CRYSTALS-Dilithium

Dilithium is a digital signature scheme that is strongly secure under chosen-message attacks, based on the hardness of lattice problems over module lattices. This security model ensures that an adversary, even with access to a signing oracle, cannot forge a valid signature for an unseen message or produce an alternative valid signature for a previously signed message.

Why We Use CRYSTALS-Dilithium for Post-Quantum Digital Signatures

The Problem

Modern cryptographic systems rely on digital signatures to verify identity and ensure message integrity. For decades, algorithms such as RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) have fulfilled this role, but both are vulnerable to quantum attacks.

Shor’s algorithm can efficiently solve the mathematical problems underlying RSA and elliptic-curve cryptography. Once cryptographically relevant quantum computers emerge, these signature schemes become forgeable, threatening authentication, communications, and even the integrity of historical data.

A post-quantum signature scheme must therefore withstand quantum attacks without sacrificing performance, size, or auditability.

Why Dilithium

CRYSTALS-Dilithium is a post-quantum digital signature algorithm standardized by NIST (FIPS 204) and designed as a long-term replacement for RSA and ECDSA.

It belongs to the same cryptographic family as ML-KEM (Kyber), making it a natural counterpart for hybrid and fully post-quantum systems. Cryptic uses (or plans to use) Dilithium for:

• User and device authentication

• Verifying signed messages and content

• Signing session data and credentials

• Decentralized identity verification (DIDs)

• Post-quantum secure protocols when paired with ML-KEM

Why It’s a Fit for Our Architecture

Lattice-Based Hardness

Dilithium is based on Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS), both widely regarded as resistant to known quantum attacks.

Unlike RSA or ECC:

• No polynomial-time quantum algorithms are known

• Security holds even against large-scale quantum adversaries

This provides long-term confidence that signatures remain unforgeable even for nation-state-level attackers.

Balance of Security, Size, and Performance

Dilithium II	Level 2	2.4 KB	1.3 KB	2.5 KB
Dilithium III	Level 3	3.2 KB	1.9 KB	4.0 KB
Dilithium V	Level 5	4.2 KB	2.5 KB	4.8 KB

Cryptic typically targets Dilithium Level II or Level III depending on context:

• Level II: Suitable for mobile authentication, APIs, and high-volume signing

• Level III: Preferred for sensitive, institutional, or long-lived security contexts

Dilithium’s signatures remain compact enough for mobile and web environments and are significantly smaller than alternatives such as SPHINCS+.

Stateless and Side-Channel Hardened

• Stateless: No state tracking required (unlike XMSS)

• Lattice-based design: No hidden trapdoors or secret structures

• Side-channel resistance: Implementations are designed to be constant-time and hardened against timing attacks

This makes Dilithium well-suited for hardware-bound environments and frequent signing operations.

Seamless Pairing with ML-KEM

Dilithium was designed to pair naturally with Kyber (ML-KEM):

• Shared mathematical foundation (structured lattices)

• Similar design goals (constant-time, compact, auditable)

• Common use in hybrid post-quantum TLS, VPNs, messaging, and identity systems

This compatibility simplifies key management, secure session establishment, and long-term identity design across Cryptic’s infrastructure.

Use Cases in Our App

We use or plan to use Dilithium for:

Signing login challenges	Authenticate a user or wallet without passwords
Verifying app data	Confirm the source of received messages
Mobile app auth	Sign API tokens on-device without sending the private key
Blockchain / zk-rollup	Post-quantum-safe transaction signing (futureproofing wallets)

Why We Didn’t Choose Other PQ Signature Schemes

• RSA / ECDSA

  • Broken by quantum computers

• SPHINCS+

  • Hash-based and stateless, but signatures (~17KB) are too large for mobile and high-frequency use

• Rainbow

  • Initially promising, but now cryptographically broken

• Falcon

  • Compact and fast, but significantly more complex and harder to implement safely

Why We Trust Dilithium

• Balanced trade-off between size, speed, and quantum resistance

• Lattice-based hardness aligned with ML-KEM

• Efficient, mobile-ready signatures

• Constant-time, stateless, side-channel-hardened

• Seamless integration with ML-KEM for a unified post-quantum stack

• Standardized by NIST (FIPS 204, 2024)