Skip to content

index

Jump to bottom
xero edited this page May 30, 2026 · 9 revisions
logo

Leviathan Crypto Library Documentation Index

This index lists every documentation file in the docs/ directory. Use it as your starting point for the API reference, architecture notes, benchmarks, and correctness audits.

Table of Contents

Getting Started

Document Description
development.md Day-to-day developer workflow: build, test, lint commands and the iteration loop
examples.md Code examples for every primitive
cdn.md Use leviathan-crypto directly from a CDN with no bundler
exports.md Complete export reference: every class, function, and type
init.md init() API, WasmSource, subpath imports, tree-shaking
loader.md WASM binary loading internals: WasmSource dispatch, loadWasm(), compileWasm()
csp.md Content-Security-Policy: required directives, minimal policies, pool workers, per-engine differences

API Reference

Authenticated Encryption

Module Description
aead.md Seal, SealStream, OpenStream, SealStreamPool, SerpentCipher, XChaCha20Cipher, MlKemSuite
ciphersuite.md CipherSuite interface and the in-tree symmetric / hybrid cipher consts

Signatures

Module Description
signing.md Sign, SignStream, VerifyStream, envelope wire format, SigningError
signaturesuite.md SignatureSuite interface plus the shipped suite catalog and reserved entries

Post-Quantum KEM

Module Description
mlkem.md MlKem512, MlKem768, MlKem1024, MlKemSuite: ML-KEM key encapsulation (FIPS 203)
asm_mlkem.md WASM implementation: polynomial arithmetic, SIMD NTT/invNTT, basemul in Z_q[X]/(X²-ζ), CBD sampling, compression, FO transform

Classical Signatures and Key Agreement

Module Description
ed25519.md Ed25519: classical Ed25519 signatures (RFC 8032), pure and Ed25519ph prehash modes
x25519.md X25519: Curve25519 Diffie-Hellman key agreement (RFC 7748)
ecdsa-p256.md EcdsaP256, EcdsaP256Suite, ecdsaSignatureToDer / ecdsaSignatureFromDer: classical ECDSA signatures over NIST P-256 (FIPS 186-5 §6), hedged-by-default per draft-irtf-cfrg-det-sigs-with-noise-05, low-S enforced
asm_curve25519.md WASM implementation: field arithmetic, edwards25519, Montgomery ladder, scalar mod L, embedded SHA-512
asm_p256.md p256 WASM implementation: GF(p256) field arithmetic, Renes-Costello-Batina 2016 complete addition, constant-time scalar mult, embedded SHA-256 + HMAC-SHA-256 for RFC 6979 K derivation

Post-Quantum Signatures

Module Description
mldsa.md MlDsa44, MlDsa65, MlDsa87: ML-DSA digital signatures (FIPS 204), pure mode and HashML-DSA
asm_mldsa.md WASM implementation: SIMD NTT over q=8380417, rejection sampling, Power2Round / Decompose / MakeHint / UseHint, HintBitPack/Unpack with §D.3 SUF-CMA checks, SampleInBall
slhdsa.md SlhDsa128f, SlhDsa192f, SlhDsa256f: SLH-DSA hash-based signatures (FIPS 205), pure mode and HashSLH-DSA
asm_slhdsa.md WASM implementation: embedded Keccak permutation, F / H / T_ℓ / PRF / PRF_msg / H_msg tweakable hash family, 32-byte ADRS encoding, WOTS+ / FORS / XMSS / hypertree composition

Transparency Log

Module Description
merkle.md MerkleVerifier, MerkleLog, SignedLog, Sha256Tree, Blake3Tree, MemoryStorage: append-only Merkle log substrate with inclusion / consistency proofs, signed tree heads, and the c2sp.org/tlog-cosignature wire format

Post-Quantum Ratchet

Module Description
ratchet.md ratchetInit, KDFChain, kemRatchetEncap, kemRatchetDecap: Sparse Post-Quantum Ratchet KDF primitives (DR spec §5 + §7.2)

AES (FIPS 197)

Module Description
aes.md TypeScript API: AES, AESCbc, AESCtr, AESGCM, AESGCMSIV, AESGenerator, AESGCMSIVCipher
asm_aes.md WASM implementation: bitsliced 8-block kernel, Canright tower-field S-box, CBC/CTR/GCM/GCM-SIV modes

Serpent-256

Module Description
serpent.md TypeScript API: Serpent, SerpentCtr, SerpentCbc
asm_serpent.md WASM implementation: bitslice S-boxes, key schedule, CTR/CBC modes

XChaCha20 / Poly1305

Module Description
chacha20.md TypeScript API: ChaCha20, Poly1305, ChaCha20Poly1305, XChaCha20Poly1305
asm_chacha.md WASM implementation: quarter-round, Poly1305 accumulator, HChaCha20

Hashing

Module Description
hashing.md Hashing landing page: overview, a choose-the-right-hash decision matrix, and cross-links across the SHA-2, SHA-3, and BLAKE3 families

SHA-2

Module Description
sha2.md TypeScript API: SHA256, SHA512, SHA384, HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, HKDF_SHA256, HKDF_SHA512
asm_sha2.md WASM implementation: compression functions, HMAC inner/outer padding

SHA-3

Module Description
sha3.md TypeScript API: SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256, plus streaming variants (SHA3_256Stream, SHA3_512Stream, SHAKE128Stream, SHAKE256Stream)
kmac.md TypeScript API: CSHAKE128, CSHAKE256, KMAC128, KMAC256, KMACXOF128, KMACXOF256 (SP 800-185)
asm_sha3.md WASM implementation: Keccak permutation (1600-bit state), sponge construction

BLAKE3

Module Description
blake3.md TypeScript API: BLAKE3, BLAKE3Stream, BLAKE3KeyedHash, BLAKE3KeyedHashStream, BLAKE3DeriveKey, BLAKE3DeriveKeyStream, BLAKE3OutputReader, plus the BLAKE3Hash Fortuna HashFn const
asm_blake3.md WASM implementation: v128-internal compress and lane-parallel compress4 (BLAKE3 §5.3 SIMD), §2.4 chunk machine, §2.5 tree assembly + root finalize, §2.6 XOF squeeze, all three §2.3 modes

Fortuna CSPRNG

Module Description
fortuna.md Fortuna: CSPRNG with forward secrecy and 32 entropy pools

Utilities and Types

Module Description
utils.md randomBytes, constantTimeEqual, wipe, encoding helpers. No init() required
asm_cte.md WASM implementation: SIMD constant-time byte equality backing constantTimeEqual, plus the @inline source-level ctEqual imported by other AS modules. Lazy-loaded, no init()
types.md TypeScript interfaces: Hash, KeyedHash, Blockcipher, Streamcipher, AEAD, Generator, HashFn, CipherSuite, SignatureSuite, StreamableSignatureSuite, PrehashAlgorithm

Project Documentation

Document Description
architecture Repository structure, build and CI, WASM modules, public API, test suite, and security posture
asm_imports.md Per-module AssemblyScript import dependency graphs
test-suite.md Test suite structure, vector corpus, and gate discipline
Security Policy Security posture and vulnerability disclosure details
lexicon Glossary of cryptographic terms
wasm.md WebAssembly primer in the context of this library
argon2id.md Passphrase-based encryption using Argon2id alongside leviathan primitives
serpent_reference.md Serpent algorithm: S-boxes, linear transform, round structure, known attacks
chacha_reference.md ChaCha20 algorithm: ARX, block function, Poly1305 MAC, HChaCha20 subkeys, XChaCha20-Poly1305 AEAD, known attacks
aes_reference.md AES algorithm: FIPS 197 cipher core, SP 800-38A/D modes (CBC, CTR, GCM), RFC 8452 GCM-SIV, known attacks
branding.md Project artwork and branding materials

Performance

See the benchmark index for full results across V8, SpiderMonkey, and JavaScriptCore.

Document Description
benchmarks.md Benchmark index
serpent_simd_bench.md Serpent-256 CTR and CBC-decrypt: scalar vs 4-wide SIMD across V8, SpiderMonkey, and JSC
chacha_simd_bench.md ChaCha20 4-wide inter-block parallelism: scalar vs SIMD across all three engines. Includes documented negative result for intra-block approach

Algorithm Correctness

See the audit index for a summary of all reviews.

Primitive Description
audits.md Audit index
serpent_audit.md Correctness verification, side-channel analysis, cryptanalytic attack paper review
chacha_audit.md XChaCha20-Poly1305 correctness, Poly1305 field arithmetic, HChaCha20 nonce extension
sha2_audit.md SHA-256/512/384 correctness, HMAC and HKDF composition, constant verification
sha3_audit.md Keccak permutation correctness, step verification, round constant derivation
blake3_audit.md BLAKE3 tree-mode correctness, compress / compress4 equivalence, flag bits, chunk machine, queue-per-level tree assembly, XOF snapshot integrity
hmac_audit.md HMAC construction, key processing, RFC 4231 vector coverage
hkdf_audit.md HKDF extract-then-expand, info field domain separation, stream key derivation
mlkem_audit.md ML-KEM FIPS 203 correctness, NTT verification, FO transform CT analysis, ACVP validation
mldsa_audit.md ML-DSA FIPS 204 prehashed-input surface audit
slhdsa_audit.md SLH-DSA FIPS 205 implementation audit, including PQ-only hybrid factory invariants
ed25519_audit.md Ed25519 RFC 8032 plus FIPS 186-5 strict verification, fault-injection defence, embedded SHA-512 integrity, dom2 prehash binding
x25519_audit.md X25519 RFC 7748 clamping discipline, constant-time Montgomery ladder, TS-layer all-zero rejection
ecdsa-p256_audit.md ECDSA-P256 FIPS 186-5 strict verification, RFC 6979 deterministic-K gate, hedged-by-default posture, low-S enforcement, fault-injection defence, embedded SHA-256 / HMAC-SHA-256 integrity
stream_audit.md Streaming AEAD composition, counter nonce binding, final-chunk detection, key wipe paths
ratchet_audit.md SPQR KDF primitives: HKDF parameter assignments, wipe coverage, counter encoding, direction slot alignment
vector_audit.md Vector corpus audit: Tier 1-4 classification, the Rust verifier, SHA256SUMS pinning discipline, and CI integration

© MMXXVI: Leviathan Crypto Library

GitHub Release npm package minimized gzipped size demos

simd webassembly side-effect free tree-shakeable zero dependencies MIT Licensed

Leviathan-Crypto Wiki

Leviathan logo

Getting Started

Authenticated Encryption

Digital Signatures

Ciphers

  • Serpent-256 TypeScript | WASM
    • Serpent, SerpentCtr, SerpentCbc, SerpentGenerator
  • ChaCha20 TypeScript | WASM
    • ChaCha20, Poly1305, ChaCha20Poly1305, XChaCha20Poly1305, ChaCha20Generator
  • AES TypeScript | WASM
    • AES, AESCbc, AESCtr, AESGCM, AESGCMSIV, AESGenerator

Signature Primitives

  • ML-DSA TypeScript | WASM
    • pure (FIPS 204): MlDsa44, MlDsa65, MlDsa87
    • pure-mode suites: MlDsa44Suite, MlDsa65Suite, MlDsa87Suite
    • prehash suites: MlDsa44PreHashSuite, MlDsa65PreHashSuite, MlDsa87PreHashSuite
  • SLH-DSA TypeScript | WASM
    • pure (FIPS 205): SlhDsa128f, SlhDsa192f, SlhDsa256f
    • pure-mode suites: SlhDsa128fSuite, SlhDsa192fSuite, SlhDsa256fSuite
    • prehash suites: SlhDsa128fPreHashSuite, SlhDsa192fPreHashSuite, SlhDsa256fPreHashSuite
  • Ed25519 TypeScript | WASM
    • Ed25519 (pure + Ed25519ph), Ed25519Suite, Ed25519PreHashSuite
  • ECDSA-P256 TypeScript | WASM
    • EcdsaP256 (hedged + RFC 6979), EcdsaP256Suite
    • DER codec: ecdsaSignatureToDer, ecdsaSignatureFromDer, encodeEcPrivateKey, decodeEcPrivateKey, pointDecompress
  • Hybrid composites PQ-only | Classical+PQ
    • PQ-only: MlDsa44SlhDsa128fSuite, MlDsa65SlhDsa192fSuite, MlDsa87SlhDsa256fSuite
    • Classical+PQ: MlDsa44Ed25519Suite, MlDsa65Ed25519Suite, MlDsa44EcdsaP256Suite, MlDsa65EcdsaP256Suite

Key Agreement

Post-Quantum

  • ML-KEM TypeScript | WASM
    • MlKem512, MlKem768, MlKem1024
  • Ratchet (SPQR)
    • KDFChain, ratchetInit, kemRatchetEncap, kemRatchetDecap, RatchetKeypair, SkippedKeyStore

Hashing

  • Hashing overview
  • SHA-2 TypeScript | WASM
    • SHA256, SHA384, SHA512, SHA224, SHA512_224, SHA512_256
    • HMAC_SHA256, HMAC_SHA384, HMAC_SHA512, HKDF_SHA256, HKDF_SHA512
  • SHA-3 TypeScript | WASM
    • SHA3_224, SHA3_256, SHA3_384, SHA3_512, SHAKE128, SHAKE256
  • BLAKE3 TypeScript | WASM
    • BLAKE3, BLAKE3Stream, BLAKE3KeyedHash, BLAKE3KeyedHashStream
    • BLAKE3DeriveKey, BLAKE3DeriveKeyStream, BLAKE3OutputReader, BLAKE3Hash
  • KMAC
    • CSHAKE128, CSHAKE256, KMAC128, KMAC256, KMACXOF128, KMACXOF256

Transparency Log

  • Merkle
    • MerkleVerifier, MerkleLog
    • SignedLog, Sha256Tree, Blake3Tree, MemoryStorage

Utilities

  • Fortuna CSPRNG
    • Fortuna, SerpentGenerator, ChaCha20Generator, AESGenerator, SHA256Hash, SHA3_256Hash, BLAKE3Hash
  • Utils TypeScript | WASM
    • constantTimeEqual, randomBytes, wipe, encoding helpers
  • TypeScript interfaces
    • Hash, KeyedHash, Blockcipher, Streamcipher, AEAD, Generator, HashFn

Project

Reference

Clone this wiki locally