Struct MlDsa 

pub struct MlDsa<P: Params> { /* private fields */ }

Generic ML-DSA interface parameterized by security level.

This struct provides the high-level API for ML-DSA key generation, signing, and verification. The type parameter P selects the parameter set (MlDsa44, MlDsa65, or MlDsa87).

All methods are stateless; MlDsa carries no runtime data and exists only to bind the parameter set at the type level.

Implementations

impl<P: Params> MlDsa<P>

pub const PK_LEN: usize = P::PK_LEN

Public key length in bytes for this parameter set.

pub const SK_LEN: usize = P::SK_LEN

Secret key length in bytes for this parameter set.

pub const SIG_LEN: usize = P::SIG_LEN

Signature length in bytes for this parameter set.

pub fn keygen( rng: &mut dyn CryptoRng, ) -> Result<(VerifyingKey<P>, SigningKey<P>), MlDsaError>

Generate a new ML-DSA key pair.

Implements Algorithm 1 of FIPS 204 (ML-DSA.KeyGen). Draws 32 random bytes from rng and derives a public key / secret key pair.

Returns (pk, sk) where pk has length Self::PK_LEN and sk has length Self::SK_LEN.

Errors

Returns MlDsaError::RngFailure if the RNG cannot provide bytes.

Examples

use quantica::ml_dsa::{MlDsa, MlDsa44, OsRng};

let mut rng = OsRng;
let (pk, sk) = MlDsa::<MlDsa44>::keygen(&mut rng).unwrap();
assert_eq!(pk.len(), MlDsa::<MlDsa44>::PK_LEN);
assert_eq!(sk.len(), MlDsa::<MlDsa44>::SK_LEN);

pub fn keygen_internal(xi: &[u8; 32]) -> (Vec<u8>, Vec<u8>)

Deterministic key generation from a 32-byte seed.

Implements Algorithm 6 of FIPS 204 (ML-DSA.KeyGen_internal). This is primarily useful for testing with known-answer vectors.

• xi: 32-byte random seed.

Returns (pk, sk).

pub fn sign( sk: &SigningKey<P>, msg: &[u8], ctx: &[u8], rng: &mut dyn CryptoRng, ) -> Result<Signature<P>, MlDsaError>

Sign a message with an optional context string.

Implements Algorithm 2 of FIPS 204 (ML-DSA.Sign). Uses hedged signing: 32 random bytes are drawn from rng and mixed with the secret key material to produce the per-signature nonce. This provides resilience against fault attacks compared to purely deterministic signing.

The signing algorithm uses a rejection sampling loop internally: candidate signatures are generated until one passes all norm checks, so execution time may vary.

• sk: secret key (must be Self::SK_LEN bytes).
• msg: message to sign (arbitrary length).
• ctx: optional context string (at most 255 bytes).
• rng: source of randomness for hedged signing.

Returns a signature of length Self::SIG_LEN.

Errors

• MlDsaError::InvalidSecretKey if sk has the wrong length.
• MlDsaError::ContextTooLong if ctx exceeds 255 bytes.
• MlDsaError::RngFailure if the RNG cannot provide bytes.

Examples

use quantica::ml_dsa::{MlDsa, MlDsa44, OsRng};

let mut rng = OsRng;
let (pk, sk) = MlDsa::<MlDsa44>::keygen(&mut rng).unwrap();
let sig = MlDsa::<MlDsa44>::sign(&sk, b"message", b"", &mut rng).unwrap();
assert_eq!(sig.len(), MlDsa::<MlDsa44>::SIG_LEN);

pub fn sign_internal( sk: &[u8], m_prime: &[u8], rnd: &[u8; 32], ) -> Result<Vec<u8>, MlDsaError>

Deterministic signing (internal / testing use).

Implements Algorithm 7 of FIPS 204 (ML-DSA.Sign_internal). The caller supplies the pre-formatted message m_prime and a 32-byte rnd value directly. Setting rnd to all zeros produces fully deterministic signatures; using random bytes produces hedged signatures.

• sk: encoded secret key.
• m_prime: pre-formatted message (0x00 || len(ctx) || ctx || msg).
• rnd: 32-byte randomness (all zeros for deterministic mode).

Errors

Returns MlDsaError::InvalidSecretKey if sk has the wrong length.

pub fn verify( pk: &VerifyingKey<P>, msg: &[u8], ctx: &[u8], sig: &Signature<P>, ) -> Result<bool, MlDsaError>

Verify a signature on a message with an optional context string.

Implements Algorithm 3 of FIPS 204 (ML-DSA.Verify).

• pk: public key (must be Self::PK_LEN bytes).
• msg: the signed message.
• ctx: the context string used during signing (at most 255 bytes).
• sig: the signature (must be Self::SIG_LEN bytes).

Returns Ok(true) if the signature is valid, Ok(false) if verification fails (invalid signature content), or an Err for structural issues.

Errors

• MlDsaError::InvalidPublicKey if pk has the wrong length.
• MlDsaError::InvalidSignature if sig has the wrong length.
• MlDsaError::ContextTooLong if ctx exceeds 255 bytes.

Examples

use quantica::ml_dsa::{MlDsa, MlDsa44, OsRng};

let mut rng = OsRng;
let (pk, sk) = MlDsa::<MlDsa44>::keygen(&mut rng).unwrap();
let sig = MlDsa::<MlDsa44>::sign(&sk, b"msg", b"", &mut rng).unwrap();
assert!(MlDsa::<MlDsa44>::verify(&pk, b"msg", b"", &sig).unwrap());

pub fn verify_internal( pk: &[u8], m_prime: &[u8], sig: &[u8], ) -> Result<bool, MlDsaError>

Verify a signature (internal / testing use).

Implements Algorithm 8 of FIPS 204 (ML-DSA.Verify_internal). The caller supplies the pre-formatted message m_prime directly.

• pk: encoded public key.
• m_prime: pre-formatted message.
• sig: encoded signature.

Returns Ok(true) on success or Ok(false) when the signature is invalid.