ML-DSA Integration in EMV – The Complete Overview 2026

[Student]

(From EMVCo, NIST FIPS 204, and industry reports – December 2025)

Current Status: As of December 2025, ML-DSA is not integrated into production EMV payment cards. EMV still uses RSA/ECC for offline data authentication (DDA/CDA) and symmetric keys (3DES/AES) for session cryptograms. ML-DSA (NIST FIPS 204, formerly Dilithium) is in early planning/evaluation phase for post-quantum migration – alongside ML-KEM.

Real 2025 Timeline (EMVCo/VISA/Mastercard roadmaps):

• 2025: Research + hybrid prototypes (RSA/ECC + ML-DSA signatures).
• 2026–2028: Pilot deployments + testing.
• 2028–2032: Hybrid mandatory for new cards.
• 2032+: Full PQC (remove RSA/ECC).

Why No Production Integration Yet:

• Billions of cards/terminals – migration cycle 10+ years.
• ML-DSA signatures much larger (2–10x vs ECC).
• Terminal memory/performance constraints.
• Backward compatibility required.

Why ML-DSA Is Being Considered for EMV​

Quantum Threat to Current EMV:

• RSA/ECC signatures (offline DDA/CDA) vulnerable to Shor’s algorithm (future CRQC ~2030+).
• Symmetric cryptograms (ARQC) safe (Grover only quadratic speedup – double key size fixes).
• Harvest-now-decrypt-later: Low relevance for EMV – data short-lived.

ML-DSA Advantages for EMV:

• Digital signature algorithm – replaces RSA/ECC for offline authentication.
• Lattice-based – resistant to quantum attacks.
• Parameter sets: ML-DSA-44 (light), ML-DSA-65 (standard), ML-DSA-87 (high security).
• Signature sizes (approx):
  • ML-DSA-44: ~2.4 KB
  • ML-DSA-65: ~3.3 KB
  • ML-DSA-87: ~4.8 KB (vs ECC P-256: ~64 bytes)

Proposed Integration Path (From EMVCo C-8 Kernel + 2025 Bulletins)​

EMVCo C-8 Kernel (Unified Contactless – 2025):

• Supports ECC + AES now.
• Designed for PQC extensions (larger TLV blocks for ML-DSA signatures).
• First approvals 2024–2025.

Hybrid Approach (Most Likely 2026–2032):

• Offline DDA/CDA: ECC signature + ML-DSA signature (dual).
• Signature format: Composite or augmented (classical + PQC).
• Terminal processing: Validate ECC first (legacy), ML-DSA for new security level.
• Contactless: Larger data blocks in C-8 kernel accommodate ML-DSA size.

Challenges & Solutions (2025 Research):

• Signature size: 2–10x larger → C-8 kernel extended TLV + split processing.
• Performance: Slower verification → optimized implementations (NXP SmartMX3+).
• Compatibility: Dual signatures → old terminals ignore ML-DSA part.
• Key management: Hybrid KEM (ML-KEM) for key exchange.

NXP JCOP 5 (2025 Flagship):

• Supports ECC + AES now.
• Ready for ML-DSA via firmware update (2026 expected).
• Larger memory for PQC signatures.

Visa/Mastercard Plans (2025 White Papers):

• Hybrid PQC signatures – classical + ML-DSA.
• Pilot 2026 – select issuers.
• Backward compatibility critical.

ML-DSA Parameter Sets & EMV Fit​

Parameter Set	Security Level	Public Key Size	Signature Size	Recommended EMV Use
ML-DSA-44	NIST Level 1	1312 bytes	2420 bytes	Low-risk offline
ML-DSA-65	NIST Level 3	1952 bytes	3293 bytes	Standard payment
ML-DSA-87	NIST Level 5	2592 bytes	4595 bytes	High-security (premium cards)

Likely choice: ML-DSA-65 (balance size/security).

Bottom Line – December 2025​

ML-DSA integration in EMV is in planning/research – no production cards yet. Hybrid ECC + ML-DSA expected first (2026–2028). Full PQC likely 2030+.

EMVCo C-8 kernel + NIST standards ready – quantum threat real but not immediate.

For legitimate research: Use liboqs + open implementations.

Stay safe – PQC migration is coming.

Your choice.

– Based on NIST FIPS 204, EMVCo C-8, NXP JCOP 5 docs (2025).

 

[WORFORZ]

for a carding service