NIST advances nine post-quantum digital-signature candidates to Round 3 of the Additional Digital Signatures for PQC Standardization Process via NIST IR 8610
On 2026-05-14 the US National Institute of Standards and Technology (NIST) Computer Security Resource Center announced the advancement of nine post-quantum digital-signature candidates to Round 3 of its Additional Digital Signatures for Post-Quantum Cryptography Standardization Process, documented in NIST Internal Report (IR) 8610. The nine advancing candidates, spanning four cryptographic families, are HAWK (lattice-based, distinct from FIPS 204 ML-DSA's structured-lattice design), SQIsign (isogeny-based), FAEST, MQOM, and SDitH (Multi-Party Computation in the Head / MPCitH family), and UOV, MAYO, QR-UOV, and SNOVA (multivariate). Round 2 had begun in September 2024 with fourteen candidates; five were eliminated in the Round 2 → Round 3 transition (CROSS, LESS, Mirath, PERK, RYDE) for 'uncompetitive performance trade-offs or security vulnerabilities' per NIST. The Additional Digital Signatures track exists to diversify the standardized PQC signature portfolio beyond the structured-lattice ML-DSA (FIPS 204) and stateless-hash SLH-DSA (FIPS 205), specifically targeting general-purpose signatures with alternative security assumptions, short signatures, and accelerated verification. Round 3 candidates submit specification updates ('tweaks') with subsequent NIST evaluation against criteria including TLS / SSH / IPsec / DNSSEC integration, computational efficiency on reference and constrained platforms, formal-security proofs in the Quantum Random Oracle Model (QROM), and resistance to implementation and physical attacks. NIST plans to host the 7th NIST PQC Standardization Conference in late spring or early summer 2027 in or near Gaithersburg, Maryland, to inform final selection.
Score 6 — anchor §8.2 row 6 'Credible benchmark result with industry-wide implications' applied by analogy to a PQC standards-process milestone, with calibration to the scoring-rubric §7 mis-scoring-trap note 'FIPS draft publications are 6-7; finals are 8.' This is a Round 3 advancement (two process stages before any FIPS draft for these additional signatures), making it the standards-track equivalent of 'narrow finalists named, draft publication still ahead.' Held at 6 rather than 7 because (a) Round 3 is approximately two years from any FIPS-draft publication (per the 2027 conference schedule and the typical post-conference-to-draft cadence observed in the original PQC Standardization Process Rounds 3 → FIPS 203/204/205 timeline of late 2022 to August 2024); (b) no single candidate is yet on a clear finalization path — the nine-candidate field will narrow further; (c) the candidates' technical families (lattice, isogeny, MPCitH, multivariate) all have known signature-size and verification-throughput trade-offs against ML-DSA, and the practical-deployment story remains TBD. Held above 5 because (a) the Round 3 narrowing is the canonical NIST process-of-public-record event for the additional-signatures track, with CISO and PQC-vendor audience-material implications; (b) the candidate field of nine includes named algorithms (HAWK, SQIsign, FAEST, etc.) that PQC vendors must now prioritize for implementation work and side-channel hardening; (c) the diversification away from lattice-only signatures is a strategic NIST positioning that affects long-tail enterprise PQC migration planning. Source confidence high (NIST Computer Security Resource Center primary publication, Quantum Computing Report trade-press pickup); interpretation confidence high.
Watch for: (a) PQC-vendor product-roadmap updates incorporating one or more of the nine Round 3 candidates — Sandbox AQ, ISARA, Crypto4A, PQShield, evolutionQ, and InfoSec Global have all signaled awareness of the additional-signatures track and the Round 3 narrowing reduces their portfolio-selection ambiguity; (b) the August 14, 2026 specification-update deadline per QCR (Round 3 candidates submit 'tweaks') — the actual specifications will surface around that date and reveal whether teams are shrinking signature sizes, optimizing verification, or making security-margin trade-offs; (c) the 7th NIST PQC Standardization Conference scheduling (late spring / early summer 2027 in Gaithersburg, MD) — practitioners will attend; competitive positioning and benchmark comparisons will be public; (d) implementation-attack research output on the nine candidates over the next 6-12 months — Round 3 narrowing concentrates academic and adversarial research on these specific algorithms; security-issue surfacing will further narrow the field; (e) the gap between FIPS 204 / FIPS 205 / FIPS 206 (HQC-based KEM, finalized in 2025 per separate process) and the next FIPS for an additional signature — this temporal gap creates implementation-planning uncertainty for CISOs and may pressure NIST toward a 2028-2029 first-FIPS target for the additional-signatures track; (f) the eliminated candidates' teams' follow-up — five Round 2 candidates (CROSS, LESS, Mirath, PERK, RYDE) were dropped; their teams may submit revised specifications to a future round or pivot to other standards bodies (ETSI, IETF CFRG, ISO/IEC JTC 1/SC 27). Strengthens the open thread 'NIST PQC standardization process post-FIPS 203/204/205 phase' and opens a new sub-thread 'NIST Additional Digital Signatures Round 3 candidate-narrowing watch through 2027 conference'.