noble cryptography is a high-security, easily auditable set of contained cryptographic libraries with following features:

• Zero or minimal dependencies
• Highly readable TypeScript / JS code
• PGP-signed releases and transparent NPM builds

The idea was to: 1) improve knowledge of cryptography 2) improve supply chain security of JS ecosystem 3) provide libraries that could be used for learning, because other libs are too low-level / unfriendly to beginners.

Active projects:

• ciphers (github, npm): cryptographic ciphers, including Salsa20, ChaCha, AES and FF1.
• curves (github, npm): elliptic curve cryptography, including Weierstrass, Edwards, Montgomery curves, pairings, hash-to-curve, poseidon hash, schnorr, secp256k1, ed25519, ed448, p521, bn254, bls12-381 and others.
  • 5kb versions of curves with even better auditability and rarer update schedule: secp256k1 (github, npm) and ed25519 (github, npm)
• hashes (github, npm): hash functions, MACs & KDFs, including SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt
• post-quantum (github, npm): post-quantum public key algorithms: ML-KEM, ML-DSA, SLH-DSA aka Kyber, Dilithium and SPHINCS+

The code is also available on gitlab and codeberg

Audits

At this point (Jan 2025), various parts of noble had 6 audits. I’m looking for:

1. Auditors, with good knowledge of cryptography and/or JS
   • Paid: whenever there is enough funding
   • Unpaid: whoever is willing to donate their time for the public good
2. Funding, of paid auditors

Contact me if you want to help with the effort.

History

• Jun 2019: initial release of secp256k1, ed25519 and then bls12-381
• Apr 2020: the blog post about ecc went live
• 2021
  • Apr: secp256k1 has been #1 audited by Cure53, crowdfunded with help of Umbra.cash
  • Oct: hashes have been released, funded by Ethereum Foundation
  • Nov: received a grant from Optimism
• 2022
  • Jan: hashes have been #2 audited by Cure53, funded by Ethereum Foundation with help of Nomic Labs
  • Feb: ed25519 has been #3 audited by Cure53
  • Dec: curves have been released, consolidating three previous packages in one
• 2023
  • Feb: curves have been #4 audited by Trail of Bits, funded by Ryan Shea
  • Mar: secp256k1 and ed25519 have been rewritten and became 5KB single-feature versions of curves
  • Jun: ciphers have been released
  • Sep: curves have been #5 audited by Kudelski Security, funded by starknet
• 2024
  • Feb: post-quantum have been released
  • May: received a grant from Farcaster
  • Sep: ciphers (and curves) have been #6 audited by Cure53. The audit has been funded by OpenSats.
• 2025
  • Aug: released v2 of ciphers, curves, hashes; v3 of ed25519, secp256k1. Massive changes in curves, minimal security improvements everywhere else.

Currently active large sponsors include wevm & vault12. You can fund the project using github.

scure

Noble’s non-cryptographic sister project. Audited micro-libraries:

• Jan 2022: base base64, bech32…, bip32 hdkey, bip39 mnemonics
• Feb 2023: btc-signer transactions, segwit, taproot, psbt, multisig
• Sep 2023: starknet stark curve, pedersen and poseidon hash
• Jun 2025: sr25519 polkadot cryptography: sr25519, Merlin, Strobe, HDKD, VRF

Software which uses Noble

Feel free to add new entry on github.

• Apps: Protonmail, Tutanota, Polymarket, Reflect, Keycloak
• Wallets: Metamask, Rainbow, Rabby, Phantom, Kraken, Leather, Alby
• Blockchain libraries:
  • Bitcoin: scure-btc-signer, tapscript
  • Ethereum: ethereum-cryptography, micro-eth-signer, ethers, viem, @ethereumjs, web3.js, gridplus-lattice-sdk,
  • HDkey: scure-bip32, bitcoinjs/bip32
  • Trezor: trezor-suite
  • CoinSpace wallet was built purely with noble libraries: btc, evm, sol, eos, tron, xmr, ada
  • micro-sol-signer, solana-web3.js, avalanchejs, near-api-js, polkadot.js, moneroj, cs-monero, aztec, drand, celo, aptos-ts-sdk
• Messaging:
  • ts-mls - RFC 9420 MLS implementation
• Others:
  • noble-sodium - Libsodium-compatible API built on top of noble cryptography
  • did-jwt, hpke-js, js-libp2p-noise
  • age encryption in typescript
  • micro-key-producer SSH, PGP, TOR, BLS key generation and cli tool on top of it
  • session-user-id for Session messenger
  • crypt.fyi - Open-Source Zero-Knowledge Secret Sharing
  • hashfs - secure offline browser storage
  • secp256k1 compatibility layer for users who want to switch from secp256k1-node or tiny-secp256k1. Allows to see which methods map to corresponding noble code.
  • BLS signatures: BLS BBS signatures, KZG trusted setup ceremony, genthresh.com online demo of BLS aggregation
• Everything that uses noble, tracked using GitHub dependency graph:
  • ciphers: 50K repos, 240 packages
  • curves: 370K repos, 1000 packages
  • hashes: 650K repos, 1900 packages
  • post-quantum: 52 repos, 15 packages
  • 5kb secp256k1: 350K repos, 630 packages
  • 5kb ed25519: 66K repos, 450 packages

Resources, articles, documentation

• Learning fast elliptic-curve cryptography
• Elliptic curves videos: Why addition works
• EdDSA
  • A Deep dive into Ed25519 Signatures
  • Ed25519 Deep Dive Addendum
  • It’s 255:19AM. Do you know what your validation criteria are?
  • Taming the many EdDSAs that describes concepts of Strong UnForgeability under Chosen Message Attacks and Strongly Binding Signatures
  • Cofactor Explained: Clearing Elliptic Curves’ dirty little secret
  • Surrounded by Elligators
• Ciphers
  • Fast-key-erasure random-number generators
  • The design of Chacha20
  • The design of Poly1305
  • How to design a new block cipher?
  • NIST Workshop on Block Cipher Modes of Operation 2023 contains a lot of useful information
• PQ and lattices
  • PQC for non-cryptographers
  • PQC lectures
  • Videos: Learning with errors: unsolveable equations, Lattices, Shor’s algorithm
• Pairings and BLS
  • BLS signatures for busy people
  • BLS12-381 for the rest of us
  • Key concepts of pairings
  • Pairing over bls12-381: fields, curves, pairings
  • Estimating the bit security of pairing-friendly curves
• Multi-user / multi-key attacks
  • Break a dozen secret keys, get a million more for free
  • 128 Bits of Security and 128 Bits of Security: Know the Difference

Demo

You can try out noble in the browser JS console of the webpage. There are 3 global variables: nobleCiphers, nobleCurves, nobleHashes. The webpage also has two demo apps:

• App I: Elliptic curve calculator, calculate public keys and signatures
• App II: Add, subtract, multiply points on the chosen elliptic curve