← Back to context

Comment by utopiah

12 hours ago

Discussed few weeks ago on https://community.letsencrypt.org/t/post-quantum-crypto-road... specifically "The path we're more interested in is Merkle Tree Certificates, currently in design at the PLANTS working group at IETF. Chrome has indicated that they anticipate this to be their preferred approach to PQC. We're following that very closely, and are likely to deploy MTCs if it looks like that design is going to be supported widely." according to Matthew McPherrin, Let's Encrypt staff

3 comments

utopiah

Reply
westurner  10 hours ago

There are also Merkle ladders.

What is the difference between a Merkle Tree Certificate and a Merkle Ladder?

Is this correct?:

Without Merkle Tree Certificates, the per keypress overhead for e.g. jupyter_server would be something like 3.3 KB due to the PQ signatures.

  • bwesterb  8 hours ago

    Merkle Tree Certificates basically uses the same structure as Certificate Transparency today. Merkle Ladder uses a weird variation claimed to be useful to DNSSEC. I think it's rather just to seem novel ( https://datatracker.ietf.org/ipr/search/?submit=draft&id=dra... )

    • westurner  1 hour ago

      I found buzzwords for this; Quantum-Resistant Decentralized PKI / DNS:

      Multilinear/Hash-based VCs and Sum-Check protocol for Stateless PKI (with Sparse Merkle Tree (SMT))

      PKI-over-Log with Hyper-Trees, Decentralized PKI (DPKI), XMSS^MT, M-FORS and F-SPHINCS+ (stateless),

      "Spartan: Efficient and General-purpose zkSNARKs without Trusted Setup" (2020) https://link.springer.com/chapter/10.1007/978-3-030-56877-1_... :

      - Spartan implements the Sum-Check protocol with Multilinear Polynomial Commitments, which is hash-based like XMSS and SPHINCS+ (unlike Verkle trees which are built on KZG which relies on the "Discrete Logarithm Problem" (which Shor’s broke)).