Digital Signatures

Digital signature algorithms for authentication, integrity, and non-repudiation.

Available Digital Signature Algorithms

Classical Signatures

Ed25519

EdDSA signatures over Curve25519, providing fast and secure signatures.

  • Security Level: 128-bit equivalent
  • Public Key: 32 bytes
  • Private Key: 32 bytes
  • Signature: 64 bytes
  • Use Cases: General purpose, TLS, SSH, Git

Ed25519-ZIP215

ZIP-215 compliant variant of Ed25519 with relaxed verification rules.

  • Security Level: 128-bit equivalent
  • Key/Signature Sizes: Same as Ed25519
  • Difference: Accepts non-canonical point encodings
  • Use Cases: Zcash, compatibility with ZIP-215

Sr25519 (Schnorrkel)

Schnorr signatures over Ristretto255 for blockchain applications.

  • Security Level: 128-bit equivalent
  • Public Key: 32 bytes
  • Private Key: 32 bytes
  • Signature: 64 bytes
  • Use Cases: Polkadot, blockchain, multi-signatures

RSA-2048 ⚠️ TRANSITIONAL

Transitional RSA for PQC migration - Deprecated 2030.

  • Security Level: 112-bit classical (0-bit quantum)
  • Public Key: 256 bytes
  • Private Key: 256 bytes
  • Signature: 256 bytes
  • ⚠️ WARNING: Vulnerable to quantum attacks - migrate to PQC
  • Use Cases: Legacy systems, migration period only

Post-Quantum Signatures

Dilithium (ML-DSA)

NIST-standardized lattice-based digital signatures.

  • Security Levels: 2, 3, 5 (128, 192, 256-bit equivalent)
  • Public Key: 1,312-2,592 bytes
  • Signature: 2,420-4,595 bytes
  • Use Cases: Post-quantum transition, long-term security

Falcon-512

Compact lattice-based signatures with smaller sizes.

  • Security Level: 128-bit equivalent
  • Public Key: 897 bytes
  • Signature: ~690 bytes (variable)
  • Use Cases: Constrained environments, post-quantum IoT

Algorithm Comparison

Algorithm Type Security Public Key Signature Speed
Ed25519 Classical 128-bit 32 bytes 64 bytes Very Fast
Ed25519-ZIP215 Classical 128-bit 32 bytes 64 bytes Very Fast
Sr25519 Classical 128-bit 32 bytes 64 bytes Fast
RSA-2048 ⚠️ Classical 112-bit† 256 bytes 256 bytes Slow
Dilithium-2 Post-Quantum 128-bit 1,312 bytes 2,420 bytes Moderate
Dilithium-3 Post-Quantum 192-bit 1,952 bytes 3,293 bytes Moderate
Falcon-512 Post-Quantum 128-bit 897 bytes ~690 bytes Fast Verify

†Classical only, 0-bit quantum security - vulnerable to Shor’s algorithm

Performance Characteristics

Speed Rankings (Operations/Second)

  1. Ed25519: ~50,000 signatures/sec, ~20,000 verifications/sec
  2. Ed25519-ZIP215: Similar to Ed25519
  3. Sr25519: ~40,000 signatures/sec, ~15,000 verifications/sec
  4. Dilithium: ~5,000 signatures/sec, ~8,000 verifications/sec
  5. Falcon-512: ~1,000 signatures/sec, ~10,000 verifications/sec
  6. RSA-2048: ~500 signatures/sec, ~15,000 verifications/sec

Size Comparison

  • Smallest: Ed25519 family (96 bytes total)
  • Medium: Falcon-512 (~1.5 KB total)
  • Largest: Dilithium (3-7 KB total)

Selection Guide

For New Applications

  • General Purpose: Ed25519
  • Blockchain: Sr25519
  • Post-Quantum Ready: Dilithium-2
  • Size-Constrained PQ: Falcon-512

For Specific Use Cases

Web/TLS Applications

  • Current: Ed25519
  • Transition: Ed25519 + Dilithium hybrid
  • Future: Dilithium-2 or Falcon-512

Blockchain/Cryptocurrency

  • Recommended: Sr25519
  • Alternative: Ed25519
  • Multi-sig: Sr25519 (native support)

IoT/Embedded Systems

  • Classical: Ed25519 (smallest)
  • Post-Quantum: Falcon-512 (most compact PQ)
  • Hybrid: Ed25519 + Falcon-512

Long-term Document Signing

  • High Security: Dilithium-5
  • Balanced: Dilithium-3
  • Dual Signatures: Classical + Post-Quantum

Migration Strategy

Phase 1: Preparation

  • Implement algorithm agility
  • Test post-quantum algorithms
  • Plan key management updates

Phase 2: Hybrid Deployment

  • Deploy dual signatures (classical + PQ)
  • Maintain backward compatibility
  • Monitor performance impact

Phase 3: Full Transition

  • Switch to post-quantum only
  • Retire classical algorithms
  • Update all systems and protocols

Security Considerations

Classical Algorithms

  • Quantum Vulnerability: Broken by Shor’s algorithm
  • Current Security: Secure against classical attacks (except RSA-2048: only 112-bit)
  • Timeline: Safe for 10-15 years (estimated), RSA-2048 deprecated by 2030
  • ⚠️ RSA-2048: Transitional only - migrate to PQC immediately

Post-Quantum Algorithms

  • Quantum Resistance: Secure against quantum attacks
  • Classical Security: Also secure against classical attacks
  • Maturity: Newer, less cryptanalysis history

Best Practices

  1. Algorithm Agility: Design systems to easily change algorithms
  2. Hybrid Approach: Use both classical and post-quantum during transition
  3. Key Management: Implement proper key lifecycle management
  4. Validation: Always verify signatures before trusting data
  5. Randomness: Use high-quality random number generation

Implementation Features

All signature algorithms in MetaMUI Crypto Primitives provide:

  • ✅ Constant-time implementations (where applicable)
  • ✅ Side-channel resistance
  • ✅ Deterministic signatures (where specified)
  • ✅ Batch verification support (where applicable)
  • ✅ Cross-platform compatibility
  • ✅ Official test vector compliance

Standards Compliance

  • Ed25519: RFC 8032 (EdDSA)
  • Sr25519: Polkadot specification
  • Dilithium: NIST FIPS 204 (ML-DSA)
  • Falcon: NIST PQC Round 3 specification
  • ZIP-215: Zcash protocol specification