opened 01:12AM - 16 May 23 UTC
Enhancement
Topic: Privacy
Topic: Security
Currently we make wide use of ed25519 keys (via [`ed25519-zebra`](https://crates… .io/crates/ed25519-zebra)), except on the web where we use RSASSA-PKCS1-v1_5 (via the [Web Crypto API](https://w3c.github.io/webcrypto/)).
ed25519 has various virtues (small public key size, speedy verification time among them), but also comes with some baggage:
- It's not in broad use in Web Crypto API, so we _have_ to use Web Crypto's RSA there ([implementation status](https://github.com/WICG/webcrypto-secure-curves/issues/20))
- [There are issues when verifying signatures across implementations](https://hdevalence.ca/blog/2020-10-04-its-25519am)
Both ed25519 keys and Web Crypto RSA keys are supported "out of the box" in the [`rs-ucan`](https://github.com/ucan-wg/rs-ucan) project, which is the basis for using these as the defaults in Noosphere.
For CIDs, we currently use [blake2b-256](https://www.blake2.net/) everywhere. Blake2b's main virtue is its speed compared to most plausible alternatives.
Recently, there was some thought provoking discussion of the default schemes used in Bluesky: https://staging.bsky.app/profile/gtank.bsky.social/post/3jvsidg6mgh2f
And less recently, some discussion on Bluesky about usage of the [BLAKE3](https://github.com/BLAKE3-team/BLAKE3) hash by n0 computer: https://staging.bsky.app/profile/b5.bsky.social/post/3jv2zaqze5s2x (see also this [screencast](https://www.youtube.com/watch?v=nk4nefmguZk)).
This issue is intended to kick off a discussion weighing the pros and cons of our default cryptography in use before we get too comfy with our priors. Some provocations to kick off the discussion:
- There is compelling evidence that we should switch to BLAKE3 for hashing; what is the counter-arguement?
- Compatibility across ed25519 implementations seems like it count be a real problem; is it worth blessing a (possibly less popular / less available) alternative as our favored default?
If there are folks with a cryptography bent and opinions about what a new protocol ought to consider when picking curves, hashes etc. it would be great to get your input here.
Noosphere is an emerging ‘protocol for thought ’.