- Explore Cisco IOS XE Automation at Cisco Live US 2025
- My top 5 picks for the best Memorial Day phone deals so far: Apple, Samsung, and more
- This smart ring is half the price of Oura Ring 4 and has no subscriptions - here's how it competes
- I highly recommend shopping these early health tracker Memorial Day deals
- The most reliable smart lock I've tested just hit one of its lowest prices ever
NIST finally settles on quantum-safe crypto standards

The new lattice-based encryption methods rely on a different mathematical mechanism, one that isn’t just difficult for traditional computers, but for quantum computers as well.
It’s based on something called the knapsack problem, says Gregor Seiler, a cryptography researcher at IBM. You have a collection of very large numbers. Then you take some of these numbers and add them up. The total is another large number. Adding up numbers is very easy. But figuring out which numbers were used to add up to this total is very difficult.
“This is a very hard problem when the set is really big and the integers are really long,” says Seiler.
Lattice-based cryptography takes this idea and ramps up the difficulty. Instead of the knapsack being full of numbers, it’s now full of vectors. If you think of a single number as being a dot on a line, a vector is an arrow pointing to a dot floating in space. And instead of adding up a bunch of vectors, you can also add up multiples of these vectors.
ML-KEM
This algorithm, originally known as CRYSTALS-Kyber, is a standard based on module-lattice-based key encapsulation. It was originally developed by IBM researchers. It’s a standard designed to be used for general encryption, such as for accessing websites securely, because it’s fast to use.
ML-DSA
This algorithm was originally known as CRYSTALS-Dilithium and was also originally developed by IBM. This standard is the second-fastest of the three algorithms, and it was designed to be used for digital signatures.