ContextQMD
Back to Ruview

Tick 30 — 2026-05-22 10:01 UTC

docs/research/sota-2026-05-22/ticks/tick-30.md

1.99.0-pip3.4 KB
Original Source

Tick 30 — 2026-05-22 10:01 UTC

Thread: ADR-109 (Dilithium PQC signatures for cog distribution) Verdict: Sister-ADR to ADR-108. Closes the provenance side of post-quantum migration. Combined chain (ADR-100 + ADR-105–109) now fully quantum-resistant for both confidentiality and integrity by Phase 2 (2027-2028).

What shipped

  • docs/adr/ADR-109-dilithium-pqc-signatures.md — full ADR draft.

Headline

Replaces Ed25519 in ADR-100 cog signing with Dilithium-3 (NIST FIPS 204, ~AES-192 equivalent, CNSA 2.0 default).

Migration timeline (matches ADR-108):

PhaseTimelineCog signing
Phase 0NOW (2026)Ed25519 only (ADR-100 baseline)
Phase 12026-Q4 → 2027Dual-sig (Ed25519 + Dilithium-3), accepts either
Phase 22027-Q2 → 2028BOTH required — defence in depth
Phase 32030+Pure Dilithium-3

Why now (backdating argument)

An adversary who can break Ed25519 in 2035 (with quantum computers) can backdate signatures on cog binaries to install malicious code retroactively. The provenance chain breaks even for binaries deployed today. Hybrid mode prevents this: forging a 2026 cog signature still requires breaking BOTH Ed25519 AND Dilithium-3.

Bandwidth + LOC

Manifest size: 64 B (Ed25519) + 3,293 B (Dilithium-3) = ~4 kB per cog. Catalogue overhead ~200 kB across 50 cogs. Negligible.

LOC: +270 on top of ADR-100. Combined chain budget: ~1,820 LOC.

ADR chain after this tick (8 ADRs)

#ADRCloses
1ADR-100cog packaging
2ADR-103cog-person-count
3ADR-104MCP + CLI
4ADR-105within-install federation
5ADR-106DP-SGD + primitive isolation
6ADR-107cross-install + SA
7ADR-108PQC key exchange (Kyber)
8ADR-109PQC signatures (Dilithium)

Cryptographic chain complete for both confidentiality (ADR-108) and integrity (ADR-109) at quantum-resistant tier.

Future ADRs catalogued

  • ADR-110: PQC hardware acceleration on Cognitum-v0
  • ADR-111: Owner key rotation policy
  • ADR-112: Cross-signing with external CA
  • ADR-113: Multistatic placement strategy (formalises R6 family findings, would amend ADR-029)

Composes with prior threads

  • R14 / R15 privacy + biometric framework requires provenance integrity
  • R12 PABS / R12.1 security feature: intruder-detection cog must itself be signed
  • R10 / R11 long-deployment cogs most affected by backdating attacks
  • R7 mincut adversarial assumes the model itself is trustworthy

Honest scope

  • Dilithium ~5 years old; hybrid mitigates uncertainty
  • ESP32-S3 verification latency ~5-10 ms estimated; needs benchmarking
  • pqcrypto-dilithium Rust crate dependency
  • Owner key management is highest-risk operational change (compromise unrecoverable)
  • Phase 3 Ed25519 retirement needs future decision

Coordination

ticks/tick-30.md. No PROGRESS.md edit. Branch research/sota-adr109-dilithium-signatures.

Loop's cryptographic + privacy story complete

5 ADRs (105-109) define the full federated learning + privacy + quantum-resistance chain:

  • ADR-105: within-installation federation
  • ADR-106: differential privacy + biometric isolation
  • ADR-107: cross-installation + secure aggregation
  • ADR-108: PQC key exchange (Kyber-768)
  • ADR-109: PQC signatures (Dilithium-3)

Combined ~1,820 LOC, ~7-week engineering. This is what shipping privacy-preserving + quantum-resistant federated RuView costs.

~1.9h to cron stop.