2 Contents of this edition

2.1 NIST Standardization Process

• NIST has published a new version (v1.1.0.39) of the cryptographic tests (KATs) of the ACVP program. Specifically, two edge cases have been added for ML-DSA signature generation. The first case verifies strict adherence to the FIPS 204 standard and tests four rejection paths, while the second case checks whether a signature can be generated after 64 rejections. More information can be found in the official documentation. Likewise, the KATs for LMS have been updated to include all approved modes of use for this algorithm.
• Daniel J. Bernstein has published a blog article about errors concerning Classic McEliece in the document NIST IR 8545 and urges NIST to correct them.
• A new algorithm has been published by Lars Ran claiming to solve UOV in characteristic 2. This would affect the post-quantum digital signatures UOV, MAYO, and SNOVA. The author has only published a presentation to illustrate the attack and is preparing an article that will provide more details about it.

2.2 Adoption and Migration to PQC

• NIST has published the NIST IR 8552 guide of cryptographic “accordion” requirements for symmetric ciphers, and among the security requirements is post-quantum security — that is, NIST is interested in security proofs in models that capture the capabilities of quantum adversaries.
• ENISA has published version 2.0 of the approved cryptographic mechanisms for European cybersecurity certification. This includes recommended post-quantum algorithms such as ML-KEM and FrodoKEM as KEMs, and ML-DSA, SLH-DSA, XMSS and LMS as digital signatures. In both cases, the recommended security levels are 3 and 5, although they should be hybridized with traditional algorithms, except those based on hashes. The mechanisms recommended to hybridize the KEMs are CatKDF and CasKDF. Likewise, it is not recommended to use block ciphers with less than 192 bits or hash functions with less than 384 bits.
• The Government of Spain has launched the first Quantum Technologies Strategy. Priority 5 of this plan is “to strengthen the privacy and confidentiality of information in the post-quantum world,” including in initiative 5.4 the “support for the transition to post-quantum cryptography.”
• IBM Research has published an article on the transition to post-quantum cryptography with OpenSSL v3.5 which enables post-quantum TLS 1.3 by default and adheres to the CNSA 2.0 cryptographic suite. Moreover, the article notes that since this version of OpenSSL is LTS, it will be the version distributed on Linux soon, accelerating the migration.
• Mike Hamburg and Bart Stevens, from Rambus, have published an article on side-channel attacks against post-quantum cryptography algorithms.
• A challenge has been published to attempt to break elliptic curve algorithms using Shor’s algorithm — only using quantum computers. The goal of the challenge is to test the real-world capabilities of today’s quantum computers and find out what size elliptic curve keys can be broken with quantum technology.
• OpenSSH has released version 10.0, which includes by default the hybrid post-quantum algorithm mlkem768x25519-sha256 for key exchange by default.

2.3 Publications and Research in the Area of PQC

• Updated research article on improvements in dual lattice attacks. According to the authors, this new algorithm reduces security by approximately 3.5 bits for Kyber-512, 11.9 bits for Kyber-768, and 12.3 bits for Kyber-1024.
• Published research article on a post-quantum analysis of the SSH protocol.
• Published research article studying Redundant Number Representation as a countermeasure against SPA and SASCA attacks. This technique is applied to ML-KEM, showing that it provides low-cost protection.
• Published research article introducing Trilithium: a distributed key generation and signing protocol according to the ML-DSA standard.
• Published research article on an adaptation of Kyber for resource-constrained devices such as those used in the IoT, integrating it into the physical communication layer.
• Published research article on the post-quantum adaptation of passports, ID cards, or visas. Specifically, they propose a post-quantum PAKE to exchange information using ML-KEM.
• Published research article presenting constant-time algorithms for the arithmetic used in the post-quantum digital signature SQIsign to avoid side-channel attacks. In this line, a research article has been published that affects this algorithm. Specifically, the first side-channel attack based on simple power analysis (SPA) has been found that affects this algorithm and allows recovery of the secret key.

PQC Libraries

• Version 0.13.0 of Liboqs released. This version improves support for the new digital signature proposals from NIST’s new standardization process: CROSS and MAYO are updated, and support is added for UOV. A deterministic API for key generation for KEMs has also been incorporated, and support is added for formally verified ML-KEM implementations in C, AVX2, and Aarch64, as well as a GPU-accelerated implementation using Nvidia cuPQC.
• Botan has released version 3.8.0 of the cryptographic library. This includes support for the hybrid KEM secp384r1/ML-KEM-1024 for TLS 1.3, following the IETF draft standard draft-ietf-tls-ecdhe-mlkem.

2.5 PQC Conferences

• NIST has confirmed that the Sixth Post-Quantum Cryptography Standardization Conference will take place from September 24 to 26, 2025, in Gaithersburg, Maryland. A virtual attendance option is also available. The Call For Papers is open until June 30, 2025.
• Registration is now open for the ETSI/IQC Quantum Safe Cryptography Conference, which will take place in Madrid from June 3 to 5, 2025. Attendance is free of charge.
• All papers from the PQCrypto 2025 conference have been published.
• NIST has published the presentations from the Crypto-Agility Workshop, which took place on April 17 and 18, 2025.
• NIST has published the videos from the “Workshop on Guidance for KEMs”, which took place on February 25 and 26, 2025. Additionally, it has also released the public comments received on the draft of the NIST SP 800-227 guide.
• The Call For Papers is now open for the 2025 Post-Quantum Cryptography Conference organized by the PKI Consortium, which will be held in Kuala Lumpur, Malaysia from October 28 to 30, 2025.