NIST has indicated that they will announce which of the Round 3 Post Quantum Cryptography algorithms they will select for standardization and also which of the alternatives will move on to Round 4 for analysis on July 5, 2022. This will be an important milestone in a process. that started at the end of 2016.

NIST Standardization Process Round 3 PQC Candidates. Source: NIST

They will be announcing multiple standardization algorithms for two reasons. First, there are differences between the algorithms in technical characteristics such as key size, encryption and decryption speed, and encryption text size, which makes different algorithms preferable for certain applications. For example, an IoT device with limited processing power may not want to use the same algorithm as a powerful server that has much more processing capacity. The other reason is to provide multiple solutions that are useful for security reasons. If for some reason one of the algorithms breaks down in the future, there will be an alternative that can be used to replace it. There are different types of algorithms classified into grid-based, code-based, hash-based, multivariate, and supersingular isogeny-based mechanisms and NIST would prefer to have several classes of algorithms available in case a weakness is found in the future that can affect an entire class. For example, in the chart above, Kyber, NTRU, and SABER are all grid-based algorithms and we don’t think NIST will select more than one of those three.

The chart above shows the algorithms they analyzed during the round 3 analysis. For the algorithms shown in the Finalist column, NIST will select some of them for standardization. The others drop out or can be moved to round 4 for additional analysis. For the algorithms shown in the Alternatives column, some of the algorithms will be selected for further analysis in round 4. The unselected algorithms will probably be disregarded. A recent development is that NIST has indicated that they will reopen the submission process for new Signature algorithms, as they believe they may not have enough diversity of algorithm types in the current batch of Round 3 candidates.

For more information, please visit the Post-quantum cryptography website maintained by NIST that contains an archive of the submissions, presentations, workshops and events that have taken place during this program.

July 1, 2022