noble cryptography is a high-security, easily auditable set of contained cryptographic libraries with following features:

  • Zero or minimal dependencies
  • Highly readable TypeScript / JS code
  • PGP-signed releases and transparent NPM builds

The idea was to: 1) improve knowledge of cryptography 2) improve supply chain security of JS ecosystem 3) provide libraries that could be used for learning, because other libs are too low-level / unfriendly to beginners.

Active projects:

  • ciphers (github, npm): cryptographic ciphers, including Salsa20, ChaCha, AES and FF1.
  • curves (github, npm): elliptic curve cryptography, including Weierstrass, Edwards, Montgomery curves, pairings, hash-to-curve, poseidon hash, schnorr, secp256k1, ed25519, ed448, p521, bn254, bls12-381 and others.
    • 5kb versions of curves with even better auditability and rarer update schedule: secp256k1 (github, npm) and ed25519 (github, npm)
  • hashes (github, npm): hash functions, MACs & KDFs, including SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt
  • post-quantum (github, npm): post-quantum public key algorithms: ML-KEM, ML-DSA, SLH-DSA aka Kyber, Dilithium and SPHINCS+

The code is also available on gitlab and codeberg

Audits

At this point (Jan 2025), various parts of noble had 6 audits. I’m looking for:

  1. Auditors, with good knowledge of cryptography and/or JS
    • Paid: whenever there is enough funding
    • Unpaid: whoever is willing to donate their time for the public good
  2. Funding, of paid auditors

Contact me if you want to help with the effort.

History

  • Jun 2019: initial release of secp256k1, ed25519 and then bls12-381
  • Apr 2020: the blog post about ecc went live
  • 2021
  • 2022
    • Jan: hashes have been #2 audited by Cure53, funded by Ethereum Foundation with help of Nomic Labs
    • Feb: ed25519 has been #3 audited by Cure53
    • Dec: curves have been released, consolidating three previous packages in one
  • 2023
    • Feb: curves have been #4 audited by Trail of Bits, funded by Ryan Shea
    • Mar: secp256k1 and ed25519 have been rewritten and became 5KB single-feature versions of curves
    • Jun: ciphers have been released
    • Sep: curves have been #5 audited by Kudelski Security, funded by starknet
  • 2024
    • Feb: post-quantum have been released
    • May: received a grant from Farcaster
    • Sep: ciphers (and curves) have been #6 audited by Cure53. The audit has been funded by OpenSats.
  • 2025
    • Aug: released v2 of ciphers, curves, hashes; v3 of ed25519, secp256k1. Massive changes in curves, minimal security improvements everywhere else.

Currently active large sponsors include wevm & vault12. You can fund the project using github.

scure

Noble’s non-cryptographic sister project. Audited micro-libraries:

  • Jan 2022: base base64, bech32…, bip32 hdkey, bip39 mnemonics
  • Feb 2023: btc-signer transactions, segwit, taproot, psbt, multisig
  • Sep 2023: starknet stark curve, pedersen and poseidon hash
  • Jun 2025: sr25519 polkadot cryptography: sr25519, Merlin, Strobe, HDKD, VRF

Software which uses Noble

Feel free to add new entry on github.

Resources, articles, documentation

Demo

You can try out noble in the browser JS console of the webpage. There are 3 global variables: nobleCiphers, nobleCurves, nobleHashes. The webpage also has two demo apps:

  • App I: Elliptic curve calculator, calculate public keys and signatures
  • App II: Add, subtract, multiply points on the chosen elliptic curve