Disclaimer: While this project has been carefully developed and externally audited for security, it represents pioneering work in quantum-resistant blockchain technology - USE AT YOUR OWN RISK.
Quantum Purse is a lightweight, quantum-safe desktop wallet designed for the CKB blockchain. CKB addresses generated by Quantum Purse are quantum-safe, so assets transferred to these addresses remain secure against quantum threats. The project is currently configured to let users use the quantum-resistant Lock Script developed by Cryptape.
| Feature | Details |
|---|---|
| Signature type | FIPS205 (SPHINCS+) |
| Mnemonic standard | Custom BIP39 English |
| Local encryption | AES256 |
| Key derivation | HKDF with SHA256 |
| Authentication | Password |
| Password hashing | Scrypt |
| Store model | Indexed DB |
| RPC endpoint | No |
| Client type | Fly Client (CKB light client js) |
| Demo site | Brave, Google Chrome, Safari |
| Native PC app | Windows, macOS, Linux |
All 12 NIST-approved SPHINCS+ parameter sets are supported by Quantum Purse. These parameter sets are the combinational results of:
- 2 hashing algorithms:
Sha2,Shake - 3 security parameter length:
128 bit,192 bit,256 bit - 2 optimization methods:
s(small signature),f(fast signature generation)
NIST doesn't define the strength for each variant using precise estimates of the number of “bits of security” but offers 5 broad security strength categories. Refer to the NIST call for quantum safe crypto proposal for more details. Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for:
- Key search on a block cipher with a 128-bit key (e.g. AES128)
- Collision search on a 256-bit hash function (e.g. SHA256/ SHA3-256)
- Key search on a block cipher with a 192-bit key (e.g. AES192)
- Collision search on a 384-bit hash function (e.g. SHA384/ SHA3-384)
- Key search on a block cipher with a 256-bit key (e.g. AES 256)
SPHINCS+ variants with security parameter length of 128, 192, 256 fall into the category 1, 3, 5 respectively.
For CKB:
- 's' variant is on-chain friendly as it's fast and lightweight. The tradeoff here is that key generation and signing on Quantum Purse takes longer to execute.
Sha2is faster thanShake.
If you have no reference, Sha2-256s is a good starting point for maximum security. Alternatively, Sha2-128s or Sha2-192s offer weaker protection but may be suitable for less critical use cases.
See Quantum Purse Key Vault project for more details.
Due to the larger size of the quantum resistant lock script:
- Minimum CKB per quantum-safe cell is 73 CKB.
- Smaller transfers to Quantum Purse will be rejected by CKB blockchain.
Quantum Purse is a true light wallet. It runs its own CKB light client node and connects directly to the CKB network without middle RPC enpoints. The demo website is also powered by the Light Client protocol - effectively making it one of the first true blockchain clients that can even run on mobiles. The light client sync status such as peers connected and sync percentage are displayed on the right side of the app's header:
Important:
- It takes 5-10 seconds to establish connections to other nodes.
- Another 10 - 30 seconds to fully sync a newly added account.
- For a smooth experience, ensure your CONNECTED value is greater than 0 and sync status to be ~100% before making any transaction.
- In case you notice that sync percentage grows very slowly for some reason e.g after creating Quantum Purse wallet without internet, please set
starting blockto skip blocks that have none transaction. Go to Settings -> Accounts -> 3-dot menu to set starting blocks. - One new account starts syncing at block 0 will make other accounts sync to wait until this account catches up. Provide starting blocks properly for a smooth experience.
Quantum Purse integrates CCC for blockchain client connect and transaction building. But in order to ensure light-client-js compatibility with CCC temporarily, Quantum Purse has to use a fork from CCC. This fork is fairly simple and will find its way to the official CCC in the future.
When you import your seed phrase into Quantum Purse, it automatically restores your wallets by generating child keys sequentially, starting from index 1. The recovery process continues until it encounters 5 consecutive empty accounts (i.e., accounts with no transaction history).
Important: Currently, recovering wallet on a newly setup Quantum Purse will result in only the first account being created because Light Client is too slow for this process. In such case, create accounts, determine starting block via ckb explorer then set starting blocks manually via each account's context menu.
Quantum Purse offers pre-built binaries for macOS, Windows and Linux. Download Quantum Purse in the release page.
Notice: These are not reproducible builds due to the nature of Electron app build and app signing. As a result, in a post-quantum threat model, the build hash and GitHub commit alone cannot be used to independently verify the binary’s integrity. Verification must instead rely on building the application directly from the source code detailed in below section. A future Quantum Purse v2 with a different architecture may enable reproducible builds and stronger verifiability.
- Node >=22.12
- Brave, Google Chrome, Safari
# Install dependencies
npm install
# Build web app core
npm run build:web
# start web app in development mode
npm run start:web
# Build native app for macos on Apple silicon
npm run build:app:mac:arm64
# Build native app for macos x64
npm run build:app:mac:x64
# Build native app for linux x64
npm run build:app:linux:x64
# Build native app for windows x64
npm run build:app:win:x64
# start native app in development mode
npm run start:app
# Run test
npm run testAny PR to develop branch is welcomed. Have an idea or have found an issue? Feel free to open a github issue or leave a message in the Quantum Purse telegram group to let me know.
https://quantum-purse.vercel.app/
- Mnemonic seed phrases are very long. *256s/f variants with 72 words may feel overwhelming if you're new to quantum-safe wallets. For easier backup, consider starting with *128s/f variants (36 words), which still provide strong quantum resistance.
- Back up your mnemonic phrase. Losing your mnemonic means losing access to your wallet.
- Quantum Purse does NOT store your passwords. Passwords are used only temporarily to encrypt and decrypt your secret data.
- There's no guarantee your encrypted wallet seed can not be exposed. In case it is exposed, you will want it to have sufficiently strong encrytion with an equaly strong password. Pick a strong password for your self!
- What is a strong password? Quantum Purse does guide you in wallet creation to create strong passwords but it will be best for you to come up with your own that passes Quantum Purse's validation. For what is a strong password, you might want to refer to this link.
- Forgot your password? Recover access by importing your seed phrase and setting a new password instantly.
- Need help? Report issues on GitHub!
Security is everyone's responsibility. While Quantum Purse does its job in minimizing sensitive data exposes, password/mnemonic inputting in JS environment doesn't offer much control and remains as a weak point. This is in fact an issue for all password-based application. Until a proper SPHINCS+ hardware wallet is available for secure key management, it is recommended to follow this practice to maximize security:
- Use a dedicated device with minimal software installed to run Quantum Purse.
- On each transactional activity, there's a button named "Sign & Export". Wait for the light client to completely sync then disconnect with the internet. Then use "Sign & Export" to perform signing off-line and store the transaction object on your computer.
- Terminate the application after completing a transaction. Ideally, power off your computer to wipe residual password-related data from RAM.
- Open your computer again and use any CKB transaction broadcaster to broadcast your signed transaction to the CKB network.
- Never copy sensitive data as data in clipboards get attacked easilly. Remember to protect/lock your machine always.
