Practical quantum resistance for user funds
Practical quantum resistance for user funds
Background
Due to the limited computation resources available in typical L1 blockchains, most cryptographic functions are hardcoded functions in the protocol. Additions or changes to these forces hard forks which limits adaptability and innovation in this area. Coinweb does not suffer from the same constraints on computational resources, and cryptographic functionality such as signature schemes are implemented as regular smart contracts. This means that dApp developers are free to implement the schemes they see most fit for their application.
We assume that when quantum computers (QC) cheap enough to be used outside of state security and intelligence, one of the first use-cases will be to steal crypto by impersonating the digital signature schemes (DSS) protecting ownership of the assets.
Current signature schemes, including ECDSA, BLS, RSA, EdDSA, Schnorr are all broken by QC.
Thus we want to be prepared for this, and support digital signature schemes (DSS) that are secure in a post-quantum world.
The signature schemes that are being standardized by NIST in the post-quantum cryptography (PQC) process are:
The first two are based on the computational hardness of the lattice problem, while SPHINCS+ is a hash-based scheme.
It is typical of NIST to standardize two different approaches, similar to what they did with SHA2 vs SHA3 where SHA3 was chosen not because it is better than SHA2, but because it useses a fundamentally different structure.
Implementations
There is an effort in pgcrypto to wrap the "clean" C implementation of all the NIST schemes, and this wrapper compiles to WASM.
However, a downside of this is that this approach requires WASI i.e. a system interface.
| 1 | Pure Rust | Rust |
|---|---|---|
| Text | Text | |
| CRYSTALS-Dilithium | 👍 | pgcrypto |
| FALCON |
| SPHINCS+