Post-quantum solutions for Serai #639
Labels
cryptography
An issue involving cryptography/a cryptographic library
discussion
This requires discussion
Comments
kayabaNerve
added
discussion
|
For Serai itself, FALCON, Rainbow are encumbered by patents with a license for any version NIST standardizes. I believe Dilithium is free of patents, even though its sibling-KEM Kyber isn't (though NIST has secured licenses for any version NIST standardizes). |
|
https://eprint.iacr.org/2023/303 may be quite efficient. |
|
#636 (comment) goes over efficient threshold signatures, as we need to oraclize onto Serai. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The Serai stack's message-server authenticates messages with signatures. This would have to be replaced with a PQ signature scheme.
The processor/coordinator don't require any PKE other than of secret shares during the DKG protocol. That is left out-of-scope to to this issue, as it has to do with the DKGs of whichever signing schemes we adopt, which will be integration-specific (#635, #636, #637).
The coordinator does use signatures as part of its consensus protocol. We can solve this by adopting a PQ signature scheme, as our Tendermint machine is agnostic to the signing protocol, or we can replace the consensus protocol with one which doesn't rely on traditional signatures (as seen in https://eprint.iacr.org/2024/677). Relevance to #333.
The Serai blockchain itself solely uses Ristretto signatures at this time and a VRF within BABE. We'd have to replace this with a PQ signature scheme and a PQ VRF, or we'd also have to upgrade Serai's consensus protocol to an asynchronous one.
The text was updated successfully, but these errors were encountered: