> For the complete documentation index, see [llms.txt](https://cryptic-documentation.gitbook.io/cryptic-documentation/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://cryptic-documentation.gitbook.io/cryptic-documentation/technology/2.-technology-overview/2.1-platform-architecture/ml-dsa-crystals-dilithium.md).

# ML-DSA / CRYSTALS-Dilithium

ML-DSA, formerly known as CRYSTALS-Dilithium, is a post-quantum digital signature scheme standardized by NIST under FIPS 204. It is designed to verify identity, protect message integrity, and prevent forged signatures in systems preparing for the post-quantum era.\\

#### Why We Use **ML-DSA / CRYSTALS-Dilithium** for Post-Quantum Digital Signatures <a href="#why-we-use-crystals-dilithium-for-post-quantum-digital-signatures" id="why-we-use-crystals-dilithium-for-post-quantum-digital-signatures"></a>

#### **The Problem**

Modern cryptographic systems rely on digital signatures to verify identity and ensure message integrity. For decades, algorithms such as RSA and ECDSA have fulfilled this role, but both are vulnerable to quantum attacks.

Shor’s algorithm can efficiently solve the mathematical problems underlying RSA and elliptic-curve cryptography. Once cryptographically relevant quantum computers emerge, these signature schemes could become forgeable, threatening authentication, communications, and the integrity of historical data.

A post-quantum signature scheme must therefore be designed to withstand quantum attacks without sacrificing performance, size, or auditability.

#### **Why ML-DSA / Dilithium**

ML-DSA / CRYSTALS-Dilithium is a post-quantum digital signature algorithm standardized by NIST under FIPS 204 and designed as a long-term replacement for RSA and ECDSA.

It belongs to the same cryptographic family as ML-KEM / Kyber, making it a natural counterpart for hybrid and fully post-quantum systems. Cryptic uses, or is designed to use, ML-DSA / Dilithium for:

* **User and device authentication**
* **Verifying signed messages and content**
* **Signing session data and credentials**
* **Decentralized identity verification**
* **Post-quantum secure protocols when paired with ML-KEM**

#### **Why It’s a Fit for Our Architecture**

**Lattice-Based Hardness**

ML-DSA / Dilithium is based on Module Learning With Errors (MLWE) and Module Short Integer Solution (MSIS), both widely regarded as resistant to known quantum attacks.

Unlike RSA or ECC:

* No polynomial-time quantum algorithms are known
* Security is designed to hold against known classical and quantum attack models

This provides long-term confidence that signatures remain resistant as quantum computing advances.

**Balance of Security, Size, and Performance**

|               |         |        |        |        |
| ------------- | ------- | ------ | ------ | ------ |
| Dilithium II  | Level 2 | 2.4 KB | 1.3 KB | 2.5 KB |
| Dilithium III | Level 3 | 3.2 KB | 1.9 KB | 4.0 KB |
| Dilithium V   | Level 5 | 4.2 KB | 2.5 KB | 4.8 KB |

Cryptic typically targets ML-DSA / Dilithium Level II or Level III depending on context:

* **Level II:** Suitable for mobile authentication, APIs, and high-volume signing
* **Level III:** Preferred for sensitive, institutional, or long-lived security contexts

Dilithium’s signatures remain compact enough for mobile and web environments and are significantly smaller than alternatives such as SPHINCS+.

**Stateless and Side-Channel Hardened**

* **Stateless:** No state tracking required, unlike XMSS
* **Lattice-based design:** No hidden trapdoors or secret structures
* **Side-channel resistance:** Implementations are designed to be constant-time and hardened against timing attacks

This makes ML-DSA / Dilithium well-suited for hardware-bound environments and frequent signing operations.

#### **Seamless Pairing with ML-KEM**

ML-DSA / Dilithium was designed to pair naturally with ML-KEM / Kyber:

* Shared mathematical foundation through structured lattices
* Similar design goals around constant-time execution, compactness, and auditability
* Common use in hybrid post-quantum TLS, VPNs, messaging, and identity systems

This compatibility simplifies key management, secure session establishment, and long-term identity design across Cryptic’s infrastructure.

#### **Use Cases in Cryptic**

Cryptic uses, or is designed to use, ML-DSA / Dilithium for:

| Use Case                  | Purpose                                                          |
| ------------------------- | ---------------------------------------------------------------- |
| Signing login challenges  | Authenticate a user or wallet without passwords                  |
| Verifying app data        | Confirm the source and integrity of received messages            |
| Mobile app authentication | Sign API tokens on-device without sending the private key        |
| Invite handshakes         | Verify that encrypted communication setup messages are authentic |
| Protocol verification     | Confirm that signed payloads have not been altered               |
| Future identity flows     | Support long-term cryptographic identity and trust models        |

#### **Why We Didn’t Choose Other PQ Signature Schemes**

* **RSA / ECDSA**
  * Vulnerable to cryptographically relevant quantum computers
* **SPHINCS+**
  * Hash-based and stateless, but signatures are too large for many mobile and high-frequency use cases
* **Rainbow**
  * Initially promising, but now cryptographically broken
* **Falcon**
  * Compact and fast, but significantly more complex and harder to implement safely

#### **Why We Trust ML-DSA / Dilithium**

* Balanced trade-off between size, speed, and quantum resistance
* Lattice-based hardness aligned with ML-KEM
* Efficient, mobile-ready signatures
* Constant-time, stateless, side-channel-hardened design
* Seamless integration with ML-KEM for a unified post-quantum stack
* Standardized by NIST under FIPS 204

> *ML-DSA / Dilithium gives Cryptic a post-quantum signature layer for authentication, verification, and protocol integrity across its product stack.*


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://cryptic-documentation.gitbook.io/cryptic-documentation/technology/2.-technology-overview/2.1-platform-architecture/ml-dsa-crystals-dilithium.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.