ML-DSA (Dilithium)
ML-DSA (Module-Lattice-based Digital Signature Algorithm) is the post-quantum digital signature standard finalized by NIST as FIPS 204 in 2024, derived from CRYSTALS-Dilithium. It is designed to remain secure even against adversaries with large quantum computers. Certivu uses ML-DSA as the cryptographic foundation for all content provenance.
Why post-quantum signatures
Classical signature algorithms such as RSA and ECDSA rely on math problems (integer factoring, discrete logarithms) that a sufficiently large quantum computer could solve using Shor's algorithm. ML-DSA instead rests on the hardness of structured lattice problems, which have no known efficient quantum attack.
Why it matters for provenance
A provenance signature is only useful for as long as it can be trusted. Content signed today may need to be verifiable in 2034 and beyond — well within the horizon where quantum attacks on classical signatures are considered plausible. Choosing a post-quantum algorithm from the start avoids a painful migration later and keeps signatures durable.
How Certivu uses ML-DSA
Each Certivu generator holds an ML-DSA keypair. At signing time, Certivu hashes the content with SHA-3 and signs a canonical payload — generator, model, content hash, format, and timestamp — with the generator's private key. Verification checks that signature against the published public key. We do not use RSA or ECC anywhere in the signing stack. See content provenance for how this fits the bigger picture.
FAQ
What is ML-DSA?
ML-DSA (Module-Lattice-based Digital Signature Algorithm), derived from CRYSTALS-Dilithium, is the digital signature standard finalized by NIST as FIPS 204 in 2024. It is a post-quantum algorithm, meaning it is designed to remain secure against attacks from large quantum computers.
Why does Certivu use ML-DSA instead of RSA or ECDSA?
RSA and ECDSA can be broken by sufficiently large quantum computers using Shor's algorithm. Content signed today may need to remain verifiable for a decade or more, so Certivu signs exclusively with ML-DSA and uses no RSA or ECC anywhere in its signing stack.
Is ML-DSA the same as Dilithium?
Effectively yes. ML-DSA is the NIST-standardized form of the CRYSTALS-Dilithium signature scheme, with minor parameter and naming changes made during standardization as FIPS 204.