Overview of NIST PQC Standardization (additional call for signatures)

Abstract: In the last two decades, there have been a lot of developments in building quantum computers; this is why, in 2017, NIST launched its call for cryptosystems that would resist both classical and quantum computers. Such cryptosystems are said to be quantum-resistant or post-quantum. The goal of this process, referred to as the NIST Post-Quantum Cryptography (PQC) Standardization Process, is to select a list of post-quantum cryptosystems, namely encryption (more precisely KEM) and signature schemes, for standardization. In summer 2022, after roughly 5 years of competition, 4 algorithms were selected to be standardized: Kyber, Dilithium, Falcon and Sphincs+. However, this does not mean the end of the competition, indeed since 3 out of 4 of these candidates are lattice-based schemes, NIST issued an additional call for signatures for the sake of diversity. Concurrently to the aforementioned selection of 4 new PQ standards, NIST selected 4 "alternate" candidates to be further studied by the community; this process is referred to as the Round 4 of NIST PQC Standardization process. Since SIKE, the only isogeny-based candidate got broken, this left 3 code-based alternate candidates, among which NIST could standardize one or several in the coming year(s). In this talk, we will go through the different categories (and their associated mathematical hard problems) for the Round 1 candidates for the additional call. In fact, among the 40 accepted candidates, there are 6+ categories of post-quantum cryptography. Last but not least, we will see a very high level overview of the key generation processes for the Round 4 candidates so that one can check if they are potential threshold friendly schemes.

[Slides] [Video]