Make the bundle smaller

[will123195]

dist/DualCrypto.js is over 500kb.

This is how we're using elliptic:

import { ec as EC } from 'elliptic'
const ec = new EC('secp256k1')
const keyPair = ec.genKeyPair({ entropy })
const publicKey = keyPair.getPublic().encode('hex')
const signature = keyPair.sign(hash(message)).toDER('hex')
const key = ec.keyFromPublic(publicKey, 'hex')
const isAuthentic = key.verify(hash(message), signature)

Maybe we can tree shake?

• https://github.com/browserify/common-shakeify

Maybe there is an alternative?

• https://github.com/bitcoinjs/bitcoinjs-lib/blob/v3.3.2/src/ecpair.js

[MannyC]

The reasons I chose the elliptic library were that it seemed popular enough and maintained and allowed us to supply the entropy ourselves (as opposed to subtle crypto which does not).

I see that the elliptic library's own minified version is ~132KB and it looks like they're using a fairly simple browserify then uglify process. UAPF wordlist is ~70KB unminified. So we're already about 300KB over this for some reason.

I think if we have a dependency on the bitcoinjs-lib anyway, it's suitable and we can pack a single version of it, then that would have to be the way to go.

If not then it looks like we should be able to successfully make this version a lot smaller

[MannyC]

as opposed to subtle crypto which does not

Worth mentioning that there may be ways around that. We could possibly just generate a private key from random data ourselves, but we'd have to drop invalid keys. However I also didn't see any way of using subtle crypto to look up the public key for a given private key. My instinct is to stick with predefined function calls so we don't stumble cryptography-wise.

[will123195]

I think subtle crypto should be able to export the pub key. I was just looking at https://github.com/diafygi/webcrypto-examples/blob/master/README.md#ecdsa---exportkey

Also I haven't added minify yet.

[MannyC]

The issue wasn't the exporting of the key, it was deriving the public from the private. If you import a private key into subtle it won't export a public key for you (as far as I could see).

That said, it looks like an ECDSA in jwk form (elliptic doesn't support jwk by the way) is just the private key without the d parameter and different key_ops.

If that's correct then to use subtle we'd have to generate a random key, make sure the key is valid for p256, put the key into either pkcs8 or jwk and use subtle.importKey, then export the private key as jwk and delete/alter some properties on it.

[will123195]

I got it down to 143KB with uglify. If the jwk thing works out, I expect we'll get it down to ~10KB which would be great.