{"id":43722456,"url":"https://github.com/quantumpurse/quantum-purse","last_synced_at":"2026-02-05T08:12:00.461Z","repository":{"id":281444731,"uuid":"935812123","full_name":"quantumpurse/quantum-purse","owner":"quantumpurse","description":"A CKB quantum-safe \u0026 lightweight wallet","archived":false,"fork":false,"pushed_at":"2026-01-25T02:29:55.000Z","size":31019,"stargazers_count":12,"open_issues_count":7,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-01-25T15:59:03.525Z","etag":null,"topics":["ckb","quantum-safe","sphincs-plus"],"latest_commit_sha":null,"homepage":"https://quantum-purse.vercel.app","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/quantumpurse.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-02-20T04:01:58.000Z","updated_at":"2026-01-25T02:29:29.000Z","dependencies_parsed_at":"2026-01-25T16:03:30.660Z","dependency_job_id":null,"html_url":"https://github.com/quantumpurse/quantum-purse","commit_stats":null,"previous_names":["tea2x/quantum-purse-web-static","tea2x/quantum-purse","quantumpurse/quantum-purse"],"tags_count":30,"template":false,"template_full_name":null,"purl":"pkg:github/quantumpurse/quantum-purse","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quantumpurse%2Fquantum-purse","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quantumpurse%2Fquantum-purse/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quantumpurse%2Fquantum-purse/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quantumpurse%2Fquantum-purse/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/quantumpurse","download_url":"https://codeload.github.com/quantumpurse/quantum-purse/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/quantumpurse%2Fquantum-purse/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29116453,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-05T05:31:32.482Z","status":"ssl_error","status_checked_at":"2026-02-05T05:31:29.075Z","response_time":65,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ckb","quantum-safe","sphincs-plus"],"created_at":"2026-02-05T08:12:00.397Z","updated_at":"2026-02-05T08:12:00.456Z","avatar_url":"https://github.com/quantumpurse.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Quantum Purse\n\n**Disclaimer:** While this project has been carefully developed and [externally audited](https://scalebit.xyz/reports/Quantum-Purse-Audit-Report-12-15-2025.pdf) for security, it represents pioneering work in quantum-resistant blockchain technology - **USE AT YOUR OWN RISK.**\n\nQuantum Purse is a lightweight, quantum-safe desktop wallet designed for the [CKB blockchain](https://www.nervos.org/). CKB addresses generated by Quantum Purse are quantum-safe, so assets transferred to these addresses remain secure against quantum threats. The project is currently configured to let users use the [quantum-resistant Lock Script](https://github.com/cryptape/quantum-resistant-lock-script) developed by Cryptape.\n\n###### \u003cu\u003eFeature list\u003c/u\u003e:\n\n| Feature | Details |\n|------------------------|-----------------------------------|\n| **Signature type** | FIPS205 (SPHINCS+) |\n| **Mnemonic standard** | Custom BIP39 English |\n| **Local encryption** | AES256 |\n| **Key derivation** | HKDF with SHA256 |\n| **Authentication** | Password |\n| **Password hashing** | Scrypt |\n| **Store model** | Indexed DB |\n| **RPC endpoint** | No |\n| **Client type** | Fly Client (CKB light client js) |\n| **Demo site** | Brave, Google Chrome, Safari |\n| **Native PC app** | Windows, macOS, Linux |\n\n###### Architecture Overview\n\u003cimg width=\"628\" alt=\"overview\" src=\"https://github.com/user-attachments/assets/433a25dd-2845-4384-b9a3-e2374aac3227\" /\u003e\n\n## Sha2-256s / Sha2-128s or which?\nAll 12 NIST-approved SPHINCS+ parameter sets are supported by Quantum Purse. These parameter sets are the combinational results of:\n- 2 hashing algorithms: `Sha2`, `Shake`\n- 3 security parameter length: `128 bit`, `192 bit`, `256 bit`\n- 2 optimization methods: `s`(small signature), `f`(fast signature generation)\n\n##### \u003cu\u003ePost Quantum security level\u003c/u\u003e\nNIST doesn't define the strength for each variant using precise estimates of the number of “bits of security” but offers 5 broad security strength categories. Refer to the [NIST call for quantum safe crypto proposal](https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf) for more details. Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for:\n1) Key search on a block cipher with a 128-bit key (e.g. AES128)\n2) Collision search on a 256-bit hash function (e.g. SHA256/ SHA3-256)\n3) Key search on a block cipher with a 192-bit key (e.g. AES192)\n4) Collision search on a 384-bit hash function (e.g. SHA384/ SHA3-384)\n5) Key search on a block cipher with a 256-bit key (e.g. AES 256)\n\nSPHINCS+ variants with security parameter length of 128, 192, 256 fall into the category 1, 3, 5 respectively.\n\n##### \u003cu\u003eRecommendation\u003c/u\u003e\nFor CKB:\n- 's' variant is on-chain friendly as it's fast and lightweight. The tradeoff here is that key generation and signing on Quantum Purse takes longer to execute.\n- `Sha2` is faster than `Shake`.\n\nIf you have no reference, `Sha2-256s` is a good starting point for maximum security. Alternatively, `Sha2-128s` or `Sha2-192s` offer weaker protection but may be suitable for less critical use cases.\n\n## Key Derivation \u0026 Mnemonic Backup Format\nSee [Quantum Purse Key Vault](https://github.com/tea2x/quantum-purse-key-vault) project for more details.\n\n## 73 CKB\nDue to the larger size of the [quantum resistant lock script](https://github.com/cryptape/quantum-resistant-lock-script):\n- Minimum CKB per quantum-safe cell is 73 CKB.\n- Smaller transfers to Quantum Purse will be rejected by CKB blockchain.\n\n## Light client\n\nQuantum Purse is a true light wallet. It runs its own [CKB light client node](https://github.com/nervosnetwork/ckb-light-client) and connects directly to the CKB network without middle RPC enpoints. The [demo website](https://quantum-purse.vercel.app/) is also powered by the Light Client protocol - effectively making it one of the first true blockchain clients that can even run on mobiles. The light client sync status such as peers connected and sync percentage are displayed on the right side of the app's header:\n\n\u003cimg width=\"577\" height=\"122\" alt=\"Screenshot 2026-01-21 at 12 16 38 AM\" src=\"https://github.com/user-attachments/assets/8139a55e-e61e-42d1-99e6-c8b78ea88501\" /\u003e\n\n**Important:**\n- It takes 5-10 seconds to establish connections to other nodes.\n- Another 10 - 30 seconds to fully sync a newly added account.\n- For a smooth experience, ensure your CONNECTED value is greater than 0 and sync status to be ~100% before making any transaction.\n- In case you notice that sync percentage grows very slowly for some reason e.g after creating Quantum Purse wallet without internet, please set `starting block` to skip blocks that have none transaction. Go to Settings -\u003e Accounts -\u003e 3-dot menu to set starting blocks.\n- One new account starts syncing at block 0 will make other accounts sync to wait until this account catches up. Provide starting blocks properly for a smooth experience.\n\n## CCC\n\nQuantum Purse integrates [CCC](https://github.com/ckb-devrel/ccc) for blockchain client connect and transaction building. But in order to ensure light-client-js compatibility with CCC temporarily, Quantum Purse has to use a [fork from CCC](https://www.npmjs.com/package/ckb-ccc-core-light-client-js-patch). This fork is fairly simple and will find its way to the official CCC in the future.\n\n## Wallet recovery\n\nWhen you import your seed phrase into Quantum Purse, it automatically restores your wallets by generating child keys sequentially, starting from index 1. The recovery process continues until it encounters 5 consecutive empty accounts (i.e., accounts with no transaction history).\n\n**Important:** Currently, recovering wallet on a newly setup Quantum Purse will result in only the first account being created because Light Client is too slow for this process. In such case, create accounts, determine starting block via ckb explorer then set starting blocks manually via each account's context menu.\n\n## Installation\n\nQuantum Purse offers pre-built binaries for macOS, Windows and Linux. Download Quantum Purse in the [release page](https://github.com/tea2x/quantum-purse/releases).\n\n**Notice:** These are not reproducible builds due to the nature of Electron app build and app signing. As a result, in a post-quantum threat model, the build hash and GitHub commit alone cannot be used to independently verify the binary’s integrity. Verification must instead rely on building the application directly from the source code detailed in below section. A future Quantum Purse v2 with a different architecture may enable reproducible builds and stronger verifiability.\n\n## Build from source\n###### \u003cu\u003eDependencies\u003c/u\u003e\n1. Node \u003e=22.12\n2. Brave, Google Chrome, Safari\n\n###### \u003cu\u003eCommand list\u003c/u\u003e\n```shell\n# Install dependencies\nnpm install\n\n# Build web app core\nnpm run build:web\n\n# start web app in development mode\nnpm run start:web\n\n# Build native app for macos on Apple silicon\nnpm run build:app:mac:arm64\n\n# Build native app for macos x64\nnpm run build:app:mac:x64\n\n# Build native app for linux x64\nnpm run build:app:linux:x64\n\n# Build native app for windows x64\nnpm run build:app:win:x64\n\n# start native app in development mode\nnpm run start:app\n\n# Run test\nnpm run test\n```\n\n## Contribution\nAny PR to `develop` branch is welcomed. Have an idea or have found an issue? Feel free to open a github issue or leave a message in the [Quantum Purse telegram group](https://t.me/quantumpurse) to let me know.\n\n## Demo\nhttps://quantum-purse.vercel.app/\n\n## Notes\n\n1. Mnemonic seed phrases are very long. *256s/f variants with 72 words may feel overwhelming if you're new to quantum-safe wallets. For easier backup, consider starting with *128s/f variants (36 words), which still provide strong quantum resistance.\n2. Back up your mnemonic phrase. Losing your mnemonic means losing access to your wallet.\n3. Quantum Purse does NOT store your passwords. Passwords are used only temporarily to encrypt and decrypt your secret data.\n4. There's no guarantee your encrypted wallet seed can not be exposed. In case it is exposed, you will want it to have sufficiently strong encrytion with an equaly strong password. Pick a strong password for your self!\n5. What is a strong password? Quantum Purse does guide you in wallet creation to create strong passwords but it will be best for you to come up with your own that passes Quantum Purse's validation. For what is a strong password, you might want to refer to this [link](https://www.antivirus.promo/password-strength-checker).\n6. Forgot your password? Recover access by importing your seed phrase and setting a new password instantly.\n7. Need help? Report issues on GitHub!\n\n## A recommended practice\nSecurity is everyone's responsibility. While Quantum Purse does its job in minimizing sensitive data exposes, **password/mnemonic inputting in JS environment doesn't offer much control** and remains as a weak point. This is in fact an issue for all password-based application. Until a proper SPHINCS+ hardware wallet is available for secure key management, it is recommended to follow this practice to maximize security:\n\n1. Use a dedicated device with minimal software installed to run Quantum Purse.\n2. On each transactional activity, there's a button named \"Sign \u0026 Export\". Wait for the light client to completely sync then disconnect with the internet. Then use \"Sign \u0026 Export\" to perform signing off-line and store the transaction object on your computer.\n3. Terminate the application after completing a transaction. Ideally, power off your computer to wipe residual password-related data from RAM.\n4. Open your computer again and use any CKB transaction broadcaster to broadcast your signed transaction to the CKB network.\n5. Never copy sensitive data as data in clipboards get attacked easilly. Remember to protect/lock your machine always.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquantumpurse%2Fquantum-purse","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquantumpurse%2Fquantum-purse","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquantumpurse%2Fquantum-purse/lists"}