Skip to content

Post-quantum additions to PRIds, public keys, and encrypted User Data#307

Open
wesbiggs wants to merge 3 commits into
mainfrom
feat/post-quantum
Open

Post-quantum additions to PRIds, public keys, and encrypted User Data#307
wesbiggs wants to merge 3 commits into
mainfrom
feat/post-quantum

Conversation

@wesbiggs

Copy link
Copy Markdown
Member

Problem

Current DSNP cryptography relies on elliptic-curve algorithms (X25519, Ed25519) that are broken by Shor's algorithm on a cryptographically-relevant quantum computer. NIST completed standardization of post-quantum algorithms in 2024 (FIPS 203 ML-KEM, FIPS 204 ML-DSA). This proposal enables implementations to begin publishing PQ keys and using PQ-protected data types while preserving full interoperability with classical-only implementations during a transition period.

Solution

This proposal adds optional post-quantum cryptography (PQC) support to DSNP, addressing the long-term vulnerability of the current X25519/Ed25519/XSalsa20-Poly1305 constructions to quantum attacks. It introduces:

  1. Optional ML-KEM-768 (mlkem768-pub) keys for key agreement, alongside the existing X25519 keys
  2. Optional ML-DSA-65 (mldsa65-pub) keys for digital signatures, alongside the existing Ed25519 keys
  3. A post-quantum PRId scheme using a HMAC-SHA2-256 Merkle accumulator with ML-KEM-768-encrypted off-chain witnesses
  4. New privateFollowsPQ and privateConnectionsPQ User Data types encrypted with the X-Wing hybrid KEM (X25519 + ML-KEM-768) and ChaCha20-Poly1305

All changes are backward-compatible; existing classical types and implementations are unaffected.

Change summary:

  • Added PQ types for keyAgreementPublicKeys and assertionMethodPublicKeys
  • Defined hybrid signature algorithm
  • Defined new PQ PRId algorithm and off-chain witness format
  • Defined PQ encryption algorithm and applicability to User Data types

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant