This year, NIST released the following official standards documents:
What are they and what do they standardize? As a quick summary:
- Kyber became ML-KEM (Module-Lattice-based Key-Encapsulation Mechanism) which is specified by NIST’s FIPS 203 document.
- Dilithium became ML-DSA (Module-Lattice-based Digital Signature Algorithm) which is specified by NIST’s FIPS 204 document.
- SPHINCS+ became SLH-DSA (StateLess Hash-based Digital Signature Algorithm) which is specified by NIST’s FIPS 205 document.
ML-KEM and ML-DSA are great for general purpose use in communications protocols. For example, ML-KEM is almost a drop in replacement for ECDH. We say “almost” because ECDH is a NIKE (Non-Interactive Key Exchange) whereas ML-KEM is a KEM (Key Encapsulation Mechanism) so their APIs and semantics have minor differences. Of course wolfSSL products abstract that difference away for our customers. ML-DSA is a drop-in replacement for RSA and ECDSA.
SLH-DSA has specialized use cases similar to those of LMS and XMSS, but it is stateless. That said, CNSA 2.0 specifically includes LMS and XMSS but not SLH-DSA.
Did you know that we have full implementation and support for optimized ML-KEM and ML-DSA? You can have a look and try them out for yourself. Simply download the wolfSSL library from download page, configure it to enable Dilithium and Kyber and run the benchmarks!
Here are the relevant configure-time flags:
--enable-kyber
--enable-dilithium
Are you interested in implementation and support for SLH-DSA or have questions about any of the above? Please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now