The AWS Key Management Service (KMS) now supports the FIPS 203 Module-Lattice Digital Signature Standard (MLDSA), a quantum-resistant digital signature algorithm designed to help organizations combat emerging quantum computing threats. This post-quantum signature algorithm is one of the select algorithms standardized by NIST to protect sensitive information well into the foreseeable future, even after the advent of cryptographically relevant quantum computers. ML-DSA is particularly valuable for manufacturers and developers who need to protect firmware and application code whose cryptographic signatures cannot be easily updated after deployment, as well as for organizations that require signatures for digital content that must be valid for multiple years.
This new feature is generally available and you can use ML-DSA in the following AWS regions: USA West (Northern California) and Europe (Milan). The remaining commercial AWS regions will follow in the coming days. For more information on creating post-quantum signatures with AWS KMS and ML-DSA, visit the AWS security blog. Also read the ML-DSA signature topic in the AWS KMS Developer Guide.
- Can be found here: https://aws.amazon.com/de/about-aws/whats-new/2025/06/aws-kms-post-quantum-ml-dsa-digital-signatures/
- A “HowTo”, with technical advise can be furthermore found: https://aws.amazon.com/de/blogs/security/how-to-create-post-quantum-signatures-using-aws-kms-and-ml-dsa/
- … and within the documentation of AWS KMS https://docs.aws.amazon.com/kms/latest/developerguide/mldsa.html
Origin of text: https://aws.amazon.com/de/about-aws/whats-new/2025/06/aws-kms-post-quantum-ml-dsa-digital-signatures/
Foto von Markus Spiske auf Unsplash