From 267ac02504a47a81cc517d97979ffe34c630db91 Mon Sep 17 00:00:00 2001 From: rahul Date: Wed, 3 Apr 2024 23:22:38 +0530 Subject: [PATCH 1/8] =?UTF-8?q?=E2=9C=A8=20feat(Cryptography):=20Post-quan?= =?UTF-8?q?tum=20cryptography?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/_sidebar.md | 1 + docs/wiki/Cryptography/ecdsa.md | 3 +++ .../Cryptography/post-quantum-cryptography.md | 19 +++++++++++++++++++ wordlist.txt | 1 + 4 files changed, 24 insertions(+) create mode 100644 docs/wiki/Cryptography/post-quantum-cryptography.md diff --git a/docs/_sidebar.md b/docs/_sidebar.md index 4f381ce4..c0cf8df4 100644 --- a/docs/_sidebar.md +++ b/docs/_sidebar.md @@ -75,6 +75,7 @@ - Polynomials - Commitment schemes - ZK + - [Post-Quantum Cryptography](/wiki/Cryptography/post-quantum-cryptography.md) - [Protocol Fellowship](/wiki/epf.md) - **Wiki Info** diff --git a/docs/wiki/Cryptography/ecdsa.md b/docs/wiki/Cryptography/ecdsa.md index d0236317..533ddbd4 100644 --- a/docs/wiki/Cryptography/ecdsa.md +++ b/docs/wiki/Cryptography/ecdsa.md @@ -276,6 +276,9 @@ This discussion is a preliminary treatment of Elliptic Curve Cryptography. For a And finally: **never roll your own crypto!** Use trusted libraries and protocols to protect your data and transactions. +> โ„น๏ธ Note +> ECDSA faces potential obsolescence from quantum computers โ€“ learn about how [Post-Quantum Cryptography tackles this challenge.](/wiki/Cryptography/post-quantum-cryptography.md) + ## Further reading **Elliptic curve cryptography** diff --git a/docs/wiki/Cryptography/post-quantum-cryptography.md b/docs/wiki/Cryptography/post-quantum-cryptography.md new file mode 100644 index 00000000..f3298008 --- /dev/null +++ b/docs/wiki/Cryptography/post-quantum-cryptography.md @@ -0,0 +1,19 @@ +# Post-Quantum Cryptography + +Classical cryptography safeguards information by leveraging the inherent difficulty of certain mathematical problems. These problems fall under the area of mathematical research called the ["Hidden Subgroup Problem (HSP)"](https://en.wikipedia.org/wiki/Hidden_subgroup_problem). For a large group with a secret subgroup known only to insiders, these problems makes determining the structure of the secret subgroup (size, elements) computationally intractable for an outsider. Whereas, someone with the "secret" (the private key) can easily identify the subgroup. + +Public-key cryptography leverages this concept. Algorithms like RSA, DSA, and [ECDSA](/wiki/Cryptography/ecdsa.md) rely on problems like prime factorization of large integers or discrete logarithm calculations to secure private keys. The difficulty of solving these problems increases exponentially with key size, making brute-force attacks impractical for classical computers. This inherent difficulty safeguards encrypted data. + +However, the landscape is shifting. + +Quantum computers, harnessing the principles of quantum mechanics, offer novel computational approaches. Certain quantum algorithms can solve these classical cryptographic problems with exponential efficiency compared to their classical counterparts. This newfound capability poses a significant threat to the security of data encrypted with classical cryptography. + +[Shor's algorithm](https://ieeexplore.ieee.org/document/365700) for integer factorization is the most celebrated application of quantum computing. It factors n-digit integers in a time complexity less than $O(n^3)$, a significant improvement over the best classical algorithms. + +This is where the field of post-quantum cryptography comes in. It aims to develop new algorithms that remain secure even in the presence of powerful quantum computers. + +## Resources + +- ๐Ÿ“ Wikipedia, ["Quantum algorithm."](https://en.wikipedia.org/wiki/Quantum_algorithm) +- ๐Ÿ“ P.W. Shor, ["Algorithms for quantum computation: discrete logarithms and factoring."](https://ieeexplore.ieee.org/document/365700) +- ๐Ÿ“ NIST, ["Post-Quantum Cryptography."](https://csrc.nist.gov/projects/post-quantum-cryptography) diff --git a/wordlist.txt b/wordlist.txt index 58b0a19f..7f414997 100644 --- a/wordlist.txt +++ b/wordlist.txt @@ -331,6 +331,7 @@ ShareAlike Shead Shimon Silverman +Shor Sipser SLOAD smlXL From ba59e9b1625708960c58cff7a011d1a124501fad Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 4 Apr 2024 19:53:13 +0530 Subject: [PATCH 2/8] =?UTF-8?q?=E2=9C=A8=20feat(Cryptography):=20Post-quan?= =?UTF-8?q?tum=20selected=20algorithms?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Cryptography/post-quantum-cryptography.md | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/docs/wiki/Cryptography/post-quantum-cryptography.md b/docs/wiki/Cryptography/post-quantum-cryptography.md index f3298008..e9917db5 100644 --- a/docs/wiki/Cryptography/post-quantum-cryptography.md +++ b/docs/wiki/Cryptography/post-quantum-cryptography.md @@ -1,8 +1,8 @@ # Post-Quantum Cryptography -Classical cryptography safeguards information by leveraging the inherent difficulty of certain mathematical problems. These problems fall under the area of mathematical research called the ["Hidden Subgroup Problem (HSP)"](https://en.wikipedia.org/wiki/Hidden_subgroup_problem). For a large group with a secret subgroup known only to insiders, these problems makes determining the structure of the secret subgroup (size, elements) computationally intractable for an outsider. Whereas, someone with the "secret" (the private key) can easily identify the subgroup. +Classical cryptography safeguards information by leveraging the inherent difficulty of certain mathematical problems. These problems fall under the area of mathematical research called the ["Hidden Subgroup Problem (HSP)"](https://en.wikipedia.org/wiki/Hidden_subgroup_problem). Imagine a large group with a secret subgroup known only to insiders, these problems makes determining the structure of the secret subgroup (size, elements) computationally intractable for an outsider. Whereas, someone with the "secret" (the private key) can easily identify the subgroup. -Public-key cryptography leverages this concept. Algorithms like RSA, DSA, and [ECDSA](/wiki/Cryptography/ecdsa.md) rely on problems like prime factorization of large integers or discrete logarithm calculations to secure private keys. The difficulty of solving these problems increases exponentially with key size, making brute-force attacks impractical for classical computers. This inherent difficulty safeguards encrypted data. +Public-key cryptography leverages this concept. Algorithms like RSA, DSA, and [ECDSA](/wiki/Cryptography/ecdsa.md) rely on hidden subgroup problems like prime factorization of large integers or discrete logarithm calculations to secure private keys. The difficulty of solving these problems increases exponentially with key size, making brute-force attacks impractical for classical computers. This inherent difficulty safeguards encrypted data. However, the landscape is shifting. @@ -12,8 +12,25 @@ Quantum computers, harnessing the principles of quantum mechanics, offer novel c This is where the field of post-quantum cryptography comes in. It aims to develop new algorithms that remain secure even in the presence of powerful quantum computers. +Post-quantum cryptography is an active area of research. Currently, NIST is evaluating submissions to standardize quantum-resistant algorithms. + +## Selected Algorithms 2022 + +### Public-key Encryption and Key-establishment Algorithms + +- [CRYSTALS-KYBER](https://pq-crystals.org/) by Peter Schwabe et al. + +### Digital Signature Algorithm + +- [CRYSTALS-DILITHIUM](https://pq-crystals.org/) by Vadim Lyubashevsky et al. +- [FALCON](https://falcon-sign.info/) by Thomas Prest et al. +- [SPHINCS+](https://falcon-sign.info/) by Andreas Hulsing et al. + + NIST's ["status report"](https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934458) documents the standardization process, evaluation criteria, and security models. + ## Resources +- ๐Ÿ“ Daniel J. Bernstein and et al, ["Introduction to post-quantum cryptography"](https://pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) - ๐Ÿ“ Wikipedia, ["Quantum algorithm."](https://en.wikipedia.org/wiki/Quantum_algorithm) - ๐Ÿ“ P.W. Shor, ["Algorithms for quantum computation: discrete logarithms and factoring."](https://ieeexplore.ieee.org/document/365700) -- ๐Ÿ“ NIST, ["Post-Quantum Cryptography."](https://csrc.nist.gov/projects/post-quantum-cryptography) +- ๐Ÿ“ NIST, ["Post-Quantum Cryptography."](https://csrc.nist.gov/projects/post-quantum-cryptography) \ No newline at end of file From 3fbf31a86552a030c2d16bfcde30aa7d7e8f99ea Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 4 Apr 2024 20:01:44 +0530 Subject: [PATCH 3/8] =?UTF-8?q?=E2=9C=A8=20feat(Cryptography):=20update=20?= =?UTF-8?q?wordlist?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Cryptography/post-quantum-cryptography.md | 2 +- wordlist.txt | 24 +++++++++++++++---- 2 files changed, 20 insertions(+), 6 deletions(-) diff --git a/docs/wiki/Cryptography/post-quantum-cryptography.md b/docs/wiki/Cryptography/post-quantum-cryptography.md index e9917db5..a2511372 100644 --- a/docs/wiki/Cryptography/post-quantum-cryptography.md +++ b/docs/wiki/Cryptography/post-quantum-cryptography.md @@ -33,4 +33,4 @@ Post-quantum cryptography is an active area of research. Currently, NIST is eval - ๐Ÿ“ Daniel J. Bernstein and et al, ["Introduction to post-quantum cryptography"](https://pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) - ๐Ÿ“ Wikipedia, ["Quantum algorithm."](https://en.wikipedia.org/wiki/Quantum_algorithm) - ๐Ÿ“ P.W. Shor, ["Algorithms for quantum computation: discrete logarithms and factoring."](https://ieeexplore.ieee.org/document/365700) -- ๐Ÿ“ NIST, ["Post-Quantum Cryptography."](https://csrc.nist.gov/projects/post-quantum-cryptography) \ No newline at end of file +- ๐Ÿ“ NIST, ["Post-Quantum Cryptography."](https://csrc.nist.gov/projects/post-quantum-cryptography) diff --git a/wordlist.txt b/wordlist.txt index bc9863cb..bd2feefb 100644 --- a/wordlist.txt +++ b/wordlist.txt @@ -13,9 +13,9 @@ ASE Assche Assertoor autoplay +backfill Bankless Barnabe -backfill Beiko Bertoni BFT @@ -41,14 +41,15 @@ cdots centric chainId cli +cmd CoC codebase codebases CODECOPY config congestions +Consensys Corbellini -cmd Crypto cryptocurrencies cryptocurrency @@ -81,6 +82,7 @@ Devops devp Devs Diffie +DILITHIUM discv distro docsify @@ -163,6 +165,8 @@ Guillaume hoc Holesky Hsiao +HSP +Hulsing ics iframe ify @@ -189,6 +193,7 @@ Keccak's keecak Kleppmann Koblitz +KYBER KZG KZGCommitment KZGProof @@ -206,6 +211,7 @@ Longrightarrow LST Lua LuaVM +Lyubashevsky mainnet Mรกrio mathbb @@ -235,6 +241,7 @@ natively newPayloadV NFT NIST +NIST's NOXX Occhipinti offsites @@ -258,10 +265,11 @@ pmod POC POS pre -preconfirmations precompile precompiled precompiles +preconfirmations +Prest privateKey programmability proto @@ -289,11 +297,13 @@ rollup rollups RPC RPCs +RSA runtime scalability scalable schemas Schocken +Schwabe SECG secp SELFDESTRUCT @@ -304,14 +314,16 @@ sharding ShareAlike Shead Shimon -Silverman Shor +Shor's +Silverman Sipser SLOAD smlXL SNARKify socio solvm +SPHINCS SSF SSLE SSTORE @@ -326,6 +338,7 @@ StreamEth systemd Takenobu Tani +Teku testnet Tetris textnormal @@ -346,6 +359,7 @@ underbrace Unformatted upstreamed utils +Vadim validator validators Vanstone @@ -365,4 +379,4 @@ WSS XORed xy Yellowpaper -zk \ No newline at end of file +zk From d5ba05f77faf1f2b1c09514cc1c51553d1cf86f8 Mon Sep 17 00:00:00 2001 From: rahul Date: Thu, 4 Apr 2024 20:09:17 +0530 Subject: [PATCH 4/8] =?UTF-8?q?=E2=9C=A8=20feat(Cryptography):=20update=20?= =?UTF-8?q?wordlist?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- wordlist.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/wordlist.txt b/wordlist.txt index bd2feefb..40856103 100644 --- a/wordlist.txt +++ b/wordlist.txt @@ -10,6 +10,7 @@ API APIs ary ASE +assignees Assche Assertoor autoplay From 8855d57247722af7df9ba7cd435248b1096e007c Mon Sep 17 00:00:00 2001 From: rahul Date: Fri, 5 Apr 2024 21:14:40 +0530 Subject: [PATCH 5/8] =?UTF-8?q?=E2=9C=A8=20feat(Cryptography):=20PQC=20-?= =?UTF-8?q?=20Research=20efforts?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Cryptography/post-quantum-cryptography.md | 28 +++++++++++++++---- wordlist.txt | 5 +++- 2 files changed, 26 insertions(+), 7 deletions(-) diff --git a/docs/wiki/Cryptography/post-quantum-cryptography.md b/docs/wiki/Cryptography/post-quantum-cryptography.md index a2511372..2d12a40f 100644 --- a/docs/wiki/Cryptography/post-quantum-cryptography.md +++ b/docs/wiki/Cryptography/post-quantum-cryptography.md @@ -6,27 +6,43 @@ Public-key cryptography leverages this concept. Algorithms like RSA, DSA, and [E However, the landscape is shifting. -Quantum computers, harnessing the principles of quantum mechanics, offer novel computational approaches. Certain quantum algorithms can solve these classical cryptographic problems with exponential efficiency compared to their classical counterparts. This newfound capability poses a significant threat to the security of data encrypted with classical cryptography. +Quantum computers, harnessing the principles of quantum mechanics, offer novel computational approaches. Certain quantum algorithms can solve these classical cryptographic problems with exponential efficiency compared to their classical counterparts. This newfound capability poses a significant threat to the security of data encrypted with classical cryptography. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptography currently in use. [Shor's algorithm](https://ieeexplore.ieee.org/document/365700) for integer factorization is the most celebrated application of quantum computing. It factors n-digit integers in a time complexity less than $O(n^3)$, a significant improvement over the best classical algorithms. This is where the field of post-quantum cryptography comes in. It aims to develop new algorithms that remain secure even in the presence of powerful quantum computers. -Post-quantum cryptography is an active area of research. Currently, NIST is evaluating submissions to standardize quantum-resistant algorithms. +## Research -## Selected Algorithms 2022 +Post-quantum cryptography is an active area of research. Several organizations are working on prototyping, development, and standardization of new post-quantum algorithms. -### Public-key Encryption and Key-establishment Algorithms +### NIST Post-Quantum Cryptography + +The [NIST Post-Quantum Cryptography standardization](https://csrc.nist.gov/projects/post-quantum-cryptography) effort is a competition like process to solicit, evaluate, and standardize one or more quantum-resistant public-key cryptographic algorithms. + +### Selected Algorithms by NIST as part of third round in 2022 + +#### I. Public-key Encryption and Key-establishment Algorithms - [CRYSTALS-KYBER](https://pq-crystals.org/) by Peter Schwabe et al. -### Digital Signature Algorithm +#### II. Digital Signature Algorithm - [CRYSTALS-DILITHIUM](https://pq-crystals.org/) by Vadim Lyubashevsky et al. - [FALCON](https://falcon-sign.info/) by Thomas Prest et al. - [SPHINCS+](https://falcon-sign.info/) by Andreas Hulsing et al. - NIST's ["status report"](https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934458) documents the standardization process, evaluation criteria, and security models. + NIST's ["2022 status report"](https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934458) documents the standardization process, evaluation criteria, and security models. + +### Post-Quantum Cryptography Alliance + +[Post-Quantum Cryptography Alliance (PQCA)](https://pqca.org/), an open and collaborative initiative by [linux foundation](https://www.linuxfoundation.org/press/announcing-the-post-quantum-cryptography-alliance-pqca) to drive the advancement and adoption of post-quantum cryptography. + +[The Open Quantum Safe (OQS)](https://openquantumsafe.org/) project under this initiative is an open-source project that aims to support the transition to quantum-resistant cryptography. + +### The Crypto Forum Research Group + +The [Crypto Forum Research Group](https://datatracker.ietf.org/rg/cfrg/about/) within the Internet Engineering Task Force has standardized the stateful hash-based signature scheme ["XMSS: eXtended Merkle Signature Scheme."](https://datatracker.ietf.org/doc/rfc8391/) ## Resources diff --git a/wordlist.txt b/wordlist.txt index b7a742fc..46d11f74 100644 --- a/wordlist.txt +++ b/wordlist.txt @@ -10,7 +10,6 @@ API APIs ary ASE -assignees Assche Assertoor assignees @@ -251,6 +250,7 @@ onchain Oorschot OpenRPC OpenZeppelin +OQS OSI OSI's Parametrizing @@ -266,6 +266,7 @@ Playdate pmod POC POS +PQCA pre precompile precompiled @@ -334,6 +335,7 @@ SSZ stakers Stallman StateDB +stateful stateRoot stf StreamEth @@ -378,6 +380,7 @@ WebRTC Whitepaper WIP WSS +XMSS XORed xy Yellowpaper From 6b1cd4a88998358bbebd843a48c068a9d6d44cc3 Mon Sep 17 00:00:00 2001 From: rahul Date: Wed, 17 Apr 2024 13:42:04 +0530 Subject: [PATCH 6/8] =?UTF-8?q?=E2=9C=A8=20feat(Cryptography):=20timeline,?= =?UTF-8?q?=20production=20usage,=20research?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Cryptography/post-quantum-cryptography.md | 56 +++++++++++++++++-- 1 file changed, 52 insertions(+), 4 deletions(-) diff --git a/docs/wiki/Cryptography/post-quantum-cryptography.md b/docs/wiki/Cryptography/post-quantum-cryptography.md index 2d12a40f..c1fd7617 100644 --- a/docs/wiki/Cryptography/post-quantum-cryptography.md +++ b/docs/wiki/Cryptography/post-quantum-cryptography.md @@ -1,8 +1,10 @@ # Post-Quantum Cryptography -Classical cryptography safeguards information by leveraging the inherent difficulty of certain mathematical problems. These problems fall under the area of mathematical research called the ["Hidden Subgroup Problem (HSP)"](https://en.wikipedia.org/wiki/Hidden_subgroup_problem). Imagine a large group with a secret subgroup known only to insiders, these problems makes determining the structure of the secret subgroup (size, elements) computationally intractable for an outsider. Whereas, someone with the "secret" (the private key) can easily identify the subgroup. +Classical cryptography safeguards information by leveraging the inherent difficulty of certain mathematical problems. Such group of problems as prime factoring, discrete logarithm, graph isomorphism, and the shortest vector problem etc. fall under the area of mathematical research called the ["Hidden Subgroup Problem (HSP)"](https://en.wikipedia.org/wiki/Hidden_subgroup_problem). -Public-key cryptography leverages this concept. Algorithms like RSA, DSA, and [ECDSA](/wiki/Cryptography/ecdsa.md) rely on hidden subgroup problems like prime factorization of large integers or discrete logarithm calculations to secure private keys. The difficulty of solving these problems increases exponentially with key size, making brute-force attacks impractical for classical computers. This inherent difficulty safeguards encrypted data. +In essence, these problems makes determining the structure of a secret subgroup (size, elements) within a large group computationally intractable without the knowledge of a "secret" (private) key. This one-way "trapdoor function" is employed by public-key cryptography algorithms for their security. + +[RSA's](https://en.wikipedia.org/wiki/RSA_(cryptosystem)) security rests on the **factoring of large prime numbers**. In contrast, [ECDSA's](/wiki/Cryptography/ecdsa.md) security is based on the elliptic curve **discrete logarithm problem**. Solving either of these hidden subgroup problems becomes exponentially harder as the key size increases, making them computationally infeasible for classical computers to crack. This fundamental difficulty safeguards encrypted data. However, the landscape is shifting. @@ -12,6 +14,39 @@ Quantum computers, harnessing the principles of quantum mechanics, offer novel c This is where the field of post-quantum cryptography comes in. It aims to develop new algorithms that remain secure even in the presence of powerful quantum computers. +## Timeline + +According to the survey done for ["Quantum Threat Timeline Report 2020"](https://globalriskinstitute.org/publication/quantum-threat-timeline-report-2020/) most experts believe that there is <5% threat to the public-key cryptography until 2030. However, it is predicted that the risk substantially increases to about 50% by 2050. + +Currently, the most [advanced quantum computers](https://en.wikipedia.org/wiki/List_of_quantum_processors) have <2000 physical qubits. Breaking Bitcoin's encryption within an hour (ideal time window) [requires approximately 317 million physical qubits](https://pubs.aip.org/avs/aqs/article/4/1/013801/2835275/The-impact-of-hardware-specifications-on-reaching). + +Steady progress is being made in quantum research; one survey respondent notes: + +> It is not always the case [..] but I find that my predictions are often +more pessimistic than what actually happens. I take this as a sign +that the research is accelerating. + +## Post-Quantum risk to Ethereum + +Ethereum accounts are secured by a two-tier cryptosystem. A private key is used to generate a public key through [elliptic curve multiplication](/wiki/Cryptography/ecdsa.md). This public key is hashed using [keccak256](/wiki/Cryptography/keccak256.md) to derive the Ethereum address. + +The immediate post-quantum threat is the ability to reverse elliptic curve multiplication securing ECDSA thus exposing the private key. This makes all externally owned accounts (EOA) vulnerable to a quantum attack. Assuming the hashing function that maps a public-key to an ethereum address is still safe, extracting its private key is still challenging but vulnerable nonetheless. + +In practice, most usersโ€™ private keys are themselves the result of a bunch of hash calculations using [BIP-32](https://github.com/bitcoin/bips/blob/b3701faef2bdb98a0d7ace4eedbeefa2da4c89ed/bip-0032.mediawiki), which generates each address through a series of hashes starting from a master seed phrase. This makes revealing the private key even more computationally expensive. + +Eth Research has an [ongoing proposal](https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901) for a hard-fork in the event of a post-quantum emergency, the key actions being: + +1. Revert all blocks after the first block where itโ€™s clear that large-scale theft is happening +2. Traditional EOA-based transactions are disabled +3. A new transaction type is added to allow transactions from smart contract wallets (eg. part of [RIP-7560](https://ethereum-magicians.org/t/rip-7560-native-account-abstraction/16664)), if this is not available already +4. A new transaction type or opcode is added by which you can provide a STARK proof which proves knowledge of (i) a private preimage x, (ii) a hash function ID `1 <= i < k` from a list of k approved hash functions, and (iii) a public address A, such that `keccak(priv_to_pub(hashes[i](x)))[12:] = A`. The STARK also accepts as a public input the hash of a new piece of validation code for that account. If the proof passes, your accountโ€™s code is switched over to the new validation code, and you will be able to use it as a smart contract wallet from that point forward. + +The approach, however, is not perfect. Some users will still loose funds since not all blocks from the event of an attack will be reverted. This is because it is incredibly hard to reliably detect a quantum attack on the network as [domothy highlights](https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901/14): + +> Picture a single large exchange wallet being drained by a quantum computer. Everyone would naturally assume it was a security failure of some kind on the exchangeโ€™s end. Or if a smart wallet relying on discrete log assumption gets drained, a smart contract bug/exploit would be the first thing that comes to mind. Or the quantum-enabled attacker avoids high profile targets altogether and slowly steals funds from various large EOAs, and we never even know a quantum attack took place. + +Further, KZG commitment schemes powering [EIP-4844](/wiki/research/scaling/core-changes/eip-4844.md) would also need to be upgraded to prevent fraudulent commits. + ## Research Post-quantum cryptography is an active area of research. Several organizations are working on prototyping, development, and standardization of new post-quantum algorithms. @@ -22,11 +57,11 @@ The [NIST Post-Quantum Cryptography standardization](https://csrc.nist.gov/proje ### Selected Algorithms by NIST as part of third round in 2022 -#### I. Public-key Encryption and Key-establishment Algorithms +#### I. Public-key Encryption and key-establishment algorithms - [CRYSTALS-KYBER](https://pq-crystals.org/) by Peter Schwabe et al. -#### II. Digital Signature Algorithm +#### II. Digital signature algorithm - [CRYSTALS-DILITHIUM](https://pq-crystals.org/) by Vadim Lyubashevsky et al. - [FALCON](https://falcon-sign.info/) by Thomas Prest et al. @@ -44,9 +79,22 @@ The [NIST Post-Quantum Cryptography standardization](https://csrc.nist.gov/proje The [Crypto Forum Research Group](https://datatracker.ietf.org/rg/cfrg/about/) within the Internet Engineering Task Force has standardized the stateful hash-based signature scheme ["XMSS: eXtended Merkle Signature Scheme."](https://datatracker.ietf.org/doc/rfc8391/) +## Production usage + +Following pilot projects and research initiatives are exploring PQC usage in production: + +- [Anchor Vault](https://chromewebstore.google.com/detail/omifklijimcjhfiojhodcnfihkljeali) is a chrome plugin allows adding a quantum-resistant proof using Lamport's signature for securing ERC tokens. +- Signal is experimenting with ["Post-Quantum Extended Diffie-Hellman"](https://signal.org/docs/specifications/pqxdh/#introduction) for key agreement protocol. +- Chromium is using ["Hybrid Kyber KEM"](https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html) to protect data in transit. +- Apple is using [PQ3](https://security.apple.com/blog/imessage-pq3/) to protect iMessage against key compromise from a quantum attack. + ## Resources - ๐Ÿ“ Daniel J. Bernstein and et al, ["Introduction to post-quantum cryptography"](https://pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010-c1.pdf) - ๐Ÿ“ Wikipedia, ["Quantum algorithm."](https://en.wikipedia.org/wiki/Quantum_algorithm) - ๐Ÿ“ P.W. Shor, ["Algorithms for quantum computation: discrete logarithms and factoring."](https://ieeexplore.ieee.org/document/365700) - ๐Ÿ“ NIST, ["Post-Quantum Cryptography."](https://csrc.nist.gov/projects/post-quantum-cryptography) +- ๐Ÿ“ ETHResearch, ["How to hard-fork to save most usersโ€™ funds in a quantum emergency."](https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901) +- ๐Ÿ“ ETHResearch, ["ETHResearch: Post-Quantum"](https://ethresear.ch/tag/post-quantum) +- ๐Ÿ“ Vitalik Buterin, ["STARKs, Part I: Proofs with Polynomials."](https://vitalik.eth.limo/general/2017/11/09/starks_part_1.html) +- ๐Ÿ“ Wikipedia, ["Lamport's Signature."](https://en.wikipedia.org/wiki/Lamport_signature) From 4ddaae1b35f4bf68110a56b7ce499b7ae654b9d7 Mon Sep 17 00:00:00 2001 From: rahul Date: Wed, 17 Apr 2024 13:42:27 +0530 Subject: [PATCH 7/8] =?UTF-8?q?=F0=9F=A7=B9=20chore:=20Spelling?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/eps/intro.md | 2 +- docs/eps/week9-dev.md | 2 +- wordlist.txt | 21 ++++++++++++++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) diff --git a/docs/eps/intro.md b/docs/eps/intro.md index 27f615b7..07938c53 100644 --- a/docs/eps/intro.md +++ b/docs/eps/intro.md @@ -39,7 +39,7 @@ The second part of the program offers two distinct tracks focused on development | April 3 | Verkle trees | [Josh Rudolf](https://github.com/jrudolf) | Research | | April 8 | Consensus client architecture | [Paul Harris](https://github.com/rolfyone) | Development | | April 10 | MEV and censorship | [Barnabe Monnot](https://github.com/barnabemonnot) | Research | -| April 15 | Devops and testing | [Paritosh](https://github.com/parithosh) | Development | +| April 15 | Devops and testing | [Parithosh](https://github.com/parithosh) | Development | | April 17 | Purge and Portal Network | [Piper Merriam](https://github.com/pipermerriam) | Research | | April 22 | Cryptographic precompiles | | Development | | April 24 | SSF and PoS Upgrades | [Francesco Dโ€™Amato](https://github.com/fradamt) | Research | diff --git a/docs/eps/week9-dev.md b/docs/eps/week9-dev.md index 9bf52003..394783aa 100644 --- a/docs/eps/week9-dev.md +++ b/docs/eps/week9-dev.md @@ -39,6 +39,6 @@ Additionally, you can get ready by studying the following resources: - [Attacknet: Chaos engineering on Ethereum](https://ethpandaops.io/posts/attacknet-introduction/) - [Verkle devnets](https://github.com/ethpandaops/verkle-devnets) - [Kurtosis](https://github.com/kurtosis-tech/kurtosis) -- Follow excercises proposed by Pari in the talk +- Follow exercises proposed by Pari in the talk - Modify a client with a custom log message and run it using Kurtosis - Deploy some of the tolling, connect to your own node on any network \ No newline at end of file diff --git a/wordlist.txt b/wordlist.txt index 3f805590..b3d09939 100644 --- a/wordlist.txt +++ b/wordlist.txt @@ -22,6 +22,7 @@ Bertoni BFT bitrate bitwise +BIP BLOBHASH blockchain blockchain's @@ -59,6 +60,7 @@ cryptoeconomically cryptographic cryptographically Cryptopedia +cryptosystem cybersecurity Cypherpunks D'Amato @@ -82,6 +84,7 @@ Devcon Devops devp Devs +devnet Diffie DILITHIUM discv @@ -96,6 +99,7 @@ EB ECADD ECC ECDSA +ECDSA's ECMUL ECPAIRING ECRECOVER @@ -111,6 +115,8 @@ Elmore ELs Encodings env +EOA +EOAs EOF EOY eP @@ -141,6 +147,7 @@ Femboy finalise Forkchoice forkchoiceUpdatedV +Forky FOSS frameborder Francesco @@ -161,6 +168,7 @@ getPayloadV getters Gilles Goron +Goomy gpg Grafana Guillaume @@ -193,6 +201,7 @@ Katex keccak Keccak's keecak +KEM Kleppmann Koblitz KYBER @@ -200,6 +209,7 @@ KZG KZGCommitment KZGProof Lamport +Lamport's Lefteris libp lifecycle @@ -231,6 +241,7 @@ MMPTs MODEXP modularity Monnot +mortem MPT MSIZE mstore @@ -258,7 +269,7 @@ OSI's Parametrizing params Pari -Paritosh +Parithosh Pectra PeerDAS Peeters @@ -269,11 +280,14 @@ pmod POC POS PQCA +PQ +PQC pre precompile precompiled precompiles preconfirmations +preimage Prest privateKey probabilistically @@ -285,6 +299,7 @@ PUSHX py Pyspec pytest +qubits radix Rareskills README @@ -305,6 +320,7 @@ rollup's RPC RPCs RSA +RSA's runtime scalability scalable @@ -317,6 +333,7 @@ SELFDESTRUCT sexualized SHA Shafu +shadowfork sharding ShareAlike Shead @@ -352,6 +369,7 @@ Tetris textnormal TODO TPS +tracoor tradeoff transactional trapdoored @@ -385,6 +403,7 @@ WebRTC Whitepaper WIP WSS +Xatu XMSS XORed xy From fb0b8e715b523835caaff3bea551be1040ba44b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=C3=A1rio=20Havel?= <61149543+taxmeifyoucan@users.noreply.github.com> Date: Wed, 17 Apr 2024 11:33:16 +0200 Subject: [PATCH 8/8] minor updates to postq crypto --- docs/wiki/Cryptography/post-quantum-cryptography.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/wiki/Cryptography/post-quantum-cryptography.md b/docs/wiki/Cryptography/post-quantum-cryptography.md index c1fd7617..24c820a0 100644 --- a/docs/wiki/Cryptography/post-quantum-cryptography.md +++ b/docs/wiki/Cryptography/post-quantum-cryptography.md @@ -22,9 +22,9 @@ Currently, the most [advanced quantum computers](https://en.wikipedia.org/wiki/L Steady progress is being made in quantum research; one survey respondent notes: -> It is not always the case [..] but I find that my predictions are often -more pessimistic than what actually happens. I take this as a sign -that the research is accelerating. +> It is not always the case [..] but I find that my predictions are often more pessimistic than what actually happens. I take this as a sign that the research is accelerating. + +Note that these predictions are somewhat subjective and might not reflect real progress which is mostly not open to public. Advanced threat actor might have access to powerful quantum computing sooner than public and use strategies like [retrospective decryption](https://en.wikipedia.org/wiki/Harvest_now%2C_decrypt_later). ## Post-Quantum risk to Ethereum @@ -34,7 +34,7 @@ The immediate post-quantum threat is the ability to reverse elliptic curve multi In practice, most usersโ€™ private keys are themselves the result of a bunch of hash calculations using [BIP-32](https://github.com/bitcoin/bips/blob/b3701faef2bdb98a0d7ace4eedbeefa2da4c89ed/bip-0032.mediawiki), which generates each address through a series of hashes starting from a master seed phrase. This makes revealing the private key even more computationally expensive. -Eth Research has an [ongoing proposal](https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901) for a hard-fork in the event of a post-quantum emergency, the key actions being: +EthResearch has an [ongoing proposal](https://ethresear.ch/t/how-to-hard-fork-to-save-most-users-funds-in-a-quantum-emergency/18901) for a hard-fork in the event of a post-quantum emergency, the key actions being: 1. Revert all blocks after the first block where itโ€™s clear that large-scale theft is happening 2. Traditional EOA-based transactions are disabled @@ -84,7 +84,7 @@ The [Crypto Forum Research Group](https://datatracker.ietf.org/rg/cfrg/about/) w Following pilot projects and research initiatives are exploring PQC usage in production: - [Anchor Vault](https://chromewebstore.google.com/detail/omifklijimcjhfiojhodcnfihkljeali) is a chrome plugin allows adding a quantum-resistant proof using Lamport's signature for securing ERC tokens. -- Signal is experimenting with ["Post-Quantum Extended Diffie-Hellman"](https://signal.org/docs/specifications/pqxdh/#introduction) for key agreement protocol. +- Signal is implemented ["Post-Quantum Extended Diffie-Hellman"](https://signal.org/docs/specifications/pqxdh/#introduction) in production for key agreement protocol. - Chromium is using ["Hybrid Kyber KEM"](https://blog.chromium.org/2023/08/protecting-chrome-traffic-with-hybrid.html) to protect data in transit. - Apple is using [PQ3](https://security.apple.com/blog/imessage-pq3/) to protect iMessage against key compromise from a quantum attack.