Expand description
ML-DSA: Module-Lattice-Based Digital Signature Standard (FIPS 204).
This crate implements the ML-DSA (formerly CRYSTALS-Dilithium) digital signature scheme as specified in FIPS 204. ML-DSA is a post-quantum lattice-based signature scheme built on the hardness of the Module Learning With Errors (M-LWE) and Module Short Integer Solution (M-SIS) problems.
Three parameter sets are provided, corresponding to NIST security levels 2, 3, and 5:
MlDsa44Scheme– ML-DSA-44 (security level 2, ~128-bit classical security)MlDsa65Scheme– ML-DSA-65 (security level 3, ~192-bit classical security)MlDsa87Scheme– ML-DSA-87 (security level 5, ~256-bit classical security)
§Examples
use quantica::ml_dsa::{MlDsa44Scheme, OsRng, MlDsa};
let mut rng = OsRng;
let (pk, sk) = MlDsa44Scheme::keygen(&mut rng).unwrap();
let msg = b"Hello, post-quantum world!";
let sig = MlDsa44Scheme::sign(&sk, msg, b"", &mut rng).unwrap();
let valid = MlDsa44Scheme::verify(&pk, msg, b"", &sig).unwrap();
assert!(valid);Re-exports§
pub use params::MlDsa44;pub use params::MlDsa65;pub use params::MlDsa87;pub use params::Params;pub use rng::CryptoRng;pub use rng::OsRng;
Modules§
- decompose
- Decomposition, rounding, and hint functions for signatures. Decomposition algorithms for ML-DSA (FIPS 204, Algorithms 35-40).
- dsa
- Core ML-DSA key generation, signing, and verification algorithms. Core ML-DSA algorithms (FIPS 204, Algorithms 1-8).
- encode
- Encoding and decoding of keys, signatures, and polynomials. Encoding and decoding algorithms for ML-DSA (FIPS 204, Algorithms 9-28).
- masked
- First-order arithmetic masking for ML-DSA secret polynomials
(DPA / template-attack countermeasure). Available with the
sca-protectedCargo feature. First-order arithmetic masking for ML-DSA polynomials. - ntt
- Number Theoretic Transform for polynomial arithmetic. Number Theoretic Transform for ML-DSA (FIPS 204, Algorithms 41-45).
- params
- ML-DSA parameter sets and constants (FIPS 204, Table 1). ML-DSA parameter sets (FIPS 204, Table 1).
- rng
- Cryptographic random number generation trait and OS-backed implementation. Minimal cryptographic RNG trait and OS-backed implementation.
- sample
- Sampling algorithms for matrix, secret, and masking generation. Sampling algorithms for ML-DSA (FIPS 204, Algorithms 29-34).
- sha3
- Keccak/SHA-3/SHAKE hash function implementations (FIPS 202). SHA-3 / SHAKE high-level wrappers used by ML-DSA (FIPS 204).
- shuffle
- Fisher-Yates shuffled NTT for ML-DSA secret polynomials
(SPA / trace-alignment countermeasure). Available with the
sca-protectedCargo feature. Fisher-Yates shuffle for ML-DSA NTT butterfly index randomization (countermeasure: SPA / SEMA on secret-polynomial NTT).
Structs§
- MlDsa
- Generic ML-DSA interface parameterized by security level.
- Signature
- ML-DSA signature. Type-tagged with the parameter set
P. - Signing
Key - ML-DSA signing key (the private half of a key pair).
- Verifying
Key - ML-DSA verifying key (the public half of a key pair).
Enums§
- MlDsa
Error - Error types for ML-DSA operations.
Type Aliases§
- MlDsa44
Scheme - Convenience alias for ML-DSA-44 (NIST security level 2).
- MlDsa65
Scheme - Convenience alias for ML-DSA-65 (NIST security level 3).
- MlDsa87
Scheme - Convenience alias for ML-DSA-87 (NIST security level 5).