Proposal: Efforts behind making micro-sr25519 (scure-sr25519) happen

Shankar_Warang
12hrs 54mins ago
1 Comments

Expansion of @noble/curves to Polkadot ecosystem through the curations of micro-sr25519 package (now scure-sr25519) development by Paul Miller and dotPAL-funded audit by Oak Security.

Proposer: Edgetributor SubDAO
Wallet address: 14XNJmoUzkvmh9cYoqG4axBRR4BWzWRbnFP79oiZgKu7V9bz
Time period: August 2024 to August 2025
Total number of hours contributed: 624
Requested incentives (for 6 contributors): 37440 USDT {624 hours * 60 USD per hour}
Email: shankar@edgeware.community {Shankar}
Telegram Handle: @gmeister7 {Gagan}

Summary of the proposal:

  • Technical depth: micro-sr25519 is not a simple library, it's a cryptographic primitive essential to the Polkadot-SDK/Substrate and thus to the whole Polkadot ecosystem.
  • Ecosystem unblocker: This enables new tooling (e.g., browser extensions, mobile apps) without relying on WASM bindings or Rust wrappers.
  • Strategic value: It lowers the barrier for JS/TS devs to build in the Polkadot ecosystem while improving ecosystem-wide security/performance/resilience/functionalities.
  • Uncompensated effort: Edgetributor SubDAO finding the need for the ecosystem, coordinated with Paul Miller, managed auditing, and did this without grants or direct/indirect payments.

Important links:

  • Context of the proposal/ how it started:

    We (Edgetributor SubDAO) came across the noble packages while preparing for one of our projects. We found that there is the ed25519 package which can be used with some patchy ways for our implementation. Then we came across the discussion on a closed issue by ntn-x2 where Paul showed interest in the integration of the sr25519 curve, subject to sponsorship availability. So we followed up with him and he wanted to pursue this further. Considering the impact of Paul’s work on the whole web3 space, we decided to curate his proposal and take care of all the administrative work (as per his request). In this whole process, Edgetributor SubDAO members did not get financially benefited by any means from the entire amount corresponding to the development proposal or the audit proposal (funded by dotPAL bounty) and thus we are requesting retroactively after completing all our duties so far.

  • Importance for the ecosystem:

    micro-sr25519 is a core cryptography package developed by Paul Miller for sr25519 curve in JS/TS. There is one such package in Rust already developed (since the for origin of Substrate framework) called @polkadot/wasm-crypto based of @w3f/schnorrkel (the actual source of the sr25519 curve).

    Currently the majority of the Polkadot ecosystem protocols use Polkadot-JS's libraries, utilities and helpers which further uses @polkadot/wasm-crypto. This dependency on wasm package might not be an optimal, especially for frontends of different protocols developed using modern frameworks which majorly utilise JS/TS for their stack. Switching to the minimalistic micro-sr25519 package will eliminate inefficiencies introduced due to the translation layer between two or more languages in the same stack.

    The alternative curve utilised in the Polkadot ecosystem called ed25519 already had the JS/TS package (developed by Paul Miller as well) and thus in the Polkadot-JS's common source is utilising it over the wasm/rust alternative.

    Now after the audit of the micro-sr25519 package, Polkadot-JS's suite will shift the dependency from the wasm-crypto package to the micro-sr25519 package:
    https://github.com/polkadot-js/common/pull/1971

  • Ecosystem-wide expected outcome:

    • Better performance, shorter load times for the frontends
    • Better security on a cryptographic level
    • Convenient maintenance/refactorability for Polkadot-JS and similar suites/toolings/libraries/utilities/helpers.
    • Increased network resilience to potential zero-day exploits due to the distributed dependencies
    • Availability of advanced BigInt handling for expert developers
    • Better DevEx while using modern frontend frameworks

  • Acknowledgements:

  • Milestones and deliverables:

Milestone Phases Deliverables
1 Discovery and planning phase (done) Discovery of the missing component Development scope determination Reach out to Paul Miller for the expansion of @noble/curves Determining the benefits for the expansion to Polkadot eco Follow-ups on deliverables and development costs
2 Development phase (done) https://x.com/paulmillr/status/1860982804756009471 Drafting of OpenGov proposal on behalf of Paul Miller Fiat conversion of OpenGov funding Payment to Paul via Github sponsorships (specifically preferred mode) Follow-ups on payments and development ETAs Notifying community about the development
3 Auditing and adoption phase (done) https://x.com/paulmillr/status/1933450784621859039 Report for dotPAL bounty: micro-sr25519 (now scure-sr25519) audit by Oak Security Scouting for auditing firms with cryptography experience Offerings comparison and analysis between the firms Proposal drafting (to PAL bounty) for the selected auditing firm Milestone-based payment disbursement to the selected firm Follow-ups on audit publishing and notify Polkadot-JS maintainers
Up
Comments
No comments here