On August 13, 2024, the U.S. National Institute of Standards and Technology (NIST) published three finalized post-quantum cryptography (PQC) standards: FIPS 203 (ML-KEM, a key encapsulation mechanism based on the CRYSTALS-Kyber algorithm), FIPS 204 (ML-DSA, a digital signature algorithm based on CRYSTALS-Dilithium), and FIPS 205 (SLH-DSA, a stateless hash-based digital signature algorithm based on SPHINCS+).
The publication concluded an eight-year process that began in 2016 when NIST issued a call for proposals for quantum-resistant cryptographic algorithms. NIST received 82 submissions from teams in more than 25 countries. After multiple rounds of evaluation, the agency selected the algorithms for standardization in July 2022 and published draft standards for public comment in August 2023.
NIST stated that the standards are ready for immediate implementation and encouraged system administrators to begin integrating them into their systems. A fourth standard, FIPS 206 (based on the FALCON algorithm and to be named FN-DSA), was expected to be finalized in late 2024. NIST also continued evaluating additional algorithms for potential future standardization to provide backup options and cover additional use cases.
The finalization of the PQC standards was referenced in the G7 Cyber Expert Group’s September 25, 2024, statement on quantum computing risks to the financial sector, which noted that the availability of the standards meant some organizations could begin implementation of quantum-resilient cryptography.