ML-KEM（Module-Lattice Key Encapsulation Mechanism）是一種基於模組格（module lattice）中學習誤差問題（Learning With Errors, LWE）困難性的密鑰封裝機制，具備適應性選擇密文攻擊下的機密性（IND-CCA2）安全保障。ML-DSA（Module-Lattice Digital Signature Algorithm）則是一組數位簽章演算法，依賴於 LWE 與短整數解問題（Short Integer Solution, SIS）的困難性。這兩種演算法皆為 NIST 後量子密碼（Post-Quantum Cryptography, PQC）已被標準化的演算法，具有高度安全性與實用性。

儘管 ML-KEM 與 ML-DSA 的核心演算法已經確立，實際上時仍可根據不同需求調整多項參數，從而產生不同的變異版本。這些參數的選擇將顯著影響安全強度、解密失敗機率、密文長度、簽章大小與效率等等。

本論文將針對 ML-KEM 與 ML-DSA 的多種參數組合進行深入探討，分析其在安全性與效能之間的權衡，提供對實作與應用層面具參考價值的評估。

ML-KEM is an IND-CCA2-secure key encapsulation mechanism based on the hardness of learning-with-errors problem in module lattices. ML-DSA is a set of algorithms that can generate and verify digital signatures based on the hardness of learning-with-errors and short-integer-solution problems in module lattice. Despite the algorithm and design of ML-KEM and ML-DSA, many parameters can be chosen to result in a new variance of ML-KEM and ML-DSA. We will take a closer look at which and how these parameters will affect the security strength, decryption failure probability, ciphertext length, and so on. In this paper, we will explore the various parameter sets of ML-KEM and ML-DSA.