12573
Paul Miller
@paulm #12573
Security, austrian school. Developing noble cryptography: audited js libraries for web3. https://paulmillr.com/noble
38132 Follower 30 Following
Kinda sad there are people working on eth who think Tornado should be shut down due to crime. Even though most of its usage is legitimate privacy, which cannot be reliably achieved in other methods.
Anti privacy ethos all the way.
Anti privacy ethos all the way.
New release of JS eth-signer is out. A lot of new features have been added:
- EIP-7702 AA transactions
- EIP-4844 KZG implementation in pure JS
- EIP-712 / EIP-191 message signing
- EIP-7495 SSZ stable container
https://github.com/paulmillr/micro-eth-signer
- EIP-7702 AA transactions
- EIP-4844 KZG implementation in pure JS
- EIP-712 / EIP-191 message signing
- EIP-7495 SSZ stable container
https://github.com/paulmillr/micro-eth-signer
Just released post-quantum v0.2.0, implementing final FIPS 203 / 204 / 205 specs. You can now use PQ cryptography in JS apps today!
https://github.com/paulmillr/noble-post-quantum
https://github.com/paulmillr/noble-post-quantum
This is one of the best cryptography libraries:
- ~High level language (nim)
- Tons of useful docs and comments. Check out repository issues!
- All kinds of algorithms. ECC, pairings, r1cs, you name it
- Solid for educating newcomers
Great job @mratsim
- ~High level language (nim)
- Tons of useful docs and comments. Check out repository issues!
- All kinds of algorithms. ECC, pairings, r1cs, you name it
- Solid for educating newcomers
Great job @mratsim
Releasing new package: micro-rsa-dsa-dh
Minimal implementation of older cryptography algorithms. Elliptic curves have gained adoption these days, however, classical algos are still needed sometimes.
As usual, the code is simple and good for education.
https://github.com/paulmillr/micro-rsa-dsa-dh
Minimal implementation of older cryptography algorithms. Elliptic curves have gained adoption these days, however, classical algos are still needed sometimes.
As usual, the code is simple and good for education.
https://github.com/paulmillr/micro-rsa-dsa-dh
The new ETH client by @gakonst and @paradigm is live.
All historical transactions (aka “archive node”) fit in just 2.3TB. Full node is 1.2TB. Syncing from genesis takes 50 hours. Can be ran on a cheap pc: no need to pay for 3rd party RPC which tracks users.
https://www.paradigm.xyz/2024/06/reth-prod
All historical transactions (aka “archive node”) fit in just 2.3TB. Full node is 1.2TB. Syncing from genesis takes 50 hours. Can be ran on a cheap pc: no need to pay for 3rd party RPC which tracks users.
https://www.paradigm.xyz/2024/06/reth-prod
Human Rights Foundation (hrf.org) awarded us some money for nip44 encrypted chat spec.
Looks like we’ll be having an audit of noble-ciphers and remaining parts of curves later in the summer!
Looks like we’ll be having an audit of noble-ciphers and remaining parts of curves later in the summer!
micro-eth-signer 0.9 is out.
No more block explorers: the release adds ability to fetch full account history and token balances using an archive node, such as @erigon
It also implements SSZ in just 900 lines: nearest library is 8x larger.
https://github.com/paulmillr/micro-eth-signer
No more block explorers: the release adds ability to fetch full account history and token balances using an archive node, such as @erigon
It also implements SSZ in just 900 lines: nearest library is 8x larger.
https://github.com/paulmillr/micro-eth-signer
Grateful for the grant from Farcaster.
Going to spend the funding on new security audits of open-source software.
Going to spend the funding on new security audits of open-source software.
Announcing noble-post-quantum: minimal JS implementation of ML-KEM, ML-DSA and SLH-DSA.
Also known as Kyber, Dilithium & SPHINCS+. Only 2000 lines of code - great learning resource for anyone who’s messing with PQ stuff. Check out README for comparison.
https://github.com/paulmillr/noble-post-quantum
Also known as Kyber, Dilithium & SPHINCS+. Only 2000 lines of code - great learning resource for anyone who’s messing with PQ stuff. Check out README for comparison.
https://github.com/paulmillr/noble-post-quantum
micro-eth-signer 0.8 with support for dencun EIP4844 “blob-carrying” transactions is out.
- Alternative to ethers and viem when you only need basics
- New 100-line RLP parser
- Very friendly debugging experience
- Tested against 150MB of vectors
https://github.com/paulmillr/micro-eth-signer
- Alternative to ethers and viem when you only need basics
- New 100-line RLP parser
- Very friendly debugging experience
- Tested against 150MB of vectors
https://github.com/paulmillr/micro-eth-signer
New uniswap drama: the lawyers sent takedown notices to legitimate forks that removed censorship.
If you are looking to embed uni functionality into your app, glance over micro-eth-signer (https://github.com/paulmillr/micro-eth-signer) .It allows to call Uni contract directly, without censorship, in 10 lines of code.
If you are looking to embed uni functionality into your app, glance over micro-eth-signer (https://github.com/paulmillr/micro-eth-signer) .It allows to call Uni contract directly, without censorship, in 10 lines of code.
Ethereum ABI parsers are vulnerable to DoS.
It’s also possible to inject information in transactions, hidden from parsers. This allows tracking users across different wallets and even stealing private data.
Details in a new article. https://github.com/paulmillr/micro-eth-signer/discussions/20
It’s also possible to inject information in transactions, hidden from parsers. This allows tracking users across different wallets and even stealing private data.
Details in a new article. https://github.com/paulmillr/micro-eth-signer/discussions/20
Last month, we've collaborated with Starknet and released a new addition to
"scure" family of audited libraries. The audit was done by Kudelski security.
The package includes stark curve and poseidon / pedersen hashes. Check it out:
https://github.com/paulmillr/scure-starknet
"scure" family of audited libraries. The audit was done by Kudelski security.
The package includes stark curve and poseidon / pedersen hashes. Check it out:
https://github.com/paulmillr/scure-starknet
Someone published NPM fork of noble-curves (and ethereum-cryptography) that sent private keys to a server in China. Be careful and check for typos
https://blog.phylum.io/typosquat-of-popular-ethereum-package-steals-private-keys/
https://blog.phylum.io/typosquat-of-popular-ethereum-package-steals-private-keys/
MLS is a new open protocol for e2e encrypted group messaging. Think of it as Signal ratchet v2023, or OTR.
Did you know Signal group chats are basically a bunch of 1-to-1 messages? Not very efficient. The new protocol has just received the RFC number and will improve on that.
https://blog.phnx.im/rfc-9420-mls/
Did you know Signal group chats are basically a bunch of 1-to-1 messages? Not very efficient. The new protocol has just received the RFC number and will improve on that.
https://blog.phnx.im/rfc-9420-mls/
Announcing noble-ciphers: tiny 0-dependency cryptographic library, implementing
Salsa20, ChaCha, Poly1305, AES-SIV and others.
Bonus: a reasonable wrapper around native WebCrypto's AES.
Check out its README for some insights: https://github.com/paulmillr/noble-ciphers
Salsa20, ChaCha, Poly1305, AES-SIV and others.
Bonus: a reasonable wrapper around native WebCrypto's AES.
Check out its README for some insights: https://github.com/paulmillr/noble-ciphers
What’s happening?