Linux 7.0 Lands ML-DSA Quantum-Resistant Signature Support
([Linux Security] 41 Minutes Ago
ML-DSA In Linux 7.0)
- Reference: 0001613253
- News link: https://www.phoronix.com/news/Linux-7.0-Crypto-ML-DSA
- Source link:
Adding to the exciting features for the big [1]Linux 7.0 kernel release is support for the Module-Lattice-Based Digital Signature Algorithm "ML-DSA" quantum-resistant signature algorithm.
The ML-DSA/Dilithium signature algorithm support is initially going to be used for module signing while eventually other ML-DSA uses are expected throughout the kernel. This ML-DSA introduction for signing within the kernel comes in the same release of [2]Linux finally removing SHA-1 module signing support .
The [3]crypto library pull request that landed the support for verifying ML-DSA signatures explained:
"ML-DSA (Module-Lattice-Based Digital Signature Algorithm) is a recently-standardized post-quantum (quantum-resistant) signature algorithm. It was known as Dilithium pre-standardization.
The first use case in the kernel will be module signing. But there are also other users of RSA and ECDSA signatures in the kernel that might want to upgrade to ML-DSA eventually."
While this cryptography standard is designed for quantum resilience, it's engineered for fast signing and verification today. ML-DSA can serve as a replacement to RSA and ECC for authentication and data integrity purposes.
In addition to that initial ML-DSA support is also AES library updates in the now-merged crypto library pull.
[1] https://www.phoronix.com/search/Linux+7.0
[2] https://www.phoronix.com/news/Linux-7.0-Modules-No-SHA1-Sign
[3] https://lore.kernel.org/lkml/20260209034257.GA2604@sol/
The ML-DSA/Dilithium signature algorithm support is initially going to be used for module signing while eventually other ML-DSA uses are expected throughout the kernel. This ML-DSA introduction for signing within the kernel comes in the same release of [2]Linux finally removing SHA-1 module signing support .
The [3]crypto library pull request that landed the support for verifying ML-DSA signatures explained:
"ML-DSA (Module-Lattice-Based Digital Signature Algorithm) is a recently-standardized post-quantum (quantum-resistant) signature algorithm. It was known as Dilithium pre-standardization.
The first use case in the kernel will be module signing. But there are also other users of RSA and ECDSA signatures in the kernel that might want to upgrade to ML-DSA eventually."
While this cryptography standard is designed for quantum resilience, it's engineered for fast signing and verification today. ML-DSA can serve as a replacement to RSA and ECC for authentication and data integrity purposes.
In addition to that initial ML-DSA support is also AES library updates in the now-merged crypto library pull.
[1] https://www.phoronix.com/search/Linux+7.0
[2] https://www.phoronix.com/news/Linux-7.0-Modules-No-SHA1-Sign
[3] https://lore.kernel.org/lkml/20260209034257.GA2604@sol/