Evidence signature
Public signals bind to governed proof.
No customer data.
QScout proof sequence. Evidence Handshake. public-to-private proof path. No customer data.
Yes. ML-DSA (formerly CRYSTALS-Dilithium) is quantum safe. It is the NIST-standardized post-quantum digital signature algorithm (FIPS 204, August 2024).
Key Takeaway: ML-DSA is considered quantum safe. NIST FIPS 204 (standardized August 2024). CNSA 2.0 approved.
ML-DSA IS quantum safe and is the standard PQC signature algorithm.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm), formerly CRYSTALS-Dilithium, is a post-quantum digital signature scheme standardized by NIST as FIPS 204 in August 2024. It replaces RSA and ECDSA for signing and verification operations. ML-DSA is based on the Module Learning With Errors (MLWE) problem, the same lattice-based mathematical foundation as ML-KEM.
The algorithm works by defining a structured lattice in high-dimensional polynomial space. The private key is a short vector in this lattice, while the public key is derived by applying a linear transformation that obscures the short vector structure. Signing involves using the private key to create a digital signature that binds to the message via polynomial arithmetic and hash functions (SHA-256, SHA-512, SHAKE256). Verification uses the public key to check that the signature is valid without revealing the private key.
ML-DSA operates at three security levels: ML-DSA-44 (128-bit security, 1,312-byte public keys, 2,420-byte signatures), ML-DSA-65 (192-bit security, 1,952-byte public keys, 3,293-byte signatures — recommended for most applications), and ML-DSA-87 (256-bit security, 2,592-byte public keys, 4,595-byte signatures — for ultra-high-security).
ML-DSA has no known quantum vulnerability. Unlike RSA and ECDSA which fall to Shor's algorithm in polynomial time, lattice-based cryptography resists both classical and quantum attacks. The best-known quantum attacks against MLWE (using quantum-enhanced lattice reduction or Grover search) provide only modest speedups, reducing security by approximately a square root factor.
For ML-DSA-65 (targeting NIST Security Level 3), breaking the scheme requires approximately 2192 classical operations or 296 quantum operations — comparable to AES-192 under Grover's algorithm, far beyond foreseeable quantum capabilities.
NIST subjected ML-DSA to extensive cryptanalysis during the 8-year PQC standardization process (2016-2024). The algorithm withstood scrutiny from the global cryptographic research community, with conservative parameter selection providing security margins exceeding minimum thresholds. ML-DSA-65 uses parameters sized to resist attacks requiring >2150 classical operations.
ML-DSA IS the migration target for digital signatures:
TLS Certificates: Migrate from RSA-signed or ECDSA-signed certificates to ML-DSA-signed certificates. Hybrid certificates (dual RSA+ML-DSA signatures) provide transition compatibility.
Code Signing: Replace RSA and ECDSA code signing certificates with ML-DSA-65 or ML-DSA-87. Critical for software distribution, firmware signing, and container image verification.
Document Signing: PDF signatures, email signatures (S/MIME), and electronic contracts should transition from RSA/ECDSA to ML-DSA for quantum-safe non-repudiation.
SSH Authentication: Future versions of OpenSSH will support ML-DSA for host keys and user authentication keys.
All industries currently using RSA or ECDSA signatures will migrate to ML-DSA:
Software supply chains require quantum-safe code signatures to prevent future forgery attacks. Microsoft, Apple, Google, and Linux distributions are planning ML-DSA adoption for Authenticode, notarization, APK signing, and package repositories.
Financial services use digital signatures for transaction authorization, smart contracts, regulatory filings (SEC EDGAR submissions), and audit logs. ML-DSA migration ensures long-term non-repudiation for regulatory compliance (7-10 year record retention).
Healthcare relies on digital signatures for electronic prescriptions (e-prescribing), HIPAA-compliant consent forms, and clinical trial data integrity. ML-DSA provides quantum-safe signatures for 50+ year medical record retention.
Government and legal systems use digital signatures for contracts, court filings, land registries, and identity documents. The European Union's eIDAS regulation and US ESIGN Act require long-term signature validity — ML-DSA ensures quantum-safe legal enforceability.
ML-DSA is the primary post-quantum signature algorithm for general use. Organizations should plan migration timelines, test applications with larger signature sizes, and deploy ML-DSA for new signature-dependent systems by 2027-2030.
| Full Name | Module-Lattice-Based Digital Signature Algorithm (FIPS 204) |
| Category | pqc |
| Key Size | ML-DSA-44 (128-bit), ML-DSA-65 (192-bit), ML-DSA-87 (256-bit) |
| Quantum Vulnerability | No known quantum vulnerability. Security relies on lattice hardness assumptions. |
| NIST Status | NIST FIPS 204 (standardized August 2024). CNSA 2.0 approved. |
| Deprecation Timeline | Current standard. No deprecation planned. |
| Replaced By | N/A — this IS the post-quantum standard |
ML-DSA IS the migration target for signatures. Deploy ML-DSA-65 for general use or ML-DSA-87 for high-security applications.
ML-DSA is quantum safe, but your cryptographic posture is only as strong as its weakest link. QScout maps your entire cryptographic inventory in 7 days.