Paul Miller
@paulmillr
🔑 Security, open-source software, austrian school. Noble cryptography.
2024 progress on JS cryptography & ecosystem: - noble-hashes: 1.7M => 4.9M downloads per week - curves: 0.9M => 3M - ciphers: 25K => 413K, got audited - new post-quantum package - chokidar: 40M => 58M, got rewritten Looking forward to crazy new stuff in 2025.
2023 progress on JS cryptography: - noble-hashes: 400K => 1.7M downloads per week - noble-curves: ~0 => 0.9M, got 2 audits - noble-ciphers: 0 => 25K - Finally adopted by @ProtonMail, MetаMасk, @rainbowdotme, @Rabby_io, ethers, web3.js, viem Takes time, but we’re getting there.
React-friendly Cuer uses "paulmillr/qr" as backend, which was renamed to a simple "qr". Install it via "npm i qr". npmjs.com/package/qr
📲 npm i cuer simple & opinionated qr code component for react
GitHub actions CI supply chain attacks are a thing. They are, however, preventable when one pins action to a specific commit. Do not use git tag versions, which are mutable. Example here: github.com/paulmillr/jsbt…
Oh wow, a popular GitHub Action (tj-actions/changed-files) was fully compromised. Someone committed a base64-encoded payload that runs a script that in turn prints out encoded secrets… Stay safe out there!
iOS 26 would get post-quantum xwing (ml-kem + x25519) in TLS & Swift CryptoKit. It would also support ML-KEM & ML-DSA in secure enclave. Hybrid algorithms (classical + pq) are coming to noble-post-quantum's next release. developer.apple.com/videos/play/ww…
We have a new audited package: scure-sr25519. Polkadot apps can now rely on secure JS implementation of Merlin, Strobe, HDKD & Schnorr over Ristretto255. Kudos to community for funding, and @Edgetributors in particular for coordination! github.com/paulmillr/scur…
We have now published our audit and differential fuzzing reports of the @Polkadot micro-sr25519 crypto library developed by @paulmillr for @Edgetributors. This audit was funded by @dotpal_. Read all about our findings and recommendations in the reports: github.com/oak-security/a…
I wrote a bit about X’s new encrypted DMs and the Juicebox protocol. blog.cryptographyengineering.com/2025/06/09/a-b…
Nik has created an easy way to replace libsodium with noble. Check it out!
🚀 Announcing noble-sodium (has been a while since I open sourced something 😅) a TypeScript Libsodium-compatible API built on Noble packages. - No WebAssembly - fully code-splittable - React Native ready - Drop-in replacement for libsodium-wrappers 👉 github.com/serenity-kit/n…
Validating eth node in 14GB. That’s pretty cool!
🚀 Excited to release Ress - a fully validating stateless Ethereum node with just 14GB disk requirements, built on Reth! Statelessness paves the way for scaling L1 gas limit, scaling optimistic L2s, and for implementing Native Rollups to improve the L2 ecosystem’s security &…
Was happy to work with @ArkLabsHQ to produce MuSig2 implementation for btc-signer. Go get it! github.com/paulmillr/scur…
ICYMI: scure's btc-signer latest release now supports MuSig2 👀 A key step toward secure, production-ready Ark deployment. MuSig2 brings practical covenant emulation to Bitcoin. Scalability & security 📈 A privilege to collaborate with @paulmillr on this important update 👇
tl;dr: - don’t use a globally hosted site to handle $1.5B, prefer LAN - After signing, before broadcast, verify using tool such as github.com/pcaversaccio/s…. Ideally 2 tools - subresource integrity, hourly tests which verify frontend can help - don’t store prod keys on dev PCs
Bybit Hack Forensics Report As promised, here are the preliminary reports of the hack conducted by @sygnia_labs and @Verichains Screenshotted the conclusion and here is the link to the full report: docsend.com/view/s/rmdi832…
TL;DR: A dev machine of Safe was compromised. This allowed access to AWS and their S3 bucket. A malicious JavaScript was pushed to the bucket and eventually distributed. The malicious JS code targeted specifically the Bybit contract address. The JS code changes the content of the…
x.com/i/article/1894…
Look, it's actually pretty simple: UIs, infra, dependencies etc. can and will be corrupted. When you hit the buttons on the hardware device, that's when you need to be 100% sure what you sign. The MOST important part is the screen on your hardware device and what it displays and…