wifi-densepose/docs/research/sota-2026-05-22
rUv 27d911ca6d
adr-109: Dilithium PQC signatures — provenance side of post-quantum migration (#733)
Sister-ADR to ADR-108. Where ADR-108 closes the confidentiality side
(Kyber key exchange), ADR-109 closes the integrity side (Dilithium
signatures) of the post-quantum migration.

Replaces Ed25519 in ADR-100 cog signing with Dilithium-3 (NIST FIPS 204,
~AES-192 equivalent, CNSA 2.0 default).

Migration timeline (matches ADR-108):
- Phase 0 (NOW 2026):  Ed25519 only
- Phase 1 (Q4 2026):   Dual-sig (Ed25519 + Dilithium-3), accepts either
- Phase 2 (Q2 2027):   BOTH required (defence in depth)
- Phase 3 (2030+):     Pure Dilithium-3

Why now (backdating argument): An adversary who can break Ed25519 in
2035 with quantum computers can backdate signatures on cog binaries to
install malicious code retroactively. The provenance chain breaks even
for binaries deployed today. Hybrid mode prevents this: forging a 2026
cog signature still requires breaking BOTH Ed25519 AND Dilithium-3.

Manifest size: 64 B (Ed25519) + 3293 B (Dilithium-3) = ~4 kB per cog.
50-cog catalogue overhead ~200 kB. Negligible.

LOC: +270 on top of ADR-100.
Combined chain budget (ADR-105+106+107+108+109): ~1,820 LOC, ~7 weeks.

ADR CHAIN (8 ADRs) complete for both confidentiality and integrity at
quantum-resistant tier:
- ADR-100: cog packaging
- ADR-103: cog-person-count
- ADR-104: MCP + CLI
- ADR-105: within-installation federation
- ADR-106: DP-SGD + primitive isolation
- ADR-107: cross-installation + secure aggregation
- ADR-108: PQC key exchange (Kyber-768)
- ADR-109: PQC signatures (Dilithium-3)  <-- THIS

Future ADRs catalogued:
- ADR-110: PQC hardware acceleration on Cognitum-v0
- ADR-111: Owner key rotation policy
- ADR-112: Cross-signing with external CA
- ADR-113: Multistatic placement strategy (R6 family findings -> ADR-029 amendment)

Composes:
- R14/R15 privacy + biometric requires provenance integrity
- R12 PABS / R12.1: intruder-detection cog must itself be signed
- R10/R11 long-deployment cogs most affected by backdating
- R7 mincut adversarial assumes the model is trustworthy

Honest scope:
- Dilithium ~5 years old; hybrid mitigates uncertainty
- ESP32-S3 verification ~5-10 ms estimated; needs benchmarking
- pqcrypto-dilithium Rust crate dependency
- Owner key management = highest-risk operational change
- Phase 3 Ed25519 retirement needs future decision

Coordination: ticks/tick-30.md, no PROGRESS.md edit.
2026-05-22 06:06:05 -04:00
..
ticks adr-109: Dilithium PQC signatures — provenance side of post-quantum migration (#733) 2026-05-22 06:06:05 -04:00
HORIZON.md docs(horizon): M3-M7 complete — close 12h autonomous SOTA run 2026-05-22 00:06:40 -04:00
PROGRESS.md feat(tools/ruview-mcp): M2 — wire real inference via cog health (#706) 2026-05-21 23:43:32 -04:00
R1-toa-crlb.md research(R1): ToA CRLB — precision floor for WiFi multistatic localisation (#711) 2026-05-22 01:38:35 -04:00
R3-crossroom-reid.md research(R3): cross-room re-ID — MERIDIAN closes the env-shift gap + 4 privacy constraints (#715) 2026-05-22 02:13:10 -04:00
R3_1-physics-informed-env-prediction.md research(R3.1): physics-informed env prediction at raw-CSI level — NEGATIVE (architecture-error) (#723) 2026-05-22 04:04:38 -04:00
R3_2-embedding-level-physics-env.md research(R3.2): embedding-level physics-informed env — structural validation + AETHER dependency (#729) 2026-05-22 05:24:53 -04:00
R5-subcarrier-saliency.md research(sota): kick off SOTA research loop + first R5 saliency measurement (#702) 2026-05-21 23:05:55 -04:00
R6-fresnel-forward-model.md research(R6): Fresnel-zone forward model — bedrock physics for CSI sensitivity (#710) 2026-05-22 01:31:09 -04:00
R6_1-multiscatterer-forward-model.md research(R6.1): multi-scatterer Fresnel — discovers 4.7 dB penalty matching R13's 5-dB shortfall (#721) 2026-05-22 03:36:42 -04:00
R6_2-fresnel-antenna-placement.md research(R6.2): Fresnel-aware antenna placement — 93x sensing-coverage lift from physics alone (#719) 2026-05-22 03:04:17 -04:00
R6_2_1-3d-placement.md research(R6.2.1): 3D antenna placement — ceiling-only gives 0% coverage; mixed-height wins (#724) 2026-05-22 04:17:47 -04:00
R6_2_2-multistatic-placement.md research(R6.2.2): N-anchor multistatic placement saturation — practical knee at N=5 (#720) 2026-05-22 03:17:14 -04:00
R6_2_2_1-3d-multistatic.md research(R6.2.2.1): 3D N-anchor multistatic — 2D knee disappears; revises R6.2.2 down (#727) 2026-05-22 04:58:10 -04:00
R6_2_3-chest-centric-placement.md research(R6.2.3): chest-centric placement — +26.9 pp coverage gain for vital-signs cogs (#726) 2026-05-22 04:43:34 -04:00
R6_2_4-3d-chest-multistatic.md research(R6.2.4): 3D chest-centric N-anchor — validates R6.2.2.1 prediction with refinement (#728) 2026-05-22 05:12:48 -04:00
R6_2_5-multi-subject-union.md research(R6.2.5): multi-subject occupancy union — N=5 hits 100% for 4 occupants; R6 family complete (#730) 2026-05-22 05:37:29 -04:00
R7-multilink-consistency.md research(R7): Stoer-Wagner mincut detects adversarial CSI nodes 3/3 in synthetic (#704) 2026-05-21 23:28:46 -04:00
R8-rssi-only-count.md research(R8): RSSI-only person count retains 95% of full-CSI accuracy (#703) 2026-05-21 23:18:09 -04:00
R9-rssi-fingerprint-knn.md feat(tools/ruview-mcp): M2 — wire real inference via cog health (#706) 2026-05-21 23:43:32 -04:00
R10-through-foliage-wildlife.md research(R10): through-foliage wildlife sensing — physics feasibility + per-species gait taxonomy 2026-05-22 00:59:11 -04:00
R11-maritime-sensing.md research(R11): maritime sensing — through-bulkhead impossible, through-seam works (#712) 2026-05-22 01:53:51 -04:00
R12-pabs-implementation.md research(R12 PABS): NEGATIVE -> POSITIVE — 1161x detection lift via R6.1 forward model (#722) 2026-05-22 03:49:41 -04:00
R12-rf-weather-mapping.md research(R12): RF weather mapping eigenshift — negative-ish, with clearly-actionable revision path (#707) 2026-05-21 23:52:49 -04:00
R12_1-pose-pabs-closed-loop.md research(R12.1): pose-PABS closed loop — 9.36x intruder lift; R12 arc fully closed (#732) 2026-05-22 05:56:57 -04:00
R13-contactless-bp-negative.md research(R13): NEGATIVE — contactless BP from CSI is physically inferior to a cuff (#713) 2026-05-22 02:00:35 -04:00
R14-empathic-appliances.md research(R14): empathic appliances — vision + ethical framework + infrastructure gap inventory (#709) 2026-05-22 01:18:01 -04:00
R15-rf-biometric-primitives.md research(R15): RF biometric primitives — 5 environment-invariant features with quantified discriminability (#717) 2026-05-22 02:38:10 -04:00