Algorithm Compatibility
QuantumSafe supports multiple NIST-standardized PQC algorithms. Not all algorithms are compatible with all custody modes.
QuantumSafe is built on current NIST-standardized algorithms and does not guarantee absolute security. This is a quantum-readiness tool, not a quantum-proof solution.
Recommended Default: ML-DSA-65
ML-DSA-65 is the recommended default algorithm for all new integrations. It provides:
- 192-bit classical security (exceeds ECDSA’s 128-bit on secp256k1)
- Compatibility with all custody modes (BYOK, Managed, Safe Guard)
- Fast signing and verification
- Reasonable key and signature sizes
Unless you have a specific reason to choose otherwise, use ML-DSA-65.
Compatibility Matrix
| Algorithm | BYOK (v1.0) | Managed (v1.5) | Safe Guard (v2.0) | Notes |
|---|
| ML-DSA-44 | Yes | Yes | Yes | FIPS 204, Security Level 2 |
| ML-DSA-65 | Yes | Yes | Yes | Recommended default. FIPS 204, Security Level 3. |
| ML-DSA-87 | Yes | Yes | Yes | FIPS 204, Security Level 5 |
| SLH-DSA-128s | Yes | No | No | FIPS 205, hash-based. Cannot upgrade to Managed. |
SLH-DSA and FN-DSA keys CANNOT be upgraded to Managed (KMS) mode. If you plan to use Managed custody in the future, choose an ML-DSA variant now. This is a permanent decision that cannot be changed after key generation.
Algorithm Details
ML-DSA-44
| Property | Value |
|---|
| Standard | FIPS 204 |
| Security Level | 2 (128-bit classical) |
| Public Key Size | ~1,312 bytes |
| Signature Size | ~2,420 bytes |
| Signing Speed | Fast |
| Verification Speed | Fast |
| Managed Support | Yes (v1.5) |
ML-DSA-65 (Recommended)
| Property | Value |
|---|
| Standard | FIPS 204 |
| Security Level | 3 (192-bit classical) |
| Public Key Size | ~1,952 bytes |
| Signature Size | ~3,309 bytes |
| Signing Speed | Fast |
| Verification Speed | Fast |
| Managed Support | Yes (v1.5) |
ML-DSA-65 is the recommended default. It provides a strong balance of security (192-bit), performance, and future compatibility with all custody modes (BYOK, Managed, and Safe Guard).
ML-DSA-87
| Property | Value |
|---|
| Standard | FIPS 204 |
| Security Level | 5 (256-bit classical) |
| Public Key Size | ~2,592 bytes |
| Signature Size | ~4,627 bytes |
| Signing Speed | Fast |
| Verification Speed | Fast |
| Managed Support | Yes (v1.5) |
SLH-DSA-128s
| Property | Value |
|---|
| Standard | FIPS 205 |
| Security Level | 1 (128-bit classical) |
| Public Key Size | 32 bytes |
| Signature Size | ~7,856 bytes |
| Signing Speed | Slower |
| Verification Speed | Slower |
| Managed Support | No |
Choosing an Algorithm
Default Choice
Maximum Security
Conservative Crypto
Use ML-DSA-65 unless you have a specific reason not to.
- 192-bit security exceeds the 128-bit security of ECDSA on secp256k1
- Compatible with all current and future custody modes
- Fast signing and verification
- Reasonable key and signature sizes
Use ML-DSA-87 if you need the highest security level.
- 256-bit security
- Larger keys and signatures (but still manageable)
- Compatible with all custody modes
- Recommended for high-value institutional use
Use SLH-DSA-128s if you want the most conservative security assumptions.
- Security relies only on hash functions
- Tiny public key (32 bytes)
- Larger signatures and slower performance
- Cannot be upgraded to Managed custody
Size Comparison with ECDSA
| Algorithm | Public Key | Signature | vs ECDSA Public Key | vs ECDSA Signature |
|---|
| ECDSA (secp256k1) | 33 B | 64 B | — | — |
| ML-DSA-44 | 1,312 B | 2,420 B | 40x larger | 38x larger |
| ML-DSA-65 | 1,952 B | 3,309 B | 59x larger | 52x larger |
| ML-DSA-87 | 2,592 B | 4,627 B | 79x larger | 72x larger |
| SLH-DSA-128s | 32 B | 7,856 B | Comparable | 123x larger |
PQC keys and signatures are significantly larger than ECDSA. This is a fundamental trade-off for quantum resistance. QuantumSafe’s off-chain attestation model minimizes the on-chain impact of these larger sizes.
