Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

PQC Standardization Process: Second Round Candidate Announcement
January 30, 2019

After over a year of evaluation, NIST would like to announce the candidates that will be moving on to the 2nd round of the NIST PQC Standardization Process.

The 17 Second-Round Candidate public-key encryption and key-establishment algorithms are:

  • BIKE
  • Classic McEliece
  • CRYSTALS-KYBER
  • FrodoKEM
  • HQC
  • LAC
  • LEDAcrypt (merger of LEDAkem/LEDApkc)
  • NewHope
  • NTRU (merger of NTRUEncrypt/NTRU-HRSS-KEM)
  • NTRU Prime
  • NTS-KEM
  • ROLLO (merger of LAKE/LOCKER/Ouroboros-R)
  • Round5 (merger of Hila5/Round2)
  • RQC
  • SABER
  • SIKE
  • Three Bears

The 9 Second Round Candidates for digital signatures are:

  • CRYSTALS-DILITHIUM
  • FALCON
  • GeMSS
  • LUOV
  • MQDSS
  • Picnic
  • qTESLA
  • Rainbow
  • SPHINCS+

We would like to thank all candidate submission teams for their efforts in this standardization process. It was not an easy process to narrow down the submissions. To better explain our decision process and rationale for our selection, we have released a short report, NIST Internal Report (NISTIR) 8240. It will soon be available at https://csrc.nist.gov/publications and on our NIST post-quantum webpage www.nist.gov/pqcrypto. Questions may be directed to pqc-comments@nist.gov. We hope that teams whose scheme was not selected to advance will continue to participate by evaluating and analyzing the remaining cryptosystems, along with the cryptographic community at large. NIST would not be able to select algorithms for new post-quantum public-key standards without these combined efforts.

For the 2nd round candidates, NIST will allow the submission teams the option of providing updated specifications and implementations (i.e. “tweaks”). The deadline for these tweaks will be March 15, 2019. We originally planned that submission teams would have more time, however recent events out of our control have altered the timeline. If any submission team feels they may not meet the deadline, we strongly encourage them to contact us to discuss. NIST will review the proposed modifications and publish the accepted submissions shortly afterwards. More detailed information and guidance will be provided in another message.

It is estimated that this second phase of evaluation and review will last 12-18 months. NIST is planning to hold a 2nd NIST PQC Standardization Conference from August 22-24, 2019 in Santa Barbara, California, co-located with CRYPTO 2019. The Call for Papers for this conference can be found at www.nist.gov/pqcrypto, and will also be posted to this pqc-forum in another message. The deadline for submission to the 2nd NIST PQC Conference is May 31, 2019. After the 2nd round, NIST may select schemes for standardization or alternatively decide a third round is needed.


Note – These are NIST’s current plans. Due to future events which may be beyond our control, the above timeline is subject to change if the situation warrants.

Also see: NIST Reveals 26 Algorithms Advancing to the Post-Quantum Crypto ‘Semifinals’

Parent Project

See: Post-Quantum Cryptography

Topics

Security and Privacy: post-quantum cryptography,

Created January 29, 2019, Updated January 30, 2019