Module mldsa 

huddle 2.0.6 (WS2-a): ML-DSA-65 (FIPS 204) signatures for hybrid post-quantum authentication.

Identity/authority envelopes are signed classically with Ed25519 and (when the composite path is used) with ML-DSA-65, so a forgery requires breaking BOTH — a quantum adversary that breaks Ed25519 still can’t forge. The ML-DSA keypair is deterministically derived from the same 32-byte Ed25519 identity seed (via an HKDF with a distinct domain label), so every identity gains a PQ signing key for free with no new on-disk material — exactly the model pqc (ML-KEM) uses for confidentiality.

ML-DSA signatures are large (3309 bytes) and public keys are 1952 bytes, so the composite is applied to low-frequency identity/authority messages (announces, invites, owner/ban grants), never to every chat line.

Structs

MlDsaKeypair

A deterministically-derived ML-DSA-65 keypair bound to a huddle identity.

Constants

MLDSA_PK_LEN

Serialized length of an ML-DSA-65 verifying (public) key.

MLDSA_SIG_LEN

Serialized length of an ML-DSA-65 signature.

Functions

verify

Verify an ML-DSA-65 signature over msg against a serialized verifying key. Returns false on any malformed input or signature mismatch.