1.0.0-alpha.14

Pre-launch security hardening of the 0x03 PQ-hybrid share bundle (audit H2/M6). The share-bundle wire format changes; the on-disk file format and the 0x03 file-decryption path are unchanged, so existing cipher_version-3 files remain decryptable.

Changed (BREAKING — share-bundle wire format only)

• Share bundle (0x03) re-keyed and versioned (audit H2). The share transport key is now derived from the KEM/envelope secret under a dedicated HKDF label shieldfive/v1/share-transport instead of reusing the file-combiner label shieldfive/v1/pq-hybrid/combine, so a share transport key can never equal a file's combined key. The combined key is now wrapped with XChaCha20-Poly1305 whose AAD authenticates the whole bundle (magic || uint32_be(pq_len) || pq_payload || wrap_nonce) rather than an AAD-less secretbox that authenticated only the 32-byte key — PQ material can no longer be substituted or stripped undetected. The bundle now carries a "SF5S" + version-2 magic prefix so the hardened format is distinguishable from (and not confusable with) the earlier unversioned one. Share bundles produced by earlier alpha builds are rejected and must be re-issued; no real shares exist pre-launch, so this is a clean break. See spec/format-v1.md § "Share bundle".

Security

• Reserved-pad enforcement (0x03, audit M6). The 0x03 suite-payload parser now rejects a non-zero reserved pad in classical_wrapped (the 24 bytes after the 48-byte secretbox), closing a malleable unauthenticated field. The default suite combine label and file path are unchanged.

Documentation

• README/spec: corrected the "cross-file splice prevention (file_id AAD)" table cell and prose — file_id is NOT in the chunk AAD; splice resistance is structural via file_id as the HKDF salt in the chunk-key derivation (audit INFO). Noted that the "no parallel implementation" scope is the file-content cipher suites; the keyring/envelope layer uses WebCrypto AES-GCM/HMAC directly.
• Planned (not in this release): suite-id binding in 0x03 chunk derivation (audit M5). The 0x03 chunk-key / nonce-prefix derivations reuse the 0x02 xchacha HKDF labels and do not bind the suite id. This is not exploitable (the header MAC authenticates the suite byte) and is left unchanged — production cipher_version-3 files depend on it and would become undecryptable if altered. A future suite version (a new suite id, not 0x03) will bind the suite id into the chunk derivation.

Tests

• Added share-bundle PQ-substitution/forgery, dedicated-transport-key, non-zero reserved-pad rejection, and share-bundle version-marker tests (182 → 188 passing).

---

Tests: 188 / 188 pass. See CHANGELOG.md for the full history.

1.0.0-alpha.13

Source-comment + constant fixes flagged during the alpha.12 pre-publish review. No functional change — runtime behavior is identical to alpha.12.

Fixed

• SHIELDFIVE_CRYPTO_VERSION now reports the actual package version (it was pinned at 1.0.0-alpha.11). Informational constant only — never written into file output or any test vector.
• Corrected a backwards source comment in the aes-gcm-v2 suite: the cross-file nonce-prefix space widens from 2^32 to 2^64 (the comment previously said "shrinks").

---

Tests: 182 / 182 pass. See CHANGELOG.md for the full history.

1.0.0-alpha.12

Documentation-only release. The npm README now matches the repo + site: the test badge is corrected to 182 and all four cipher suites are documented (the README published with alpha.11 still listed only three). No source changes — dist/ is identical to alpha.11.

Documentation

• Test count 171 → 182. npm test reports 182/182. The 11 additional tests are the offline single-file decryptor example suite that landed after the badge was last refreshed.
• Four-suite docs reach npm. The cipher-suite table and "four suites" wording document suite 0x04 aes-gcm-v2 (shipped in alpha.11); the README published with alpha.11 still listed only three suites.

---

Tests: 182 / 182 pass. See CHANGELOG.md for the full history.

1.0.0-alpha.11

Cipher-suite-agility expansion + sender attribution. The default suite is unchanged (PQ-hybrid); the new AES-GCM v2 suite and the Ed25519 signature block are both opt-in, so files produced by alpha.5+ keep decrypting unchanged.

Added

• Cipher suite 0x04 — aes-gcm-v2. 8-byte HKDF-derived nonce prefix + 4-byte big-endian chunk counter, widening the cross-file IV-collision space from 2^32 to 2^64 while keeping the IV at 12 bytes. The chunk_key derivation is identical to 0x01; only the nonce-prefix split differs. Suite 0x01 (aes-gcm-v1) stays decrypt-only on the umbrella export. Documented in spec/format-v1.md.
• Optional sender-attribution signatures (src/identity/sign.ts). Detached Ed25519 (algorithm 0x01) over header_unauthenticated_bytes || concat(chunk_macs), appended as a trailing signature block. Legacy files without the block keep decrypting unchanged; the streaming API returns { signature: null } in that case. Algorithm 0x02 is reserved for ML-DSA-65.

Notes

• Default cipher suite is still PQ-hybrid (SUITE.PQ_HYBRID_XCHACHA_MLKEM1024_V1); aes-gcm-v2 is opt-in via the dedicated subpath import.
• Wire-format updates are documented in spec/format-v1.md.

---

Tests: 171 / 171 pass. See CHANGELOG.md for the full history.

1.0.0-alpha.9

Pre-HN copy polish + bug-bounty alignment. No runtime / wire-format changes — alpha.9 is a documentation, attribution, and metadata-only release. Decrypts produced by alpha.5+ remain byte-identical.

Note: 1.0.0-alpha.8 was never published to npm. alpha.9 includes the alpha.8 fix below.

Documentation

• docs(security) — align SECURITY.md bug-bounty section with shieldfive.com/security/bug-bounty. The previous wording said no paid bounty existed for the open-source crypto library; the operator-run program at shieldfive.com/security/bug-bounty has always covered this library with €1000 / €500 / €250 tiers, so SECURITY.md now points there instead of contradicting it. Audit punch-list item P0-4.

Changed

• chore(package) — drop "audited-ready" from the npm description. No external audit has been performed; the project's audit posture is documented in SECURITY.md and continues to be self-reviewed, external audit deferred. Description now reads: "Client-side post-quantum hybrid encryption for cloud storage. The cryptographic core of ShieldFive." Audit punch-list item P1-D.
• chore(license) — replace Copyright 2026 ShieldFive with Copyright 2026 Cho Garcia in LICENSE (Apache-2.0 attribution block). Natural-person attribution matches the package.json author field. Audit punch-list item P1-C.
• chore(crypto) — bump SHIELDFIVE_CRYPTO_VERSION constant in src/index.ts from the stale 1.0.0-alpha.6 to 1.0.0-alpha.9 so it tracks package.json.

Fixed (carried from unpublished alpha.8)

• fix(pq-hybrid-v1) — re-export generateMlKemKeypair and deriveMlKemKeypair from the public subpath so the README quick-start compiles.

---

Tests: 156 / 156 pass. See CHANGELOG.md for the full history.

1.0.0-alpha.7

1.0.0-alpha.7 — noble-post-quantum 0.6.0 + combinedKey SECURITY warnings on all six API surfaces + LICENSE attribution fix + vectors test in CI

v1.0.0-alpha.5

Changes since v1.0.0-alpha.3

Spec & threat model

• Internal review Tasks 1–2: spec clarifications, HKDF_INFO constants, test vectors
• Phase 3 prerequisites: 1.4c PQ-hybrid header MUST, 2.4 ML-KEM seed split
• Threat-model updates for review findings 3.1–3.7

Implementation hardening

• Task 1: MAC-verify ordering + cross-field header invariant (1.4a, 1.4b, 1.5)

Streams

• New: pq-hybrid-v1 TransformStream wrapper (Suite 0x03 — ML-KEM + ECC hybrid)

v1.0.0-alpha.3

Initial public release of @shieldfive/crypto — post-quantum-hybrid client-side encryption library, providing the cryptographic core of ShieldFive.

See README, SECURITY, and the format spec.