NIST (National Institute of Standards and Technology) is the world’s leading authority on cryptography standards. It decides which encryption algorithms are secure and which are not. Since 2016, NIST has been running a competition to select post‑quantum algorithms resistant to quantum computer attacks. In August 2024, NIST published the first three final standards (FIPS 203, 204, 205), and in March 2025 added a fifth backup algorithm (HQC). Cellframe is one of the very few blockchain platforms whose implementation of these algorithms has passed an external audit (Qverify) and fully complies with NIST standards.
What is NIST and what does it do?
NIST (National Institute of Standards and Technology) is a US federal agency founded in 1901. It is part of the US Department of Commerce and focuses on measurement science, technology standards, and innovation to boost industrial competitiveness.
NIST develops standards for information security, cryptography, metrology, and technical infrastructure. Its research labs produce findings that become the basis for national and international standards.
For the crypto industry, NIST matters for one reason: its standards become de facto global standards. If NIST approves an algorithm, it is considered safe for use in government systems, banks, and corporate infrastructure.
What are FIPS and SP – NIST’s main documents?
NIST publishes two main types of documents:
- FIPS (Federal Information Processing Standards) – mandatory standards for US federal agencies. They are approved by the Secretary of Commerce and cannot be ignored by government bodies.
- SP (Special Publications) – recommendatory documents. They provide guidelines, best practices, and technical details. Agencies may follow them with some flexibility.
In 2024–2025, NIST released a series of FIPS focused on post‑quantum cryptography. These have become the foundation for all future data protection.
| Document type | Status | Example | Who must comply |
|---|---|---|---|
| FIPS | Mandatory | FIPS 204 (ML-DSA) | US federal agencies |
| SP | Recommendatory | SP 800-208 | All organizations |
Which post‑quantum algorithms has NIST standardized?
Answer: NIST has standardized five post‑quantum algorithms resistant to quantum computer attacks. Three were published as final standards in August 2024, a fourth (Falcon) is expected soon, and a fifth (HQC) was added in March 2025 as a backup.
Table: NIST post‑quantum standards (2024–2026)
| FIPS | Algorithm | New name | Type | Purpose | Status |
|---|---|---|---|---|---|
| FIPS 203 | CRYSTALS-Kyber | ML-KEM | KEM | Primary for encryption | Final (Aug 2024) |
| FIPS 204 | CRYSTALS-Dilithium | ML-DSA | DSA | Primary for signatures | Final (Aug 2024) |
| FIPS 205 | SPHINCS+ | SLH-DSA | DSA | Backup (hash‑based) | Final (Aug 2024) |
| FIPS 206 | Falcon | FN-DSA | DSA | Compact signatures | Expected 2026–2027 |
| FIPS 207 | HQC | (xx-KEM) | KEM | Backup for ML-KEM | Draft 2026 → final 2027 |
NIST deliberately created backup algorithms based on different mathematics (lattices, hash functions, error‑correcting codes). If one type of attack breaks a lattice scheme, the others continue to protect data.
What does NIST’s PQC standardization process involve?
The process started in 2016 as an open competition. Cryptographers from around the world submitted algorithms, and NIST conducted years of analysis on security, performance, and resistance to attacks.
Key milestones:
| Date | Event |
|---|---|
| 2016 | PQC competition launched |
| 2022 | First four algorithms selected for standardization (Kyber, Dilithium, Falcon, SPHINCS+) |
| August 13, 2024 | First three final standards published (FIPS 203, 204, 205) |
| November 2024 | Draft migration roadmap released (NIST IR 8547) |
| March 11, 2025 | Fifth algorithm HQC selected as a backup KEM |
| 2026–2027 | Expected final publication of FIPS 206 (Falcon) and FIPS 207 (HQC) |
Dustin Moody, NIST’s PQC project lead, said: “We wanted to have at least two options in each category. If one algorithm is broken, systems can switch to another. That is critical for national security and global infrastructure.”
Why does NIST matter for blockchain?
Most blockchains (Bitcoin, Ethereum) are built on ECDSA cryptography, which will be broken by a quantum computer using Shor’s algorithm. NIST provides the only authoritative path to quantum safety: standardized post‑quantum algorithms.
However, adopting these standards in blockchains faces major challenges:
- Post‑quantum signatures are 20–40 times larger than classical ones.
- Tests on Solana showed a 90% drop in TPS when using PQC.
- Legacy blockchains cannot upgrade cryptography without hard forks.
This is where platforms designed with post‑quantum protection from day one gain a clear advantage.
How does Cellframe use NIST standards?
Answer: Cellframe is one of the few blockchain platforms that not only supports NIST algorithms but has passed an external audit (Qverify) confirming full compliance with NIST standards.
What Cellframe has implemented:
- CRYSTALS-Dilithium (ML-DSA) – primary algorithm for digital signatures.
- Falcon (FN-DSA) – used where compact signature size is needed.
- SPHINCS+ (SLH-DSA) – available in the SDK as a backup (hash‑based).
- Kyber 512 – post‑quantum key exchange mechanism for secure channels.
Cellframe’s key differentiator is its architecture: upgradable cryptography without hard forks. Wallet addresses include a cryptography type identifier. If NIST ever standardizes a new, stronger algorithm, Cellframe simply adds a new ID – no compatibility breakage, no forced migration.
Glossary
| Term | Definition |
|---|---|
| NIST | US National Institute of Standards and Technology. The primary regulator for cryptography and technology standards. |
| FIPS | Federal Information Processing Standards. Mandatory for US federal agencies. |
| SP | NIST Special Publications. Recommendatory guidelines, not mandatory. |
| PQC | Post‑Quantum Cryptography – algorithms resistant to quantum computer attacks. |
| KEM | Key Encapsulation Mechanism – used for secure key exchange over an insecure channel. |
| DSA | Digital Signature Algorithm – confirms authenticity and integrity of data. |
| ML-KEM | New name for CRYSTALS-Kyber. NIST’s primary post‑quantum encryption standard (FIPS 203). |
| ML-DSA | New name for CRYSTALS-Dilithium. Primary post‑quantum signature standard (FIPS 204). |
| SLH-DSA | New name for SPHINCS+. Backup hash‑based signature algorithm (FIPS 205). |
| FN-DSA | New name for Falcon. Compact signature algorithm (FIPS 206, expected). |
| HQC | Fifth NIST algorithm (March 2025). Backup KEM based on error‑correcting codes. |
| Shor’s algorithm | Quantum algorithm capable of breaking ECDSA and RSA in minutes. |
| Harvest now, decrypt later | Strategy of storing encrypted data now to decrypt after a quantum computer exists. |
Summary
NIST is not just a US regulator. It is the global architect of cryptographic security for the coming decades. Its standards determine which algorithms will protect governments, banks, and critical infrastructure.
For the blockchain industry, NIST matters because the quantum threat is real. And the only answer is migrating to NIST‑approved post‑quantum algorithms.
Cellframe chose the path that is now becoming the standard: architecture built for PQC from the ground up, support for all key NIST algorithms, and an external audit (Qverify) confirming compliance with NIST standards.
While other blockchains are still discussing how and when to migrate, Cellframe is already running on post‑quantum cryptography. When quantum computers become a reality, Cellframe won’t have to catch up – it’s already there.
Top comments (0)