The National Institute of Standards and Technology (NIST) is proposing a phased transition to quantum-resistant security for personal identity verification (PIV) credentials, detailed in newly released working drafts. Rather than demanding an immediate overhaul of existing systems, the agency is centering its approach on a dual-stack model that will allow current PIV credentials to coexist with new, post-quantum versions, facilitating incremental deployment. Specifically, the updates outlined in SP Part 1, SP Part 2, and SP focus on integrating the ML-DSA digital signature algorithm and the ML-KEM key-encapsulation mechanism into the existing PIV framework. NIST hopes to accelerate the standardization and implementation of post-quantum cryptography in PIV credentials by collaborating with implementers and users throughout the development process, and welcomes feedback on these preliminary materials.
ML-DSA and ML-KEM Integration with PIV Standards
These selections are detailed in newly released working drafts intended to guide the implementation of post-quantum cryptography within the PIV framework, encompassing updates to standards like SP Part 1, SP Part 2, and SP, which outline changes to cryptographic algorithms and key sizes. The agency’s approach deliberately avoids a disruptive overhaul by adopting a dual-stack model that maintains compatibility with current PIV infrastructure while simultaneously introducing support for quantum-resistant alternatives. This strategy allows for incremental deployment, preserving existing classical PIV keys and data objects alongside new references for post-quantum credentials. NIST states that this model “supports backward compatibility and incremental deployment during the transition,” a significant departure from security standard updates that often demand immediate replacement. The released drafts, covering card application namespaces, command interfaces, and cryptographic specifications, are accompanied by a PQC Overview that analyzes necessary specification changes across the PIV profile.
The drafts identify the changes expected to be needed to use the ML-DSA digital signature algorithm and the ML-KEM key-encapsulation mechanism with PIV.
NIST
The agency is actively soliciting feedback through a public mailing list, subscribe at piv-standards+subscribe [at] list.nist.gov.
