Hall 4 · Exhibit 5 1 min

How ML-DSA (Dilithium) Works

Quantum-safe digital signatures

Shares math withML-KEM — one MLWE library powers both

TechniqueFiat–Shamir with Aborts

Signature size~2,420 B vs. ~64 B (ECDSA)

CostTLS handshakes inflate to 10–15 KB

Try it yourself

PQC Toolkit

Filterable algorithm cards for every PQC family.

Sister Algorithms

Kyber and Dilithium share the CRYSTALS prefix and the same engine. One optimized library powers both key exchange and signatures — saving code space and reducing complexity.

Fiat-Shamir with Aborts

•Commitment: Signer chooses a random lattice point
•Challenge: Derived from the document + commitment
•Noise: Massive lattice noise obscures the private key relationship
•Response: Verifiable against public key without revealing private key
•Abort: If noise accidentally reveals the key relationship, the algorithm discards and retries

The Size Trade-Off

Classical : ~64 bytes. ML-DSA-44: ~2,420 bytes. handshakes inflate from 2–3 KB to 10–15 KB. Acceptable for laptops, potentially problematic for constrained IoT devices.

Explore more in the atlas

Live Crypto Bench
Run real ML-KEM, hybrid X25519+ML-KEM, and ML-DSA in your browser — actual NIST-standard bytes.

Key Takeaways

ML-DSA shares MLWE math with ML-KEM — one library powers both
Fiat-Shamir with Aborts proves private key knowledge without revealing it
Signatures are ~2,420 bytes vs. ~64 bytes classical — inflating TLS handshakes to 10–15 KB