Understanding Post-Quantum Cryptography Standards and Algorithms

The global push toward quantum-safe security is accelerating, driven by the imminent threat posed by quantum computers to classical cryptographic algorithms. The National Institute of Standards and Technology (NIST) is leading the effort to standardize post-quantum cryptographic (PQC) algorithms, with finalized standards for encryption and digital signatures released in 2024.

NIST’s standardized post-quantum cryptographic algorithms include:

Encryption Standards:

• ML-KEM (formerly CRYSTALS-Kyber) – FIPS 203
• HQC – Selected in 2025 as a backup encryption standard (NIST IR 8545)

Digital Signature Standards:

• ML-DSA (formerly CRYSTALS-Dilithium) – FIPS 204
• SLH-DSA (formerly SPHINCS+) – FIPS 205
• Falcon – Finalized standard with FIPS documentation pending

Hash-Based Signatures (Pre-existing Standards):

• LMS – Specified in RFC 8554
• XMSS – Specified in RFC 8391

LMS and XMSS are stateful hash-based signature schemes previously standardized by the Internet Research Task Force (IRTF) and recommended by NIST for specific parameter configurations under NIST SP 800-208.

European Union Post-Quantum Cryptography Initiatives

In addition to NIST’s work, the European Union has taken proactive steps toward post-quantum cryptography adoption through national cybersecurity agencies:

• Germany’s BSI has released extensive guidance covering migration strategies and implementation recommendations for PQC.
• France’s ANSSI has published a detailed position paper on post-quantum cryptography.
• The UK’s NCSC outlines a three-phase timeline for organizations to transition to quantum-resistant encryption methods by 2035.

Other EU member states are developing similar frameworks, frequently aligning with NIST standards while accommodating regional requirements and threat models.

Certification Frameworks for Post-Quantum Cryptography

This article explores how industrial certification frameworks, including FIPS 140-3 and Common Criteria, apply to post-quantum cryptography and enable certified implementations that can resist future quantum-enabled attacks.

FIPS 140-3 Certification for Post-Quantum Cryptography

The Federal Information Processing Standard (FIPS) 140-3 governs cryptographic module validation in the United States. Certification involves rigorous evaluation by an accredited laboratory listed among NIST-accredited labs. This process ensures cryptographic modules meet defined security requirements and provides a high level of assurance for government and enterprise deployments.

A typical FIPS 140-3 certification process takes several months, involving detailed documentation, testing, and sometimes code corrections. Successfully certified modules are listed on the Approved Products List (APL) and may achieve levels ranging from Level 1 (basic security) to Level 4 (highest security).

(Source: NIST FIPS 140-3 Transition Effort)

The transition to PQC within the FIPS framework is already underway. Current Cryptographic Algorithm Validation Program (CAVP) listings include post-quantum algorithms for:

• Digital Signatures:
  • LMS (KeyGen, SigGen, SigVer)
  • ML-DSA (KeyGen, SigGen, SigVer)
  • SLH-DSA (KeyGen, SigGen, SigVer)
• Key Encapsulation:
  • ML-KEM (KeyGen, EncapDecap)

Notably, XMSS validation is not yet available through CAVP, despite its standardization.

Understanding CAVP vs. CMVP in PQC Certification

FIPS 140-3 certification involves two interrelated programs:

• Cryptographic Algorithm Validation Program (CAVP) ensures that cryptographic algorithms operate correctly using standardized test vectors. CAVP validation is a prerequisite for module-level certification.
• Cryptographic Module Validation Program (CMVP) evaluates the complete cryptographic module, ensuring it provides secure environments for processing, storing, and transmitting sensitive information. CMVP builds on CAVP results to assess the security architecture as a whole.

Common Criteria Certification and Post-Quantum Cryptography

While FIPS 140-3 dominates North America, Common Criteria (CC) is the international standard for IT security evaluation, defined in ISO/IEC 15408. Under CC, products are certified by national certification bodies as part of a mutual recognition framework. In 2024, the European Union established the EUCC (European Union Common Criteria) certification scheme to standardize these processes across member states.

The CC evaluation process features several key components:

• Protection Profiles (PPs): Standardized security requirements for specific product categories, used as templates for evaluations.
• Security Targets (STs): Define specific security functional requirements (SFRs) and security assurance requirements (SARs) for individual products.
• Evaluation Assurance Levels (EALs): Range from EAL1 (basic assurance) to EAL7 (highest assurance), dictating the depth and rigor of the evaluation.

Under CC, products define SFRs and SARs in their Security Targets, sometimes based on existing Protection Profiles. Once certified, products are publicly listed on the Common Criteria Portal.

Recent examples include:

• Infineon achieved Common Criteria EAL6 certification for implementing a post-quantum cryptographic algorithm in a security controller, certified by Germany’s BSI.
• Samsung obtained CC EAL 5+ certification for a post-quantum cryptography algorithm from the Netherlands’ NSCIB certification body.

Challenges in Post-Quantum Cryptography Implementation and Certification

While PQC standards and certification pathways are evolving rapidly, several implementation challenges remain:

• Performance Optimization: PQC algorithms often demand higher computational resources than classical algorithms, making efficient implementation critical for certification success.
• Side-Channel Resistance: High-assurance certifications require strong protections against side-channel attacks, especially challenging for lattice-based and code-based PQC schemes.
• Crypto Agility: Many organizations plan hybrid deployments combining classical and quantum-resistant algorithms, complicating certification strategies for mixed implementations.
• Quantum Security Evaluation: Security evaluation methods for PQC are not as mature as those for classical cryptography. New methodologies may be needed to assess quantum security effectively.

Understanding Side-Channel and Fault Injection Attacks

Side-channel resistance is critical in PQC certification because it demonstrates that implementations can withstand practical attacks. Side-channel analysis exploits information leakage through power consumption, electromagnetic emissions, or timing variations. Fault Injection (FI) attacks manipulate hardware or environmental conditions by using techniques such as clock glitches, laser beams, or electromagnetic pulses to introduce faults and extract secrets.

Examples include:

• Power Analysis: Techniques like Simple Power Analysis (SPA), Differential Power Analysis (DPA), and Correlation Power Analysis (CPA) have been shown to extract secrets from lattice-based cryptography with a few hundred traces.
• Fault Injection Attacks: Target cryptographic processes like key generation or decapsulation. Attacks on the Fujisaki-Okamoto transform can recover secret keys with a few thousand chosen ciphertext queries.
• Attacks on LWE-based Cryptosystems: Methods such as Belief Propagation (BP), greedy algorithms, and decryption failure oracles exploit vulnerabilities in lattice cryptography. Common attack targets include the Inverse Number Theoretic Transform (NTT), plaintext-checking oracles, and hamming weight leakage.

Countermeasures for Post-Quantum Cryptography Security

Mitigating side-channel and fault attacks in PQC implementations involves multiple countermeasures:

• Masking Techniques: Hide sensitive intermediate values during computation, though higher-order attacks can sometimes bypass these protections.
• Execution Randomization: Randomizing operation order and timing complicates side-channel analysis by attackers.
• Algorithmic Protections: Include input validation, intermediate result verification, and output consistency checks to detect or prevent attacks.
• Ciphertext Integrity Validation: Critical for defending against chosen-ciphertext attacks and preventing decryption failure oracles.
• Comprehensive Leakage Mitigation: Address various leakage types beyond power analysis, including hamming weight leakage, timing variations, and electromagnetic emissions.
• Noise Level Management: Implementations should assume conservative noise thresholds, as recent research shows attacks can succeed at noise levels previously deemed safe.

Given that modern attack techniques can break scenarios that were once computationally infeasible, PQC implementations should adopt a defense-in-depth approach, combining multiple layers of protection rather than relying on single countermeasures.

The Future of Post-Quantum Cryptography Certification

With NIST’s standardization of post-quantum cryptographic algorithms now complete, the industry has transitioned from theoretical research to real-world deployments. Certification frameworks like FIPS 140-3 and Common Criteria provide essential assurance that quantum-resistant cryptographic solutions are robust enough to protect sensitive data against future quantum threats.

Organizations preparing for a quantum future should prioritize PQC certification and robust side-channel protections as part of their long-term security strategies.

Ready to future-proof your cryptographic systems?

👉 Explore Kudelski Security’s Blockchain and Cryptography Services and discover how we help organizations secure their digital assets in a post-quantum world.