NIST's Post-Quantum Cryptography Digital Signature Standardization
By Dr. Shohini Ghose
In 2016, the US National Institute of Standards and Technology (NIST) initiated the Post-Quantum Cryptography (PQC) Standardization Process in order to develop cryptographic algorithms resistant to future quantum computing threats. Numerous rounds of development and evaluation were undertaken over several years. By the end of the third round, a key encapsulation mechanism (KEM), and three digital signature algorithms were selected for standardization. A KEM is a method to establish a shared secret key between two parties over an unsecured public channel. Once a secret key is created, it can be used to encrypt messages. A digital signature is a cryptographic tool that verifies the authenticity and integrity of a digital message or document, acting like an electronic version of a handwritten signature or seal. It ensures that the message comes from a legitimate sender and has not been altered during transmission, and it prevents the sender from repudiating the signature at a later time.
Two of the three digital signature algorithms initially chosen by NIST are based on the difficulty of solving certain mathematical problems related to structured lattices. In July 2022, NIST called for additional digital signature proposals to diversify beyond lattice-based algorithms and to find schemes with shorter signatures and faster verification. NIST received 50 submissions, accepting 40 candidates for public review. These candidates were based on various security assumptions and were open for feedback from the cryptographic community.
The Fifth NIST PQC Standardization Conference took place in April 2024, where the first-round candidates were presented and discussed. Based on feedback and internal evaluations, NIST selected 14 algorithms to advance to the second round in October 2024.
This is an important milestone in an ongoing process aiming to secure digital communications against future quantum computing capabilities. The next phase of evaluation, public comment and review will last 12 to 18 months with a Sixth NIST PQC Standardization Conference planned for September of 2025.