Why ML-DSA for MPC?
Understanding why ML-DSA (CRYSTALS-Dilithium) is the optimal choice for threshold signing and MPC-based custody solutions over SPHINCS+ and FALCON.
The Key Insight
From an MPC perspective, ML-DSA has the simplest structure among NIST-standardized post-quantum schemes, enabling the most performant threshold signing constructions. This is a side effect of ML-DSA being explicitly designed to be simple to implement.
NIST PQ Signature Schemes Comparison
| Feature | ML-DSA(Dilithium) | FALCON(FN-DSA) | SPHINCS+(SLH-DSA) | Source |
|---|---|---|---|---|
| MPC Friendliness | Excellent | Difficult | Very Difficult | IACR ePrint |
| Threshold Signing | Practical | Complex | Provable Barriers | IACR ePrint |
| Implementation Simplicity | Simple | Complex | Moderate | NIST CSRC |
| Signature Size | ~2.4 KB | ~0.7 KB | ~8-50 KB | FIPS 204/205/206 |
| Key Generation Speed | Fast | Slow | Fast | FIPS 204 |
| Signing Speed | Fast | Fast | Slow | FIPS 204 |
| Security Assumption | Lattice (Module-LWE) | Lattice (NTRU) | Hash-based | NIST PQC |
| NIST Standard | FIPS 204 | FIPS 206 (Draft) | FIPS 205 | NIST News |
ML-DSA (Dilithium)
Explicitly designed for simplicity, ML-DSA offers the most practical path to threshold signing. Its algebraic structure maps naturally to MPC protocols, enabling efficient distributed key generation and signing.
- Best MPC compatibility
- Simple implementation
- Fast operations
FALCON (FN-DSA)
Optimized for signature size, FALCON wins favor in space-sensitive domains like blockchains. However, its complex structure involving Gaussian sampling makes threshold signing extremely difficult.
- Smallest signatures
- Complex MPC integration
- Difficult implementation
SPHINCS+ (SLH-DSA)
Hash-based schemes suffer inherent provable barriers to efficient threshold signing. While offering conservative security assumptions, they provide the least appealing structure for MPC applications.
- Conservative security
- Large signatures
- Provable MPC barriers
"At Silence Laboratories, we have been investigating the MPC-friendliness of different standardized post-quantum schemes. Our high-level takeaway is that from an MPC perspective, Dilithium has the simplest structure among these schemes, and will likely enable the most performant threshold signing constructions in many deployment scenarios."
— Silence Laboratories
Ready to Implement ML-DSA in Your Infrastructure?
Our PQ-MPC SDK provides production-ready threshold ML-DSA implementation with seamless ECDSA migration support.