Skip to content

2.0.0
Compare
Choose a tag to compare
@paulmillr paulmillr released this 24 Mar 10:03
· 76 commits to main since this release
2.0.0
This tag was signed with the committer’s verified signature.
paulmillr Paul Miller
GPG key ID: 697079DA6878B89B
Learn about vigilant mode.
12137de
This commit was signed with the committer’s verified signature.
paulmillr Paul Miller
GPG key ID: 697079DA6878B89B
Learn about vigilant mode.

v2 features improved security and smaller attack surface.
The goal of v2 is to provide minimum possible JS library which is safe and fast.

That means the library was reduced 4x, to just over 300 lines. Library size is now less than 4KB.
In order to achieve the goal, some features were moved to noble-curves,
which is even safer and faster drop-in replacement library with same API.
Switch to curves if you intend to keep using these features:

  • x25519 / curve25519 / getSharedSecret
  • ristretto255 / RistrettoPoint
  • Using utils.precompute() for non-base point
  • Support for environments which don't support bigint literals
  • Common.js support
  • Support for node.js 18 and older without shim

Other changes for upgrading from @noble/ed25519 1.7 to 2.0:

  • Methods are now sync by default; use getPublicKeyAsync, signAsync, verifyAsync for async versions
  • bigint is no longer allowed in getPublicKey, sign, verify. Reason: ed25519 is LE, can lead to bugs
  • Point (2d xy) has been changed to ExtendedPoint (xyzt)
  • Signature was removed: just use raw bytes or hex now
  • utils were split into utils (same api as in noble-curves) and
    etc (sha512Sync and others)

Pull request: #76

Full Changelog: 1.7.3...2.0.0

Assets 4
Loading