Inhaltsverzeichnis
4.2 Test Algorithms
This page shows how to test the Post-Quantum algorithms ML-DSA and ML-KEM.
List Available Algorithms
Signature Algorithms
$openssl = "D:\Projects\openssl-3.6.0\bin\bin\openssl.exe" & $openssl list -signature-algorithms
Post-Quantum (ML-DSA):
{ 2.16.840.1.101.3.4.3.17, mldsa44 }
{ 2.16.840.1.101.3.4.3.18, mldsa65 }
{ 2.16.840.1.101.3.4.3.19, mldsa87 }
Classical:
RSA-SHA256 RSA-PSS ECDSA Ed25519 Ed448
KEM Algorithms
& $openssl list -kem-algorithms
Post-Quantum (ML-KEM):
{ 2.16.840.1.101.3.4.4.1, mlkem512 }
{ 2.16.840.1.101.3.4.4.2, mlkem768 }
{ 2.16.840.1.101.3.4.4.3, mlkem1024 }
Generate ML-DSA Keys
ML-DSA-65 (recommended)
# Generate private key & $openssl genpkey -algorithm mldsa65 -out mldsa65.key # Extract public key & $openssl pkey -in mldsa65.key -pubout -out mldsa65.pub # Show key info & $openssl pkey -in mldsa65.key -text -noout
Output:
ML-DSA Private Key (mldsa65):
priv:
(4032 bytes)
pub:
(1952 bytes)
All ML-DSA Variants
| Variant | Security | Key Size | Signature Size |
| ——— | ———- | ———- | —————- |
| ML-DSA-44 | 128-bit | 2560 B | 2420 B |
| ML-DSA-65 | 192-bit | 4032 B | 3293 B |
| ML-DSA-87 | 256-bit | 4896 B | 4595 B |
# ML-DSA-44 (smaller) & $openssl genpkey -algorithm mldsa44 -out mldsa44.key # ML-DSA-87 (larger, more secure) & $openssl genpkey -algorithm mldsa87 -out mldsa87.key
ML-DSA Sign and Verify
Create Test File
"Hello Post-Quantum World!" | Out-File -Encoding ASCII test.txt
Sign
& $openssl dgst -sign mldsa65.key -out test.sig test.txt
Verify
& $openssl dgst -verify mldsa65.pub -signature test.sig test.txt
Expected output:
Verified OK
ML-KEM Key Encapsulation
Generate ML-KEM-768 Key
& $openssl genpkey -algorithm mlkem768 -out mlkem768.key & $openssl pkey -in mlkem768.key -pubout -out mlkem768.pub
All ML-KEM Variants
| Variant | Security | Public Key | Ciphertext | Shared Secret |
| ——— | ———- | ———— | ———— | ————— |
| ML-KEM-512 | 128-bit | 800 B | 768 B | 32 B |
| ML-KEM-768 | 192-bit | 1184 B | 1088 B | 32 B |
| ML-KEM-1024 | 256-bit | 1568 B | 1568 B | 32 B |
Measure Performance
# ML-DSA signature performance & $openssl speed mldsa44 mldsa65 mldsa87
Example output (varies by hardware):
sign verify sign/s verify/s mldsa44 0.0005s 0.0001s 1964.7 8234.5 mldsa65 0.0008s 0.0002s 1234.5 5123.4 mldsa87 0.0012s 0.0003s 832.1 3456.7
# ML-KEM encapsulation performance & $openssl speed mlkem512 mlkem768 mlkem1024
Combined Test
A complete test workflow:
$openssl = "D:\Projects\openssl-3.6.0\bin\bin\openssl.exe" # 1. Create test file "Test message for Post-Quantum cryptography" | Out-File -Encoding ASCII pq_test.txt # 2. ML-DSA-65 key pair Write-Host "Generating ML-DSA-65 keys..." & $openssl genpkey -algorithm mldsa65 -out pq_test.key & $openssl pkey -in pq_test.key -pubout -out pq_test.pub # 3. Sign Write-Host "Signing message..." & $openssl dgst -sign pq_test.key -out pq_test.sig pq_test.txt # 4. Verify Write-Host "Verifying signature..." $result = & $openssl dgst -verify pq_test.pub -signature pq_test.sig pq_test.txt 2>&1 if ($result -match "Verified OK") { Write-Host "ML-DSA-65 Test SUCCESSFUL!" -ForegroundColor Green } else { Write-Host "ML-DSA-65 Test FAILED!" -ForegroundColor Red } # 5. Cleanup Remove-Item pq_test.* -ErrorAction SilentlyContinue
Problems?
| Symptom | Possible Cause |
| ——— | —————- |
Unknown algorithm | OpenSSL < 3.6 or provider missing |
| No ML-DSA in list | Wrong build or provider not loaded |
| Signature fails | Corrupted key file |
Continue to
Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional
Zuletzt geändert: on 2026/01/29 at 09:21 PM
