1606776394
## Formal Verification - Add TLA+ specs for UTXO conservation (formal/tla/UTXOConservation.tla) - Add TLA+ specs for GHOSTDAG ordering (formal/tla/GHOSTDAGOrdering.tla) - Add mathematical proof of DAA convergence (formal/proofs/) - Document Kani verification approach (formal/kani/) ## Bug Bounty Program - Add SECURITY.md with vulnerability disclosure process - Add docs/BUG_BOUNTY.md with $500-$100,000 reward tiers - Define scope, rules, and response SLA ## Web Wallet Dilithium3 WASM Integration - Build WASM module via Docker (498KB optimized) - Add wasm-crypto.ts lazy loader for Dilithium3 - Add createHybridSignatureLocal() for full client-side signing - Add createHybridSignatureSmart() for auto-mode selection - Add Dockerfile.wasm and build scripts ## Security Review ($0 Approach) - Add .github/workflows/security.yml CI workflow - Add deny.toml for cargo-deny license/security checks - Add Dockerfile.security for audit container - Add scripts/security-audit.sh for local audits - Configure cargo-audit, cargo-deny, cargo-geiger, gitleaks |
||
|---|---|---|
| .. | ||
| src | ||
| build-wasm.sh | ||
| Cargo.toml | ||
| README.md | ||
Synor Crypto WASM
WASM-compatible cryptography library for the Synor web wallet.
Current Features
- Ed25519 Signatures: Full support via
ed25519-dalek(pure Rust) - Dilithium3 (ML-DSA-65): Post-quantum signatures via
pqc_dilithium(pure Rust) - BIP-39 Mnemonics: 12-24 word phrases for key generation
- Bech32m Addresses: Synor address encoding/decoding
- BLAKE3/SHA3 Hashing: Cryptographic hash functions
- HKDF Key Derivation: Secure key derivation
Building
# Build for web (requires wasm-pack)
wasm-pack build --target web --out-dir pkg
# Build for Node.js
wasm-pack build --target nodejs --out-dir pkg-node
Usage in JavaScript
import init, { Keypair, Mnemonic, DilithiumSigningKey } from 'synor-crypto-wasm';
await init();
// Generate mnemonic
const mnemonic = new Mnemonic(24);
console.log(mnemonic.phrase());
// Create Ed25519 keypair
const keypair = Keypair.fromMnemonic(mnemonic.phrase(), "");
console.log(keypair.address("mainnet"));
// Sign message with Ed25519
const message = new TextEncoder().encode("Hello Synor!");
const signature = keypair.sign(message);
const valid = keypair.verify(message, signature);
// Post-quantum signatures with Dilithium3
const pqKey = new DilithiumSigningKey();
const pqSig = pqKey.sign(message);
const pqValid = pqKey.verify(message, pqSig);
console.log("Post-quantum signature valid:", pqValid);
Dilithium3 Post-Quantum Support
Current Status: Implemented
Post-quantum signatures are now available via the pqc_dilithium crate, a pure
Rust implementation that compiles to WASM. This provides Dilithium3 (equivalent
to NIST's ML-DSA-65 at Security Category 3).
Key Sizes (Dilithium3 / ML-DSA-65):
- Public Key: 1,952 bytes
- Secret Key: ~4,000 bytes
- Signature: 3,293 bytes
Roadmap
- Ed25519 basic support
- BIP-39 mnemonic generation
- Address encoding
- Dilithium3 signatures (WASM-compatible)
- Hybrid Ed25519 + Dilithium verification
- Kyber key encapsulation (post-quantum key exchange)
Hybrid Signatures (Recommended)
For maximum security, use both Ed25519 and Dilithium3:
// Sign with both algorithms
const ed25519Sig = keypair.sign(message);
const dilithiumSig = pqKey.sign(message);
// Verify both must pass
const valid = keypair.verify(message, ed25519Sig) &&
pqKey.verify(message, dilithiumSig);
This provides classical security now and quantum resistance for the future.
Security Notes
- Keys are zeroized on drop
- Uses
getrandomwithjsfeature for secure randomness in browsers - No side-channel resistance in signature timing (use constant-time ops for production)
Testing
# Run Rust tests
cargo test
# Run WASM tests in browser
wasm-pack test --headless --chrome