Kyber, Dilithium, SPHINCS+: The Algorithms That Beat Quantum
Why NIST chose these three—and what they mean for cryptocurrency
Bottom Line Up Front: After six years of global competition and cryptanalysis, NIST selected three post-quantum algorithms as international standards. For cryptocurrency investors, Dilithium is the critical one—it replaces ECDSA for transaction signatures. Projects using Dilithium are following the proven path. Projects avoiding it need a compelling reason why.
Why NIST Ran a Competition
When quantum computers threaten to break cryptography protecting trillions of dollars in digital assets, you don’t want one company’s proprietary algorithm or one university’s untested theory defending the internet.
You need global consensus. You need years of adversarial testing. You need algorithms that the world’s best cryptographers have tried—and failed—to break.
That’s why in 2016, NIST launched the Post-Quantum Cryptography Standardization Project. The rules: submit your best algorithm, and the world will spend six years trying to destroy it. The survivors become the new standards.
The timeline:
- 2016: Competition announced, 82 candidates submitted
- 2019: Round 2, narrowed to 26 candidates
- 2020: Round 3, 7 finalists plus 8 alternates
- 2022: Winners announced: Kyber, Dilithium, SPHINCS+, Falcon
- 2024: Final standards published (FIPS 203, 204, 205)
These algorithms have survived more scrutiny than any cryptographic system in history. If a cryptocurrency project claims to have a “better” quantum-resistant scheme that hasn’t undergone this process, that’s a red flag.
The Three Essential Algorithms
CRYSTALS-Kyber
For encryption. Protects data in transit using lattice-based cryptography. Public key: 800-1,568 bytes. Fast performance. Already deployed in Chrome and Cloudflare.
CRYSTALS-Dilithium
For digital signatures. Replaces ECDSA for transaction authorization. Signature: 2,420 bytes (38× larger than ECDSA). This is the critical one for blockchain.
SPHINCS+
The backup plan. Hash-based signatures with provable security. Signature: 7,856-49,856 bytes. Ultra-conservative but impractical for high-frequency use.
Why Dilithium Matters Most for Cryptocurrency
Dilithium is for digital signatures—proving you authorized a transaction without revealing your private key. This is the algorithm that replaces ECDSA in blockchain transactions. This is the one that matters most for cryptocurrency.
The Challenge for Blockchains: Dilithium signatures are 38× larger than ECDSA. If every signature is 2,420 bytes instead of 64 bytes, then blocks fill up faster, storage requirements explode, and transaction fees rise. Solutions being explored include signature aggregation, Layer 2 solutions, compression techniques, or accepting higher costs as the price of security.
Who’s using Dilithium in crypto:
- Cardano: Testnet implementation (hybrid Ed25519 plus Dilithium)
- Ethereum: EIP proposals under discussion
- QRL (Quantum Resistant Ledger): Exploring Dilithium integration
- Most other projects: Research phase or no activity
Investor Takeaway: This is the litmus test. If a cryptocurrency claims to be quantum-resistant but isn’t using Dilithium (or an equivalent NIST-standard signature scheme like FALCON or SPHINCS+), ask why. Projects that have testnet implementations with Dilithium are serious. Projects that only have “research proposals” are behind schedule. Projects with no mention of Dilithium are gambling on quantum timelines.
Which Cryptocurrencies Are Using These Algorithms?
See our live rankings tracking which projects have implemented NIST-standard PQC—and which are still vulnerable.