RSA and ECDSA are quantum-broken
Shor's algorithm factors large integers and computes discrete logarithms in polynomial time on a quantum computer. A sufficiently large quantum computer would forge any RSA or ECDSA signature in seconds.
FIPS 204 — the post-quantum digital signature.
ML-DSA-65 is the NIST-standardized digital signature algorithm UltimaOS uses for authentication. Standardized as FIPS 204 in August 2024, it is one of the two lattice-based algorithms selected by NIST to replace RSA and ECDSA in the post-quantum era.
Shor's algorithm factors large integers and computes discrete logarithms in polynomial time on a quantum computer. A sufficiently large quantum computer would forge any RSA or ECDSA signature in seconds.
ML-DSA-65 (formerly Dilithium-3) derives its security from the hardness of finding short vectors in module lattices — a problem for which no efficient quantum algorithm is known. It is one of the most studied post-quantum signature schemes, with over a decade of cryptanalysis.
FIPS 204 was published in August 2024 after an eight-year standardization process. The algorithm has been implemented, audited, and benchmarked across hundreds of independent research groups and reviewed by national agencies.
Every account on UltimaOS has a long-term ML-DSA-65 key pair generated on first device setup. The private key never leaves the device. The public key is registered with the server at account creation and is the basis of every authenticated operation.
Sign-in challenges are signed with the user's ML-DSA-65 private key. The server verifies with the stored public key. No password is ever sent over the wire — the cryptographic proof replaces passwords entirely.
When a workspace admin invites a new member, the invitation token is signed with the admin's ML-DSA-65 key. The recipient verifies the signature on their device, ensuring the invitation came from a legitimate admin.
Administrative actions (member removal, role change, billing update) are signed with the actor's ML-DSA-65 key. The audit trail is append-only and the signatures make any tampering detectable.
Every UltimaOS update is signed with ML-DSA-65. Clients verify the signature before applying the update. A second, independent signature with SLH-DSA (FIPS 205) acts as a fallback in case ML-DSA-65 is ever broken.
ML-DSA-65 key generation takes about 0.1 ms on a modern laptop. Account creation completes in under 200 ms total including server round-trip.
An ML-DSA-65 signature is 3,309 bytes — about 10x larger than a typical ECDSA signature (64 bytes). For a chat/workspace product this is invisible; for high-volume protocols it would matter.
ML-DSA-65 signature verification is faster than signing and runs in well under 1 ms. The server can verify thousands of signatures per second per core.
ML-DSA-65 public keys fit in a single UDP packet. Account identifiers include a hash of the public key plus a short display name, keeping URLs and identifiers human-readable.
ML-DSA-65 (Module-Lattice-Based Digital Signature Algorithm, parameter set 65) is the NIST-standardized post-quantum digital signature scheme specified in FIPS 204. It is the lattice-based successor to RSA and ECDSA for the post-quantum era. (FIPS 204 spec)
The "65" refers to the NIST security level. ML-DSA-65 targets NIST Level 3 — equivalent in classical security terms to breaking AES-192, or roughly 192-bit security against classical attackers.
Yes. ML-DSA-65 is the standardized name; Dilithium was the name used during the NIST competition. The mathematical construction is identical.
ML-DSA-65 has smaller keys than RSA-4096 and similar signing speed, with much faster verification. Unlike RSA-2048, ML-DSA-65 remains secure against quantum attackers. The main trade-off is signature size (3.3 KB vs ~256 bytes).
No efficient quantum algorithm is known for the module-lattice problems that ML-DSA-65 is based on. The algorithm has been studied for over a decade by the cryptographic community with no significant breaks.
FIPS 204 is the Federal Information Processing Standard published by NIST in August 2024 that specifies ML-DSA. It is the formal standardization of the scheme.
No. Classical signatures (RSA, ECDSA) are not used in UltimaOS for user-facing operations. Hash-based signatures (SLH-DSA, FIPS 205) are used as a second signature on software updates as a fallback.
The team would migrate to a new signature scheme (likely the next NIST-standardized algorithm). UltimaOS software updates are already double-signed with SLH-DSA, providing an independent fallback channel.