Day 0 of a Post Quantum Cryptography World

NIST has a strong track record for defining standards that are widely adopted over the industry. This includes the standardization of AES and SHA-3. And, so, finally, the next great standard for cybersecurity has been announced [here]:

As expected, it is the lattice methods and especially CRYSTALS (Cryptographic Suite for Algebraic Lattices) that have won through in the end. Overall, lattice methods generally produce fairly small key sizes, and have good performance levels. They have also been fairly well researched.

With Kyber is now defined as an emerging standard for PKE/Key Exchange, and NIST could not seperate the lattice method of Dilithium and Falcon. As NIST do not want to rely on lattice method, the SPHIHCS+ has won through for a non-lattice digital signature method. Overall SPHINCS+ has small key sizes, but does not perform as well as lattice methods for signing and verifying signatures.

Kyber

With PKE/KEM, Kyber advances to a standard, NIST are keen to progress a non-lattice based method, and progress the following into the 4th round:

• BIKE (Code-based).