Hi Tom, Bit late to the party, but I wanted to mention that even in the transition to PQC, Ed25519 is still relevant, in hybrid/composite constructions; the idea being that you sign and verify with both algorithms, so that an attacker would need to break both of them. For example, see draft-ietf-lamps-pq-composite-sigs <https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-04.html> and draft-ietf-openpgp-pqc <https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-09.html>, both of which define constructions combining ML-DSA and Ed25519/Ed448. To quote the former: > This document defines combinations of ML-DSA [FIPS.204] in hybrid with traditional algorithms (...) Ed25519, and Ed448. These combinations are tailored to meet security best practices and regulatory requirements. Composite ML-DSA is applicable in any application (...) where the operator wants extra protection against breaks or catastrophic bugs in ML-DSA.
Since crypto.subtle is a low-level API, we want to define both components of such a construction, so that libraries can implement them however they're combined. (A draft for the ML-DSA part of that is at https://twiss.github.io/webcrypto-modern-algos/pqc.html, but that's less far along.) Best, Daniel Op zaterdag 12 april 2025 om 20:46:04 UTC+2 schreef Tom Jones: > to be clear - ED25519 is much faster than the quantum-resistant > alternatives, but that does not make it long term secure. > To be more specific, we could see an announcement any day that someone has > developed a quantum computer that will break it. > Or it could be 5 more years - who knows. > Google and Microsoft are two of the companies trying to break it. > > https://hedera.com/blog/are-ed25519-keys-quantum-resistant-exploring-the-future-of-cryptography > > Peace ..tom jones > > > On Fri, Apr 11, 2025 at 3:34 AM Anna Weine <nkul...@mozilla.com> wrote: > >> @Tom do you have any link/article/post about the Ed25519 deprecation? >> I've not heard about that so I'm very curious. >> >> Thanks, >> A >> >> On Thursday, April 10, 2025 at 9:12:39 PM UTC+2 Tom Jones wrote: >> >>> I have been hearing other teams asking to use this "new" crypto in other >>> standards, but i cannot for the life of me understand why any effort is >>> being put into a crypto scheme that will surely be deprecated (at least by >>> the NSA) by the end of this year. I didn't object to adding it here until >>> others started to add it to new protocols - which is CLEARLY A BAD IDEA. >>> >>> ..tomj >>> >>> On Wednesday, April 9, 2025 at 8:17:38 AM UTC-7 Chris Harrelson wrote: >>> >>>> LGTM3 >>>> >>>> On Thu, Apr 3, 2025 at 1:51 AM Yoav Weiss (@Shopify) < >>>> yoav...@chromium.org> wrote: >>>> >>>>> LGTM2 >>>>> >>>>> On Wed, Apr 2, 2025, 16:18 Daniel Bratell <brat...@gmail.com> wrote: >>>>> >>>>>> LGTM1 >>>>>> >>>>>> /Daniel >>>>>> On 2025-03-31 11:42, Javier Fernandez wrote: >>>>>> >>>>>> Contact emails jfern...@igalia.com >>>>>> >>>>>> Explainer >>>>>> https://github.com/WICG/webcrypto-secure-curves/blob/main/explainer.md >>>>>> >>>>>> Specification https://w3c.github.io/webcrypto/#ed25519 >>>>>> >>>>>> Design docs >>>>>> >>>>>> https://docs.google.com/document/d/1fDTUY3HVAXehi-eSfbi7nxh8ZPw4MpSKM8U1fMdqJlU/edit?usp=sharing >>>>>> >>>>>> Summary >>>>>> >>>>>> This feature adds support for Curve25519 algorithms in the Web >>>>>> Cryptography API, namely the signature algorithm Ed25519 >>>>>> >>>>>> >>>>>> Blink component Blink >>>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%22> >>>>>> >>>>>> TAG review https://github.com/w3ctag/design-reviews/issues/466 >>>>>> >>>>>> TAG review status Issues addressed >>>>>> >>>>>> Risks >>>>>> >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> WebCrypto API was specified to allow the addition of new (normalized) >>>>>> crypto algorithms. When an algorithm is not yet supported by a browser, >>>>>> an >>>>>> exception of unrecognized algorithms would be thrown after invoking >>>>>> related >>>>>> APIs. >>>>>> >>>>>> >>>>>> *Gecko*: Shipped/Shipping ( >>>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1804788) >>>>>> https://www.mozilla.org/en-US/firefox/130.0/releasenotes/ >>>>>> >>>>>> *WebKit*: Shipped/Shipping ( >>>>>> https://bugs.webkit.org/show_bug.cgi?id=246145) >>>>>> https://developer.apple.com/documentation/safari-technology-preview-release-notes/stp-release-178 >>>>>> >>>>>> *Web developers*: No signals >>>>>> >>>>>> *Other signals*: >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? Yes >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? Yes >>>>>> >>>>>> >>>>>> https://wpt.fyi/results/WebCryptoAPI?label=experimental&label=master&aligned >>>>>> >>>>>> >>>>>> Flag name on about://flags WebCryptoEd25519 >>>>>> >>>>>> Finch feature name None >>>>>> >>>>>> Non-finch justification >>>>>> >>>>>> The feature has been implemented behind WebCryptoEd25519 runtime flag. >>>>>> >>>>>> >>>>>> Requires code in //chrome? False >>>>>> >>>>>> Tracking bug >>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1370697 >>>>>> >>>>>> Availability expectation The feature is already available on the Web >>>>>> Platform, and shipped enabled by default in Firefox and Safari. >>>>>> >>>>>> Adoption expectation This feature is considered a best practice for >>>>>> web apps that need support of Ed25519 signing and X25519 key sharing. >>>>>> Relying on external libraries (JS, WASM) is the alternative and implies >>>>>> security risks. >>>>>> >>>>>> Estimated milestones >>>>>> Shipping on desktop 137 >>>>>> Shipping on Android 137 >>>>>> Shipping on WebView 137 >>>>>> Shipping on iOS 137 >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> small-order checks - >>>>>> https://github.com/WICG/webcrypto-secure-curves/issues/27 >>>>>> >>>>>> randomized signatures - >>>>>> https://github.com/WICG/webcrypto-secure-curves/issues/28 >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> https://chromestatus.com/feature/4913922408710144?gate=5015367861141504 >>>>>> >>>>>> Links to previous Intent discussions Intent to Prototype: >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/faf4f153-1d4c-915d-53d0-0968833cfe55%40igalia.com >>>>>> >>>>>> >>>>>> This intent message was generated by Chrome Platform Status >>>>>> <https://chromestatus.com/>. >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+...@chromium.org. >>>>>> To view this discussion visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dc12dc7c-1d3d-4b94-9507-2b7226b85622%40igalia.com >>>>>> >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dc12dc7c-1d3d-4b94-9507-2b7226b85622%40igalia.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+...@chromium.org. >>>>>> To view this discussion visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2e25048-e41b-47dd-b442-c0c403bb4d1c%40gmail.com >>>>>> >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2e25048-e41b-47dd-b442-c0c403bb4d1c%40gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+...@chromium.org. >>>>> >>>> To view this discussion visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSL4%2BSfY2%2BwYKK_MFrK3GXTMeeq0xrOD3pxdsN5P1Oa_Aw%40mail.gmail.com >>>>> >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSL4%2BSfY2%2BwYKK_MFrK3GXTMeeq0xrOD3pxdsN5P1Oa_Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bba3ebd5-5391-4113-a0e2-c3e18c560f60n%40chromium.org.
