Incorporate a scheme to replace RSA or fix PEM format #59
Description
🎯 Description
Currently, public keys headers are encoded using PKIX, which requires non-standard code to decipher. We can switch to PKCS1 to reduce complexity and improve code maintainability.
However, since public keys are already stored on-chain, backwards compatibility must be preserved for nodes that joined the network prior to the change. This necessity introduces:
- Support for multiple formats
- More complex and potentially messy code
- Partial negation (or no negation) of the motivation for the change
Despite this, a well-structured migration path could still offer long-term gains.
💡 Proposal
3 options:
- No change
- Replace PKIX encoding with PKCS1
- migrate to ECC
📊 Benefits of ECC
🔐 Encryption
- Encrypted size of a 32-byte BLS private key:
- Current (RSA-2048): 256 bytes
- Proposed (ECC or compact): ~106 bytes (can be less)
✍️ Signatures
- Signature size:
- Current: 256 bytes (raw, no PEM headers)
- Proposed (raw ECC): 32 bytes