[PROPOSED WORK ITEM] W3C-VC-QP - Verifiable Credential Quantum Proof #247

Hi everyone,

we are seeking feedback on a new CCG Work Item proposal regarding the 
quantum-prooof signatures for Verifiable Credentials across devices and 
websites. Please leave your support or concerns here:

https://github.com/w3c-ccg/community/issues/247

# New Work Item Proposal

The proposal is about defining a new specification to define the 
associated Data Integrity cryptosuite that can be used to construct 
digital signatures and proofs using quantum-proof (QP) signing 
algorithms, starting with 
[Dilithium](https://pq-crystals.org/dilithium/index.shtml).

The notable feature of this family of signature schemes is the 
quantum-resistance, according to the [NIST competition 
results](https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022). 


Currently no QP signature offers zero-knowledge proof or unlinkability 
features, so part of the task of the WG might involve combining QP 
signatures with more privacy-enhancing signining algorithms (such as BBS 
or ECDSA-SD).

We aim to initially focus on Dilithium2 (as apparently there is the only 
signature scheme readily available) and progressively extend the specs 
to accomodate more signature schemes.


## Include Link to Abstract or Draft

https://msporny.github.io/di-quantum-safe/#abstract

* Dilithium signature implementations (C language): 
[pq-crystals](https://github.com/pq-crystals/dilithium.git), 
[pq-clean](https://github.com/PQClean/PQClean)
* Zenroom implementation of the [Dilithium 
signatures](https://dev.zenroom.org/#/pages/zencode-scenarios-qp?id=dilithium) 

* Specification of _did:dyne_ W3C-DID method supporting [Dilithium 
pubkey](https://dyne.org/W3C-DID/#dilithium2verificationkey)
* Curl POST to test W3C-VC-QP signing [API](https://pastebin.com/h1vWd8eP)
* Preliminary W3C-VC-QP proof structure:

```
"proof": {
       "created": 
"1710861739438",                                           //epoch
       "cryptosuite": 
"experimental-dilithium2-2024",                         //proposed 
cryptosuite name
       "id": "H+4899Oefjch3wmRTfczR08jSNdJ+Jr67kadQO7/7uc=", //hash of 
the W3C-VC
       "proofPurpose": "assertionMethod",
       "proofValue": "...Dilithium2signature...",
       "type": "DataIntegrityProof",
       "verificationMethod": 
"did:dyne:..#dilithium_public_key"           // Dilithium2 pubkey of the 
issuer
     }

```

## List Owners

 > Identify 1 lead (person responsible for advancing the work item) and 
at least 1 other owner. Ideally, include their github usernames

@andrea-dintino @msporny, @jaromil, @wip-abramson

## Work Item Questions

1. Explain what you are trying to do using no jargon or acronyms.

Draft a standard for a W3C-VC proof format, that supports Dilithium (and 
potentially further QP algorithms) signatures

2. How is it done today, and what are the limits of the current practice?

First experiment of Dilithium signed W3C-VC formats.

4. What is new in your approach and why do you think it will be successful?

Building on top of extending w3C-VC cryptosuite standards, aiming to be 
as little invasive and disruptive as possible.

5. How are you involving participants from multiple skill sets and 
global locations in this work item? (Skill sets: technical, design, 
product, marketing, anthropological, and UX. Global locations: the 
Americas, APAC, Europe, Middle East.)

Initial participant group includes cryptographers and developers from 
Dyne.org (Netherlands), DigitalBazaar (US) and Will Abramson (US)

6. What actions are you taking to make this work item accessible to a 
non-technical audience?

While the topic is deeply technical, the specification should attempt to 
provide a gentle introduction to the topic via a non-technical 
introduction as well as non-technical use cases with imagery that is 
accessible to the general population.


Cheers,

| Andrea D'Intino | +45  21 62 79 18 | Project Manager
|https://Dyne.org  think &do tank  | software to empower communities
| ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره