noble cryptography is a high-security, easily auditable set of contained cryptographic libraries with following features:
- Zero or minimal dependencies
- Highly readable TypeScript / JS code
- PGP-signed releases and transparent NPM builds
The idea was to: 1) improve knowledge of cryptography 2) improve supply chain security of JS ecosystem 3) provide libraries that could be used for learning, because other libs are too low-level / unfriendly to beginners.
Active projects:
- ciphers (github, npm): cryptographic ciphers, including Salsa20, ChaCha, AES and FF1.
- curves (github, npm): elliptic curve cryptography, including Weierstrass, Edwards, Montgomery curves, pairings, hash-to-curve, poseidon hash, schnorr, secp256k1, ed25519, ed448, p521, bn254, bls12-381 and others.
- hashes (github, npm): hash functions, MACs & KDFs, including SHA, RIPEMD, BLAKE, HMAC, HKDF, PBKDF & Scrypt
- post-quantum (github, npm): post-quantum public key algorithms: ML-KEM, ML-DSA, SLH-DSA aka Kyber, Dilithium and SPHINCS+
The code is also available on gitlab and codeberg
Audits
At this point (Oct 2024), various parts of noble had 6 audits. I’m looking for:
- Auditors, with good knowledge of cryptography and/or JS
- Paid: whenever there is enough funding
- Unpaid: whoever is willing to donate their time for the public good
- Funding, of paid auditors
Contact me if you want to help with the effort.
History
- Jun 2019: initial release of secp256k1, ed25519 and then bls12-381
- Apr 2020: the blog post about ecc went live
- 2021
- Apr: secp256k1 has been #1 audited by Cure53, crowdfunded with help of Umbra.cash
- Oct: hashes have been released, funded by Ethereum Foundation
- Nov: received a grant from Optimism
- 2022
- Jan: hashes have been #2 audited by Cure53, funded by Ethereum Foundation with help of Nomic Labs
- Feb: ed25519 has been #3 audited by Cure53
- Dec: curves have been released, consolidating three previous packages in one
- 2023
- 2024
Currently active large sponsors include wevm & vault12. You can fund the project using github.
scure
Noble’s non-cryptographic sister project. Audited micro-libraries:
- Jan 2022: base base64, bech32…, bip32 hdkey, bip39 mnemonics
- Feb 2023: btc-signer transactions, segwit, taproot, psbt, multisig
- Sep 2023: starknet stark curve, pedersen and poseidon hash
Apps built with noble
Here is some software which uses Noble. You can add new entry on github.
- Apps: Protonmail, Tutanota, Polymarket, Reflect, Keycloak
- Wallets: Metamask, Rainbow, Rabby, Phantom, Kraken, Leather, Alby
- Blockchain libraries:
- Bitcoin: scure-btc-signer, tapscript
- Ethereum: ethereum-cryptography, micro-eth-signer, ethers, viem, @ethereumjs, web3.js, gridplus-lattice-sdk,
- HDkey: scure-bip32, bitcoinjs/bip32
- Trezor: trezor-suite
- CoinSpace wallet was built purely with noble libraries: btc, evm, sol, eos, tron, xmr, ada
- micro-sol-signer, solana-web3.js, avalanchejs, near-api-js, polkadot.js, moneroj, cs-monero, aztec, drand, celo, aptos-ts-sdk
- Others:
- did-jwt, hpke-js, js-libp2p-noise
- age encryption in typescript
- micro-key-producer SSH, PGP, TOR, BLS key generation and cli tool on top of it
- session-user-id for Session messenger
- secp256k1 compatibility layer for users who want to switch from secp256k1-node or tiny-secp256k1. Allows to see which methods map to corresponding noble code.
- BLS signatures: BLS BBS signatures, KZG trusted setup ceremony, genthresh.com online demo of BLS aggregation
- Everything that uses noble, tracked using GitHub dependency graph:
Resources, articles, documentation
- Learning fast elliptic-curve cryptography
- EdDSA
- A Deep dive into Ed25519 Signatures
- Ed25519 Deep Dive Addendum
- It’s 255:19AM. Do you know what your validation criteria are?
- Taming the many EdDSAs that describes concepts of Strong UnForgeability under Chosen Message Attacks and Strongly Binding Signatures
- Cofactor Explained: Clearing Elliptic Curves’ dirty little secret
- Surrounded by Elligators
- Pairings and BLS
- Ciphers
- Multi-user / multi-key attacks
Demo
You can try out noble in the browser JS console of the webpage. There are 3 global variables: nobleCiphers
, nobleCurves
, nobleHashes
. The webpage also has two demo apps:
- App I: Elliptic curve calculator, calculate public keys and signatures
- App II: Add, subtract, multiply points on the chosen elliptic curve