misaradmin/synor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
synor/docs/PLAN/PHASE0-Foundation/01-Milestone-02-Cryptography.md
Gulshan Yadav 48949ebb3f Initial commit: Synor blockchain monorepo 
A complete blockchain implementation featuring:
- synord: Full node with GHOSTDAG consensus
- explorer-web: Modern React blockchain explorer with 3D DAG visualization
- CLI wallet and tools
- Smart contract SDK and example contracts (DEX, NFT, token)
- WASM crypto library for browser/mobile
2026-01-08 05:22:17 +05:30

185 lines
4.4 KiB
Markdown
Raw Blame History

# Phase 0, Milestone 2: Cryptography
> Hybrid quantum-resistant cryptographic primitives
**Status**: ✅ Complete
**Priority**: Critical
**Crate**: `synor-crypto`
---
## Overview
Implement hybrid cryptographic system combining classical Ed25519 with post-quantum Dilithium3 for quantum-resistant security.
---
## Tasks
### Task 2.1: Hashing Functions
- [x] Implement Blake3 hashing (primary)
- [x] Implement SHA-256 (compatibility)
- [x] Implement SHA-512 (Ed25519 requirement)
- [x] Add merkle tree support
**Files:**
- `crates/synor-crypto/src/hash.rs`
### Task 2.2: Ed25519 Implementation
- [x] Keypair generation
- [x] Message signing
- [x] Signature verification
- [x] Deterministic key derivation
**Files:**
- `crates/synor-crypto/src/ed25519.rs`
### Task 2.3: Dilithium3 Implementation
- [x] Keypair generation (PQC)
- [x] Message signing
- [x] Signature verification
- [x] Parameter configuration
**Files:**
- `crates/synor-crypto/src/dilithium.rs`
### Task 2.4: Hybrid Signature Scheme
- [x] Combined Ed25519 + Dilithium3 keypair
- [x] Hybrid signature creation
- [x] Hybrid signature verification
- [x] Signature serialization format
**Files:**
- `crates/synor-crypto/src/hybrid.rs`
### Task 2.5: BIP39 Mnemonic Support
- [x] 24-word mnemonic generation
- [x] Mnemonic validation
- [x] Seed derivation from mnemonic
- [x] Passphrase support
**Files:**
- `crates/synor-crypto/src/mnemonic.rs`
### Task 2.6: Key Derivation
- [x] PBKDF2 for password-based derivation
- [x] Argon2id for wallet encryption
- [x] HKDF for key expansion
- [x] BIP32-like hierarchical derivation
**Files:**
- `crates/synor-crypto/src/kdf.rs`
### Task 2.7: Encryption
- [x] AES-256-GCM for symmetric encryption
- [x] ChaCha20-Poly1305 alternative
- [x] Key wrapping for wallet files
**Files:**
- `crates/synor-crypto/src/encryption.rs`
---
## Validation
### Validation Commands
```bash
# Run unit tests
cargo test -p synor-crypto
# Run benchmarks
cargo bench -p synor-crypto
# Check for known vulnerabilities
cargo audit
# Lint
cargo clippy -p synor-crypto -- -D warnings
```
### Validation Agents
| Agent | Command | Purpose |
|-------|---------|---------|
| `code-reviewer` | Review crypto implementation | Security-focused code review |
| `silent-failure-hunter` | Check error handling | Ensure no silent crypto failures |
### Validation Criteria
- [ ] Ed25519 signatures match test vectors (RFC 8032)
- [ ] Dilithium3 signatures match NIST test vectors
- [ ] Hybrid verify requires both signatures valid
- [ ] Mnemonic words from BIP39 wordlist
- [ ] Encryption uses authenticated modes only
- [ ] No use of deprecated crypto primitives
### Security Checks
- [ ] Private keys zeroed after use
- [ ] Constant-time signature verification
- [ ] No timing side channels
- [ ] RNG properly seeded
- [ ] No key material in error messages
- [ ] Memory not swapped to disk (mlock where possible)
### Test Vectors
```rust
// Ed25519 test vector (RFC 8032)
let secret = hex!("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60");
let public = hex!("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
let message = b"";
let expected_sig = hex!("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
```
### Benchmark Targets
| Operation | Target | Actual |
|-----------|--------|--------|
| Ed25519 sign | <50µs | 13µs |
| Ed25519 verify | <100µs | 32.8µs |
| Dilithium3 sign | <200µs | 135µs |
| Dilithium3 verify | <100µs | 44.4µs |
| Hybrid verify | <200µs | 82µs |
| Blake3 1KB | <1µs | 0.6µs |
---
## Dependencies
- `ed25519-dalek` - Ed25519 implementation
- `pqcrypto-dilithium` - Dilithium3 PQC
- `blake3` - Blake3 hashing
- `aes-gcm` - AES-256-GCM encryption
- `argon2` - Password hashing
- `bip39` - Mnemonic support
- `zeroize` - Secure memory clearing
---
## Compliance
### NIST Standards
- [ ] Dilithium3 follows FIPS 204 (draft)
- [ ] AES-256-GCM follows FIPS 197
- [ ] SHA-256/512 follows FIPS 180-4
### Best Practices
- [ ] OWASP Cryptographic Storage Cheat Sheet
- [ ] CWE-327: Use of Broken Crypto Algorithm (none used)
- [ ] CWE-328: Reversible One-Way Hash (none used)
---
## Acceptance Criteria
1. All 47 unit tests pass
2. Benchmarks meet targets
3. No security vulnerabilities in cargo-audit
4. Memory properly zeroed after crypto operations
5. Test vectors validated
---
*Completed: January 2025*
Reference in a new issue View git blame Copy permalink