Introduction

We need a crypto library that implements Ed25519 operations in Node and in the browser. Our focus is on security first and foremost. Then, all else being equal on package size, and finally on speed.

Somethings to look at:

• An independent security audit is table stakes for a crypto library
• 0 dependencies is greatly preferred. It dramatically reduces the risk of supply chain attacks
• Library popularity is not something to explicitly make a decision on. But more use means more eyes on it & a greater chance of surfacing bugs, so it is a useful indicator.
• WASM v Native. Going into this I wanted/expected to settle on a WASM library. After viewing the options, I don’t think this is the best idea. The implementations just aren’t mature enough. As well, we don’t get a security benefit from WASM (since the keys still need to pass through JS & be stored on the client), so the only really benefit is speed. Clients are not doing enough signatures for speed to be hugely important. The main benefit of crypto in WASM would be encryption/decryption of large files

Libraries

TweetNACL.js

https://github.com/dchest/tweetnacl-js

Language: Javascript

Dependencies: 0

Weekly Downloads: 16,934,000

Unpacked Size: 175 kb

Audited: ✅

Other notes: this is a port of the original TweetNACL lib by Daniel Bernstein (creator of Ed25519)

StableLib

https://github.com/StableLib/stablelib

Language: Typescript

Dependencies: 0 external, 3 internal