Post-quantum cryptographic algorithms
2 minute read
DigiCert® TrustCore SDK Crypto Interface provides two lattice‑based, NIST‑selected post‑quantum schemes:
- ML‑KEM (formerly Kyber): An IND‑CCA2 Key Encapsulation Mechanism
- ML‑DSA (formerly Dilithium): A Digital Signature Algorithm
API usage
Both schemes use the same QS_* API model as classical algorithms:
- Context management
CRYPTO_INTERFACE_QS_newCtx
- Key pair generation
CRYPTO_INTERFACE_QS_generateKeyPair
- ML‑KEM operations
- Encapsulate (responder):
CRYPTO_INTERFACE_QS_KEM_encapsulateAlloc - Decapsulate (initiator):
CRYPTO_INTERFACE_QS_KEM_decapsulateAlloc
- Encapsulate (responder):
- ML‑DSA operations
- Get signature length:
CRYPTO_INTERFACE_QS_SIG_getSignatureLen - Sign:
CRYPTO_INTERFACE_QS_SIG_signMessage - Verify:
CRYPTO_INTERFACE_QS_SIG_verifyMessage
- Get signature length:
Module lattice cryptography
Module lattice cryptography is based on the Module Learning With Errors (MLWE) problem, which remains hard even for quantum computers. It relies on high‑dimensional lattice arithmetic with small error terms:
- Error‑tolerant arithmetic ensures correct decryption and verification despite introduced “noise.”
- No efficient quantum algorithm exists for solving MLWE, unlike factoring or discrete logarithms.
ML‑KEM
ML‑KEM lets one party (initiator) generate a public/private key pair. The responder uses the public key to derive a shared secret and a ciphertext, which the initiator de-capsulates to recover the same secret.
- Former name: Kyber
- Security levels:
- ML‑KEM‑512 (NIST Category 1)
- ML‑KEM‑768 (NIST Category 3)
- ML‑KEM‑1024 (NIST Category 5)
- Key sizes: Public and private keys are larger than classical DH/ECDH (up to 3168 bytes).
- Shared secret: 32 bytes (256 bits).
- Reference: FIPS 203 (https://doi.org/10.6028/NIST.FIPS.203)
ML‑DSA
ML‑DSA provides digital signatures using lattice‑based assumptions, offering authenticity and non‑repudiation.
- Former name: Dilithium
- Security levels:
- ML‑DSA‑44 (NIST Category 2)
- ML‑DSA‑65 (NIST Category 3)
- ML‑DSA‑87 (NIST Category 5)
- Key & signature sizes: Private keys up to 4896 bytes; signatures up to 4627 bytes.
- Reference: FIPS 204 (https://doi.org/10.6028/NIST.FIPS.204)
Supported parameter sets
| Scheme | NIST category | Public key | Private key | Output size |
|---|---|---|---|---|
| ML‑KEM‑512 | 1 | 800 B | 1632 B | 32 B (shared secret) |
| ML‑KEM‑768 | 3 | 1184 B | 2400 B | 32 B |
| ML‑KEM‑1024 | 5 | 1568 B | 3168 B | 32 B |
| ML‑DSA‑44 | 2 | 1312 B | 2528 B | up to 2420 B (signature) |
| ML‑DSA‑65 | 3 | 1952 B | 3872 B | up to 3293 B |
| ML‑DSA‑87 | 5 | 2592 B | 4896 B | up to 4595 B |
Was this page helpful?
Provide feedback