BDFL of Quilibrium, Eng @ Farcaster, ex-Coinbase, always opinionated, never hydrated

/quilibrium

need an opinion from @cassie on this  https://security.apple.com/blog/imessage-pq3

𝚆𝙾𝚁𝙺𝙸𝙽𝙶 𝙾𝙽: @vision 👁️ ✦  ensdata.net ✦ pugson.net/rfe ✦ 𝙿𝚄𝙶.𝙴𝚃𝙷 ✦ 𝙿𝚁𝙴𝚅: @rainbow 🌈 

They did a lot of marketing gloss on this one. There's some pretty bold claims being made, and unfortunately the claims don't hold like they say they do.

High level (most important to least):
- Identity keys are still EC, the PQ related key is verified by an EC signature in the hierarchy. This makes PQ claims dead in the water
- Uses hybrid encryption (not unreasonable), P-256 for EC (unreasonable), Kyber-768 (might be reasonable, time will tell, but I don't trust NIST)

- No deniability. They claim to be better than Signal, and that this is irrelevant, but it is 100% a requirement to be at least on par.
- Post-compromise security is not immediate, in their own words its on the order of "50 messages" to "7 days" for rekeying to occur.

Agree, they misleadingly claim it’s post-quantum secure.

Doesn’t ecdsa provide deniability due to its shitty design?

Security, austrian school. Developing noble cryptography: audited js libraries for web3. https://paulmillr.com/noble