Description
Windows is starting to implement Composite ML-DSA natively in BCrypt and NCrypt in recent insider previews. Our Composite ML-DSA APIs predate this so our implementations were a managed layer over the underlying components (ML-DSA, RSA, and ECDSA). With dotnet/runtime#129612 we are now switching to use the native Windows implementation. However, Windows only supports a few of the composite algorithms (as seen here), so this change reduces the number of supported Composite ML-DSA algorithms.
The affected APIs are those on the CompositeMLDsa class. The certificate APIs for Composite ML-DSA will continue to throw PlatformNotSupportedException as before. Note: these APIs are all currently Experimental.
Version
.NET 11 Preview 7
Previous behavior
CompositeMLDsa APIs on Windows would work on all algorithms as long as the underlying components were supported (ML-DSA, RSA and ECDSA). The others (ones with EdDSA components) would throw PNSE.
New behavior
CompositeMLDsa APIs on Windows will only support the algorithms that Windows supports natively. Currently it's the four listed here.
Type of breaking change
Reason for change
It's preferable to use the native APIs on the platform rather than a managed layer on top.
Recommended action
Check CompositeMLDsa.IsAlgorithmSupported before use if possible and if not, handle the PNSE gracefully.
Feature area
Cryptography
Affected APIs
All the APIs on CompositeMLDsa.
Associated WorkItem - 592901
Description
Windows is starting to implement Composite ML-DSA natively in BCrypt and NCrypt in recent insider previews. Our Composite ML-DSA APIs predate this so our implementations were a managed layer over the underlying components (ML-DSA, RSA, and ECDSA). With dotnet/runtime#129612 we are now switching to use the native Windows implementation. However, Windows only supports a few of the composite algorithms (as seen here), so this change reduces the number of supported Composite ML-DSA algorithms.
The affected APIs are those on the
CompositeMLDsaclass. The certificate APIs for Composite ML-DSA will continue to throwPlatformNotSupportedExceptionas before. Note: these APIs are all currentlyExperimental.Version
.NET 11 Preview 7
Previous behavior
CompositeMLDsaAPIs on Windows would work on all algorithms as long as the underlying components were supported (ML-DSA, RSA and ECDSA). The others (ones with EdDSA components) would throw PNSE.New behavior
CompositeMLDsaAPIs on Windows will only support the algorithms that Windows supports natively. Currently it's the four listed here.Type of breaking change
Reason for change
It's preferable to use the native APIs on the platform rather than a managed layer on top.
Recommended action
Check
CompositeMLDsa.IsAlgorithmSupportedbefore use if possible and if not, handle the PNSE gracefully.Feature area
Cryptography
Affected APIs
All the APIs on
CompositeMLDsa.Associated WorkItem - 592901