Replying to Avatar Mike Dilger ☑️

PQ cryptography has all kinds of wild key sizes and signature sizes, some very large.

For Mosaic I've been ruminating about multiple algorithms (in support of nostr backwards compatibility) and from that considering not storing keys or signatures in the records themselves, but rather just hashes of these. Then you look up the keys and the signature by their hash on a keyserver (also serving signatures). Self-hosters would run their own keyserver. Separating large keys saves data by not repeating them, but separating large signatures does not since every record has to have a distinct signature... but in PQ cryptography it is usually the signatures that are wildly large. So it unfortunately doesn't quite fit my idea.
Avatar
Daniel Wigton 5mo ago

I have run into the same issues. I am just saving files by their hash. They contain no metadata. The signature/decryption key are sent separately. This allows securely saving data anywhere without leaking any information about content or ownership.

It also allows the recipient to make the choice of whether to download or not.

But I am not really sure we need PQ cryptography. The best attacks would still take millions of years.

Reply to this note

Please Login to reply.

Discussion

No replies yet.