Post-Quantum Signatures in Corda


(Konstantinos Chalkias) #1

It’s not so clear how to securely communicate once an attacker has constructed a large quantum computer and then RSA and ECC are vulnerable due to Shor’s algorithm. Probably, this is not likely to happen in the next few years, but I guess Corda is here to stay for a long time too.
Although post-quantum secure Lattice-based signatures have been proposed in the literature, their quantitative security levels are highly unclear. But very recently, practical Merkle-Tree based signatures have been proposed as the 1st practical solution against the upcoming “evil” quantum computer.

If we choose to support at least one post-quantum algorithm, we can focus on Merkle Signature Schemes and be the first Distributed Ledger tech to provide such a security feature.

For those interested on how the basic algorithm works, take a look here: https://en.wikipedia.org/wiki/Merkle_signature_scheme

For more information on a very efficient and practical algorithm, called SPHINCS-256, supporting 128 bits of security and relatively short keys see here: https://sphincs.cr.yp.to/papers.html


(Konstantinos Chalkias) #2

Good news, just to note that an initial implementation supporting Post-Quantum Sphincs256 signatures worked successfully. As Corda is getting more and more flexible and scalable, we hopefully expect post-quantum and multi-algorithm support really soon.


(Paul Marsch) #3

Hi Kostas. I saw your presentation at Cordacon, recently, and found it very interesting. At one point I believe you said that Corda is already prepared for the “quantum apocalypse”, and now supports 5 post-quantum algorithms, including Sphincs256. Can you elaborate on the other algorithms? Thanks


(Konstantinos Chalkias) #4

Hi Paul, Corda currently supports five signature schemes in total, but only one of them is post-quantum secure. At the moment we have

  • EdDSA (ed25519 curve)

  • ECDSA (secp256k1 Koblitz curve)

  • ECDSA (secp256r1 (NIST P-256) curve)

  • RSA

  • SPHINCS-256 (POST-QUANTUM secure)

Note: We are also doing research on other post-quantum approaches (either hash or lattice based), mainly trying to accommodate stateful and stateless requirements and various key sizes and properties.