noble-ed25519

ed25519, an elliptic curve that could be used for assymetric encryption and EDDSA signature scheme.

This library belongs to noble crypto

noble-crypto — high-security, easily auditable set of contained cryptographic libraries and tools.

  • No dependencies, one small file
  • Easily auditable TypeScript/JS code
  • Uses es2019 bigint. Supported in Chrome, Firefox, node 10+
  • All releases are signed and trusted
  • Check out all libraries: secp256k1, ed25519, ripemd160

Usage

npm install noble-ed25519

import * as ed25519 from "noble-ed25519";

const PRIVATE_KEY = 0xa665a45920422f9d417e4867ef;
const HASH_MESSSAGE = new Uint8Array([99, 100, 101, 102, 103]);

(async () => {
  const publicKey = await ed25519.getPublicKey(PRIVATE_KEY);
  const signature = await ed25519.sign(HASH_MESSAGE, PRIVATE_KEY, publicKey);
  const isMessageSigned = await ed25519.verify(signature, HASH_MESSAGE, publicKey);
})();

API

function getPublicKey(privateKey: Uint8Array): Promise<Uint8Array>;
function getPublicKey(privateKey: string): Promise<string>;
function getPublicKey(privateKey: bigint): Promise<Point>;
  • privateKey: Uint8Array | string | bigint will be used to generate public key. Public key is generated by executing scalar multiplication of a base Point(x, y) by a fixed integer. The result is another Point(x, y) which we will by default encode to hex Uint8Array.
  • Returns:
    • Promise<Uint8Array> if Uint8Array was passed
    • Promise<string> if hex string was passed
    • Promise<Point(x, y)> instance if bigint was passed
    • Uses promises, because ed25519 uses sha internally; and we're using built-in browser window.crypto, which returns Promise.
function scalarmultBase(privateKey: Uint8Array): Uint8Array;
function scalarmultBase(privateKey: string): string;
function scalarmultBase(privateKey: bigint): Point;
  • privateKey: Uint8Array | string | bigint basically a number on which the lib will execute base point scalar multiplication.
  • Returns:
    • Uint8Array if Uint8Array was passed
    • string if hex string was passed
    • Point(x, y) instance if bigint was passed
function sign(hash: Uint8Array, privateKey: Uint8Array | bigint, k?: bigint): Promise<Uint8Array>;
function sign(hash: string, privateKey: string | bigint, k?: bigint): Promise<string>;
  • hash: Uint8Array - message hash which would be signed
  • privateKey: Uint8Array | bigint - private key which will sign the hash
  • publicKey: Uint8Array | Point - e.g. that was generated from privateKey by getPublicKey
  • Returns DER encoded EdDSA signature. You can consume it with SignResult.fromHex() method:
    • SignResult.fromHex(ed25519.sign(hash, privateKey, publicKey))
function verify(
  signature: Uint8Array | string | SignResult,
  hash: Uint8Array | string,
  publicKey: string | Point | Uint8Array
): Promise<boolean>
  • signature: Uint8Array - object returned by the sign function
  • hash: string | Uint8Array - message hash that needs to be verified
  • publicKey: string | Uint8Array | Point - e.g. that was generated from privateKey by getPublicKey
  • Returns Promise<boolean>: Promise<true> if signature == hash; otherwise Promise<false>

The library also exports helpers:

// 𝔽p
ed25519.P // 2 ^ 255 - 19

// Prime order
ed25519.PRIME_ORDER // 2 ^ 252 - 27742317777372353535851937790883648493

// Base point
ed25519.BASE_POINT // new ed25519.Point(x, y) where
// x = 15112221349535400772501151409588531511454012693041857206046113283949847762202n;
// y = 46316835694926478169428394003475163141307993866256225615783033603165251855960n;

// Elliptic curve point
ed25519.Point {
  constructor(x: bigint, y: bigint);
  toHex(): string;
}
secp256k1.SignResult {
  constructor(r: bigint, s: bigint);
  toHex(): string;
}