ML-DSA (FIPS 204)
Was ist ML-DSA (FIPS 204)?
ML-DSA (FIPS 204)NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm), standardized as FIPS 204 on 13 August 2024, is NIST's primary lattice-based post-quantum signature scheme, derived from CRYSTALS-Dilithium. It defines three parameter sets — ML-DSA-44, ML-DSA-65, and ML-DSA-87 — providing security comparable to AES-128/192/256 under standard lattice assumptions. Signatures are roughly 2.4 to 4.6 KB and public keys 1.3 to 2.6 KB, which is substantially larger than Ed25519 or ECDSA but small enough to fit comfortably in X.509 certificates, code-signing manifests, and DNSSEC records. ML-DSA is the default lattice-based PQ signature for use cases that cannot tolerate the much larger but more conservative SLH-DSA (FIPS 205, hash-based). Implementations are appearing in the BoringSSL/OpenSSL family, in Linux distributions' code-signing pipelines, and in hardware tokens. Migration strategies include hybrid certificates (classical ECDSA + ML-DSA, both signatures verified) and gradual rollouts on long-lived signing keys (root CAs, firmware update keys) where quantum resilience matters most.
● Beispiele
- 01
A code-signing CA issues hybrid ECDSA + ML-DSA-65 certificates so that signatures verify on both classical and post-quantum verifiers during the migration window.
- 02
A firmware-update key for a 15-year-lifetime IoT device is rotated to ML-DSA-87 to ensure quantum-resilience across the device's deployed life.
● Häufige Fragen
Was ist ML-DSA (FIPS 204)?
NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time. Es gehört zur Kategorie Kryptografie der Cybersicherheit.
Was bedeutet ML-DSA (FIPS 204)?
NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.
Wie funktioniert ML-DSA (FIPS 204)?
ML-DSA (Module-Lattice-Based Digital Signature Algorithm), standardized as FIPS 204 on 13 August 2024, is NIST's primary lattice-based post-quantum signature scheme, derived from CRYSTALS-Dilithium. It defines three parameter sets — ML-DSA-44, ML-DSA-65, and ML-DSA-87 — providing security comparable to AES-128/192/256 under standard lattice assumptions. Signatures are roughly 2.4 to 4.6 KB and public keys 1.3 to 2.6 KB, which is substantially larger than Ed25519 or ECDSA but small enough to fit comfortably in X.509 certificates, code-signing manifests, and DNSSEC records. ML-DSA is the default lattice-based PQ signature for use cases that cannot tolerate the much larger but more conservative SLH-DSA (FIPS 205, hash-based). Implementations are appearing in the BoringSSL/OpenSSL family, in Linux distributions' code-signing pipelines, and in hardware tokens. Migration strategies include hybrid certificates (classical ECDSA + ML-DSA, both signatures verified) and gradual rollouts on long-lived signing keys (root CAs, firmware update keys) where quantum resilience matters most.
Wie schützt man sich gegen ML-DSA (FIPS 204)?
Schutzmaßnahmen gegen ML-DSA (FIPS 204) kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.
Welche anderen Bezeichnungen gibt es für ML-DSA (FIPS 204)?
Übliche alternative Bezeichnungen: FIPS 204, Dilithium (standardized), Module-Lattice DSA.
● Verwandte Begriffe
- cryptography№ 278
CRYSTALS-Dilithium
Ein gitterbasiertes Signaturverfahren, das das NIST im August 2024 als FIPS 204 (ML-DSA) standardisiert hat und das RSA-, DSA- und ECDSA-Signaturen in einer post-quantenfähigen Welt ablösen soll.
- cryptography№ 947
Post-Quanten-Kryptografie
Klassische kryptografische Algorithmen, die sowohl gegen klassische als auch gegen großskalige Quantencomputerangriffe sicher bleiben sollen.
- cryptography№ 768
ML-KEM (FIPS 203)
NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange.
- cryptography№ 1166
SLH-DSA (FIPS 205)
NIST's standardized stateless hash-based post-quantum signature scheme, derived from SPHINCS+ and published as FIPS 205 in August 2024 — the conservative PQ signature option, relying only on hash-function security.
- cryptography№ 678
Gitterbasierte Kryptografie
Familie post-quantenfähiger Kryptosysteme, deren Sicherheit auf die Schwierigkeit zurückgeführt wird, in hochdimensionalen Gittern kurze Vektoren zu finden oder verrauschte lineare Gleichungen zu lösen.
- cryptography№ 820
NIST-PQC-Standardisierung
Mehrjähriger NIST-Prozess zur Auswahl und Standardisierung post-quantensicherer Kryptoalgorithmen; die ersten drei Standards FIPS 203, 204 und 205 wurden im August 2024 veröffentlicht.