Re: The importance of PQC / Stop using RSA immediately from Mike Prorock on 2023-01-04 (public-credentials@w3.org from January 2023)

From: Mike Prorock <mprorock@mesur.io>
Date: Tue, 3 Jan 2023 20:36:46 -0700
To: Gabe Cohen <gabe@tbd.email>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAGJKSNQrdghGFzgg+68UtAf_ox548gWV0tp96p+rSoVXArs+XQ@mail.gmail.com>

I think Orie and I may have been putting the most time in in regards to PQC
and VCs/DIDs.  Definitely something that waiting on an answer for is not
the right approach.  This is not to say switch to Dilithium or similar
immediately, but have a plan.  Most of the active work at this point is at
IETF standards wise, and places like
https://openquantumsafe.org/ on the implementation side.  This however is
enabling testing and use with VCs and DIDs and I highly encourage some
familiarity with the "new" signature methods and KEMs as there are impacts
on key sizes, signature generation time, and verification time.

We ran a main CCG call last year on the topic and we can definitely dust
that off again this year as we see more from NIST on the topic.

The KEM stuff is mostly still at CFRG and will likely be working it's way
into JOSE/COSE come IETF in March.

Mike Prorock
mesur.io

On Tue, Jan 3, 2023, 20:05 Gabe Cohen <gabe@tbd.email> wrote:

> Breaking RSA is now a more real threat than ever!
> https://www.schneier.com/blog/archives/2023/01/breaking-rsa-with-a-quantum-computer.html
>
>  We have long known from Shor’s algorithm that factoring with a quantum
>> computer is easy. But it takes a big quantum computer, on the orders of
>> millions of qbits, to factor anything resembling the key sizes we use
>> today. What the researchers have done is combine classical lattice
>> reduction factoring techniques with a quantum approximate optimization
>> algorithm. This means that they only need a quantum computer with 372
>> qbits, which is well within what’s possible today. (The IBM Osprey is a
>> 433-qbit quantum computer, for example. Others are on their way as well.)
>>
>
>
> The importance of hybrid and PQC solutions from DIDs and VCs is extremely
> pressing. I know there is some work on post quantum signature type
> <https://www.ietf.org/archive/id/draft-prorock-cose-post-quantum-signatures-01.txt>.
> Is anyone else working on similar systems?
>
>
> Gabe Cohen
>
> Lead Platform Engineer, Verifiable Credentials
>
> gabe@tbd.email <gcohen@tbd.email>
>
> TBD <http://tbd.website/> | LinkedIn <https://linkedin.com/in/cohengabe>
> | Twitter <https://twitter.com/decentralgabe>
>
>

Received on Wednesday, 4 January 2023 03:37:12 UTC