What’s Next After Lattice Cryptography? Will it be BIKE, HQC, or McEliece?
Wow! It has been a crazy time in the world of NIST PQC (Post Quantum Cryptography). First, the multivariate cryptography method of Rainbow was cracked using a relatively old laptop over a weekend, and then SIKE/SIDH was defined as being insecure.
The winners
The two winners were CRYSTALS-Kyber for key exchange and CRYSTALS-Dilithum, SPHINCS+, and FALCON for digital signatures. Both of the methods are lattice-based, and both have good performance and reasonable key sizes. Kyber is the fastest of all the Round 3 contenders [here]:
And, while SIDH and SIKE had the shortest key sizes, Kyber also produces reasonable sizes, such as 800 bytes for the public key [here]:
For digital signatures, it was Dilithium that showed good overall performance [here], with the fastest signing and verification method, but a little shower than Picnic for key generation [here]:
