{"id":13631024,"url":"https://github.com/paulmillr/scure-starknet","last_synced_at":"2025-10-05T04:20:16.772Z","repository":{"id":63642633,"uuid":"561341101","full_name":"paulmillr/scure-starknet","owner":"paulmillr","description":"Audited \u0026 minimal JS implementation of Starknet cryptography.","archived":false,"fork":false,"pushed_at":"2025-03-25T10:17:27.000Z","size":790,"stargazers_count":70,"open_issues_count":2,"forks_count":7,"subscribers_count":3,"default_branch":"main","last_synced_at":"2025-04-04T01:24:10.320Z","etag":null,"topics":["cryptography","pedersen","poseidon","stark","stark-curve","starkex","starknet"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paulmillr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/funding.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":"audit/2023-09-kudelski-audit-starknet.pdf","citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":"paulmillr"}},"created_at":"2022-11-03T13:38:11.000Z","updated_at":"2025-03-25T10:17:31.000Z","dependencies_parsed_at":"2023-09-22T02:33:25.801Z","dependency_job_id":"c488bb85-2508-45db-8b29-a93f7a4ec7d5","html_url":"https://github.com/paulmillr/scure-starknet","commit_stats":{"total_commits":61,"total_committers":5,"mean_commits":12.2,"dds":0.180327868852459,"last_synced_commit":"bb6fc5aa0ef1a317cdcbd63e44f337c86d694627"},"previous_names":["paulmillr/micro-starknet"],"tags_count":10,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulmillr%2Fscure-starknet","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulmillr%2Fscure-starknet/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulmillr%2Fscure-starknet/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulmillr%2Fscure-starknet/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paulmillr","download_url":"https://codeload.github.com/paulmillr/scure-starknet/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248637933,"owners_count":21137573,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cryptography","pedersen","poseidon","stark","stark-curve","starkex","starknet"],"created_at":"2024-08-01T22:02:07.528Z","updated_at":"2025-10-05T04:20:16.765Z","avatar_url":"https://github.com/paulmillr.png","language":"JavaScript","funding_links":["https://github.com/sponsors/paulmillr"],"categories":["JavaScript","Additional developer resources"],"sub_categories":[],"readme":"# scure-starknet\n\nAudited \u0026 minimal JS implementation of Starknet cryptography.\n\n- 🔒 [Audited](#security) by an independent security firm\n- 🧜‍♂️ [Stark curve](https://docs.starkware.co/starkex/stark-curve.html), pedersen and poseidon hashes\n- ➰ Uses [noble-curves](https://github.com/paulmillr/noble-curves) for underlying arithmetics\n\n### This library belongs to _scure_\n\n\u003e **scure** — audited micro-libraries.\n\n- Zero or minimal dependencies\n- Highly readable TypeScript / JS code\n- PGP-signed releases and transparent NPM builds\n- Check out [homepage](https://paulmillr.com/noble/#scure) \u0026 all libraries:\n  [base](https://github.com/paulmillr/scure-base),\n  [bip32](https://github.com/paulmillr/scure-bip32),\n  [bip39](https://github.com/paulmillr/scure-bip39),\n  [btc-signer](https://github.com/paulmillr/scure-btc-signer),\n  [sr25519](https://github.com/paulmillr/scure-sr25519),\n  [starknet](https://github.com/paulmillr/scure-starknet)\n\n## Usage\n\n\u003e `npm install @scure/starknet`\n\n\u003e `jsr add jsr:@scure/starknet`\n\n```ts\nimport * as starknet from '@scure/starknet';\n```\n\nWe support all major platforms and runtimes.\n\nNote: the examples use the 'deepStrictEqual' function from the 'assert' built-in NodeJS module to compare values.\n\nIn Typescript, you must first install the '@types/node' npm package and then import like this: `import { deepStrictEqual } from 'assert';`.\n\nIn vanilla Javascript, just do this: `const { deepStrictEqual } = require(\"assert\");` \u003cbr\u003e\n\n### Curve\n\n```ts\n// Signing and verification\nconst privateKey = '2dccce1da22003777062ee0870e9881b460a8b7eca276870f57c601f182136c';\nconst publicKey = starknet.getPublicKey(privateKey);\nconst messageHash = 'c465dd6b1bbffdb05442eb17f5ca38ad1aa78a6f56bf4415bdee219114a47';\nconst sig = starknet.sign(messageHash, privateKey);\nconst { r, s } = sig;\ndeepStrictEqual(r.toString(16), '5f496f6f210b5810b2711c74c15c05244dad43d18ecbbdbe6ed55584bc3b0a2');\ndeepStrictEqual(s.toString(16), '4e8657b153787f741a67c0666bad6426c3741b478c8eaa3155196fc571416f3');\ndeepStrictEqual(starknet.verify(sig, messageHash, publicKey), true);\n\n// Private key to StarkKey\ndeepStrictEqual(\n  starknet.getStarkKey('0x178047D3869489C055D7EA54C014FFB834A069C9595186ABE04EA4D1223A03F'),\n  '0x1895a6a77ae14e7987b9cb51329a5adfb17bd8e7c638f92d6892d76e51cebcf'\n);\n\n// Pedersen hash\ndeepStrictEqual(\n  starknet.pedersen(\n    '0x3d937c035c878245caf64531a5756109c53068da139362728feb561405371cb',\n    '0x208a0a10250e382e1e4bbe2880906c2791bf6275695e02fbbc6aeff9cd8b31a'\n  ),\n  '30e480bed5fe53fa909cc0f8c4d99b8f9f2c016be4c41e13a4848797979c662'\n);\n\n// Create private key from ethereum signature\nconst ethSignature =\n  '0x21fbf0696d5e0aa2ef41a2b4ffb623bcaf070461d61cf7251c74161f82fec3a43' +\n  '70854bc0a34b3ab487c1bc021cd318c734c51ae29374f2beb0e6f2dd49b4bf41c';\ndeepStrictEqual(\n  starknet.ethSigToPrivate(ethSignature),\n  '766f11e90cd7c7b43085b56da35c781f8c067ac0d578eabdceebc4886435bda'\n);\n```\n\n### Private key from mnemonic\n\n```ts\nimport * as bip32 from '@scure/bip32';\nimport * as bip39 from '@scure/bip39';\n\nshould('Seed derivation (example)', () =\u003e {\n  const layer = 'starknet';\n  const application = 'starkdeployement';\n  const mnemonic =\n    'range mountain blast problem vibrant void vivid doctor cluster enough melody ' +\n    'salt layer language laptop boat major space monkey unit glimpse pause change vibrant';\n  const ethAddress = '0xa4864d977b944315389d1765ffa7e66F74ee8cd7';\n  const hdKey = bip32.HDKey.fromMasterSeed(bip39.mnemonicToSeedSync(mnemonic)).derive(\n    starknet.getAccountPath(layer, application, ethAddress, 0)\n  );\n  deepStrictEqual(\n    starknet.grindKey(hdKey.privateKey),\n    '6cf0a8bf113352eb863157a45c5e5567abb34f8d32cddafd2c22aa803f4892c'\n  );\n});\n```\n\n### Poseidon\n\n[Poseidon hash](https://www.poseidon-hash.info) can be used in the following way:\n\n```ts\ntype PoseidonFn = ReturnType\u003ctypeof poseidon\u003e \u0026 {\n  m: number;\n  rate: number;\n  capacity: number;\n};\nfunction poseidonHash(x: bigint, y: bigint, fn?: PoseidonFn): bigint;\nfunction poseidonHashFunc(x: Uint8Array, y: Uint8Array, fn?: PoseidonFn): Uint8Array;\nfunction poseidonHashSingle(x: bigint, fn?: PoseidonFn): bigint;\nfunction poseidonHashMany(values: bigint[], fn?: PoseidonFn): bigint;\n```\n\n### Utils\n\n```ts\n// Hash chain\ndeepStrictEqual(\n  starknet.hashChain([1, 2, 3]),\n  '5d9d62d4040b977c3f8d2389d494e4e89a96a8b45c44b1368f1cc6ec5418915'\n);\n\n// Key grinding\ndeepStrictEqual(\n  starknet.grindKey('86F3E7293141F20A8BAFF320E8EE4ACCB9D4A4BF2B4D295E8CEE784DB46E0519'),\n  '5c8c8683596c732541a59e03007b2d30dbbbb873556fe65b5fb63c16688f941'\n);\n\n// Starknet keccak\ndeepStrictEqual(\n  starknet.keccak(utf8.decode('hello')),\n  0x8aff950685c2ed4bc3174f3472287b56d9517b9c948127319a09a7a36deac8n\n);\n```\n\n## Security\n\nThe library has been independently audited:\n\n- at version 0.3.0, in Sep 2023, by [Kudelski Security](https://kudelskisecurity.com)\n  - PDFs: [offline](./audit/2023-09-kudelski-audit-starknet.pdf)\n  - [Changes since audit](https://github.com/paulmillr/scure-starknet/compare/0.3.0..main)\n  - Scope: [scure-starknet](https://github.com/paulmillr/scure-starknet) and its related abstract\n    modules of noble-curves: `curve`, `modular`, `poseidon`, `weierstrass`\n  - The audit has been funded by [Starkware](https://starkware.co)\n\n## Speed\n\nBenchmark results on Apple M2 with node v20:\n\n```\nstark\ninit x 33 ops/sec @ 30ms/op\npedersen\n├─old x 86 ops/sec @ 11ms/op # @starkware-industries/starkware-crypto-utils\n└─scure x 620 ops/sec @ 1ms/op\nposeidon x 7,162 ops/sec @ 139μs/op\nverify\n├─old x 303 ops/sec @ 3ms/op\n└─scure x 485 ops/sec @ 2ms/op\n```\n\n## Contributing \u0026 testing\n\n1. Clone the repository\n2. `npm install` to install build dependencies like TypeScript\n3. `npm run build` to compile TypeScript code\n4. `npm run test` will execute all main tests\n\n## Resources\n\n- [Starknet docs](https://docs.starkware.co/starkex/stark-curve.html)\n- [SNARK Security and Performance](https://a16zcrypto.com/content/article/snark-security-and-performance/)\n  calculating security level of snarks.\n\n## License\n\nThe MIT License (MIT)\n\nCopyright (c) 2022 Paul Miller [(https://paulmillr.com)](https://paulmillr.com)\n\nSee LICENSE file.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulmillr%2Fscure-starknet","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaulmillr%2Fscure-starknet","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulmillr%2Fscure-starknet/lists"}