NIST Post-Quantum Standards
In 2024 NIST published its first finalised post-quantum cryptography standards. The four that matter most for enterprise planning are:
| Standard | Algorithm | Purpose | Best for |
|---|---|---|---|
| FIPS 203 | ML-KEM (Kyber) | Key encapsulation | TLS, VPNs, key exchange |
| FIPS 204 | ML-DSA (Dilithium) | Digital signatures | Code signing, certificates, authentication |
| FIPS 205 | SLH-DSA (SPHINCS+) | Hash-based signatures | Trust anchors, offline signing, conservative fallback |
| FIPS 206 | FN-DSA (FALCON) | Lattice signatures | Compact signatures, constrained bandwidth |
At a glance:
- FIPS 203 — Drop-in replacement for RSA/ECDH key exchange. Fast, moderate key sizes.
- FIPS 204 — Primary digital signature standard. Fast signing, larger signatures than ECDSA.
- FIPS 205 — Conservative backup. Very large signatures, but only trusts hash functions.
- FIPS 206 — Compact lattice signatures with fast verification. Smaller signatures than ML-DSA, but more complex implementation.
What to do with this
- Inventory where public-key cryptography is used across your systems.
- Prioritise long-lived secrets and externally exposed services.
- Plan a hybrid transition rather than a hard cutover.
See the implementation note for practical sequencing.