Documentation

Introduction

Overview

OP_NET supports ML-DSA (Module-Lattice-Based Digital Signature Algorithm), also known as FIPS 204, providing quantum-resistant cryptography alongside traditional ECDSA/Schnorr signatures. This hybrid approach ensures your transactions and signatures remain secure even when quantum computers become capable of breaking classical cryptographic schemes.

Info

OP_NET currently supports only ML-DSA LEVEL2.

The following features are included in this implementation:

  1. Mnemonic Support: BIP39 + BIP360 for quantum key derivation.
  2. Wallet Management: Hybrid classical + quantum key management.
  3. Universal Public Key: address.toHex() provides the user's quantum address (SHA-256 of ML-DSA public key).
  4. Message Signing: ML-DSA and Schnorr signature support.
  5. Address Verification: Validation for ML-DSA public keys and classical address types.
  6. Security Levels: Three levels of quantum resistance (LEVEL2, LEVEL3, LEVEL5).

What is ML-DSA?

ML-DSA is a post-quantum cryptographic algorithm standardized by NIST as FIPS 204. It uses lattice-based mathematics that are believed to be resistant to attacks by both classical and quantum computers.

Security Levels

ML-DSA offers three security levels with different key sizes and security guarantees:

Level Name Public Key Size Signature Size Security Equivalent Status
LEVEL2 ML-DSA-44 1,312 bytes 2,420 bytes AES-128 RECOMMENDED DEFAULT
LEVEL3 ML-DSA-65 1,952 bytes 3,309 bytes AES-192 Optional
LEVEL5 ML-DSA-87 2,592 bytes 4,627 bytes AES-256 Optional (maximum security)
Recommendation

Use LEVEL2 (ML-DSA-44): this is the BIP360 default and provides strong quantum resistance with reasonable key sizes. Use LEVEL3 or LEVEL5 only if you need higher security for specific high-value applications.

Hybrid Architecture

OP_NET uses a dual-key system for maximum compatibility and security.

The diagram below shows the OP_WALLET key structures:
OP_WALLET Classical Keys (ECDSA / Schnorr) 32-bytes private key 33-bytes public key Bitcoin script execution P2TR, P2WPKH addresses Quantum Keys (ML-DSA) Private key 1312-2592 bytes Public key Quantum address SHA-256 Hash of ML-DSA Public Key → Universal Public Key (address.toHex() - 32 bytes)

How It Works

  1. Universal Public Key: ML-DSA public keys are SHA256-hashed to 32 bytes via address.toHex() - this is the user's universal identifier.
  2. Classical Keys: Maintained separately for Bitcoin transaction signing (P2TR, P2WPKH, etc.).
  3. Quantum Keys: Provide quantum-resistant authentication and signatures.
  4. P2OP Addresses: Contract address format (witness version 16) - for OP_NET contracts ONLY, not for user addresses.

Quick Start

The following example demonstrate how to use quantum related functions:
typescript
import { Mnemonic, MessageSigner, MLDSASecurityLevel } from '@btc-vision/transaction';
import { networks } from '@btc-vision/bitcoin';

// Generate a new quantum-resistant wallet
const mnemonic = Mnemonic.generate(undefined, '', networks.bitcoin, MLDSASecurityLevel.LEVEL2);

// Derive a wallet
const wallet = mnemonic.derive(0);

// Get quantum address (universal public key)
const quantumAddress = wallet.address.toHex();
console.log('Quantum Address:', quantumAddress);

// Sign a message with ML-DSA
const message = 'Hello, Quantum World!';
const signature = MessageSigner.signMLDSAMessage(wallet.mldsaKeypair, message);
console.log('ML-DSA Signature:', Buffer.from(signature.signature).toString('hex'));
On this page