NIST Advances Nine Post-Quantum Signature Algorithms to Third Round

Insider Brief National Institute of Standards and Technology advanced nine digital signature algorithms to the third round of its post-quantum cryptography standardization process as part of a broader effort to prepare cybersecurity systems for future quantum computing threats. The third-round candidates include FAEST, HAWK, MAYO, MQOM, QR-UOV, SDitH, SNOVA, SQIsign and UOV, with the evaluation phase expected to last about two years and allow technical updates from submission teams. NIST launched the additional signature initiative in 2022 to diversify beyond lattice-based cryptography and identify quantum-resistant digital signature schemes with alternative mathematical foundations, shorter signatures and faster verification speeds. The U.S. government is moving to widen the pool of post-quantum cryptography tools as concerns grow that future quantum computers could eventually break parts of today’s encryption systems.

The National Institute of Standards and Technology said it has selected nine digital signature algorithms to advance to the third round of its Additional Digital Signatures for the Post-Quantum Cryptography Standardization Process, according to a news release. The move comes after roughly 18 months of evaluation and reflects a broader effort to diversify the mathematical foundations behind future quantum-resistant cybersecurity standards. The nine candidates advancing are FAEST, HAWK, MAYO, MQOM, QR-UOV, SDitH, SNOVA, SQIsign and UOV. According to NIST, the third round is expected to last about two years and will allow submission teams to update technical specifications and software implementations before the agency makes further decisions about standardization. Digital signatures are a core part of modern cybersecurity systems. They are used to verify identities, authenticate software updates, secure financial transactions and confirm that data has not been altered. The concern driving the post-quantum effort is that a sufficiently powerful quantum computer could eventually break many of the public-key cryptography systems that underpin the internet and global communications infrastructure. NIST launched its public post-quantum cryptography standardization effort in 2016 as quantum computing research accelerated across government labs, universities and private companies. Quantum computers operate differently from classical machines and, in theory, could solve certain mathematical problems far faster than today’s systems. That capability could threaten encryption methods widely used in banking, defense, healthcare and cloud computing. The agency previously completed three rounds of evaluation that produced its first set of post-quantum standards. Those selections included the key establishment mechanism CRYSTALS-KYBER, now standardized as ML-KEM, along with the digital signature schemes CRYSTALS-Dilithium, standardized as ML-DSA; FALCON, standardized as FN-DSA and SPHINCS+, standardized as SLH-DSA. Most of those earlier selections relied on structured lattice mathematics, a category of hard mathematical problems believed to resist attacks from both classical and quantum computers. According to NIST, the additional signatures initiative was designed partly to avoid overreliance on a single family of mathematical assumptions. Diversifying cryptographic systems has become increasingly important as governments and industry prepare for what cybersecurity analysts often call “cryptographic agility” — the ability to swap security systems quickly if vulnerabilities are discovered. In 2022, NIST issued a new call for digital signature proposals specifically aimed at broadening the range of post-quantum approaches. The agency said it was particularly interested in non-lattice-based systems as well as schemes that could offer shorter digital signatures and faster verification speeds. The call attracted 40 candidate algorithms, which entered the first evaluation round in 2023. Fourteen algorithms later advanced to the second round before the field was narrowed again this month to nine finalists. Several of the remaining candidates are based on multivariate cryptography, code-based mathematics or newer algebraic approaches rather than structured lattices. Security researchers often view mathematical diversity as a hedge against future breakthroughs that could weaken one category of cryptographic assumptions. The evaluation process involves extensive public review by academic researchers, government specialists and private-sector cryptographers. NIST’s assessments examine not only security claims but also implementation efficiency, computational performance and resistance to side-channel attacks, where attackers exploit information leakage from hardware or software behavior. The agency said details on specification updates and implementation changes will be provided directly to participating teams. NIST also said it plans to hold its seventh Post-Quantum Cryptography Standardization Conference in late spring or early summer 2027, likely near Gaithersburg, Maryland, where the agency is headquartered. The conference is expected to serve as another checkpoint in what has become one of the world’s largest coordinated efforts to rebuild modern cryptography for the quantum era.

Matt Swayne LinkedIn With a several-decades long background in journalism and communications, Matt Swayne has worked as a science communicator for an R1 university for more than 12 years, specializing in translating high tech and deep tech for the general audience. He has served as a writer, editor and analyst at The Quantum Insider since its inception. In addition to his service as a science communicator, Matt also develops courses to improve the media and communications skills of scientists and has taught courses. matt@thequantuminsider.com Share this article: