Page cover

CRYSTALS-Dilithium

Dilithium is a digital signature scheme that is strongly secure under chosen message attacks based on the hardness of lattice problems over module lattices. The security notion means that an adversary having access to a signing oracle cannot produce a signature of a message whose signature he hasn't yet seen, nor produce a different signature of a message that he already saw signed.

Why We Use CRYSTALS-Dilithium for Post-Quantum Digital Signatures

The Problem

Modern cryptographic systems depend heavily on digital signatures to verify identity and ensure message integrity. For decades, algorithms like RSA and ECDSA (Elliptic Curve Digital Signature Algorithm) have done this job.But quantum computing breaks both.

  • Shor’s algorithm can efficiently solve the mathematical problems underlying RSA and ECC.

  • Once quantum computers scale, these signatures will be forge-able, threatening identity, messages, and even historical data.

We need a signature scheme that can withstand quantum threats without compromising performance, size, or auditability.

Why Dilithium

CRYSTALS-Dilithium is a post-quantum digital signature algorithm, standardized by NIST (FIPS 204), and designed to replace RSA and ECDSA in a future-proof way.

It’s part of the same cryptographic family as ML-KEM (Kyber), making it a natural counterpart for hybrid or fully quantum-safe applications. We use (or plan to use) Dilithium for:

  • User and device authentication

  • Verifying signed messages or content

  • Signing session data or credentials

  • Decentralized identity verification (DIDs)

  • Quantum-safe key exchanges, paired with ML-KEM

Why It’s a Fit for Our Architecture

Based on Hard Lattice Problems

Dilithium is built on Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS) both widely accepted as resistant to quantum attacks.Unlike ECC or RSA:

  • These problems don’t have known polynomial-time quantum algorithms

  • They remain hard even with massive computing power

This gives us long-term confidence that signatures can’t be forged even by nation-state-level quantum adversaries.

Balance of Security, Size, and Performance

Dilithium II

Level 2

2.4 KB

1.3 KB

2.5 KB

Dilithium III

Level 3

3.2 KB

1.9 KB

4.0 KB

Dilithium V

Level 5

4.2 KB

2.5 KB

4.8 KB

We typically choose Dilithium II or III, depending on the application:

  • Level II is sufficient for most mobile auth or API verification

  • Level III is better for highly sensitive contexts or national/institutional security

Unlike many post-quantum schemes, Dilithium’s signatures are still small enough for mobile and web environments, and far smaller than alternatives like Rainbow or SPHINCS+.

Stateless, Hash-Based, and Side-Channel Resistant

  • Stateless: No need to track random state (unlike XMSS)

  • Hash-based signing: No trapdoors or secret structures

  • Side-channel hardened: Implementations are designed to resist timing attacks a common vector on mobile devices

This makes it ideal for hardware-bound environments and user-facing apps, where signatures might be generated often and unpredictably.

Seamless Pairing with ML-KEM

Dilithium was designed to pair naturally with Kyber (ML-KEM):

  • Same mathematical foundation (structured lattices)

  • Same design principles (constant-time, compact, auditable)

  • Shared use in hybrid post-quantum TLS, VPN, messaging, and DID stacks

This compatibility simplifies key management, secure session setup, and long-term identity design within our app.

Use Cases in Our App

We use or plan to use Dilithium for:

Signing login challenges

Authenticate a user or wallet without passwords

Verifying app data

Confirm the source of received messages

Mobile app auth

Sign API tokens on-device without sending the private key

Blockchain / zk-rollup

Post-quantum-safe transaction signing (futureproofing wallets)

Why We Didn’t Choose Other PQ Signatures

RSA / ECDSA • Broken by quantum computers

SPHINCS+ • Hash-based and stateless, but 17KB signatures are too large for mobile Rainbow • Originally faster, but now broken Falcon • Compact and fast, but complex and harder to implement safely

Why We Trust Dilithium

• Balanced in size, speed, quantum resistance, and simplicity • Lattice-based hardness, same core math as ML-KEM • Small, efficient, mobile-ready signatures • Constant-time, stateless, side-channel safe • Fits seamlessly with ML-KEM for a unified PQ stack • NIST-backed, FIPS 204 standardized in 2024

Previous2.1 Platform ArchitectureNextCRYSTALS-Kyber

Last updated