# Phase 0, Milestone 2: Cryptography > Hybrid quantum-resistant cryptographic primitives **Status**: ✅ Complete **Priority**: Critical **Crate**: `synor-crypto` --- ## Overview Implement hybrid cryptographic system combining classical Ed25519 with post-quantum Dilithium3 for quantum-resistant security. --- ## Tasks ### Task 2.1: Hashing Functions - [x] Implement Blake3 hashing (primary) - [x] Implement SHA-256 (compatibility) - [x] Implement SHA-512 (Ed25519 requirement) - [x] Add merkle tree support **Files:** - `crates/synor-crypto/src/hash.rs` ### Task 2.2: Ed25519 Implementation - [x] Keypair generation - [x] Message signing - [x] Signature verification - [x] Deterministic key derivation **Files:** - `crates/synor-crypto/src/ed25519.rs` ### Task 2.3: Dilithium3 Implementation - [x] Keypair generation (PQC) - [x] Message signing - [x] Signature verification - [x] Parameter configuration **Files:** - `crates/synor-crypto/src/dilithium.rs` ### Task 2.4: Hybrid Signature Scheme - [x] Combined Ed25519 + Dilithium3 keypair - [x] Hybrid signature creation - [x] Hybrid signature verification - [x] Signature serialization format **Files:** - `crates/synor-crypto/src/hybrid.rs` ### Task 2.5: BIP39 Mnemonic Support - [x] 24-word mnemonic generation - [x] Mnemonic validation - [x] Seed derivation from mnemonic - [x] Passphrase support **Files:** - `crates/synor-crypto/src/mnemonic.rs` ### Task 2.6: Key Derivation - [x] PBKDF2 for password-based derivation - [x] Argon2id for wallet encryption - [x] HKDF for key expansion - [x] BIP32-like hierarchical derivation **Files:** - `crates/synor-crypto/src/kdf.rs` ### Task 2.7: Encryption - [x] AES-256-GCM for symmetric encryption - [x] ChaCha20-Poly1305 alternative - [x] Key wrapping for wallet files **Files:** - `crates/synor-crypto/src/encryption.rs` --- ## Validation ### Validation Commands ```bash # Run unit tests cargo test -p synor-crypto # Run benchmarks cargo bench -p synor-crypto # Check for known vulnerabilities cargo audit # Lint cargo clippy -p synor-crypto -- -D warnings ``` ### Validation Agents | Agent | Command | Purpose | |-------|---------|---------| | `code-reviewer` | Review crypto implementation | Security-focused code review | | `silent-failure-hunter` | Check error handling | Ensure no silent crypto failures | ### Validation Criteria - [ ] Ed25519 signatures match test vectors (RFC 8032) - [ ] Dilithium3 signatures match NIST test vectors - [ ] Hybrid verify requires both signatures valid - [ ] Mnemonic words from BIP39 wordlist - [ ] Encryption uses authenticated modes only - [ ] No use of deprecated crypto primitives ### Security Checks - [ ] Private keys zeroed after use - [ ] Constant-time signature verification - [ ] No timing side channels - [ ] RNG properly seeded - [ ] No key material in error messages - [ ] Memory not swapped to disk (mlock where possible) ### Test Vectors ```rust // Ed25519 test vector (RFC 8032) let secret = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"); let public = hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"); let message = b""; let expected_sig = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); ``` ### Benchmark Targets | Operation | Target | Actual | |-----------|--------|--------| | Ed25519 sign | <50µs | 13µs | | Ed25519 verify | <100µs | 32.8µs | | Dilithium3 sign | <200µs | 135µs | | Dilithium3 verify | <100µs | 44.4µs | | Hybrid verify | <200µs | 82µs | | Blake3 1KB | <1µs | 0.6µs | --- ## Dependencies - `ed25519-dalek` - Ed25519 implementation - `pqcrypto-dilithium` - Dilithium3 PQC - `blake3` - Blake3 hashing - `aes-gcm` - AES-256-GCM encryption - `argon2` - Password hashing - `bip39` - Mnemonic support - `zeroize` - Secure memory clearing --- ## Compliance ### NIST Standards - [ ] Dilithium3 follows FIPS 204 (draft) - [ ] AES-256-GCM follows FIPS 197 - [ ] SHA-256/512 follows FIPS 180-4 ### Best Practices - [ ] OWASP Cryptographic Storage Cheat Sheet - [ ] CWE-327: Use of Broken Crypto Algorithm (none used) - [ ] CWE-328: Reversible One-Way Hash (none used) --- ## Acceptance Criteria 1. All 47 unit tests pass 2. Benchmarks meet targets 3. No security vulnerabilities in cargo-audit 4. Memory properly zeroed after crypto operations 5. Test vectors validated --- *Completed: January 2025*