Update - mldsa44 - [PROPOSED WORK ITEM] W3C-VC-QP - Verifiable Credential Quantum Proof #247

Dear all,

we went on and implemented mldsa44 from FIPS-204 
(https://csrc.nist.gov/pubs/fips/204/ipd) in Zenroom:

- the first DID: 
https://did.dyne.org/dids/did:dyne:sandbox.genericissuer:EXFRXgZMCJxDbcEBBkU1YzjfBvSFwzLwwGrxj9cz7NvH#mldsa44_public_key 


- Specs: https://dyne.org/W3C-DID/#mldsa44verificationkey

- Zenroom docs: 
https://dev.zenroom.org/#/pages/zencode-scenarios-qp?id=ml-dsa-44

- a curl to call the API that produces a  "cryptosuite": 
"experimental-mldsa44-2024" -> https://pastebin.com/dLKHuV3a


I think it's about time we do some work on the W3C-VC-QP, I have some 
time in the next couple weeks - let me know how we can plan this,

cheers :-)

| Andrea D'Intino | +45  21 62 79 18 | Project Manager
|https://Dyne.org  think &do tank  | software to empower communities
| ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره

On 27/03/2024 21.38, Greg Bernstein wrote:
>
> Hi folks for those interested there has been some nice progress on PQC 
> for unlinkable (privacy preserving) signatures, see Practical 
> Post-Quantum Signatures for Privacy 
> <https://eprint.iacr.org/2024/131>. This is a lattice based approach.
>
> Cheers Greg B.
>
> ------------------------------------------------------------------------
>
> Dr. Greg M. Bernstein, https://www.grotto-networking.com
>
> On 3/27/2024 1:26 PM, Andrea D'Intino wrote:
>>
>> Thanks Mike. I wasn't aware of FIPS 204 (nor of ML-DSA-65). When 
>> implementing Dilitihium2 and Kyber512 and in fact we used liboqs for 
>> ntrup761 (see here: 
>> https://github.com/dyne/Zenroom/tree/master/lib/pqclean/sntrup761 ) 
>> which I see also supports ML-DSA-65.
>>
>> Implementing either ML-DSA-65 or Falcon would take us a month or so, 
>> so as soon as a credible use case comes up, we're happy to look at 
>> implementing further crypto. But I'd say we'd rather start with 
>> Dilithium2.
>>
>> Cheers,
>>
>>
>> | Andrea D'Intino | +45  21 62 79 18 | Project Manager
>> |https://Dyne.org  think &do tank  | software to empower communities
>> | ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره
>> On 27/03/2024 21.00, Michael Prorock wrote:
>>> Yean - totally understand based on implementation availability and 
>>> review - just be aware that you won't be getting exactly the FIPS 
>>> stuff you are probably after, and that it may work that you can 
>>> build on, but maybe not.
>>>
>>> Mike Prorock
>>> Founder
>>> https://mesur.io/
>>>
>>>
>>>
>>> On Wed, Mar 27, 2024 at 1:53 PM Andrea D'Intino <andrea@dyne.org> wrote:
>>>
>>>     Interesting, I'm taking a note.
>>>
>>>     For the moment we have implemented Dilithium2 only from PQClean,
>>>     so that's all we can work on for now. For the future we're
>>>     discussing Falcon (also in PQClean).
>>>
>>>     | Andrea D'Intino | +45  21 62 79 18 | Project Manager
>>>     |https://Dyne.org  <https://Dyne.org>  think &do tank  | software to empower communities
>>>     | ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره
>>>
>>>     On 27/03/2024 20.51, Michael Prorock wrote:
>>>>     I would recommend that any trial implementation utilize ML-DSA,
>>>>     perhaps with only one parameter set identified for now, e.g.
>>>>     ML-DSA-65.  There are subtle, but important differences.  See
>>>>     section 1.3 here:
>>>>     https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.204.ipd.pdf
>>>>
>>>>     For parameter sets, see section 4 of the initial public draft
>>>>     for FIPS204
>>>>
>>>>     See here for good implementation starting places if you plan to
>>>>     implement rather than incorporate via openssl or otherwise:
>>>>     https://github.com/open-quantum-safe/liboqs
>>>>
>>>>     Mike Prorock
>>>>     Founder
>>>>     https://mesur.io/
>>>>
>>>>
>>>>
>>>>     On Wed, Mar 27, 2024 at 1:43 PM Andrea D'Intino
>>>>     <andrea@dyne.org> wrote:
>>>>
>>>>         Hi Mike,
>>>>
>>>>         we use this implementation in Zenroom:
>>>>         https://github.com/PQClean/PQClean/tree/master/crypto_sign/dilithium2/clean
>>>>         which I believe matches your second option.
>>>>
>>>>         Cheers,
>>>>
>>>>         | Andrea D'Intino | +45  21 62 79 18 | Project Manager
>>>>         |https://Dyne.org  <https://Dyne.org>  think &do tank  | software to empower communities
>>>>         | ⚷ crypto κρυπτο крипто गुप्त् 加密הצפנה المشفره
>>>>
>>>>         On 27/03/2024 20.31, Michael Prorock wrote:
>>>>>         By dilithium 2 do you mean ML-DSA-65 or dilithium from the
>>>>>         original definition with the second parameter set and a
>>>>>         matrix of 6x5?
>>>>>
>>>>>
>>>>>
>>>>>         Mike Prorock
>>>>>         founder - mesur.io <http://mesur.io>
>>>>>
>>>>>         On Wed, Mar 27, 2024, 13:24 Manu Sporny
>>>>>         <msporny@digitalbazaar.com> wrote:
>>>>>
>>>>>             On Wed, Mar 27, 2024 at 2:39 PM Andrea D'Intino
>>>>>             <andrea@dyne.org> wrote:
>>>>>             > we are seeking feedback on a new CCG Work Item
>>>>>             proposal regarding the quantum-prooof signatures for
>>>>>             Verifiable Credentials across devices and websites.
>>>>>             Please leave your support or concerns here:
>>>>>             >
>>>>>             > https://github.com/w3c-ccg/community/issues/247
>>>>>
>>>>>             Digital Bazaar is supportive of the proposal, will
>>>>>             help edit the
>>>>>             specification, plans to do an implementation, can help
>>>>>             with test
>>>>>             suites, and will likely integrate the final solution
>>>>>             into our
>>>>>             production products.
>>>>>
>>>>>             -- manu
>>>>>
>>>>>             -- 
>>>>>             Manu Sporny - https://www.linkedin.com/in/manusporny/
>>>>>             Founder/CEO - Digital Bazaar, Inc.
>>>>>             https://www.digitalbazaar.com/
>>>>>
> ​

Received on Thursday, 16 May 2024 18:06:37 UTC