github ruvnet/RuView v1105
Release v1105
on GitHub

latest releases: v1136, v1133, v1115...
4 hours ago

Automated release from CI pipeline

Changes:
adr-109: Dilithium PQC signatures — provenance side of post-quantum migration (#733)

Sister-ADR to ADR-108. Where ADR-108 closes the confidentiality side
(Kyber key exchange), ADR-109 closes the integrity side (Dilithium
signatures) of the post-quantum migration.

Replaces Ed25519 in ADR-100 cog signing with Dilithium-3 (NIST FIPS 204,
~AES-192 equivalent, CNSA 2.0 default).

Migration timeline (matches ADR-108):

  • Phase 0 (NOW 2026): Ed25519 only
  • Phase 1 (Q4 2026): Dual-sig (Ed25519 + Dilithium-3), accepts either
  • Phase 2 (Q2 2027): BOTH required (defence in depth)
  • Phase 3 (2030+): Pure Dilithium-3

Why now (backdating argument): An adversary who can break Ed25519 in
2035 with quantum computers can backdate signatures on cog binaries to
install malicious code retroactively. The provenance chain breaks even
for binaries deployed today. Hybrid mode prevents this: forging a 2026
cog signature still requires breaking BOTH Ed25519 AND Dilithium-3.

Manifest size: 64 B (Ed25519) + 3293 B (Dilithium-3) = ~4 kB per cog.
50-cog catalogue overhead ~200 kB. Negligible.

LOC: +270 on top of ADR-100.
Combined chain budget (ADR-105+106+107+108+109): ~1,820 LOC, ~7 weeks.

ADR CHAIN (8 ADRs) complete for both confidentiality and integrity at
quantum-resistant tier:

  • ADR-100: cog packaging
  • ADR-103: cog-person-count
  • ADR-104: MCP + CLI
  • ADR-105: within-installation federation
  • ADR-106: DP-SGD + primitive isolation
  • ADR-107: cross-installation + secure aggregation
  • ADR-108: PQC key exchange (Kyber-768)
  • ADR-109: PQC signatures (Dilithium-3) <-- THIS

Future ADRs catalogued:

  • ADR-110: PQC hardware acceleration on Cognitum-v0
  • ADR-111: Owner key rotation policy
  • ADR-112: Cross-signing with external CA
  • ADR-113: Multistatic placement strategy (R6 family findings -> ADR-029 amendment)

Composes:

  • R14/R15 privacy + biometric requires provenance integrity
  • R12 PABS / R12.1: intruder-detection cog must itself be signed
  • R10/R11 long-deployment cogs most affected by backdating
  • R7 mincut adversarial assumes the model is trustworthy

Honest scope:

  • Dilithium ~5 years old; hybrid mitigates uncertainty
  • ESP32-S3 verification ~5-10 ms estimated; needs benchmarking
  • pqcrypto-dilithium Rust crate dependency
  • Owner key management = highest-risk operational change
  • Phase 3 Ed25519 retirement needs future decision

Coordination: ticks/tick-30.md, no PROGRESS.md edit.

Docker Image:
ghcr.io/ruvnet/RuView:27d911ca6d55a3ce9dba910495eb59a1d49a38aa

Check out latest releases or
releases around ruvnet/RuView v1105

Don't miss a new RuView release

NewReleases is sending notifications on new releases.

Get notifications