info@kfcipher.net

Dilithium Digital Signature

  1. Home
  2. Dilithium Demo

Use PQC Digital Signature via this form

Post-Quantum Digital Signature (Dilithium)
Verify Signature
Explanation

Dilithium is a lattice-based digital signature scheme resistant to quantum attacks. Approved by NIST for post-quantum cryptography.

  • Dilithium2: ~1312 bytes public key, ~2420 bytes signature
  • Dilithium3: ~1952 bytes public key, ~3293 bytes signature
  • Dilithium5: ~2592 bytes public key, ~4595 bytes signature
Learn More

Dilithium (ML-DSA): NIST Post-Quantum Digital Signature

Lattice-based signatures for the quantum future

Introduction

Dilithium — now officially standardized as ML-DSA (Module-Lattice-Based Digital Signature Algorithm) — is a post-quantum digital signature scheme selected by NIST in 2022 and published as FIPS 204 in August 2024.

Designed to replace classical signatures like ECDSA and RSA-PSS in a world where quantum computers threaten current standards via Shor's algorithm, Dilithium provides secure, efficient, and compact signatures based on lattice problems.

NIST PQC Standard: ML-DSA is the primary signature algorithm in NIST's post-quantum cryptography suite.

Mathematical Foundation: Module-LWE & Module-LWR

Dilithium is based on the Fiat-Shamir with Aborts paradigm over the Module Learning With Errors (MLWE) and Module Learning With Rounding (MLWR) problems.

\( A \in \mathbb{Z}_q^{k \times \ell}[x]/(x^n + 1) \)
\( \mathbf{y} \leftarrow (-d, d)^\ell \)
\( \mathbf{z} = \mathbf{y} + \mathbf{s}_1 \cdot c \)
\( w_1 = \text{HighBits}(A \cdot \mathbf{z}) \)

Signature: \( (\mathbf{z}, c) \) where \( c = H(w_1) \)

Key Parameters

Parameter Dilithium2 Dilithium3 Dilithium5
Security Level 128-bit (NIST 1) 192-bit (NIST 3) 256-bit (NIST 5)
(k, ℓ) (4, 4) (6, 5) (8, 7)
n 256
q 8380417
η 2 2 2
d 13 13 13

Algorithm Overview

1. Key Generation

Input: security parameter
Output: (pk, sk)

1. ρ, ρ' ← {0,1}^256
2. A ← ExpandA(ρ) ∈ R_q^{k×ℓ}
3. s1 ← ExpandS(ρ') ∈ R^ℓ
4. s2 ← ExpandS(K) ∈ R^k
5. t := A·s1 + s2
6. (t1, t0) := Power2Round(t, d)
7. pk := (ρ, t1)
8. sk := (ρ, K, ρ', s1, s2, t0)
Return (pk, sk)

2. Signing

Input: sk, message μ
Output: signature (z, c)

1. A ← ExpandA(ρ)
2. y ← ExpandMask(ρ', r) ∈ (-d,d)^ℓ
3. w := A·y
4. w1 := HighBits(w)
5. c := H(μ || w1)
6. z := y + c·s1
7. if ||z||_∞ ≥ γ1 - β → abort, retry
8. if LowBits(w - c·s2) reveals s2 → abort
Return (z, c)

3. Verification

Input: pk = (ρ, t1), msg μ, sig (z, c)
Output: valid / invalid

1. A ← ExpandA(ρ)
2. w1' := HighBits(A·z - c·t1 << d)
3. c' := H(μ || w1')
4. if c' = c and ||z||_∞ < γ1 - β → valid
Return result

Rejection Sampling: "Aborts" prevent leakage of secret key via timing or signature size.

Parameter Sets (FIPS 204)

ML-DSA Variant Dilithium Equivalent Security pk Size sk Size Signature
ML-DSA-44 Dilithium2 128-bit 1312 B 2528 B 2420 B
ML-DSA-65 Dilithium3 192-bit 1952 B 4000 B 3293 B
ML-DSA-87 Dilithium5 256-bit 2592 B 4864 B 4595 B

Recommended: ML-DSA-65 for most use cases.

Security Analysis

Attack Resistance
Shor's Algorithm Secure
Grover's Quadratic speedup only
Lattice Reduction Best known: ~2^140 for ML-DSA-44 (2025)
Side-Channel Requires constant-time + masking
Forgery EUF-CMA secure

Conservative & Well-Studied: Over 5 years of cryptanalysis with no practical breaks.

Performance (2025 Benchmarks)

Operation ML-DSA-65 (x86-64) ECDSA (P-256)
KeyGen ~45,000 cycles ~60,000 cycles
Sign ~180,000 cycles ~65,000 cycles
Verify ~55,000 cycles ~140,000 cycles

~3× slower signing, but faster verification than ECDSA.

Implementation: C API (liboqs)

#include "oqs/oqs.h"

uint8_t *msg = "Hello, Post-Quantum!";
uint8_t *pk, *sk, *sig;
size_t msg_len = strlen(msg);
size_t pk_len, sk_len, sig_len;

OQS_SIG *sig_alg = OQS_SIG_new(OQS_SIG_alg_dilithium_3);
pk = malloc(sig_alg->length_public_key);
sk = malloc(sig_alg->length_secret_key);
sig = malloc(sig_alg->length_signature);

OQS_SIG_keypair(sig_alg, pk, sk);
OQS_SIG_sign(sig_alg, sig, &sig_len, msg, msg_len, sk);
int verified = OQS_SIG_verify(sig_alg, msg, msg_len, sig, sig_len, pk);

printf("Verified: %s\n", verified ? "YES" : "NO");

Libraries: liboqs, pqcrypto, circl (Go)

Hybrid Signatures (Recommended)

Sign with both classical + PQC:

Signature = ECDSA(m) || ML-DSA(m)

Used in TLS 1.3, OpenPGP, SSH.

Migration Timeline

  • 2025–2027: Hybrid (ECDSA + Dilithium)
  • 2028–2030: PQC-only in new systems
  • 2030+: Full migration

Start now — NIST recommends hybrid signatures today.

Conclusion

Dilithium (ML-DSA) is the future of digital signatures. Its lattice-based design, strong security, and efficient verification make it ideal for certificates, software updates, and blockchain.

Key Takeaways:

  • Use ML-DSA-65 for 192-bit security
  • Deploy in hybrid mode with ECDSA
  • Use FIPS 204 compliant libraries
  • Begin migration immediately

References

  1. FIPS 204: Module-Lattice-Based Digital Signature Standard (2024)
  2. CRYSTALS-Dilithium Submission to NIST PQC (v3.1)
  3. Léo Ducas et al., "CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme"
  4. pq-crystals.org/dilithium
  5. Open Quantum Safe
https://www.kfcipher.net
Cryptography Tools
Post Quantum Cryptography
Security Tools
Domain Tools
KF-Cipher APP
Resources