UNPKG

bitcoinpqc

Version:

NodeJS TypeScript bindings for Bitcoin PQC library

172 lines (119 loc) 4.75 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
# BitcoinPQC - NodeJS TypeScript Bindings TypeScript bindings for the [libbitcoinpqc](https://github.com/bitcoin/libbitcoinpqc) library, which provides post-quantum cryptographic signature algorithms for use with BIP-360 and the Bitcoin QuBit soft fork. ## Features - Full TypeScript support with typings - Clean, ergonomic API - Compatible with NodeJS 16+ - Works with all three PQC algorithms: - ML-DSA-44 (formerly CRYSTALS-Dilithium) - SLH-DSA-Shake-128s (formerly SPHINCS+) - FN-DSA-512 (formerly FALCON) ## Installation ```bash npm install bitcoinpqc ``` ### Prerequisites This package requires the native `libbitcoinpqc` library to be installed on your system. See the main [libbitcoinpqc README](https://github.com/bitcoin/libbitcoinpqc) for instructions on installing the C library. ## API Usage ```typescript import { Algorithm, generateKeyPair, sign, verify } from 'bitcoinpqc'; import crypto from 'crypto'; // Generate random data for key generation const randomData = crypto.randomBytes(128); // Generate a key pair using ML-DSA-44 (CRYSTALS-Dilithium) const keypair = generateKeyPair(Algorithm.ML_DSA_44, randomData); // Create a message to sign const message = Buffer.from('Message to sign'); // Sign the message deterministically const signature = sign(keypair.secretKey, message); // Verify the signature verify(keypair.publicKey, message, signature); // If verification fails, it will throw a PqcError // You can also verify using the raw signature bytes verify(keypair.publicKey, message, signature.bytes); ``` ## API Reference ### Enums #### `Algorithm` ```typescript enum Algorithm { /** BIP-340 Schnorr + X-Only - Elliptic Curve Digital Signature Algorithm */ SECP256K1_SCHNORR = 0, /** FN-DSA-512 (FALCON) - Fast Fourier lattice-based signature scheme */ FN_DSA_512 = 1, /** ML-DSA-44 (CRYSTALS-Dilithium) - Lattice-based signature scheme */ ML_DSA_44 = 2, /** SLH-DSA-Shake-128s (SPHINCS+) - Hash-based signature scheme */ SLH_DSA_SHAKE_128S = 3 } ``` ### Classes #### `PublicKey` ```typescript class PublicKey { readonly algorithm: Algorithm; readonly bytes: Uint8Array; } ``` #### `SecretKey` ```typescript class SecretKey { readonly algorithm: Algorithm; readonly bytes: Uint8Array; } ``` #### `KeyPair` ```typescript class KeyPair { readonly publicKey: PublicKey; readonly secretKey: SecretKey; } ``` #### `Signature` ```typescript class Signature { readonly algorithm: Algorithm; readonly bytes: Uint8Array; } ``` #### `PqcError` ```typescript class PqcError extends Error { readonly code: ErrorCode; constructor(code: ErrorCode, message?: string); } enum ErrorCode { OK = 0, BAD_ARGUMENT = -1, BAD_KEY = -2, BAD_SIGNATURE = -3, NOT_IMPLEMENTED = -4 } ``` ### Functions #### `publicKeySize(algorithm: Algorithm): number` Get the public key size for an algorithm. #### `secretKeySize(algorithm: Algorithm): number` Get the secret key size for an algorithm. #### `signatureSize(algorithm: Algorithm): number` Get the signature size for an algorithm. #### `generateKeyPair(algorithm: Algorithm, randomData: Uint8Array): KeyPair` Generate a key pair for the specified algorithm. The `randomData` must be at least 128 bytes. #### `sign(secretKey: SecretKey, message: Uint8Array): Signature` Sign a message using the specified secret key. The signature is deterministic based on the message and key. #### `verify(publicKey: PublicKey, message: Uint8Array, signature: Signature | Uint8Array): void` Verify a signature using the specified public key. Throws a `PqcError` if verification fails. ## Algorithm Characteristics | Algorithm | Public Key Size | Secret Key Size | Signature Size | Security Level | |-----------|----------------|----------------|----------------|----------------| | ML-DSA-44 | 1,312 bytes | 2,528 bytes | 2,420 bytes | NIST Level 2 | | SLH-DSA-Shake-128s | 32 bytes | 64 bytes | 7,856 bytes | NIST Level 1 | | FN-DSA-512 | 897 bytes | 1,281 bytes | ~666 bytes (average) | NIST Level 1 | ## Security Notes - Random data is required for key generation but not for signing. All signatures are deterministic, based on the message and secret key. - The implementations are based on reference code from the NIST PQC standardization process and are not production-hardened. - Care should be taken to securely manage secret keys in applications. ## BIP-360 Compliance This library implements the TypeScript bindings for cryptographic primitives required by [BIP-360](https://github.com/bitcoin/bips/blob/master/bip-0360.mediawiki), which defines the standard for post-quantum resistant signatures in Bitcoin. ## License This project is licensed under the MIT License - see the LICENSE file for details.