# Synor Crypto WASM

WASM-compatible cryptography library for the Synor web wallet.

## Current Features

- **Ed25519 Signatures**: Full support via `ed25519-dalek` (pure Rust)
- **Dilithium3 (ML-DSA-65)**: Post-quantum signatures via `pqc_dilithium` (pure Rust)
- **BIP-39 Mnemonics**: 12-24 word phrases for key generation
- **Bech32m Addresses**: Synor address encoding/decoding
- **BLAKE3/SHA3 Hashing**: Cryptographic hash functions
- **HKDF Key Derivation**: Secure key derivation

## Building

```bash
# Build for web (requires wasm-pack)
wasm-pack build --target web --out-dir pkg

# Build for Node.js
wasm-pack build --target nodejs --out-dir pkg-node
```

## Usage in JavaScript

```javascript
import init, { Keypair, Mnemonic, DilithiumSigningKey } from 'synor-crypto-wasm';

await init();

// Generate mnemonic
const mnemonic = new Mnemonic(24);
console.log(mnemonic.phrase());

// Create Ed25519 keypair
const keypair = Keypair.fromMnemonic(mnemonic.phrase(), "");
console.log(keypair.address("mainnet"));

// Sign message with Ed25519
const message = new TextEncoder().encode("Hello Synor!");
const signature = keypair.sign(message);
const valid = keypair.verify(message, signature);

// Post-quantum signatures with Dilithium3
const pqKey = new DilithiumSigningKey();
const pqSig = pqKey.sign(message);
const pqValid = pqKey.verify(message, pqSig);
console.log("Post-quantum signature valid:", pqValid);
```

## Dilithium3 Post-Quantum Support

### Current Status: Implemented

Post-quantum signatures are now available via the `pqc_dilithium` crate, a pure
Rust implementation that compiles to WASM. This provides Dilithium3 (equivalent
to NIST's ML-DSA-65 at Security Category 3).

**Key Sizes (Dilithium3 / ML-DSA-65):**

- Public Key: 1,952 bytes
- Secret Key: ~4,000 bytes
- Signature: 3,293 bytes

### Roadmap

1. [x] Ed25519 basic support
2. [x] BIP-39 mnemonic generation
3. [x] Address encoding
4. [x] Dilithium3 signatures (WASM-compatible)
5. [ ] Hybrid Ed25519 + Dilithium verification
6. [ ] Kyber key encapsulation (post-quantum key exchange)

### Hybrid Signatures (Recommended)

For maximum security, use both Ed25519 and Dilithium3:

```javascript
// Sign with both algorithms
const ed25519Sig = keypair.sign(message);
const dilithiumSig = pqKey.sign(message);

// Verify both must pass
const valid = keypair.verify(message, ed25519Sig) &&
              pqKey.verify(message, dilithiumSig);
```

This provides classical security now and quantum resistance for the future.

## Security Notes

- Keys are zeroized on drop
- Uses `getrandom` with `js` feature for secure randomness in browsers
- No side-channel resistance in signature timing (use constant-time ops for production)

## Testing

```bash
# Run Rust tests
cargo test

# Run WASM tests in browser
wasm-pack test --headless --chrome
```