Re: [PROPOSED WORK ITEM] W3C-VC-QP - Verifiable Credential Quantum Proof #247 from Michael Prorock on 2024-03-27 (public-credentials@w3.org from March 2024)

From: Michael Prorock <mprorock@mesur.io>
Date: Wed, 27 Mar 2024 14:00:17 -0600
To: "Andrea D'Intino" <andrea@dyne.org>
Cc: Michael Prorock <mprorock@mesur.io>, Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials CG <public-credentials@w3.org>, Jaromil <jaromil@dyne.org>, Puria 💣 Nafisi Azizi <puria@dyne.org>
Message-ID: <CAGJKSNTbJ0XrTfuO4URsHEphXqTvWf9WfWv_bUO_UDaEPHG2-g@mail.gmail.com>

Yean - totally understand based on implementation availability and review -
just be aware that you won't be getting exactly the FIPS stuff you are
probably after, and that it may work that you can build on, but maybe not.

Mike Prorock
Founder
https://mesur.io/



On Wed, Mar 27, 2024 at 1:53 PM Andrea D'Intino <andrea@dyne.org> wrote:

> Interesting, I'm taking a note.
>
> For the moment we have implemented Dilithium2 only from PQClean, so that's
> all we can work on for now. For the future we're discussing Falcon (also in
> PQClean).
>
> | Andrea D'Intino | +45  21 62 79 18 | Project Manager
> | https://Dyne.org think &do tank  | software to empower communities
> | ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره
>
> On 27/03/2024 20.51, Michael Prorock wrote:
>
> I would recommend that any trial implementation utilize ML-DSA, perhaps
> with only one parameter set identified for now, e.g. ML-DSA-65.  There are
> subtle, but important differences.  See section 1.3 here:
> https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf
>
> For parameter sets, see section 4 of the initial public draft for FIPS204
>
> See here for good implementation starting places if you plan to implement
> rather than incorporate via openssl or otherwise:
> https://github.com/open-quantum-safe/liboqs
>
> Mike Prorock
> Founder
> https://mesur.io/
>
>
>
> On Wed, Mar 27, 2024 at 1:43 PM Andrea D'Intino <andrea@dyne.org> wrote:
>
>> Hi Mike,
>>
>> we use this implementation in Zenroom:
>> https://github.com/PQClean/PQClean/tree/master/crypto_sign/dilithium2/clean
>> which I believe matches your second option.
>>
>> Cheers,
>>
>> | Andrea D'Intino | +45  21 62 79 18 | Project Manager
>> | https://Dyne.org think &do tank  | software to empower communities
>> | ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره
>>
>> On 27/03/2024 20.31, Michael Prorock wrote:
>>
>> By dilithium 2 do you mean ML-DSA-65 or dilithium from the original
>> definition with the second parameter set and a matrix of 6x5?
>>
>>
>>
>> Mike Prorock
>> founder - mesur.io
>>
>> On Wed, Mar 27, 2024, 13:24 Manu Sporny <msporny@digitalbazaar.com>
>> wrote:
>>
>>> On Wed, Mar 27, 2024 at 2:39 PM Andrea D'Intino <andrea@dyne.org> wrote:
>>> > we are seeking feedback on a new CCG Work Item proposal regarding the
>>> quantum-prooof signatures for Verifiable Credentials across devices and
>>> websites. Please leave your support or concerns here:
>>> >
>>> > https://github.com/w3c-ccg/community/issues/247
>>>
>>> Digital Bazaar is supportive of the proposal, will help edit the
>>> specification, plans to do an implementation, can help with test
>>> suites, and will likely integrate the final solution into our
>>> production products.
>>>
>>> -- manu
>>>
>>> --
>>> Manu Sporny - https://www.linkedin.com/in/manusporny/
>>> Founder/CEO - Digital Bazaar, Inc.
>>> https://www.digitalbazaar.com/
>>>
>>>

Received on Wednesday, 27 March 2024 20:00:33 UTC