A simple way to learn and practice FN-DSA post quantum digital signature encryptions for any person with access to internet

A simple way to learn and practice FN-DSA post quantum digital signature encryptions for any person with access to internet


FN-DSA is a lattice-based digital signature algorithm, based on the FIPS 206 standard, now considered by NIST for post-quantum cryptography. As of 2025, it’s progressing through the standardization pipeline. FN-DSA lets users sign and verify data (like documents, files, code, certificates, etc.) in a way that should stay secure even when large scale fault tolerant quantum computers (LSFTQC) become practical and accessible.

In the previous posts (see [3-4]) we considered ML-DSA and SLH-DSA post-quantum algorithms for digital signing of messages. In this post we consider the same example, but with FN-DSA digital signing algorithm.

As a rule, we encrypt messages when we do not want that unauthorized parties would be able to read them. FN-DSA and other digital signature algorithms do not encrypt messages, the messages are sent not encrypted. Because these messages are not encrypted, hackers can modify them. To prevent such scenario, senders send to recipients their digital signatures and public keys, which allow to verify, by recipients, that the messages were not modified by unauthorized parties. Let us consider an example.

John, who is the CEO of a private company, wants to invite Helen, who is a financial director in the company, to a very important meeting. There is no any secret information in the message (therefore, there is no a need to encrypt the message), but there is a risk that unauthorized parties can change the message and mislead Helen. To prevent such scenario, John must sign the message with his private cryptographic key and sent to Helen the message, the signature and the public cryptographic key, to verify that the message was not modified. For stronger security, John will send them via different communication channels.

John goes to this URL: https://www.dynpass.online/demo/pq/fn-dsa/genr.html and creates private/public cryptographic keys, by clicking on the button “Get the keys”.

p1

p2

Then, John goes to this URL: https://www.dynpass.online/demo/pq/fn-dsa/sign.html

enters the message and the private key into the input text fields, and creates a digital signature of the message, by clicking on the button “Sign”.

p3

p4

Then, John sends the message, the signature, and the public key to Helen, via different communication channels.

To verify that the message was not modified by unauthorized paries, Helen goes to this URL: https://www.dynpass.online/demo/pq/fn-dsa/verf.html, enters the message, the signature, and the public key into the corresponding fields and clicks on the button “Validate!”.

p5

p6

The result is true/valid, so the message is authentic.

Let us change the message by adding the letter “K” to the line with the word “John” and click on the button “Validate!”.

p7

p8

The result is false, so the message is not authentic, but was modified.

Even so, that the theoretical concept is solid (quantum resistant), real implementations into hardware/software may be vulnerable to hackers. As the known example of the successful attack on SLH-DSA implementation in OpenSSL v3.5.1, see https://arxiv.org/html/2509.13048v1.

 

P.S. 1. If there is a need to keep messages secret then users must encrypt the messages. If there is no a need to keep messages secret then these messages must be digitally signed to prevent modifications of these messages by unauthorized parties.

2. Hybrid or post-quantum encryptions require two ways communications/interactions between a sender and a receiver, before the encryptions and transmissions of the encrypted messages. Digitally signed messages do not require two way communications/interactions between a sender and a receiver.

3. Digital signatures on digital data/files/documents are analogous to hand-written signatures on paper documents and have the same purpose: to provide integrity, authentication and non-repudiation of the signed documents/data.

4. FN-DSA can be used for digital signing of encapsulation keys and cipertexts in ML-KEM (see [1-2]).

5. In our old analogy (see [1]), the main difference between FN-DSA and classical digital signature algorithms is in the foundation (complex mathematical problem).

tbl

 

References:

  1. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-learn-and-practice-hybrid-encryptions-for-an-xzrnnyy
  2. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-understand-ml-kem-post-quantum-encryptions-xxrwmxg
  3. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-learn-and-practice-ml-dsa-post-quantum-digit-xnjxjnw
  4. https://www.publish0x.com/simple-solutions-to-complex-problems/a-simple-way-to-learn-and-practice-slh-dsa-post-quantum-digi-xeolnnv

 

 

 

 

 

How do you rate this article?

5


I_g_o_r
I_g_o_r

I am curious about science, technologies and their applications to solving real problems.


Simple solutions to complex problems
Simple solutions to complex problems

Each post is devoted to a simple solution to a complex problem.

Publish0x

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.