Parameter Impact Explorer

Explore how changing algorithm parameters affects security level, key and signature sizes, and performance tradeoffs. Adjust the sliders to see real-time impact visualizations for each post-quantum algorithm.

Default Parameter Comparison

Metric	ML-KEM	ML-DSA	SLH-DSA
Security	~16 bits	~13 bits	~32 bits
Public Key	30 B	30 B	32 B
Secret Key	10 B	20 B	64 B
Output	15 B	40 B	256 B

ML-KEM

Module-Lattice Key Encapsulation · FIPS 203

Toy~16 bits

Parameters

N (Polynomial degree)8

4256

Q (Modulus)17

73329

K (Module dimension)2

Size Impact

Public Key30 bytes

A matrix + t vector

Secret Key10 bytes

Secret vector s

Ciphertext15 bytes

Encrypted shared secret

Performance Tradeoffs

Key Generation SpeedFast

Encapsulation SpeedFast

Bandwidth UsageLow

How it works

With N=8 (polynomial degree), Q=17 (modulus), K=2 (module dimension): each polynomial has 8 coefficients, each needing 5 bits. The module dimension K=2 determines how many polynomials form the secret/public vectors, directly scaling key sizes and security. Larger Q increases coefficient precision but also sizes.

Understanding Parameter Tradeoffs

Security vs Size

Increasing security parameters (N, K, Q) makes cryptographic attacks harder but produces larger keys and ciphertexts/signatures. Finding the right balance is crucial for practical deployment.

Speed vs Security

Larger parameters require more computation. ML-DSA's rejection sampling with tight bounds (small \u03b3\u2212\u03b2) increases security but may require many signing attempts. SLH-DSA trades speed for minimal trust assumptions.

Lattice vs Hash-Based

ML-KEM and ML-DSA rely on lattice problems (MLWE/MSIS) for compact keys. SLH-DSA relies only on hash function security — tiny keys but larger signatures. Different assumptions hedge against different quantum attack vectors.