name: ML-DSA type: signature principal-submitters: - Vadim Lyubashevsky auxiliary-submitters: - Shi Bai - Léo Ducas - Eike Kiltz - Tancrède Lepoint - Peter Schwabe - Gregor Seiler - Damien Stehlé crypto-assumption: hardness of lattice problems over module lattices website: https://pq-crystals.org/dilithium/ and https://csrc.nist.gov/pubs/fips/204/final nist-round: FIPS204 standardization-status: Standardized by [NIST](https://csrc.nist.gov/pubs/fips/204/final) spec-version: ML-DSA primary-upstream: source: https://github.com/pq-code-package/mldsa-native/commit/f48f164cefb07f4ffa519ddda7cee670b8ee3517 spdx-license-identifier: MIT or Apache-2.0 or ISC parameter-sets: - name: ML-DSA-44 claimed-nist-level: 2 claimed-security: SUF-CMA length-public-key: 1312 length-secret-key: 2560 length-signature: 2420 implementations-switch-on-runtime-cpu-features: true implementations: - upstream: primary-upstream upstream-id: ref supported-platforms: all common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false default: true - upstream: primary-upstream upstream-id: x86_64 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - bmi2 - popcnt common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false - upstream: primary-upstream upstream-id: aarch64 supported-platforms: - architecture: ARM64_V8 operating_systems: - Linux - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: false - name: ML-DSA-65 claimed-nist-level: 3 claimed-security: SUF-CMA length-public-key: 1952 length-secret-key: 4032 length-signature: 3309 implementations-switch-on-runtime-cpu-features: true implementations: - upstream: primary-upstream upstream-id: ref supported-platforms: all common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false default: true - upstream: primary-upstream upstream-id: x86_64 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - bmi2 - popcnt common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false - upstream: primary-upstream upstream-id: aarch64 supported-platforms: - architecture: ARM64_V8 operating_systems: - Linux - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: false - name: ML-DSA-87 claimed-nist-level: 5 claimed-security: SUF-CMA length-public-key: 2592 length-secret-key: 4896 length-signature: 4627 implementations-switch-on-runtime-cpu-features: true implementations: - upstream: primary-upstream upstream-id: ref supported-platforms: all common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false default: true - upstream: primary-upstream upstream-id: x86_64 supported-platforms: - architecture: x86_64 operating_systems: - Linux - Darwin required_flags: - avx2 - bmi2 - popcnt common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: true large-stack-usage: false - upstream: primary-upstream upstream-id: aarch64 supported-platforms: - architecture: ARM64_V8 operating_systems: - Linux - Darwin common-crypto: - SHA3: liboqs no-secret-dependent-branching-claimed: true no-secret-dependent-branching-checked-by-valgrind: false large-stack-usage: false