A naukri.com initiative
Amazon
3d
340
Image Credit: Amazon
How to create post-quantum signatures using AWS KMS and ML-DSA
- AWS announces integration of FIPS 204: Module-Lattice-Based Digital Signature Standard (ML-DSA) into AWS Key Management Service.
- ML-DSA keys can now be created and used through AWS KMS APIs for digital signatures in specific AWS regions.
- Three new key specs are introduced in AWS KMS for ML-DSA along with the new post-quantum SigningAlgorithm ML_DSA_SHAKE_256.
- ML-DSA key specs offer different security levels equivalent to classical encryption with varying key sizes.
- Pre-processing messages larger than 4096 bytes using µ (mu) is required for ML-DSA signing in AWS KMS.
- AWS KMS supports RAW and EXTERNAL_MU signing modes for ML-DSA, ensuring message integrity and security.
- Verification of ML-DSA signatures can be done within AWS KMS or locally using OpenSSL, providing flexibility and control over cryptographic operations.
- AWS KMS ML-DSA support promotes post-quantum cryptography readiness and facilitates secure cryptographic operations for long-term trust and compliance.
- Experts Jake Massimo, Panos Kampanakis, and Mayank Ambaliya contribute to the development and adoption of post-quantum cryptographic technology at AWS.
- The implementation of ML-DSA in AWS KMS supports FIPS 140-3 compliance and enables secure signing of data for extended periods, crucial in the quantum computing era.
- AWS's focus on post-quantum cryptography strengthens security measures and provides comprehensive solutions for cryptographic operations in cloud environments.
Read Full Article
20 Likes
For uninterrupted reading, download the app