0Pricing
Cryptology Academy · Lesson

ML-DSA (FIPS 204) and SLH-DSA (FIPS 205)

Compare CRYSTALS-Dilithium lattice signatures with SPHINCS+ hash-based signatures and their trade-offs.

ML-DSA Origins

ML-DSA (Module-Lattice-based Digital Signature Algorithm), standardized as FIPS 204, is derived from CRYSTALS-Dilithium. Dilithium was designed by Ducas, Kiltz, Lepoint, Lyubashevsky, Schwabe, Seiler, and Stehle and submitted to NIST in 2017. It uses the Fiat-Shamir with aborts framework applied to Module-LWE, producing a practical signature scheme with strong security proofs.

Fiat-Shamir with Aborts

Classical Fiat-Shamir transforms interactive identification protocols into signatures. For lattice schemes, a direct application leaks information about the secret key through the response vector. The "with aborts" technique by Lyubashevsky adds rejection sampling: the signer checks if the response would reveal information and aborts and retries if so. This adds a small signing overhead but is essential for security.

All lessons in this course

  1. The NIST PQC Competition: Process and Criteria
  2. ML-KEM (FIPS 203): CRYSTALS-Kyber Standardized
  3. ML-DSA (FIPS 204) and SLH-DSA (FIPS 205)
  4. Planning Your Migration to Post-Quantum Standards
← Back to Cryptology Academy