As NIST, IETF, and ISO finalize PQC algorithms, each scheme is assigned a unique Object Identifier (OID) for use in X.509 certificates, PKCS#8 keys, CMS, TLS, and COSE/JOSE structures.
This post provides a consolidated registry of PQC OIDs — covering the standardized ML-DSA (Dilithium), SLH-DSA (SPHINCS+), and ML-KEM (Kyber) algorithms, plus supporting hash functions and hybrid structures.
🔑 Why This Matters
- Certificates: OIDs appear in AlgorithmIdentifiers for signatures and public keys.
- Interoperability: Different vendors must agree on these identifiers.
- Migration: PQC-hybrid certificates require careful OID management.
📂 PQC Algorithm OIDs
1. ML-DSA (Dilithium) — Post-Quantum Digital Signature
Assigned under the NIST digital signature arc: 2.16.840.1.101.3.4.3.x
| Algorithm Variant | OID | Notes |
|---|---|---|
| ML-DSA-44 (Dilithium-2) | 2.16.840.1.101.3.4.3.17 | NIST Category 2 |
| ML-DSA-65 (Dilithium-3) | 2.16.840.1.101.3.4.3.18 | NIST Category 3 |
| ML-DSA-87 (Dilithium-5) | 2.16.840.1.101.3.4.3.19 | NIST Category 5 |
Use cases: X.509 signatures, code signing, document signing.
2. SLH-DSA (SPHINCS+) — Stateless Hash-Based Signature
Assigned under the NIST digital signature arc: 2.16.840.1.101.3.4.3.2x
| Algorithm Variant | OID | Notes |
|---|---|---|
| SLH-DSA-SHA2-128s | 2.16.840.1.101.3.4.3.20 | SHA-256, small, cat 1 |
| SLH-DSA-SHA2-128f | 2.16.840.1.101.3.4.3.21 | SHA-256, fast, cat 1 |
| SLH-DSA-SHA2-192s | 2.16.840.1.101.3.4.3.22 | SHA-256, cat 3 |
| SLH-DSA-SHA2-192f | 2.16.840.1.101.3.4.3.23 | SHA-256, fast, cat 3 |
| SLH-DSA-SHA2-256s | 2.16.840.1.101.3.4.3.24 | SHA-256, cat 5 |
| SLH-DSA-SHA2-256f | 2.16.840.1.101.3.4.3.25 | SHA-256, fast, cat 5 |
| SLH-DSA-SHAKE-128s | 2.16.840.1.101.3.4.3.26 | SHAKE128, cat 1 |
| SLH-DSA-SHAKE-128f | 2.16.840.1.101.3.4.3.27 | SHAKE128, fast, cat 1 |
| SLH-DSA-SHAKE-192s | 2.16.840.1.101.3.4.3.28 | SHAKE128, cat 3 |
| SLH-DSA-SHAKE-192f | 2.16.840.1.101.3.4.3.29 | SHAKE128, fast, cat 3 |
| SLH-DSA-SHAKE-256s | 2.16.840.1.101.3.4.3.30 | SHAKE256, cat 5 |
| SLH-DSA-SHAKE-256f | 2.16.840.1.101.3.4.3.31 | SHAKE256, fast, cat 5 |
Use cases: Long-term archival signatures (very conservative).
3. ML-KEM (Kyber) — Post-Quantum Key Encapsulation Mechanism
Assigned under the NIST encryption/KEM arc: 2.16.840.1.101.3.4.1.5x
| Algorithm Variant | OID | Notes |
|---|---|---|
| ML-KEM-512 (Kyber-512) | 2.16.840.1.101.3.4.1.55 | NIST security cat 1 |
| ML-KEM-768 (Kyber-768) | 2.16.840.1.101.3.4.1.56 | NIST security cat 3 |
| ML-KEM-1024 (Kyber-1024) | 2.16.840.1.101.3.4.1.57 | NIST security cat 5 |
Use cases: TLS key exchange, CMS encryption, VPNs.
📚 Supporting OIDs for PQC
Hash Functions
Defined in the NIST hash arc: 2.16.840.1.101.3.4.2.x
2.16.840.1.101.3.4.2.11→ SHAKE1282.16.840.1.101.3.4.2.12→ SHAKE2562.16.840.1.101.3.4.2.8→ SHA3-2562.16.840.1.101.3.4.2.9→ SHA3-3842.16.840.1.101.3.4.2.10→ SHA3-512
Used inside SLH-DSA and sometimes in hybrid constructions.
Hybrid / Composite OIDs
Still draft in IETF LAMPS:
- Composite signature OID →
id-compositearc - Hybrid OIDs → defined as concatenations (RSA/ECDSA + PQC)
These are not final yet but will be essential for PKI migration strategies.
✅ Key Takeaways
- Final OIDs for PQC are now part of the NIST OID tree under
2.16.840.1.101.3.4. - You should use ML-DSA, SLH-DSA, and ML-KEM OIDs in new certificate and TLS deployments.
- Expect hybrid OIDs to be finalized soon by IETF for transitional PKI.
👉 With this registry, you have a one-stop lookup for all PQC OIDs in certificates, signatures, and KEMs.