Switch from js-sha3 and blake to audited noble-hashes

[paulmillr]

noble cryptography (https://github.com/paulmillr/noble-hashes) is high-security, easily auditable set of contained cryptographic libraries and tools. It would be great to use it instead of some unknown library. Benefits:

• Audited, less resources would be necessary for end-users to audit dep trail
• Smaller bundle size
• Is used by millions of users (see npm)
• Since it's everywhere (e.g. in ethers.js), it would get de-duplicated by end-users when two packages depend on noble
• Is actually maintained, has modern features like esm / typescript / bun / deno friendliness

All PRs:

• PR to snarkjs for only sha3 Switch from js-sha3 to audited noble-hashes #546
• PR to snarkjs for sha3 and blake2 Switch from js-sha3 and blake to audited noble-hashes #547
• PR to wasmsnark Switch from blakejs to audited noble-hashes wasmsnark#32
• PR to circomlib Switch from blake-hash to audited noble-hashes circomlib#119
• PR to circomlibjs Switch from blake-hash and blake2b to audited noble-hashes circomlibjs#32

Originally proposed 15 months ago in #416

[OBrezhniev]

Hello @paulmillr!
Thank you for your contribution! I imagine it was a lot of work!
Can you please elaborate on this comment? Why is it unsafe?
Just because of the usage of internal API or there are other considerations?

[paulmillr]

It’s because it uses internal api.

stuff like this is never exposed in libraries.

[paulmillr]

Why do you need "partial hashes"?

[OBrezhniev]

I don't know. I will ask Jordi.

[OBrezhniev]

@Kolezhniuk can you please test this build on our multiplatform tests setup?

[Kolezhniuk]

@Kolezhniuk can you please test this build on our multiplatform tests setup?

@OBrezhniev Tested, our js-sdk works fine with with this version of snarkjs. I don't think that this is critical because warning is for builds targeted on NodeJS
One, note that there are warnings during the build

> [email protected] build
> npm run buildcjs && npm run buildcli && npm run buildiife && npm run buildiifemin && npm run buildesm


> [email protected] buildcjs
> rollup -c config/rollup.cjs.config.js


main.js → build/main.cjs...
(!) Unresolved dependencies
https://rollupjs.org/guide/en/#warning-treating-module-as-external-dependency
@noble/hashes/blake2b (imported by src/powersoftau_new.js, src/powersoftau_export_challenge.js, src/powersoftau_import.js, src/powersoftau_verify.js, src/powersoftau_challenge_contribute.js, src/powersoftau_beacon.js, src/powersoftau_contribute.js, src/zkey_new.js, src/zkey_verify_frominit.js, src/zkey_contribute.js, src/zkey_beacon.js, src/zkey_bellman_contribute.js, src/powersoftau_utils.js, src/misc.js, src/keypair.js)
@noble/hashes/utils (imported by src/misc.js)
@noble/hashes/sha3 (imported by src/Keccak256Transcript.js)
created build/main.cjs in 265ms...