Skip to main content

Post-quantum cryptographic algorithms

DigiCert​​®​​ TrustCore SDK Crypto Interface provides two lattice‑based, NIST‑selected post‑quantum schemes:

  • ML‑KEM (formerly Kyber): An IND‑CCA2 Key Encapsulation Mechanism

  • ML‑DSA (formerly Dilithium): A Digital Signature Algorithm

API usage

Both schemes use the same QS_* API model as classical algorithms:

  • Context management

    • CRYPTO_INTERFACE_QS_newCtx

  • Key pair generation

    • CRYPTO_INTERFACE_QS_generateKeyPair

  • ML‑KEM operations

    • Encapsulate (responder): CRYPTO_INTERFACE_QS_KEM_encapsulateAlloc

    • Decapsulate (initiator): CRYPTO_INTERFACE_QS_KEM_decapsulateAlloc

  • ML‑DSA operations

    • Get signature length: CRYPTO_INTERFACE_QS_SIG_getSignatureLen

    • Sign: CRYPTO_INTERFACE_QS_SIG_signMessage

    • Verify: CRYPTO_INTERFACE_QS_SIG_verifyMessage

Module lattice cryptography

Module lattice cryptography is based on the Module Learning With Errors (MLWE) problem, which remains hard even for quantum computers. It relies on high‑dimensional lattice arithmetic with small error terms:

  • Error‑tolerant arithmetic ensures correct decryption and verification despite introduced noise.

  • No efficient quantum algorithm exists for solving MLWE, unlike factoring or discrete logarithms.

ML‑KEM

ML‑KEM lets one party (initiator) generate a public/private key pair. The responder uses the public key to derive a shared secret and a ciphertext, which the initiator de-capsulates to recover the same secret.

  • Former name: Kyber

  • Security levels:

    • ML‑KEM‑512 (NIST Category 1)

    • ML‑KEM‑768 (NIST Category 3)

    • ML‑KEM‑1024 (NIST Category 5)

  • Key sizes: Public and private keys are larger than classical DH/ECDH (up to 3168 bytes).

  • Shared secret: 32 bytes (256 bits).

  • Reference: FIPS 203 (https://doi.org/10.6028/NIST.FIPS.203)

ML‑DSA

ML‑DSA provides digital signatures using lattice‑based assumptions, offering authenticity and non‑repudiation.

  • Former name: Dilithium

  • Security levels:

    • ML‑DSA‑44 (NIST Category 2)

    • ML‑DSA‑65 (NIST Category 3)

    • ML‑DSA‑87 (NIST Category 5)

  • Key & signature sizes: Private keys up to 4896 bytes; signatures up to 4627 bytes.

  • Reference: FIPS 204 (https://doi.org/10.6028/NIST.FIPS.204)

Supported parameter sets

Scheme

NIST category

Public key

Private key

Output size

ML‑KEM‑512

1

800 B

1632 B

32 B (shared secret)

ML‑KEM‑768

3

1184 B

2400 B

32 B

ML‑KEM‑1024

5

1568 B

3168 B

32 B

ML‑DSA‑44

2

1312 B

2528 B

up to 2420 B (signature)

ML‑DSA‑65

3

1952 B

3872 B

up to 3293 B

ML‑DSA‑87

5

2592 B

4896 B

up to 4595 B

In this section:
OSZAR »