3.7 KiB
3.7 KiB
ML-DSA-65 Integration Plan for iOS
Current Status
- iOS app uses HKDF-based key generation (deterministic)
- Signature is HMAC-SHA256 stub (NOT quantum-safe)
- Server (Python) uses
dilithium_py.ml_dsa.ML_DSA_65
Target
- Full ML-DSA-65 (FIPS 204) on iOS
- Self-custody: private key never leaves device
- Quantum-resistant signatures
Key Sizes (FIPS 204)
| Parameter | Size |
|---|---|
| Private Key | 4,032 bytes |
| Public Key | 1,952 bytes |
| Signature | 3,309 bytes |
Integration Options
Option A: liboqs XCFramework (Recommended)
Effort: High | Security: Maximum
- Clone liboqs:
git clone https://github.com/open-quantum-safe/liboqs - Cross-compile for iOS:
mkdir build-ios && cd build-ios
cmake -G Xcode \
-DCMAKE_SYSTEM_NAME=iOS \
-DCMAKE_OSX_ARCHITECTURES=arm64 \
-DOQS_MINIMAL_BUILD="OQS_ENABLE_SIG_ml_dsa_65" \
-DBUILD_SHARED_LIBS=OFF \
..
cmake --build . --config Release
- Create XCFramework
- Add to Xcode project
- Swift bridging header
Option B: Reference Implementation Embed
Effort: Medium | Security: High
Include liboqs reference C code directly:
- Copy
src/sig/ml_dsa/from liboqs - Add to Xcode as C sources
- Create Swift wrapper
- No external dependencies
Option C: dilithium_py via Python Server (Temporary)
Effort: Low | Security: Compromised
- iOS sends PBKDF2 seed to server
- Server generates ML-DSA-65 keypair
- Server stores and signs on behalf
- ⚠️ NOT self-custody!
Recommended Path
Phase 1: Quick Win (Option C)
- Deploy NOW with server-side signing
- User experience works
- Mark as "BETA - Server-Assisted Signing"
Phase 2: Full Self-Custody (Option A/B)
- Compile liboqs for iOS
- Replace server-assisted with local signing
- True self-custody achieved
Swift Wrapper Design
// MARK: - ML-DSA-65 Protocol
protocol PostQuantumSigner {
static func generateKeyPair(seed: Data) -> (privateKey: Data, publicKey: Data)
static func sign(message: Data, privateKey: Data) -> Data
static func verify(signature: Data, message: Data, publicKey: Data) -> Bool
}
// MARK: - liboqs Implementation
final class MLDSA65: PostQuantumSigner {
static func generateKeyPair(seed: Data) -> (privateKey: Data, publicKey: Data) {
// Call to liboqs OQS_SIG_ml_dsa_65_keypair_from_seed()
}
static func sign(message: Data, privateKey: Data) -> Data {
// Call to OQS_SIG_ml_dsa_65_sign()
}
static func verify(signature: Data, message: Data, publicKey: Data) -> Bool {
// Call to OQS_SIG_ml_dsa_65_verify()
}
}
C Bridging Header
// JunonaAI-Bridging-Header.h
#include <oqs/oqs.h>
// Wrapper functions for Swift
int montana_ml_dsa_65_keypair(uint8_t *public_key, uint8_t *secret_key);
int montana_ml_dsa_65_keypair_from_seed(uint8_t *public_key, uint8_t *secret_key, const uint8_t *seed);
int montana_ml_dsa_65_sign(uint8_t *sig, size_t *siglen, const uint8_t *msg, size_t msglen, const uint8_t *secret_key);
int montana_ml_dsa_65_verify(const uint8_t *msg, size_t msglen, const uint8_t *sig, size_t siglen, const uint8_t *public_key);
Build Requirements
- Xcode 15+
- CMake 3.20+
- OpenSSL (for liboqs build)
- iOS 15+ deployment target
Security Considerations
- Private key in Secure Enclave (if possible) or Keychain
- Memory wiping after use
- No logging of key material
- Signature includes timestamp to prevent replay
Timeline
- Phase 1 (Server-Assisted): Immediate
- Phase 2 (liboqs Build): 1-2 days
- Phase 3 (Full Integration): 1 day testing