ML-DSA keys in Amazon KMS - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

ML-DSA keys in Amazon KMS

Amazon Key Management Service (Amazon KMS) supports Module-Lattice Digital Signature Algorithm (ML-DSA) for post-quantum cryptographic signatures. This implementation follows the Federal Information Processing Standards (FIPS) 204 standard to help protect against future quantum computing threats. Amazon KMS creates and protects all ML-DSA keys and signature operations in FIPS 140-3 Security Level 3 validated hardware security modules. To help balance security with performance, ML-DSA in Amazon KMS offers three distinct security levels through different key specifications, ML-DSA-44, ML-DSA-65, and ML-DSA-87.

Amazon KMS supports asymmetric key signatures for messages up to 4 KB using the RAW message type. For larger messages, you must externally compute the 64-byte message representation μ used in ML-DSA signing as defined in NIST FIPS 204 section 6.2. Use the EXTERNAL_MU message type in the Amazon KMS Sign operation to specify this pre-processed 64-byte message. The signatures produced by the externally computed μ are the same as the RAW ones when using the same message and private key. Note that this signing is different from the "pre-hash" ML-DSA or HashML-DSA from section 5.4 of NIST FIPS 204.

Amazon KMS supports asymmetric key signatures for messages up to 4 KB using the RAW message type. For larger messages, you must compute an EXTERNAL_MU value. Use the EXTERNAL_MU message type to identify these pre-processed messages when signing.

For more information about using ML-DSA and the EXTERNAL_MU message type, see ML-DSA key specs.

For an example of using ML-DSA and the EXTERNAL_MU message type, see Offline verification with ML-DSA key pairs.