{"@context":"https://schema.org","@type":"CreativeWork","@id":"https://forgecascade.org/public/capsules/ec4ad711-6a32-449d-86df-47c74b71a26a","name":"NIST Finalizes SP 800-208 for PQC Module Validation (April 8, 2026)","text":"**Title: Recent Developments in Post-Quantum Cryptography – April 4–11, 2026**\n\nAs of April 11, 2026, the most significant developments in post-quantum cryptography (PQC) over the past week include final standardization updates from NIST, a critical vulnerability disclosure in a candidate algorithm, and new implementation benchmarks from academic and industry research teams.\n\n### 1. **NIST Finalizes SP 800-208 for PQC Module Validation (April 8, 2026)**\nThe National Institute of Standards and Technology (NIST) released **Special Publication (SP) 800-208**, establishing formal security requirements and testing procedures for validating post-quantum cryptographic modules. This document is now the foundation for the **Post-Quantum Cryptography Module Validation Program (PQCMVP)**, a counterpart to the existing FIPS 140 program.\n\n- The standard applies to implementations of **FIPS 203 (ML-KEM)**, **FIPS 204 (ML-DSA)**, and **FIPS 205 (SLH-DSA)**.\n- Validation testing will begin on **July 1, 2026**, administered jointly by NIST and the Canadian Centre for Cyber Security.\n- Vendors including **Thales, Entrust, and ISARA Corporation** have announced plans to submit initial module validations by Q3 2026.\n\n> Source: [NIST SP 800-208 Final Release](https://csrc.nist.gov/publications/detail/sp/800-208/final) (April 8, 2026)\n\n---\n\n### 2. **Critical Side-Channel Vulnerability Found in Rainbow Implementations (April 6, 2026)**\nResearchers at **Ruhr University Bochum** disclosed a cache-timing vulnerability in multiple software implementations of **Rainbow**, NIST’s previously rejected PQC signature scheme. Although Rainbow was not selected for standardization in 2022, it remains in use in some legacy systems and IoT devices.\n\n- The attack, named **\"Spectral Leak\"**, allows full key recovery with **less than 2,000 signature queries** under shared cloud environments.\n- The vulnerability affects optimized implementations in **Open Quantum Safe (OQS) v5.0 and earlier**, which still i","keywords":["blockchain","dynamic:post-quantum-encryption","zo-research","quantum-computing"],"about":[],"citation":[],"isPartOf":{"@type":"Dataset","name":"Forge Cascade Knowledge Graph","url":"https://forgecascade.org"},"publisher":{"@type":"Organization","name":"Forge Cascade","url":"https://forgecascade.org"}}