The rapid evolution of quantum computing poses a significant threat to traditional cryptographic systems that underpin digital security today. As quantum machines advance, once-secure algorithms like RSA and ECC may soon become vulnerable to attacks leveraging quantum principles. This reality has accelerated global efforts to develop and standardize post-quantum cryptography (PQC)—cryptographic methods designed to resist both classical and quantum computational threats. Among the most critical applications of PQC is digital signatures, which ensure data integrity, authenticity, and non-repudiation in digital communications.
This article presents a detailed performance evaluation of leading post-quantum digital signature algorithms: CRYSTALS-Dilithium, Falcon, and SPHINCS+. Using the open-source liboqs library, we analyze key generation, signing, and verification times across varying file sizes. The results are benchmarked against RSA-2048 to assess practical trade-offs between security and efficiency. Our findings aim to guide developers, cybersecurity professionals, and organizations in selecting optimal PQC solutions for future-ready infrastructure, particularly in next-generation networks like 5G and 6G.
Understanding the Quantum Threat to Digital Signatures
Traditional public-key cryptography relies on mathematical problems that are computationally hard for classical computers. For example, RSA depends on the difficulty of factoring large integers, while ECC relies on the elliptic curve discrete logarithm problem. However, Shor’s algorithm, when executed on a sufficiently powerful quantum computer, can solve these problems in polynomial time, rendering current asymmetric encryption and digital signatures insecure.
Similarly, Grover’s algorithm can accelerate brute-force searches, effectively halving the security strength of symmetric keys. While doubling key lengths can mitigate this risk, Shor’s algorithm presents a more existential threat to asymmetric systems.
👉 Discover how next-gen cryptographic solutions are preparing for the quantum era.
This looming vulnerability necessitates a proactive shift toward quantum-resistant algorithms. The National Institute of Standards and Technology (NIST) has led this transition through its PQC standardization project, identifying CRYSTALS-Dilithium, Falcon, and SPHINCS+ as frontrunners for digital signature applications.
Core Post-Quantum Digital Signature Algorithms
CRYSTALS-Dilithium: Lattice-Based Efficiency
Dilithium is a lattice-based signature scheme selected by NIST for standardization due to its strong security and performance balance. It leverages the hardness of lattice problems such as Learning With Errors (LWE) and Shortest Vector Problem (SVP), which remain resistant to known quantum attacks.
Key advantages:
- Moderate key and signature sizes
- High performance in signing and key generation
- Multiple security levels (2, 3, and 5) to match application needs
Falcon: Compact Signatures via NTRU Lattices
Falcon stands out for generating the smallest signatures among NIST finalists. It uses NTRU lattices and Fast Fourier Transform (FFT) optimizations to achieve compact outputs—ideal for bandwidth-constrained environments.
Trade-offs:
- Slower key generation compared to Dilithium
- Complex implementation due to floating-point arithmetic
SPHINCS+: Hash-Based Long-Term Security
As a stateless hash-based signature scheme, SPHINCS+ offers long-term security based solely on the collision resistance of hash functions—a property believed to be quantum-safe. It supports customization with SHA-2 or SHAKE (SHA-3) hash families.
Considerations:
- Significantly larger signature sizes
- Two variants: speed-optimized (
f) and size-optimized (s)
Implementation and Testing Methodology
Our analysis utilized the liboqs library—a comprehensive open-source toolkit for experimenting with post-quantum algorithms. A custom command-line interface (CLI) application was developed in Python using liboqs-python, enabling key generation, file signing, and signature verification across all target algorithms.
Test Environment
All tests were conducted on a Linux Debian virtual machine with the following specifications:
- CPU: 8 cores (Intel Core i7-9750H @ 2.60 GHz)
- RAM: 12 GB
- Storage: 30 GB SSD
- Virtualization: VMware Workstation 16
Performance Metrics
Three core operations were measured:
- Key pair generation
- File signing (10 MB, 100 MB, 1 GB)
- Signature verification
Each test ran 101 iterations; the first was discarded to eliminate disk caching effects. Final results represent averages from 100 runs, with error margins reflecting standard error of the mean (SEM).
Performance Evaluation Results
Key Generation Speed
Dilithium demonstrated the fastest key generation across all security levels, completing in under 60 milliseconds. Falcon-512 took ~891 ms, while Falcon-1024 required over 2 seconds. SPHINCS+ showed mixed results: speed-optimized variants (f) performed reasonably well, but size-optimized versions (s) were significantly slower—up to 5.6 seconds for SHAKE-256s.
👉 Explore tools that help secure digital assets against emerging threats.
File Signing Performance
For signing operations:
- Dilithium consistently outperformed others across all file sizes.
- Falcon showed linear scalability with file size but lagged slightly behind Dilithium.
- SPHINCS+ speed-optimized variants were faster on small files, but performance gaps narrowed with larger inputs.
Notably, some SPHINCS+ configurations with shorter keys exhibited slower execution than their longer-key counterparts—a counterintuitive result possibly linked to implementation-specific optimizations in liboqs.
Signature Verification Efficiency
Verification times revealed a different pattern:
- SPHINCS+SHA2 variants performed best for small files (e.g., ~1.9 seconds for 10 MB).
- Dilithium, while strong in signing, was slower in verification (~3.6 seconds).
- Performance across algorithms converged for larger files (100 MB–1 GB), with differences under 30%.
Comparative Analysis with RSA-2048
When compared to RSA-2048:
- On a 1 GB file, Dilithium5 took 3.31 seconds vs. 2.56 seconds for RSA—representing a 27.7% overhead.
- However, Dilithium5 offers NIST Security Level 5, whereas RSA-2048 is estimated at Level 1 in a post-quantum context.
This marginal time cost delivers exponentially greater security against quantum attacks, making Dilithium a compelling replacement candidate.
Frequently Asked Questions (FAQ)
What makes post-quantum cryptography necessary?
Current public-key algorithms like RSA and ECC can be broken by quantum computers using Shor’s algorithm. PQC uses mathematically different approaches that remain secure even against quantum attacks.
Which post-quantum algorithm is best for digital signatures?
For most use cases, CRYSTALS-Dilithium offers the best balance of speed, security, and signature size. Falcon is ideal when bandwidth is limited due to its compact signatures.
Are post-quantum algorithms slower than traditional ones?
Yes—there is a performance overhead. However, modern implementations show that this cost is manageable (e.g., <30% slower than RSA), especially given the dramatic increase in long-term security.
Can I start using post-quantum signatures today?
Yes. Libraries like liboqs provide production-ready implementations. Organizations should begin testing and integrating PQC now to prepare for future mandates.
How does file size affect signing performance?
Larger files increase signing time linearly across all algorithms. However, the relative performance differences between PQC schemes remain consistent regardless of input size.
Will post-quantum cryptography replace blockchain signatures?
Eventually, yes. As quantum computing matures, blockchains relying on ECDSA (e.g., Bitcoin) will need to adopt quantum-resistant signature schemes to maintain security.
👉 Stay ahead of digital threats with forward-looking security strategies.
Conclusion
The transition to post-quantum cryptography is no longer speculative—it is an operational imperative. Our performance analysis confirms that modern PQC algorithms like CRYSTALS-Dilithium are not only secure but also practical for real-world deployment in digital signature systems.
While trade-offs exist between speed, key size, and signature length, Dilithium emerges as the most well-rounded choice for general-purpose applications. Falcon excels where signature size matters most, while SPHINCS+ provides a conservative, hash-based alternative with long-term trust assumptions.
As NIST continues refining PQC standards and new candidates emerge, ongoing evaluation and integration will be crucial. Organizations must begin adopting hybrid cryptographic systems—combining classical and post-quantum methods—to ensure seamless migration when full quantum resistance becomes mandatory.
The future of digital trust depends on today’s preparation. By embracing post-quantum digital signatures now, we safeguard data integrity and authenticity in the quantum age.