session

module
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 12, 2026 License: BSD-3-Clause

README

SessionVM

Post-quantum secure messaging VM for the Lux blockchain ecosystem.

CI Go Reference

Overview

SessionVM is a pluggable virtual machine that provides end-to-end encrypted, post-quantum secure private messaging. It can be integrated into any Lux-based chain to enable secure communication.

Features

  • Post-Quantum Security: ML-KEM-768 (FIPS 203) and ML-DSA-65 (FIPS 204)
  • Forward Secrecy: Fresh KEM encapsulation per message
  • Authenticated Encryption: XChaCha20-Poly1305 AEAD
  • Pluggable Architecture: Integrate into any Lux SDK chain
  • High Performance: Optimized for low-latency messaging

Installation

go get github.com/luxfi/session

Quick Start

import (
    "github.com/luxfi/session/crypto"
    "github.com/luxfi/session/vm"
)

// Generate post-quantum identity
identity, err := crypto.GenerateIdentity()
// identity.SessionID: "07abc123..." (66 chars)
// identity.KEMPublicKey: 1184 bytes (ML-KEM-768)
// identity.DSAPublicKey: 1952 bytes (ML-DSA-65)

// Encrypt to recipient
ciphertext, err := crypto.EncryptToRecipient(recipientKEMPublicKey, plaintext)

// Sign message
signature, err := crypto.Sign(identity.DSASecretKey, message)

// Verify signature
valid := crypto.Verify(identity.DSAPublicKey, message, signature)

Cryptographic Primitives

Algorithm Purpose Standard Security Level
ML-KEM-768 Key Encapsulation FIPS 203 NIST Level 3
ML-DSA-65 Digital Signatures FIPS 204 NIST Level 3
XChaCha20-Poly1305 AEAD Encryption RFC 8439 256-bit
Blake2b-256 Hashing RFC 7693 256-bit

Session ID Format

Session IDs use a prefix system to identify the cryptographic suite:

  • 07 - Post-quantum (ML-KEM-768 + ML-DSA-65)
  • 05 - Legacy (X25519 + Ed25519)

Format: <prefix> + hex(Blake2b-256(KEM_pk || DSA_pk)) = 66 characters

Architecture

┌─────────────────────────────────────────────────────────┐
│                    Application Layer                     │
│              (Pars, Messaging Apps, DAOs)               │
└───────────────────────┬─────────────────────────────────┘
                        │
┌───────────────────────▼─────────────────────────────────┐
│                github.com/luxfi/session                  │
│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────┐  │
│  │   vm/vm.go  │  │ vm/service  │  │ crypto/identity │  │
│  │   SessionVM │  │    RPC      │  │  PQ Crypto Ops  │  │
│  └─────────────┘  └─────────────┘  └────────┬────────┘  │
└─────────────────────────────────────────────┼───────────┘
                                              │
┌─────────────────────────────────────────────▼───────────┐
│                github.com/luxfi/crypto                   │
│  ┌────────────┐  ┌────────────┐  ┌──────────────────┐   │
│  │   mlkem/   │  │   mldsa/   │  │   blake2b/       │   │
│  │ ML-KEM-768 │  │ ML-DSA-65  │  │   XChaCha20      │   │
│  └────────────┘  └────────────┘  └──────────────────┘   │
│        (cloudflare/circl FIPS implementations)          │
└─────────────────────────────────────────────────────────┘

Benchmarks

On Apple M1 Max:

BenchmarkGenerateIdentity:         268μs/op
BenchmarkEncapsulateDecapsulate:   226μs/op
BenchmarkSignVerify:               1.08ms/op
BenchmarkCreateSession:            3.8μs/op
BenchmarkSendMessage:              1.9μs/op
BenchmarkGetSession:               16ns/op

Testing

# Run all tests with race detection
go test -v -race ./...

# Run benchmarks
go test -bench=. -benchmem ./...

Configuration

{
  "sessionTTL": 86400,
  "maxMessages": 10000,
  "maxChannels": 1000,
  "retentionDays": 30,
  "idPrefix": "07"
}

Documentation

License

Copyright (C) 2019-2025, Lux Industries Inc. All rights reserved. See LICENSE for details.

Directories

Path Synopsis
cmd
sessiond command
sessiond is the Lux session layer daemon.
sessiond is the Lux session layer daemon.
Package core provides shared types and utilities for the session layer.
Package core provides shared types and utilities for the session layer.
Package crypto provides post-quantum cryptographic operations for SessionVM using github.com/luxfi/crypto for ML-KEM-768 and ML-DSA-65.
Package crypto provides post-quantum cryptographic operations for SessionVM using github.com/luxfi/crypto for ML-KEM-768 and ML-DSA-65.
Package daemon implements the sessiond service node daemon.
Package daemon implements the sessiond service node daemon.
Package network provides P2P networking abstractions for the session layer.
Package network provides P2P networking abstractions for the session layer.
Package protocol defines the session protocol types and operations.
Package protocol defines the session protocol types and operations.
Package storage provides storage abstractions for the session layer.
Package storage provides storage abstractions for the session layer.
Package swarm implements epoch-based swarm assignment for session workloads.
Package swarm implements epoch-based swarm assignment for session workloads.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL