Replace secp256k1 with @noble/secp256k1

CHANGELOG.md

@@ -16,6 +16,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Changed
 
 - Prefer the use of `BigInt` over integer literal (`n` postfix) to facilitate the use of a polyfill.
+- Replaced `secp256k1` and hence `elliptic` dependencies with `@noble/secp256k1`,
+  reducing package size, number of dependency and removing need for `crypto-browserify` polyfill.
 
 ### Fixed
 

examples/web-chat/config/webpack.extend.js

@@ -8,7 +8,7 @@ module.exports = {
     Object.assign(config.resolve.fallback, {
       assert: require.resolve("assert"),
       buffer: require.resolve("buffer"),
-      crypto: require.resolve("crypto-browserify"),
+      crypto: false,
       http: require.resolve("http-browserify"),
       https: require.resolve("https-browserify"),
       stream: require.resolve("stream-browserify"),
@@ -41,7 +41,7 @@ module.exports = {
     Object.assign(config.resolve.fallback, {
       assert: require.resolve("assert"),
       buffer: require.resolve("buffer"),
-      crypto: require.resolve("crypto-browserify"),
+      crypto: false,
       http: require.resolve("http-browserify"),
       https: require.resolve("https-browserify"),
       stream: require.resolve("stream-browserify"),

package.json

@@ -61,12 +61,16 @@
     "deploy": "node ci/deploy.js",
     "reset-hard": "git clean -dfx && git reset --hard && npm i && npm run build && for d in examples/*/; do (cd $d; npm i); done"
   },
+  "browser": {
+    "crypto": false
+  },
   "engines": {
     "node": ">=16"
   },
   "dependencies": {
     "@chainsafe/libp2p-noise": "^5.0.0",
     "@ethersproject/rlp": "^5.5.0",
+    "@noble/secp256k1": "^1.3.4",
     "debug": "^4.3.1",
     "dns-query": "^0.8.0",
     "hi-base32": "^0.5.1",
@@ -81,7 +85,6 @@
     "multiaddr": "^10.0.1",
     "multihashes": "^4.0.3",
     "protobufjs": "^6.8.8",
-    "secp256k1": "^4.0.2",
     "uuid": "^8.3.2"
   },
   "devDependencies": {
@@ -101,7 +104,6 @@
     "assert": "^2.0.0",
     "buffer": "^6.0.3",
     "chai": "^4.3.4",
-    "crypto-browserify": "^3.12.0",
     "cspell": "^5.14.0",
     "eslint": "^8.6.0",
     "eslint-config-prettier": "^8.3.0",

src/lib/crypto.ts

@@ -1,33 +1,48 @@
 import nodeCrypto from "crypto";
 
-// IE 11
-declare global {
-  interface Window {
-    msCrypto?: Crypto;
-  }
-
-  interface Crypto {
-    webkitSubtle?: SubtleCrypto;
-  }
-}
+import { concat } from "uint8arrays/concat";
 
-const crypto =
-  (typeof window !== "undefined" &&
-    (window as Window) &&
-    (window.crypto || window.msCrypto)) ||
-  (nodeCrypto.webcrypto as unknown as Crypto);
-const subtle: SubtleCrypto = crypto.subtle || crypto.webkitSubtle;
+declare const self: Record<string, any> | undefined;
+const crypto: { node?: any; web?: any } = {
+  node: nodeCrypto,
+  web: typeof self === "object" && "crypto" in self ? self.crypto : undefined,
+};
 
-if (subtle === undefined) {
-  throw new Error("crypto and/or subtle api unavailable");
+export function getSubtle(): SubtleCrypto {
+  if (crypto.web) {
+    return crypto.web.subtle;
+  } else if (crypto.node) {
+    return crypto.node.webcrypto.subtle;
+  } else {
+    throw new Error(
+      "The environment doesn't have Crypto Subtle API (if in the browser, be sure to use to be in a secure context, ie, https)"
+    );
+  }
 }
 
-export { crypto, subtle };
-
-export function randomBytes(size: number): Uint8Array {
-  return crypto.getRandomValues(new Uint8Array(size));
+export function randomBytes(bytesLength = 32): Uint8Array {
+  if (crypto.web) {
+    return crypto.web.getRandomValues(new Uint8Array(bytesLength));
+  } else if (crypto.node) {
+    const { randomBytes } = crypto.node;
+    return Uint8Array.from(randomBytes(bytesLength));
+  } else {
+    throw new Error(
+      "The environment doesn't have randomBytes function (if in the browser, be sure to use to be in a secure context, ie, https)"
+    );
+  }
 }
 
-export function sha256(msg: ArrayBufferLike): Promise<ArrayBuffer> {
-  return subtle.digest({ name: "SHA-256" }, msg);
+export async function sha256(...messages: Uint8Array[]): Promise<Uint8Array> {
+  if (crypto.web) {
+    const buffer = await crypto.web.subtle.digest("SHA-256", concat(messages));
+    return new Uint8Array(buffer);
+  } else if (crypto.node) {
+    const { createHash } = crypto.node;
+    const hash = createHash("sha256");
+    messages.forEach((m) => hash.update(m));
+    return Uint8Array.from(hash.digest());
+  } else {
+    throw new Error("The environment doesn't have sha256 function");
+  }
 }