Switch from js-sha3 and blake to audited noble-hashes

[paulmillr]

noble cryptography (https://github.com/paulmillr/noble-hashes) is high-security, easily auditable set of contained cryptographic libraries and tools. It would be great to use it instead of some unknown library. Benefits:

• Audited, less resources would be necessary for end-users to audit dep trail
• Smaller bundle size
• Is used by millions of users (see npm)
• Since it's everywhere (e.g. in ethers.js), it would get de-duplicated by end-users when two packages depend on noble
• Is actually maintained, has modern features like esm / typescript / bun / deno friendliness

All PRs:

• PR to snarkjs for only sha3 Switch from js-sha3 to audited noble-hashes #546
• PR to snarkjs for sha3 and blake2 Switch from js-sha3 and blake to audited noble-hashes #547
• PR to wasmsnark Switch from blakejs to audited noble-hashes wasmsnark#32
• PR to circomlib Switch from blake-hash to audited noble-hashes circomlib#119
• PR to circomlibjs Switch from blake-hash and blake2b to audited noble-hashes circomlibjs#32

Originally proposed 15 months ago in #416

[OBrezhniev]

@Kolezhniuk can you please test this build on our multiplatform tests setup?

[Kolezhniuk]

@Kolezhniuk can you please test this build on our multiplatform tests setup?

@OBrezhniev Tested, our js-sdk works fine with with this version of snarkjs. I don't think that this is critical because warning is for builds targeted on NodeJS
One, note that there are warnings during the build

> snarkjs@0.7.5 build
> npm run buildcjs && npm run buildcli && npm run buildiife && npm run buildiifemin && npm run buildesm


> snarkjs@0.7.5 buildcjs
> rollup -c config/rollup.cjs.config.js


main.js → build/main.cjs...
(!) Unresolved dependencies
https://rollupjs.org/guide/en/#warning-treating-module-as-external-dependency
@noble/hashes/blake2b (imported by src/powersoftau_new.js, src/powersoftau_export_challenge.js, src/powersoftau_import.js, src/powersoftau_verify.js, src/powersoftau_challenge_contribute.js, src/powersoftau_beacon.js, src/powersoftau_contribute.js, src/zkey_new.js, src/zkey_verify_frominit.js, src/zkey_contribute.js, src/zkey_beacon.js, src/zkey_bellman_contribute.js, src/powersoftau_utils.js, src/misc.js, src/keypair.js)
@noble/hashes/utils (imported by src/misc.js)
@noble/hashes/sha3 (imported by src/Keccak256Transcript.js)
created build/main.cjs in 265ms...

[OBrezhniev]

@Kolezhniuk I've fixed rollup warnings and few other things. Can you review & recheck js-sdk tests?

[paulmillr]

@OBrezhniev I see the pull requests have been merged; however this one and iden3/circomlib#119 still persist.

[OBrezhniev]

Hi @paulmillr! Yes, there was some WIP on my side there. Now both are merged. Thank you very much for contribution!