NIST recently announced three new standards for post-quantum cryptography (FIPS 203-205), and among them was ML-DSA (FIPS 204, Module-Lattice Digital Signature Algorithm), a lattice-based algorithm derived from the round 3 finalist CRYSTALS-DILITHIUM. As a general purpose digital signature algorithm ML-DSA has attractive features, such as fast key generation, signing, and verifying, as well as a tunable security strength. ML-DSA also supports organizations migrating to CNSA 2.0.
Naturally the wolfSSL team found this quite interesting, and we eagerly set to work on ML-DSA support. We are pleased to announce we have added ML-DSA to wolfBoot, which is achieved by utilizing wolfCrypt’s implementation of dilithium (ML-DSA). This implementation supports all three parameter sets standardized in FIPS 204: ML-DSA-44, ML-DSA-65, and ML-DSA-87. If you’re curious, you can read more about it in our wolfBoot PQ docs, and test out the new ML-DSA config example.
In total, wolfBoot now has support for three NIST approved post-quantum algorithms:
- ML-DSA: NIST FIPS 204
- LMS/HSS: NIST SP 800-208
- XMSS/XMSS^MT: NIST SP 800-208
Conspicuously absent from this list is FIPS 205, Stateless Hash-Based Digital Signature Standard (SLH-DSA, the NIST standard successor of SPHINCS+). Should we amend this absence? Let us know.
If you have questions about any of the above, please contact us at facts@wolfSSL.com or +1 425 245 8247.
Download wolfSSL Now