Quantum Purse

Quantum Purse is a quantum-safe lightweight wallet for CKB blockchain.

CKB addresses generated by Quantum Purse are quantum-safe, so assets transferred to these addresses remain secure against quantum threats.

Currently using an under development CKB quantum resistant lockscript.

Feature list:

Feature	Details
Signature type	FIPS205 (SPHINCS+)
Mnemonic standard	Custom BIP39 English
Local encryption	AES256
Key derivation	Scrypt
Authentication	Password
Password hashing	Scrypt
Store model	Indexed DB
RPC endpoint	No
Client type	Fly Client
Demo site	Chrome-based, Safari
Native PC app	Windows, macOS, Linux

Architecture Overview

Sha2-256s / Sha2-128s or which?

All 12 NIST-approved SPHINCS+ parameter sets are supported by Quantum Purse. These parameter sets are the combinational results of:

• 2 hashing algorithms: Sha2, Shake
• 3 security parameter length: 128 bit, 192 bit, 256 bit
• 2 optimization methods: s(small signature), f(fast signature generation)

Post Quantum security level

NIST doesn't define the strength for each variant using precise estimates of the number of “bits of security” but offers 5 broad security strength categories. Refer to the NIST call for quantum safe crypto proposal for more details. Any attack that breaks the relevant security definition must require computational resources comparable to or greater than those required for:

1. Key search on a block cipher with a 128-bit key (e.g. AES128)
2. Collision search on a 256-bit hash function (e.g. SHA256/ SHA3-256)
3. Key search on a block cipher with a 192-bit key (e.g. AES192)
4. Collision search on a 384-bit hash function (e.g. SHA384/ SHA3-384)
5. Key search on a block cipher with a 256-bit key (e.g. AES 256)

SPHINCS+ variants with security parameter length of 128, 192, 256 fall into the category 1, 3, 5 respectively.

Recommendation

For CKB:

• 's' variant is on-chain friendly as it's fast and lightweight. The tradeoff here is that key generation and signing on Quantum Purse takes longer to execute.
• Sha2 is faster than Shake.

If you have no reference, Sha2-256s is a good starting point for maximum security. Alternatively, Sha2-128s or Sha2-192s offer weaker protection but may be suitable for less critical use cases.

Key Derivation & Mnemonic Backup Format

Quantum Purse uses a simple custom deterministic key derivation scheme based on Scrypt and uses BIP39 as the mnemonic phrase backup format. See https://github.com/tea2x/quantum-purse-key-vault for more details.

73 CKB

Due to the larger size of the quantum resistant lock script:

• Minimum CKB per quantum-safe cell is 73 CKB.
• Smaller transfers to Quantum Purse will be rejected by CKB blockchain.

Light client

Quantum Purse is a true light wallet. It runs its own CKB light client node and connects directly to the CKB network without middle RPC enpoints. The demo website is also powered by the Light Client protocol - effectively making it one of the first true blockchain clients that runs even on mobiles. The light client sync status such as peers connected and sync percentage are displayed on the right side of the app's header:

Important:

• It takes 5-10 seconds to establish connections to other nodes.
• Another 10 - 30 seconds to fully sync a newly added account.
• For a smooth experience, ensure your PEERS value is greater than 0 and sync status to be ~100% before making any transaction.
• In case you notice that sync percentage grows very slowly for some reason e.g after creating Quantum Purse wallet without internet, please set starting block to skip blocks that have none transaction. Go to Settings -> Accounts -> 3 dots menu to set starting blocks.
• One new account starts syncing at block 0 will make other accounts sync to wait until this account catches up. Provide starting blocks properly for a smooth experience.

CCC

Quantum Purse integrates CCC as its main CKB off-chain engine for e.g. transaction building. But in order to ensure light-client-js compatibility with CCC temporarily, Quantum Purse has to use a fork from CCC. This fork is fairly simple and will be suspended in the future.

Wallet recovery

When you import your seed phrase into Quantum Purse, it automatically restores your wallets by generating child keys sequentially, starting from index 1. The recovery process continues until it encounters 5 consecutive empty accounts (i.e., accounts with no transaction history).

Important: Currently, recovering wallet on a newly setup Quantum Purse will result in only the first account being created because Light Client is too slow for this process. In such case, create accounts, determine starting block via ckb explorer then set starting blocks manually via each account's context menu.

How to use

Quantum Purse offers pre-built binaries for macOS, Windows and Linux but if you want to tweak it your way it's also possible. Choose one of the following:

1. Download Quantum Purse in the release page.
2. Clone and refer to Building from source then use the binary in build/ folder.
3. For development purposes, serve it locally with webpack via npm run start:web. You can find other ways to serve the built dist/ folder locally too.

Build from source

Dependencies

1. Node >=20.
2. Chrome-based or safari browsers.

Command list

# Install dependencies
npm install

# Build web app core
npm run build:web

# start web app in development mode
npm run start:web

# Build native app for macos on Apple silicon
npm run build:app:mac:arm64

# Build native app for macos x64
npm run build:app:mac:x64

# Build native app for linux x64
npm run build:app:linux:x64

# Build native app for windows x64
npm run build:app:win:x64

# start native app in development mode
npm run start:app

# Run test
npm run test

Contribution

Any PR to develop branch is welcomed. Have an idea or have found an issue? Feel free to open a github issue or leave a message in the Quantum Purse telegram group to let me know.

Demo

https://quantum-purse.vercel.app/

Notes

1. As of 2025, quantum resistance is still experimental. Use this software at your own risk.
2. Back up your mnemonic phrase. Losing your mnemonic means losing access to your wallet.
3. Quantum Purse does NOT store your passwords. Passwords are used only temporarily to encrypt and decrypt your secret data.
4. Quantum Purse stores only public data and encrypted secret data. Your SPHINCS+ private keys remain protected as long as your password is strong enough.
5. What is a strong password? Quantum Purse does guide you in wallet creation to create strong passwords but it will be best for you to come up with your own that passes Quantum Purse's validation. For what is a strong password, you might want to refer to this link.
6. Forgot your password? Recover access by importing your seed phrase and setting a new password instantly.
7. Need help? Report issues on GitHub!

Commentary

Quantum Purse requires password for each key-related function. While the application securely erases sensitive data after processing, password/mnemonic inputting in JS environment doesn't offer the same level of control. So password/seed phrase inputting (seed phrase exporting included) remains a potential attack vector—this is in fact the weakest link in all password-based cryptocurrency wallets.

Until a proper SPHINCS+ hardware wallet is available for secure key management, follow these best practices to maximize security:

1. Use a dedicated device with minimal software installed to run Quantum Purse.
2. There's no guarantee your encrypted mnemonic can not be leaked. You have to have a strong enough password if you want to keep the wallet on your computer safe.
3. Terminate the application after completing a transaction. Ideally, power off your computer to wipe residual password-related data from RAM.
4. For maximum security (seems a little paranoid though xd), use an air-gapped device (one with no internet connection) to run Quantum Purse. To sign a transaction:
   • Construct an unsigned transaction on an internet-connected device using your public address.
   • Transfer it via a secure USB drive (ensure it's malware-free) to the air-gapped device.
   • Sign the transaction on the air-gapped device.
   • Transfer the signed transaction back via USB and broadcast it using a tool like this one. You might want to test the broadcaster with JoyID signed transactions first!
   • This effectively turns your dedicated device into a quantum-safe offline signer.
   • ALTHOUGH THIS IS NOT SUPPORT YET, let me know if CKB community really wants this feature or not.