ML-DSA
ML-DSA is Tidecoin’s second post-quantum signature family. It is the NIST FIPS 204 module-lattice signature standard, formerly known as CRYSTALS-Dilithium. Tidecoin implements all three standard security levels: ML-DSA-44, ML-DSA-65, and ML-DSA-87.
This page explains ML-DSA’s role in Tidecoin. For the canonical list of scheme prefixes, see Scheme Registry. For transaction byte layout, see Signature Encoding.
Activation status
ML-DSA is built into the node but is not active on mainnet before AuxPoW. At and after the configured AuxPoW activation height, Tidecoin’s scheme gate allows all known schemes, including the three ML-DSA variants.
| Scheme | Prefix | Mainnet status | Activation rule | Security category |
|---|---|---|---|---|
| ML-DSA-44 | 0x09 | Built, not active on mainnet | Allowed at and after AuxPoW activation | 2 |
| ML-DSA-65 | 0x0A | Built, not active on mainnet | Allowed at and after AuxPoW activation | 3 |
| ML-DSA-87 | 0x0B | Built, not active on mainnet | Allowed at and after AuxPoW activation | 5 |
Before AuxPoW activation, new outputs and spends should be treated as Falcon-512-only for mainnet consensus compatibility.
Sizes
| Parameter | ML-DSA-44 | ML-DSA-65 | ML-DSA-87 |
|---|---|---|---|
| Public key bytes | 1,312 | 1,952 | 2,592 |
| Public key bytes in script | 1,313 | 1,953 | 2,593 |
| Secret key bytes | 2,560 | 4,032 | 4,896 |
| Signature bytes | 2,420 | 3,309 | 4,627 |
| Script signature bytes, plus sighash | 2,421 | 3,310 | 4,628 |
ML-DSA signatures are larger than Falcon signatures, but the implementation is simpler: it uses integer-only module-lattice arithmetic, with no floating-point arithmetic and no Gaussian sampler.
Parameter sets
| Scheme | Module dimensions | eta | tau | gamma1 | Expected signing iterations |
|---|---|---|---|---|---|
| ML-DSA-44 | (k, l) = (4, 4) | 2 | 39 | 2^17 | ~4.25 |
| ML-DSA-65 | (k, l) = (6, 5) | 4 | 49 | 2^19 | ~5.1 |
| ML-DSA-87 | (k, l) = (8, 7) | 2 | 60 | 2^19 | ~3.85 |
These variants give wallets and future policy rules a choice between signature size and security level once the post-AuxPoW ruleset is active.
Construction
ML-DSA is built over module lattices in the polynomial ring
Z_q[x] / (x^256 + 1) with q = 8,380,417. Its security is based on
Module-LWE and Module-SIS style assumptions.
At a high level:
- Key generation samples a public matrix from a seed, samples short secret vectors, computes the public vector, and stores a split form of that vector in the public and private keys.
- Signing uses Fiat-Shamir with aborts. The signer samples a mask, computes a commitment, derives a challenge, builds the response, and rejects samples that would leak secret information.
- Verification reconstructs the public matrix and challenge, recomputes the commitment high bits using the signature hints, and checks both equality and norm bounds.
Why include ML-DSA
Falcon gives Tidecoin compact signatures, but Falcon signing is implementation-heavy. ML-DSA gives Tidecoin a standardized integer-only alternative with simpler implementation properties and a finalized NIST standard.
The tradeoff is size. ML-DSA-44 signatures are already several times larger than Falcon-512 signatures, and ML-DSA-87 is much larger again. For on-chain use, that size affects transaction weight, fee estimation, block template policy, mempool pressure, and wallet UX.
CRYSTALS-Dilithium to ML-DSA
ML-DSA is the standardized form of CRYSTALS-Dilithium. The important standardization differences are naming, FIPS-level API framing, hedged signing defaults, context/prehash support, and transcript details. Those changes should be treated as implementation and standard compatibility details, not as permission to change Tidecoin wire rules without an explicit consensus gate.
Source of truth
| Topic | Source |
|---|---|
| Scheme prefixes, sizes, activation gate | ../tidecoin/src/pq/pq_scheme.h |
| ML-DSA-44 constants and API | ../tidecoin/src/pq/ml-dsa-44/api.h |
| ML-DSA-65 constants and API | ../tidecoin/src/pq/ml-dsa-65/api.h |
| ML-DSA-87 constants and API | ../tidecoin/src/pq/ml-dsa-87/api.h |
| Cryptographic rationale and parameter explanation | ../tidecoin/doc/whitepaper.md |
See also: Falcon, Scheme Registry, Signature Encoding, Activation Status.