ML-DSA (FIPS 204)
What is ML-DSA (FIPS 204)?
ML-DSA (FIPS 204)NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm), standardized as FIPS 204 on 13 August 2024, is NIST's primary lattice-based post-quantum signature scheme, derived from CRYSTALS-Dilithium. It defines three parameter sets — ML-DSA-44, ML-DSA-65, and ML-DSA-87 — providing security comparable to AES-128/192/256 under standard lattice assumptions. Signatures are roughly 2.4 to 4.6 KB and public keys 1.3 to 2.6 KB, which is substantially larger than Ed25519 or ECDSA but small enough to fit comfortably in X.509 certificates, code-signing manifests, and DNSSEC records. ML-DSA is the default lattice-based PQ signature for use cases that cannot tolerate the much larger but more conservative SLH-DSA (FIPS 205, hash-based). Implementations are appearing in the BoringSSL/OpenSSL family, in Linux distributions' code-signing pipelines, and in hardware tokens. Migration strategies include hybrid certificates (classical ECDSA + ML-DSA, both signatures verified) and gradual rollouts on long-lived signing keys (root CAs, firmware update keys) where quantum resilience matters most.
● Examples
- 01
A code-signing CA issues hybrid ECDSA + ML-DSA-65 certificates so that signatures verify on both classical and post-quantum verifiers during the migration window.
- 02
A firmware-update key for a 15-year-lifetime IoT device is rotated to ML-DSA-87 to ensure quantum-resilience across the device's deployed life.
● Frequently asked questions
What is ML-DSA (FIPS 204)?
NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time. It belongs to the Cryptography category of cybersecurity.
What does ML-DSA (FIPS 204) mean?
NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.
How does ML-DSA (FIPS 204) work?
ML-DSA (Module-Lattice-Based Digital Signature Algorithm), standardized as FIPS 204 on 13 August 2024, is NIST's primary lattice-based post-quantum signature scheme, derived from CRYSTALS-Dilithium. It defines three parameter sets — ML-DSA-44, ML-DSA-65, and ML-DSA-87 — providing security comparable to AES-128/192/256 under standard lattice assumptions. Signatures are roughly 2.4 to 4.6 KB and public keys 1.3 to 2.6 KB, which is substantially larger than Ed25519 or ECDSA but small enough to fit comfortably in X.509 certificates, code-signing manifests, and DNSSEC records. ML-DSA is the default lattice-based PQ signature for use cases that cannot tolerate the much larger but more conservative SLH-DSA (FIPS 205, hash-based). Implementations are appearing in the BoringSSL/OpenSSL family, in Linux distributions' code-signing pipelines, and in hardware tokens. Migration strategies include hybrid certificates (classical ECDSA + ML-DSA, both signatures verified) and gradual rollouts on long-lived signing keys (root CAs, firmware update keys) where quantum resilience matters most.
How do you defend against ML-DSA (FIPS 204)?
Defences for ML-DSA (FIPS 204) typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ML-DSA (FIPS 204)?
Common alternative names include: FIPS 204, Dilithium (standardized), Module-Lattice DSA.
● Related terms
- cryptography№ 278
CRYSTALS-Dilithium
A lattice-based digital-signature scheme standardized by NIST as FIPS 204 (ML-DSA) in August 2024 and intended as the post-quantum replacement for RSA, DSA, and ECDSA signatures.
- cryptography№ 947
Post-Quantum Cryptography
Classical cryptographic algorithms designed to remain secure against attacks by both classical and large-scale quantum computers.
- cryptography№ 768
ML-KEM (FIPS 203)
NIST's standardized post-quantum key encapsulation mechanism, based on the CRYSTALS-Kyber design and published as FIPS 203 in August 2024 — now the default PQ KEM for TLS, IPsec, and hybrid key exchange.
- cryptography№ 1166
SLH-DSA (FIPS 205)
NIST's standardized stateless hash-based post-quantum signature scheme, derived from SPHINCS+ and published as FIPS 205 in August 2024 — the conservative PQ signature option, relying only on hash-function security.
- cryptography№ 678
Lattice-Based Cryptography
A family of post-quantum cryptographic schemes whose security reduces to the hardness of finding short vectors or solving linear equations with small errors over high-dimensional lattices.
- cryptography№ 820
NIST PQC Standardization
The multi-year NIST process that selects and standardizes post-quantum cryptographic algorithms; its first three standards, FIPS 203, 204, and 205, were published in August 2024.