Xplaination
← Back to all articles
AI May 25, 2026 · 5 tags

NIST Just Added Nine Quantum-Proof Digital Signatures — Here's Why That Matters

NIST advanced nine post-quantum signature algorithms to the third round. Most people have no idea what that means — and why it could save your data.

#post-quantum-cryptography#NIST#cybersecurity#education#encryption

The Digital Locksmith You’ve Never Met

Imagine someone is copying the keys to every bank vault, government archive, and private email system on the planet — not to steal from them today, but to wait. To wait until someone builds a machine powerful enough to walk into those vaults and open them without touching the locks.

That’s the quantum threat to cryptography. And NIST, the U.S. agency responsible for standards that quietly keep the digital world from collapsing, just handed us a new set of locks.

On May 15, 2026, NIST announced that nine digital signature algorithms had advanced to the third round of its post-quantum cryptography (PQC) standardization process. The selected algorithms: FAEST, HAWK, MAYO, MQOM, QR-UOV, SDitH, SNOVA, SQIsign, and UOV.

Most of us — including most people who work in tech — have no idea what that means. So let’s fix that.

What Is Post-Quantum Cryptography?

Cryptography is how we keep things secret on the internet. The encryption protecting your online banking, your private messages, and your medical records relies on mathematical problems that are hard for classical computers to solve.

Here’s the problem: quantum computers, once they become powerful enough, will solve those same problems easily. An algorithm called Shor’s algorithm can break the math behind RSA and ECC — the two encryption systems that hold together the entire internet’s security infrastructure.

Post-quantum cryptography is cryptography designed to resist attacks from quantum computers. It’s not magic — it’s just using different mathematical problems that even a quantum computer would struggle with.

Why Nine Algorithms? Why Not Just One?

Great question. For a while, NIST’s PQC standardization process had already finalized three core algorithms: ML-KEM for key encapsulation, ML-DSA for digital signatures, and SLH-DSA for hash-based signatures. That’s the foundation.

But in 2022, NIST opened a separate call for additional signature algorithms. The goal wasn’t redundancy — it was diversity. Different mathematical approaches mean that if one approach gets broken by future cryptanalysis, the others survive.

Think of it like having different types of locks on your front door. If someone figures out how to pick one, they still can’t get in.

The 2022 call attracted 50 submissions. NIST whittled those down to 40 first-round candidates, then 14 second-round finalists. The nine that advanced this month represent four different mathematical families:

  • Lattice-based (HAWK): Relies on the difficulty of finding short vectors in high-dimensional lattices
  • Multivariate (MAYO, MQOM, QR-UOV, UOV): Based on solving systems of multivariate polynomial equations
  • Hash-based (SDitH): Uses cryptographic hash functions as the foundation
  • Isogeny-based (SQIsign): Relies on the mathematics of elliptic curve isogenies — the same family that saw the spectacular collapse of the SIKE scheme last year

The Stars of the Show

A few of these candidates deserve special attention:

SQIsign is arguably the most distinctive. Its public keys and signatures are among the smallest of any PQC candidate — making it ideal for certificate systems and firmware updates where bandwidth matters. Despite being built on the same mathematical family that saw SIKE collapse in 2023, SQIsign’s architecture is fundamentally different and has withstood all attacks. NIST noted that second-round refinements improved its signing speed by roughly 20x.

HAWK stands out because it eliminates Falcon’s reliance on floating-point arithmetic, using only integer operations. That makes it easier to implement securely on constrained devices like smart cards and IoT sensors — the kinds of things we don’t think about encrypting until they get hacked.

FAEST takes a conservative approach, relying heavily on well-established symmetric primitives like AES. If you trust AES, you can trust FAEST. That simplicity is its strength.

The “Harvest Now, Decrypt Later” Problem

This isn’t theoretical. A threat called “Harvest Now, Decrypt Later” (HNDL) is already happening. Adversaries are collecting encrypted data today — government secrets, corporate intellectual property, medical records — knowing that when quantum computers arrive, they’ll be able to decrypt everything they’ve been hoarding.

Every day we delay migration to quantum-resistant algorithms, that hoarding problem gets worse. NIST itself recommends that organizations begin migration now, with full deprecation of quantum-vulnerable algorithms targeted for 2035.

But the migration is notoriously difficult. Cryptography isn’t an app you patch. It’s baked into operating systems, network protocols, firmware, and hardware. It’s the plumbing of the internet, and you can’t replace the pipes while the water is still flowing.

What You Should Do

If you’re a regular internet user: relax. Your password and browsing data are fine for now. The threat is to long-lived data — things that need to stay secret for decades.

If you work in tech, security, or infrastructure: start inventorying what cryptographic systems you depend on. Know which algorithms are quantum-vulnerable. Start planning migration. The window is closing.

If you’re a policy maker or executive: this is infrastructure, not IT. The migration will take years and cost real money. Treat it like upgrading a building’s electrical system — you do it while the building’s still standing, because waiting until the wires are on fire is not a strategy.

Quiz Time

Q1: What is the main threat that post-quantum cryptography is designed to resist?

A) Classical computers getting faster B) Quantum computers breaking RSA and ECC encryption C) Hackers with really good passwords D) AI writing better malware

Click to reveal answer **Answer: B.** Quantum computers running Shor's algorithm can efficiently break the mathematical foundations of RSA and ECC — the encryption systems that secure most internet traffic today.

Q2: Why did NIST advance nine additional signature algorithms instead of just picking one?

A) They ran out of interesting math problems B) Diversity ensures survival if one approach gets broken C) The algorithm selection process was broken D) Nine is a lucky number

Click to reveal answer **Answer: B.** Different mathematical families provide resilience. If cryptanalysis breaks one approach, others survive. It's cryptographic insurance.

Q3: What is “Harvest Now, Decrypt Later”?

A) Mining cryptocurrency before the quantum era B) Collecting encrypted data today to decrypt when quantum computers are powerful enough C) A new type of AI attack D) The process of harvesting data for PQC testing

Click to reveal answer **Answer: B.** Adversaries are already collecting encrypted data they can't read today, betting they'll be able to read it once quantum computers arrive. This makes the threat immediate, not future.

The Bottom Line

NIST’s latest move isn’t a headline-grabbing event. No new product will ship with these algorithms tomorrow. But behind the scenes, the digital locksmiths are working on the locks that will protect our data for the next fifty years.

The quantum era isn’t coming. It’s already at the door. The question isn’t whether we’ll need these new algorithms — it’s whether we’ll be ready in time to install them before someone finds a master key.