In another important milestone for Post Quantum Cryptography (PQC), NIST has selected the first batch of algorithms from Round 3 that will be standardized and additional algorithms that will be analyzed during a Round 4 for potential additional standardization. The algorithms selected for standardization include CRYSTALS-KYBER for key-establishment and CRYSTALS-Dilithium, Falcon, SPHINCS+ for digital signatures. Additional algorithms Classic McEliece, Bike, HQC, and SIKE were selected for further study in Round 4. See the chart below.
NIST looked at a number of criteria for selection. Although security was the most important criteria, NIST also looked at performance criteria including key size, cipher text size, and encoding/decoding times. They are also concerned about having a diversity of algorithm types as we mentioned in our previous article. Kyber, Dilithium, and Falcon are all based upon a structured lattice class of algorithms and apparently SPHINCS+, originally an alternate slated for consideration in Round 4, was pulled in also selected for standardization because it is based upon a stateless hash-based signature scheme. The four Round 4 KEM/Encryption algorithms, Classic McEliece, Bike, HQC, and SIKE are also not based upon a structured lattice class of algorithms.
NIST has no additional Signature algorithms to evaluate during Round 4 and they are concerned that they may not have enough diversity of these. So, they will be issuing a call for additional new signature schemes to be submitted with a submission deadline of June 1, 2023. They are looking for signature schemes that are NOT based upon structured lattices and also have short signatures and fast verification. Any new algorithms submitted during this new evaluation will undergo a thorough analysis which will take several years.
Formalizing the selections will take a little time because the next steps will be for NIST to create draft standards and make them available for public comment before formal adoption. Additional information about this selection can be seen in a press release posted on the NIST website here as well as a 90 page technical report that can be accessed here.
July 5, 2022