NIST has selected nine digital signature algorithms to move into the third round of its Additional Digital Signatures for the Post-Quantum Cryptography Standardisation Process: FAEST, HAWK, MAYO, MQOM, QR-UOV, SDitH, SNOVA, SQIsign, and UOV. These candidates are being evaluated as potential future standards to help protect sensitive information in a world where quantum computers could eventually challenge today’s public-key cryptography.
Digital signatures are everywhere. They help verify software updates, secure online communication, authenticate documents, and protect trust across digital infrastructure. As quantum technology advances, making these systems quantum-resistant is becoming a strategic priority for governments, businesses, researchers, and technology providers.
A stronger, more diverse foundation
NIST’s work is about building a stronger, more diverse cryptographic foundation for the future.
The report explains that any selected signature scheme would augment existing standards, including FIPS 204, FIPS 205, FIPS 186-5, and SP 800-208. In other words, this process is expanding the quantum-safe toolkit rather than replacing everything at once.
Different applications have different needs. A digital signature used for firmware updates may require different performance, key size, or verification speed than one used for certificates, documents, or secure communication protocols.
NIST specifically notes that post-quantum signatures are intended for use across internet protocols such as TLS, SSH, IKE, IPsec, OCSP, and DNSSEC, as well as applications including certificate transparency, document signing, code signing, and firmware updates.
A step toward crypto agility
Quantum-safe security is becoming an implementation challenge, not just a research topic.
The third-round candidates will now face deeper analysis from NIST and the global cryptographic community. Security, cost, performance, and implementation characteristics all have a role in the evaluation. NIST also highlights the importance of practical deployment factors, including side-channel resistance, licensing, and suitability for different platforms.
This is where crypto agility becomes essential. Organisations should not wait for the final standard before understanding where digital signatures are used, which systems depend on them, and how future migration could happen without disrupting operations.
Building trust in the quantum era
For Belgium’s quantum ecosystem, this is a signal that quantum readiness requires collaboration across research, business, technology, policy, and society.
Post-quantum cryptography will transform how we protect digital trust in the years ahead. Financial services, healthcare, government, energy, logistics, and critical infrastructure all depend on secure authentication and long-term data protection.
NIST expects the third phase of evaluation to last approximately two years, with another PQC standardisation conference planned for 2027. That gives organisations time to prepare, but not time to stand still.
Making quantum work also means making security quantum-ready. And that starts now: by mapping risks, building awareness, supporting research, and connecting the ecosystem around concrete next steps.
