Skip to content

Training: Master PKI and HSM with flexible on-demand trainings

Enroll Now

Decoding NIST PQC Standards: What They Are, What’s Final, and What’s Next

Decoding NIST PQC Standards

Post-quantum cryptography (PQC) is how we secure today’s data against tomorrow’s threat posed by future quantum computers. The U.S. National Institute of Standards and Technology (NIST) leads this effort by defining NIST PQC Standards. It has published algorithms and guidance that vendors and agencies can implement with confidence. 

On August 13–14, 2024, NIST released the first three finalized PQC standards, marking a major milestone in the global migration to quantum-resistant cryptography.

The First Three Final NIST PQC Standards (2024)

NIST published three Federal Information Processing Standards (FIPS) that you can deploy today: 

  1. FIPS 203: ML-KEM (based on CRYSTALS-Kyber)

    It is a key-encapsulation mechanism (KEM) used for establishing shared secrets (e.g., in TLS handshakes, VPNs). It provides three parameter sets (ML-KEM-512, -768, and -1024) to balance performance and security.

  2. FIPS 204: ML-DSA (based on CRYSTALS-Dilithium)

    It is a lattice-based digital signature scheme suitable for general-purpose code signing, document signing, and protocol authentication. It provides three parameter sets (ML-DSA-44, -65, and -87).

  3. FIPS 205 – SLH-DSA (based on SPHINCS+)

    A stateless hash-based signature scheme that offers conservative, hash-based security with larger signatures. It’s useful where long-term robustness is paramount. SLH-DSA supports 12 parameter sets, offering flexible choices across three security categories:

    • Category 1 – Equivalent to breaking AES-128 or SHA-256 with brute force. Provides strong protection for general-purpose applications.
    • Category 3 – Equivalent to breaking AES-192. Intended for environments that require stronger resistance against both classical and quantum adversaries.
    • Category 5 – Equivalent to breaking AES-256. Offers the highest level of long-term security, suitable for critical infrastructure, defense, and data that must remain confidential for decades

All three FIPS became effective on August 14, 2024, per the Federal Register notice. That means they are approved for U.S. federal use and serve as a clear signal to industry to begin adoption.  

Newer NIST Standards: FN-DSA (FALCON) and HQC

  • FALCON (to be standardized as FN-DSA / FIPS 206 – draft)

    NIST indicated that a fourth digital signature standard, based on FALCON, would be released in draft as FIPS 206. FALCON is a compact, fast lattice-based signature, useful where small signatures and high throughput matter. As of 2025, it’s progressing through the standardization pipeline.

  • HQC selected for standardization (KEM)

    In March 2025, NIST selected HQC as an additional KEM to standardize from its “fourth round” candidates. Draft standardization work follows the selection. Organizations planning for crypto-agility should track HQC’s progress so they can evaluate it alongside ML-KEM.

How to Think About the Algorithms

  1. KEMs for key establishment
    • ML-KEM (FIPS 203): Primary, high-performance default for most applications today.
    • HQC (selected 2025): Additional code-based KEM coming down the standards track. Organizations should watch drafts to compare performance and implementation trade-offs.
  2. Digital signatures
    • ML-DSA (FIPS 204): It is the most versatile choice. It balances security and efficiency, making it a strong default for tasks such as code signing, document signing, and authentication protocols.
    • SLH-DSA (FIPS 205): It takes a more conservative approach. It is hash-based, which results in larger signatures, but the security assumptions are simple and well understood, making it especially attractive for long-term robustness.
    • FN-DSA / FALCON (draft FIPS 206): It is still in the draft stage. It offers compact signatures and very high performance, which makes it appealing in scenarios where bandwidth is limited or speed is critical. Organizations should keep an eye on its progress toward final approval.

Why NIST PQC Standards Matter Right Now

  • They’re finalized and effective: The first three FIPS are not experimental, they’re approved and ready for federal and commercial adoption.  
  • Quantum timelines are uncertain, but data has a long shelf life: Even though large, code-breaking quantum computers are not here yet, adversaries can harvest now, decrypt-later. Moving to NIST-approved PQC reduces that risk.  
  • They enable crypto-agility: Designing systems to swap algorithms (e.g., ML-KEM today, HQC later if needed) ensures you’re not locked in. 
  • Cryptographic transition takes time: The shift to new cryptographic standards is a slow and complex process. It requires updating hardware, software, and protocols across entire systems. It’s a multi-year effort that involves extensive planning, testing and deployment. 

PQC Advisory Services

Prepare for the quantum era with our tailored post-quantum cryptography advisory services!

Key FAQs on NIST PQC Standards

Are the NIST approved PQC algorithms drop-in replacements? 
Often yes for KEMs and signatures but expect larger keys/signatures and different performance profiles. Benchmark in your environment. 

Do I need both ML-DSA and SLH-DSA? 
Not necessarily. Most will use ML-DSA for general-purpose applications. SLH-DSA is reserved for situations that demand the absolute highest level of long-term security.

  • ML-DSA is fast and efficient, making it ideal for the majority of use cases like code signing, firmware updates, and secure communication protocols. 
  • SLH-DSA’s security relies on well-understood hash functions, providing very strong long-term assurance. You’d use this for data that needs to be verifiably secure for decades, such as government archives, legal documents, and critical infrastructure data. 

What about Classic McEliece or BIKE? 
NIST evaluated multiple fourth-round KEMs and selected HQC for standardization in 2025. Others may continue in different forums, but NIST’s path forward is ML-KEM plus HQC.  

When will FALCON be finalized? 
NIST flagged FIPS 206 (FN-DSA/FALCON) for draft release and subsequent finalization steps. Track NIST announcements to time adoption plans. 

How Can Encryption Consulting Help?

If you’re still unsure where to begin your post-quantum journey, Encryption Consulting is here to guide you. As your trusted partner, we’ll support you at every stage, offering clarity, confidence, and proven expertise. 

PQC Assessment

We start by mapping your current cryptographic landscape. This involves discovering and inventorying all cryptographic assets like certificates, keys, and related dependencies. We then evaluate which systems are vulnerable to quantum threats and review the readiness of your PKI, HSMs, and applications. This leads to a detailed cryptographic inventory, quantum risk impact analysis, and a clear, prioritized action plan.  

PQC Strategy & Roadmap

Next, we design a tailored migration strategy aligned with your business goals. This includes updating cryptographic policies in line with NIST and NSA guidelines, creating governance frameworks, and embedding crypto agility principles so your systems remain adaptable. This leads to a comprehensive PQC strategy, a crypto-agility framework, and a phased migration roadmap built around your priorities and timelines.  

Vendor Evaluation & Proof of Concept

Selecting the right solutions is critical. We help you define RFP/RFI requirements, shortlist the most suitable vendors for PQC algorithms, key management, and PKI, and conduct proof-of-concept testing in your environment. This gives you a vendor comparison report and tailored recommendations to support informed decision-making. 

PQC Implementation

With the plan in place, we assist in deploying post-quantum algorithms within your infrastructure: PKI, enterprise apps, or broader ecosystems. We also enable hybrid cryptography models, ensuring seamless integration across cloud, on-prem, and hybrid environments. This helps in validated interoperability, strong documentation, and hands-on training so your team can manage and maintain the system confidently. 

Pilot Testing & Scaling

Before enterprise-wide deployment, we run controlled pilot tests to validate performance and resolve integration issues. Once optimized, we support a phased rollout to replace legacy algorithms, minimize disruption, and maintain compliance. This enables smooth, scalable deployment with ongoing monitoring and optimization to keep your systems secure and future safe. 

Conclusion

The release of the first finalized NIST PQC Standards marks a turning point in the way organizations secure data. With ML-KEM, ML-DSA, and SLH-DSA already standardized, we now have a clear roadmap for building systems that can withstand the era of quantum computing. The upcoming FIPS 206 standard will further fortify our digital signature defenses. By adopting these standards early, while also designing for crypto-agility, you not only reduce the risk of “harvest-now, decrypt-later” attacks but also ensure that your infrastructure remains secure for decades to come. The sooner organizations embrace NIST PQC Standards, the better prepared they will be for a quantum future.

Whether you’re just exploring where to begin or already prepared to move into implementation, the key is to take that first step and keep building momentum. And if you’re seeking a trusted partner to guide you along the way, we’re here.

At Encryption Consulting, we’re committed to helping you move forward with clarity, confidence, and a strategy tailored to your goals. Let’s get started and ensure your organization is protected, not only today, but well into the future.