Noosphere cryptography evaluation - soliciting input

erlend_sh · May 16, 2023, 8:53am

github.com/subconsciousnetwork/noosphere

Evaluate cryptography in use and decide what we will support

opened 01:12AM - 16 May 23 UTC

Enhancement Topic: Privacy Topic: Security

Currently we make wide use of ed25519 keys (via [`ed25519-zebra`](https://crates….io/crates/ed25519-zebra)), except on the web where we use RSASSA-PKCS1-v1_5 (via the [Web Crypto API](https://w3c.github.io/webcrypto/)). ed25519 has various virtues (small public key size, speedy verification time among them), but also comes with some baggage: - It's not in broad use in Web Crypto API, so we _have_ to use Web Crypto's RSA there ([implementation status](https://github.com/WICG/webcrypto-secure-curves/issues/20)) - [There are issues when verifying signatures across implementations](https://hdevalence.ca/blog/2020-10-04-its-25519am) Both ed25519 keys and Web Crypto RSA keys are supported "out of the box" in the [`rs-ucan`](https://github.com/ucan-wg/rs-ucan) project, which is the basis for using these as the defaults in Noosphere. For CIDs, we currently use [blake2b-256](https://www.blake2.net/) everywhere. Blake2b's main virtue is its speed compared to most plausible alternatives. Recently, there was some thought provoking discussion of the default schemes used in Bluesky: https://staging.bsky.app/profile/gtank.bsky.social/post/3jvsidg6mgh2f And less recently, some discussion on Bluesky about usage of the [BLAKE3](https://github.com/BLAKE3-team/BLAKE3) hash by n0 computer: https://staging.bsky.app/profile/b5.bsky.social/post/3jv2zaqze5s2x (see also this [screencast](https://www.youtube.com/watch?v=nk4nefmguZk)). This issue is intended to kick off a discussion weighing the pros and cons of our default cryptography in use before we get too comfy with our priors. Some provocations to kick off the discussion: - There is compelling evidence that we should switch to BLAKE3 for hashing; what is the counter-arguement? - Compatibility across ed25519 implementations seems like it count be a real problem; is it worth blessing a (possibly less popular / less available) alternative as our favored default?

If there are folks with a cryptography bent and opinions about what a new protocol ought to consider when picking curves, hashes etc. it would be great to get your input here.

Noosphere is an emerging ‘protocol for thought’.