Re: [PROPOSED WORK ITEM] W3C-VC-QP - Verifiable Credential Quantum Proof #247 from Michael Prorock on 2024-03-27 (public-credentials@w3.org from March 2024)

From: Michael Prorock <mprorock@mesur.io>
Date: Wed, 27 Mar 2024 13:51:30 -0600
To: "Andrea D'Intino" <andrea@dyne.org>
Cc: Michael Prorock <mprorock@mesur.io>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>, Jaromil <jaromil@dyne.org>, Puria 💣 Nafisi Azizi <puria@dyne.org>
Message-ID: <CAGJKSNSOekJ4hCFBrNxfPkC-vMfhDgsQscs8SnQaOfBO91D-KQ@mail.gmail.com>

I would recommend that any trial implementation utilize ML-DSA, perhaps
with only one parameter set identified for now, e.g. ML-DSA-65.  There are
subtle, but important differences.  See section 1.3 here:
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf

For parameter sets, see section 4 of the initial public draft for FIPS204

See here for good implementation starting places if you plan to implement
rather than incorporate via openssl or otherwise:
https://github.com/open-quantum-safe/liboqs

Mike Prorock
Founder
https://mesur.io/



On Wed, Mar 27, 2024 at 1:43 PM Andrea D'Intino <andrea@dyne.org> wrote:

> Hi Mike,
>
> we use this implementation in Zenroom:
> https://github.com/PQClean/PQClean/tree/master/crypto_sign/dilithium2/clean
> which I believe matches your second option.
>
> Cheers,
>
> | Andrea D'Intino | +45  21 62 79 18 | Project Manager
> | https://Dyne.org think &do tank  | software to empower communities
> | ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره
>
> On 27/03/2024 20.31, Michael Prorock wrote:
>
> By dilithium 2 do you mean ML-DSA-65 or dilithium from the original
> definition with the second parameter set and a matrix of 6x5?
>
>
>
> Mike Prorock
> founder - mesur.io
>
> On Wed, Mar 27, 2024, 13:24 Manu Sporny <msporny@digitalbazaar.com> wrote:
>
>> On Wed, Mar 27, 2024 at 2:39 PM Andrea D'Intino <andrea@dyne.org> wrote:
>> > we are seeking feedback on a new CCG Work Item proposal regarding the
>> quantum-prooof signatures for Verifiable Credentials across devices and
>> websites. Please leave your support or concerns here:
>> >
>> > https://github.com/w3c-ccg/community/issues/247
>>
>> Digital Bazaar is supportive of the proposal, will help edit the
>> specification, plans to do an implementation, can help with test
>> suites, and will likely integrate the final solution into our
>> production products.
>>
>> -- manu
>>
>> --
>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>> Founder/CEO - Digital Bazaar, Inc.
>> https://www.digitalbazaar.com/
>>
>>

Received on Wednesday, 27 March 2024 19:51:46 UTC