eddsa-wasm-ll

This crate exposes Silence Laboratories' EdDSA threshold signing engine as a WebAssembly bundle. The bindings let JavaScript or TypeScript applications run multi-party key generation, signing, and key maintenance flows entirely in the browser, Node.js, or Deno.

The exported API mirrors the Rust implementation found in src/ and the Deno examples in tests/tests.ts. This document pulls the core usage patterns from those tests so you can bootstrap an integration quickly.

Installation

The repository ships three npm artefacts that expose the same API for different runtime targets:

• @silencelaboratories/eddsa-wasm-ll-web
• @silencelaboratories/eddsa-wasm-ll-node
• @silencelaboratories/eddsa-wasm-ll-bundler

Install the flavour that matches your environment:

npm install @silencelaboratories/eddsa-wasm-ll-web

The package exposes an async default export that initialises the WASM module. Always await it before touching any other primitive.

import initEddsa, {
  KeygenSession,
  Keyshare,
  SignSession,
  Message,
  generateEncryptionKeypair,
} from "@silencelaboratories/eddsa-wasm-ll-web";

await initEddsa();

Distributed Key Generation (DKG)

A DKG flow lets participants parties derive a shared key where any threshold subset can sign. The example below mirrors the helpers in tests/tests.ts and demonstrates the complete three-round protocol.

const participants = 3;
const threshold = 2;

// Generate the per-party key material used by the protocol.
const { secrets, publicKeys } = generateEncryptionMaterial(participants);

// Spin up a session per participant.
const sessions = secrets.map((secret, party_id) =>
  createKeygenSession(participants, threshold, party_id, secret, publicKeys),
);

// Generate first message.
const msg1 = sessions.map((session) => session.createFirstMessage());

// Round 1
const msg2 = sessions.flatMap((session) =>
  session.handleMessages(msg1.map((m) => m.clone())),
);

// Round 2
sessions.forEach((session, partyId) => {
  session.handleMessages(msg2.map((m) => m.clone()));
});

// and capture the resulting key shares.
const shares = sessions.map((session) => session.keyshare());

Supporting helpers lifted from the test suite:

type DkgMaterial = {
  secrets: Uint8Array[];
  publicKeys: Uint8Array;
};

type DkgResult = DkgMaterial & { shares: Keyshare[] };

function generateEncryptionMaterial(participants: number): DkgMaterial {
  const secrets: Uint8Array[] = [];
  const publicKeys: Uint8Array[] = [];

  for (let i = 0; i < participants; i++) {
    const pair = generateEncryptionKeypair();
    secrets.push(pair.secretKey);    // random 32 bytes
    publicKeys.push(pair.publicKey); // ed25519 public key
    pair.free();
  }

  return { secrets, publicKeys: concatBytes(publicKeys) };
}

function createKeygenSession(
  participants: number,
  threshold: number,
  partyId: number,
  secretKey: Uint8Array,
  aggregatedPublicKeys: Uint8Array,
): KeygenSession {
  const flattened = aggregatedPublicKeys.slice();
  return new KeygenSession(participants, threshold, partyId, secretKey, flattened);
}

function concatBytes(chunks: Uint8Array[]): Uint8Array {
  const total = chunks.reduce((sum, chunk) => sum + chunk.length, 0);
  const result = new Uint8Array(total);
  let offset = 0;
  for (const chunk of chunks) {
    result.set(chunk, offset);
    offset += chunk.length;
  }
  return result;
}

The resulting shares carry metadata such as the party id, threshold, and public key. See tests/tests.ts for assertions that confirm the shape of the output.

Threshold Signing (DSG)

Signing reuses the key shares produced during DKG. The snippet below follows the dsg helper from the test suite and shows the three interaction rounds between threshold parties.

const message = crypto.getRandomValues(new Uint8Array(32));
const sharesToUse = shares.slice(0, threshold);

const sessions = sharesToUse.map((share) => new SignSession(share, message, "m"));

const msg1 = sessions.map((session) => session.createFirstMessage());
const msg2 = sessions.flatMap((session) =>
  session.handleMessages(msg1.map((m) => m.clone()))
);
const msg3 = sessions.flatMap((session) =>
  session.handleMessages(msg2.map((m) => m.clone()))
);

sessions.forEach((session) => {
  session.handleMessages(msg3.map((m) => m.clone()));
});

const signatures = sessions.map((session) => session.signature());

The final signatures are encoded raw Ed25519 signatures. Each SignSession is single-use; discard it after calling signature().

Key Rotation and Share Recovery

The library exposes additional helpers that allow rotating key shares or recovering lost participants:

• KeygenSession.initKeyRotation(share, secretKey, aggregatedPublicKeys)
• KeygenSession.initKeyRecovery(share, lostPartyIds, secretKey, aggregatedPublicKeys)
• KeygenSession.initLostShareRecovery(participants, threshold, partyId, expectedPublicKey, lostPartyIds, secretKey, aggregatedPublicKeys)

The Deno test suite demonstrates a full rotation flow (Key rotation) and a lost-share recovery path (key share recovery) that feed into dkg_inner again to reach steady state. Those tests are excellent references when wiring up similar logic on the application side.

Error Handling

Session methods throw JavaScript exceptions when progress is impossible. Examples from the test suite include:

• Re-playing a round method, e.g. calling createFirstMessage() twice.
• Passing a party its own outgoing message.

Treat these errors as fatal: the protocol state is no longer usable once a method throws. If you need structured errors, inspect the optional session.error() accessor on both KeygenSession and SignSession.

Testing Locally

The repository includes two complementary test suites:

• Rust-side harnesses (wasm-pack test --node -r and cargo test --all).

• Deno-based integration tests that exercise the generated bindings:

  deno test -A tests/tests.ts

Licensing

This wrapper is released under the Silence Laboratories License Agreement. See LICENSE for the full text.