Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Replace ed25519 with libsodium

See original GitHub issue

ed25519 hasn’t been updated in years and is lagging behind what’s otherwise available: https://github.com/future-tense/ed25519-dalek#benchmarks

ed25519 might have been a good choice in terms of a smaller binary size, but this only used for node anyway, so the extra bloat doesn’t matter as much.

I’d suggest libsodium/sodium-native, since that’s an actual npm package, and since signature verification isn’t that big of a deal; I’d be surprised if most people even know it’s in the SDK.

I’d also suggest using the native bindings for key generation, instead of only using it for signing and verification.

Can do the work, just want a go/no-go

Issue Analytics

State:
Created 5 years ago
Comments:21 (8 by maintainers)

Top GitHub Comments

2reactions

morleyzhicommented, Mar 26, 2019

I like those ideas to reduce the bundle size. I don’t think reduce -> keyBy is a big enough upgrade to warrant the file size increase.

As far as tree-shaking is concerned: I worked on this a few weeks ago but came to the conclusion that it requires a lot of complicated changes, and I’m not positive the output will be worth it. Especially if we can just write Lodash out of the packages. Here’s the rough todo list for that, which has to be done to all 3 libs:

Upgrade webpack to 3 or 4
Upgrade webpack’s peer dependencies to the latest versions
Rewrite all module.exports use to use imports / exports instead. All instances have to be rewritten for tree-shaking to work
Figure out which files have side effects and which are side-effect-free. Mark the former.
Modify all the unit and integration test setups to import the rewritten library the correct way such that tests continue to pass

You have to very precisely manage your codebase to get tree-shaking working, and I wasn’t confident at the time that I could do that in a reasonable amount of time.

2reactions

morleyzhicommented, Mar 19, 2019

I just updated stellar-base and stellar-sdk to remove node builtins from the bundle. Unless my methodology was wrong, I was used your webpack config with Webpack Bundle Analyzer, and it no longer includes the crypto polyfill or elliptic. It does still include tweetnacl.

Top Results From Across the Web

Ed25519 to Curve25519 - libsodium

Ed25519 keys can be converted to X25519 keys, so that the same key pair can be used both for authenticated encryption ( crypto_box...

libsodium x25519 and Ed25519 small order check

Studying libsodium implementation of x25519 and Ed25519 I saw that it performs an small order check comparing given inputs with a hard coded ......

Ed25519 Deep Dive Addendum - Cendyne.dev

By replacing the commitment secret probabilistic process with a deterministic process, the complete signature process for a pre-existing key ...

ed25519_consensus - Rust - Docs.rs

Ed25519 for consensus-critical contexts. ... of Zcash consensus in zcashd inherited validity criteria from a then-current version of libsodium (1.0.15).

Sodium: A Modern and Easy-to-Use Crypto Library

The sodium R package provides bindings to libsodium: a modern, easy-to-use ... for signatures (ed25519) than for encryption (curve25519).