Move to stronger (PQ) signing for APK repos
Paul D
newtwen at gmail.com
Mon Apr 6 12:37:55 PDT 2026
Theoretical cost estimations to break ECC have decreased sufficiently, such that, at a minimum, signing APK repos with ECDSA P-256 is soon insufficient i.e. within the next two years (otherwise MITM/PITM or supply-chain attacks become 'practical'). ECDSA shall now be regarded as a legacy algo, but bumping keys to P-521 is an acceptable short-term change.
ML-DSA (Dilithium) and FN-DSA (Falcon) are suitable signing choices. ML-DSA shows orders of magnitude [1] faster signing and verification speeds than ECDSA P-521.
https://words.filippo.io/crqc-timeline/
[1] https://postquantum.com/post-quantum/cryptography-pqc-nist/?utm_source=chatgpt.com#crystals-dilithium-digital-signatures
( cross post https://forum.openwrt.org/t/move-to-stronger-pq-signing-for-apk-repos/248782 )
More information about the openwrt-adm
mailing list