Skip to content

add k-256 support#81

Open
iameli wants to merge 1 commit intoc2pa-org:mainfrom
streamplace:main
Open

add k-256 support#81
iameli wants to merge 1 commit intoc2pa-org:mainfrom
streamplace:main

Conversation

@iameli
Copy link
Copy Markdown

@iameli iameli commented Oct 31, 2024

My PR for this on c2pa-rs was closed because it's not part of the C2PA spec. Fair enough. If there's a better place to propose this change, please let me know.

My original post on the matter on Discord makes the pitch pretty well, I think:

Curious if there are any feelings about adding secp256k1 (aka ES256K aka k256 aka NIST K-256) signatures into the spec. Our use case is supporting Bluesky's AT Protocol, which requires both that and p256 aka secp256r1 aka prime256v1) which is already supported. But it would also be nice to interoperate with hardware wallets and Ethereum-ecosystem crypto tools like Metamask.

[...] an Aquareum node already has an Ethereum wallet keypair and identity associated with it, so signing segments with that same key would be the most straightforward way to implement it. Or as an end user you could validate that a piece of media is actually associated with iameli.eth or @iame.li on the AT Protocol.

It would also facilitate integration with hardware wallets, which I contend are the best personal-use HSMs out there. As a content creator I'd love to sign each video I upload with my ledger that I already have around; it facilitates really strong personal key security.

"Wasn't this going to be handled as part of the CAWG?" I don't think my use case is pertinent to the CAWG spec, though "attestations about crypto wallets" might be broadly within the CAWG's domain. But we're building an app (and OBS plugin) that allows users to broadcast signed livestreams from their devices. That makes us a claim generator, no?

@lrosenthol
Copy link
Copy Markdown
Contributor

lrosenthol commented Oct 31, 2024

@iameli Thanks for reaching out with this proposal. I will bring it to the team for discussion and report back!

@lrosenthol lrosenthol self-assigned this Oct 31, 2024
@lrosenthol lrosenthol added the enhancement New feature or request label Oct 31, 2024
aww-aww
aww-aww reviewed Dec 6, 2024
View reviewed changes
Comment thread build/site/specifications/2.1/specs/C2PA_Specification.html
<ul>
<li>
<p>ECDSA requires elliptic curve keys on the P-256, P-384, or P-521 elliptic curves.</p>
<p>ECDSA requires elliptic curve keys on the P-256, K-256, P-384, or P-521 elliptic curves.</p>
Copy link
Copy Markdown

@aww-aww aww-aww Dec 6, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I need to do a bit of research to refresh my memory, but the typical concern with K-256 is that there are a few scenarios where timing attacks could leak information. As used in crypto-currency implementations, the timing attacks are impractical. Generalized use in C2PA might??? be problematic in some scenarios. Leonard, let me know if you want me to dig up the details or run this by cryptographers I work with.

Copy link
Copy Markdown
Author

@iameli iameli Jul 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My understanding is that certain properties of K-256 can make it more challenging to write constant-time implementations. But people did it anyway - all of the recommended implementations are constant-time, including the Rust k256 crate used in my c2pa-rs fork.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aww-aww aww-aww aww-aww left review comments

Assignees

@lrosenthol lrosenthol

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@iameli @lrosenthol @aww-aww