Beam Me Up, Scotty … And Some Dilithium Crystals

Our world of digital trust is full of two methods: ECDSA and EdDSA (Ed25519 and Ed448)). Bitcoin and Ethereum use ECDSA, while IOTA and…

Beam Me Up, Scotty … And Some Dilithium Crystals

Our world of digital trust is full of two methods: ECDSA and EdDSA (Ed25519 and Ed448)). Bitcoin and Ethereum use ECDSA, while IOTA and many other methods use Ed25519. Basically, Ed25519 (based on Curve 25519) has some special features that allow for signature and key aggregation, while ECDSA allows for a public key to be extracted from the signature. Both of these methods use ECC methods and have relatively small key sizes and small signatures. For example, Ed25519 has a 32-byte private key, a 32-byte public key, and a 64-byte digital signature. A comparison of the key sizes is:

But, we have a problem, ECC and RSA methods as they will be cracked by quantum computers. The main methods that will replace these are lattice, multivariate (Oil-and-Vinegar) and hash-based. These include:

One of the leaders is Crystals Dilithium, so let’s create a program that creates a Dilithium digital signature.

EdDSA (Ed25519 and Ed448)

First, we will create an EdDSA program using the Cloudflare CIRCL library:

https://asecuritysite.com/circl/circl_sign

A sample run is:

CIRCL Signatures

Signature method: Ed25519 
Message: Hello

Private key: 8191efde76d8604543a562274e03f074b79614e461c712a7e1657a311e558556 [showing first 32 bytes]
 - Private key length: 32
Public key: 713a1c48c7d1258f4a1d207ceb9156dafc091ec219e045cef2367dfe8d2fe879 [showing first 32 bytes]
 - Public key length: 32
Signature: 6e2935f75bc58b6533bce50e134bf5b82b31f404c603eea048d2b1e0fa4ce760 [showing first 32 bytes]
 - Signature length: 64 
Signature has been verified!

and for Ed448:

CIRCL Signatures

Signature method: Ed448 
Message: Hello

Private key: fbd94b1c934916d6f5abe8bb0c39dd2ae04e03b51dc9fdc778115b4dc99bfa52 [showing first 32 bytes]
 - Private key length: 57
Public key: a4a86ac210923cf26c3088384265f498159f8a146d2ccfab371a30fa2a5d4cab [showing first 32 bytes]
 - Public key length: 57
Signature: 1b7e6f153b3668875a907a3c263f7677911c19e9331155267af69e2f3b6872bd [showing first 32 bytes]
 - Signature length: 114 
Signature has been verified!

Dilithium

CRYSTALS Dilithium uses lattice-based Fiat-Shamir schemes and produces one of the smallest signatures of all the post-quantum methods. It also has relatively small public and private key sizes — compared with other post-quantum cryptography (PQC) methods. The following is an outline of the code [here]:

package main

import (
	"fmt"
	"os"

	"github.com/cloudflare/circl/sign/dilithium"
)

func main() {
	modename := "Dilithium2" // Dilithium2-AES Dilithium3 Dilithium3-AES Dilithium5 Dilithium5-AES

	m := "Hello"

	argCount := len(os.Args[1:])

	if argCount > 0 {
		modename = os.Args[1]
	}

	if argCount > 1 {
		m = os.Args[2]
	}

	mode := dilithium.ModeByName(modename)

	pk, sk, _ := mode.GenerateKey(nil)

	msg := []byte(m)
	signature := mode.Sign(sk, msg)

	fmt.Printf("PQC Signatures (Dilithium)\n\n")
	fmt.Printf("Signature method: %s \n", modename)
	fmt.Printf("Message: %s \n\n", msg)
	fmt.Printf("Private key: %x [showing first 32 bytes]\n", sk.Bytes()[:32])
	fmt.Printf(" - Private key length: %d\n", len(sk.Bytes()))
	fmt.Printf("Public key: %x [showing first 32 bytes]\n", pk.Bytes()[:32])
	fmt.Printf(" - Public key length: %d\n", len(pk.Bytes()))
	fmt.Printf("Signature: %x [showing first 32 bytes]\n", signature[:32])

	fmt.Printf(" - Signature length: %d \n", len(signature))

	if !mode.Verify(pk, msg, signature) {
		panic("Signature has NOT been verified!")
	} else {
		fmt.Printf("Signature has been verified!")
	}

A sample run for Dilithium2 (128-bit security) is [here]:

PQC Signatures (Dilithium)

Signature method: Dilithium2 
Message: Hello 123

Private key: 549bc5de383e2bcea06040e756eed87cc1da256393147923e6e7d1ee8cd65f91 [showing first 32 bytes]
 - Private key length: 2528
Public key: 549bc5de383e2bcea06040e756eed87cc1da256393147923e6e7d1ee8cd65f91 [showing first 32 bytes]
 - Public key length: 1312
Signature: 50c09cbc455142b74b68638b8cb122c052980a46f84d6a297699826a69763d43 [showing first 32 bytes]
 - Signature length: 2420 
Signature has been verified!

A sample run for Dilithium3 (192-bit security) is [here]:

PQC Signatures (Dilithium)

Signature method: Dilithium3 
Message: Hello 123

Private key: c2c6996af52555a146ac1af0e53b1982ff316c554168adc338ede196d3c7ca83 [showing first 32 bytes]
 - Private key length: 4000
Public key: c2c6996af52555a146ac1af0e53b1982ff316c554168adc338ede196d3c7ca83 [showing first 32 bytes]
 - Public key length: 1952
Signature: 29db7e15347a44e4450ca93486859b261ff5828a52935658d7ea54d04e4cc986 [showing first 32 bytes]
 - Signature length: 3293 
Signature has been verified!

A sample run for Dilithium5 (256-bit security) [here]:

PQC Signatures (Dilithium)

Signature method: Dilithium5 
Message: Hello 123

Private key: d0a48552b7f55c0fcfe2167eda452a92c5d7604335b7014b755e19b7847170fe [showing first 32 bytes]
 - Private key length: 4864
Public key: d0a48552b7f55c0fcfe2167eda452a92c5d7604335b7014b755e19b7847170fe [showing first 32 bytes]
 - Public key length: 2592
Signature: 598fed188412b987cca20ca588cb1ecb8bc1ff212d13a70c8a6229a2f47b0fdb [showing first 32 bytes]
 - Signature length: 4595 
Signature has been verified!

Conclusions

If your company uses EdDSA or ECDSA, you should consider migrating in the future towards a quantum robust method. Dilithium has a strong chance of winning the NIST competition for PCQ, and so we may see if become a standard for digital signatures in the future.

If you are interested in the CIRCL library, try here:

https://asecuritysite.com/circl/

and for PQC:

https://asecuritysite.com/pqc/