Composite Signatures Draft Moves Toward Publication!

We’re excited to share some great news from the IETF LAMPS working group: the draft-ietf-lamps-pq-composite-sigs, after 12 drafts and much discussion, has successfully completed its Working Group Last Call (WGLC) and is now in the queue for publication — the final step before becoming an RFC.

🧩 A Milestone for Post-Quantum Hybrid Signatures

The composite signatures draft defines a new, clean approach to post-quantum hybrid signatures, enabling multiple signature algorithms (for example, a traditional algorithm like ECDSA or RSA together with a post-quantum one such as ML-DSA) to be combined into a single signature structure.

Unlike other “dual-signature” mechanisms, composite signatures are treated as new, standalone algorithms. That means applications and protocols do not need to understand or verify multiple signature chains separately—they simply see one key type and one signature that either passes or fails verification. This avoids brittle logic and keeps security decisions within the cryptographic layer, where they belong.

With the completion of the WGLC, the draft’s structure and identifiers are now final — including the finalized OIDs for the composite algorithms.

🚀 aurora and Composite Signatures

The timing couldn’t be better: the aurora 0.9.0 release is live, generally available for anyone to try, and fully supports the final version of the composite signatures draft. aurora‘s implementation aligns with the final OIDs and structure definitions, making it one of the first toolkits to support the standard as it moves toward RFC publication.

This is a key step for deploying hybrid post-quantum cryptography in a practical and standards-aligned way—letting systems integrate PQC readiness today while maintaining confidence in well-established classical algorithms.

🛠 What’s Next

Next month we’ll publish a dedicated blog post about aurora, which will cover all the new features and details of the composite signature implementation. For now, this milestone marks an important moment: the composite signatures draft is essentially complete, and aurora is ready for it.

TL;DR:
✅ draft-ietf-lamps-pq-composite-sigs passed WGLC and is headed for publication
✅ Final OIDs and structures defined
✅ Aurora 0.9.0 is live, generally available for anyone to try, and fully supports the final version
💪 One more step toward deployable, standards-based post-quantum hybrid signatures!