| Standard | Algorithm | Type | Replaces | Status |
|---|---|---|---|---|
| FIPS 203 | ML-KEM (Kyber) | Key encapsulation | RSA / ECDH key exchange | Final |
| FIPS 204 | ML-DSA (Dilithium) | Digital signature | RSA / ECDSA signatures | Final |
| FIPS 205 | SLH-DSA (SPHINCS+) | Hash-based signature | Conservative signature fallback | Final |
| FIPS 206 | FN-DSA (FALCON) | Compact signature | Constrained / IoT signing | Draft |
// POST_QUANTUM_STANDARDS
NIST Post-Quantum Standards.
In August 2024, the U.S. National Institute of Standards and Technology (NIST) finalized the first post-quantum cryptographic standards — algorithms engineered to resist attacks from both classical and quantum computers. After an eight-year public competition, they are no longer research. They are federal standards, and migration begins now. Secuur is built on them.
The four standards.
Three are final. One is still in draft. Together they replace the public-key cryptography — RSA and elliptic curve — that a quantum computer can break.
01
NIST FIPS 203 · Final
CRYSTALS-Kyber
ML-KEM
Key encapsulation mechanism. Lattice-based (Module-LWE). The drop-in replacement for RSA and ECC key exchange — NIST's primary recommendation for TLS and hybrid key establishment. This is the one Secuur deploys to protect your data in transit.
02
NIST FIPS 204 · Final
CRYSTALS-Dilithium
ML-DSA
Digital signature algorithm. Lattice-based (Module-LWE / SIS). The primary replacement for ECDSA and RSA signatures — recommended for code signing, TLS certificates and document authentication.
03
NIST FIPS 205 · Final
SPHINCS+
SLH-DSA
Hash-based digital signatures. Security rests solely on hash-function properties — the most conservative, best-understood assumption in cryptography. Larger signatures, but independent of lattice math: the safe fallback.
04
NIST FIPS 206 · Draft
FALCON
FN-DSA · draft
Fast lattice-based signatures (NTRU lattices). Compact signature sizes — ideal for constrained devices, IoT and bandwidth-limited environments. Draft standard, finalization underway.
At a glance.
What each standard does, and what it replaces.
What these standards mean for your business
Standardization is the starting gun, not the finish line. These algorithms are now the global reference point — vendors, browsers, cloud providers and regulators are aligning to them, and compliance frameworks such as CNSA 2.0 require them. The work ahead is migration.
The good news: you don't have to bet the business on a brand-new algorithm. The industry standard is hybrid key exchange — running classical X25519 and post-quantum ML-KEM-768 together so the connection only breaks if both are broken. Google, Cloudflare and Apple already ship exactly this. Secuur deploys it by default.
Where to start
Begin with FIPS 203 (ML-KEM). It protects data in transit — the part exposed to Harvest Now, Decrypt Later — and a hybrid deployment requires no changes to your applications. Signatures (FIPS 204 / 205) follow as your certificate authorities and vendors add support.
Want to know where you stand today? Run a free Readiness Scan — we negotiate a real handshake with your domain and return an A–F grade in about 20 seconds. Or read the complete post-quantum cryptography guide and the deep dive on the NIST standards.
Frequently asked questions
What are the NIST post-quantum cryptography standards?
In August 2024, NIST finalized the first post-quantum standards: FIPS 203 (ML-KEM) for key encapsulation, FIPS 204 (ML-DSA) for digital signatures, and FIPS 205 (SLH-DSA) for hash-based signatures. FIPS 206 (FN-DSA, based on FALCON) is in draft. All are designed to resist attacks from both classical and quantum computers.
What is the difference between FIPS 203 and FIPS 204?
FIPS 203 (ML-KEM) is a key encapsulation mechanism used to establish shared secret keys — it replaces RSA and ECDH key exchange. FIPS 204 (ML-DSA) is a digital signature algorithm used to prove identity and integrity — it replaces RSA and ECDSA signatures.
Is FIPS 206 (FALCON) finalized?
No. As of 2026, FIPS 206 (FN-DSA, based on the FALCON algorithm) is still in draft. The three finalized standards are FIPS 203, 204 and 205, published in August 2024.
Which NIST standard should my business use first?
Start with FIPS 203 (ML-KEM). It protects data in transit by securing the TLS and VPN key exchange against Harvest Now, Decrypt Later, and it can be deployed in hybrid mode (X25519 + ML-KEM-768) with no application changes.