A Post-Quantum Cryptography solution for digital signing

What is

Dilithium is a lattice-based digital signing scheme that secures data against quantum computing threats. It is based on the CRYSTALS (Cryptographic Suite for Algebraic Lattices) family of Post-Quantum Cryptography (PQC) algorithms. It is particularly well suited to protect against chosen-message attacks.

Because Dilithium is based on hardness of lattice problems over module lattices, it’s a PQC scheme that’s much faster than hash-based schemes, and it’s easy to implement, because it doesn’t need Gaussian sampling.

Dilithium is based on Fiat-Shamir with Aborts

At its base, Dilithium operates on Lyubashevsky’s Fiat-Shamir with Aborts for its lattice scheme. This paradigm repeats executions until verifying a loop iteration that doesn’t abort. The result of this protocol use is a significantly smaller public key, resulting in higher security and efficiency with lower energy consumption.

Dilithium variants

Unlike other PQC signing schemes, the most recent versions of Dilithium use AES-256 instead of SHAKE. This delivers an expanded matrix and making vector. AES-256 is also used to sample secret polynomials.

Dilithium variants:







The inventors of Dilithium recommend Dilithium 3-AES, because it achieves at least 128 bits of security against classical and quantum attacks.

NIST approval

In 2016, the United States National Institute of Standards and Technology put out a call for proposals, requesting submissions of post-quantum cryptographic schemes. Round 1 submissions closed on November 30, 2017. Several dozen schemes were presented and considered.

CRYSTALS-Dilithium was one of four schemes recommended by NIST as an accepted standard for PQC, and one of only three recommended for digital signing.