Working Drafts: Post-Quantum Cryptography Updates to the PIV Standards

NIST has released initial working drafts of proposed updates to the Personal Identity Verification (PIV) standards to support the use of post-quantum cryptography (PQC). The drafts identify the changes expected to be needed to use the ML-DSA digital signature algorithm and the ML-KEM key-encapsulation mechanism with PIV.

The current draft set comprises:

• SP 800-73 Part 1: PIV Card Application Namespace, Data Model, and Representation
• SP 800-73 Part 2: PIV Card Application Card Command Interface
• SP 800-78: Cryptographic Algorithms and Key Sizes for PIV

A supporting PQC Overview accompanies the drafts to present a working gap analysis of the specification changes needed across the PIV algorithm profile, command interface, and data model, and outline the general approach under consideration. This approach centers on a dual-stack model that preserves existing classical PIV keys and data objects; adds new key references, certificate containers, and data objects for PQC credentials; and supports backward compatibility and incremental deployment during the transition.

These are preliminary working materials, not formal public drafts. By collaborating with implementers and users to develop these guidelines and specifications, NIST hopes to accelerate the standardization and implementation of PQC in PIV credentials.

NIST welcomes feedback throughout the development process. Interested parties can follow the work and participate by:

• Joining the public mailing list — Subscribe at piv-standards+subscribe [at] list.nist.gov (piv-standards+subscribe[at]list[dot]nist[dot]gov), and take part in discussions at piv-standards [at] list.nist.gov (piv-standards[at]list[dot]nist[dot]gov) (archive).
• Engaging on GitHub — Review the drafts, file issues, or open pull requests at the project repository.

Working drafts: https://pages.nist.gov/piv-standards 

GitHub repository: https://github.com/usnistgov/piv-standards