PKA key algorithms

Public key cryptography uses a key pair consisting of a public key and a private key.

The PKA public key uses one of the following algorithms:

Rivest-Shamir-Adleman (RSA)

The RSA algorithm is the most widely used and accepted of the public key algorithms. It uses three quantities to encrypt and decrypt text: a public exponent (PU), a private exponent (PR), and a modulus (M). Given these three and some cleartext data, the algorithm generates ciphertext as follows:

ciphertext = cleartext^PU  (modulo M)

Similarly, the following operation recovers cleartext from ciphertext:

cleartext = ciphertext^PR  (modulo M)

Elliptic Curve Cryptography (ECC)

Elliptic curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. One of the main benefits in comparison with non-ECC cryptography is the same level of security provided by keys of smaller size. CCA uses ECC for digital signatures and symmetric keys using the Diffie-Hellman key agreement scheme.

Elliptic Curve Digital Signature Algorithm (ECDSA and EdDSA)

The ECDSA and EdDSA algorithms use elliptic curve cryptography (an encryption system based on the properties of elliptic curves) to provide a variant of the Digital Signature Algorithm.

Module-Lattice-Based Digital Signature Algorithm (ML-DSA), CRYSTALS-Dilithium Digital Signature Algorithm (CRDL-DSA)

ML-DSA and CRDL-DSA are both post quantum, lattice-based digital signature schemes whose security is based on the hardness of finding short vectors in lattices. The strength of the key is represented by the size of its matrix of polynomials. For example, ML-DSA (6,5) has a matrix size of 6x5. The larger the matrix size, the stronger the key. These keys can only be used for digital signature generation and verification (see Digital Signature Generate (CSNDDSG) and Digital Signature Verify (CSNDDSV)).

The CRYSTALS-Dilithium Digital Signature Algorithm (CRDL-DSA) is a post quantum algorithm (PQA) and is a member of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. ML-DSA is the standardized form of CRDL-DSA and is defined by the FIPS-204 standard.

Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM), CRYSTALS-Kyber Key Encapsulation Mechanism

ML-KEM and CRYSTALS-Kyber are both post quantum, IND-CCA2-secure key encapsulation mechanisms (KEMs) whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. ML-KEM (1024) and CRYSTALS-Kyber (1024) aim for security roughly equivalent to AES-256 .

CRYSTALS-Kyber is a member of the CRYSTALS (Cryptographic Suite for Algebraic Lattices) suite of algorithms. ML-KEM is the standardized form of CRYSTALS-Kyber and is defined by the FIPS-203 standard.