Nostr Web Client

PQ cryptography has all kinds of wild key sizes and signature sizes, some very large.

For Mosaic I've been ruminating about multiple algorithms (in support of nostr backwards compatibility) and from that considering not storing keys or signatures in the records themselves, but rather just hashes of these. Then you look up the keys and the signature by their hash on a keyserver (also serving signatures). Self-hosters would run their own keyserver. Separating large keys saves data by not repeating them, but separating large signatures does not since every record has to have a distinct signature... but in PQ cryptography it is usually the signatures that are wildly large. So it unfortunately doesn't quite fit my idea.

Reply to this note

Please Login to reply.

Discussion

Daniel Wigton 5mo ago

I have run into the same issues. I am just saving files by their hash. They contain no metadata. The signature/decryption key are sent separately. This allows securely saving data anywhere without leaking any information about content or ownership.

It also allows the recipient to make the choice of whether to download or not.

But I am not really sure we need PQ cryptography. The best attacks would still take millions of years.

Garbage nsec 5mo ago

How large is wildly large for the signatures?

Daniel Wigton 5mo ago

40kB for a "short" signature.

Garbage nsec 5mo ago

Dang.

Gemini is suggesting FALCON-512 as the most efficient option at around 666 bytes for the sig, with public key itself ~897 bytes (okay still 10x sig size vs K1 but...). Is that flat out wrong or are there some tradeoffs that come with PQ and these "shorter" ones?

Mike Dilger ☑️ 5mo ago

The sizes of the keys and signatures aren't even the most important factor. Security of the algorithm comes first. And I just don't know enough.

All I really care about is flexibility at this point -- make things work with any key size and any signature size and any algorithm, so that it is PQ ready, without actually making any choices right now. I'm hoping the cryptographers make better stuff in the future before we need these.

Mike Dilger ☑️ 5mo ago

https://en.wikipedia.org/wiki/Post-quantum_cryptography#Comparison

Garbage nsec 5mo ago

What do you think? nostr:nevent1qvzqqqqqqypzpwgv8jm36e358cq3qn2unt0hmvzaxejnk9mqrlum9m464qd7v7prqy2hwumn8ghj7un9d3shjtnyv9kh2uewd9hj7qgwwaehxw309ahx7uewd3hkctcqyzu2jpq2wslrqq5vesh39napu3qgyphzemnvr5xjdp3em2l2eg7mqmljl7l

mccrmx 5mo ago

A DHT could decentralize the key servers.