2.1.0

This release comes one year after v2.0.0, following rare update schedule for easy auditability.

• verify: accept { zip215: false } option that forces FIPS verification behavior
• verify: throw less direct errors, return false instead
• Point.fromHex: accept second optional argument zip215: boolean
• Point#toAffine: convert ZERO points properly
• au8: improve Uint8Array check to work in extension context

New Contributors

• @quentinadam made their first contribution in #82
• @mahnunchik made their first contribution in #95
• @sangaman made their first contribution in #97
• @LeJamon made their first contribution in #99

Full Changelog: 2.0.0...2.1.0

2.0.0

v2 features improved security and smaller attack surface.
The goal of v2 is to provide minimum possible JS library which is safe and fast.

That means the library was reduced 4x, to just over 300 lines. Library size is now less than 4KB.
In order to achieve the goal, some features were moved to noble-curves,
which is even safer and faster drop-in replacement library with same API.
Switch to curves if you intend to keep using these features:

• x25519 / curve25519 / getSharedSecret
• ristretto255 / RistrettoPoint
• Using utils.precompute() for non-base point
• Support for environments which don't support bigint literals
• Common.js support
• Support for node.js 18 and older without shim

Other changes for upgrading from @noble/ed25519 1.7 to 2.0:

• Methods are now sync by default; use getPublicKeyAsync, signAsync, verifyAsync for async versions
• bigint is no longer allowed in getPublicKey, sign, verify. Reason: ed25519 is LE, can lead to bugs
• Point (2d xy) has been changed to ExtendedPoint (xyzt)
• Signature was removed: just use raw bytes or hex now
• utils were split into utils (same api as in noble-curves) and
  etc (sha512Sync and others)

Pull request: #76

Full Changelog: 1.7.3...2.0.0

1.7.3

Don't use bigint literals for bad engines

1.7.2

• Fix isTorsionFree bug
• Improve constant-timeness

Full Changelog: 1.7.1...1.7.2

1.7.1

The library now works with React Native 0.70. Remove all bigint ** pow operators to improve compact w bad parsers.

Full Changelog: 1.7.0...1.7.1

1.7.0

Add synchronous methods.

import { sha512 } from '@noble/hashes/sha512';
ed.utils.sha512Sync = (...m) => sha512(ed.utils.concatBytes(...m));
const { getPublicKey, sign, verify, getExtendedPublicKey } = ed.sync;
getPublicKey(privKey);

Full Changelog: 1.6.1...1.7.0

1.6.1

• Fix: skypack build by @Gozala in #66
• fix failures in test and CI by @Gozala in #65

Full Changelog: 1.6.0...1.6.1

1.6.0

First audited version of the library. Audit has been completed by cure53. Check out the audit pdf in repo.

• Made verify() compliant with ZIP215, removed possible malleability from its s check
• Added Point#isTorsionFree()
• Added RistrettoPoint class instead of methods in ExtendedPoint, which have been removed
• Improved ExtendedPoint equality check
• Added utils.hashToPrivateScalar, utils.invert
• Disallow invalid invZ values in ExtendedPoint#toAffine
• Update deno version of sha512 dependency
• 10-15% speedup

1.5.3

• The library is now compatible with ZIP215: verify() rules were changed slightly
• CURVE.l now represents curve order instead of CURVE.n

• docs: Fix sign in definition of CURVE.n by @dsernst in #49

Full Changelog: 1.5.2...1.5.3

1.5.2

• getSharedSecret() got fixed: it is now commutative
• Point#toX25519 now returns little-endian Uint8Array instead of bigint.

Full Changelog: 1.5.1...1.5.2