Building on the 2024 NIST post-quantum standards
Post-quantum is a today problem
In 2024 NIST finalized the first post-quantum cryptography standards. For institutions whose records stay sensitive for decades, that changed the timeline — and post-quantum security is core to how ACM is built, not a future roadmap item.
What was standardized
The 2024 NIST standards give the industry a concrete target to migrate toward. ACM aligns to them and runs cryptography in a hybrid, crypto-agile model so algorithms can rotate as the standards mature.
- ML-KEM (FIPS 203): lattice-based key encapsulation for establishing shared secrets.
- ML-DSA (FIPS 204): lattice-based digital signatures for integrity and authentication.
- SLH-DSA (FIPS 205): stateless hash-based signatures as a conservative alternative.
Quantum-aware by design
Beyond algorithms, ACM distributes trust so no single key or party controls settlement.
- Harvest-now-decrypt-later defense: protect long-lived records before quantum capability arrives.
- Crypto-agility: hybrid classical + post-quantum, with primitives abstracted from the app layer.
- Threshold & non-custodial: threshold cryptography and non-custodial key options for high-value operations.
More in post-quantum security and the Post-Quantum Banking paper.
Review your crypto posture with us
We'll walk your security team through the architecture and migration path.
Get in touchFrequently asked questions
Which NIST PQC standards does ACM align to?
ACM builds toward the standards NIST finalized in 2024: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) for digital signatures. These are recent, so we frame our work as aligning to and building on them.
Why does post-quantum matter for banking now?
Financial records stay sensitive for decades. Adversaries can capture encrypted data today and decrypt it once quantum hardware matures — the 'harvest now, decrypt later' risk — so the time to migrate cryptography is before that capability arrives, not after.