SLH-DSA #3
Comments
|
Yes, we are interested in adding SLH-DSA; it's fairly trivial to do, we just need to write the spec text for it. |
|
@msporny working on it. |
|
@loganaden if you want to raise a PR on the spec to add it, just copy this entire section, rename the algorithm identifier: https://w3c-ccg.github.io/di-quantum-safe/#experimental-mldsa44-2024 and replace the MLDSA references with SLH-DSA references to start. We can go from there to fix issues/bugs. |
|
got it. working on it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi All,
I went through the draft. Are there any reasons to include only ML-DSA ?
Are you guys interested in supporting other options like SLH-DSA ?
I would like to quote this from trails of bits:
"
Previously known as SPHINCS+, SLH-DSA is a highly conservative quantum-resistant signature scheme. Unlike standards that rely on the hardness of lattice problems, such as ML-DSA (Dilithium), SLH-DSA depends on the security of SHA2 or SHA3, which have been extensively studied and are confidently considered secure against both classical and quantum attacks. While experts believe ML-DSA is secure, its resistance to quantum attackers is more difficult to analyze and could someday weaken with increasingly advanced attacks. In addition, unlike stateful hash-based schemes like LMS, SLH-DSA can safely function as a drop-in replacement for existing signature schemes such as ECDSA, EdDSA, and RSA-PSS.
"
I can send a PR for SLH-DSA assuming there is interest in having cryptographic agility ?
The text was updated successfully, but these errors were encountered: