misaradmin/synor
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
synor/apps/web/src/wasm
History
Gulshan Yadav 3041c6d654 feat(crypto-wasm): add deterministic Dilithium3 key derivation and hybrid signatures 
This commit enables full wallet recovery from BIP-39 mnemonics by implementing
deterministic Dilithium3 key derivation using HKDF-SHA3-256 with domain separation.

Changes:
- crates/synor-crypto-wasm: Implement deterministic Dilithium keygen
  - Use HKDF with info="synor:dilithium:v1" for key derivation
  - Enable pqc_dilithium's crypto_sign_keypair via dilithium_kat cfg flag
  - Add proper memory zeroization on drop
  - Add tests for deterministic key generation

- apps/web: Update transaction signing for hybrid signatures
  - Add signTransactionHybrid() for Ed25519 + Dilithium3 signatures
  - Add createSendTransactionHybrid() for quantum-resistant transactions
  - Update fee estimation for larger hybrid signature size (~5.5KB/input)
  - Maintain legacy Ed25519-only functions for backwards compatibility

- WASM module: Rebuild with deterministic keygen
  - Update synor_crypto_bg.wasm with new implementation
  - Module size reduced to ~470KB (optimized)

- Documentation updates:
  - Update mobile wallet plan: React Native -> Flutter
  - Add testnet-first approach note
  - Update explorer frontend progress to 90%
2026-01-10 05:34:26 +05:30
..
.gitkeep feat: Phase 7 critical tasks - security, formal verification, WASM crypto 2026-01-10 01:40:03 +05:30
package.json feat: Phase 7 critical tasks - security, formal verification, WASM crypto 2026-01-10 01:40:03 +05:30
README.md feat: Phase 7 critical tasks - security, formal verification, WASM crypto 2026-01-10 01:40:03 +05:30
synor_crypto.d.ts feat(crypto-wasm): add deterministic Dilithium3 key derivation and hybrid signatures 2026-01-10 05:34:26 +05:30
synor_crypto.js feat: Phase 7 critical tasks - security, formal verification, WASM crypto 2026-01-10 01:40:03 +05:30
synor_crypto_bg.js feat(crypto-wasm): add deterministic Dilithium3 key derivation and hybrid signatures 2026-01-10 05:34:26 +05:30
synor_crypto_bg.wasm feat(crypto-wasm): add deterministic Dilithium3 key derivation and hybrid signatures 2026-01-10 05:34:26 +05:30
synor_crypto_bg.wasm.d.ts feat(crypto-wasm): add deterministic Dilithium3 key derivation and hybrid signatures 2026-01-10 05:34:26 +05:30

README.md

Synor Crypto WASM

WASM-compatible cryptography library for the Synor web wallet.

Current Features

  • Ed25519 Signatures: Full support via ed25519-dalek (pure Rust)
  • Dilithium3 (ML-DSA-65): Post-quantum signatures via pqc_dilithium (pure Rust)
  • BIP-39 Mnemonics: 12-24 word phrases for key generation
  • Bech32m Addresses: Synor address encoding/decoding
  • BLAKE3/SHA3 Hashing: Cryptographic hash functions
  • HKDF Key Derivation: Secure key derivation

Building

# Build for web (requires wasm-pack)
wasm-pack build --target web --out-dir pkg

# Build for Node.js
wasm-pack build --target nodejs --out-dir pkg-node

Usage in JavaScript

import init, { Keypair, Mnemonic, DilithiumSigningKey } from 'synor-crypto-wasm';

await init();

// Generate mnemonic
const mnemonic = new Mnemonic(24);
console.log(mnemonic.phrase());

// Create Ed25519 keypair
const keypair = Keypair.fromMnemonic(mnemonic.phrase(), "");
console.log(keypair.address("mainnet"));

// Sign message with Ed25519
const message = new TextEncoder().encode("Hello Synor!");
const signature = keypair.sign(message);
const valid = keypair.verify(message, signature);

// Post-quantum signatures with Dilithium3
const pqKey = new DilithiumSigningKey();
const pqSig = pqKey.sign(message);
const pqValid = pqKey.verify(message, pqSig);
console.log("Post-quantum signature valid:", pqValid);

Dilithium3 Post-Quantum Support

Current Status: Implemented

Post-quantum signatures are now available via the pqc_dilithium crate, a pure Rust implementation that compiles to WASM. This provides Dilithium3 (equivalent to NIST's ML-DSA-65 at Security Category 3).

Key Sizes (Dilithium3 / ML-DSA-65):

  • Public Key: 1,952 bytes
  • Secret Key: ~4,000 bytes
  • Signature: 3,293 bytes

Roadmap

  1. Ed25519 basic support
  2. BIP-39 mnemonic generation
  3. Address encoding
  4. Dilithium3 signatures (WASM-compatible)
  5. Hybrid Ed25519 + Dilithium verification
  6. Kyber key encapsulation (post-quantum key exchange)

Hybrid Signatures (Recommended)

For maximum security, use both Ed25519 and Dilithium3:

// Sign with both algorithms
const ed25519Sig = keypair.sign(message);
const dilithiumSig = pqKey.sign(message);

// Verify both must pass
const valid = keypair.verify(message, ed25519Sig) &&
              pqKey.verify(message, dilithiumSig);

This provides classical security now and quantum resistance for the future.

Security Notes

  • Keys are zeroized on drop
  • Uses getrandom with js feature for secure randomness in browsers
  • No side-channel resistance in signature timing (use constant-time ops for production)

Testing

# Run Rust tests
cargo test

# Run WASM tests in browser
wasm-pack test --headless --chrome