ML-DSA-44 (Dilithium) Signatures¶
ML-DSA-44 is the NIST FIPS 204 standard for post-quantum digital signatures, based on the hardness of Module Learning With Errors (MLWE) lattice problems. Soqucoin uses ML-DSA-44 (Security Level 2) for all transaction signatures, replacing ECDSA entirely.
Why Replace ECDSA?¶
ECDSA (secp256k1), used by Bitcoin and most blockchains, relies on the hardness of the Elliptic Curve Discrete Logarithm Problem. Shor's algorithm on a sufficiently large quantum computer solves this in polynomial time, breaking every existing ECDSA signature on every chain.
Soqucoin avoids this by never using ECDSA at all. ML-DSA-44 is quantum-resistant from day one.
Technical Specifications¶
| Parameter | Value |
|---|---|
| NIST Standard | FIPS 204 (finalized August 2024) |
| Security Level | NIST Level 2 (128-bit quantum security) |
| Hardness Assumption | Module-LWE (n=256, k=4, q=8380417) |
| Public Key Size | 1,312 bytes |
| Signature Size | 2,420 bytes |
| Sign Time | 0.177 ms (Apple M4) |
| Verify Time | 0.041 ms (Apple M4) |
Size Tradeoff¶
Dilithium signatures are 37× larger than ECDSA (2,420 bytes vs 65 bytes). Soqucoin mitigates this through two batch verification techniques:
- PAT compresses N signatures into a fixed 100-byte proof
- LatticeFold+ provides recursive batch proof verification
Together, these reduce the per-transaction signature overhead to near-zero at block scale.
Implementation¶
Soqucoin's Dilithium implementation lives in src/crypto/dilithium/ and is based on the NIST reference implementation with the following hardening:
- Constant-time arithmetic (no branching on secret data)
- Deterministic nonce generation (derandomized signing)
- SHAKE-256 for internal expansion functions
Consensus Integration¶
Dilithium signatures are verified through the standard SegWit witness validation path:
- Witness version 0 and version 1: Dilithium signature verification
- Public keys are encoded in the witness program
- Addresses use Bech32m encoding with
soq1prefix
Address Format¶
The 20-byte hash is BLAKE2b-160 of the 1,312-byte Dilithium public key. This keeps addresses compact while maintaining full quantum resistance.
Patent Note
While ML-DSA-44 itself is an open NIST standard, Soqucoin's signature aggregation techniques (PAT and LatticeFold+) are protected under provisional patents assigned to Soqucoin Labs Inc.