Author: Klaus Schmeh, cryptovision GmbH
Post-Quantum Cryptography (PQC) has been a major research focus for over a decade. As quantum computing steadily advances, so does the urgency to protect our digital infrastructure against future quantum threats. In response, the cryptographic community has developed more than a hundred PQC algorithms—ranging from digital signatures to key encapsulation methods. But only in recent years has the field matured, with standards emerging and a clearer picture forming of which algorithms are likely to play a critical role in securing the post-quantum era.
A pivotal factor in this development has been the ongoing standardization efforts led by the U.S. National Institute of Standards and Technology (NIST), which launched two major algorithm competitions.
NIST PQC competition – round 1
The first NIST competition, open to both signature and key encapsulation mechanisms (KEMs), began in 2016. Out of 69 submissions, four primary winners were announced in 2022, with a fifth selected in 2025.
These five algorithms represent the future standard portfolio:
- CRYSTALS-Kyber (standardized as ML-KEM): Key encapsulation mechanism
- CRYSTALS-Dilithium (standardized as ML-DSA): Digital signature scheme
- SPHINCS+ (standardized as SLH-DSA): Stateless hash-based signature scheme
- FALCON: Digital signature scheme
- HQC: Key encapsulation mechanism
Unless significant weaknesses are found, no further algorithms from the first competition are expected to be standardized.
NIST PQC competition – round 2
While three digital signature schemes emerged successfully from the first round, NIST sought greater algorithmic diversity. This led to a second, ongoing competition launched in 2023, this time exclusively for signature algorithms.
From the 40 submissions, 14 candidates advanced to the second round. The competition is still underway, and the final selection is expected to add further options for post-quantum digital signatures
IETF standards
Parallel to NIST’s work, the Internet Engineering Task Force (IETF) has also contributed to PQC standardization. As early as 2018 and 2019, the IETF published two relevant standards:
- XMSS – eXtended Merkle Signature Scheme (RFC 8391)
- Leighton-Micali Signature Scheme (RFC 8554)
Both are stateful signature schemes, which disqualified them from participating in the NIST competitions, where only stateless schemes were permitted. Nevertheless, these algorithms remain viable options in specific contexts and are already standardized.
German BSI recommendations
In Germany, the Federal Office for Information Security (BSI) has included two additional PQC algorithms in its cryptographic recommendations (TR-02102):
- FrodoKEM – Key encapsulation mechanism
- Classic McEliece – Key encapsulation mechanism
Both are currently undergoing standardization by the International Organization for Standardization (ISO), further reflecting their importance in the global cryptographic landscape.
From standards to deployment
With a growing list of standardized and soon-to-be-standardized algorithms, the focus is now shifting toward practical deployment. Cryptographic libraries, protocols, and file formats are being updated to support the new schemes. Vendors are actively upgrading their products to support post-quantum cryptography. For example, Eviden Digital Identity has integrated post-quantum algorithms into its cryptovision GreenShield software (see Figure 1). Many organizations are already preparing for a migration to PQC technologies.
Figure 1: Eviden Digital Identity’s cryptovision GreenShield already supports the post-quantum algorithms CRYSTALS-Kyber and CRYSTALS-Dilithium.
