add SLH-DSA-SHA2-128s signatures to TS SDK

CHANGELOG.md

@@ -12,6 +12,7 @@ All notable changes to the Aptos TypeScript SDK will be captured in this file. T
 # 5.2.0 (2025-12-10)
 
 - Add `http2` as an optional parameter in `ClientConfig`
+- Add SLH-DSA-SHA2-128s as one of the support signature schemes
 
 # 5.1.6 (2025-12-06)
 

jest.config.js

@@ -12,6 +12,17 @@ module.exports = {
     "^(\\.{1,2}/.*)\\.js$": "$1",
   },
   testEnvironment: "node",
+  transformIgnorePatterns: [
+    "node_modules/(?!.*@noble/(post-quantum|hashes))",
+  ],
+  transform: {
+    "^.+\\.tsx?$": "ts-jest",
+    "^.+\\.jsx?$": ["ts-jest", {
+      tsconfig: {
+        allowJs: true,
+      },
+    }],
+  },
   coveragePathIgnorePatterns: [
     "./src/internal/queries/",
     "./src/types/generated",

package.json

@@ -54,6 +54,7 @@
     "@aptos-labs/aptos-client": "^2.1.0",
     "@noble/curves": "^1.9.0",
     "@noble/hashes": "^1.5.0",
+    "@noble/post-quantum": "^0.5.2",
     "@scure/bip32": "^1.4.0",
     "@scure/bip39": "^1.3.0",
     "eventemitter3": "^5.0.1",

src/account/SingleKeyAccount.ts

@@ -8,6 +8,7 @@ import {
   KeylessSignature,
   PrivateKeyInput,
   Secp256k1PrivateKey,
+  SlhDsaSha2128sPrivateKey,
   Signature,
 } from "../core/crypto";
 import type { Account } from "./Account";
@@ -148,6 +149,9 @@ export class SingleKeyAccount implements Account, SingleKeySigner {
       case SigningSchemeInput.Secp256k1Ecdsa:
         privateKey = Secp256k1PrivateKey.generate();
         break;
+      case SigningSchemeInput.SlhDsaSha2128s:
+        privateKey = SlhDsaSha2128sPrivateKey.generate();
+        break;
       default:
         throw new Error(`Unsupported signature scheme ${scheme}`);
     }
@@ -177,6 +181,9 @@ export class SingleKeyAccount implements Account, SingleKeySigner {
       case SigningSchemeInput.Secp256k1Ecdsa:
         privateKey = Secp256k1PrivateKey.fromDerivationPath(path, mnemonic);
         break;
+      case SigningSchemeInput.SlhDsaSha2128s:
+        privateKey = SlhDsaSha2128sPrivateKey.fromDerivationPath(path, mnemonic);
+        break;
       default:
         throw new Error(`Unsupported signature scheme ${scheme}`);
     }

src/core/crypto/index.ts

@@ -14,6 +14,7 @@ export * from "./privateKey";
 export * from "./publicKey";
 export * from "./secp256k1";
 export * from "./secp256r1";
+export * from "./slhDsaSha2128s";
 export * from "./signature";
 export * from "./singleKey";
 export * from "./types";

src/core/crypto/privateKey.ts

@@ -46,6 +46,7 @@ export class PrivateKey {
     [PrivateKeyVariants.Ed25519]: "ed25519-priv-",
     [PrivateKeyVariants.Secp256k1]: "secp256k1-priv-",
     [PrivateKeyVariants.Secp256r1]: "secp256r1-priv-",
+    [PrivateKeyVariants.SlhDsaSha2128s]: "slh-dsa-sha2-128s-priv-",
   };
 
   /**

src/core/crypto/singleKey.ts

@@ -9,13 +9,14 @@ import { AuthenticationKey } from "../authenticationKey";
 import { Ed25519PrivateKey, Ed25519PublicKey, Ed25519Signature } from "./ed25519";
 import { AccountPublicKey, PublicKey } from "./publicKey";
 import { Secp256k1PrivateKey, Secp256k1PublicKey, Secp256k1Signature } from "./secp256k1";
+import { SlhDsaSha2128sPrivateKey, SlhDsaSha2128sPublicKey, SlhDsaSha2128sSignature } from "./slhDsaSha2128s";
 import { KeylessPublicKey, KeylessSignature } from "./keyless";
 import { Signature } from "./signature";
 import { FederatedKeylessPublicKey } from "./federatedKeyless";
 import { AptosConfig } from "../../api";
 import { Secp256r1PublicKey, WebAuthnSignature } from "./secp256r1";
 
-export type PrivateKeyInput = Ed25519PrivateKey | Secp256k1PrivateKey;
+export type PrivateKeyInput = Ed25519PrivateKey | Secp256k1PrivateKey | SlhDsaSha2128sPrivateKey;
 
 /**
  * Represents any public key supported by Aptos.
@@ -62,6 +63,8 @@ export class AnyPublicKey extends AccountPublicKey {
       this.variant = AnyPublicKeyVariant.Secp256k1;
     } else if (publicKey instanceof Secp256r1PublicKey) {
       this.variant = AnyPublicKeyVariant.Secp256r1;
+    } else if (publicKey instanceof SlhDsaSha2128sPublicKey) {
+      this.variant = AnyPublicKeyVariant.SlhDsaSha2128s;
     } else if (publicKey instanceof KeylessPublicKey) {
       this.variant = AnyPublicKeyVariant.Keyless;
     } else if (publicKey instanceof FederatedKeylessPublicKey) {
@@ -194,6 +197,9 @@ export class AnyPublicKey extends AccountPublicKey {
       case AnyPublicKeyVariant.Secp256r1:
         publicKey = Secp256r1PublicKey.deserialize(deserializer);
         break;
+      case AnyPublicKeyVariant.SlhDsaSha2128s:
+        publicKey = SlhDsaSha2128sPublicKey.deserialize(deserializer);
+        break;
       case AnyPublicKeyVariant.Keyless:
         publicKey = KeylessPublicKey.deserialize(deserializer);
         break;
@@ -284,6 +290,8 @@ export class AnySignature extends Signature {
       this.variant = AnySignatureVariant.Ed25519;
     } else if (signature instanceof Secp256k1Signature) {
       this.variant = AnySignatureVariant.Secp256k1;
+    } else if (signature instanceof SlhDsaSha2128sSignature) {
+      this.variant = AnySignatureVariant.SlhDsaSha2128s;
     } else if (signature instanceof WebAuthnSignature) {
       this.variant = AnySignatureVariant.WebAuthn;
     } else if (signature instanceof KeylessSignature) {
@@ -326,6 +334,9 @@ export class AnySignature extends Signature {
       case AnySignatureVariant.Secp256k1:
         signature = Secp256k1Signature.deserialize(deserializer);
         break;
+      case AnySignatureVariant.SlhDsaSha2128s:
+        signature = SlhDsaSha2128sSignature.deserialize(deserializer);
+        break;
       case AnySignatureVariant.WebAuthn:
         signature = WebAuthnSignature.deserialize(deserializer);
         break;