Re: [webauthn] Update: COSE elliptic curve signatures 'in the wild' from small RustyKey® alpha-test user base (#2339) from Antony R Mott via GitHub on 2025-10-13 (public-webauthn@w3.org from October 2025)

From: Antony R Mott via GitHub <noreply@w3.org>
Date: Mon, 13 Oct 2025 06:31:05 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-3396045603-1760337063-noreply@w3.org>

Hi @james-d-elliott, that's an interesting observation about Kyber and the French CNRS patent...I think fortunately NIST made all entrants grant the public full use and implementation rights to remove any practical encumbrance from patents, and generally encourage wide public adoption.

Great job on Authelia, Go WebAuthn and stamp of approval from OpenID. You wouldn't happen to be here at the Authenticate2025 conference in Carlsbad, CA by any chance?

## Current WebAuthn Vulnerability to Post-Quantum-Cryptography
Yes, WebAuthn is mostly challenge / signed response...for the moment. At RustyKey® talking with potential users they assume or expect WebAuthn's reach is broader than the relying party challenge, that WebAuthn (of the future) includes improved TLS as well. On the one hand FidoAlliance may not want a technical challenge of that scope...but what about a hybrid approach (TLS wrapper)?

All browser-based authentication flows, including WebAuthn, use **classical cryptography** throughout:
- **Challenge/response signing**: EcDSA, EdDSA, RS256 (all quantum-vulnerable)
- **TLS channel**: RSA/ECDH key exchange (quantum-vulnerable)
- **Certificate chains**: RSA/ECDSA signatures (quantum-vulnerable)

## Post-Quantum Enhancement Strategy

### **ML-DSA (Dilithium)** - Core Authentication
```mermaid
graph LR
    A[RP Challenge] --> B[Authenticator]
    B --> C[Sign with ML-DSA]
    C --> D[Quantum-resistant signature]
    D --> E[RP Verification]
```
- **Where**: Replace ES256/EdDSA in `navigator.credentials.create/get`
- **Benefit**: Quantum-resistant user authentication signatures

### **ML-KEM (Kyber)** - Secure Transport
```mermaid
graph LR
    F[Browser] --> G[ML-KEM Key Exchange]
    G --> H[Quantum-safe TLS]
    H --> I[Protected WebAuthn Flow]
```
- **Where**: Hybrid TLS 1.3 key exchange for the entire HTTPS session
- **Benefit**: Quantum-resistant channel protecting credential exchange

## Combined Strength

| Component | Current Risk | Post-Quantum Solution |
|-----------|-------------|----------------------|
| **Signature** | Shor's Algorithm breaks ECDSA | **ML-DSA** resists quantum attacks |
| **Transport** | Quantum computer breaks ECDH | **ML-KEM** protects the channel |
| **Result** | Complete quantum vulnerability | **End-to-end quantum resistance** |


-- 
GitHub Notification of comment by antonymott
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/2339#issuecomment-3396045603 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 13 October 2025 06:31:06 UTC