W3C-VC-QP with Dilithium signature

[andrea-dintino]

New Work Item Proposal

The proposal is about defining a new specification to define the associated Data Integrity cryptosuite that can be used to construct digital signatures and proofs using quantum-proof (QP) signing algorithms, starting with Dilithium.

The notable feature of this family of signature schemes is the quantum-resistance, according to the NIST competition results.

Currently no QP signature offers zero-knowledge proof or unlinkability features, so part of the task of the WG might involve combining QP signatures with more privacy-enhancing signining algorithms (such as BBS or ECDSA-SD).

We aim to initially focus on Dilithium2 (as apparently there is the only signature scheme readily available) and progressively extend the specs to accomodate more signature schemes.

Include Link to Abstract or Draft

https://msporny.github.io/di-quantum-safe/#abstract

• Dilithium signature implementations (C language): pq-crystals, pq-clean
• Zenroom implementation of the Dilithium signatures
• Specification of did:dyne W3C-DID method supporting Dilithium pubkey
• Curl POST to test W3C-VC-QP signing API
• Preliminary W3C-VC-QP proof structure:

"proof": {
      "created": "1710861739438",                                           //epoch
      "cryptosuite": "experimental-dilithium2-2024",                         //proposed cryptosuite name
      "id": "H+4899Oefjch3wmRTfczR08jSNdJ+Jr67kadQO7/7uc=",                 //hash of the W3C-VC
      "proofPurpose": "assertionMethod",
      "proofValue": "...Dilithium2signature...",
      "type": "DataIntegrityProof",
      "verificationMethod": "did:dyne:..#dilithium_public_key"           // Dilithium2 pubkey of the issuer
    }

List Owners

Identify 1 lead (person responsible for advancing the work item) and at least 1 other owner. Ideally, include their github usernames

@msporny, @jaromil, @wip-abramson

Work Item Questions

1. Explain what you are trying to do using no jargon or acronyms.

Draft a standard for a W3C-VC proof format, that supports Dilithium (and potentially further QP algorithms) signatures

2. How is it done today, and what are the limits of the current practice?

First experiment of Dilithium W3C-VC format.

4. What is new in your approach and why do you think it will be successful?

Building on top of extending w3C-VC cryptosuite standards, aiming to be as little invasive and disruptive as possible.

5. How are you involving participants from multiple skill sets and global locations in this work item? (Skill sets: technical, design, product, marketing, anthropological, and UX. Global locations: the Americas, APAC, Europe, Middle East.)

Initial participant group includes cryptographers and developers from Dyne.org (Netherlands), DigitalBazaar (US) and Will Abramson (US)

6. What actions are you taking to make this work item accessible to a non-technical audience?

While the topic is deeply technical, the specification should attempt to provide a gentle introduction to the topic via a non-technical introduction as well as non-technical use cases with imagery that is accessible to the general population.

[msporny]

Digital Bazaar is supportive of this proposal and can be a co-editor on the post quantum signatures cryptosuites. I'll put together a base cryptosuite spec this weekend. /cc @wind4greg @wes-smith

[wip-abramson]

I am supportive of this work item and willing to be a co-editor on the spec if needed. Although a bit of a novice in that area. Happy to learn

[Wind4Greg]

I support this work and happy to help. Have been recently reviewing the NIST draft FIP 204 and 205.

[man4prez]

We approve this "W3C-VC-QP with Dilithium signature" work item to be adopted by the W3C CCG due to the multiple supports from multiple organizations.

[peacekeeper]

I support this too, this is very important and forward-looking work! Also nice to see this already supported in the Universal Resolver, thanks to Dyne :)

https://dev.uniresolver.io/#did:dyne:sandbox.test:JBdcDrTMkEuR8A2QnMQLRDXBL82AKxTpuHkxhmzgdkVH

[wip-abramson]

Closing this as work item accepted. Work ongoing here: https://github.com/w3c-ccg/di-quantum-safe