H33-128 (BFV)H33-256 (L5)H33-CKKS (Float)H33-TFHE (Gates)TFHE BootstrapFHE-IQ (Auto)H33-CompileFHE OverviewZK LookupsZKP-AIRBiometricsZK-KYCZK-PhishZK-TrustlessZK-VerifyArchiveSignH33-3-KeyH33-GatewayH33-MPCPQC ArchitectureDeviceProofH33-Agent-ZeroAI ComplianceBotShieldFraudShieldH33-HealthH33-KeyH33-ShareH33-ShieldH33-VaultMedVaultQuantumVaultVaultKeyEncrypted SearchStorage Encryption
Continuous Monitoring
Continuous Control MonitoringContinuous AttestationOperational Integrity
AI Governance
AI Agent GovernanceContinuous AI GovernanceAgent AttestationAgent Replay
Privacy & Chains
Privacy LayerZK-AttestationChain-Agnostic PrivacyDigital Asset Governance
Infrastructure
Governance ReplayPost-Quantum ConversionAttestation APIPost-Quantum APICyber Claim Verification
HATS Protocol
HATS StandardHATS SpecificationVerification GuaranteesConformance SuiteProtocol Stability
Compliance
SOC 2 Type IIISO 27001HIPAA BAAGDPRPCI DSSNIST FIPS 203/204FedNow
Operational Architecture
Governance GraphReplay EngineVerification ModelEvidence ChainsFederation
Cryptographic Infrastructure
H33-74 Proof BundlesCryptographic ProfilesConformance SuiteH33-ChaosCompatibility GuaranteesCompare
Validation
Adversarial ValidationDeterministic ReplayConformance VectorsAgent Benchmarks
Verification
Public VerifierSession Replay ExplorerGovernance ReplayIndependent Verification
Live Systems
Live API TestLive AuthenticationEncrypted ComputeAI Classification
Performance
BenchmarksH33 vs SEALWhite PaperHICS Code Scoring
Verifier CLITypeScript SDKMCP SDKGitHub
References
API ReferenceAgent SpecificationSchemasConformance VectorsDocumentation
Cyber Insurance (HATS)BankingGovernmentHealthcareLaw FirmsPayments (WireProof)Tokenization
PricingDemo
Log InGet API Key
Post-Quantum

FALCON vs Dilithium: Choosing the Right Post-Quantum Signature

📅 December 28, 2025 ⏱️ 7 min read ✍️ H33 Team

NIST selected multiple post-quantum signature algorithms to address different use cases. CRYSTALS-Dilithium (ML-DSA) and FALCON are the two primary choices. Understanding their trade-offs helps you select the right algorithm for your application.

Algorithm Overview

Both algorithms are lattice-based but use different mathematical approaches:

  • Dilithium: Based on Module-LWE and Module-SIS problems using "Fiat-Shamir with Aborts"
  • FALCON: Based on NTRU lattices using GPV framework with fast Fourier sampling

Key and Signature Sizes

One of the most significant differences is size:

Size Comparison (Security Level 3)

Dilithium3: Public key 1,952 bytes, Signature 3,293 bytes
FALCON-512: Public key 897 bytes, Signature 666 bytes

FALCON offers significantly smaller signatures—roughly 5x smaller than Dilithium. This makes FALCON attractive for bandwidth-constrained applications like blockchain transactions or IoT devices.

Performance Characteristics

Performance varies by operation:

  • Key Generation: Dilithium is faster (FALCON requires complex precomputation)
  • Signing: Dilithium is faster and more consistent
  • Verification: FALCON is faster

Dilithium's signing time is predictable, while FALCON's can vary due to its rejection sampling. This matters for real-time applications with strict latency requirements.

Implementation Complexity

Dilithium is significantly easier to implement correctly:

  • Dilithium: Uses simple operations, easier constant-time implementation
  • FALCON: Requires floating-point arithmetic and complex sampling, harder to secure against side-channel attacks

For organizations implementing their own cryptographic code (not recommended but sometimes necessary), Dilithium presents fewer pitfalls.

Side-Channel Resistance

Side-channel attacks extract secrets by analyzing timing, power consumption, or electromagnetic emissions:

  • Dilithium: Designed with side-channel resistance in mind; constant-time implementations are straightforward
  • FALCON: More challenging to protect; floating-point operations are notoriously difficult to make constant-time

Use Case Recommendations

Based on these trade-offs:

Choose Dilithium when:

  • Implementation simplicity is important
  • Signing performance and consistency matter
  • Side-channel resistance is critical
  • Bandwidth isn't severely constrained

Choose FALCON when:

  • Signature and key size are paramount
  • Verification speed is more important than signing
  • Using well-audited library implementations
  • Applications like blockchain or certificates where size matters

What H33 Uses

H33 primarily uses Dilithium3 for our authentication signatures. The reasons:

  • Consistent signing performance for real-time auth (we guarantee 1.28ms)
  • Simpler side-channel protection in our secure enclaves
  • NIST's primary recommendation for general-purpose use

We may add FALCON support for specific use cases where signature size is critical, such as blockchain attestations.

Future Considerations

Both algorithms are strong choices with different strengths. The cryptographic community continues to analyze both, and neither shows signs of weakness. Your choice should be driven by your application's specific requirements around size, performance, and implementation constraints.

Ready to Go Quantum-Secure?

Start protecting your users with post-quantum authentication today. 1,000 free auths, no credit card required.

Get Free API Key →

Related Articles

Post-Quantum
What Is Post-Quantum Cryptography? A Complete Guide for 2026
Post-Quantum
NIST FIPS 203 and 204 Explained: The New Post-Quantum Standards
Post-Quantum
CRYSTALS-Dilithium: The Future of Digital Signatures