Re: [Implementation] CRYSTALS-Dilithium5 in W3C Verifiable Credentials from Will Abramson on 2026-02-06 (public-credentials@w3.org from February 2026)

From: Will Abramson <will@legreq.com>
Date: Fri, 6 Feb 2026 16:54:05 +0000
To: Amir Hameed <amsaalegal@gmail.com>
Cc: W3C Credentials CG <public-credentials@w3.org>
Message-ID: <CAPJWd2SOJa=hyAxTbuQcUbO-ME2F_a=MqeJJJV7di2GfM-jrbQ@mail.gmail.com>

Hi Amir,

Great that you are interested in quantum safe cryptography for securing VCs!

The CCG has a work item that defines a Data Integrity cryptosuite for a
bunch of different quantum safe algorithms -
http://w3c-ccg.github.io/di-quantum-safe/.

Including one ML-DSA - which I believe is the same as the
crystals-dilithium one you mention.

It would be great to get your feedback on the existing spec based on your
implementation experience.

I know the VCWG would love to adopt this as part of their charter scope,
but were struggling to find people willing to be editors for the spec.

The other thing I noticed from your screenshots is you seem to be using a
DID method called `dilithium`.
I am wondering what the reason for this is? Is this just a
placeholder/example or is this a DID method you are working on?

Best,
Will

On Fri, Feb 6, 2026 at 4:22 PM Amir Hameed <amsaalegal@gmail.com> wrote:

> Dear Harrison,
>
> Thank you for your kind words — I really appreciate it. I’ll be reaching
> out soon to discuss the PQC + VC/DID implementation in more detail and
> explore next steps.
>
> Best regards,
> Amir Hameed Mir
> Principal Investigator,
> Sirraya Labs
>
>
> On Fri, 6 Feb 2026 at 9:23 PM, Harrison <harrison@spokeo.com> wrote:
>
>> Cool, nice work!
>>
>> Sincerely,
>>
>> *Harrison Tang*
>> COO
>>  LinkedIn  <https://www.linkedin.com/company/spokeo/> •   Instagram
>> <https://www.instagram.com/spokeo/> •   Youtube <https://bit.ly/2oh8YPv>
>>
>>
>> On Fri, Feb 6, 2026 at 6:11 AM Amir Hameed <amsaalegal@gmail.com> wrote:
>>
>>> Hello CCG,
>>>
>>> I wanted to share a successful implementation of a Post-Quantum
>>> Cryptography (PQC) stack within the W3C VC/DID framework.
>>>
>>> Attached are screenshots demonstrating a full lifecycle using
>>> *CRYSTALS-Dilithium5* (Dilithium5VerificationKey2023):
>>>
>>>    1.
>>>
>>>    *holder_did.json*: A DID Document utilizing a Dilithium5 public key.
>>>    2.
>>>
>>>    *verifiable_credential.json*: A university degree credential issued
>>>    and signed with Dilithium5.
>>>    3.
>>>
>>>    *verifiable_presentation.json*: A complete presentation where the
>>>    holder-binding is also secured via Dilithium.
>>>
>>> Given the NIST standardization of Dilithium, I believe this demonstrates
>>> the readiness of PQC suites for production-grade Decentralized Identity.
>>>
>>> Looking forward to any feedback or discussion on further standardizing
>>> these PQC-based verification methods.
>>>
>>> Best,
>>>
>>> Amir Hameed Mir
>>>
>>> Principal Investigator , Sirraya Labs
>>>
>>

Received on Friday, 6 February 2026 16:54:22 UTC