build(deps): bump @noble/curves from 1.8.1 to 2.0.1 (#3096)

dependabot[bot] · Patel-Raj11 · web-flow · commit cf9dd82d699a · 2026-03-25T14:49:37.000-04:00
* build(deps): bump @noble/curves from 1.8.1 to 2.0.1 Bumps [@noble/curves](https://github.com/paulmillr/noble-curves) from 1.8.1 to 2.0.1. - [Release notes](https://github.com/paulmillr/noble-curves/releases) - [Commits](paulmillr/noble-curves@1.8.1...2.0.1) --- updated-dependencies: - dependency-name: "@noble/curves" dependency-version: 2.0.1 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> * account for breaking changes --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Raj Patel <rajp@ripple.com>
diff --git a/package-lock.json b/package-lock.json
diff --git a/packages/ripple-keypairs/eslint.config.js b/packages/ripple-keypairs/eslint.config.js
@@ -67,6 +67,7 @@ module.exports = [
       'no-shadow': 'off',
       'multiline-comment-style': 'off',
       '@typescript-eslint/no-require-imports': 'off',
+      'import/extensions': 'off',
     },
   },
 ]
diff --git a/packages/ripple-keypairs/package.json b/packages/ripple-keypairs/package.json
@@ -19,7 +19,7 @@
     "test": "test"
   },
   "dependencies": {
-    "@noble/curves": "^1.9.0",
+    "@noble/curves": "^2.0.1",
     "@xrplf/isomorphic": "^1.0.1",
     "ripple-address-codec": "^5.0.0"
   },
diff --git a/packages/ripple-keypairs/src/signing-schemes/ed25519/index.ts b/packages/ripple-keypairs/src/signing-schemes/ed25519/index.ts
@@ -1,5 +1,5 @@
-import { ed25519 as nobleEd25519 } from '@noble/curves/ed25519'
-import { bytesToHex } from '@xrplf/isomorphic/utils'
+import { ed25519 as nobleEd25519 } from '@noble/curves/ed25519.js'
+import { bytesToHex, hexToBytes } from '@xrplf/isomorphic/utils'
 
 import type { HexString, SigningScheme } from '../../types'
 import assert from '../../utils/assert'
@@ -25,7 +25,9 @@ const ed25519: SigningScheme = {
       privateKey.length === 66,
       'private key must be 33 bytes including prefix',
     )
-    return bytesToHex(nobleEd25519.sign(message, privateKey.slice(2)))
+    return bytesToHex(
+      nobleEd25519.sign(message, hexToBytes(privateKey.slice(2))),
+    )
   },
 
   verify(
@@ -39,10 +41,10 @@ const ed25519: SigningScheme = {
       'public key must be 33 bytes including prefix',
     )
     return nobleEd25519.verify(
-      signature,
+      hexToBytes(signature),
       message,
       // Remove the 0xED prefix
-      publicKey.slice(2),
+      hexToBytes(publicKey.slice(2)),
       // By default, set zip215 to false for compatibility reasons.
       // ZIP 215 is a stricter Ed25519 signature verification scheme.
       // However, setting it to false adheres to the more commonly used
diff --git a/packages/ripple-keypairs/src/signing-schemes/secp256k1/index.ts b/packages/ripple-keypairs/src/signing-schemes/secp256k1/index.ts
@@ -1,5 +1,5 @@
-import { numberToBytesBE } from '@noble/curves/abstract/utils'
-import { secp256k1 as nobleSecp256k1 } from '@noble/curves/secp256k1'
+import { numberToBytesBE } from '@noble/curves/utils.js'
+import { secp256k1 as nobleSecp256k1 } from '@noble/curves/secp256k1.js'
 import { bytesToHex, hexToBytes } from '@xrplf/isomorphic/utils'
 
 import type {
@@ -26,7 +26,9 @@ const secp256k1: SigningScheme = {
     const privateKey =
       SECP256K1_PREFIX + bytesToHex(numberToBytesBE(derived, 32))
 
-    const publicKey = bytesToHex(nobleSecp256k1.getPublicKey(derived, true))
+    const publicKey = bytesToHex(
+      nobleSecp256k1.getPublicKey(numberToBytesBE(derived, 32), true),
+    )
     return { privateKey, publicKey }
   },
 
@@ -40,27 +42,31 @@ const secp256k1: SigningScheme = {
     )
     const normedPrivateKey =
       privateKey.length === 66 ? privateKey.slice(2) : privateKey
-    return nobleSecp256k1
-      .sign(Sha512.half(message), normedPrivateKey, {
+    return bytesToHex(
+      nobleSecp256k1.sign(Sha512.half(message), hexToBytes(normedPrivateKey), {
         // "Canonical" signatures
         lowS: true,
         // Would fail tests if signatures aren't deterministic
         extraEntropy: undefined,
-      })
-      .toDERHex()
-      .toUpperCase()
+        format: 'der',
+        // We pass a pre-hashed message (Sha512Half), so disable secp256k1's
+        // default SHA-256 prehashing (added as default in @noble/curves 2.0.0)
+        prehash: false,
+      }),
+    ).toUpperCase()
   },
 
   verify(
     message: Uint8Array,
     signature: HexString,
     publicKey: HexString,
   ): boolean {
-    const decoded = nobleSecp256k1.Signature.fromDER(signature)
+    const decoded = nobleSecp256k1.Signature.fromHex(signature, 'der')
     return nobleSecp256k1.verify(
-      decoded.toCompactRawBytes(),
+      decoded.toBytes('compact'),
       Sha512.half(message),
       hexToBytes(publicKey),
+      { prehash: false },
     )
   },
 }
diff --git a/packages/ripple-keypairs/src/signing-schemes/secp256k1/utils.ts b/packages/ripple-keypairs/src/signing-schemes/secp256k1/utils.ts
@@ -1,11 +1,11 @@
-import { secp256k1 } from '@noble/curves/secp256k1'
+import { secp256k1 } from '@noble/curves/secp256k1.js'
 
 import Sha512 from '../../utils/Sha512'
 
 const ZERO = BigInt(0)
 
 function deriveScalar(bytes: Uint8Array, discrim?: number): bigint {
-  const order = secp256k1.CURVE.n
+  const order = secp256k1.Point.CURVE().n
   for (let i = 0; i <= 0xffff_ffff; i++) {
     // We hash the bytes to find a 256-bit number, looping until we are sure it
     // is less than the order of the curve.
@@ -49,7 +49,7 @@ export function derivePrivateKey(
   } = {},
 ): bigint {
   const root = opts.validator
-  const order = secp256k1.CURVE.n
+  const order = secp256k1.Point.CURVE().n
 
   // This private generator represents the `root` private key, and is what's
   // used by validators for signing when a keypair is generated from a seed.
@@ -58,18 +58,17 @@ export function derivePrivateKey(
     // As returned by validation_create for a given seed
     return privateGen
   }
-  const publicGen =
-    secp256k1.ProjectivePoint.BASE.multiply(privateGen).toRawBytes(true)
+  const publicGen = secp256k1.Point.BASE.multiply(privateGen).toBytes(true)
   // A seed can generate many keypairs as a function of the seed and a uint32.
   // Almost everyone just uses the first account, `0`.
   const accountIndex = opts.accountIndex || 0
   return (deriveScalar(publicGen, accountIndex) + privateGen) % order
 }
 
 export function accountPublicFromPublicGenerator(publicGenBytes: Uint8Array) {
-  const rootPubPoint = secp256k1.ProjectivePoint.fromHex(publicGenBytes)
+  const rootPubPoint = secp256k1.Point.fromBytes(publicGenBytes)
   const scalar = deriveScalar(publicGenBytes, 0)
-  const point = secp256k1.ProjectivePoint.BASE.multiply(scalar)
+  const point = secp256k1.Point.BASE.multiply(scalar)
   const offset = rootPubPoint.add(point)
-  return offset.toRawBytes(true)
+  return offset.toBytes(true)
 }
diff --git a/packages/ripple-keypairs/src/utils/Sha512.ts b/packages/ripple-keypairs/src/utils/Sha512.ts
@@ -1,5 +1,5 @@
 import { sha512 } from '@xrplf/isomorphic/sha512'
-import { bytesToNumberBE } from '@noble/curves/abstract/utils'
+import { bytesToNumberBE } from '@noble/curves/utils.js'
 
 type Input = Uint8Array | number[] | string
 

Original file line number	Diff line number	Diff line change
`@@ -67,6 +67,7 @@ module.exports = [`
`67`	`67`	`'no-shadow': 'off',`
`68`	`68`	`'multiline-comment-style': 'off',`
`69`	`69`	`'@typescript-eslint/no-require-imports': 'off',`
	`70`	`+ 'import/extensions': 'off',`
`70`	`71`	`},`
`71`	`72`	`},`
`72`	`73`	`]`