Back to Home

Android 17: ML-DSA in Verified Boot and PQC

Google integrates ML-DSA into Android 17 for post-quantum protection. Verified Boot, remote attestation, and Keystore will get PQC support. Developers use the new SDK with hybrid signatures in Google Play.

PQC in Android 17: ML-DSA against quantum threats
Advertisement 728x90

Android 17 Integrates Post-Quantum Cryptography ML-DSA into Verified Boot and Keystore

Google is integrating post-quantum cryptography (PQC) into Android to protect against quantum attacks. By 2029, the entire ecosystem will transition to quantum-resistant algorithms. The first changes will debut in the Android 17 beta: integration of ML-DSA into Verified Boot, a shift to PQC attestation, and updates to KeyMint for certificate chains.

This will ensure boot integrity and remote device verification in a post-quantum environment. Developers will get tools in Android Keystore and a new SDK for generating ML-DSA-65 and ML-DSA-87 keys.

Integration of ML-DSA into Verified Boot

The ML-DSA algorithm (formerly Dilithium) is being added to Android Verified Boot for creating digital signatures during boot. This will prevent software modification using quantum methods, such as attacks on RSA and ECC.

Google AdInline article slot

Key changes:

  • Digital signatures: ML-DSA generates quantum-resistant signatures for boot images.
  • Hardware support: Integration into the Trusted Execution Environment (TEE) via KeyMint.
  • Compatibility: Hybrid certificate chains combine classical and PQC algorithms.

Devices will be able to remotely attest their state, confirming no compromise even against harvest-now-decrypt-later threats.

Remote Attestation on PQC Architecture

Android 17 is shifting to PQC-compatible remote attestation. KeyMint will update certificate chains to support ML-DSA, allowing trusted parties (services, OEMs) to verify integrity.

Google AdInline article slot

Process:

  • The device generates an attestation challenge with PQC signatures.
  • The server verifies the chain via updated root certificates.
  • Confirmation of TEE and system component states.

This is critical for enterprise apps and Zero Trust architectures, where quantum risks are growing.

Support for Developers in Android Keystore and SDK

Android Keystore is expanding to support ML-DSA for hardware-protected signatures. The new PQC SDK provides KeyPairGenerator API for ML-DSA-65 (high security) and ML-DSA-87 (performance balance).

Google AdInline article slot

Example key generation:

KeyPairGenerator kpg = KeyPairGenerator.getInstance("ML-DSA-65", "AndroidKeyStore");
kpg.initialize(new KeyGenParameterSpec.Builder("pqc_key", KeyProperties.PURPOSE_SIGN)
    .setKeySize(2560)
    .build());
KeyPair kp = kpg.generateKeyPair();

Google Play will introduce automatic generation of hybrid signatures: classical key + ML-DSA. This will simplify APK migration without rebuilding code.

Comparison with Other Platforms

Google is following the trend: Microsoft has integrated ML-KEM and ML-DSA into Windows Server 2025, Windows 11, and .NET 10. NIST PQC algorithms are already standardized, and quantum systems are being used in real-world tasks.

Performance comparison table (approximate NIST data):

| Algorithm | Key size (bits) | Signature (KB) | Verification (ms) |

|----------|-----------------|---------------|-------------------|

| ML-DSA-65 | 2560 | 2.4 | 0.5 |

| ML-DSA-87 | 3648 | 3.2 | 0.8 |

| ECDSA P-384 | 384 | 0.07 | 0.1 |

PQC adds overhead but ensures resilience.

What’s Important

  • Migration timeline: Full Android ecosystem transition to PQC by 2029.
  • Android 17 beta: First implementation of ML-DSA in Verified Boot and attestation.
  • For developers: New SDK and Keystore API for ML-DSA-65/87, hybrid signatures in Play.
  • Architecture: KeyMint updates for PQC certificate chains.
  • Context: Protection against quantum threats like Shor's algorithm on RSA/ECC.

— Editorial Team

Advertisement 728x90

Read Next