Majik Key: A Deterministic, Post-Quantum-Ready Cryptographic Identity Scheme Derived from a Single BIP-39 Mnemonic
Description
Majik Key is an open-source library that derives a complete, multi-algorithm cryptographic identity — X25519 and ML-KEM-768 (FIPS-203) for encryption and key encapsulation, Ed25519 and ML-DSA-87 (FIPS-204) for hybrid classical-plus-post-quantum signing, and an experimental Bitcoin (BIP-32/84) keypair — from a single BIP-39 mnemonic. Every private key is encrypted at rest with AES-256-GCM under a key derived via Argon2id, with a bit-identical WASM-accelerated and pure-JavaScript fallback implementation. This paper describes the derivation formulas, the encryption-at-rest design, the distinct serialization formats and the security properties each one does and does not provide, the library's threat model and known limitations, and its relationship to comparable hybrid post-quantum designs such as Signal's PQXDH and BIP-85-based post-quantum wallet derivation. We provide an independently-reproducible test vector, verified against the library's real published dependencies rather than against the library's own claims about itself. Majik Key is a systematization and composition of standardized primitives rather than a novel cryptographic construction; this paper's contribution is a precise, honest specification of that composition, including where its guarantees end.
Files
Sealed_Majik Key - Technical Whitepaper - 2026_v_1_0_0.pdf
Files
(1.4 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:5a9d657ab51d10ae77dc500c1f624a7c
|
1.4 MB | Preview Download |
Additional details
Related works
- Is referenced by
- Technical note: 10.5281/zenodo.18996348 (DOI)
Dates
- Created
-
2026-07-13
Software
- Repository URL
- https://github.com/Majikah/majik-key
- Programming language
- TypeScript
- Development Status
- Active