Finalist Quantum Computer Resistant Algorithms Selected in Long Standardization Process

The National Institute of Standards and Technology is working with many companies and researchers to provide security for financial information and privacy when there are quantum computers powerful enough to break current encryption. They have selected 26 post-quantum algorithms after one year of testing in the second round of a massive selection process.

The goal of post-quantum cryptography is to develop cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.

Post-quantum cryptography is also called quantum-resistant cryptography.

It is not clear when a large-scale quantum computer will be built. However, there are now 79 qubit ion trap quantum computers from IonQ, 49-72 qubit superconducting quantum computers from Google, Intel, IBM and others and 5,640 qubits in D-Wave Systems Quantum annealing system.

Many scientists now believe large-scale quantum computers is merely a significant engineering challenge.

NIST mathematicians and computer scientists consider the selected algorithms to be the strongest candidates submitted to its Post-Quantum Cryptography Standardization project. One or more of these could become part of a set of standards for protecting electronic information from attack by the computers of both tomorrow and today.

The cryptography community will focus on analyzing the performance of each of the systems over the next twelve months. This will help NIST to determine how well they each perform in real-world applications and situations.

Categories of Algorithms

Most of the 26 algorithms fall into three large families. The families of algorithms are lattice, code-based, multivariate, and a few in the other category. Having different categories means that if one category becomes insecure then there are other unrelated approaches to use.

* Lattice cryptosystems are built using geometric structures known as lattices and are represented using mathematical arrays known as matrices.

* Code-based systems use error-correcting codes, which have been used in information security for decades.

* Multivariate systems depend on the difficulty of solving a system of quadratic polynomial equations over a finite field.

Once this second round of review is finished, it is possible there will be a third before NIST announces the post-quantum algorithms that will supplement or replace three standards considered to be most vulnerable to a quantum attack.

The 26 Finalist Quantum Resistant Algorithms

There is a 27-page report which summarizes each of the Quantum Resistant Algorithms in a few paragraphs for each.

There are 17 Second-Round Candidate public-key encryption and key-establishment algorithms are:

BIKE
Classic McEliece
CRYSTALS-KYBER
FrodoKEM
HQC
LAC
LEDAcrypt (merger of LEDAkem/LEDApkc)
NewHope
NTRU (merger of NTRUEncrypt/NTRU-HRSS-KEM)
NTRU Prime
NTS-KEM
ROLLO (merger of LAKE/LOCKER/Ouroboros-R)
Round5 (merger of Hila5/Round2)
RQC
SABER
SIKE
Three Bears

There are 9 Second Round Candidates for digital signatures are:

CRYSTALS-DILITHIUM
FALCON
GeMSS
LUOV
MQDSS
Picnic
qTESLA
Rainbow
SPHINCS+