CKB's security discussion aimed for layman

I came across this RSA security blog, “Quantum Computation: New Challenge to CKB’s Security?” and found that the concept was not clearly depicted and thus it is near impossible to understand by layman. Consequently, I initiated this topic with an aim to bring in developers to dissect the content of the article into simple components that is easy for readers to digest.

I would like to begin the discussion from why CKB opted for SPHINCS+. Though the rationale have been provided, I do not gain any values from it as there are too many jargon.

Quoting the rationale below:

Security:
SPHINCS+ is a signature scheme based on hash functions and hash chains, designed to withstand attacks from quantum computing. Its utilization of the structure of hash functions makes it challenging for attackers to expedite the cracking of signatures through quantum algorithms.

Simplicity and Efficiency:
In comparison to some complex PQC solutions, SPHINCS+ boasts a relatively straightforward algorithm, ensuring efficient implementation. This simplicity is particularly crucial for on-chain scripts running on the CKB-VM. (This is just speculation based on some information, Its feasibility will be confirmed through subsequent validation processes).

Compact Key/Signature Size:
On-chain scripts impose restrictions on the size of signatures, and smaller key/signature sizes are advantageous for transmission and storage.

Clarity request 1
First of all, RSA was not explained when it was first introduced in the article. I think it’s “RSA-2048”, where RSA is abbreviated from “Rivest-Shamir-Adleman”. It is an asymmetric encryption algorithm that is widely used in many products and services. Asymmetric encryption uses a key pair that is mathematically linked to encrypt and decrypt data. A private and public key are created, with the public key being accessible to anyone and the private key being a secret known only by the key pair creator. With RSA, either the private or public key can encrypt the data, while the other key decrypts it. This is one of the reasons RSA is the most used asymmetric encryption algorithm (RSA).

image812×381 15.3 KB

Now having a bit of understanding what RSA is, it will be helpful if there is

1. a conceptual diagram to demonstrate the issue with RSA and how SPHINCS+ Quantum Resistant Lock helps to resolve this issue.
2. a comparison among other cryptography methods, and why they are not inferior to SPHINCS + Quantum Resistant Lock.

Anyone who is interested in this topic may contribute to this post.

Why this work is important?
I can imagine when a Chairman, CEO, Director or General Manager who do not understand RSA or cryptography is able to gain great insights here and is thus able to request justification from his employee(s) or partners on cryptographic related topics. This work is aimed to provide a well-informed background for better decision making.

an important pre-text, quantum computers will theoretically be able to break the math securing RSA, so therefore new cryptography is necessary.

SPHINCS is one example of a post-quantum cryptography scheme. As far as choosing it goes, the blog article and implementation were done as a demonstration on CKB, there is not a “roadmap” kind of decision at work here.

There are other options for post-quantum cryptography, and as always on CKB, users can choose to secure their assets using whatever cryptographic methods and other conditions they feel is most appropriate (with the valuable help of esteemed developers of course)

Thanks for sharing this insight. It would be helpful if CKB team can start sharing which cryptography they opt for.

the standard lock script is secp256k1 hashed with blake2b160

there are many other lock scripts deployed. Check out omnilock and ckb auth

Maybe more ELI5 TL;DR footnotes. But I think a CEO would be able to do their due diligent research to understand it if they wanted to.