NIST IR 8413-upd1 Third Round Status Report
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing technical
leadership for the Nation’s measurement and standards infrastructure. ITL develops tests,
test methods, reference data, proof of concept implementations, and technical analyses to
advance the development and productive use of information technology. ITL’s responsi-
bilities include the development of management, administrative, technical, and physical
standards and guidelines for the cost-effective security and privacy of other than national
security-related information in federal information systems.
Abstract
The National Institute of Standards and Technology is in the process of selecting public-
key cryptographic algorithms through a public, competition-like process. The new public-
key cryptography standards will specify additional digital signature, public-key encryp-
tion, and key-establishment algorithms to augment Federal Information Processing Stan-
dard (FIPS) 186-4, Digital Signature Standard (DSS), as well as NIST Special Publication
(SP) 800-56A Revision 3, Recommendation for Pair-Wise Key-Establishment Schemes Us-
ing Discrete Logarithm Cryptography, and SP 800-56B Revision 2, Recommendation for
Pair-Wise Key Establishment Using Integer Factorization Cryptography. It is intended that
these algorithms will be capable of protecting sensitive information well into the foresee-
able future, including after the advent of quantum computers.
This report describes the evaluation and selection process of the NIST Post-Quantum
Cryptography Standardization process third-round candidates based on public feedback
and internal review. The report summarizes each of the 15 third-round candidate algorithms
and identifies those selected for standardization, as well as those that will continue to be
evaluated in a fourth round of analysis. The public-key encryption and key-establishment
algorithm that will be standardized is CRYSTALS–KYBER. The digital signatures that will
be standardized are CRYSTALS–Dilithium, FALCON, and SPHINCS
+
. While there are
multiple signature algorithms selected, NIST recommends CRYSTALS–Dilithium as the
primary algorithm to be implemented. In addition, four of the alternate key-establishment
candidate algorithms will advance to a fourth round of evaluation: BIKE, Classic McEliece,
HQC, and SIKE. These candidates are still being considered for future standardization.
NIST will also issue a new Call for Proposals for public-key digital signature algorithms to
augment and diversify its signature portfolio.
Keywords
cryptography; digital signatures; key-encapsulation mechanism (KEM); key-establishment;
post-quantum cryptography; public-key encryption; quantum resistant; quantum safe
i
