DevFest 2025 | PQC for Digital Signatures and Authentication ✍️

DevFest 2025: Building Safe, Secure and Scalable Solutions with AI and Cloud.

This year, DevFest 2025 will empower developer communities worldwide to architect the future. We'll focus on driving the practical integration of AI and Google Cloud into their solutions. 

Trusting the Unseen: PQC for Digital Signatures and Authentication ✍️

• Digital signatures are fundamental for verifying identity, authenticating software, and ensuring data integrity. 
• In this session, we'll focus on the application of the new NIST-standardized PQC digital signature algorithms, ML-DSA and SLH-DSA. 
• Unlike key exchange, the vulnerability of signatures has long-term implications for our Public Key Infrastructure (PKI) and the trust chain of our software. 
• We'll walk through a conceptual code-signing example, demonstrating how to use ML-DSA to create a quantum-safe digital fingerprint for your software. 
• We will also discuss the significant challenges of migrating a large-scale PKI to PQC, from certificate authorities to revocation lists.

Key Themes:

• Digital Signatures 🖋️
• PKI 🏗️
• Code Signing 👨‍💻
• Authentication ✅
• Data Integrity integrity

Recommended background:

A clear understanding of the difference between key exchange and digital signatures is essential. Familiarity with the basics of how a PKI operates will be beneficial.

Recommended Resources:

• NIST's PQC Standards: Explore the official NIST publications for ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) to understand the technical specifications of the new algorithms.
• PQC Migration Guides: Read guides from organizations like CISA, NSA, and NIST that outline best practices for transitioning enterprise PKI and cryptographic systems to be quantum-safe.
• "The Future of Digital Signatures in a Post-Quantum World": An article from Postquantum that provides a detailed overview of the quantum threat to digital signatures and the solutions being developed.
• "How to Secure Identity in the Era of Post Quantum Cryptography": A blog post from Thales that provides a practical example of a hybrid cryptographic approach for identity documents.
• Open Quantum Safe (OQS) Project: A valuable resource for developers, this project provides open-source implementations of post-quantum cryptography algorithms, which can be used for testing and experimentation.

What is AI Quantum Clubs?

• Building upon the foundations of our AI Study Jams and AI Math Clubs, the AI Quantum Clubs campaign is designed to explore the crucial and rapidly evolving world of Post-Quantum Cryptography (PQC).
• This initiative focuses on equipping developers and enthusiasts with the knowledge to understand and address the looming quantum threat to our digital security. We will provide a clear, intuitive path to learning about new quantum-resistant algorithms and how to implement them in a way that future-proofs our code and infrastructure.