Falcon is 4+ weeks of full time work. It's also unreliable while being implemented, due to the fact it needs floating point math. Maybe fips 206 will fix quirks.
noble cryptography v2 is out. Improvements include Schnorr implementation in 5kb noble-secp256k1, hybrid pq algorithms, OPRFs, friendly wrappers around native WebCrypto, better security, and much more.
Live on GitHub, NPM & JSR.
Low-level - yes, it's a good idea to use it for a media.
#WeAreAllFiatjaf
Announcing noble-post-quantum: minimal JS implementation of ML-KEM, ML-DSA and SLH-DSA.
Also known as Kyber, Dilithium and SPHINCS+. Only 2000 lines of code - great learning resource for anyone who’s messing with PQ stuff.
Check out README for algorithm comparison and usage guidelines. https://github.com/paulmillr/noble-post-quantum
I have it in noble-curves readme https://github.com/paulmillr/noble-curves#weierstrass-short-weierstrass-curve
2023 progress on JS cryptography:
- noble-hashes: 400K => 1.7M downloads per week
- noble-curves: ~0 => 0.9M, got 2 audits
- noble-ciphers: 0 => 25K
- Finally adopted by ProtonMail, MetаMасk, Rainbow, Rabby, ethers, web3.js, viem
Takes time, but we’re getting there.
sphincs looks good, kyber not quite. I think Signal's decision is proper and other should follow, because it's hybrid. In the end, everything is a placeholder, and the only question is: "for how long?".
Please check out this writing https://blog.cryptographyengineering.com/2020/07/10/a-few-thoughts-about-signals-secure-value-recovery/
> We're sacrificing almost all the values we stand for
I'm not sure what are you talking about. SimpleX is not a silver bullet. It's trivially decrypt-able by quantum computers. It's also not popular, which means, if/when it becomes popular, only then we'll see how it holds up.
Again - if you think simplex would work - go ahead and implement it. If you can convince the community your solution is better, everyone will switch to it.
nostr is open for everyone. We're just a bunch of folks who've spent some time on the issue we thought was important. No one paid us for it.
It's possible to deduce who messages whom (timing / correlation attack). All user contacts are uploaded to Signal servers (they say it's stored in SGX - which may be broken). Groups also store some data on Signal servers. And - most important - Signal relies on phone numbers.
Also there's a separate "gift wrap" NIP which seems to solve the problem.
It's not as good as Signal for now - but it's open and permissionless.
I think we can eat some share of other messengers, yes. It's not as good as Signal for now - but it's open and permissionless.
It was discussed. SimpleX is extremely complicated. It's barely maintained. For example, for JS there is https://github.com/simplex-chat/simplexmq-js - but as per SimpleX founder words, it's abandoned and represents less than 5% of required code.
For comparison, full NIP-44 js implementation fits in just ~100 lines.
SimpleX is not a solution for nostr. Integrating simplex server functionality into relays is also extremely complicated. If you think you can do this - submit a proposal, and write some code, but it doesn't seem to be worth it.
He consulted on some ideas, yes.
The problem you're mentioning (metadata leakage) can't be solved by cryptography alone.
It's solved separately by specifying which relays can be responsible for your DMs. You will set up a preferred DM relay and only this relay would be used for all chats.
Yes, the audit requests have been incorporated into the current version.
There is no certainty. Two words for you: Cheon's attack.