The National Institute of Standards and Technology (NIST) has transitioned nine cryptographic algorithms to the third round of its Additional Digital Signature Selection Project, as detailed in NIST Internal Report (IR) 8610. Initiated in September 2022 to diversify the post-quantum cryptography (PQC) portfolio beyond structured lattice-based designs—such as the previously standardized ML-DSA and FN-DSA schemes—the project tracks general-purpose signatures optimized for alternative security assumptions, short signatures, and accelerated verification. The second evaluation round concluded on May 14, 2026, following 18 months of public cryptanalysis, performance benchmarking, and architectural updates presented at the Sixth NIST PQC Standardization Conference in September 2025. Five algorithms—CROSS, LESS, Mirath, PERK, and RYDE—were eliminated from further standardization consideration due to uncompetitive performance trade-offs or security vulnerabilities identified during the second round.
Technical Architecture & Specifications / Operational Implementation
The nine advancing candidates are categorized across four distinct mathematical modalities: lattice-based, isogeny-based, Multi-Party Computation in the Head (MPCitH), and multivariate cryptography. HAWK, the sole lattice-based advance, utilizes integer-only arithmetic over cyclotomic rings to solve the Search Module Lattice Isomorphism Problem (smLIP) of rank 2 and the One-More-Shortest-Vector Problem (omSVP), avoiding the floating-point dependencies of Falcon. SQIsign relies on the hardness of finding isogenies between supersingular elliptic curves, incorporating higher-dimensional isogenies in its structural redesign to compress public-key and signature sizes to 148 bytes at security category 1. The MPCitH category comprises FAEST, MQOM, and SDitH; FAEST implements the VOLE-in-the-Head framework via the QuickSilver protocol to prove AES constraints, while MQOM relies on the multivariate quadratic (MQ) problem optimized through Threshold Computation in the Head (TCitH). SDitH bases its security on the syndrome decoding problem for unstructured binary linear codes. The final four candidates—UOV, MAYO, QR-UOV, and SNOVA—are multivariate schemes based on the Unbalanced Oil and Vinegar framework. SNOVA and MAYO employ aggressive structural transformations to minimize public keys, while QR-UOV uses quotient rings over odd-characteristic fields to achieve resistance against algebraic “wedge” attacks that compromised several characteristic-2 parameter sets during second-round cryptanalysis.
Strategic Positioning & Ecosystem Integration
The third round marks a two-year evaluation phase focusing on implementation security, formal proof verification, and resistance to physical attack vectors. Submission teams have until August 14, 2026, to submit finalized specification updates and implementation modifications (“tweaks”) to address known cryptanalytic vulnerabilities, such as adjusting multivariate parameters to mitigate exterior product and small-field attacks. NIST will evaluate the candidates based on their integration suitability within production internet protocols, including TLS, SSH, IPsec, and DNSSEC. Computational efficiency benchmarks will target the NIST reference platform alongside constrained hardware environments to evaluate constant-time, side-channel-resistant implementations. The evaluation timeline culminates in the 7th NIST PQC Standardization Conference, scheduled for late spring or early summer 2027 in Gaithersburg, Maryland, where performance data and formal security reductions in the Quantum Random Oracle Model (QROM) will guide subsequent standardization selections.
You can find the official announcement regarding the Additional Digital Signature Schemes here, view the initial publication metadata here, download the comprehensive NIST IR 8610 report PDF here, and read the historical context from the Quantum Computing Report here.
May 18, 2026
Leave A Comment