synor/docs/PLAN/PHASE2-CLIWallet/01-Milestone-01-WalletCrypto.md

# Phase 2, Milestone 1: Wallet Cryptography

> Cryptographic operations for CLI wallet

**Status**: ✅ Complete
**Priority**: High
**Application**: `synor-cli`

---

## Overview

Implement all cryptographic operations needed for the CLI wallet: mnemonic handling, keypair generation, encryption, and transaction signing.

---

## Tasks

### Task 1.1: Mnemonic Integration
- [x] Use synor-crypto Mnemonic for phrase generation
- [x] Generate 24-word BIP39 phrases
- [x] Implement BIP39 seed derivation
- [x] Support optional passphrase
- [x] Validate mnemonic words

**Files:**
- `apps/cli/src/wallet.rs`

**Validation:**
```bash
./target/release/synor wallet create
# Verify 24 words are displayed
# Verify words are from BIP39 wordlist
```

### Task 1.2: Keypair Generation
- [x] Generate Ed25519 keypair from seed
- [x] Generate Dilithium3 keypair from seed
- [x] Create hybrid keypair structure
- [x] Derive addresses from public keys
- [x] Support multiple address indices

**Files:**
- `apps/cli/src/wallet.rs`

**Validation:**
```bash
./target/release/synor wallet create
./target/release/synor wallet addresses
# Verify address format: synor:qz...
```

### Task 1.3: Wallet Encryption
- [x] Implement AES-256-GCM encryption
- [x] Use Argon2id for password-based key derivation
- [x] Store encrypted wallet file
- [x] Implement wallet unlock
- [x] Secure memory handling

**Files:**
- `apps/cli/src/wallet.rs`

**Encryption Parameters:**
- Argon2id: m=64MB, t=3, p=4
- AES-256-GCM with random IV
- Salt: 32 bytes random

**Validation:**
```bash
./target/release/synor wallet create
# Enter password
cat ~/.synor/wallet.json
# Verify encrypted format
```

### Task 1.4: Transaction Signing
- [x] Build transaction from inputs/outputs
- [x] Create Ed25519 signature
- [x] Create Dilithium3 signature
- [x] Combine into hybrid signature
- [x] Serialize signed transaction

**Files:**
- `apps/cli/src/wallet.rs`
- `apps/cli/src/commands/send.rs`

**Validation:**
```bash
./target/release/synor send synor:qz... 10.0
# Verify transaction is signed and broadcast
```

---

## Validation

### Validation Commands

```bash
# Run wallet tests
cargo test -p synor-cli wallet

# Test mnemonic roundtrip
./target/release/synor wallet create
# Save mnemonic
./target/release/synor wallet recover
# Enter same mnemonic
# Verify same address
```

### Validation Agents

| Agent | Purpose |
|-------|---------|
| `code-reviewer` | Review crypto usage |
| `silent-failure-hunter` | Check password error handling |

### Cryptographic Validation

```rust
// Test deterministic key derivation
#[test]
fn test_deterministic_keys() {
    let mnemonic = "abandon abandon abandon...";
    let wallet1 = Wallet::from_mnemonic(mnemonic, "")?;
    let wallet2 = Wallet::from_mnemonic(mnemonic, "")?;
    assert_eq!(wallet1.address(), wallet2.address());
}

// Test signature verification
#[test]
fn test_hybrid_signature() {
    let wallet = Wallet::new()?;
    let message = b"test message";
    let signature = wallet.sign(message)?;
    assert!(wallet.verify(message, &signature)?);
}
```

### Security Checks

- [ ] Private keys zeroed after use (zeroize)
- [ ] Wallet file has restricted permissions (0600)
- [ ] No private key in error messages
- [ ] Password not stored in memory after derivation
- [ ] Constant-time signature comparison
- [ ] Mnemonic display warning shown

### Test Coverage

| Component | Coverage Target |
|-----------|-----------------|
| Mnemonic | >95% |
| Keypair | >90% |
| Encryption | >90% |
| Signing | >95% |

---

## Dependencies

- `synor-crypto` - Cryptographic primitives
- `zeroize` - Secure memory clearing
- `rpassword` - Secure password input

---

## Acceptance Criteria

1. Mnemonic generates valid 24-word phrase
2. Same mnemonic produces same address
3. Wallet file is encrypted at rest
4. Signatures verify correctly
5. All security checks pass

---

*Completed: January 2025*