What's changed
This release replaces the elliptic package with @noble/curves, which automatically enforces normalized s values in ECDSA signatures, improving cryptographic security and preventing malleability issues. Support for non-normalized signatures has been removed, but this is not a breaking change—existing functionality remains fully compatible, aligning with industry standards like Ethereum’s EIP-2 and Bitcoin’s BIP-66.
Changed
- Replaced elliptic package with @noble/curves package by @venilinvasilev in #2937
Unlike elliptic, @noble/curves automatically enforces a normalized s value in ECDSA signatures, aligning with best practices in cryptographic security. This ensures better interoperability while preventing malleability-related issues.
Removed
- Removed support of non-normalized signatures by @venilinvasilev in #2937
This is NOT a Breaking Change. The SDK continues to function exactly as before, as @noble/curves produces valid signatures compatible with existing verification logic. The normalized s value behavior is already an industry standard (Ethereum's EIP-2, Bitcoin's BIP-66).