Pretty please could we have a typescript native version on jsr.io ?

For those of us in modern js environments, this would be grand.

jsr.io has supply chain provenance from github actions as well, but you might be able to skip the build step perhaps, and webhook straight from github, putting even less stuff in the way of purity.

Thank you for the @noble libraries 🙏

Still has a month or two of support left. Probably not worth fixing :)

When noble-hashes are used with React Native

warning: Attempted to import the module "/Users/danielsteigerwald/dev/evolu/node_modules/@noble/hashes/crypto.js" which is not listed in the "exports" of "/Users/danielsteigerwald/dev/evolu/node_modules/@noble/hashes". Falling back to file-based resolution. Consider updating the call site or asking the package maintainer(s) to expose this API.

• Remove cryptoNode import! Requires to ditch support for nodejs v18 (EOL 30 Apr 2025)
• Remove import maps. Change @noble/hashes/sha3 to @noble/hashes/sha3.js
  • Import maps are not browser-friendly etc
  • Before doing this, actually test in real browser
• Test in different environments:
  • bundler-less browser
  • deno
  • bun
• See how package can fit for JSR.io
• Rename / refactor
  • crypto / cryptoNode => webcrypto (to match noble-ciphers)
  • sha256, sha512 => sha2? not sure yet
  • blake2b, blake2s, blake3 => blake?
  • ripemd160 => ripemd?
  • sha1 => legacy? and add md5??

Maybe also:

• Make package ESM-only
• Re-audit (need $ funds)

See:
https://github.com/interledger/web-monetization-projects/blob/43ebe3fbd4907d9b8e613ea116c7858c5f589dd4/packages/niq-privacypass-noble/src/crypto/context.ts#L62-L71
TypeScript seems to complain

I'm trying to use a library which depends on @paralleldrive/cuid2 which on itself depends on @noble/hashes. When I try to launch my Nuxt.js app on Node 16.19.1 with the new imported library I get this error:

I'm using the latest version for each library, but I've also tried to install version 1.1.5 for @noble/hashes (the earlies the dependency graph allows) but I still get the same error.
Any idea?

When using jsdom environment the tests sometimes fail with Uint8Array is not defined etc.

You can workaround this by setting a testEnvironment in your jest.config.js:

...
testEnvironment: `${__dirname}/commands/jest/customizedTestEnvironment.js`,
...

Impl a custom environment:

const { TestEnvironment } = require('jest-environment-jsdom')

/**
 * Jest creates a new VM context for each test and doesn't add in all 
 * the node globals. 
 * We rectify this here.
 */
class CustomizedTestEnvironment extends TestEnvironment {
  constructor(config, context) {
    super(config, context)
  }

  async setup() {
    await super.setup()

    // These seem to be needed for @noble/hashes
    this.global.TextEncoder = globalThis.TextEncoder
    this.global.Uint8Array = globalThis.Uint8Array
  }
}

module.exports = CustomizedTestEnvironment

It would be nice if didn't need to do this. May need to patch the jsdom environment?

In any case leaving this here in case it helps others.

Heyho! I came across an issue about the Uint8Array checks that are used in this library. TL;DR: instanceof Uint8Array is unrelyable in many cases.

There is a longer writeup about the problem in https://medium.com/@simonwarta/limitations-of-the-instanceof-operator-f4bcdbe7a400. A simple way to reproduce the problem is:

$ node -e 'require("repl").start().context.a = new Uint8Array([1, 2, 2, 1]);'
> a
Uint8Array(4) [ 1, 2, 2, 1 ]
> a instanceof Uint8Array
false

A more reliable way to check for Uint8Array can be found here: https://github.com/cosmos/cosmjs/blob/79396bfaa49831127ccbbbfdbb1185df14230c63/packages/utils/src/typechecks.ts#L14-L32. Wether Buffer is an Uint8Array is a bit controvesial as you can see in the code there. I think for our use case and for the sake of simplicity, Buffer should be considered an Uint8Array, right?

I'm happy to provide a PR to get this fixed.

https://datatracker.ietf.org/doc/draft-irtf-cfrg-kangarootwelve/

Turboshake is Sponge with KECCAK-p[12 rounds] [Bertoni et al., ePrint 2023/342]

Use case: encryption scheme https://csrc.nist.gov/csrc/media/Presentations/2023/shake-modes-of-operation/images-media/sess-3-daemen-bcm-workshop-2023.pdf

I'd like to be able to use RIPEMD160 from a CDN like unpkg or cdnjs or GitHub Pages.

Would you be open to publishing a ./dist folder as part of an npm prepublish step, or something like that so that it's easier to test this out in a browser?

I see that GitHub Releases has the full bundle, but it's HUGE if all you need is one algo.

... you are not going to like this one, bear with me :)

Ok, I started pulling this in. Basically in my case I still need to support some ancient environments as well, which is not that much of an issue, basically on my hashing wrappers I do the following -

import { blake2b as blake2bJs } from '@noble/hashes/lib/blake2b';

// wasm
import { blake2b as blake2bWasm } from '@polkadot/wasm-crypto'; 

export function blake2 (u8a: Uint8Array): Uint8Array {
  return typeof BigInt !== 'undefined'
    ? blake2bJs(u8a)
    : blake2bWasm(u8a);
}

So effectively there is some fallback in there. (The above is typed from memory as illustration, but shows the point. Normally when wasm is initialized, it actually is the preferred route in my case. The same applies to eg fallback to blake2-js when BigInt is not available)

Anyway, all good. Now however the issue is the following - on some older environments, such as for instance React Native, it even throws up when trying to parse the modules, e.g. this is problematic (although not used at runtime) https://github.com/paulmillr/noble-hashes/blob/main/src/_u64.ts#L1

I did a quick search for the 32n e.g. /\dn/ and there are actually not that many. So for instance, we could get around it with the following ...

// _64.ts 
// suggested adjustments as an example, some files will need adjusting 
// yes, it is, well ... horrid :(
export const _BigInt: (value: string | number | bigint | boolean) => bigint =
  typeof BigInt !== 'undefined'
    ? BigInt
    : () => undefined as unknown as bigint;

const U32_MASK64 = _BigInt(2 ** 32 - 1);

const _32n = _BigInt(32);

export function fromBig(n: bigint, le = false) {
  if (le) return { h: Number(n & U32_MASK64), l: Number((n >> _32n) & U32_MASK64) };
  return { h: Number((n >> _32n) & U32_MASK64) | 0, l: Number(n & U32_MASK64) | 0 };
}

The above is problematic, obviously since it will give undefined results in non-BigInt environments. In BigInt environments there is no extra overhead, well, maybe slightly at library load. However for non-BigInt-envs inside functions it does use BigInt which would throw up at runtime.

At this point the TL;DR is -

1. I'm making sure that at runtime, the BigInt libs are not used (if not available)
2. I still have support issue where library users now complain that it doesn't compile in their environments

So my options are -

1. Having to debug all user environments to figure out why
2. Documenting all of it
3. Making a PR here with "some" hacks like above

None of the options are fun atm :) Other suggestions welcome.

Big-endian hardware is currently explicitly unsupported:

As an indirect consumer of this package (via noble-curves), it would be great not have to worry whether consumers of my code want to run on big-endian hardware.

I love noble packages' api for their simplicity. But while I am using sha256 and pbkdf2, I notice that the source is self-implemented, not using webcrypto primitives.

Right now (May 2024), webcrypto api is adopted everywhere, especially both in browser and nodejs. Would you like to build the api based on webcrypto primitives? I am concerning the speed, and obviously using native webcrypto should be much faster than a pure js implementation.

Thanks!

It would be nice to have a modern and dependency-free version of the md5 hash.

It is still required for non-cryptographic services such as Gravatar.

I am working on getting nostr-tools on JSR: https://jsr.io/@nostr/tools

Cross-referencing this: jsr-io/jsr#305

Unsure if this is intended - feels like a bug. When using blake3 in keyed hash mode, the key uint8array is blanked out. Eg:

const key = new Uint8Array([1,2,3,4,5,6,7,8,9... etc])
const hash = blake3(input, { key })
console.log(key) // => Uint8Array(32) [0,0,0,0,0,0,0,0,0... etc]

I currently work round this by copying the key each time I use it:

const hash = blake3(input, { key: new Uint8Array(key) })

I'm still a newbie in the JS ecosystem so please forgive me if I'm doing something dumb, but when I try to install the package I get an error:

$ npm i @noble-hashes
npm ERR! code EINVALIDTAGNAME
npm ERR! Invalid tag name "@noble-hashes" of package "@noble-hashes": Tags may not have any characters that encodeURIComponent encodes.

A different error with yarn

error Error: https://registry.yarnpkg.com/@noble-hashes: Request "https://registry.yarnpkg.com/@noble-hashes" returned a 405

src files have imports such as import {sha2} from './sha2.js'. JS files can't be imported in Deno. TS files can't be imported in node/browser.

Another thing is crypto import in crypto.ts. Should be replaced with node:crypto - but that's easy.

Hi Paul,
I am just testing out the Noble libraries to analyze for an eventual breaking release integration (through ethereum-cryptography).

On the hash function (keccak) I am seeing some serious performance degradation, which would be significant for us e.g. for the Trie + VM use case.

So here are some numbers I get:

The old keccak package using the Node bindings:

import { keccak224, keccak384, keccak256 as k256, keccak512 } from 'ethereum-cryptography/keccak'
console.time('p'); for (let i=1; i <= 100000; i++) { k256(Buffer.from([1,2,3])) }; console.timeEnd('p');
// p: 274.337ms

The old keccak packages using native JS (by manually switching to it in the index.js file):

console.log('k2')
module.exports = require('./js')

import { keccak224, keccak384, keccak256 as k256, keccak512 } from 'ethereum-cryptography/keccak'
console.time('p'); for (let i=1; i <= 100000; i++) { k256(Buffer.from([1,2,3])) }; console.timeEnd('p');
// p: 199.906ms

(astonishingly even faster, Apple MacBook Air M1)

The noble/hashes library:

import * as sha3_ from "@noble/hashes/sha3"
console.time('p'); for (let i=1; i <= 100000; i++) { sha3_.keccak_256(Uint8Array.from([1, 2, 3])) }; console.timeEnd('p');
// p: 568.131ms

So this would be roughly a 2x decrease and which would make it a hard decision for us to do a switch here, weighting the obvious benefits against this, since performance is also an extremely important factor for us, since we are a lot of hashing operations in the Trie library.

Am I doing everything correct here on the measuring side? I've also seen this README entry on performance, but can't easily put this into context and compare this with the existing library we are using right now.

Thanks a lot for the great work done here! 🙂

running the tests failed
this is my output of the tests on a Mac MacOSs 10.15.7

..............
☆ should Scrypt types:
✓ should Scrypt types

☆ should HKDF types:
✓ should HKDF types

☆ should hkdf(sha256) generator:
☓ should hkdf(sha256) generator
(node:19204) UnhandledPromiseRejectionWarning: TypeError: crypto.hkdfSync is not a function
at /Users/pepsi/Downloads/noble-hashes-1.1.1/test/generator.js:73:16
at run (/Users/pepsi/Downloads/noble-hashes-1.1.1/node_modules/micro-should/index.js:14:24)
at /Users/pepsi/Downloads/noble-hashes-1.1.1/node_modules/micro-should/index.js:81:13
at processTicksAndRejections (internal/process/task_queues.js:95:5)
(Use node --trace-warnings ... to show where the warning was created)
(node:19204) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 542)
(node:19204) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
pepsis-iMac:noble-hashes-1.1.1 pepsi$

For example, I am trying to use the blake2b hash in Deno by importing the following:

import { blake2b } from 'https://deno.land/x/[email protected]/blake2b.ts';

But I am getting the following issue:

error: Module not found "https://deno.land/x/[email protected]/_blake2.js".
    at https://deno.land/x/[email protected]/blake2b.ts:1:42

Changing the import statements on the first lines of blake2b.ts to use the ".ts" extension instead of ".js" would solve the issue.

import { bytesToHex as toHex, randomBytes } from '@noble/hashes/scrypt';

should be..

import { bytesToHex as toHex, randomBytes } from '@noble/hashes/utils';

It would be helpful to have equalsBytes and compareBytes methods in utils in addition to concatBytes.

This will make it easy to migrate from buffer methods:

• buf.equals(otherBuffer)
• Buffer.compare(buf1, buf2)

When using

import { k12 } from '@noble/hashes/sha3-addons'

I ended up with the Module not found error. As a quick fix, I needed to change the file sha3-addons.js and add the .js file extension to the require statement. I'm writing this issue because I'm uncertain if this type of require without the extension is intentional or not.

Hey Paul, love what you're doing here. I was hoping to switch from sha3 to this in-order to save on bundle size.

Unfortunately the keccak_256 import from noble appears to be 2x the size of the sha3 import from the sha3 library. Before I go into the code to investigate, do you know why this might be?

import { keccak_256 } from '@noble/hashes/sha3';

versus

import { Keccak } from 'sha3';

After updating the @noble/hashes from 1.3.2 to 1.3.3 in our project, we had a problem with the fact that after the build, the product was detected as a virus (only on Windows systems). Rollback to 1.3.2 fixed this issue

When trying to use some of these hashing functions in the context of a serverless environment, such as vercel or cloudfare, this function

fails to accept this object {c:2048,dkLen:64} as a plain object.

I have followed it down to this line:

obj.constructor === Object never being true. I'd suggest something like this instead:

obj.constructor.name === 'Object'

Hi,

I came here following this guide https://lucia-auth.com/tutorials/username-and-password/astro .

How would one go about using this library for storing and comparing passwords?

Thanks

import { Keccak, shake256 } from '@noble/hashes/sha3'

import { PrngFn } from './types'

export function shakePrng(seed: Uint8Array): PrngFn {
  const prng = shake256.create({}) as Keccak
  prng.update(seed)
  return prng.xof.bind(prng)
}

Also a bit strange requiring empty object for the options

I got this error inside @noble/hashes. Got to know the same error message but for the exponential operator but I do not think it has anything relevant to mine.

Really appreciate any advice.

Description
I have a Gatsby/yarn v3 app and it doesn't build the latest bip32 and bip39 libraries.
The issue is with v1.3.0 of noble-hashes that they both depend on, more specifically with the ESM syntax import * as nc from 'node:crypto'.

Solution
The solution for me currently is

"resolutions": {
   "@noble/hashes": "1.2.0",
}

Upon forking the repo, I noticed there is no package-lock.json.

All recent versions of npm generate this file and it's imperative for deterministic installs. A security recommendation for all JS projects is to include a package-lock.json [source. ]

Heyho! Thank you for this initiative! It's amazing to see hashing implementations without Buffer dependencies.

I'd love to get this into CosmJS to replace first ripemd160 and maybe sha.js and js-sha3. When I tried doing this, I got the following compile error:

./../.yarn/cache/@noble-hashes-npm-0.4.1-4637b511e4-7d06789f41.zip/node_modules/@noble/hashes/lib/utils.d.ts:49:11 - error TS2304: Cannot find name 'Crypto'.

49     web?: Crypto;
             ~~~~~~


Found 1 error.

Seems like my tsconfig does not have the DOM lib. Is this enabled by default in your tsconfig?

Would it be possible to avoid the dependency on those types or pull them in explicitly?

I've spotted this after benchmarks were transitioned from common.js to ESM in 88c1aa3. Check out main branch.

• git clone [email protected]:paulmillr/noble-hashes.git && cd noble-hashes && npm install && npm run build && npm run bench:install
• Comment-out lines 14-28 in benchmark/hashes.js, run again. sha3 would become 25% faster

We need to investigate:

1. Why sha3 is 25% slower when other modules are imported
2. Why sha2 is NOT slower when other modules are imported. What's special about sha3?
3. Why everything was fine with common.js, but is slow with ESM?
4. Bonus issue: re-exporting isBytes slows-down performance considerably. See branch https://github.com/paulmillr/noble-hashes/tree/import-perf. Probably related.

To investigate this, v8/node.js profiling, memory dumps, etc may help.

I've been playing around with using some of the noble libs in web extensions, specifically in the background context which is similar to service workers, and this line causes issues:

When I console.log the iHash this is what we get:

{
    "blockLen": 64,
    "outputLen": 32,
    "padOffset": 8,
    "isLE": false,
    "finished": true,
    "length": 128,
    "pos": 0,
    "destroyed": false,
    "buffer": {
       // removed for brevity
    },
    "view": {},
    "A": 0,
    "B": 0,
    "C": 0,
    "D": 0,
    "E": 0,
    "F": 0,
    "G": 0,
    "H": 0
}

When I patch-package the hmac file and remove the conditional check, it works as expected.

Curious what we could do to make it work in this context? webcrypto should be fully supported

Pardon me for opening an issue for a simple question (may be worth it to enable discussions on this repo?)

Is this implementation of SHA3/ Keccak faster than @ethersproject/keccak256?

Side note: I might do the comparison later myself, but feel free to beat me to it if you know the answer already:)

For things like ripple library where they are using createHash one needs to create little wrappers to replace existing functions, ala:

const HASH_BYTES = 32

const sha512Half = (() => {
  const isBrowser = typeof window !== 'undefined'

  if (isBrowser) {
    const { sha512 } = require('@noble/hashes/sha512')
    const { bytesToHex, hexToBytes } = require('@noble/hashes/utils')

    return function sha512Half(hex: string): string {
      const digestHalf = sha512(hexToBytes(hex)).slice(0, HASH_BYTES)
      return bytesToHex(digestHalf).toUpperCase()
    }
  } else {
    const crypto = require('crypto')

    return function sha512Half(hex: string): string {
      const hash = crypto.createHash('sha512')
      hash.update(Buffer.from(hex, 'hex'))
      const digestHalf = hash.digest().slice(0, HASH_BYTES)
      return digestHalf.toString('hex').toUpperCase()
    }
  }
})()

to replace:

const HASH_SIZE = 64

function sha512Half(hex: string): string {
  return createHash('sha512')
    .update(Buffer.from(hex, 'hex'))
    .digest('hex')
    .toUpperCase()
    .slice(0, HASH_SIZE)
}

This is annoying, and less than ideal because you have to mess with your webpack resolve.alias rather than rely upon a browser field in package.json.

I think a simple wrapper like this would go along way:

type CreateHashFn = (algo: 'sha512' | 'sha256' | ... ) => {
  update(buffer: Uint8Array): void
  digest(): Uint8Array
}

Are you interested in doing something like this under @noble/ ?

I am running the latest version of Node (v17.2.0) on Intel Mac OS X.

I have an ES Node.js package (with the "type":"module" flag), which is equivalent to having the code in an .mjs file.

Up until version 0.4.1, I used to do the following to use this package :

import { keccak_256 } from '@noble/hashes/lib/sha3';
console.log(keccak_256(new Uint8Array([1, 2, 3])));

With version 0.4.2, I am now getting the following error :

import { keccak_256 } from '@noble/hashes/lib/sha3';
         ^^^^^^^^^^
SyntaxError: Named export 'keccak_256' not found. The requested module '@noble/hashes/lib/sha3' is a CommonJS module, which may not support all module.exports as named exports.
CommonJS modules can always be imported via the default export, for example using:

import pkg from '@noble/hashes/lib/sha3';
const { keccak_256 } = pkg;

    at ModuleJob._instantiate (node:internal/modules/esm/module_job:127:21)
    at async ModuleJob.run (node:internal/modules/esm/module_job:191:5)
    at async Promise.all (index 0)
    at async ESMLoader.import (node:internal/modules/esm/loader:331:24)
    at async loadESM (node:internal/process/esm_loader:88:5)
    at async handleMainPromise (node:internal/modules/run_main:65:12)

Node.js v17.2.0

I tried the suggestion :

import pkg from '@noble/hashes/lib/sha3';
const { keccak_256 } = pkg;
console.log(keccak_256(new Uint8Array([1, 2, 3])));

But am getting the following error :

(node:17801) Warning: To load an ES module, set "type": "module" in the package.json or use the .mjs extension.
(Use `node --trace-warnings ...` to show where the warning was created)
/Users/[redacted]/node_modules/@noble/hashes/lib/esm/sha3.js:1
import * as u64 from './_u64';
^^^^^^

SyntaxError: Cannot use import statement outside a module
    at Object.compileFunction (node:vm:352:18)
    at wrapSafe (node:internal/modules/cjs/loader:1026:15)
    at Module._compile (node:internal/modules/cjs/loader:1061:27)
    at Object.Module._extensions..js (node:internal/modules/cjs/loader:1149:10)
    at Module.load (node:internal/modules/cjs/loader:975:32)
    at Function.Module._load (node:internal/modules/cjs/loader:822:12)
    at ModuleWrap.<anonymous> (node:internal/modules/esm/translators:190:29)
    at ModuleJob.run (node:internal/modules/esm/module_job:195:25)
    at async Promise.all (index 0)
    at async ESMLoader.import (node:internal/modules/esm/loader:331:24)

Node.js v17.2.0

Changing my file extension to .cjs and using the old require() syntax works, but that somewhat defeats the purpose of trying to move to the new ES Module syntax.

This works (when running from .cjs file) :

const { keccak_256 } = require('@noble/hashes/lib/sha3');
console.log(keccak_256(new Uint8Array([1, 2, 3])));

Is there any possibilty to make this module work from an .mjs Node.js file ?

'./_assert' is not exposed in the package.json exports fields. This is causing js-ethereum-cryptography, which calls it here to fail on install in my docker. I'm guessing its just a matter of adding it back to the export field/reverting something, as js-ethereum-cryptography and noble-hashes were working properly until I reinstalled today.

{
    "kdfparams": {
      "dklen": 32,
      "n": 262144,
      "p": 8,
      "r": 1,
      "salt": "ab0c7876052600dd703518d6fc3fe8984592145b591fc8fb5c6d43190334ba19"
    }
}

Test vector from the Ethereum developer community

the cost 262144 here is over 65535(2 ** (blockSize / 8)

First off, this is impressive - I have early branches switching to this polkadot-js/common#1188 (also planning on doing secp256k1 & ed25519 - the first also has a PR, the second haven't gotten around to). Anyway, in that bracnch a couple of operations actually beat out Rust WASM. So certainly impressive.

One of the reasons for switching to the @noble family (provided I can get the BigInt story right, have a number of React Native users) is the drops in dependencies, size and speed. Finally a library that follows recent ES standards without resorting to Buffer everywhere.

One of my hashing requests would be for xxhash, I'm currently using https://www.npmjs.com/package/xxhashjs and overall quite happy, but once again pulls in yet-another-big-numbers library. I'm guessing this is quite niche for the target audience, however xxhash is used extensively in the Polkadot/Substrate ecosystem in the runtime, so it would certainly be a welcome addition from this side of the fence.

This is great! Love your work @paulmillr!

I maintain the stacks library micro-stacks, and will likely use noble-hashes for all the hashing needs. We use sha512_256 for a few things, would it be possible for you to add this variant to noble-hashes?

🙏

From some code I was working on recently

import { sha512, SHA512 } from '@noble/hashes/sha512'
import { Hash } from '@noble/hashes/utils'

export default class Sha512 {
  hash: Hash<SHA512>

In this case could simply do hash = sha512.create() but
Maybe it's fine, but it seems a bit involved?

Thoughts?

Great project!

It would be nice to have Argon2id functionality similar to https://github.com/cjlarose/argon2-ffi because it's the OWASP recommended hashing algorithm for password storage.

WDYT?