Quantum Purse key vault

This module provides a secure authentication interface to manage FIPS205 (formerly SPHINCS+) cryptographic keys for CKB blockchain using Rust and WebAssembly.

Feature list:

Feature	Details
Signature type	SPHINCS+
Store model	Indexed DB
Mnemonic standard	Custom BIP39 English
Local encryption	AES256
Key derivation	HKDF
Authentication	Password
Password hashing	Scrypt

Mnemonic backup format

BIP39 is chosen as the mnemonic backup format due to its user-friendliness and quantum resistance.

SPHINCS+ offers 12 parameter sets, grouped by three security parameters: 128-bit, 192-bit, and 256-bit. These require seeds of 48 bytes, 72 bytes, and 96 bytes respectively used across key generation and signing. As BIP39 supports max 32 bytes so this library introduces a custom(combined) BIP39 mnemonic backup format for each security parameter of SPHINCS+ as below:

SPHINCS+ security parameter	BIP39 entropy level	Word count
128 bit ~ 48 bytes ~ 3*16 bytes	3*16 bytes	3*12 = 36 words
192 bit ~ 72 bytes ~ 3*24 bytes	3*24 bytes	3*18 = 54 words
256 bit ~ 96 bytes ~ 3*32 bytes	3*32 bytes	3*24 = 72 words

For example:

SHA2-256s will require users to back up 72 words of mnemonic phrase.
SHAKE-192s will require users to back up 54 words of mnemonic phrase.
SHA2-128f will require users to back up 36 words of mnemonic phrase.

Key Derivation Function

From the single master seed, quantum-purse-key-vault can derive many child keys using Key Derivation Function(KDF). Pure Hash-based KDF is the top choice for this project. Although using BIP32 carefully (with only hardened key derivation and never generate ECDSA public keys) can satisfy however the benefits of the tricky usage at this point(2025) is unclear. Thus, a fresh start with HKDF seems better because it's simpler - meaning the implementation will be easier to audit.

Key Tree:

master_seed
   ├─ index 0 → sphincs+ key 1
   ├─ index 1 → sphincs+ key 2
   ├─ index 2 → sphincs+ key 3
   └─ ...

Derivation Flow:

master_seed
     │
     ▼
(seed_part1, seed_part2, seed_part3)
     │
     ├─ HKDF("ckb/quantum-purse/sphincs-plus/", index)
     │
     ▼
(sk_seed, sk_prf, pk_seed)
     │
     ├─ sphincs+_key_gen()
     │
     ▼
(sphincs+ public_key, sphincs+ private_key)

Dependency

Rust & Cargo
Wasm-pack
Npm

Build

# run build script
./build.sh

# test
cargo test

Package and publish

cd dist
npm pack
npm login
npm publish

Usage example

Refer to QuantumPurse project.

Name		Name	Last commit message	Last commit date
Latest commit History 50 Commits
.cargo		.cargo
crates/ckb-fips205-utils		crates/ckb-fips205-utils
src		src
.DS_Store		.DS_Store
.gitignore		.gitignore
Cargo.lock		Cargo.lock
Cargo.toml		Cargo.toml
LICENSE		LICENSE
README.md		README.md
README.npm.md		README.npm.md
build.sh		build.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Quantum Purse key vault

Feature list:

Mnemonic backup format

For example:

Key Derivation Function

Key Tree:

Derivation Flow:

Dependency

Build

Package and publish

Usage example

About

Uh oh!

Releases 16

Packages

Uh oh!

Languages

License

quantumpurse/key-vault-wasm

Folders and files

Latest commit

History

Repository files navigation

Quantum Purse key vault

Feature list:

Mnemonic backup format

For example:

Key Derivation Function

Key Tree:

Derivation Flow:

Dependency

Build

Package and publish

Usage example

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases 16

Packages 0

Uh oh!

Languages

Packages