Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the bundle smaller #1

Open
will123195 opened this issue Oct 16, 2018 · 5 comments
Open

Make the bundle smaller #1

will123195 opened this issue Oct 16, 2018 · 5 comments

Comments

@will123195
Copy link
Member

will123195 commented Oct 16, 2018
edited
Loading

dist/DualCrypto.js is over 500kb.

This is how we're using elliptic:

import { ec as EC } from 'elliptic'
const ec = new EC('secp256k1')
const keyPair = ec.genKeyPair({ entropy })
const publicKey = keyPair.getPublic().encode('hex')
const signature = keyPair.sign(hash(message)).toDER('hex')
const key = ec.keyFromPublic(publicKey, 'hex')
const isAuthentic = key.verify(hash(message), signature)

Maybe we can tree shake?

Maybe there is an alternative?
@will123195 will123195 mentioned this issue Oct 16, 2018
Open
8 tasks
@will123195 will123195 changed the title Use more lightweight EC library Make the bundle smaller Oct 16, 2018
@MannyC
Copy link

MannyC commented Oct 16, 2018

The reasons I chose the elliptic library were that it seemed popular enough and maintained and allowed us to supply the entropy ourselves (as opposed to subtle crypto which does not).

I see that the elliptic library's own minified version is ~132KB and it looks like they're using a fairly simple browserify then uglify process. UAPF wordlist is ~70KB unminified. So we're already about 300KB over this for some reason.

I think if we have a dependency on the bitcoinjs-lib anyway, it's suitable and we can pack a single version of it, then that would have to be the way to go.

If not then it looks like we should be able to successfully make this version a lot smaller

@MannyC
Copy link

MannyC commented Oct 16, 2018

as opposed to subtle crypto which does not

Worth mentioning that there may be ways around that. We could possibly just generate a private key from random data ourselves, but we'd have to drop invalid keys. However I also didn't see any way of using subtle crypto to look up the public key for a given private key. My instinct is to stick with predefined function calls so we don't stumble cryptography-wise.

@will123195
Copy link
Member Author

I think subtle crypto should be able to export the pub key. I was just looking at
https://github.com/diafygi/webcrypto-examples/blob/master/README.md#ecdsa---exportkey

Also I haven't added minify yet.

@MannyC
Copy link

MannyC commented Oct 16, 2018

The issue wasn't the exporting of the key, it was deriving the public from the private. If you import a private key into subtle it won't export a public key for you (as far as I could see).

That said, it looks like an ECDSA in jwk form (elliptic doesn't support jwk by the way) is just the private key without the d parameter and different key_ops.

If that's correct then to use subtle we'd have to generate a random key, make sure the key is valid for p256, put the key into either pkcs8 or jwk and use subtle.importKey, then export the private key as jwk and delete/alter some properties on it.

@will123195
Copy link
Member Author

I got it down to 143KB with uglify. If the jwk thing works out, I expect we'll get it down to ~10KB which would be great.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@will123195 @MannyC