Skip to content
This repository was archived by the owner on Apr 8, 2025. It is now read-only.

govuk-one-login/post-quant-experiments

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
node_modules
node_modules
 
 
src
src
 
 
README.md
README.md
 
 
benchmark.log
benchmark.log
 
 
index.ts
index.ts
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

Sketches with Post Quantum Crypto

Get a table

run:

npm start

to get:

┌─────────┬─────────────┬─────────────────┬──────────────────────┐
│ (index) │ Algorithm   │ JWT byte length │ Type                 │
├─────────┼─────────────┼─────────────────┼──────────────────────┤
│ 0       │ 'HS256'     │ '172 Bytes'     │ 'Pre-Q | Symmetric'  │
│ 1       │ 'RS256'     │ '471 Bytes'     │ 'Pre-Q | Asymmetric' │
│ 2       │ 'RS512'     │ '812 Bytes'     │ 'Pre-Q | Asymmetric' │
│ 3       │ 'ES256'     │ '224 Bytes'     │ 'Pre-Q | Asymmetric' │
│ 4       │ 'EdDSA'     │ '215 Bytes'     │ 'Pre-Q | Asymmetric' │
│ 5       │ 'ML-DSA-44' │ '3362 Bytes'    │ 'PQS | Asymmetric'   │
│ 6       │ 'ML-DSA-65' │ '4547 Bytes'    │ 'PQS | Asymmetric'   │
│ 7       │ 'ML-DSA-87' │ '6305 Bytes'    │ 'PQS | Asymmetric'   │
└─────────┴─────────────┴─────────────────┴──────────────────────┘

What is this?

One of the Lead devs heard that some of the Post-Quantum safe candidates were:

  1. Slow
  2. Chunky

So this is a quick test to poke and prod some assumptions there and get a sense of what a PQS world might look like in JWTs, which are pretty widely used as trusted places to exchange data.

What did I find

We're looking to NIST via NCSC for candidates here. The conclusions I came to is, that future is lattice based. And that there are four main candidate algorithms.

Of these Kyber is for encryption, we're looking at signing and verification here. SPHINCS+ is really big, and cited by NIST as one to treat as a fallback.

There's also falcon, which hasn't yet been implimented in noble but seems to have a far far better sig size.

Here's an interesting chart from @nobel's repo

What should I use?

Speed Key size Sig size Created in Popularized in Post-quantum?
RSA Normal 256B - 2KB 256B - 2KB 1970s 1990s No
ECC Normal 32 - 256B 48 - 128B 1980s 2010s No
ML-KEM Fast 1.6 - 31KB 1KB 1990s 2020s Yes
ML-DSA Normal 1.3 - 2.5KB 2.5 - 4.5KB 1990s 2020s Yes
SLH-DSA Slow 32 - 128B 17 - 50KB 1970s 2020s Yes
FN-DSA Slow 0.9 - 1.8KB 0.6 - 1.2KB 1990s 2020s Yes

What's the back of the envalope conclusion

CRYSTALS-Dilithium / ML-DSA looks promising, but the signature is big. This is going to risk the 8k character limit norm on URLs, or the 4kb cookie limit.

We might be interested in a forward look in that area and ask if there are implications for the use of JWTs

About

A Lead Developers experiments into what post quantum sigs will do to JWT sizes

Resources

Readme

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages