Crypto primitives for ZeroLedger Protocol - ECDH encryption, stealth addresses, and post-quantum security.
⚠️ Warning: Software provided as-is. Not audited for production use.
- 🔐 ECDH Encryption - Ephemeral key pairs + AES-256-GCM
- 🛡️ Post-Quantum Encryption - ML-KEM-768 (Kyber) resistant to quantum attacks
- 👻 Stealth Addresses - Privacy-preserving address generation
- 🔢 Elliptic Operations - secp256k1 key multiplication
- 📦 Pure ESM - Modern JavaScript, TypeScript-native
- Node.js ≥ 20.19.0
- Pure ESM - No CommonJS support
npm install @zeroledger/vycryptimport { encrypt, decrypt } from "@zeroledger/vycrypt/crypt.js";
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
const privKey = generatePrivateKey();
const account = privateKeyToAccount(privKey);
const encrypted = encrypt("Hello, World!", account.publicKey);
const decrypted = decrypt(privKey, encrypted);import { generateQuantumKeyPair, encryptQuantum, decryptQuantum } from "@zeroledger/vycrypt/qcrypt.js";
// Random key pair
const keyPair = generateQuantumKeyPair();
// Or deterministic from seed
const keys = generateQuantumKeyPair("my-passphrase");
const encrypted = encryptQuantum("Secret data", keyPair.publicKey);
const decrypted = decryptQuantum(keyPair.secretKey, encrypted);import { createStealth, deriveStealthAccount } from "@zeroledger/vycrypt/stealth/index.js";
import { generatePrivateKey, privateKeyToAccount } from "viem/accounts";
import { toHex } from "viem";
const privateKey = generatePrivateKey();
const pubKey = privateKeyToAccount(privateKey).publicKey;
const { stealthAddress, random } = createStealth(pubKey);
const account = deriveStealthAccount(privateKey, toHex(random));ECDH encryption with ephemeral keys and AES-256-GCM.
Decrypt data encrypted with encrypt().
Generate ML-KEM-768 key pair. Optional seed for deterministic generation.
- Returns:
{ publicKey: Hex, secretKey: Hex } - Key sizes: 1184 bytes (public), 2400 bytes (secret)
Quantum-resistant encryption using ML-KEM-768 + AES-256-GCM.
Decrypt quantum-encrypted data.
Generate a stealth address with cryptographically secure random.
Derive private key for stealth address. Returns viem Account.
Multiply public key by scalar on secp256k1 curve.
Multiply private key by scalar (modulo curve order).
- ✅ Forward secrecy (ephemeral keys)
- ✅ Authenticated encryption (AES-256-GCM)
- ✅ Random IVs per operation
- ✅ ECDH on secp256k1 curve
- ✅ ML-KEM-768 (NIST FIPS 203)
- ✅ Post-quantum secure
- ✅ Hybrid encryption (KEM + AES-GCM)
- ✅ Non-deterministic by default
- Never share or transmit private keys
- Use cryptographically secure random generation
- Validate all inputs in your application
- Consider quantum resistance for long-term secrets
{
".": "./index.js", // Main exports
"./crypt.js": "./crypt.js", // Classic encryption
"./qcrypt.js": "./qcrypt.js", // Quantum encryption
"./stealth/index.js": "./stealth/index.js" // Stealth addresses
}# Run all tests
npm test
# Validate build and ESM imports
npm run test:build
# Type checking
npm run typecheck
# Linting
npm run lintTest coverage: 89+ tests covering encryption, stealth addresses, edge cases, and build validation.
| Package | Version | Purpose |
|---|---|---|
@noble/ciphers |
^2.0.1 | AES-256-GCM encryption |
@noble/post-quantum |
^0.5.2 | ML-KEM-768 (Kyber) |
viem |
^2.38.6 | Ethereum utilities, secp256k1, hashing |
Note: vycryp re-exports
@noble/curvesand@noble/hashesfrom Viem for compatibility.
npm run buildOutputs:
index.js,crypt.js,qcrypt.js- Main modulesstealth/- Stealth address modules*.d.ts- TypeScript declarations*.js.map- Source maps
- Fork the repository
- Create a feature branch
- Add tests for new functionality
- Ensure
npm testandnpm run test:buildpass - Submit a pull request
SEE LICENSE IN LICENSE