- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 21 Feb 2025 11:33:17 -0500
- To: W3C Credentials CG <public-credentials@w3.org>
Credentials Community Group Data Integrity Transcript for 2025-02-21 Topics: 1. Background on Data Integrity 2. Introductions 3. Work Item Review 4. Post Quantum Data Integrity Specs Organizer: Manu Sporny Scribe: Our Robot Overlords Present: Manu Sporny, Hiroyuki Sano, Patrick St-Louis, Dave Longley, Andrea D'Intino, Ingo Wolf, Alex Higuera, Will Abramson, Gabriele Bellini, Markus Sabadello, Geun-Hyung Kim, Matteo Audio https://meet.w3c-ccg.org/archives/w3c-ccg-data-integrity-2025-02-21.ogg Video: https://meet.w3c-ccg.org/archives/w3c-ccg-data-integrity-2025-02-21.mp4 Our Robot Overlords are scribing. Manu Sporny: All right uh hello everyone uh welcome to the weekly data Integrity call um we have been having these for about a year now but it's been just among some of the editors of the data Integrity specifications in the verifiable credential working group um because there has been uh kind of so much activity around some of the data Integrity stuff uh we thought it would be good for all of us to meet um in a larger group and uh kind of discuss um uh the the path forward here um so the agenda for today is fairly open um Andrea you had a number of questions uh from from dying had a number of questions around some of the post-quantum uh Suites and the best way to move that work forward uh I see Will here um who just published um the K1 schnorr signature data Integrity stuff to the mailing list I think will if you don't mind it would be good to kind of chat about that. Topic: Background on Data Integrity Manu Sporny: Should also probably give everyone a background on you know we usually use this meeting to talk about BBS um and the and the crypto Suite so on linkable stuff so it it it sounds like this call is turning into. Manu Sporny: What the Next Generation crypto Suites uh are going to be that we want to take on the standards track at at w3c. Manu Sporny: But you know this is our first meeting it's open to whatever people want to to talk about um. Manu Sporny: So we'll we'll go ahead and uh open it up to uh I think introductions would be really great if we could just get a quick round of introductions uh please don't take too long because we have uh so many people here but a couple of sentences uh about uh who you are and why you are interested in the work uh would be good um I'll just go down the list and call on people uh for introductions um uh so uh. Topic: Introductions Manu Sporny: Hiroyuki-san please go ahead. Hiroyuki_Sano: Hiroyuki Sano from Sony Japan, participate in VCWG, interested in this work as well. Manu Sporny: Great welcome to the call um Patrick uh you next please. Patrick St-Louis: Can you hear me yep. Patrick St-Louis: Uh yeah um my name is Patrick I'm from Canada on the east side of Canada from Quebec. Patrick St-Louis: Um I work with mainly work with bcgov uh and implementing this technical component called the UNTP specification which is a supply chain. Patrick St-Louis: System based on verifiable credential. Patrick St-Louis: And we also work on the did:webvh which make use of the data Integrity specification and also help build the test Suites and do some things in the VC platform. Manu Sporny: Okay thanks Patrick um Dave Longley. Dave Longley: Hi I'm Dave Longley I'm with digital Bazaar um I have uh done work with uh w3c on a number of different specs. Dave Longley: Is verifiable credentials decentralized identifiers the uh data Integrity work and the crypto Suites related to it. Manu Sporny: Okay thanks Dave um great things are uh uh Ingo wolf please. Manu Sporny: Wonderful welcome to the calling go um Alex uh please. Alex_Higuera_(DCC): Hi this is Alex Agera senior Dev at the DCC at MIT um located in Boston Massachusetts and I'm here to learn more about how data Integrity is going to affect our work thank you. Manu Sporny: Wonderful welcome to the call Alex um uh will. Will Abramson: Yeah hey I'm uh 1 of the chats with this the ccg and also the chair that did work group and as many said I've been developing a new good crypto suite for data Integrity so. Will Abramson: That's why. Will Abramson: Manchester see what's going on with everything else. Manu Sporny: Wonderful see you here well uh Andrea. Andrea_D'Intino_|_Forkbomb_BV: Good uh morning or afternoon uh I am Andrea from Fork bomb BV and from door we implemented the cryptographic virtual machine called Zen room uh and uh hear about so we've been working on implementing multi key support and we have a few questions about that particularly on some elliptic curve as well as on Quantum safe credentials. Manu Sporny: Wonderful uh thank you for all that work. Andrea_D'Intino_|_Forkbomb_BV: I have I have 2 colleagues with me Matteo and Gabriella in case. Manu Sporny: Yes we'll go to we'll go to their introductions um next so Gabrielle please. Gabriele_Bellini_(Forkbomb_BV): Um hello um I read your standards and um Implement them for for bomb into zen room the cryptographic virtual machine and um it's really interesting you how the things will uh go and move uh with the standard thank you. Manu Sporny: Great welcome Gabrielle um Mateo after you please. Manu Sporny: Wonderful um welcome uh Kim. Manu Sporny: Then you might be muted again. <geun-hyung_kim> Hello Manu Sporny: Still no audio from you um unmute is in the center of the uh screen on the left but you might need to rejoin. Manu Sporny: I see you typing hello. <geun-hyung_kim> I will rejoin. Manu Sporny: Okay we'll we'll go to the next person and come back around uh to you when you rejoin um Marcus after you please. Markus Sabadello: Hello Marcus s from Vienna I'm mostly working on decentralized identifiers but uh at our company we also have independent implementations of verifiable credentials. Markus Sabadello: The integrity and. Markus Sabadello: You have to stay up to date thank you. Manu Sporny: Wonderful welcome to the call Marcus great to see you here um. Manu Sporny: I saw you in Hing join and then. Manu Sporny: Connect uh Wes uh go ahead please. Sam Smith: Uh Hey everybody Wes from digital Bazaar. Sam Smith: So we work a lot with verifiable credentials and I personally and particularly interested in what's on the horizon for uh data Integrity with crypto coming down the line and so on and so forth so hey everyone. Manu Sporny: Awesome thanks Wes okay I think that's everyone except for. Manu Sporny: Um did we miss anybody. Manu Sporny: And then can you I see you came off mute can you uh ah yes we can hear you wonderful. Manu Sporny: Great uh welcome to the call uh Jen Hung okay um uh it's great to see so many people here I think what we originally uh called this meeting for was just to make sure that we could um answer all of Andrea and uh dine um for bomb's questions um so maybe we start there um they're kind of specific um. Topic: Work Item Review Manu Sporny: Well um Let me let me spend 3 minutes kind of talking about the type of work that we do here just so everyone has an has an idea of what what we kind of have planned um and then we'll we'll jump over to Andrea's uh question so um this is the data Integrity uh uh call um we'd we currently don't know if this is a working group call or or community group call I think it's largely more a community group called than a working group call like the editors get together on this call typically to work through things we're working on the verifiable credential uh working group but um. Manu Sporny: Increasingly we're going to. Manu Sporny: Because that stuff is going to be Global standards soon we'll move into the next section of work which is incubation of post-quantum uh uh uh BBS uh different Merkel selective disclosure schemes uh schnoor a signature stuff so you know the the incubation um you know stuff so um just so everyone knows where the data Integrity work is right now we have basically finalized version 1 1.0 of data integrity. Manu Sporny: Ecdsa crypto Suite which also includes selective disclosure. Manu Sporny: The eddsa crypto Suite so those 3 specifications are expected to go to a global standard in the next let's say 3 months right but largely we're done with the version 10 work there um what that means is that we now have a very solid foundation to build off of 4 things that didn't make it into the first round of work so now we're going to enter into the second round of work and that includes a focus on um. Manu Sporny: PBS and completing BBS uh so that's unlike uh selective disclosure um uh crypto Suite um we are going to be focusing on post-quantum uh so that's the work that uh Andrea and in a fork bomb and dine uh are doing uh with Zen room and there are a number of other people that are interested in in moving that forward um we know that there's interest from uh Singapore uh the Singaporean government uh and a couple of uh asia-pacific uh Nations on select selective redaction so the ability uh to like redact um things like trade documents with digital signatures as they go through the supply chain um there is also interest as will um uh noted uh there's interested in like uh sect P2 physics K1 uh snore uh signatures there's some really cool um. Manu Sporny: Multi-sig properties there um. Manu Sporny: Uh and on top of that uh there is uh future work around ZK snarks and ZK snarks that we are probably going to be looking at so a lot of a lot of work um in I think the purpose of this group is to just keep in touch with 1 another and coordinate Loosely I don't think anything needs to be like we need to do the work in this group it's people can continue to do the work wherever they're doing it and this group is here to support you as you put together uh those those specifications Patrick you're on the Queue please go ahead. Patrick St-Louis: Yeah the all these topics sound very interesting um I just want to point out that be interested to know a bit the difference if there's any between sector disclosure and selective reduction always kind of see them as technically the same thing. Manu Sporny: Yes there there is a difference um. Manu Sporny: High level selective disclosure that you you know the issuer creates a verifiable credential that has individual signatures on every single statement in the verifiable credential. Manu Sporny: And it gives that the the issue or gives that entire package to the holder. Manu Sporny: And then the holder um determines which. Manu Sporny: Disclosures they want to make so they selectively disclose very specific statements. Manu Sporny: Um so that's that's selective disclosure um The Selective redaction um allows. Manu Sporny: Uh a receiver of that selectively disclosed document um to further redact statements so to further uh remove um uh statements it's something that it's very close to selective disclosure um but it's different um in that the the verifier. Manu Sporny: Pass that kind of a a redacted version of the document they received down and so the use case here is in a supply chain um the first disclosed set of disclosures might disclose everything about like you know a bill of lading um but then the the company that's doing the shipping or managing the the transaction uh may want to uh further redact you know a certain things and so on and so forth down the down the line. Patrick St-Louis: But isn't that just another round of selective disclosure. Manu Sporny: Uh you could you could view it like that but that I think the technical details of what Singapore is doing is slightly different. Manu Sporny: Because because there are some binding there's some binding things that are that are potentially required that we need to think about on the in the presentation so some selective disclosures require cryptographic binding so that some so that people can't reuse the selective disclosure uh that can't reuse the presentation whereas with Selective redaction you can reuse the presentation over and over and over again down the line. Manu Sporny: There are all kinds of security concerns around like is that safe to do when is it when is it safe to do when is it not safe to do you know stuff like that um. Andrea_D'Intino_|_Forkbomb_BV: Uh yeah I also want to ask about this like the redaction because that's the very first time I hear the term I'd like to ask if there is some documents some work in progress something written because I've completely missed that on the mailing list if it has gone through. Manu Sporny: Yeah there is um government Singapore has they have quite a bit I mean they've actually implemented this and they've deployed it um and they're deployed it with a couple of other nations I don't have the link off the top of my head Andrea maybe you could ask on the mailing list and I'll I'll push its Calvin Chang um I think in in his group that's also working on it um. Manu Sporny: Calvin c a l v i n 1 second let me get Calvin. Andrea_D'Intino_|_Forkbomb_BV: I can just write it in the mailing list that that. <manu_sporny> Calvin Cheng Manu Sporny: Yeah Calvin Chang c h e n g I'll type it out in the chat Channel Calvin Chang. Manu Sporny: Calvin's group that's uh working on that. Manu Sporny: Okay um okay so at a high level I mean those that's kind of our current scope of work and we can totally expand or Focus or or whatever it's up to you know what what folks want to get done right now um from a priority perspective uh it is very important that we finish BBS and get it out there right um so our our some of our focus is is very focused on that um um and then of course I think the the post-quantum stuff feels like the next. Manu Sporny: That we need to get done after that uh but again there are many of us we can work in parallel so you know like will if there's if you I mean you you're you know you're kind of done with the you're pretty much done with incubation on on your spec right and so um the the K1 schnorr signature stuff could probably move in parallel um as well. Manu Sporny: Okay okay all right all that being said are there any high-level questions on what we're doing here the work that we're covering. Manu Sporny: We're going to move on to Andrea's post-quantum questions or his his spec questions next. Topic: Post Quantum Data Integrity Specs Manu Sporny: Okay let's move over to your questions uh under. Andrea_D'Intino_|_Forkbomb_BV: Yes I'm just shooting an email to the mailing list right now. Andrea_D'Intino_|_Forkbomb_BV: Good okay so we sent to you guys particular human 3 questions let me let me get the email again. Andrea_D'Intino_|_Forkbomb_BV: Um where a point of the first 1. Andrea_D'Intino_|_Forkbomb_BV: Which confusing for you and it turned out to be confusing for us as well it was about compression. Andrea_D'Intino_|_Forkbomb_BV: And uh so I asked. Andrea_D'Intino_|_Forkbomb_BV: Binary parameters that are somehow complex connected for example to compression why did we ask that question is because we started working on ecdsa support and then we noticed then on eddsa there is no mentioning of compression but would just while we're in the meeting someone I think Mattel Gabriel spoke and uh they mentioned that the key is already compressed so in fact your answer mano to us was uh. Andrea_D'Intino_|_Forkbomb_BV: On the spot. Andrea_D'Intino_|_Forkbomb_BV: So that is that is solved but said that I have the list of. Andrea_D'Intino_|_Forkbomb_BV: Standards in front of me. Andrea_D'Intino_|_Forkbomb_BV: and I. Andrea_D'Intino_|_Forkbomb_BV: Public keys so there are 2 ecdsa. Andrea_D'Intino_|_Forkbomb_BV: Both on the R1 curve R1 meaning sep 256 R1 uh first of all there is 1 or 1 uh public key missing the 500 something I think it's 521 or something and uh then the SEC p256 K1 is missing. Andrea_D'Intino_|_Forkbomb_BV: Uh you man just mentioned no on uh on K1 uh which I understand is going to be in the standard but it's just not made his way into the document yet. Andrea_D'Intino_|_Forkbomb_BV: And uh then we will talk about uh post query I see BLS 381 it's fine then there is this uh this curve that I also seen for the first time as M2 256 which I read is used in China. Andrea_D'Intino_|_Forkbomb_BV: Uh I was just wondering if there is anything else that is going to make its way through this list. Andrea_D'Intino_|_Forkbomb_BV: Or if uh. Andrea_D'Intino_|_Forkbomb_BV: So what what directions is is this going. <will_abramson> This is the list right Will Abramson: https://w3c.github.io/cid/#Multikey Manu Sporny: Yes that's an excellent question and will you have the same kind of question on the mailing list as well so um. Manu Sporny: Uh so just just for the other folks that aren't quite um don't quite uh uh know know what what what what the what the discussion is about let me share my screen here um. Manu Sporny: There is a there is a section in the specifications called multi key and what we're talking about is expressing uh different types of keys different types of public Keys um there is there is a standard called jwk Jose webkey uh that kind of breaks the key parameters into different variables and and list those um we are not using jwk for a lot of um uh the the data Integrity work primarily because uh jwk lets you accidentally mix and match secret and public parameters and we think it's unnecessarily it's unnecessarily complex when you're talking about um certain key values and it exposes cryptographic material to the application layer where the application layer really doesn't need uh to to deal with that with that cryptography so we have this this thing called multi-key uh that we're using and a multi-key. Manu Sporny: Has a header. Manu Sporny: Uh that. Manu Sporny: Defines what the key is and then it's the key information like the the public key value or um uh coordinate values or things like that uh encoded and it's 1 value we don't try and break everything up it's 1 kind of encoded binary value highly compressed um we didn't create multi key uh the ipfs the interplanetary file system ipfs Community created multi-key and multibase in in multihack uh more than 10 years ago I think at this point right we're just reusing it um okay so there are these things called multi keys and there's certain types of headers that go on Multi keys and Andrea you were kind of reading off I think the this that that exists in the spec today. Manu Sporny: Okay and so all we have is ecdsa eddsa BLS and sm2 in the reason for that is there was a subset of the Jose Community that fought really hard for us to not Define other key types um unfortunately it was a very I my personal opinion it was a very misdirected misguided attack on what we were doing uh there was they did not understand fundamentally what we were trying to do uh and so they just kind of blocked it at ITF so the only place that we could actually officially standardize it was in w3c in this controlled identifier document spec however. Manu Sporny: This is not the entire multi-code deck table if we look to the multi-code deck the multi formats uh community so there's a community called multi formats out there um it's largely the ipfs people they've been publishing this stuff for you know a decade and we're trying to help them standardized it they have something called the multi-code deck table and this table lists all of the headers for all of the multi multi formats and if we look at something like a sec P2 506 K1 so this this entry in the multi codec table. Manu Sporny: Uh is for a sec P2 physics K1 public key that is compressed the header for it is E7 um and then you have to encode it as a variable integer which makes it look different um but um this is this is the the the source of Truth for all headers right now. Manu Sporny: It does not include absolutely everything that we need it's really big like you know they've got the BLS 12381 G1 G2 public Keys you know but it's also it's got Ed 25519 uh X2 5519 public key um but it's got a whole bunch of other things in there right I mean there there are what is it there there 592 entries in this table and the specification that we have only has like. Manu Sporny: So um this table is meant to be extended it can be extended by anyone at any time and so if we don't have a value that we need in here um. Manu Sporny: We need. Manu Sporny: To figure out you know the best way to extend it right now you just put the value in your specification so for I expect that's what we're going to do for you know the the the stuff that will is working on the stuff that uh Andrea your teams working on we can just Define it and then later on we'll we'll get it into the the the standards track Andre go ahead please. Andrea_D'Intino_|_Forkbomb_BV: Yeah I was trying to look for the for the the repo. Manu Sporny: Yeah this this 1. Manu Sporny: https://github.com/multiformats/multicodec/blob/master/table.csv#L93 Andrea_D'Intino_|_Forkbomb_BV: Yeah the 1 is just short and I think I can find it but. Manu Sporny: https://w3c.github.io/cid/#Multikey Manu Sporny: Okay here's the link There's the link um in chat and then here's the 1 that's. Manu Sporny: For the smaller you know list. Andrea_D'Intino_|_Forkbomb_BV: Perfect thank you very much. Manu Sporny: Okay and to be clear we have been we have been temporarily temporarily blocked. Manu Sporny: By the Jose Community. Manu Sporny: Doing the right thing we will do the right thing eventually but there's standard politics at play here and we were unable to do the right thing the first time through the right thing would have been to Define these things at ITF but it was objected to at ITF and stopped and so we are we are now publishing this as a global standard multi-key in multibase here in multi-step values are being published AS Global standards um and the next step is probably going to be to uh take the these definitions out of the global standard and make them Standalone and then create a registry so that other people can um register things like post-quantum public Keys um right so the post-quantum stuff isn't in here but Andrea that doesn't stop you at all you just Define what it is in your specification. Manu Sporny: You make sure that there's an entry in the multi codec table in that only takes like a week or 2 to get your your entry um and then once that is uh there it's it I I think it's it'll be it'll be fine right um. Manu Sporny: I know that was a lot Andre did you have any questions on on that. Andrea_D'Intino_|_Forkbomb_BV: Uh what specifically. Manu Sporny: Any of it did did it seem straightforward what what you needed to do or. Andrea_D'Intino_|_Forkbomb_BV: You know this part so far yes so this this answers question 1 and question 2 I have uh something else. Will Abramson: So I have a quick call on before we go on to the next 1 so. Manu Sporny: Yeah please go ahead will. Will Abramson: Yeah this is really useful to me because I don't fully appreciate that multi was part of multi multi formats or whatever so really the the thing is if you're picking a uh header that header needs to be unique in this multi codec table right not just unique in that multi key 5 thing right. Manu Sporny: That's exactly right yep yep. Will Abramson: You haven't referenced this stuff because it's not standard that's why. Manu Sporny: Yeah so that that was you know that was an approach that they they they meaning the people objecting to this took to try and kill the spec um and so the only way that we could. Manu Sporny: Get it to survive is to put it into. Will Abramson: Yeah makes sense. Manu Sporny: Said spec which is totally not where it should be but you know. Manu Sporny: Okay those were your first 2 questions Andrea I think you had uh a more. Andrea_D'Intino_|_Forkbomb_BV: He yeah there is 1 about uh rdf. Andrea_D'Intino_|_Forkbomb_BV: Canonization but before I like to ask something else. Andrea_D'Intino_|_Forkbomb_BV: So um I asked you uh why those 5 5 public Keys why specific those why not other keys and you reply that was there is some kind of competition ongoing with the Jose Community which we we kind of are aware about and my next question is are you aware of them working on standardizing uh pqc public keys. https://www.ietf.org/archive/id/draft-reddy-cose-jose-pqc-hybrid-hpke-01.html Manu Sporny: I the answer to your last 1 is yes I believe they've got PK pqc public keys for Josie uh for Jose and cozy um yeah I think they're in process or it's it's done or I don't know what the RFC status is but they'll they'll have it um now the unfortunate thing is that the the way that they express keys they compose the keys um break it you know break the key apart into into multiple different you know variables and um that is not that's not what we do with multi key with multi key we want it tightly packed binary value um. Manu Sporny: Ideally the 2 key formats would be compatible but they typically are not um but it's easy to convert between the 2 if you have a function to convert. Andrea_D'Intino_|_Forkbomb_BV: I I just I just pasted the link so I I Googling pqc Jose pop keys. Andrea_D'Intino_|_Forkbomb_BV: And the only thing I find is that which only refers to. Andrea_D'Intino_|_Forkbomb_BV: K k m which I guess would be MLK that's correct so the only it seems to me if if Google if Google tells the truth seems to me that so far they only be bothering with ML cam. Andrea_D'Intino_|_Forkbomb_BV: And not with mlsa which comes in 3 different flavors as well as uh HS SLA which comes in. Andrea_D'Intino_|_Forkbomb_BV: 1 or 2 flavors. Andrea_D'Intino_|_Forkbomb_BV: So it seems that there is no no effort being made for mlsa which kind of makes sense because so far the only algorithm that has been used. Andrea_D'Intino_|_Forkbomb_BV: In reality is ml cam for uh. Andrea_D'Intino_|_Forkbomb_BV: For TLS 1.3. Manu Sporny: Yeah I I I think they're working on it um Andrea I I I so here's the here's the registry for Jose um or for Jose um so there are these Json web key types right and then there's the Json web key like the elliptic curve types um I would imagine that they're just going to end up reusing some combination or adding new entries in here um within the next. Manu Sporny: Year or 2 I would expect it to to to show up here right. Andrea_D'Intino_|_Forkbomb_BV: Could you could you please post this link as well. Manu Sporny: https://www.iana.org/assignments/jose/jose.xhtml Manu Sporny: Yeah um this is the Jose registry and this is where they register new types of keys um. Manu Sporny: So I I expect the work I mean it would be like there you know the the fips the fips documents have been published I believe I've seen quite a bit they're very focused on uh chems right now or they're they're very focused on hybrid um a mechanisms because of the whole threat of like you know collect and decrypt later so they're very focused on that right now once they finish that work I would expect them to to move over to the post-quantum uh stuff but the solution will look very much like you know the Jose uh you know cozy solution which is um again something that uh we can use like data Integrity allows like you know we we allow there to be. Manu Sporny: You know Jason. Manu Sporny: Web key where you can have a public key jwk value and you can express your key in this way right so so data Integrity supports the J J host Json web key stuff so we can reuse it it's just. Manu Sporny: I don't know. Manu Sporny: Some of us don't. Manu Sporny: Some of us don't see the point in breaking things out to this degree um uh especially because they can cause programming errors go ahead Dave. Dave Longley: Yeah I just want to add 2 little bits of color uh I I would say some of us feel like um it's more than we don't see the point it's that there it creates some problems in software and creates unnecessary redundancies uh where application layers are validating individual key components uh which can lead to a number of problems uh we think that encapsulating the keys and having only the crypto layer handle it is a better approach um which is what multi key gives you um the other piece of this is 1 of the complaints from the group around uh the the the keys the number of keys and so on is that there were too many and having too many keys doesn't help interoperability so a few the the lowest number of keys for. Dave Longley: Interoperability or what have made it into the table so far and that is that is actually precisely 1 reason why P 521 is not there because browsers have actually removed support for that and so it's not expected that that is going to be widely used so that is 1 reason why there are few there's a few of these in the table today uh but going forward if they're um other specs can do whatever they want to do and other specs that are going to achieve High interoperability um it's going to be totally fine. Manu Sporny: Yeah and even with that I think 384 was a political. Manu Sporny: Decision there's no reason for 384 that we can tell um and it's not you know supported by a lot of the hsms today and and um. Manu Sporny: And 256 you know uh protection seems to be good enough and and has been for years and will probably be enough for years until you know operational quantum computers uh come online um so. Manu Sporny: You know anyway so so all that to say exactly what Dave said we're trying to keep the number of parameters way down like Jose allows you to mix and match like all kinds of different things right um which means that your attack service is is much larger with the Jose stuff with data Integrity we're trying to keep the attack surface much much smaller um uh but still you know support the the the use cases. Manu Sporny: Okay Andre um I don't I don't know if you got to the know you haven't haven't been able to get to your last question yet I don't think. Andrea_D'Intino_|_Forkbomb_BV: Uh no not yet. Andrea_D'Intino_|_Forkbomb_BV: Uh the last question was about uh communization. Andrea_D'Intino_|_Forkbomb_BV: Uh that's something that is proven to be particularly. Andrea_D'Intino_|_Forkbomb_BV: Dodgy for us to implement uh natively in Zen room Zen room is written in C and Lua and we really I mean it would it would be a lot of code for us to implement that so we found uh the repo digital Bazaar rdf canonized. Andrea_D'Intino_|_Forkbomb_BV: We were wondering if I the the the last comment is from a from a while ago we're wondering if that's still the place which should look but the gas that they replied to us positively. Andrea_D'Intino_|_Forkbomb_BV: So that is unless something new comes up that is also answered. Manu Sporny: Okay go ahead Dave if you're gonna. Dave Longley: Yeah I I replied recently um that is the right repository um we just haven't had a need to uh revised or do anything it's a very fit for purpose library that implements the uh the rdf data section utilization spec it doesn't have any other purpose so we don't need to add any features to it and there haven't been any uh like vulnerabilities in any um. Dave Longley: Non-development dependencies so there hasn't been a reason to rev it in any way um and so that's why there just haven't been any updates to go to this point. Dave Longley: But it is the right. Dave Longley: Use and it does pass uh this test Suite in which monitors bringing up and there are a number of other uh implementations that are probably listed here that you could take a look at as well if you wanted to. Manu Sporny: Where there's a there's a list of. Dave Longley: That test reports is probably. Manu Sporny: Reports yeah this is this is yeah this is it so um Andre there is a C+ implementation. Manu Sporny: If you're interested that passes like it's it's a it's a pretty solid 1 I think uh. Dave Longley: Yeah I think there are a couple in Rust as well if you're able to use those. Andrea_D'Intino_|_Forkbomb_BV: Now rust is definitely no go C+ uh we we definitely like to have the link and we have a look at it. Manu Sporny: Okay here's the. Manu Sporny: https://github.com/dcdpr/rdf-canonicalization-cpp Manu Sporny: Yeah here's the link in the chat Channel and then um. Manu Sporny: Uh Dan Pepe's great um we you know we can we can put you in touch with Dan if uh you'd like to chat with him. Manu Sporny: Yeah that that should you know this should this should meet your needs if you just need you know a C library or C C+ Library. Manu Sporny: Um and if not rdf canonize is you know as Dave said we'll we'll work for you as well in there you know I forget how many how many 1 2 3 4 5 6 7. Manu Sporny: 9 Implementations just in the test Suite there are others out there like I think there's a go on right and um. Manu Sporny: Anyway that that should hopefully work for you uh Andrea the other thing I wanted to mention was um. Manu Sporny: There's a there you know. Manu Sporny: Sometimes this question is asked when when they're when we put together crypto Suites um we put together. Manu Sporny: We usually put things together that use 2 different canonization mechanisms canonicalization mechanisms 1 of them uses JCS which is Json canonicalization scheme so it just takes the verifiable credential or and it's generalized it'll just take any Json object and it will canonicalize it to a very regular form and as as everyone here knows you need to do that so that you have a standard form that you can hash and then sign so that's why we do the canonicalization step here um uh so there's a Json canonicalization scheme and an rdf canonicalization scheme and really the the main difference is like JCS does not break every statement uh in the credential into individual statements JCS signs the whole thing and you can't atomize the statements whereas rdfc allows you to atomize the statements it's it it can create its it create. Manu Sporny: Creates basically a. Manu Sporny: Actually here I can show exactly what um. Manu Sporny: Like in the playground. Manu Sporny: We take like you know this person objects and we canonize it. Manu Sporny: Is the thing that's digitally signed so this is the thing that's hashed and digitally signed and for Selective disclosure this is where it's important right um if you're not going to do selected disclosure you can probably use JCS and be fine but if you are going to use selective disclosure in Andre I think you guys probably are going to do that because we need selective disclosure for a post-quantum scheme right so so um you would have to do rdf canonization and then you'd use the selective disclosure you know mechanisms to be able to do selective disclosure of a post-quantum secured uh payload so rdfc rdf canonization is important if you're going to do selective disclosure. Andrea_D'Intino_|_Forkbomb_BV: Uh I'm not fully able to reply to you but from my understanding that's what we're looking at so I think we're relying on that. Manu Sporny: Okay okay great yeah I I think that's good I think you're going to need to Define in your you know in the in the post-quantum spec you're going to need to Define uh a a signature mechanism that uses rdf canonicalization and then you're going to have to define a signature mechanism that uses JCS um. Manu Sporny: The other thing that Andrea I'm I'm expecting you're going to have to do is you're going to have to do like the mlds the mlds a um and uh the sh uh uh uh what's the the stateless hash. Manu Sporny: Yes yeah that's right the stateless hash based on so you're going to have to do the module lattice based 1 and you're going to have to do the stateless sorry the the yeah the stateless hash based 1 at least um. Manu Sporny: I have a question for you have you been has your team been tracking the isuog stuff it's supposed to be the next fips publication has has anybody been tracking where the isuog. Andrea_D'Intino_|_Forkbomb_BV: I'm not sure about the term you just used but we have seen that some uh some new stuff was posted and we had a colleague uh updating uh Zen room to fit. Andrea_D'Intino_|_Forkbomb_BV: I believe the latest vectors or the latest PQ clean libraries. Andrea_D'Intino_|_Forkbomb_BV: Is this what what. Manu Sporny: The isogen is in there the reason we're interested in is because the key sizes and signature sizes are much much smaller than uh mlds or uh sh this the the stateless hash uh DSA. Andrea_D'Intino_|_Forkbomb_BV: Could you could you please post a link to this isogenous. Manu Sporny: Um Dave do you do you have 1 off the top of your head like what's the best place to. Dave Longley: Am I'm just trying to find the Falcon work um. Dave Longley: Yeah I know that it's based on some floating Point stuff and it's taking a little longer as they work through the constant time uh there's some paper for doing constant time implementation it'll be in fips 206 so what we're talking about right now. Dave Longley: I believe mono I think what you're referring to is is the Falcon work and that has not yet been published but it has been picked by nist. Dave Longley: And the signature and key sizes are a little bit smaller um. Manu Sporny: https://intelligencecommunitynews.com/ic-insiders-nists-quantum-standards-the-time-for-upgrades-is-now/ Andrea_D'Intino_|_Forkbomb_BV: Yeah F Falcon is something we've been following we also waiting for the standardization there were it didn't it didn't come out last August because there were technical issues I'm not fully uh I don't fully know about uh what I can tell you is that the the the secret key generation Falcon takes 10 seconds. Andrea_D'Intino_|_Forkbomb_BV: So it has pros and cons. Andrea_D'Intino_|_Forkbomb_BV: It's a it's a little bit smaller than uh than the lithium than mlsa but it has some fonts. Dave Longley: Yeah and I don't think I think Falcon is also lattice based I don't remember that it is in esog space those are not yet selected by nist but even but those are significantly smaller. Manu Sporny: Yeah I think it's yeah sorry so I I don't think I was talking about Falcon I was talking about the Assange and his stuff there there's a I forget which what link it is it it it. Manu Sporny: Compares the public key and signature sizes public key and signature sizes for uh fips and I saw these. Andrea_D'Intino_|_Forkbomb_BV: Is it is it are you you talked about psych SI Que. Dave Longley: No there's a number of them that were broken and then there are a number of new ones that are not that take a different approach I believe psyche was 1 of the ones that was broken. Manu Sporny: DSS yeah anyway I'm just I was just wondering if anyone was tracking that so we're we're excited about the isogeny stuff Falcons good and better and we should support it um but I think 1 of the challenges here Andrey is like the this spec could grow in size to a whole bunch of different options and we're trying to reduce uh we're trying to reduce the number of options right I mean ideally we'd only have 1 maybe 2 so we'd we'd have 2 1 of them would be a very specific set of parameters picked for uh mlds and a very specific set of parameters picked for shd essay um. Manu Sporny: And then that's it right for for whatever year if it's a 2025 crypto Suite that's that's all we would pick and then later we would maybe do a different 1 for. Dave Longley: https://sqisign.org/ Manu Sporny: For falcon or isogen or something like that so um do you go ahead. Dave Longley: I I believe the is work is related to sqi sign they have something uh that they're working pushing through the process that. Dave Longley: Is uh has not been broken like some of the other things. Manu Sporny: Yeah this is it yeah. Andrea_D'Intino_|_Forkbomb_BV: Sqi sign.org okay that's new actually. Manu Sporny: Yeah so if you look at the public key sizes we're back down to close to like elliptic curve you know I mean bigger like sometimes twice as big but I mean this is. Manu Sporny: Way better than. Manu Sporny: The kilobytes of you know size and some of the. Andrea_D'Intino_|_Forkbomb_BV: Oh yes that looks much better um how what's the. Andrea_D'Intino_|_Forkbomb_BV: Why is this interesting how how do you is this looking at this or. Manu Sporny: Well I think eventually they're going to have to look at it right um I mean it's good that we have mlds and and the stateless hash and the Falcon stuff but um you know if if we if we can achieve the same level of security with public key sizes that you know are ten times to 20 times smaller and signature sizes that you know are 10 to 20 times smaller. Manu Sporny: You know that's going to win right if it if it works I mean this thing could just blow up you know in 2 weeks and but but if it works then. Manu Sporny: This is a. Manu Sporny: Solution right um. Andrea_D'Intino_|_Forkbomb_BV: Okay man may I tell you may I share with you what our schedule with the pqc looks like. Andrea_D'Intino_|_Forkbomb_BV: So uh I right now as last when I presented our work last year uh we had a very first um proof of concept of uh. Andrea_D'Intino_|_Forkbomb_BV: A handmade W3 CVC 1.1 uh signing using the lithium and then uh I think updated it to ml to ml DSA so we had a very very. Andrea_D'Intino_|_Forkbomb_BV: Uh not industrialized not not in engineered. Andrea_D'Intino_|_Forkbomb_BV: The managing and creation So reading and writing of W3 CBC uh that we need to round that up because uh we have a a project running that requires us to do some diabetic CBC credential so uh and that's something we have to do before September. Andrea_D'Intino_|_Forkbomb_BV: Throughout spring and summer we're going to revamp our debit 3 CVC Management in Zen room uh at the same time or before that we will try to fit a first version of multi key into ml DSA 44 so at the moment we support ml cam 512 and ml DSA 44 uh whatever is uh whatever is available in pql we can plug it into zen room in a few days of work. Andrea_D'Intino_|_Forkbomb_BV: Uh we we we prefer waiting for a concrete use case to do some extra work so uh for let's say for the first part of the year we will focus on multi key for uh mlsa 44 and producing. Andrea_D'Intino_|_Forkbomb_BV: CVC 1.1 uh with the supporting multi key uh. Andrea_D'Intino_|_Forkbomb_BV: The the the Sphinx uh signature. Andrea_D'Intino_|_Forkbomb_BV: Uh as uh AHS as a DSA. Andrea_D'Intino_|_Forkbomb_BV: Erh although my personal guts feeling is that that's the only algorithm that would not be broken. Andrea_D'Intino_|_Forkbomb_BV: Uh the obvious uh minus point of the algorithm is that the signature is still 30 kilobytes. Andrea_D'Intino_|_Forkbomb_BV: We would have we would have an issue implementing that I just don't see it widely used apart from. Andrea_D'Intino_|_Forkbomb_BV: Non civilian use of use cases which were not looking right now. Andrea_D'Intino_|_Forkbomb_BV: Um for what it uh we're gonna have a look at this isuog I know that you hosted Andrea visco. Andrea_D'Intino_|_Forkbomb_BV: Is a is a is a good friend of ours we've been we've been working a couple of things together uh he he showed his work on that kpq. Andrea_D'Intino_|_Forkbomb_BV: Be actually I'm very keen in asking him is opinion about isogenous. Andrea_D'Intino_|_Forkbomb_BV: So I tried to give him a call next week and uh and asked what he thinks about that. Manu Sporny: Yeah no that's great and the and the and the ZK um pqc stuff we're very very interested in as well because we don't have a replacement for BBS right now that's that's post-quantum secure and we need we desperately need that um uh for for at least the story need to be complete I mean nobody has. Manu Sporny: A you know. Manu Sporny: Zkp pqc uh solution uh right now um so yeah would be we'd be very interested in learning more about um that area as well um okay uh we usually try to uh uh uh stop the calls 5 minutes before the hour to give people a little bit of time um thank you very much uh to everyone for for joining today and participating uh in the discussion Andre thank you very much for your questions I hope we were able to answer your questions um in we will meet again next week at the same time um and just have a you know it if people have things that they want to put on the agenda something they want to specifically talk about that's fine um and if not uh we will meet and we will talk about you know the BBS stuff so we've we've you know that's the current Focus we will continue to talk about the BBS stuff but if anybody has any questions uh we'll we meet weekly at this time please you know. Manu Sporny: Jump in. Manu Sporny: Ask your questions and we'll do our best to try and answer them um well maybe we can spend a little bit of time talking about the shore stuff uh next call as well. Will Abramson: Sure yeah that'd be great again it doesn't need much time but yeah sure cool. Manu Sporny: Okay all right okay with that uh thank you everyone for joining have a wonderful weekend uh and we'll see you online. Manu Sporny: Take care bye.
Received on Friday, 21 February 2025 16:34:00 UTC