CRYSTALS-Dilithium
What is CRYSTALS-Dilithium?
CRYSTALS-DilithiumA lattice-based digital-signature scheme standardized by NIST as FIPS 204 (ML-DSA) in August 2024 and intended as the post-quantum replacement for RSA, DSA, and ECDSA signatures.
CRYSTALS-Dilithium is a digital-signature scheme built on the hardness of Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) over structured lattices. It uses Fiat-Shamir with aborts and offers fast verification, with public keys around 1.3-2.6 kB and signatures around 2.4-4.6 kB depending on parameter set. NIST finalized it as FIPS 204 (ML-DSA) in August 2024 with parameter sets ML-DSA-44, ML-DSA-65, and ML-DSA-87 covering security categories 2, 3, and 5. It is the primary signature algorithm in NIST's PQC portfolio and is being integrated into X.509 PKI, code-signing pipelines, and hybrid TLS certificates.
● Examples
- 01
Used for ML-DSA-65 certificates in early PQC X.509 pilots by Cloudflare and AWS.
- 02
Selected as the default PQ signature in modern code-signing toolchains alongside SLH-DSA.
● Frequently asked questions
What is CRYSTALS-Dilithium?
A lattice-based digital-signature scheme standardized by NIST as FIPS 204 (ML-DSA) in August 2024 and intended as the post-quantum replacement for RSA, DSA, and ECDSA signatures. It belongs to the Cryptography category of cybersecurity.
What does CRYSTALS-Dilithium mean?
A lattice-based digital-signature scheme standardized by NIST as FIPS 204 (ML-DSA) in August 2024 and intended as the post-quantum replacement for RSA, DSA, and ECDSA signatures.
How does CRYSTALS-Dilithium work?
CRYSTALS-Dilithium is a digital-signature scheme built on the hardness of Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) over structured lattices. It uses Fiat-Shamir with aborts and offers fast verification, with public keys around 1.3-2.6 kB and signatures around 2.4-4.6 kB depending on parameter set. NIST finalized it as FIPS 204 (ML-DSA) in August 2024 with parameter sets ML-DSA-44, ML-DSA-65, and ML-DSA-87 covering security categories 2, 3, and 5. It is the primary signature algorithm in NIST's PQC portfolio and is being integrated into X.509 PKI, code-signing pipelines, and hybrid TLS certificates.
How do you defend against CRYSTALS-Dilithium?
Defences for CRYSTALS-Dilithium typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for CRYSTALS-Dilithium?
Common alternative names include: Dilithium, ML-DSA, FIPS 204.
● Related terms
- cryptography№ 846
Post-Quantum Cryptography
Classical cryptographic algorithms designed to remain secure against attacks by both classical and large-scale quantum computers.
- cryptography№ 607
Lattice-Based Cryptography
A family of post-quantum cryptographic schemes whose security reduces to the hardness of finding short vectors or solving linear equations with small errors over high-dimensional lattices.
- cryptography№ 321
Digital Signature
A public-key cryptographic mechanism that proves the authenticity, integrity and non-repudiation of a message or document.
- cryptography№ 732
NIST PQC Standardization
The multi-year NIST process that selects and standardizes post-quantum cryptographic algorithms; its first three standards, FIPS 203, 204, and 205, were published in August 2024.
- cryptography№ 253
CRYSTALS-Kyber
A lattice-based key-encapsulation mechanism standardized by NIST as FIPS 203 (ML-KEM) in August 2024, designed to replace RSA and Diffie-Hellman key exchange in a post-quantum world.
- cryptography№ 1077
SPHINCS+
A stateless hash-based digital-signature scheme standardized by NIST as FIPS 205 (SLH-DSA) in August 2024, offering conservative post-quantum security with no structured-math assumptions.