Difference between revisions of "SIP6-PQC"
| Line 7: | Line 7: | ||
So in this Snowblossom Improvement Proposal we will be adding three new signing algorithms: | So in this Snowblossom Improvement Proposal we will be adding three new signing algorithms: | ||
| − | * Dilithium | + | * Dilithium - public key size: 2616 bytes, signature size: 4627 bytes |
| − | * Falcon | + | * Falcon - public key size: 915 bytes, signature size: 655 bytes (+/-) |
| − | * SPHINCS+ | + | * SPHINCS+ - public key size: 52 bytes, signature size: 7856 bytes |
| + | |||
| + | (Compare to standard ECDSA, key size: 33 bytes, signature size: 71 (+/-)) | ||
These will be supported by the network in additional to the existing signing methods (ECDSA, DSA, RSA, DSTU4150). It will continue to be up to users to decide which signing algorithms they use to generate their wallets. | These will be supported by the network in additional to the existing signing methods (ECDSA, DSA, RSA, DSTU4150). It will continue to be up to users to decide which signing algorithms they use to generate their wallets. | ||
| + | |||
| + | Dilithium was included because it is the front runner in the PQC contest. It is a lattice based algorithm. | ||
| + | Falcon was included because it is another lattice based, but with an emphasis on being smaller in size and CPU usage so it might be a good option. | ||
| + | Sphincs+ was included because it is entirely different from the lattice based methods. It is based on plain old standard hash functions. While it is larger in cpu usage and signature size, it should be safe even if something is fundamentally broken with the other lattice based methods. | ||
| + | |||
== Voting == | == Voting == | ||
| Line 36: | Line 43: | ||
Node operators will need to update or risk forking the network. | Node operators will need to update or risk forking the network. | ||
| + | |||
| + | == User Actions Required == | ||
| + | |||
| + | None required. However, we will publish some guides on how to migrate to a newer wallet type to take advantage of the PQC algorithms if desired. | ||
Latest revision as of 20:32, 4 January 2024
Contents
Overview
One of the major concepts behind Snowblossom in 2018 was that when quantum computers had become better and started to threaten traditional elliptic curve cryptography, we would be able to switch to new quantum resistant algorithms. See Quantum Tough
Well, we might be there. The NIST Post Quantum Cryptography (PQC) contest has proceeded to some finalists and quantum computers are getting more powerful.
So in this Snowblossom Improvement Proposal we will be adding three new signing algorithms:
- Dilithium - public key size: 2616 bytes, signature size: 4627 bytes
- Falcon - public key size: 915 bytes, signature size: 655 bytes (+/-)
- SPHINCS+ - public key size: 52 bytes, signature size: 7856 bytes
(Compare to standard ECDSA, key size: 33 bytes, signature size: 71 (+/-))
These will be supported by the network in additional to the existing signing methods (ECDSA, DSA, RSA, DSTU4150). It will continue to be up to users to decide which signing algorithms they use to generate their wallets.
Dilithium was included because it is the front runner in the PQC contest. It is a lattice based algorithm. Falcon was included because it is another lattice based, but with an emphasis on being smaller in size and CPU usage so it might be a good option. Sphincs+ was included because it is entirely different from the lattice based methods. It is based on plain old standard hash functions. While it is larger in cpu usage and signature size, it should be safe even if something is fundamentally broken with the other lattice based methods.
Voting
- Passes when 1000 blocks pass containing 25% voting and >50% agreement
- Pools will represent their miners.
- Set in your miner or pool configuration file either
vote_yes=6vote_no=6
Status
This has been tested on testnet and has been running there for several weeks. It is currently in the https://github.com/snowblossomcoin/snowblossom/tree/pqc-keys branch.
Risks
We are still early in the PQC world. While all the algorithms are defined enough that the Bouncycastle devs have included them in the standard versions of Bouncycastle cryptography library (which we use) they could still change. Also, these are also relatively new. Unexpected vulnerabilities could be found.
Timeline
If this SIP is adopted, the roll out will be scheduled roughly 90 days from the vote. At that time, new binaries, source code and docker images will be available. This means node operators will need to update within those 90 days.
Node Operator Actions Required
Node operators will need to update or risk forking the network.
User Actions Required
None required. However, we will publish some guides on how to migrate to a newer wallet type to take advantage of the PQC algorithms if desired.
