Post-quantum cryptography encompasses the algorithms that are allegedly immune against quantum computing. There are five categories that seem suitable for post-quantum cryptography. See previous post.
In 2017, NIST initiated the process to select and standardize a set of post-quantum cryptosystems. In 2019, the second round selected 26 candidates. The third round started in 2020. Last month, NIST published an intermediary analysis of these candidates. As a result, NIST selected seven serious candidates and eight potential but unlikely contenders. The draft standards should be available by 2024. Table 1 lists the nine candidates for encryption. The predominance of lattice-based and code-based solutions is visible. Table 2 lists the six selected candidates for digital signatures. The more likely candidates are highlighted.
Code-based | Lattice | Isogeny | ||
BIKE | X | |||
Classic McEliece | X | |||
CRYSTALS-KYBER | X | |||
FrodoKEM | X | |||
HQC | X | |||
NTRU | X | |||
NTRU prime | X | |||
SABER | X | |||
SIKE | X |
Hash-based | Lattice | MQE | ||
CRYSTALS-DILITHIUM | X | |||
FALCON | X | |||
GeMSS | X | |||
Picnic | ||||
Rainbow | ||||
SPHINCS+ | X | |||
Lattice seems to be the big runner for post-quantum. A future post will attempt to give a hint on lattice-based cryptography.
The report is available at https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf
Pingback: OpenSSH prepares post-quantum | The blog of content protection
Pingback: NIST selected the post-quantum cryptosystems | The blog of content protection