@epochcore/identity-sdk 1.1.0 → 1.2.0

package/dist/index.d.mts

@@ -29,6 +29,34 @@ interface SignedPayload {
     publicKey: string;
     timestamp: string;
 }
+interface QuantumResistantKeypair {
+    /** ML-DSA-65 (CRYSTALS-Dilithium3) secret key — hex-encoded */
+    secretKey: string;
+    /** ML-DSA-65 public key — hex-encoded */
+    publicKey: string;
+    /** Algorithm identifier */
+    algorithm: 'ML-DSA-65';
+}
+interface HybridIdentity {
+    /** Standard Ed25519 identity */
+    classical: EpochCoreIdentity;
+    /** Post-quantum ML-DSA-65 public key — hex-encoded */
+    quantumPublicKey: string;
+    /** DID with quantum-resistant tag */
+    quantumDid: string;
+}
+interface HybridSignedPayload {
+    payload: string;
+    /** Ed25519 signature — hex */
+    classicalSignature: string;
+    /** ML-DSA-65 signature — hex */
+    quantumSignature: string;
+    /** Ed25519 public key — hex */
+    classicalPublicKey: string;
+    /** ML-DSA-65 public key — hex */
+    quantumPublicKey: string;
+    timestamp: string;
+}
 /**
  * Generate a new Ed25519 keypair for infrastructure identity
  */
@@ -81,9 +109,44 @@ declare function generateJWKS(publicKeys: string[]): {
         kid: string;
     }>;
 };
+/**
+ * Generate a post-quantum ML-DSA-65 keypair.
+ * ML-DSA-65 (Dilithium3) provides NIST Security Level 3 — resistant to
+ * both classical and quantum attacks (Shor's algorithm).
+ *
+ * @param seed - Optional 32-byte seed (hex). If omitted, uses CSPRNG.
+ */
+declare function generateQuantumKeypair(seed?: string): QuantumResistantKeypair;
+/**
+ * Generate a hybrid identity with both Ed25519 (classical) and ML-DSA-65
+ * (post-quantum) keys. This provides quantum-resistance while maintaining
+ * backward compatibility with existing Ed25519 infrastructure.
+ */
+declare function generateQuantumResistantIdentity(type: IdentityType, name: string): Promise<{
+    hybrid: HybridIdentity;
+    classicalPrivateKey: string;
+    quantumSecretKey: string;
+}>;
+/**
+ * Sign a payload with both Ed25519 and ML-DSA-65 (hybrid signature).
+ * Verifiers can check either or both signatures — providing quantum
+ * safety while maintaining classical compatibility.
+ *
+ * @param payload - String data to sign
+ * @param classicalPrivateKey - Ed25519 private key (64 hex chars)
+ * @param quantumSecretKey - ML-DSA-65 secret key (hex, 8064 chars / 4032 bytes)
+ * @param quantumPublicKey - ML-DSA-65 public key (hex, 3904 chars / 1952 bytes)
+ */
+declare function signPayloadHybrid(payload: string, classicalPrivateKey: string, quantumSecretKey: string, quantumPublicKey: string): Promise<HybridSignedPayload>;
+/**
+ * Verify a hybrid signature (Ed25519 + ML-DSA-65).
+ * Returns true only if BOTH signatures are valid.
+ */
+declare function verifySignatureHybrid(payload: string, classicalSignature: string, quantumSignature: string, classicalPublicKey: string, quantumPublicKey: string): Promise<boolean>;
 declare const CONSTANTS: {
     DID_PREFIX: string;
     SIGNING_ALGORITHM: string;
+    PQ_SIGNING_ALGORITHM: string;
     WALLET_ALGORITHM: string;
     SUPPORTED_TYPES: IdentityType[];
     VERSION: string;
@@ -91,19 +154,24 @@ declare const CONSTANTS: {
 declare const _default: {
     generateKeypair: typeof generateKeypair;
     generateIdentity: typeof generateIdentity;
+    generateQuantumKeypair: typeof generateQuantumKeypair;
+    generateQuantumResistantIdentity: typeof generateQuantumResistantIdentity;
     createDID: typeof createDID;
     parseDID: typeof parseDID;
     deriveWallet: typeof deriveWallet;
     signPayload: typeof signPayload;
+    signPayloadHybrid: typeof signPayloadHybrid;
     verifySignature: typeof verifySignature;
+    verifySignatureHybrid: typeof verifySignatureHybrid;
     generateJWKS: typeof generateJWKS;
     CONSTANTS: {
         DID_PREFIX: string;
         SIGNING_ALGORITHM: string;
+        PQ_SIGNING_ALGORITHM: string;
         WALLET_ALGORITHM: string;
         SUPPORTED_TYPES: IdentityType[];
         VERSION: string;
     };
 };
 
-export { CONSTANTS, type EpochCoreIdentity, type EpochCoreWallet, type IdentityType, type SignedPayload, createDID, _default as default, deriveWallet, generateIdentity, generateJWKS, generateKeypair, parseDID, signPayload, verifySignature };
+export { CONSTANTS, type EpochCoreIdentity, type EpochCoreWallet, type HybridIdentity, type HybridSignedPayload, type IdentityType, type QuantumResistantKeypair, type SignedPayload, createDID, _default as default, deriveWallet, generateIdentity, generateJWKS, generateKeypair, generateQuantumKeypair, generateQuantumResistantIdentity, parseDID, signPayload, signPayloadHybrid, verifySignature, verifySignatureHybrid };

package/dist/index.d.ts

@@ -29,6 +29,34 @@ interface SignedPayload {
     publicKey: string;
     timestamp: string;
 }
+interface QuantumResistantKeypair {
+    /** ML-DSA-65 (CRYSTALS-Dilithium3) secret key — hex-encoded */
+    secretKey: string;
+    /** ML-DSA-65 public key — hex-encoded */
+    publicKey: string;
+    /** Algorithm identifier */
+    algorithm: 'ML-DSA-65';
+}
+interface HybridIdentity {
+    /** Standard Ed25519 identity */
+    classical: EpochCoreIdentity;
+    /** Post-quantum ML-DSA-65 public key — hex-encoded */
+    quantumPublicKey: string;
+    /** DID with quantum-resistant tag */
+    quantumDid: string;
+}
+interface HybridSignedPayload {
+    payload: string;
+    /** Ed25519 signature — hex */
+    classicalSignature: string;
+    /** ML-DSA-65 signature — hex */
+    quantumSignature: string;
+    /** Ed25519 public key — hex */
+    classicalPublicKey: string;
+    /** ML-DSA-65 public key — hex */
+    quantumPublicKey: string;
+    timestamp: string;
+}
 /**
  * Generate a new Ed25519 keypair for infrastructure identity
  */
@@ -81,9 +109,44 @@ declare function generateJWKS(publicKeys: string[]): {
         kid: string;
     }>;
 };
+/**
+ * Generate a post-quantum ML-DSA-65 keypair.
+ * ML-DSA-65 (Dilithium3) provides NIST Security Level 3 — resistant to
+ * both classical and quantum attacks (Shor's algorithm).
+ *
+ * @param seed - Optional 32-byte seed (hex). If omitted, uses CSPRNG.
+ */
+declare function generateQuantumKeypair(seed?: string): QuantumResistantKeypair;
+/**
+ * Generate a hybrid identity with both Ed25519 (classical) and ML-DSA-65
+ * (post-quantum) keys. This provides quantum-resistance while maintaining
+ * backward compatibility with existing Ed25519 infrastructure.
+ */
+declare function generateQuantumResistantIdentity(type: IdentityType, name: string): Promise<{
+    hybrid: HybridIdentity;
+    classicalPrivateKey: string;
+    quantumSecretKey: string;
+}>;
+/**
+ * Sign a payload with both Ed25519 and ML-DSA-65 (hybrid signature).
+ * Verifiers can check either or both signatures — providing quantum
+ * safety while maintaining classical compatibility.
+ *
+ * @param payload - String data to sign
+ * @param classicalPrivateKey - Ed25519 private key (64 hex chars)
+ * @param quantumSecretKey - ML-DSA-65 secret key (hex, 8064 chars / 4032 bytes)
+ * @param quantumPublicKey - ML-DSA-65 public key (hex, 3904 chars / 1952 bytes)
+ */
+declare function signPayloadHybrid(payload: string, classicalPrivateKey: string, quantumSecretKey: string, quantumPublicKey: string): Promise<HybridSignedPayload>;
+/**
+ * Verify a hybrid signature (Ed25519 + ML-DSA-65).
+ * Returns true only if BOTH signatures are valid.
+ */
+declare function verifySignatureHybrid(payload: string, classicalSignature: string, quantumSignature: string, classicalPublicKey: string, quantumPublicKey: string): Promise<boolean>;
 declare const CONSTANTS: {
     DID_PREFIX: string;
     SIGNING_ALGORITHM: string;
+    PQ_SIGNING_ALGORITHM: string;
     WALLET_ALGORITHM: string;
     SUPPORTED_TYPES: IdentityType[];
     VERSION: string;
@@ -91,19 +154,24 @@ declare const CONSTANTS: {
 declare const _default: {
     generateKeypair: typeof generateKeypair;
     generateIdentity: typeof generateIdentity;
+    generateQuantumKeypair: typeof generateQuantumKeypair;
+    generateQuantumResistantIdentity: typeof generateQuantumResistantIdentity;
     createDID: typeof createDID;
     parseDID: typeof parseDID;
     deriveWallet: typeof deriveWallet;
     signPayload: typeof signPayload;
+    signPayloadHybrid: typeof signPayloadHybrid;
     verifySignature: typeof verifySignature;
+    verifySignatureHybrid: typeof verifySignatureHybrid;
     generateJWKS: typeof generateJWKS;
     CONSTANTS: {
         DID_PREFIX: string;
         SIGNING_ALGORITHM: string;
+        PQ_SIGNING_ALGORITHM: string;
         WALLET_ALGORITHM: string;
         SUPPORTED_TYPES: IdentityType[];
         VERSION: string;
     };
 };
 
-export { CONSTANTS, type EpochCoreIdentity, type EpochCoreWallet, type IdentityType, type SignedPayload, createDID, _default as default, deriveWallet, generateIdentity, generateJWKS, generateKeypair, parseDID, signPayload, verifySignature };
+export { CONSTANTS, type EpochCoreIdentity, type EpochCoreWallet, type HybridIdentity, type HybridSignedPayload, type IdentityType, type QuantumResistantKeypair, type SignedPayload, createDID, _default as default, deriveWallet, generateIdentity, generateJWKS, generateKeypair, generateQuantumKeypair, generateQuantumResistantIdentity, parseDID, signPayload, signPayloadHybrid, verifySignature, verifySignatureHybrid };

package/dist/index.js

@@ -37,15 +37,20 @@ __export(index_exports, {
   generateIdentity: () => generateIdentity,
   generateJWKS: () => generateJWKS,
   generateKeypair: () => generateKeypair,
+  generateQuantumKeypair: () => generateQuantumKeypair,
+  generateQuantumResistantIdentity: () => generateQuantumResistantIdentity,
   parseDID: () => parseDID,
   signPayload: () => signPayload,
-  verifySignature: () => verifySignature
+  signPayloadHybrid: () => signPayloadHybrid,
+  verifySignature: () => verifySignature,
+  verifySignatureHybrid: () => verifySignatureHybrid
 });
 module.exports = __toCommonJS(index_exports);
 var ed25519 = __toESM(require("@noble/ed25519"));
 var secp256k1 = __toESM(require("@noble/secp256k1"));
 var import_sha256 = require("@noble/hashes/sha256");
 var import_utils = require("@noble/hashes/utils");
+var import_ml_dsa = require("@noble/post-quantum/ml-dsa");
 var HEX_64_RE = /^[0-9a-f]{64}$/i;
 var NAME_RE = /^[\w.-]{1,128}$/;
 var MAX_DID_LENGTH = 512;
@@ -204,21 +209,115 @@ function generateJWKS(publicKeys) {
     }))
   };
 }
+function generateQuantumKeypair(seed) {
+  let seedBytes;
+  if (seed) {
+    if (typeof seed !== "string" || !/^[0-9a-f]{64}$/i.test(seed)) {
+      throw new TypeError("seed must be a 64-character hex string (32 bytes)");
+    }
+    seedBytes = (0, import_utils.hexToBytes)(seed);
+  } else {
+    seedBytes = new Uint8Array(32);
+    globalThis.crypto.getRandomValues(seedBytes);
+  }
+  const { secretKey, publicKey } = import_ml_dsa.ml_dsa65.keygen(seedBytes);
+  return {
+    secretKey: (0, import_utils.bytesToHex)(secretKey),
+    publicKey: (0, import_utils.bytesToHex)(publicKey),
+    algorithm: "ML-DSA-65"
+  };
+}
+async function generateQuantumResistantIdentity(type, name) {
+  validateType(type);
+  validateName(name);
+  const { identity, privateKey: classicalPrivateKey } = await generateIdentity(type, name);
+  const quantumKeypair = generateQuantumKeypair();
+  const qFingerprint = (0, import_utils.bytesToHex)((0, import_sha256.sha256)((0, import_utils.hexToBytes)(quantumKeypair.publicKey.slice(0, 64)))).slice(0, 32);
+  const quantumDid = `did:epochcore:pq:${type}:${name}:${qFingerprint}`;
+  return {
+    hybrid: {
+      classical: identity,
+      quantumPublicKey: quantumKeypair.publicKey,
+      quantumDid
+    },
+    classicalPrivateKey,
+    quantumSecretKey: quantumKeypair.secretKey
+  };
+}
+async function signPayloadHybrid(payload, classicalPrivateKey, quantumSecretKey, quantumPublicKey) {
+  if (typeof payload !== "string" || payload.length === 0) {
+    throw new TypeError("payload must be a non-empty string");
+  }
+  const payloadBytes = new TextEncoder().encode(payload);
+  if (payloadBytes.byteLength > MAX_PAYLOAD_BYTES) {
+    throw new RangeError(`payload exceeds maximum size of ${MAX_PAYLOAD_BYTES} bytes`);
+  }
+  validateHex64(classicalPrivateKey, "classicalPrivateKey");
+  if (typeof quantumSecretKey !== "string" || quantumSecretKey.length === 0) {
+    throw new TypeError("quantumSecretKey must be a non-empty hex string");
+  }
+  if (typeof quantumPublicKey !== "string" || quantumPublicKey.length === 0) {
+    throw new TypeError("quantumPublicKey must be a non-empty hex string");
+  }
+  const classicalSig = await ed25519.signAsync(payloadBytes, (0, import_utils.hexToBytes)(classicalPrivateKey));
+  const classicalPub = await ed25519.getPublicKeyAsync((0, import_utils.hexToBytes)(classicalPrivateKey));
+  const quantumSig = import_ml_dsa.ml_dsa65.sign((0, import_utils.hexToBytes)(quantumSecretKey), payloadBytes);
+  return {
+    payload,
+    classicalSignature: (0, import_utils.bytesToHex)(classicalSig),
+    quantumSignature: (0, import_utils.bytesToHex)(quantumSig),
+    classicalPublicKey: (0, import_utils.bytesToHex)(classicalPub),
+    quantumPublicKey,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+async function verifySignatureHybrid(payload, classicalSignature, quantumSignature, classicalPublicKey, quantumPublicKey) {
+  if (typeof payload !== "string" || payload.length === 0) {
+    throw new TypeError("payload must be a non-empty string");
+  }
+  const payloadBytes = new TextEncoder().encode(payload);
+  if (typeof classicalSignature !== "string" || !/^[0-9a-f]{128}$/i.test(classicalSignature)) {
+    throw new TypeError("classicalSignature must be a 128-character hex string");
+  }
+  validateHex64(classicalPublicKey, "classicalPublicKey");
+  const classicalValid = await ed25519.verifyAsync(
+    (0, import_utils.hexToBytes)(classicalSignature),
+    payloadBytes,
+    (0, import_utils.hexToBytes)(classicalPublicKey)
+  );
+  if (typeof quantumSignature !== "string" || quantumSignature.length === 0) {
+    throw new TypeError("quantumSignature must be a non-empty hex string");
+  }
+  if (typeof quantumPublicKey !== "string" || quantumPublicKey.length === 0) {
+    throw new TypeError("quantumPublicKey must be a non-empty hex string");
+  }
+  const quantumValid = import_ml_dsa.ml_dsa65.verify(
+    (0, import_utils.hexToBytes)(quantumPublicKey),
+    payloadBytes,
+    (0, import_utils.hexToBytes)(quantumSignature)
+  );
+  return classicalValid && quantumValid;
+}
 var CONSTANTS = {
   DID_PREFIX: "did:epochcore",
   SIGNING_ALGORITHM: "Ed25519",
+  PQ_SIGNING_ALGORITHM: "ML-DSA-65",
   WALLET_ALGORITHM: "secp256k1",
   SUPPORTED_TYPES: ["worker", "database", "storage", "durable_object", "daemon"],
-  VERSION: "1.1.0"
+  VERSION: "1.2.0"
 };
 var index_default = {
   generateKeypair,
   generateIdentity,
+  generateQuantumKeypair,
+  generateQuantumResistantIdentity,
   createDID,
   parseDID,
   deriveWallet,
   signPayload,
+  signPayloadHybrid,
   verifySignature,
+  verifySignatureHybrid,
   generateJWKS,
   CONSTANTS
 };
@@ -230,7 +329,11 @@ var index_default = {
   generateIdentity,
   generateJWKS,
   generateKeypair,
+  generateQuantumKeypair,
+  generateQuantumResistantIdentity,
   parseDID,
   signPayload,
-  verifySignature
+  signPayloadHybrid,
+  verifySignature,
+  verifySignatureHybrid
 });

package/dist/index.mjs

@@ -3,6 +3,7 @@ import * as ed25519 from "@noble/ed25519";
 import * as secp256k1 from "@noble/secp256k1";
 import { sha256 } from "@noble/hashes/sha256";
 import { bytesToHex, hexToBytes } from "@noble/hashes/utils";
+import { ml_dsa65 } from "@noble/post-quantum/ml-dsa";
 var HEX_64_RE = /^[0-9a-f]{64}$/i;
 var NAME_RE = /^[\w.-]{1,128}$/;
 var MAX_DID_LENGTH = 512;
@@ -161,21 +162,115 @@ function generateJWKS(publicKeys) {
     }))
   };
 }
+function generateQuantumKeypair(seed) {
+  let seedBytes;
+  if (seed) {
+    if (typeof seed !== "string" || !/^[0-9a-f]{64}$/i.test(seed)) {
+      throw new TypeError("seed must be a 64-character hex string (32 bytes)");
+    }
+    seedBytes = hexToBytes(seed);
+  } else {
+    seedBytes = new Uint8Array(32);
+    globalThis.crypto.getRandomValues(seedBytes);
+  }
+  const { secretKey, publicKey } = ml_dsa65.keygen(seedBytes);
+  return {
+    secretKey: bytesToHex(secretKey),
+    publicKey: bytesToHex(publicKey),
+    algorithm: "ML-DSA-65"
+  };
+}
+async function generateQuantumResistantIdentity(type, name) {
+  validateType(type);
+  validateName(name);
+  const { identity, privateKey: classicalPrivateKey } = await generateIdentity(type, name);
+  const quantumKeypair = generateQuantumKeypair();
+  const qFingerprint = bytesToHex(sha256(hexToBytes(quantumKeypair.publicKey.slice(0, 64)))).slice(0, 32);
+  const quantumDid = `did:epochcore:pq:${type}:${name}:${qFingerprint}`;
+  return {
+    hybrid: {
+      classical: identity,
+      quantumPublicKey: quantumKeypair.publicKey,
+      quantumDid
+    },
+    classicalPrivateKey,
+    quantumSecretKey: quantumKeypair.secretKey
+  };
+}
+async function signPayloadHybrid(payload, classicalPrivateKey, quantumSecretKey, quantumPublicKey) {
+  if (typeof payload !== "string" || payload.length === 0) {
+    throw new TypeError("payload must be a non-empty string");
+  }
+  const payloadBytes = new TextEncoder().encode(payload);
+  if (payloadBytes.byteLength > MAX_PAYLOAD_BYTES) {
+    throw new RangeError(`payload exceeds maximum size of ${MAX_PAYLOAD_BYTES} bytes`);
+  }
+  validateHex64(classicalPrivateKey, "classicalPrivateKey");
+  if (typeof quantumSecretKey !== "string" || quantumSecretKey.length === 0) {
+    throw new TypeError("quantumSecretKey must be a non-empty hex string");
+  }
+  if (typeof quantumPublicKey !== "string" || quantumPublicKey.length === 0) {
+    throw new TypeError("quantumPublicKey must be a non-empty hex string");
+  }
+  const classicalSig = await ed25519.signAsync(payloadBytes, hexToBytes(classicalPrivateKey));
+  const classicalPub = await ed25519.getPublicKeyAsync(hexToBytes(classicalPrivateKey));
+  const quantumSig = ml_dsa65.sign(hexToBytes(quantumSecretKey), payloadBytes);
+  return {
+    payload,
+    classicalSignature: bytesToHex(classicalSig),
+    quantumSignature: bytesToHex(quantumSig),
+    classicalPublicKey: bytesToHex(classicalPub),
+    quantumPublicKey,
+    timestamp: (/* @__PURE__ */ new Date()).toISOString()
+  };
+}
+async function verifySignatureHybrid(payload, classicalSignature, quantumSignature, classicalPublicKey, quantumPublicKey) {
+  if (typeof payload !== "string" || payload.length === 0) {
+    throw new TypeError("payload must be a non-empty string");
+  }
+  const payloadBytes = new TextEncoder().encode(payload);
+  if (typeof classicalSignature !== "string" || !/^[0-9a-f]{128}$/i.test(classicalSignature)) {
+    throw new TypeError("classicalSignature must be a 128-character hex string");
+  }
+  validateHex64(classicalPublicKey, "classicalPublicKey");
+  const classicalValid = await ed25519.verifyAsync(
+    hexToBytes(classicalSignature),
+    payloadBytes,
+    hexToBytes(classicalPublicKey)
+  );
+  if (typeof quantumSignature !== "string" || quantumSignature.length === 0) {
+    throw new TypeError("quantumSignature must be a non-empty hex string");
+  }
+  if (typeof quantumPublicKey !== "string" || quantumPublicKey.length === 0) {
+    throw new TypeError("quantumPublicKey must be a non-empty hex string");
+  }
+  const quantumValid = ml_dsa65.verify(
+    hexToBytes(quantumPublicKey),
+    payloadBytes,
+    hexToBytes(quantumSignature)
+  );
+  return classicalValid && quantumValid;
+}
 var CONSTANTS = {
   DID_PREFIX: "did:epochcore",
   SIGNING_ALGORITHM: "Ed25519",
+  PQ_SIGNING_ALGORITHM: "ML-DSA-65",
   WALLET_ALGORITHM: "secp256k1",
   SUPPORTED_TYPES: ["worker", "database", "storage", "durable_object", "daemon"],
-  VERSION: "1.1.0"
+  VERSION: "1.2.0"
 };
 var index_default = {
   generateKeypair,
   generateIdentity,
+  generateQuantumKeypair,
+  generateQuantumResistantIdentity,
   createDID,
   parseDID,
   deriveWallet,
   signPayload,
+  signPayloadHybrid,
   verifySignature,
+  verifySignatureHybrid,
   generateJWKS,
   CONSTANTS
 };
@@ -187,7 +282,11 @@ export {
   generateIdentity,
   generateJWKS,
   generateKeypair,
+  generateQuantumKeypair,
+  generateQuantumResistantIdentity,
   parseDID,
   signPayload,
-  verifySignature
+  signPayloadHybrid,
+  verifySignature,
+  verifySignatureHybrid
 };

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@epochcore/identity-sdk",
-  "version": "1.1.0",
-  "description": "World's First Universal Infrastructure Identity SDK - Ed25519 cryptographic identities for workers, databases, storage, and daemons",
+  "version": "1.2.0",
+  "description": "World's First Universal Infrastructure Identity SDK - Ed25519 + ML-DSA-65 (post-quantum) cryptographic identities for workers, databases, storage, and daemons",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
   "types": "dist/index.d.ts",
@@ -13,7 +13,7 @@
     }
   },
   "scripts": {
-    "build": "tsup src/index.ts --format cjs,esm --dts --clean --external @noble/ed25519 --external @noble/secp256k1 --external @noble/hashes",
+    "build": "tsup src/index.ts --format cjs,esm --dts --clean --external @noble/ed25519 --external @noble/secp256k1 --external @noble/hashes --external @noble/post-quantum",
     "test": "vitest run",
     "prepublishOnly": "npm run build"
   },
@@ -23,6 +23,9 @@
     "infrastructure",
     "ed25519",
     "secp256k1",
+    "ml-dsa",
+    "dilithium",
+    "post-quantum",
     "web3",
     "cloudflare-workers",
     "quantum",
@@ -38,7 +41,8 @@
   "dependencies": {
     "@noble/ed25519": "^2.0.0",
     "@noble/secp256k1": "^2.0.0",
-    "@noble/hashes": "^1.3.0"
+    "@noble/hashes": "^1.3.0",
+    "@noble/post-quantum": "^0.2.0"
   },
   "devDependencies": {
     "tsup": "^8.0.0",