We can convert the Fiat-Shamir method for zero-knowledge proofs into a method for signing a message. This page uses the method defined in [1], and uses elliptic curve methods. In this case Alice takes the message (\(M\)), random value (\(y\)), and her private key (\(s\)), and computes \((e,z)\). Bob checks this signature using Alice's public key (\(S\)).
Related: [Kyber KEM][Kyber KEX][Dilithium Dig Sig Speed][Factoring signature (ECC)][Factoring signature (Logs)][Falcon Digital Signature][Rainbow Digital Signature][Dilithium Digital Signature]