In August 2024, NIST made history by releasing the first-ever post-quantum cryptographic standards. FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) represent years of rigorous research and testing, providing organizations with standardized, quantum-resistant algorithms they can confidently deploy.
FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)
FIPS 203, derived from the CRYSTALS-Kyber algorithm, standardizes a key encapsulation mechanism (KEM) for securely exchanging cryptographic keys. Key exchange is fundamental to virtually all secure communications—every time you visit an HTTPS website or send an encrypted message, a key exchange occurs.
ML-KEM offers three security levels:
- ML-KEM-512: Roughly equivalent to AES-128 security
- ML-KEM-768: Roughly equivalent to AES-192 security
- ML-KEM-1024: Roughly equivalent to AES-256 security
The algorithm is based on the hardness of the Module Learning With Errors (MLWE) problem, a lattice-based mathematical challenge that remains difficult for both classical and quantum computers.
FIPS 204: Module-Lattice-Based Digital Signature Algorithm (ML-DSA)
FIPS 204, derived from CRYSTALS-Dilithium, provides quantum-resistant digital signatures. Digital signatures authenticate the source of messages and ensure data hasn't been tampered with—essential for everything from software updates to financial transactions.
ML-DSA also offers three security levels:
- ML-DSA-44: Category 2 security (comparable to SHA-256/AES-128)
- ML-DSA-65: Category 3 security (comparable to AES-192)
- ML-DSA-87: Category 5 security (comparable to AES-256)
Performance Characteristics
ML-DSA-65 (Dilithium3) achieves signing in approximately 60µs and verification in 39µs on modern hardware—fast enough for real-time authentication at scale.
Key Size Considerations
One significant change from classical cryptography is key size. Post-quantum algorithms require larger keys:
- ML-KEM-768 public keys: 1,184 bytes (vs. 32 bytes for X25519)
- ML-DSA-65 public keys: 1,952 bytes (vs. 32 bytes for Ed25519)
- ML-DSA-65 signatures: 3,293 bytes (vs. 64 bytes for Ed25519)
While larger, these sizes are manageable for most applications. The increased security against quantum attacks far outweighs the modest increase in bandwidth and storage requirements.
Migration Strategies
NIST recommends a phased approach to adopting these standards:
- Inventory: Identify all systems using public-key cryptography
- Prioritize: Focus first on systems protecting long-lived secrets
- Hybrid deployment: Run classical and PQC algorithms in parallel during transition
- Full migration: Eventually deprecate classical algorithms entirely
Compliance Timeline
Federal agencies and their contractors face mandatory compliance timelines. The broader industry should anticipate similar requirements from regulators and customers. Starting your migration now provides ample time to test, iterate, and ensure a smooth transition.
FIPS 203 and 204 represent a watershed moment in cryptography. They provide the standardized foundation organizations need to begin their quantum-resistant journey with confidence.
Ready to Go Quantum-Secure?
Start protecting your users with post-quantum authentication today. 1,000 free auths, no credit card required.
Get Free API Key →