LatticeScan
← All news
NISTidentity

The government is starting to quantum-proof its ID cards

NIST has begun rewriting the standard behind federal smart-card IDs so a future quantum computer cannot forge a login, or unlock a secret it quietly recorded today.

Every US federal employee carries a chip-based ID card. They tap it to get into a building and plug it in to sign in to a computer. That card is called a PIV card, and the way it proves who you are relies on the same kind of encryption that protects websites, banking, and email everywhere. On 12 June 2026, NIST began the work of replacing that encryption before quantum computers can break it.

The problem in one sentence

A large enough quantum computer, which does not exist yet but is being built, could break the math that today's encryption depends on. That would let someone forge a trusted identity, or unlock secrets they recorded years earlier and stored, waiting for the day the math falls.

What NIST is changing

NIST is the US agency that writes the country's cryptography standards. It published early drafts that add two new, quantum-resistant methods to the ID card:

  • ML-DSA, a new way to sign, so the card and the person holding it can be proven genuine.
  • ML-KEM, a new way to set up a shared secret, so a login cannot be unlocked later.

These are the first two finished post-quantum standards, published in 2024. Now they are being fitted into hardware people actually carry.

The approach is deliberately careful. NIST calls it "dual-stack": the card keeps its existing credentials and adds the new ones alongside them. Nothing has to be switched off on day one, and old systems keep working while new ones start using the quantum-safe version. It is how you change something without breaking the thing you are changing.

Why it matters beyond government

Most quantum-readiness attention so far has been on websites and network connections, the front door. ID cards, smart cards, and the identity systems behind them sit further inside, and they are harder to change because they involve physical hardware and issuance cycles measured in years. If your organization runs its own badges, certificates, or single sign-on, this early draft is a preview of the work heading your way.

These are still preliminary working drafts, not final rules, and NIST is gathering feedback in the open. But the direction is set.

Sources

  • nist.govhttps://www.nist.gov/news-events/news/2026/06/working-drafts-post-quantum-cryptography-updates-piv-standards

We cite original sources only. No news outlets or aggregators.

ShareLinkedInXEmail

Comments

Leave a comment

You can comment anonymously. Email stays private.

Get the next one

We email when there is something new. No noise.