[QUESTION]: is blindsign package post-quantum secure ?

cloudflare / circl

CIRCL: Cloudflare Interoperable Reusable Cryptographic Library

http://blog.cloudflare.com/introducing-circl

Other

1.22k stars 136 forks source link

[QUESTION]: is blindsign package post-quantum secure ? #441

Closed devthejo closed 1 year ago

devthejo commented 1 year ago

Hello,

Question: is the blindsign package post-quantum secure or, as it's based on RSA, it suffer from same vuln and not secure at post-quantum area ?

Thanks

armfazh commented 1 year ago

Short answer is no. but check the complete specification https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-rsa-blind-signatures-12#name-post-quantum-readiness

devthejo commented 1 year ago

OK, got it, thanks for your reactivity.

Without wanting to abuse your time, I've two more question:

is this planned on the circl roadmap to develop a post-quantum secure blind-signing package (and as the one based on RSA with deterministic signature feature) ?
If not, from your perspective, what would be the good way to start working on this, what would be the lib you would choose to work on top (if anyone viewing this message has an idea or suggestion, I post this question as a bottle in the sea) ?

bwesterb commented 1 year ago

Post-quantum blind signatures are still very much an active research area. We're interested in them for post-quantum privacy pass/unlinkable tokens. That led us to this work presented at RWC this year. (That might or might not fit your application.) I expect much better schemes to be announced the coming years. There are no practical off the shelf implementations though, yet.

armfazh commented 1 year ago

Derived from ia.cr/2023/414, there is this implementation that you may find useful. https://github.com/guruvamsi-policharla/zkdilithium