SLH-DSA Quantum-Resistant Signature Solutions

Last week #NIST released three post-#quantum #encryption standards. Why is this significant? Put simply, from a practical standpoint: risk management and compliance. First, on risk management: experts now say that quantum computing is less than a decade away. Quantum computers are expected to have the power to search large keyspaces very quickly, which means they will be able to decrypt current encryption. Moreover, it is entirely plausible that encrypted information recorded today is being stored for decryption when quantum computing becomes available. If you speculatively apply quantum-resistant encryption to your data now, you will reduce the risk of an adversary being able to successfully exploit your data when they have access to quantum computing. Second, on compliance: NIST is the governing body for standards in the USA, and many other nations take their encryption standards from NIST, as they do not have resources at the same scale as NIST. You can be certain that NIST-approved post-quantum algorithms will start being mentioned in various compliance checklists, as is the case currently with algorithms such as AES-256 and SHA-256. Note well that these algorithms have #FIPS numbers associated with them - meaning "Federal Information Processing Standard". Briefly, the approved algorithms are: 🔒 ML-KEM, for encrypted key exchange, as FIPS 203 🔒 ML-DSA, for digital signatures, as FIPS 204 🔒 SLH-DSA, for stateless hash-based digital signatures, as FIPS 205 There is a fourth algorithm, FN-DSA, also used for digital signatures, that is expected to be released in the next year.

After an extensive 8-year selection process, NIST has finally published the post-quantum cryptography standards. Out of an initial pool of 69 candidates, three final algorithms have been published today: ML-KEM, ML-DSA, and SLH-DSA. This is a significant milestone for the industry, and with this development, there is no reason to delay any action Implementing these algorithms will be complex. Careful prioritization needs to happen to select the systems that need to be migrated first – in particular, those that are susceptive to "harvest now, decrypt later" attacks, incompatible with the new standards, or requiring extensive re-architecture. Moreover, NIST advises caution when implementing post-quantum cryptography: with various parameters and security levels possible, improper implementation may easily occur. Proper experimentation, benchmarking and validation is essential.

Aptos Moves Early on Post-Quantum Security With Opt-In Signatures Introduction Quantum computers are not yet capable of breaking blockchain cryptography, but the risk is no longer treated as purely theoretical. Aptos has become one of the first major production blockchains to propose native post-quantum signatures, signaling a strategic shift toward long-term cryptographic resilience rather than reactive defense. What Aptos Is Proposing • Aptos Labs introduced Aptos Improvement Proposal 137 to add post-quantum signature support at the account level. • The proposal introduces SLH-DSA, a hash-based digital signature scheme standardized as FIPS 205. • Post-quantum signatures would be optional and opt-in only, leaving existing accounts and cryptography unchanged. • If approved, Aptos would be among the earliest live blockchains to support post-quantum accounts natively. Why Quantum Risk Is Being Taken Seriously • Aptos cited growing momentum in quantum research, including scaling discussions from IBM. • The proposal references recent post-quantum cryptography standards released by National Institute of Standards and Technology. • Developers warn that cryptographically relevant quantum computers could eventually forge today’s digital signatures, potentially compromising historical account security. Aptos in the Broader Blockchain Landscape • Aptos is a layer-1 proof-of-stake network focused on decentralized and consumer-facing applications. • Asset managers including BlackRock and Franklin Templeton have deployed tokenized real-world asset products on the network. • Other networks are also preparing quietly. Solana recently tested quantum-resistant transactions on a dedicated testnet. • Bitcoin remains divided, with some advocating early work on quantum resistance and others arguing that highlighting distant threats risks unnecessary market fear. Why This Matters Aptos is treating quantum risk as an engineering timeline problem, not a crisis. By offering opt-in post-quantum accounts, it signals preparedness without undermining confidence in current security. This approach mirrors how infrastructure-heavy systems manage low-probability, high-impact risks. As standards mature and timelines clarify, Aptos’s early move may prove less about urgency and more about credibility, flexibility, and long-term trust in an era of cryptographic transition. I share daily insights with 36,000+ followers across defense, tech, and policy. If this topic resonates, I invite you to connect and continue the conversation. Keith King https://lnkd.in/gHPvUttw

Recent research from Shanghai University demonstrated quantum annealing attacks on RSA encryption. But here's what you really need to know about our quantum-ready future: The Current Landscape: - NIST finalized quantum-resistant standards - Two approved signature methods: ML-DSA & SLH-DSA - One key exchange method: ML-KEM - DWave quantum annealer cracked 50-bit RSA 🔍 Breaking Down Our Quantum-Safe Tools: 1. ML-DSA (Dilithium) - The "speed champion" for signatures - Efficient for most enterprise uses - Smaller signatures than alternatives - Based on lattice cryptography - Already being implemented by Google 2. SLH-DSA (SPHINCS+) - The "security champion" - Incredibly small keys (32-64 bytes) - Larger signatures (17KB) - Based on hash functions - Perfect for high-security needs 3. ML-KEM (Kyber) - The future of secure key exchange - Replacement for current RSA/DH - Strong performance characteristics - Currently being tested in Chrome The Reality Check: - Current 2048-bit RSA remains safe... for now - Quantum capabilities doubling every ~6 months - "Harvest now, decrypt later" attacks are real - We have standards - implementation is key 🎯 Smart Next Steps for Leaders: 1. Identify systems using pre-quantum crypto 2. Plan for larger signature storage needs 3. Consider hybrid classical/quantum-safe approaches 4. Build quantum-safe requirements into new projects 5. Watch market leaders' implementation strategies Why This Matters: - Quantum computing access is expanding - Standards are set - action is needed - Early adoption = competitive advantage - Security compliance will require updates The Bottom Line: We're not facing a quantum apocalypse, but we are in a critical transition period. The organizations that thrive will be those that understand quantum isn't just coming - it's already being built into tomorrow's security standards. 💭 Questions for Leaders: - How are you planning your quantum-safe transition? - Have you identified your most vulnerable systems? - Which NIST standard aligns with your security needs? #Cybersecurity #QuantumComputing #Encryption #InfoSec #TechLeadership

The three finalized standards released today – CRYSTALS-Kyber, CRYSTALS-Dilithium, and Sphincs+ – contain the encryption algorithms’ computer code, instructions for how to implement them, and their intended uses. The fourth draft standard based on FALCON is planned for late 2024, NIST said. The CRYSTALS-Kyber algorithm – Federal Information Processing Standard (FIPS) 203 – is intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. It has been renamed Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). The CRYSTALS-Dilithium algorithm – FIPS 204 – is intended as the primary standard for protecting digital signatures. It has been renamed Module-Lattice-Based Digital Signature Algorithm (ML-DSA). The Sphincs+ algorithm – FIPS 205 – is also designed for digital signatures. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable. It has been renamed the Stateless Hash-Based Digital Signature Algorithm (SLH-DSA). Similarly, when the draft FIPS 206 standard built around FALCON is released, the algorithm will be dubbed FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm. https://lnkd.in/g8gYeQ5j.

🔒 NIST has released the final version of the first three Post-Quantum Cryptographic Standards based on algorithms designed to withstand attacks from powerful quantum computers🔐 About 2 years ago, NIST (the National Institute of Standards and Technology) selected four algorithms, which three of the four leverage mathematical structures known as lattices (which are like abstract algebraic structures), as their underlying foundation. The structure and properties of lattices make them well-suited for constructing encryption algorithms that are resistant to attacks by quantum computers. And they allow for efficient computations and key generations, which makes it practical for real-world implementation. They were FIPS designated, which stands for "Federal Information Processing Standards", and refers to the standards published by NIST for use in computer systems by the U.S. federal government and government contractors. These first three standards are now released: 🔒CRYSTALS-Kyber is now known as ML-KEM (FIPS 203) 🔒CRYSTALS-Dilithium is now ML-DSA (FIPS 204) 🔒Sphincs+ is now SLH-DSA (FIPS 205) The fourth one, FALCON, will be FN-DSA (FIPS 206) when the draft standard is released. 😎 FUN Fact: Did you know that there have only been 13 FIPS standards (including these 3 PQC standards) published by NIST since 2002? So, it's quite a historic milestone actually... Well, this is the beginning of a new era in digital security. 💻 With the release of these standards, organizations can now kick off or advance their post-quantum cryptography (PQC) remediation strategies to address the looming threat of quantum computers breaking current encryption methods like AES and RSA. 🏢 While the federal government is poised to be among the first movers, industries such as healthcare, finance, and technology are also expected to follow suit, as they store sensitive data that could be vulnerable to quantum attacks. 🕰️ Anyway, the transition to PQC will probably take years and require extensive planning... like they said, journey of a thousand miles begins with the first step. 😉 #CyberSecurity #QuantumComputing #NIST #PQC

Have you heard about post-quantum cryptography? When (or if) quantum computers become practical, today’s cryptographic algorithms won’t be secure anymore. We’ll need replacements. OpenSSL 3.5.0 just added support for three of these replacment algorithms: ML-KEM, ML-DSA, and SLH-DSA. They were standardized by NIST last August - after nearly a decade of work. What are those abbreviations? - ML-KEM is a key exchange algorithm that lets two parties generate a shared 32-byte secret. Like current key generation algorithms your browser or SSH client does at every connection. - ML-DSA and SLH-DSA are digital signature algorithms. SLH-DSA is specifically designed for systems with tight resource constraints -> a special interest for embedded developers. Should you switch all your crypto today? Not yet. There’s still work ahead to integrate these algorithms into full protocols like TLS. But you’ll be hearing about them more and more in the years to come. And you might start thinking about a migration path.

In 2024, NIST finalized its first post-quantum cryptography standards, ML-KEM, ML-DSA, and SLH-DSA. The UK NCSC and EU ENISA published aligned migration guidance shortly after. This is not a future concern. The standardisation phase is complete. The underlying problem is well-documented in cryptographic literature. Shor's algorithm, proposed in 1994, can solve the integer factorisation and discrete logarithm problems in polynomial time on a sufficiently large quantum computer. These are the same problems that RSA and ECC rely on for security. Current quantum hardware cannot run Shor's algorithm at cryptographically relevant scale. But the threat model does not require that capability to exist today. The "harvest now, decrypt later" attack strategy assumes that adversaries with long-term intelligence objectives are already collecting encrypted traffic , government communications, critical infrastructure data, proprietary research, and storing it for future decryption. The cryptographic exposure begins at the point of collection, not at the point of decryption. This shifts the risk calculation considerably. Migration to post-quantum cryptography is not straightforward. It requires a full cryptographic inventory, protocol-level replacements, library updates, and in many cases, hardware changes. For large organisations, realistic migration timelines run to several years. The standards exist. The guidance is consistent across major jurisdictions. The technical path is defined. What remains is an implementation and prioritisation problem, and the organisations that treat current regulatory signals as actionable are in a structurally better position than those waiting for enforcement. Migration debt, like technical debt, does not stay static. It grows.