Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

web3.js: Investigate replacement for tweetnacl #26933

Closed
Tracked by #1103
steveluscher opened this issue Aug 4, 2022 · 4 comments · Fixed by #27435
Closed
Tracked by #1103

web3.js: Investigate replacement for tweetnacl #26933

steveluscher opened this issue Aug 4, 2022 · 4 comments · Fixed by #27435

Comments

@steveluscher
Copy link
Contributor

steveluscher commented Aug 4, 2022
edited
Loading

Overview

This is the ed25519 library that we use to:

  • generate keypairs
  • sign and verify messages

Properties:

  • No dependencies
  • Audited
  • 10.5K gzipped
  • side effects in module factory
  • not tree-shakeable
  • compatible with React Native

image

Alternatives (ruled out)

@noble/ed25519

Properties:

  • No dependencies
  • Audited
  • 5.4kb gzipped
  • side effects in module factory
  • not tree-shakeable because of side effects in module factory
  • not compatible with React Native because of dependency on SubtleCrypto
  • not compatible with current API because sign() returns a Promise

image

dazoe/ed25519

Does not run in browser.

supercop.js

Is >130KB

nazar-pc/supercop.wasm

Introduces asynchronicity because of WASM initialization step.

nkeys.js

Just a wrapper around tweetnacl.

substack/ed25519-supercop

Does not run in browser.

xwi88/crypto

Just a wrapper around tweetnacl.

BENMFeng/Ed25519_DS

Just a wrapper around tweetnacl.

skorotkiewicz/ed25519-keys

Is >45KB
@paulmillr paulmillr mentioned this issue Feb 1, 2023
Closed
5 tasks
@paulmillr
Copy link

Even if you replace sha512, SubtleCrypto would still be a requirement, for CSPRNG. You can't use ed25519 without CSPRNG.

It's either subtle crypto, or node.js built-in, which is replaced by crypto-browserify.

@steveluscher
Copy link
Contributor Author

SubtleCrypto is not actually a requirement for React Native. In React Native, we supply a shim to what’s called a Native Module, that in turn delegates to the native RNG on iOS or Android respectively.

@paulmillr
Copy link

So if it's "shimmed", sha512 could also be shimmed. In node.js noble-ed25519 uses the same crypto module which provides csprng.

@paulmillr
Copy link

I've went ahead and decided to add sync support to ed25519. It took one commit paulmillr/noble-ed25519@d6263e0, 50 lines of code and a few hours of work.

Usage is as following:

import { sha512 } from '@noble/hashes/sha512';
ed.utils.sha512Sync = (...m) => sha512(ed.utils.concatBytes(...m));
const { getPublicKey, sign, verify, getExtendedPublicKey } = ed.sync;
// Use it freely
getPublicKey(privKey);

@steveluscher steveluscher mentioned this issue Aug 28, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[web3.js] Replace tweetnacl impl
3 participants
@steveluscher @paulmillr and others