Switch to noble-ed25519

[paulmillr]

I've created very fast implementation of ed25519 in js/typescript. I think it would be great to use it, because a user can then audit source code. With wasm he really can't.

https://github.com/paulmillr/noble-ed25519

[slowli]

Hi @paulmillr,

Thanks for info about your library! I don't quite understand how it relates to the website; could you clarify this, please?

• The website should not be used for signing / verification, or at least should not be trusted for these operations! I can clarify this on the website. (I didn't think much about this before, but now I understand that some note on this subject should probably be on the website.) IMO, any web-based solution for signature checking / verification will have pretty big security problems, e.g., regarding privacy of user-provided data. In any case, since the goal of the website is interactive education, I don't think provenance of the crypto library is a big concern.

• The website does not use Ed25519 signing / verification per se, but rather low-level operations on Curve25519 (e.g., the small-order subgroup). I've implemented these ops with WASM partially because it seemed like a in interesting project (more interesting than a pure JS implementation), and partially because the curve25519-dalek library provides all necessary primitives and can be compiled to WASM easily.

• Do I understand correctly that by auditing the code you mean looking at the code to check it "looks good" or corresponds to some reference? I don't think this is enough if the security is a primary concern (which it isn't for the website, see above). There are other kinds of attacks that need to be considered, e.g., side channels.

[paulmillr]

Hi @slowli. Your website serves as a demo for ed25519 bugs. I understand it should not be used for actual signatures.

I've implemented these ops with WASM partially because it seemed like a in interesting project

Indeed it is, thank you for that! The site is great and helps to understand eddsa is not perfect.

Do I understand correctly that by auditing the code you mean looking at the code to check it "looks good" or corresponds to some reference

Not really — as you've mentioned, "the goal of the website is interactive education". For education purposes, I think it would be great, if developers would be able to poke around with javascript code, set up debugger breakpoints here and there, log some outputs, try it out in their developer console. The library provides great developer experience, so that should help folks.

It's not a big deal — both wasm & js could be used for the website. Just though it would provide better educational value.

[slowli]

Thanks for explanation! I think adding a JS library to fiddle around does make sense, although I haven't yet figured out how it could be integrated with the current website pages. Maybe, dedicating a new page for this purpose would be an optimal solution..?

If you could provide a description how you see this feature implemented, it would be welcome. A PR would be twice as welcome, of course.

[paulmillr]

I think the wasm "functions" should be replaced with functions with noble-ed25519, that's it. No huge changes are needed.

BTW we'll be receiving audit ASAP.