Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@hazae41/berith
Advanced tools
Readme
WebAssembly port of Ed25519 signatures and X25519 key exchange
npm i @hazae41/berith
Node Package 📦 • Deno Module 🦖 • Next.js CodeSandbox 🪣
git clone https://github.com/hazae41/berith && cd berith && npm i && npm run bench:deno
cpu: Apple M1 Max
runtime: deno 1.30.3 (aarch64-apple-darwin)
file:///src/deno/bench/mod.bench.ts
benchmark time (avg) (min … max) p75 p99 p995
---------------------------------------------------------------------- -----------------------------
@hazae41/berith (unserialized) 325.78 µs/iter (316.04 µs … 491.04 µs) 326.21 µs 348.62 µs 364.54 µs
@hazae41/berith (serialized) 368.3 µs/iter (359.12 µs … 537.71 µs) 368.79 µs 399.92 µs 406.54 µs
@noble/curves 0.7.0 1.9 ms/iter (1.73 ms … 2.3 ms) 1.96 ms 2.26 ms 2.28 ms
summary
@hazae41/berith (unserialized)
1.13x faster than @hazae41/berith (serialized)
5.85x faster than @noble/curves 0.7.0
git clone https://github.com/hazae41/berith && cd berith && npm i && npm run bench:node
cpu: Apple M1 Max
runtime: node v18.12.1 (aarch64-apple-darwin)
┌────────────────────────────────┬──────────────────┬─────────────┬─────────────┐
│ (index) │ average │ minimum │ maximum │
├────────────────────────────────┼──────────────────┼─────────────┼─────────────┤
│ @hazae41/berith (unserialized) │ '281.68 μs/iter' │ '273.83 μs' │ '875.92 μs' │
│ @hazae41/berith (serialized) │ '318.67 μs/iter' │ '311.29 μs' │ '938.87 μs' │
│ @noble/curves 0.7.0 │ '1.99 ms/iter' │ '1.82 ms' │ '5.91 ms' │
│ supercop.wasm 5.0.1 │ '187.96 μs/iter' │ '179.21 μs' │ '734.29 μs' │
│ node:crypto (unserialized) │ '152.67 μs/iter' │ '144.96 μs' │ '2.86 ms' │
│ node:crypto (serialized) │ '555.61 μs/iter' │ '549.42 μs' │ '1.20 ms' │
└────────────────────────────────┴──────────────────┴─────────────┴─────────────┘
Summary
- @hazae41/berith (unserialized) is 1.13x faster than @hazae41/berith (serialized)
- @hazae41/berith (unserialized) is 7.06x faster than @noble/curves 0.7.0
- @hazae41/berith (unserialized) is 0.67x faster than supercop.wasm 5.0.1
- @hazae41/berith (unserialized) is 0.54x faster than node:crypto (unserialized)
- @hazae41/berith (unserialized) is 1.97x faster than node:crypto (serialized)
import { Berith, Ed25519Keypair } from "@hazae41/berith";
// Wait for WASM to load
Berith.initSyncBundledOnce();
// Generate an identity
const keypair = new Ed25519Keypair();
const identity = keypair.public(); // Ed25519PublicKey
// Define bytes to sign
const bytes = new TextEncoder().encode("hello world"); // Uint8Array
// Sign and verify
const proof = keypair.sign(bytes); // Ed25519Signature
const verified = identity.verify(bytes, proof); // boolean
You can serialize and deserialize to Uint8Array
const bytes = new Ed25519Keypair().to_bytes().copyAndDispose();
const keypair = Ed25519Keypair.from_bytes(bytes);
const bytes = keypair.public().to_bytes().copyAndDispose();
const identity = Ed25519PublicKey.from_bytes(bytes);
const bytes = keypair.sign(input).to_bytes().copyAndDispose();
const proof = Ed25519Signature.from_bytes(bytes);
import { Berith, X25519StaticSecret } from "@hazae41/berith";
// Wait for WASM to load
Berith.initSyncBundledOnce();
// Generate secret x for Alice
const secretx = new X25519StaticSecret()
// Generate secret y for Bob
const secrety = new X25519StaticSecret()
// Get public X for Alice to send to Bob
const publicx = secretx.to_public()
// Get public Y for Bob to send to Alice
const publicy = secrety.to_public()
// Alice computes the shared key S from x and Y
const sharedx = secretx.diffie_hellman(publicy)
// Bob computes the shared key S from y and X
const sharedy = secrety.diffie_hellman(publicx)
// S is the same for Alice and Bob
console.log("S (Alice)", sharedx.to_bytes().copyAndDispose())
console.log("S (Bob", sharedy.to_bytes().copyAndDispose())
You need to install Rust
Then, install wasm-pack
cargo install wasm-pack
Finally, do a clean install and build
npm ci && npm run build
You can build the exact same bytecode using Docker, just be sure you're on a linux/amd64
host
docker compose up --build
Then check that all the files are the same using git status
git status --porcelain
If the output is empty then the bytecode is the same as the one I commited
Each time I commit to the repository, the GitHub's CI does the following:
docker compose up --build
git status --porcelain
output is not emptyEach time I release a new version tag on GitHub, the GitHub's CI does the following:
npm diff
between the cloned repository and the same version tag on NPMIf a version is present on NPM but not on GitHub, do not use!
FAQs
WebAssembly port of Ed25519 signatures and X25519 key exchange
The npm package @hazae41/berith receives a total of 356 weekly downloads. As such, @hazae41/berith popularity was classified as not popular.
We found that @hazae41/berith demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.