🌐
DigiCert
digicert.com › insights › post-quantum-cryptography › mldsa
ML-DSA | Post-Quantum Cryptography | DigiCert Insights
Module-Lattice-Based Digital Signature Algorithm (ML-DSA) is lattice-based signing that protects against quantum computing threats.
🌐
NIST
nvlpubs.nist.gov › nistpubs › fips › nist.fips.204.pdf pdf
FIPS 204 Federal Information Processing Standards Publication
August 13, 2024 - Standards and Technology (NIST) under 15 U.S.C. 278g-3 and issued by the Secretary of Commerce under ... 3. Explanation. This standard specifies ML-DSA, a lattice-based digital signature algorithm for applications
🌐
IBM
ibm.com › docs › en › zos › 3.1.0
ML-DSA, CRYSTALS-Dilithium Digital Signature Algorithm - IBM Documentation
June 3, 2025 - The strength of the key is represented ... Signature Generation and Verification. Note: ML-DSA is the standardized version of the CRYSTALS-Dilithium Digital Signature Algorithm....
🌐
Encryption Consulting
encryptionconsulting.com › home › post quantum cryptography › ml-dsa and pq signing: what you need to know
ML-DSA and PQ Signing: What You Need to Know | Encryption Consulting
January 27, 2026 - It’s a digital signature method designed to stand up against quantum computers, which are expected to break most traditional cryptography in the near future. ML-DSA is built on lattice-based math, specifically, something called module lattices, ...
🌐
RFC Editor
rfc-editor.org › info › rfc9882
RFC 9882: Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS) | RFC Editor
October 29, 2025 - The Module-Lattice-Based Digital ... in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum Computer (CRQC)....
🌐
Kivicore
kivicore.com › en › embedded-security-blog › ml-dsa-explained-quantum-safe-digital-signatures-for-secure-embedded-systems
ML-DSA explained: Quantum-Safe digital Signatures for secure embedded Systems
May 13, 2026 - The KiviPQC-DSA is a hardware accelerator implementing the ML-DSA , a post-quantum cryptographic standard defined by NIST FIPS 204. It supports all parameter sets specified in the standard.
🌐
AWS
docs.aws.amazon.com › aws kms › developer guide › aws kms concepts › aws kms keys › ml-dsa keys in aws kms
ML-DSA keys in AWS KMS - AWS Key Management Service
May 22, 2026 - For larger messages, you must ... used in ML-DSA signing as defined in NIST FIPS 204 section 6.2. Use the EXTERNAL_MU message type in the AWS KMS Sign operation to specify this pre-processed 64-byte message. The signatures produced by the externally computed μ are the same as the RAW ones when using the same message and private key. Note that this signing is different ...
Find elsewhere
🌐
Chelpis
chelpis.com › post › nist-publishes-new-standards-for-quantum-safe-encryption-and-digital-signatures-ml-kem-ml-dsa-slh
NIST publishes new standards for quantum-safe encryption and digital signatures: ML-KEM, ML-DSA, SLH-DSA to replace current standards
August 16, 2024 - Nonetheless, ML-KEM's computational efficiency is designed to be competitive, often outperforming elliptic-curve cryptography. ML-DSA, or Module-Lattice digital signature algorithm, is the new standard for digital signatures.
🌐
Globalplatform
globalplatform.org › wp-content › uploads › 2025 › 01 › 4_ML-DSA-and-ML-KEM-Landmines-1.pdf pdf
4_ML-DSA-and-ML-KEM-Landmines-1.pdf
December 4, 2024 - SLH-DSA (FIPS 205) signature APIs accept a “context string”: Sign(sk, M, ctx) • The benefit here is that, for example, S/MIME email and signed PDF use the same message · structure, so a client might be tricked into confusing them. • A well-chosen ctx hard-coded into both signer and verifier strongly prevents · this by failing the signature. ML-DSA Context (ctx) ctx=“smime-v4” ·
🌐
Medium
medium.com › @kcl17 › ml-dsa-fips-204-dd151ace3493
FIPS 204. In our previous exploration of ML-KEM… | by kcl17 | Medium
December 25, 2025 - Formerly known as CRYSTALS-Dilithium, this algorithm is now the primary workhorse for verifying digital identity in the post-quantum era. While RSA relies on the difficulty of factoring large numbers (N=p×q), ML-DSA relies on the hardness of finding short vectors in high-dimensional lattices.
🌐
Reddit
reddit.com › r/cryptography › what are proper use cases for the context string in ml-dsa-87 (fips 204)?
r/cryptography on Reddit: What are proper use cases for the context string in ML-DSA-87 (FIPS 204)?
February 4, 2025 -

First of all, sorry for posing a more practical question, if this is the wrong sub please direct me to another one. The FIPS 204 document mentions that applications may use the context string or leave it empty. But what are the proper use cases for this string and are there any caveats for using it (except that it needs to be up to 255 bytes)? Can using a non-empty string create incompatibilities?

I wasn't following the development of ML-DSA and the NIST process so I'm a bit unsure about the proper use/purpose of context in this signature scheme.

🌐
Thalesdocs
thalesdocs.com › gphsm › luna › 7 › docs › network › Content › sdk › extensions › pqc › ML-DSA_programming_guide.htm
ML-DSA Programming Guide for Luna HSM
3 weeks ago - ML-DSA services are exposed through mechanisms, objects and attributes of the Cryptoki interface. Two Signing algorithms are described in SP 800-204 that differ depending on whether the message M being signed is the hash of a message (PreHash) or the message itself (Pure).
🌐
Encryption Consulting
encryptionconsulting.com › how-ml-dsa-replaces-ecc-and-rsa-for-digital-signatures
How ML-DSA Replaces ECC and RSA for Digital Signatures | Encryption Consulting
January 27, 2026 - ML-DSA (Module Lattice–based Digital Signature Algorithm) is a post-quantum digital signature scheme derived from the CRYSTALS-Dilithium project. It relies on the hardness of lattice-based problems, specifically Module-LWE (Learning With Errors) ...
🌐
IACR
eprint.iacr.org › 2025 › 2025.pdf pdf
Migration to Post-Quantum Cryptography: From ECDSA to ML-DSA Daniel Dinu
Digital Signature Algorithm (ML-DSA), a quantum-resistant ... I. INTRODUCTION · Cryptography is a crucial component for the security and
🌐
Hacken
hacken.io › insights › ml-dsa-crystals-dilithium
Quantum-Safe Signatures For Web3: ML-DSA (CRYSTALS-Dilithium) - Hacken
September 25, 2025 - ML-DSA, or Module-Lattice-Based Digital Signature Algorithm, is a post-quantum digital signature scheme that fills the same role as ECDSA/EdDSA – proving “I control this key” – but is built on module-lattice assumptions, specifically ...
🌐
IETF
ietf.org › archive › id › draft-ietf-lamps-cms-ml-dsa-01.html
Use of the ML-DSA Signature Algorithm in the Cryptographic Message Syntax (CMS)
November 22, 2024 - The Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as defined in FIPS 204, is a post-quantum digital signature scheme that aims to be secure against an adversary in possession of a Cryptographically Relevant Quantum Computer (CRQC). This document specifies the conventions for using ...