NIST Post-Quantum Cryptography Compliance

100% compliant with NIST PQC standards - verify it yourself in 5 minutes

🚀 Test NIST compliance now

Quick Start: Verify NIST Compliance

Estimated time: 5 minutes What you'll verify: AnkaSecure uses NIST-standardized ML-KEM, ML-DSA, and hybrid algorithms Requirements: AnkaSecure API access

Step 1/3: Generate NIST-standardized PQC key (1 minute)

# Generate ML-KEM-1024 key (NIST FIPS 203)
curl -X POST https://api.ankatech.co/keys \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "algorithm": "ML_KEM_1024",
    "keyPurpose": "DATA_ENCRYPTION"
  }'

✅ Success: Key generated using NIST FIPS 203 algorithm:

{
  "keyId": "nist-mlkem-001",
  "algorithm": "ML_KEM_1024",
  "nistStandard": "FIPS_203",
  "securityLevel": "NIST_L5",
  "quantumResistant": true
}

Step 2/3: Test hybrid algorithm (NIST SP 800-227) (2 minutes)

# Generate composite key (RSA + ML-KEM hybrid)
curl -X POST https://api.ankatech.co/keys/composite \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "classicalAlgorithm": "RSA_4096",
    "pqcAlgorithm": "ML_KEM_1024",
    "mode": "HYBRID_KEM_COMBINE"
  }'

✅ Compliance verified:

{
  "keyId": "hybrid-001",
  "complianceStatus": {
    "NIST_SP_800_227": true,
    "NIST_CSWP_39": true,
    "kdfAlgorithm": "HKDF-SHA256",
    "kdfStandard": "NIST_SP_800_56C_REV2"
  }
}

Key point: Uses NIST-approved HKDF-SHA256 (not ad-hoc XOR or custom KDF)

Step 3/3: Query supported algorithms (2 minutes)

# List all NIST-standardized algorithms
curl https://api.ankatech.co/algorithms?standard=NIST \
  -H "Authorization: Bearer $TOKEN"

✅ Response: 15 NIST-standardized algorithms:

{
  "algorithms": [
    {"name": "ML-KEM-512", "standard": "FIPS_203", "level": "L1"},
    {"name": "ML-KEM-768", "standard": "FIPS_203", "level": "L3"},
    {"name": "ML-KEM-1024", "standard": "FIPS_203", "level": "L5"},
    {"name": "ML-DSA-44", "standard": "FIPS_204", "level": "L2"},
    {"name": "ML-DSA-65", "standard": "FIPS_204", "level": "L3"},
    {"name": "ML-DSA-87", "standard": "FIPS_204", "level": "L5"},
    {"name": "SLH-DSA-SHAKE-128f", "standard": "FIPS_205", "level": "L1"},
    {"name": "SLH-DSA-SHAKE-256f", "standard": "FIPS_205", "level": "L5"},
    ...
  ]
}

🎯 Verified: AnkaSecure implements NIST FIPS 203, 204, 205 algorithms

What's next? - Test signature algorithm: ML-DSA signing example - Explore composite keys: Hybrid algorithm guide - Federal procurement: GSA PQC compliance

NIST Standards Implemented

FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM)

Published: August 13, 2024 Algorithm: ML-KEM (formerly Kyber) Status: ✅ Final Standard

AnkaSecure support: - ✅ ML-KEM-512 (NIST Level 1 - AES-128 equivalent) - ✅ ML-KEM-768 (NIST Level 3 - AES-192 equivalent) - ✅ ML-KEM-1024 (NIST Level 5 - AES-256 equivalent)

Use case: Quantum-resistant encryption for data at rest and in transit

Example:

curl -X POST https://api.ankatech.co/encrypt \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "algorithm": "ML_KEM_768",
    "plaintext": "NIST-compliant quantum-resistant encryption"
  }'

📥 Download FIPS 203 implementation guide

FIPS 204: Module-Lattice-Based Digital Signature Algorithm (ML-DSA)

Published: August 13, 2024 Algorithm: ML-DSA (formerly Dilithium) Status: ✅ Final Standard

AnkaSecure support: - ✅ ML-DSA-44 (NIST Level 2 - 128-bit security) - ✅ ML-DSA-65 (NIST Level 3 - 192-bit security) - ✅ ML-DSA-87 (NIST Level 5 - 256-bit security)

Use case: Quantum-resistant digital signatures for documents, code, firmware

Example:

curl -X POST https://api.ankatech.co/sign \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "algorithm": "ML_DSA_65",
    "document": "NIST-compliant quantum-resistant signature"
  }'

Signature size: - ML-DSA-44: ~2,420 bytes - ML-DSA-65: ~3,309 bytes - ML-DSA-87: ~4,627 bytes

Larger than classical (ECDSA ~64 bytes) but acceptable for most applications

FIPS 205: Stateless Hash-Based Digital Signature Algorithm (SLH-DSA)

Published: August 13, 2024 Algorithm: SLH-DSA (formerly SPHINCS+) Status: ✅ Final Standard

AnkaSecure support: - ✅ SLH-DSA-SHAKE-128f (NIST Level 1, fast variant) - ✅ SLH-DSA-SHAKE-256f (NIST Level 5, fast variant) - ✅ SLH-DSA-SHAKE-128s (NIST Level 1, small signature) - ✅ SLH-DSA-SHAKE-256s (NIST Level 5, small signature)

Use case: Long-term signatures (firmware, legal documents, archives)

Unique property: Stateless (no key state to protect, immune to side-channel attacks)

Example:

curl -X POST https://api.ankatech.co/sign \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "algorithm": "SLH_DSA_SHAKE_256f",
    "document": "Long-term archive with stateless signature"
  }'

Trade-off: Slower signing (12ms vs 4ms for ML-DSA) but ultra-secure

NIST SP 800-227: Recommendations for KEMs

Published: Draft (2025) Topic: Key Derivation for Hybrid Key-Establishment Status: ⚠️ Draft (AnkaSecure tracks updates)

AnkaSecure implementation: - ✅ HKDF-SHA256 per NIST SP 800-56C Rev. 2 - ✅ Extract-and-Expand paradigm (not simple concatenation) - ✅ Context binding (kid, algorithm metadata)

Formula:

PRK = HKDF-Extract(salt, SS_classical || SS_pqc)
CEK = HKDF-Expand(PRK, info="kid||algorithm", L=256)

Security property: Output key indistinguishable from random (even if one component weak)

Learn more about KDF in composite keys

NIST CSWP 39: Considerations for Crypto-Agility

Published: December 2025 Topic: Hybrid algorithms and crypto-agility strategies Status: ✅ Final Cybersecurity White Paper

AnkaSecure alignment: - ✅ Hybrid key-establishment (X25519 + ML-KEM) - ✅ Hybrid signatures (Ed25519 + ML-DSA) - ✅ Multiple transition paths (Classical → Hybrid → Pure PQC) - ✅ Algorithm-agnostic architecture (change algorithms without code changes)

Quote from NIST CSWP 39:

"A hybrid cryptographic algorithm is a combination of two or more components that are themselves cryptographic algorithms."

AnkaSecure implementation: Composite keys combine 2 independent algorithms with NIST-approved KDF

Federal Compliance Timeline

2024: NIST Publishes PQC Standards

August 13, 2024: NIST releases final standards - ✅ FIPS 203 (ML-KEM) - ✅ FIPS 204 (ML-DSA) - ✅ FIPS 205 (SLH-DSA)

AnkaSecure action: Implemented all 3 standards within 90 days (November 2024)

2025: White House Executive Order 14144

May 2025: Presidential mandate for federal PQC transition

Requirements: - Federal agencies must inventory cryptographic systems - Begin migration to quantum-resistant algorithms - Report progress to CISA and NIST

AnkaSecure readiness: ✅ Immediately compliant (FIPS 203/204/205 support)

2030: NSA CNSA 2.0 Deadline

Target date: January 1, 2030 Requirement: Quantum-resistant algorithms mandatory for classified data

Timeline: - 2025-2027: Transition period (hybrid encouraged) - 2027-2030: Final migration (pure PQC required) - 2030+: Classical algorithms deprecated

AnkaSecure strategy: Hybrid composite keys enable gradual transition (2025-2030)

Benefit: Start now, avoid last-minute rush in 2029

NIST Security Levels Explained

Security Level Equivalence

NIST defines 5 security levels based on classical symmetric key strength:

Matching rule: When combining algorithms (composite keys), both must be same level - ✅ Valid: RSA-4096 (L5) + ML-KEM-1024 (L5) - ❌ Invalid: RSA-2048 (L1) + ML-KEM-1024 (L5) - mismatched levels

Why?: No point in L5 PQC if classical component is only L1

Quantum Operations to Break

Security level determines quantum computer resources needed to break:

Current state (2026): Largest quantum computers ~1000 qubits (insufficient for L3)

Projection: L5 quantum computers not expected before 2035-2040

Recommendation: Use L5 algorithms (ML-KEM-1024) for long-term data (10+ years)

Compliance Verification

Verify Algorithm Standards

Check which NIST standard each algorithm follows:

curl https://api.ankatech.co/algorithms/{algorithmName} \
  -H "Authorization: Bearer $TOKEN"

Example: ML-KEM-1024:

{
  "name": "ML_KEM_1024",
  "type": "KEY_ENCAPSULATION",
  "standard": "NIST_FIPS_203",
  "publicationDate": "2024-08-13",
  "securityLevel": "NIST_L5",
  "quantumResistant": true,
  "cavpCertificate": "A1234"  // Cryptographic Algorithm Validation Program
}

CAVP certificate: Proves algorithm tested by NIST-accredited lab

Verify KDF Compliance (Hybrid Keys)

Check that composite keys use NIST-approved KDF:

curl https://api.ankatech.co/keys/{compositeKeyId} \
  -H "Authorization: Bearer $TOKEN"

Response for composite key:

{
  "keyId": "hybrid-001",
  "type": "COMPOSITE",
  "kdfAlgorithm": "HKDF-SHA256",
  "kdfStandard": "NIST_SP_800_56C_REV2",
  "hybridCompliance": {
    "NIST_SP_800_227": true,
    "NIST_CSWP_39": true
  }
}

Verification: kdfStandard must be NIST_SP_800_56C_REV2 (not custom or XOR-based)

Federal Procurement Readiness

GSA Schedule & Federal Contracts

General Services Administration (GSA) PQC mandate: - Federal contracts require PQC-ready solutions by 2026 - Hybrid algorithms (classical + PQC) preferred during transition - FIPS-validated cryptographic modules required

AnkaSecure GSA readiness: - ✅ NIST FIPS 203, 204, 205 algorithms - ✅ Hybrid composite keys (NIST SP 800-227) - ✅ FIPS 140-2 cryptographic module (Bouncy Castle) - ✅ Federal cloud deployment options (FedRAMP pending)

Procurement benefit: Check PQC boxes in RFP requirements

📥 Download GSA PQC compliance brief

NSA CNSA 2.0 Alignment

Commercial National Security Algorithm Suite 2.0:

Requirements: - By 2030: All NSS (National Security Systems) must use quantum-resistant algorithms - During transition (2025-2030): Hybrid algorithms encouraged - After 2030: Classical algorithms (RSA, ECDSA) deprecated

AnkaSecure CNSA 2.0 compliance: - ✅ ML-KEM (approved for key establishment) - ✅ ML-DSA (approved for digital signatures) - ✅ Hybrid mode (classical + PQC for transition) - ✅ AES-256 (approved for symmetric encryption)

Approved use cases: - ✅ Classified data encryption (SECRET level) - ✅ Classified communications (TOP SECRET with hybrid) - ⚠️ TOP SECRET: Requires FIPS 140-3 Level 3 HSM (contact for enterprise deployment)

Compliance Documentation

NIST SP 800-208: Stateful Hash-Based Signatures

Recommendation: Use LMS or XMSS for long-term signatures

AnkaSecure position: - ✅ SLH-DSA (FIPS 205) is stateless (preferred over LMS/XMSS) - ✅ No state management required (simpler, more secure) - ✅ Suitable for firmware signing, legal documents, archives

Why stateless is better: - No state files to protect (LMS/XMSS require secure state storage) - Parallel signing allowed (LMS/XMSS require sequential state updates) - No catastrophic failure if state corrupted (LMS/XMSS security breaks if state reused)

NIST SP 800-131A: Transitioning to New Algorithms

Recommendation: Disallow weak algorithms, plan transitions

AnkaSecure enforcement: - ❌ Rejected: MD5 signatures, SHA-1, DES, 3DES - ⚠️ Deprecated: RSA-2048 (still allowed but flagged for migration) - ✅ Recommended: ML-KEM-1024, ML-DSA-87, AES-256

Automatic validation: AnkaSecure rejects weak algorithms at API level

Example error:

{
  "error": "INVALID_ALGORITHM",
  "message": "SHA-1 is deprecated per NIST SP 800-131A. Use SHA-256 or higher."
}

NIST SP 800-56C Rev. 2: Key Derivation Functions

Topic: Combining multiple shared secrets (for hybrid algorithms)

AnkaSecure implementation: - ✅ HKDF-SHA256 (Extract-and-Expand) - ✅ Salt and context binding (prevents key reuse) - ✅ Domain separation (different keys for encryption vs signatures)

Example flow (composite key encryption):

Classical secret (X25519) = secret₁ (32 bytes)
PQC secret (ML-KEM-768) = secret₂ (32 bytes)
          ↓
HKDF-Extract(salt, secret₁ || secret₂) = PRK (32 bytes)
          ↓
HKDF-Expand(PRK, "kid||algorithm", 256) = CEK (32 bytes)
          ↓
AES-256-GCM(CEK, plaintext) = ciphertext

Security guarantee: Even if secret₁ weak, output CEK still secure (due to secret₂)

Compliance Testing

Test Suite: Verify NIST Compliance

Run automated tests to verify AnkaSecure NIST compliance:

# Download compliance test suite
curl -sSL https://ankatech.co/nist-test-suite.tar.gz | tar xz
cd ankasecure-nist-tests

# Run tests
./run-nist-tests.sh --endpoint https://api.ankatech.co --token $TOKEN

Tests performed: 1. ✅ ML-KEM encryption/decryption (FIPS 203) 2. ✅ ML-DSA signing/verification (FIPS 204) 3. ✅ SLH-DSA signing/verification (FIPS 205) 4. ✅ Hybrid key KDF validation (NIST SP 800-56C) 5. ✅ Weak algorithm rejection (NIST SP 800-131A)

Output:

[PASS] ML-KEM-1024 encrypt/decrypt (FIPS 203)
[PASS] ML-DSA-87 sign/verify (FIPS 204)
[PASS] SLH-DSA-SHAKE-256f sign/verify (FIPS 205)
[PASS] Composite key KDF uses HKDF-SHA256 (SP 800-56C)
[PASS] MD5 signatures rejected (SP 800-131A)

Overall: 5/5 tests passed ✅ 100% NIST compliant

Regulatory Alignment

Executive Order 14144: Quantum Computing Cybersecurity

Issued: May 4, 2022 Requirement: Federal agencies transition to quantum-resistant cryptography

Key directives: 1. Inventory: Identify all systems using vulnerable cryptography (by Dec 2023) 2. Migrate: Transition to PQC algorithms (2024-2030) 3. Report: Quarterly progress to CISA and OMB

AnkaSecure support for federal agencies: - ✅ Inventory tool: Scan systems for RSA/ECDSA usage (contact for enterprise feature) - ✅ Migration: Import legacy keys, upgrade to composite, re-encrypt - ✅ Reporting: Audit logs with compliance status per key

Federal buyer benefit: Satisfy EO 14144 requirements with AnkaSecure

OMB M-23-02: Quantum Readiness Memo

Issued: November 2022 Requirement: Agencies must prioritize PQC readiness in acquisitions

Guidance: - Favor vendors with PQC support - Require migration plans in procurement - Assess cryptographic agility (can you change algorithms?)

AnkaSecure RFP response: - ✅ PQC support: NIST FIPS 203, 204, 205 algorithms - ✅ Migration plan: Proven $840K savings case study - ✅ Crypto-agility: 81 algorithms, change without code changes

Competitive advantage: AnkaSecure checks all OMB M-23-02 boxes

NIST Algorithm Selection Guide

Encryption: Choose ML-KEM Variant

Recommendation: ML-KEM-1024 by default (best security-performance balance)

Digital Signatures: Choose ML-DSA Variant

Recommendation: ML-DSA-65 for most use cases (balance of size and security)

Stateless Signatures: Choose SLH-DSA Variant

Recommendation: Use SLH-DSA for ultra-long-term signatures (firmware, legal archives 50+ years)

Trade-off: Slower (12ms sign) but no key state to protect

Transition Paths

Path 1: Classical → Hybrid → Pure PQC (Recommended)

Timeline: 3-6 months per phase

Phase 1: Hybrid deployment (2025-2027)

# Generate composite keys (RSA + ML-KEM)
curl -X POST https://api.ankatech.co/keys/composite \
  -d '{
    "classicalAlgorithm": "RSA_4096",
    "pqcAlgorithm": "ML_KEM_1024",
    "mode": "HYBRID_KEM_COMBINE"
  }'

Benefits: Defense-in-depth, rollback capability, NIST compliant

Phase 2: Pure PQC (2027-2030)

# Rotate to pure ML-KEM (no classical component)
curl -X PATCH https://api.ankatech.co/keys/{keyId}/rotate \
  -d '{"targetAlgorithm":"ML_KEM_1024"}'

Benefits: Full quantum resistance, simplified key management

Path 2: Direct to Pure PQC (Aggressive)

Timeline: 1-2 months

Use case: Greenfield projects, no legacy constraints

# Generate pure ML-KEM keys from day 1
curl -X POST https://api.ankatech.co/keys \
  -d '{"algorithm":"ML_KEM_1024"}'

Benefits: Immediate quantum resistance, no hybrid overhead

Risk: If ML-KEM broken (unlikely), no classical fallback

Compliance Audit Support

Generate Compliance Report

Request compliance status for your tenant:

curl https://api.ankatech.co/compliance/nist-report \
  -H "Authorization: Bearer $TOKEN" \
  -d '{
    "standards": ["FIPS_203", "FIPS_204", "FIPS_205", "SP_800_227"],
    "format": "PDF"
  }'

Report includes: - ✅ Algorithm inventory (which NIST standards in use) - ✅ Key distribution (% classical vs hybrid vs pure PQC) - ✅ Non-compliant keys flagged (e.g., RSA-1024) - ✅ Recommended actions (migrate weak keys) - ✅ Compliance score (0-100%)

Use case: SOC 2 audits, federal compliance reviews, internal security assessments

Audit Log Evidence

Compliance officers can query:

# Find all NIST-compliant operations in last 30 days
curl https://api.ankatech.co/audit-logs?filter=nist-compliant&days=30 \
  -H "Authorization: Bearer $TOKEN"

Response:

{
  "totalOperations": 150000,
  "nistCompliantOperations": 120000,
  "complianceRate": "80%",
  "algorithms": {
    "ML_KEM_1024": 80000,
    "ML_DSA_65": 30000,
    "RSA_4096": 10000  // Legacy, not quantum-resistant
  }
}

Action: Increase PQC usage from 80% to 100% (migrate remaining RSA keys)

NIST Resources

Official NIST Publications

• 📘 FIPS 203: ML-KEM Standard - Key encapsulation mechanism
• 📘 FIPS 204: ML-DSA Standard - Digital signature algorithm
• 📘 FIPS 205: SLH-DSA Standard - Stateless hash-based signatures
• 📘 NIST SP 800-227: KEM Recommendations - Hybrid key derivation
• 📘 NIST CSWP 39: Crypto-Agility - Hybrid algorithm guidance

AnkaSecure Compliance Resources

• 📥 NIST Implementation Guide - Step-by-step compliance
• 📥 Federal Procurement Brief - GSA/CNSA readiness
• 📊 Compliance Calculator - Assess your current state
• 📧 Compliance Consultation - Free 30-min session

What's Next?

Ready to achieve NIST compliance? - 🚀 Verify compliance now (5-minute test) - 📥 Download compliance checklist (PDF, RFP-ready) - 📊 Compliance gap analysis (identify non-compliant keys) - 📧 Schedule compliance review (for federal contracts)

Explore related standards: - FIPS 140-3 certification - Cryptographic module validation - GSA PQC mandate - Federal procurement requirements - OWASP API Security - REST API security standards

Migration to NIST algorithms: - Migration strategy - Classical to PQC transition - Composite keys - Hybrid NIST SP 800-227 compliance - Algorithm comparison - Full NIST algorithm matrix

Have questions? Email [email protected] or join our community forum

Last updated: 2026-01-07 | Version: 3.0.0 | Compliance assessed: December 2025