Release 0.6.1.

Author: paulmillr

.gitignore

@@ -6,4 +6,3 @@ node_modules
 *.d.ts.map
 /test/build
 /test/compiled
-/test/vectors/wycheproof

README.md

@@ -252,7 +252,9 @@ For [hashes](https://github.com/paulmillr/noble-hashes), use SHA512 or SHA3-512
 
 The library has not been independently audited yet.
 
-v0.6.0 (Mar 2026) has been undergone through a self-audit. All files were in scope.
+- at version 0.6.1, in Apr 2026, it was audited by ourselves (self-audited)
+  - Scope: everything
+  - [Changes since audit](https://github.com/paulmillr/noble-post-quantum/compare/0.6.1..main)
 
 If you see anything unusual: investigate and report.
 
@@ -287,36 +289,61 @@ which is considered a cryptographically secure PRNG.
 
 Browsers have had weaknesses in the past - and could again - but implementing a userspace CSPRNG is even worse, as there’s no reliable userspace source of high-quality entropy.
 
+## Contributing & testing
+
+- `npm install && npm run build && npm test` will build the code and run tests.
+- `npm run lint` / `npm run format` will run linter / fix linter issues.
+- `npm run bench` will run benchmarks
+- `npm run build:release` will build single file
+
+Check out [github.com/paulmillr/guidelines](https://github.com/paulmillr/guidelines)
+for general coding practices and rules.
+
+See [paulmillr.com/noble](https://paulmillr.com/noble/)
+for useful resources, articles, documentation and demos
+related to the library.
+
 ## Speed
 
 > `npm run bench`
 
-Noble is the fastest JS implementation of post-quantum algorithms. WASM libraries can be faster.
+Noble is the fastest JS implementation of post-quantum algorithms.
 
 Benchmarks on Apple M4 (**higher is better**):
 
-| OPs/sec           | Keygen | Signing | Verification | Shared secret |
-| ----------------- | ------ | ------- | ------------ | ------------- |
-| ECC x/ed25519     | 14216  | 6849    | 1400         | 1981          |
-| ML-KEM-768        | 3778   |         |              | 3750          |
-| ML-DSA65          | 580    | 272     | 546          |               |
-| SLH-DSA-SHA2-192f | 245    | 8       | 169          |               |
-
 ```
 # ML-KEM768
-keygen x 3,778 ops/sec @ 264μs/op
-encapsulate x 3,220 ops/sec @ 310μs/op
-decapsulate x 4,029 ops/sec @ 248μs/op
+keygen x 4,277 ops/sec @ 233μs/op
+encapsulate x 3,470 ops/sec @ 288μs/op
+decapsulate x 3,757 ops/sec @ 266μs/op
 # ML-DSA65
-keygen x 580 ops/sec @ 1ms/op
-sign x 272 ops/sec @ 3ms/op
-verify x 546 ops/sec @ 1ms/op
+keygen x 669 ops/sec @ 1ms/op
+sign x 271 ops/sec @ 3ms/op
+verify x 565 ops/sec @ 1ms/op
 # SLH-DSA SHA2 192f
-keygen x 245 ops/sec @ 4ms/op
-sign x 8 ops/sec @ 114ms/op
-verify x 169 ops/sec @ 5ms/op
+keygen x 235 ops/sec @ 4ms/op
+sign x 8 ops/sec @ 117ms/op
+verify x 159 ops/sec @ 6ms/op
+# Falcon512
+keygen x 14 ops/sec @ 66ms/op ± 11.01% (56ms..96ms)
+sign x 749 ops/sec @ 1ms/op
+verify x 2,160 ops/sec @ 462μs/op
+# Falcon1024
+keygen x 4 ops/sec @ 247ms/op ± 5.22% (234ms..266ms)
+sign x 343 ops/sec @ 2ms/op
+verify x 950 ops/sec @ 1ms/op
 ```
 
+Compared with pre-quantum:
+
+| OPs/sec           | Keygen | Signing | Verification | Shared secret |
+| ----------------- | ------ | ------- | ------------ | ------------- |
+| ECC x/ed25519     | 12648  | 6157    | 1255         | 1981          |
+| ML-KEM-768        | 4277   |         |              | 3757          |
+| ML-DSA65          | 669    | 271     | 565          |               |
+| SLH-DSA-SHA2-192f | 235    | 8       | 159          |               |
+| Falcon512         | 14     | 749     | 950          |               |
+
 SLH-DSA:
 
 |           | sig size | keygen | sign   | verify |
@@ -330,20 +357,6 @@ SLH-DSA:
 | shake_192f | 35664   | 21ms   | 553ms  | 29ms   |
 | shake_192s | 16224   | 260ms  | 2635ms | 2ms    |
 
-## Contributing & testing
-
-- `npm install && npm run build && npm test` will build the code and run tests.
-- `npm run lint` / `npm run format` will run linter / fix linter issues.
-- `npm run bench` will run benchmarks
-- `npm run build:release` will build single file
-
-Check out [github.com/paulmillr/guidelines](https://github.com/paulmillr/guidelines)
-for general coding practices and rules.
-
-See [paulmillr.com/noble](https://paulmillr.com/noble/)
-for useful resources, articles, documentation and demos
-related to the library.
-
 ## License
 
 The MIT License (MIT)

SECURITY.md

@@ -6,12 +6,12 @@ See [README's Security section](./README.md#security) for detailed description o
 
 | Version | Supported          |
 | ------- | ------------------ |
-| >=0.6.0   | :white_check_mark: |
-| <0.6.0   | :x:                |
+| >=0.6.1   | :white_check_mark: |
+| <0.6.1   | :x:                |
 
 ## Reporting a Vulnerability
 
-Use maintainer's email specified at https://paulmillr.com
+Use maintainer's email specified at https://github.com/paulmillr.
 
 It's preferred that you use
 PGP key from [pgp proof](https://paulmillr.com/pgp_proof.txt) (current is [697079DA6878B89B](https://paulmillr.com/pgp_proof.txt)).

jsr.json

@@ -1,6 +1,6 @@
 {
   "name": "@noble/post-quantum",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "exports": {
     ".": "./src/index.ts",
     "./_crystals.js": "./src/_crystals.ts",
@@ -12,9 +12,9 @@
     "./utils.js": "./src/utils.ts"
   },
   "imports": {
-    "@noble/ciphers": "jsr:@noble/ciphers@~2.0.0",
-    "@noble/curves": "jsr:@noble/curves@~2.0.0",
-    "@noble/hashes": "jsr:@noble/hashes@~2.0.0"
+    "@noble/ciphers": "jsr:@noble/ciphers@~2.2.0",
+    "@noble/curves": "jsr:@noble/curves@~2.2.0",
+    "@noble/hashes": "jsr:@noble/hashes@~2.2.0"
   },
   "publish": {
     "include": [

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@noble/post-quantum",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "Auditable & minimal JS implementation of post-quantum cryptography: FIPS 203, 204, 205, Falcon",
   "files": [
     "*.js",
@@ -10,9 +10,9 @@
     "src"
   ],
   "dependencies": {
-    "@noble/ciphers": "~2.0.0",
-    "@noble/curves": "~2.0.0",
-    "@noble/hashes": "~2.0.0"
+    "@noble/ciphers": "~2.2.0",
+    "@noble/curves": "~2.2.0",
+    "@noble/hashes": "~2.2.0"
   },
   "devDependencies": {
     "@paulmillr/jsbt": "0.5.0",
@@ -31,12 +31,11 @@
     "check:jsdoc": "npx --no @paulmillr/jsbt tsdoc package.json",
     "build:clean": "rm *.{js,js.map,d.ts,d.ts.map} 2> /dev/null",
     "format": "prettier --write 'src/**/*.{js,ts}' 'test/**/*.{js,ts,mjs}'",
-    "test": "node --experimental-strip-types --no-warnings test/index.ts",
+    "test": "node test/index.ts",
     "test:bun": "bun test/index.ts",
     "test:deno": "deno --allow-env --allow-read test/index.ts",
     "test:node20": "cd test; npx tsc; node compiled/test/index.js",
-    "test:slow": "SLOW_TESTS=1 node test/index.ts",
-    "test:wycheproof": "bash test/fetch-wycheproof.sh && node --experimental-strip-types --no-warnings test/wycheproof.test.ts"
+    "test:slow": "SLOW_TESTS=1 node test/index.ts"
   },
   "exports": {
     ".": "./index.js",