Add SLH-DSA post-quantum signatures to _CryptoExtras
#278
+400
−1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update post-quantum branch
Update branch
Update to latest commits from `main`
|
Thank you for this @fpseverino! I haven't forgotten it: I just want to make sure we get the ML-DSA stuff landed first, to maximise my useful review bandwidth. Is that ok? |
|
Absolutely, no problem! I guess you'll recommend avoiding DER/PEM parsing here for now too, if so what should I do with the code I added? Remove it for now or leave it? |
|
Yeah, for DER/PEM until we have a standard with final IANA codepoints it's not a good idea for us to add the code unless someone has a need. Easiest thing to do might be to remove it for now, and open a separate draft PR that adds it back? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add support for SLH-DSA post-quantum digital signatures inside
_CryptoExtras.Checklist
If you've made changes to
gybfiles.script/generate_boilerplate_files_with_gyband included updated generated files in a commit of this pull requestMotivation:
With the advent of quantum computing, the mathematical foundations on which the cryptographic protocols in use today are based have been questioned, as they can easily be circumvented and violated by quantum computers.
While waiting for the creation of quantum computers that work at full capacity, and to protect network communications from "Harvest Now, Decrypt Later" attacks, the cryptographic community is working on post-quantum cryptography algorithms, which work on the traditional computers we use today, but are resistant to future attacks by quantum computers.
One of these algorithms is SLH-DSA (AKA SPHINCS+), a stateless hash-based signature scheme standardized by NIST in FIPS 205, that is available inside BoringSSL.
By including SLH-DSA inside Swift Crypto, we can get closer to normalizing quantum secure algorithms and start implementing them into our apps and libraries to make them quantum-proof.
Modifications:
Added a
SLHDSAenum inside the_CryptoExtrasmodule with correspondingPrivateKey,PublicKeyandSignaturestructs that use BoringSSL methods to produce and verify SLH-DSA-SHA2-128s digital signatures, with the code style of other signature schemes in the library.Added
OneAsymmetricKeyand a newASN1ObjectIdentifierfor SLH-DSA-SHA2-128s to properly encode to and decode from DER and PEM key representations (took reference from here)Result:
SLH-DSA-SHA2-128s digital signatures can be created and verified with Swift Crypto.