Re: [Implementation] CRYSTALS-Dilithium5 in W3C Verifiable Credentials from Greg Bernstein on 2026-02-06 (public-credentials@w3.org from February 2026)

From: Greg Bernstein <gregb@grotto-networking.com>
Date: Sat, 7 Feb 2026 07:46:52 +1100
To: public-credentials@w3.org
Message-ID: <bbed4f29-bff8-4cce-88fa-737f0a98ccfb@grotto-networking.com>
Hi Amir, great to see this work. As Will said Crystals-Dilithium is now 
ML-DSA and the /signature/ suite is standardized in FIPS-204. This is 
discussed in the CCG work item DI-Quantum-Safe 
<http://w3c-ccg.github.io/di-quantum-safe/>.

I recently put in an “issue” on updating that document: Updating Draft: 
Refactoring, MultiKeys/Proofs, and Test Vectors #9 
<https://github.com/w3c-ccg/di-quantum-safe/issues/9>. I also put 
together code to generate VC test vectors for ML-DSA and SLH-DSA 
(FIPS-205) at PQC-TestVectors 
<https://github.com/Wind4Greg/PQC-TestVectors>. I also started a 
document update at Draft refactor of DI-Quantum-Safe 
<https://github.com/Wind4Greg/di-quantum-safe/tree/refactor> (on my 
/refactor/ branch).

I’m waiting to hear from any of the current DI-Quantum-Safe authors on 
the “issue” before putting in any PRs. Would really like your help 
(document review, test vector generation/confirmation) and some feedback 
from the original authors if they want our help moving this forward.

Best Regards

Greg B.

Screenshot of portion of the proposed updated document:

On 2/7/26 4:02 AM, Amir Hameed wrote:

> Hi Will,
>
>
> Thank you for your message and for sharing the link to the CCG Data 
> Integrity cryptosuite work item — very helpful! I appreciate the 
> opportunity to provide feedback, and I’ll review the existing spec 
> based on our implementation experience.
>
> Regarding the DID method dilithium that you noticed in the screenshots 
> — that was just a placeholder/example. We can easily use other 
> keywords or DID methods in its place. The main goal right now was to 
> get the end-to-end implementation working, and the placeholder allowed 
> us to test the flow without being tied to a specific DID method.
>
> I’m happy to discuss further or provide any feedback that might help 
> with adoption in the VCWG scope.
>
>
> Best regards,
>
> Amir
>
>
>
> On Fri, 6 Feb 2026 at 10:24 PM, Will Abramson <will@legreq.com> wrote:
>
>     Hi Amir,
>
>     Great that you are interested in quantum safe cryptography for
>     securing VCs!
>
>     The CCG has a work item that defines a Data Integrity cryptosuite
>     for a bunch of different quantum safe algorithms -
>     http://w3c-ccg.github.io/di-quantum-safe/.

>
>     Including one ML-DSA - which I believe is the same as the
>     crystals-dilithium one you mention.
>
>     It would be great to get your feedback on the existing spec based
>     on your implementation experience.
>
>     I know the VCWG would love to adopt this as part of their charter
>     scope, but were struggling to find people willing to be editors
>     for the spec.
>
>     The other thing I noticed from your screenshots is you seem to be
>     using a DID method called `dilithium`.
>     I am wondering what the reason for this is? Is this just a
>     placeholder/example or is this a DID method you are working on?
>
>     Best,
>     Will
>
>     On Fri, Feb 6, 2026 at 4:22 PM Amir Hameed <amsaalegal@gmail.com>
>     wrote:
>
>         Dear Harrison,
>
>         Thank you for your kind words — I really appreciate it. I’ll
>         be reaching out soon to discuss the PQC + VC/DID
>         implementation in more detail and explore next steps.
>
>         Best regards,
>         Amir Hameed Mir
>         Principal Investigator,
>         Sirraya Labs
>
>
>         On Fri, 6 Feb 2026 at 9:23 PM, Harrison <harrison@spokeo.com>
>         wrote:
>
>             Cool, nice work!
>
>             Sincerely,
>
>              
>             *Harrison Tang*
>             COO
>              LinkedIn <https://www.linkedin.com/company/spokeo/> •
>              Instagram <https://www.instagram.com/spokeo/> •  Youtube
>             <https://bit.ly/2oh8YPv>
>
>
>
>             On Fri, Feb 6, 2026 at 6:11 AM Amir Hameed
>             <amsaalegal@gmail.com> wrote:
>
>                 Hello CCG,
>
>                 I wanted to share a successful implementation of a
>                 Post-Quantum Cryptography (PQC) stack within the W3C
>                 VC/DID framework.
>
>                 Attached are screenshots demonstrating a full
>                 lifecycle using *CRYSTALS-Dilithium5*
>                 (|Dilithium5VerificationKey2023|):
>
>                 1.
>
>                     *holder_did.json*: A DID Document utilizing a
>                     Dilithium5 public key.
>
>                 2.
>
>                     *verifiable_credential.json*: A university degree
>                     credential issued and signed with Dilithium5.
>
>                 3.
>
>                     *verifiable_presentation.json*: A complete
>                     presentation where the holder-binding is also
>                     secured via Dilithium.
>
>                 Given the NIST standardization of Dilithium, I believe
>                 this demonstrates the readiness of PQC suites for
>                 production-grade Decentralized Identity.
>
>                 Looking forward to any feedback or discussion on
>                 further standardizing these PQC-based verification
>                 methods.
>
>                 Best,
>
>                 Amir Hameed Mir
>
>                 Principal Investigator , Sirraya Labs
>
-- 
------------------------------------------------------------------------

Dr. Greg M. Bernstein, https://www.grotto-networking.com


&#8203;
Attachments

application/pgp-keys attachment: OpenPGP public key
Received on Friday, 6 February 2026 20:47:07 UTC