New Signature Class conversion in progress

Demo not enabled
Removal of old docs
Removal of old design info
corrected docs

Author: tomekmarchi

.cspell/custom-dictionary-workspace.txt

@@ -16,3 +16,4 @@ Ristretto
 schnorr
 scid
 secp
+SPHINCS

README.md

@@ -16,7 +16,7 @@
     <b>UW/VIAT is a Meta-Layer Solution designed as a Sub-Layer 0 network. It serves as the foundation for both a next-generation Web and a natively supported cryptocurrency. Unlike traditional Layer 0 solutions, which focus solely on blockchain interoperability and scalability, UW/VIAT is a hybrid system that embraces both centralized and decentralized approaches. The Universal Web is centrally structured to ensure efficiency, security, and seamless integration, while the cryptocurrency (VIAT) is decentralized, enabling trustless transactions and complete transparency. This unified framework enables the development of hybrid applications, where centralized Web services and decentralized cryptocurrency natively work together, creating a seamless infrastructure for secure communications, digital ownership, transactions, and beyond.</b>
 </p>
 <p align="center">
-The UW/VIAT is designed to be a multiplanetary "NEXUS" or more specifically a Crypto Nexus. The defintion we use for a NEXUS is: a unified system that fully integrates a Web & a decentralized cryptocurrency. The Universal Web is similar to the network design of the Web today being the centralized Server-Client model while VIAT is like a traditional decentralized cryptocurrency making it a hybrid network. The unified system can be referred to as the Universal Web (includes VIAT) or simply put The Nexus.
+The UW/VIAT is designed to be a multiplanetary "NEXUS" or more specifically a Crypto Nexus. The defintion we use for a NEXUS is: a unified system that fully integrates a Web & a decentralized cryptocurrency. The Universal Web is similar to the network design of the Web today being the centralized Server-Client model while VIAT is like a traditional decentralized cryptocurrency making it a hybrid network. The unified system can be referred to as the Universal Web (which includes VIAT) or simply put The Nexus.
 </p>
 
 <h5 align="center">| <a href="https://x.com/tommarchi">LEAD DEV</a> |</h5>
@@ -30,11 +30,11 @@ The UW/VIAT is designed to be a multiplanetary "NEXUS" or more specifically a Cr
 </p>
 
 <h4>Perspective & Rational</h4>
-<p>Reimagining the Web from the ground up may seem like a radical proposition, but it is entirely logical, rational, within our ability, & necessary. At its core, the Web is a collection of software solutions. Therefore, creating a new Web doesn’t require reinventing the physical infrastructure; it simply demands innovative software designed to leverage current innovations while addressing the limitations of the old.</p>
+<p>Re-imagining the Web from the ground up may seem like a radical proposition, but it is entirely logical, rational, within our ability, & necessary. At its core, the Web is a collection of software solutions. Therefore, creating a new Web doesn’t require reinventing the physical infrastructure; it simply demands innovative software designed to leverage current innovations while addressing the limitations of the old.</p>
 
 <p>If we critically evaluate the challenges facing the current Web from inefficiencies & vulnerabilities, to its inability to fully embrace emerging technologies it becomes selfevident that incremental updates isn't going to address fundimental design flaws. A foundational overhaul is not only viable but also more efficient and cost-effective. By building on 30 years of lessons, we can envision something that goes beyond what we call a Web something that integrates cutting-edge technologies and anticipates future advancements. This isn’t just an opportunity; it’s an imperative to build a sustainable, forward-thinking cryptographic ecosystem with cryptocurrency as a native component.</p>
 
-<p>It's something beyond a Web it's a Nexus.</p>
+<p>It's something beyond a Web & cryptocurrency it's a Nexus.</p>
 
 <h3>NEXUS?</h3>
 <p>What do you call a system that seamlessly integrates a Web and a native cryptocurrency? We call it a Nexus: a unified ecosystem where both elements are deeply interconnected yet function independently, enhancing each other’s capabilities without compromise. Our version of the World Wide Web is the Universal Web (Multi-planetary) & our cryptocurrency is VIAT together they form what we call a/the Nexus.</p>

cryptoMiddleware/signature/dilithium44.js

@@ -1,42 +1,53 @@
-/*
-	Algorithm 1, implementing key generation for ML-DSA, uses an RBG to generate the 256-bit random
-	value ξ . The seed ξ shall be freshly generated using an approved RBG, as prescribed in NIST SP 800-90A,
-	SP 800-90B, and SP 800-90C [19, 20, 21]. Moreover, the RBG used shall have a security strength of at
-	least 192 bits for ML-DSA-65 and 256 bits for ML-DSA-87. For ML-DSA-44, the RBG should have a
-	security strength of at least 192 bits and shall have a security strength of at least 128 bits. (If an approved
-	RBG with at least 128 bits of security but less than 192 bits of security is used, then the claimed security
-	strength of ML-DSA-44 is reduced from category 2 to category 1.)
-*/
+import { hash256, hash512, shake256 } from '../hash/shake256.js';
 import {
 	randomBuffer,
 	toBase64,
 	toHex,
 } from '#crypto';
 import { ml_dsa44 } from '@noble/post-quantum/ml-dsa';
-const generateKeypair = ml_dsa44;
-export async function signatureKeypair(seed) {
-	const keypair = await generateKeypair.keygen(seed);
+import { signatureScheme } from './signatureScheme.js';
+const seedSize = 64;
+const publicKeySize = 1312;
+const privateKeySize = 2560;
+const signatureSize = 2420;
+const generateKeypair = ml_dsa44.keygen;
+const verifyData = ml_dsa44.verify;
+const signData = ml_dsa44.sign;
+async function createKeypair(seed) {
+	const keypair = await generateKeypair();
 	return {
 		publicKey: keypair.publicKey,
 		privateKey: keypair.secretKey
 	};
 }
-export async function sign(message, privateKey) {
-	const signedMessage = await generateKeypair.sign(privateKey?.privateKey || privateKey, message);
-	return signedMessage;
+function signMethod(message, privateKey) {
+	return signData(privateKey?.privateKey || privateKey, message);
 }
-export async function verifySignature(signedMessage, publicKey, message) {
-	const isValid = await generateKeypair.verify(publicKey?.publicKey || publicKey, message, signedMessage);
-	return isValid;
+function verifyMethod(signature, message, publicKey) {
+	return verifyData(publicKey?.publicKey || publicKey, message, signature);
 }
-export const dilithium44 = {
+export const dilithium44 = signatureScheme({
 	name: 'dilithium44',
-	alias: 'dilithium44',
-	id: 2,
-	signatureKeypair,
-	sign,
-	verifySignature
-};
+	alias: 'ml_dsa44',
+	id: 1,
+	security: 1,
+	publicKeySize,
+	privateKeySize,
+	signatureSize,
+	seedSize,
+	createKeypair,
+	verifyMethod,
+	signMethod,
+	hash256,
+	hash512,
+	hash: shake256,
+	preferred: false
+});
 export default dilithium44;
-// const kp = await signatureKeypair();
-// console.log(kp.publicKey, kp.publicKey.length);
+// const key = await dilithium44.signatureKeypair();
+// const msg = Buffer.from('hello world');
+// console.log(key);
+// console.log(key.publicKey.length, key.privateKey.length);
+// const sig = await dilithium44.sign(msg, key);
+// console.log(sig.length);
+// console.log(await dilithium44.verify(sig, key, msg));

cryptoMiddleware/signature/dilithium65.js

@@ -1,42 +1,53 @@
-/*
-	Algorithm 1, implementing key generation for ML-DSA, uses an RBG to generate the 256-bit random
-	value ξ . The seed ξ shall be freshly generated using an approved RBG, as prescribed in NIST SP 800-90A,
-	SP 800-90B, and SP 800-90C [19, 20, 21]. Moreover, the RBG used shall have a security strength of at
-	least 192 bits for ML-DSA-65 and 256 bits for ML-DSA-87. For ML-DSA-44, the RBG should have a
-	security strength of at least 192 bits and shall have a security strength of at least 128 bits. (If an approved
-	RBG with at least 128 bits of security but less than 192 bits of security is used, then the claimed security
-	strength of ML-DSA-44 is reduced from category 2 to category 1.)
-*/
+import { hash256, hash512, shake256 } from '../hash/shake256.js';
 import {
 	randomBuffer,
 	toBase64,
 	toHex,
 } from '#crypto';
 import { ml_dsa65 } from '@noble/post-quantum/ml-dsa';
-const generateKeypair = ml_dsa65;
-export async function signatureKeypair(seed) {
-	const keypair = await generateKeypair.keygen(seed);
+import { signatureScheme } from './signatureScheme.js';
+const seedSize = 64;
+const publicKeySize = 1952;
+const privateKeySize = 4032;
+const signatureSize = 3309;
+const generateKeypair = ml_dsa65.keygen;
+const verifyData = ml_dsa65.verify;
+const signData = ml_dsa65.sign;
+async function createKeypair(seed) {
+	const keypair = await generateKeypair();
 	return {
 		publicKey: keypair.publicKey,
 		privateKey: keypair.secretKey
 	};
 }
-export async function sign(message, privateKey) {
-	const signedMessage = await generateKeypair.sign(privateKey?.privateKey || privateKey, message);
-	return signedMessage;
+function signMethod(message, privateKey) {
+	return signData(privateKey?.privateKey || privateKey, message);
 }
-export async function verifySignature(signedMessage, publicKey, message) {
-	const isValid = await generateKeypair.verify(publicKey?.publicKey || publicKey, message, signedMessage);
-	return isValid;
+function verifyMethod(signature, message, publicKey) {
+	return verifyData(publicKey?.publicKey || publicKey, message, signature);
 }
-export const dilithium65 = {
+export const dilithium65 = signatureScheme({
 	name: 'dilithium65',
-	alias: 'dilithium65',
-	id: 3,
-	signatureKeypair,
-	sign,
-	verifySignature
-};
+	alias: 'ml_dsa65',
+	id: 2,
+	security: 2,
+	publicKeySize,
+	privateKeySize,
+	signatureSize,
+	seedSize,
+	createKeypair,
+	verifyMethod,
+	signMethod,
+	hash256,
+	hash512,
+	hash: shake256,
+	preferred: false
+});
 export default dilithium65;
-// const kp = signatureKeypair();
-// console.log(sign(msg, kp).length);
+// const key = await dilithium65.signatureKeypair();
+// const msg = Buffer.from('hello world');
+// console.log(key);
+// console.log(key.publicKey.length, key.privateKey.length);
+// const sig = await dilithium65.sign(msg, key);
+// console.log(sig.length);
+// console.log(await dilithium65.verify(sig, key, msg));

cryptoMiddleware/signature/dilithium87.js

@@ -1,42 +1,53 @@
-/*
-	Algorithm 1, implementing key generation for ML-DSA, uses an RBG to generate the 256-bit random
-	value ξ . The seed ξ shall be freshly generated using an approved RBG, as prescribed in NIST SP 800-90A,
-	SP 800-90B, and SP 800-90C [19, 20, 21]. Moreover, the RBG used shall have a security strength of at
-	least 192 bits for ML-DSA-65 and 256 bits for ML-DSA-87. For ML-DSA-44, the RBG should have a
-	security strength of at least 192 bits and shall have a security strength of at least 128 bits. (If an approved
-	RBG with at least 128 bits of security but less than 192 bits of security is used, then the claimed security
-	strength of ML-DSA-44 is reduced from category 2 to category 1.)
-*/
+import { hash256, hash512, shake256 } from '../hash/shake256.js';
 import {
 	randomBuffer,
 	toBase64,
 	toHex,
 } from '#crypto';
 import { ml_dsa87 } from '@noble/post-quantum/ml-dsa';
-const generateKeypair = ml_dsa87;
-export async function signatureKeypair(seed) {
-	const keypair = await generateKeypair.keygen(seed);
+import { signatureScheme } from './signatureScheme.js';
+const seedSize = 64;
+const publicKeySize = 2592;
+const privateKeySize = 4896;
+const signatureSize = 4627;
+const generateKeypair = ml_dsa87.keygen;
+const verifyData = ml_dsa87.verify;
+const signData = ml_dsa87.sign;
+async function createKeypair(seed) {
+	const keypair = await generateKeypair();
 	return {
 		publicKey: keypair.publicKey,
 		privateKey: keypair.secretKey
 	};
 }
-export async function sign(message, privateKey) {
-	const signedMessage = await generateKeypair.sign(privateKey?.privateKey || privateKey, message);
-	return signedMessage;
+function signMethod(message, privateKey) {
+	return signData(privateKey?.privateKey || privateKey, message);
 }
-export async function verifySignature(signedMessage, publicKey, message) {
-	const isValid = await generateKeypair.verify(publicKey?.publicKey || publicKey, message, signedMessage);
-	return isValid;
+function verifyMethod(signature, message, publicKey) {
+	return verifyData(publicKey?.publicKey || publicKey, message, signature);
 }
-export const dilithium87 = {
+export const dilithium87 = signatureScheme({
 	name: 'dilithium87',
-	alias: 'dilithium87',
-	id: 4,
-	signatureKeypair,
-	sign,
-	verifySignature
-};
+	alias: 'ml_dsa87',
+	id: 3,
+	security: 3,
+	publicKeySize,
+	privateKeySize,
+	signatureSize,
+	seedSize,
+	createKeypair,
+	verifyMethod,
+	signMethod,
+	hash256,
+	hash512,
+	hash: shake256,
+	preferred: false
+});
 export default dilithium87;
-// const kp = signatureKeypair(rseed);
-// console.log(sign(msg, kp).length);
+// const key = await dilithium87.signatureKeypair();
+// const msg = Buffer.from('hello world');
+// console.log(key);
+// console.log(key.publicKey.length, key.privateKey.length);
+// const sig = await dilithium87.sign(msg, key);
+// console.log(sig.length);
+// console.log(await dilithium87.verify(sig, key, msg));