The NIST Post-Quantum Cryptography Standardization Process

A deep dive into the brutal selection process that eliminated dozens of algorithms before defining the future of secure communication.

1. Introduction: The “Tower of Babel” Problem

Imagine walking into an electronics store to buy a charger for your smartphone. But in this alternate reality, USB-C was never invented. Instead, Apple has its own plug, Samsung has a different one, Google has another, and Lenovo uses something else entirely. If you borrow a friend’s laptop, you can’t plug your phone in. The ecosystem is fractured, frustrating, and chaotic.

This is exactly what would happen to the internet if we didn’t have Cryptographic Standards.

If every major tech company - Google, Microsoft, Amazon, and Apple - invented their own “quantum-proof” mathematical algorithms, the internet would shatter. An Apple iPhone wouldn’t be able to securely send a message to a Windows PC, and your Google Chrome browser wouldn’t be able to securely connect to a bank running on Amazon servers.

Furthermore, as we saw earlier, the golden rule of cryptography is Kerckhoffs’s Principle: Never invent your own secret math. Security requires algorithms to be public and intensely peer-reviewed.

To safely upgrade the entire planet to Post-Quantum Cryptography (PQC), the world needed a referee. We needed an organization to host a global competition, rigorously test every idea, and declare a single set of universal winners.

That referee is NIST. Today, we will explore the grueling, eight-year global “battle royale” that produced the internet’s new armor.

2. Who is NIST and Why Do We Trust Them?

NIST stands for the National Institute of Standards and Technology. It is a non-regulatory agency of the United States government.

You might wonder why the entire world (including Europe and Asia) blindly follows a US government agency for internet security. The truth is, they don’t follow blindly. NIST has earned global trust through decades of extreme transparency.

In the late 1990s, the world needed a new Symmetric encryption algorithm. Instead of creating one behind closed doors, NIST hosted a massive, public, international competition. Cryptographers from all over the world submitted algorithms, and the global community spent years trying to hack them. The winner of that competition was named AES (Advanced Encryption Standard), which still secures the internet today.

Because NIST’s process is radically open, globally inclusive, and heavily peer-reviewed, the international cybersecurity community universally adopts their winning standards.

When the quantum threat became undeniable, NIST stepped up to run the playbook again.

3. The Global Battle Royale: How the Process Worked

The NIST Post-Quantum Cryptography Standardization Process was not a quick vote. It was a brutal, multi-year mathematical gladiator tournament that began in 2016.

Round 1: The Call for Proposals (2017)

NIST asked the world’s brightest mathematicians, universities, and tech giants to submit their best PQC algorithms. They received 82 submissions from global teams.

These 82 algorithms were published openly on the internet. Then, NIST issued a simple challenge to the global hacker and academic community: “Break them.”

Round 2 & 3: The Great Culling (2019–2022)

This phase is governed by the science of Cryptanalysis - the study of breaking codes and finding hidden mathematical weaknesses.

During these rounds, researchers relentlessly attacked the submissions. It was a bloodbath.

• Many algorithms were broken within weeks.
• Some were mathematically secure, but required keys that were gigabytes in size, making them totally unusable for real-world networks (as we discussed in Week 10).
• Others were far too slow.

By the end of Round 3, the original 82 submissions had been brutally narrowed down to just a handful of finalists.

The Real-World Drama: The Fall of SIKE

To understand why this process took eight years, look at the dramatic story of an algorithm named SIKE.

SIKE was one of the top finalists in Round 4. It had survived years of intense scrutiny by the smartest quantum physicists and mathematicians on Earth. Tech giants were preparing to use it.

But in 2022, two researchers noticed a subtle mathematical flaw related to an obscure theorem from the 1990s. They wrote a script on a single, standard desktop PC. Within one hour , that standard PC completely shattered SIKE’s encryption.

If NIST had rushed the standardization process and deployed SIKE to the internet in 2020, every bank and government agency using it could have been hacked by a teenager with a laptop. The rigorous, slow peer-review process worked exactly as intended.

The NIST process was designed to be ruthless. Only the algorithms that survived years of global cryptanalysis were selected as standards.

4. The Selection Criteria: What Was NIST Looking For?

NIST wasn’t just looking for “the hardest math.” They were trying to solve the Goldilocks Problem. To win, an algorithm had to balance three critical factors:

1. Security against both Classical and Quantum Computers: (The absolute baseline requirement).
2. Performance and Speed: Can a cheap smartphone compute the algorithm instantly without draining its battery?
3. Key and Signature Size: Do the keys fit inside standard internet packets (1,500 bytes), or will they cause massive network fragmentation?

NIST also required algorithms for two different jobs. (Remember Week 2!)

• Job A: Key Encapsulation Mechanisms (KEMs). This is the PQC equivalent of Asymmetric Encryption. It is used to securely swap a Symmetric Key across the internet during a TLS Handshake.
• Job B: Digital Signatures. This is used to prove identity and authenticate software updates.

5. The Winners: Meet the New Standards

In August 2024, after eight years of grueling testing, NIST published the finalized Federal Information Processing Standards (FIPS). These are the official, finalized algorithms that the world is currently migrating to today.

As a developer, you will start seeing these names explicitly in your code libraries and server configurations:

1. ML-KEM (Formerly known as CRYSTALS-Kyber)

• Standard: FIPS 203
• The Job: Key Exchange (Establishing the secure connection).
• Why it won: It relies on “Lattice Math” (chaotic grids). It won because it is incredibly fast and its key sizes, while larger than classical ECC, are small enough (~1,100 bytes) to fit comfortably within internet packets. It is the new general-purpose shield of the internet.

2. ML-DSA (Formerly known as CRYSTALS-Dilithium)

• Standard: FIPS 204
• The Job: Digital Signatures (Proving identity).
• Why it won: Also based on Lattice Math, it provides highly efficient, fast signature verification, making it perfect for signing daily website certificates and authenticating servers.

3. SLH-DSA (Formerly known as SPHINCS+)

• Standard: FIPS 205
• The Job: Digital Signatures (Backup option).
• Why it won: NIST is smart; they don’t put all their eggs in one basket. If someone eventually discovers a fatal flaw in “Lattice Math,” ML-DSA will break. SLH-DSA uses entirely different math (Hash-based math). Its signatures are much larger and slower, but it serves as an ultra-secure, conservative backup plan.

Don’t worry if “Lattice Math” and “Hash-based math” sounds confusing right now. We will be discussing how these work in the upcoming articles!

6. The Real-World Impact (What is Happening Now?)

Now that the standards are officially published, the “Wild West” era is over, and the Deployment Era has begun.

This is no longer an academic exercise; it is an active engineering mandate.

• Software Libraries: Maintainers of massive open-source cryptographic libraries (like OpenSSL and BoringSSL) have actively integrated ML-KEM and ML-DSA.
• Government Mandates: The US National Security Agency (NSA) issued the CNSA 2.0 mandate, legally requiring all federal agencies and contractors to completely transition their web servers and networks to these new NIST standards by 2030, and all other systems by 2033.
• Hardware: Manufacturers of Hardware Security Modules (HSMs) - the physical secure chips inside servers and smartphones - are currently pushing firmware updates to support the new FIPS standards natively at the silicon level.

Summary

• The Problem: Without a global standard, the transition to PQC would result in a fractured, insecure internet where devices couldn’t communicate.
• The Referee: NIST hosted an 8-year global competition to find algorithms that balance security, speed, and key size.
• Cryptanalysis: Algorithms were published openly and subjected to years of hacking by the global community to weed out weak math (like the SIKE algorithm).
• The Final Standards: In August 2024, NIST officially standardized ML-KEM for secure key exchange, and ML-DSA / SLH-DSA for digital signatures.
• The Present Day: The tech industry is currently operating under strict mandates to implement these exact algorithms into all modern software and hardware.

What’s Next?

Terms like “Lattice Math” and “Hash-based Math” keep appearing quite often. To be a true authority on Post-Quantum Cryptography, you need to know more than just the names of the winning algorithms. You need to understand the fundamental architecture of the new puzzles we are using.

In the next article, we will take a high-level tour of the PQC landscape. We will explore the five distinct families of post-quantum math (Lattice, Code, Hash, Multivariate, and Isogeny) and discover the brilliant, chaotic ways mathematicians are confusing quantum computers.

---