Implement Post-Quantum Identities (ML-DSA / RFC-0004)

[ShahakShama]

Description

Currently, rust-libp2p relies entirely on classical public-key cryptography (Ed25519, Secp256k1, ECDSA, RSA) for peer identity generation and verification. We would like to request support for post-quantum peer identities using ML-DSA (Module-Lattice-based Digital Signature Algorithm), aligned with the upcoming protocol standard.

Motivation

• Quantum Risk: Existing signature schemes are vulnerable to Shor's algorithm. Consensus estimates place the arrival of a Cryptographically Relevant Quantum Computer (CRQC) between 2030 and 2035.
• Long Deployment Lifecycles: Migrating decentralized networks to post-quantum cryptography takes significant time. We need to begin integrating and testing these standards now to ensure readiness before the threat materializes.
• "Harvest Now, Decrypt Later" Threats: As adversaries are already recording network traffic, our overarching PQC strategy requires migrating transport security and identities as early as possible to safeguard current and future communications.

Requirements

• Standard Implementation: Implement support for the ML-DSA (FIPS 204) signature scheme inside libp2p-identity.
• Feature Flagging: Introduce this behind a feature flag initially, allowing developers to test it before the official cross-language specification is fully merged.

Open questions

Upstream Dependencies: Which Rust-based ML-DSA implementation (e.g., via pqcrypto, ring, or another crate) does the maintainer team prefer to use to ensure optimal safety, performance, and WASM compatibility?

Are you planning to do it yourself in a pull request?

Maybe