Fwd: [pqc-forum] Announcement: The End of the 3rd Round - the First PQC Algorithms to be Standardized

zeynep at keemail.me zeynep at keemail.me
Tue Jul 5 14:36:57 PDT 2022 



>
>
> ---------- Forwarded message ---------
> Gönderen: > 'Moody, Dustin (Fed)' via pqc-forum>  > <> pqc-forum at list.nist.gov> >
> Date: 5 Tem 2022 Sal 18:32
> Subject: [pqc-forum] Announcement:  The End of the 3rd Round - the First PQC Algorithms to be Standardized
> To: pqc-forum <> pqc-forum at list.nist.gov> >
>
>
>
> Announcement
>
>
>  
>
>
> After careful consideration during the 3> rd>  Round of the NIST PQC Standardization Process, NIST has identified four candidate algorithms for standardization. > The primary algorithms NIST recommends be implemented for most use cases are>  > CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures).>   > In addition, the signature schemes Falcon and SPHINCS+ will also be standardized.
>
>
>  
>
>
> Algorithms to be Standardized
>
>
>
>  
>
>
> Public-Key Encryption/KEMs
>
>
> CRYSTALS-KYBER
>
>
>  
>
>
> Digital Signatures
>
>
> CRYSTALS-Dilithium
>
>
> Falcon
>
>
> SPHINCS+
>
>
>
>  
>
>
>  
>
>
> CRYSTALS-KYBER > (key-establishment)>  and CRYSTALS-Dilithium > (digital signatures) > were both selected for their strong security and excellent performance, and NIST expects them to work well in most applications. Falcon will also be standardized by NIST since there may be use cases for which CRYSTALS-Dilithium signatures are too large. Additionally, SPHINCS+ will be standardized to avoid only relying on the security of lattices for signatures. NIST asks for public feedback on a version of SPHINCS+ with a lower number of maximum signatures.
>
>
>
>
>
> Additionally, the following candidate KEM algorithms will advance to the fourth round:
>
>
>  
>
>
> 4> th>  Round Candidates 
>
>
>
>  
>
>
> Public-Key Encryption/KEMs
>
>
> BIKE
>
>
> Classic McEliece
>
>
> HQC
>
>
> SIKE
>
>
>  
>
>
>
>  
>
>
> Both BIKE and HQC are based on structured codes, and > either >  would be suitable as a general-purpose KEM that is not based on lattices.>  >  NIST expects to select at most one of these two candidates for standardization at the conclusion of the>  > fourth round. SIKE remains an attractive candidate for standardization because of its small>  > key and ciphertext sizes and will continue to study it in the fourth round. Classic>  > McEliece was a finalist but is not being standardized by NIST at this time.  Although Classic>  > McEliece is widely regarded as secure, NIST does not anticipate>  > it being widely used due to its large public key size. NIST may choose to standardize Classic McEliece at the end of the fourth round.
>
>
>  
>
>
> For the algorithms moving on to the fourth round, NIST will allow the submission teams to provide updated specifications and implementations (“tweaks”). The deadline for these tweaks will be > October 1, 2022> . Any submission team that feels that they may not meet the deadline should contact NIST as soon as possible. NIST will review the proposed modifications and publish the accepted submissions shortly afterwards. As a general guideline, NIST expects any modifications to be relatively minor. The fourth round will proceed similarly to the previous rounds. More detailed information and guidance will be provided in another message.
>
>
>  
>
>
> A detailed description of the decision process and rationale for selection will be included in NIST Interagency or Internal Report (NISTIR) 8413, > Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process, > which will soon be available at > https://csrc.nist.gov/publications>  and on the NIST post-quantum webpage > https://nist.gov/pqcrypto> . Questions may be directed to > pqc-comments at nist.gov> . 
>
>
>  
>
>
> NIST will create new draft standards for the algorithms to be standardized and will coordinate with the submission teams to ensure that the standards comply with the specifications. As part of the drafting process, NIST will seek input on specific parameter sets to include, particularly for security category 1. When finished, the standards will be posted for public comment. After the close of the comment period, NIST will revise the draft standards as appropriate based on the feedback received. A final review, approval, and promulgation process will then follow.
>
>
>  
>
>
> NIST will hold a 4th NIST PQC Standardization Conference on November 29 – December 1, 2022. The conference details have not yet been finalized. The preliminary Call for Papers will be posted, both on the pqc-forum and the NIST PQC webpage > http://nist.gov/pqcrypto> . 
>
>
> NIST also plans to issue a new Call for Proposals for public-key (quantum-resistant) digital signature algorithms by the end of summer 2022. NIST is primarily looking to diversify its signature portfolio, so signature schemes that are not based on structured lattices are of greatest interest. NIST would like submissions for signature schemes that have short signatures and fast verification (e.g., UOV). Submissions in response to this call will be due by June 1, 2023. Submitters are encouraged to communicate with NIST ahead of time. NIST will decide which (if any) of the submitted signature algorithms to accept and will initiate a new process for evaluation. NIST expects this process to be much smaller in scope than the current PQC process. The signature schemes accepted to this process will need to be thoroughly analyzed, which will similarly take several years.  
>
>
>  
>
>
> NIST would like to thank the community and all of the submission teams for their efforts in this standardization process and hopes that the teams whose schemes were not selected to advance will continue to participate by evaluating and analyzing the remaining cryptosystems alongside the cryptographic community at large. These combined efforts are crucial to the development of NIST’s future post-quantum public-key standards.
>
>
>  
>
>
>  
>
>
> The NIST PQC team
>
>
>  
>
>
>
>
> --
>  You received this message because you are subscribed to the Google Groups "pqc-forum" group.
>  To unsubscribe from this group and stop receiving emails from it, send an email to > pqc-forum+unsubscribe at list.nist.gov> .
>  To view this discussion on the web visit > https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/SA1PR09MB866933A15C3568FC510B4B68E5819%40SA1PR09MB8669.namprd09.prod.outlook.com <https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/SA1PR09MB866933A15C3568FC510B4B68E5819%40SA1PR09MB8669.namprd09.prod.outlook.com?utm_medium=email&utm_source=footer>> .
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 17023 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20220705/42081f3d/attachment.txt>

More information about the cypherpunks mailing list