Post-Quantum Cryptography
NIST ran a 4-year global competition. These are the algorithms that survived.
The Shape of the Problem (No Equations)
Classical cryptography (RSA, ECDSA) relies on mathematical problems that are easy to verify but hard to solve: factoring large numbers, finding discrete logarithms. Quantum computers, running Shor's algorithm, can solve these problems efficiently.
Post-quantum cryptography uses different hard problems, ones that quantum computers cannot solve efficiently. The most promising class is lattice-based cryptography. A lattice is a grid of points in high-dimensional space. Finding the shortest vector in that grid is computationally hard for classical computers and for quantum computers.
The intuition: adding more dimensions does not help a quantum computer the way it helps with factoring. The problem stays hard regardless of the computational model.
NIST's Four-Year Global Competition
In 2016, the US National Institute of Standards and Technology issued an open call: submit post-quantum cryptographic algorithms. Teams from universities, corporations, and governments around the world submitted 82 candidates.
NIST ran multiple rounds of public cryptanalysis. Thousands of researchers worldwide tried to break every submission. After four rounds over eight years, four algorithms were selected.
In 2024, NIST published them as federal standards. These are not proposals or experiments. They are ratified standards, numbered FIPS 203, 204, 205, and 206.
The Four Algorithms
ML-DSA (formerly CRYSTALS-Dilithium)
A lattice-based digital signature scheme. This is the primary replacement for ECDSA and Ed25519 in signing operations. Designed for long-lived keys where security margin matters more than signature size. Used in QNTM for validator keys.
FN-DSA (formerly FALCON)
Also lattice-based, using NTRU lattices. Produces smaller signatures than ML-DSA. The compact size matters when signatures are embedded in every transaction. Used in QNTM for transaction signatures where throughput matters.
ML-KEM (formerly CRYSTALS-Kyber)
A key encapsulation mechanism, not a signature scheme. Used for establishing encrypted channels, the post-quantum replacement for the key exchange step in TLS. Used in QNTM for node-to-node communication, protecting network traffic from harvest-now-decrypt-later attacks.
SLH-DSA (formerly SPHINCS+)
Hash-based, not lattice-based. Extremely conservative security assumptions. It relies only on the security of hash functions, which are already quantum-resistant. Larger signatures but the most battle-tested security argument. Available in QNTM as an optional fallback.
The Trade-Off: Signature Sizes
Post-quantum signatures are larger than classical ones. This is a real cost. The question is not whether larger signatures are ideal. they are not. The question is whether the security guarantee is worth it. For a financial system that will exist for decades, the answer is yes.
| Algorithm | Type | Sig size | Key size | Quantum safe? |
|---|---|---|---|---|
| ECDSA (secp256k1) | Elliptic curve | 64 bytes | 32 bytes | No |
| Ed25519 | Elliptic curve | 64 bytes | 32 bytes | No |
| ML-DSA-65 (FIPS 204) | Lattice | ~3,293 bytes | ~1,952 bytes | Yes |
| FN-DSA-512 (FIPS 206) | NTRU lattice | ~666 bytes | ~897 bytes | Yes |
| SLH-DSA-128s (FIPS 205) | Hash-based | ~7,856 bytes | 32 bytes | Yes |
"These are not experimental algorithms. They are published federal standards that every US government agency is required to migrate to by 2035."