berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/docs/adr/ADR-109-dilithium-pqc-signa...

11 KiB
Raw Blame History

ADR-109: Dilithium post-quantum digital signatures for cog distribution

Status: Proposed · Date: 2026-05-22 · Author: SOTA research loop tick-30 · Extends: ADR-100 (cog packaging Ed25519 signing) · Sister-of: ADR-108 (Kyber post-quantum key exchange)

Context

ADR-100 specified Ed25519 signatures for cog packaging (binaries on GCS at gs://cognitum-apps/cogs/{arm,x86_64}/, signed with COGNITUM_OWNER_SIGNING_KEY). ADR-108 closed the key exchange side of post-quantum migration with Kyber-768. This ADR closes the digital signature side with Dilithium-3.

The two pieces are independent — DH/Kyber protects confidentiality (federation updates), Ed25519/Dilithium protects integrity (signed cog binaries, ADR-100 distribution). Both need PQC migration on similar timelines to keep the privacy + provenance chain quantum-resistant.

ADR-108 cited:

ADR-109: PQC signatures (Dilithium for cog signing, replacing Ed25519 in ADR-100).

This is that work.

Decision

Adopt Dilithium-3 as the post-quantum signature scheme replacing Ed25519 in ADR-100's cog signing pipeline. Use the same migration pattern as ADR-108: hybrid mode (Ed25519 + Dilithium-3) during the transition window (2026-2030); pure Dilithium-3 afterwards.

Why Dilithium-3

NIST standardised three Dilithium security levels in FIPS 204 (2024):

Variant NIST level Public key Signature Security
Dilithium-2 Level 2 1,312 B 2,420 B ~AES-128
Dilithium-3 Level 3 1,952 B 3,293 B ~AES-192
Dilithium-5 Level 5 2,592 B 4,595 B ~AES-256

Dilithium-3 at NIST Level 3 matches AES-192 equivalent security, mirroring our Kyber-768 choice from ADR-108. This is the NIST CNSA 2.0 recommended default for general signing.

Hybrid mode (transition window)

Sign both with Ed25519 AND Dilithium-3 during the migration. Manifest format:

{
  "cog_name": "cog-person-count",
  "version": "0.0.2",
  "sha256": "...",
  "signatures": {
    "ed25519": "...",  // ADR-100 classical
    "dilithium3": "..." // ADR-109 PQC
  },
  "sig_policy": "BOTH_REQUIRED_PHASE_2"
}

Verification policy by phase:

Phase Verification
Phase 0 (NOW 2026) Ed25519 only (ADR-100 baseline)
Phase 1 (2026-Q4 → 2027) Ed25519 required + Dilithium-3 emitted (best-effort verify)
Phase 2 (2027-Q2 → 2028) BOTH required — defence in depth
Phase 3 (2030+) Dilithium-3 required, Ed25519 deprecated/removed

Migration timeline (matches ADR-108)

Phase Timeline What ships
Phase 0 2026 ADR-100 ships with Ed25519 only
Phase 1 2026-Q4 → 2027 Cog signer produces both signatures; verifier accepts either
Phase 2 2027-Q2 → 2028 Both signatures required; downgrade to single signature rejected
Phase 3 2030+ Pure Dilithium-3, Ed25519 removed

Implementation cost

Component LOC Notes
Dilithium-3 signer (over pqcrypto-dilithium Rust crate) 90 Pure Rust, no unsafe
Manifest schema extension (multi-sig field + policy) 60 Backward-compatible JSON additive
Verifier with phase-aware policy enforcement 80 Tied to manifest sig_policy
GCS bucket policy update (allow new key types) Operational, not code
cogd daemon: re-sign existing cogs in dual-sig 40 One-time backfill script
End-to-end test (install signed cog on Pi cluster) Real-installation test

Total ~270 LOC additional. Combined federation + signing budget across ADR-100 + ADR-105 + ADR-106 + ADR-107 + ADR-108 + ADR-109: ~1,820 LOC.

Alternatives considered

A. SPHINCS+ (hash-based signatures)

Status: deferred to ADR-110 if needed. SPHINCS+ is conservatively-secure (worst-case based on hash function security only) but has much larger signatures (~17-50 kB) and slower signing. For cog distribution where keys rarely change, Dilithium-3's 3.3 kB signatures are the better trade-off. SPHINCS+ might be a fallback if Dilithium suffers a cryptanalytic break.

B. Falcon (lattice signatures with smaller footprint)

Status: considered. Falcon-512 has smaller signatures (666 B) than Dilithium-3 (3,293 B) but slower signing and more complex implementation (floating-point Gaussian sampling). Dilithium-3 is the safer choice given the Rust crate maturity (pqcrypto-dilithium vs pqcrypto-falcon).

C. Pure Dilithium-3 (no hybrid)

Status: rejected for Phase 1-2. Same belt-and-braces reasoning as ADR-108: Dilithium is ~5 years old; hybrid hedges against breaks.

D. Defer until quantum threat materialises

Status: rejected. Same record-now-decrypt-later argument as ADR-108, applied to signatures: an adversary who can break Ed25519 in 2035 can backdate signatures on cog binaries to install malicious code retroactively. Provenance chain breaks.

Threat model

Threat Mitigation
Shor's algorithm breaks Ed25519 Dilithium-3 signature
Future quantum break on Dilithium-3 (unlikely) Hybrid mode — Ed25519 still classical-secure
Implementation bug in Dilithium library Hybrid mode — Ed25519 backup
Implementation bug in Ed25519 library Hybrid mode — Dilithium backup
Backdated signature attack (quantum-era forgery on old binaries) Hybrid mode is essential — Ed25519 forgery is hard even for quantum (no key compromise), so quantum + Ed25519 = still requires breaking Dilithium
Compromised owner key (operational) Out of scope — key management ADR (future)
Downgrade attack (force single-sig acceptance post-Phase-2) Manifest sig_policy field enforces required signatures

Consequences

Positive

  1. Provenance chain stays intact through quantum transition. Without ADR-109, the integrity of installed cog binaries silently expires when quantum computers arrive.
  2. Backdating attack defeated. An adversary in 2035 cannot forge a Dilithium-3 signature on a 2026 cog binary even with quantum hardware.
  3. CNSA 2.0 compliant by Phase 2.
  4. Hybrid mode is belt-and-braces — protects against breaks in either primitive.
  5. No protocol change — multi-signature manifest is a standard JSON additive pattern.

Negative

  1. Adds ~270 LOC to ADR-100's signing implementation.
  2. Manifest size grows: Ed25519 (64 B sig) + Dilithium-3 (3,293 B sig) = ~3.4 kB total. Per-cog manifest overhead is now ~4 kB. Across 50 cogs in the catalogue, ~200 kB extra. Negligible.
  3. Signer needs both keys: classical + PQC keypairs. Adds key-management complexity.
  4. Dilithium-3 verifier latency: ~0.5-1 ms vs Ed25519's ~30 µs. On ESP32-S3 with no hardware acceleration, ~5-10 ms per verification. For occasional cog-install events, fine.
  5. Pure Dilithium retirement of Ed25519 needs future decision (Phase 3, post-2030).

What this ADR DOES NOT cover

  1. PQC for HTTPS / TLS to the cog distribution servers — Cloudflare / GCS run their own PQC migration on their schedule.
  2. Owner key rotation policy — separate future ADR.
  3. Hardware acceleration for Dilithium verification on ESP32-S3 — if 5-10 ms latency becomes binding, offload to cognitum-v0 fleet manager.
  4. Cross-signing with external CA — if RuView ever needs a third-party CA chain, that's a future ADR.

Bridge to existing ADRs

  • ADR-100 (cog packaging Ed25519 signing) — directly extended; Ed25519 stays in hybrid mode.
  • ADR-104 (ruview-mcp + ruview-cli)ruview_cog_install MCP tool gains signature-policy parameter.
  • ADR-105 / ADR-106 / ADR-107 / ADR-108 — federation operates on signed cog binaries; ADR-109 ensures the signing layer is quantum-resistant in lockstep with ADR-108's key exchange.

Connection to research-loop threads

  • R14 / R15 — privacy + biometric framework requires provenance integrity; ADR-109 ensures cog updates are tamper-proof against quantum adversaries.
  • R12 PABS / R12.1 (security feature) — intruder-detection cog must itself be signed; the cog can't trust its own model weights if the signing chain is broken.
  • R10 / R11 (long-deployment wildlife / maritime) — most affected by backdating attacks because installed cogs sit on edge nodes for years.
  • R7 (mincut adversarial) — adversarial detection assumes the model itself is trustworthy. ADR-109 protects that assumption.

Honest scope

  • Dilithium is ~5 years old but has had substantial NIST scrutiny. Hybrid mitigates uncertainty.
  • 5-10 ms verification on ESP32-S3 is estimated, not measured. Needs benchmarking on the COM5 device.
  • Migration depends on pqcrypto-dilithium Rust crate maturity — alternatives include liboqs C-binding.
  • Owner key management (storing the Dilithium signing key in gcloud secrets) is the highest-risk operational change. Compromise of the signing key is unrecoverable; no quantum-resistance argument can fix that.
  • Phase 3 retirement of Ed25519 needs a future decision once CNSA 2.0 fully retires classical signatures.

What this ADR closes

The provenance side of the post-quantum migration. Combined with ADR-108 (key exchange), RuView's full cryptographic chain is quantum-resistant by Phase 2 (2027-2028).

ADR chain after this tick:

# ADR What it closes
1 ADR-100 cog packaging
2 ADR-103 cog-person-count
3 ADR-104 MCP + CLI
4 ADR-105 within-installation federation
5 ADR-106 DP-SGD + primitive isolation
6 ADR-107 cross-installation + SA
7 ADR-108 PQC key exchange (Kyber)
8 ADR-109 (this) PQC signatures (Dilithium)

The cryptographic chain is now complete for both confidentiality (ADR-108) and integrity (ADR-109) at the quantum-resistant tier.

Future ADRs (catalogued)

  • ADR-110: PQC hardware acceleration on Cognitum-v0 (if ESP32-S3 Dilithium verification latency becomes binding).
  • ADR-111: Owner key rotation policy (operational, key compromise recovery).
  • ADR-112: Cross-signing with external CA (if third-party trust needed).
  • ADR-113: Multistatic placement strategy (formalises the R6 family findings into an architectural specification — would amend ADR-029).

Implementation plan

Phase What ships LOC
Phase 1 (2026-Q4) Dilithium-3 signer + dual-sig manifest, verifier accepts either ~170
Phase 2 (2027-Q2) Both signatures required; downgrade rejected ~70
Phase 3 (2030+) Pure Dilithium-3, Ed25519 removed -30 (removal)

Phase 1 ships ~1 quarter after ADR-108 lands.

Decision-making record

  • 2026-05-22 09:56 UTC — drafted by SOTA research loop tick-30, sister-ADR to ADR-108. Status: Proposed.
  • Pending: security-architect (Dilithium implementation review), production-validator (pqcrypto-dilithium Rust crate stability + ESP32-S3 verification benchmark).

Closing observation

ADR-109 closes the last predictable cryptographic gap in the RuView privacy + provenance chain. The remaining unspecified items (owner key management, cross-signing, hardware acceleration) are operational or contingent on specific future requirements; the architectural foundation is now complete.

Combined federation + signing implementation budget: ~1,820 LOC, ~7-week effort across the full chain (ADR-105 → ADR-109). This is the engineering cost of shipping privacy-preserving + quantum-resistant federated RuView.