_u(r.getLocal("n"),r.i32_const(1))),r.block(r.loop(r.br_if(1,r.i32_ge_u(r.getLocal("i"),r.getLocal("ndiv2"))),r.setLocal("idx1",r.i32_add(r.getLocal("px"),r.i32_mul(r.getLocal("i"),r.i32_const(l)))),r.setLocal("idx2",r.i32_add(r.getLocal("px"),r.i32_mul(r.i32_sub(r.getLocal("n"),r.getLocal("i")),r.i32_const(l)))),r.if(r.getLocal("reverse"),r.if(r.call(i+"_isOne",r.getLocal("mulFactor")),[...r.call(a+"_copy",r.getLocal("idx1"),s),...r.call(a+"_copy",r.getLocal("idx2"),r.getLocal("idx1")),...r.call(a+"_copy",s,r.getLocal("idx2"))],[...r.call(a+"_copy",r.getLocal("idx1"),s),...r.call(o,r.getLocal("idx2"),r.getLocal("mulFactor"),r.getLocal("idx1")),...r.call(o,s,r.getLocal("mulFactor"),r.getLocal("idx2"))]),r.if(r.call(i+"_isOne",r.getLocal("mulFactor")),[],[...r.call(o,r.getLocal("idx1"),r.getLocal("mulFactor"),r.getLocal("idx1")),...r.call(o,r.getLocal("idx2"),r.getLocal("mulFactor"),r.getLocal("idx2"))])),r.setLocal("i",r.i32_add(r.getLocal("i"),r.i32_const(1))),r.br(0))),r.if(r.call(i+"_isOne",r.getLocal("mulFactor")),[],[...r.call(o,r.getLocal("px"),r.getLocal("mulFactor"),r.getLocal("px")),...r.setLocal("idx2",r.i32_add(r.getLocal("px"),r.i32_mul(r.getLocal("ndiv2"),r.i32_const(l)))),...r.call(o,r.getLocal("idx2"),r.getLocal("mulFactor"),r.getLocal("idx2"))]))}(),function(){const r=t.addFunction(e+"_rawfft");r.addParam("px","i32"),r.addParam("bits","i32"),r.addParam("reverse","i32"),r.addParam("mulFactor","i32"),r.addLocal("s","i32"),r.addLocal("k","i32"),r.addLocal("j","i32"),r.addLocal("m","i32"),r.addLocal("mdiv2","i32"),r.addLocal("n","i32"),r.addLocal("pwm","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l)),u=s.i32_const(t.alloc(l));r.addCode(s.call(e+"__reversePermutation",s.getLocal("px"),s.getLocal("bits")),s.setLocal("n",s.i32_shl(s.i32_const(1),s.getLocal("bits"))),s.setLocal("s",s.i32_const(1)),s.block(s.loop(s.br_if(1,s.i32_gt_u(s.getLocal("s"),s.getLocal("bits"))),s.setLocal("m",s.i32_shl(s.i32_const(1),s.getLocal("s"))),s.setLocal("pwm",s.i32_add(s.i32_const(_),s.i32_mul(s.getLocal("s"),s.i32_const(n)))),s.setLocal("k",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_ge_u(s.getLocal("k"),s.getLocal("n"))),s.call(i+"_one",c),s.setLocal("mdiv2",s.i32_shr_u(s.getLocal("m"),s.i32_const(1))),s.setLocal("j",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_ge_u(s.getLocal("j"),s.getLocal("mdiv2"))),s.setLocal("idx1",s.i32_add(s.getLocal("px"),s.i32_mul(s.i32_add(s.getLocal("k"),s.getLocal("j")),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("idx1"),s.i32_mul(s.getLocal("mdiv2"),s.i32_const(l)))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_copy",s.getLocal("idx1"),u),s.call(a+"_add",u,d,s.getLocal("idx1")),s.call(a+"_sub",u,d,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("pwm"),c),s.setLocal("j",s.i32_add(s.getLocal("j"),s.i32_const(1))),s.br(0))),s.setLocal("k",s.i32_add(s.getLocal("k"),s.getLocal("m"))),s.br(0))),s.setLocal("s",s.i32_add(s.getLocal("s"),s.i32_const(1))),s.br(0))),s.call(e+"__fftFinal",s.getLocal("px"),s.getLocal("bits"),s.getLocal("reverse"),s.getLocal("mulFactor")))}(),function(){const a=t.addFunction(e+"__log2");a.addParam("n","i32"),a.setReturnType("i32"),a.addLocal("bits","i32"),a.addLocal("aux","i32");const i=a.getCodeBuilder();a.addCode(i.setLocal("aux",i.i32_shr_u(i.getLocal("n"),i.i32_const(1)))),a.addCode(i.setLocal("bits",i.i32_const(0))),a.addCode(i.block(i.loop(i.br_if(1,i.i32_eqz(i.getLocal("aux"))),i.setLocal("aux",i.i32_shr_u(i.getLocal("aux"),i.i32_const(1))),i.setLocal("bits",i.i32_add(i.getLocal("bits"),i.i32_const(1))),i.br(0)))),a.addCode(i.if(i.i32_ne(i.getLocal("n"),i.i32_shl(i.i32_const(1),i.getLocal("bits"))),i.unreachable())),a.addCode(i.if(i.i32_gt_u(i.getLocal("bits"),i.i32_const(c)),i.unreachable())),a.addCode(i.getLocal("bits"))}(),E(),function(){const a=t.addFunction(e+"_ifft");a.addParam("px","i32"),a.addParam("n","i32"),a.addLocal("bits","i32"),a.addLocal("pInv2","i32");const i=a.getCodeBuilder();a.addCode(i.setLocal("bits",i.call(e+"__log2",i.getLocal("n"))),i.setLocal("pInv2",i.i32_add(i.i32_const(w),i.i32_mul(i.getLocal("bits"),i.i32_const(n)))),i.call(e+"_rawfft",i.getLocal("px"),i.getLocal("bits"),i.i32_const(1),i.getLocal("pInv2")))}(),function(){const r=t.addFunction(e+"_fftJoin");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l)),u=s.i32_const(t.alloc(l));r.addCode(s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_copy",s.getLocal("idx1"),u),s.call(a+"_add",u,d,s.getLocal("idx1")),s.call(a+"_sub",u,d,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const r=t.addFunction(e+"_fftJoinExt");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addParam("totalBits","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("pShiftToM","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l));r.addCode(s.setLocal("pShiftToM",s.i32_add(s.i32_const(A),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(a+"_add",s.getLocal("idx1"),s.getLocal("idx2"),d),s.call(o,s.getLocal("idx2"),s.getLocal("pShiftToM"),s.getLocal("idx2")),s.call(a+"_add",s.getLocal("idx1"),s.getLocal("idx2"),s.getLocal("idx2")),s.call(o,s.getLocal("idx2"),c,s.getLocal("idx2")),s.call(a+"_copy",d,s.getLocal("idx1")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const r=t.addFunction(e+"_fftJoinExtInv");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addParam("totalBits","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("pShiftToM","i32"),r.addLocal("pSConst","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l));r.addCode(s.setLocal("pShiftToM",s.i32_add(s.i32_const(A),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.setLocal("pSConst",s.i32_add(s.i32_const(C),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_sub",s.getLocal("idx1"),d,s.getLocal("idx2")),s.call(o,s.getLocal("idx2"),s.getLocal("pSConst"),s.getLocal("idx2")),s.call(o,s.getLocal("idx1"),s.getLocal("pShiftToM"),s.getLocal("idx1")),s.call(a+"_sub",d,s.getLocal("idx1"),s.getLocal("idx1")),s.call(o,s.getLocal("idx1"),s.getLocal("pSConst"),s.getLocal("idx1")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const r=t.addFunction(e+"_fftMix");r.addParam("pBuff","i32"),r.addParam("n","i32"),r.addParam("exp","i32"),r.addLocal("nGroups","i32"),r.addLocal("nPerGroup","i32"),r.addLocal("nPerGroupDiv2","i32"),r.addLocal("pairOffset","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("j","i32"),r.addLocal("pwm","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l)),u=s.i32_const(t.alloc(l));r.addCode(s.setLocal("nPerGroup",s.i32_shl(s.i32_const(1),s.getLocal("exp"))),s.setLocal("nPerGroupDiv2",s.i32_shr_u(s.getLocal("nPerGroup"),s.i32_const(1))),s.setLocal("nGroups",s.i32_shr_u(s.getLocal("n"),s.getLocal("exp"))),s.setLocal("pairOffset",s.i32_mul(s.getLocal("nPerGroupDiv2"),s.i32_const(l))),s.setLocal("pwm",s.i32_add(s.i32_const(_),s.i32_mul(s.getLocal("exp"),s.i32_const(n)))),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("nGroups"))),s.call(i+"_one",c),s.setLocal("j",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("j"),s.getLocal("nPerGroupDiv2"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff"),s.i32_mul(s.i32_add(s.i32_mul(s.getLocal("i"),s.getLocal("nPerGroup")),s.getLocal("j")),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("idx1"),s.getLocal("pairOffset"))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_copy",s.getLocal("idx1"),u),s.call(a+"_add",u,d,s.getLocal("idx1")),s.call(a+"_sub",u,d,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("pwm"),c),s.setLocal("j",s.i32_add(s.getLocal("j"),s.i32_const(1))),s.br(0))),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const i=t.addFunction(e+"_fftFinal");i.addParam("pBuff","i32"),i.addParam("n","i32"),i.addParam("factor","i32"),i.addLocal("idx1","i32"),i.addLocal("idx2","i32"),i.addLocal("i","i32"),i.addLocal("ndiv2","i32");const n=i.getCodeBuilder(),r=n.i32_const(t.alloc(l));i.addCode(n.setLocal("ndiv2",n.i32_shr_u(n.getLocal("n"),n.i32_const(1))),n.if(n.i32_and(n.getLocal("n"),n.i32_const(1)),n.call(o,n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.getLocal("ndiv2"),n.i32_const(l))),n.getLocal("factor"),n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.getLocal("ndiv2"),n.i32_const(l))))),n.setLocal("i",n.i32_const(0)),n.block(n.loop(n.br_if(1,n.i32_ge_u(n.getLocal("i"),n.getLocal("ndiv2"))),n.setLocal("idx1",n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.getLocal("i"),n.i32_const(l)))),n.setLocal("idx2",n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.i32_sub(n.i32_sub(n.getLocal("n"),n.i32_const(1)),n.getLocal("i")),n.i32_const(l)))),n.call(o,n.getLocal("idx2"),n.getLocal("factor"),r),n.call(o,n.getLocal("idx1"),n.getLocal("factor"),n.getLocal("idx2")),n.call(a+"_copy",r,n.getLocal("idx1")),n.setLocal("i",n.i32_add(n.getLocal("i"),n.i32_const(1))),n.br(0))))}(),function(){const r=t.addFunction(e+"_prepareLagrangeEvaluation");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addParam("totalBits","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("pShiftToM","i32"),r.addLocal("pSConst","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l));r.addCode(s.setLocal("pShiftToM",s.i32_add(s.i32_const(A),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.setLocal("pSConst",s.i32_add(s.i32_const(C),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(o,s.getLocal("idx1"),s.getLocal("pShiftToM"),d),s.call(a+"_sub",s.getLocal("idx2"),d,d),s.call(a+"_sub",s.getLocal("idx1"),s.getLocal("idx2"),s.getLocal("idx2")),s.call(o,d,s.getLocal("pSConst"),s.getLocal("idx1")),s.call(o,s.getLocal("idx2"),c,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),t.exportFunction(e+"_fft"),t.exportFunction(e+"_ifft"),t.exportFunction(e+"_rawfft"),t.exportFunction(e+"_fftJoin"),t.exportFunction(e+"_fftJoinExt"),t.exportFunction(e+"_fftJoinExtInv"),t.exportFunction(e+"_fftMix"),t.exportFunction(e+"_fftFinal"),t.exportFunction(e+"_prepareLagrangeEvaluation")},Dt=function(t,e,a){const i=8*t.modules[a].n64;return function(){const o=t.addFunction(e+"_zero");o.addParam("px","i32"),o.addParam("n","i32"),o.addLocal("lastp","i32"),o.addLocal("p","i32");const n=o.getCodeBuilder();o.addCode(n.setLocal("p",n.getLocal("px")),n.setLocal("lastp",n.i32_add(n.getLocal("px"),n.i32_mul(n.getLocal("n"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("p"),n.getLocal("lastp"))),n.call(a+"_zero",n.getLocal("p")),n.setLocal("p",n.i32_add(n.getLocal("p"),n.i32_const(i))),n.br(0))))}(),function(){const o=t.addFunction(e+"_constructLC");o.addParam("ppolynomials","i32"),o.addParam("psignals","i32"),o.addParam("nSignals","i32"),o.addParam("pres","i32"),o.addLocal("i","i32"),o.addLocal("j","i32"),o.addLocal("pp","i32"),o.addLocal("ps","i32"),o.addLocal("pd","i32"),o.addLocal("ncoefs","i32");const n=o.getCodeBuilder(),l=n.i32_const(t.alloc(i));o.addCode(n.setLocal("i",n.i32_const(0)),n.setLocal("pp",n.getLocal("ppolynomials")),n.setLocal("ps",n.getLocal("psignals")),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("i"),n.getLocal("nSignals"))),n.setLocal("ncoefs",n.i32_load(n.getLocal("pp"))),n.setLocal("pp",n.i32_add(n.getLocal("pp"),n.i32_const(4))),n.setLocal("j",n.i32_const(0)),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("j"),n.getLocal("ncoefs"))),n.setLocal("pd",n.i32_add(n.getLocal("pres"),n.i32_mul(n.i32_load(n.getLocal("pp")),n.i32_const(i)))),n.setLocal("pp",n.i32_add(n.getLocal("pp"),n.i32_const(4))),n.call(a+"_mul",n.getLocal("ps"),n.getLocal("pp"),l),n.call(a+"_add",l,n.getLocal("pd"),n.getLocal("pd")),n.setLocal("pp",n.i32_add(n.getLocal("pp"),n.i32_const(i))),n.setLocal("j",n.i32_add(n.getLocal("j"),n.i32_const(1))),n.br(0))),n.setLocal("ps",n.i32_add(n.getLocal("ps"),n.i32_const(i))),n.setLocal("i",n.i32_add(n.getLocal("i"),n.i32_const(1))),n.br(0))))}(),t.exportFunction(e+"_zero"),t.exportFunction(e+"_constructLC"),e},Nt=function(t,e,a){const i=8*t.modules[a].n64;return function(){const o=t.addFunction(e+"_buildABC");o.addParam("pCoefs","i32"),o.addParam("nCoefs","i32"),o.addParam("pWitness","i32"),o.addParam("pA","i32"),o.addParam("pB","i32"),o.addParam("pC","i32"),o.addParam("offsetOut","i32"),o.addParam("nOut","i32"),o.addParam("offsetWitness","i32"),o.addParam("nWitness","i32"),o.addLocal("it","i32"),o.addLocal("ita","i32"),o.addLocal("itb","i32"),o.addLocal("last","i32"),o.addLocal("m","i32"),o.addLocal("c","i32"),o.addLocal("s","i32"),o.addLocal("pOut","i32");const n=o.getCodeBuilder(),l=n.i32_const(t.alloc(i));o.addCode(n.setLocal("ita",n.getLocal("pA")),n.setLocal("itb",n.getLocal("pB")),n.setLocal("last",n.i32_add(n.getLocal("pA"),n.i32_mul(n.getLocal("nOut"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_zero",n.getLocal("ita")),n.call(a+"_zero",n.getLocal("itb")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.br(0))),n.setLocal("it",n.getLocal("pCoefs")),n.setLocal("last",n.i32_add(n.getLocal("pCoefs"),n.i32_mul(n.getLocal("nCoefs"),n.i32_const(i+12)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("it"),n.getLocal("last"))),n.setLocal("s",n.i32_load(n.getLocal("it"),8)),n.if(n.i32_or(n.i32_lt_u(n.getLocal("s"),n.getLocal("offsetWitness")),n.i32_ge_u(n.getLocal("s"),n.i32_add(n.getLocal("offsetWitness"),n.getLocal("nWitness")))),[...n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),...n.br(1)]),n.setLocal("m",n.i32_load(n.getLocal("it"))),n.if(n.i32_eq(n.getLocal("m"),n.i32_const(0)),n.setLocal("pOut",n.getLocal("pA")),n.if(n.i32_eq(n.getLocal("m"),n.i32_const(1)),n.setLocal("pOut",n.getLocal("pB")),[...n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),...n.br(1)])),n.setLocal("c",n.i32_load(n.getLocal("it"),4)),n.if(n.i32_or(n.i32_lt_u(n.getLocal("c"),n.getLocal("offsetOut")),n.i32_ge_u(n.getLocal("c"),n.i32_add(n.getLocal("offsetOut"),n.getLocal("nOut")))),[...n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),...n.br(1)]),n.setLocal("pOut",n.i32_add(n.getLocal("pOut"),n.i32_mul(n.i32_sub(n.getLocal("c"),n.getLocal("offsetOut")),n.i32_const(i)))),n.call(a+"_mul",n.i32_add(n.getLocal("pWitness"),n.i32_mul(n.i32_sub(n.getLocal("s"),n.getLocal("offsetWitness")),n.i32_const(i))),n.i32_add(n.getLocal("it"),n.i32_const(12)),l),n.call(a+"_add",n.getLocal("pOut"),l,n.getLocal("pOut")),n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),n.br(0))),n.setLocal("ita",n.getLocal("pA")),n.setLocal("itb",n.getLocal("pB")),n.setLocal("it",n.getLocal("pC")),n.setLocal("last",n.i32_add(n.getLocal("pA"),n.i32_mul(n.getLocal("nOut"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_mul",n.getLocal("ita"),n.getLocal("itb"),n.getLocal("it")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i))),n.br(0))))}(),function(){const o=t.addFunction(e+"_joinABC");o.addParam("pA","i32"),o.addParam("pB","i32"),o.addParam("pC","i32"),o.addParam("n","i32"),o.addParam("pP","i32"),o.addLocal("ita","i32"),o.addLocal("itb","i32"),o.addLocal("itc","i32"),o.addLocal("itp","i32"),o.addLocal("last","i32");const n=o.getCodeBuilder(),l=n.i32_const(t.alloc(i));o.addCode(n.setLocal("ita",n.getLocal("pA")),n.setLocal("itb",n.getLocal("pB")),n.setLocal("itc",n.getLocal("pC")),n.setLocal("itp",n.getLocal("pP")),n.setLocal("last",n.i32_add(n.getLocal("pA"),n.i32_mul(n.getLocal("n"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_mul",n.getLocal("ita"),n.getLocal("itb"),l),n.call(a+"_sub",l,n.getLocal("itc"),n.getLocal("itp")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.setLocal("itc",n.i32_add(n.getLocal("itc"),n.i32_const(i))),n.setLocal("itp",n.i32_add(n.getLocal("itp"),n.i32_const(i))),n.br(0))))}(),function(){const o=t.addFunction(e+"_batchAdd");o.addParam("pa","i32"),o.addParam("pb","i32"),o.addParam("n","i32"),o.addParam("pr","i32"),o.addLocal("ita","i32"),o.addLocal("itb","i32"),o.addLocal("itr","i32"),o.addLocal("last","i32");const n=o.getCodeBuilder();o.addCode(n.setLocal("ita",n.getLocal("pa")),n.setLocal("itb",n.getLocal("pb")),n.setLocal("itr",n.getLocal("pr")),n.setLocal("last",n.i32_add(n.getLocal("pa"),n.i32_mul(n.getLocal("n"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_add",n.getLocal("ita"),n.getLocal("itb"),n.getLocal("itr")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.setLocal("itr",n.i32_add(n.getLocal("itr"),n.i32_const(i))),n.br(0))))}(),t.exportFunction(e+"_buildABC"),t.exportFunction(e+"_joinABC"),t.exportFunction(e+"_batchAdd"),e},$t=function(t,e,a,i,o,n,l,r){const s=t.addFunction(e);s.addParam("pIn","i32"),s.addParam("n","i32"),s.addParam("pFirst","i32"),s.addParam("pInc","i32"),s.addParam("pOut","i32"),s.addLocal("pOldFree","i32"),s.addLocal("i","i32"),s.addLocal("pFrom","i32"),s.addLocal("pTo","i32");const c=s.getCodeBuilder(),d=c.i32_const(t.alloc(l));s.addCode(c.setLocal("pFrom",c.getLocal("pIn")),c.setLocal("pTo",c.getLocal("pOut"))),s.addCode(c.call(i+"_copy",c.getLocal("pFirst"),d)),s.addCode(c.setLocal("i",c.i32_const(0)),c.block(c.loop(c.br_if(1,c.i32_eq(c.getLocal("i"),c.getLocal("n"))),c.call(r,c.getLocal("pFrom"),d,c.getLocal("pTo")),c.setLocal("pFrom",c.i32_add(c.getLocal("pFrom"),c.i32_const(o))),c.setLocal("pTo",c.i32_add(c.getLocal("pTo"),c.i32_const(n))),c.call(i+"_mul",d,c.getLocal("pInc"),d),c.setLocal("i",c.i32_add(c.getLocal("i"),c.i32_const(1))),c.br(0)))),t.exportFunction(e)};const Vt=V,Kt=At,jt=Ft,Ht=Bt,Zt=Gt,Wt=zt,Yt=Rt,Jt=Dt,Xt=Nt,te=$t,{bitLength:ee,modInv:ae,isOdd:ie,isNegative:oe}=W;const ne=V,le=At,re=Ft,se=Bt,ce=Gt,de=zt,ue=Rt,ge=Dt,fe=Nt,he=$t,{bitLength:_e,isOdd:pe,isNegative:me}=W;var we=function(t,e){const a=e||"bn128";if(t.modules[a])return a;const i=21888242871839275222246405745257275088696311157297823662689037894645226208583n,o=21888242871839275222246405745257275088548364400416034343698204186575808495617n,n=Math.floor((ee(i-1n)-1)/64)+1,l=8*n,r=l,s=l,c=2*s,d=12*s,u=t.alloc(Vt.bigInt2BytesLE(o,r)),g=Kt(t,i,"f1m");jt(t,o,"fr","frm");const f=t.alloc(Vt.bigInt2BytesLE(L(3n),s)),h=Wt(t,"g1m","f1m",f);Yt(t,"frm","frm","frm","frm_mul"),Jt(t,"pol","frm"),Xt(t,"qap","frm");const _=Ht(t,"f1m_neg","f2m","f1m"),p=t.alloc([...Vt.bigInt2BytesLE(L(19485874751759354771024239261021720505790618469301721065564631296452457478373n),s),...Vt.bigInt2BytesLE(L(266929791119991161246907387137283842545076965332900288569378510910307636690n),s)]),m=Wt(t,"g2m","f2m",p);function w(e,a){const i=t.addFunction(e);i.addParam("pG","i32"),i.addParam("pFr","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),n=o.i32_const(t.alloc(l));i.addCode(o.call("frm_fromMontgomery",o.getLocal("pFr"),n),o.call(a,o.getLocal("pG"),n,o.i32_const(l),o.getLocal("pr"))),t.exportFunction(e)}function L(t){return BigInt(t)*(1n<0n;)ie(e)?a.push(1):a.push(0),e>>=1n;return a}(29793968203157093288n),z=t.alloc(U),Q=3*c,q=U.length-1,M=U.reduce(((t,e)=>t+(0!=e?1:0)),0),k=6*l,R=3*l*2+(M+q+1)*Q;t.modules[a]={n64:n,pG1gen:y,pG1zero:C,pG1b:f,pG2gen:F,pG2zero:E,pG2b:p,pq:t.modules.f1m.pq,pr:u,pOneT:v,prePSize:k,preQSize:R,r:o.toString(),q:i.toString()};const D=4965661367192848881n;function N(e){const o=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[8376118865763821496583973867626364092589906065868298776909617916018768340080n,16469823323077808223889137241176536799009286646108169935659301613961712198316n],[21888242871839275220042445260109153167277707414472061641714758635765020556617n,0n],[11697423496358154304825782922584725312912383441159505038794027105778954184319n,303847389135065887422783454877609941456349188919719272345083954437860409601n],[21888242871839275220042445260109153167277707414472061641714758635765020556616n,0n],[3321304630594332808241809054958361220322477375291206261884409189760185844239n,5722266937896532885780051958958348231143373700109372999374820235121374419868n],[21888242871839275222246405745257275088696311157297823662689037894645226208582n,0n],[13512124006075453725662431877630910996106405091429524885779419978626457868503n,5418419548761466998357268504080738289687024511189653727029736280683514010267n],[2203960485148121921418603742825762020974279258880205651966n,0n],[10190819375481120917420622822672549775783927716138318623895010788866272024264n,21584395482704209334823622290379665147239961968378104390343953940207365798982n],[2203960485148121921418603742825762020974279258880205651967n,0n],[18566938241244942414004596690298913868373833782006617400804628704885040364344n,16165975933942742336466353786298926857552937457188450663314217659523851788715n]]],n=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[21575463638280843010398324269430826099269044274347216827212613867836435027261n,10307601595873709700152284273816112264069230130616436755625194854815875713954n],[21888242871839275220042445260109153167277707414472061641714758635765020556616n,0n],[3772000881919853776433695186713858239009073593817195771773381919316419345261n,2236595495967245188281701248203181795121068902605861227855261137820944008926n],[2203960485148121921418603742825762020974279258880205651966n,0n],[18429021223477853657660792034369865839114504446431234726392080002137598044644n,9344045779998320333812420223237981029506012124075525679208581902008406485703n]],[[1n,0n],[2581911344467009335267311115468803099551665605076196740867805258568234346338n,19937756971775647987995932169929341994314640652964949448313374472400716661030n],[2203960485148121921418603742825762020974279258880205651966n,0n],[5324479202449903542726783395506214481928257762400643279780343368557297135718n,16208900380737693084919495127334387981393726419856888799917914180988844123039n],[21888242871839275220042445260109153167277707414472061641714758635765020556616n,0n],[13981852324922362344252311234282257507216387789820983642040889267519694726527n,7629828391165209371577384193250820201684255241773809077146787135900891633097n]]],l=t.addFunction(a+"__frobeniusMap"+e);l.addParam("x","i32"),l.addParam("r","i32");const r=l.getCodeBuilder();for(let a=0;a<6;a++){const i=0==a?r.getLocal("x"):r.i32_add(r.getLocal("x"),r.i32_const(a*c)),u=i,f=r.i32_add(r.getLocal("x"),r.i32_const(a*c+s)),h=0==a?r.getLocal("r"):r.i32_add(r.getLocal("r"),r.i32_const(a*c)),p=h,m=r.i32_add(r.getLocal("r"),r.i32_const(a*c+s)),w=d(o[Math.floor(a/3)][e%12],n[a%3][e%6]),b=t.alloc([...Vt.bigInt2BytesLE(L(w[0]),32),...Vt.bigInt2BytesLE(L(w[1]),32)]);e%2==1?l.addCode(r.call(g+"_copy",u,p),r.call(g+"_neg",f,m),r.call(_+"_mul",h,r.i32_const(b),h)):l.addCode(r.call(_+"_mul",i,r.i32_const(b),h))}function d(t,e){const a=BigInt(t[0]),o=BigInt(t[1]),n=BigInt(e[0]),l=BigInt(e[1]),r=[(a*n-o*l)%i,(a*l+o*n)%i];return oe(r[0])&&(r[0]=r[0]+i),r}}function $(e,i){const o=function(t){let e=t;const a=[];for(;e>0n;){if(ie(e)){const t=2-Number(e%4n);a.push(t),e-=BigInt(t)}else a.push(0);e>>=1n}return a}(e).map((t=>-1==t?255:t)),n=t.alloc(o),l=t.addFunction(a+"__cyclotomicExp_"+i);l.addParam("x","i32"),l.addParam("r","i32"),l.addLocal("bit","i32"),l.addLocal("i","i32");const r=l.getCodeBuilder(),s=r.getLocal("x"),c=r.getLocal("r"),u=r.i32_const(t.alloc(d));l.addCode(r.call(T+"_conjugate",s,u),r.call(T+"_one",c),r.if(r.teeLocal("bit",r.i32_load8_s(r.i32_const(o.length-1),n)),r.if(r.i32_eq(r.getLocal("bit"),r.i32_const(1)),r.call(T+"_mul",c,s,c),r.call(T+"_mul",c,u,c))),r.setLocal("i",r.i32_const(o.length-2)),r.block(r.loop(r.call(a+"__cyclotomicSquare",c,c),r.if(r.teeLocal("bit",r.i32_load8_s(r.getLocal("i"),n)),r.if(r.i32_eq(r.getLocal("bit"),r.i32_const(1)),r.call(T+"_mul",c,s,c),r.call(T+"_mul",c,u,c))),r.br_if(1,r.i32_eqz(r.getLocal("i"))),r.setLocal("i",r.i32_sub(r.getLocal("i"),r.i32_const(1))),r.br(0))))}function V(){!function(){const e=t.addFunction(a+"__cyclotomicSquare");e.addParam("x","i32"),e.addParam("r","i32");const i=e.getCodeBuilder(),o=i.getLocal("x"),n=i.i32_add(i.getLocal("x"),i.i32_const(c)),l=i.i32_add(i.getLocal("x"),i.i32_const(2*c)),r=i.i32_add(i.getLocal("x"),i.i32_const(3*c)),s=i.i32_add(i.getLocal("x"),i.i32_const(4*c)),d=i.i32_add(i.getLocal("x"),i.i32_const(5*c)),u=i.getLocal("r"),g=i.i32_add(i.getLocal("r"),i.i32_const(c)),f=i.i32_add(i.getLocal("r"),i.i32_const(2*c)),h=i.i32_add(i.getLocal("r"),i.i32_const(3*c)),p=i.i32_add(i.getLocal("r"),i.i32_const(4*c)),m=i.i32_add(i.getLocal("r"),i.i32_const(5*c)),w=i.i32_const(t.alloc(c)),L=i.i32_const(t.alloc(c)),b=i.i32_const(t.alloc(c)),y=i.i32_const(t.alloc(c)),A=i.i32_const(t.alloc(c)),C=i.i32_const(t.alloc(c)),I=i.i32_const(t.alloc(c)),F=i.i32_const(t.alloc(c));e.addCode(i.call(_+"_mul",o,s,I),i.call(_+"_mul",s,i.i32_const(B),w),i.call(_+"_add",o,w,w),i.call(_+"_add",o,s,F),i.call(_+"_mul",F,w,w),i.call(_+"_mul",i.i32_const(B),I,F),i.call(_+"_add",I,F,F),i.call(_+"_sub",w,F,w),i.call(_+"_add",I,I,L),i.call(_+"_mul",r,l,I),i.call(_+"_mul",l,i.i32_const(B),b),i.call(_+"_add",r,b,b),i.call(_+"_add",r,l,F),i.call(_+"_mul",F,b,b),i.call(_+"_mul",i.i32_const(B),I,F),i.call(_+"_add",I,F,F),i.call(_+"_sub",b,F,b),i.call(_+"_add",I,I,y),i.call(_+"_mul",n,d,I),i.call(_+"_mul",d,i.i32_const(B),A),i.call(_+"_add",n,A,A),i.call(_+"_add",n,d,F),i.call(_+"_mul",F,A,A),i.call(_+"_mul",i.i32_const(B),I,F),i.call(_+"_add",I,F,F),i.call(_+"_sub",A,F,A),i.call(_+"_add",I,I,C),i.call(_+"_sub",w,o,u),i.call(_+"_add",u,u,u),i.call(_+"_add",w,u,u),i.call(_+"_add",L,s,p),i.call(_+"_add",p,p,p),i.call(_+"_add",L,p,p),i.call(_+"_mul",C,i.i32_const(P),F),i.call(_+"_add",F,r,h),i.call(_+"_add",h,h,h),i.call(_+"_add",F,h,h),i.call(_+"_sub",A,l,f),i.call(_+"_add",f,f,f),i.call(_+"_add",A,f,f),i.call(_+"_sub",b,n,g),i.call(_+"_add",g,g,g),i.call(_+"_add",b,g,g),i.call(_+"_add",y,d,m),i.call(_+"_add",m,m,m),i.call(_+"_add",y,m,m))}(),$(D,"w0");const e=t.addFunction(a+"__finalExponentiationLastChunk");e.addParam("x","i32"),e.addParam("r","i32");const i=e.getCodeBuilder(),o=i.getLocal("x"),n=i.getLocal("r"),l=i.i32_const(t.alloc(d)),r=i.i32_const(t.alloc(d)),s=i.i32_const(t.alloc(d)),u=i.i32_const(t.alloc(d)),g=i.i32_const(t.alloc(d)),f=i.i32_const(t.alloc(d)),h=i.i32_const(t.alloc(d)),p=i.i32_const(t.alloc(d)),m=i.i32_const(t.alloc(d)),w=i.i32_const(t.alloc(d)),L=i.i32_const(t.alloc(d)),b=i.i32_const(t.alloc(d)),y=i.i32_const(t.alloc(d)),A=i.i32_const(t.alloc(d)),C=i.i32_const(t.alloc(d)),I=i.i32_const(t.alloc(d)),F=i.i32_const(t.alloc(d)),x=i.i32_const(t.alloc(d)),E=i.i32_const(t.alloc(d)),v=i.i32_const(t.alloc(d)),S=i.i32_const(t.alloc(d));e.addCode(i.call(a+"__cyclotomicExp_w0",o,l),i.call(T+"_conjugate",l,l),i.call(a+"__cyclotomicSquare",l,r),i.call(a+"__cyclotomicSquare",r,s),i.call(T+"_mul",s,r,u),i.call(a+"__cyclotomicExp_w0",u,g),i.call(T+"_conjugate",g,g),i.call(a+"__cyclotomicSquare",g,f),i.call(a+"__cyclotomicExp_w0",f,h),i.call(T+"_conjugate",h,h),i.call(T+"_conjugate",u,p),i.call(T+"_conjugate",h,m),i.call(T+"_mul",m,g,w),i.call(T+"_mul",w,p,L),i.call(T+"_mul",L,r,b),i.call(T+"_mul",L,g,y),i.call(T+"_mul",y,o,A),i.call(a+"__frobeniusMap1",b,C),i.call(T+"_mul",C,A,I),i.call(a+"__frobeniusMap2",L,F),i.call(T+"_mul",F,I,x),i.call(T+"_conjugate",o,E),i.call(T+"_mul",E,b,v),i.call(a+"__frobeniusMap3",v,S),i.call(T+"_mul",S,x,n))}const K=t.alloc(k),j=t.alloc(R);function H(e){const i=t.addFunction(a+"_pairingEq"+e);for(let t=0;t0n;)pe(e)?a.push(1):a.push(0),e>>=1n;return a}(0xd201000000010000n),U=t.alloc(T),z=3*s,Q=T.length-1,q=T.reduce(((t,e)=>t+(0!=e?1:0)),0),M=6*l,k=3*l*2+(q+Q+1)*z,R=15132376222941642752n;function D(e){const a=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760n,151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351n,0n],[2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530n,1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n,0n],[3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557n,877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230n],[4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559786n,0n],[151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027n,3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n,0n],[1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257n,2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437n,0n],[877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230n,3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557n]]],o=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[0n,4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n,0n],[0n,1n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n,0n],[0n,793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n]],[[1n,0n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437n,0n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n,0n],[4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559786n,0n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n,0n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351n,0n]]],n=t.addFunction(O+"_frobeniusMap"+e);n.addParam("x","i32"),n.addParam("r","i32");const c=n.getCodeBuilder();for(let i=0;i<6;i++){const u=0==i?c.getLocal("x"):c.i32_add(c.getLocal("x"),c.i32_const(i*s)),g=u,f=c.i32_add(c.getLocal("x"),c.i32_const(i*s+r)),_=0==i?c.getLocal("r"):c.i32_add(c.getLocal("r"),c.i32_const(i*s)),p=_,w=c.i32_add(c.getLocal("r"),c.i32_const(i*s+r)),L=d(a[Math.floor(i/3)][e%12],o[i%3][e%6]),b=t.alloc([...ne.bigInt2BytesLE(y(L[0]),l),...ne.bigInt2BytesLE(y(L[1]),l)]);e%2==1?n.addCode(c.call(h+"_copy",g,p),c.call(h+"_neg",f,w),c.call(m+"_mul",_,c.i32_const(b),_)):n.addCode(c.call(m+"_mul",u,c.i32_const(b),_))}function d(t,e){const a=t[0],o=t[1],n=e[0],l=e[1],r=[(a*n-o*l)%i,(a*l+o*n)%i];return me(r[0])&&(r[0]=r[0]+i),r}}function N(e,i,o){const n=function(t){let e=t;const a=[];for(;e>0n;){if(pe(e)){const t=2-Number(e%4n);a.push(t),e-=BigInt(t)}else a.push(0);e>>=1n}return a}(e).map((t=>-1==t?255:t)),l=t.alloc(n),r=t.addFunction(a+"__cyclotomicExp_"+o);r.addParam("x","i32"),r.addParam("r","i32"),r.addLocal("bit","i32"),r.addLocal("i","i32");const s=r.getCodeBuilder(),d=s.getLocal("x"),u=s.getLocal("r"),g=s.i32_const(t.alloc(c));r.addCode(s.call(O+"_conjugate",d,g),s.call(O+"_one",u),s.if(s.teeLocal("bit",s.i32_load8_s(s.i32_const(n.length-1),l)),s.if(s.i32_eq(s.getLocal("bit"),s.i32_const(1)),s.call(O+"_mul",u,d,u),s.call(O+"_mul",u,g,u))),s.setLocal("i",s.i32_const(n.length-2)),s.block(s.loop(s.call(a+"__cyclotomicSquare",u,u),s.if(s.teeLocal("bit",s.i32_load8_s(s.getLocal("i"),l)),s.if(s.i32_eq(s.getLocal("bit"),s.i32_const(1)),s.call(O+"_mul",u,d,u),s.call(O+"_mul",u,g,u))),s.br_if(1,s.i32_eqz(s.getLocal("i"))),s.setLocal("i",s.i32_sub(s.getLocal("i"),s.i32_const(1))),s.br(0)))),i&&r.addCode(s.call(O+"_conjugate",u,u))}t.modules[a]={n64q:n,n64r:d,n8q:l,n8r:u,pG1gen:C,pG1zero:F,pG1b:_,pG2gen:E,pG2zero:B,pG2b:w,pq:t.modules.f1m.pq,pr:f,pOneT:S,r:o,q:i,prePSize:M,preQSize:k},function(){const e=t.addFunction(G+"_mul1");e.addParam("pA","i32"),e.addParam("pC1","i32"),e.addParam("pR","i32");const a=e.getCodeBuilder(),i=a.getLocal("pA"),o=a.i32_add(a.getLocal("pA"),a.i32_const(2*r)),n=a.i32_add(a.getLocal("pA"),a.i32_const(4*r)),l=a.getLocal("pC1"),s=a.getLocal("pR"),c=a.i32_add(a.getLocal("pR"),a.i32_const(2*r)),d=a.i32_add(a.getLocal("pR"),a.i32_const(4*r)),u=a.i32_const(t.alloc(2*r)),g=a.i32_const(t.alloc(2*r));e.addCode(a.call(m+"_add",i,o,u),a.call(m+"_add",o,n,g),a.call(m+"_mul",o,l,d),a.call(m+"_mul",g,l,s),a.call(m+"_sub",s,d,s),a.call(m+"_mulNR",s,s),a.call(m+"_mul",u,l,c),a.call(m+"_sub",c,d,c))}(),function(){const e=t.addFunction(G+"_mul01");e.addParam("pA","i32"),e.addParam("pC0","i32"),e.addParam("pC1","i32"),e.addParam("pR","i32");const a=e.getCodeBuilder(),i=a.getLocal("pA"),o=a.i32_add(a.getLocal("pA"),a.i32_const(2*r)),n=a.i32_add(a.getLocal("pA"),a.i32_const(4*r)),l=a.getLocal("pC0"),s=a.getLocal("pC1"),c=a.getLocal("pR"),d=a.i32_add(a.getLocal("pR"),a.i32_const(2*r)),u=a.i32_add(a.getLocal("pR"),a.i32_const(4*r)),g=a.i32_const(t.alloc(2*r)),f=a.i32_const(t.alloc(2*r)),h=a.i32_const(t.alloc(2*r)),_=a.i32_const(t.alloc(2*r));e.addCode(a.call(m+"_mul",i,l,g),a.call(m+"_mul",o,s,f),a.call(m+"_add",i,o,h),a.call(m+"_add",i,n,_),a.call(m+"_add",o,n,c),a.call(m+"_mul",c,s,c),a.call(m+"_sub",c,f,c),a.call(m+"_mulNR",c,c),a.call(m+"_add",c,g,c),a.call(m+"_add",l,s,d),a.call(m+"_mul",d,h,d),a.call(m+"_sub",d,g,d),a.call(m+"_sub",d,f,d),a.call(m+"_mul",_,l,u),a.call(m+"_sub",u,g,u),a.call(m+"_add",u,f,u))}(),function(){const e=t.addFunction(O+"_mul014");e.addParam("pA","i32"),e.addParam("pC0","i32"),e.addParam("pC1","i32"),e.addParam("pC4","i32"),e.addParam("pR","i32");const a=e.getCodeBuilder(),i=a.getLocal("pA"),o=a.i32_add(a.getLocal("pA"),a.i32_const(6*r)),n=a.getLocal("pC0"),l=a.getLocal("pC1"),s=a.getLocal("pC4"),c=a.i32_const(t.alloc(6*r)),d=a.i32_const(t.alloc(6*r)),u=a.i32_const(t.alloc(2*r)),g=a.getLocal("pR"),f=a.i32_add(a.getLocal("pR"),a.i32_const(6*r));e.addCode(a.call(G+"_mul01",i,n,l,c),a.call(G+"_mul1",o,s,d),a.call(m+"_add",l,s,u),a.call(G+"_add",o,i,f),a.call(G+"_mul01",f,n,u,f),a.call(G+"_sub",f,c,f),a.call(G+"_sub",f,d,f),a.call(G+"_copy",d,g),a.call(G+"_mulNR",g,g),a.call(G+"_add",g,c,g))}(),function(){const e=t.addFunction(a+"_ell");e.addParam("pP","i32"),e.addParam("pCoefs","i32"),e.addParam("pF","i32");const i=e.getCodeBuilder(),o=i.getLocal("pP"),n=i.i32_add(i.getLocal("pP"),i.i32_const(l)),s=i.getLocal("pF"),c=i.getLocal("pCoefs"),d=i.i32_add(i.getLocal("pCoefs"),i.i32_const(r)),u=i.i32_add(i.getLocal("pCoefs"),i.i32_const(2*r)),g=i.i32_add(i.getLocal("pCoefs"),i.i32_const(3*r)),f=i.i32_add(i.getLocal("pCoefs"),i.i32_const(4*r)),_=t.alloc(2*r),p=i.i32_const(_),m=i.i32_const(_),w=i.i32_const(_+r),L=t.alloc(2*r),b=i.i32_const(L),y=i.i32_const(L),A=i.i32_const(L+r);e.addCode(i.call(h+"_mul",c,n,m),i.call(h+"_mul",d,n,w),i.call(h+"_mul",u,o,y),i.call(h+"_mul",g,o,A),i.call(O+"_mul014",s,f,b,p,s))}();const $=t.alloc(M),V=t.alloc(k);function K(e){const i=t.addFunction(a+"_pairingEq"+e);for(let t=0;t>=BigInt(32)):l+2<=e?(n.setUint16(l,Number(a&BigInt(65535)),!0),l+=2,a>>=BigInt(16)):(n.setUint8(l,Number(a&BigInt(255)),!0),l+=1,a>>=BigInt(8));if(a)throw new Error("Number does not fit in this length");return i}const ye=[];for(let t=0;t<256;t++)ye[t]=Ae(t,8);function Ae(t,e){let a=0,i=t;for(let t=0;t>=1;return a}function Ce(t,e){return(ye[t>>>24]|ye[t>>>16&255]<<8|ye[t>>>8&255]<<16|ye[255&t]<<24)>>>32-e}function Ie(t){return(0!=(4294901760&t)?(t&=4294901760,16):0)|(0!=(4278255360&t)?(t&=4278255360,8):0)|(0!=(4042322160&t)?(t&=4042322160,4):0)|(0!=(3435973836&t)?(t&=3435973836,2):0)|0!=(2863311530&t)}function Fe(t,e){const a=t.byteLength/e,i=Ie(a);if(a!=1<a){const i=t.slice(o*e,(o+1)*e);t.set(t.slice(a*e,(a+1)*e),o*e),t.set(i,a*e)}}}function xe(t,e){const a=new Uint8Array(e*t.length);for(let i=0;i0;)a>=4?(a-=4,e+=BigInt(o.getUint32(a))<=2?(a-=2,e+=BigInt(o.getUint16(a))<0;)n-4>=0?(n-=4,o.setUint32(n,Number(a&BigInt(4294967295))),a>>=BigInt(32)):n-2>=0?(n-=2,o.setUint16(n,Number(a&BigInt(65535))),a>>=BigInt(16)):(n-=1,o.setUint8(n,Number(a&BigInt(255))),a>>=BigInt(8));if(a)throw new Error("Number does not fit in this length");return i},bitReverse:Ce,buffReverseBits:Fe,buffer2array:Ee,leBuff2int:function(t){let e=BigInt(0),a=0;const i=new DataView(t.buffer,t.byteOffset,t.byteLength);for(;a{a[i]=t(e[i])})),a}return e},stringifyFElements:function t(e,a){if("bigint"==typeof a||void 0!==a.eq)return a.toString(10);if(a instanceof Uint8Array)return e.toString(e.e(a));if(Array.isArray(a))return a.map(t.bind(this,e));if("object"==typeof a){const i={};return Object.keys(a).forEach((o=>{i[o]=t(e,a[o])})),i}return a},unstringifyBigInts:function t(e){if("string"==typeof e&&/^[0-9]+$/.test(e))return BigInt(e);if("string"==typeof e&&/^0x[0-9a-fA-F]+$/.test(e))return BigInt(e);if(Array.isArray(e))return e.map(t);if("object"==typeof e){if(null===e)return null;const a={};return Object.keys(e).forEach((i=>{a[i]=t(e[i])})),a}return e},unstringifyFElements:function t(e,a){if("string"==typeof a&&/^[0-9]+$/.test(a))return e.e(a);if("string"==typeof a&&/^0x[0-9a-fA-F]+$/.test(a))return e.e(a);if(Array.isArray(a))return a.map(t.bind(this,e));if("object"==typeof a){if(null===a)return null;const i={};return Object.keys(a).forEach((o=>{i[o]=t(e,a[o])})),i}return a}});const Be=1<<30;class Se{constructor(t){this.buffers=[],this.byteLength=t;for(let e=0;e0;){const t=l+r>Be?Be-l:r,e=new Uint8Array(this.buffers[n].buffer,this.buffers[n].byteOffset+l,t);if(t==a)return e.slice();o||(o=a<=Be?new Uint8Array(a):new Se(a)),o.set(e,a-r),r-=t,n++,l=0}return o}set(t,e){void 0===e&&(e=0);const a=t.byteLength;if(0==a)return;const i=Math.floor(e/Be);if(i==Math.floor((e+a-1)/Be))return t instanceof Se&&1==t.buffers.length?this.buffers[i].set(t.buffers[0],e%Be):this.buffers[i].set(t,e%Be);let o=i,n=e%Be,l=a;for(;l>0;){const e=n+l>Be?Be-n:l,i=t.slice(a-l,a-l+e);new Uint8Array(this.buffers[o].buffer,this.buffers[o].byteOffset+n,e).set(i),l-=e,o++,n=0}}}function Pe(t,e,a,i){return async function(o){const n=Math.floor(o.byteLength/a);if(n*a!==o.byteLength)throw new Error("Invalid buffer size");const l=Math.floor(n/t.concurrency),r=[];for(let s=0;s=0;t--)this.w[t]=this.square(this.w[t+1]);if(!this.eq(this.w[0],this.one))throw new Error("Error calculating roots of unity");this.batchToMontgomery=Pe(t,e+"_batchToMontgomery",this.n8,this.n8),this.batchFromMontgomery=Pe(t,e+"_batchFromMontgomery",this.n8,this.n8)}op2(t,e,a){return this.tm.setBuff(this.pOp1,e),this.tm.setBuff(this.pOp2,a),this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp2,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}op2Bool(t,e,a){return this.tm.setBuff(this.pOp1,e),this.tm.setBuff(this.pOp2,a),!!this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp2)}op1(t,e){return this.tm.setBuff(this.pOp1,e),this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}op1Bool(t,e){return this.tm.setBuff(this.pOp1,e),!!this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp3)}add(t,e){return this.op2("_add",t,e)}eq(t,e){return this.op2Bool("_eq",t,e)}isZero(t){return this.op1Bool("_isZero",t)}sub(t,e){return this.op2("_sub",t,e)}neg(t){return this.op1("_neg",t)}inv(t){return this.op1("_inverse",t)}toMontgomery(t){return this.op1("_toMontgomery",t)}fromMontgomery(t){return this.op1("_fromMontgomery",t)}mul(t,e){return this.op2("_mul",t,e)}div(t,e){return this.tm.setBuff(this.pOp1,t),this.tm.setBuff(this.pOp2,e),this.tm.instance.exports[this.prefix+"_inverse"](this.pOp2,this.pOp2),this.tm.instance.exports[this.prefix+"_mul"](this.pOp1,this.pOp2,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}square(t){return this.op1("_square",t)}isSquare(t){return this.op1Bool("_isSquare",t)}sqrt(t){return this.op1("_sqrt",t)}exp(t,e){return e instanceof Uint8Array||(e=S(i(e))),this.tm.setBuff(this.pOp1,t),this.tm.setBuff(this.pOp2,e),this.tm.instance.exports[this.prefix+"_exp"](this.pOp1,this.pOp2,e.byteLength,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}isNegative(t){return this.op1Bool("_isNegative",t)}e(t,e){if(t instanceof Uint8Array)return t;let a=i(t,e);n(a)?(a=p(a),A(a,this.p)&&(a=b(a,this.p)),a=_(this.p,a)):A(a,this.p)&&(a=b(a,this.p));const o=be(a,this.n8);return this.toMontgomery(o)}toString(t,e){return B(E(this.fromMontgomery(t),0),e)}fromRng(t){let e;const a=new Uint8Array(this.n8);do{e=P;for(let a=0;a{this.reject=e,this.resolve=t}))}}let qe;const Me='(function thread(self) {\n const MAXMEM = 32767;\n let instance;\n let memory;\n\n if (self) {\n self.onmessage = function(e) {\n let data;\n if (e.data) {\n data = e.data;\n } else {\n data = e;\n }\n\n if (data[0].cmd == "INIT") {\n init(data[0]).then(function() {\n self.postMessage(data.result);\n });\n } else if (data[0].cmd == "TERMINATE") {\n self.close();\n } else {\n const res = runTask(data);\n self.postMessage(res);\n }\n };\n }\n\n async function init(data) {\n const code = new Uint8Array(data.code);\n const wasmModule = await WebAssembly.compile(code);\n memory = new WebAssembly.Memory({initial:data.init, maximum: MAXMEM});\n\n instance = await WebAssembly.instantiate(wasmModule, {\n env: {\n "memory": memory\n }\n });\n }\n\n\n\n function alloc(length) {\n const u32 = new Uint32Array(memory.buffer, 0, 1);\n while (u32[0] & 3) u32[0]++; // Return always aligned pointers\n const res = u32[0];\n u32[0] += length;\n if (u32[0] + length > memory.buffer.byteLength) {\n const currentPages = memory.buffer.byteLength / 0x10000;\n let requiredPages = Math.floor((u32[0] + length) / 0x10000)+1;\n if (requiredPages>MAXMEM) requiredPages=MAXMEM;\n memory.grow(requiredPages-currentPages);\n }\n return res;\n }\n\n function allocBuffer(buffer) {\n const p = alloc(buffer.byteLength);\n setBuffer(p, buffer);\n return p;\n }\n\n function getBuffer(pointer, length) {\n const u8 = new Uint8Array(memory.buffer);\n return new Uint8Array(u8.buffer, u8.byteOffset + pointer, length);\n }\n\n function setBuffer(pointer, buffer) {\n const u8 = new Uint8Array(memory.buffer);\n u8.set(new Uint8Array(buffer), pointer);\n }\n\n function runTask(task) {\n if (task[0].cmd == "INIT") {\n return init(task[0]);\n }\n const ctx = {\n vars: [],\n out: []\n };\n const u32a = new Uint32Array(memory.buffer, 0, 1);\n const oldAlloc = u32a[0];\n for (let i=0; ii.buffer.byteLength){const o=i.buffer.byteLength/65536;let n=Math.floor((a[0]+t)/65536)+1;n>e&&(n=e),i.grow(n-o)}return o}function l(t){const e=n(t.byteLength);return s(e,t),e}function r(t,e){const a=new Uint8Array(i.buffer);return new Uint8Array(a.buffer,a.byteOffset+t,e)}function s(t,e){new Uint8Array(i.buffer).set(new Uint8Array(e),t)}function c(t){if("INIT"==t[0].cmd)return o(t[0]);const e={vars:[],out:[]},c=new Uint32Array(i.buffer,0,1)[0];for(let i=0;i64&&(e=64),a.concurrency=e;for(let t=0;t0;t++)if(0==this.working[t]){const e=this.actionQueue.shift();this.postAction(t,e.data,e.transfers,e.deferred)}}queueAction(t,e){const a=new Qe;if(this.singleThread){const e=this.taskManager(t);a.resolve(e)}else this.actionQueue.push({data:t,transfers:e,deferred:a}),this.processWorks();return a.promise}resetMemory(){this.u32[0]=this.initalPFree}allocBuff(t){const e=this.alloc(t.byteLength);return this.setBuff(e,t),e}getBuff(t,e){return this.u8.slice(t,t+e)}setBuff(t,e){this.u8.set(new Uint8Array(e),t)}alloc(t){for(;3&this.u32[0];)this.u32[0]++;const e=this.u32[0];return this.u32[0]+=t,e}async terminate(){for(let t=0;tsetTimeout(e,t))))}}function De(t,e){const a=t[e],i=t.Fr,o=t.tm;t[e].batchApplyKey=async function(t,n,l,r,s){let c,d,u,g,f;if(r=r||"affine",s=s||"affine","G1"==e)"jacobian"==r?(u=3*a.F.n8,c="g1m_batchApplyKey"):(u=2*a.F.n8,c="g1m_batchApplyKeyMixed"),g=3*a.F.n8,"jacobian"==s?f=3*a.F.n8:(d="g1m_batchToAffine",f=2*a.F.n8);else if("G2"==e)"jacobian"==r?(u=3*a.F.n8,c="g2m_batchApplyKey"):(u=2*a.F.n8,c="g2m_batchApplyKeyMixed"),g=3*a.F.n8,"jacobian"==s?f=3*a.F.n8:(d="g2m_batchToAffine",f=2*a.F.n8);else{if("Fr"!=e)throw new Error("Invalid group: "+e);c="frm_batchApplyKey",u=a.n8,g=a.n8,f=a.n8}const h=Math.floor(t.byteLength/u),_=Math.floor(h/o.concurrency),p=[];l=i.e(l);let m=i.e(n);for(let e=0;e=0;t--){if(!a.isZero(_))for(let t=0;tc&&(_=c),_<1024&&(_=1024);const p=[];for(let e=0;e(r&&r.debug(`Multiexp end: ${s}: ${e}/${u}`),t))))}const m=await Promise.all(p);let w=a.zero;for(let t=m.length-1;t>=0;t--)w=a.add(w,m[t]);return w}a.multiExp=async function(t,e,a,i){return await n(t,e,"jacobian",a,i)},a.multiExpAffine=async function(t,e,a,i){return await n(t,e,"affine",a,i)}}function Ve(t,e){const a=t[e],i=t.Fr,o=a.tm;async function n(t,r,s,c,d,u){s=s||"affine",c=c||"affine";let g,f,h,_,p,m,w,L;"G1"==e?("affine"==s?(g=2*a.F.n8,_="g1m_batchToJacobian"):g=3*a.F.n8,f=3*a.F.n8,r&&(L="g1m_fftFinal"),w="g1m_fftJoin",m="g1m_fftMix","affine"==c?(h=2*a.F.n8,p="g1m_batchToAffine"):h=3*a.F.n8):"G2"==e?("affine"==s?(g=2*a.F.n8,_="g2m_batchToJacobian"):g=3*a.F.n8,f=3*a.F.n8,r&&(L="g2m_fftFinal"),w="g2m_fftJoin",m="g2m_fftMix","affine"==c?(h=2*a.F.n8,p="g2m_batchToAffine"):h=3*a.F.n8):"Fr"==e&&(g=a.n8,f=a.n8,h=a.n8,r&&(L="frm_fftFinal"),m="frm_fftMix",w="frm_fftJoin");let b=!1;Array.isArray(t)?(t=xe(t,g),b=!0):t=t.slice(0,t.byteLength);const y=t.byteLength/g,A=Ie(y);if(1<1<<28?new Se(2*u[0].byteLength):new Uint8Array(2*u[0].byteLength);return g.set(u[0]),g.set(u[1],u[0].byteLength),g}(t,s,c,d,u):await async function(t,e,a,o,r){let s,c;s=t.slice(0,t.byteLength/2),c=t.slice(t.byteLength/2,t.byteLength);const d=[];[s,c]=await l(s,c,"fftJoinExt",i.one,i.shift,e,"jacobian",o,r),d.push(n(s,!1,"jacobian",a,o,r)),d.push(n(c,!1,"jacobian",a,o,r));const u=await Promise.all(d);let g;g=u[0].byteLength>1<<28?new Se(2*u[0].byteLength):new Uint8Array(2*u[0].byteLength);return g.set(u[0]),g.set(u[1],u[0].byteLength),g}(t,s,c,d,u),b?Ee(e,h):e}let C,I,F;r&&(C=i.inv(i.e(y))),Fe(t,g);let x=Math.min(16384,y),E=y/x;for(;E=16;)E*=2,x/=2;const v=Ie(x),B=[];for(let e=0;e(d&&d.debug(`${u}: fft ${A} mix end: ${e}/${E}`),t))))}F=await Promise.all(B);for(let t=0;t(d&&d.debug(`${u}: fft ${A} join ${t}/${A} ${l+1}/${e} ${r}/${a/2}`),i))))}const l=await Promise.all(n);for(let t=0;t0;e--)I.set(F[e],t),t+=x*h,delete F[e];I.set(F[0].slice(0,(x-1)*h),t),delete F[0]}else for(let t=0;t65536&&(b=65536);const y=[];for(let e=0;e(u&&u.debug(`${g}: fftJoinExt End: ${e}/${L}`),t))))}const A=await Promise.all(y);let C,I;L*p>1<<28?(C=new Se(L*p),I=new Se(L*p)):(C=new Uint8Array(L*p),I=new Uint8Array(L*p));let F=0;for(let t=0;ti.s+1)throw s&&s.error("lagrangeEvaluations input too big"),new Error("lagrangeEvaluations input too big");let f=t.slice(0,t.byteLength/2),h=t.slice(t.byteLength/2,t.byteLength);const _=i.exp(i.shift,u/2),p=i.inv(i.sub(i.one,_));[f,h]=await l(f,h,"prepareLagrangeEvaluation",p,i.shiftInv,o,"jacobian",s,c+" prep");const m=[];let w;return m.push(n(f,!0,"jacobian",r,s,c+" t0")),m.push(n(h,!0,"jacobian",r,s,c+" t1")),[f,h]=await Promise.all(m),w=f.byteLength>1<<28?new Se(2*f.byteLength):new Uint8Array(2*f.byteLength),w.set(f),w.set(h,f.byteLength),w},a.fftMix=async function(t){const n=3*a.F.n8;let l,r;if("G1"==e)l="g1m_fftMix",r="g1m_fftJoin";else if("G2"==e)l="g2m_fftMix",r="g2m_fftJoin";else{if("Fr"!=e)throw new Error("Invalid group");l="frm_fftMix",r="frm_fftJoin"}const s=Math.floor(t.byteLength/n),c=Ie(s);let d=1<=0;t--)f.set(g[t][0],h),h+=g[t][0].byteLength;return f}}async function Ke(t){const e=await ke(t.wasm,t.singleThread),a={};return a.q=i(t.wasm.q.toString()),a.r=i(t.wasm.r.toString()),a.name=t.name,a.tm=e,a.prePSize=t.wasm.prePSize,a.preQSize=t.wasm.preQSize,a.Fr=new Ge(e,"frm",t.n8r,t.r),a.F1=new Ge(e,"f1m",t.n8q,t.q),a.F2=new Oe(e,"f2m",a.F1),a.G1=new Ue(e,"g1m",a.F1,t.wasm.pG1gen,t.wasm.pG1b,t.cofactorG1),a.G2=new Ue(e,"g2m",a.F2,t.wasm.pG2gen,t.wasm.pG2b,t.cofactorG2),a.F6=new Te(e,"f6m",a.F2),a.F12=new Oe(e,"ftm",a.F6),a.Gt=a.F12,De(a,"G1"),De(a,"G2"),De(a,"Fr"),$e(a,"G1"),$e(a,"G2"),Ve(a,"G1"),Ve(a,"G2"),Ve(a,"Fr"),function(t){const e=t.tm;t.pairing=function(a,i){e.startSyncOp();const o=e.allocBuff(t.G1.toJacobian(a)),n=e.allocBuff(t.G2.toJacobian(i)),l=e.alloc(t.Gt.n8);e.instance.exports[t.name+"_pairing"](o,n,l);const r=e.getBuff(l,t.Gt.n8);return e.endSyncOp(),r},t.pairingEq=async function(){let a,i;arguments.length%2==1?(a=arguments[arguments.length-1],i=(arguments.length-1)/2):(a=t.Gt.one,i=arguments.length/2);const o=[];for(let a=0;a>8n&0xFFn)),e.push(Number(a>>16n&0xFFn)),e.push(Number(a>>24n&0xFFn)),e}function Ye(t){const e=function(t){for(var e=[],a=0;a>6,128|63&i):i<55296||i>=57344?e.push(224|i>>12,128|i>>6&63,128|63&i):(a++,i=65536+((1023&i)<<10|1023&t.charCodeAt(a)),e.push(240|i>>18,128|i>>12&63,128|i>>6&63,128|63&i))}return e}(t);return[...aa(e.length),...e]}function Je(t){const e=[];let a=je(t);if(He(a))throw new Error("Number cannot be negative");for(;!Ze(a);)e.push(Number(0x7Fn&a)),a>>=7n;0==e.length&&e.push(0);for(let t=0;t0xFFFFFFFFn)throw new Error("Number too big");if(e>0x7FFFFFFFn&&(e-=0x100000000n),e<-2147483648n)throw new Error("Number too small");return Xe(e)}function ea(t){let e=je(t);if(e>0xFFFFFFFFFFFFFFFFn)throw new Error("Number too big");if(e>0x7FFFFFFFFFFFFFFFn&&(e-=0x10000000000000000n),e<-9223372036854775808n)throw new Error("Number too small");return Xe(e)}function aa(t){let e=je(t);if(e>0xFFFFFFFFn)throw new Error("Number too big");return Je(e)}function ia(t){return Array.from(t,(function(t){return("0"+(255&t).toString(16)).slice(-2)})).join("")}class oa{constructor(t){this.func=t,this.functionName=t.functionName,this.module=t.module}setLocal(t,e){const a=this.func.localIdxByName[t];if(void 0===a)throw new Error(`Local Variable not defined: Function: ${this.functionName} local: ${t} `);return[...e,33,...aa(a)]}teeLocal(t,e){const a=this.func.localIdxByName[t];if(void 0===a)throw new Error(`Local Variable not defined: Function: ${this.functionName} local: ${t} `);return[...e,34,...aa(a)]}getLocal(t){const e=this.func.localIdxByName[t];if(void 0===e)throw new Error(`Local Variable not defined: Function: ${this.functionName} local: ${t} `);return[32,...aa(e)]}i64_load8_s(t,e,a){return[...t,48,void 0===a?0:a,...aa(e||0)]}i64_load8_u(t,e,a){return[...t,49,void 0===a?0:a,...aa(e||0)]}i64_load16_s(t,e,a){return[...t,50,void 0===a?1:a,...aa(e||0)]}i64_load16_u(t,e,a){return[...t,51,void 0===a?1:a,...aa(e||0)]}i64_load32_s(t,e,a){return[...t,52,void 0===a?2:a,...aa(e||0)]}i64_load32_u(t,e,a){return[...t,53,void 0===a?2:a,...aa(e||0)]}i64_load(t,e,a){return[...t,41,void 0===a?3:a,...aa(e||0)]}i64_store(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=3,l=e):Array.isArray(a)?(o=e,n=3,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,55,n,...aa(o)]}i64_store32(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=2,l=e):Array.isArray(a)?(o=e,n=2,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,62,n,...aa(o)]}i64_store16(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=1,l=e):Array.isArray(a)?(o=e,n=1,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,61,n,...aa(o)]}i64_store8(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=0,l=e):Array.isArray(a)?(o=e,n=0,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,60,n,...aa(o)]}i32_load8_s(t,e,a){return[...t,44,void 0===a?0:a,...aa(e||0)]}i32_load8_u(t,e,a){return[...t,45,void 0===a?0:a,...aa(e||0)]}i32_load16_s(t,e,a){return[...t,46,void 0===a?1:a,...aa(e||0)]}i32_load16_u(t,e,a){return[...t,47,void 0===a?1:a,...aa(e||0)]}i32_load(t,e,a){return[...t,40,void 0===a?2:a,...aa(e||0)]}i32_store(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=2,l=e):Array.isArray(a)?(o=e,n=2,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,54,n,...aa(o)]}i32_store16(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=1,l=e):Array.isArray(a)?(o=e,n=1,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,59,n,...aa(o)]}i32_store8(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=0,l=e):Array.isArray(a)?(o=e,n=0,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,58,n,...aa(o)]}call(t,...e){const a=this.module.functionIdxByName[t];if(void 0===a)throw new Error(`Function not defined: Function: ${t}`);return[...[].concat(...e),16,...aa(a)]}call_indirect(t,...e){return[...[].concat(...e),...t,17,0,0]}if(t,e,a){return a?[...t,4,64,...e,5,...a,11]:[...t,4,64,...e,11]}block(t){return[2,64,...t,11]}loop(...t){return[3,64,...[].concat(...t),11]}br_if(t,e){return[...e,13,...aa(t)]}br(t){return[12,...aa(t)]}ret(t){return[...t,15]}drop(t){return[...t,26]}i64_const(t){return[66,...ea(t)]}i32_const(t){return[65,...ta(t)]}i64_eqz(t){return[...t,80]}i64_eq(t,e){return[...t,...e,81]}i64_ne(t,e){return[...t,...e,82]}i64_lt_s(t,e){return[...t,...e,83]}i64_lt_u(t,e){return[...t,...e,84]}i64_gt_s(t,e){return[...t,...e,85]}i64_gt_u(t,e){return[...t,...e,86]}i64_le_s(t,e){return[...t,...e,87]}i64_le_u(t,e){return[...t,...e,88]}i64_ge_s(t,e){return[...t,...e,89]}i64_ge_u(t,e){return[...t,...e,90]}i64_add(t,e){return[...t,...e,124]}i64_sub(t,e){return[...t,...e,125]}i64_mul(t,e){return[...t,...e,126]}i64_div_s(t,e){return[...t,...e,127]}i64_div_u(t,e){return[...t,...e,128]}i64_rem_s(t,e){return[...t,...e,129]}i64_rem_u(t,e){return[...t,...e,130]}i64_and(t,e){return[...t,...e,131]}i64_or(t,e){return[...t,...e,132]}i64_xor(t,e){return[...t,...e,133]}i64_shl(t,e){return[...t,...e,134]}i64_shr_s(t,e){return[...t,...e,135]}i64_shr_u(t,e){return[...t,...e,136]}i64_extend_i32_s(t){return[...t,172]}i64_extend_i32_u(t){return[...t,173]}i64_clz(t){return[...t,121]}i64_ctz(t){return[...t,122]}i32_eqz(t){return[...t,69]}i32_eq(t,e){return[...t,...e,70]}i32_ne(t,e){return[...t,...e,71]}i32_lt_s(t,e){return[...t,...e,72]}i32_lt_u(t,e){return[...t,...e,73]}i32_gt_s(t,e){return[...t,...e,74]}i32_gt_u(t,e){return[...t,...e,75]}i32_le_s(t,e){return[...t,...e,76]}i32_le_u(t,e){return[...t,...e,77]}i32_ge_s(t,e){return[...t,...e,78]}i32_ge_u(t,e){return[...t,...e,79]}i32_add(t,e){return[...t,...e,106]}i32_sub(t,e){return[...t,...e,107]}i32_mul(t,e){return[...t,...e,108]}i32_div_s(t,e){return[...t,...e,109]}i32_div_u(t,e){return[...t,...e,110]}i32_rem_s(t,e){return[...t,...e,111]}i32_rem_u(t,e){return[...t,...e,112]}i32_and(t,e){return[...t,...e,113]}i32_or(t,e){return[...t,...e,114]}i32_xor(t,e){return[...t,...e,115]}i32_shl(t,e){return[...t,...e,116]}i32_shr_s(t,e){return[...t,...e,117]}i32_shr_u(t,e){return[...t,...e,118]}i32_rotl(t,e){return[...t,...e,119]}i32_rotr(t,e){return[...t,...e,120]}i32_wrap_i64(t){return[...t,167]}i32_clz(t){return[...t,103]}i32_ctz(t){return[...t,104]}unreachable(){return[0]}current_memory(){return[63,0]}comment(){return[]}}const na={i32:127,i64:126,f32:125,f64:124,anyfunc:112,func:96,emptyblock:64};class la{constructor(t,e,a,i,o){if("import"==a)this.fnType="import",this.moduleName=i,this.fieldName=o;else{if("internal"!=a)throw new Error("Invalid function fnType: "+a);this.fnType="internal"}this.module=t,this.fnName=e,this.params=[],this.locals=[],this.localIdxByName={},this.code=[],this.returnType=null,this.nextLocal=0}addParam(t,e){if(this.localIdxByName[t])throw new Error(`param already exists. Function: ${this.fnName}, Param: ${t} `);const a=this.nextLocal++;this.localIdxByName[t]=a,this.params.push({type:e})}addLocal(t,e,a){const i=a||1;if(this.localIdxByName[t])throw new Error(`local already exists. Function: ${this.fnName}, Param: ${t} `);const o=this.nextLocal++;this.localIdxByName[t]=o,this.locals.push({type:e,length:i})}setReturnType(t){if(this.returnType)throw new Error(`returnType already defined. Function: ${this.fnName}`);this.returnType=t}getSignature(){return[96,...[...aa(this.params.length),...this.params.map((t=>na[t.type]))],...this.returnType?[1,na[this.returnType]]:[0]]}getBody(){const t=this.locals.map((t=>[...aa(t.length),na[t.type]])),e=[...aa(this.locals.length),...[].concat(...t),...this.code,11];return[...aa(e.length),...e]}addCode(...t){this.code.push(...[].concat(...t))}getCodeBuilder(){return new oa(this)}}class ra{constructor(){this.functions=[],this.functionIdxByName={},this.nImportFunctions=0,this.nInternalFunctions=0,this.memory={pagesSize:1,moduleName:"env",fieldName:"memory"},this.free=8,this.datas=[],this.modules={},this.exports=[],this.functionsTable=[]}build(){return this._setSignatures(),new Uint8Array([...We(1836278016),...We(1),...this._buildType(),...this._buildImport(),...this._buildFunctionDeclarations(),...this._buildFunctionsTable(),...this._buildExports(),...this._buildElements(),...this._buildCode(),...this._buildData()])}addFunction(t){if(void 0!==this.functionIdxByName[t])throw new Error(`Function already defined: ${t}`);const e=this.functions.length;return this.functionIdxByName[t]=e,this.functions.push(new la(this,t,"internal")),this.nInternalFunctions++,this.functions[e]}addIimportFunction(t,e,a){if(void 0!==this.functionIdxByName[t])throw new Error(`Function already defined: ${t}`);if(this.functions.length>0&&"internal"==this.functions[this.functions.length-1].type)throw new Error(`Import functions must be declared before internal: ${t}`);let i=a||t;const o=this.functions.length;return this.functionIdxByName[t]=o,this.functions.push(new la(this,t,"import",e,i)),this.nImportFunctions++,this.functions[o]}setMemory(t,e,a){this.memory={pagesSize:t,moduleName:e||"env",fieldName:a||"memory"}}exportFunction(t,e){const a=e||t;if(void 0===this.functionIdxByName[t])throw new Error(`Function not defined: ${t}`);const i=this.functionIdxByName[t];a!=t&&(this.functionIdxByName[a]=i),this.exports.push({exportName:a,idx:i})}addFunctionToTable(t){const e=this.functionIdxByName[t];this.functionsTable.push(e)}addData(t,e){this.datas.push({offset:t,bytes:e})}alloc(t,e){let a,i;(Array.isArray(t)||ArrayBuffer.isView(t))&&void 0===e?(a=t.length,i=t):(a=t,i=e),a=1+(a-1>>3)<<3;const o=this.free;return this.free+=a,i&&this.addData(o,i),o}allocString(t){const e=(new globalThis.TextEncoder).encode(t);return this.alloc([...e,0])}_setSignatures(){this.signatures=[];const t={};if(this.functionsTable.length>0){const e=this.functions[this.functionsTable[0]].getSignature();t["s_"+ia(e)]=0,this.signatures.push(e)}for(let e=0;e{e.pendingLoads.push({page:t,resolve:a,reject:i})}));return e.__statusPage("After Load request: ",t),a}__statusPage(t,e){const a=[],i=this;if(!i.logHistory)return;a.push("=="+t+" "+e);let o="";for(let t=0;t "+e.history[t][a][i])}_triggerLoad(){const t=this;if(t.reading)return;if(0==t.pendingLoads.length)return;const e=Object.keys(t.pages),a=[];for(let i=0;i0&&(void 0!==t.pages[t.pendingLoads[0].page]||i>0||a.length>0);){const e=t.pendingLoads.shift();if(void 0!==t.pages[e.page]){t.pages[e.page].pendingOps++;const i=a.indexOf(e.page);i>=0&&a.splice(i,1),t.pages[e.page].loading?t.pages[e.page].loading.push(e):e.resolve(),t.__statusPage("After Load (cached): ",e.page)}else{if(i)i--;else{const e=a.shift();t.__statusPage("Before Unload: ",e),t.avBuffs.unshift(t.pages[e]),delete t.pages[e],t.__statusPage("After Unload: ",e)}e.page>=t.totalPages?(t.pages[e.page]=n(),e.resolve(),t.__statusPage("After Load (new): ",e.page)):(t.reading=!0,t.pages[e.page]=n(),t.pages[e.page].loading=[e],o.push(t.fd.read(t.pages[e.page].buff,0,t.pageSize,e.page*t.pageSize).then((a=>{t.pages[e.page].size=a.bytesRead;const i=t.pages[e.page].loading;delete t.pages[e.page].loading;for(let t=0;t{e.reject(t)}))),t.__statusPage("After Load (loading): ",e.page))}}function n(){if(t.avBuffs.length>0){const e=t.avBuffs.shift();return e.dirty=!1,e.pendingOps=1,e.size=0,e}return{dirty:!1,buff:new Uint8Array(t.pageSize),pendingOps:1,size:0}}Promise.all(o).then((()=>{t.reading=!1,t.pendingLoads.length>0&&setImmediate(t._triggerLoad.bind(t)),t._tryClose()}))}_triggerWrite(){const t=this;if(t.writing)return;const e=Object.keys(t.pages),a=[];for(let i=0;i{o.writing=!1}),(e=>{console.log("ERROR Writing: "+e),t.error=e,t._tryClose()}))))}t.writing&&Promise.all(a).then((()=>{t.writing=!1,setImmediate(t._triggerWrite.bind(t)),t._tryClose(),t.pendingLoads.length>0&&setImmediate(t._triggerLoad.bind(t))}))}_getDirtyPage(){for(let t in this.pages)if(this.pages[t].dirty)return t;return-1}async write(t,e){if(0==t.byteLength)return;const a=this;if(void 0===e&&(e=a.pos),a.pos=e+t.byteLength,a.totalSize0;){await n[l-i];const e=r+s>a.pageSize?a.pageSize-r:s,o=t.slice(t.byteLength-s,t.byteLength-s+e);new Uint8Array(a.pages[l].buff.buffer,r,e).set(o),a.pages[l].dirty=!0,a.pages[l].pendingOps--,a.pages[l].size=Math.max(r+e,a.pages[l].size),l>=a.totalPages&&(a.totalPages=l+1),s-=e,l++,r=0,a.writing||setImmediate(a._triggerWrite.bind(a))}}async read(t,e){let a=new Uint8Array(t);return await this.readToBuffer(a,0,t,e),a}async readToBuffer(t,e,a,i){if(0==a)return;const o=this;if(a>o.pageSize*o.maxPagesLoaded*.8){const t=Math.floor(1.1*a);this.maxPagesLoaded=Math.floor(t/o.pageSize)+1}if(void 0===i&&(i=o.pos),o.pos=i+a,o.pendingClose)throw new Error("Reading a closing file");const n=Math.floor(i/o.pageSize),l=Math.floor((i+a-1)/o.pageSize),r=[];for(let t=n;t<=l;t++)r.push(o._loadPage(t));o._triggerLoad();let s=n,c=i%o.pageSize,d=i+a>o.totalSize?a-(i+a-o.totalSize):a;for(;d>0;){await r[s-n],o.__statusPage("After Await (read): ",s);const i=c+d>o.pageSize?o.pageSize-c:d,l=new Uint8Array(o.pages[s].buff.buffer,o.pages[s].buff.byteOffset+c,i);t.set(l,e+a-d),o.pages[s].pendingOps--,o.__statusPage("After Op done: ",s),d-=i,s++,c=0,o.pendingLoads.length>0&&setImmediate(o._triggerLoad.bind(o))}this.pos=i+a}_tryClose(){const t=this;if(!t.pendingClose)return;t.error&&t.pendingCloseReject(t.error);t._getDirtyPage()>=0||t.writing||t.reading||t.pendingLoads.length>0||t.pendingClose()}close(){const t=this;if(t.pendingClose)throw new Error("Closing the file twice");return new Promise(((e,a)=>{t.pendingClose=e,t.pendingCloseReject=a,t._tryClose()})).then((()=>{t.fd.close()}),(e=>{throw t.fd.close(),e}))}async discard(){await this.close(),await ha.promises.unlink(this.fileName)}async writeULE32(t,e){const a=new Uint8Array(4);new DataView(a.buffer).setUint32(0,t,!0),await this.write(a,e)}async writeUBE32(t,e){const a=new Uint8Array(4);new DataView(a.buffer).setUint32(0,t,!1),await this.write(a,e)}async writeULE64(t,e){const a=new Uint8Array(8),i=new DataView(a.buffer);i.setUint32(0,4294967295&t,!0),i.setUint32(4,Math.floor(t/4294967296),!0),await this.write(a,e)}async readULE32(t){const e=await this.read(4,t);return new Uint32Array(e.buffer)[0]}async readUBE32(t){const e=await this.read(4,t);return new DataView(e.buffer).getUint32(0,!1)}async readULE64(t){const e=await this.read(8,t),a=new Uint32Array(e.buffer);return 4294967296*a[1]+a[0]}async readString(t){const e=this;if(e.pendingClose)throw new Error("Reading a closing file");let a=void 0===t?e.pos:t,i=Math.floor(a/e.pageSize),o=!1,n="";for(;!o;){let t=e._loadPage(i);e._triggerLoad(),await t,e.__statusPage("After Await (read): ",i);let l=a%e.pageSize;const r=new Uint8Array(e.pages[i].buff.buffer,e.pages[i].buff.byteOffset+l,e.pageSize-l);let s=r.findIndex((t=>0===t));o=-1!==s,o?(n+=(new TextDecoder).decode(r.slice(0,s)),e.pos=i*this.pageSize+l+s+1):(n+=(new TextDecoder).decode(r),e.pos=i*this.pageSize+l+r.length),e.pages[i].pendingOps--,e.__statusPage("After Op done: ",i),a=e.pos,i++,e.pendingLoads.length>0&&setImmediate(e._triggerLoad.bind(e))}return n}}const ma=new Uint8Array(4),wa=new DataView(ma.buffer),La=new Uint8Array(8),ba=new DataView(La.buffer);class ya{constructor(){this.pageSize=16384}_resizeIfNeeded(t){if(t>this.allocSize){const e=Math.max(this.allocSize+(1<<20),Math.floor(1.1*this.allocSize),t),a=new Uint8Array(e);a.set(this.o.data),this.o.data=a,this.allocSize=e}}async write(t,e){if(void 0===e&&(e=this.pos),this.readOnly)throw new Error("Writing a read only file");this._resizeIfNeeded(e+t.byteLength),this.o.data.set(t.slice(),e),e+t.byteLength>this.totalSize&&(this.totalSize=e+t.byteLength),this.pos=e+t.byteLength}async readToBuffer(t,e,a,i){if(void 0===i&&(i=this.pos),this.readOnly&&i+a>this.totalSize)throw new Error("Reading out of bounds");this._resizeIfNeeded(i+a);const o=new Uint8Array(this.o.data.buffer,this.o.data.byteOffset+i,a);t.set(o,e),this.pos=i+a}async read(t,e){const a=new Uint8Array(t);return await this.readToBuffer(a,0,t,e),a}close(){this.o.data.byteLength!=this.totalSize&&(this.o.data=this.o.data.slice(0,this.totalSize))}async discard(){}async writeULE32(t,e){wa.setUint32(0,t,!0),await this.write(ma,e)}async writeUBE32(t,e){wa.setUint32(0,t,!1),await this.write(ma,e)}async writeULE64(t,e){ba.setUint32(0,4294967295&t,!0),ba.setUint32(4,Math.floor(t/4294967296),!0),await this.write(La,e)}async readULE32(t){const e=await this.read(4,t);return new Uint32Array(e.buffer)[0]}async readUBE32(t){const e=await this.read(4,t);return new DataView(e.buffer).getUint32(0,!1)}async readULE64(t){const e=await this.read(8,t),a=new Uint32Array(e.buffer);return 4294967296*a[1]+a[0]}async readString(t){const e=this;let a=void 0===t?e.pos:t;if(a>this.totalSize){if(this.readOnly)throw new Error("Reading out of bounds");this._resizeIfNeeded(t)}const i=new Uint8Array(e.o.data.buffer,a,this.totalSize-a);let o=i.findIndex((t=>0===t)),n="";return-1!==o?(n=(new TextDecoder).decode(i.slice(0,o)),e.pos=a+o+1):e.pos=a,n}}const Aa=1<<22;const Ca=new Uint8Array(4),Ia=new DataView(Ca.buffer),Fa=new Uint8Array(8),xa=new DataView(Fa.buffer);class Ea{constructor(){this.pageSize=16384}_resizeIfNeeded(t){if(t<=this.totalSize)return;if(this.readOnly)throw new Error("Reading out of file bounds");const e=Math.floor((t-1)/Aa)+1;for(let a=Math.max(this.o.data.length-1,0);a0;){const e=o+n>Aa?Aa-o:n,l=t.slice(t.byteLength-n,t.byteLength-n+e);new Uint8Array(a.o.data[i].buffer,o,e).set(l),n-=e,i++,o=0}this.pos=e+t.byteLength}async readToBuffer(t,e,a,i){const o=this;if(void 0===i&&(i=o.pos),this.readOnly&&i+a>this.totalSize)throw new Error("Reading out of bounds");this._resizeIfNeeded(i+a);let n=Math.floor(i/Aa),l=i%Aa,r=a;for(;r>0;){const i=l+r>Aa?Aa-l:r,s=new Uint8Array(o.o.data[n].buffer,l,i);t.set(s,e+a-r),r-=i,n++,l=0}this.pos=i+a}async read(t,e){const a=new Uint8Array(t);return await this.readToBuffer(a,0,t,e),a}close(){}async discard(){}async writeULE32(t,e){Ia.setUint32(0,t,!0),await this.write(Ca,e)}async writeUBE32(t,e){Ia.setUint32(0,t,!1),await this.write(Ca,e)}async writeULE64(t,e){xa.setUint32(0,4294967295&t,!0),xa.setUint32(4,Math.floor(t/4294967296),!0),await this.write(Fa,e)}async readULE32(t){const e=await this.read(4,t);return new Uint32Array(e.buffer)[0]}async readUBE32(t){const e=await this.read(4,t);return new DataView(e.buffer).getUint32(0,!1)}async readULE64(t){const e=await this.read(8,t),a=new Uint32Array(e.buffer);return 4294967296*a[1]+a[0]}async readString(t){const e=this;let a=void 0===t?e.pos:t;if(a>this.totalSize){if(this.readOnly)throw new Error("Reading out of bounds");this._resizeIfNeeded(t)}let i=!1,o="";for(;!i;){let t=Math.floor(a/Aa),n=a%Aa;if(void 0===e.o.data[t])throw new Error("ERROR");let l=Math.min(2048,e.o.data[t].length-n);const r=new Uint8Array(e.o.data[t].buffer,n,l);let s=r.findIndex((t=>0===t));i=-1!==s,i?(o+=(new TextDecoder).decode(r.slice(0,s)),e.pos=t*Aa+n+s+1):(o+=(new TextDecoder).decode(r),e.pos=t*Aa+n+r.length),a=e.pos}return o}}const va=1024,Ba=512,Sa=2,Pa=0,Ga=65536,Oa=8192;async function Ta(t,e,a){if("string"==typeof t&&(t={type:"file",fileName:t,cacheSize:e||Ga,pageSize:a||Oa}),"file"==t.type)return await _a(t.fileName,va|Ba|Sa,t.cacheSize,t.pageSize);if("mem"==t.type)return function(t){const e=t.initialSize||1<<20,a=new ya;return a.o=t,a.o.data=new Uint8Array(e),a.allocSize=e,a.totalSize=0,a.readOnly=!1,a.pos=0,a}(t);if("bigMem"==t.type)return function(t){const e=t.initialSize||0,a=new Ea;a.o=t;const i=e?Math.floor((e-1)/Aa)+1:0;a.o.data=[];for(let t=0;ta)throw new Error("Version not supported");const s=await n.readULE32();let c=[];for(let t=0;t1)throw new Error(t.fileName+": Section Duplicated "+a);t.pos=e[a][0].p,t.readingSection=e[a][0]}async function Ra(t,e){if(void 0===t.readingSection)throw new Error("Not reading a section");if(!e&&t.pos-t.readingSection.p!=t.readingSection.size)throw new Error("Invalid section size reading");delete t.readingSection}async function Da(t,e,a,i){const o=new Uint8Array(a);ga.toRprLE(o,0,e,a),await t.write(o,i)}async function Na(t,e,a){const i=await t.read(e,a);return ga.fromRprLE(i,0,e)}async function $a(t,e,a,i,o){void 0===o&&(o=e[i][0].size);const n=t.pageSize;await ka(t,e,i),await qa(a,i);for(let e=0;ee[a][0].size)throw new Error("Reading out of the range of the section");let n;return n=o<1<<30?new Uint8Array(o):new Se(o),await t.readToBuffer(n,0,o,e[a][0].p+i),n}async function Ka(t,e,a,i,o){const n=16*t.pageSize;if(await ka(t,e,o),await ka(a,i,o),e[o][0].size!=i[o][0].size)return!1;const l=e[o][0].size;for(let e=0;e=0)e=await sa();else{if(!(["BLS12381"].indexOf(a)>=0))throw new Error(`Curve not supported: ${t}`);e=await ca()}return e}var Xa="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},ti={exports:{}},ei=function t(e,a){if(!e){var i=new ai(a);throw Error.captureStackTrace&&Error.captureStackTrace(i,t),i}};class ai extends Error{}ai.prototype.name="AssertionError";var ii={exports:{}};function oi(t){return t.length}var ni={byteLength:oi,toString:function(t){const e=t.byteLength;let a="";for(let i=0;i1&&61===t.charCodeAt(e-1)&&e--,3*e>>>2}ri[45]=62,ri[95]=63;var ci={byteLength:si,toString:function(t){const e=t.byteLength;let a="";for(let i=0;i>2]+li[(3&t[i])<<4|t[i+1]>>4]+li[(15&t[i+1])<<2|t[i+2]>>6]+li[63&t[i+2]];return e%3==2?a=a.substring(0,a.length-1)+"=":e%3==1&&(a=a.substring(0,a.length-2)+"=="),a},write:function(t,e,a=0,i=si(e)){const o=Math.min(i,t.byteLength-a);for(let a=0,i=0;i>4,t[i++]=(15&n)<<4|l>>2,t[i++]=(3&l)<<6|63&r}return o}};function di(t){return t.length>>>1}var ui={byteLength:di,toString:function(t){const e=t.byteLength;t=new DataView(t.buffer,t.byteOffset,e);let a="",i=0;for(let o=e-e%4;i=48&&t<=57?t-48:t>=65&&t<=70?t-65+10:t>=97&&t<=102?t-97+10:void 0}function fi(t){let e=0;for(let a=0,i=t.length;a=55296&&o<=56319&&a+1=56320&&i<=57343){e+=4,a++;continue}}e+=o<=127?1:o<=2047?2:3}return e}let hi,_i;if("undefined"!=typeof TextDecoder){const t=new TextDecoder;hi=function(e){return t.decode(e)}}else hi=function(t){const e=t.byteLength;let a="",i=0;for(;i0){let e=0;for(;e>i,i-=6;i>=0;)t[l++]=128|a>>i&63,i-=6;n+=a>=65536?2:1}return o};var pi={byteLength:fi,toString:hi,write:_i};function mi(t){return 2*t.length}var wi,Li,bi={byteLength:mi,toString:function(t){const e=t.byteLength;let a="";for(let i=0;i>8,l=o%256;t[a+2*i]=l,t[a+2*i+1]=n}return o}};!function(t,e){const a=ni,i=ci,o=ui,n=pi,l=bi,r=255===new Uint8Array(Uint16Array.of(255).buffer)[0];function s(t){switch(t){case"ascii":return a;case"base64":return i;case"hex":return o;case"utf8":case"utf-8":case void 0:return n;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return l;default:throw new Error(`Unknown encoding: ${t}`)}}function c(t){return t instanceof Uint8Array}function d(t,e,a){return"string"==typeof t?function(t,e){const a=s(e),i=new Uint8Array(a.byteLength(t));return a.write(i,t,0,i.byteLength),i}(t,e):Array.isArray(t)?function(t){const e=new Uint8Array(t.length);return e.set(t),e}(t):ArrayBuffer.isView(t)?function(t){const e=new Uint8Array(t.byteLength);return e.set(t),e}(t):function(t,e,a){return new Uint8Array(t,e,a)}(t,e,a)}function u(t,e,a,i,o){if(0===t.byteLength)return-1;if("string"==typeof a?(i=a,a=0):void 0===a?a=o?0:t.length-1:a<0&&(a+=t.byteLength),a>=t.byteLength){if(o)return-1;a=t.byteLength-1}else if(a<0){if(!o)return-1;a=0}if("string"==typeof e)e=d(e,i);else if("number"==typeof e)return e&=255,o?t.indexOf(e,a):t.lastIndexOf(e,a);if(0===e.byteLength)return-1;if(o){let i=-1;for(let o=a;ot.byteLength&&(a=t.byteLength-e.byteLength);for(let i=a;i>=0;i--){let a=!0;for(let o=0;oo)return 1}return t.byteLength>e.byteLength?1:t.byteLengtht+e.byteLength),0));const a=new Uint8Array(e);let i=0;for(const e of t){if(i+e.byteLength>a.byteLength){const t=e.subarray(0,a.byteLength-i);return a.set(t,i),a}a.set(e,i),i+=e.byteLength}return a},copy:function(t,e,a=0,i=0,o=t.byteLength){if(o>0&&o=t.byteLength)throw new RangeError("sourceStart is out of range");if(o<0)throw new RangeError("sourceEnd is out of range");a>=e.byteLength&&(a=e.byteLength),o>t.byteLength&&(o=t.byteLength),e.byteLength-a=o||i<=a?"":(a<0&&(a=0),i>o&&(i=o),(0!==a||i{for(var t=new Uint8Array(128),e=0;e<64;e++)t[e<26?e+65:e<52?e+71:e<62?e-4:4*e-205]=e;return e=>{for(var a=e.length,i=new Uint8Array(3*(a-("="==e[a-1])-("="==e[a-2]))/4|0),o=0,n=0;o>4,i[n++]=r<<4|s>>2,i[n++]=s<<6|c}return i}})(),e=((t,e)=>function(){return e||(0,t[Object.keys(t)[0]])((e={exports:{}}).exports,e),e.exports})({"wasm-binary:./blake2b.wat"(e,a){a.exports=t("AGFzbQEAAAABEANgAn9/AGADf39/AGABfwADBQQAAQICBQUBAQroBwdNBQZtZW1vcnkCAAxibGFrZTJiX2luaXQAAA5ibGFrZTJiX3VwZGF0ZQABDWJsYWtlMmJfZmluYWwAAhBibGFrZTJiX2NvbXByZXNzAAMKvz8EwAIAIABCADcDACAAQgA3AwggAEIANwMQIABCADcDGCAAQgA3AyAgAEIANwMoIABCADcDMCAAQgA3AzggAEIANwNAIABCADcDSCAAQgA3A1AgAEIANwNYIABCADcDYCAAQgA3A2ggAEIANwNwIABCADcDeCAAQoiS853/zPmE6gBBACkDAIU3A4ABIABCu86qptjQ67O7f0EIKQMAhTcDiAEgAEKr8NP0r+68tzxBECkDAIU3A5ABIABC8e30+KWn/aelf0EYKQMAhTcDmAEgAELRhZrv+s+Uh9EAQSApAwCFNwOgASAAQp/Y+dnCkdqCm39BKCkDAIU3A6gBIABC6/qG2r+19sEfQTApAwCFNwOwASAAQvnC+JuRo7Pw2wBBOCkDAIU3A7gBIABCADcDwAEgAEIANwPIASAAQgA3A9ABC20BA38gAEHAAWohAyAAQcgBaiEEIAQpAwCnIQUCQANAIAEgAkYNASAFQYABRgRAIAMgAykDACAFrXw3AwBBACEFIAAQAwsgACAFaiABLQAAOgAAIAVBAWohBSABQQFqIQEMAAsLIAQgBa03AwALYQEDfyAAQcABaiEBIABByAFqIQIgASABKQMAIAIpAwB8NwMAIABCfzcD0AEgAikDAKchAwJAA0AgA0GAAUYNASAAIANqQQA6AAAgA0EBaiEDDAALCyACIAOtNwMAIAAQAwuqOwIgfgl/IABBgAFqISEgAEGIAWohIiAAQZABaiEjIABBmAFqISQgAEGgAWohJSAAQagBaiEmIABBsAFqIScgAEG4AWohKCAhKQMAIQEgIikDACECICMpAwAhAyAkKQMAIQQgJSkDACEFICYpAwAhBiAnKQMAIQcgKCkDACEIQoiS853/zPmE6gAhCUK7zqqm2NDrs7t/IQpCq/DT9K/uvLc8IQtC8e30+KWn/aelfyEMQtGFmu/6z5SH0QAhDUKf2PnZwpHagpt/IQ5C6/qG2r+19sEfIQ9C+cL4m5Gjs/DbACEQIAApAwAhESAAKQMIIRIgACkDECETIAApAxghFCAAKQMgIRUgACkDKCEWIAApAzAhFyAAKQM4IRggACkDQCEZIAApA0ghGiAAKQNQIRsgACkDWCEcIAApA2AhHSAAKQNoIR4gACkDcCEfIAApA3ghICANIAApA8ABhSENIA8gACkD0AGFIQ8gASAFIBF8fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSASfHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgE3x8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGIBR8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAVfHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgFnx8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBd8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAYfHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgGXx8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBp8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAbfHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgHHx8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIB18fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCAefHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgH3x8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFICB8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSAffHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgG3x8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBV8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAZfHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgGnx8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHICB8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAefHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggF3x8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIBJ8fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiAdfHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgEXx8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIBN8fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAcfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggGHx8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIBZ8fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAUfHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgHHx8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFIBl8fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAdfHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgEXx8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBZ8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByATfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggIHx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIB58fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiAbfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgH3x8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIBR8fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByAXfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggGHx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIBJ8fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSAafHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgFXx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgASAFIBh8fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSAafHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgFHx8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGIBJ8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAefHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgHXx8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBx8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAffHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgE3x8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBd8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAWfHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgG3x8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIBV8fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCARfHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgIHx8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFIBl8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSAafHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgEXx8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBZ8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAYfHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgE3x8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHIBV8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAbfHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggIHx8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIB98fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiASfHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgHHx8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIB18fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAXfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggGXx8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIBR8fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAefHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgE3x8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFIB18fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAXfHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgG3x8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBF8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByAcfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggGXx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIBR8fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiAVfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgHnx8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIBh8fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByAWfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggIHx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIB98fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSASfHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgGnx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgASAFIB18fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSAWfHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgEnx8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGICB8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAffHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgHnx8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBV8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAbfHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgEXx8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBh8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAXfHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgFHx8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIBp8fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCATfHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgGXx8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFIBx8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSAefHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgHHx8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBh8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAffHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgHXx8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHIBJ8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAUfHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggGnx8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIBZ8fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiARfHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgIHx8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIBV8fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAZfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggF3x8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIBN8fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAbfHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgF3x8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFICB8fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAffHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgGnx8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBx8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByAUfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggEXx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIBl8fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiAdfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgE3x8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIB58fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByAYfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggEnx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIBV8fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSAbfHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgFnx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgASAFIBt8fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSATfHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgGXx8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGIBV8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAYfHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgF3x8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBJ8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAWfHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgIHx8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBx8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAafHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgH3x8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIBR8fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCAdfHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgHnx8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFIBF8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSARfHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgEnx8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBN8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAUfHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgFXx8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHIBZ8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAXfHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggGHx8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIBl8fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiAafHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgG3x8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIBx8fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAdfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggHnx8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIB98fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAgfHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgH3x8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFIBt8fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAVfHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgGXx8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBp8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByAgfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggHnx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIBd8fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiASfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgHXx8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIBF8fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByATfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggHHx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIBh8fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSAWfHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgFHx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgISAhKQMAIAEgCYWFNwMAICIgIikDACACIAqFhTcDACAjICMpAwAgAyALhYU3AwAgJCAkKQMAIAQgDIWFNwMAICUgJSkDACAFIA2FhTcDACAmICYpAwAgBiAOhYU3AwAgJyAnKQMAIAcgD4WFNwMAICggKCkDACAIIBCFhTcDAAs=")}}),a=e(),i=WebAssembly.compile(a);return wi=async t=>(await WebAssembly.instantiate(await i,t)).exports}()().then((t=>{Ci=t})),Fi=64,xi=[];ti.exports=Oi;var Ei=ti.exports.BYTES_MIN=16,vi=ti.exports.BYTES_MAX=64;ti.exports.BYTES=32;var Bi=ti.exports.KEYBYTES_MIN=16,Si=ti.exports.KEYBYTES_MAX=64;ti.exports.KEYBYTES=32;var Pi=ti.exports.SALTBYTES=16,Gi=ti.exports.PERSONALBYTES=16;function Oi(t,e,a,i,o){if(!(this instanceof Oi))return new Oi(t,e,a,i,o);if(!Ci)throw new Error("WASM not loaded. Wait for Blake2b.ready(cb)");t||(t=32),!0!==o&&(yi(t>=Ei,"digestLength must be at least "+Ei+", was given "+t),yi(t<=vi,"digestLength must be at most "+vi+", was given "+t),null!=e&&(yi(e instanceof Uint8Array,"key must be Uint8Array or Buffer"),yi(e.length>=Bi,"key must be at least "+Bi+", was given "+e.length),yi(e.length<=Si,"key must be at least "+Si+", was given "+e.length)),null!=a&&(yi(a instanceof Uint8Array,"salt must be Uint8Array or Buffer"),yi(a.length===Pi,"salt must be exactly "+Pi+", was given "+a.length)),null!=i&&(yi(i instanceof Uint8Array,"personal must be Uint8Array or Buffer"),yi(i.length===Gi,"personal must be exactly "+Gi+", was given "+i.length))),xi.length||(xi.push(Fi),Fi+=216),this.digestLength=t,this.finalized=!1,this.pointer=xi.pop(),this._memory=new Uint8Array(Ci.memory.buffer),this._memory.fill(0,0,64),this._memory[0]=this.digestLength,this._memory[1]=e?e.length:0,this._memory[2]=1,this._memory[3]=1,a&&this._memory.set(a,32),i&&this._memory.set(i,48),this.pointer+216>this._memory.length&&this._realloc(this.pointer+216),Ci.blake2b_init(this.pointer,this.digestLength),e&&(this.update(e),this._memory.fill(0,Fi,Fi+e.length),this._memory[this.pointer+200]=128)}function Ti(){}function Ui(t){return(0!=(4294901760&t)?(t&=4294901760,16):0)|(0!=(4278255360&t)?(t&=4278255360,8):0)|(0!=(4042322160&t)?(t&=4042322160,4):0)|(0!=(3435973836&t)?(t&=3435973836,2):0)|0!=(2863311530&t)}function zi(t,e){const a=new DataView(t.buffer,t.byteOffset,t.byteLength);let i="";for(let t=0;t<4;t++){t>0&&(i+="\n"),i+="\t\t";for(let e=0;e<4;e++)e>0&&(i+=" "),i+=a.getUint32(16*t+4*e).toString(16).padStart(8,"0")}return e&&(i=e+"\n"+i),i}function Qi(t,e){if(t.byteLength!=e.byteLength)return!1;for(var a=new Int8Array(t),i=new Int8Array(e),o=0;o!=t.byteLength;o++)if(a[o]!=i[o])return!1;return!0}function qi(t){const e=t.getPartialHash(),a=ti.exports(64);return a.setPartialHash(e),a}async function Mi(t,e,a,i,o){if(t.G1.isZero(e))return!1;if(t.G1.isZero(a))return!1;if(t.G2.isZero(i))return!1;if(t.G2.isZero(o))return!1;return await t.pairingEq(e,o,t.G1.neg(a),i)}function ki(t){let e=new Uint8Array(t);return globalThis.crypto.getRandomValues(e),e}async function Ri(t){{const e=await globalThis.crypto.subtle.digest("SHA-256",t.buffer);return new Uint8Array(e)}}function Di(t,e){return new DataView(t.buffer).getUint32(e,!1)}async function Ni(t){for(;!t;)t=await window.prompt("Enter a random text. (Entropy): ","");const e=ti.exports(64);e.update(ki(64));const a=new TextEncoder;e.update(a.encode(t));const i=e.digest(),o=[];for(let t=0;t<8;t++)o[t]=Di(i,4*t);return new Q(o)}async function $i(t,e){let a,i;e<32?(a=1<>>0,i=1):(a=4294967296,i=1<>>0);let o=t;for(let t=0;t{a[i]=ji(t,e[i])})),a}return"bigint"==typeof e||void 0!==e.eq?e.toString(10):e}Oi.prototype._realloc=function(t){Ci.memory.grow(Math.max(0,Math.ceil(Math.abs(t-this._memory.length)/65536))),this._memory=new Uint8Array(Ci.memory.buffer)},Oi.prototype.update=function(t){return yi(!1===this.finalized,"Hash instance finalized"),yi(t instanceof Uint8Array,"input must be Uint8Array or Buffer"),Fi+t.length>this._memory.length&&this._realloc(Fi+t.length),this._memory.set(t,Fi),Ci.blake2b_update(this.pointer,Fi,Fi+t.length),this},Oi.prototype.digest=function(t){if(yi(!1===this.finalized,"Hash instance finalized"),this.finalized=!0,xi.push(this.pointer),Ci.blake2b_final(this.pointer),!t||"binary"===t)return this._memory.slice(this.pointer+128,this.pointer+128+this.digestLength);if("string"==typeof t)return Ai.toString(this._memory,t,this.pointer+128,this.pointer+128+this.digestLength);yi(t instanceof Uint8Array&&t.length>=this.digestLength,"input must be Uint8Array or Buffer");for(var e=0;et()),t):t(new Error("WebAssembly not supported"))},Oi.prototype.ready=Oi.ready,Oi.prototype.getPartialHash=function(){return this._memory.slice(this.pointer,this.pointer+216)},Oi.prototype.setPartialHash=function(t){this._memory.set(t,this.pointer)};const Hi=1,Zi=2,Wi=10,Yi=2,Ji=3,Xi=4,to=5,eo=6,ao=7,io=8,oo=9,no=10,lo=11,ro=12,so=13,co=14,uo=15,go=16,fo=17;async function ho(t,e){await qa(t,1),await t.writeULE32(1),await Ma(t);const a=await Ya(e.q);await qa(t,2);const i=a.q,o=8*(Math.floor((ga.bitLength(i)-1)/64)+1),n=a.r,l=8*(Math.floor((ga.bitLength(n)-1)/64)+1);await t.writeULE32(o),await Da(t,i,o),await t.writeULE32(l),await Da(t,n,l),await t.writeULE32(e.nVars),await t.writeULE32(e.nPublic),await t.writeULE32(e.domainSize),await _o(t,a,e.vk_alpha_1),await _o(t,a,e.vk_beta_1),await po(t,a,e.vk_beta_2),await po(t,a,e.vk_gamma_2),await _o(t,a,e.vk_delta_1),await po(t,a,e.vk_delta_2),await Ma(t)}async function _o(t,e,a){const i=new Uint8Array(2*e.G1.F.n8);e.G1.toRprLEM(i,0,a),await t.write(i)}async function po(t,e,a){const i=new Uint8Array(2*e.G2.F.n8);e.G2.toRprLEM(i,0,a),await t.write(i)}async function mo(t,e,a){const i=await t.read(2*e.G1.F.n8),o=e.G1.fromRprLEM(i,0);return a?e.G1.toObject(o):o}async function wo(t,e,a){const i=await t.read(2*e.G2.F.n8),o=e.G2.fromRprLEM(i,0);return a?e.G2.toObject(o):o}async function Lo(t,e,a){await ka(t,e,1);const i=await t.readULE32();if(await Ra(t),i===Hi)return await async function(t,e,a){const i={protocol:"groth16"};await ka(t,e,2);const o=await t.readULE32();i.n8q=o,i.q=await Na(t,o);const n=await t.readULE32();return i.n8r=n,i.r=await Na(t,n),i.curve=await Ya(i.q),i.nVars=await t.readULE32(),i.nPublic=await t.readULE32(),i.domainSize=await t.readULE32(),i.power=Ui(i.domainSize),i.vk_alpha_1=await mo(t,i.curve,a),i.vk_beta_1=await mo(t,i.curve,a),i.vk_beta_2=await wo(t,i.curve,a),i.vk_gamma_2=await wo(t,i.curve,a),i.vk_delta_1=await mo(t,i.curve,a),i.vk_delta_2=await wo(t,i.curve,a),await Ra(t),i}(t,e,a);if(i===Zi)return await async function(t,e,a){const i={protocol:"plonk"};await ka(t,e,2);const o=await t.readULE32();i.n8q=o,i.q=await Na(t,o);const n=await t.readULE32();return i.n8r=n,i.r=await Na(t,n),i.curve=await Ya(i.q),i.nVars=await t.readULE32(),i.nPublic=await t.readULE32(),i.domainSize=await t.readULE32(),i.power=Ui(i.domainSize),i.nAdditions=await t.readULE32(),i.nConstraints=await t.readULE32(),i.k1=await t.read(n),i.k2=await t.read(n),i.Qm=await mo(t,i.curve,a),i.Ql=await mo(t,i.curve,a),i.Qr=await mo(t,i.curve,a),i.Qo=await mo(t,i.curve,a),i.Qc=await mo(t,i.curve,a),i.S1=await mo(t,i.curve,a),i.S2=await mo(t,i.curve,a),i.S3=await mo(t,i.curve,a),i.X_2=await wo(t,i.curve,a),await Ra(t),i}(t,e,a);if(i===Wi)return await async function(t,e,a){const i={protocol:"fflonk"};i.protocolId=Wi,await ka(t,e,Yi);const o=await t.readULE32();i.n8q=o,i.q=await Na(t,o),i.curve=await Ya(i.q);const n=await t.readULE32();return i.n8r=n,i.r=await Na(t,n),i.nVars=await t.readULE32(),i.nPublic=await t.readULE32(),i.domainSize=await t.readULE32(),i.power=Ui(i.domainSize),i.nAdditions=await t.readULE32(),i.nConstraints=await t.readULE32(),i.k1=await t.read(n),i.k2=await t.read(n),i.w3=await t.read(n),i.w4=await t.read(n),i.w8=await t.read(n),i.wr=await t.read(n),i.X_2=await wo(t,i.curve,a),i.C0=await mo(t,i.curve,a),await Ra(t),i}(t,e,a);throw new Error("Protocol not supported: ")}async function bo(t,e,a){const i={delta:{}};i.deltaAfter=await mo(t,e,a),i.delta.g1_s=await mo(t,e,a),i.delta.g1_sx=await mo(t,e,a),i.delta.g2_spx=await wo(t,e,a),i.transcript=await t.read(64),i.type=await t.readULE32();const o=await t.readULE32(),n=t.pos;let l=0;for(;t.pos-n0){const e=new Uint8Array(i);await t.writeULE32(e.byteLength),await t.write(e)}else await t.writeULE32(0)}async function Co(t,e,a){await qa(t,10),await t.write(a.csHash),await t.writeULE32(a.contributions.length);for(let i=0;i0;)a.unshift(0),n--;return a}async function Oo(t,e){e=e||{};let a,i=32767,o=!1;for(;!o;)try{a=new WebAssembly.Memory({initial:i}),o=!0}catch(t){if(1===i)throw t;console.warn("Could not allocate "+1024*i*64+" bytes. This may cause severe instability. Trying with "+1024*i*64/2+" bytes"),i=Math.floor(i/2)}const n=await WebAssembly.compile(t);let l,r="",s="",c=1,d=0,u=0;const g=await WebAssembly.instantiate(n,{env:{memory:a},runtime:{exceptionHandler:function(t){let e;throw e=1==t?"Signal not found. ":2==t?"Too many signals set. ":3==t?"Signal already set. ":4==t?"Assert Failed. ":5==t?"Not enough memory. ":6==t?"Input signal array access exceeds the size. ":"Unknown error. ",console.error("ERROR: ",t,r),new Error(e+r)},printErrorMessage:function(){r+=h()+"\n"},writeBufferMessage:function(){const t=h();"\n"===t?(console.log(s),s=""):(""!==s&&(s+=" "),s+=t)},showSharedRWMemory:function(){const t=g.exports.getFieldNumLen32(),e=new Uint32Array(t);for(let a=0;a=2&&(d>=1||u>=7)){""!==s&&(s+=" ");const t=ga.fromArray(e,4294967296).toString();s+=t}else console.log(ga.fromArray(e,4294967296))},error:function(t,a,i,o,n,r){let s;throw s=7==t?_(a)+" "+l.getFr(o).toString()+" != "+l.getFr(n).toString()+" "+_(r):9==t?_(a)+" "+l.getFr(o).toString()+" "+_(n):5==t&&e.sym?_(a)+" "+e.sym.labelIdx2Name[n]:_(a)+" "+i+" "+o+" "+n+" "+r,console.log("ERROR: ",t,s),new Error(s)},log:function(t){console.log(l.getFr(t).toString())},logGetSignal:function(t,a){e.logGetSignal&&e.logGetSignal(t,l.getFr(a))},logSetSignal:function(t,a){e.logSetSignal&&e.logSetSignal(t,l.getFr(a))},logStartComponent:function(t){e.logStartComponent&&e.logStartComponent(t)},logFinishComponent:function(t){e.logFinishComponent&&e.logFinishComponent(t)}}});"function"==typeof g.exports.getVersion&&(c=g.exports.getVersion()),"function"==typeof g.exports.getMinorVersion&&(d=g.exports.getMinorVersion()),"function"==typeof g.exports.getPatchVersion&&(u=g.exports.getPatchVersion());const f=e&&(e.sanityCheck||e.logGetSignal||e.logSetSignal||e.logStartComponent||e.logFinishComponent);return l=2===c?new Uo(g,f):new To(a,g,f),l;function h(){for(var t="",e=g.exports.getMessageChar();0!=e;)t+=String.fromCharCode(e),e=g.exports.getMessageChar();return t}function _(t){const e=new Uint8Array(a.buffer),i=[];for(let a=0;e[t+a]>0;a++)i.push(e[t+a]);return String.fromCharCode.apply(null,i)}}class To{constructor(t,e,a){this.memory=t,this.i32=new Uint32Array(t.buffer),this.instance=e,this.n32=(this.instance.exports.getFrLen()>>2)-2;const i=this.instance.exports.getPRawPrime(),o=new Array(this.n32);for(let t=0;t>2)+t];this.prime=ga.fromArray(o,4294967296),this.Fr=new $(this.prime),this.mask32=ga.fromString("FFFFFFFF",16),this.NVars=this.instance.exports.getNVars(),this.n64=Math.floor((this.Fr.bitLength-1)/64)+1,this.R=this.Fr.e(ga.shiftLeft(1,64*this.n64)),this.RInv=this.Fr.inv(this.R),this.sanityCheck=a}circom_version(){return 1}async _doCalculateWitness(t,e){this.instance.exports.init(this.sanityCheck||e?1:0);const a=this.allocInt(),i=this.allocFr();Object.keys(t).forEach((e=>{const o=Po(e),n=parseInt(o.slice(0,8),16),l=parseInt(o.slice(8,16),16);try{this.instance.exports.getSignalOffset32(a,0,n,l)}catch(t){throw new Error(`Signal ${e} is not an input of the circuit.`)}const r=this.getInt(a),s=Bo(t[e]);for(let t=0;t>2]}setInt(t,e){this.i32[t>>2]=e}getFr(t){const e=this,a=t>>2;if(2147483648&e.i32[a+1]){const t=new Array(e.n32);for(let i=0;i>2]=o,void(a.i32[1+(t>>2)]=0)}a.i32[t>>2]=0,a.i32[1+(t>>2)]=2147483648;const n=ga.toArray(e,4294967296);for(let e=0;e>2)+e]=i>=0?n[i]:0}}}class Uo{constructor(t,e){this.instance=t,this.version=this.instance.exports.getVersion(),this.n32=this.instance.exports.getFieldNumLen32(),this.instance.exports.getRawPrime();const a=new Uint32Array(this.n32);for(let t=0;t{const a=Po(e),o=parseInt(a.slice(0,8),16),n=parseInt(a.slice(8,16),16),l=Bo(t[e]);if("function"==typeof this.instance.exports.getInputSignalSize){let t=this.instance.exports.getInputSignalSize(o,n);if(t<0)throw new Error(`Signal ${e} not found\n`);if(l.lengtht)throw new Error(`Too many values for input signal ${e}\n`)}for(let t=0;t1)throw new Error(t.fileName+": File has more than one header");t.pos=e[1][0].p;const a=await t.readULE32(),i=await t.read(a),o=ga.fromRprLE(i),n=await Ya(o);if(8*n.F1.n64!=a)throw new Error(t.fileName+": Invalid size");const l=await t.readULE32(),r=await t.readULE32();if(t.pos-e[1][0].p!=e[1][0].size)throw new Error("Invalid PTau header size");return{curve:n,power:l,ceremonyPower:r}}function Zo(t,e,a,i){const o={tau:{},alpha:{},beta:{}};return o.tau.g1_s=n(),o.tau.g1_sx=n(),o.alpha.g1_s=n(),o.alpha.g1_sx=n(),o.beta.g1_s=n(),o.beta.g1_sx=n(),o.tau.g2_spx=l(),o.alpha.g2_spx=l(),o.beta.g2_spx=l(),o;function n(){let o;return o=i?a.G1.fromRprLEM(t,e):a.G1.fromRprUncompressed(t,e),e+=2*a.G1.F.n8,o}function l(){let o;return o=i?a.G2.fromRprLEM(t,e):a.G2.fromRprUncompressed(t,e),e+=2*a.G2.F.n8,o}}function Wo(t,e,a,i,o){async function n(i){o?a.G1.toRprLEM(t,e,i):a.G1.toRprUncompressed(t,e,i),e+=2*a.F1.n8}async function l(i){o?a.G2.toRprLEM(t,e,i):a.G2.toRprUncompressed(t,e,i),e+=2*a.F2.n8}return n(i.tau.g1_s),n(i.tau.g1_sx),n(i.alpha.g1_s),n(i.alpha.g1_sx),n(i.beta.g1_s),n(i.beta.g1_sx),l(i.tau.g2_spx),l(i.alpha.g2_spx),l(i.beta.g2_spx),t}async function Yo(t,e){const a={};a.tauG1=await s(),a.tauG2=await c(),a.alphaG1=await s(),a.betaG1=await s(),a.betaG2=await c(),a.key=await async function(t,e,a){return Zo(await t.read(2*e.F1.n8*6+2*e.F2.n8*3),0,e,a)}(t,e,!0),a.partialHash=await t.read(216),a.nextChallenge=await t.read(64),a.type=await t.readULE32();const i=new Uint8Array(2*e.G1.F.n8*6+2*e.G2.F.n8*3);Wo(i,0,e,a.key,!1);const o=ti.exports(64);o.setPartialHash(a.partialHash),o.update(i),a.responseHash=o.digest();const n=await t.readULE32(),l=t.pos;let r=0;for(;t.pos-l1)throw new Error(t.fileName+": File has more than one contributions section");t.pos=a[7][0].p;const i=await t.readULE32(),o=[];for(let a=0;a0){const e=new Uint8Array(n);await t.writeULE32(e.byteLength),await t.write(e)}else await t.writeULE32(0);async function l(a){e.G1.toRprLEM(i,0,a),await t.write(i)}async function r(a){e.G2.toRprLEM(o,0,a),await t.write(o)}}async function tn(t,e,a){await t.writeULE32(7);const i=t.pos;await t.writeULE64(0),await t.writeULE32(a.length);for(let i=0;i0?u[u.length-1].nextChallenge:en(c,d,n);const L=await Qa(a,"ptau",1,o?7:2);await jo(L,c,d);const b=await m.read(64);if(Qi(l,w)&&(w=b,u[u.length-1].nextChallenge=w),!Qi(b,w))throw new Error("Wrong contribution. this contribution is not based on the previus hash");const y=new ti.exports(64);y.update(b);const A=[];let C;C=await x(m,L,"G1",2,2**d*2-1,[1],"tauG1"),g.tauG1=C[0],C=await x(m,L,"G2",3,2**d,[1],"tauG2"),g.tauG2=C[0],C=await x(m,L,"G1",4,2**d,[0],"alphaG1"),g.alphaG1=C[0],C=await x(m,L,"G1",5,2**d,[0],"betaG1"),g.betaG1=C[0],C=await x(m,L,"G2",6,1,[0],"betaG2"),g.betaG2=C[0],g.partialHash=y.getPartialHash();const I=await m.read(2*c.F1.n8*6+2*c.F2.n8*3);g.key=Zo(I,0,c,!1),y.update(new Uint8Array(I));const F=y.digest();if(n&&n.info(zi(F,"Contribution Response Hash imported: ")),o){const t=new ti.exports(64);t.update(F),await E(t,L,"G1",2,2**d*2-1,"tauG1",n),await E(t,L,"G2",3,2**d,"tauG2",n),await E(t,L,"G1",4,2**d,"alphaTauG1",n),await E(t,L,"G1",5,2**d,"betaTauG1",n),await E(t,L,"G2",6,1,"betaG2",n),g.nextChallenge=t.digest(),n&&n.info(zi(g.nextChallenge,"Next Challenge Hash: "))}else g.nextChallenge=l;return u.push(g),await tn(L,c,u),await m.close(),await L.close(),await r.close(),g.nextChallenge;async function x(t,e,a,i,l,r,s){return o?await async function(t,e,a,i,o,l,r){const s=c[a],d=s.F.n8,u=2*s.F.n8,g=[];await qa(e,i);const f=Math.floor((1<<24)/u);A[i]=e.pos;for(let a=0;a=a&&e=e&&o1?s[s.length-2]:c;const u=s[s.length-1];if(e&&e.debug("Validating contribution #"+s[s.length-1].id),!await nn(n,u,d,e))return!1;const g=ti.exports(64);g.update(u.responseHash),e&&e.debug("Verifying powers in tau*G1 section");const f=await b(2,"G1","tauG1",2**l*2-1,[0,1],e);if(a=await on(n,f.R1,f.R2,n.G2.g,u.tauG2),!0!==a)return e&&e.error("tauG1 section. Powers do not match"),!1;if(!n.G1.eq(n.G1.g,f.singularPoints[0]))return e&&e.error("First element of tau*G1 section must be the generator"),!1;if(!n.G1.eq(u.tauG1,f.singularPoints[1]))return e&&e.error("Second element of tau*G1 section does not match the one in the contribution section"),!1;e&&e.debug("Verifying powers in tau*G2 section");const h=await b(3,"G2","tauG2",2**l,[0,1],e);if(a=await on(n,n.G1.g,u.tauG1,h.R1,h.R2),!0!==a)return e&&e.error("tauG2 section. Powers do not match"),!1;if(!n.G2.eq(n.G2.g,h.singularPoints[0]))return e&&e.error("First element of tau*G2 section must be the generator"),!1;if(!n.G2.eq(u.tauG2,h.singularPoints[1]))return e&&e.error("Second element of tau*G2 section does not match the one in the contribution section"),!1;e&&e.debug("Verifying powers in alpha*tau*G1 section");const _=await b(4,"G1","alphatauG1",2**l,[0],e);if(a=await on(n,_.R1,_.R2,n.G2.g,u.tauG2),!0!==a)return e&&e.error("alphaTauG1 section. Powers do not match"),!1;if(!n.G1.eq(u.alphaG1,_.singularPoints[0]))return e&&e.error("First element of alpha*tau*G1 section (alpha*G1) does not match the one in the contribution section"),!1;e&&e.debug("Verifying powers in beta*tau*G1 section");const p=await b(5,"G1","betatauG1",2**l,[0],e);if(a=await on(n,p.R1,p.R2,n.G2.g,u.tauG2),!0!==a)return e&&e.error("betaTauG1 section. Powers do not match"),!1;if(!n.G1.eq(u.betaG1,p.singularPoints[0]))return e&&e.error("First element of beta*tau*G1 section (beta*G1) does not match the one in the contribution section"),!1;const m=await async function(t){const e=n.G2,a=2*e.F.n8,l=new Uint8Array(a);if(!o[6])throw t.error("File has no BetaG2 section"),new Error("File has no BetaG2 section");if(o[6].length>1)throw t.error("File has no BetaG2 section"),new Error("File has more than one GetaG2 section");i.pos=o[6][0].p;const r=await i.read(a),s=e.fromRprLEM(r);return e.toRprUncompressed(l,0,s),g.update(l),s}(e);if(!n.G2.eq(u.betaG2,m))return e&&e.error("betaG2 element in betaG2 section does not match the one in the contribution section"),!1;const w=g.digest();if(l==r&&!Qi(w,u.nextChallenge))return e&&e.error("Hash of the values does not match the next challenge of the last contributor in the contributions section"),!1;e&&e.info(zi(w,"Next challenge hash: ")),L(u,d);for(let t=s.length-2;t>=0;t--){const a=s[t],i=t>0?s[t-1]:c;if(!await nn(n,a,i,e))return!1;L(a,i)}if(e&&e.info("-----------------------------------------------------"),o[12]&&o[13]&&o[14]&&o[15]){let t;if(t=await y("G1",2,12,"tauG1",e),!t)return!1;if(t=await y("G2",3,13,"tauG2",e),!t)return!1;if(t=await y("G1",4,14,"alphaTauG1",e),!t)return!1;if(t=await y("G1",5,15,"betaTauG1",e),!t)return!1}else e&&e.warn('this file does not contain phase2 precalculated values. Please run: \n snarkjs "powersoftau preparephase2" to prepare this file to be used in the phase2 ceremony.');return await i.close(),e&&e.info("Powers of Tau Ok!"),!0;function L(t,a){if(!e)return;e.info("-----------------------------------------------------"),e.info(`Contribution #${t.id}: ${t.name||""}`),e.info(zi(t.nextChallenge,"Next Challenge: "));const i=new Uint8Array(2*n.G1.F.n8*6+2*n.G2.F.n8*3);Wo(i,0,n,t.key,!1);const o=ti.exports(64);o.setPartialHash(t.partialHash),o.update(i);const l=o.digest();e.info(zi(l,"Response Hash:")),e.info(zi(a.nextChallenge,"Response Hash:")),1==t.type&&(e.info(`Beacon generator: ${Ki(t.beaconHash)}`),e.info(`Beacon iterations Exp: ${t.numIterationsExp}`))}async function b(t,e,a,l,r,s){const c=n[e],d=2*c.F.n8;await ka(i,o,t);const u=[];let f=c.zero,h=c.zero,_=c.zero;for(let t=0;t0){const t=c.fromRprLEM(o,0),e=Di(ki(4),0);f=c.add(f,c.timesScalar(_,e)),h=c.add(h,c.timesScalar(t,e))}const m=await c.multiExpAffine(o.slice(0,(e-1)*d),p),w=await c.multiExpAffine(o.slice(d),p);f=c.add(f,m),h=c.add(h,w),_=c.fromRprLEM(o,(e-1)*d);for(let a=0;a=t&&i1;)c/=2,d+=1;if(2**d!=s)throw new Error("Invalid file size");o&&o.debug("Power to tau size: "+d);const u=await Ni(i),g=await Ta(a),f=ti.exports(64);for(let t=0;t{o.debug(e+".g1_s: "+t.G1.toString(p[e].g1_s,16)),o.debug(e+".g1_sx: "+t.G1.toString(p[e].g1_sx,16)),o.debug(e+".g2_sp: "+t.G2.toString(p[e].g2_sp,16)),o.debug(e+".g2_spx: "+t.G2.toString(p[e].g2_spx,16)),o.debug("")}));const m=ti.exports(64);await g.write(_),m.update(_),await rn(n,g,m,t,"G1",2**d*2-1,t.Fr.one,p.tau.prvKey,"COMPRESSED","tauG1",o),await rn(n,g,m,t,"G2",2**d,t.Fr.one,p.tau.prvKey,"COMPRESSED","tauG2",o),await rn(n,g,m,t,"G1",2**d,p.alpha.prvKey,p.tau.prvKey,"COMPRESSED","alphaTauG1",o),await rn(n,g,m,t,"G1",2**d,p.beta.prvKey,p.tau.prvKey,"COMPRESSED","betaTauG1",o),await rn(n,g,m,t,"G2",1,p.beta.prvKey,p.tau.prvKey,"COMPRESSED","betaTauG2",o);const w=new Uint8Array(2*t.F1.n8*6+2*t.F2.n8*3);Wo(w,0,t,p,!1),await g.write(w),m.update(w);const L=m.digest();o&&o.info(zi(L,"Contribution Response Hash: ")),await g.close(),await n.close()},beacon:async function(t,e,a,i,o,n){const l=Vi(i);if(0==l.byteLength||2*l.byteLength!=i.length)return n&&n.error("Invalid Beacon Hash. (It must be a valid hexadecimal sequence)"),!1;if(l.length>=256)return n&&n.error("Maximum lenght of beacon hash is 255 bytes"),!1;if((o=parseInt(o))<10||o>63)return n&&n.error("Invalid numIterationsExp. (Must be between 10 and 63)"),!1;await ti.exports.ready();const{fd:r,sections:s}=await za(t,"ptau",1),{curve:c,power:d,ceremonyPower:u}=await Ho(r,s);if(d!=u)return n&&n.error("This file has been reduced. You cannot contribute into a reduced file."),!1;s[12]&&n&&n.warn("Contributing into a file that has phase2 calculated. You will have to prepare phase2 again.");const g=await Jo(r,c,s),f={name:a,type:1,numIterationsExp:o,beaconHash:l};let h;h=g.length>0?g[g.length-1].nextChallenge:en(c,d,n),f.key=await an(c,h,l,o);const _=new ti.exports(64);_.update(h);const p=await Qa(e,"ptau",1,7);await jo(p,c,d);const m=[];let w;w=await A(2,"G1",2**d*2-1,c.Fr.e(1),f.key.tau.prvKey,"tauG1",n),f.tauG1=w[1],w=await A(3,"G2",2**d,c.Fr.e(1),f.key.tau.prvKey,"tauG2",n),f.tauG2=w[1],w=await A(4,"G1",2**d,f.key.alpha.prvKey,f.key.tau.prvKey,"alphaTauG1",n),f.alphaG1=w[0],w=await A(5,"G1",2**d,f.key.beta.prvKey,f.key.tau.prvKey,"betaTauG1",n),f.betaG1=w[0],w=await A(6,"G2",1,f.key.beta.prvKey,f.key.tau.prvKey,"betaTauG2",n),f.betaG2=w[0],f.partialHash=_.getPartialHash();const L=new Uint8Array(2*c.F1.n8*6+2*c.F2.n8*3);Wo(L,0,c,f.key,!1),_.update(new Uint8Array(L));const b=_.digest();n&&n.info(zi(b,"Contribution Response Hash imported: "));const y=new ti.exports(64);return y.update(b),await C(p,"G1",2,2**d*2-1,"tauG1",n),await C(p,"G2",3,2**d,"tauG2",n),await C(p,"G1",4,2**d,"alphaTauG1",n),await C(p,"G1",5,2**d,"betaTauG1",n),await C(p,"G2",6,1,"betaG2",n),f.nextChallenge=y.digest(),n&&n.info(zi(f.nextChallenge,"Next Challenge Hash: ")),g.push(f),await tn(p,c,g),await r.close(),await p.close(),b;async function A(t,e,a,i,o,n,l){const d=[];r.pos=s[t][0].p,await qa(p,t),m[t]=p.pos;const u=c[e],g=2*u.F.n8,f=Math.floor((1<<20)/g);let h=i;for(let t=0;t0?d[d.length-1].nextChallenge:en(r,s,o),u.key=Ko(r,g,f);const h=new ti.exports(64);h.update(g);const _=await Qa(e,"ptau",1,7);await jo(_,r,s);const p=[];let m;m=await y(2,"G1",2**s*2-1,r.Fr.e(1),u.key.tau.prvKey,"tauG1"),u.tauG1=m[1],m=await y(3,"G2",2**s,r.Fr.e(1),u.key.tau.prvKey,"tauG2"),u.tauG2=m[1],m=await y(4,"G1",2**s,u.key.alpha.prvKey,u.key.tau.prvKey,"alphaTauG1"),u.alphaG1=m[0],m=await y(5,"G1",2**s,u.key.beta.prvKey,u.key.tau.prvKey,"betaTauG1"),u.betaG1=m[0],m=await y(6,"G2",1,u.key.beta.prvKey,u.key.tau.prvKey,"betaTauG2"),u.betaG2=m[0],u.partialHash=h.getPartialHash();const w=new Uint8Array(2*r.F1.n8*6+2*r.F2.n8*3);Wo(w,0,r,u.key,!1),h.update(new Uint8Array(w));const L=h.digest();o&&o.info(zi(L,"Contribution Response Hash imported: "));const b=new ti.exports(64);return b.update(L),await A(_,"G1",2,2**s*2-1,"tauG1"),await A(_,"G2",3,2**s,"tauG2"),await A(_,"G1",4,2**s,"alphaTauG1"),await A(_,"G1",5,2**s,"betaTauG1"),await A(_,"G2",6,1,"betaG2"),u.nextChallenge=b.digest(),o&&o.info(zi(u.nextChallenge,"Next Challenge Hash: ")),d.push(u),await tn(_,r,d),await n.close(),await _.close(),L;async function y(t,e,a,i,s,c){const d=[];n.pos=l[t][0].p,await qa(_,t),p[t]=_.pos;const u=r[e],g=2*u.F.n8,f=Math.floor((1<<20)/g);let m=i;for(let t=0;t=this.length&&(this.length=t+1),!0}getKeys(){const t=new gn;for(let e=0;e1<<20?new gn:[];for(let t=0;t1<<20?new gn:[];for(let t=0;t1<<20?new gn:[];for(let t=0;t{let i="";return Object.keys(a).forEach((o=>{let n=e.varIdx2Name[o];"one"==n&&(n="1");let l=t.curve.Fr.toString(a[o]);"1"==l&&(l=""),"-1"==l&&(l="-"),""!=i&&"-"!=l[0]&&(l="+"+l),""!=i&&(l=" "+l),i=i+l+n})),i},n=`[ ${o(i[0])} ] * [ ${o(i[1])} ] - [ ${o(i[2])} ] = 0`;a&&a.info(n)}},info:async function(t,e){const a=await mn(t);return ga.eq(a.prime,Ln)?e&&e.info("Curve: bn-128"):ga.eq(a.prime,wn)?e&&e.info("Curve: bls12-381"):e&&e.info(`Unknown Curve. Prime: ${ga.toString(a.prime)}`),e&&e.info(`# of Wires: ${a.nVars}`),e&&e.info(`# of Constraints: ${a.nConstraints}`),e&&e.info(`# of Private Inputs: ${a.nPrvInputs}`),e&&e.info(`# of Public Inputs: ${a.nPubInputs}`),e&&e.info(`# of Labels: ${a.nLabels}`),e&&e.info(`# of Outputs: ${a.nOutputs}`),a},exportJson:async function(t,e){const a=await mn(t,!0,!0,!0,e),i=a.curve.Fr;return delete a.curve,delete a.F,ji(i,a)}});async function yn(t){const e={labelIdx2Name:["one"],varIdx2Name:["one"],componentIdx2Name:[]},a=await Ua(t),i=await a.read(a.totalSize),o=new TextDecoder("utf-8").decode(i).split("\n");for(let t=0;t Reading r1cs file");const{fd:i,sections:o}=await za(t,"r1cs",1),n=await pn(i,o,{loadConstraints:!1,loadCustomGates:!1});a&&a.info("> Reading witness file");const{fd:l,sections:r}=await za(e,"wtns",2),s=await xo(l,r);if(!ga.eq(n.prime,s.q))throw new Error("Curve of the witness does not match the curve of the proving key");const c=await Va(l,r,2);await l.close();const d=(await async function(t){let e;if(ga.eq(t,Ha))e=await sa();else{if(!ga.eq(t,ja))throw new Error(`Curve not supported: ${ga.toString(t)}`);e=await ca()}return e}(n.prime)).Fr,u=d.n8,g=await Va(i,o,2);a&&(a.info("----------------------------"),a.info(" WITNESS CHECK"),a.info(` Curve: ${n.curve.name}`),a.info(` Vars (wires): ${n.nVars}`),a.info(` Ouputs: ${n.nOutputs}`),a.info(` Public Inputs: ${n.nPubInputs}`),a.info(` Private Inputs: ${n.nPrvInputs}`),a.info(` Labels: ${n.nLabels}`),a.info(` Constraints: ${n.nConstraints}`),a.info(` Custom Gates: ${n.useCustomGates}`),a.info("----------------------------")),a&&a.info("> Checking witness correctness");let f=0,h=!0;for(let t=0;t{const i=function(t){return d.fromRprLE(c.slice(t*u,t*u+u))}(a),o=t[a];e=d.add(e,d.mul(i,o))})),e}function p(){const t={},e=g.slice(f,f+4);f+=4;const a=new DataView(e.buffer).getUint32(0,!0),i=g.slice(f,f+(4+n.n8)*a);f+=(4+n.n8)*a;const o=new DataView(i.buffer);for(let e=0;e=this.length&&(this.length=t+1),!0}getKeys(){const t=new En;for(let e=0;es)return i&&i.error(`circuit too big for this power of tau ceremony. ${u.nConstraints}*2 > 2**${s}`),-1;if(!l[12])return i&&i.error("Powers of tau is not prepared."),-1;const p=u.nOutputs+u.nPubInputs,m=2**_;await qa(g,1),await g.writeULE32(1),await Ma(g),await qa(g,2);const w=r.q,L=8*(Math.floor((ga.bitLength(w)-1)/64)+1),b=r.r,y=8*(Math.floor((ga.bitLength(b)-1)/64)+1),A=ga.mod(ga.shl(1,8*y),b),C=r.Fr.e(ga.mod(ga.mul(A,A),b));let I,F,x;await g.writeULE32(L),await Da(g,w,L),await g.writeULE32(y),await Da(g,b,y),await g.writeULE32(u.nVars),await g.writeULE32(p),await g.writeULE32(m),I=await n.read(f,l[4][0].p),await g.write(I),I=await r.G1.batchLEMtoU(I),o.update(I),F=await n.read(f,l[5][0].p),await g.write(F),F=await r.G1.batchLEMtoU(F),o.update(F),x=await n.read(h,l[6][0].p),await g.write(x),x=await r.G2.batchLEMtoU(x),o.update(x);const E=new Uint8Array(f);r.G1.toRprLEM(E,0,r.G1.g);const v=new Uint8Array(h);r.G2.toRprLEM(v,0,r.G2.g);const B=new Uint8Array(f);r.G1.toRprUncompressed(B,0,r.G1.g);const S=new Uint8Array(h);r.G2.toRprUncompressed(S,0,r.G2.g),await g.write(v),await g.write(E),await g.write(v),o.update(S),o.update(B),o.update(S),await Ma(g),i&&i.info("Reading r1cs");let P=await Va(c,d,2);const G=new En(u.nVars),O=new En(u.nVars),T=new En(u.nVars),U=new En(u.nVars-p-1),z=new Array(p+1);i&&i.info("Reading tauG1");let Q=await Va(n,l,12,(m-1)*f,m*f);i&&i.info("Reading tauG2");let q=await Va(n,l,13,(m-1)*h,m*h);i&&i.info("Reading alphatauG1");let M=await Va(n,l,14,(m-1)*f,m*f);i&&i.info("Reading betatauG1");let k=await Va(n,l,15,(m-1)*f,m*f);await async function(){const t=new Uint8Array(12+r.Fr.n8),e=new DataView(t.buffer),a=new Uint8Array(r.Fr.n8);r.Fr.toRprLE(a,0,r.Fr.e(1));let o=0;function n(){const t=P.slice(o,o+4);o+=4;return new DataView(t.buffer).getUint32(0,!0)}const l=new En;for(let t=0;t=0?r.Fr.fromRprLE(P.slice(i[3],i[3]+r.Fr.n8),0):r.Fr.fromRprLE(a,0);const n=r.Fr.mul(o,C);r.Fr.toRprLE(t,12,n),s.set(t,d),d+=t.length}await g.write(s),await Ma(g)}(),await D(3,"G1",z,"IC"),await async function(){await qa(g,9);const t=new Se(m*f);if(_(i&&i.debug(`Writing points end ${n}: ${d}/${a.length}`),t)))),c+=o,t++}const d=await Promise.all(s);for(let t=0;t32768?(f=new Se(_*n),h=new Se(_*r.Fr.n8)):(f=new Uint8Array(_*n),h=new Uint8Array(_*r.Fr.n8));let p=0,m=0;const w=[Q,q,M,k],L=new Uint8Array(r.Fr.n8);r.Fr.toRprLE(L,0,r.Fr.e(1));let b=0;for(let t=0;t=0?h.set(P.slice(e[t][o][2],e[t][o][2]+r.Fr.n8),b*r.Fr.n8):h.set(L,b*r.Fr.n8),b++;if(e.length>1){const t=[];t.push({cmd:"ALLOCSET",var:0,buff:f}),t.push({cmd:"ALLOCSET",var:1,buff:h}),t.push({cmd:"ALLOC",var:2,len:e.length*l}),p=0,m=0;let a=0;for(let i=0;i=0;t--){const e=d.contributions[t];i&&i.info("-------------------------"),i&&i.info(zi(e.contributionHash,`contribution #${t+1} ${e.name?e.name:""}:`)),1==e.type&&(i&&i.info(`Beacon generator: ${Ki(e.beaconHash)}`),i&&i.info(`Beacon iterations Exp: ${e.numIterationsExp}`))}return i&&i.info("-------------------------"),i&&i.info("ZKey Ok!"),!0;async function w(t,e){const a=2*s.G1.F.n8,i=t.byteLength/a,o=s.tm.concurrency,n=Math.floor(i/o),l=[];for(let a=0;a Detected protocol: "+o.protocol),"groth16"===o.protocol)n=await async function(t,e,a){const i=await Ya(t.q),o=2*i.G1.F.n8,n=await i.pairing(t.vk_alpha_1,t.vk_beta_2);let l={protocol:t.protocol,curve:i.name,nPublic:t.nPublic,vk_alpha_1:i.G1.toObject(t.vk_alpha_1),vk_beta_2:i.G2.toObject(t.vk_beta_2),vk_gamma_2:i.G2.toObject(t.vk_gamma_2),vk_delta_2:i.G2.toObject(t.vk_delta_2),vk_alphabeta_12:i.Gt.toObject(n)};await ka(e,a,3),l.IC=[];for(let a=0;a<=t.nPublic;a++){const t=await e.read(o),a=i.G1.toObject(t);l.IC.push(a)}return await Ra(e),l=Pn(l),l}(o,a,i);else if("plonk"===o.protocol)n=await async function(t){const e=await Ya(t.q);let a={protocol:t.protocol,curve:e.name,nPublic:t.nPublic,power:t.power,k1:e.Fr.toObject(t.k1),k2:e.Fr.toObject(t.k2),Qm:e.G1.toObject(t.Qm),Ql:e.G1.toObject(t.Ql),Qr:e.G1.toObject(t.Qr),Qo:e.G1.toObject(t.Qo),Qc:e.G1.toObject(t.Qc),S1:e.G1.toObject(t.S1),S2:e.G1.toObject(t.S2),S3:e.G1.toObject(t.S3),X_2:e.G2.toObject(t.X_2),w:e.Fr.toObject(e.Fr.w[t.power])};return a=Pn(a),a}(o);else{if(!o.protocolId||o.protocolId!==Wi)throw new Error("zkey file protocol unrecognized");n=await async function(t,e){const a=await Ya(t.q);let i={protocol:t.protocol,curve:a.name,nPublic:t.nPublic,power:t.power,k1:a.Fr.toObject(t.k1),k2:a.Fr.toObject(t.k2),w:a.Fr.toObject(a.Fr.w[t.power]),w3:a.Fr.toObject(t.w3),w4:a.Fr.toObject(t.w4),w8:a.Fr.toObject(t.w8),wr:a.Fr.toObject(t.wr),X_2:a.G2.toObject(t.X_2),C0:a.G1.toObject(t.C0)};return Pn(i)}(o)}return await a.close(),e&&e.info("EXPORT VERIFICATION KEY FINISHED"),n}var On={};const{unstringifyBigInts:Tn,stringifyBigInts:Un}=fa;async function zn(t,e,a){a&&a.info("FFLONK EXPORT SOLIDITY VERIFIER STARTED");const i=await Ja(t.curve);let o=c(t.w3);t.w3_2=d(i.Fr.square(o));let n=c(t.w4);t.w4_2=d(i.Fr.square(n)),t.w4_3=d(i.Fr.mul(i.Fr.square(n),n));let l=c(t.w8),r=i.Fr.one;for(let e=1;e<8;e++)r=i.Fr.mul(r,l),t["w8_"+e]=d(r);let s=e[t.protocol];return a&&a.info("FFLONK EXPORT SOLIDITY VERIFIER FINISHED"),On.render(s,t);function c(t){const e=Tn(t);return i.Fr.fromObject(e)}function d(t){const e=i.Fr.toObject(t);return Un(e)}}var Qn=Object.freeze({__proto__:null,newZKey:vn,exportBellman:async function(t,e,a){const{fd:i,sections:o}=await za(t,"zkey",2),n=await Lo(i,o);if("groth16"!=n.protocol)throw new Error("zkey file is not groth16");const l=await Ya(n.q),r=2*l.G1.F.n8,s=2*l.G2.F.n8,c=await yo(i,l,o),d=await Ta(e);let u;await w(n.vk_alpha_1),await w(n.vk_beta_1),await L(n.vk_beta_2),await L(n.vk_gamma_2),await w(n.vk_delta_1),await L(n.vk_delta_2),u=await Va(i,o,3),u=await l.G1.batchLEMtoU(u),await b("G1",u);const g=await Va(i,o,9);let f,h,_,p,m;f=await l.G1.fft(g,"affine","jacobian",a),f=await l.G1.batchApplyKey(f,l.Fr.neg(l.Fr.e(2)),l.Fr.w[n.power+1],"jacobian","affine",a),f=f.slice(0,f.byteLength-r),f=await l.G1.batchLEMtoU(f),await b("G1",f),h=await Va(i,o,8),h=await l.G1.batchLEMtoU(h),await b("G1",h),_=await Va(i,o,5),_=await l.G1.batchLEMtoU(_),await b("G1",_),p=await Va(i,o,6),p=await l.G1.batchLEMtoU(p),await b("G1",p),m=await Va(i,o,7),m=await l.G2.batchLEMtoU(m),await b("G2",m),await d.write(c.csHash),await async function(t){const e=new Uint8Array(4);new DataView(e.buffer,e.byteOffset,e.byteLength).setUint32(0,t,!1),await d.write(e)}(c.contributions.length);for(let t=0;tg.contributions.length)return o&&o.error("The impoerted file does not include new contributions"),!1;for(let t=0;t=256)return n&&n.error("Maximum lenght of beacon hash is 255 bytes"),!1;if((o=parseInt(o))<10||o>63)return n&&n.error("Invalid numIterationsExp. (Must be between 10 and 63)"),!1;const{fd:r,sections:s}=await za(t,"zkey",2),c=await Lo(r,s);if("groth16"!=c.protocol)throw new Error("zkey file is not groth16");const d=await Ya(c.q),u=await yo(r,d,s),g=await Qa(e,"zkey",1,10),f=await $i(l,o),h=ti.exports(64);h.update(u.csHash);for(let t=0;t{const i=this.curve.G1.toObject(this.polynomials[a]);t?e.polynomials[a]=i:e[a]=i})),Object.keys(this.evaluations).forEach((a=>{const i=this.curve.Fr.toObject(this.evaluations[a]);t?e.evaluations[a]=i:e[a]=i})),e}fromObjectProof(t){this.resetProof(),Object.keys(t.polynomials).forEach((e=>{this.polynomials[e]=this.curve.G1.fromObject(t.polynomials[e])})),Object.keys(t.evaluations).forEach((e=>{this.evaluations[e]=this.curve.Fr.fromObject(t.evaluations[e])}))}}var Mn,kn={exports:{}}; +var snarkjs=function(t){"use strict";const e=[0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4];function a(t,e){return e&&10!=e?16==e?"0x"==t.slice(0,2)?BigInt(t):BigInt("0x"+t):void 0:BigInt(t)}const i=a;function o(t){const a=t.toString(16);return 4*(a.length-1)+e[parseInt(a[0],16)]}function n(t){return BigInt(t)>BigInt(e)}const c=r,d=s;function u(t){return(BigInt(t)&BigInt(1))==BigInt(1)}function g(t){let e=BigInt(t);const a=[];for(;e;)e&BigInt(1)?a.push(1):a.push(0),e>>=BigInt(1);return a}function f(t){if(t>BigInt(Number.MAX_SAFE_INTEGER))throw new Error("Number too big");return Number(t)}function h(t,e){return BigInt(t)+BigInt(e)}function _(t,e){return BigInt(t)-BigInt(e)}function p(t){return-BigInt(t)}function m(t,e){return BigInt(t)*BigInt(e)}function w(t,e){return BigInt(t)**BigInt(e)}function L(t,e){return BigInt(t)/BigInt(e)}function b(t,e){return BigInt(t)%BigInt(e)}function y(t,e){return BigInt(t)==BigInt(e)}function A(t,e){return BigInt(t)>BigInt(e)}function C(t,e){return BigInt(t)>=BigInt(e)}function I(t,e){return BigInt(t)&BigInt(e)}function F(t,e,a,i){const o="0000000"+a.toString(16),n=new Uint32Array(t.buffer,t.byteOffset+e,i/4),l=1+(4*(o.length-7)-1>>5);for(let t=0;t>5);for(let t=0;tn[n.length-e-1]=t.toString(16).padStart(8,"0"))),a(n.join(""),16)}function v(t,e,i){i=i||t.byteLength,e=e||0;const o=new DataView(t.buffer,t.byteOffset+e,i),n=new Array(i/4);for(let t=0;t=0?BigInt(t):-BigInt(t)},add:h,band:I,bitLength:o,bits:g,bor:function(t,e){return BigInt(t)|BigInt(e)},bxor:function(t,e){return BigInt(t)^BigInt(e)},div:L,e:i,eq:y,exp:function(t,e){return BigInt(t)**BigInt(e)},fromArray:function(t,e){let a=BigInt(0);e=BigInt(e);for(let i=0;i>=BigInt(1)}return a},neg:p,neq:function(t,e){return BigInt(t)!=BigInt(e)},one:G,pow:w,shiftLeft:r,shiftRight:s,shl:c,shr:d,square:function(t){return BigInt(t)*BigInt(t)},sub:_,toArray:function(t,e){const a=[];let i=BigInt(t);for(e=BigInt(e);i;)a.unshift(Number(i%e)),i/=e;return a},toLEBuff:S,toNumber:f,toRprBE:x,toRprLE:F,toString:B,zero:P});function T(t,e,a){if(l(a))return t.one;const i=g(a);if(0==i.length)return t.one;let o=e;for(let a=i.length-2;a>=0;a--)o=t.square(o),i[a]&&(o=t.mul(o,e));return o}function U(t){if(t.m%2==1)if(y(b(t.p,4),1))if(y(b(t.p,8),1))if(y(b(t.p,16),1))!function(t){t.sqrt_q=w(t.p,t.m),t.sqrt_s=0,t.sqrt_t=_(t.sqrt_q,1);for(;!u(t.sqrt_t);)t.sqrt_s=t.sqrt_s+1,t.sqrt_t=L(t.sqrt_t,2);let e=t.one;for(;t.eq(e,t.one);){const a=t.random();t.sqrt_z=t.pow(a,t.sqrt_t),e=t.pow(t.sqrt_z,2**(t.sqrt_s-1))}t.sqrt_tm1d2=L(_(t.sqrt_t,1),2),t.sqrt=function(t){const e=this;if(e.isZero(t))return e.zero;let a=e.pow(t,e.sqrt_tm1d2);const i=e.pow(e.mul(e.square(a),t),2**(e.sqrt_s-1));if(e.eq(i,e.negone))return null;let o=e.sqrt_s,n=e.mul(t,a),l=e.mul(n,a),r=e.sqrt_z;for(;!e.eq(l,e.one);){let t=e.square(l),i=1;for(;!e.eq(t,e.one);)t=e.square(t),i++;a=r;for(let t=0;t>>0,t[o]=(t[o]^t[e])>>>0,t[o]=(t[o]<<16|t[o]>>>16&65535)>>>0,t[i]=t[i]+t[o]>>>0,t[a]=(t[a]^t[i])>>>0,t[a]=(t[a]<<12|t[a]>>>20&4095)>>>0,t[e]=t[e]+t[a]>>>0,t[o]=(t[o]^t[e])>>>0,t[o]=(t[o]<<8|t[o]>>>24&255)>>>0,t[i]=t[i]+t[o]>>>0,t[a]=(t[a]^t[i])>>>0,t[a]=(t[a]<<7|t[a]>>>25&127)>>>0}class Q{constructor(t){t=t||[0,0,0,0,0,0,0,0],this.state=[1634760805,857760878,2036477234,1797285236,t[0],t[1],t[2],t[3],t[4],t[5],t[6],t[7],0,0,0,0],this.idx=16,this.buff=new Array(16)}nextU32(){return 16==this.idx&&this.update(),this.buff[this.idx++]}nextU64(){return h(m(this.nextU32(),4294967296),this.nextU32())}nextBool(){return 1==(1&this.nextU32())}update(){for(let t=0;t<16;t++)this.buff[t]=this.state[t];for(let e=0;e<10;e++)z(t=this.buff,0,4,8,12),z(t,1,5,9,13),z(t,2,6,10,14),z(t,3,7,11,15),z(t,0,5,10,15),z(t,1,6,11,12),z(t,2,7,8,13),z(t,3,4,9,14);var t;for(let t=0;t<16;t++)this.buff[t]=this.buff[t]+this.state[t]>>>0;this.idx=0,this.state[12]=this.state[12]+1>>>0,0==this.state[12]&&(this.state[13]=this.state[13]+1>>>0,0==this.state[13]&&(this.state[14]=this.state[14]+1>>>0,0==this.state[14]&&(this.state[15]=this.state[15]+1>>>0)))}}function q(t){let e=new Uint8Array(t);if(void 0!==globalThis.crypto)globalThis.crypto.getRandomValues(e);else for(let a=0;a>>0;return e}let M=null;function k(){return M||(M=new Q(function(){const t=q(32),e=new Uint32Array(t.buffer),a=[];for(let t=0;t<8;t++)a.push(e[t]);return a}()),M)}class R{constructor(t,e,a){this.F=e,this.G=t,this.opMulGF=a;let i=e.sqrt_t||e.t,o=e.sqrt_s||e.s,n=e.one;for(;e.eq(e.pow(n,e.half),e.one);)n=e.add(n,e.one);this.w=new Array(o+1),this.wi=new Array(o+1),this.w[o]=this.F.pow(n,i),this.wi[o]=this.F.inv(this.w[o]);let l=o-1;for(;l>=0;)this.w[l]=this.F.square(this.w[l+1]),this.wi[l]=this.F.square(this.wi[l+1]),l--;this.roots=[],this._setRoots(Math.min(o,15))}_setRoots(t){for(let e=t;e>=0&&!this.roots[e];e--){let t=this.F.one;const a=1<>1,r=N(t,e,a-1,i,2*o),s=N(t,e,a-1,i+o,2*o),c=new Array(n);for(let e=0;e>this.one,this.bitLength=o(this.p),this.mask=(this.one<>this.one;this.nqr=this.two;let a=this.pow(this.nqr,e);for(;!this.eq(a,this.negone);)this.nqr=this.nqr+this.one,a=this.pow(this.nqr,e);for(this.s=0,this.t=this.negone;(this.t&this.one)==this.zero;)this.s=this.s+1,this.t=this.t>>this.one;this.nqr_to_t=this.pow(this.nqr,this.t),U(this),this.FFT=new R(this,this,this.mul.bind(this)),this.fft=this.FFT.fft.bind(this.FFT),this.ifft=this.FFT.ifft.bind(this.FFT),this.w=this.FFT.w,this.wi=this.FFT.wi,this.shift=this.square(this.nqr),this.k=this.exp(this.nqr,2**this.s)}e(t,e){let a;if(e?16==e&&(a=BigInt("0x"+t)):a=BigInt(t),a<0){let t=-a;return t>=this.p&&(t%=this.p),this.p-t}return a>=this.p?a%this.p:a}add(t,e){const a=t+e;return a>=this.p?a-this.p:a}sub(t,e){return t>=e?t-e:this.p-e+t}neg(t){return t?this.p-t:t}mul(t,e){return t*e%this.p}mulScalar(t,e){return t*this.e(e)%this.p}square(t){return t*t%this.p}eq(t,e){return t==e}neq(t,e){return t!=e}lt(t,e){return(t>this.half?t-this.p:t)<(e>this.half?e-this.p:e)}gt(t,e){return(t>this.half?t-this.p:t)>(e>this.half?e-this.p:e)}leq(t,e){return(t>this.half?t-this.p:t)<=(e>this.half?e-this.p:e)}geq(t,e){return(t>this.half?t-this.p:t)>=(e>this.half?e-this.p:e)}div(t,e){return this.mul(t,this.inv(e))}idiv(t,e){if(!e)throw new Error("Division by zero");return t/e}inv(t){if(!t)throw new Error("Division by zero");let e=this.zero,a=this.p,i=this.one,o=t%this.p;for(;o;){let t=a/o;[e,i]=[i,e-t*i],[a,o]=[o,a-t*o]}return e=this.p?a-this.p:a}bor(t,e){const a=(t|e)&this.mask;return a>=this.p?a-this.p:a}bxor(t,e){const a=(t^e)&this.mask;return a>=this.p?a-this.p:a}bnot(t){const e=t^this.mask;return e>=this.p?e-this.p:e}shl(t,e){if(Number(e)=this.p?a-this.p:a}{const a=this.p-e;return Number(a)>a:this.zero}}shr(t,e){if(Number(e)>e;{const a=this.p-e;if(Number(a)=this.p?e-this.p:e}return 0}}land(t,e){return t&&e?this.one:this.zero}lor(t,e){return t||e?this.one:this.zero}lnot(t){return t?this.zero:this.one}sqrt_old(t){if(t==this.zero)return this.zero;if(this.pow(t,this.negone>>this.one)!=this.one)return null;let e=this.s,a=this.nqr_to_t,i=this.pow(t,this.t),o=this.pow(t,this.add(this.t,this.one)>>this.one);for(;i!=this.one;){let t=this.square(i),n=1;for(;t!=this.one;)n++,t=this.square(t);let l=a;for(let t=0;tthis.p>>this.one&&(o=this.neg(o)),o}normalize(t,e){if((t=BigInt(t,e))<0){let e=-t;return e>=this.p&&(e%=this.p),this.p-e}return t>=this.p?t%this.p:t}random(){const t=2*this.bitLength/8;let e=this.zero;for(let a=0;athis.half&&10==e){a="-"+(this.p-t).toString(e)}else a=t.toString(e);return a}isZero(t){return t==this.zero}fromRng(t){let e;do{e=this.zero;for(let a=0;a=this.p);return e=e*this.Ri%this.p,e}fft(t){return this.FFT.fft(t)}ifft(t){return this.FFT.ifft(t)}toRprLE(t,e,a){F(t,e,a,8*this.n64)}toRprBE(t,e,a){x(t,e,a,8*this.n64)}toRprBEM(t,e,a){return this.toRprBE(t,e,this.mul(this.R,a))}toRprLEM(t,e,a){return this.toRprLE(t,e,this.mul(this.R,a))}fromRprLE(t,e){return E(t,e,this.n8)}fromRprBE(t,e){return v(t,e,this.n8)}fromRprLEM(t,e){return this.mul(this.fromRprLE(t,e),this.Ri)}fromRprBEM(t,e){return this.mul(this.fromRprBE(t,e),this.Ri)}toObject(t){return t}}var V={bigInt2BytesLE:function(t,e){const a=Array(e);let i=BigInt(t);for(let t=0;t>=8n;return a},bigInt2U32LE:function(t,e){const a=Array(e);let i=BigInt(t);for(let t=0;t>=32n;return a},isOcamNum:function(t){return!!Array.isArray(t)&&(3==t.length&&("number"==typeof t[0]&&("number"==typeof t[1]&&!!Array.isArray(t[2]))))}},K=function(t,e,a,i,o,n,l){const r=t.addFunction(e);r.addParam("base","i32"),r.addParam("scalar","i32"),r.addParam("scalarLength","i32"),r.addParam("r","i32"),r.addLocal("i","i32"),r.addLocal("b","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(a));r.addCode(s.if(s.i32_eqz(s.getLocal("scalarLength")),[...s.call(l,s.getLocal("r")),...s.ret([])])),r.addCode(s.call(n,s.getLocal("base"),c)),r.addCode(s.call(l,s.getLocal("r"))),r.addCode(s.setLocal("i",s.getLocal("scalarLength"))),r.addCode(s.block(s.loop(s.setLocal("i",s.i32_sub(s.getLocal("i"),s.i32_const(1))),s.setLocal("b",s.i32_load8_u(s.i32_add(s.getLocal("scalar"),s.getLocal("i")))),...function(){const t=[];for(let e=0;e<8;e++)t.push(...s.call(o,s.getLocal("r"),s.getLocal("r")),...s.if(s.i32_ge_u(s.getLocal("b"),s.i32_const(128>>e)),[...s.setLocal("b",s.i32_sub(s.getLocal("b"),s.i32_const(128>>e))),...s.call(i,s.getLocal("r"),c,s.getLocal("r"))]));return t}(),s.br_if(1,s.i32_eqz(s.getLocal("i"))),s.br(0))))},j=function(t,e){const a=8*t.modules[e].n64,i=t.addFunction(e+"_batchInverse");i.addParam("pIn","i32"),i.addParam("inStep","i32"),i.addParam("n","i32"),i.addParam("pOut","i32"),i.addParam("outStep","i32"),i.addLocal("itAux","i32"),i.addLocal("itIn","i32"),i.addLocal("itOut","i32"),i.addLocal("i","i32");const o=i.getCodeBuilder(),n=o.i32_const(t.alloc(a));i.addCode(o.setLocal("itAux",o.i32_load(o.i32_const(0))),o.i32_store(o.i32_const(0),o.i32_add(o.getLocal("itAux"),o.i32_mul(o.i32_add(o.getLocal("n"),o.i32_const(1)),o.i32_const(a))))),i.addCode(o.call(e+"_one",o.getLocal("itAux")),o.setLocal("itIn",o.getLocal("pIn")),o.setLocal("itAux",o.i32_add(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("i",o.i32_const(0)),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("i"),o.getLocal("n"))),o.if(o.call(e+"_isZero",o.getLocal("itIn")),o.call(e+"_copy",o.i32_sub(o.getLocal("itAux"),o.i32_const(a)),o.getLocal("itAux")),o.call(e+"_mul",o.getLocal("itIn"),o.i32_sub(o.getLocal("itAux"),o.i32_const(a)),o.getLocal("itAux"))),o.setLocal("itIn",o.i32_add(o.getLocal("itIn"),o.getLocal("inStep"))),o.setLocal("itAux",o.i32_add(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("i",o.i32_add(o.getLocal("i"),o.i32_const(1))),o.br(0))),o.setLocal("itIn",o.i32_sub(o.getLocal("itIn"),o.getLocal("inStep"))),o.setLocal("itAux",o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("itOut",o.i32_add(o.getLocal("pOut"),o.i32_mul(o.i32_sub(o.getLocal("n"),o.i32_const(1)),o.getLocal("outStep")))),o.call(e+"_inverse",o.getLocal("itAux"),o.getLocal("itAux")),o.block(o.loop(o.br_if(1,o.i32_eqz(o.getLocal("i"))),o.if(o.call(e+"_isZero",o.getLocal("itIn")),[...o.call(e+"_copy",o.getLocal("itAux"),o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),...o.call(e+"_zero",o.getLocal("itOut"))],[...o.call(e+"_copy",o.i32_sub(o.getLocal("itAux"),o.i32_const(a)),n),...o.call(e+"_mul",o.getLocal("itAux"),o.getLocal("itIn"),o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),...o.call(e+"_mul",o.getLocal("itAux"),n,o.getLocal("itOut"))]),o.setLocal("itIn",o.i32_sub(o.getLocal("itIn"),o.getLocal("inStep"))),o.setLocal("itOut",o.i32_sub(o.getLocal("itOut"),o.getLocal("outStep"))),o.setLocal("itAux",o.i32_sub(o.getLocal("itAux"),o.i32_const(a))),o.setLocal("i",o.i32_sub(o.getLocal("i"),o.i32_const(1))),o.br(0)))),i.addCode(o.i32_store(o.i32_const(0),o.getLocal("itAux")))};var H=function(t,e,a,i,o,n){void 0===n&&(n=ie?1:-1}function J(t){return t*t}function X(t){return t%2n!==0n}function tt(t){return t%2n===0n}function et(t){return t<0n}function at(t){return t>0n}function it(t){return et(t)?t.toString(2).length-1:t.toString(2).length}function ot(t){return t<0n?-t:t}function nt(t){return 1n===ot(t)}function lt(t,e){for(var a,i,o,n=0n,l=1n,r=e,s=ot(t);0n!==s;)a=r/s,i=n,o=r,n=l,r=s,l=i-a*l,s=o-a*s;if(!nt(r))throw new Error(t.toString()+" and "+e.toString()+" are not co-prime");return-1===Y(n,0n)&&(n+=e),et(t)?-n:n}function rt(t,e,a){if(0n===a)throw new Error("Cannot take modPow with modulus 0");var i=1n,o=t%a;for(et(e)&&(e*=-1n,o=lt(o,a));at(e);){if(0n===o)return 0n;X(e)&&(i=i*o%a),e/=2n,o=J(o)%a}return i}function st(t,e){return 0n!==e&&(!!nt(e)||(0===function(t,e){return(t=t>=0n?t:-t)===(e=e>=0n?e:-e)?0:t>e?1:-1}(e,2n)?tt(t):t%e===0n))}function ct(t,e){for(var a,i,o,n=function(t){return t-1n}(t),l=n,r=0;tt(l);)l/=2n,r++;t:for(i=0;i>1&&i>1,t>>1)))),e.addCode(a.setLocal(s,a.i64_add(a.getLocal(s),a.i64_shr_u(a.getLocal(r),a.i64_const(32)))))),t>0&&(e.addCode(a.setLocal(r,a.i64_add(a.i64_and(a.getLocal(r),a.i64_const(4294967295)),a.i64_and(a.getLocal(c),a.i64_const(4294967295))))),e.addCode(a.setLocal(s,a.i64_add(a.i64_add(a.getLocal(s),a.i64_shr_u(a.getLocal(r),a.i64_const(32))),a.getLocal(d))))),e.addCode(a.i64_store32(a.getLocal("r"),4*t,a.getLocal(r))),e.addCode(a.setLocal(c,a.getLocal(s)),a.setLocal(d,a.i64_shr_u(a.getLocal(c),a.i64_const(32))))}e.addCode(a.i64_store32(a.getLocal("r"),4*o*2-4,a.getLocal(c)))}(),function(){const e=t.addFunction(i+"_squareOld");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(i+"_mul",a.getLocal("x"),a.getLocal("x"),a.getLocal("r")))}(),function(){!function(){const e=t.addFunction(i+"__mul1");e.addParam("px","i32"),e.addParam("y","i64"),e.addParam("pr","i32"),e.addLocal("c","i64");const a=e.getCodeBuilder();e.addCode(a.setLocal("c",a.i64_mul(a.i64_load32_u(a.getLocal("px"),0,0),a.getLocal("y")))),e.addCode(a.i64_store32(a.getLocal("pr"),0,0,a.getLocal("c")));for(let t=1;t>1n,p=t.alloc(r,ut.bigInt2BytesLE(_,r)),m=_+1n,w=t.alloc(r,ut.bigInt2BytesLE(m,r));t.modules[s]={pq:d,pR2:u,n64:n,q:o,pOne:g,pZero:f,pePlusOne:w};let L=2n;if(Lt(o))for(;wt(L,_,o)!==h;)L+=1n;let b=0,y=h;for(;!bt(y)&&0n!==y;)b++,y>>=1n;const A=t.alloc(r,ut.bigInt2BytesLE(y,r)),C=wt(L,y,o),I=t.alloc(ut.bigInt2BytesLE((C<>1n,x=t.alloc(r,ut.bigInt2BytesLE(F,r));return t.exportFunction(c+"_copy",s+"_copy"),t.exportFunction(c+"_zero",s+"_zero"),t.exportFunction(c+"_isZero",s+"_isZero"),t.exportFunction(c+"_eq",s+"_eq"),function(){const e=t.addFunction(s+"_isOne");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder();e.addCode(a.ret(a.call(c+"_eq",a.getLocal("x"),a.i32_const(g))))}(),function(){const e=t.addFunction(s+"_add");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.if(a.call(c+"_add",a.getLocal("x"),a.getLocal("y"),a.getLocal("r")),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),a.if(a.call(c+"_gte",a.getLocal("r"),a.i32_const(d)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))))))}(),function(){const e=t.addFunction(s+"_sub");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.if(a.call(c+"_sub",a.getLocal("x"),a.getLocal("y"),a.getLocal("r")),a.drop(a.call(c+"_add",a.getLocal("r"),a.i32_const(d),a.getLocal("r")))))}(),function(){const e=t.addFunction(s+"_neg");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_sub",a.i32_const(f),a.getLocal("x"),a.getLocal("r")))}(),function(){const e=t.alloc(l*l*8),a=t.addFunction(s+"_mReduct");a.addParam("t","i32"),a.addParam("r","i32"),a.addLocal("np32","i64"),a.addLocal("c","i64"),a.addLocal("m","i64");const i=a.getCodeBuilder(),n=Number(0x100000000n-mt(o,0x100000000n));a.addCode(i.setLocal("np32",i.i64_const(n)));for(let t=0;t=l&&e.addCode(a.i64_store32(a.getLocal("r"),4*(t-l),a.getLocal(h))),[h,_]=[_,h],e.addCode(a.setLocal(_,a.i64_shr_u(a.getLocal(h),a.i64_const(32))))}e.addCode(a.i64_store32(a.getLocal("r"),4*l-4,a.getLocal(h))),e.addCode(a.if(a.i32_wrap_i64(a.getLocal(_)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),a.if(a.call(c+"_gte",a.getLocal("r"),a.i32_const(d)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))))))}(),function(){const e=t.addFunction(s+"_square");e.addParam("x","i32"),e.addParam("r","i32"),e.addLocal("c0","i64"),e.addLocal("c1","i64"),e.addLocal("c0_old","i64"),e.addLocal("c1_old","i64"),e.addLocal("np32","i64");for(let t=0;t>1&&i>1,t>>1)))),e.addCode(a.setLocal(h,a.i64_add(a.getLocal(h),a.i64_shr_u(a.getLocal(f),a.i64_const(32)))))),t>0&&(e.addCode(a.setLocal(f,a.i64_add(a.i64_and(a.getLocal(f),a.i64_const(4294967295)),a.i64_and(a.getLocal(_),a.i64_const(4294967295))))),e.addCode(a.setLocal(h,a.i64_add(a.i64_add(a.getLocal(h),a.i64_shr_u(a.getLocal(f),a.i64_const(32))),a.getLocal(p)))));for(let i=Math.max(1,t-l+1);i<=t&&i=l&&e.addCode(a.i64_store32(a.getLocal("r"),4*(t-l),a.getLocal(f))),e.addCode(a.setLocal(_,a.getLocal(h)),a.setLocal(p,a.i64_shr_u(a.getLocal(_),a.i64_const(32))))}e.addCode(a.i64_store32(a.getLocal("r"),4*l-4,a.getLocal(_))),e.addCode(a.if(a.i32_wrap_i64(a.getLocal(p)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),a.if(a.call(c+"_gte",a.getLocal("r"),a.i32_const(d)),a.drop(a.call(c+"_sub",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))))))}(),function(){const e=t.addFunction(s+"_squareOld");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_mul",a.getLocal("x"),a.getLocal("x"),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_toMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_mul",a.getLocal("x"),a.i32_const(u),a.getLocal("r")))}(),function(){const e=t.alloc(2*r),a=t.addFunction(s+"_fromMontgomery");a.addParam("x","i32"),a.addParam("r","i32");const i=a.getCodeBuilder();a.addCode(i.call(c+"_copy",i.getLocal("x"),i.i32_const(e))),a.addCode(i.call(c+"_zero",i.i32_const(e+r))),a.addCode(i.call(s+"_mReduct",i.i32_const(e),i.getLocal("r")))}(),function(){const e=t.addFunction(s+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r));e.addCode(a.call(s+"_fromMontgomery",a.getLocal("x"),i),a.call(c+"_gte",i,a.i32_const(w)))}(),function(){const e=t.addFunction(s+"_sign");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r));e.addCode(a.if(a.call(c+"_isZero",a.getLocal("x")),a.ret(a.i32_const(0))),a.call(s+"_fromMontgomery",a.getLocal("x"),i),a.if(a.call(c+"_gte",i,a.i32_const(w)),a.ret(a.i32_const(-1))),a.ret(a.i32_const(1)))}(),function(){const e=t.addFunction(s+"_inverse");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_fromMontgomery",a.getLocal("x"),a.getLocal("r"))),e.addCode(a.call(c+"_inverseMod",a.getLocal("r"),a.i32_const(d),a.getLocal("r"))),e.addCode(a.call(s+"_toMontgomery",a.getLocal("r"),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_one");e.addParam("pr","i32");const a=e.getCodeBuilder();e.addCode(a.call(c+"_copy",a.i32_const(g),a.getLocal("pr")))}(),function(){const e=t.addFunction(s+"_load");e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32"),e.addLocal("p","i32"),e.addLocal("l","i32"),e.addLocal("i","i32"),e.addLocal("j","i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r)),o=t.alloc(r),n=a.i32_const(o);e.addCode(a.call(c+"_zero",a.getLocal("r")),a.setLocal("i",a.i32_const(r)),a.setLocal("p",a.getLocal("scalar")),a.block(a.loop(a.br_if(1,a.i32_gt_u(a.getLocal("i"),a.getLocal("scalarLen"))),a.if(a.i32_eq(a.getLocal("i"),a.i32_const(r)),a.call(s+"_one",i),a.call(s+"_mul",i,a.i32_const(u),i)),a.call(s+"_mul",a.getLocal("p"),i,n),a.call(s+"_add",a.getLocal("r"),n,a.getLocal("r")),a.setLocal("p",a.i32_add(a.getLocal("p"),a.i32_const(r))),a.setLocal("i",a.i32_add(a.getLocal("i"),a.i32_const(r))),a.br(0))),a.setLocal("l",a.i32_rem_u(a.getLocal("scalarLen"),a.i32_const(r))),a.if(a.i32_eqz(a.getLocal("l")),a.ret([])),a.call(c+"_zero",n),a.setLocal("j",a.i32_const(0)),a.block(a.loop(a.br_if(1,a.i32_eq(a.getLocal("j"),a.getLocal("l"))),a.i32_store8(a.getLocal("j"),o,a.i32_load8_u(a.getLocal("p"))),a.setLocal("p",a.i32_add(a.getLocal("p"),a.i32_const(1))),a.setLocal("j",a.i32_add(a.getLocal("j"),a.i32_const(1))),a.br(0))),a.if(a.i32_eq(a.getLocal("i"),a.i32_const(r)),a.call(s+"_one",i),a.call(s+"_mul",i,a.i32_const(u),i)),a.call(s+"_mul",n,i,n),a.call(s+"_add",a.getLocal("r"),n,a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_timesScalar");e.addParam("x","i32"),e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32");const a=e.getCodeBuilder(),i=a.i32_const(t.alloc(r));e.addCode(a.call(s+"_load",a.getLocal("scalar"),a.getLocal("scalarLen"),i),a.call(s+"_toMontgomery",i,i),a.call(s+"_mul",a.getLocal("x"),i,a.getLocal("r")))}(),ft(t,s),ht(t,s+"_batchToMontgomery",s+"_toMontgomery",r,r),ht(t,s+"_batchFromMontgomery",s+"_fromMontgomery",r,r),ht(t,s+"_batchNeg",s+"_neg",r,r),_t(t,s+"_batchAdd",s+"_add",r,r),_t(t,s+"_batchSub",s+"_sub",r,r),_t(t,s+"_batchMul",s+"_mul",r,r),t.exportFunction(s+"_add"),t.exportFunction(s+"_sub"),t.exportFunction(s+"_neg"),t.exportFunction(s+"_isNegative"),t.exportFunction(s+"_isOne"),t.exportFunction(s+"_sign"),t.exportFunction(s+"_mReduct"),t.exportFunction(s+"_mul"),t.exportFunction(s+"_square"),t.exportFunction(s+"_squareOld"),t.exportFunction(s+"_fromMontgomery"),t.exportFunction(s+"_toMontgomery"),t.exportFunction(s+"_inverse"),t.exportFunction(s+"_one"),t.exportFunction(s+"_load"),t.exportFunction(s+"_timesScalar"),gt(t,s+"_exp",r,s+"_mul",s+"_square",c+"_copy",s+"_one"),t.exportFunction(s+"_exp"),t.exportFunction(s+"_batchInverse"),Lt(o)&&(!function(){const e=t.addFunction(s+"_sqrt");e.addParam("n","i32"),e.addParam("r","i32"),e.addLocal("m","i32"),e.addLocal("i","i32"),e.addLocal("j","i32");const a=e.getCodeBuilder(),i=a.i32_const(g),o=a.i32_const(t.alloc(r)),n=a.i32_const(t.alloc(r)),l=a.i32_const(t.alloc(r)),c=a.i32_const(t.alloc(r)),d=a.i32_const(t.alloc(r));e.addCode(a.if(a.call(s+"_isZero",a.getLocal("n")),a.ret(a.call(s+"_zero",a.getLocal("r")))),a.setLocal("m",a.i32_const(b)),a.call(s+"_copy",a.i32_const(I),o),a.call(s+"_exp",a.getLocal("n"),a.i32_const(A),a.i32_const(r),n),a.call(s+"_exp",a.getLocal("n"),a.i32_const(x),a.i32_const(r),l),a.block(a.loop(a.br_if(1,a.call(s+"_eq",n,i)),a.call(s+"_square",n,c),a.setLocal("i",a.i32_const(1)),a.block(a.loop(a.br_if(1,a.call(s+"_eq",c,i)),a.call(s+"_square",c,c),a.setLocal("i",a.i32_add(a.getLocal("i"),a.i32_const(1))),a.br(0))),a.call(s+"_copy",o,d),a.setLocal("j",a.i32_sub(a.i32_sub(a.getLocal("m"),a.getLocal("i")),a.i32_const(1))),a.block(a.loop(a.br_if(1,a.i32_eqz(a.getLocal("j"))),a.call(s+"_square",d,d),a.setLocal("j",a.i32_sub(a.getLocal("j"),a.i32_const(1))),a.br(0))),a.setLocal("m",a.getLocal("i")),a.call(s+"_square",d,o),a.call(s+"_mul",n,o,n),a.call(s+"_mul",l,d,l),a.br(0))),a.if(a.call(s+"_isNegative",l),a.call(s+"_neg",l,a.getLocal("r")),a.call(s+"_copy",l,a.getLocal("r"))))}(),function(){const e=t.addFunction(s+"_isSquare");e.addParam("n","i32"),e.setReturnType("i32");const a=e.getCodeBuilder(),i=a.i32_const(g),o=a.i32_const(t.alloc(r));e.addCode(a.if(a.call(s+"_isZero",a.getLocal("n")),a.ret(a.i32_const(1))),a.call(s+"_exp",a.getLocal("n"),a.i32_const(p),a.i32_const(r),o),a.call(s+"_eq",o,i))}(),t.exportFunction(s+"_sqrt"),t.exportFunction(s+"_isSquare")),t.exportFunction(s+"_batchToMontgomery"),t.exportFunction(s+"_batchFromMontgomery"),s};const Ct=At,{bitLength:It}=W;var Ft=function(t,e,a,i,o){const n=BigInt(e),l=Math.floor((It(n-1n)-1)/64)+1,r=8*l,s=a||"f1";if(t.modules[s])return s;t.modules[s]={n64:l};const c=o||"int",d=Ct(t,n,i,c),u=t.modules[d].pR2,g=t.modules[d].pq,f=t.modules[d].pePlusOne;return function(){const e=t.alloc(r),a=t.addFunction(s+"_mul");a.addParam("x","i32"),a.addParam("y","i32"),a.addParam("r","i32");const i=a.getCodeBuilder();a.addCode(i.call(d+"_mul",i.getLocal("x"),i.getLocal("y"),i.i32_const(e))),a.addCode(i.call(d+"_mul",i.i32_const(e),i.i32_const(u),i.getLocal("r")))}(),function(){const e=t.addFunction(s+"_square");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(s+"_mul",a.getLocal("x"),a.getLocal("x"),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_inverse");e.addParam("x","i32"),e.addParam("r","i32");const a=e.getCodeBuilder();e.addCode(a.call(c+"_inverseMod",a.getLocal("x"),a.i32_const(g),a.getLocal("r")))}(),function(){const e=t.addFunction(s+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const a=e.getCodeBuilder();e.addCode(a.call(c+"_gte",a.getLocal("x"),a.i32_const(f)))}(),t.exportFunction(d+"_add",s+"_add"),t.exportFunction(d+"_sub",s+"_sub"),t.exportFunction(d+"_neg",s+"_neg"),t.exportFunction(s+"_mul"),t.exportFunction(s+"_square"),t.exportFunction(s+"_inverse"),t.exportFunction(s+"_isNegative"),t.exportFunction(d+"_copy",s+"_copy"),t.exportFunction(d+"_zero",s+"_zero"),t.exportFunction(d+"_one",s+"_one"),t.exportFunction(d+"_isZero",s+"_isZero"),t.exportFunction(d+"_eq",s+"_eq"),s};const xt=K,Et=j,vt=V;var Bt=function(t,e,a,i){if(t.modules[a])return a;const o=8*t.modules[i].n64,n=t.modules[i].q;return t.modules[a]={n64:2*t.modules[i].n64},function(){const e=t.addFunction(a+"_isZero");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.i32_and(n.call(i+"_isZero",l),n.call(i+"_isZero",r)))}(),function(){const e=t.addFunction(a+"_isOne");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.ret(n.i32_and(n.call(i+"_isOne",l),n.call(i+"_isZero",r))))}(),function(){const e=t.addFunction(a+"_zero");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.call(i+"_zero",l),n.call(i+"_zero",r))}(),function(){const e=t.addFunction(a+"_one");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.call(i+"_one",l),n.call(i+"_zero",r))}(),function(){const e=t.addFunction(a+"_copy");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_copy",l,s),n.call(i+"_copy",r,c))}(),function(){const n=t.addFunction(a+"_mul");n.addParam("x","i32"),n.addParam("y","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.getLocal("y"),d=l.i32_add(l.getLocal("y"),l.i32_const(o)),u=l.getLocal("r"),g=l.i32_add(l.getLocal("r"),l.i32_const(o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o)),_=l.i32_const(t.alloc(o)),p=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_mul",r,c,f),l.call(i+"_mul",s,d,h),l.call(i+"_add",r,s,_),l.call(i+"_add",c,d,p),l.call(i+"_mul",_,p,_),l.call(e,h,u),l.call(i+"_add",f,u,u),l.call(i+"_add",f,h,g),l.call(i+"_sub",_,g,g))}(),function(){const e=t.addFunction(a+"_mul1");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_mul",l,s,c),n.call(i+"_mul",r,s,d))}(),function(){const n=t.addFunction(a+"_square");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.getLocal("r"),d=l.i32_add(l.getLocal("r"),l.i32_const(o)),u=l.i32_const(t.alloc(o)),g=l.i32_const(t.alloc(o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_mul",r,s,u),l.call(i+"_add",r,s,g),l.call(e,s,f),l.call(i+"_add",r,f,f),l.call(e,u,h),l.call(i+"_add",h,u,h),l.call(i+"_mul",g,f,c),l.call(i+"_sub",c,h,c),l.call(i+"_add",u,u,d))}(),function(){const e=t.addFunction(a+"_add");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.i32_add(n.getLocal("y"),n.i32_const(o)),d=n.getLocal("r"),u=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_add",l,s,d),n.call(i+"_add",r,c,u))}(),function(){const e=t.addFunction(a+"_sub");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.i32_add(n.getLocal("y"),n.i32_const(o)),d=n.getLocal("r"),u=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_sub",l,s,d),n.call(i+"_sub",r,c,u))}(),function(){const e=t.addFunction(a+"_neg");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_neg",l,s),n.call(i+"_neg",r,c))}(),function(){const e=t.addFunction(a+"_conjugate");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_copy",l,s),n.call(i+"_neg",r,c))}(),function(){const e=t.addFunction(a+"_toMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_toMontgomery",l,s),n.call(i+"_toMontgomery",r,c))}(),function(){const e=t.addFunction(a+"_fromMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_fromMontgomery",l,s),n.call(i+"_fromMontgomery",r,c))}(),function(){const e=t.addFunction(a+"_eq");e.addParam("x","i32"),e.addParam("y","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("y"),c=n.i32_add(n.getLocal("y"),n.i32_const(o));e.addCode(n.i32_and(n.call(i+"_eq",l,s),n.call(i+"_eq",r,c)))}(),function(){const n=t.addFunction(a+"_inverse");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.getLocal("r"),d=l.i32_add(l.getLocal("r"),l.i32_const(o)),u=l.i32_const(t.alloc(o)),g=l.i32_const(t.alloc(o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_square",r,u),l.call(i+"_square",s,g),l.call(e,g,f),l.call(i+"_sub",u,f,f),l.call(i+"_inverse",f,h),l.call(i+"_mul",r,h,c),l.call(i+"_mul",s,h,d),l.call(i+"_neg",d,d))}(),function(){const e=t.addFunction(a+"_timesScalar");e.addParam("x","i32"),e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.getLocal("r"),c=n.i32_add(n.getLocal("r"),n.i32_const(o));e.addCode(n.call(i+"_timesScalar",l,n.getLocal("scalar"),n.getLocal("scalarLen"),s),n.call(i+"_timesScalar",r,n.getLocal("scalar"),n.getLocal("scalarLen"),c))}(),function(){const e=t.addFunction(a+"_sign");e.addParam("x","i32"),e.addLocal("s","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.setLocal("s",n.call(i+"_sign",r)),n.if(n.getLocal("s"),n.ret(n.getLocal("s"))),n.ret(n.call(i+"_sign",l)))}(),function(){const e=t.addFunction(a+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o));e.addCode(n.if(n.call(i+"_isZero",r),n.ret(n.call(i+"_isNegative",l))),n.ret(n.call(i+"_isNegative",r)))}(),t.exportFunction(a+"_isZero"),t.exportFunction(a+"_isOne"),t.exportFunction(a+"_zero"),t.exportFunction(a+"_one"),t.exportFunction(a+"_copy"),t.exportFunction(a+"_mul"),t.exportFunction(a+"_mul1"),t.exportFunction(a+"_square"),t.exportFunction(a+"_add"),t.exportFunction(a+"_sub"),t.exportFunction(a+"_neg"),t.exportFunction(a+"_sign"),t.exportFunction(a+"_conjugate"),t.exportFunction(a+"_fromMontgomery"),t.exportFunction(a+"_toMontgomery"),t.exportFunction(a+"_eq"),t.exportFunction(a+"_inverse"),Et(t,a),xt(t,a+"_exp",2*o,a+"_mul",a+"_square",a+"_copy",a+"_one"),function(){const e=t.addFunction(a+"_sqrt");e.addParam("a","i32"),e.addParam("pr","i32");const l=e.getCodeBuilder(),r=l.i32_const(t.alloc(vt.bigInt2BytesLE((BigInt(n||0)-3n)/4n,o))),s=l.i32_const(t.alloc(vt.bigInt2BytesLE((BigInt(n||0)-1n)/2n,o))),c=l.getLocal("a"),d=l.i32_const(t.alloc(2*o)),u=l.i32_const(t.alloc(2*o)),g=l.i32_const(t.alloc(2*o)),f=t.alloc(2*o),h=l.i32_const(f),_=l.i32_const(f),p=l.i32_const(f+o),m=l.i32_const(t.alloc(2*o)),w=l.i32_const(t.alloc(2*o));e.addCode(l.call(a+"_one",h),l.call(a+"_neg",h,h),l.call(a+"_exp",c,r,l.i32_const(o),d),l.call(a+"_square",d,u),l.call(a+"_mul",c,u,u),l.call(a+"_conjugate",u,g),l.call(a+"_mul",g,u,g),l.if(l.call(a+"_eq",g,h),l.unreachable()),l.call(a+"_mul",d,c,m),l.if(l.call(a+"_eq",u,h),[...l.call(i+"_zero",_),...l.call(i+"_one",p),...l.call(a+"_mul",h,m,l.getLocal("pr"))],[...l.call(a+"_one",w),...l.call(a+"_add",w,u,w),...l.call(a+"_exp",w,s,l.i32_const(o),w),...l.call(a+"_mul",w,m,l.getLocal("pr"))]))}(),function(){const e=t.addFunction(a+"_isSquare");e.addParam("a","i32"),e.setReturnType("i32");const i=e.getCodeBuilder(),l=i.i32_const(t.alloc(vt.bigInt2BytesLE((BigInt(n||0)-3n)/4n,o))),r=i.getLocal("a"),s=i.i32_const(t.alloc(2*o)),c=i.i32_const(t.alloc(2*o)),d=i.i32_const(t.alloc(2*o)),u=t.alloc(2*o),g=i.i32_const(u);e.addCode(i.call(a+"_one",g),i.call(a+"_neg",g,g),i.call(a+"_exp",r,l,i.i32_const(o),s),i.call(a+"_square",s,c),i.call(a+"_mul",r,c,c),i.call(a+"_conjugate",c,d),i.call(a+"_mul",d,c,d),i.if(i.call(a+"_eq",d,g),i.ret(i.i32_const(0))),i.ret(i.i32_const(1)))}(),t.exportFunction(a+"_exp"),t.exportFunction(a+"_timesScalar"),t.exportFunction(a+"_batchInverse"),t.exportFunction(a+"_sqrt"),t.exportFunction(a+"_isSquare"),t.exportFunction(a+"_isNegative"),a};const St=K,Pt=j;var Gt=function(t,e,a,i){if(t.modules[a])return a;const o=8*t.modules[i].n64;return t.modules[a]={n64:3*t.modules[i].n64},function(){const e=t.addFunction(a+"_isZero");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.i32_and(n.i32_and(n.call(i+"_isZero",l),n.call(i+"_isZero",r)),n.call(i+"_isZero",s)))}(),function(){const e=t.addFunction(a+"_isOne");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.ret(n.i32_and(n.i32_and(n.call(i+"_isOne",l),n.call(i+"_isZero",r)),n.call(i+"_isZero",s))))}(),function(){const e=t.addFunction(a+"_zero");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.call(i+"_zero",l),n.call(i+"_zero",r),n.call(i+"_zero",s))}(),function(){const e=t.addFunction(a+"_one");e.addParam("x","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.call(i+"_one",l),n.call(i+"_zero",r),n.call(i+"_zero",s))}(),function(){const e=t.addFunction(a+"_copy");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_copy",l,c),n.call(i+"_copy",r,d),n.call(i+"_copy",s,u))}(),function(){const n=t.addFunction(a+"_mul");n.addParam("x","i32"),n.addParam("y","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.i32_add(l.getLocal("x"),l.i32_const(2*o)),d=l.getLocal("y"),u=l.i32_add(l.getLocal("y"),l.i32_const(o)),g=l.i32_add(l.getLocal("y"),l.i32_const(2*o)),f=l.getLocal("r"),h=l.i32_add(l.getLocal("r"),l.i32_const(o)),_=l.i32_add(l.getLocal("r"),l.i32_const(2*o)),p=l.i32_const(t.alloc(o)),m=l.i32_const(t.alloc(o)),w=l.i32_const(t.alloc(o)),L=l.i32_const(t.alloc(o)),b=l.i32_const(t.alloc(o)),y=l.i32_const(t.alloc(o)),A=l.i32_const(t.alloc(o)),C=l.i32_const(t.alloc(o)),I=l.i32_const(t.alloc(o)),F=l.i32_const(t.alloc(o)),x=l.i32_const(t.alloc(o)),E=l.i32_const(t.alloc(o)),v=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_mul",r,d,p),l.call(i+"_mul",s,u,m),l.call(i+"_mul",c,g,w),l.call(i+"_add",r,s,L),l.call(i+"_add",d,u,b),l.call(i+"_add",r,c,y),l.call(i+"_add",d,g,A),l.call(i+"_add",s,c,C),l.call(i+"_add",u,g,I),l.call(i+"_add",p,m,F),l.call(i+"_add",p,w,x),l.call(i+"_add",m,w,E),l.call(i+"_mul",C,I,f),l.call(i+"_sub",f,E,f),l.call(e,f,f),l.call(i+"_add",p,f,f),l.call(i+"_mul",L,b,h),l.call(i+"_sub",h,F,h),l.call(e,w,v),l.call(i+"_add",h,v,h),l.call(i+"_mul",y,A,_),l.call(i+"_sub",_,x,_),l.call(i+"_add",_,m,_))}(),function(){const n=t.addFunction(a+"_square");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.i32_add(l.getLocal("x"),l.i32_const(2*o)),d=l.getLocal("r"),u=l.i32_add(l.getLocal("r"),l.i32_const(o)),g=l.i32_add(l.getLocal("r"),l.i32_const(2*o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o)),_=l.i32_const(t.alloc(o)),p=l.i32_const(t.alloc(o)),m=l.i32_const(t.alloc(o)),w=l.i32_const(t.alloc(o)),L=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_square",r,f),l.call(i+"_mul",r,s,h),l.call(i+"_add",h,h,_),l.call(i+"_sub",r,s,p),l.call(i+"_add",p,c,p),l.call(i+"_square",p,p),l.call(i+"_mul",s,c,m),l.call(i+"_add",m,m,w),l.call(i+"_square",c,L),l.call(e,w,d),l.call(i+"_add",f,d,d),l.call(e,L,u),l.call(i+"_add",_,u,u),l.call(i+"_add",f,L,g),l.call(i+"_sub",w,g,g),l.call(i+"_add",p,g,g),l.call(i+"_add",_,g,g))}(),function(){const e=t.addFunction(a+"_add");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("y"),d=n.i32_add(n.getLocal("y"),n.i32_const(o)),u=n.i32_add(n.getLocal("y"),n.i32_const(2*o)),g=n.getLocal("r"),f=n.i32_add(n.getLocal("r"),n.i32_const(o)),h=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_add",l,c,g),n.call(i+"_add",r,d,f),n.call(i+"_add",s,u,h))}(),function(){const e=t.addFunction(a+"_sub");e.addParam("x","i32"),e.addParam("y","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("y"),d=n.i32_add(n.getLocal("y"),n.i32_const(o)),u=n.i32_add(n.getLocal("y"),n.i32_const(2*o)),g=n.getLocal("r"),f=n.i32_add(n.getLocal("r"),n.i32_const(o)),h=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_sub",l,c,g),n.call(i+"_sub",r,d,f),n.call(i+"_sub",s,u,h))}(),function(){const e=t.addFunction(a+"_neg");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_neg",l,c),n.call(i+"_neg",r,d),n.call(i+"_neg",s,u))}(),function(){const e=t.addFunction(a+"_sign");e.addParam("x","i32"),e.addLocal("s","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.setLocal("s",n.call(i+"_sign",s)),n.if(n.getLocal("s"),n.ret(n.getLocal("s"))),n.setLocal("s",n.call(i+"_sign",r)),n.if(n.getLocal("s"),n.ret(n.getLocal("s"))),n.ret(n.call(i+"_sign",l)))}(),function(){const e=t.addFunction(a+"_toMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_toMontgomery",l,c),n.call(i+"_toMontgomery",r,d),n.call(i+"_toMontgomery",s,u))}(),function(){const e=t.addFunction(a+"_fromMontgomery");e.addParam("x","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_fromMontgomery",l,c),n.call(i+"_fromMontgomery",r,d),n.call(i+"_fromMontgomery",s,u))}(),function(){const e=t.addFunction(a+"_eq");e.addParam("x","i32"),e.addParam("y","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("y"),d=n.i32_add(n.getLocal("y"),n.i32_const(o)),u=n.i32_add(n.getLocal("y"),n.i32_const(2*o));e.addCode(n.i32_and(n.i32_and(n.call(i+"_eq",l,c),n.call(i+"_eq",r,d)),n.call(i+"_eq",s,u)))}(),function(){const n=t.addFunction(a+"_inverse");n.addParam("x","i32"),n.addParam("r","i32");const l=n.getCodeBuilder(),r=l.getLocal("x"),s=l.i32_add(l.getLocal("x"),l.i32_const(o)),c=l.i32_add(l.getLocal("x"),l.i32_const(2*o)),d=l.getLocal("r"),u=l.i32_add(l.getLocal("r"),l.i32_const(o)),g=l.i32_add(l.getLocal("r"),l.i32_const(2*o)),f=l.i32_const(t.alloc(o)),h=l.i32_const(t.alloc(o)),_=l.i32_const(t.alloc(o)),p=l.i32_const(t.alloc(o)),m=l.i32_const(t.alloc(o)),w=l.i32_const(t.alloc(o)),L=l.i32_const(t.alloc(o)),b=l.i32_const(t.alloc(o)),y=l.i32_const(t.alloc(o)),A=l.i32_const(t.alloc(o)),C=l.i32_const(t.alloc(o));n.addCode(l.call(i+"_square",r,f),l.call(i+"_square",s,h),l.call(i+"_square",c,_),l.call(i+"_mul",r,s,p),l.call(i+"_mul",r,c,m),l.call(i+"_mul",s,c,w),l.call(e,w,L),l.call(i+"_sub",f,L,L),l.call(e,_,b),l.call(i+"_sub",b,p,b),l.call(i+"_sub",h,m,y),l.call(i+"_mul",c,b,A),l.call(i+"_mul",s,y,C),l.call(i+"_add",A,C,A),l.call(e,A,A),l.call(i+"_mul",r,L,C),l.call(i+"_add",C,A,A),l.call(i+"_inverse",A,A),l.call(i+"_mul",A,L,d),l.call(i+"_mul",A,b,u),l.call(i+"_mul",A,y,g))}(),function(){const e=t.addFunction(a+"_timesScalar");e.addParam("x","i32"),e.addParam("scalar","i32"),e.addParam("scalarLen","i32"),e.addParam("r","i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o)),c=n.getLocal("r"),d=n.i32_add(n.getLocal("r"),n.i32_const(o)),u=n.i32_add(n.getLocal("r"),n.i32_const(2*o));e.addCode(n.call(i+"_timesScalar",l,n.getLocal("scalar"),n.getLocal("scalarLen"),c),n.call(i+"_timesScalar",r,n.getLocal("scalar"),n.getLocal("scalarLen"),d),n.call(i+"_timesScalar",s,n.getLocal("scalar"),n.getLocal("scalarLen"),u))}(),function(){const e=t.addFunction(a+"_isNegative");e.addParam("x","i32"),e.setReturnType("i32");const n=e.getCodeBuilder(),l=n.getLocal("x"),r=n.i32_add(n.getLocal("x"),n.i32_const(o)),s=n.i32_add(n.getLocal("x"),n.i32_const(2*o));e.addCode(n.if(n.call(i+"_isZero",s),n.if(n.call(i+"_isZero",r),n.ret(n.call(i+"_isNegative",l)),n.ret(n.call(i+"_isNegative",r)))),n.ret(n.call(i+"_isNegative",s)))}(),t.exportFunction(a+"_isZero"),t.exportFunction(a+"_isOne"),t.exportFunction(a+"_zero"),t.exportFunction(a+"_one"),t.exportFunction(a+"_copy"),t.exportFunction(a+"_mul"),t.exportFunction(a+"_square"),t.exportFunction(a+"_add"),t.exportFunction(a+"_sub"),t.exportFunction(a+"_neg"),t.exportFunction(a+"_sign"),t.exportFunction(a+"_fromMontgomery"),t.exportFunction(a+"_toMontgomery"),t.exportFunction(a+"_eq"),t.exportFunction(a+"_inverse"),Pt(t,a),St(t,a+"_exp",3*o,a+"_mul",a+"_square",a+"_copy",a+"_one"),t.exportFunction(a+"_exp"),t.exportFunction(a+"_timesScalar"),t.exportFunction(a+"_batchInverse"),t.exportFunction(a+"_isNegative"),a};const Ot=function(t,e,a,i,o,n,l,r){const s=t.addFunction(e);s.addParam("base","i32"),s.addParam("scalar","i32"),s.addParam("scalarLength","i32"),s.addParam("r","i32"),s.addLocal("old0","i32"),s.addLocal("nbits","i32"),s.addLocal("i","i32"),s.addLocal("last","i32"),s.addLocal("cur","i32"),s.addLocal("carry","i32"),s.addLocal("p","i32");const c=s.getCodeBuilder(),d=c.i32_const(t.alloc(a));function u(t){return c.i32_and(c.i32_shr_u(c.i32_load(c.i32_add(c.getLocal("scalar"),c.i32_and(c.i32_shr_u(t,c.i32_const(3)),c.i32_const(4294967292)))),c.i32_and(t,c.i32_const(31))),c.i32_const(1))}function g(t){return[...c.i32_store8(c.getLocal("p"),c.i32_const(t)),...c.setLocal("p",c.i32_add(c.getLocal("p"),c.i32_const(1)))]}s.addCode(c.if(c.i32_eqz(c.getLocal("scalarLength")),[...c.call(r,c.getLocal("r")),...c.ret([])]),c.setLocal("nbits",c.i32_shl(c.getLocal("scalarLength"),c.i32_const(3))),c.setLocal("old0",c.i32_load(c.i32_const(0))),c.setLocal("p",c.getLocal("old0")),c.i32_store(c.i32_const(0),c.i32_and(c.i32_add(c.i32_add(c.getLocal("old0"),c.i32_const(32)),c.getLocal("nbits")),c.i32_const(4294967288))),c.setLocal("i",c.i32_const(1)),c.setLocal("last",u(c.i32_const(0))),c.setLocal("carry",c.i32_const(0)),c.block(c.loop(c.br_if(1,c.i32_eq(c.getLocal("i"),c.getLocal("nbits"))),c.setLocal("cur",u(c.getLocal("i"))),c.if(c.getLocal("last"),c.if(c.getLocal("cur"),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(1)],[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(255)]),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(255)],[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(0)),...g(1)])),c.if(c.getLocal("cur"),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(1)),...g(0)],[...c.setLocal("last",c.i32_const(1)),...c.setLocal("carry",c.i32_const(0)),...g(0)]),c.if(c.getLocal("carry"),[...c.setLocal("last",c.i32_const(1)),...c.setLocal("carry",c.i32_const(0)),...g(0)],[...c.setLocal("last",c.i32_const(0)),...c.setLocal("carry",c.i32_const(0)),...g(0)]))),c.setLocal("i",c.i32_add(c.getLocal("i"),c.i32_const(1))),c.br(0))),c.if(c.getLocal("last"),c.if(c.getLocal("carry"),[...g(255),...g(0),...g(1)],[...g(1)]),c.if(c.getLocal("carry"),[...g(0),...g(1)])),c.setLocal("p",c.i32_sub(c.getLocal("p"),c.i32_const(1))),c.call(l,c.getLocal("base"),d),c.call(r,c.getLocal("r")),c.block(c.loop(c.call(o,c.getLocal("r"),c.getLocal("r")),c.setLocal("cur",c.i32_load8_u(c.getLocal("p"))),c.if(c.getLocal("cur"),c.if(c.i32_eq(c.getLocal("cur"),c.i32_const(1)),c.call(i,c.getLocal("r"),d,c.getLocal("r")),c.call(n,c.getLocal("r"),d,c.getLocal("r")))),c.br_if(1,c.i32_eq(c.getLocal("old0"),c.getLocal("p"))),c.setLocal("p",c.i32_sub(c.getLocal("p"),c.i32_const(1))),c.br(0))),c.i32_store(c.i32_const(0),c.getLocal("old0")))},Tt=H,Ut=function(t,e,a,i,o){const n=8*t.modules[e].n64;function l(){const i=t.addFunction(a);i.addParam("pBases","i32"),i.addParam("pScalars","i32"),i.addParam("scalarSize","i32"),i.addParam("n","i32"),i.addParam("pr","i32"),i.addLocal("chunkSize","i32"),i.addLocal("nChunks","i32"),i.addLocal("itScalar","i32"),i.addLocal("endScalar","i32"),i.addLocal("itBase","i32"),i.addLocal("itBit","i32"),i.addLocal("i","i32"),i.addLocal("j","i32"),i.addLocal("nTable","i32"),i.addLocal("pTable","i32"),i.addLocal("idx","i32"),i.addLocal("pIdxTable","i32");const o=i.getCodeBuilder(),l=o.i32_const(t.alloc(n)),r=t.alloc([17,17,17,17,17,17,17,17,17,17,16,16,15,14,13,13,12,11,10,9,8,7,7,6,5,4,3,2,1,1,1,1]);i.addCode(o.call(e+"_zero",o.getLocal("pr")),o.if(o.i32_eqz(o.getLocal("n")),o.ret([])),o.setLocal("chunkSize",o.i32_load8_u(o.i32_clz(o.getLocal("n")),r)),o.setLocal("nChunks",o.i32_add(o.i32_div_u(o.i32_sub(o.i32_shl(o.getLocal("scalarSize"),o.i32_const(3)),o.i32_const(1)),o.getLocal("chunkSize")),o.i32_const(1))),o.setLocal("itBit",o.i32_mul(o.i32_sub(o.getLocal("nChunks"),o.i32_const(1)),o.getLocal("chunkSize"))),o.block(o.loop(o.br_if(1,o.i32_lt_s(o.getLocal("itBit"),o.i32_const(0))),o.if(o.i32_eqz(o.call(e+"_isZero",o.getLocal("pr"))),[...o.setLocal("j",o.i32_const(0)),...o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("j"),o.getLocal("chunkSize"))),o.call(e+"_double",o.getLocal("pr"),o.getLocal("pr")),o.setLocal("j",o.i32_add(o.getLocal("j"),o.i32_const(1))),o.br(0)))]),o.call(a+"_chunk",o.getLocal("pBases"),o.getLocal("pScalars"),o.getLocal("scalarSize"),o.getLocal("n"),o.getLocal("itBit"),o.getLocal("chunkSize"),l),o.call(e+"_add",o.getLocal("pr"),l,o.getLocal("pr")),o.setLocal("itBit",o.i32_sub(o.getLocal("itBit"),o.getLocal("chunkSize"))),o.br(0))))}!function(){const e=t.addFunction(a+"_getChunk");e.addParam("pScalar","i32"),e.addParam("scalarSize","i32"),e.addParam("startBit","i32"),e.addParam("chunkSize","i32"),e.addLocal("bitsToEnd","i32"),e.addLocal("mask","i32"),e.setReturnType("i32");const i=e.getCodeBuilder();e.addCode(i.setLocal("bitsToEnd",i.i32_sub(i.i32_mul(i.getLocal("scalarSize"),i.i32_const(8)),i.getLocal("startBit"))),i.if(i.i32_gt_s(i.getLocal("chunkSize"),i.getLocal("bitsToEnd")),i.setLocal("mask",i.i32_sub(i.i32_shl(i.i32_const(1),i.getLocal("bitsToEnd")),i.i32_const(1))),i.setLocal("mask",i.i32_sub(i.i32_shl(i.i32_const(1),i.getLocal("chunkSize")),i.i32_const(1)))),i.i32_and(i.i32_shr_u(i.i32_load(i.i32_add(i.getLocal("pScalar"),i.i32_shr_u(i.getLocal("startBit"),i.i32_const(3))),0,0),i.i32_and(i.getLocal("startBit"),i.i32_const(7))),i.getLocal("mask")))}(),function(){const i=t.addFunction(a+"_reduceTable");i.addParam("pTable","i32"),i.addParam("p","i32"),i.addLocal("half","i32"),i.addLocal("it1","i32"),i.addLocal("it2","i32"),i.addLocal("pAcc","i32");const o=i.getCodeBuilder();i.addCode(o.if(o.i32_eq(o.getLocal("p"),o.i32_const(1)),o.ret([])),o.setLocal("half",o.i32_shl(o.i32_const(1),o.i32_sub(o.getLocal("p"),o.i32_const(1)))),o.setLocal("it1",o.getLocal("pTable")),o.setLocal("it2",o.i32_add(o.getLocal("pTable"),o.i32_mul(o.getLocal("half"),o.i32_const(n)))),o.setLocal("pAcc",o.i32_sub(o.getLocal("it2"),o.i32_const(n))),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("it1"),o.getLocal("pAcc"))),o.call(e+"_add",o.getLocal("it1"),o.getLocal("it2"),o.getLocal("it1")),o.call(e+"_add",o.getLocal("pAcc"),o.getLocal("it2"),o.getLocal("pAcc")),o.setLocal("it1",o.i32_add(o.getLocal("it1"),o.i32_const(n))),o.setLocal("it2",o.i32_add(o.getLocal("it2"),o.i32_const(n))),o.br(0))),o.call(a+"_reduceTable",o.getLocal("pTable"),o.i32_sub(o.getLocal("p"),o.i32_const(1))),o.setLocal("p",o.i32_sub(o.getLocal("p"),o.i32_const(1))),o.block(o.loop(o.br_if(1,o.i32_eqz(o.getLocal("p"))),o.call(e+"_double",o.getLocal("pAcc"),o.getLocal("pAcc")),o.setLocal("p",o.i32_sub(o.getLocal("p"),o.i32_const(1))),o.br(0))),o.call(e+"_add",o.getLocal("pTable"),o.getLocal("pAcc"),o.getLocal("pTable")))}(),function(){const l=t.addFunction(a+"_chunk");l.addParam("pBases","i32"),l.addParam("pScalars","i32"),l.addParam("scalarSize","i32"),l.addParam("n","i32"),l.addParam("startBit","i32"),l.addParam("chunkSize","i32"),l.addParam("pr","i32"),l.addLocal("nChunks","i32"),l.addLocal("itScalar","i32"),l.addLocal("endScalar","i32"),l.addLocal("itBase","i32"),l.addLocal("i","i32"),l.addLocal("j","i32"),l.addLocal("nTable","i32"),l.addLocal("pTable","i32"),l.addLocal("idx","i32"),l.addLocal("pIdxTable","i32");const r=l.getCodeBuilder();l.addCode(r.if(r.i32_eqz(r.getLocal("n")),[...r.call(e+"_zero",r.getLocal("pr")),...r.ret([])]),r.setLocal("nTable",r.i32_shl(r.i32_const(1),r.getLocal("chunkSize"))),r.setLocal("pTable",r.i32_load(r.i32_const(0))),r.i32_store(r.i32_const(0),r.i32_add(r.getLocal("pTable"),r.i32_mul(r.getLocal("nTable"),r.i32_const(n)))),r.setLocal("j",r.i32_const(0)),r.block(r.loop(r.br_if(1,r.i32_eq(r.getLocal("j"),r.getLocal("nTable"))),r.call(e+"_zero",r.i32_add(r.getLocal("pTable"),r.i32_mul(r.getLocal("j"),r.i32_const(n)))),r.setLocal("j",r.i32_add(r.getLocal("j"),r.i32_const(1))),r.br(0))),r.setLocal("itBase",r.getLocal("pBases")),r.setLocal("itScalar",r.getLocal("pScalars")),r.setLocal("endScalar",r.i32_add(r.getLocal("pScalars"),r.i32_mul(r.getLocal("n"),r.getLocal("scalarSize")))),r.block(r.loop(r.br_if(1,r.i32_eq(r.getLocal("itScalar"),r.getLocal("endScalar"))),r.setLocal("idx",r.call(a+"_getChunk",r.getLocal("itScalar"),r.getLocal("scalarSize"),r.getLocal("startBit"),r.getLocal("chunkSize"))),r.if(r.getLocal("idx"),[...r.setLocal("pIdxTable",r.i32_add(r.getLocal("pTable"),r.i32_mul(r.i32_sub(r.getLocal("idx"),r.i32_const(1)),r.i32_const(n)))),...r.call(i,r.getLocal("pIdxTable"),r.getLocal("itBase"),r.getLocal("pIdxTable"))]),r.setLocal("itScalar",r.i32_add(r.getLocal("itScalar"),r.getLocal("scalarSize"))),r.setLocal("itBase",r.i32_add(r.getLocal("itBase"),r.i32_const(o))),r.br(0))),r.call(a+"_reduceTable",r.getLocal("pTable"),r.getLocal("chunkSize")),r.call(e+"_copy",r.getLocal("pTable"),r.getLocal("pr")),r.i32_store(r.i32_const(0),r.getLocal("pTable")))}(),l(),t.exportFunction(a),t.exportFunction(a+"_chunk")};var zt=function(t,e,a,i){const o=t.modules[a].n64,n=8*o;if(t.modules[e])return e;return t.modules[e]={n64:3*o},function(){const i=t.addFunction(e+"_isZeroAffine");i.addParam("p1","i32"),i.setReturnType("i32");const o=i.getCodeBuilder();i.addCode(o.i32_and(o.call(a+"_isZero",o.getLocal("p1")),o.call(a+"_isZero",o.i32_add(o.getLocal("p1"),o.i32_const(n)))))}(),function(){const i=t.addFunction(e+"_isZero");i.addParam("p1","i32"),i.setReturnType("i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_isZero",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))))}(),function(){const i=t.addFunction(e+"_zeroAffine");i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_zero",o.getLocal("pr"))),i.addCode(o.call(a+"_zero",o.i32_add(o.getLocal("pr"),o.i32_const(n))))}(),function(){const i=t.addFunction(e+"_zero");i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_zero",o.getLocal("pr"))),i.addCode(o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(n)))),i.addCode(o.call(a+"_zero",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))))}(),function(){const a=t.addFunction(e+"_copyAffine");a.addParam("ps","i32"),a.addParam("pd","i32");const i=a.getCodeBuilder();for(let t=0;t<2*o;t++)a.addCode(i.i64_store(i.getLocal("pd"),8*t,i.i64_load(i.getLocal("ps"),8*t)))}(),function(){const a=t.addFunction(e+"_copy");a.addParam("ps","i32"),a.addParam("pd","i32");const i=a.getCodeBuilder();for(let t=0;t<3*o;t++)a.addCode(i.i64_store(i.getLocal("pd"),8*t,i.i64_load(i.getLocal("ps"),8*t)))}(),function(){const i=t.addFunction(e+"_toJacobian");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.getLocal("pr"),c=o.i32_add(o.getLocal("pr"),o.i32_const(n)),d=o.i32_add(o.getLocal("pr"),o.i32_const(2*n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("p1")),o.call(e+"_zero",o.getLocal("pr")),[...o.call(a+"_one",d),...o.call(a+"_copy",r,c),...o.call(a+"_copy",l,s)]))}(),function(){const i=t.addFunction(e+"_eqAffine");i.addParam("p1","i32"),i.addParam("p2","i32"),i.setReturnType("i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder();i.addCode(o.ret(o.i32_and(o.call(a+"_eq",o.getLocal("p1"),o.getLocal("p2")),o.call(a+"_eq",o.i32_add(o.getLocal("p1"),o.i32_const(n)),o.i32_add(o.getLocal("p2"),o.i32_const(n))))))}(),function(){const i=t.addFunction(e+"_eqMixed");i.addParam("p1","i32"),i.addParam("p2","i32"),i.setReturnType("i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n)),u=o.i32_const(t.alloc(n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),o.ret(o.call(e+"_isZeroAffine",o.getLocal("p2")))),o.if(o.call(e+"_isZeroAffine",o.getLocal("p2")),o.ret(o.i32_const(0))),o.if(o.call(a+"_isOne",s),o.ret(o.call(e+"_eqAffine",o.getLocal("p1"),o.getLocal("p2")))),o.call(a+"_square",s,u),o.call(a+"_mul",c,u,g),o.call(a+"_mul",s,u,f),o.call(a+"_mul",d,f,h),o.if(o.call(a+"_eq",l,g),o.if(o.call(a+"_eq",r,h),o.ret(o.i32_const(1)))),o.ret(o.i32_const(0)))}(),function(){const i=t.addFunction(e+"_eq");i.addParam("p1","i32"),i.addParam("p2","i32"),i.setReturnType("i32"),i.addLocal("z1","i32"),i.addLocal("z2","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n));i.addCode(o.setLocal("z2",o.i32_add(o.getLocal("p2"),o.i32_const(2*n))));const u=o.getLocal("z2"),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),o.ret(o.call(e+"_isZero",o.getLocal("p2")))),o.if(o.call(e+"_isZero",o.getLocal("p2")),o.ret(o.i32_const(0))),o.if(o.call(a+"_isOne",s),o.ret(o.call(e+"_eqMixed",o.getLocal("p2"),o.getLocal("p1")))),o.if(o.call(a+"_isOne",u),o.ret(o.call(e+"_eqMixed",o.getLocal("p1"),o.getLocal("p2")))),o.call(a+"_square",s,g),o.call(a+"_square",u,f),o.call(a+"_mul",l,f,h),o.call(a+"_mul",c,g,_),o.call(a+"_mul",s,g,p),o.call(a+"_mul",u,f,m),o.call(a+"_mul",r,m,w),o.call(a+"_mul",d,p,L),o.if(o.call(a+"_eq",h,_),o.if(o.call(a+"_eq",w,L),o.ret(o.i32_const(1)))),o.ret(o.i32_const(0)))}(),function(){const i=t.addFunction(e+"_doubleAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.getLocal("pr"),c=o.i32_add(o.getLocal("pr"),o.i32_const(n)),d=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),u=o.i32_const(t.alloc(n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("p1")),[...o.call(e+"_toJacobian",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.call(a+"_square",l,u),o.call(a+"_square",r,g),o.call(a+"_square",g,f),o.call(a+"_add",l,g,h),o.call(a+"_square",h,h),o.call(a+"_sub",h,u,h),o.call(a+"_sub",h,f,h),o.call(a+"_add",h,h,h),o.call(a+"_add",u,u,_),o.call(a+"_add",_,u,_),o.call(a+"_add",r,r,d),o.call(a+"_square",_,s),o.call(a+"_sub",s,h,s),o.call(a+"_sub",s,h,s),o.call(a+"_add",f,f,p),o.call(a+"_add",p,p,p),o.call(a+"_add",p,p,p),o.call(a+"_sub",h,s,c),o.call(a+"_mul",c,_,c),o.call(a+"_sub",c,p,c))}(),function(){const i=t.addFunction(e+"_double");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(e+"_copy",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(a+"_isOne",s),[...o.ret(o.call(e+"_doubleAffine",o.getLocal("p1"),o.getLocal("pr"))),...o.ret([])]),o.call(a+"_square",l,g),o.call(a+"_square",r,f),o.call(a+"_square",f,h),o.call(a+"_add",l,f,_),o.call(a+"_square",_,_),o.call(a+"_sub",_,g,_),o.call(a+"_sub",_,h,_),o.call(a+"_add",_,_,_),o.call(a+"_add",g,g,p),o.call(a+"_add",p,g,p),o.call(a+"_square",p,m),o.call(a+"_mul",r,s,w),o.call(a+"_add",_,_,c),o.call(a+"_sub",m,c,c),o.call(a+"_add",h,h,L),o.call(a+"_add",L,L,L),o.call(a+"_add",L,L,L),o.call(a+"_sub",_,c,d),o.call(a+"_mul",d,p,d),o.call(a+"_sub",d,L,d),o.call(a+"_add",w,w,u))}(),function(){const i=t.addFunction(e+"_addAffine");i.addParam("p1","i32"),i.addParam("p2","i32"),i.addParam("pr","i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("p2"),c=o.i32_add(o.getLocal("p2"),o.i32_const(n)),d=o.getLocal("pr"),u=o.i32_add(o.getLocal("pr"),o.i32_const(n)),g=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n)),b=o.i32_const(t.alloc(n)),y=o.i32_const(t.alloc(n)),A=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("p1")),[...o.call(e+"_copyAffine",o.getLocal("p2"),o.getLocal("pr")),...o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))),...o.ret([])]),o.if(o.call(e+"_isZeroAffine",o.getLocal("p2")),[...o.call(e+"_copyAffine",o.getLocal("p1"),o.getLocal("pr")),...o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))),...o.ret([])]),o.if(o.call(a+"_eq",l,s),o.if(o.call(a+"_eq",r,c),[...o.call(e+"_doubleAffine",o.getLocal("p2"),o.getLocal("pr")),...o.ret([])])),o.call(a+"_sub",s,l,f),o.call(a+"_sub",c,r,_),o.call(a+"_square",f,h),o.call(a+"_add",h,h,p),o.call(a+"_add",p,p,p),o.call(a+"_mul",f,p,m),o.call(a+"_add",_,_,w),o.call(a+"_mul",l,p,b),o.call(a+"_square",w,L),o.call(a+"_add",b,b,y),o.call(a+"_sub",L,m,d),o.call(a+"_sub",d,y,d),o.call(a+"_mul",r,m,A),o.call(a+"_add",A,A,A),o.call(a+"_sub",b,d,u),o.call(a+"_mul",u,w,u),o.call(a+"_sub",u,A,u),o.call(a+"_add",f,f,g))}(),function(){const i=t.addFunction(e+"_addMixed");i.addParam("p1","i32"),i.addParam("p2","i32"),i.addParam("pr","i32"),i.addLocal("z1","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n)),u=o.getLocal("pr"),g=o.i32_add(o.getLocal("pr"),o.i32_const(n)),f=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),h=o.i32_const(t.alloc(n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n)),b=o.i32_const(t.alloc(n)),y=o.i32_const(t.alloc(n)),A=o.i32_const(t.alloc(n)),C=o.i32_const(t.alloc(n)),I=o.i32_const(t.alloc(n)),F=o.i32_const(t.alloc(n)),x=o.i32_const(t.alloc(n)),E=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(e+"_copyAffine",o.getLocal("p2"),o.getLocal("pr")),...o.call(a+"_one",o.i32_add(o.getLocal("pr"),o.i32_const(2*n))),...o.ret([])]),o.if(o.call(e+"_isZeroAffine",o.getLocal("p2")),[...o.call(e+"_copy",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(a+"_isOne",s),[...o.call(e+"_addAffine",l,c,u),...o.ret([])]),o.call(a+"_square",s,h),o.call(a+"_mul",c,h,_),o.call(a+"_mul",s,h,p),o.call(a+"_mul",d,p,m),o.if(o.call(a+"_eq",l,_),o.if(o.call(a+"_eq",r,m),[...o.call(e+"_doubleAffine",o.getLocal("p2"),o.getLocal("pr")),...o.ret([])])),o.call(a+"_sub",_,l,w),o.call(a+"_sub",m,r,b),o.call(a+"_square",w,L),o.call(a+"_add",L,L,y),o.call(a+"_add",y,y,y),o.call(a+"_mul",w,y,A),o.call(a+"_add",b,b,C),o.call(a+"_mul",l,y,F),o.call(a+"_square",C,I),o.call(a+"_add",F,F,x),o.call(a+"_sub",I,A,u),o.call(a+"_sub",u,x,u),o.call(a+"_mul",r,A,E),o.call(a+"_add",E,E,E),o.call(a+"_sub",F,u,g),o.call(a+"_mul",g,C,g),o.call(a+"_sub",g,E,g),o.call(a+"_add",s,w,f),o.call(a+"_square",f,f),o.call(a+"_sub",f,h,f),o.call(a+"_sub",f,L,f))}(),function(){const i=t.addFunction(e+"_add");i.addParam("p1","i32"),i.addParam("p2","i32"),i.addParam("pr","i32"),i.addLocal("z1","i32"),i.addLocal("z2","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n));i.addCode(o.setLocal("z1",o.i32_add(o.getLocal("p1"),o.i32_const(2*n))));const s=o.getLocal("z1"),c=o.getLocal("p2"),d=o.i32_add(o.getLocal("p2"),o.i32_const(n));i.addCode(o.setLocal("z2",o.i32_add(o.getLocal("p2"),o.i32_const(2*n))));const u=o.getLocal("z2"),g=o.getLocal("pr"),f=o.i32_add(o.getLocal("pr"),o.i32_const(n)),h=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),_=o.i32_const(t.alloc(n)),p=o.i32_const(t.alloc(n)),m=o.i32_const(t.alloc(n)),w=o.i32_const(t.alloc(n)),L=o.i32_const(t.alloc(n)),b=o.i32_const(t.alloc(n)),y=o.i32_const(t.alloc(n)),A=o.i32_const(t.alloc(n)),C=o.i32_const(t.alloc(n)),I=o.i32_const(t.alloc(n)),F=o.i32_const(t.alloc(n)),x=o.i32_const(t.alloc(n)),E=o.i32_const(t.alloc(n)),v=o.i32_const(t.alloc(n)),B=o.i32_const(t.alloc(n)),S=o.i32_const(t.alloc(n)),P=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(e+"_copy",o.getLocal("p2"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(e+"_isZero",o.getLocal("p2")),[...o.call(e+"_copy",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])]),o.if(o.call(a+"_isOne",s),[...o.call(e+"_addMixed",c,l,g),...o.ret([])]),o.if(o.call(a+"_isOne",u),[...o.call(e+"_addMixed",l,c,g),...o.ret([])]),o.call(a+"_square",s,_),o.call(a+"_square",u,p),o.call(a+"_mul",l,p,m),o.call(a+"_mul",c,_,w),o.call(a+"_mul",s,_,L),o.call(a+"_mul",u,p,b),o.call(a+"_mul",r,b,y),o.call(a+"_mul",d,L,A),o.if(o.call(a+"_eq",m,w),o.if(o.call(a+"_eq",y,A),[...o.call(e+"_double",o.getLocal("p1"),o.getLocal("pr")),...o.ret([])])),o.call(a+"_sub",w,m,C),o.call(a+"_sub",A,y,I),o.call(a+"_add",C,C,F),o.call(a+"_square",F,F),o.call(a+"_mul",C,F,x),o.call(a+"_add",I,I,E),o.call(a+"_mul",m,F,B),o.call(a+"_square",E,v),o.call(a+"_add",B,B,S),o.call(a+"_sub",v,x,g),o.call(a+"_sub",g,S,g),o.call(a+"_mul",y,x,P),o.call(a+"_add",P,P,P),o.call(a+"_sub",B,g,f),o.call(a+"_mul",f,E,f),o.call(a+"_sub",f,P,f),o.call(a+"_add",s,u,h),o.call(a+"_square",h,h),o.call(a+"_sub",h,_,h),o.call(a+"_sub",h,p,h),o.call(a+"_mul",h,C,h))}(),function(){const i=t.addFunction(e+"_negAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.getLocal("pr"),c=o.i32_add(o.getLocal("pr"),o.i32_const(n));i.addCode(o.call(a+"_copy",l,s),o.call(a+"_neg",r,c))}(),function(){const i=t.addFunction(e+"_neg");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_add(o.getLocal("pr"),o.i32_const(2*n));i.addCode(o.call(a+"_copy",l,c),o.call(a+"_neg",r,d),o.call(a+"_copy",s,u))}(),function(){const a=t.addFunction(e+"_subAffine");a.addParam("p1","i32"),a.addParam("p2","i32"),a.addParam("pr","i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(3*n));a.addCode(i.call(e+"_negAffine",i.getLocal("p2"),o),i.call(e+"_addAffine",i.getLocal("p1"),o,i.getLocal("pr")))}(),function(){const a=t.addFunction(e+"_subMixed");a.addParam("p1","i32"),a.addParam("p2","i32"),a.addParam("pr","i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(3*n));a.addCode(i.call(e+"_negAffine",i.getLocal("p2"),o),i.call(e+"_addMixed",i.getLocal("p1"),o,i.getLocal("pr")))}(),function(){const a=t.addFunction(e+"_sub");a.addParam("p1","i32"),a.addParam("p2","i32"),a.addParam("pr","i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(3*n));a.addCode(i.call(e+"_neg",i.getLocal("p2"),o),i.call(e+"_add",i.getLocal("p1"),o,i.getLocal("pr")))}(),function(){const i=t.addFunction(e+"_fromMontgomeryAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_fromMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<2;t++)i.addCode(o.call(a+"_fromMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_fromMontgomery");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_fromMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<3;t++)i.addCode(o.call(a+"_fromMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_toMontgomeryAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_toMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<2;t++)i.addCode(o.call(a+"_toMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_toMontgomery");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder();i.addCode(o.call(a+"_toMontgomery",o.getLocal("p1"),o.getLocal("pr")));for(let t=1;t<3;t++)i.addCode(o.call(a+"_toMontgomery",o.i32_add(o.getLocal("p1"),o.i32_const(t*n)),o.i32_add(o.getLocal("pr"),o.i32_const(t*n))))}(),function(){const i=t.addFunction(e+"_toAffine");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_const(t.alloc(n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),[...o.call(a+"_zero",c),...o.call(a+"_zero",d)],[...o.call(a+"_inverse",s,u),...o.call(a+"_square",u,g),...o.call(a+"_mul",u,g,f),...o.call(a+"_mul",l,g,c),...o.call(a+"_mul",r,f,d)]))}(),function(){const o=t.addFunction(e+"_inCurveAffine");o.addParam("pIn","i32"),o.setReturnType("i32");const l=o.getCodeBuilder(),r=l.getLocal("pIn"),s=l.i32_add(l.getLocal("pIn"),l.i32_const(n)),c=l.i32_const(t.alloc(n)),d=l.i32_const(t.alloc(n));o.addCode(l.call(a+"_square",s,c),l.call(a+"_square",r,d),l.call(a+"_mul",r,d,d),l.call(a+"_add",d,l.i32_const(i),d),l.ret(l.call(a+"_eq",c,d)))}(),function(){const a=t.addFunction(e+"_inCurve");a.addParam("pIn","i32"),a.setReturnType("i32");const i=a.getCodeBuilder(),o=i.i32_const(t.alloc(2*n));a.addCode(i.call(e+"_toAffine",i.getLocal("pIn"),o),i.ret(i.call(e+"_inCurveAffine",o)))}(),function(){const i=t.addFunction(e+"_batchToAffine");i.addParam("pIn","i32"),i.addParam("n","i32"),i.addParam("pOut","i32"),i.addLocal("pAux","i32"),i.addLocal("itIn","i32"),i.addLocal("itAux","i32"),i.addLocal("itOut","i32"),i.addLocal("i","i32");const o=i.getCodeBuilder(),l=o.i32_const(t.alloc(n));i.addCode(o.setLocal("pAux",o.i32_load(o.i32_const(0))),o.i32_store(o.i32_const(0),o.i32_add(o.getLocal("pAux"),o.i32_mul(o.getLocal("n"),o.i32_const(n)))),o.call(a+"_batchInverse",o.i32_add(o.getLocal("pIn"),o.i32_const(2*n)),o.i32_const(3*n),o.getLocal("n"),o.getLocal("pAux"),o.i32_const(n)),o.setLocal("itIn",o.getLocal("pIn")),o.setLocal("itAux",o.getLocal("pAux")),o.setLocal("itOut",o.getLocal("pOut")),o.setLocal("i",o.i32_const(0)),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("i"),o.getLocal("n"))),o.if(o.call(a+"_isZero",o.getLocal("itAux")),[...o.call(a+"_zero",o.getLocal("itOut")),...o.call(a+"_zero",o.i32_add(o.getLocal("itOut"),o.i32_const(n)))],[...o.call(a+"_mul",o.getLocal("itAux"),o.i32_add(o.getLocal("itIn"),o.i32_const(n)),l),...o.call(a+"_square",o.getLocal("itAux"),o.getLocal("itAux")),...o.call(a+"_mul",o.getLocal("itAux"),o.getLocal("itIn"),o.getLocal("itOut")),...o.call(a+"_mul",o.getLocal("itAux"),l,o.i32_add(o.getLocal("itOut"),o.i32_const(n)))]),o.setLocal("itIn",o.i32_add(o.getLocal("itIn"),o.i32_const(3*n))),o.setLocal("itOut",o.i32_add(o.getLocal("itOut"),o.i32_const(2*n))),o.setLocal("itAux",o.i32_add(o.getLocal("itAux"),o.i32_const(n))),o.setLocal("i",o.i32_add(o.getLocal("i"),o.i32_const(1))),o.br(0))),o.i32_store(o.i32_const(0),o.getLocal("pAux")))}(),function(){const i=t.addFunction(e+"_normalize");i.addParam("p1","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),l=o.getLocal("p1"),r=o.i32_add(o.getLocal("p1"),o.i32_const(n)),s=o.i32_add(o.getLocal("p1"),o.i32_const(2*n)),c=o.getLocal("pr"),d=o.i32_add(o.getLocal("pr"),o.i32_const(n)),u=o.i32_add(o.getLocal("pr"),o.i32_const(2*n)),g=o.i32_const(t.alloc(n)),f=o.i32_const(t.alloc(n)),h=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZero",o.getLocal("p1")),o.call(e+"_zero",o.getLocal("pr")),[...o.call(a+"_inverse",s,g),...o.call(a+"_square",g,f),...o.call(a+"_mul",g,f,h),...o.call(a+"_mul",l,f,c),...o.call(a+"_mul",r,h,d),...o.call(a+"_one",u)]))}(),function(){const a=t.addFunction(e+"__reverseBytes");a.addParam("pIn","i32"),a.addParam("n","i32"),a.addParam("pOut","i32"),a.addLocal("itOut","i32"),a.addLocal("itIn","i32");const i=a.getCodeBuilder();a.addCode(i.setLocal("itOut",i.i32_sub(i.i32_add(i.getLocal("pOut"),i.getLocal("n")),i.i32_const(1))),i.setLocal("itIn",i.getLocal("pIn")),i.block(i.loop(i.br_if(1,i.i32_lt_s(i.getLocal("itOut"),i.getLocal("pOut"))),i.i32_store8(i.getLocal("itOut"),i.i32_load8_u(i.getLocal("itIn"))),i.setLocal("itOut",i.i32_sub(i.getLocal("itOut"),i.i32_const(1))),i.setLocal("itIn",i.i32_add(i.getLocal("itIn"),i.i32_const(1))),i.br(0))))}(),function(){const a=t.addFunction(e+"_LEMtoU");a.addParam("pIn","i32"),a.addParam("pOut","i32");const i=a.getCodeBuilder(),o=t.alloc(2*n),l=i.i32_const(o),r=i.i32_const(o),s=i.i32_const(o+n);a.addCode(i.if(i.call(e+"_isZeroAffine",i.getLocal("pIn")),[...i.call(e+"_zeroAffine",i.getLocal("pOut")),...i.ret([])]),i.call(e+"_fromMontgomeryAffine",i.getLocal("pIn"),l),i.call(e+"__reverseBytes",r,i.i32_const(n),i.getLocal("pOut")),i.call(e+"__reverseBytes",s,i.i32_const(n),i.i32_add(i.getLocal("pOut"),i.i32_const(n))))}(),function(){const i=t.addFunction(e+"_LEMtoC");i.addParam("pIn","i32"),i.addParam("pOut","i32");const o=i.getCodeBuilder(),l=o.i32_const(t.alloc(n));i.addCode(o.if(o.call(e+"_isZeroAffine",o.getLocal("pIn")),[...o.call(a+"_zero",o.getLocal("pOut")),...o.i32_store8(o.getLocal("pOut"),o.i32_const(64)),...o.ret([])]),o.call(a+"_fromMontgomery",o.getLocal("pIn"),l),o.call(e+"__reverseBytes",l,o.i32_const(n),o.getLocal("pOut")),o.if(o.i32_eq(o.call(a+"_sign",o.i32_add(o.getLocal("pIn"),o.i32_const(n))),o.i32_const(-1)),o.i32_store8(o.getLocal("pOut"),o.i32_or(o.i32_load8_u(o.getLocal("pOut")),o.i32_const(128)))))}(),function(){const a=t.addFunction(e+"_UtoLEM");a.addParam("pIn","i32"),a.addParam("pOut","i32");const i=a.getCodeBuilder(),o=t.alloc(2*n),l=i.i32_const(o),r=i.i32_const(o),s=i.i32_const(o+n);a.addCode(i.if(i.i32_and(i.i32_load8_u(i.getLocal("pIn")),i.i32_const(64)),[...i.call(e+"_zeroAffine",i.getLocal("pOut")),...i.ret([])]),i.call(e+"__reverseBytes",i.getLocal("pIn"),i.i32_const(n),r),i.call(e+"__reverseBytes",i.i32_add(i.getLocal("pIn"),i.i32_const(n)),i.i32_const(n),s),i.call(e+"_toMontgomeryAffine",l,i.getLocal("pOut")))}(),function(){const o=t.addFunction(e+"_CtoLEM");o.addParam("pIn","i32"),o.addParam("pOut","i32"),o.addLocal("firstByte","i32"),o.addLocal("greatest","i32");const l=o.getCodeBuilder(),r=t.alloc(2*n),s=l.i32_const(r),c=l.i32_const(r+n);o.addCode(l.setLocal("firstByte",l.i32_load8_u(l.getLocal("pIn"))),l.if(l.i32_and(l.getLocal("firstByte"),l.i32_const(64)),[...l.call(e+"_zeroAffine",l.getLocal("pOut")),...l.ret([])]),l.setLocal("greatest",l.i32_and(l.getLocal("firstByte"),l.i32_const(128))),l.call(a+"_copy",l.getLocal("pIn"),c),l.i32_store8(c,l.i32_and(l.getLocal("firstByte"),l.i32_const(63))),l.call(e+"__reverseBytes",c,l.i32_const(n),s),l.call(a+"_toMontgomery",s,l.getLocal("pOut")),l.call(a+"_square",l.getLocal("pOut"),c),l.call(a+"_mul",l.getLocal("pOut"),c,c),l.call(a+"_add",c,l.i32_const(i),c),l.call(a+"_sqrt",c,c),l.call(a+"_neg",c,s),l.if(l.i32_eq(l.call(a+"_sign",c),l.i32_const(-1)),l.if(l.getLocal("greatest"),l.call(a+"_copy",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n))),l.call(a+"_neg",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n)))),l.if(l.getLocal("greatest"),l.call(a+"_neg",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n))),l.call(a+"_copy",c,l.i32_add(l.getLocal("pOut"),l.i32_const(n))))))}(),Tt(t,e+"_batchLEMtoU",e+"_LEMtoU",2*n,2*n),Tt(t,e+"_batchLEMtoC",e+"_LEMtoC",2*n,n),Tt(t,e+"_batchUtoLEM",e+"_UtoLEM",2*n,2*n),Tt(t,e+"_batchCtoLEM",e+"_CtoLEM",n,2*n,!0),Tt(t,e+"_batchToJacobian",e+"_toJacobian",2*n,3*n,!0),Ut(t,e,e+"_multiexp",e+"_add",3*n),Ut(t,e,e+"_multiexpAffine",e+"_addMixed",2*n),Ot(t,e+"_timesScalar",3*n,e+"_add",e+"_double",e+"_sub",e+"_copy",e+"_zero"),Ot(t,e+"_timesScalarAffine",2*n,e+"_addMixed",e+"_double",e+"_subMixed",e+"_copyAffine",e+"_zero"),t.exportFunction(e+"_isZero"),t.exportFunction(e+"_isZeroAffine"),t.exportFunction(e+"_eq"),t.exportFunction(e+"_eqMixed"),t.exportFunction(e+"_eqAffine"),t.exportFunction(e+"_copy"),t.exportFunction(e+"_copyAffine"),t.exportFunction(e+"_zero"),t.exportFunction(e+"_zeroAffine"),t.exportFunction(e+"_double"),t.exportFunction(e+"_doubleAffine"),t.exportFunction(e+"_add"),t.exportFunction(e+"_addMixed"),t.exportFunction(e+"_addAffine"),t.exportFunction(e+"_neg"),t.exportFunction(e+"_negAffine"),t.exportFunction(e+"_sub"),t.exportFunction(e+"_subMixed"),t.exportFunction(e+"_subAffine"),t.exportFunction(e+"_fromMontgomery"),t.exportFunction(e+"_fromMontgomeryAffine"),t.exportFunction(e+"_toMontgomery"),t.exportFunction(e+"_toMontgomeryAffine"),t.exportFunction(e+"_timesScalar"),t.exportFunction(e+"_timesScalarAffine"),t.exportFunction(e+"_normalize"),t.exportFunction(e+"_LEMtoU"),t.exportFunction(e+"_LEMtoC"),t.exportFunction(e+"_UtoLEM"),t.exportFunction(e+"_CtoLEM"),t.exportFunction(e+"_batchLEMtoU"),t.exportFunction(e+"_batchLEMtoC"),t.exportFunction(e+"_batchUtoLEM"),t.exportFunction(e+"_batchCtoLEM"),t.exportFunction(e+"_toAffine"),t.exportFunction(e+"_toJacobian"),t.exportFunction(e+"_batchToAffine"),t.exportFunction(e+"_batchToJacobian"),t.exportFunction(e+"_inCurve"),t.exportFunction(e+"_inCurveAffine"),e};const{isOdd:Qt,modInv:qt,modPow:Mt}=W,kt=V;var Rt=function(t,e,a,i,o){const n=8*t.modules[i].n64,l=8*t.modules[a].n64,r=t.modules[i].q;let s=r-1n,c=0;for(;!Qt(s);)c++,s>>=1n;let d=2n;for(;1n===Mt(d,r>>1n,r);)d+=1n;const u=new Array(c+1);u[c]=Mt(d,s,r);let g=c-1;for(;g>=0;)u[g]=Mt(u[g+1],2n,r),g--;const f=[],h=(1n<>a);return e}const F=Array(256);for(let t=0;t<256;t++)F[t]=I(t);const x=t.alloc(F);function E(){const a=t.addFunction(e+"_fft");a.addParam("px","i32"),a.addParam("n","i32"),a.addLocal("bits","i32");const o=a.getCodeBuilder(),l=o.i32_const(t.alloc(n));a.addCode(o.setLocal("bits",o.call(e+"__log2",o.getLocal("n"))),o.call(i+"_one",l),o.call(e+"_rawfft",o.getLocal("px"),o.getLocal("bits"),o.i32_const(0),l))}!function(){const a=t.addFunction(e+"__rev");a.addParam("x","i32"),a.addParam("bits","i32"),a.setReturnType("i32");const i=a.getCodeBuilder();a.addCode(i.i32_rotl(i.i32_add(i.i32_add(i.i32_shl(i.i32_load8_u(i.i32_and(i.getLocal("x"),i.i32_const(255)),x,0),i.i32_const(24)),i.i32_shl(i.i32_load8_u(i.i32_and(i.i32_shr_u(i.getLocal("x"),i.i32_const(8)),i.i32_const(255)),x,0),i.i32_const(16))),i.i32_add(i.i32_shl(i.i32_load8_u(i.i32_and(i.i32_shr_u(i.getLocal("x"),i.i32_const(16)),i.i32_const(255)),x,0),i.i32_const(8)),i.i32_load8_u(i.i32_and(i.i32_shr_u(i.getLocal("x"),i.i32_const(24)),i.i32_const(255)),x,0))),i.getLocal("bits")))}(),function(){const i=t.addFunction(e+"__reversePermutation");i.addParam("px","i32"),i.addParam("bits","i32"),i.addLocal("n","i32"),i.addLocal("i","i32"),i.addLocal("ri","i32"),i.addLocal("idx1","i32"),i.addLocal("idx2","i32");const o=i.getCodeBuilder(),n=o.i32_const(t.alloc(l));i.addCode(o.setLocal("n",o.i32_shl(o.i32_const(1),o.getLocal("bits"))),o.setLocal("i",o.i32_const(0)),o.block(o.loop(o.br_if(1,o.i32_eq(o.getLocal("i"),o.getLocal("n"))),o.setLocal("idx1",o.i32_add(o.getLocal("px"),o.i32_mul(o.getLocal("i"),o.i32_const(l)))),o.setLocal("ri",o.call(e+"__rev",o.getLocal("i"),o.getLocal("bits"))),o.setLocal("idx2",o.i32_add(o.getLocal("px"),o.i32_mul(o.getLocal("ri"),o.i32_const(l)))),o.if(o.i32_lt_u(o.getLocal("i"),o.getLocal("ri")),[...o.call(a+"_copy",o.getLocal("idx1"),n),...o.call(a+"_copy",o.getLocal("idx2"),o.getLocal("idx1")),...o.call(a+"_copy",n,o.getLocal("idx2"))]),o.setLocal("i",o.i32_add(o.getLocal("i"),o.i32_const(1))),o.br(0))))}(),function(){const n=t.addFunction(e+"__fftFinal");n.addParam("px","i32"),n.addParam("bits","i32"),n.addParam("reverse","i32"),n.addParam("mulFactor","i32"),n.addLocal("n","i32"),n.addLocal("ndiv2","i32"),n.addLocal("pInv2","i32"),n.addLocal("i","i32"),n.addLocal("mask","i32"),n.addLocal("idx1","i32"),n.addLocal("idx2","i32");const r=n.getCodeBuilder(),s=r.i32_const(t.alloc(l));n.addCode(r.if(r.i32_and(r.i32_eqz(r.getLocal("reverse")),r.call(i+"_isOne",r.getLocal("mulFactor"))),r.ret([])),r.setLocal("n",r.i32_shl(r.i32_const(1),r.getLocal("bits"))),r.setLocal("mask",r.i32_sub(r.getLocal("n"),r.i32_const(1))),r.setLocal("i",r.i32_const(1)),r.setLocal("ndiv2",r.i32_shr_u(r.getLocal("n"),r.i32_const(1))),r.block(r.loop(r.br_if(1,r.i32_ge_u(r.getLocal("i"),r.getLocal("ndiv2"))),r.setLocal("idx1",r.i32_add(r.getLocal("px"),r.i32_mul(r.getLocal("i"),r.i32_const(l)))),r.setLocal("idx2",r.i32_add(r.getLocal("px"),r.i32_mul(r.i32_sub(r.getLocal("n"),r.getLocal("i")),r.i32_const(l)))),r.if(r.getLocal("reverse"),r.if(r.call(i+"_isOne",r.getLocal("mulFactor")),[...r.call(a+"_copy",r.getLocal("idx1"),s),...r.call(a+"_copy",r.getLocal("idx2"),r.getLocal("idx1")),...r.call(a+"_copy",s,r.getLocal("idx2"))],[...r.call(a+"_copy",r.getLocal("idx1"),s),...r.call(o,r.getLocal("idx2"),r.getLocal("mulFactor"),r.getLocal("idx1")),...r.call(o,s,r.getLocal("mulFactor"),r.getLocal("idx2"))]),r.if(r.call(i+"_isOne",r.getLocal("mulFactor")),[],[...r.call(o,r.getLocal("idx1"),r.getLocal("mulFactor"),r.getLocal("idx1")),...r.call(o,r.getLocal("idx2"),r.getLocal("mulFactor"),r.getLocal("idx2"))])),r.setLocal("i",r.i32_add(r.getLocal("i"),r.i32_const(1))),r.br(0))),r.if(r.call(i+"_isOne",r.getLocal("mulFactor")),[],[...r.call(o,r.getLocal("px"),r.getLocal("mulFactor"),r.getLocal("px")),...r.setLocal("idx2",r.i32_add(r.getLocal("px"),r.i32_mul(r.getLocal("ndiv2"),r.i32_const(l)))),...r.call(o,r.getLocal("idx2"),r.getLocal("mulFactor"),r.getLocal("idx2"))]))}(),function(){const r=t.addFunction(e+"_rawfft");r.addParam("px","i32"),r.addParam("bits","i32"),r.addParam("reverse","i32"),r.addParam("mulFactor","i32"),r.addLocal("s","i32"),r.addLocal("k","i32"),r.addLocal("j","i32"),r.addLocal("m","i32"),r.addLocal("mdiv2","i32"),r.addLocal("n","i32"),r.addLocal("pwm","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l)),u=s.i32_const(t.alloc(l));r.addCode(s.call(e+"__reversePermutation",s.getLocal("px"),s.getLocal("bits")),s.setLocal("n",s.i32_shl(s.i32_const(1),s.getLocal("bits"))),s.setLocal("s",s.i32_const(1)),s.block(s.loop(s.br_if(1,s.i32_gt_u(s.getLocal("s"),s.getLocal("bits"))),s.setLocal("m",s.i32_shl(s.i32_const(1),s.getLocal("s"))),s.setLocal("pwm",s.i32_add(s.i32_const(_),s.i32_mul(s.getLocal("s"),s.i32_const(n)))),s.setLocal("k",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_ge_u(s.getLocal("k"),s.getLocal("n"))),s.call(i+"_one",c),s.setLocal("mdiv2",s.i32_shr_u(s.getLocal("m"),s.i32_const(1))),s.setLocal("j",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_ge_u(s.getLocal("j"),s.getLocal("mdiv2"))),s.setLocal("idx1",s.i32_add(s.getLocal("px"),s.i32_mul(s.i32_add(s.getLocal("k"),s.getLocal("j")),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("idx1"),s.i32_mul(s.getLocal("mdiv2"),s.i32_const(l)))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_copy",s.getLocal("idx1"),u),s.call(a+"_add",u,d,s.getLocal("idx1")),s.call(a+"_sub",u,d,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("pwm"),c),s.setLocal("j",s.i32_add(s.getLocal("j"),s.i32_const(1))),s.br(0))),s.setLocal("k",s.i32_add(s.getLocal("k"),s.getLocal("m"))),s.br(0))),s.setLocal("s",s.i32_add(s.getLocal("s"),s.i32_const(1))),s.br(0))),s.call(e+"__fftFinal",s.getLocal("px"),s.getLocal("bits"),s.getLocal("reverse"),s.getLocal("mulFactor")))}(),function(){const a=t.addFunction(e+"__log2");a.addParam("n","i32"),a.setReturnType("i32"),a.addLocal("bits","i32"),a.addLocal("aux","i32");const i=a.getCodeBuilder();a.addCode(i.setLocal("aux",i.i32_shr_u(i.getLocal("n"),i.i32_const(1)))),a.addCode(i.setLocal("bits",i.i32_const(0))),a.addCode(i.block(i.loop(i.br_if(1,i.i32_eqz(i.getLocal("aux"))),i.setLocal("aux",i.i32_shr_u(i.getLocal("aux"),i.i32_const(1))),i.setLocal("bits",i.i32_add(i.getLocal("bits"),i.i32_const(1))),i.br(0)))),a.addCode(i.if(i.i32_ne(i.getLocal("n"),i.i32_shl(i.i32_const(1),i.getLocal("bits"))),i.unreachable())),a.addCode(i.if(i.i32_gt_u(i.getLocal("bits"),i.i32_const(c)),i.unreachable())),a.addCode(i.getLocal("bits"))}(),E(),function(){const a=t.addFunction(e+"_ifft");a.addParam("px","i32"),a.addParam("n","i32"),a.addLocal("bits","i32"),a.addLocal("pInv2","i32");const i=a.getCodeBuilder();a.addCode(i.setLocal("bits",i.call(e+"__log2",i.getLocal("n"))),i.setLocal("pInv2",i.i32_add(i.i32_const(w),i.i32_mul(i.getLocal("bits"),i.i32_const(n)))),i.call(e+"_rawfft",i.getLocal("px"),i.getLocal("bits"),i.i32_const(1),i.getLocal("pInv2")))}(),function(){const r=t.addFunction(e+"_fftJoin");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l)),u=s.i32_const(t.alloc(l));r.addCode(s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_copy",s.getLocal("idx1"),u),s.call(a+"_add",u,d,s.getLocal("idx1")),s.call(a+"_sub",u,d,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const r=t.addFunction(e+"_fftJoinExt");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addParam("totalBits","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("pShiftToM","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l));r.addCode(s.setLocal("pShiftToM",s.i32_add(s.i32_const(A),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(a+"_add",s.getLocal("idx1"),s.getLocal("idx2"),d),s.call(o,s.getLocal("idx2"),s.getLocal("pShiftToM"),s.getLocal("idx2")),s.call(a+"_add",s.getLocal("idx1"),s.getLocal("idx2"),s.getLocal("idx2")),s.call(o,s.getLocal("idx2"),c,s.getLocal("idx2")),s.call(a+"_copy",d,s.getLocal("idx1")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const r=t.addFunction(e+"_fftJoinExtInv");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addParam("totalBits","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("pShiftToM","i32"),r.addLocal("pSConst","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l));r.addCode(s.setLocal("pShiftToM",s.i32_add(s.i32_const(A),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.setLocal("pSConst",s.i32_add(s.i32_const(C),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_sub",s.getLocal("idx1"),d,s.getLocal("idx2")),s.call(o,s.getLocal("idx2"),s.getLocal("pSConst"),s.getLocal("idx2")),s.call(o,s.getLocal("idx1"),s.getLocal("pShiftToM"),s.getLocal("idx1")),s.call(a+"_sub",d,s.getLocal("idx1"),s.getLocal("idx1")),s.call(o,s.getLocal("idx1"),s.getLocal("pSConst"),s.getLocal("idx1")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const r=t.addFunction(e+"_fftMix");r.addParam("pBuff","i32"),r.addParam("n","i32"),r.addParam("exp","i32"),r.addLocal("nGroups","i32"),r.addLocal("nPerGroup","i32"),r.addLocal("nPerGroupDiv2","i32"),r.addLocal("pairOffset","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("j","i32"),r.addLocal("pwm","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l)),u=s.i32_const(t.alloc(l));r.addCode(s.setLocal("nPerGroup",s.i32_shl(s.i32_const(1),s.getLocal("exp"))),s.setLocal("nPerGroupDiv2",s.i32_shr_u(s.getLocal("nPerGroup"),s.i32_const(1))),s.setLocal("nGroups",s.i32_shr_u(s.getLocal("n"),s.getLocal("exp"))),s.setLocal("pairOffset",s.i32_mul(s.getLocal("nPerGroupDiv2"),s.i32_const(l))),s.setLocal("pwm",s.i32_add(s.i32_const(_),s.i32_mul(s.getLocal("exp"),s.i32_const(n)))),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("nGroups"))),s.call(i+"_one",c),s.setLocal("j",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("j"),s.getLocal("nPerGroupDiv2"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff"),s.i32_mul(s.i32_add(s.i32_mul(s.getLocal("i"),s.getLocal("nPerGroup")),s.getLocal("j")),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("idx1"),s.getLocal("pairOffset"))),s.call(o,s.getLocal("idx2"),c,d),s.call(a+"_copy",s.getLocal("idx1"),u),s.call(a+"_add",u,d,s.getLocal("idx1")),s.call(a+"_sub",u,d,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("pwm"),c),s.setLocal("j",s.i32_add(s.getLocal("j"),s.i32_const(1))),s.br(0))),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),function(){const i=t.addFunction(e+"_fftFinal");i.addParam("pBuff","i32"),i.addParam("n","i32"),i.addParam("factor","i32"),i.addLocal("idx1","i32"),i.addLocal("idx2","i32"),i.addLocal("i","i32"),i.addLocal("ndiv2","i32");const n=i.getCodeBuilder(),r=n.i32_const(t.alloc(l));i.addCode(n.setLocal("ndiv2",n.i32_shr_u(n.getLocal("n"),n.i32_const(1))),n.if(n.i32_and(n.getLocal("n"),n.i32_const(1)),n.call(o,n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.getLocal("ndiv2"),n.i32_const(l))),n.getLocal("factor"),n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.getLocal("ndiv2"),n.i32_const(l))))),n.setLocal("i",n.i32_const(0)),n.block(n.loop(n.br_if(1,n.i32_ge_u(n.getLocal("i"),n.getLocal("ndiv2"))),n.setLocal("idx1",n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.getLocal("i"),n.i32_const(l)))),n.setLocal("idx2",n.i32_add(n.getLocal("pBuff"),n.i32_mul(n.i32_sub(n.i32_sub(n.getLocal("n"),n.i32_const(1)),n.getLocal("i")),n.i32_const(l)))),n.call(o,n.getLocal("idx2"),n.getLocal("factor"),r),n.call(o,n.getLocal("idx1"),n.getLocal("factor"),n.getLocal("idx2")),n.call(a+"_copy",r,n.getLocal("idx1")),n.setLocal("i",n.i32_add(n.getLocal("i"),n.i32_const(1))),n.br(0))))}(),function(){const r=t.addFunction(e+"_prepareLagrangeEvaluation");r.addParam("pBuff1","i32"),r.addParam("pBuff2","i32"),r.addParam("n","i32"),r.addParam("first","i32"),r.addParam("inc","i32"),r.addParam("totalBits","i32"),r.addLocal("idx1","i32"),r.addLocal("idx2","i32"),r.addLocal("i","i32"),r.addLocal("pShiftToM","i32"),r.addLocal("pSConst","i32");const s=r.getCodeBuilder(),c=s.i32_const(t.alloc(n)),d=s.i32_const(t.alloc(l));r.addCode(s.setLocal("pShiftToM",s.i32_add(s.i32_const(A),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.setLocal("pSConst",s.i32_add(s.i32_const(C),s.i32_mul(s.getLocal("totalBits"),s.i32_const(n)))),s.call(i+"_copy",s.getLocal("first"),c),s.setLocal("i",s.i32_const(0)),s.block(s.loop(s.br_if(1,s.i32_eq(s.getLocal("i"),s.getLocal("n"))),s.setLocal("idx1",s.i32_add(s.getLocal("pBuff1"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.setLocal("idx2",s.i32_add(s.getLocal("pBuff2"),s.i32_mul(s.getLocal("i"),s.i32_const(l)))),s.call(o,s.getLocal("idx1"),s.getLocal("pShiftToM"),d),s.call(a+"_sub",s.getLocal("idx2"),d,d),s.call(a+"_sub",s.getLocal("idx1"),s.getLocal("idx2"),s.getLocal("idx2")),s.call(o,d,s.getLocal("pSConst"),s.getLocal("idx1")),s.call(o,s.getLocal("idx2"),c,s.getLocal("idx2")),s.call(i+"_mul",c,s.getLocal("inc"),c),s.setLocal("i",s.i32_add(s.getLocal("i"),s.i32_const(1))),s.br(0))))}(),t.exportFunction(e+"_fft"),t.exportFunction(e+"_ifft"),t.exportFunction(e+"_rawfft"),t.exportFunction(e+"_fftJoin"),t.exportFunction(e+"_fftJoinExt"),t.exportFunction(e+"_fftJoinExtInv"),t.exportFunction(e+"_fftMix"),t.exportFunction(e+"_fftFinal"),t.exportFunction(e+"_prepareLagrangeEvaluation")},Dt=function(t,e,a){const i=8*t.modules[a].n64;return function(){const o=t.addFunction(e+"_zero");o.addParam("px","i32"),o.addParam("n","i32"),o.addLocal("lastp","i32"),o.addLocal("p","i32");const n=o.getCodeBuilder();o.addCode(n.setLocal("p",n.getLocal("px")),n.setLocal("lastp",n.i32_add(n.getLocal("px"),n.i32_mul(n.getLocal("n"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("p"),n.getLocal("lastp"))),n.call(a+"_zero",n.getLocal("p")),n.setLocal("p",n.i32_add(n.getLocal("p"),n.i32_const(i))),n.br(0))))}(),function(){const o=t.addFunction(e+"_constructLC");o.addParam("ppolynomials","i32"),o.addParam("psignals","i32"),o.addParam("nSignals","i32"),o.addParam("pres","i32"),o.addLocal("i","i32"),o.addLocal("j","i32"),o.addLocal("pp","i32"),o.addLocal("ps","i32"),o.addLocal("pd","i32"),o.addLocal("ncoefs","i32");const n=o.getCodeBuilder(),l=n.i32_const(t.alloc(i));o.addCode(n.setLocal("i",n.i32_const(0)),n.setLocal("pp",n.getLocal("ppolynomials")),n.setLocal("ps",n.getLocal("psignals")),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("i"),n.getLocal("nSignals"))),n.setLocal("ncoefs",n.i32_load(n.getLocal("pp"))),n.setLocal("pp",n.i32_add(n.getLocal("pp"),n.i32_const(4))),n.setLocal("j",n.i32_const(0)),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("j"),n.getLocal("ncoefs"))),n.setLocal("pd",n.i32_add(n.getLocal("pres"),n.i32_mul(n.i32_load(n.getLocal("pp")),n.i32_const(i)))),n.setLocal("pp",n.i32_add(n.getLocal("pp"),n.i32_const(4))),n.call(a+"_mul",n.getLocal("ps"),n.getLocal("pp"),l),n.call(a+"_add",l,n.getLocal("pd"),n.getLocal("pd")),n.setLocal("pp",n.i32_add(n.getLocal("pp"),n.i32_const(i))),n.setLocal("j",n.i32_add(n.getLocal("j"),n.i32_const(1))),n.br(0))),n.setLocal("ps",n.i32_add(n.getLocal("ps"),n.i32_const(i))),n.setLocal("i",n.i32_add(n.getLocal("i"),n.i32_const(1))),n.br(0))))}(),t.exportFunction(e+"_zero"),t.exportFunction(e+"_constructLC"),e},Nt=function(t,e,a){const i=8*t.modules[a].n64;return function(){const o=t.addFunction(e+"_buildABC");o.addParam("pCoefs","i32"),o.addParam("nCoefs","i32"),o.addParam("pWitness","i32"),o.addParam("pA","i32"),o.addParam("pB","i32"),o.addParam("pC","i32"),o.addParam("offsetOut","i32"),o.addParam("nOut","i32"),o.addParam("offsetWitness","i32"),o.addParam("nWitness","i32"),o.addLocal("it","i32"),o.addLocal("ita","i32"),o.addLocal("itb","i32"),o.addLocal("last","i32"),o.addLocal("m","i32"),o.addLocal("c","i32"),o.addLocal("s","i32"),o.addLocal("pOut","i32");const n=o.getCodeBuilder(),l=n.i32_const(t.alloc(i));o.addCode(n.setLocal("ita",n.getLocal("pA")),n.setLocal("itb",n.getLocal("pB")),n.setLocal("last",n.i32_add(n.getLocal("pA"),n.i32_mul(n.getLocal("nOut"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_zero",n.getLocal("ita")),n.call(a+"_zero",n.getLocal("itb")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.br(0))),n.setLocal("it",n.getLocal("pCoefs")),n.setLocal("last",n.i32_add(n.getLocal("pCoefs"),n.i32_mul(n.getLocal("nCoefs"),n.i32_const(i+12)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("it"),n.getLocal("last"))),n.setLocal("s",n.i32_load(n.getLocal("it"),8)),n.if(n.i32_or(n.i32_lt_u(n.getLocal("s"),n.getLocal("offsetWitness")),n.i32_ge_u(n.getLocal("s"),n.i32_add(n.getLocal("offsetWitness"),n.getLocal("nWitness")))),[...n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),...n.br(1)]),n.setLocal("m",n.i32_load(n.getLocal("it"))),n.if(n.i32_eq(n.getLocal("m"),n.i32_const(0)),n.setLocal("pOut",n.getLocal("pA")),n.if(n.i32_eq(n.getLocal("m"),n.i32_const(1)),n.setLocal("pOut",n.getLocal("pB")),[...n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),...n.br(1)])),n.setLocal("c",n.i32_load(n.getLocal("it"),4)),n.if(n.i32_or(n.i32_lt_u(n.getLocal("c"),n.getLocal("offsetOut")),n.i32_ge_u(n.getLocal("c"),n.i32_add(n.getLocal("offsetOut"),n.getLocal("nOut")))),[...n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),...n.br(1)]),n.setLocal("pOut",n.i32_add(n.getLocal("pOut"),n.i32_mul(n.i32_sub(n.getLocal("c"),n.getLocal("offsetOut")),n.i32_const(i)))),n.call(a+"_mul",n.i32_add(n.getLocal("pWitness"),n.i32_mul(n.i32_sub(n.getLocal("s"),n.getLocal("offsetWitness")),n.i32_const(i))),n.i32_add(n.getLocal("it"),n.i32_const(12)),l),n.call(a+"_add",n.getLocal("pOut"),l,n.getLocal("pOut")),n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i+12))),n.br(0))),n.setLocal("ita",n.getLocal("pA")),n.setLocal("itb",n.getLocal("pB")),n.setLocal("it",n.getLocal("pC")),n.setLocal("last",n.i32_add(n.getLocal("pA"),n.i32_mul(n.getLocal("nOut"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_mul",n.getLocal("ita"),n.getLocal("itb"),n.getLocal("it")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.setLocal("it",n.i32_add(n.getLocal("it"),n.i32_const(i))),n.br(0))))}(),function(){const o=t.addFunction(e+"_joinABC");o.addParam("pA","i32"),o.addParam("pB","i32"),o.addParam("pC","i32"),o.addParam("n","i32"),o.addParam("pP","i32"),o.addLocal("ita","i32"),o.addLocal("itb","i32"),o.addLocal("itc","i32"),o.addLocal("itp","i32"),o.addLocal("last","i32");const n=o.getCodeBuilder(),l=n.i32_const(t.alloc(i));o.addCode(n.setLocal("ita",n.getLocal("pA")),n.setLocal("itb",n.getLocal("pB")),n.setLocal("itc",n.getLocal("pC")),n.setLocal("itp",n.getLocal("pP")),n.setLocal("last",n.i32_add(n.getLocal("pA"),n.i32_mul(n.getLocal("n"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_mul",n.getLocal("ita"),n.getLocal("itb"),l),n.call(a+"_sub",l,n.getLocal("itc"),n.getLocal("itp")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.setLocal("itc",n.i32_add(n.getLocal("itc"),n.i32_const(i))),n.setLocal("itp",n.i32_add(n.getLocal("itp"),n.i32_const(i))),n.br(0))))}(),function(){const o=t.addFunction(e+"_batchAdd");o.addParam("pa","i32"),o.addParam("pb","i32"),o.addParam("n","i32"),o.addParam("pr","i32"),o.addLocal("ita","i32"),o.addLocal("itb","i32"),o.addLocal("itr","i32"),o.addLocal("last","i32");const n=o.getCodeBuilder();o.addCode(n.setLocal("ita",n.getLocal("pa")),n.setLocal("itb",n.getLocal("pb")),n.setLocal("itr",n.getLocal("pr")),n.setLocal("last",n.i32_add(n.getLocal("pa"),n.i32_mul(n.getLocal("n"),n.i32_const(i)))),n.block(n.loop(n.br_if(1,n.i32_eq(n.getLocal("ita"),n.getLocal("last"))),n.call(a+"_add",n.getLocal("ita"),n.getLocal("itb"),n.getLocal("itr")),n.setLocal("ita",n.i32_add(n.getLocal("ita"),n.i32_const(i))),n.setLocal("itb",n.i32_add(n.getLocal("itb"),n.i32_const(i))),n.setLocal("itr",n.i32_add(n.getLocal("itr"),n.i32_const(i))),n.br(0))))}(),t.exportFunction(e+"_buildABC"),t.exportFunction(e+"_joinABC"),t.exportFunction(e+"_batchAdd"),e},$t=function(t,e,a,i,o,n,l,r){const s=t.addFunction(e);s.addParam("pIn","i32"),s.addParam("n","i32"),s.addParam("pFirst","i32"),s.addParam("pInc","i32"),s.addParam("pOut","i32"),s.addLocal("pOldFree","i32"),s.addLocal("i","i32"),s.addLocal("pFrom","i32"),s.addLocal("pTo","i32");const c=s.getCodeBuilder(),d=c.i32_const(t.alloc(l));s.addCode(c.setLocal("pFrom",c.getLocal("pIn")),c.setLocal("pTo",c.getLocal("pOut"))),s.addCode(c.call(i+"_copy",c.getLocal("pFirst"),d)),s.addCode(c.setLocal("i",c.i32_const(0)),c.block(c.loop(c.br_if(1,c.i32_eq(c.getLocal("i"),c.getLocal("n"))),c.call(r,c.getLocal("pFrom"),d,c.getLocal("pTo")),c.setLocal("pFrom",c.i32_add(c.getLocal("pFrom"),c.i32_const(o))),c.setLocal("pTo",c.i32_add(c.getLocal("pTo"),c.i32_const(n))),c.call(i+"_mul",d,c.getLocal("pInc"),d),c.setLocal("i",c.i32_add(c.getLocal("i"),c.i32_const(1))),c.br(0)))),t.exportFunction(e)};const Vt=V,Kt=At,jt=Ft,Ht=Bt,Zt=Gt,Wt=zt,Yt=Rt,Jt=Dt,Xt=Nt,te=$t,{bitLength:ee,modInv:ae,isOdd:ie,isNegative:oe}=W;const ne=V,le=At,re=Ft,se=Bt,ce=Gt,de=zt,ue=Rt,ge=Dt,fe=Nt,he=$t,{bitLength:_e,isOdd:pe,isNegative:me}=W;var we=function(t,e){const a=e||"bn128";if(t.modules[a])return a;const i=21888242871839275222246405745257275088696311157297823662689037894645226208583n,o=21888242871839275222246405745257275088548364400416034343698204186575808495617n,n=Math.floor((ee(i-1n)-1)/64)+1,l=8*n,r=l,s=l,c=2*s,d=12*s,u=t.alloc(Vt.bigInt2BytesLE(o,r)),g=Kt(t,i,"f1m");jt(t,o,"fr","frm");const f=t.alloc(Vt.bigInt2BytesLE(L(3n),s)),h=Wt(t,"g1m","f1m",f);Yt(t,"frm","frm","frm","frm_mul"),Jt(t,"pol","frm"),Xt(t,"qap","frm");const _=Ht(t,"f1m_neg","f2m","f1m"),p=t.alloc([...Vt.bigInt2BytesLE(L(19485874751759354771024239261021720505790618469301721065564631296452457478373n),s),...Vt.bigInt2BytesLE(L(266929791119991161246907387137283842545076965332900288569378510910307636690n),s)]),m=Wt(t,"g2m","f2m",p);function w(e,a){const i=t.addFunction(e);i.addParam("pG","i32"),i.addParam("pFr","i32"),i.addParam("pr","i32");const o=i.getCodeBuilder(),n=o.i32_const(t.alloc(l));i.addCode(o.call("frm_fromMontgomery",o.getLocal("pFr"),n),o.call(a,o.getLocal("pG"),n,o.i32_const(l),o.getLocal("pr"))),t.exportFunction(e)}function L(t){return BigInt(t)*(1n<0n;)ie(e)?a.push(1):a.push(0),e>>=1n;return a}(29793968203157093288n),z=t.alloc(U),Q=3*c,q=U.length-1,M=U.reduce(((t,e)=>t+(0!=e?1:0)),0),k=6*l,R=3*l*2+(M+q+1)*Q;t.modules[a]={n64:n,pG1gen:y,pG1zero:C,pG1b:f,pG2gen:F,pG2zero:E,pG2b:p,pq:t.modules.f1m.pq,pr:u,pOneT:v,prePSize:k,preQSize:R,r:o.toString(),q:i.toString()};const D=4965661367192848881n;function N(e){const o=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[8376118865763821496583973867626364092589906065868298776909617916018768340080n,16469823323077808223889137241176536799009286646108169935659301613961712198316n],[21888242871839275220042445260109153167277707414472061641714758635765020556617n,0n],[11697423496358154304825782922584725312912383441159505038794027105778954184319n,303847389135065887422783454877609941456349188919719272345083954437860409601n],[21888242871839275220042445260109153167277707414472061641714758635765020556616n,0n],[3321304630594332808241809054958361220322477375291206261884409189760185844239n,5722266937896532885780051958958348231143373700109372999374820235121374419868n],[21888242871839275222246405745257275088696311157297823662689037894645226208582n,0n],[13512124006075453725662431877630910996106405091429524885779419978626457868503n,5418419548761466998357268504080738289687024511189653727029736280683514010267n],[2203960485148121921418603742825762020974279258880205651966n,0n],[10190819375481120917420622822672549775783927716138318623895010788866272024264n,21584395482704209334823622290379665147239961968378104390343953940207365798982n],[2203960485148121921418603742825762020974279258880205651967n,0n],[18566938241244942414004596690298913868373833782006617400804628704885040364344n,16165975933942742336466353786298926857552937457188450663314217659523851788715n]]],n=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[21575463638280843010398324269430826099269044274347216827212613867836435027261n,10307601595873709700152284273816112264069230130616436755625194854815875713954n],[21888242871839275220042445260109153167277707414472061641714758635765020556616n,0n],[3772000881919853776433695186713858239009073593817195771773381919316419345261n,2236595495967245188281701248203181795121068902605861227855261137820944008926n],[2203960485148121921418603742825762020974279258880205651966n,0n],[18429021223477853657660792034369865839114504446431234726392080002137598044644n,9344045779998320333812420223237981029506012124075525679208581902008406485703n]],[[1n,0n],[2581911344467009335267311115468803099551665605076196740867805258568234346338n,19937756971775647987995932169929341994314640652964949448313374472400716661030n],[2203960485148121921418603742825762020974279258880205651966n,0n],[5324479202449903542726783395506214481928257762400643279780343368557297135718n,16208900380737693084919495127334387981393726419856888799917914180988844123039n],[21888242871839275220042445260109153167277707414472061641714758635765020556616n,0n],[13981852324922362344252311234282257507216387789820983642040889267519694726527n,7629828391165209371577384193250820201684255241773809077146787135900891633097n]]],l=t.addFunction(a+"__frobeniusMap"+e);l.addParam("x","i32"),l.addParam("r","i32");const r=l.getCodeBuilder();for(let a=0;a<6;a++){const i=0==a?r.getLocal("x"):r.i32_add(r.getLocal("x"),r.i32_const(a*c)),u=i,f=r.i32_add(r.getLocal("x"),r.i32_const(a*c+s)),h=0==a?r.getLocal("r"):r.i32_add(r.getLocal("r"),r.i32_const(a*c)),p=h,m=r.i32_add(r.getLocal("r"),r.i32_const(a*c+s)),w=d(o[Math.floor(a/3)][e%12],n[a%3][e%6]),b=t.alloc([...Vt.bigInt2BytesLE(L(w[0]),32),...Vt.bigInt2BytesLE(L(w[1]),32)]);e%2==1?l.addCode(r.call(g+"_copy",u,p),r.call(g+"_neg",f,m),r.call(_+"_mul",h,r.i32_const(b),h)):l.addCode(r.call(_+"_mul",i,r.i32_const(b),h))}function d(t,e){const a=BigInt(t[0]),o=BigInt(t[1]),n=BigInt(e[0]),l=BigInt(e[1]),r=[(a*n-o*l)%i,(a*l+o*n)%i];return oe(r[0])&&(r[0]=r[0]+i),r}}function $(e,i){const o=function(t){let e=t;const a=[];for(;e>0n;){if(ie(e)){const t=2-Number(e%4n);a.push(t),e-=BigInt(t)}else a.push(0);e>>=1n}return a}(e).map((t=>-1==t?255:t)),n=t.alloc(o),l=t.addFunction(a+"__cyclotomicExp_"+i);l.addParam("x","i32"),l.addParam("r","i32"),l.addLocal("bit","i32"),l.addLocal("i","i32");const r=l.getCodeBuilder(),s=r.getLocal("x"),c=r.getLocal("r"),u=r.i32_const(t.alloc(d));l.addCode(r.call(T+"_conjugate",s,u),r.call(T+"_one",c),r.if(r.teeLocal("bit",r.i32_load8_s(r.i32_const(o.length-1),n)),r.if(r.i32_eq(r.getLocal("bit"),r.i32_const(1)),r.call(T+"_mul",c,s,c),r.call(T+"_mul",c,u,c))),r.setLocal("i",r.i32_const(o.length-2)),r.block(r.loop(r.call(a+"__cyclotomicSquare",c,c),r.if(r.teeLocal("bit",r.i32_load8_s(r.getLocal("i"),n)),r.if(r.i32_eq(r.getLocal("bit"),r.i32_const(1)),r.call(T+"_mul",c,s,c),r.call(T+"_mul",c,u,c))),r.br_if(1,r.i32_eqz(r.getLocal("i"))),r.setLocal("i",r.i32_sub(r.getLocal("i"),r.i32_const(1))),r.br(0))))}function V(){!function(){const e=t.addFunction(a+"__cyclotomicSquare");e.addParam("x","i32"),e.addParam("r","i32");const i=e.getCodeBuilder(),o=i.getLocal("x"),n=i.i32_add(i.getLocal("x"),i.i32_const(c)),l=i.i32_add(i.getLocal("x"),i.i32_const(2*c)),r=i.i32_add(i.getLocal("x"),i.i32_const(3*c)),s=i.i32_add(i.getLocal("x"),i.i32_const(4*c)),d=i.i32_add(i.getLocal("x"),i.i32_const(5*c)),u=i.getLocal("r"),g=i.i32_add(i.getLocal("r"),i.i32_const(c)),f=i.i32_add(i.getLocal("r"),i.i32_const(2*c)),h=i.i32_add(i.getLocal("r"),i.i32_const(3*c)),p=i.i32_add(i.getLocal("r"),i.i32_const(4*c)),m=i.i32_add(i.getLocal("r"),i.i32_const(5*c)),w=i.i32_const(t.alloc(c)),L=i.i32_const(t.alloc(c)),b=i.i32_const(t.alloc(c)),y=i.i32_const(t.alloc(c)),A=i.i32_const(t.alloc(c)),C=i.i32_const(t.alloc(c)),I=i.i32_const(t.alloc(c)),F=i.i32_const(t.alloc(c));e.addCode(i.call(_+"_mul",o,s,I),i.call(_+"_mul",s,i.i32_const(B),w),i.call(_+"_add",o,w,w),i.call(_+"_add",o,s,F),i.call(_+"_mul",F,w,w),i.call(_+"_mul",i.i32_const(B),I,F),i.call(_+"_add",I,F,F),i.call(_+"_sub",w,F,w),i.call(_+"_add",I,I,L),i.call(_+"_mul",r,l,I),i.call(_+"_mul",l,i.i32_const(B),b),i.call(_+"_add",r,b,b),i.call(_+"_add",r,l,F),i.call(_+"_mul",F,b,b),i.call(_+"_mul",i.i32_const(B),I,F),i.call(_+"_add",I,F,F),i.call(_+"_sub",b,F,b),i.call(_+"_add",I,I,y),i.call(_+"_mul",n,d,I),i.call(_+"_mul",d,i.i32_const(B),A),i.call(_+"_add",n,A,A),i.call(_+"_add",n,d,F),i.call(_+"_mul",F,A,A),i.call(_+"_mul",i.i32_const(B),I,F),i.call(_+"_add",I,F,F),i.call(_+"_sub",A,F,A),i.call(_+"_add",I,I,C),i.call(_+"_sub",w,o,u),i.call(_+"_add",u,u,u),i.call(_+"_add",w,u,u),i.call(_+"_add",L,s,p),i.call(_+"_add",p,p,p),i.call(_+"_add",L,p,p),i.call(_+"_mul",C,i.i32_const(P),F),i.call(_+"_add",F,r,h),i.call(_+"_add",h,h,h),i.call(_+"_add",F,h,h),i.call(_+"_sub",A,l,f),i.call(_+"_add",f,f,f),i.call(_+"_add",A,f,f),i.call(_+"_sub",b,n,g),i.call(_+"_add",g,g,g),i.call(_+"_add",b,g,g),i.call(_+"_add",y,d,m),i.call(_+"_add",m,m,m),i.call(_+"_add",y,m,m))}(),$(D,"w0");const e=t.addFunction(a+"__finalExponentiationLastChunk");e.addParam("x","i32"),e.addParam("r","i32");const i=e.getCodeBuilder(),o=i.getLocal("x"),n=i.getLocal("r"),l=i.i32_const(t.alloc(d)),r=i.i32_const(t.alloc(d)),s=i.i32_const(t.alloc(d)),u=i.i32_const(t.alloc(d)),g=i.i32_const(t.alloc(d)),f=i.i32_const(t.alloc(d)),h=i.i32_const(t.alloc(d)),p=i.i32_const(t.alloc(d)),m=i.i32_const(t.alloc(d)),w=i.i32_const(t.alloc(d)),L=i.i32_const(t.alloc(d)),b=i.i32_const(t.alloc(d)),y=i.i32_const(t.alloc(d)),A=i.i32_const(t.alloc(d)),C=i.i32_const(t.alloc(d)),I=i.i32_const(t.alloc(d)),F=i.i32_const(t.alloc(d)),x=i.i32_const(t.alloc(d)),E=i.i32_const(t.alloc(d)),v=i.i32_const(t.alloc(d)),S=i.i32_const(t.alloc(d));e.addCode(i.call(a+"__cyclotomicExp_w0",o,l),i.call(T+"_conjugate",l,l),i.call(a+"__cyclotomicSquare",l,r),i.call(a+"__cyclotomicSquare",r,s),i.call(T+"_mul",s,r,u),i.call(a+"__cyclotomicExp_w0",u,g),i.call(T+"_conjugate",g,g),i.call(a+"__cyclotomicSquare",g,f),i.call(a+"__cyclotomicExp_w0",f,h),i.call(T+"_conjugate",h,h),i.call(T+"_conjugate",u,p),i.call(T+"_conjugate",h,m),i.call(T+"_mul",m,g,w),i.call(T+"_mul",w,p,L),i.call(T+"_mul",L,r,b),i.call(T+"_mul",L,g,y),i.call(T+"_mul",y,o,A),i.call(a+"__frobeniusMap1",b,C),i.call(T+"_mul",C,A,I),i.call(a+"__frobeniusMap2",L,F),i.call(T+"_mul",F,I,x),i.call(T+"_conjugate",o,E),i.call(T+"_mul",E,b,v),i.call(a+"__frobeniusMap3",v,S),i.call(T+"_mul",S,x,n))}const K=t.alloc(k),j=t.alloc(R);function H(e){const i=t.addFunction(a+"_pairingEq"+e);for(let t=0;t0n;)pe(e)?a.push(1):a.push(0),e>>=1n;return a}(0xd201000000010000n),U=t.alloc(T),z=3*s,Q=T.length-1,q=T.reduce(((t,e)=>t+(0!=e?1:0)),0),M=6*l,k=3*l*2+(q+Q+1)*z,R=15132376222941642752n;function D(e){const a=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760n,151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351n,0n],[2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530n,1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n,0n],[3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557n,877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230n],[4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559786n,0n],[151655185184498381465642749684540099398075398968325446656007613510403227271200139370504932015952886146304766135027n,3850754370037169011952147076051364057158807420970682438676050522613628423219637725072182697113062777891589506424760n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n,0n],[1028732146235106349975324479215795277384839936929757896155643118032610843298655225875571310552543014690878354869257n,2973677408986561043442465346520108879172042883009249989176415018091420807192182638567116318576472649347015917690530n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437n,0n],[877076961050607968509681729531255177986764537961432449499635504522207616027455086505066378536590128544573588734230n,3125332594171059424908108096204648978570118281977575435832422631601824034463382777937621250592425535493320683825557n]]],o=[[[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n],[1n,0n]],[[1n,0n],[0n,4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n,0n],[0n,1n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n,0n],[0n,793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n]],[[1n,0n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939437n,0n],[4002409555221667392624310435006688643935503118305586438271171395842971157480381377015405980053539358417135540939436n,0n],[4002409555221667393417789825735904156556882819939007885332058136124031650490837864442687629129015664037894272559786n,0n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620350n,0n],[793479390729215512621379701633421447060886740281060493010456487427281649075476305620758731620351n,0n]]],n=t.addFunction(O+"_frobeniusMap"+e);n.addParam("x","i32"),n.addParam("r","i32");const c=n.getCodeBuilder();for(let i=0;i<6;i++){const u=0==i?c.getLocal("x"):c.i32_add(c.getLocal("x"),c.i32_const(i*s)),g=u,f=c.i32_add(c.getLocal("x"),c.i32_const(i*s+r)),_=0==i?c.getLocal("r"):c.i32_add(c.getLocal("r"),c.i32_const(i*s)),p=_,w=c.i32_add(c.getLocal("r"),c.i32_const(i*s+r)),L=d(a[Math.floor(i/3)][e%12],o[i%3][e%6]),b=t.alloc([...ne.bigInt2BytesLE(y(L[0]),l),...ne.bigInt2BytesLE(y(L[1]),l)]);e%2==1?n.addCode(c.call(h+"_copy",g,p),c.call(h+"_neg",f,w),c.call(m+"_mul",_,c.i32_const(b),_)):n.addCode(c.call(m+"_mul",u,c.i32_const(b),_))}function d(t,e){const a=t[0],o=t[1],n=e[0],l=e[1],r=[(a*n-o*l)%i,(a*l+o*n)%i];return me(r[0])&&(r[0]=r[0]+i),r}}function N(e,i,o){const n=function(t){let e=t;const a=[];for(;e>0n;){if(pe(e)){const t=2-Number(e%4n);a.push(t),e-=BigInt(t)}else a.push(0);e>>=1n}return a}(e).map((t=>-1==t?255:t)),l=t.alloc(n),r=t.addFunction(a+"__cyclotomicExp_"+o);r.addParam("x","i32"),r.addParam("r","i32"),r.addLocal("bit","i32"),r.addLocal("i","i32");const s=r.getCodeBuilder(),d=s.getLocal("x"),u=s.getLocal("r"),g=s.i32_const(t.alloc(c));r.addCode(s.call(O+"_conjugate",d,g),s.call(O+"_one",u),s.if(s.teeLocal("bit",s.i32_load8_s(s.i32_const(n.length-1),l)),s.if(s.i32_eq(s.getLocal("bit"),s.i32_const(1)),s.call(O+"_mul",u,d,u),s.call(O+"_mul",u,g,u))),s.setLocal("i",s.i32_const(n.length-2)),s.block(s.loop(s.call(a+"__cyclotomicSquare",u,u),s.if(s.teeLocal("bit",s.i32_load8_s(s.getLocal("i"),l)),s.if(s.i32_eq(s.getLocal("bit"),s.i32_const(1)),s.call(O+"_mul",u,d,u),s.call(O+"_mul",u,g,u))),s.br_if(1,s.i32_eqz(s.getLocal("i"))),s.setLocal("i",s.i32_sub(s.getLocal("i"),s.i32_const(1))),s.br(0)))),i&&r.addCode(s.call(O+"_conjugate",u,u))}t.modules[a]={n64q:n,n64r:d,n8q:l,n8r:u,pG1gen:C,pG1zero:F,pG1b:_,pG2gen:E,pG2zero:B,pG2b:w,pq:t.modules.f1m.pq,pr:f,pOneT:S,r:o,q:i,prePSize:M,preQSize:k},function(){const e=t.addFunction(G+"_mul1");e.addParam("pA","i32"),e.addParam("pC1","i32"),e.addParam("pR","i32");const a=e.getCodeBuilder(),i=a.getLocal("pA"),o=a.i32_add(a.getLocal("pA"),a.i32_const(2*r)),n=a.i32_add(a.getLocal("pA"),a.i32_const(4*r)),l=a.getLocal("pC1"),s=a.getLocal("pR"),c=a.i32_add(a.getLocal("pR"),a.i32_const(2*r)),d=a.i32_add(a.getLocal("pR"),a.i32_const(4*r)),u=a.i32_const(t.alloc(2*r)),g=a.i32_const(t.alloc(2*r));e.addCode(a.call(m+"_add",i,o,u),a.call(m+"_add",o,n,g),a.call(m+"_mul",o,l,d),a.call(m+"_mul",g,l,s),a.call(m+"_sub",s,d,s),a.call(m+"_mulNR",s,s),a.call(m+"_mul",u,l,c),a.call(m+"_sub",c,d,c))}(),function(){const e=t.addFunction(G+"_mul01");e.addParam("pA","i32"),e.addParam("pC0","i32"),e.addParam("pC1","i32"),e.addParam("pR","i32");const a=e.getCodeBuilder(),i=a.getLocal("pA"),o=a.i32_add(a.getLocal("pA"),a.i32_const(2*r)),n=a.i32_add(a.getLocal("pA"),a.i32_const(4*r)),l=a.getLocal("pC0"),s=a.getLocal("pC1"),c=a.getLocal("pR"),d=a.i32_add(a.getLocal("pR"),a.i32_const(2*r)),u=a.i32_add(a.getLocal("pR"),a.i32_const(4*r)),g=a.i32_const(t.alloc(2*r)),f=a.i32_const(t.alloc(2*r)),h=a.i32_const(t.alloc(2*r)),_=a.i32_const(t.alloc(2*r));e.addCode(a.call(m+"_mul",i,l,g),a.call(m+"_mul",o,s,f),a.call(m+"_add",i,o,h),a.call(m+"_add",i,n,_),a.call(m+"_add",o,n,c),a.call(m+"_mul",c,s,c),a.call(m+"_sub",c,f,c),a.call(m+"_mulNR",c,c),a.call(m+"_add",c,g,c),a.call(m+"_add",l,s,d),a.call(m+"_mul",d,h,d),a.call(m+"_sub",d,g,d),a.call(m+"_sub",d,f,d),a.call(m+"_mul",_,l,u),a.call(m+"_sub",u,g,u),a.call(m+"_add",u,f,u))}(),function(){const e=t.addFunction(O+"_mul014");e.addParam("pA","i32"),e.addParam("pC0","i32"),e.addParam("pC1","i32"),e.addParam("pC4","i32"),e.addParam("pR","i32");const a=e.getCodeBuilder(),i=a.getLocal("pA"),o=a.i32_add(a.getLocal("pA"),a.i32_const(6*r)),n=a.getLocal("pC0"),l=a.getLocal("pC1"),s=a.getLocal("pC4"),c=a.i32_const(t.alloc(6*r)),d=a.i32_const(t.alloc(6*r)),u=a.i32_const(t.alloc(2*r)),g=a.getLocal("pR"),f=a.i32_add(a.getLocal("pR"),a.i32_const(6*r));e.addCode(a.call(G+"_mul01",i,n,l,c),a.call(G+"_mul1",o,s,d),a.call(m+"_add",l,s,u),a.call(G+"_add",o,i,f),a.call(G+"_mul01",f,n,u,f),a.call(G+"_sub",f,c,f),a.call(G+"_sub",f,d,f),a.call(G+"_copy",d,g),a.call(G+"_mulNR",g,g),a.call(G+"_add",g,c,g))}(),function(){const e=t.addFunction(a+"_ell");e.addParam("pP","i32"),e.addParam("pCoefs","i32"),e.addParam("pF","i32");const i=e.getCodeBuilder(),o=i.getLocal("pP"),n=i.i32_add(i.getLocal("pP"),i.i32_const(l)),s=i.getLocal("pF"),c=i.getLocal("pCoefs"),d=i.i32_add(i.getLocal("pCoefs"),i.i32_const(r)),u=i.i32_add(i.getLocal("pCoefs"),i.i32_const(2*r)),g=i.i32_add(i.getLocal("pCoefs"),i.i32_const(3*r)),f=i.i32_add(i.getLocal("pCoefs"),i.i32_const(4*r)),_=t.alloc(2*r),p=i.i32_const(_),m=i.i32_const(_),w=i.i32_const(_+r),L=t.alloc(2*r),b=i.i32_const(L),y=i.i32_const(L),A=i.i32_const(L+r);e.addCode(i.call(h+"_mul",c,n,m),i.call(h+"_mul",d,n,w),i.call(h+"_mul",u,o,y),i.call(h+"_mul",g,o,A),i.call(O+"_mul014",s,f,b,p,s))}();const $=t.alloc(M),V=t.alloc(k);function K(e){const i=t.addFunction(a+"_pairingEq"+e);for(let t=0;t>=BigInt(32)):l+2<=e?(n.setUint16(l,Number(a&BigInt(65535)),!0),l+=2,a>>=BigInt(16)):(n.setUint8(l,Number(a&BigInt(255)),!0),l+=1,a>>=BigInt(8));if(a)throw new Error("Number does not fit in this length");return i}const ye=[];for(let t=0;t<256;t++)ye[t]=Ae(t,8);function Ae(t,e){let a=0,i=t;for(let t=0;t>=1;return a}function Ce(t,e){return(ye[t>>>24]|ye[t>>>16&255]<<8|ye[t>>>8&255]<<16|ye[255&t]<<24)>>>32-e}function Ie(t){return(0!=(4294901760&t)?(t&=4294901760,16):0)|(0!=(4278255360&t)?(t&=4278255360,8):0)|(0!=(4042322160&t)?(t&=4042322160,4):0)|(0!=(3435973836&t)?(t&=3435973836,2):0)|0!=(2863311530&t)}function Fe(t,e){const a=t.byteLength/e,i=Ie(a);if(a!=1<a){const i=t.slice(o*e,(o+1)*e);t.set(t.slice(a*e,(a+1)*e),o*e),t.set(i,a*e)}}}function xe(t,e){const a=new Uint8Array(e*t.length);for(let i=0;i0;)a>=4?(a-=4,e+=BigInt(o.getUint32(a))<=2?(a-=2,e+=BigInt(o.getUint16(a))<0;)n-4>=0?(n-=4,o.setUint32(n,Number(a&BigInt(4294967295))),a>>=BigInt(32)):n-2>=0?(n-=2,o.setUint16(n,Number(a&BigInt(65535))),a>>=BigInt(16)):(n-=1,o.setUint8(n,Number(a&BigInt(255))),a>>=BigInt(8));if(a)throw new Error("Number does not fit in this length");return i},bitReverse:Ce,buffReverseBits:Fe,buffer2array:Ee,leBuff2int:function(t){let e=BigInt(0),a=0;const i=new DataView(t.buffer,t.byteOffset,t.byteLength);for(;a{a[i]=t(e[i])})),a}return e},stringifyFElements:function t(e,a){if("bigint"==typeof a||void 0!==a.eq)return a.toString(10);if(a instanceof Uint8Array)return e.toString(e.e(a));if(Array.isArray(a))return a.map(t.bind(this,e));if("object"==typeof a){const i={};return Object.keys(a).forEach((o=>{i[o]=t(e,a[o])})),i}return a},unstringifyBigInts:function t(e){if("string"==typeof e&&/^[0-9]+$/.test(e))return BigInt(e);if("string"==typeof e&&/^0x[0-9a-fA-F]+$/.test(e))return BigInt(e);if(Array.isArray(e))return e.map(t);if("object"==typeof e){if(null===e)return null;const a={};return Object.keys(e).forEach((i=>{a[i]=t(e[i])})),a}return e},unstringifyFElements:function t(e,a){if("string"==typeof a&&/^[0-9]+$/.test(a))return e.e(a);if("string"==typeof a&&/^0x[0-9a-fA-F]+$/.test(a))return e.e(a);if(Array.isArray(a))return a.map(t.bind(this,e));if("object"==typeof a){if(null===a)return null;const i={};return Object.keys(a).forEach((o=>{i[o]=t(e,a[o])})),i}return a}});const Be=1<<30;class Se{constructor(t){this.buffers=[],this.byteLength=t;for(let e=0;e0;){const t=l+r>Be?Be-l:r,e=new Uint8Array(this.buffers[n].buffer,this.buffers[n].byteOffset+l,t);if(t==a)return e.slice();o||(o=a<=Be?new Uint8Array(a):new Se(a)),o.set(e,a-r),r-=t,n++,l=0}return o}set(t,e){void 0===e&&(e=0);const a=t.byteLength;if(0==a)return;const i=Math.floor(e/Be);if(i==Math.floor((e+a-1)/Be))return t instanceof Se&&1==t.buffers.length?this.buffers[i].set(t.buffers[0],e%Be):this.buffers[i].set(t,e%Be);let o=i,n=e%Be,l=a;for(;l>0;){const e=n+l>Be?Be-n:l,i=t.slice(a-l,a-l+e);new Uint8Array(this.buffers[o].buffer,this.buffers[o].byteOffset+n,e).set(i),l-=e,o++,n=0}}}function Pe(t,e,a,i){return async function(o){const n=Math.floor(o.byteLength/a);if(n*a!==o.byteLength)throw new Error("Invalid buffer size");const l=Math.floor(n/t.concurrency),r=[];for(let s=0;s=0;t--)this.w[t]=this.square(this.w[t+1]);if(!this.eq(this.w[0],this.one))throw new Error("Error calculating roots of unity");this.batchToMontgomery=Pe(t,e+"_batchToMontgomery",this.n8,this.n8),this.batchFromMontgomery=Pe(t,e+"_batchFromMontgomery",this.n8,this.n8)}op2(t,e,a){return this.tm.setBuff(this.pOp1,e),this.tm.setBuff(this.pOp2,a),this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp2,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}op2Bool(t,e,a){return this.tm.setBuff(this.pOp1,e),this.tm.setBuff(this.pOp2,a),!!this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp2)}op1(t,e){return this.tm.setBuff(this.pOp1,e),this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}op1Bool(t,e){return this.tm.setBuff(this.pOp1,e),!!this.tm.instance.exports[this.prefix+t](this.pOp1,this.pOp3)}add(t,e){return this.op2("_add",t,e)}eq(t,e){return this.op2Bool("_eq",t,e)}isZero(t){return this.op1Bool("_isZero",t)}sub(t,e){return this.op2("_sub",t,e)}neg(t){return this.op1("_neg",t)}inv(t){return this.op1("_inverse",t)}toMontgomery(t){return this.op1("_toMontgomery",t)}fromMontgomery(t){return this.op1("_fromMontgomery",t)}mul(t,e){return this.op2("_mul",t,e)}div(t,e){return this.tm.setBuff(this.pOp1,t),this.tm.setBuff(this.pOp2,e),this.tm.instance.exports[this.prefix+"_inverse"](this.pOp2,this.pOp2),this.tm.instance.exports[this.prefix+"_mul"](this.pOp1,this.pOp2,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}square(t){return this.op1("_square",t)}isSquare(t){return this.op1Bool("_isSquare",t)}sqrt(t){return this.op1("_sqrt",t)}exp(t,e){return e instanceof Uint8Array||(e=S(i(e))),this.tm.setBuff(this.pOp1,t),this.tm.setBuff(this.pOp2,e),this.tm.instance.exports[this.prefix+"_exp"](this.pOp1,this.pOp2,e.byteLength,this.pOp3),this.tm.getBuff(this.pOp3,this.n8)}isNegative(t){return this.op1Bool("_isNegative",t)}e(t,e){if(t instanceof Uint8Array)return t;let a=i(t,e);n(a)?(a=p(a),A(a,this.p)&&(a=b(a,this.p)),a=_(this.p,a)):A(a,this.p)&&(a=b(a,this.p));const o=be(a,this.n8);return this.toMontgomery(o)}toString(t,e){return B(E(this.fromMontgomery(t),0),e)}fromRng(t){let e;const a=new Uint8Array(this.n8);do{e=P;for(let a=0;a{this.reject=e,this.resolve=t}))}}let qe;const Me='(function thread(self) {\n const MAXMEM = 32767;\n let instance;\n let memory;\n\n if (self) {\n self.onmessage = function(e) {\n let data;\n if (e.data) {\n data = e.data;\n } else {\n data = e;\n }\n\n if (data[0].cmd == "INIT") {\n init(data[0]).then(function() {\n self.postMessage(data.result);\n });\n } else if (data[0].cmd == "TERMINATE") {\n self.close();\n } else {\n const res = runTask(data);\n self.postMessage(res);\n }\n };\n }\n\n async function init(data) {\n const code = new Uint8Array(data.code);\n const wasmModule = await WebAssembly.compile(code);\n memory = new WebAssembly.Memory({initial:data.init, maximum: MAXMEM});\n\n instance = await WebAssembly.instantiate(wasmModule, {\n env: {\n "memory": memory\n }\n });\n }\n\n\n\n function alloc(length) {\n const u32 = new Uint32Array(memory.buffer, 0, 1);\n while (u32[0] & 3) u32[0]++; // Return always aligned pointers\n const res = u32[0];\n u32[0] += length;\n if (u32[0] + length > memory.buffer.byteLength) {\n const currentPages = memory.buffer.byteLength / 0x10000;\n let requiredPages = Math.floor((u32[0] + length) / 0x10000)+1;\n if (requiredPages>MAXMEM) requiredPages=MAXMEM;\n memory.grow(requiredPages-currentPages);\n }\n return res;\n }\n\n function allocBuffer(buffer) {\n const p = alloc(buffer.byteLength);\n setBuffer(p, buffer);\n return p;\n }\n\n function getBuffer(pointer, length) {\n const u8 = new Uint8Array(memory.buffer);\n return new Uint8Array(u8.buffer, u8.byteOffset + pointer, length);\n }\n\n function setBuffer(pointer, buffer) {\n const u8 = new Uint8Array(memory.buffer);\n u8.set(new Uint8Array(buffer), pointer);\n }\n\n function runTask(task) {\n if (task[0].cmd == "INIT") {\n return init(task[0]);\n }\n const ctx = {\n vars: [],\n out: []\n };\n const u32a = new Uint32Array(memory.buffer, 0, 1);\n const oldAlloc = u32a[0];\n for (let i=0; ii.buffer.byteLength){const o=i.buffer.byteLength/65536;let n=Math.floor((a[0]+t)/65536)+1;n>e&&(n=e),i.grow(n-o)}return o}function l(t){const e=n(t.byteLength);return s(e,t),e}function r(t,e){const a=new Uint8Array(i.buffer);return new Uint8Array(a.buffer,a.byteOffset+t,e)}function s(t,e){new Uint8Array(i.buffer).set(new Uint8Array(e),t)}function c(t){if("INIT"==t[0].cmd)return o(t[0]);const e={vars:[],out:[]},c=new Uint32Array(i.buffer,0,1)[0];for(let i=0;i64&&(e=64),a.concurrency=e;for(let t=0;t0;t++)if(0==this.working[t]){const e=this.actionQueue.shift();this.postAction(t,e.data,e.transfers,e.deferred)}}queueAction(t,e){const a=new Qe;if(this.singleThread){const e=this.taskManager(t);a.resolve(e)}else this.actionQueue.push({data:t,transfers:e,deferred:a}),this.processWorks();return a.promise}resetMemory(){this.u32[0]=this.initalPFree}allocBuff(t){const e=this.alloc(t.byteLength);return this.setBuff(e,t),e}getBuff(t,e){return this.u8.slice(t,t+e)}setBuff(t,e){this.u8.set(new Uint8Array(e),t)}alloc(t){for(;3&this.u32[0];)this.u32[0]++;const e=this.u32[0];return this.u32[0]+=t,e}async terminate(){for(let t=0;tsetTimeout(e,t))))}}function De(t,e){const a=t[e],i=t.Fr,o=t.tm;t[e].batchApplyKey=async function(t,n,l,r,s){let c,d,u,g,f;if(r=r||"affine",s=s||"affine","G1"==e)"jacobian"==r?(u=3*a.F.n8,c="g1m_batchApplyKey"):(u=2*a.F.n8,c="g1m_batchApplyKeyMixed"),g=3*a.F.n8,"jacobian"==s?f=3*a.F.n8:(d="g1m_batchToAffine",f=2*a.F.n8);else if("G2"==e)"jacobian"==r?(u=3*a.F.n8,c="g2m_batchApplyKey"):(u=2*a.F.n8,c="g2m_batchApplyKeyMixed"),g=3*a.F.n8,"jacobian"==s?f=3*a.F.n8:(d="g2m_batchToAffine",f=2*a.F.n8);else{if("Fr"!=e)throw new Error("Invalid group: "+e);c="frm_batchApplyKey",u=a.n8,g=a.n8,f=a.n8}const h=Math.floor(t.byteLength/u),_=Math.floor(h/o.concurrency),p=[];l=i.e(l);let m=i.e(n);for(let e=0;e=0;t--){if(!a.isZero(_))for(let t=0;tc&&(_=c),_<1024&&(_=1024);const p=[];for(let e=0;e(r&&r.debug(`Multiexp end: ${s}: ${e}/${u}`),t))))}const m=await Promise.all(p);let w=a.zero;for(let t=m.length-1;t>=0;t--)w=a.add(w,m[t]);return w}a.multiExp=async function(t,e,a,i){return await n(t,e,"jacobian",a,i)},a.multiExpAffine=async function(t,e,a,i){return await n(t,e,"affine",a,i)}}function Ve(t,e){const a=t[e],i=t.Fr,o=a.tm;async function n(t,r,s,c,d,u){s=s||"affine",c=c||"affine";let g,f,h,_,p,m,w,L;"G1"==e?("affine"==s?(g=2*a.F.n8,_="g1m_batchToJacobian"):g=3*a.F.n8,f=3*a.F.n8,r&&(L="g1m_fftFinal"),w="g1m_fftJoin",m="g1m_fftMix","affine"==c?(h=2*a.F.n8,p="g1m_batchToAffine"):h=3*a.F.n8):"G2"==e?("affine"==s?(g=2*a.F.n8,_="g2m_batchToJacobian"):g=3*a.F.n8,f=3*a.F.n8,r&&(L="g2m_fftFinal"),w="g2m_fftJoin",m="g2m_fftMix","affine"==c?(h=2*a.F.n8,p="g2m_batchToAffine"):h=3*a.F.n8):"Fr"==e&&(g=a.n8,f=a.n8,h=a.n8,r&&(L="frm_fftFinal"),m="frm_fftMix",w="frm_fftJoin");let b=!1;Array.isArray(t)?(t=xe(t,g),b=!0):t=t.slice(0,t.byteLength);const y=t.byteLength/g,A=Ie(y);if(1<1<<28?new Se(2*u[0].byteLength):new Uint8Array(2*u[0].byteLength);return g.set(u[0]),g.set(u[1],u[0].byteLength),g}(t,s,c,d,u):await async function(t,e,a,o,r){let s,c;s=t.slice(0,t.byteLength/2),c=t.slice(t.byteLength/2,t.byteLength);const d=[];[s,c]=await l(s,c,"fftJoinExt",i.one,i.shift,e,"jacobian",o,r),d.push(n(s,!1,"jacobian",a,o,r)),d.push(n(c,!1,"jacobian",a,o,r));const u=await Promise.all(d);let g;g=u[0].byteLength>1<<28?new Se(2*u[0].byteLength):new Uint8Array(2*u[0].byteLength);return g.set(u[0]),g.set(u[1],u[0].byteLength),g}(t,s,c,d,u),b?Ee(e,h):e}let C,I,F;r&&(C=i.inv(i.e(y))),Fe(t,g);let x=Math.min(16384,y),E=y/x;for(;E=16;)E*=2,x/=2;const v=Ie(x),B=[];for(let e=0;e(d&&d.debug(`${u}: fft ${A} mix end: ${e}/${E}`),t))))}F=await Promise.all(B);for(let t=0;t(d&&d.debug(`${u}: fft ${A} join ${t}/${A} ${l+1}/${e} ${r}/${a/2}`),i))))}const l=await Promise.all(n);for(let t=0;t0;e--)I.set(F[e],t),t+=x*h,delete F[e];I.set(F[0].slice(0,(x-1)*h),t),delete F[0]}else for(let t=0;t65536&&(b=65536);const y=[];for(let e=0;e(u&&u.debug(`${g}: fftJoinExt End: ${e}/${L}`),t))))}const A=await Promise.all(y);let C,I;L*p>1<<28?(C=new Se(L*p),I=new Se(L*p)):(C=new Uint8Array(L*p),I=new Uint8Array(L*p));let F=0;for(let t=0;ti.s+1)throw s&&s.error("lagrangeEvaluations input too big"),new Error("lagrangeEvaluations input too big");let f=t.slice(0,t.byteLength/2),h=t.slice(t.byteLength/2,t.byteLength);const _=i.exp(i.shift,u/2),p=i.inv(i.sub(i.one,_));[f,h]=await l(f,h,"prepareLagrangeEvaluation",p,i.shiftInv,o,"jacobian",s,c+" prep");const m=[];let w;return m.push(n(f,!0,"jacobian",r,s,c+" t0")),m.push(n(h,!0,"jacobian",r,s,c+" t1")),[f,h]=await Promise.all(m),w=f.byteLength>1<<28?new Se(2*f.byteLength):new Uint8Array(2*f.byteLength),w.set(f),w.set(h,f.byteLength),w},a.fftMix=async function(t){const n=3*a.F.n8;let l,r;if("G1"==e)l="g1m_fftMix",r="g1m_fftJoin";else if("G2"==e)l="g2m_fftMix",r="g2m_fftJoin";else{if("Fr"!=e)throw new Error("Invalid group");l="frm_fftMix",r="frm_fftJoin"}const s=Math.floor(t.byteLength/n),c=Ie(s);let d=1<=0;t--)f.set(g[t][0],h),h+=g[t][0].byteLength;return f}}async function Ke(t){const e=await ke(t.wasm,t.singleThread),a={};return a.q=i(t.wasm.q.toString()),a.r=i(t.wasm.r.toString()),a.name=t.name,a.tm=e,a.prePSize=t.wasm.prePSize,a.preQSize=t.wasm.preQSize,a.Fr=new Ge(e,"frm",t.n8r,t.r),a.F1=new Ge(e,"f1m",t.n8q,t.q),a.F2=new Oe(e,"f2m",a.F1),a.G1=new Ue(e,"g1m",a.F1,t.wasm.pG1gen,t.wasm.pG1b,t.cofactorG1),a.G2=new Ue(e,"g2m",a.F2,t.wasm.pG2gen,t.wasm.pG2b,t.cofactorG2),a.F6=new Te(e,"f6m",a.F2),a.F12=new Oe(e,"ftm",a.F6),a.Gt=a.F12,De(a,"G1"),De(a,"G2"),De(a,"Fr"),$e(a,"G1"),$e(a,"G2"),Ve(a,"G1"),Ve(a,"G2"),Ve(a,"Fr"),function(t){const e=t.tm;t.pairing=function(a,i){e.startSyncOp();const o=e.allocBuff(t.G1.toJacobian(a)),n=e.allocBuff(t.G2.toJacobian(i)),l=e.alloc(t.Gt.n8);e.instance.exports[t.name+"_pairing"](o,n,l);const r=e.getBuff(l,t.Gt.n8);return e.endSyncOp(),r},t.pairingEq=async function(){let a,i;arguments.length%2==1?(a=arguments[arguments.length-1],i=(arguments.length-1)/2):(a=t.Gt.one,i=arguments.length/2);const o=[];for(let a=0;a>8n&0xFFn)),e.push(Number(a>>16n&0xFFn)),e.push(Number(a>>24n&0xFFn)),e}function Ye(t){const e=function(t){for(var e=[],a=0;a>6,128|63&i):i<55296||i>=57344?e.push(224|i>>12,128|i>>6&63,128|63&i):(a++,i=65536+((1023&i)<<10|1023&t.charCodeAt(a)),e.push(240|i>>18,128|i>>12&63,128|i>>6&63,128|63&i))}return e}(t);return[...aa(e.length),...e]}function Je(t){const e=[];let a=je(t);if(He(a))throw new Error("Number cannot be negative");for(;!Ze(a);)e.push(Number(0x7Fn&a)),a>>=7n;0==e.length&&e.push(0);for(let t=0;t0xFFFFFFFFn)throw new Error("Number too big");if(e>0x7FFFFFFFn&&(e-=0x100000000n),e<-2147483648n)throw new Error("Number too small");return Xe(e)}function ea(t){let e=je(t);if(e>0xFFFFFFFFFFFFFFFFn)throw new Error("Number too big");if(e>0x7FFFFFFFFFFFFFFFn&&(e-=0x10000000000000000n),e<-9223372036854775808n)throw new Error("Number too small");return Xe(e)}function aa(t){let e=je(t);if(e>0xFFFFFFFFn)throw new Error("Number too big");return Je(e)}function ia(t){return Array.from(t,(function(t){return("0"+(255&t).toString(16)).slice(-2)})).join("")}class oa{constructor(t){this.func=t,this.functionName=t.functionName,this.module=t.module}setLocal(t,e){const a=this.func.localIdxByName[t];if(void 0===a)throw new Error(`Local Variable not defined: Function: ${this.functionName} local: ${t} `);return[...e,33,...aa(a)]}teeLocal(t,e){const a=this.func.localIdxByName[t];if(void 0===a)throw new Error(`Local Variable not defined: Function: ${this.functionName} local: ${t} `);return[...e,34,...aa(a)]}getLocal(t){const e=this.func.localIdxByName[t];if(void 0===e)throw new Error(`Local Variable not defined: Function: ${this.functionName} local: ${t} `);return[32,...aa(e)]}i64_load8_s(t,e,a){return[...t,48,void 0===a?0:a,...aa(e||0)]}i64_load8_u(t,e,a){return[...t,49,void 0===a?0:a,...aa(e||0)]}i64_load16_s(t,e,a){return[...t,50,void 0===a?1:a,...aa(e||0)]}i64_load16_u(t,e,a){return[...t,51,void 0===a?1:a,...aa(e||0)]}i64_load32_s(t,e,a){return[...t,52,void 0===a?2:a,...aa(e||0)]}i64_load32_u(t,e,a){return[...t,53,void 0===a?2:a,...aa(e||0)]}i64_load(t,e,a){return[...t,41,void 0===a?3:a,...aa(e||0)]}i64_store(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=3,l=e):Array.isArray(a)?(o=e,n=3,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,55,n,...aa(o)]}i64_store32(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=2,l=e):Array.isArray(a)?(o=e,n=2,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,62,n,...aa(o)]}i64_store16(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=1,l=e):Array.isArray(a)?(o=e,n=1,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,61,n,...aa(o)]}i64_store8(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=0,l=e):Array.isArray(a)?(o=e,n=0,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,60,n,...aa(o)]}i32_load8_s(t,e,a){return[...t,44,void 0===a?0:a,...aa(e||0)]}i32_load8_u(t,e,a){return[...t,45,void 0===a?0:a,...aa(e||0)]}i32_load16_s(t,e,a){return[...t,46,void 0===a?1:a,...aa(e||0)]}i32_load16_u(t,e,a){return[...t,47,void 0===a?1:a,...aa(e||0)]}i32_load(t,e,a){return[...t,40,void 0===a?2:a,...aa(e||0)]}i32_store(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=2,l=e):Array.isArray(a)?(o=e,n=2,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,54,n,...aa(o)]}i32_store16(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=1,l=e):Array.isArray(a)?(o=e,n=1,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,59,n,...aa(o)]}i32_store8(t,e,a,i){let o,n,l;return Array.isArray(e)?(o=0,n=0,l=e):Array.isArray(a)?(o=e,n=0,l=a):Array.isArray(i)&&(o=e,n=a,l=i),[...t,...l,58,n,...aa(o)]}call(t,...e){const a=this.module.functionIdxByName[t];if(void 0===a)throw new Error(`Function not defined: Function: ${t}`);return[...[].concat(...e),16,...aa(a)]}call_indirect(t,...e){return[...[].concat(...e),...t,17,0,0]}if(t,e,a){return a?[...t,4,64,...e,5,...a,11]:[...t,4,64,...e,11]}block(t){return[2,64,...t,11]}loop(...t){return[3,64,...[].concat(...t),11]}br_if(t,e){return[...e,13,...aa(t)]}br(t){return[12,...aa(t)]}ret(t){return[...t,15]}drop(t){return[...t,26]}i64_const(t){return[66,...ea(t)]}i32_const(t){return[65,...ta(t)]}i64_eqz(t){return[...t,80]}i64_eq(t,e){return[...t,...e,81]}i64_ne(t,e){return[...t,...e,82]}i64_lt_s(t,e){return[...t,...e,83]}i64_lt_u(t,e){return[...t,...e,84]}i64_gt_s(t,e){return[...t,...e,85]}i64_gt_u(t,e){return[...t,...e,86]}i64_le_s(t,e){return[...t,...e,87]}i64_le_u(t,e){return[...t,...e,88]}i64_ge_s(t,e){return[...t,...e,89]}i64_ge_u(t,e){return[...t,...e,90]}i64_add(t,e){return[...t,...e,124]}i64_sub(t,e){return[...t,...e,125]}i64_mul(t,e){return[...t,...e,126]}i64_div_s(t,e){return[...t,...e,127]}i64_div_u(t,e){return[...t,...e,128]}i64_rem_s(t,e){return[...t,...e,129]}i64_rem_u(t,e){return[...t,...e,130]}i64_and(t,e){return[...t,...e,131]}i64_or(t,e){return[...t,...e,132]}i64_xor(t,e){return[...t,...e,133]}i64_shl(t,e){return[...t,...e,134]}i64_shr_s(t,e){return[...t,...e,135]}i64_shr_u(t,e){return[...t,...e,136]}i64_extend_i32_s(t){return[...t,172]}i64_extend_i32_u(t){return[...t,173]}i64_clz(t){return[...t,121]}i64_ctz(t){return[...t,122]}i32_eqz(t){return[...t,69]}i32_eq(t,e){return[...t,...e,70]}i32_ne(t,e){return[...t,...e,71]}i32_lt_s(t,e){return[...t,...e,72]}i32_lt_u(t,e){return[...t,...e,73]}i32_gt_s(t,e){return[...t,...e,74]}i32_gt_u(t,e){return[...t,...e,75]}i32_le_s(t,e){return[...t,...e,76]}i32_le_u(t,e){return[...t,...e,77]}i32_ge_s(t,e){return[...t,...e,78]}i32_ge_u(t,e){return[...t,...e,79]}i32_add(t,e){return[...t,...e,106]}i32_sub(t,e){return[...t,...e,107]}i32_mul(t,e){return[...t,...e,108]}i32_div_s(t,e){return[...t,...e,109]}i32_div_u(t,e){return[...t,...e,110]}i32_rem_s(t,e){return[...t,...e,111]}i32_rem_u(t,e){return[...t,...e,112]}i32_and(t,e){return[...t,...e,113]}i32_or(t,e){return[...t,...e,114]}i32_xor(t,e){return[...t,...e,115]}i32_shl(t,e){return[...t,...e,116]}i32_shr_s(t,e){return[...t,...e,117]}i32_shr_u(t,e){return[...t,...e,118]}i32_rotl(t,e){return[...t,...e,119]}i32_rotr(t,e){return[...t,...e,120]}i32_wrap_i64(t){return[...t,167]}i32_clz(t){return[...t,103]}i32_ctz(t){return[...t,104]}unreachable(){return[0]}current_memory(){return[63,0]}comment(){return[]}}const na={i32:127,i64:126,f32:125,f64:124,anyfunc:112,func:96,emptyblock:64};class la{constructor(t,e,a,i,o){if("import"==a)this.fnType="import",this.moduleName=i,this.fieldName=o;else{if("internal"!=a)throw new Error("Invalid function fnType: "+a);this.fnType="internal"}this.module=t,this.fnName=e,this.params=[],this.locals=[],this.localIdxByName={},this.code=[],this.returnType=null,this.nextLocal=0}addParam(t,e){if(this.localIdxByName[t])throw new Error(`param already exists. Function: ${this.fnName}, Param: ${t} `);const a=this.nextLocal++;this.localIdxByName[t]=a,this.params.push({type:e})}addLocal(t,e,a){const i=a||1;if(this.localIdxByName[t])throw new Error(`local already exists. Function: ${this.fnName}, Param: ${t} `);const o=this.nextLocal++;this.localIdxByName[t]=o,this.locals.push({type:e,length:i})}setReturnType(t){if(this.returnType)throw new Error(`returnType already defined. Function: ${this.fnName}`);this.returnType=t}getSignature(){return[96,...[...aa(this.params.length),...this.params.map((t=>na[t.type]))],...this.returnType?[1,na[this.returnType]]:[0]]}getBody(){const t=this.locals.map((t=>[...aa(t.length),na[t.type]])),e=[...aa(this.locals.length),...[].concat(...t),...this.code,11];return[...aa(e.length),...e]}addCode(...t){this.code.push(...[].concat(...t))}getCodeBuilder(){return new oa(this)}}class ra{constructor(){this.functions=[],this.functionIdxByName={},this.nImportFunctions=0,this.nInternalFunctions=0,this.memory={pagesSize:1,moduleName:"env",fieldName:"memory"},this.free=8,this.datas=[],this.modules={},this.exports=[],this.functionsTable=[]}build(){return this._setSignatures(),new Uint8Array([...We(1836278016),...We(1),...this._buildType(),...this._buildImport(),...this._buildFunctionDeclarations(),...this._buildFunctionsTable(),...this._buildExports(),...this._buildElements(),...this._buildCode(),...this._buildData()])}addFunction(t){if(void 0!==this.functionIdxByName[t])throw new Error(`Function already defined: ${t}`);const e=this.functions.length;return this.functionIdxByName[t]=e,this.functions.push(new la(this,t,"internal")),this.nInternalFunctions++,this.functions[e]}addIimportFunction(t,e,a){if(void 0!==this.functionIdxByName[t])throw new Error(`Function already defined: ${t}`);if(this.functions.length>0&&"internal"==this.functions[this.functions.length-1].type)throw new Error(`Import functions must be declared before internal: ${t}`);let i=a||t;const o=this.functions.length;return this.functionIdxByName[t]=o,this.functions.push(new la(this,t,"import",e,i)),this.nImportFunctions++,this.functions[o]}setMemory(t,e,a){this.memory={pagesSize:t,moduleName:e||"env",fieldName:a||"memory"}}exportFunction(t,e){const a=e||t;if(void 0===this.functionIdxByName[t])throw new Error(`Function not defined: ${t}`);const i=this.functionIdxByName[t];a!=t&&(this.functionIdxByName[a]=i),this.exports.push({exportName:a,idx:i})}addFunctionToTable(t){const e=this.functionIdxByName[t];this.functionsTable.push(e)}addData(t,e){this.datas.push({offset:t,bytes:e})}alloc(t,e){let a,i;(Array.isArray(t)||ArrayBuffer.isView(t))&&void 0===e?(a=t.length,i=t):(a=t,i=e),a=1+(a-1>>3)<<3;const o=this.free;return this.free+=a,i&&this.addData(o,i),o}allocString(t){const e=(new globalThis.TextEncoder).encode(t);return this.alloc([...e,0])}_setSignatures(){this.signatures=[];const t={};if(this.functionsTable.length>0){const e=this.functions[this.functionsTable[0]].getSignature();t["s_"+ia(e)]=0,this.signatures.push(e)}for(let e=0;e{e.pendingLoads.push({page:t,resolve:a,reject:i})}));return e.__statusPage("After Load request: ",t),a}__statusPage(t,e){const a=[],i=this;if(!i.logHistory)return;a.push("=="+t+" "+e);let o="";for(let t=0;t "+e.history[t][a][i])}_triggerLoad(){const t=this;if(t.reading)return;if(0==t.pendingLoads.length)return;const e=Object.keys(t.pages),a=[];for(let i=0;i0&&(void 0!==t.pages[t.pendingLoads[0].page]||i>0||a.length>0);){const e=t.pendingLoads.shift();if(void 0!==t.pages[e.page]){t.pages[e.page].pendingOps++;const i=a.indexOf(e.page);i>=0&&a.splice(i,1),t.pages[e.page].loading?t.pages[e.page].loading.push(e):e.resolve(),t.__statusPage("After Load (cached): ",e.page)}else{if(i)i--;else{const e=a.shift();t.__statusPage("Before Unload: ",e),t.avBuffs.unshift(t.pages[e]),delete t.pages[e],t.__statusPage("After Unload: ",e)}e.page>=t.totalPages?(t.pages[e.page]=n(),e.resolve(),t.__statusPage("After Load (new): ",e.page)):(t.reading=!0,t.pages[e.page]=n(),t.pages[e.page].loading=[e],o.push(t.fd.read(t.pages[e.page].buff,0,t.pageSize,e.page*t.pageSize).then((a=>{t.pages[e.page].size=a.bytesRead;const i=t.pages[e.page].loading;delete t.pages[e.page].loading;for(let t=0;t{e.reject(t)}))),t.__statusPage("After Load (loading): ",e.page))}}function n(){if(t.avBuffs.length>0){const e=t.avBuffs.shift();return e.dirty=!1,e.pendingOps=1,e.size=0,e}return{dirty:!1,buff:new Uint8Array(t.pageSize),pendingOps:1,size:0}}Promise.all(o).then((()=>{t.reading=!1,t.pendingLoads.length>0&&setImmediate(t._triggerLoad.bind(t)),t._tryClose()}))}_triggerWrite(){const t=this;if(t.writing)return;const e=Object.keys(t.pages),a=[];for(let i=0;i{o.writing=!1}),(e=>{console.log("ERROR Writing: "+e),t.error=e,t._tryClose()}))))}t.writing&&Promise.all(a).then((()=>{t.writing=!1,setImmediate(t._triggerWrite.bind(t)),t._tryClose(),t.pendingLoads.length>0&&setImmediate(t._triggerLoad.bind(t))}))}_getDirtyPage(){for(let t in this.pages)if(this.pages[t].dirty)return t;return-1}async write(t,e){if(0==t.byteLength)return;const a=this;if(void 0===e&&(e=a.pos),a.pos=e+t.byteLength,a.totalSize0;){await n[l-i];const e=r+s>a.pageSize?a.pageSize-r:s,o=t.slice(t.byteLength-s,t.byteLength-s+e);new Uint8Array(a.pages[l].buff.buffer,r,e).set(o),a.pages[l].dirty=!0,a.pages[l].pendingOps--,a.pages[l].size=Math.max(r+e,a.pages[l].size),l>=a.totalPages&&(a.totalPages=l+1),s-=e,l++,r=0,a.writing||setImmediate(a._triggerWrite.bind(a))}}async read(t,e){let a=new Uint8Array(t);return await this.readToBuffer(a,0,t,e),a}async readToBuffer(t,e,a,i){if(0==a)return;const o=this;if(a>o.pageSize*o.maxPagesLoaded*.8){const t=Math.floor(1.1*a);this.maxPagesLoaded=Math.floor(t/o.pageSize)+1}if(void 0===i&&(i=o.pos),o.pos=i+a,o.pendingClose)throw new Error("Reading a closing file");const n=Math.floor(i/o.pageSize),l=Math.floor((i+a-1)/o.pageSize),r=[];for(let t=n;t<=l;t++)r.push(o._loadPage(t));o._triggerLoad();let s=n,c=i%o.pageSize,d=i+a>o.totalSize?a-(i+a-o.totalSize):a;for(;d>0;){await r[s-n],o.__statusPage("After Await (read): ",s);const i=c+d>o.pageSize?o.pageSize-c:d,l=new Uint8Array(o.pages[s].buff.buffer,o.pages[s].buff.byteOffset+c,i);t.set(l,e+a-d),o.pages[s].pendingOps--,o.__statusPage("After Op done: ",s),d-=i,s++,c=0,o.pendingLoads.length>0&&setImmediate(o._triggerLoad.bind(o))}this.pos=i+a}_tryClose(){const t=this;if(!t.pendingClose)return;t.error&&t.pendingCloseReject(t.error);t._getDirtyPage()>=0||t.writing||t.reading||t.pendingLoads.length>0||t.pendingClose()}close(){const t=this;if(t.pendingClose)throw new Error("Closing the file twice");return new Promise(((e,a)=>{t.pendingClose=e,t.pendingCloseReject=a,t._tryClose()})).then((()=>{t.fd.close()}),(e=>{throw t.fd.close(),e}))}async discard(){await this.close(),await ha.promises.unlink(this.fileName)}async writeULE32(t,e){const a=new Uint8Array(4);new DataView(a.buffer).setUint32(0,t,!0),await this.write(a,e)}async writeUBE32(t,e){const a=new Uint8Array(4);new DataView(a.buffer).setUint32(0,t,!1),await this.write(a,e)}async writeULE64(t,e){const a=new Uint8Array(8),i=new DataView(a.buffer);i.setUint32(0,4294967295&t,!0),i.setUint32(4,Math.floor(t/4294967296),!0),await this.write(a,e)}async readULE32(t){const e=await this.read(4,t);return new Uint32Array(e.buffer)[0]}async readUBE32(t){const e=await this.read(4,t);return new DataView(e.buffer).getUint32(0,!1)}async readULE64(t){const e=await this.read(8,t),a=new Uint32Array(e.buffer);return 4294967296*a[1]+a[0]}async readString(t){const e=this;if(e.pendingClose)throw new Error("Reading a closing file");let a=void 0===t?e.pos:t,i=Math.floor(a/e.pageSize),o=!1,n="";for(;!o;){let t=e._loadPage(i);e._triggerLoad(),await t,e.__statusPage("After Await (read): ",i);let l=a%e.pageSize;const r=new Uint8Array(e.pages[i].buff.buffer,e.pages[i].buff.byteOffset+l,e.pageSize-l);let s=r.findIndex((t=>0===t));o=-1!==s,o?(n+=(new TextDecoder).decode(r.slice(0,s)),e.pos=i*this.pageSize+l+s+1):(n+=(new TextDecoder).decode(r),e.pos=i*this.pageSize+l+r.length),e.pages[i].pendingOps--,e.__statusPage("After Op done: ",i),a=e.pos,i++,e.pendingLoads.length>0&&setImmediate(e._triggerLoad.bind(e))}return n}}const ma=new Uint8Array(4),wa=new DataView(ma.buffer),La=new Uint8Array(8),ba=new DataView(La.buffer);class ya{constructor(){this.pageSize=16384}_resizeIfNeeded(t){if(t>this.allocSize){const e=Math.max(this.allocSize+(1<<20),Math.floor(1.1*this.allocSize),t),a=new Uint8Array(e);a.set(this.o.data),this.o.data=a,this.allocSize=e}}async write(t,e){if(void 0===e&&(e=this.pos),this.readOnly)throw new Error("Writing a read only file");this._resizeIfNeeded(e+t.byteLength),this.o.data.set(t.slice(),e),e+t.byteLength>this.totalSize&&(this.totalSize=e+t.byteLength),this.pos=e+t.byteLength}async readToBuffer(t,e,a,i){if(void 0===i&&(i=this.pos),this.readOnly&&i+a>this.totalSize)throw new Error("Reading out of bounds");this._resizeIfNeeded(i+a);const o=new Uint8Array(this.o.data.buffer,this.o.data.byteOffset+i,a);t.set(o,e),this.pos=i+a}async read(t,e){const a=new Uint8Array(t);return await this.readToBuffer(a,0,t,e),a}close(){this.o.data.byteLength!=this.totalSize&&(this.o.data=this.o.data.slice(0,this.totalSize))}async discard(){}async writeULE32(t,e){wa.setUint32(0,t,!0),await this.write(ma,e)}async writeUBE32(t,e){wa.setUint32(0,t,!1),await this.write(ma,e)}async writeULE64(t,e){ba.setUint32(0,4294967295&t,!0),ba.setUint32(4,Math.floor(t/4294967296),!0),await this.write(La,e)}async readULE32(t){const e=await this.read(4,t);return new Uint32Array(e.buffer)[0]}async readUBE32(t){const e=await this.read(4,t);return new DataView(e.buffer).getUint32(0,!1)}async readULE64(t){const e=await this.read(8,t),a=new Uint32Array(e.buffer);return 4294967296*a[1]+a[0]}async readString(t){const e=this;let a=void 0===t?e.pos:t;if(a>this.totalSize){if(this.readOnly)throw new Error("Reading out of bounds");this._resizeIfNeeded(t)}const i=new Uint8Array(e.o.data.buffer,a,this.totalSize-a);let o=i.findIndex((t=>0===t)),n="";return-1!==o?(n=(new TextDecoder).decode(i.slice(0,o)),e.pos=a+o+1):e.pos=a,n}}const Aa=1<<22;const Ca=new Uint8Array(4),Ia=new DataView(Ca.buffer),Fa=new Uint8Array(8),xa=new DataView(Fa.buffer);class Ea{constructor(){this.pageSize=16384}_resizeIfNeeded(t){if(t<=this.totalSize)return;if(this.readOnly)throw new Error("Reading out of file bounds");const e=Math.floor((t-1)/Aa)+1;for(let a=Math.max(this.o.data.length-1,0);a0;){const e=o+n>Aa?Aa-o:n,l=t.slice(t.byteLength-n,t.byteLength-n+e);new Uint8Array(a.o.data[i].buffer,o,e).set(l),n-=e,i++,o=0}this.pos=e+t.byteLength}async readToBuffer(t,e,a,i){const o=this;if(void 0===i&&(i=o.pos),this.readOnly&&i+a>this.totalSize)throw new Error("Reading out of bounds");this._resizeIfNeeded(i+a);let n=Math.floor(i/Aa),l=i%Aa,r=a;for(;r>0;){const i=l+r>Aa?Aa-l:r,s=new Uint8Array(o.o.data[n].buffer,l,i);t.set(s,e+a-r),r-=i,n++,l=0}this.pos=i+a}async read(t,e){const a=new Uint8Array(t);return await this.readToBuffer(a,0,t,e),a}close(){}async discard(){}async writeULE32(t,e){Ia.setUint32(0,t,!0),await this.write(Ca,e)}async writeUBE32(t,e){Ia.setUint32(0,t,!1),await this.write(Ca,e)}async writeULE64(t,e){xa.setUint32(0,4294967295&t,!0),xa.setUint32(4,Math.floor(t/4294967296),!0),await this.write(Fa,e)}async readULE32(t){const e=await this.read(4,t);return new Uint32Array(e.buffer)[0]}async readUBE32(t){const e=await this.read(4,t);return new DataView(e.buffer).getUint32(0,!1)}async readULE64(t){const e=await this.read(8,t),a=new Uint32Array(e.buffer);return 4294967296*a[1]+a[0]}async readString(t){const e=this;let a=void 0===t?e.pos:t;if(a>this.totalSize){if(this.readOnly)throw new Error("Reading out of bounds");this._resizeIfNeeded(t)}let i=!1,o="";for(;!i;){let t=Math.floor(a/Aa),n=a%Aa;if(void 0===e.o.data[t])throw new Error("ERROR");let l=Math.min(2048,e.o.data[t].length-n);const r=new Uint8Array(e.o.data[t].buffer,n,l);let s=r.findIndex((t=>0===t));i=-1!==s,i?(o+=(new TextDecoder).decode(r.slice(0,s)),e.pos=t*Aa+n+s+1):(o+=(new TextDecoder).decode(r),e.pos=t*Aa+n+r.length),a=e.pos}return o}}const va=512,Ba=64,Sa=2,Pa=0,Ga=65536,Oa=8192;async function Ta(t,e,a){if("string"==typeof t&&(t={type:"file",fileName:t,cacheSize:e||Ga,pageSize:a||Oa}),"file"==t.type)return await _a(t.fileName,va|Ba|Sa,t.cacheSize,t.pageSize);if("mem"==t.type)return function(t){const e=t.initialSize||1<<20,a=new ya;return a.o=t,a.o.data=new Uint8Array(e),a.allocSize=e,a.totalSize=0,a.readOnly=!1,a.pos=0,a}(t);if("bigMem"==t.type)return function(t){const e=t.initialSize||0,a=new Ea;a.o=t;const i=e?Math.floor((e-1)/Aa)+1:0;a.o.data=[];for(let t=0;ta)throw new Error("Version not supported");const s=await n.readULE32();let c=[];for(let t=0;t1)throw new Error(t.fileName+": Section Duplicated "+a);t.pos=e[a][0].p,t.readingSection=e[a][0]}async function Ra(t,e){if(void 0===t.readingSection)throw new Error("Not reading a section");if(!e&&t.pos-t.readingSection.p!=t.readingSection.size)throw new Error("Invalid section size reading");delete t.readingSection}async function Da(t,e,a,i){const o=new Uint8Array(a);ga.toRprLE(o,0,e,a),await t.write(o,i)}async function Na(t,e,a){const i=await t.read(e,a);return ga.fromRprLE(i,0,e)}async function $a(t,e,a,i,o){void 0===o&&(o=e[i][0].size);const n=t.pageSize;await ka(t,e,i),await qa(a,i);for(let e=0;ee[a][0].size)throw new Error("Reading out of the range of the section");let n;return n=o<1<<30?new Uint8Array(o):new Se(o),await t.readToBuffer(n,0,o,e[a][0].p+i),n}async function Ka(t,e,a,i,o){const n=16*t.pageSize;if(await ka(t,e,o),await ka(a,i,o),e[o][0].size!=i[o][0].size)return!1;const l=e[o][0].size;for(let e=0;e=0)e=await sa();else{if(!(["BLS12381"].indexOf(a)>=0))throw new Error(`Curve not supported: ${t}`);e=await ca()}return e}var ti=Object.freeze({__proto__:null,getCurveFromR:Ya,getCurveFromQ:Ja,getCurveFromName:Xa}),ei="undefined"!=typeof globalThis?globalThis:"undefined"!=typeof window?window:"undefined"!=typeof global?global:"undefined"!=typeof self?self:{},ai={exports:{}},ii=function t(e,a){if(!e){var i=new oi(a);throw Error.captureStackTrace&&Error.captureStackTrace(i,t),i}};class oi extends Error{}oi.prototype.name="AssertionError";var ni={exports:{}};function li(t){return t.length}var ri={byteLength:li,toString:function(t){const e=t.byteLength;let a="";for(let i=0;i1&&61===t.charCodeAt(e-1)&&e--,3*e>>>2}ci[45]=62,ci[95]=63;var ui={byteLength:di,toString:function(t){const e=t.byteLength;let a="";for(let i=0;i>2]+si[(3&t[i])<<4|t[i+1]>>4]+si[(15&t[i+1])<<2|t[i+2]>>6]+si[63&t[i+2]];return e%3==2?a=a.substring(0,a.length-1)+"=":e%3==1&&(a=a.substring(0,a.length-2)+"=="),a},write:function(t,e,a=0,i=di(e)){const o=Math.min(i,t.byteLength-a);for(let a=0,i=0;i>4,t[i++]=(15&n)<<4|l>>2,t[i++]=(3&l)<<6|63&r}return o}};function gi(t){return t.length>>>1}var fi={byteLength:gi,toString:function(t){const e=t.byteLength;t=new DataView(t.buffer,t.byteOffset,e);let a="",i=0;for(let o=e-e%4;i=48&&t<=57?t-48:t>=65&&t<=70?t-65+10:t>=97&&t<=102?t-97+10:void 0}function _i(t){let e=0;for(let a=0,i=t.length;a=55296&&o<=56319&&a+1=56320&&i<=57343){e+=4,a++;continue}}e+=o<=127?1:o<=2047?2:3}return e}let pi,mi;if("undefined"!=typeof TextDecoder){const t=new TextDecoder;pi=function(e){return t.decode(e)}}else pi=function(t){const e=t.byteLength;let a="",i=0;for(;i0){let e=0;for(;e>i,i-=6;i>=0;)t[l++]=128|a>>i&63,i-=6;n+=a>=65536?2:1}return o};var wi={byteLength:_i,toString:pi,write:mi};function Li(t){return 2*t.length}var bi,yi,Ai={byteLength:Li,toString:function(t){const e=t.byteLength;let a="";for(let i=0;i>8,l=o%256;t[a+2*i]=l,t[a+2*i+1]=n}return o}};!function(t,e){const a=ri,i=ui,o=fi,n=wi,l=Ai,r=255===new Uint8Array(Uint16Array.of(255).buffer)[0];function s(t){switch(t){case"ascii":return a;case"base64":return i;case"hex":return o;case"utf8":case"utf-8":case void 0:return n;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return l;default:throw new Error(`Unknown encoding: ${t}`)}}function c(t){return t instanceof Uint8Array}function d(t,e,a){return"string"==typeof t?function(t,e){const a=s(e),i=new Uint8Array(a.byteLength(t));return a.write(i,t,0,i.byteLength),i}(t,e):Array.isArray(t)?function(t){const e=new Uint8Array(t.length);return e.set(t),e}(t):ArrayBuffer.isView(t)?function(t){const e=new Uint8Array(t.byteLength);return e.set(t),e}(t):function(t,e,a){return new Uint8Array(t,e,a)}(t,e,a)}function u(t,e,a,i,o){if(0===t.byteLength)return-1;if("string"==typeof a?(i=a,a=0):void 0===a?a=o?0:t.length-1:a<0&&(a+=t.byteLength),a>=t.byteLength){if(o)return-1;a=t.byteLength-1}else if(a<0){if(!o)return-1;a=0}if("string"==typeof e)e=d(e,i);else if("number"==typeof e)return e&=255,o?t.indexOf(e,a):t.lastIndexOf(e,a);if(0===e.byteLength)return-1;if(o){let i=-1;for(let o=a;ot.byteLength&&(a=t.byteLength-e.byteLength);for(let i=a;i>=0;i--){let a=!0;for(let o=0;oo)return 1}return t.byteLength>e.byteLength?1:t.byteLengtht+e.byteLength),0));const a=new Uint8Array(e);let i=0;for(const e of t){if(i+e.byteLength>a.byteLength){const t=e.subarray(0,a.byteLength-i);return a.set(t,i),a}a.set(e,i),i+=e.byteLength}return a},copy:function(t,e,a=0,i=0,o=t.byteLength){if(o>0&&o=t.byteLength)throw new RangeError("sourceStart is out of range");if(o<0)throw new RangeError("sourceEnd is out of range");a>=e.byteLength&&(a=e.byteLength),o>t.byteLength&&(o=t.byteLength),e.byteLength-a=o||i<=a?"":(a<0&&(a=0),i>o&&(i=o),(0!==a||i{for(var t=new Uint8Array(128),e=0;e<64;e++)t[e<26?e+65:e<52?e+71:e<62?e-4:4*e-205]=e;return e=>{for(var a=e.length,i=new Uint8Array(3*(a-("="==e[a-1])-("="==e[a-2]))/4|0),o=0,n=0;o>4,i[n++]=r<<4|s>>2,i[n++]=s<<6|c}return i}})(),e=((t,e)=>function(){return e||(0,t[Object.keys(t)[0]])((e={exports:{}}).exports,e),e.exports})({"wasm-binary:./blake2b.wat"(e,a){a.exports=t("AGFzbQEAAAABEANgAn9/AGADf39/AGABfwADBQQAAQICBQUBAQroBwdNBQZtZW1vcnkCAAxibGFrZTJiX2luaXQAAA5ibGFrZTJiX3VwZGF0ZQABDWJsYWtlMmJfZmluYWwAAhBibGFrZTJiX2NvbXByZXNzAAMKvz8EwAIAIABCADcDACAAQgA3AwggAEIANwMQIABCADcDGCAAQgA3AyAgAEIANwMoIABCADcDMCAAQgA3AzggAEIANwNAIABCADcDSCAAQgA3A1AgAEIANwNYIABCADcDYCAAQgA3A2ggAEIANwNwIABCADcDeCAAQoiS853/zPmE6gBBACkDAIU3A4ABIABCu86qptjQ67O7f0EIKQMAhTcDiAEgAEKr8NP0r+68tzxBECkDAIU3A5ABIABC8e30+KWn/aelf0EYKQMAhTcDmAEgAELRhZrv+s+Uh9EAQSApAwCFNwOgASAAQp/Y+dnCkdqCm39BKCkDAIU3A6gBIABC6/qG2r+19sEfQTApAwCFNwOwASAAQvnC+JuRo7Pw2wBBOCkDAIU3A7gBIABCADcDwAEgAEIANwPIASAAQgA3A9ABC20BA38gAEHAAWohAyAAQcgBaiEEIAQpAwCnIQUCQANAIAEgAkYNASAFQYABRgRAIAMgAykDACAFrXw3AwBBACEFIAAQAwsgACAFaiABLQAAOgAAIAVBAWohBSABQQFqIQEMAAsLIAQgBa03AwALYQEDfyAAQcABaiEBIABByAFqIQIgASABKQMAIAIpAwB8NwMAIABCfzcD0AEgAikDAKchAwJAA0AgA0GAAUYNASAAIANqQQA6AAAgA0EBaiEDDAALCyACIAOtNwMAIAAQAwuqOwIgfgl/IABBgAFqISEgAEGIAWohIiAAQZABaiEjIABBmAFqISQgAEGgAWohJSAAQagBaiEmIABBsAFqIScgAEG4AWohKCAhKQMAIQEgIikDACECICMpAwAhAyAkKQMAIQQgJSkDACEFICYpAwAhBiAnKQMAIQcgKCkDACEIQoiS853/zPmE6gAhCUK7zqqm2NDrs7t/IQpCq/DT9K/uvLc8IQtC8e30+KWn/aelfyEMQtGFmu/6z5SH0QAhDUKf2PnZwpHagpt/IQ5C6/qG2r+19sEfIQ9C+cL4m5Gjs/DbACEQIAApAwAhESAAKQMIIRIgACkDECETIAApAxghFCAAKQMgIRUgACkDKCEWIAApAzAhFyAAKQM4IRggACkDQCEZIAApA0ghGiAAKQNQIRsgACkDWCEcIAApA2AhHSAAKQNoIR4gACkDcCEfIAApA3ghICANIAApA8ABhSENIA8gACkD0AGFIQ8gASAFIBF8fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSASfHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgE3x8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGIBR8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAVfHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgFnx8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBd8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAYfHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgGXx8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBp8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAbfHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgHHx8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIB18fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCAefHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgH3x8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFICB8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSAffHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgG3x8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBV8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAZfHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgGnx8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHICB8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAefHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggF3x8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIBJ8fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiAdfHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgEXx8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIBN8fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAcfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggGHx8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIBZ8fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAUfHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgHHx8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFIBl8fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAdfHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgEXx8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBZ8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByATfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggIHx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIB58fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiAbfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgH3x8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIBR8fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByAXfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggGHx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIBJ8fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSAafHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgFXx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgASAFIBh8fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSAafHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgFHx8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGIBJ8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAefHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgHXx8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBx8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAffHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgE3x8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBd8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAWfHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgG3x8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIBV8fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCARfHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgIHx8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFIBl8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSAafHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgEXx8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBZ8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAYfHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgE3x8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHIBV8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAbfHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggIHx8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIB98fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiASfHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgHHx8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIB18fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAXfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggGXx8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIBR8fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAefHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgE3x8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFIB18fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAXfHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgG3x8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBF8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByAcfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggGXx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIBR8fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiAVfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgHnx8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIBh8fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByAWfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggIHx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIB98fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSASfHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgGnx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgASAFIB18fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSAWfHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgEnx8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGICB8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAffHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgHnx8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBV8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAbfHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgEXx8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBh8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAXfHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgFHx8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIBp8fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCATfHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgGXx8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFIBx8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSAefHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgHHx8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBh8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAffHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgHXx8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHIBJ8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAUfHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggGnx8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIBZ8fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiARfHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgIHx8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIBV8fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAZfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggF3x8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIBN8fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAbfHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgF3x8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFICB8fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAffHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgGnx8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBx8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByAUfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggEXx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIBl8fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiAdfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgE3x8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIB58fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByAYfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggEnx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIBV8fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSAbfHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgFnx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgASAFIBt8fCEBIA0gAYVCIIohDSAJIA18IQkgBSAJhUIYiiEFIAEgBSATfHwhASANIAGFQhCKIQ0gCSANfCEJIAUgCYVCP4ohBSACIAYgGXx8IQIgDiAChUIgiiEOIAogDnwhCiAGIAqFQhiKIQYgAiAGIBV8fCECIA4gAoVCEIohDiAKIA58IQogBiAKhUI/iiEGIAMgByAYfHwhAyAPIAOFQiCKIQ8gCyAPfCELIAcgC4VCGIohByADIAcgF3x8IQMgDyADhUIQiiEPIAsgD3whCyAHIAuFQj+KIQcgBCAIIBJ8fCEEIBAgBIVCIIohECAMIBB8IQwgCCAMhUIYiiEIIAQgCCAWfHwhBCAQIASFQhCKIRAgDCAQfCEMIAggDIVCP4ohCCABIAYgIHx8IQEgECABhUIgiiEQIAsgEHwhCyAGIAuFQhiKIQYgASAGIBx8fCEBIBAgAYVCEIohECALIBB8IQsgBiALhUI/iiEGIAIgByAafHwhAiANIAKFQiCKIQ0gDCANfCEMIAcgDIVCGIohByACIAcgH3x8IQIgDSAChUIQiiENIAwgDXwhDCAHIAyFQj+KIQcgAyAIIBR8fCEDIA4gA4VCIIohDiAJIA58IQkgCCAJhUIYiiEIIAMgCCAdfHwhAyAOIAOFQhCKIQ4gCSAOfCEJIAggCYVCP4ohCCAEIAUgHnx8IQQgDyAEhUIgiiEPIAogD3whCiAFIAqFQhiKIQUgBCAFIBF8fCEEIA8gBIVCEIohDyAKIA98IQogBSAKhUI/iiEFIAEgBSARfHwhASANIAGFQiCKIQ0gCSANfCEJIAUgCYVCGIohBSABIAUgEnx8IQEgDSABhUIQiiENIAkgDXwhCSAFIAmFQj+KIQUgAiAGIBN8fCECIA4gAoVCIIohDiAKIA58IQogBiAKhUIYiiEGIAIgBiAUfHwhAiAOIAKFQhCKIQ4gCiAOfCEKIAYgCoVCP4ohBiADIAcgFXx8IQMgDyADhUIgiiEPIAsgD3whCyAHIAuFQhiKIQcgAyAHIBZ8fCEDIA8gA4VCEIohDyALIA98IQsgByALhUI/iiEHIAQgCCAXfHwhBCAQIASFQiCKIRAgDCAQfCEMIAggDIVCGIohCCAEIAggGHx8IQQgECAEhUIQiiEQIAwgEHwhDCAIIAyFQj+KIQggASAGIBl8fCEBIBAgAYVCIIohECALIBB8IQsgBiALhUIYiiEGIAEgBiAafHwhASAQIAGFQhCKIRAgCyAQfCELIAYgC4VCP4ohBiACIAcgG3x8IQIgDSAChUIgiiENIAwgDXwhDCAHIAyFQhiKIQcgAiAHIBx8fCECIA0gAoVCEIohDSAMIA18IQwgByAMhUI/iiEHIAMgCCAdfHwhAyAOIAOFQiCKIQ4gCSAOfCEJIAggCYVCGIohCCADIAggHnx8IQMgDiADhUIQiiEOIAkgDnwhCSAIIAmFQj+KIQggBCAFIB98fCEEIA8gBIVCIIohDyAKIA98IQogBSAKhUIYiiEFIAQgBSAgfHwhBCAPIASFQhCKIQ8gCiAPfCEKIAUgCoVCP4ohBSABIAUgH3x8IQEgDSABhUIgiiENIAkgDXwhCSAFIAmFQhiKIQUgASAFIBt8fCEBIA0gAYVCEIohDSAJIA18IQkgBSAJhUI/iiEFIAIgBiAVfHwhAiAOIAKFQiCKIQ4gCiAOfCEKIAYgCoVCGIohBiACIAYgGXx8IQIgDiAChUIQiiEOIAogDnwhCiAGIAqFQj+KIQYgAyAHIBp8fCEDIA8gA4VCIIohDyALIA98IQsgByALhUIYiiEHIAMgByAgfHwhAyAPIAOFQhCKIQ8gCyAPfCELIAcgC4VCP4ohByAEIAggHnx8IQQgECAEhUIgiiEQIAwgEHwhDCAIIAyFQhiKIQggBCAIIBd8fCEEIBAgBIVCEIohECAMIBB8IQwgCCAMhUI/iiEIIAEgBiASfHwhASAQIAGFQiCKIRAgCyAQfCELIAYgC4VCGIohBiABIAYgHXx8IQEgECABhUIQiiEQIAsgEHwhCyAGIAuFQj+KIQYgAiAHIBF8fCECIA0gAoVCIIohDSAMIA18IQwgByAMhUIYiiEHIAIgByATfHwhAiANIAKFQhCKIQ0gDCANfCEMIAcgDIVCP4ohByADIAggHHx8IQMgDiADhUIgiiEOIAkgDnwhCSAIIAmFQhiKIQggAyAIIBh8fCEDIA4gA4VCEIohDiAJIA58IQkgCCAJhUI/iiEIIAQgBSAWfHwhBCAPIASFQiCKIQ8gCiAPfCEKIAUgCoVCGIohBSAEIAUgFHx8IQQgDyAEhUIQiiEPIAogD3whCiAFIAqFQj+KIQUgISAhKQMAIAEgCYWFNwMAICIgIikDACACIAqFhTcDACAjICMpAwAgAyALhYU3AwAgJCAkKQMAIAQgDIWFNwMAICUgJSkDACAFIA2FhTcDACAmICYpAwAgBiAOhYU3AwAgJyAnKQMAIAcgD4WFNwMAICggKCkDACAIIBCFhTcDAAs=")}}),a=e(),i=WebAssembly.compile(a);return bi=async t=>(await WebAssembly.instantiate(await i,t)).exports}()().then((t=>{Fi=t})),Ei=64,vi=[];ai.exports=Ui;var Bi=ai.exports.BYTES_MIN=16,Si=ai.exports.BYTES_MAX=64;ai.exports.BYTES=32;var Pi=ai.exports.KEYBYTES_MIN=16,Gi=ai.exports.KEYBYTES_MAX=64;ai.exports.KEYBYTES=32;var Oi=ai.exports.SALTBYTES=16,Ti=ai.exports.PERSONALBYTES=16;function Ui(t,e,a,i,o){if(!(this instanceof Ui))return new Ui(t,e,a,i,o);if(!Fi)throw new Error("WASM not loaded. Wait for Blake2b.ready(cb)");t||(t=32),!0!==o&&(Ci(t>=Bi,"digestLength must be at least "+Bi+", was given "+t),Ci(t<=Si,"digestLength must be at most "+Si+", was given "+t),null!=e&&(Ci(e instanceof Uint8Array,"key must be Uint8Array or Buffer"),Ci(e.length>=Pi,"key must be at least "+Pi+", was given "+e.length),Ci(e.length<=Gi,"key must be at least "+Gi+", was given "+e.length)),null!=a&&(Ci(a instanceof Uint8Array,"salt must be Uint8Array or Buffer"),Ci(a.length===Oi,"salt must be exactly "+Oi+", was given "+a.length)),null!=i&&(Ci(i instanceof Uint8Array,"personal must be Uint8Array or Buffer"),Ci(i.length===Ti,"personal must be exactly "+Ti+", was given "+i.length))),vi.length||(vi.push(Ei),Ei+=216),this.digestLength=t,this.finalized=!1,this.pointer=vi.pop(),this._memory=new Uint8Array(Fi.memory.buffer),this._memory.fill(0,0,64),this._memory[0]=this.digestLength,this._memory[1]=e?e.length:0,this._memory[2]=1,this._memory[3]=1,a&&this._memory.set(a,32),i&&this._memory.set(i,48),this.pointer+216>this._memory.length&&this._realloc(this.pointer+216),Fi.blake2b_init(this.pointer,this.digestLength),e&&(this.update(e),this._memory.fill(0,Ei,Ei+e.length),this._memory[this.pointer+200]=128)}function zi(){}function Qi(t){return(0!=(4294901760&t)?(t&=4294901760,16):0)|(0!=(4278255360&t)?(t&=4278255360,8):0)|(0!=(4042322160&t)?(t&=4042322160,4):0)|(0!=(3435973836&t)?(t&=3435973836,2):0)|0!=(2863311530&t)}function qi(t,e){const a=new DataView(t.buffer,t.byteOffset,t.byteLength);let i="";for(let t=0;t<4;t++){t>0&&(i+="\n"),i+="\t\t";for(let e=0;e<4;e++)e>0&&(i+=" "),i+=a.getUint32(16*t+4*e).toString(16).padStart(8,"0")}return e&&(i=e+"\n"+i),i}function Mi(t,e){if(t.byteLength!=e.byteLength)return!1;for(var a=new Int8Array(t),i=new Int8Array(e),o=0;o!=t.byteLength;o++)if(a[o]!=i[o])return!1;return!0}function ki(t){const e=t.getPartialHash(),a=ai.exports(64);return a.setPartialHash(e),a}async function Ri(t,e,a,i,o){if(t.G1.isZero(e))return!1;if(t.G1.isZero(a))return!1;if(t.G2.isZero(i))return!1;if(t.G2.isZero(o))return!1;return await t.pairingEq(e,o,t.G1.neg(a),i)}function Di(t){let e=new Uint8Array(t);return globalThis.crypto.getRandomValues(e),e}async function Ni(t){{const e=await globalThis.crypto.subtle.digest("SHA-256",t.buffer);return new Uint8Array(e)}}function $i(t,e){return new DataView(t.buffer).getUint32(e,!1)}async function Vi(t){for(;!t;)t=await window.prompt("Enter a random text. (Entropy): ","");const e=ai.exports(64);e.update(Di(64));const a=new TextEncoder;e.update(a.encode(t));const i=e.digest(),o=[];for(let t=0;t<8;t++)o[t]=$i(i,4*t);return new Q(o)}async function Ki(t,e){let a,i;e<32?(a=1<>>0,i=1):(a=4294967296,i=1<>>0);let o=t;for(let t=0;t{a[i]=Zi(t,e[i])})),a}return"bigint"==typeof e||void 0!==e.eq?e.toString(10):e}Ui.prototype._realloc=function(t){Fi.memory.grow(Math.max(0,Math.ceil(Math.abs(t-this._memory.length)/65536))),this._memory=new Uint8Array(Fi.memory.buffer)},Ui.prototype.update=function(t){return Ci(!1===this.finalized,"Hash instance finalized"),Ci(t instanceof Uint8Array,"input must be Uint8Array or Buffer"),Ei+t.length>this._memory.length&&this._realloc(Ei+t.length),this._memory.set(t,Ei),Fi.blake2b_update(this.pointer,Ei,Ei+t.length),this},Ui.prototype.digest=function(t){if(Ci(!1===this.finalized,"Hash instance finalized"),this.finalized=!0,vi.push(this.pointer),Fi.blake2b_final(this.pointer),!t||"binary"===t)return this._memory.slice(this.pointer+128,this.pointer+128+this.digestLength);if("string"==typeof t)return Ii.toString(this._memory,t,this.pointer+128,this.pointer+128+this.digestLength);Ci(t instanceof Uint8Array&&t.length>=this.digestLength,"input must be Uint8Array or Buffer");for(var e=0;et()),t):t(new Error("WebAssembly not supported"))},Ui.prototype.ready=Ui.ready,Ui.prototype.getPartialHash=function(){return this._memory.slice(this.pointer,this.pointer+216)},Ui.prototype.setPartialHash=function(t){this._memory.set(t,this.pointer)};const Wi=1,Yi=2,Ji=10,Xi=2,to=3,eo=4,ao=5,io=6,oo=7,no=8,lo=9,ro=10,so=11,co=12,uo=13,go=14,fo=15,ho=16,_o=17;async function po(t,e){await qa(t,1),await t.writeULE32(1),await Ma(t);const a=await Ja(e.q);await qa(t,2);const i=a.q,o=8*(Math.floor((ga.bitLength(i)-1)/64)+1),n=a.r,l=8*(Math.floor((ga.bitLength(n)-1)/64)+1);await t.writeULE32(o),await Da(t,i,o),await t.writeULE32(l),await Da(t,n,l),await t.writeULE32(e.nVars),await t.writeULE32(e.nPublic),await t.writeULE32(e.domainSize),await mo(t,a,e.vk_alpha_1),await mo(t,a,e.vk_beta_1),await wo(t,a,e.vk_beta_2),await wo(t,a,e.vk_gamma_2),await mo(t,a,e.vk_delta_1),await wo(t,a,e.vk_delta_2),await Ma(t)}async function mo(t,e,a){const i=new Uint8Array(2*e.G1.F.n8);e.G1.toRprLEM(i,0,a),await t.write(i)}async function wo(t,e,a){const i=new Uint8Array(2*e.G2.F.n8);e.G2.toRprLEM(i,0,a),await t.write(i)}async function Lo(t,e,a){const i=await t.read(2*e.G1.F.n8),o=e.G1.fromRprLEM(i,0);return a?e.G1.toObject(o):o}async function bo(t,e,a){const i=await t.read(2*e.G2.F.n8),o=e.G2.fromRprLEM(i,0);return a?e.G2.toObject(o):o}async function yo(t,e,a){await ka(t,e,1);const i=await t.readULE32();if(await Ra(t),i===Wi)return await async function(t,e,a){const i={protocol:"groth16"};await ka(t,e,2);const o=await t.readULE32();i.n8q=o,i.q=await Na(t,o);const n=await t.readULE32();return i.n8r=n,i.r=await Na(t,n),i.curve=await Ja(i.q),i.nVars=await t.readULE32(),i.nPublic=await t.readULE32(),i.domainSize=await t.readULE32(),i.power=Qi(i.domainSize),i.vk_alpha_1=await Lo(t,i.curve,a),i.vk_beta_1=await Lo(t,i.curve,a),i.vk_beta_2=await bo(t,i.curve,a),i.vk_gamma_2=await bo(t,i.curve,a),i.vk_delta_1=await Lo(t,i.curve,a),i.vk_delta_2=await bo(t,i.curve,a),await Ra(t),i}(t,e,a);if(i===Yi)return await async function(t,e,a){const i={protocol:"plonk"};await ka(t,e,2);const o=await t.readULE32();i.n8q=o,i.q=await Na(t,o);const n=await t.readULE32();return i.n8r=n,i.r=await Na(t,n),i.curve=await Ja(i.q),i.nVars=await t.readULE32(),i.nPublic=await t.readULE32(),i.domainSize=await t.readULE32(),i.power=Qi(i.domainSize),i.nAdditions=await t.readULE32(),i.nConstraints=await t.readULE32(),i.k1=await t.read(n),i.k2=await t.read(n),i.Qm=await Lo(t,i.curve,a),i.Ql=await Lo(t,i.curve,a),i.Qr=await Lo(t,i.curve,a),i.Qo=await Lo(t,i.curve,a),i.Qc=await Lo(t,i.curve,a),i.S1=await Lo(t,i.curve,a),i.S2=await Lo(t,i.curve,a),i.S3=await Lo(t,i.curve,a),i.X_2=await bo(t,i.curve,a),await Ra(t),i}(t,e,a);if(i===Ji)return await async function(t,e,a){const i={protocol:"fflonk"};i.protocolId=Ji,await ka(t,e,Xi);const o=await t.readULE32();i.n8q=o,i.q=await Na(t,o),i.curve=await Ja(i.q);const n=await t.readULE32();return i.n8r=n,i.r=await Na(t,n),i.nVars=await t.readULE32(),i.nPublic=await t.readULE32(),i.domainSize=await t.readULE32(),i.power=Qi(i.domainSize),i.nAdditions=await t.readULE32(),i.nConstraints=await t.readULE32(),i.k1=await t.read(n),i.k2=await t.read(n),i.w3=await t.read(n),i.w4=await t.read(n),i.w8=await t.read(n),i.wr=await t.read(n),i.X_2=await bo(t,i.curve,a),i.C0=await Lo(t,i.curve,a),await Ra(t),i}(t,e,a);throw new Error("Protocol not supported: ")}async function Ao(t,e,a){const i={delta:{}};i.deltaAfter=await Lo(t,e,a),i.delta.g1_s=await Lo(t,e,a),i.delta.g1_sx=await Lo(t,e,a),i.delta.g2_spx=await bo(t,e,a),i.transcript=await t.read(64),i.type=await t.readULE32();const o=await t.readULE32(),n=t.pos;let l=0;for(;t.pos-n0){const e=new Uint8Array(i);await t.writeULE32(e.byteLength),await t.write(e)}else await t.writeULE32(0)}async function Fo(t,e,a){await qa(t,10),await t.write(a.csHash),await t.writeULE32(a.contributions.length);for(let i=0;i0;)a.unshift(0),t--}return a}async function Uo(t,e){let a,i,o;e=e||{};let n=1,l=0,r=0;if(t instanceof WebAssembly.Instance)a=t;else{let s=32767;if(e.memorySize&&(s=parseInt(e.memorySize),s<0))throw new Error("Invalid memory size");let u=!1;for(;!u;)try{o=new WebAssembly.Memory({initial:s}),u=!0}catch(t){if(s<=1)throw t;console.warn("Could not allocate "+1024*s*64+" bytes. This may cause severe instability. Trying with "+1024*s*64/2+" bytes"),s=Math.floor(s/2)}const g=await WebAssembly.compile(t);let f="",h="";a=await WebAssembly.instantiate(g,{env:{memory:o},runtime:{exceptionHandler:function(t){let e;throw e=1===t?"Signal not found. ":2===t?"Too many signals set. ":3===t?"Signal already set. ":4===t?"Assert Failed. ":5===t?"Not enough memory. ":6===t?"Input signal array access exceeds the size. ":"Unknown error. ",console.error("ERROR: ",t,f),new Error(e+f)},printErrorMessage:function(){f+=c()+"\n"},writeBufferMessage:function(){const t=c();"\n"===t?(console.log(h),h=""):(""!==h&&(h+=" "),h+=t)},showSharedRWMemory:function(){const t=a.exports.getFieldNumLen32(),e=new Uint32Array(t);for(let i=0;i=2&&(l>=1||r>=7)){""!==h&&(h+=" ");const t=ga.fromArray(e,4294967296).toString();h+=t}else console.log(ga.fromArray(e,4294967296))},error:function(t,a,o,n,l,r){let s;throw s=7===t?d(a)+" "+i.getFr(n).toString()+" != "+i.getFr(l).toString()+" "+d(r):9===t?d(a)+" "+i.getFr(n).toString()+" "+d(l):5===t&&e.sym?d(a)+" "+e.sym.labelIdx2Name[l]:d(a)+" "+o+" "+n+" "+l+" "+r,console.log("ERROR: ",t,s),new Error(s)},log:function(t){console.log(i.getFr(t).toString())},logGetSignal:function(t,a){e.logGetSignal&&e.logGetSignal(t,i.getFr(a))},logSetSignal:function(t,a){e.logSetSignal&&e.logSetSignal(t,i.getFr(a))},logStartComponent:function(t){e.logStartComponent&&e.logStartComponent(t)},logFinishComponent:function(t){e.logFinishComponent&&e.logFinishComponent(t)}}})}"function"==typeof a.exports.getVersion&&(n=a.exports.getVersion()),"function"==typeof a.exports.getMinorVersion&&(l=a.exports.getMinorVersion()),"function"==typeof a.exports.getPatchVersion&&(r=a.exports.getPatchVersion());const s=e&&(e.sanityCheck||e.logGetSignal||e.logSetSignal||e.logStartComponent||e.logFinishComponent);return i=2===n?new Qo(a,s):new zo(o,a,s),i;function c(){let t="",e=a.exports.getMessageChar();for(;0!==e;)t+=String.fromCharCode(e),e=a.exports.getMessageChar();return t}function d(t){const e=new Uint8Array(o.buffer),a=[];for(let i=0;e[t+i]>0;i++)a.push(e[t+i]);return String.fromCharCode.apply(null,a)}}class zo{constructor(t,e,a){this.memory=t,this.i32=new Uint32Array(t.buffer),this.instance=e,this.n32=(this.instance.exports.getFrLen()>>2)-2;const i=this.instance.exports.getPRawPrime(),o=new Array(this.n32);for(let t=0;t>2)+t];this.prime=ga.fromArray(o,4294967296),this.Fr=new $(this.prime),this.mask32=ga.fromString("FFFFFFFF",16),this.NVars=this.instance.exports.getNVars(),this.n64=Math.floor((this.Fr.bitLength-1)/64)+1,this.R=this.Fr.e(ga.shiftLeft(1,64*this.n64)),this.RInv=this.Fr.inv(this.R),this.sanityCheck=a}circom_version(){return 1}async _doCalculateWitness(t,e){this.instance.exports.init(this.sanityCheck||e?1:0);const a=this.allocInt(),i=this.allocFr();Object.keys(t).forEach((e=>{const o=Oo(e),n=parseInt(o.slice(0,8),16),l=parseInt(o.slice(8,16),16);try{this.instance.exports.getSignalOffset32(a,0,n,l)}catch(t){throw new Error(`Signal ${e} is not an input of the circuit.`)}const r=this.getInt(a),s=Po(t[e]);for(let t=0;t>2]}setInt(t,e){this.i32[t>>2]=e}getFr(t){const e=this,a=t>>2;if(2147483648&e.i32[a+1]){const t=new Array(e.n32);for(let i=0;i>2]=o,void(a.i32[1+(t>>2)]=0)}a.i32[t>>2]=0,a.i32[1+(t>>2)]=2147483648;const n=ga.toArray(e,4294967296);for(let e=0;e>2)+e]=i>=0?n[i]:0}}}class Qo{constructor(t,e){this.instance=t,this.version=this.instance.exports.getVersion(),this.n32=this.instance.exports.getFieldNumLen32(),this.instance.exports.getRawPrime();const a=new Uint32Array(this.n32);for(let t=0;t{const a=Oo(e),o=parseInt(a.slice(0,8),16),n=parseInt(a.slice(8,16),16),l=Po(t[e]);if("function"==typeof this.instance.exports.getInputSignalSize){let t=this.instance.exports.getInputSignalSize(o,n);if(t<0)throw new Error(`Signal ${e} not found\n`);if(l.lengtht)throw new Error(`Too many values for input signal ${e}\n`)}for(let t=0;t1)throw new Error(t.fileName+": File has more than one header");t.pos=e[1][0].p;const a=await t.readULE32(),i=await t.read(a),o=ga.fromRprLE(i),n=await Ja(o);if(8*n.F1.n64!=a)throw new Error(t.fileName+": Invalid size");const l=await t.readULE32(),r=await t.readULE32();if(t.pos-e[1][0].p!=e[1][0].size)throw new Error("Invalid PTau header size");return{curve:n,power:l,ceremonyPower:r}}function Yo(t,e,a,i){const o={tau:{},alpha:{},beta:{}};return o.tau.g1_s=n(),o.tau.g1_sx=n(),o.alpha.g1_s=n(),o.alpha.g1_sx=n(),o.beta.g1_s=n(),o.beta.g1_sx=n(),o.tau.g2_spx=l(),o.alpha.g2_spx=l(),o.beta.g2_spx=l(),o;function n(){let o;return o=i?a.G1.fromRprLEM(t,e):a.G1.fromRprUncompressed(t,e),e+=2*a.G1.F.n8,o}function l(){let o;return o=i?a.G2.fromRprLEM(t,e):a.G2.fromRprUncompressed(t,e),e+=2*a.G2.F.n8,o}}function Jo(t,e,a,i,o){async function n(i){o?a.G1.toRprLEM(t,e,i):a.G1.toRprUncompressed(t,e,i),e+=2*a.F1.n8}async function l(i){o?a.G2.toRprLEM(t,e,i):a.G2.toRprUncompressed(t,e,i),e+=2*a.F2.n8}return n(i.tau.g1_s),n(i.tau.g1_sx),n(i.alpha.g1_s),n(i.alpha.g1_sx),n(i.beta.g1_s),n(i.beta.g1_sx),l(i.tau.g2_spx),l(i.alpha.g2_spx),l(i.beta.g2_spx),t}async function Xo(t,e){const a={};a.tauG1=await s(),a.tauG2=await c(),a.alphaG1=await s(),a.betaG1=await s(),a.betaG2=await c(),a.key=await async function(t,e,a){return Yo(await t.read(2*e.F1.n8*6+2*e.F2.n8*3),0,e,a)}(t,e,!0),a.partialHash=await t.read(216),a.nextChallenge=await t.read(64),a.type=await t.readULE32();const i=new Uint8Array(2*e.G1.F.n8*6+2*e.G2.F.n8*3);Jo(i,0,e,a.key,!1);const o=ai.exports(64);o.setPartialHash(a.partialHash),o.update(i),a.responseHash=o.digest();const n=await t.readULE32(),l=t.pos;let r=0;for(;t.pos-l1)throw new Error(t.fileName+": File has more than one contributions section");t.pos=a[7][0].p;const i=await t.readULE32(),o=[];for(let a=0;a0){const e=new Uint8Array(n);await t.writeULE32(e.byteLength),await t.write(e)}else await t.writeULE32(0);async function l(a){e.G1.toRprLEM(i,0,a),await t.write(i)}async function r(a){e.G2.toRprLEM(o,0,a),await t.write(o)}}async function an(t,e,a){await t.writeULE32(7);const i=t.pos;await t.writeULE64(0),await t.writeULE32(a.length);for(let i=0;i0?u[u.length-1].nextChallenge:on(c,d,n);const L=await Qa(a,"ptau",1,o?7:2);await Zo(L,c,d);const b=await m.read(64);if(Mi(l,w)&&(w=b,u[u.length-1].nextChallenge=w),!Mi(b,w))throw new Error("Wrong contribution. This contribution is not based on the previous hash");const y=new ai.exports(64);y.update(b);const A=[];let C;C=await x(m,L,"G1",2,2**d*2-1,[1],"tauG1"),g.tauG1=C[0],C=await x(m,L,"G2",3,2**d,[1],"tauG2"),g.tauG2=C[0],C=await x(m,L,"G1",4,2**d,[0],"alphaG1"),g.alphaG1=C[0],C=await x(m,L,"G1",5,2**d,[0],"betaG1"),g.betaG1=C[0],C=await x(m,L,"G2",6,1,[0],"betaG2"),g.betaG2=C[0],g.partialHash=y.getPartialHash();const I=await m.read(2*c.F1.n8*6+2*c.F2.n8*3);g.key=Yo(I,0,c,!1),y.update(new Uint8Array(I));const F=y.digest();if(n&&n.info(qi(F,"Contribution Response Hash imported: ")),o){const t=new ai.exports(64);t.update(F),await E(t,L,"G1",2,2**d*2-1,"tauG1",n),await E(t,L,"G2",3,2**d,"tauG2",n),await E(t,L,"G1",4,2**d,"alphaTauG1",n),await E(t,L,"G1",5,2**d,"betaTauG1",n),await E(t,L,"G2",6,1,"betaG2",n),g.nextChallenge=t.digest(),n&&n.info(qi(g.nextChallenge,"Next Challenge Hash: "))}else g.nextChallenge=l;return u.push(g),await an(L,c,u),await m.close(),await L.close(),await r.close(),g.nextChallenge;async function x(t,e,a,i,l,r,s){return o?await async function(t,e,a,i,o,l,r){const s=c[a],d=s.F.n8,u=2*s.F.n8,g=[];await qa(e,i);const f=Math.floor((1<<24)/u);A[i]=e.pos;for(let a=0;a=a&&e=e&&o1?s[s.length-2]:c;const u=s[s.length-1];if(e&&e.debug("Validating contribution #"+s[s.length-1].id),!await rn(n,u,d,e))return!1;const g=ai.exports(64);g.update(u.responseHash),e&&e.debug("Verifying powers in tau*G1 section");const f=await b(2,"G1","tauG1",2**l*2-1,[0,1],e);if(a=await ln(n,f.R1,f.R2,n.G2.g,u.tauG2),!0!==a)return e&&e.error("tauG1 section. Powers do not match"),!1;if(!n.G1.eq(n.G1.g,f.singularPoints[0]))return e&&e.error("First element of tau*G1 section must be the generator"),!1;if(!n.G1.eq(u.tauG1,f.singularPoints[1]))return e&&e.error("Second element of tau*G1 section does not match the one in the contribution section"),!1;e&&e.debug("Verifying powers in tau*G2 section");const h=await b(3,"G2","tauG2",2**l,[0,1],e);if(a=await ln(n,n.G1.g,u.tauG1,h.R1,h.R2),!0!==a)return e&&e.error("tauG2 section. Powers do not match"),!1;if(!n.G2.eq(n.G2.g,h.singularPoints[0]))return e&&e.error("First element of tau*G2 section must be the generator"),!1;if(!n.G2.eq(u.tauG2,h.singularPoints[1]))return e&&e.error("Second element of tau*G2 section does not match the one in the contribution section"),!1;e&&e.debug("Verifying powers in alpha*tau*G1 section");const _=await b(4,"G1","alphatauG1",2**l,[0],e);if(a=await ln(n,_.R1,_.R2,n.G2.g,u.tauG2),!0!==a)return e&&e.error("alphaTauG1 section. Powers do not match"),!1;if(!n.G1.eq(u.alphaG1,_.singularPoints[0]))return e&&e.error("First element of alpha*tau*G1 section (alpha*G1) does not match the one in the contribution section"),!1;e&&e.debug("Verifying powers in beta*tau*G1 section");const p=await b(5,"G1","betatauG1",2**l,[0],e);if(a=await ln(n,p.R1,p.R2,n.G2.g,u.tauG2),!0!==a)return e&&e.error("betaTauG1 section. Powers do not match"),!1;if(!n.G1.eq(u.betaG1,p.singularPoints[0]))return e&&e.error("First element of beta*tau*G1 section (beta*G1) does not match the one in the contribution section"),!1;const m=await async function(t){const e=n.G2,a=2*e.F.n8,l=new Uint8Array(a);if(!o[6])throw t.error("File has no BetaG2 section"),new Error("File has no BetaG2 section");if(o[6].length>1)throw t.error("File has no BetaG2 section"),new Error("File has more than one GetaG2 section");i.pos=o[6][0].p;const r=await i.read(a),s=e.fromRprLEM(r);return e.toRprUncompressed(l,0,s),g.update(l),s}(e);if(!n.G2.eq(u.betaG2,m))return e&&e.error("betaG2 element in betaG2 section does not match the one in the contribution section"),!1;const w=g.digest();if(l==r&&!Mi(w,u.nextChallenge))return e&&e.error("Hash of the values does not match the next challenge of the last contributor in the contributions section"),!1;e&&e.info(qi(w,"Next challenge hash: ")),L(u,d);for(let t=s.length-2;t>=0;t--){const a=s[t],i=t>0?s[t-1]:c;if(!await rn(n,a,i,e))return!1;L(a,i)}if(e&&e.info("-----------------------------------------------------"),o[12]&&o[13]&&o[14]&&o[15]){let t;if(t=await y("G1",2,12,"tauG1",e),!t)return!1;if(t=await y("G2",3,13,"tauG2",e),!t)return!1;if(t=await y("G1",4,14,"alphaTauG1",e),!t)return!1;if(t=await y("G1",5,15,"betaTauG1",e),!t)return!1}else e&&e.warn('this file does not contain phase2 precalculated values. Please run: \n snarkjs "powersoftau preparephase2" to prepare this file to be used in the phase2 ceremony.');return await i.close(),e&&e.info("Powers of Tau Ok!"),!0;function L(t,a){if(!e)return;e.info("-----------------------------------------------------"),e.info(`Contribution #${t.id}: ${t.name||""}`),e.info(qi(t.nextChallenge,"Next Challenge: "));const i=new Uint8Array(2*n.G1.F.n8*6+2*n.G2.F.n8*3);Jo(i,0,n,t.key,!1);const o=ai.exports(64);o.setPartialHash(t.partialHash),o.update(i);const l=o.digest();e.info(qi(l,"Response Hash:")),e.info(qi(a.nextChallenge,"Response Hash:")),1==t.type&&(e.info(`Beacon generator: ${Hi(t.beaconHash)}`),e.info(`Beacon iterations Exp: ${t.numIterationsExp}`))}async function b(t,e,a,l,r,s){const c=n[e],d=2*c.F.n8;await ka(i,o,t);const u=[];let f=c.zero,h=c.zero,_=c.zero;for(let t=0;t0){const t=c.fromRprLEM(o,0),e=$i(Di(4),0);f=c.add(f,c.timesScalar(_,e)),h=c.add(h,c.timesScalar(t,e))}const m=await c.multiExpAffine(o.slice(0,(e-1)*d),p),w=await c.multiExpAffine(o.slice(d),p);f=c.add(f,m),h=c.add(h,w),_=c.fromRprLEM(o,(e-1)*d);for(let a=0;a=t&&i1;)c/=2,d+=1;if(2**d!=s)throw new Error("Invalid file size");o&&o.debug("Power to tau size: "+d);const u=await Vi(i),g=await Ta(a),f=ai.exports(64);for(let t=0;t{o.debug(e+".g1_s: "+t.G1.toString(p[e].g1_s,16)),o.debug(e+".g1_sx: "+t.G1.toString(p[e].g1_sx,16)),o.debug(e+".g2_sp: "+t.G2.toString(p[e].g2_sp,16)),o.debug(e+".g2_spx: "+t.G2.toString(p[e].g2_spx,16)),o.debug("")}));const m=ai.exports(64);await g.write(_),m.update(_),await cn(n,g,m,t,"G1",2**d*2-1,t.Fr.one,p.tau.prvKey,"COMPRESSED","tauG1",o),await cn(n,g,m,t,"G2",2**d,t.Fr.one,p.tau.prvKey,"COMPRESSED","tauG2",o),await cn(n,g,m,t,"G1",2**d,p.alpha.prvKey,p.tau.prvKey,"COMPRESSED","alphaTauG1",o),await cn(n,g,m,t,"G1",2**d,p.beta.prvKey,p.tau.prvKey,"COMPRESSED","betaTauG1",o),await cn(n,g,m,t,"G2",1,p.beta.prvKey,p.tau.prvKey,"COMPRESSED","betaTauG2",o);const w=new Uint8Array(2*t.F1.n8*6+2*t.F2.n8*3);Jo(w,0,t,p,!1),await g.write(w),m.update(w);const L=m.digest();o&&o.info(qi(L,"Contribution Response Hash: ")),await g.close(),await n.close()},beacon:async function(t,e,a,i,o,n){const l=ji(i);if(0==l.byteLength||2*l.byteLength!=i.length)return n&&n.error("Invalid Beacon Hash. (It must be a valid hexadecimal sequence)"),!1;if(l.length>=256)return n&&n.error("Maximum length of beacon hash is 255 bytes"),!1;if((o=parseInt(o))<10||o>63)return n&&n.error("Invalid numIterationsExp. (Must be between 10 and 63)"),!1;await ai.exports.ready();const{fd:r,sections:s}=await za(t,"ptau",1),{curve:c,power:d,ceremonyPower:u}=await Wo(r,s);if(d!=u)return n&&n.error("This file has been reduced. You cannot contribute into a reduced file."),!1;s[12]&&n&&n.warn("Contributing into a file that has phase2 calculated. You will have to prepare phase2 again.");const g=await tn(r,c,s),f={name:a,type:1,numIterationsExp:o,beaconHash:l};let h;h=g.length>0?g[g.length-1].nextChallenge:on(c,d,n),f.key=await nn(c,h,l,o);const _=new ai.exports(64);_.update(h);const p=await Qa(e,"ptau",1,7);await Zo(p,c,d);const m=[];let w;w=await A(2,"G1",2**d*2-1,c.Fr.e(1),f.key.tau.prvKey,"tauG1",n),f.tauG1=w[1],w=await A(3,"G2",2**d,c.Fr.e(1),f.key.tau.prvKey,"tauG2",n),f.tauG2=w[1],w=await A(4,"G1",2**d,f.key.alpha.prvKey,f.key.tau.prvKey,"alphaTauG1",n),f.alphaG1=w[0],w=await A(5,"G1",2**d,f.key.beta.prvKey,f.key.tau.prvKey,"betaTauG1",n),f.betaG1=w[0],w=await A(6,"G2",1,f.key.beta.prvKey,f.key.tau.prvKey,"betaTauG2",n),f.betaG2=w[0],f.partialHash=_.getPartialHash();const L=new Uint8Array(2*c.F1.n8*6+2*c.F2.n8*3);Jo(L,0,c,f.key,!1),_.update(new Uint8Array(L));const b=_.digest();n&&n.info(qi(b,"Contribution Response Hash imported: "));const y=new ai.exports(64);return y.update(b),await C(p,"G1",2,2**d*2-1,"tauG1",n),await C(p,"G2",3,2**d,"tauG2",n),await C(p,"G1",4,2**d,"alphaTauG1",n),await C(p,"G1",5,2**d,"betaTauG1",n),await C(p,"G2",6,1,"betaG2",n),f.nextChallenge=y.digest(),n&&n.info(qi(f.nextChallenge,"Next Challenge Hash: ")),g.push(f),await an(p,c,g),await r.close(),await p.close(),b;async function A(t,e,a,i,o,n,l){const d=[];r.pos=s[t][0].p,await qa(p,t),m[t]=p.pos;const u=c[e],g=2*u.F.n8,f=Math.floor((1<<20)/g);let h=i;for(let t=0;t0?d[d.length-1].nextChallenge:on(r,s,o),u.key=Ho(r,g,f);const h=new ai.exports(64);h.update(g);const _=await Qa(e,"ptau",1,7);await Zo(_,r,s);const p=[];let m;m=await y(2,"G1",2**s*2-1,r.Fr.e(1),u.key.tau.prvKey,"tauG1"),u.tauG1=m[1],m=await y(3,"G2",2**s,r.Fr.e(1),u.key.tau.prvKey,"tauG2"),u.tauG2=m[1],m=await y(4,"G1",2**s,u.key.alpha.prvKey,u.key.tau.prvKey,"alphaTauG1"),u.alphaG1=m[0],m=await y(5,"G1",2**s,u.key.beta.prvKey,u.key.tau.prvKey,"betaTauG1"),u.betaG1=m[0],m=await y(6,"G2",1,u.key.beta.prvKey,u.key.tau.prvKey,"betaTauG2"),u.betaG2=m[0],u.partialHash=h.getPartialHash();const w=new Uint8Array(2*r.F1.n8*6+2*r.F2.n8*3);Jo(w,0,r,u.key,!1),h.update(new Uint8Array(w));const L=h.digest();o&&o.info(qi(L,"Contribution Response Hash imported: "));const b=new ai.exports(64);return b.update(L),await A(_,"G1",2,2**s*2-1,"tauG1"),await A(_,"G2",3,2**s,"tauG2"),await A(_,"G1",4,2**s,"alphaTauG1"),await A(_,"G1",5,2**s,"betaTauG1"),await A(_,"G2",6,1,"betaG2"),u.nextChallenge=b.digest(),o&&o.info(qi(u.nextChallenge,"Next Challenge Hash: ")),d.push(u),await an(_,r,d),await n.close(),await _.close(),L;async function y(t,e,a,i,s,c){const d=[];n.pos=l[t][0].p,await qa(_,t),p[t]=_.pos;const u=r[e],g=2*u.F.n8,f=Math.floor((1<<20)/g);let m=i;for(let t=0;t=this.length&&(this.length=t+1),!0}getKeys(){const t=new hn;for(let e=0;e1<<20?new hn:[];for(let t=0;t1<<20?new hn:[];for(let t=0;t1<<20?new hn:[];for(let t=0;t{let i="";return Object.keys(a).forEach((o=>{let n=e.varIdx2Name[o];"one"==n&&(n="1");let l=t.curve.Fr.toString(a[o]);"1"==l&&(l=""),"-1"==l&&(l="-"),""!=i&&"-"!=l[0]&&(l="+"+l),""!=i&&(l=" "+l),i=i+l+n})),i},n=`[ ${o(i[0])} ] * [ ${o(i[1])} ] - [ ${o(i[2])} ] = 0`;a&&a.info(n)}},info:async function(t,e){const a=await Ln(t);return ga.eq(a.prime,yn)?e&&e.info("Curve: bn-128"):ga.eq(a.prime,bn)?e&&e.info("Curve: bls12-381"):e&&e.info(`Unknown Curve. Prime: ${ga.toString(a.prime)}`),e&&e.info(`# of Wires: ${a.nVars}`),e&&e.info(`# of Constraints: ${a.nConstraints}`),e&&e.info(`# of Private Inputs: ${a.nPrvInputs}`),e&&e.info(`# of Public Inputs: ${a.nPubInputs}`),e&&e.info(`# of Labels: ${a.nLabels}`),e&&e.info(`# of Outputs: ${a.nOutputs}`),a},exportJson:async function(t,e){const a=await Ln(t,!0,!0,!0,e),i=a.curve.Fr;return delete a.curve,delete a.F,Zi(i,a)}});async function Cn(t){const e={labelIdx2Name:["one"],varIdx2Name:["one"],componentIdx2Name:[]},a=await Ua(t),i=await a.read(a.totalSize),o=new TextDecoder("utf-8").decode(i).split("\n");for(let t=0;t Reading r1cs file");const{fd:i,sections:o}=await za(t,"r1cs",1),n=await wn(i,o,{loadConstraints:!1,loadCustomGates:!1});a&&a.info("> Reading witness file");const{fd:l,sections:r}=await za(e,"wtns",2),s=await vo(l,r);if(!ga.eq(n.prime,s.q))throw new Error("Curve of the witness does not match the curve of the proving key");const c=await Va(l,r,2);await l.close();const d=(await Ya(n.prime)).Fr,u=d.n8,g=await Va(i,o,2);a&&(a.info("----------------------------"),a.info(" WITNESS CHECK"),a.info(` Curve: ${n.curve.name}`),a.info(` Vars (wires): ${n.nVars}`),a.info(` Outputs: ${n.nOutputs}`),a.info(` Public Inputs: ${n.nPubInputs}`),a.info(` Private Inputs: ${n.nPrvInputs}`),a.info(` Labels: ${n.nLabels}`),a.info(` Constraints: ${n.nConstraints}`),a.info(` Custom Gates: ${n.useCustomGates}`),a.info("----------------------------")),a&&a.info("> Checking witness correctness");let f=0,h=!0;for(let t=0;t{const i=function(t){return d.fromRprLE(c.slice(t*u,t*u+u))}(a),o=t[a];e=d.add(e,d.mul(i,o))})),e}function p(){const t={},e=g.slice(f,f+4);f+=4;const a=new DataView(e.buffer).getUint32(0,!0),i=g.slice(f,f+(4+n.n8)*a);f+=(4+n.n8)*a;const o=new DataView(i.buffer);for(let e=0;e=this.length&&(this.length=t+1),!0}getKeys(){const t=new Bn;for(let e=0;es)return i&&i.error(`circuit too big for this power of tau ceremony. ${u.nConstraints}*2 > 2**${s}`),-1;if(!l[12])return i&&i.error("Powers of tau is not prepared."),-1;const p=u.nOutputs+u.nPubInputs,m=2**_;await qa(g,1),await g.writeULE32(1),await Ma(g),await qa(g,2);const w=r.q,L=8*(Math.floor((ga.bitLength(w)-1)/64)+1),b=r.r,y=8*(Math.floor((ga.bitLength(b)-1)/64)+1),A=ga.mod(ga.shl(1,8*y),b),C=r.Fr.e(ga.mod(ga.mul(A,A),b));let I,F,x;await g.writeULE32(L),await Da(g,w,L),await g.writeULE32(y),await Da(g,b,y),await g.writeULE32(u.nVars),await g.writeULE32(p),await g.writeULE32(m),I=await n.read(f,l[4][0].p),await g.write(I),I=await r.G1.batchLEMtoU(I),o.update(I),F=await n.read(f,l[5][0].p),await g.write(F),F=await r.G1.batchLEMtoU(F),o.update(F),x=await n.read(h,l[6][0].p),await g.write(x),x=await r.G2.batchLEMtoU(x),o.update(x);const E=new Uint8Array(f);r.G1.toRprLEM(E,0,r.G1.g);const v=new Uint8Array(h);r.G2.toRprLEM(v,0,r.G2.g);const B=new Uint8Array(f);r.G1.toRprUncompressed(B,0,r.G1.g);const S=new Uint8Array(h);r.G2.toRprUncompressed(S,0,r.G2.g),await g.write(v),await g.write(E),await g.write(v),o.update(S),o.update(B),o.update(S),await Ma(g),i&&i.info("Reading r1cs");let P=await Va(c,d,2);const G=new Bn(u.nVars),O=new Bn(u.nVars),T=new Bn(u.nVars),U=new Bn(u.nVars-p-1),z=new Array(p+1);i&&i.info("Reading tauG1");let Q=await Va(n,l,12,(m-1)*f,m*f);i&&i.info("Reading tauG2");let q=await Va(n,l,13,(m-1)*h,m*h);i&&i.info("Reading alphatauG1");let M=await Va(n,l,14,(m-1)*f,m*f);i&&i.info("Reading betatauG1");let k=await Va(n,l,15,(m-1)*f,m*f);await async function(){const t=new Uint8Array(12+r.Fr.n8),e=new DataView(t.buffer),a=new Uint8Array(r.Fr.n8);r.Fr.toRprLE(a,0,r.Fr.e(1));let o=0;function n(){const t=P.slice(o,o+4);o+=4;return new DataView(t.buffer).getUint32(0,!0)}const l=new Bn;for(let t=0;t=0?r.Fr.fromRprLE(P.slice(i[3],i[3]+r.Fr.n8),0):r.Fr.fromRprLE(a,0);const n=r.Fr.mul(o,C);r.Fr.toRprLE(t,12,n),s.set(t,d),d+=t.length}await g.write(s),await Ma(g)}(),await D(3,"G1",z,"IC"),await async function(){await qa(g,9);const t=new Se(m*f);if(_(i&&i.debug(`Writing points end ${n}: ${d}/${a.length}`),t)))),c+=o,t++}const d=await Promise.all(s);for(let t=0;t32768?(f=new Se(_*n),h=new Se(_*r.Fr.n8)):(f=new Uint8Array(_*n),h=new Uint8Array(_*r.Fr.n8));let p=0,m=0;const w=[Q,q,M,k],L=new Uint8Array(r.Fr.n8);r.Fr.toRprLE(L,0,r.Fr.e(1));let b=0;for(let t=0;t=0?h.set(P.slice(e[t][o][2],e[t][o][2]+r.Fr.n8),b*r.Fr.n8):h.set(L,b*r.Fr.n8),b++;if(e.length>1){const t=[];t.push({cmd:"ALLOCSET",var:0,buff:f}),t.push({cmd:"ALLOCSET",var:1,buff:h}),t.push({cmd:"ALLOC",var:2,len:e.length*l}),p=0,m=0;let a=0;for(let i=0;i=0;t--){const e=d.contributions[t];i&&i.info("-------------------------"),i&&i.info(qi(e.contributionHash,`contribution #${t+1} ${e.name?e.name:""}:`)),1==e.type&&(i&&i.info(`Beacon generator: ${Hi(e.beaconHash)}`),i&&i.info(`Beacon iterations Exp: ${e.numIterationsExp}`))}return i&&i.info("-------------------------"),i&&i.info("ZKey Ok!"),!0;async function w(t,e){const a=2*s.G1.F.n8,i=t.byteLength/a,o=s.tm.concurrency,n=Math.floor(i/o),l=[];for(let a=0;a Detected protocol: "+o.protocol),"groth16"===o.protocol)n=await async function(t,e,a){const i=await Ja(t.q),o=2*i.G1.F.n8,n=await i.pairing(t.vk_alpha_1,t.vk_beta_2);let l={protocol:t.protocol,curve:i.name,nPublic:t.nPublic,vk_alpha_1:i.G1.toObject(t.vk_alpha_1),vk_beta_2:i.G2.toObject(t.vk_beta_2),vk_gamma_2:i.G2.toObject(t.vk_gamma_2),vk_delta_2:i.G2.toObject(t.vk_delta_2),vk_alphabeta_12:i.Gt.toObject(n)};await ka(e,a,3),l.IC=[];for(let a=0;a<=t.nPublic;a++){const t=await e.read(o),a=i.G1.toObject(t);l.IC.push(a)}return await Ra(e),l=On(l),l}(o,a,i);else if("plonk"===o.protocol)n=await async function(t){const e=await Ja(t.q);let a={protocol:t.protocol,curve:e.name,nPublic:t.nPublic,power:t.power,k1:e.Fr.toObject(t.k1),k2:e.Fr.toObject(t.k2),Qm:e.G1.toObject(t.Qm),Ql:e.G1.toObject(t.Ql),Qr:e.G1.toObject(t.Qr),Qo:e.G1.toObject(t.Qo),Qc:e.G1.toObject(t.Qc),S1:e.G1.toObject(t.S1),S2:e.G1.toObject(t.S2),S3:e.G1.toObject(t.S3),X_2:e.G2.toObject(t.X_2),w:e.Fr.toObject(e.Fr.w[t.power])};return a=On(a),a}(o);else{if(!o.protocolId||o.protocolId!==Ji)throw new Error("zkey file protocol unrecognized");n=await async function(t,e){const a=await Ja(t.q);let i={protocol:t.protocol,curve:a.name,nPublic:t.nPublic,power:t.power,k1:a.Fr.toObject(t.k1),k2:a.Fr.toObject(t.k2),w:a.Fr.toObject(a.Fr.w[t.power]),w3:a.Fr.toObject(t.w3),w4:a.Fr.toObject(t.w4),w8:a.Fr.toObject(t.w8),wr:a.Fr.toObject(t.wr),X_2:a.G2.toObject(t.X_2),C0:a.G1.toObject(t.C0)};return On(i)}(o)}return await a.close(),e&&e.info("EXPORT VERIFICATION KEY FINISHED"),n}var Un={};const{unstringifyBigInts:zn,stringifyBigInts:Qn}=fa;async function qn(t,e,a){a&&a.info("FFLONK EXPORT SOLIDITY VERIFIER STARTED");const i=await Xa(t.curve);let o=c(t.w3);t.w3_2=d(i.Fr.square(o));let n=c(t.w4);t.w4_2=d(i.Fr.square(n)),t.w4_3=d(i.Fr.mul(i.Fr.square(n),n));let l=c(t.w8),r=i.Fr.one;for(let e=1;e<8;e++)r=i.Fr.mul(r,l),t["w8_"+e]=d(r);let s=e[t.protocol];return a&&a.info("FFLONK EXPORT SOLIDITY VERIFIER FINISHED"),Un.render(s,t);function c(t){const e=zn(t);return i.Fr.fromObject(e)}function d(t){const e=i.Fr.toObject(t);return Qn(e)}}var Mn=Object.freeze({__proto__:null,newZKey:Sn,exportBellman:async function(t,e,a){const{fd:i,sections:o}=await za(t,"zkey",2),n=await yo(i,o);if("groth16"!=n.protocol)throw new Error("zkey file is not groth16");const l=await Ja(n.q),r=2*l.G1.F.n8,s=2*l.G2.F.n8,c=await Co(i,l,o),d=await Ta(e);let u;await w(n.vk_alpha_1),await w(n.vk_beta_1),await L(n.vk_beta_2),await L(n.vk_gamma_2),await w(n.vk_delta_1),await L(n.vk_delta_2),u=await Va(i,o,3),u=await l.G1.batchLEMtoU(u),await b("G1",u);const g=await Va(i,o,9);let f,h,_,p,m;f=await l.G1.fft(g,"affine","jacobian",a),f=await l.G1.batchApplyKey(f,l.Fr.neg(l.Fr.e(2)),l.Fr.w[n.power+1],"jacobian","affine",a),f=f.slice(0,f.byteLength-r),f=await l.G1.batchLEMtoU(f),await b("G1",f),h=await Va(i,o,8),h=await l.G1.batchLEMtoU(h),await b("G1",h),_=await Va(i,o,5),_=await l.G1.batchLEMtoU(_),await b("G1",_),p=await Va(i,o,6),p=await l.G1.batchLEMtoU(p),await b("G1",p),m=await Va(i,o,7),m=await l.G2.batchLEMtoU(m),await b("G2",m),await d.write(c.csHash),await async function(t){const e=new Uint8Array(4);new DataView(e.buffer,e.byteOffset,e.byteLength).setUint32(0,t,!1),await d.write(e)}(c.contributions.length);for(let t=0;tg.contributions.length)return o&&o.error("The impoerted file does not include new contributions"),!1;for(let t=0;t=256)return n&&n.error("Maximum length of beacon hash is 255 bytes"),!1;if((o=parseInt(o))<10||o>63)return n&&n.error("Invalid numIterationsExp. (Must be between 10 and 63)"),!1;const{fd:r,sections:s}=await za(t,"zkey",2),c=await yo(r,s);if("groth16"!=c.protocol)throw new Error("zkey file is not groth16");const d=await Ja(c.q),u=await Co(r,d,s),g=await Qa(e,"zkey",1,10),f=await Ki(l,o),h=ai.exports(64);h.update(u.csHash);for(let t=0;t{const i=this.curve.G1.toObject(this.polynomials[a]);t?e.polynomials[a]=i:e[a]=i})),Object.keys(this.evaluations).forEach((a=>{const i=this.curve.Fr.toObject(this.evaluations[a]);t?e.evaluations[a]=i:e[a]=i})),e}fromObjectProof(t){this.resetProof(),Object.keys(t.polynomials).forEach((e=>{this.polynomials[e]=this.curve.G1.fromObject(t.polynomials[e])})),Object.keys(t.evaluations).forEach((e=>{this.evaluations[e]=this.curve.Fr.fromObject(t.evaluations[e])}))}}var Rn,Dn={exports:{}}; /** * [js-sha3]{@link https://github.com/emn178/js-sha3} * @@ -6,4 +6,4 @@ var snarkjs=function(t){"use strict";const e=[0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4];f * @author Chen, Yi-Cyuan [emn178@gmail.com] * @copyright Chen, Yi-Cyuan 2015-2018 * @license MIT - */Mn=kn,function(){var t="input is invalid type",e="object"==typeof window,a=e?window:{};a.JS_SHA3_NO_WINDOW&&(e=!1);var i=!e&&"object"==typeof self;!a.JS_SHA3_NO_NODE_JS&&"object"==typeof process&&process.versions&&process.versions.node?a=Xa:i&&(a=self);var o=!a.JS_SHA3_NO_COMMON_JS&&Mn.exports,n=!a.JS_SHA3_NO_ARRAY_BUFFER&&"undefined"!=typeof ArrayBuffer,l="0123456789abcdef".split(""),r=[4,1024,262144,67108864],s=[0,8,16,24],c=[1,0,32898,0,32906,2147483648,2147516416,2147483648,32907,0,2147483649,0,2147516545,2147483648,32777,2147483648,138,0,136,0,2147516425,0,2147483658,0,2147516555,0,139,2147483648,32905,2147483648,32771,2147483648,32770,2147483648,128,2147483648,32778,0,2147483658,2147483648,2147516545,2147483648,32896,2147483648,2147483649,0,2147516424,2147483648],d=[224,256,384,512],u=[128,256],g=["hex","buffer","arrayBuffer","array","digest"],f={128:168,256:136};!a.JS_SHA3_NO_NODE_JS&&Array.isArray||(Array.isArray=function(t){return"[object Array]"===Object.prototype.toString.call(t)}),!n||!a.JS_SHA3_NO_ARRAY_BUFFER_IS_VIEW&&ArrayBuffer.isView||(ArrayBuffer.isView=function(t){return"object"==typeof t&&t.buffer&&t.buffer.constructor===ArrayBuffer});for(var h=function(t,e,a){return function(i){return new B(t,e,t).update(i)[a]()}},_=function(t,e,a){return function(i,o){return new B(t,e,o).update(i)[a]()}},p=function(t,e,a){return function(e,i,o,n){return y["cshake"+t].update(e,i,o,n)[a]()}},m=function(t,e,a){return function(e,i,o,n){return y["kmac"+t].update(e,i,o,n)[a]()}},w=function(t,e,a,i){for(var o=0;o>5,this.byteCount=this.blockCount<<2,this.outputBlocks=a>>5,this.extraBytes=(31&a)>>3;for(var i=0;i<50;++i)this.s[i]=0}function S(t,e,a){B.call(this,t,e,a)}B.prototype.update=function(e){if(this.finalized)throw new Error("finalize already called");var a,i=typeof e;if("string"!==i){if("object"!==i)throw new Error(t);if(null===e)throw new Error(t);if(n&&e.constructor===ArrayBuffer)e=new Uint8Array(e);else if(!(Array.isArray(e)||n&&ArrayBuffer.isView(e)))throw new Error(t);a=!0}for(var o,l,r=this.blocks,c=this.byteCount,d=e.length,u=this.blockCount,g=0,f=this.s;g>2]|=e[g]<>2]|=l<>2]|=(192|l>>6)<>2]|=(128|63&l)<=57344?(r[o>>2]|=(224|l>>12)<>2]|=(128|l>>6&63)<>2]|=(128|63&l)<>2]|=(240|l>>18)<>2]|=(128|l>>12&63)<>2]|=(128|l>>6&63)<>2]|=(128|63&l)<=c){for(this.start=o-c,this.block=r[u],o=0;o>=8);a>0;)o.unshift(a),a=255&(t>>=8),++i;return e?o.push(i):o.unshift(i),this.update(o),o.length},B.prototype.encodeString=function(e){var a,i=typeof e;if("string"!==i){if("object"!==i)throw new Error(t);if(null===e)throw new Error(t);if(n&&e.constructor===ArrayBuffer)e=new Uint8Array(e);else if(!(Array.isArray(e)||n&&ArrayBuffer.isView(e)))throw new Error(t);a=!0}var o=0,l=e.length;if(a)o=l;else for(var r=0;r=57344?o+=3:(s=65536+((1023&s)<<10|1023&e.charCodeAt(++r)),o+=4)}return o+=this.encode(8*o),this.update(e),o},B.prototype.bytepad=function(t,e){for(var a=this.encode(e),i=0;i>2]|=this.padding[3&e],this.lastByteIndex===this.byteCount)for(t[0]=t[a],e=1;e>4&15]+l[15&t]+l[t>>12&15]+l[t>>8&15]+l[t>>20&15]+l[t>>16&15]+l[t>>28&15]+l[t>>24&15];r%e==0&&(P(a),n=0)}return o&&(t=a[n],s+=l[t>>4&15]+l[15&t],o>1&&(s+=l[t>>12&15]+l[t>>8&15]),o>2&&(s+=l[t>>20&15]+l[t>>16&15])),s},B.prototype.arrayBuffer=function(){this.finalize();var t,e=this.blockCount,a=this.s,i=this.outputBlocks,o=this.extraBytes,n=0,l=0,r=this.outputBits>>3;t=o?new ArrayBuffer(i+1<<2):new ArrayBuffer(r);for(var s=new Uint32Array(t);l>8&255,s[t+2]=e>>16&255,s[t+3]=e>>24&255;r%a==0&&P(i)}return n&&(t=r<<2,e=i[l],s[t]=255&e,n>1&&(s[t+1]=e>>8&255),n>2&&(s[t+2]=e>>16&255)),s},S.prototype=new B,S.prototype.finalize=function(){return this.encode(this.outputBits,!0),B.prototype.finalize.call(this)};var P=function(t){var e,a,i,o,n,l,r,s,d,u,g,f,h,_,p,m,w,L,b,y,A,C,I,F,x,E,v,B,S,P,G,O,T,U,z,Q,q,M,k,R,D,N,$,V,K,j,H,Z,W,Y,J,X,tt,et,at,it,ot,nt,lt,rt,st,ct,dt;for(i=0;i<48;i+=2)o=t[0]^t[10]^t[20]^t[30]^t[40],n=t[1]^t[11]^t[21]^t[31]^t[41],l=t[2]^t[12]^t[22]^t[32]^t[42],r=t[3]^t[13]^t[23]^t[33]^t[43],s=t[4]^t[14]^t[24]^t[34]^t[44],d=t[5]^t[15]^t[25]^t[35]^t[45],u=t[6]^t[16]^t[26]^t[36]^t[46],g=t[7]^t[17]^t[27]^t[37]^t[47],e=(f=t[8]^t[18]^t[28]^t[38]^t[48])^(l<<1|r>>>31),a=(h=t[9]^t[19]^t[29]^t[39]^t[49])^(r<<1|l>>>31),t[0]^=e,t[1]^=a,t[10]^=e,t[11]^=a,t[20]^=e,t[21]^=a,t[30]^=e,t[31]^=a,t[40]^=e,t[41]^=a,e=o^(s<<1|d>>>31),a=n^(d<<1|s>>>31),t[2]^=e,t[3]^=a,t[12]^=e,t[13]^=a,t[22]^=e,t[23]^=a,t[32]^=e,t[33]^=a,t[42]^=e,t[43]^=a,e=l^(u<<1|g>>>31),a=r^(g<<1|u>>>31),t[4]^=e,t[5]^=a,t[14]^=e,t[15]^=a,t[24]^=e,t[25]^=a,t[34]^=e,t[35]^=a,t[44]^=e,t[45]^=a,e=s^(f<<1|h>>>31),a=d^(h<<1|f>>>31),t[6]^=e,t[7]^=a,t[16]^=e,t[17]^=a,t[26]^=e,t[27]^=a,t[36]^=e,t[37]^=a,t[46]^=e,t[47]^=a,e=u^(o<<1|n>>>31),a=g^(n<<1|o>>>31),t[8]^=e,t[9]^=a,t[18]^=e,t[19]^=a,t[28]^=e,t[29]^=a,t[38]^=e,t[39]^=a,t[48]^=e,t[49]^=a,_=t[0],p=t[1],j=t[11]<<4|t[10]>>>28,H=t[10]<<4|t[11]>>>28,B=t[20]<<3|t[21]>>>29,S=t[21]<<3|t[20]>>>29,rt=t[31]<<9|t[30]>>>23,st=t[30]<<9|t[31]>>>23,N=t[40]<<18|t[41]>>>14,$=t[41]<<18|t[40]>>>14,U=t[2]<<1|t[3]>>>31,z=t[3]<<1|t[2]>>>31,m=t[13]<<12|t[12]>>>20,w=t[12]<<12|t[13]>>>20,Z=t[22]<<10|t[23]>>>22,W=t[23]<<10|t[22]>>>22,P=t[33]<<13|t[32]>>>19,G=t[32]<<13|t[33]>>>19,ct=t[42]<<2|t[43]>>>30,dt=t[43]<<2|t[42]>>>30,et=t[5]<<30|t[4]>>>2,at=t[4]<<30|t[5]>>>2,Q=t[14]<<6|t[15]>>>26,q=t[15]<<6|t[14]>>>26,L=t[25]<<11|t[24]>>>21,b=t[24]<<11|t[25]>>>21,Y=t[34]<<15|t[35]>>>17,J=t[35]<<15|t[34]>>>17,O=t[45]<<29|t[44]>>>3,T=t[44]<<29|t[45]>>>3,F=t[6]<<28|t[7]>>>4,x=t[7]<<28|t[6]>>>4,it=t[17]<<23|t[16]>>>9,ot=t[16]<<23|t[17]>>>9,M=t[26]<<25|t[27]>>>7,k=t[27]<<25|t[26]>>>7,y=t[36]<<21|t[37]>>>11,A=t[37]<<21|t[36]>>>11,X=t[47]<<24|t[46]>>>8,tt=t[46]<<24|t[47]>>>8,V=t[8]<<27|t[9]>>>5,K=t[9]<<27|t[8]>>>5,E=t[18]<<20|t[19]>>>12,v=t[19]<<20|t[18]>>>12,nt=t[29]<<7|t[28]>>>25,lt=t[28]<<7|t[29]>>>25,R=t[38]<<8|t[39]>>>24,D=t[39]<<8|t[38]>>>24,C=t[48]<<14|t[49]>>>18,I=t[49]<<14|t[48]>>>18,t[0]=_^~m&L,t[1]=p^~w&b,t[10]=F^~E&B,t[11]=x^~v&S,t[20]=U^~Q&M,t[21]=z^~q&k,t[30]=V^~j&Z,t[31]=K^~H&W,t[40]=et^~it&nt,t[41]=at^~ot<,t[2]=m^~L&y,t[3]=w^~b&A,t[12]=E^~B&P,t[13]=v^~S&G,t[22]=Q^~M&R,t[23]=q^~k&D,t[32]=j^~Z&Y,t[33]=H^~W&J,t[42]=it^~nt&rt,t[43]=ot^~lt&st,t[4]=L^~y&C,t[5]=b^~A&I,t[14]=B^~P&O,t[15]=S^~G&T,t[24]=M^~R&N,t[25]=k^~D&$,t[34]=Z^~Y&X,t[35]=W^~J&tt,t[44]=nt^~rt&ct,t[45]=lt^~st&dt,t[6]=y^~C&_,t[7]=A^~I&p,t[16]=P^~O&F,t[17]=G^~T&x,t[26]=R^~N&U,t[27]=D^~$&z,t[36]=Y^~X&V,t[37]=J^~tt&K,t[46]=rt^~ct&et,t[47]=st^~dt&at,t[8]=C^~_&m,t[9]=I^~p&w,t[18]=O^~F&E,t[19]=T^~x&v,t[28]=N^~U&Q,t[29]=$^~z&q,t[38]=X^~V&j,t[39]=tt^~K&H,t[48]=ct^~et&it,t[49]=dt^~at&ot,t[0]^=c[i],t[1]^=c[i+1]};if(o)Mn.exports=y;else for(C=0;C0===a.type?t++:e++));let a=new Uint8Array(e*this.Fr.n8+t*this.G1.F.n8*2),i=0;for(let t=0;t32768?new Se(t.length*i.n8):new Uint8Array(t.length*i.n8);for(let e=0;e32768?new Se(i*o.n8):new Uint8Array(i*o.n8);return n.set(t.coef.slice(),0),new il(n,e,a)}isEqual(t){const e=this.degree();if(e!==t.degree())return!1;for(let a=0;a32768?new Se((this.length()+t.length)*this.Fr.n8):new Uint8Array((this.length()+t.length)*this.Fr.n8);e.set(this.coef,0);for(let a=0;athis.coef.byteLength?this.Fr.zero:this.coef.slice(e,e+this.Fr.n8)}setCoef(t,e){if(t>this.length()-1)throw new Error("Coef index is not available");this.coef.set(e,t*this.Fr.n8)}static async to4T(t,e,a,i){a=a||[];let o=await i.ifft(t);const n=4*e>32768?new Se(4*e*i.n8):new Uint8Array(4*e*i.n8);n.set(o,0);const l=await i.fft(n);if(0===a.length)return[o,l];const r=e+a.length>32768?new Se((e+a.length)*i.n8):new Uint8Array((e+a.length)*i.n8);r.set(o,0);for(let t=0;t0;t--){const e=t*this.Fr.n8;if(!this.Fr.eq(this.Fr.zero,this.coef.slice(e,e+this.Fr.n8)))return t}return 0}evaluate(t){let e=this.Fr.zero;for(let a=this.degree()+1;a>0;a--){let i=a*this.Fr.n8;const o=this.coef.slice(i-this.Fr.n8,i);e=this.Fr.add(o,this.Fr.mul(e,t))}return e}fastEvaluate(t){const e=this.Fr;let a=this.degree()+1,i=parseInt(a/3),o=a-3*i,n=[],l=[];l[0]=e.one;for(let a=0;a<3;a++){n[a]=e.zero;for(let r=2===a?i+o:i;r>0;r--)n[a]=e.add(this.getCoef(a*i+r-1),e.mul(n[a],t)),0===a&&(l[0]=e.mul(l[0],t))}for(let t=1;t<3;t++)n[0]=e.add(n[0],e.mul(l[t-1],n[t])),l[t]=e.mul(l[t-1],l[0]);return n[0]}add(t,e){let a=!1;t.length()>this.length()&&(a=!0);const i=this.length(),o=t.length();for(let n=0;nthis.length()&&(a=!0);const i=this.length(),o=t.length();for(let n=0;n32768?new Se(a*e.n8):new Uint8Array(a*e.n8);let o=new il(i,this.curve,this.logger);o.coef.set(this.coef.slice(0,(a-1)*e.n8),32),this.mulScalar(e.neg(t)),o.add(this),this.coef=o.coef}byXNSubValue(t,e){const a=this.Fr,i=!(this.length()-t-1>=this.degree())?this.length()+t:this.length(),o=i>32768?new Se(i*a.n8):new Uint8Array(i*a.n8);let n=new il(o,this.curve,this.logger);n.coef.set(this.coef.slice(0,32*(this.degree()+1)),32*t),this.mulScalar(e),n.add(this),this.coef=n.coef}divBy(t){const e=this.Fr,a=this.degree(),i=t.degree();let o=new il(this.coef,this.curve,this.logger);this.coef=this.length()>32768?new Se(this.length()*e.n8):new Uint8Array(this.length()*e.n8);for(let n=a-i;n>=0;n--){this.setCoef(n,e.div(o.getCoef(n+i),t.getCoef(i)));for(let a=0;a<=i;a++)o.setCoef(n+a,e.sub(o.getCoef(n+a),e.mul(this.getCoef(n),t.getCoef(a))))}return o}divByMonic(t,e){const a=this.Fr;let i=this.degree(),o=this.length()>32768?new Se(this.length()*a.n8):new Uint8Array(this.length()*a.n8),n=new il(o,this.curve,this.logger),l=[];for(let e=0;e=0&&!(s<0);s-=r){let i=o;l[i]=a.add(this.getCoef(s+t),a.mul(l[i],e)),n.setCoef(s,l[i])}this.coef=n.coef}divByVanishing(t,e){if(this.degree()32768?new Se(this.length()*a.n8):new Uint8Array(this.length()*a.n8);for(let o=this.length()-1;o>=t;o--){let n=i.getCoef(o);a.eq(a.zero,n)||(i.setCoef(o,a.zero),i.setCoef(o-t,a.add(i.getCoef(o-t),a.mul(e,n))),this.setCoef(o-t,a.add(this.getCoef(o-t),n)))}return i}divByVanishing2(t,e){if(this.degree()32768?new Se(this.length()*a.n8):new Uint8Array(this.length()*a.n8);let o=this.length()-t,n=Math.floor(o/3),l=o-2*n;console.log(o),console.log(n+" "+l);for(let o=0;o<3;o++){console.log("> Thread "+o);for(let r=0===o?l:n;r>0;r--){let s=r-1;0!==o&&(s+=(o-1)*n+l);let c=s+t,d=i.getCoef(c);a.eq(a.zero,d)||(i.setCoef(c,a.zero),i.setCoef(s,a.add(i.getCoef(s),a.mul(e,d))),this.setCoef(s,a.add(this.getCoef(s),d)),console.log(s+" <-- "+c))}}return this.print(),i}fastDivByVanishing(t){const e=this.Fr;for(let a=0;a32768?new Se(this.length()*e.n8):new Uint8Array(this.length()*e.n8),this.curve,this.logger),u=this.coef;this.coef=d.coef,d.coef=u;for(let t=0;t0;t--){let a=t-1,o=a*s+c;h[a]=[];for(let l=0;l32768?new Se(this.length()*this.Fr.n8):new Uint8Array(this.length()*this.Fr.n8);e.set(this.Fr.zero,(this.length()-1)*this.Fr.n8),e.set(this.coef.slice((this.length()-1)*this.Fr.n8,this.length()*this.Fr.n8),(this.length()-2)*this.Fr.n8);for(let a=this.length()-3;a>=0;a--){let i=a*this.Fr.n8;e.set(this.Fr.add(this.coef.slice(i+this.Fr.n8,i+2*this.Fr.n8),this.Fr.mul(t,e.slice(i+this.Fr.n8,i+2*this.Fr.n8))),a*this.Fr.n8)}if(!this.Fr.eq(this.coef.slice(0,this.Fr.n8),this.Fr.mul(this.Fr.neg(t),e.slice(0,this.Fr.n8))))throw new Error("Polynomial does not divide");this.coef=e}divZh(t,e=4){for(let e=0;et*(e-1)-e&&!this.Fr.isZero(o))throw new Error("Polynomial is not divisible")}return this}divByZerofier(t,e){let a=this.Fr;const i=a.inv(e),o=a.neg(i);let n=a.eq(a.one,o),l=a.eq(a.negone,o);if(!n)for(let e=0;ethis.length()-t-1&&!this.Fr.isZero(s))throw new Error("Polynomial is not divisible")}return this}byX(){const t=this.length()+1>32768?new Se(this.coef.byteLength+this.Fr.n8):new Uint8Array(this.coef.byteLength+this.Fr.n8);t.set(this.Fr.zero,0),t.set(this.coef,this.Fr.n8),this.coef=t}static async expX(t,e,a=!1){const i=t.Fr;if(e<1)throw new Error("Compute a new polynomial to a zero or negative number is not allowed");if(1===e)return await il.fromEvaluations(t.coef,curve,t.logger);const o=a?t.degree():t.length()-1,n=o*e+1>32768?new Se((o*e+1)*i.n8):new Uint8Array((o*e+1)*i.n8);n.set(t.getCoef(0),0);for(let a=1;a<=o;a++){const o=a*i.n8,l=t.getCoef(a);n.set(l,o*e)}return new il(n,t.curve,t.logger)}split(t,e,a){if(t<1)throw new Error(`Polynomials can't be split in ${t} parts`);if(1===t)return[this];if(0!==a.length&&a.length32768?new Se(l):new Uint8Array(l);o[e]=new il(r,this.curve,this.logger);const s=e*i,c=n?this.coef.byteLength:(e+1)*i;if(o[e].coef.set(this.coef.slice(s,c),0),n||o[e].coef.set(a[e],i),0!==e){const t=this.Fr.sub(o[e].coef.slice(0,this.Fr.n8),a[e-1]);o[e].coef.set(t,0)}n&&o[e].truncate()}return o}truncate(){const t=this.degree();if(t+132768?new Se((t+1)*this.Fr.n8):new Uint8Array((t+1)*this.Fr.n8);e.set(this.coef.slice(0,(t+1)*this.Fr.n8),0),this.coef=e}}static lagrangePolynomialInterpolation(t,e,a){const i=a.Fr;let o=n(0);for(let e=1;e32768?new Se(t.length*i.n8):new Uint8Array(t.length*i.n8);n=new il(o,a),n.setCoef(0,i.neg(t[e])),n.setCoef(1,i.one)}else n.byXSubValue(t[e]);let l=n.evaluate(t[o]);l=i.inv(l);const r=i.mul(e[o],l);return n.mulScalar(r),n}}static zerofierPolynomial(t,e){const a=e.Fr;let i=t.length+1>32768?new Se((t.length+1)*a.n8):new Uint8Array((t.length+1)*a.n8),o=new il(i,e);o.setCoef(0,a.neg(t[0])),o.setCoef(1,a.one);for(let e=1;e=0;a--){const i=this.getCoef(a);t.eq(t.zero,i)||(t.isNegative(i)?e+=" - ":a!==this.degree()&&(e+=" + "),e+=t.toString(i),a>0&&(e+=a>1?"x^"+a:"x"))}console.log(e)}async multiExponentiation(t,e){const a=this.coef.byteLength/this.Fr.n8,i=t.slice(0,a*this.G1.F.n8*2),o=await this.Fr.batchFromMontgomery(this.coef);let n=await this.G1.multiExpAffine(i,o,this.logger,e);return n=this.G1.toAffine(n),n}}class ol{constructor(t,e,a){this.eval=t,this.curve=e,this.Fr=e.Fr,this.logger=a}static async fromPolynomial(t,e,a,i){const o=new Se(t.length()*e*a.Fr.n8);o.set(t.coef,0);const n=await a.Fr.fft(o);return new ol(n,a,i)}getEvaluation(t){const e=t*this.Fr.n8;if(e+this.Fr.n8>this.eval.byteLength)throw new Error("Evaluations.getEvaluation() out of bounds");return this.eval.slice(e,e+this.Fr.n8)}length(){let t=this.eval.byteLength/this.Fr.n8;if(t!==Math.floor(this.eval.byteLength/this.Fr.n8))throw new Error("Polynomial evaluations buffer has incorrect size");return 0===t&&this.logger.warn("Polynomial has length zero"),t}}const{stringifyBigInts:nl}=fa;async function ll(t,e,a){const{fd:i,sections:o}=await za(e,"wtns",2);a&&a.debug("> Reading witness file");const n=await xo(i,o);a&&a.debug("> Reading zkey file");const{fd:l,sections:r}=await za(t,"zkey",2),s=await Lo(l,r);if("plonk"!=s.protocol)throw new Error("zkey file is not plonk");if(!ga.eq(s.r,n.q))throw new Error("Curve of the witness does not match the curve of the proving key");if(n.nWitness!=s.nVars-s.nAdditions)throw new Error(`Invalid witness length. Circuit: ${s.nVars}, witness: ${n.nWitness}, ${s.nAdditions}`);const c=s.curve,d=c.Fr,u=c.Fr.n8,g=s.domainSize*u;a&&(a.debug("----------------------------"),a.debug(" PLONK PROVE SETTINGS"),a.debug(` Curve: ${c.name}`),a.debug(` Circuit power: ${s.power}`),a.debug(` Domain size: ${s.domainSize}`),a.debug(` Vars: ${s.nVars}`),a.debug(` Public vars: ${s.nPublic}`),a.debug(` Constraints: ${s.nConstraints}`),a.debug(` Additions: ${s.nAdditions}`),a.debug("----------------------------")),a&&a.debug("> Reading witness file data");const f=await Va(i,o,2);f.set(d.zero,0);const h=new Se(u*s.nAdditions);let _={},p={},m={},w={},L=new qn(c,a);const b=new Nn(c);a&&a.debug(`> Reading Section ${Vn}. Additions`),await async function(){a&&a.debug("··· Computing additions");const t=await Va(l,r,Vn),e=8+2*u;for(let i=0;i Reading Section ${tl}. Sigma1, Sigma2 & Sigma 3`),a&&a.debug("··· Reading Sigma polynomials "),p.Sigma1=new il(new Se(g),c,a),p.Sigma2=new il(new Se(g),c,a),p.Sigma3=new il(new Se(g),c,a),await l.readToBuffer(p.Sigma1.coef,0,g,r[tl][0].p),await l.readToBuffer(p.Sigma2.coef,0,g,r[tl][0].p+5*g),await l.readToBuffer(p.Sigma3.coef,0,g,r[tl][0].p+10*g),a&&a.debug("··· Reading Sigma evaluations"),m.Sigma1=new ol(new Se(4*g),c,a),m.Sigma2=new ol(new Se(4*g),c,a),m.Sigma3=new ol(new Se(4*g),c,a),await l.readToBuffer(m.Sigma1.eval,0,4*g,r[tl][0].p+g),await l.readToBuffer(m.Sigma2.eval,0,4*g,r[tl][0].p+6*g),await l.readToBuffer(m.Sigma3.eval,0,4*g,r[tl][0].p+11*g),a&&a.debug(`> Reading Section ${al}. Powers of Tau`);const y=await Va(l,r,al);let A=[];for(let t=1;t<=s.nPublic;t++){const e=f.slice(t*d.n8,t*d.n8+d.n8);A.push(ga.fromRprLE(e))}a&&a.debug(""),a&&a.debug("> ROUND 1"),await async function(){w.b=[];for(let t=1;t<=11;t++)w.b[t]=c.Fr.random();a&&a.debug("> Computing A, B, C wire polynomials");await async function(){a&&a.debug("··· Reading data from zkey file");_.A=new Se(g),_.B=new Se(g),_.C=new Se(g);const t=await Va(l,r,Kn),e=await Va(l,r,jn),i=await Va(l,r,Hn);for(let a=0;a=s.domainSize+2)throw new Error("A Polynomial is not well calculated");if(p.B.degree()>=s.domainSize+2)throw new Error("B Polynomial is not well calculated");if(p.C.degree()>=s.domainSize+2)throw new Error("C Polynomial is not well calculated")}(),a&&a.debug("> Computing A, B, C MSM");let t=await p.A.multiExponentiation(y,"A"),e=await p.B.multiExponentiation(y,"B"),i=await p.C.multiExponentiation(y,"C");return L.addPolynomial("A",t),L.addPolynomial("B",e),L.addPolynomial("C",i),0}(),a&&a.debug("> ROUND 2"),await async function(){a&&a.debug("> Computing challenges beta and gamma");b.reset(),b.addPolCommitment(s.Qm),b.addPolCommitment(s.Ql),b.addPolCommitment(s.Qr),b.addPolCommitment(s.Qo),b.addPolCommitment(s.Qc),b.addPolCommitment(s.S1),b.addPolCommitment(s.S2),b.addPolCommitment(s.S3);for(let t=0;t Computing Z polynomial");await async function(){a&&a.debug("··· Computing Z evaluations");let t=new Se(g),e=new Se(g);t.set(d.one,0),e.set(d.one,0);let i=d.one;for(let a=0;a=s.domainSize+3)throw new Error("Z Polynomial is not well calculated");delete _.Z}(),a&&a.debug("> Computing Z MSM");let t=await p.Z.multiExponentiation(y,"Z");L.addPolynomial("Z",t)}(),a&&a.debug("> ROUND 3"),await async function(){a&&a.debug("> Computing challenge alpha");b.reset(),b.addScalar(w.beta),b.addScalar(w.gamma),b.addPolCommitment(L.getPolynomial("Z")),w.alpha=b.getChallenge(),w.alpha2=d.square(w.alpha),a&&a.debug("··· challenges.alpha: "+d.toString(w.alpha,16));a&&a.debug("> Computing T polynomial");await async function(){a&&a.debug(`··· Reading sections ${Wn}, ${Yn}, ${Zn}, ${Jn}, ${Xn}. Q selectors`);m.QL=new ol(new Se(4*g),c,a),m.QR=new ol(new Se(4*g),c,a),m.QM=new ol(new Se(4*g),c,a),m.QO=new ol(new Se(4*g),c,a),m.QC=new ol(new Se(4*g),c,a),await l.readToBuffer(m.QL.eval,0,4*g,r[Wn][0].p+g),await l.readToBuffer(m.QR.eval,0,4*g,r[Yn][0].p+g),await l.readToBuffer(m.QM.eval,0,4*g,r[Zn][0].p+g),await l.readToBuffer(m.QO.eval,0,4*g,r[Jn][0].p+g),await l.readToBuffer(m.QC.eval,0,4*g,r[Xn][0].p+g),m.Lagrange=new ol(new Se(4*g*s.nPublic),c,a);for(let t=0;t=3*s.domainSize+6)throw new Error("T Polynomial is not well calculated");a&&a.debug("··· Computing T1, T2, T3 polynomials");p.T1=new il(new Se((s.domainSize+1)*u),c,a),p.T2=new il(new Se((s.domainSize+1)*u),c,a),p.T3=new il(new Se((s.domainSize+6)*u),c,a),p.T1.coef.set(p.T.coef.slice(0,g),0),p.T2.coef.set(p.T.coef.slice(g,2*g),0),p.T3.coef.set(p.T.coef.slice(2*g,3*g+6*u),0),p.T1.setCoef(s.domainSize,w.b[10]);const e=d.sub(p.T2.getCoef(0),w.b[10]);p.T2.setCoef(0,e),p.T2.setCoef(s.domainSize,w.b[11]);const i=d.sub(p.T3.getCoef(0),w.b[11]);p.T3.setCoef(0,i)}(),a&&a.debug("> Computing T MSM");let t=await p.T1.multiExponentiation(y,"T1"),e=await p.T2.multiExponentiation(y,"T2"),i=await p.T3.multiExponentiation(y,"T3");L.addPolynomial("T1",t),L.addPolynomial("T2",e),L.addPolynomial("T3",i)}(),a&&a.debug("> ROUND 4"),await async function(){a&&a.debug("> Computing challenge xi");b.reset(),b.addScalar(w.alpha),b.addPolCommitment(L.getPolynomial("T1")),b.addPolCommitment(L.getPolynomial("T2")),b.addPolCommitment(L.getPolynomial("T3")),w.xi=b.getChallenge(),w.xiw=d.mul(w.xi,d.w[s.power]),a&&a.debug("··· challenges.xi: "+d.toString(w.xi,16));L.addEvaluation("eval_a",p.A.evaluate(w.xi)),L.addEvaluation("eval_b",p.B.evaluate(w.xi)),L.addEvaluation("eval_c",p.C.evaluate(w.xi)),L.addEvaluation("eval_s1",p.Sigma1.evaluate(w.xi)),L.addEvaluation("eval_s2",p.Sigma2.evaluate(w.xi)),L.addEvaluation("eval_zw",p.Z.evaluate(w.xiw))}(),a&&a.debug("> ROUND 5"),await async function(){a&&a.debug("> Computing challenge v");b.reset(),b.addScalar(w.xi),b.addScalar(L.getEvaluation("eval_a")),b.addScalar(L.getEvaluation("eval_b")),b.addScalar(L.getEvaluation("eval_c")),b.addScalar(L.getEvaluation("eval_s1")),b.addScalar(L.getEvaluation("eval_s2")),b.addScalar(L.getEvaluation("eval_zw")),w.v=[],w.v[1]=b.getChallenge(),a&&a.debug("··· challenges.v: "+d.toString(w.v[1],16));for(let t=2;t<6;t++)w.v[t]=d.mul(w.v[t-1],w.v[1]);a&&a.debug("> Computing linearisation polynomial R(X)");await async function(){const t=c.Fr;p.QL=new il(new Se(g),c,a),p.QR=new il(new Se(g),c,a),p.QM=new il(new Se(g),c,a),p.QO=new il(new Se(g),c,a),p.QC=new il(new Se(g),c,a),await l.readToBuffer(p.QL.coef,0,g,r[Wn][0].p),await l.readToBuffer(p.QR.coef,0,g,r[Yn][0].p),await l.readToBuffer(p.QM.coef,0,g,r[Zn][0].p),await l.readToBuffer(p.QO.coef,0,g,r[Jn][0].p),await l.readToBuffer(p.QC.coef,0,g,r[Xn][0].p),w.xin=w.xi;for(let e=0;e Computing opening proof polynomial Wxi(X) polynomial");p.Wxi=new il(new Se(g+6*u),c,a),p.Wxi.add(p.R),p.Wxi.add(p.A,w.v[1]),p.Wxi.add(p.B,w.v[2]),p.Wxi.add(p.C,w.v[3]),p.Wxi.add(p.Sigma1,w.v[4]),p.Wxi.add(p.Sigma2,w.v[5]),p.Wxi.subScalar(d.mul(w.v[1],L.evaluations.eval_a)),p.Wxi.subScalar(d.mul(w.v[2],L.evaluations.eval_b)),p.Wxi.subScalar(d.mul(w.v[3],L.evaluations.eval_c)),p.Wxi.subScalar(d.mul(w.v[4],L.evaluations.eval_s1)),p.Wxi.subScalar(d.mul(w.v[5],L.evaluations.eval_s2)),void p.Wxi.divByZerofier(1,w.xi),a&&a.debug("> Computing opening proof polynomial Wxiw(X) polynomial");(async function(){p.Wxiw=il.fromPolynomial(p.Z,c,a),p.Wxiw.subScalar(L.evaluations.eval_zw),p.Wxiw.divByZerofier(1,w.xiw)})(),a&&a.debug("> Computing Wxi, Wxiw MSM");let t=await p.Wxi.multiExponentiation(y,"Wxi"),e=await p.Wxiw.multiExponentiation(y,"Wxiw");L.addPolynomial("Wxi",t),L.addPolynomial("Wxiw",e)}(),await l.close(),await i.close();let C=L.toObjectProof(!1);return C.protocol="plonk",C.curve=c.name,a&&a.debug("PLONK PROVER FINISHED"),{proof:nl(C),publicSignals:nl(A)};function I(t,e){const a=t.slice(e,e+4);return new DataView(a.buffer,a.byteOffset,a.byteLength).getUint32(0,!0)}function F(t){return ta;){const e=o.shift(),a=o.shift(),i=e[0],n=a[0],l=w++,r=t.zero,s=t.neg(e[1]),c=t.neg(a[1]),d=t.one,u=t.zero;p.push([i,n,l,r,s,c,d,u]),m.push([i,n,e[1],a[1]]),o.push([l,t.one])}for(let t=0;t0?i.toString():a!=t.zero?"k":"0"}function s(e,a,s){const c=r(e),d=r(a);if("0"===c||"0"===d)i(s),l(s);else if("k"===c){l(o(a,e[0],s))}else if("k"===d){l(o(e,a[0],s))}else!function(e,a,i){const o=n(e,1),l=n(a,1),r=n(i,1),s=o.s[0],c=l.s[0],d=r.s[0],u=t.mul(o.coefs[0],l.coefs[0]),g=t.mul(o.coefs[0],l.k),f=t.mul(o.k,l.coefs[0]),h=t.neg(r.coefs[0]),_=t.sub(t.mul(o.k,l.k),r.k);p.push([s,c,d,u,g,f,h,_])}(e,a,s)}for(let e=1;e<=L;e++){const a=e,i=0,o=0,n=t.zero,l=t.one,r=t.zero,s=t.zero,c=t.zero;p.push([a,i,o,n,l,r,s,c])}for(let t=0;tr)return i&&i.error(`circuit too big for this power of tau ceremony. ${p.length} > 2**${r}`),-1;if(!n[12])return i&&i.error("Powers of tau is not prepared."),-1;const C=new Se(A*u),I=n[12][0].p+(2**y-1)*u;await o.readToBuffer(C,0,A*u,I);const[F,x]=function(){let t=h.two;for(;a(t,[],y);)h.add(t,h.one);let e=h.add(t,h.one);for(;a(e,[t],y);)h.add(e,h.one);return[t,e];function a(t,e,a){const i=2**a;let o=h.one;for(let n=0;n0?2:this.Fr.isZero(e)?0:1}normalizeLinearCombination(t){const e=Object.keys(t);for(let a=0;ao;){const i=l.shift(),o=l.shift(),n=t.nVars++,r=this.fnGetAdditionConstraint(i[0],o[0],n,this.Fr.neg(i[1]),this.Fr.neg(o[1]),this.Fr.zero,this.Fr.one,this.Fr.zero);e.push(r),a.push([i[0],o[0],i[1],o[1]]),l.push([n,this.Fr.one])}for(let t=0;tthis.n-1)throw new Error("CPolynomial:addPolynomial, cannot add a polynomial to a position greater than n-1");this.polynomials[t]=e}degree(){let t=this.polynomials.map(((t,e)=>void 0===t?0:t.degree()*this.n+e));return Math.max(...t)}getPolynomial(){let t=this.polynomials.map((t=>void 0===t?0:t.degree()));const e=this.degree(),a=2**(Ui(e-1)+1),i=this.Fr.n8;let o=new il(new Se(a*i),this.curve,this.logger);for(let a=0;a Reading witness file");const{fd:i,sections:o}=await za(e,"wtns",2),n=await xo(i,o);a&&a.info("> Reading zkey file");const{fd:l,sections:r}=await za(t,"zkey",2),s=await Lo(l,r);if(s.protocolId!==Wi)throw new Error("zkey file is not fflonk");if(!ga.eq(s.r,n.q))throw new Error("Curve of the witness does not match the curve of the proving key");if(n.nWitness!==s.nVars-s.nAdditions)throw new Error(`Invalid witness length. Circuit: ${s.nVars}, witness: ${n.nWitness}, ${s.nAdditions}`);const c=s.curve,d=c.Fr,u=c.Fr.n8,g=2*c.G1.F.n8,f=s.domainSize*u;a&&(a.info("----------------------------"),a.info(" FFLONK PROVE SETTINGS"),a.info(` Curve: ${c.name}`),a.info(` Circuit power: ${s.power}`),a.info(` Domain size: ${s.domainSize}`),a.info(` Vars: ${s.nVars}`),a.info(` Public vars: ${s.nPublic}`),a.info(` Constraints: ${s.nConstraints}`),a.info(` Additions: ${s.nAdditions}`),a.info("----------------------------")),a&&a.info("> Reading witness file data");const h=await Va(i,o,2);await i.close(),h.set(d.zero,0);const _=new Se(s.nAdditions*u);let p={},m={},w={},L={},b={},y={},A=new qn(c,a);a&&a.info(`> Reading Section ${Ji}. Additions`),await async function(){a&&a.info("··· Computing additions");const t=await Va(l,r,Ji),e=8+2*u;for(let i=0;i Reading Sections ${ro},${so},${co}. Sigma1, Sigma2 & Sigma 3`),a&&a.info("··· Reading Sigma polynomials "),m.Sigma1=new il(new Se(f),c,a),m.Sigma2=new il(new Se(f),c,a),m.Sigma3=new il(new Se(f),c,a),await l.readToBuffer(m.Sigma1.coef,0,f,r[ro][0].p),await l.readToBuffer(m.Sigma2.coef,0,f,r[so][0].p),await l.readToBuffer(m.Sigma3.coef,0,f,r[co][0].p),a&&a.info("··· Reading Sigma evaluations"),w.Sigma1=new ol(new Se(4*f),c,a),w.Sigma2=new ol(new Se(4*f),c,a),w.Sigma3=new ol(new Se(4*f),c,a),await l.readToBuffer(w.Sigma1.eval,0,4*f,r[ro][0].p+f),await l.readToBuffer(w.Sigma2.eval,0,4*f,r[so][0].p+f),await l.readToBuffer(w.Sigma3.eval,0,4*f,r[co][0].p+f),a&&a.info(`> Reading Section ${go}. Powers of Tau`);const C=new Se(16*s.domainSize*g);await l.readToBuffer(C,0,(9*s.domainSize+18)*g,r[go][0].p),globalThis.gc&&globalThis.gc(),a&&a.info(""),a&&a.info("> ROUND 1"),await async function(){b.b=[];for(let t=1;t<=9;t++)b.b[t]=d.random();a&&a.info("> Computing A, B, C wire polynomials");await async function(){a&&a.info("··· Reading data from zkey file");p.A=new Se(f),p.B=new Se(f),p.C=new Se(f);const t=await Va(l,r,Xi),e=await Va(l,r,to),i=await Va(l,r,eo);for(let a=0;a=s.domainSize)throw new Error("A Polynomial is not well calculated");if(m.B.degree()>=s.domainSize)throw new Error("B Polynomial is not well calculated");if(m.C.degree()>=s.domainSize)throw new Error("C Polynomial is not well calculated")}(),a&&a.info("> Computing T0 polynomial");await async function(){a&&a.info(`··· Reading sections ${ao}, ${io}, ${oo}, ${no}, ${lo}. Q selectors`);w.QL=new ol(new Se(4*f),c,a),w.QR=new ol(new Se(4*f),c,a),w.QM=new ol(new Se(4*f),c,a),w.QO=new ol(new Se(4*f),c,a),w.QC=new ol(new Se(4*f),c,a),await l.readToBuffer(w.QL.eval,0,4*f,r[ao][0].p+f),await l.readToBuffer(w.QR.eval,0,4*f,r[io][0].p+f),await l.readToBuffer(w.QM.eval,0,4*f,r[oo][0].p+f),await l.readToBuffer(w.QO.eval,0,4*f,r[no][0].p+f),await l.readToBuffer(w.QC.eval,0,4*f,r[lo][0].p+f);const t=await Va(l,r,uo);w.lagrange1=new ol(t,c,a),p.T0=new Se(4*f),a&&a.info("··· Computing T0 evaluations");for(let t=0;t<4*s.domainSize;t++){a&&0!==t&&t%1e5==0&&a.info(` T0 evaluation ${t}/${4*s.domainSize}`);const e=w.A.getEvaluation(t),i=w.B.getEvaluation(t),o=w.C.getEvaluation(t),n=w.QL.getEvaluation(t),l=w.QR.getEvaluation(t),r=w.QM.getEvaluation(t),c=w.QO.getEvaluation(t),g=w.QC.getEvaluation(t);let f=d.zero;for(let e=0;e=2*s.domainSize-2)throw new Error(`T0 Polynomial is not well calculated (degree is ${m.T0.degree()} and must be less than ${2*s.domainSize+2}`);delete p.T0}(),a&&a.info("> Computing C1 polynomial");await async function(){let t=new pl(4,c,a);if(t.addPolynomial(0,m.A),t.addPolynomial(1,m.B),t.addPolynomial(2,m.C),t.addPolynomial(3,m.T0),m.C1=t.getPolynomial(),m.C1.degree()>=8*s.domainSize-8)throw new Error("C1 Polynomial is not well calculated")}(),a&&a.info("> Computing C1 multi exponentiation");let t=await m.C1.multiExponentiation(C,"C1");return A.addPolynomial("C1",t),0}(),delete m.T0,delete w.QL,delete w.QR,delete w.QM,delete w.QO,delete w.QC,globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 2"),await async function(){a&&a.info("> Computing challenges beta and gamma");const t=new Nn(c);t.addPolCommitment(s.C0);for(let e=0;e Computing Z polynomial");await async function(){a&&a.info("··· Computing Z evaluations");let t=new Se(f),e=new Se(f);t.set(d.one,0),e.set(d.one,0);let i=d.one;for(let o=0;o=s.domainSize+3)throw new Error("Z Polynomial is not well calculated");delete p.Z}(),a&&a.info("> Computing T1 polynomial");await async function(){a&&a.info("··· Computing T1 evaluations");p.T1=new Se(2*f),p.T1z=new Se(2*f);let t=d.one;for(let e=0;e<2*s.domainSize;e++){a&&0!==e&&e%1e5==0&&a.info(` T1 evaluation ${e}/${4*s.domainSize}`);const i=d.square(t),o=w.Z.getEvaluation(2*e),n=d.add(d.add(d.mul(b.b[7],i),d.mul(b.b[8],t)),b.b[9]),l=w.lagrange1.getEvaluation(s.domainSize+2*e);let r=d.mul(d.sub(o,d.one),l),c=d.mul(n,l);p.T1.set(r,e*u),p.T1z.set(c,e*u),t=d.mul(t,d.w[s.power+1])}a&&a.info("··· Computing T1 ifft");m.T1=await il.fromEvaluations(p.T1,c,a),m.T1.divByZerofier(s.domainSize,d.one),a&&a.info("··· Computing T1z ifft");if(m.T1z=await il.fromEvaluations(p.T1z,c,a),m.T1.add(m.T1z),m.T1.degree()>=s.domainSize+2)throw new Error("T1 Polynomial is not well calculated");delete p.T1,delete p.T1z,delete m.T1z}(),a&&a.info("> Computing T2 polynomial");await async function(){a&&a.info("··· Computing T2 evaluations");p.T2=new Se(4*f),p.T2z=new Se(4*f);let t=d.one;for(let e=0;e<4*s.domainSize;e++){a&&0!==e&&e%1e5==0&&a.info(` T2 evaluation ${e}/${4*s.domainSize}`);const i=d.square(t),o=d.mul(t,d.w[s.power]),n=d.square(o),l=w.A.getEvaluation(e),r=w.B.getEvaluation(e),c=w.C.getEvaluation(e),g=w.Z.getEvaluation(e),f=w.Z.getEvaluation((4*s.domainSize+4+e)%(4*s.domainSize)),h=d.add(d.add(d.mul(b.b[7],i),d.mul(b.b[8],t)),b.b[9]),_=d.add(d.add(d.mul(b.b[7],n),d.mul(b.b[8],o)),b.b[9]),m=w.Sigma1.getEvaluation(e),L=w.Sigma2.getEvaluation(e),y=w.Sigma3.getEvaluation(e),A=d.mul(b.beta,t);let C=d.add(l,A);C=d.add(C,b.gamma);let I=d.add(r,d.mul(A,s.k1));I=d.add(I,b.gamma);let F=d.add(c,d.mul(A,s.k2));F=d.add(F,b.gamma);let x=d.mul(d.mul(d.mul(C,I),F),g),E=d.mul(d.mul(d.mul(C,I),F),h),v=d.add(l,d.mul(b.beta,m));v=d.add(v,b.gamma);let B=d.add(r,d.mul(b.beta,L));B=d.add(B,b.gamma);let S=d.add(c,d.mul(b.beta,y));S=d.add(S,b.gamma);let P=d.mul(d.mul(d.mul(v,B),S),f),G=d.mul(d.mul(d.mul(v,B),S),_),O=d.sub(x,P),T=d.sub(E,G);p.T2.set(O,e*u),p.T2z.set(T,e*u),t=d.mul(t,d.w[s.power+2])}a&&a.info("··· Computing T2 ifft");m.T2=await il.fromEvaluations(p.T2,c,a),a&&a.info("··· Computing T2 / ZH");m.T2.divByZerofier(s.domainSize,d.one),a&&a.info("··· Computing T2z ifft");if(m.T2z=await il.fromEvaluations(p.T2z,c,a),m.T2.add(m.T2z),m.T2.degree()>=3*s.domainSize)throw new Error("T2 Polynomial is not well calculated");delete p.T2,delete p.T2z,delete m.T2z}(),a&&a.info("> Computing C2 polynomial");await async function(){let t=new pl(3,c,a);if(t.addPolynomial(0,m.Z),t.addPolynomial(1,m.T1),t.addPolynomial(2,m.T2),m.C2=t.getPolynomial(),m.C2.degree()>=9*s.domainSize)throw new Error("C2 Polynomial is not well calculated")}(),a&&a.info("> Computing C2 multi exponentiation");let e=await m.C2.multiExponentiation(C,"C2");return A.addPolynomial("C2",e),0}(),delete p.A,delete p.B,delete p.C,delete w.A,delete w.B,delete w.C,delete w.Sigma1,delete w.Sigma2,delete w.Sigma3,delete w.lagrange1,delete w.Z,globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 3"),await async function(){a&&a.info("> Computing challenge xi");const t=new Nn(c);t.addScalar(b.gamma),t.addPolCommitment(A.getPolynomial("C2")),b.xiSeed=t.getChallenge();const e=d.square(b.xiSeed);y.w8=[],y.w8[0]=d.one;for(let t=1;t<8;t++)y.w8[t]=d.mul(y.w8[t-1],s.w8);y.w4=[],y.w4[0]=d.one;for(let t=1;t<4;t++)y.w4[t]=d.mul(y.w4[t-1],s.w4);y.w3=[],y.w3[0]=d.one,y.w3[1]=s.w3,y.w3[2]=d.square(s.w3),y.S0={},y.S0.h0w8=[],y.S0.h0w8[0]=d.mul(e,b.xiSeed);for(let t=1;t<8;t++)y.S0.h0w8[t]=d.mul(y.S0.h0w8[0],y.w8[t]);y.S1={},y.S1.h1w4=[],y.S1.h1w4[0]=d.square(y.S0.h0w8[0]);for(let t=1;t<4;t++)y.S1.h1w4[t]=d.mul(y.S1.h1w4[0],y.w4[t]);y.S2={},y.S2.h2w3=[],y.S2.h2w3[0]=d.mul(y.S1.h1w4[0],e),y.S2.h2w3[1]=d.mul(y.S2.h2w3[0],y.w3[1]),y.S2.h2w3[2]=d.mul(y.S2.h2w3[0],y.w3[2]),y.S2.h3w3=[],y.S2.h3w3[0]=d.mul(y.S2.h2w3[0],s.wr),y.S2.h3w3[1]=d.mul(y.S2.h3w3[0],y.w3[1]),y.S2.h3w3[2]=d.mul(y.S2.h3w3[0],y.w3[2]),b.xi=d.mul(d.square(y.S2.h2w3[0]),y.S2.h2w3[0]),a&&a.info("··· challenges.xi: "+d.toString(b.xi));m.QL=new il(new Se(f),c,a),m.QR=new il(new Se(f),c,a),m.QM=new il(new Se(f),c,a),m.QO=new il(new Se(f),c,a),m.QC=new il(new Se(f),c,a),await l.readToBuffer(m.QL.coef,0,f,r[ao][0].p),await l.readToBuffer(m.QR.coef,0,f,r[io][0].p),await l.readToBuffer(m.QM.coef,0,f,r[oo][0].p),await l.readToBuffer(m.QO.coef,0,f,r[no][0].p),await l.readToBuffer(m.QC.coef,0,f,r[lo][0].p),a&&a.info("··· Computing evaluations");A.addEvaluation("ql",m.QL.evaluate(b.xi)),A.addEvaluation("qr",m.QR.evaluate(b.xi)),A.addEvaluation("qm",m.QM.evaluate(b.xi)),A.addEvaluation("qo",m.QO.evaluate(b.xi)),A.addEvaluation("qc",m.QC.evaluate(b.xi)),A.addEvaluation("s1",m.Sigma1.evaluate(b.xi)),A.addEvaluation("s2",m.Sigma2.evaluate(b.xi)),A.addEvaluation("s3",m.Sigma3.evaluate(b.xi)),A.addEvaluation("a",m.A.evaluate(b.xi)),A.addEvaluation("b",m.B.evaluate(b.xi)),A.addEvaluation("c",m.C.evaluate(b.xi)),A.addEvaluation("z",m.Z.evaluate(b.xi)),b.xiw=d.mul(b.xi,d.w[s.power]),A.addEvaluation("zw",m.Z.evaluate(b.xiw)),A.addEvaluation("t1w",m.T1.evaluate(b.xiw)),A.addEvaluation("t2w",m.T2.evaluate(b.xiw))}(),delete m.A,delete m.B,delete m.C,delete m.Z,delete m.T1,delete m.T2,delete m.Sigma1,delete m.Sigma2,delete m.Sigma3,delete m.QL,delete m.QR,delete m.QM,delete m.QC,delete m.QO,globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 4"),await async function(){a&&a.info("> Computing challenge alpha");const t=new Nn(c);t.addScalar(b.xiSeed),t.addScalar(A.getEvaluation("ql")),t.addScalar(A.getEvaluation("qr")),t.addScalar(A.getEvaluation("qm")),t.addScalar(A.getEvaluation("qo")),t.addScalar(A.getEvaluation("qc")),t.addScalar(A.getEvaluation("s1")),t.addScalar(A.getEvaluation("s2")),t.addScalar(A.getEvaluation("s3")),t.addScalar(A.getEvaluation("a")),t.addScalar(A.getEvaluation("b")),t.addScalar(A.getEvaluation("c")),t.addScalar(A.getEvaluation("z")),t.addScalar(A.getEvaluation("zw")),t.addScalar(A.getEvaluation("t1w")),t.addScalar(A.getEvaluation("t2w")),b.alpha=t.getChallenge(),a&&a.info("··· challenges.alpha: "+d.toString(b.alpha));a&&a.info("> Reading C0 polynomial");m.C0=new il(new Se(8*f),c,a),await l.readToBuffer(m.C0.coef,0,8*f,r[fo][0].p),a&&a.info("> Computing R0 polynomial");(function(){if(m.R0=il.lagrangePolynomialInterpolation([y.S0.h0w8[0],y.S0.h0w8[1],y.S0.h0w8[2],y.S0.h0w8[3],y.S0.h0w8[4],y.S0.h0w8[5],y.S0.h0w8[6],y.S0.h0w8[7]],[m.C0.evaluate(y.S0.h0w8[0]),m.C0.evaluate(y.S0.h0w8[1]),m.C0.evaluate(y.S0.h0w8[2]),m.C0.evaluate(y.S0.h0w8[3]),m.C0.evaluate(y.S0.h0w8[4]),m.C0.evaluate(y.S0.h0w8[5]),m.C0.evaluate(y.S0.h0w8[6]),m.C0.evaluate(y.S0.h0w8[7])],c),m.R0.degree()>7)throw new Error("R0 Polynomial is not well calculated")})(),a&&a.info("> Computing R1 polynomial");(function(){if(m.R1=il.lagrangePolynomialInterpolation([y.S1.h1w4[0],y.S1.h1w4[1],y.S1.h1w4[2],y.S1.h1w4[3]],[m.C1.evaluate(y.S1.h1w4[0]),m.C1.evaluate(y.S1.h1w4[1]),m.C1.evaluate(y.S1.h1w4[2]),m.C1.evaluate(y.S1.h1w4[3])],c),m.R1.degree()>3)throw new Error("R1 Polynomial is not well calculated")})(),a&&a.info("> Computing R2 polynomial");(function(){if(m.R2=il.lagrangePolynomialInterpolation([y.S2.h2w3[0],y.S2.h2w3[1],y.S2.h2w3[2],y.S2.h3w3[0],y.S2.h3w3[1],y.S2.h3w3[2]],[m.C2.evaluate(y.S2.h2w3[0]),m.C2.evaluate(y.S2.h2w3[1]),m.C2.evaluate(y.S2.h2w3[2]),m.C2.evaluate(y.S2.h3w3[0]),m.C2.evaluate(y.S2.h3w3[1]),m.C2.evaluate(y.S2.h3w3[2])],c),m.R2.degree()>5)throw new Error("R2 Polynomial is not well calculated")})(),a&&a.info("> Computing F polynomial");await async function(){a&&a.info("··· Computing F polynomial");m.F=il.fromPolynomial(m.C0,c,a),m.F.sub(m.R0),m.F.divByZerofier(8,b.xi);let t=il.fromPolynomial(m.C1,c,a);t.sub(m.R1),t.mulScalar(b.alpha),t.divByZerofier(4,b.xi);let e=il.fromPolynomial(m.C2,c,a);if(e.sub(m.R2),e.mulScalar(d.square(b.alpha)),e.divByZerofier(3,b.xi),e.divByZerofier(3,b.xiw),m.F.add(t),m.F.add(e),m.F.degree()>=9*s.domainSize-6)throw new Error("F Polynomial is not well calculated")}(),a&&a.info("> Computing W1 multi exponentiation");let e=await m.F.multiExponentiation(C,"W1");return A.addPolynomial("W1",e),0}(),globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 5"),await async function(){a&&a.info("> Computing challenge y");const t=new Nn(c);t.addScalar(b.alpha),t.addPolCommitment(A.getPolynomial("W1")),b.y=t.getChallenge(),a&&a.info("··· challenges.y: "+d.toString(b.y));a&&a.info("> Computing L polynomial");await async function(){a&&a.info("··· Computing L polynomial");const t=m.R0.evaluate(b.y),e=m.R1.evaluate(b.y),i=m.R2.evaluate(b.y);let o=d.sub(b.y,y.S0.h0w8[0]);for(let t=1;t<8;t++)o=d.mul(o,d.sub(b.y,y.S0.h0w8[t]));let n=d.sub(b.y,y.S1.h1w4[0]);for(let t=1;t<4;t++)n=d.mul(n,d.sub(b.y,y.S1.h1w4[t]));let l=d.sub(b.y,y.S2.h2w3[0]);for(let t=1;t<3;t++)l=d.mul(l,d.sub(b.y,y.S2.h2w3[t]));for(let t=0;t<3;t++)l=d.mul(l,d.sub(b.y,y.S2.h3w3[t]));let r=d.mul(n,l),u=d.mul(b.alpha,d.mul(o,l)),g=d.mul(d.square(b.alpha),d.mul(o,n));L.denH1=n,L.denH2=l,m.L=il.fromPolynomial(m.C0,c,a),m.L.subScalar(t),m.L.mulScalar(r);let f=il.fromPolynomial(m.C1,c,a);f.subScalar(e),f.mulScalar(u);let h=il.fromPolynomial(m.C2,c,a);h.subScalar(i),h.mulScalar(g),m.L.add(f),m.L.add(h),a&&a.info("> Computing ZT polynomial");await async function(){m.ZT=il.zerofierPolynomial([y.S0.h0w8[0],y.S0.h0w8[1],y.S0.h0w8[2],y.S0.h0w8[3],y.S0.h0w8[4],y.S0.h0w8[5],y.S0.h0w8[6],y.S0.h0w8[7],y.S1.h1w4[0],y.S1.h1w4[1],y.S1.h1w4[2],y.S1.h1w4[3],y.S2.h2w3[0],y.S2.h2w3[1],y.S2.h2w3[2],y.S2.h3w3[0],y.S2.h3w3[1],y.S2.h3w3[2]],c)}();const _=m.ZT.evaluate(b.y);if(m.F.mulScalar(_),m.L.sub(m.F),m.L.degree()>=9*s.domainSize)throw new Error("L Polynomial is not well calculated");delete p.L}(),a&&a.info("> Computing ZTS2 polynomial");await async function(){m.ZTS2=il.zerofierPolynomial([y.S1.h1w4[0],y.S1.h1w4[1],y.S1.h1w4[2],y.S1.h1w4[3],y.S2.h2w3[0],y.S2.h2w3[1],y.S2.h2w3[2],y.S2.h3w3[0],y.S2.h3w3[1],y.S2.h3w3[2]],c)}();let e=m.ZTS2.evaluate(b.y);e=d.inv(e),m.L.mulScalar(e);const i=il.fromCoefficientsArray([d.neg(b.y),d.one],c);a&&a.info("> Computing W' = L / ZTS2 polynomial");const o=m.L.divBy(i);if(o.degree()>0)throw new Error(`Degree of L(X)/(ZTS2(y)(X-y)) remainder is ${o.degree()} and should be 0`);if(m.L.degree()>=9*s.domainSize-1)throw new Error("Degree of L(X)/(ZTS2(y)(X-y)) is not correct");a&&a.info("> Computing W' multi exponentiation");let n=await m.L.multiExponentiation(C,"W2");return A.addPolynomial("W2",n),0}(),delete m.C0,delete m.C1,delete m.C2,delete m.R1,delete m.R2,delete m.F,delete m.L,delete m.ZT,delete m.ZTS2,await l.close(),globalThis.gc&&globalThis.gc(),A.addEvaluation("inv",function(){let t=b.xi;for(let e=0;e Reading PTau file");const{fd:o,sections:n}=await za(e,"ptau",1);if(!n[12])throw new Error("Powers of Tau is not well prepared. Section 12 missing.");i&&i.info("> Getting curve from PTau settings");const{curve:l}=await Ho(o,n);i&&i.info("> Reading r1cs file");const{fd:r,sections:s}=await za(t,"r1cs",1),c=await pn(r,s,{loadConstraints:!1,loadCustomGates:!0});if(c.prime!==l.r)throw new Error("r1cs curve does not match powers of tau ceremony curve");const d=l.Fr,u=l.Fr.n8,g=2*l.G1.F.n8,f=2*l.G2.F.n8;let h,_={},p={},m={nVars:c.nVars,nPublic:c.nOutputs+c.nPubInputs};const w=new En;let L=new En;if(i&&i.info("> Processing FFlonk constraints"),await async function(t,e,a){for(let e=0;e computing k1 and k2");const[b,y]=function(){let t=d.two;for(;a(t,[],m.cirPower);)d.add(t,d.one);let e=d.add(t,d.one);for(;a(e,[t],m.cirPower);)d.add(e,d.one);return[t,e];function a(t,e,a){const i=2**a;let o=d.one;for(let n=0;n computing w3");const A=function(){let t=d.e(31624),e=ga.div(3648040478639879203707734290876212514758060733402672390616367364429301415936n,ga.e(3));return d.exp(t,e)}();i&&i.info("> computing w4");const C=d.w[2];i&&i.info("> computing w8");const I=d.w[3];i&&i.info("> computing wr");const F=function(t,e){const a=e.e(467799165886069610036046866799264026481344299079011762026774533774345988080n);return e.exp(a,2**(28-t))}(m.cirPower,l.Fr);return await async function(){i&&i.info("> Writing the zkey file");const t=await Qa(a,"zkey",1,17,1<<22,1<<24);i&&i.info("··· Writing Section 1. Zkey Header");await async function(t){await qa(t,1),await t.writeULE32(Wi),await Ma(t)}(t),i&&i.info(`··· Writing Section ${Ji}. Additions`);await async function(t){await qa(t,Ji);const e=new Uint8Array(8+2*u),a=new DataView(e.buffer);for(let o=0;o=8*m.domainSize)throw new Error("C0 Polynomial is not well calculated");await qa(t,fo),await t.write(_.C0.coef),await Ma(t)}(t),globalThis.gc&&globalThis.gc();i&&i.info(`··· Writing Section ${Yi}. FFlonk Header`);await async function(t){await qa(t,Yi);const e=l.q,a=8*(Math.floor((ga.bitLength(e)-1)/64)+1);await t.writeULE32(a),await Da(t,e,a);const i=l.r,r=8*(Math.floor((ga.bitLength(i)-1)/64)+1);let s;await t.writeULE32(r),await Da(t,i,r),await t.writeULE32(m.nVars),await t.writeULE32(m.nPublic),await t.writeULE32(m.domainSize),await t.writeULE32(L.length),await t.writeULE32(w.length),await t.write(b),await t.write(y),await t.write(A),await t.write(C),await t.write(I),await t.write(F),s=await o.read(f,n[3][0].p+f),await t.write(s);let c=await _.C0.multiExponentiation(h,"C0");await t.write(c),await Ma(t)}(t),globalThis.gc&&globalThis.gc();i&&i.info("> Writing the zkey file finished");await t.close()}(),await r.close(),await o.close(),i&&i.info("FFLONK SETUP FINISHED"),0;async function x(t,e,a,o){await qa(t,e);for(let e=0;e Checking commitments belong to G1"),!function(t,e,a){const i=t.G1;return i.isValid(e.polynomials.C1)&&i.isValid(e.polynomials.C2)&&i.isValid(e.polynomials.W1)&&i.isValid(e.polynomials.W2)&&i.isValid(a.C0)}(o,l,n))return i&&i.error("Proof commitments are not valid"),!1;if(i&&i.info("> Checking evaluations belong to F"),!function(t,e){return Al(t,e.evaluations.ql)&&Al(t,e.evaluations.qr)&&Al(t,e.evaluations.qm)&&Al(t,e.evaluations.qo)&&Al(t,e.evaluations.qc)&&Al(t,e.evaluations.s1)&&Al(t,e.evaluations.s2)&&Al(t,e.evaluations.s3)&&Al(t,e.evaluations.a)&&Al(t,e.evaluations.b)&&Al(t,e.evaluations.c)&&Al(t,e.evaluations.z)&&Al(t,e.evaluations.zw)&&Al(t,e.evaluations.t1w)&&Al(t,e.evaluations.t2w)}(o,l))return i&&i.error("Proof evaluations are not valid."),!1;if(i&&i.info("> Checking public inputs belong to F"),!function(t,e){for(let a=0;a Computing challenges");const{challenges:c,roots:d}=function(t,e,a,i,o){const n=t.Fr,l={},r={},s=new Nn(t);s.addPolCommitment(a.C0);for(let t=0;t Computing Zero polynomial evaluation Z_H(xi)"),c.zh=s.sub(c.xiN,s.one),c.invzh=s.inv(c.zh),i&&i.info("> Computing Lagrange evaluations");const u=await async function(t,e,a){const i=t.Fr,o=Math.max(1,a.nPublic),n=new Se(o*i.n8);let l=new Se(o*i.n8),r=i.one;for(let t=0;t Computing polynomial identities PI(X)");const g=function(t,e,a){const i=t.Fr;let o=i.zero;for(let t=0;t Computing r0(y)");const f=function(t,e,a,i,o){const n=i.Fr,l=Cl(a.S0.h0w8,e.y,e.xi,i);o&&o.info("··· Computing r0(y)");let r=n.zero;for(let e=0;e<8;e++){let i=[];i[1]=a.S0.h0w8[e];for(let t=2;t<8;t++)i[t]=n.mul(i[t-1],a.S0.h0w8[e]);let o=n.add(t.evaluations.ql,n.mul(t.evaluations.qr,i[1]));o=n.add(o,n.mul(t.evaluations.qo,i[2])),o=n.add(o,n.mul(t.evaluations.qm,i[3])),o=n.add(o,n.mul(t.evaluations.qc,i[4])),o=n.add(o,n.mul(t.evaluations.s1,i[5])),o=n.add(o,n.mul(t.evaluations.s2,i[6])),o=n.add(o,n.mul(t.evaluations.s3,i[7])),r=n.add(r,n.mul(o,l[e]))}return r}(l,c,d,o,i);i&&i.info("> Computing r1(y)");const h=function(t,e,a,i,o,n){const l=o.Fr,r=Cl(a.S1.h1w4,e.y,e.xi,o);n&&n.info("··· Computing T0(xi)");let s=l.mul(t.evaluations.ql,t.evaluations.a);s=l.add(s,l.mul(t.evaluations.qr,t.evaluations.b)),s=l.add(s,l.mul(t.evaluations.qm,l.mul(t.evaluations.a,t.evaluations.b))),s=l.add(s,l.mul(t.evaluations.qo,t.evaluations.c)),s=l.add(s,t.evaluations.qc),s=l.add(s,i),s=l.mul(s,e.invzh),n&&n.info("··· Computing C1(h_1ω_4^i) values");let c=l.zero;for(let e=0;e<4;e++){let i=t.evaluations.a;i=l.add(i,l.mul(a.S1.h1w4[e],t.evaluations.b));const o=l.square(a.S1.h1w4[e]);i=l.add(i,l.mul(o,t.evaluations.c)),i=l.add(i,l.mul(l.mul(o,a.S1.h1w4[e]),s)),c=l.add(c,l.mul(i,r[e]))}return c}(l,c,d,g,o,i);i&&i.info("> Computing r2(y)");const _=function(t,e,a,i,o,n,l){const r=n.Fr,s=function(t,e,a,i,o){const n=o.Fr,l=[],r=t[0].length,s=r*t.length,c=n.exp(e,s),d=n.mul(n.add(a,i),n.exp(e,r)),u=n.mul(a,i),g=n.add(n.sub(c,d),u);let f=n.mul(n.mul(n.e(r),t[0][0]),n.sub(a,i));for(let a=0;a Computing F");const p=function(t,e,a,i,o){const n=t.G1,l=t.Fr;let r=l.sub(i.y,o.S0.h0w8[0]);for(let t=1;t<8;t++)r=l.mul(r,l.sub(i.y,o.S0.h0w8[t]));i.temp=r;let s=l.sub(i.y,o.S1.h1w4[0]);for(let t=1;t<4;t++)s=l.mul(s,l.sub(i.y,o.S1.h1w4[t]));let c=l.sub(i.y,o.S2.h2w3[0]);for(let t=1;t<3;t++)c=l.mul(c,l.sub(i.y,o.S2.h2w3[t]));for(let t=0;t<3;t++)c=l.mul(c,l.sub(i.y,o.S2.h3w3[t]));i.quotient1=l.mul(i.alpha,l.div(r,s)),i.quotient2=l.mul(l.square(i.alpha),l.div(r,c));let d=n.timesFr(e.polynomials.C1,i.quotient1),u=n.timesFr(e.polynomials.C2,i.quotient2);return n.add(a.C0,n.add(d,u))}(o,l,n,c,d);i&&i.info("> Computing E");const m=function(t,e,a,i,o,n,l){const r=t.G1,s=t.Fr;let c=s.mul(n,a.quotient1),d=s.mul(l,a.quotient2);return r.timesFr(r.one,s.add(o,s.add(c,d)))}(o,0,c,0,f,h,_);i&&i.info("> Computing J");const w=function(t,e,a){const i=t.G1;return i.timesFr(e.polynomials.W1,a.temp)}(o,l,c);i&&i.info("> Validate all evaluations with a pairing");const L=await async function(t,e,a,i,o,n,l){const r=t.G1;let s=r.timesFr(e.polynomials.W2,a.y);s=r.add(r.sub(r.sub(o,n),l),s);const c=t.G2.one,d=e.polynomials.W2,u=i.X_2;return await t.pairingEq(r.neg(s),c,d,u)}(o,l,c,n,p,m,w);return i&&(L?i.info("PROOF VERIFIED SUCCESSFULLY"):i.warn("Invalid Proof")),i&&i.info("FFLONK VERIFIER FINISHED"),L},exportSolidityVerifier:zn,exportSolidityCallData:async function(t,e){const a=Il(e),i=Il(t),o=await Ja(a.curve);o.G1,o.Fr;let n="";for(let t=0;t>5,this.byteCount=this.blockCount<<2,this.outputBlocks=a>>5,this.extraBytes=(31&a)>>3;for(var i=0;i<50;++i)this.s[i]=0}function S(t,e,a){B.call(this,t,e,a)}B.prototype.update=function(e){if(this.finalized)throw new Error("finalize already called");var a,i=typeof e;if("string"!==i){if("object"!==i)throw new Error(t);if(null===e)throw new Error(t);if(n&&e.constructor===ArrayBuffer)e=new Uint8Array(e);else if(!(Array.isArray(e)||n&&ArrayBuffer.isView(e)))throw new Error(t);a=!0}for(var o,l,r=this.blocks,c=this.byteCount,d=e.length,u=this.blockCount,g=0,f=this.s;g>2]|=e[g]<>2]|=l<>2]|=(192|l>>6)<>2]|=(128|63&l)<=57344?(r[o>>2]|=(224|l>>12)<>2]|=(128|l>>6&63)<>2]|=(128|63&l)<>2]|=(240|l>>18)<>2]|=(128|l>>12&63)<>2]|=(128|l>>6&63)<>2]|=(128|63&l)<=c){for(this.start=o-c,this.block=r[u],o=0;o>=8);a>0;)o.unshift(a),a=255&(t>>=8),++i;return e?o.push(i):o.unshift(i),this.update(o),o.length},B.prototype.encodeString=function(e){var a,i=typeof e;if("string"!==i){if("object"!==i)throw new Error(t);if(null===e)throw new Error(t);if(n&&e.constructor===ArrayBuffer)e=new Uint8Array(e);else if(!(Array.isArray(e)||n&&ArrayBuffer.isView(e)))throw new Error(t);a=!0}var o=0,l=e.length;if(a)o=l;else for(var r=0;r=57344?o+=3:(s=65536+((1023&s)<<10|1023&e.charCodeAt(++r)),o+=4)}return o+=this.encode(8*o),this.update(e),o},B.prototype.bytepad=function(t,e){for(var a=this.encode(e),i=0;i>2]|=this.padding[3&e],this.lastByteIndex===this.byteCount)for(t[0]=t[a],e=1;e>4&15]+l[15&t]+l[t>>12&15]+l[t>>8&15]+l[t>>20&15]+l[t>>16&15]+l[t>>28&15]+l[t>>24&15];r%e==0&&(P(a),n=0)}return o&&(t=a[n],s+=l[t>>4&15]+l[15&t],o>1&&(s+=l[t>>12&15]+l[t>>8&15]),o>2&&(s+=l[t>>20&15]+l[t>>16&15])),s},B.prototype.arrayBuffer=function(){this.finalize();var t,e=this.blockCount,a=this.s,i=this.outputBlocks,o=this.extraBytes,n=0,l=0,r=this.outputBits>>3;t=o?new ArrayBuffer(i+1<<2):new ArrayBuffer(r);for(var s=new Uint32Array(t);l>8&255,s[t+2]=e>>16&255,s[t+3]=e>>24&255;r%a==0&&P(i)}return n&&(t=r<<2,e=i[l],s[t]=255&e,n>1&&(s[t+1]=e>>8&255),n>2&&(s[t+2]=e>>16&255)),s},S.prototype=new B,S.prototype.finalize=function(){return this.encode(this.outputBits,!0),B.prototype.finalize.call(this)};var P=function(t){var e,a,i,o,n,l,r,s,d,u,g,f,h,_,p,m,w,L,b,y,A,C,I,F,x,E,v,B,S,P,G,O,T,U,z,Q,q,M,k,R,D,N,$,V,K,j,H,Z,W,Y,J,X,tt,et,at,it,ot,nt,lt,rt,st,ct,dt;for(i=0;i<48;i+=2)o=t[0]^t[10]^t[20]^t[30]^t[40],n=t[1]^t[11]^t[21]^t[31]^t[41],l=t[2]^t[12]^t[22]^t[32]^t[42],r=t[3]^t[13]^t[23]^t[33]^t[43],s=t[4]^t[14]^t[24]^t[34]^t[44],d=t[5]^t[15]^t[25]^t[35]^t[45],u=t[6]^t[16]^t[26]^t[36]^t[46],g=t[7]^t[17]^t[27]^t[37]^t[47],e=(f=t[8]^t[18]^t[28]^t[38]^t[48])^(l<<1|r>>>31),a=(h=t[9]^t[19]^t[29]^t[39]^t[49])^(r<<1|l>>>31),t[0]^=e,t[1]^=a,t[10]^=e,t[11]^=a,t[20]^=e,t[21]^=a,t[30]^=e,t[31]^=a,t[40]^=e,t[41]^=a,e=o^(s<<1|d>>>31),a=n^(d<<1|s>>>31),t[2]^=e,t[3]^=a,t[12]^=e,t[13]^=a,t[22]^=e,t[23]^=a,t[32]^=e,t[33]^=a,t[42]^=e,t[43]^=a,e=l^(u<<1|g>>>31),a=r^(g<<1|u>>>31),t[4]^=e,t[5]^=a,t[14]^=e,t[15]^=a,t[24]^=e,t[25]^=a,t[34]^=e,t[35]^=a,t[44]^=e,t[45]^=a,e=s^(f<<1|h>>>31),a=d^(h<<1|f>>>31),t[6]^=e,t[7]^=a,t[16]^=e,t[17]^=a,t[26]^=e,t[27]^=a,t[36]^=e,t[37]^=a,t[46]^=e,t[47]^=a,e=u^(o<<1|n>>>31),a=g^(n<<1|o>>>31),t[8]^=e,t[9]^=a,t[18]^=e,t[19]^=a,t[28]^=e,t[29]^=a,t[38]^=e,t[39]^=a,t[48]^=e,t[49]^=a,_=t[0],p=t[1],j=t[11]<<4|t[10]>>>28,H=t[10]<<4|t[11]>>>28,B=t[20]<<3|t[21]>>>29,S=t[21]<<3|t[20]>>>29,rt=t[31]<<9|t[30]>>>23,st=t[30]<<9|t[31]>>>23,N=t[40]<<18|t[41]>>>14,$=t[41]<<18|t[40]>>>14,U=t[2]<<1|t[3]>>>31,z=t[3]<<1|t[2]>>>31,m=t[13]<<12|t[12]>>>20,w=t[12]<<12|t[13]>>>20,Z=t[22]<<10|t[23]>>>22,W=t[23]<<10|t[22]>>>22,P=t[33]<<13|t[32]>>>19,G=t[32]<<13|t[33]>>>19,ct=t[42]<<2|t[43]>>>30,dt=t[43]<<2|t[42]>>>30,et=t[5]<<30|t[4]>>>2,at=t[4]<<30|t[5]>>>2,Q=t[14]<<6|t[15]>>>26,q=t[15]<<6|t[14]>>>26,L=t[25]<<11|t[24]>>>21,b=t[24]<<11|t[25]>>>21,Y=t[34]<<15|t[35]>>>17,J=t[35]<<15|t[34]>>>17,O=t[45]<<29|t[44]>>>3,T=t[44]<<29|t[45]>>>3,F=t[6]<<28|t[7]>>>4,x=t[7]<<28|t[6]>>>4,it=t[17]<<23|t[16]>>>9,ot=t[16]<<23|t[17]>>>9,M=t[26]<<25|t[27]>>>7,k=t[27]<<25|t[26]>>>7,y=t[36]<<21|t[37]>>>11,A=t[37]<<21|t[36]>>>11,X=t[47]<<24|t[46]>>>8,tt=t[46]<<24|t[47]>>>8,V=t[8]<<27|t[9]>>>5,K=t[9]<<27|t[8]>>>5,E=t[18]<<20|t[19]>>>12,v=t[19]<<20|t[18]>>>12,nt=t[29]<<7|t[28]>>>25,lt=t[28]<<7|t[29]>>>25,R=t[38]<<8|t[39]>>>24,D=t[39]<<8|t[38]>>>24,C=t[48]<<14|t[49]>>>18,I=t[49]<<14|t[48]>>>18,t[0]=_^~m&L,t[1]=p^~w&b,t[10]=F^~E&B,t[11]=x^~v&S,t[20]=U^~Q&M,t[21]=z^~q&k,t[30]=V^~j&Z,t[31]=K^~H&W,t[40]=et^~it&nt,t[41]=at^~ot<,t[2]=m^~L&y,t[3]=w^~b&A,t[12]=E^~B&P,t[13]=v^~S&G,t[22]=Q^~M&R,t[23]=q^~k&D,t[32]=j^~Z&Y,t[33]=H^~W&J,t[42]=it^~nt&rt,t[43]=ot^~lt&st,t[4]=L^~y&C,t[5]=b^~A&I,t[14]=B^~P&O,t[15]=S^~G&T,t[24]=M^~R&N,t[25]=k^~D&$,t[34]=Z^~Y&X,t[35]=W^~J&tt,t[44]=nt^~rt&ct,t[45]=lt^~st&dt,t[6]=y^~C&_,t[7]=A^~I&p,t[16]=P^~O&F,t[17]=G^~T&x,t[26]=R^~N&U,t[27]=D^~$&z,t[36]=Y^~X&V,t[37]=J^~tt&K,t[46]=rt^~ct&et,t[47]=st^~dt&at,t[8]=C^~_&m,t[9]=I^~p&w,t[18]=O^~F&E,t[19]=T^~x&v,t[28]=N^~U&Q,t[29]=$^~z&q,t[38]=X^~V&j,t[39]=tt^~K&H,t[48]=ct^~et&it,t[49]=dt^~at&ot,t[0]^=c[i],t[1]^=c[i+1]};if(o)Rn.exports=y;else for(C=0;C0===a.type?t++:e++));let a=new Uint8Array(e*this.Fr.n8+t*this.G1.F.n8*2),i=0;for(let t=0;t32768?new Se(t.length*i.n8):new Uint8Array(t.length*i.n8);for(let e=0;e32768?new Se(i*o.n8):new Uint8Array(i*o.n8);return n.set(t.coef.slice(),0),new nl(n,e,a)}isEqual(t){const e=this.degree();if(e!==t.degree())return!1;for(let a=0;a32768?new Se((this.length()+t.length)*this.Fr.n8):new Uint8Array((this.length()+t.length)*this.Fr.n8);e.set(this.coef,0);for(let a=0;athis.coef.byteLength?this.Fr.zero:this.coef.slice(e,e+this.Fr.n8)}setCoef(t,e){if(t>this.length()-1)throw new Error("Coef index is not available");this.coef.set(e,t*this.Fr.n8)}static async to4T(t,e,a,i){a=a||[];let o=await i.ifft(t);const n=4*e>32768?new Se(4*e*i.n8):new Uint8Array(4*e*i.n8);n.set(o,0);const l=await i.fft(n);if(0===a.length)return[o,l];const r=e+a.length>32768?new Se((e+a.length)*i.n8):new Uint8Array((e+a.length)*i.n8);r.set(o,0);for(let t=0;t0;t--){const e=t*this.Fr.n8;if(!this.Fr.eq(this.Fr.zero,this.coef.slice(e,e+this.Fr.n8)))return t}return 0}evaluate(t){let e=this.Fr.zero;for(let a=this.degree()+1;a>0;a--){let i=a*this.Fr.n8;const o=this.coef.slice(i-this.Fr.n8,i);e=this.Fr.add(o,this.Fr.mul(e,t))}return e}fastEvaluate(t){const e=this.Fr;let a=this.degree()+1,i=parseInt(a/3),o=a-3*i,n=[],l=[];l[0]=e.one;for(let a=0;a<3;a++){n[a]=e.zero;for(let r=2===a?i+o:i;r>0;r--)n[a]=e.add(this.getCoef(a*i+r-1),e.mul(n[a],t)),0===a&&(l[0]=e.mul(l[0],t))}for(let t=1;t<3;t++)n[0]=e.add(n[0],e.mul(l[t-1],n[t])),l[t]=e.mul(l[t-1],l[0]);return n[0]}add(t,e){let a=!1;t.length()>this.length()&&(a=!0);const i=this.length(),o=t.length();for(let n=0;nthis.length()&&(a=!0);const i=this.length(),o=t.length();for(let n=0;n32768?new Se(a*e.n8):new Uint8Array(a*e.n8);let o=new nl(i,this.curve,this.logger);o.coef.set(this.coef.slice(0,(a-1)*e.n8),32),this.mulScalar(e.neg(t)),o.add(this),this.coef=o.coef}byXNSubValue(t,e){const a=this.Fr,i=!(this.length()-t-1>=this.degree())?this.length()+t:this.length(),o=i>32768?new Se(i*a.n8):new Uint8Array(i*a.n8);let n=new nl(o,this.curve,this.logger);n.coef.set(this.coef.slice(0,32*(this.degree()+1)),32*t),this.mulScalar(e),n.add(this),this.coef=n.coef}divBy(t){const e=this.Fr,a=this.degree(),i=t.degree();let o=new nl(this.coef,this.curve,this.logger);this.coef=this.length()>32768?new Se(this.length()*e.n8):new Uint8Array(this.length()*e.n8);for(let n=a-i;n>=0;n--){this.setCoef(n,e.div(o.getCoef(n+i),t.getCoef(i)));for(let a=0;a<=i;a++)o.setCoef(n+a,e.sub(o.getCoef(n+a),e.mul(this.getCoef(n),t.getCoef(a))))}return o}divByMonic(t,e){const a=this.Fr;let i=this.degree(),o=this.length()>32768?new Se(this.length()*a.n8):new Uint8Array(this.length()*a.n8),n=new nl(o,this.curve,this.logger),l=[];for(let e=0;e=0&&!(s<0);s-=r){let i=o;l[i]=a.add(this.getCoef(s+t),a.mul(l[i],e)),n.setCoef(s,l[i])}this.coef=n.coef}divByVanishing(t,e){if(this.degree()32768?new Se(this.length()*a.n8):new Uint8Array(this.length()*a.n8);for(let o=this.length()-1;o>=t;o--){let n=i.getCoef(o);a.eq(a.zero,n)||(i.setCoef(o,a.zero),i.setCoef(o-t,a.add(i.getCoef(o-t),a.mul(e,n))),this.setCoef(o-t,a.add(this.getCoef(o-t),n)))}return i}divByVanishing2(t,e){if(this.degree()32768?new Se(this.length()*a.n8):new Uint8Array(this.length()*a.n8);let o=this.length()-t,n=Math.floor(o/3),l=o-2*n;console.log(o),console.log(n+" "+l);for(let o=0;o<3;o++){console.log("> Thread "+o);for(let r=0===o?l:n;r>0;r--){let s=r-1;0!==o&&(s+=(o-1)*n+l);let c=s+t,d=i.getCoef(c);a.eq(a.zero,d)||(i.setCoef(c,a.zero),i.setCoef(s,a.add(i.getCoef(s),a.mul(e,d))),this.setCoef(s,a.add(this.getCoef(s),d)),console.log(s+" <-- "+c))}}return this.print(),i}fastDivByVanishing(t){const e=this.Fr;for(let a=0;a32768?new Se(this.length()*e.n8):new Uint8Array(this.length()*e.n8),this.curve,this.logger),u=this.coef;this.coef=d.coef,d.coef=u;for(let t=0;t0;t--){let a=t-1,o=a*s+c;h[a]=[];for(let l=0;l32768?new Se(this.length()*this.Fr.n8):new Uint8Array(this.length()*this.Fr.n8);e.set(this.Fr.zero,(this.length()-1)*this.Fr.n8),e.set(this.coef.slice((this.length()-1)*this.Fr.n8,this.length()*this.Fr.n8),(this.length()-2)*this.Fr.n8);for(let a=this.length()-3;a>=0;a--){let i=a*this.Fr.n8;e.set(this.Fr.add(this.coef.slice(i+this.Fr.n8,i+2*this.Fr.n8),this.Fr.mul(t,e.slice(i+this.Fr.n8,i+2*this.Fr.n8))),a*this.Fr.n8)}if(!this.Fr.eq(this.coef.slice(0,this.Fr.n8),this.Fr.mul(this.Fr.neg(t),e.slice(0,this.Fr.n8))))throw new Error("Polynomial does not divide");this.coef=e}divZh(t,e=4){for(let e=0;et*(e-1)-e&&!this.Fr.isZero(o))throw new Error("Polynomial is not divisible")}return this}divByZerofier(t,e){let a=this.Fr;const i=a.inv(e),o=a.neg(i);let n=a.eq(a.one,o),l=a.eq(a.negone,o);if(!n)for(let e=0;ethis.length()-t-1&&!this.Fr.isZero(s))throw new Error("Polynomial is not divisible")}return this}byX(){const t=this.length()+1>32768?new Se(this.coef.byteLength+this.Fr.n8):new Uint8Array(this.coef.byteLength+this.Fr.n8);t.set(this.Fr.zero,0),t.set(this.coef,this.Fr.n8),this.coef=t}static async expX(t,e,a=!1){const i=t.Fr;if(e<1)throw new Error("Compute a new polynomial to a zero or negative number is not allowed");if(1===e)return await nl.fromEvaluations(t.coef,curve,t.logger);const o=a?t.degree():t.length()-1,n=o*e+1>32768?new Se((o*e+1)*i.n8):new Uint8Array((o*e+1)*i.n8);n.set(t.getCoef(0),0);for(let a=1;a<=o;a++){const o=a*i.n8,l=t.getCoef(a);n.set(l,o*e)}return new nl(n,t.curve,t.logger)}split(t,e,a){if(t<1)throw new Error(`Polynomials can't be split in ${t} parts`);if(1===t)return[this];if(0!==a.length&&a.length32768?new Se(l):new Uint8Array(l);o[e]=new nl(r,this.curve,this.logger);const s=e*i,c=n?this.coef.byteLength:(e+1)*i;if(o[e].coef.set(this.coef.slice(s,c),0),n||o[e].coef.set(a[e],i),0!==e){const t=this.Fr.sub(o[e].coef.slice(0,this.Fr.n8),a[e-1]);o[e].coef.set(t,0)}n&&o[e].truncate()}return o}truncate(){const t=this.degree();if(t+132768?new Se((t+1)*this.Fr.n8):new Uint8Array((t+1)*this.Fr.n8);e.set(this.coef.slice(0,(t+1)*this.Fr.n8),0),this.coef=e}}static lagrangePolynomialInterpolation(t,e,a){const i=a.Fr;let o=n(0);for(let e=1;e32768?new Se(t.length*i.n8):new Uint8Array(t.length*i.n8);n=new nl(o,a),n.setCoef(0,i.neg(t[e])),n.setCoef(1,i.one)}else n.byXSubValue(t[e]);let l=n.evaluate(t[o]);l=i.inv(l);const r=i.mul(e[o],l);return n.mulScalar(r),n}}static zerofierPolynomial(t,e){const a=e.Fr;let i=t.length+1>32768?new Se((t.length+1)*a.n8):new Uint8Array((t.length+1)*a.n8),o=new nl(i,e);o.setCoef(0,a.neg(t[0])),o.setCoef(1,a.one);for(let e=1;e=0;a--){const i=this.getCoef(a);t.eq(t.zero,i)||(t.isNegative(i)?e+=" - ":a!==this.degree()&&(e+=" + "),e+=t.toString(i),a>0&&(e+=a>1?"x^"+a:"x"))}console.log(e)}async multiExponentiation(t,e){const a=this.coef.byteLength/this.Fr.n8,i=t.slice(0,a*this.G1.F.n8*2),o=await this.Fr.batchFromMontgomery(this.coef);let n=await this.G1.multiExpAffine(i,o,this.logger,e);return n=this.G1.toAffine(n),n}}class ll{constructor(t,e,a){this.eval=t,this.curve=e,this.Fr=e.Fr,this.logger=a}static async fromPolynomial(t,e,a,i){const o=new Se(t.length()*e*a.Fr.n8);o.set(t.coef,0);const n=await a.Fr.fft(o);return new ll(n,a,i)}getEvaluation(t){const e=t*this.Fr.n8;if(e+this.Fr.n8>this.eval.byteLength)throw new Error("Evaluations.getEvaluation() out of bounds");return this.eval.slice(e,e+this.Fr.n8)}length(){let t=this.eval.byteLength/this.Fr.n8;if(t!==Math.floor(this.eval.byteLength/this.Fr.n8))throw new Error("Polynomial evaluations buffer has incorrect size");return 0===t&&this.logger.warn("Polynomial has length zero"),t}}const{stringifyBigInts:rl}=fa;async function sl(t,e,a){const{fd:i,sections:o}=await za(e,"wtns",2);a&&a.debug("> Reading witness file");const n=await vo(i,o);a&&a.debug("> Reading zkey file");const{fd:l,sections:r}=await za(t,"zkey",2),s=await yo(l,r);if("plonk"!=s.protocol)throw new Error("zkey file is not plonk");if(!ga.eq(s.r,n.q))throw new Error("Curve of the witness does not match the curve of the proving key");if(n.nWitness!=s.nVars-s.nAdditions)throw new Error(`Invalid witness length. Circuit: ${s.nVars}, witness: ${n.nWitness}, ${s.nAdditions}`);const c=s.curve,d=c.Fr,u=c.Fr.n8,g=s.domainSize*u;a&&(a.debug("----------------------------"),a.debug(" PLONK PROVE SETTINGS"),a.debug(` Curve: ${c.name}`),a.debug(` Circuit power: ${s.power}`),a.debug(` Domain size: ${s.domainSize}`),a.debug(` Vars: ${s.nVars}`),a.debug(` Public vars: ${s.nPublic}`),a.debug(` Constraints: ${s.nConstraints}`),a.debug(` Additions: ${s.nAdditions}`),a.debug("----------------------------")),a&&a.debug("> Reading witness file data");const f=await Va(i,o,2);f.set(d.zero,0);const h=new Se(u*s.nAdditions);let _={},p={},m={},w={},L=new kn(c,a);const b=new Vn(c);a&&a.debug(`> Reading Section ${jn}. Additions`),await async function(){a&&a.debug("··· Computing additions");const t=await Va(l,r,jn),e=8+2*u;for(let i=0;i Reading Section ${al}. Sigma1, Sigma2 & Sigma 3`),a&&a.debug("··· Reading Sigma polynomials "),p.Sigma1=new nl(new Se(g),c,a),p.Sigma2=new nl(new Se(g),c,a),p.Sigma3=new nl(new Se(g),c,a),await l.readToBuffer(p.Sigma1.coef,0,g,r[al][0].p),await l.readToBuffer(p.Sigma2.coef,0,g,r[al][0].p+5*g),await l.readToBuffer(p.Sigma3.coef,0,g,r[al][0].p+10*g),a&&a.debug("··· Reading Sigma evaluations"),m.Sigma1=new ll(new Se(4*g),c,a),m.Sigma2=new ll(new Se(4*g),c,a),m.Sigma3=new ll(new Se(4*g),c,a),await l.readToBuffer(m.Sigma1.eval,0,4*g,r[al][0].p+g),await l.readToBuffer(m.Sigma2.eval,0,4*g,r[al][0].p+6*g),await l.readToBuffer(m.Sigma3.eval,0,4*g,r[al][0].p+11*g),a&&a.debug(`> Reading Section ${ol}. Powers of Tau`);const y=await Va(l,r,ol);let A=[];for(let t=1;t<=s.nPublic;t++){const e=f.slice(t*d.n8,t*d.n8+d.n8);A.push(ga.fromRprLE(e))}a&&a.debug(""),a&&a.debug("> ROUND 1"),await async function(){w.b=[];for(let t=1;t<=11;t++)w.b[t]=c.Fr.random();a&&a.debug("> Computing A, B, C wire polynomials");await async function(){a&&a.debug("··· Reading data from zkey file");_.A=new Se(g),_.B=new Se(g),_.C=new Se(g);const t=await Va(l,r,Hn),e=await Va(l,r,Zn),i=await Va(l,r,Wn);for(let a=0;a=s.domainSize+2)throw new Error("A Polynomial is not well calculated");if(p.B.degree()>=s.domainSize+2)throw new Error("B Polynomial is not well calculated");if(p.C.degree()>=s.domainSize+2)throw new Error("C Polynomial is not well calculated")}(),a&&a.debug("> Computing A, B, C MSM");let t=await p.A.multiExponentiation(y,"A"),e=await p.B.multiExponentiation(y,"B"),i=await p.C.multiExponentiation(y,"C");return L.addPolynomial("A",t),L.addPolynomial("B",e),L.addPolynomial("C",i),0}(),a&&a.debug("> ROUND 2"),await async function(){a&&a.debug("> Computing challenges beta and gamma");b.reset(),b.addPolCommitment(s.Qm),b.addPolCommitment(s.Ql),b.addPolCommitment(s.Qr),b.addPolCommitment(s.Qo),b.addPolCommitment(s.Qc),b.addPolCommitment(s.S1),b.addPolCommitment(s.S2),b.addPolCommitment(s.S3);for(let t=0;t Computing Z polynomial");await async function(){a&&a.debug("··· Computing Z evaluations");let t=new Se(g),e=new Se(g);t.set(d.one,0),e.set(d.one,0);let i=d.one;for(let a=0;a=s.domainSize+3)throw new Error("Z Polynomial is not well calculated");delete _.Z}(),a&&a.debug("> Computing Z MSM");let t=await p.Z.multiExponentiation(y,"Z");L.addPolynomial("Z",t)}(),a&&a.debug("> ROUND 3"),await async function(){a&&a.debug("> Computing challenge alpha");b.reset(),b.addScalar(w.beta),b.addScalar(w.gamma),b.addPolCommitment(L.getPolynomial("Z")),w.alpha=b.getChallenge(),w.alpha2=d.square(w.alpha),a&&a.debug("··· challenges.alpha: "+d.toString(w.alpha,16));a&&a.debug("> Computing T polynomial");await async function(){a&&a.debug(`··· Reading sections ${Jn}, ${Xn}, ${Yn}, ${tl}, ${el}. Q selectors`);m.QL=new ll(new Se(4*g),c,a),m.QR=new ll(new Se(4*g),c,a),m.QM=new ll(new Se(4*g),c,a),m.QO=new ll(new Se(4*g),c,a),m.QC=new ll(new Se(4*g),c,a),await l.readToBuffer(m.QL.eval,0,4*g,r[Jn][0].p+g),await l.readToBuffer(m.QR.eval,0,4*g,r[Xn][0].p+g),await l.readToBuffer(m.QM.eval,0,4*g,r[Yn][0].p+g),await l.readToBuffer(m.QO.eval,0,4*g,r[tl][0].p+g),await l.readToBuffer(m.QC.eval,0,4*g,r[el][0].p+g),m.Lagrange=new ll(new Se(4*g*s.nPublic),c,a);for(let t=0;t=3*s.domainSize+6)throw new Error("T Polynomial is not well calculated");a&&a.debug("··· Computing T1, T2, T3 polynomials");p.T1=new nl(new Se((s.domainSize+1)*u),c,a),p.T2=new nl(new Se((s.domainSize+1)*u),c,a),p.T3=new nl(new Se((s.domainSize+6)*u),c,a),p.T1.coef.set(p.T.coef.slice(0,g),0),p.T2.coef.set(p.T.coef.slice(g,2*g),0),p.T3.coef.set(p.T.coef.slice(2*g,3*g+6*u),0),p.T1.setCoef(s.domainSize,w.b[10]);const e=d.sub(p.T2.getCoef(0),w.b[10]);p.T2.setCoef(0,e),p.T2.setCoef(s.domainSize,w.b[11]);const i=d.sub(p.T3.getCoef(0),w.b[11]);p.T3.setCoef(0,i)}(),a&&a.debug("> Computing T MSM");let t=await p.T1.multiExponentiation(y,"T1"),e=await p.T2.multiExponentiation(y,"T2"),i=await p.T3.multiExponentiation(y,"T3");L.addPolynomial("T1",t),L.addPolynomial("T2",e),L.addPolynomial("T3",i)}(),a&&a.debug("> ROUND 4"),await async function(){a&&a.debug("> Computing challenge xi");b.reset(),b.addScalar(w.alpha),b.addPolCommitment(L.getPolynomial("T1")),b.addPolCommitment(L.getPolynomial("T2")),b.addPolCommitment(L.getPolynomial("T3")),w.xi=b.getChallenge(),w.xiw=d.mul(w.xi,d.w[s.power]),a&&a.debug("··· challenges.xi: "+d.toString(w.xi,16));L.addEvaluation("eval_a",p.A.evaluate(w.xi)),L.addEvaluation("eval_b",p.B.evaluate(w.xi)),L.addEvaluation("eval_c",p.C.evaluate(w.xi)),L.addEvaluation("eval_s1",p.Sigma1.evaluate(w.xi)),L.addEvaluation("eval_s2",p.Sigma2.evaluate(w.xi)),L.addEvaluation("eval_zw",p.Z.evaluate(w.xiw))}(),a&&a.debug("> ROUND 5"),await async function(){a&&a.debug("> Computing challenge v");b.reset(),b.addScalar(w.xi),b.addScalar(L.getEvaluation("eval_a")),b.addScalar(L.getEvaluation("eval_b")),b.addScalar(L.getEvaluation("eval_c")),b.addScalar(L.getEvaluation("eval_s1")),b.addScalar(L.getEvaluation("eval_s2")),b.addScalar(L.getEvaluation("eval_zw")),w.v=[],w.v[1]=b.getChallenge(),a&&a.debug("··· challenges.v: "+d.toString(w.v[1],16));for(let t=2;t<6;t++)w.v[t]=d.mul(w.v[t-1],w.v[1]);a&&a.debug("> Computing linearisation polynomial R(X)");await async function(){const t=c.Fr;p.QL=new nl(new Se(g),c,a),p.QR=new nl(new Se(g),c,a),p.QM=new nl(new Se(g),c,a),p.QO=new nl(new Se(g),c,a),p.QC=new nl(new Se(g),c,a),await l.readToBuffer(p.QL.coef,0,g,r[Jn][0].p),await l.readToBuffer(p.QR.coef,0,g,r[Xn][0].p),await l.readToBuffer(p.QM.coef,0,g,r[Yn][0].p),await l.readToBuffer(p.QO.coef,0,g,r[tl][0].p),await l.readToBuffer(p.QC.coef,0,g,r[el][0].p),w.xin=w.xi;for(let e=0;e Computing opening proof polynomial Wxi(X) polynomial");p.Wxi=new nl(new Se(g+6*u),c,a),p.Wxi.add(p.R),p.Wxi.add(p.A,w.v[1]),p.Wxi.add(p.B,w.v[2]),p.Wxi.add(p.C,w.v[3]),p.Wxi.add(p.Sigma1,w.v[4]),p.Wxi.add(p.Sigma2,w.v[5]),p.Wxi.subScalar(d.mul(w.v[1],L.evaluations.eval_a)),p.Wxi.subScalar(d.mul(w.v[2],L.evaluations.eval_b)),p.Wxi.subScalar(d.mul(w.v[3],L.evaluations.eval_c)),p.Wxi.subScalar(d.mul(w.v[4],L.evaluations.eval_s1)),p.Wxi.subScalar(d.mul(w.v[5],L.evaluations.eval_s2)),void p.Wxi.divByZerofier(1,w.xi),a&&a.debug("> Computing opening proof polynomial Wxiw(X) polynomial");(async function(){p.Wxiw=nl.fromPolynomial(p.Z,c,a),p.Wxiw.subScalar(L.evaluations.eval_zw),p.Wxiw.divByZerofier(1,w.xiw)})(),a&&a.debug("> Computing Wxi, Wxiw MSM");let t=await p.Wxi.multiExponentiation(y,"Wxi"),e=await p.Wxiw.multiExponentiation(y,"Wxiw");L.addPolynomial("Wxi",t),L.addPolynomial("Wxiw",e)}(),await l.close(),await i.close();let C=L.toObjectProof(!1);return C.protocol="plonk",C.curve=c.name,a&&a.debug("PLONK PROVER FINISHED"),{proof:rl(C),publicSignals:rl(A)};function I(t,e){const a=t.slice(e,e+4);return new DataView(a.buffer,a.byteOffset,a.byteLength).getUint32(0,!0)}function F(t){return ta;){const e=o.shift(),a=o.shift(),i=e[0],n=a[0],l=w++,r=t.zero,s=t.neg(e[1]),c=t.neg(a[1]),d=t.one,u=t.zero;p.push([i,n,l,r,s,c,d,u]),m.push([i,n,e[1],a[1]]),o.push([l,t.one])}for(let t=0;t0?i.toString():a!=t.zero?"k":"0"}function s(e,a,s){const c=r(e),d=r(a);if("0"===c||"0"===d)i(s),l(s);else if("k"===c){l(o(a,e[0],s))}else if("k"===d){l(o(e,a[0],s))}else!function(e,a,i){const o=n(e,1),l=n(a,1),r=n(i,1),s=o.s[0],c=l.s[0],d=r.s[0],u=t.mul(o.coefs[0],l.coefs[0]),g=t.mul(o.coefs[0],l.k),f=t.mul(o.k,l.coefs[0]),h=t.neg(r.coefs[0]),_=t.sub(t.mul(o.k,l.k),r.k);p.push([s,c,d,u,g,f,h,_])}(e,a,s)}for(let e=1;e<=L;e++){const a=e,i=0,o=0,n=t.zero,l=t.one,r=t.zero,s=t.zero,c=t.zero;p.push([a,i,o,n,l,r,s,c])}for(let t=0;tr)return i&&i.error(`circuit too big for this power of tau ceremony. ${p.length} > 2**${r}`),-1;if(!n[12])return i&&i.error("Powers of tau is not prepared."),-1;const C=new Se(A*u),I=n[12][0].p+(2**y-1)*u;await o.readToBuffer(C,0,A*u,I);const[F,x]=function(){let t=h.two;for(;a(t,[],y);)h.add(t,h.one);let e=h.add(t,h.one);for(;a(e,[t],y);)h.add(e,h.one);return[t,e];function a(t,e,a){const i=2**a;let o=h.one;for(let n=0;n0?2:this.Fr.isZero(e)?0:1}normalizeLinearCombination(t){const e=Object.keys(t);for(let a=0;ao;){const i=l.shift(),o=l.shift(),n=t.nVars++,r=this.fnGetAdditionConstraint(i[0],o[0],n,this.Fr.neg(i[1]),this.Fr.neg(o[1]),this.Fr.zero,this.Fr.one,this.Fr.zero);e.push(r),a.push([i[0],o[0],i[1],o[1]]),l.push([n,this.Fr.one])}for(let t=0;tthis.n-1)throw new Error("CPolynomial:addPolynomial, cannot add a polynomial to a position greater than n-1");this.polynomials[t]=e}degree(){let t=this.polynomials.map(((t,e)=>void 0===t?0:t.degree()*this.n+e));return Math.max(...t)}getPolynomial(){let t=this.polynomials.map((t=>void 0===t?0:t.degree()));const e=this.degree(),a=2**(Qi(e-1)+1),i=this.Fr.n8;let o=new nl(new Se(a*i),this.curve,this.logger);for(let a=0;a Reading witness file");const{fd:i,sections:o}=await za(e,"wtns",2),n=await vo(i,o);a&&a.info("> Reading zkey file");const{fd:l,sections:r}=await za(t,"zkey",2),s=await yo(l,r);if(s.protocolId!==Ji)throw new Error("zkey file is not fflonk");if(!ga.eq(s.r,n.q))throw new Error("Curve of the witness does not match the curve of the proving key");if(n.nWitness!==s.nVars-s.nAdditions)throw new Error(`Invalid witness length. Circuit: ${s.nVars}, witness: ${n.nWitness}, ${s.nAdditions}`);const c=s.curve,d=c.Fr,u=c.Fr.n8,g=2*c.G1.F.n8,f=s.domainSize*u;a&&(a.info("----------------------------"),a.info(" FFLONK PROVE SETTINGS"),a.info(` Curve: ${c.name}`),a.info(` Circuit power: ${s.power}`),a.info(` Domain size: ${s.domainSize}`),a.info(` Vars: ${s.nVars}`),a.info(` Public vars: ${s.nPublic}`),a.info(` Constraints: ${s.nConstraints}`),a.info(` Additions: ${s.nAdditions}`),a.info("----------------------------")),a&&a.info("> Reading witness file data");const h=await Va(i,o,2);await i.close(),h.set(d.zero,0);const _=new Se(s.nAdditions*u);let p={},m={},w={},L={},b={},y={},A=new kn(c,a);a&&a.info(`> Reading Section ${to}. Additions`),await async function(){a&&a.info("··· Computing additions");const t=await Va(l,r,to),e=8+2*u;for(let i=0;i Reading Sections ${co},${uo},${go}. Sigma1, Sigma2 & Sigma 3`),a&&a.info("··· Reading Sigma polynomials "),m.Sigma1=new nl(new Se(f),c,a),m.Sigma2=new nl(new Se(f),c,a),m.Sigma3=new nl(new Se(f),c,a),await l.readToBuffer(m.Sigma1.coef,0,f,r[co][0].p),await l.readToBuffer(m.Sigma2.coef,0,f,r[uo][0].p),await l.readToBuffer(m.Sigma3.coef,0,f,r[go][0].p),a&&a.info("··· Reading Sigma evaluations"),w.Sigma1=new ll(new Se(4*f),c,a),w.Sigma2=new ll(new Se(4*f),c,a),w.Sigma3=new ll(new Se(4*f),c,a),await l.readToBuffer(w.Sigma1.eval,0,4*f,r[co][0].p+f),await l.readToBuffer(w.Sigma2.eval,0,4*f,r[uo][0].p+f),await l.readToBuffer(w.Sigma3.eval,0,4*f,r[go][0].p+f),a&&a.info(`> Reading Section ${ho}. Powers of Tau`);const C=new Se(16*s.domainSize*g);await l.readToBuffer(C,0,(9*s.domainSize+18)*g,r[ho][0].p),globalThis.gc&&globalThis.gc(),a&&a.info(""),a&&a.info("> ROUND 1"),await async function(){b.b=[];for(let t=1;t<=9;t++)b.b[t]=d.random();a&&a.info("> Computing A, B, C wire polynomials");await async function(){a&&a.info("··· Reading data from zkey file");p.A=new Se(f),p.B=new Se(f),p.C=new Se(f);const t=await Va(l,r,eo),e=await Va(l,r,ao),i=await Va(l,r,io);for(let a=0;a=s.domainSize)throw new Error("A Polynomial is not well calculated");if(m.B.degree()>=s.domainSize)throw new Error("B Polynomial is not well calculated");if(m.C.degree()>=s.domainSize)throw new Error("C Polynomial is not well calculated")}(),a&&a.info("> Computing T0 polynomial");await async function(){a&&a.info(`··· Reading sections ${oo}, ${no}, ${lo}, ${ro}, ${so}. Q selectors`);w.QL=new ll(new Se(4*f),c,a),w.QR=new ll(new Se(4*f),c,a),w.QM=new ll(new Se(4*f),c,a),w.QO=new ll(new Se(4*f),c,a),w.QC=new ll(new Se(4*f),c,a),await l.readToBuffer(w.QL.eval,0,4*f,r[oo][0].p+f),await l.readToBuffer(w.QR.eval,0,4*f,r[no][0].p+f),await l.readToBuffer(w.QM.eval,0,4*f,r[lo][0].p+f),await l.readToBuffer(w.QO.eval,0,4*f,r[ro][0].p+f),await l.readToBuffer(w.QC.eval,0,4*f,r[so][0].p+f);const t=await Va(l,r,fo);w.lagrange1=new ll(t,c,a),p.T0=new Se(4*f),a&&a.info("··· Computing T0 evaluations");for(let t=0;t<4*s.domainSize;t++){a&&0!==t&&t%1e5==0&&a.info(` T0 evaluation ${t}/${4*s.domainSize}`);const e=w.A.getEvaluation(t),i=w.B.getEvaluation(t),o=w.C.getEvaluation(t),n=w.QL.getEvaluation(t),l=w.QR.getEvaluation(t),r=w.QM.getEvaluation(t),c=w.QO.getEvaluation(t),g=w.QC.getEvaluation(t);let f=d.zero;for(let e=0;e=2*s.domainSize-2)throw new Error(`T0 Polynomial is not well calculated (degree is ${m.T0.degree()} and must be less than ${2*s.domainSize+2}`);delete p.T0}(),a&&a.info("> Computing C1 polynomial");await async function(){let t=new wl(4,c,a);if(t.addPolynomial(0,m.A),t.addPolynomial(1,m.B),t.addPolynomial(2,m.C),t.addPolynomial(3,m.T0),m.C1=t.getPolynomial(),m.C1.degree()>=8*s.domainSize-8)throw new Error("C1 Polynomial is not well calculated")}(),a&&a.info("> Computing C1 multi exponentiation");let t=await m.C1.multiExponentiation(C,"C1");return A.addPolynomial("C1",t),0}(),delete m.T0,delete w.QL,delete w.QR,delete w.QM,delete w.QO,delete w.QC,globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 2"),await async function(){a&&a.info("> Computing challenges beta and gamma");const t=new Vn(c);t.addPolCommitment(s.C0);for(let e=0;e Computing Z polynomial");await async function(){a&&a.info("··· Computing Z evaluations");let t=new Se(f),e=new Se(f);t.set(d.one,0),e.set(d.one,0);let i=d.one;for(let o=0;o=s.domainSize+3)throw new Error("Z Polynomial is not well calculated");delete p.Z}(),a&&a.info("> Computing T1 polynomial");await async function(){a&&a.info("··· Computing T1 evaluations");p.T1=new Se(2*f),p.T1z=new Se(2*f);let t=d.one;for(let e=0;e<2*s.domainSize;e++){a&&0!==e&&e%1e5==0&&a.info(` T1 evaluation ${e}/${4*s.domainSize}`);const i=d.square(t),o=w.Z.getEvaluation(2*e),n=d.add(d.add(d.mul(b.b[7],i),d.mul(b.b[8],t)),b.b[9]),l=w.lagrange1.getEvaluation(s.domainSize+2*e);let r=d.mul(d.sub(o,d.one),l),c=d.mul(n,l);p.T1.set(r,e*u),p.T1z.set(c,e*u),t=d.mul(t,d.w[s.power+1])}a&&a.info("··· Computing T1 ifft");m.T1=await nl.fromEvaluations(p.T1,c,a),m.T1.divByZerofier(s.domainSize,d.one),a&&a.info("··· Computing T1z ifft");if(m.T1z=await nl.fromEvaluations(p.T1z,c,a),m.T1.add(m.T1z),m.T1.degree()>=s.domainSize+2)throw new Error("T1 Polynomial is not well calculated");delete p.T1,delete p.T1z,delete m.T1z}(),a&&a.info("> Computing T2 polynomial");await async function(){a&&a.info("··· Computing T2 evaluations");p.T2=new Se(4*f),p.T2z=new Se(4*f);let t=d.one;for(let e=0;e<4*s.domainSize;e++){a&&0!==e&&e%1e5==0&&a.info(` T2 evaluation ${e}/${4*s.domainSize}`);const i=d.square(t),o=d.mul(t,d.w[s.power]),n=d.square(o),l=w.A.getEvaluation(e),r=w.B.getEvaluation(e),c=w.C.getEvaluation(e),g=w.Z.getEvaluation(e),f=w.Z.getEvaluation((4*s.domainSize+4+e)%(4*s.domainSize)),h=d.add(d.add(d.mul(b.b[7],i),d.mul(b.b[8],t)),b.b[9]),_=d.add(d.add(d.mul(b.b[7],n),d.mul(b.b[8],o)),b.b[9]),m=w.Sigma1.getEvaluation(e),L=w.Sigma2.getEvaluation(e),y=w.Sigma3.getEvaluation(e),A=d.mul(b.beta,t);let C=d.add(l,A);C=d.add(C,b.gamma);let I=d.add(r,d.mul(A,s.k1));I=d.add(I,b.gamma);let F=d.add(c,d.mul(A,s.k2));F=d.add(F,b.gamma);let x=d.mul(d.mul(d.mul(C,I),F),g),E=d.mul(d.mul(d.mul(C,I),F),h),v=d.add(l,d.mul(b.beta,m));v=d.add(v,b.gamma);let B=d.add(r,d.mul(b.beta,L));B=d.add(B,b.gamma);let S=d.add(c,d.mul(b.beta,y));S=d.add(S,b.gamma);let P=d.mul(d.mul(d.mul(v,B),S),f),G=d.mul(d.mul(d.mul(v,B),S),_),O=d.sub(x,P),T=d.sub(E,G);p.T2.set(O,e*u),p.T2z.set(T,e*u),t=d.mul(t,d.w[s.power+2])}a&&a.info("··· Computing T2 ifft");m.T2=await nl.fromEvaluations(p.T2,c,a),a&&a.info("··· Computing T2 / ZH");m.T2.divByZerofier(s.domainSize,d.one),a&&a.info("··· Computing T2z ifft");if(m.T2z=await nl.fromEvaluations(p.T2z,c,a),m.T2.add(m.T2z),m.T2.degree()>=3*s.domainSize)throw new Error("T2 Polynomial is not well calculated");delete p.T2,delete p.T2z,delete m.T2z}(),a&&a.info("> Computing C2 polynomial");await async function(){let t=new wl(3,c,a);if(t.addPolynomial(0,m.Z),t.addPolynomial(1,m.T1),t.addPolynomial(2,m.T2),m.C2=t.getPolynomial(),m.C2.degree()>=9*s.domainSize)throw new Error("C2 Polynomial is not well calculated")}(),a&&a.info("> Computing C2 multi exponentiation");let e=await m.C2.multiExponentiation(C,"C2");return A.addPolynomial("C2",e),0}(),delete p.A,delete p.B,delete p.C,delete w.A,delete w.B,delete w.C,delete w.Sigma1,delete w.Sigma2,delete w.Sigma3,delete w.lagrange1,delete w.Z,globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 3"),await async function(){a&&a.info("> Computing challenge xi");const t=new Vn(c);t.addScalar(b.gamma),t.addPolCommitment(A.getPolynomial("C2")),b.xiSeed=t.getChallenge();const e=d.square(b.xiSeed);y.w8=[],y.w8[0]=d.one;for(let t=1;t<8;t++)y.w8[t]=d.mul(y.w8[t-1],s.w8);y.w4=[],y.w4[0]=d.one;for(let t=1;t<4;t++)y.w4[t]=d.mul(y.w4[t-1],s.w4);y.w3=[],y.w3[0]=d.one,y.w3[1]=s.w3,y.w3[2]=d.square(s.w3),y.S0={},y.S0.h0w8=[],y.S0.h0w8[0]=d.mul(e,b.xiSeed);for(let t=1;t<8;t++)y.S0.h0w8[t]=d.mul(y.S0.h0w8[0],y.w8[t]);y.S1={},y.S1.h1w4=[],y.S1.h1w4[0]=d.square(y.S0.h0w8[0]);for(let t=1;t<4;t++)y.S1.h1w4[t]=d.mul(y.S1.h1w4[0],y.w4[t]);y.S2={},y.S2.h2w3=[],y.S2.h2w3[0]=d.mul(y.S1.h1w4[0],e),y.S2.h2w3[1]=d.mul(y.S2.h2w3[0],y.w3[1]),y.S2.h2w3[2]=d.mul(y.S2.h2w3[0],y.w3[2]),y.S2.h3w3=[],y.S2.h3w3[0]=d.mul(y.S2.h2w3[0],s.wr),y.S2.h3w3[1]=d.mul(y.S2.h3w3[0],y.w3[1]),y.S2.h3w3[2]=d.mul(y.S2.h3w3[0],y.w3[2]),b.xi=d.mul(d.square(y.S2.h2w3[0]),y.S2.h2w3[0]),a&&a.info("··· challenges.xi: "+d.toString(b.xi));m.QL=new nl(new Se(f),c,a),m.QR=new nl(new Se(f),c,a),m.QM=new nl(new Se(f),c,a),m.QO=new nl(new Se(f),c,a),m.QC=new nl(new Se(f),c,a),await l.readToBuffer(m.QL.coef,0,f,r[oo][0].p),await l.readToBuffer(m.QR.coef,0,f,r[no][0].p),await l.readToBuffer(m.QM.coef,0,f,r[lo][0].p),await l.readToBuffer(m.QO.coef,0,f,r[ro][0].p),await l.readToBuffer(m.QC.coef,0,f,r[so][0].p),a&&a.info("··· Computing evaluations");A.addEvaluation("ql",m.QL.evaluate(b.xi)),A.addEvaluation("qr",m.QR.evaluate(b.xi)),A.addEvaluation("qm",m.QM.evaluate(b.xi)),A.addEvaluation("qo",m.QO.evaluate(b.xi)),A.addEvaluation("qc",m.QC.evaluate(b.xi)),A.addEvaluation("s1",m.Sigma1.evaluate(b.xi)),A.addEvaluation("s2",m.Sigma2.evaluate(b.xi)),A.addEvaluation("s3",m.Sigma3.evaluate(b.xi)),A.addEvaluation("a",m.A.evaluate(b.xi)),A.addEvaluation("b",m.B.evaluate(b.xi)),A.addEvaluation("c",m.C.evaluate(b.xi)),A.addEvaluation("z",m.Z.evaluate(b.xi)),b.xiw=d.mul(b.xi,d.w[s.power]),A.addEvaluation("zw",m.Z.evaluate(b.xiw)),A.addEvaluation("t1w",m.T1.evaluate(b.xiw)),A.addEvaluation("t2w",m.T2.evaluate(b.xiw))}(),delete m.A,delete m.B,delete m.C,delete m.Z,delete m.T1,delete m.T2,delete m.Sigma1,delete m.Sigma2,delete m.Sigma3,delete m.QL,delete m.QR,delete m.QM,delete m.QC,delete m.QO,globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 4"),await async function(){a&&a.info("> Computing challenge alpha");const t=new Vn(c);t.addScalar(b.xiSeed),t.addScalar(A.getEvaluation("ql")),t.addScalar(A.getEvaluation("qr")),t.addScalar(A.getEvaluation("qm")),t.addScalar(A.getEvaluation("qo")),t.addScalar(A.getEvaluation("qc")),t.addScalar(A.getEvaluation("s1")),t.addScalar(A.getEvaluation("s2")),t.addScalar(A.getEvaluation("s3")),t.addScalar(A.getEvaluation("a")),t.addScalar(A.getEvaluation("b")),t.addScalar(A.getEvaluation("c")),t.addScalar(A.getEvaluation("z")),t.addScalar(A.getEvaluation("zw")),t.addScalar(A.getEvaluation("t1w")),t.addScalar(A.getEvaluation("t2w")),b.alpha=t.getChallenge(),a&&a.info("··· challenges.alpha: "+d.toString(b.alpha));a&&a.info("> Reading C0 polynomial");m.C0=new nl(new Se(8*f),c,a),await l.readToBuffer(m.C0.coef,0,8*f,r[_o][0].p),a&&a.info("> Computing R0 polynomial");(function(){if(m.R0=nl.lagrangePolynomialInterpolation([y.S0.h0w8[0],y.S0.h0w8[1],y.S0.h0w8[2],y.S0.h0w8[3],y.S0.h0w8[4],y.S0.h0w8[5],y.S0.h0w8[6],y.S0.h0w8[7]],[m.C0.evaluate(y.S0.h0w8[0]),m.C0.evaluate(y.S0.h0w8[1]),m.C0.evaluate(y.S0.h0w8[2]),m.C0.evaluate(y.S0.h0w8[3]),m.C0.evaluate(y.S0.h0w8[4]),m.C0.evaluate(y.S0.h0w8[5]),m.C0.evaluate(y.S0.h0w8[6]),m.C0.evaluate(y.S0.h0w8[7])],c),m.R0.degree()>7)throw new Error("R0 Polynomial is not well calculated")})(),a&&a.info("> Computing R1 polynomial");(function(){if(m.R1=nl.lagrangePolynomialInterpolation([y.S1.h1w4[0],y.S1.h1w4[1],y.S1.h1w4[2],y.S1.h1w4[3]],[m.C1.evaluate(y.S1.h1w4[0]),m.C1.evaluate(y.S1.h1w4[1]),m.C1.evaluate(y.S1.h1w4[2]),m.C1.evaluate(y.S1.h1w4[3])],c),m.R1.degree()>3)throw new Error("R1 Polynomial is not well calculated")})(),a&&a.info("> Computing R2 polynomial");(function(){if(m.R2=nl.lagrangePolynomialInterpolation([y.S2.h2w3[0],y.S2.h2w3[1],y.S2.h2w3[2],y.S2.h3w3[0],y.S2.h3w3[1],y.S2.h3w3[2]],[m.C2.evaluate(y.S2.h2w3[0]),m.C2.evaluate(y.S2.h2w3[1]),m.C2.evaluate(y.S2.h2w3[2]),m.C2.evaluate(y.S2.h3w3[0]),m.C2.evaluate(y.S2.h3w3[1]),m.C2.evaluate(y.S2.h3w3[2])],c),m.R2.degree()>5)throw new Error("R2 Polynomial is not well calculated")})(),a&&a.info("> Computing F polynomial");await async function(){a&&a.info("··· Computing F polynomial");m.F=nl.fromPolynomial(m.C0,c,a),m.F.sub(m.R0),m.F.divByZerofier(8,b.xi);let t=nl.fromPolynomial(m.C1,c,a);t.sub(m.R1),t.mulScalar(b.alpha),t.divByZerofier(4,b.xi);let e=nl.fromPolynomial(m.C2,c,a);if(e.sub(m.R2),e.mulScalar(d.square(b.alpha)),e.divByZerofier(3,b.xi),e.divByZerofier(3,b.xiw),m.F.add(t),m.F.add(e),m.F.degree()>=9*s.domainSize-6)throw new Error("F Polynomial is not well calculated")}(),a&&a.info("> Computing W1 multi exponentiation");let e=await m.F.multiExponentiation(C,"W1");return A.addPolynomial("W1",e),0}(),globalThis.gc&&globalThis.gc(),a&&a.info("> ROUND 5"),await async function(){a&&a.info("> Computing challenge y");const t=new Vn(c);t.addScalar(b.alpha),t.addPolCommitment(A.getPolynomial("W1")),b.y=t.getChallenge(),a&&a.info("··· challenges.y: "+d.toString(b.y));a&&a.info("> Computing L polynomial");await async function(){a&&a.info("··· Computing L polynomial");const t=m.R0.evaluate(b.y),e=m.R1.evaluate(b.y),i=m.R2.evaluate(b.y);let o=d.sub(b.y,y.S0.h0w8[0]);for(let t=1;t<8;t++)o=d.mul(o,d.sub(b.y,y.S0.h0w8[t]));let n=d.sub(b.y,y.S1.h1w4[0]);for(let t=1;t<4;t++)n=d.mul(n,d.sub(b.y,y.S1.h1w4[t]));let l=d.sub(b.y,y.S2.h2w3[0]);for(let t=1;t<3;t++)l=d.mul(l,d.sub(b.y,y.S2.h2w3[t]));for(let t=0;t<3;t++)l=d.mul(l,d.sub(b.y,y.S2.h3w3[t]));let r=d.mul(n,l),u=d.mul(b.alpha,d.mul(o,l)),g=d.mul(d.square(b.alpha),d.mul(o,n));L.denH1=n,L.denH2=l,m.L=nl.fromPolynomial(m.C0,c,a),m.L.subScalar(t),m.L.mulScalar(r);let f=nl.fromPolynomial(m.C1,c,a);f.subScalar(e),f.mulScalar(u);let h=nl.fromPolynomial(m.C2,c,a);h.subScalar(i),h.mulScalar(g),m.L.add(f),m.L.add(h),a&&a.info("> Computing ZT polynomial");await async function(){m.ZT=nl.zerofierPolynomial([y.S0.h0w8[0],y.S0.h0w8[1],y.S0.h0w8[2],y.S0.h0w8[3],y.S0.h0w8[4],y.S0.h0w8[5],y.S0.h0w8[6],y.S0.h0w8[7],y.S1.h1w4[0],y.S1.h1w4[1],y.S1.h1w4[2],y.S1.h1w4[3],y.S2.h2w3[0],y.S2.h2w3[1],y.S2.h2w3[2],y.S2.h3w3[0],y.S2.h3w3[1],y.S2.h3w3[2]],c)}();const _=m.ZT.evaluate(b.y);if(m.F.mulScalar(_),m.L.sub(m.F),m.L.degree()>=9*s.domainSize)throw new Error("L Polynomial is not well calculated");delete p.L}(),a&&a.info("> Computing ZTS2 polynomial");await async function(){m.ZTS2=nl.zerofierPolynomial([y.S1.h1w4[0],y.S1.h1w4[1],y.S1.h1w4[2],y.S1.h1w4[3],y.S2.h2w3[0],y.S2.h2w3[1],y.S2.h2w3[2],y.S2.h3w3[0],y.S2.h3w3[1],y.S2.h3w3[2]],c)}();let e=m.ZTS2.evaluate(b.y);e=d.inv(e),m.L.mulScalar(e);const i=nl.fromCoefficientsArray([d.neg(b.y),d.one],c);a&&a.info("> Computing W' = L / ZTS2 polynomial");const o=m.L.divBy(i);if(o.degree()>0)throw new Error(`Degree of L(X)/(ZTS2(y)(X-y)) remainder is ${o.degree()} and should be 0`);if(m.L.degree()>=9*s.domainSize-1)throw new Error("Degree of L(X)/(ZTS2(y)(X-y)) is not correct");a&&a.info("> Computing W' multi exponentiation");let n=await m.L.multiExponentiation(C,"W2");return A.addPolynomial("W2",n),0}(),delete m.C0,delete m.C1,delete m.C2,delete m.R1,delete m.R2,delete m.F,delete m.L,delete m.ZT,delete m.ZTS2,await l.close(),globalThis.gc&&globalThis.gc(),A.addEvaluation("inv",function(){let t=b.xi;for(let e=0;e Reading PTau file");const{fd:o,sections:n}=await za(e,"ptau",1);if(!n[12])throw new Error("Powers of Tau is not well prepared. Section 12 missing.");i&&i.info("> Getting curve from PTau settings");const{curve:l}=await Wo(o,n);i&&i.info("> Reading r1cs file");const{fd:r,sections:s}=await za(t,"r1cs",1),c=await wn(r,s,{loadConstraints:!1,loadCustomGates:!0});if(c.prime!==l.r)throw new Error("r1cs curve does not match powers of tau ceremony curve");const d=l.Fr,u=l.Fr.n8,g=2*l.G1.F.n8,f=2*l.G2.F.n8;let h,_={},p={},m={nVars:c.nVars,nPublic:c.nOutputs+c.nPubInputs};const w=new Bn;let L=new Bn;if(i&&i.info("> Processing FFlonk constraints"),await async function(t,e,a){for(let e=0;e computing k1 and k2");const[b,y]=function(){let t=d.two;for(;a(t,[],m.cirPower);)d.add(t,d.one);let e=d.add(t,d.one);for(;a(e,[t],m.cirPower);)d.add(e,d.one);return[t,e];function a(t,e,a){const i=2**a;let o=d.one;for(let n=0;n computing w3");const A=function(){let t=d.e(31624),e=ga.div(3648040478639879203707734290876212514758060733402672390616367364429301415936n,ga.e(3));return d.exp(t,e)}();i&&i.info("> computing w4");const C=d.w[2];i&&i.info("> computing w8");const I=d.w[3];i&&i.info("> computing wr");const F=function(t,e){const a=e.e(467799165886069610036046866799264026481344299079011762026774533774345988080n);return e.exp(a,2**(28-t))}(m.cirPower,l.Fr);return await async function(){i&&i.info("> Writing the zkey file");const t=await Qa(a,"zkey",1,17,1<<22,1<<24);i&&i.info("··· Writing Section 1. Zkey Header");await async function(t){await qa(t,1),await t.writeULE32(Ji),await Ma(t)}(t),i&&i.info(`··· Writing Section ${to}. Additions`);await async function(t){await qa(t,to);const e=new Uint8Array(8+2*u),a=new DataView(e.buffer);for(let o=0;o=8*m.domainSize)throw new Error("C0 Polynomial is not well calculated");await qa(t,_o),await t.write(_.C0.coef),await Ma(t)}(t),globalThis.gc&&globalThis.gc();i&&i.info(`··· Writing Section ${Xi}. FFlonk Header`);await async function(t){await qa(t,Xi);const e=l.q,a=8*(Math.floor((ga.bitLength(e)-1)/64)+1);await t.writeULE32(a),await Da(t,e,a);const i=l.r,r=8*(Math.floor((ga.bitLength(i)-1)/64)+1);let s;await t.writeULE32(r),await Da(t,i,r),await t.writeULE32(m.nVars),await t.writeULE32(m.nPublic),await t.writeULE32(m.domainSize),await t.writeULE32(L.length),await t.writeULE32(w.length),await t.write(b),await t.write(y),await t.write(A),await t.write(C),await t.write(I),await t.write(F),s=await o.read(f,n[3][0].p+f),await t.write(s);let c=await _.C0.multiExponentiation(h,"C0");await t.write(c),await Ma(t)}(t),globalThis.gc&&globalThis.gc();i&&i.info("> Writing the zkey file finished");await t.close()}(),await r.close(),await o.close(),i&&i.info("FFLONK SETUP FINISHED"),0;async function x(t,e,a,o){await qa(t,e);for(let e=0;e Checking commitments belong to G1"),!function(t,e,a){const i=t.G1;return i.isValid(e.polynomials.C1)&&i.isValid(e.polynomials.C2)&&i.isValid(e.polynomials.W1)&&i.isValid(e.polynomials.W2)&&i.isValid(a.C0)}(o,l,n))return i&&i.error("Proof commitments are not valid"),!1;if(i&&i.info("> Checking evaluations belong to F"),!function(t,e){return Il(t,e.evaluations.ql)&&Il(t,e.evaluations.qr)&&Il(t,e.evaluations.qm)&&Il(t,e.evaluations.qo)&&Il(t,e.evaluations.qc)&&Il(t,e.evaluations.s1)&&Il(t,e.evaluations.s2)&&Il(t,e.evaluations.s3)&&Il(t,e.evaluations.a)&&Il(t,e.evaluations.b)&&Il(t,e.evaluations.c)&&Il(t,e.evaluations.z)&&Il(t,e.evaluations.zw)&&Il(t,e.evaluations.t1w)&&Il(t,e.evaluations.t2w)}(o,l))return i&&i.error("Proof evaluations are not valid."),!1;if(i&&i.info("> Checking public inputs belong to F"),!function(t,e){for(let a=0;a Computing challenges");const{challenges:c,roots:d}=function(t,e,a,i,o){const n=t.Fr,l={},r={},s=new Vn(t);s.addPolCommitment(a.C0);for(let t=0;t Computing Zero polynomial evaluation Z_H(xi)"),c.zh=s.sub(c.xiN,s.one),c.invzh=s.inv(c.zh),i&&i.info("> Computing Lagrange evaluations");const u=await async function(t,e,a){const i=t.Fr,o=Math.max(1,a.nPublic),n=new Se(o*i.n8);let l=new Se(o*i.n8),r=i.one;for(let t=0;t Computing polynomial identities PI(X)");const g=function(t,e,a){const i=t.Fr;let o=i.zero;for(let t=0;t Computing r0(y)");const f=function(t,e,a,i,o){const n=i.Fr,l=Fl(a.S0.h0w8,e.y,e.xi,i);o&&o.info("··· Computing r0(y)");let r=n.zero;for(let e=0;e<8;e++){let i=[];i[1]=a.S0.h0w8[e];for(let t=2;t<8;t++)i[t]=n.mul(i[t-1],a.S0.h0w8[e]);let o=n.add(t.evaluations.ql,n.mul(t.evaluations.qr,i[1]));o=n.add(o,n.mul(t.evaluations.qo,i[2])),o=n.add(o,n.mul(t.evaluations.qm,i[3])),o=n.add(o,n.mul(t.evaluations.qc,i[4])),o=n.add(o,n.mul(t.evaluations.s1,i[5])),o=n.add(o,n.mul(t.evaluations.s2,i[6])),o=n.add(o,n.mul(t.evaluations.s3,i[7])),r=n.add(r,n.mul(o,l[e]))}return r}(l,c,d,o,i);i&&i.info("> Computing r1(y)");const h=function(t,e,a,i,o,n){const l=o.Fr,r=Fl(a.S1.h1w4,e.y,e.xi,o);n&&n.info("··· Computing T0(xi)");let s=l.mul(t.evaluations.ql,t.evaluations.a);s=l.add(s,l.mul(t.evaluations.qr,t.evaluations.b)),s=l.add(s,l.mul(t.evaluations.qm,l.mul(t.evaluations.a,t.evaluations.b))),s=l.add(s,l.mul(t.evaluations.qo,t.evaluations.c)),s=l.add(s,t.evaluations.qc),s=l.add(s,i),s=l.mul(s,e.invzh),n&&n.info("··· Computing C1(h_1ω_4^i) values");let c=l.zero;for(let e=0;e<4;e++){let i=t.evaluations.a;i=l.add(i,l.mul(a.S1.h1w4[e],t.evaluations.b));const o=l.square(a.S1.h1w4[e]);i=l.add(i,l.mul(o,t.evaluations.c)),i=l.add(i,l.mul(l.mul(o,a.S1.h1w4[e]),s)),c=l.add(c,l.mul(i,r[e]))}return c}(l,c,d,g,o,i);i&&i.info("> Computing r2(y)");const _=function(t,e,a,i,o,n,l){const r=n.Fr,s=function(t,e,a,i,o){const n=o.Fr,l=[],r=t[0].length,s=r*t.length,c=n.exp(e,s),d=n.mul(n.add(a,i),n.exp(e,r)),u=n.mul(a,i),g=n.add(n.sub(c,d),u);let f=n.mul(n.mul(n.e(r),t[0][0]),n.sub(a,i));for(let a=0;a Computing F");const p=function(t,e,a,i,o){const n=t.G1,l=t.Fr;let r=l.sub(i.y,o.S0.h0w8[0]);for(let t=1;t<8;t++)r=l.mul(r,l.sub(i.y,o.S0.h0w8[t]));i.temp=r;let s=l.sub(i.y,o.S1.h1w4[0]);for(let t=1;t<4;t++)s=l.mul(s,l.sub(i.y,o.S1.h1w4[t]));let c=l.sub(i.y,o.S2.h2w3[0]);for(let t=1;t<3;t++)c=l.mul(c,l.sub(i.y,o.S2.h2w3[t]));for(let t=0;t<3;t++)c=l.mul(c,l.sub(i.y,o.S2.h3w3[t]));i.quotient1=l.mul(i.alpha,l.div(r,s)),i.quotient2=l.mul(l.square(i.alpha),l.div(r,c));let d=n.timesFr(e.polynomials.C1,i.quotient1),u=n.timesFr(e.polynomials.C2,i.quotient2);return n.add(a.C0,n.add(d,u))}(o,l,n,c,d);i&&i.info("> Computing E");const m=function(t,e,a,i,o,n,l){const r=t.G1,s=t.Fr;let c=s.mul(n,a.quotient1),d=s.mul(l,a.quotient2);return r.timesFr(r.one,s.add(o,s.add(c,d)))}(o,0,c,0,f,h,_);i&&i.info("> Computing J");const w=function(t,e,a){const i=t.G1;return i.timesFr(e.polynomials.W1,a.temp)}(o,l,c);i&&i.info("> Validate all evaluations with a pairing");const L=await async function(t,e,a,i,o,n,l){const r=t.G1;let s=r.timesFr(e.polynomials.W2,a.y);s=r.add(r.sub(r.sub(o,n),l),s);const c=t.G2.one,d=e.polynomials.W2,u=i.X_2;return await t.pairingEq(r.neg(s),c,d,u)}(o,l,c,n,p,m,w);return i&&(L?i.info("PROOF VERIFIED SUCCESSFULLY"):i.warn("Invalid Proof")),i&&i.info("FFLONK VERIFIER FINISHED"),L},exportSolidityVerifier:qn,exportSolidityCallData:async function(t,e){const a=xl(e),i=xl(t),o=await Xa(a.curve);o.G1,o.Fr;let n="";for(let t=0;t", - description: "Generate diferent powers of tau with smoller sizes ", + description: "Generate different powers of tau with smaller sizes ", longDescription: " This process generates smaller ptau files from a bigger power ptau", alias: ["ptt"], options: "-verbose|v", @@ -175,7 +175,7 @@ const commands = [ }, { cmd: "wtns check [circuit.r1cs] [[witness.wtns]", - description: "Check if a specific witness of a circuit fullfills the r1cs constraints", + description: "Check if a specific witness of a circuit fulfills the r1cs constraints", alias: ["wchk"], action: wtnsCheck }, @@ -366,7 +366,7 @@ TODO COMMANDS }, { cmd: "witness verify ", - description: "Verify a witness agains a r1cs", + description: "Verify a witness against a r1cs", alias: ["wv"], action: witnessVerify }, diff --git a/package.json b/package.json index 83f61444..e1ee5cd6 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "zcash", "ethereum", "zero", - "knowlage", + "knowledge", "cryptography", "circuit" ], diff --git a/smart_contract_tests/test/smart_contracts.test.js b/smart_contract_tests/test/smart_contracts.test.js index 54619251..d24f8bcf 100644 --- a/smart_contract_tests/test/smart_contracts.test.js +++ b/smart_contract_tests/test/smart_contracts.test.js @@ -157,7 +157,7 @@ describe("Smart contracts test suite", function () { const VerifierFactory = await ethers.getContractFactory("PlonkVerifier"); verifierContract = await VerifierFactory.deploy(); - // Verifiy the proof in the smart contract + // Verify the proof in the smart contract const proof = [ ethers.utils.hexZeroPad(ethers.BigNumber.from(proofJson.A[0]).toHexString(), 32), @@ -209,7 +209,7 @@ describe("Smart contracts test suite", function () { const VerifierFactory = await ethers.getContractFactory("FflonkVerifier"); verifierContract = await VerifierFactory.deploy(); - // Verifiy the proof in the smart contract + // Verify the proof in the smart contract const { evaluations, polynomials } = proofJson; const proof = diff --git a/src/clprocessor.js b/src/clprocessor.js index 56cc1a80..f1561415 100644 --- a/src/clprocessor.js +++ b/src/clprocessor.js @@ -221,7 +221,7 @@ export default async function clProcessor(commands) { console.log(""); console.log("Usage:"); console.log(" snarkjs ... "); - console.log(" or snarkjs ... "); + console.log(" or snarkjs ... "); console.log(""); console.log("Type snarkjs --help to get more information for that command"); console.log(""); diff --git a/src/fflonk_setup.js b/src/fflonk_setup.js index a1a508ef..76e34499 100644 --- a/src/fflonk_setup.js +++ b/src/fflonk_setup.js @@ -106,7 +106,7 @@ export default async function fflonkSetup(r1csFilename, ptauFilename, zkeyFilena await computeFFConstraints(curve.Fr, r1cs, logger); if (globalThis.gc) globalThis.gc(); - // As the t polynomial is n+5 whe need at least a power of 4 + // As the t polynomial is n+5 we need at least a power of 4 //TODO check!!!! // NOTE : plonkConstraints + 2 = #constraints + blinding coefficients for each wire polynomial settings.cirPower = Math.max(FF_T_POL_DEG_MIN, log2((plonkConstraints.length + 2) - 1) + 1); diff --git a/src/groth16_prove.js b/src/groth16_prove.js index b3453044..deac9133 100644 --- a/src/groth16_prove.js +++ b/src/groth16_prove.js @@ -187,7 +187,7 @@ async function buildABC1(curve, zkey, witness, coeffs, logger) { } /* -async function buldABC(curve, zkey, witness, coeffs, logger) { +async function buildABC(curve, zkey, witness, coeffs, logger) { const concurrency = curve.tm.concurrency; const sCoef = 4*3 + zkey.n8r; diff --git a/src/mpc_applykey.js b/src/mpc_applykey.js index edd958c4..f2f23145 100644 --- a/src/mpc_applykey.js +++ b/src/mpc_applykey.js @@ -21,7 +21,7 @@ import * as binFileUtils from "@iden3/binfileutils"; /* This function creates a new section in the fdTo file with id idSection. - It multiplies the pooints in fdFrom by first, first*inc, first*inc^2, .... + It multiplies the points in fdFrom by first, first*inc, first*inc^2, .... nPoint Times. It also updates the newChallengeHasher with the new points */ diff --git a/src/plonk_setup.js b/src/plonk_setup.js index 59945337..bcbb3342 100644 --- a/src/plonk_setup.js +++ b/src/plonk_setup.js @@ -75,7 +75,7 @@ export default async function plonkSetup(r1csName, ptauName, zkeyName, logger) { } let cirPower = log2(plonkConstraints.length -1) +1; - if (cirPower < 3) cirPower = 3; // As the t polinomal is n+5 whe need at least a power of 4 + if (cirPower < 3) cirPower = 3; // As the t polynomial is n+5 we need at least a power of 4 const domainSize = 2 ** cirPower; if (logger) logger.info("Plonk constraints: " + plonkConstraints.length); @@ -343,8 +343,8 @@ export default async function plonkSetup(r1csName, ptauName, zkeyName, logger) { let o=0; buffOutV.setUint32(o, addition[0], true); o+=4; buffOutV.setUint32(o, addition[1], true); o+=4; - // The value is storen in Montgomery. stored = v*R - // so when montgomery multiplicated by the witness it result = v*R*w/R = v*w + // The value is stored in Montgomery. stored = v*R + // so when montgomery multiplied by the witness, it's result = v*R*w/R = v*w buffOut.set(addition[2], o); o+= n8r; buffOut.set(addition[3], o); o+= n8r; await fdZKey.write(buffOut); diff --git a/src/powersoftau_beacon.js b/src/powersoftau_beacon.js index 5c4d13d8..55f1314a 100644 --- a/src/powersoftau_beacon.js +++ b/src/powersoftau_beacon.js @@ -31,7 +31,7 @@ export default async function beacon(oldPtauFilename, newPTauFilename, name, be return false; } if (beaconHash.length>=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } diff --git a/src/powersoftau_challenge_contribute.js b/src/powersoftau_challenge_contribute.js index e496879a..54d711fc 100644 --- a/src/powersoftau_challenge_contribute.js +++ b/src/powersoftau_challenge_contribute.js @@ -42,7 +42,7 @@ import * as misc from "./misc.js"; import { applyKeyToChallengeSection } from "./mpc_applykey.js"; import * as keyPair from "./keypair.js"; -export default async function challengeContribute(curve, challengeFilename, responesFileName, entropy, logger) { +export default async function challengeContribute(curve, challengeFilename, responseFileName, entropy, logger) { await Blake2b.ready(); const fdFrom = await fastFile.readExisting(challengeFilename); @@ -63,7 +63,7 @@ export default async function challengeContribute(curve, challengeFilename, resp const rng = await misc.getRandomRng(entropy); - const fdTo = await fastFile.createOverride(responesFileName); + const fdTo = await fastFile.createOverride(responseFileName); // Calculate the hash const challengeHasher = Blake2b(64); diff --git a/src/powersoftau_import.js b/src/powersoftau_import.js index 12763e31..188d2a05 100644 --- a/src/powersoftau_import.js +++ b/src/powersoftau_import.js @@ -38,9 +38,9 @@ export default async function importResponse(oldPtauFilename, contributionFilena if (name) currentContribution.name = name; const sG1 = curve.F1.n8*2; - const scG1 = curve.F1.n8; // Compresed size + const scG1 = curve.F1.n8; // Compressed size const sG2 = curve.F2.n8*2; - const scG2 = curve.F2.n8; // Compresed size + const scG2 = curve.F2.n8; // Compressed size const fdResponse = await fastFile.readExisting(contributionFilename); @@ -73,7 +73,7 @@ export default async function importResponse(oldPtauFilename, contributionFilena } if(!misc.hashIsEqual(contributionPreviousHash,lastChallengeHash)) - throw new Error("Wrong contribution. this contribution is not based on the previus hash"); + throw new Error("Wrong contribution. This contribution is not based on the previous hash"); const hasherResponse = new Blake2b(64); hasherResponse.update(contributionPreviousHash); diff --git a/src/powersoftau_utils.js b/src/powersoftau_utils.js index 84cb3db5..b793db71 100644 --- a/src/powersoftau_utils.js +++ b/src/powersoftau_utils.js @@ -203,7 +203,7 @@ async function readContribution(fd, curve) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; diff --git a/src/wtns_check.js b/src/wtns_check.js index 4f53a7fc..23c584c3 100644 --- a/src/wtns_check.js +++ b/src/wtns_check.js @@ -61,7 +61,7 @@ export default async function wtnsCheck(r1csFilename, wtnsFilename, logger) { logger.info(" WITNESS CHECK"); logger.info(` Curve: ${r1cs.curve.name}`); logger.info(` Vars (wires): ${r1cs.nVars}`); - logger.info(` Ouputs: ${r1cs.nOutputs}`); + logger.info(` Outputs: ${r1cs.nOutputs}`); logger.info(` Public Inputs: ${r1cs.nPubInputs}`); logger.info(` Private Inputs: ${r1cs.nPrvInputs}`); logger.info(` Labels: ${r1cs.nLabels}`); diff --git a/src/zkey_beacon.js b/src/zkey_beacon.js index 74172644..0b0e27b3 100644 --- a/src/zkey_beacon.js +++ b/src/zkey_beacon.js @@ -38,7 +38,7 @@ export default async function beacon(zkeyNameOld, zkeyNameNew, name, beaconHashS return false; } if (beaconHash.length>=256) { - if (logger) logger.error("Maximum lenght of beacon hash is 255 bytes"); + if (logger) logger.error("Maximum length of beacon hash is 255 bytes"); return false; } @@ -124,9 +124,9 @@ export default async function beacon(zkeyNameOld, zkeyNameNew, name, beaconHashS const contributionHasher = Blake2b(64); utils.hashPubKey(contributionHasher, curve, curContribution); - const contribuionHash = contributionHasher.digest(); + const contributionHash = contributionHasher.digest(); - if (logger) logger.info(misc.formatHash(contribuionHash, "Contribution Hash: ")); + if (logger) logger.info(misc.formatHash(contributionHash, "Contribution Hash: ")); - return contribuionHash; + return contributionHash; } diff --git a/src/zkey_bellman_contribute.js b/src/zkey_bellman_contribute.js index 93d3915d..10475078 100644 --- a/src/zkey_bellman_contribute.js +++ b/src/zkey_bellman_contribute.js @@ -43,7 +43,7 @@ import { applyKeyToChallengeSection } from "./mpc_applykey.js"; import { hashPubKey } from "./zkey_utils.js"; import { hashToG2 as hashToG2 } from "./keypair.js"; -export default async function bellmanContribute(curve, challengeFilename, responesFileName, entropy, logger) { +export default async function bellmanContribute(curve, challengeFilename, responseFileName, entropy, logger) { await Blake2b.ready(); const rng = await misc.getRandomRng(entropy); @@ -55,7 +55,7 @@ export default async function bellmanContribute(curve, challengeFilename, respon const sG2 = curve.G2.F.n8*2; const fdFrom = await fastFile.readExisting(challengeFilename); - const fdTo = await fastFile.createOverride(responesFileName); + const fdTo = await fastFile.createOverride(responseFileName); await copy(sG1); // alpha1 @@ -110,9 +110,9 @@ export default async function bellmanContribute(curve, challengeFilename, respon mpcParams.csHash = await fdFrom.read(64); transcriptHasher.update(mpcParams.csHash); - const nConttributions = await fdFrom.readUBE32(); + const nContributions = await fdFrom.readUBE32(); mpcParams.contributions = []; - for (let i=0; i c.matrix<2); @@ -479,7 +479,7 @@ async function readContribution(fd, curve, toObject) { } } if (fd.pos != curPos + paramLength) { - throw new Error("Parametes do not match"); + throw new Error("Parameters do not match"); } return c; diff --git a/src/zkey_verify_frominit.js b/src/zkey_verify_frominit.js index 56a7fd4e..61f99b50 100644 --- a/src/zkey_verify_frominit.js +++ b/src/zkey_verify_frominit.js @@ -293,20 +293,20 @@ export default async function phase2verifyFromInit(initFileName, pTauFileName, z let R1 = G.zero; for (let i=0; i degree 0 + // buffer with 3 coefficients, the two greatest are zero => degree 0 buff = new Uint8Array(96); buff.set(curve.Fr.random(), 0); buff.set(curve.Fr.zero, 32);