365 Architect

FIPS 204 — ML-DSA (Digital Signatures)

What It Is in One Sentence

ML-DSA lets you prove you wrote a message (or approved a software update, or signed a contract) — and a quantum computer can't forge your signature.

The Problem

Digital signatures authenticate:

  • Software updates — Is this patch really from Microsoft/Apple/Google?
  • TLS certificates — Is this website really your bank?
  • Legal documents — Did the CEO really approve this contract?
  • Code commits — Did this developer really push this change?

Classical signatures (RSA, ECDSA, EdDSA) are broken by Shor's algorithm. ML-DSA replaces them.

How It Works (Three Steps)

Signer                          Verifier
  |                               |
  |-- KeyGen() --> pk, sk         |
  |                               |
  |==== public key pk ===========>|
  |                               |
  |          Sign(sk, msg)        |
  |          --> signature σ      |
  |==== signature σ + msg =======>|
  |                               |
  |          Verify(pk, msg, σ)   |
  |          --> valid / invalid  |
Step What happens Who does it
KeyGen Creates a key pair Signer
Sign Creates a signature using private key Signer
Verify Checks signature using public key Anyone

The Core Idea: Proving Knowledge of a Short Vector

ML-DSA uses the same lattice foundation as ML-KEM, but for a different purpose:

ML-KEM: "I know a short vector s such that t = A·s + e" (prove knowledge to establish a shared secret)

ML-DSA: "I know a short vector s such that t = A·s" (prove knowledge to sign a message)

The signature is a zero-knowledge proof that the signer knows the secret vector, bound to the specific message being signed.

Quick Reference

ML-DSA-44 ML-DSA-65 ML-DSA-87
Security ~AES-128 ~AES-192 ~AES-256
Public key 1,312 B 1,952 B 2,592 B
Private key 2,528 B 4,032 B 4,896 B
Signature 2,420 B 3,293 B 4,595 B
Default? Yes High-assurance

Articles in This Section

Resources

Share on LinkedIn