HomeBlog

Post-quantum encryption algorithms 2026: ML-KEM is the migration spine.

NIST's finalized FIPS 203, 204, and 205 standards give security teams a baseline vocabulary: ML-KEM for key establishment, ML-DSA and SLH-DSA for signatures, and additional backup work such as HQC for resilience.

June 29, 202613 min readNeura Parse Research
PQC algorithmsML-KEMML-DSASLH-DSAHQChybrid TLScryptographic inventoryQFlow StudioNowFlow
Post-quantum algorithm implementation board showing ML-KEM, ML-DSA, SLH-DSA, HQC, hybrid TLS, CBOM trace, module validation, and rollback planning

ML-KEM

ML-DSA

SLH-DSA

Backup KEM

The useful 2026 question is no longer which PQC acronyms exist. It is where each algorithm family belongs in the architecture, how hybrid modes are tested, and how teams prove that a production system can rotate safely.

Each PQC family belongs to a different production surface and evidence requirement.

01

Key establishment

  • ML-KEM
  • Hybrid TLS or VPN pilots
  • Session key negotiation
  • Performance and fallback tests
02

Signatures

  • ML-DSA
  • SLH-DSA
  • Code signing and firmware
  • Certificate and document workflows
03

Evidence layer

  • CBOM coverage
  • Module validation state
  • Vendor attestation
  • Rollback and revocation plan

FIPS 203 standardizes ML-KEM for key establishment. That makes it the spine of many migration plans because protocols such as TLS, VPN, service-to-service encryption, and secure device onboarding depend on key exchange or encapsulation patterns.

FIPS 204 standardizes ML-DSA and FIPS 205 standardizes SLH-DSA for digital signatures. Those signatures affect a different set of surfaces: code signing, firmware updates, certificate issuance, document signing, audit records, and long-term verification.

NIST's additional selection of HQC as a backup encryption algorithm is a reminder that a migration plan should avoid monoculture. The point is not to chase every candidate at once. The point is to keep an architecture that can rotate when standards and validation states evolve.

Security teams can name the algorithms and still miss the risk. Cryptography hides in load balancers, browsers, service meshes, embedded firmware, mobile apps, SDKs, database drivers, certificate authorities, build systems, partner portals, and backup tools.

The first artifact should therefore be a cryptographic bill of materials. It should identify library, protocol, algorithm, key length, certificate path, owner, data sensitivity, vendor dependency, validation state, and expected migration path.

  • Treat CBOM as a living operating record, not a static spreadsheet.
  • Separate discovery, assessment, implementation, validation, and decommissioning states.
  • Track where hybrid modes are possible and where protocol support is not yet production-ready.
  • Tie each production change to rollback, revocation, and customer-impact plans.

PQC implementation is workflow-heavy. It needs asset owners, security architects, infrastructure teams, application teams, procurement, legal, and vendor managers to work from the same evidence base.

NowFlow can model the migration as a governed operating process: discover asset, assign owner, collect vendor response, choose algorithm path, test hybrid mode, approve cutover, monitor errors, and archive evidence. QFlow can keep standards references, experiment records, and decision evidence attached to the same migration object.

The product opportunity is not simply to recommend ML-KEM. It is to prove where ML-KEM belongs, who approved it, which dependencies changed, and how the system can rotate again.

A useful pilot should cover a complete trust boundary: one internet-facing endpoint, one service-to-service channel, one device or firmware signing path, one internal PKI dependency, and one vendor-managed surface. That gives the team a realistic view of performance, support, monitoring, and rollback.

The pilot should also produce reusable artifacts: test plan, CBOM schema, vendor questionnaire, exception process, risk scorecard, and executive reporting template.

ML-KEM is the key-establishment spine, but signatures and validation are separate workstreams.

A CBOM is the practical starting point for algorithm migration.

Hybrid tests should be tied to trust boundaries and rollback plans.

NowFlow can coordinate work across owners, vendors, and approval gates.

QFlow can store standard references, test evidence, and migration decisions.

Source 01

NIST FIPS 203: ML-KEM

Final standard for ML-KEM, the module-lattice key-encapsulation mechanism used for quantum-resistant key establishment.

Source 02

NIST FIPS 204: ML-DSA

Final standard for ML-DSA, the module-lattice digital signature algorithm.

Source 03

NIST FIPS 205: SLH-DSA

Final standard for SLH-DSA, the stateless hash-based digital signature algorithm.

Source 04

NIST selects HQC as an additional PQC algorithm

NIST selected HQC as an additional backup algorithm for post-quantum encryption.

Source 05

CISA product categories for post-quantum cryptography adoption

January 2026 guidance for hardware and software categories that use or transition to PQC standards.

Quantum-safe security evidence board showing PQC migration, QKD boundary, crypto inventory, audit evidence, vendor readiness, and key lifecycle controls

Quantum security

The practical gap is not knowing that quantum risk exists. It is proving which systems depend on vulnerable cryptography, which replacement standards apply, where QKD is actually justified, and how every migration decision will be audited later.

IBM and U.S. quantum policy board showing Anderon foundry, IBM $10B roadmap, Starling 2029, Qiskit ecosystem, QFlow evidence, and quantum-safe operations

Quantum industry

Fault-tolerant quantum roadmaps, U.S. industrial policy, and quantum-safe migration are converging. The open product gap is a workflow layer that helps teams track experiments, resource estimates, vendor context, and security migration evidence.

Enterprise AI agent control plane with policy gates, tool traces, scorecards, approval lanes, and audit panels

AI agents

The investable gap is not a larger prompt window. It is a governed agent control plane that can discover tools, prove authorization, run evaluations before action, keep a human authority path, and leave evidence after every tool call.