IBM’s quantum-safe signature schemes advance in NIST’s PQC process
As NIST narrows down the list of candidates for the quantum-safe digital signatures of the future, IBM's collaborative efforts remain prominently featured with four candidates still in the latest Additional Quantum-Safe Digital Signature Competition selection process.
As the world prepares for the advent of quantum computing, securing digital communication against future threats has become a global priority. In response to this challenge, the US National Institute of Standards and Technology (NIST) has been leading the organization’s Post-Quantum Cryptography (PQC) Standardization process. IBM, alongside academic and industry partners, has played a crucial role in this effort.
NIST has already standardized a number of IBM-developed cryptographic algorithms, including ML-KEM, ML-DSA, and SLH-DSA, further underscoring the company's leadership in advancing secure computing solutions. Additionally, FN-DSA has been selected for standardization and will be formally standardized soon. When in 2023 NIST called for more proposals for digital signatures, IBM responded once again with three new candidates.
IBM’s contributions to the first round of NIST’s Additional Digital Signatures selection process were not solo efforts. Each of the three signature schemes — SQIsign, UOV, and MAYO — was developed by teams consisting of researchers from IBM alongside experts from universities and other research institutions worldwide. This reflects the highly cooperative nature of quantum-safe cryptography research, where expertise from different fields is essential to designing secure and efficient schemes. In a little more detail, the schemes were:
-
SQIsign: A unique isogeny-based signature scheme that boasts some of the smallest signature sizes and public key sizes among post-quantum candidates, at the cost of being somewhat slower than many other quantum-safe signatures. This work was conducted in partnership with researchers from multiple institutions with deep expertise in elliptic curve isogenies.
-
UOV (Unbalanced Oil and Vinegar): One of the most well-known multivariate signature schemes, UOV has been studied for decades. IBM Research worked closely with cryptographers from various institutions to refine and improve its security and performance for post-quantum applications. UOV has good performance, small signatures, but somewhat larger public keys.
-
MAYO: A multivariate-based signature scheme based on UOV, which aims to drastically reduce the public key size while still providing strong security, good performance and small signatures.
In October 2024, NIST narrowed down the list of candidates from 40 to 14. All three schemes submitted by IBM Research successfully advanced to the second round, demonstrating their potential to serve as secure alternatives in a quantum-safe world. The revised and improved candidates were submitted to NIST in February and are finally available from NIST’s website. They boast improved performance across the whole spectrum and more solid security foundations.
IBM Research’s commitment to collaboration in quantum-safe cryptography extends beyond its initial three submissions. In the second round of the NIST competition, IBM researchers joined the FAEST team. FAEST is a symmetric-based signature scheme that leverages well-understood cryptographic primitives to offer strong security guarantees. The scheme’s development has involved experts from academia, industry, and research institutions working together to create a viable, efficient, and secure post-quantum signature method.
With all four of these schemes now undergoing rigorous evaluation in the second round, the collaborative efforts among researchers from IBM, universities, and other research labs will be crucial in refining their security and performance. The NIST PQC standardization process remains a global effort, emphasizing the importance of teamwork in addressing the unprecedented challenges posed by quantum computing.
IBM Research’s involvement in these submissions is the result of both our deep expertise in cryptography, as well as our dedication to working alongside the broader research community to ensure a secure digital future. As these efforts continue, further collaboration will be essential to developing cryptographic standards that can withstand the quantum era.
It’s important to stress that, as NIST itself has stated, the ongoing selection process for digital signatures should not be interpreted to mean that users should wait to adopt quantum-safe algorithms. The ML-KEM, ML-DSA, and SLH-DSA standards are already excellent solutions and the urgency to adopt them should guide decision making towards becoming quantum safe sooner rather than later.