@neuraiproject/neurai-message 0.7.1 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +47 -0
- package/dist/main.js +17633 -14
- package/dist/main.js.map +1 -1
- package/dist/module.js +17633 -9
- package/dist/module.js.map +1 -1
- package/dist/types.d.ts +6 -3
- package/dist/types.d.ts.map +1 -1
- package/index.ts +243 -10
- package/package.json +14 -4
- package/test.js +60 -4
- package/tsconfig.json +13 -0
package/README.md
CHANGED
|
@@ -2,6 +2,30 @@
|
|
|
2
2
|
|
|
3
3
|
Sign and Verify messages in Neurai in JavaScript, primarly for Node.js
|
|
4
4
|
|
|
5
|
+
## Scope
|
|
6
|
+
|
|
7
|
+
This package follows the current Neurai `signmessage` / `verifymessage` behavior for `legacy` signatures and also exposes the new `PQ` message-signature format.
|
|
8
|
+
|
|
9
|
+
The package supports two formats:
|
|
10
|
+
|
|
11
|
+
- `legacy`: classic compact `secp256k1` signature encoded in base64 for `P2PKH` / `CKeyID` addresses
|
|
12
|
+
- `PQ`: Base64 payload `0x35 || CompactSize(pubkey) || pubkey || CompactSize(signature) || signature`
|
|
13
|
+
|
|
14
|
+
## Post-Quantum note
|
|
15
|
+
|
|
16
|
+
Neurai `PQ` message signatures do not use compact public-key recovery.
|
|
17
|
+
|
|
18
|
+
Instead, the exported signature embeds the serialized public key and the `ML-DSA-44` signature. Verification must therefore:
|
|
19
|
+
|
|
20
|
+
- decode the Base64 payload
|
|
21
|
+
- extract the serialized PQ public key
|
|
22
|
+
- confirm `HASH160(pubkey_serialized)` matches the witness v1 program in the address
|
|
23
|
+
- verify the `ML-DSA-44` signature over the Neurai message hash
|
|
24
|
+
|
|
25
|
+
The generic `verifyMessage(...)` function now auto-detects both formats. Use `sign(...)` for legacy and `signPQMessage(...)` for PQ.
|
|
26
|
+
|
|
27
|
+
`signPQMessage(...)` expects the ML-DSA-44 secret key and the corresponding public key, either raw (`1312` bytes) or serialized as `0x05 || pubkey`.
|
|
28
|
+
|
|
5
29
|
## If you want to use it in the browser, use Browserify
|
|
6
30
|
|
|
7
31
|
@neuraiproject/neurai-message is based on 'bitcoinjs-lib' which uses tons of Node stuff.
|
|
@@ -49,4 +73,27 @@ const CoinKey = require("coinkey");
|
|
|
49
73
|
console.log("Verify", verifyMessage(message, address, signature));
|
|
50
74
|
}
|
|
51
75
|
|
|
76
|
+
//PQ sign / verify
|
|
77
|
+
{
|
|
78
|
+
const { ml_dsa44 } = require("@noble/post-quantum/ml-dsa.js");
|
|
79
|
+
const { bech32m } = require("bech32");
|
|
80
|
+
const crypto = require("crypto");
|
|
81
|
+
const { signPQMessage, verifyPQMessage } = require("@neuraiproject/neurai-message");
|
|
82
|
+
|
|
83
|
+
const keys = ml_dsa44.keygen();
|
|
84
|
+
const serializedPubKey = Buffer.concat([Buffer.from([0x05]), Buffer.from(keys.publicKey)]);
|
|
85
|
+
const program = crypto.createHash("ripemd160").update(
|
|
86
|
+
crypto.createHash("sha256").update(serializedPubKey).digest()
|
|
87
|
+
).digest();
|
|
88
|
+
const words = bech32m.toWords(program);
|
|
89
|
+
words.unshift(1);
|
|
90
|
+
const address = bech32m.encode("tnq", words);
|
|
91
|
+
|
|
92
|
+
const message = "Hello PQ world";
|
|
93
|
+
const signature = signPQMessage(message, keys.secretKey, keys.publicKey);
|
|
94
|
+
|
|
95
|
+
console.log("Verify PQ", verifyPQMessage(message, address, signature));
|
|
96
|
+
console.log("Verify auto", verifyMessage(message, address, signature));
|
|
97
|
+
}
|
|
98
|
+
|
|
52
99
|
```
|