Ariel Wengroff

🔔Post-Quantum Signatures: NIST's Second Wave In August 2024, NIST finalized its first PQC standards: ML-KEM (key exchange), ML-DSA, and SLH-DSA (signatures). A third signature, Falcon (FN-DSA, FIPS 206), is still in draft. Last week, NIST announced the nine candidates advancing to Round 3 of a parallel competition aimed at additional signature schemes, explicitly chosen to fill the gaps left by the first wave. Each of the standardized signatures comes with sharp trade-offs. None of them is naturally suited to threshold signing, and all have signatures that are large compared to ECDSA's 64 bytes. ➡️ SLH-DSA (SPHINCS+, hash-based) The most conservative choice: its security rests only on the collision resistance of a hash function. The price is enormous signatures (7–50 KB !!!). It is the safest pick for very long-lived signatures (firmware, archival, some blockchains such as QRL). ➡️ML-DSA (Dilithium, lattice-based). Compact and fast, while elegant, is younger than hash-based assumptions. It is becoming the default for TLS, PKI, and most non-blockchain ecosystems (~2.4 KB signatures). ➡️Falcon (FN-DSA, lattice-based). The smallest of the three (~666 B at NIST-I), which is why Algorand and Solana selected it. Its drawback: signing relies on floating-point arithmetic, making error-prone and side-channel-resistant/ constant-time implementations notoriously hard. Its FIPS 206 standard is still in draft. 🔍Most blockchains are leaning towards customized shorter versions of SLH-DSA. NIST is organizing a second wave of standardization. The goal is twofold: shrink signature sizes and diversify the underlying mathematics so a single cryptanalysis breakthrough cannot break everything. The nine Round 3 finalists span five families: 🔸 Isogeny: SQIsign 🔸 Lattice: HAWK 🔸 MPC-in-the-Head: MQOM, SDitH 🔸 Multivariate: MAYO, QR-UOV, SNOVA, UOV 🔸 Symmetric-based: FAEST Notably, no code-based scheme survived. Both Round 2 candidates were eliminated: LESS and CROSS were dropped because of 2 attacks 👉 Two candidates worth watching ⏩ SQIsign produces the smallest known post-quantum signatures by a wide margin: from 148B to 292B (depending on the level of security), with sub-130-byte public keys. That is the only PQC signature scheme today that even approaches the bandwidth profile of ECDSA, extremely attractive for blockchains, certificates, and firmware. The catch: isogeny-based cryptography is still young, signing is mathematically intricate, and side-channel hardening is an active research area. ⏩HAWK is essentially "Falcon without the floating-point." It is a lattice hash-and-sign scheme producing 555 B signatures at NIST-I (smaller than Falcon's 666 B) and can be implemented purely with integer arithmetic, a major engineering win. NIST has said the Round 3 review will last roughly two years and that any multivariate winners are unlikely to be standardized without yet another round. Realistically, the earliest a new signature standard will land alongside ML-DSA and SLH-DSA is 2028. The urgency to migrate has grown sharply, yet the current standards still have significant drawbacks, and this last-minute selection round, while necessary, collides head-on with the migration timeline.

🚨 A new NPM supply chain attack is currently underway, specifically targeting the AI ecosystem, including packages related to Mistral AI, OpenSearch, Guardrails AI, and others. It hooks into Claude and VS Code environments to steal user credentials, including GitHub tokens. What makes this attack especially sneaky is its persistence mechanism. It deploys scripts that monitor whether the compromised GitHub token gets revoked. The moment revocation is detected, the malware retaliates by wiping the user’s home directory. This punitive behavior both disrupts remediation efforts and buys attackers more time to deepen the compromise. We are entering a new era where attackers are becoming dramatically more capable, and defending against them is growing more difficult every day.