NIST submissions

From PQC WIKI

FINALISTS

A. Public-key Encryption and Key-establishment Algorithms

OP ID Validity Proposal Variant Round Owner Type Description Assumption Functionality Public Key
(bytes)
Private Key
(bytes)
Data Size
(bytes)
Comments Security Type Challenge Notes Date Cmt_link Website
R2_02 1 Classic McEliece 2 R2_02 code Conservative Binary Goppa SDP KEM level 1: 261120, level 3: 524160, level 5: 1044992,level 5: 1047319, level 5: 1357824 level 1: 6452, level 3: 13568, level 5: 13892, level 5: 13908, level 5: 14080 level 1: 128, level 3: 188, level 5: 240, level 5: 226, level 5: 240 IND-CCA (BP) Goppa-McEliece Challenge https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/$20Classic$20McEliece$20%09%7Csort:date/pqc-forum/PvkX7Ne_9qI/6C3iwP9zAAAJ https://classic.mceliece.org
R2_04 1 CRYSTALS-KYBER 2 R2_04 lattice LWE on Module Lattices MLWE KEM level 1: 800, level 3: 1184, level 5: 1568 level 1: 1632, level 3: 2400, level 5: 3168 level 1: 736, level 3: 1088, level 5: 1568 IND-CCA https://pq-crystals.org/
R2_14 1 NTRU 2 R2_14 lattice NTRU ,, Merger of NTRUEncrypt and NTRU-HRSS-KEM. https://ntru.org/
R2_40 0 NTRU-HPS 2 R2_14 lattice NTRU KEM level 1: 699, level 3: 931, level 5: 1230 level 1: 935, level 3: 1235, level 5: 1592 level 1: 699, level 3: 931, level 5: 1230 IND-CCA (SXY) https://www.onboardsecurity.com/nist-post-quantum-crypto-submission
R2_41 0 NTRU-HRSS 2 R2_14 lattice NTRU KEM level 3: 1138 level 3: 1452 level 3: 1138 IND-CCA (SXY) https://www.onboardsecurity.com/nist-post-quantum-crypto-submission
R2_23 1 SABER 2 R2_23 lattice LWR MLWR KEM level 1: 672, level 3: 992, level 5: 1312 level 1: 832, level 3: 1248, level 5: 1664 level 1: 736, level 3: 1088, level 5: 1472 IND-CCA https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/official$20comment$20round$202%7Csort:date https://www.esat.kuleuven.be/cosic/pqcrypto/saber/

B. Digital Signature Algorithms

OP ID Validity Proposal Variant Round Owner Type Description Assumption Functionality Public Key
(bytes)
Private Key
(bytes)
Data Size
(bytes)
Comments Security Type Challenge Notes Date Cmt_link Website
R2_03 1 CRYSTALS-DILITHIUM 2 R2_03 lattice LWE on Module Lattices MLWE, MSIS Signature level 1: 1184, level 2: 1472, level 3: 1760 level 1: 2800, level 2: 3504, level 3: 3856 level 1: 2044, level 2: 2701, level 3: 3366 SUF-CMA https://pq-crystals.org/
R2_05 1 FALCON 2 R2_05 lattice NTRU NTRU Signature level 1: 897, level 3: 1441, level 5: 1793 level 1: -, level 3: -, level 5: - level 1: 618, level 3: 994, level 5: 1234 EUF-CMA https://falcon-sign.info/
R2_19 1 Rainbow 2 R2_19 multivariate UOV
R2_49 0 Rainbow 2 R2_19 multivariate MQ Signature level 1: 149000, level 3: 710600, level 5: 1705500 level 1: 93000, level 3: 511400, level 5: 1227100 level 1: 64, level 3: 156, level 5: 204 EUF-CMA
R2_50 0 Compressed Rainbow 2 R2_19 multivariate MQ Signature level 1: 58100, level 3: 206700, level 5: 491900 level 1: 93000, level 3: 511400, level 5: 1227100 level 1: 64, level 3: 156, level 5: 205 EUF-CMA


ALTERNATE CANDIDATES

A. Public-key Encryption and Key-establishment Algorithms

OP ID Validity Proposal Variant Round Owner Type Description Assumption Functionality Public Key
(bytes)
Private Key
(bytes)
Data Size
(bytes)
Comments Security Type Challenge Notes Date Cmt_link Website
R3_01 1 BIKE 3a R3_01 code QC-MDPC QC-SDP,QC-CF KEM level 1: 2244, level 3: 3346 level 1: 12323, level 3: 24659 level 1: 12579, level 3: 24915 IND-CPA (BGF decoder),IND-CCA (low DFR) http://bikesuite.org/
R3_06 1 FrodoKEM 3a R3_06 lattice LWE LWE KEM level 1: 9616, level 3: 15632, level 5: 21520 level 1: 19888, level 3: 31296, level 5: 43088 level 1: 9720, level 3: 15744, level 5: 21632 IND-CCA https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/official$20comment$20round$202|sort:date/pqc-forum/_kBMTq3RM28/Zj2CpnEzBgAJ https://frodokem.org/
R3_08 1 HQC 3a R3_08 code QC random codes - no decoding Decision QC-SDP KEM level 1: 6170, level 3: 10918, level 5: 15898 level 1: 252, level 3: 404, level 5: 532 level 1: 6234, level 3: 10981, level 5: 15960 Comment on parity of ciphertexts (not a security issue). IND-CCA (HHK) https://pqc-hqc.org/
R3_15 1 NTRU Prime 3a R3_15 lattice NTRU Prime https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/official$20comment$20round$202|sort:date/pqc-forum/V1RNjpio5Ng/uzEDmsogAgAJ https://ntruprime.cr.yp.to
R3_42 0 Streamlined NTRUPrime 3a R3_15 lattice NTRU Prime KEM level 2: 994, level 3: 1158, level 4: 1322 level 2: 1518, level 3: 1763, level 4: 1999 level 2: 897, level 3: 1039, level 4: 1184 IND-CCA (Dent) https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/official$20comment$20round$202|sort:date/pqc-forum/V1RNjpio5Ng/uzEDmsogAgAJ https://ntruprime.cr.yp.to
R3_43 0 NTRU LPRime 3a R3_15 lattice NTRU Prime KEM level 2: 897, level 3: 1039, level 4: 1184 level 2: 1125, level 3: 1294, level 4: 1463 level 2: 1025, level 3: 1167, level 4: 1312 IND-CCA (Dent) https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/official$20comment$20round$202|sort:date/pqc-forum/V1RNjpio5Ng/uzEDmsogAgAJ https://ntruprime.cr.yp.to
R3_24 1 SIKE 3a R3_24 other Isogenies ,, ,, ,, https://groups.google.com/a/list.nist.gov/forum/#!searchin/pqc-forum/$20ROUND$202$20OFFICIAL$20COMMENT$3A$20SIKE%7Csort:date/pqc-forum/q4mEDtl6kt4/PF6P6XUpBwAJ http://sike.org/
R3_60 0 SIKE 3a R3_24 other SIDH KEM level 1: 330, level 2: 378, level 3: 462, level 5: 564 level 1: 374, level 2: 434, level 3: 524, level 5: 644 level 1: 346, level 2: 402, level 3: 486, level 5: 596 IND-CCA (HHK)
R3_61 0 SIKE_compressed 3a R3_24 other SIDH KEM level 1: 196, level 2: 224, level 3:273, level 5: 331 level 1: 239, level 2: 280, level 3:336, level 5: 413 level 1: 209, level 2: 248, level 3:297, level 5: 363 IND-CCA (HHK)

B. Digital Signature Algorithms

OP ID Validity Proposal Variant Round Owner Type Description Assumption Functionality Public Key
(bytes)
Private Key
(bytes)
Data Size
(bytes)
Comments Security Type Challenge Notes Date Cmt_link Website
R3_07 1 GeMSS 2 R3_07 multivariate Hidden Field Equations HFEv- Signature level 1: 417408, level 3: 1304192, level 5: 3046848 level 1: 14520, level 3: 40280, level 5: 83688 level 1: 33, level 3: 52, level 5: 72 EUF-CMA All sizes taken from reference implementation. https://www-polsys.lip6.fr/Links/NIST/GeMSS.html
R3_17 1 Picnic 2 R3_17 hash Non-interactive Proof of Knowledge https://microsoft.github.io/Picnic/
R3_44 0 Picnic-FS 2 R3_17 other ZKB++ Signature level 1: 32, level 3: 48, level 5: 64 level 1: 16, level 3: 24, level 5: 32 level 1: 34032, level 3: 76772, level 5: 132856 SUF-CMA
R3_45 0 Picnic-UR 2 R3_17 other ZKB++ Signature level 1: 32, level 3: 48, level 5: 65 level 1: 16, level 3: 24, level 5: 33 level 1: 53961, level 3: 121845, level 5: 209506 SUF-CMA
R3_46 0 Picnic2-FS 2 R3_17 other ZKB++ Signature level 1: 32, level 3: 48, level 5: 66 level 1: 16, level 3: 24, level 5: 34 level 1: 13802, level 3: 29750, level 5: 54732 SUF-CMA
R3_25 1 SPHINCS+ 2 R3_25 hash Stateless XMSS ,, ,, ,, https://sphincs.org/
R3_62 0 SPHINCS+ Small 2 R3_25 hash PRF Signature level 1: 32, level 3: 48, level 5: 64 level 1: 64, level 3: 96, level 5: 128 level 1: 8080, level 3: 17064, level 5: 29792 EUF-CMA https://sphincs.org/
R3_63 0 SPHINCS+ Fast 2 R3_25 hash PRF Signature level 1: 32, level 3: 48, level 5: 64 level 1: 64, level 3: 96, level 5: 128 level 1: 16976, level 3: 35664, level 5: 49216 EUF-CMA https://sphincs.org/