Most popular algorithm for public key generation

Lattice is a network of infinitely many points;

each vector is a point, and the set of vectors
representing any point in the lattice is called Begun in Dec 2016 &
a BASIS. Ended in July 2019

Messages are presented under vectors, and Received 82 submissions

the public key is a matrix in which the messages
69 valid candidates out of 82 submitted
are multiplied to generate the ciphertext. NIST
Selected 26 candidate algorithms
Learning With Errors @LWE, at the end
Lattice-based
Round First
Ring-LWE
encryption
Initial screening of all submissions to
NTRU Lattice Based First
identify those that do not meet the min
Cryptography Two Phase
security and functional criteria
Falcon Three lattice
Phases
Lattice-based based schemes
Rainbow Second NIST est criteria for evaluating algorithms
signature schemes
Dilithium Phase including security & ease of implementation

Kyber Lattice-based Begun in Jan 2019

Frodo key exchanges Ended in July 2020
Focus on eval and analysing the
Been studied extensively, and many of them 26 candidates from Round First
have been proposed and implemented in hardware.
Testing and evaluation of candidate algorithms
Notably, up to three out of the four for software and hardware implementation
selected candidates for standardization
are lattice-based Classic McEliece
CRYSTALS-Kyber
Cryptographic technique that relies heavily 4 PKE/KEM
NTRU
on hash functions to achieve various security
objectives Final 7 Saber

Leverages Merkle trees, hash functions, and CRYSTALS-Dilithium

message signing to achieve digital signatures Round Second 3 Digital
and other cryptographic primitives. Falcon
Hash Based Signatures
Selected Rainbow
Lamport Signatures Cryptography
7 finalists
Merkle Signature Scheme and 8 alternate BIKE
Winternitz One-Time Signature Scheme (WOTS) Examples candidates FrodoKEM
XMSS (Extended Merkle Signature Scheme) 5 PKE/KEM HQC
SPHINCS (SPHINCS: Spherical Hash-based Signature) Plus 8 NTRU Prime
Call for proposals on alternate SIKE
Leverages error-correcting codes, a concept Theoretical basis candidates
from information theory. of PQC PQC 2016 Post Quantum Algorithm
by NIST GeMSS
These codes add redundancy to data 3 Digital
Picnic
to detect and correct errors that might Signatures
SPHINCS+
occur during transmission.
Built around the difficulty of decoding a message Begun in July 2020
with random errors—an attacker needs to find Code based Ran for 18 Months ~Jan 2022
the original, error-free codeword. Cryptography
CRYSTALS-Kyber(Main)
Classic McEliece
Classic McEliece
BIKE
5 PKE/KEM BIKE
HQC Examples + 4 additional
Round Third HQC
LAC (family): LEDAcrypt, ROLLO
After 18 months
SIKE
RQC

CRYSTALS-Dilithium
New kid on the block, promising short keys
3 x Digital
and ciphertexts and non-interactive key exchange. Falcon
Signatures
Rely on the properties of isogenies SPHINCS+
between elliptic curves
Designed for key establishment i.e
An isogeny between two elliptic curves is a
it allows two parties to securely
morphism, or a structure-preserving map, that 1 x PKE/KEM CRYSTALS-Kyber
exchange a secret key over an
connects these curves. .
Isogeny of insecure channel.
Specifically, an isogeny is a map between Elliptic Curves
two elliptic curves that preserves the group Allows users to digitally sign documents
structure, meaning it maps points on one CRYSTALS-Dilithium
and verify their authenticity.
curve to points on another while preserving
certain algebraic relationships and operations Focuses on generating smaller signatures
Round Fourth than CRYSTALS-Dilithium
SIKE (Supersingular Isogeny Key Encapsulation) Falcon
Supersingular Isogeny Diffie-Hellman Example More suitable for situations where bandwidth
SIDH (Supersingular Isogeny Diffie-Hellman) 3 x Digital
or storage are limited.
Signatures
Short signatures and large public keys.
Based on cryptographic hash functions.
Security relies on hardness of solving systems of multivariate
Offers strong security guarantees and
equations over finite fields SPHINCS+ resilience against side-channel attacks,
i

Based on systems of multivariate quadratic equations, where

ar

Multivariate-quadratic making it a good choice for high-security

tiw

both the public key and the signature consist of multivariate signatures applications.
polynomials
am
up

Unbalanced Oil and Vinegar

Rainbow is a popular variant Example
an

(UOV) signature scheme

@