SYSTEM Cited by 1 source
SQIsign (Short Quaternion and Isogeny Signature)¶
What¶
SQIsign is an isogeny-based post-quantum signature algorithm with near-classical signature sizes (148 B signature, 65 B public key — smaller than RSA-2048). It is advancing through NIST's post-quantum signatures on-ramp competition (round 3 as of 2026).
Sizes and performance¶
| Metric | SQIsign-I | Ed25519 | RSA-2048 | ML-DSA-44 |
|---|---|---|---|---|
| Public key (B) | 65 | 32 | 272 | 1,312 |
| Signature (B) | 148 | 64 | 256 | 2,420 |
| Signing time (×ML-DSA) | 300 ⚠️ | 0.15 | 80 | 1 |
| Verification time (×ML-DSA) | 50 | 1.3 | 0.4 | 1 |
Trade-offs¶
Strengths: - Near-classical compactness — beats RSA-2048 on wire size - Best known attacks are generic brute force (unlike lattices/multivariate where attack algorithms keep improving) - No torsion points (the vulnerability that broke SIKE does not apply)
Weaknesses: - Extremely slow signing — unsuitable for online use (TLS handshakes) - Slow verification (50× ML-DSA baseline) - Most complex algorithm on the docket — difficult to standardise and implement - Hard to implement signing in a timing-side-channel-secure manner - Rich mathematical attack surface (isogeny mathematics), though no practical attacks found
(Source: sources/2026-07-09-cloudflare-post-quantum-signature-algorithms)
Use cases¶
Best suited for offline signing where verification time matters more than signing time: - Certificate Authority (CA) root/intermediate signatures - DNSSEC zone signing - Code signing (sign once, verify many)
Deployment timeline¶
- NIST likely requires a 4th round of evaluation (large changes expected for round 3)
- Wide availability: not before 2035
Security context¶
SQIsign is based on isogenies. SIKE, another isogeny-based scheme, was famously broken in a late stage of the first NIST PQC competition. However: - SIKE was broken due to torsion points — a known concern that led to it being deferred, not selected - SQIsign does not use torsion points - The SIKE break is an example of the NIST process working correctly (identifying and deferring weak candidates)
Seen in¶
- sources/2026-07-09-cloudflare-post-quantum-signature-algorithms — comprehensive comparison with other PQ signature candidates