noble cryptography is a high-security, easily auditable set of contained cryptographic libraries with following features:

• Zero or minimal dependencies
• Highly readable TypeScript / JS code
• PGP-signed releases and transparent NPM builds

The idea was to: 1) improve knowledge of cryptography 2) improve supply chain security of JS ecosystem 3) provide libraries that could be used for learning, because other libs are too low-level / unfriendly to beginners.

Active projects:

• ciphers (github, npm): cryptographic ciphers, including Salsa20, ChaCha and AES.
• curves (github, npm): elliptic curve cryptography, including secp256k1, ed25519, ed448, NIST / Brainpool curves, bn254, bls12-381, schnorr, hash-to-curve, FROST, Poseidon
  • Smaller 5kb “single-curve” versions of library: secp256k1 (github, npm) and ed25519 (github, npm)
• hashes (github, npm): hash functions, MACs & KDFs, including SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt
• post-quantum (github, npm): PQ algorithms, including ML-KEM, ML-DSA, SLH-DSA, FN-DSA (aka Kyber, Dilithium, SPHINCS+ and Falcon) and hybrids
• awasm-noble (github, npm): ultra-fast WASM version of hashes & ciphers

The code is also available on gitlab, codeberg and jsr. The project can be funded using github. Current large sponsors include wevm & vault12.

History

At this point (2026), various parts of noble had 6 audits.

• Jun 2019: initial release of secp256k1, ed25519 and then bls12-381
• Apr 2020: the blog post about ecc went live
• 2021
  • Apr: secp256k1 has been #1 audited by Cure53, crowdfunded with help of Umbra.cash
  • Oct: hashes have been released, funded by Ethereum Foundation
  • Nov: received a grant from Optimism
• 2022
  • Jan: hashes have been #2 audited by Cure53, funded by Ethereum Foundation with help of Nomic Labs
  • Feb: ed25519 has been #3 audited by Cure53
  • Dec: curves have been released, consolidating three previous packages in one
• 2023
  • Feb: curves have been #4 audited by Trail of Bits, funded by Ryan Shea
  • Mar: secp256k1 and ed25519 have been rewritten and became 5KB single-feature versions of curves
  • Jun: ciphers have been released
  • Sep: curves have been #5 audited by Kudelski Security, funded by starknet
• 2024
  • Feb: post-quantum have been released
  • May: received a grant from Farcaster
  • Sep: ciphers (and curves) have been #6 audited by Cure53. The audit has been funded by OpenSats.
• 2025
  • Aug: released v2 of ciphers, curves, hashes; v3 of ed25519, secp256k1. Mostly security improvements; while curves were massively renewed.
• 2026
  • Apr: new hardened releases, with deep, LLM-assisted self-audit
    • The self-audit found more minor issues than all previous 3rd party audits combined
  • Apr: initial release of awasm-noble

scure

Noble’s non-cryptographic sister project. Audited micro-libraries:

• Jan 2022: base base64, bech32…, bip32 hdkey, bip39 mnemonics
• Feb 2023: btc-signer transactions, segwit, taproot, psbt, multisig
• Sep 2023: starknet stark curve, pedersen and poseidon hash
• Jun 2025: sr25519 polkadot cryptography: sr25519, Merlin, Strobe, HDKD, VRF
• Apr 2026: new hardened releases, with deep, LLM-assisted self-audit

Software which uses Noble

Feel free to add new entry on github.

• Apps: Protonmail, Tutanota, Polymarket, Reflect, privacy notes, Keycloak
• Wallets: Metamask, Rainbow, Rabby, Phantom, Kraken, Leather, Alby, CoinSpace
• Blockchain libraries:
  • Bitcoin: scure-btc-signer, tapscript
  • Ethereum: micro-eth-signer, ethers, viem, @ethereumjs, web3.js, gridplus-lattice-sdk, ethereum-cryptography
  • Solana: micro-sol-signer, solana-web3.js
  • XMR: moneroj, cs-monero
  • HDkey: scure-bip32, bitcoinjs/bip32
  • avalanchejs, near-api-js, polkadot.js, aztec, drand, celo, aptos-ts-sdk, capitalisk, trezor-suite
• Others:
  • micro-key-producer - SSH, PGP, TOR key generation with an alternative to gpg(1) CLI tool
  • micro-zk-proofs - Create & verify zero-knowledge SNARK proofs in parallel, using noble cryptography
  • noble-sodium - Libsodium-compatible API built on top of noble cryptography
  • ts-mls - RFC 9420 MLS implementation
  • typage - age file encryption
  • session-user-id for Session messenger
  • passkeypgp - deterministic encryption using WebAuthn passkeys
  • crypt.fyi - Open-Source Zero-Knowledge Secret Sharing
  • hashfs - secure offline browser storage
  • did-jwt, hpke-js, js-libp2p-noise
• All OSS projects:
  • Tracked using GitHub dependency graph
  • ciphers: 75K repos, 770 packages
  • curves: 415K repos, 2500 packages
  • hashes: 740K repos, 4822 packages
  • post-quantum: 333 repos, 562 packages
  • 5kb secp256k1: 350K repos, 900 packages
  • 5kb ed25519: 70K repos, 1200 packages

Learning

• Learning fast elliptic-curve cryptography
• EdDSA
  • A Deep dive into Ed25519 Signatures
  • Ed25519 Deep Dive Addendum
  • It’s 255:19AM. Do you know what your validation criteria are?
  • Taming the many EdDSAs - for SUF-CMA & Strongly Binding Signatures
  • Cofactor Explained: Clearing Elliptic Curves’ dirty little secret
  • Surrounded by Elligators
• Ciphers: Fast-key-erasure RNGs, Chacha20 design, Poly1305 design, How to create a new block cipher?
• PQ and lattices: PQC for non-cryptographers
• Pairings and BLS: BLS signatures for busy people, Estimating the bit security of pairing-friendly curves
• Multi-user / multi-key attacks: Break a dozen secret keys, get a million more for free, On “128-bit security”
• Videos: Why elliptic curve addition works, Learning with errors: unsolveable equations, Lattices, Shor’s algorithm

Demo

You can try out noble in the browser JS console of the webpage. There are 4 global variables: nobleCiphers, nobleCurves, nobleHashes, noblePostQuantum. The webpage also has two demo apps:

• App I: Elliptic curve calculator, calculate public keys and signatures
• App II: Add, subtract, multiply points on the chosen elliptic curve