QNSP
Start building free
Why QNSP
The Quantum ImperativeWhy QNSPPQC Migration GuideCompetitive AnalysisVet PQC Vendors
Platform
Platform ArchitectureCapabilitiesUse Cases by IndustryKnowledge BaseBlogResearch
Trust
Trust HubCompliance MappingNIST ACVP ConformancePerformance BenchmarksEntropy ChainAlgorithm CatalogSystem Status
Developers
Developer HubUse CasesAI Assistants (MCP)
PricingContactStart building free

Digital Signature

FN-DSA

FFT-based NTRU Digital Signature Algorithm · FIPS 206 (pending)

FIPS-pendinglattice-based2 parameter setsQNSP tier: default+provider: liboqsalso called: Falcon, Falcon-512, Falcon-1024
NIST's fourth standardised PQC signature scheme, formally FN-DSA under FIPS 206 (initial public draft pending as of May 2026, per direct correspondence with Dr. Dustin Moody, NIST PQC lead). Falcon's signatures are the most compact of the lattice-based PQC schemes, making it preferred for size-constrained transport.

Mechanism

How it works

Falcon uses the GPV trapdoor framework over NTRU lattices, with signatures generated via a discrete Gaussian sampler over the lattice. The result is signatures roughly 1/4 the size of equivalent-security ML-DSA signatures. The implementation complexity is higher than ML-DSA (floating-point Gaussian sampling requires care to avoid side-channels and rounding errors), which is why ML-DSA shipped first.

Parameter Sets

2 variants shipped

Each variant trades security category against key, ciphertext, or signature size. QNSP exposes all variants via the @cuilabs/liboqs-native binding; tenant crypto-policy determines which are allowed.

VariantNIST LevelPublic KeySecret KeySignatureNote
Falcon-512L1897 B1,281 B666 BSmallest Falcon parameter set. Useful when signature bandwidth is the hard constraint.
Falcon-1024L51,793 B2,305 B1,280 BHigh-security Falcon. Government workloads requiring compact signatures but not strictly limited to FIPS-finalised algorithms.

NIST ACVP

Conformance evidence

QNSP runs the official NIST ACVP test vectors against every shipped algorithm. Live evidence + SHA-3-256 tamper digest at /verify/conformance.

@noble/post-quantum
non-addressable
Pure-JavaScript reference; cross-verification secondary on Maximum + Government tiers.
@cuilabs/liboqs-native
non-addressable
Native-C primary production engine. Runs across every QNSP backend service.
NIST has not yet published ACVP test vectors for Falcon (vectors will land alongside the FIPS 206 final standard). Falcon signatures are exercised via internal sign/verify test suites only.
View live ACVP evidence →

Use Cases

When to use it

  • Size-constrained transport (where every byte counts — embedded, IoT, mobile)
  • Standalone QNSP signatures when bandwidth dominates over CPU cost
  • Future government / defence workloads pending FIPS 206 finalisation

Trade-offs

What you give up, what you get

  • Smallest signatures among lattice-based PQC schemes
  • More complex implementation than ML-DSA — Gaussian sampling side-channels require careful engineering
  • Not yet FIPS-finalised; do not use for FIPS-only government workloads until FIPS 206 lands

References

Primary sources