ExploreTrendingAnalytics
Nostr Archives
ExploreTrendingAnalytics
JOE2o24d ago
elliptic curve cryptography is ngmi.
💬 11 replies

Replies (11)

Niel Liesmons24d ago
What actions does that make you take?
0000 sats
JOE2o24d ago
Tough. Don't build anything on schnorr. Build on dilithium. It's the only way. It might not be compatible with nostr now, but nostr has no other choice but to move to dilithium, and there is no migration path, it's a burn and restart. Use this to practice: https://github.com/trbouma/pqrelay Also this means diffie-hellman no longer works, has to be separate kyber keys for anything encrypted, the days of 2-in-1 shampoo are over.
0000 sats
Niel Liesmons24d ago
Thanks! Useful stuff. Will ponder.
0000 sats
JOE2o24d ago
Sucks, but is what it is. Nostr with these keys is doomed for the enterprise anyway, as most enterprise have an IT mandate to follow NIST guidance on depreciation.
0000 sats
Niel Liesmons24d ago
True. I don't get your last point tho, about the 2-in-1. #noob Are you saying this implies users keeping several (very long) keys for one profile?
0000 sats
Niel Liesmons24d ago
@Tim Bouma this is cool! Appreciate the sobriety on this Issue.
0000 sats
JOE2o24d ago
It means no DMs like kind04, 17, etc. since they all derive the encryption key from the two signing keys. you can't really do that trick in quantum land, so you have to have separate signing keys and encryption keys.
0000 sats
Niel Liesmons24d ago
Aha ok. But practically, how do you get a shared secret then and how do you even start a communication channel without relying on a less encrypted channel first?
0000 sats
JOE2o24d ago
It's one-way delivery. We each have an encryption keypair (kyber) separate to our signing keypair (dilithium). I generate a random secret on the fly and encrypt to your public key. Now you have it, so shared. But nostr logic doesn't really allow for 2 keypairs at once, so nobody in this future has a kyber key ready to go, it's all like that new-ish NIP can't remember the # for separating signing and encryption.
0000 sats
Tim Bouma24d ago
I am still building with ecc/schnorr to get away from the totally insecure/surveilled/gatekeeping shit that is DNS/TLS/HTTPS/REST/API. Most vendors are hitting the panic button with PQC in self-interest to paralyze practical improvements with classical cryptography.
0000 sats
JOE2o24d ago
With you on the goal, but ecc/schnorr cannot be the means. It's a dead end now. Whatever the solution is will have to be lattice or hash.
0000 sats