Claude/research crypto api 01 sx ts ltr cv5 bf qc1 p ghe2 xd#1385
Draft
Frank-en-stein wants to merge 4 commits intojstz-dev:mainfrom
Draft
Claude/research crypto api 01 sx ts ltr cv5 bf qc1 p ghe2 xd#1385Frank-en-stein wants to merge 4 commits intojstz-dev:mainfrom
Frank-en-stein wants to merge 4 commits intojstz-dev:mainfrom
Conversation
Add two detailed technical documents analyzing Web Crypto API requirements and jstz's current cryptographic capabilities: - crypto-api-checklist.md: Complete W3C Web Crypto API specification breakdown with tiered feature classification (TIER 1/2/3) for JavaScript platform implementation requirements - crypto-api-support-matrix.md: Exhaustive analysis of jstz's current crypto support, comparing protocol-level Rust implementations against Web Crypto API requirements for JavaScript smart functions Key findings: - jstz currently has 0% Web Crypto API support in JavaScript - Strong protocol-level crypto (Ed25519, P256, Secp256k1, Blake2b) - Deterministic execution model requires seeded PRNG approach - Recommends phased implementation starting with deterministic subset
Add practical implementation roadmap with: - Phase-by-phase implementation plan (6 sprints, 9-15 weeks) - Specific code examples and file locations for each feature - Technical decisions needed (extension approach, randomness strategy) - Recommended implementation order prioritizing deterministic operations - Testing strategy and success metrics Focus on jstz-specific constraints: - Deterministic execution requirement - Leveraging existing jstz_crypto Rust implementations - Integration with Deno runtime architecture - Smart function security considerations
…essment CORRECTED FINDINGS: Web Standards Support: - jstz HAS ~60-70% web standards coverage (Fetch, Streams, URL, Encoding, etc.) - Previous claim of "0% support" was incorrect and misleading - Runtime includes deno_web, deno_url, deno_fetch_base, providing rich web APIs Web Crypto API Specific: - JavaScript access: ~1% (2/247 WPT tests passing) - The 2 passing tests verify crypto is NOT available (correct behavior) - Functional Web Crypto: 0% (no crypto.subtle, no getRandomValues) - This is the gap, not general web standards Protocol-Level Cryptography: - Excellent Rust implementation (Ed25519, P256, Secp256k1, Blake2b) - Not exposed to JavaScript smart functions - Used for protocol operations (signing, verification, hashing) Key Evidence: - Global scope analysis (98_global_scope.js): 40+ web APIs, no crypto - Extension init (runtime.rs:490-516): 8 extensions, no deno_crypto - WPT results parsed: 2/247 passing (both test for crypto absence) - Dependency analysis: deno_web present, deno_crypto absent Changes: - Completely rewrote crypto-api-support-matrix.md with accurate data - Added section 1: "Web Standards Support in jstz" (comprehensive) - Documented all available APIs with source references - Corrected WPT analysis with actual test count and pass/fail breakdown - Updated implementation roadmap with corrected current state
Add detailed, actionable 3-phase implementation plan (12-18 weeks): Phase 1 (6-8 weeks): MVP - Core Deterministic Operations - Hash functions (SHA-256/384/512, Blake2b) - Signature verification (Ed25519, P-256) - Key import/export (raw, JWK) - Success: 15-20% WPT pass rate Phase 2 (4-6 weeks): Extended Deterministic Operations - HMAC (SHA-256/384/512) - AES-GCM encryption/decryption - PBKDF2 key derivation - Success: 30-40% WPT pass rate Phase 3 (2-4 weeks): Advanced Features & Optimization - Randomness strategy decision (strict vs seeded PRNG) - Optional Secp256k1 support - Performance optimization - Success: 40-50% WPT pass rate Plan includes: - Detailed code examples for each feature - Specific files to create/modify with line numbers - Acceptance criteria for each deliverable - Risk assessment and mitigation strategies - Resource estimates (952 hours, ~$150k-200k budget) - Testing strategy (unit, integration, WPT) - Security considerations and audit checkpoints - Rollout plan (beta → preview → production) Key decisions documented: - Extension approach (custom jstz_crypto vs deno_crypto) - Randomness strategy (3 options with trade-offs) - Private key handling in smart functions - Performance targets per operation All recommendations based on: - Existing jstz_crypto Rust implementation - Deterministic execution requirements - Web Crypto API W3C specification - Smart contract platform comparison
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Please go the the
Previewtab and select the appropriate sub-template: