Kyber, Dilithium, SPHINCS+ — in Plain English

A quick, practical tour of the leading post-quantum algorithms: where each fits, how they perform, and the trade-offs to consider in production.

← Back: PQC Overview
Hybrid Crypto (PQC + Classical)

The short version

Kyber handles key exchange (like today’s ECDH). Dilithium handles general-purpose signatures (like ECDSA). SPHINCS+ is a conservative, hash-based signature scheme with bigger signatures but minimal assumptions. For migrations, many teams start hybrid (classical + PQC) and phase to pure PQC over time.

Kyber (KEM / Key Exchange)

Kyber replaces the role of ECDH in establishing a shared secret between two parties. It’s fast, widely implemented, and the go-to choice for post-quantum key agreement.

Use when: you need to agree on a session key (TLS, secure channels, client–server handshakes, node-to-node links).

Pros

  • Efficient and production-ready; strong ecosystem support.
  • Compact keys/ciphertexts vs many alternatives.
  • Good fit for TLS-style negotiations and networking.

Considerations

  • Not a signature scheme—pair with Dilithium/SPHINCS+ for signing.
  • Still evolving parameter choices as standards mature.

Dilithium (Digital Signatures)

Dilithium fills the role of ECDSA/EdDSA—signing transactions, certificates, and software. It’s fast at verification and widely recommended for general-purpose signatures.

Use when: you need signatures for wallets, validators, releases, or API authentication.

Pros

  • Strong performance, especially verification.
  • Broad library support and active adoption.
  • Good default for most signature needs.

Considerations

  • Signature sizes larger than ECDSA (plan for bandwidth/storage).
  • Key handling and HSM/secure element support still maturing.

SPHINCS+ (Hash-based Signatures)

SPHINCS+ relies only on hash functions—very conservative, with fewer assumptions than lattice-based schemes. Signatures are bigger and slower, but it’s appealing for high-assurance contexts.

Use when: you want defense-in-depth or a non-lattice backup option (e.g., firmware signing, critical infrastructure).

Pros

  • Minimal assumptions (hash-based); strong conservatism.
  • Useful complement to lattice-based signatures.

Considerations

  • Larger signatures and keys → storage/bandwidth impact.
  • Slower—evaluate performance budgets carefully.

Choosing the right mix

  • Key exchange: Kyber is the default pick.
  • General signatures: Dilithium suits most needs.
  • High-assurance backup: add SPHINCS+ where conservatism matters.
  • Migrations: start with hybrid (classical + PQC) and phase to pure PQC as support matures.
See Hybrid Strategies
Open Migration Playbooks

Post-Quantum Cryptography (Overview)

Why PQC exists, where each algorithm fits, and how to roll out safely.

Back to overview →

Hybrid Crypto

Blend classical + PQC to de-risk the transition while maintaining compatibility.

How hybrid works →