Move to stronger (PQ) signing for APK repos
Paul Spooren
mail at aparcar.org
Mon Apr 6 16:24:55 PDT 2026
Hi Paul D,
It’s on my radar, however thanks for bringing this up.
If we’d wanted to change it, I’d should be a hybrid approach using well known and new crypto. I’ll look into this over the next weeks, however please feel free to make suggestions.
Best,
Paul
> On 7. Apr 2026, at 04:37, Paul D <newtwen at gmail.com> wrote:
>
>
> Theoretical cost estimations to break ECC have decreased sufficiently, such that, at a minimum, signing APK repos with ECDSA P-256 is soon insufficient i.e. within the next two years (otherwise MITM/PITM or supply-chain attacks become 'practical'). ECDSA shall now be regarded as a legacy algo, but bumping keys to P-521 is an acceptable short-term change.
>
>
> ML-DSA (Dilithium) and FN-DSA (Falcon) are suitable signing choices. ML-DSA shows orders of magnitude [1] faster signing and verification speeds than ECDSA P-521.
>
> https://words.filippo.io/crqc-timeline/
>
>
> [1] https://postquantum.com/post-quantum/cryptography-pqc-nist/?utm_source=chatgpt.com#crystals-dilithium-digital-signatures
>
>
> ( cross post https://forum.openwrt.org/t/move-to-stronger-pq-signing-for-apk-repos/248782 )
>
>
> _______________________________________________
> openwrt-adm mailing list
> openwrt-adm at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-adm
More information about the openwrt-adm
mailing list