ML-DSA Overview
Table of contents
- Algorithm type: Digital signature scheme.
- Main cryptographic assumption: Scheme based on the Module Learning With Errors problem.
- Copyright: Public Domain or Apache 2.0 License
- **GitHub Source
FIPS 204 ML-DSA
FIPS 204 is the Module-Lattice-Based Digital Signature Standard, which was developed by the National Institute of Standards and Technology (NIST) to provide a quantum-resistant digital signature mechanism. FIPS 204 specifies a module-lattice-based digital signature algorithm (ML-DSA), designed to ensure the security and integrity of digital communications and data against attacks that might be feasible with quantum computers
The standard is derived from the CRYSTALS-Dilithium submission, which was a selection from the NIST Post-Quantum Cryptography Standardization Project
ML-DSA is based on lattice-based cryptographic constructs, which are considered to be secure against both classical and quantum adversaries. This makes it a robust choice for long-term data integrity
The standard provides detailed specifications for generating, verifying, and managing digital signatures to ensure consistent and secure implementation across various applications.
FIPS 204 was initially published as a draft on August 24, 2023, with a public comment period that concluded on November 22, 2023 . Following the public comment period, necessary revisions were made to address feedback, and NIST aims to finalize and publish the standard for use in 2024.
Applications:
FIPS 204 can be applied in multiple scenarios where secure digital signatures are essential, including:
- Ensuring the integrity and authenticity of digital communications, documents, and transactions.
- Utilizing quantum-resistant signatures within various cryptographic protocols and systems.
- Implementing secure and verifiable signatures for sensitive and classified governmental and military communications.
- Enhancing the security of electronic transactions, contracts, and records within financial systems.
- Ensuring the authenticity and integrity of software updates and installations to prevent tampering and unauthorized alterations.
ML-DSA advantages over classical digital signature algorithms
Module-Lattice-based Digital Signature Algorithms (ML-DSA), such as those based on the CRYSTALS-DILITHIUM framework, offer several significant advantages over classical digital signature algorithms like RSA or ECDSA (Elliptic Curve Digital Signature Algorithm). Here are some of the key benefits:
- ML-DSA algorithms are designed to be secure against quantum computer attacks. Classical algorithms like RSA and ECDSA can be broken by quantum algorithms (e.g., Shor’s algorithm), rendering them insecure in a post-quantum world.
- ML-DSA algorithm offer a good balance between security and performance, with efficient key generation, signing, and verification operations.
- While classical algorithms may require increasingly larger key sizes to maintain security as computational power increases, ML-DSA algorithms typically provide strong security with more manageable key and signature sizes,
- ML-DSA algorithms often come with different parameter sets, allowing users to choose configurations that balance security and performance based on specific needs.
ML-DSA - Parameter set summary
- ML-DSA-87 - security category 5
- Public key size - 2592 bytes
- Private key size - 4896 bytes
- Signature size - 4627 bytes
NIST’s Known Answer Tests (KAT)
The TQ42 Cryptography ML-DSA algorithm implementation has successfully passed the Known Answer Tests (KAT) provided by NIST. This confirms that the algorithm performs reliably as anticipated. For those interested in a deeper dive into the specifics of these tests, they are available for review.
Leveraging ML-DSA and True Entropy
The customization of the ML-DSA algorithm within TQ42 Cryptography is designed to work in synergy with true entropy, sourced from the Single Photon Quantum Random Number Generator (QRNG). This technology ensures that the randomness required for cryptographic keys is of the highest quality, providing unparalleled security for company data. Since the effectiveness of any cryptographic algorithm heavily relies on the randomness of its keys, incorporating QRNG derived true entropy with TQ42’s customized ML-DSA algorithm ensures that your company’s sensitive information is safeguarded in the most robust manner possible.
API overview
To include the necessary library, please refer to the Getting Started Guide. After following the guide, include the pqc/ml-dsa.h
header in your code. All Signature Schemes algorithms have a unified API. For ML-DSA 87, you can set the algorithm to work using the constant PQC_CIPHER_ML_DSA. To learn about all the available methods for signature algorithms, visit the Signature Schemes Generic API Overview page.
Example
Code
#include <iostream>
#include <vector>
#include <pqc/common.h>
#include <pqc/ml-dsa.h>
// Macros simplify the creation of byte vectors for ML-DSA private and public keys
#define ML_DSA_PRIVATE_KEY(x) std::vector<uint8_t> x(sizeof(pqc_ml_dsa_private_key))
#define ML_DSA_PUBLIC_KEY(x) std::vector<uint8_t> x(sizeof(pqc_ml_dsa_public_key))
#define ML_DSA_SIGNATURE(x) std::vector<uint8_t> x(sizeof(pqc_ml_dsa_signature))
int main()
{
ML_DSA_PRIVATE_KEY(priv_alice);
ML_DSA_PUBLIC_KEY(pub_alice);
ML_DSA_SIGNATURE(signature);
// Generate a ML-DSA key pair for Alice
size_t generateResult = PQC_generate_key_pair(
PQC_CIPHER_ML_DSA, pub_alice.data(), pub_alice.size(), priv_alice.data(), priv_alice.size()
);
// Check if key generation was successful
if (generateResult != PQC_OK)
{
std::cout << "Key generation failed!" << std::endl;
}
CIPHER_HANDLE ML_DSA_ContextAlice = PQC_init_context(PQC_CIPHER_ML_DSA, priv_alice.data(), priv_alice.size());
if (ML_DSA_ContextAlice == PQC_BAD_CIPHER)
{
std::cout << "Failed to initialize cryptographic context!" << std::endl;
}
// Define a message that will be signed using ML-DSA signature algorithm
char message[] = "Here is my message I will sign by ML-DSA signature algorithm!";
// Sign the message with ML-DSA algorithm using Alice's context
size_t signResult =
PQC_sign(ML_DSA_ContextAlice, (uint8_t *)message, sizeof(message), signature.data(), signature.size());
// Check if the signing process was successful
if (signResult != PQC_OK)
{
std::cout << "Signing process failed!" << std::endl;
}
// Attempt to verify the signature of the signed message using Alice's public key
size_t verifyResult = PQC_verify(
PQC_CIPHER_ML_DSA, pub_alice.data(), pub_alice.size(), (uint8_t *)message, sizeof(message), signature.data(),
signature.size()
);
// Check the result of the signature verification
if (verifyResult == PQC_OK)
{
std::cout << "Signature is valid!" << std::endl;
}
else
{
std::cout << "Signature verification failed!" << std::endl;
}
return 0;
}