This module provides a secure authentication interface to manage FIPS205 (formerly SPHINCS+) cryptographic keys for CKB blockchain using Rust and WebAssembly.

BIP39 is chosen as the mnemonic backup format due to its user-friendliness and quantum resistance.

SPHINCS+ offers 12 parameter sets, grouped by three security parameters: 128-bit, 192-bit, and 256-bit. These require seeds of 48 bytes, 72 bytes, and 96 bytes respectively used across key generation and signing. As BIP39 supports max 32 bytes so this library introduces a custom(combined) BIP39 mnemonic backup format for each security parameter of SPHINCS+ as below:

• SHA2-256s will require users to back up 72 words of mnemonic phrase.
• SHAKE-192s will require users to back up 54 words of mnemonic phrase.
• SHA2-128f will require users to back up 36 words of mnemonic phrase.

Although "BIP32 hardened key derivation" doesn't involve with ECDSA and can fit in the arch of Quantum Purse but because Scrypt has been used already for the local encryption/decryption, I think using Scrypt-based KDF(Key Derivation Function) here will keep this wallet's dependency list minimum. That's why Quantum Purse uses a simple custom KDF based on Scrypt instead of the 'hardened option' from the standard BIP32.

master_seed
   ├─ index 0 → sphincs+ key 1
   ├─ index 1 → sphincs+ key 2
   ├─ index 2 → sphincs+ key 3
   └─ ...

master_seed
     │
     ▼
(seed_part1, seed_part2, seed_part3)
     │
     ├─ Scrypt("ckb/quantum-purse/sphincs-plus/", index)
     │
     ▼
(sk_seed, sk_prf, pk_seed)
     │
     ├─ sphincs+_key_gen()
     │
     ▼
(sphincs+ public_key, sphincs+ private_key)

• Rust & Cargo
• Wasm-pack
• Npm

# init submodule quantum-resistant-lockscript
git submodule update --init

# run build script
./build.sh

# test
cargo test

cd dist
npm pack
npm login
npm publish

Refer to QuantumPurse project.