# synor-crypto-wasm

WASM bindings for Synor post-quantum cryptographic operations.

## Status: Work in Progress

This crate is intended to provide WebAssembly bindings for ML-DSA-65 (Dilithium3)
quantum-resistant signatures. However, due to the following considerations, the
current Synor web wallet uses a **hybrid server-side approach** instead:

### Why Server-Side Dilithium?

1. **Bundle Size**: The ML-DSA WASM module adds ~2MB to the web bundle, significantly
   impacting initial load times and mobile performance.

2. **Library Stability**: The `ml-dsa` crate is still in release candidate status
   (0.1.0-rc.2) with API changes between versions. Production use requires stable APIs.

3. **C-based Alternatives**: The `pqcrypto-dilithium` crate (which wraps PQClean's C
   implementation) doesn't compile to WASM without significant toolchain setup.

4. **Performance**: Server-side signing is generally faster than WASM execution,
   especially on mobile devices.

### Current Architecture

The Synor web wallet uses a hybrid approach:

```
┌─────────────────────────────────────────────────────────┐
│                     Web Wallet                          │
├─────────────────────────────────────────────────────────┤
│  Client-Side (Browser)                                  │
│  ├── BIP39 mnemonic generation                         │
│  ├── Ed25519 key derivation                            │
│  ├── Ed25519 signing (fast, 64-byte signatures)        │
│  ├── Blake3 hashing                                    │
│  └── AES-GCM encryption for wallet storage             │
├─────────────────────────────────────────────────────────┤
│  Server-Side (RPC)                                      │
│  └── ML-DSA-65/Dilithium3 signing via wallet_signDilithium│
└─────────────────────────────────────────────────────────┘
```

### Future Plans

Once the `ml-dsa` crate reaches stable release (1.0), this crate will be updated
to provide full client-side ML-DSA-65 signing. This will enable:

- Fully non-custodial wallet operation
- Offline transaction signing
- Hardware wallet integration

### Building (Development)

```bash
# Native tests
cd crates/synor-crypto-wasm
cargo test

# WASM build (requires wasm-pack)
# Currently blocked on ml-dsa stability
wasm-pack build --target web
```

## API (Future)

```javascript
import init, { MlDsa65Keypair, mlDsa65Verify } from 'synor-crypto-wasm';

await init();

// Generate keypair
const keypair = new MlDsa65Keypair();
// Or from seed
const keypair2 = MlDsa65Keypair.fromSeed(seed);

// Sign
const signature = keypair.sign(message);

// Verify
const isValid = mlDsa65Verify(message, signature, keypair.verifyingKey());
```

## Security Considerations

- ML-DSA-65 provides NIST Security Level 3 (~AES-192 equivalent)
- Hybrid signatures require BOTH Ed25519 AND Dilithium to verify
- This defense-in-depth means an attacker must break both algorithms
- Server-side signing should only be used with proper authentication

## License

MIT