What is ML-DSA (CRYSTALS-Dilithium)? The Future of Digital Signatures Beyond RSA and ECC

With quantum computing soon changing the way things work in general, one of the areas that cybersecurity experts are most worried about is how digital signatures will survive.

The same kinds of algorithms that have supported virtually all secure communications (both computer and otherwise) for decades are going away.

Not only are RSA and Elliptic Curve Cryptography (ECC) algorithms no longer safe from being cracked by quantum computers, but they have also become obsolete.

In the meantime, we can look at ML-DSA (Module-Lattice Digital Signature Algorithm), previously called CRYSTALS-Dilithium.

ML-DSA is a top performer among digital signatures designed specifically for today’s digital world as well as for the very near future, when quantum computers will be able to crack existing cryptographic systems.

What is ML-DSA (CRYSTALS-Dilithium)?

The MLDS algorithm is quantum-resistant and was developed from the CRYSTALS project, a suite for cryptography on algebraic lattices to government standards, known as FIPS 204, established by the National Institute of Standards and Technology (NIST) in 2024.

In simple terms, the MLDS allows the user to:

• Sign the data using a private key
• Verify the authenticity of the data using a public key
• Ensure that the data has not been modified

Compared with RSA/DSS/ECC, MLDS has the greatest quantum resistance.

Recommended: PQC Code Signing in a CNSA 2.0 World: Preparing for the Quantum Leap

Why Do We Need ML-DSA?

The Problem with RSA and ECC

RSA and ECC have been used for decades to provide digital signatures on everything from secure websites to software updates. The security provided by RSA and ECC is based on the complexity of the underlying mathematical problems (integer factorization for RSA and the discrete logarithm on an elliptic curve for ECC) in the context of traditional computers.

Due to the emergence of quantum computing, the mathematical problems that currently underlie the security of RSA and ECC will no longer be complex mathematical problems to solve; instead, they will be solvable using quantum algorithms (e.g., Shor’s).

This being the case, with the emergence of large-scale quantum computers, cybercriminals will have the potential for counterfeiting digital signatures, impersonating users, and breaking the current digital signature schemes, i.e., RSA and ECC.

Increasing the size of the keys is not the answer to the problem, as this illustrates the need for an alternate solution.

The Need for Quantum-Resistant Cryptography

With the emergence of quantum computers, there is an immediate need for the adoption of cryptographic systems that are able to resist attacks from both traditional and quantum computing sources.

ML-DSA provides a mechanism to transition towards quantum-safe technology through its use of mathematical problems that are lattice-based, which are thought to be impervious to the use of quantum algorithms.

Therefore, the new cryptographic approach would allow for digital signatures to remain protected against attack in a world where quantum computing is prevalent.

If quantum-safe systems are not adopted, data that has been digitally signed will be vulnerable to future attacks through either forgery or alteration of data that was once thought to have been created through a secure method.

Long-Term Data Security (Harvest Now, Decrypt Later)

The major concern that has been cited in driving the trend towards the adoption of ML-DSA is the “Harvest Now, Decrypt Later” threat.

Once a hacker captures signed or encrypted data today, he will be able to withhold it and wait for the quantum computer to develop the robust capability necessary to break the existing cryptographic systems.

Once this capability exists, the hacker will be able to produce a forged signature or modify what was once considered a secure document.

Therefore, ML-DSA works to mitigate this risk by providing the appropriate level of security and verifiable information for data signed today, ensuring that long-term property, such as legal agreements, software programs, and confidential/sensitive communications, will be secured and protected in the future.

Evolving Security Standards and Compliance

Global security regulation developers, especially NIST, continue to push for deploying post-quantum security measures, which include the development and implementation of new forms of public key algorithms such as ML-DSA.

In addition to ML-DSA becoming part of FIPS 204, clear timelines for migrating from RSA/ECC to ML-DSA.

Over the next 10 years, many governments, organisations, and industries will begin realigning their information security regulatory frameworks with globally recognised and accepted regulations, standards, and best practices.

Thus, organisations that wish to comply with future regulatory requirements must adopt ML-DSA as part of their compliance efforts.

Also Read: AWS KMS Embraces the Quantum Era with ML-DSA Digital Signature Support

Growing Complexity of Modern Digital Ecosystems

Digital infrastructures have become much more complex in today’s digitally driven spaces than they were when RSA and ECC were developed.

From large-scale enterprise solutions to cloud platforms, the ability for organisations of all types and sizes to have a scalable resiliency security architecture in place is vastly increasing.

Therefore allowing all organisations to be able to implement ML-DSA without the need for dual/legacy hardware.

Furthermore, the fact that ML-DSA provides secure communications as well as practical performance across a wide variety of platforms makes it an ideal fit for today’s applications.

Preparing for a Secure Future

The main reason we need ML-DSA is that we want to be ready for the future. Cryptographic transitions take a long time to complete; this is especially true for big companies who have a lot of old, obsolete systems.

If we wait until we are directly threatened by quantum computers, then there won’t be enough time to make the necessary adjustments.

Adopting ML-DSA early allows you to make the transition to secure cryptography more efficiently, reduce your long-term risk, and remain confident in your digital systems.

Therefore, it provides the foundation for a solid and secure infrastructure that can endure both existing and future threats.

Recommended: Google Cloud KMS Introduces Quantum-Safe Digital Signatures Align with NIST’s PQC Standards

How ML-DSA Solves the Quantum Problem?

The threat of quantum attack is addressed by ML-DSA, which employs lattice-based cryptography. Lattice-based cryptography is built on hard mathematical problems such as Module-LWE (Learning With Errors) and Module-SIS (Short Integer Solution).

These problems are concerned with the identification of hidden patterns or solutions in high-dimensional lattices.

Lattices can be viewed as complex grids of points in mathematical space. Unlike problems such as those in RSA and ECC, these problems are considered very hard to solve, even for a quantum computer.

Quantum-Compatible Security

A significant advantage of ML-DSA is that it can provide a higher level of protection from attacks from both classical computers and quantum computers.

Most traditional cryptosystems (RSA and ECC) can be compromised with quantum algorithms (such as Shor’s), while problems involving lattice-based cryptography do not have efficient known quantum solutions.

Thus, even with the emergence of powerful new quantum computers, ML-DSA will be able to protect against adversaries for an extended period of time.

Simple, Secure Design

The design of the ML-DSA is simple and secure. Instead of relying on complex mathematical operations such as floating-point arithmetic, the design of ML-DSA relies on simple and well-understood components such as integer-based computations, hash functions such as SHA-128 and SHA-256, and randomness.

The simplicity of the design will help in avoiding coding errors and security risks that could threaten the security of the algorithm. The simplicity of the design will also improve the maintainability of the algorithm on different platforms.

Strong Performance

Even though the Machine Learning Digital Signature Algorithm (ML-DSA) is quantum-resistant, it has high performance in the real world.

The efficiency of the signing and verification processes, regardless of whether the resources are high-performance, personal computer, or low-resource embedded, supports everyday applications.

The security and speed balance of ML-DSA provides practical implementation alternatives for a wide range of computer environments (from enterprise systems to the Internet of Things), without the need for specialised hardware.

Side-Channel Awareness

The ML-DSA includes multiple features designed to mitigate the impact of side-channel attacks by using indirect information (timing, power, and memory access patterns) to retrieve confidential information.

ML-DSA does not implement any branch instructions that depend on secret information, utilises constant-time operations, and enforces predictable execution of digital signature operations. 

These design characteristics significantly reduce the possibility that any private key will leak during a digital signature operation, providing a robust algorithm for real-world deployment.

ML-DSA Parameter Sets

Parameter Set	Security Level	Public Key	Signature Size	Use Case
ML-DSA-44	NIST Level 2	~1.3 KB	~2.4 KB	IoT, lightweight systems
ML-DSA-65	NIST Level 3	~1.9 KB	~3.3 KB	Enterprise apps
ML-DSA-87	NIST Level 5	~2.6 KB	~4.6 KB	High-security environments

ML-DSA vs RSA vs ECC

Feature	RSA	ECC	ML-DSA
Security Basis	Integer factorization	Elliptic curve math	Lattice problems
Quantum Resistance	❌ No	❌ No	✅ Yes
Key Size	Large	Small	Moderate (~1–2 KB)
Signature Size	~256 bytes	~64 bytes	~2–4 KB
Performance	Slow sign	Fast sign	Fast overall

How ML-DSA Replaces RSA and ECC

ML-DSA is not only an advancement in theory from both RSA and ECC, but it is intended to work within existing systems that currently use digital signatures.

Rather than requiring the complete redesign of existing security systems infrastructure, ML-DSA allows for the replacement of current signature algorithms without substantially changing the way work flows throughout the current business processes, making the transition to post-quantum cryptography easier and more feasible.

In PKI (Certificates)

Machine Learning (ML) Digital Signature Algorithm (DSA) will increasingly replace traditional RSA and ECC in Public Key Infrastructure (PKI) as well as other critical technologies.

Currently, PKI uses standard algorithms to provide digital authentication through digitally signed certificates (for example, X.509) to authenticate users, devices, and websites.

ML-DSA will be able to replace existing PKI certificate authorities (CAs) and allow for the issuance and validation of certificates using quantum-resistant signatures.

Consequently, the digital identity verification process will continue to be secure even when quantum computers can otherwise forge certificates or break a trust chain.

Code Signing & Software Updates

A Digital Signature can be used as an authentic proof of the integrity of a piece of software or firmware that has been signed, to ensure there has been no tampering.

RSA and ECC are the prevailing digital signing technologies used to sign many types of software, including applications, operating system updates, and embedded firmware.

Because the ML-DSA algorithm will replace these existing algorithms, it will help ensure long-term digital signing security for many devices, such as IoT devices and industrial equipment with long lifecycles.

The ML-DSA algorithm will provide a method for preventing any future attempts to forge software updates or inject malware into devices that have been digitally signed with a signed application or firmware update from an organization.

Secure Communication

Another way to integrate ML-DSA is into secure communication systems using digital signatures. Such communication systems include email signing using protocols like S/MIME, digital document signing, and message signing with authenticity verification.

Using ML-DSA in these communication systems means replacing the current RSA and ECC signatures. As a result, the communication remains authentic and tamper-proof even with the interference of quantum attackers. The change is almost imperceptible to the end user, as the signature scheme is altered.

Hardware Security (HSM’s, Smart Cards)

In cases where the private keys need to be highly secured, such as Hardware Security Modules (HSMs) and smart cards, ML-DSA can be considered as an alternative to RSA and ECC.

This is because they are specifically designed to perform operations in a secure environment, such that the private keys remain undisclosed at any point.

This makes it efficient for ML-DSA to be integrated into such environments, where a transition to quantum-safe signatures can be achieved with the least compromise on performance.

Recommended: Difference Between TPM and HSM Security

Why ML-DSA Is the Future

Aligned with the Post-Quantum Shift

ML-DSA is not just one more option in the field of cryptography. It is part of the global shift towards the future of cryptography, which is referred to as post-quantum cryptography.

As quantum computing is still in the process of development, the current algorithms, such as RSA and ECC, will become obsolete in the future.

ML-DSA, which is standardized by NIST and included in FIPS 204, is designed to take into account this future shift. It is included as one of the main digital signature algorithms in the future of cryptography.

Standardization and Industry Adoption

One of the major reasons why ML-DSA is standing out from the crowd is that it has been officially standardized. Being approved by NIST means that it has been analyzed, tested, and validated by the international cryptographic community.

The standardization of ML-DSA opens the door for its wide acceptance in different industries such as finance, healthcare, government, technology, and more.

As ML-DSA is incorporated by different vendors, platforms, and security solutions, it will automatically become the new standard.

Future-Proof Security

The ML-DSA is designed to address existing and future security challenges. Unlike RSA and ECC methods, which are prone to quantum attacks, ML-DSA is based on lattice problems that are considered secure against quantum algorithms.

Therefore, ML-DSA is a future-proof solution for securing sensitive information and software integrity.

Any organization that implements ML-DSA is actually investing in a long-term solution that will remain relevant even in the future when computing capabilities are far better.

Recommended: What are Software and Data Integrity Failures? How to Prevent?

Practical for Real-World Use

In spite of the fact that ML-DSA is a next-gen crypto algorithm, it is also designed with practicability in mind. This is because ML-DSA promises good performance, as well as manageable key and signature sizes compared to other next-gen schemes.

In addition, ML-DSA is also backwards-compatible with existing infrastructures such as PKI, code signing, and secure communication. This makes the migration process easier for organizations without the need to overhaul the existing infrastructure.

Regulatory and Compliance Momentum

In fact, various governments and regulatory bodies have already begun to outline a plan to move towards a post-quantum cryptography system.

The recommendations suggest that migration should be initiated immediately, and the whole transition should be done by the early 2030s.

Thus, ML-DSA finds itself at the epicenter of compliance strategies, and those who fail to adopt it at an early stage will be compromising on regulatory compliance and will be vulnerable to future threats.

Conclusion

The easiest way to implement ML-DSA in your code signing and secure software development processes is to use SignMyCode; you don’t have to worry about creating everything from scratch.

If you would like to be in compliance and be able to protect your long-term software and be prepared against ever-changing threats, SignMyCode provides you with the capabilities to help with secure code signing.

Search