Fastest 4KB JS implementation of secp256k1 signatures and ECDH
MIT License
Bot releases are hidden (Show)
This release comes one year after v2.0.0, following rare update schedule for easy auditability.
SignatureWithRecovery
Full Changelog: https://github.com/paulmillr/noble-secp256k1/compare/2.0.0...2.1.0
Published by paulmillr over 1 year ago
noble-secp256k1 v2 features improved security and smaller attack surface.
The goal of v2 is to provide minimum possible JS library which is safe and fast.
That means the library was reduced 4x, to just over 400 lines. Library size is now just 4KB gzipped.
In order to achieve the goal, some features were moved to noble-curves, which is
even safer and faster drop-in replacement library with same API.
Switch to curves if you intend to keep using these features:
utils.precompute()
for non-base pointOther changes for upgrading from @noble/secp256k1 1.7 to 2.0:
getPublicKey
isCompressed
to false
: getPublicKey(priv, false)
sign
signAsync
for async versionSignature
instance with { r, s, recovery }
propertiescanonical
option was renamed to lowS
recovered
option has been removed because recovery bit is always returned nowder
option has been removed. There are 2 options:
fromCompact
, toCompactRawBytes
, toCompactHex
.verify
strict
option was renamed to lowS
getSharedSecret
isCompressed
to false
: getSharedSecret(a, b, false)
recoverPublicKey(msg, sig, rec)
was changed to sig.recoverPublicKey(msg)
number
type for private keys have been removed: use bigint
insteadPoint
(2d xy) has been changed to ProjectivePoint
(3d xyz)utils
were split into utils
(same api as in noble-curves) andetc
(hmacSha256Sync
and others)Pull request: https://github.com/paulmillr/noble-secp256k1/pull/92
Full Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.7.1...2.0.0
Published by paulmillr almost 2 years ago
JacobianPoint#fromAffine
bugfixP.subtract(P)
and JacobianPoint.ZERO.toAffine()
no longer throw errorsFull Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.7.0...1.7.1
Published by paulmillr about 2 years ago
The library now works with React Native 0.70. Remove all bigint **
pow operators to improve compact w bad parsers.
Point#hasEvenY()
sha256Sync
and hmacSha256Sync
redefinitions cannot be re-defined after the first timeutils._normalizePrivateKey()
privateAdd
, privateNegate
, pointAddScalar
, pointMultiply
. We consider their API not optimal. If you want to keep using them, copy-paste their definition from test
directory.Full Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.6.3...1.7.0
Published by paulmillr over 2 years ago
Allow 0000...
hash in recoverPublicKey
Published by paulmillr over 2 years ago
Fixes tests for 0000... hash in verify()
Published by paulmillr over 2 years ago
0000...
msgHash a valid behavior; due to consensus failuresFull Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.6.0...1.6.1
Published by paulmillr over 2 years ago
invert
, hexToBytes
, concatBytes
esModuleInterop
option from tsconfig.utils.hashToPrivateKey
algorithmFull Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.5.5...1.6.0
Published by paulmillr over 2 years ago
schnorr.verify
when infinity point result was not checked properlyschnorr.verify
now throws less errors, instead, it returns false
schnorr.sign
60% faster, schnorr.verify
90% fasterPublished by paulmillr over 2 years ago
recoverPublicKey
improvements:
isCompressed
optional argumentPublished by paulmillr over 2 years ago
utils.randomPrivateKey()
utils.hashToPrivateKey()
JacobianPoint#toAffine()
checkPublished by paulmillr over 2 years ago
utils.mod
utilityrecoverPublicKey
and Point.fromSignature
now reduce msgHash
modulo n.slice()
method of theirsPublished by paulmillr almost 3 years ago
sign()
are now reduced modulo n
to match RFC6979. Contributed by @kklash.
sign
can now receive {extraEntropy: true}
to auto-populate k
with random data. This is strongly recommended, see READMEPublished by paulmillr almost 3 years ago
canonical: true
by default. This mirrors libsecp256k1 behavior. If you'd like old (OpenSSL) behavior, use sign
with canonical: false
verify()
is now strict: true
by default. High-s signatures are rejected, which also mirrors libsecp behavior.string
(hex) return type from public methods. Uint8Array
is now always returnedextraEntropy
option to sign
. It allows to specify k'
as per RFC6979Signature#hasHighS()
and Signature#normalizeS()
methodsassertValidity
is now done in Signature
constructor, instead of a separate methodSignResult
deprecated class that cloned Signature
Full Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.3.4...1.4.0
Thanks to @hank121314 for contribution
Published by paulmillr almost 3 years ago
Published by paulmillr almost 3 years ago
Published by paulmillr almost 3 years ago
@types/dom
when using TypescriptFull Changelog: https://github.com/paulmillr/noble-secp256k1/compare/1.3.0...1.3.1
Published by paulmillr almost 3 years ago
@noble/secp256k1
(from noble-secp256k1
). Namespaces cannot be used by other people, so by using @noble
you can be sure it's authenticPublished by paulmillr about 3 years ago
Published by paulmillr about 3 years ago
fromDER
, toDER
, fromCompact
, toCompact
; discourage fromHex
, toHex
since it's ambigousder: false
option to sign()
to output compact sig