Skip to content
Vol. 1 · Ed. 2026
CyberGlossary
日本語
Entry № 767

ML-DSA (FIPS 204)

ML-DSA (FIPS 204) とは何ですか?

ML-DSA (FIPS 204)NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.

ML-DSA (Module-Lattice-Based Digital Signature Algorithm), standardized as FIPS 204 on 13 August 2024, is NIST's primary lattice-based post-quantum signature scheme, derived from CRYSTALS-Dilithium. It defines three parameter sets — ML-DSA-44, ML-DSA-65, and ML-DSA-87 — providing security comparable to AES-128/192/256 under standard lattice assumptions. Signatures are roughly 2.4 to 4.6 KB and public keys 1.3 to 2.6 KB, which is substantially larger than Ed25519 or ECDSA but small enough to fit comfortably in X.509 certificates, code-signing manifests, and DNSSEC records. ML-DSA is the default lattice-based PQ signature for use cases that cannot tolerate the much larger but more conservative SLH-DSA (FIPS 205, hash-based). Implementations are appearing in the BoringSSL/OpenSSL family, in Linux distributions' code-signing pipelines, and in hardware tokens. Migration strategies include hybrid certificates (classical ECDSA + ML-DSA, both signatures verified) and gradual rollouts on long-lived signing keys (root CAs, firmware update keys) where quantum resilience matters most.

  1. 01

    A code-signing CA issues hybrid ECDSA + ML-DSA-65 certificates so that signatures verify on both classical and post-quantum verifiers during the migration window.

  2. 02

    A firmware-update key for a 15-year-lifetime IoT device is rotated to ML-DSA-87 to ensure quantum-resilience across the device's deployed life.

よくある質問

ML-DSA (FIPS 204) とは何ですか?

NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time. サイバーセキュリティの 暗号 カテゴリに属します。

ML-DSA (FIPS 204) とはどういう意味ですか?

NIST's standardized post-quantum digital signature algorithm, derived from CRYSTALS-Dilithium and published as FIPS 204 in August 2024 — the default lattice-based PQ signature for code signing, X.509, and DNSSEC over time.

ML-DSA (FIPS 204) はどのように機能しますか?

ML-DSA (Module-Lattice-Based Digital Signature Algorithm), standardized as FIPS 204 on 13 August 2024, is NIST's primary lattice-based post-quantum signature scheme, derived from CRYSTALS-Dilithium. It defines three parameter sets — ML-DSA-44, ML-DSA-65, and ML-DSA-87 — providing security comparable to AES-128/192/256 under standard lattice assumptions. Signatures are roughly 2.4 to 4.6 KB and public keys 1.3 to 2.6 KB, which is substantially larger than Ed25519 or ECDSA but small enough to fit comfortably in X.509 certificates, code-signing manifests, and DNSSEC records. ML-DSA is the default lattice-based PQ signature for use cases that cannot tolerate the much larger but more conservative SLH-DSA (FIPS 205, hash-based). Implementations are appearing in the BoringSSL/OpenSSL family, in Linux distributions' code-signing pipelines, and in hardware tokens. Migration strategies include hybrid certificates (classical ECDSA + ML-DSA, both signatures verified) and gradual rollouts on long-lived signing keys (root CAs, firmware update keys) where quantum resilience matters most.

ML-DSA (FIPS 204) からどのように防御しますか?

ML-DSA (FIPS 204) に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

ML-DSA (FIPS 204) の別名は何ですか?

一般的な別名: FIPS 204, Dilithium (standardized), Module-Lattice DSA。

関連用語