[webauthn] Update: COSE elliptic curve signatures 'in the wild' from small RustyKey® alpha-test user base (#2339) from Antony R Mott via GitHub on 2025-10-13 (public-webauthn@w3.org from October 2025)

From: Antony R Mott via GitHub <noreply@w3.org>
Date: Mon, 13 Oct 2025 02:45:27 +0000
To: public-webauthn@w3.org
Message-ID: <issues.opened-3508271783-1760323525-noreply@w3.org>

antonymott has just created a new issue for https://github.com/w3c/webauthn:

== Update: COSE elliptic curve signatures 'in the wild' from small RustyKey® alpha-test user base ==
> @antonymott Thanks for reporting back! That's very encouraging to see how commonly Ed25519 is being supported! Have you tried to understand how many of those are security keys vs platform authenticators? If I had to guess all the `-8` are security keys 🤔  

 _Originally posted by @MasterKale in [#1757](https://github.com/w3c/webauthn/issues/1757#issuecomment-2339227800)_

## 2025 WebAuthn COSE Algorithm Usage Update + Post-Quantum Initiative

@MasterKale - One year later (Oct 2025), our RustyKey® alpha-sites (statistically noisy/unreliable user base), shows:
- **95%** `-7` (EcDSA)
- **4.2%** `-8` (EdDSA)
- **<1%** `-257` (RS256)

Yes, you are correct: even one year on, -8 (Edwards curve) appears to be only from physical security keys, not platform authenticators. Is this not surprising, given Apple specs allow for -8 algorithm choice and our implementation allows both -8 and -7? The Edwards curve greatly lowers the risk of side-channel attacks as it uses deterministic signing, rather than relying on the generation of cryptographically secure random numbers every signature. Why would Apple and it seems most platform vendors continue to support the more vulnerable Weierstrasse curve? I wonder if our dataset is too small to make these conclusions statistically meaningful.

### 🔐 Post-Quantum Gap in COSE Registry

**TL;DR**: COSE registry lacks post-quantum algorithms. We're building Web-assembly (WASM) ML-KEM support - interested in FidoAlliance collaboration?

**What we've done:**
- 🚀 Published a DRAFT/WIP [`quantum-resistant-rustykey`](https://www.npmjs.com/package/quantum-resistant-rustykey) - fast WASM implementation of NIST ML-KEM
- 📝 Started IETF Internet-Draft RFC for COSE registry inclusion
- 🎓 University of Quantum Science provided partial funding, but that's not enough

**What we need:**
- FidoAlliance interest/support assessment
- RFC collaboration partners
- Dev time funding for WIP open-source npm package improvements

**Install & contribute:** `pnpm i quantum-resistant-rustykey`

Worth pursuing or too early? LMK if this deserves its own issue. 🤔


Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2339 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 13 October 2025 02:45:28 UTC