NIST Post-Quantum Cryptography Standardization

Academic research on the potential impact of quantum computing dates back to at least 2001.{{Cite web|last=Hong|first=Zhu|date=2001|title=Survey of Computational Assumptions Used in Cryptography Broken or Not by Shor's Algorithm|url=http://crypto.cs.mcgill.ca/~crepeau/PDF/memoire-hong.pdf}} A NIST published report from April 2016 cites experts that acknowledge the possibility of quantum technology to render the commonly used RSA algorithm insecure by 2030.{{cite web|url=https://csrc.nist.gov/News/2016/NIST-Released-NISTIR-8105,-Report-on-Post-Quantum|title=NIST Released NISTIR 8105, Report on Post-Quantum Cryptography|date=21 December 2016|access-date=5 November 2019}} As a result, a need to standardize quantum-secure cryptographic primitives was pursued. Since most symmetric primitives are relatively easy to modify in a way that makes them quantum resistant, efforts have focused on public-key cryptography, namely digital signatures and key encapsulation mechanisms. In December 2016 NIST initiated a standardization process by announcing a call for proposals.{{cite journal|url=https://www.nist.gov/news-events/news/2016/12/nist-asks-public-help-future-proof-electronic-information|title=NIST Asks Public to Help Future-Proof Electronic Information|journal=NIST |date=20 December 2016|access-date=5 November 2019}}

The competition is now in its third round out of expected four, where in each round some algorithms are discarded and others are studied more closely. NIST hopes to publish the standardization documents by 2024, but may speed up the process if major breakthroughs in quantum computing are made.

It is currently undecided whether the future standards will be published as FIPS or as NIST Special Publication (SP).

Under consideration were:{{cite web|url=https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions|title=Round 1 Submissions – Post-Quantum Cryptography – CSRC|first=Information Technology Laboratory|last=Computer Security Division|date=3 January 2017|website=Csrc.nist.gov|access-date=31 January 2019}}

(strikethrough means it had been withdrawn)

• Guess Again by Lorenz Panny {{cite web|url=https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/guess-again-official-comment.pdf|title=Dear all, the following Python script quickly recovers the message from a given "Guess Again" ciphertext without knowledge of the private key|website=Csrc.nist.gov|access-date=30 January 2019}}
• RVB by Lorenz Panny{{cite web|url=https://twitter.com/yx7__/status/945283780851400704|title=Fast key recovery attack against the "RVB" submission to #NISTPQC: t .... Computes private from public key.|first=Lorenz|last=Panny|date=25 December 2017|publisher=Twitter|access-date=31 January 2019}}
• RaCoSS by Daniel J. Bernstein, Andreas Hülsing, Tanja Lange and Lorenz Panny{{cite web |url=https://helaas.org/racoss/ |title=Comments on RaCoSS |access-date=2018-01-04 |archive-url=https://web.archive.org/web/20171226100156/https://helaas.org/racoss/ |archive-date=2017-12-26 |url-status=dead }}
• HK17 by Daniel J. Bernstein and Tanja Lange{{cite web |url=https://helaas.org/hk17/ |title=Comments on HK17 |access-date=2018-01-04 |archive-url=https://web.archive.org/web/20180105070112/https://helaas.org/hk17/ |archive-date=2018-01-05 |url-status=dead }}
• SRTPI by Bo-Yin Yang{{cite web|url=https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/SRTPI-official-comment.pdf|title=Dear all, We have broken SRTPI under CPA and TPSig under KMA.|website=Csrc.nist.gov|access-date=30 January 2019}}
• WalnutDSA
• by Ward Beullens and Simon R. Blackburn{{Cite journal|last1=Beullens|first1=Ward|last2=Blackburn|first2=Simon R.|date=2018|title=Practical attacks against the Walnut digital signature scheme|url=https://eprint.iacr.org/2018/318|journal=Cryptology ePrint Archive}}
• by Matvei Kotov, Anton Menshov and Alexander Ushakov{{Cite journal|last1=Kotov|first1=Matvei |last2=Menshov |first2=Anton|first3=Alexander|last3= Ushakov |date=2018|title= An attack on the walnut digital signature algorithm|url=https://eprint.iacr.org/2018/393|journal=Cryptology ePrint Archive}}
• DRS by Yang Yu and Léo Ducas {{Cite journal|last1=Yu|first1=Yang|last2=Ducas |first2=Léo |date=2018|title= Learning strikes again: the case of the DRS signature scheme|url=https://eprint.iacr.org/2018/294|journal=Cryptology ePrint Archive}}
• DAGS by Elise Barelli and Alain Couvreur{{cite arXiv|last1=Barelli |first1=Elise |last2=Couvreur|first2=Alain |date=2018|title= An efficient structural attack on NIST submission DAGS|eprint=1805.05429|class=cs.CR }}
• Edon-K by Matthieu Lequesne and Jean-Pierre Tillich{{cite arXiv|last1=Lequesne |first1=Matthieu |last2=Tillich|first2=Jean-Pierre |date=2018|title= Attack on the Edon-K Key Encapsulation Mechanism|eprint=1802.06157|class=cs.CR }}
• RLCE by Alain Couvreur, Matthieu Lequesne, and Jean-Pierre Tillich{{cite arXiv|last1=Couvreur|first1=Alain |last2=Lequesne|first2=Matthieu |last3=Tillich|first3=Jean-Pierre|date=2018|title= Recovering short secret keys of RLCE in polynomial time|eprint=1805.11489|class=cs.CR }}
• Hila5 by Daniel J. Bernstein, Leon Groot Bruinderink, Tanja Lange and Lorenz Panny{{cite journal|title=Hila5 Pindakaas: On the CCA security of lattice-based encryption with error correction|last1=Bernstein|first1=Daniel J.|last2=Groot Bruinderink|first2=Leon|first3=Tanja|last3=Lange|first4=Lorenz|last4=Lange|journal=Cryptology ePrint Archive |date=2017|url=https://eprint.iacr.org/2017/1214}}
• Giophantus by Ward Beullens, Wouter Castryck and Frederik Vercauteren{{cite web|url=https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/Giophantus-official-comment.pdf|title=Official Comments|date=13 September 2018|website=Csrc.nist.gov}}
• RankSign by Thomas Debris-Alazard and Jean-Pierre Tillich {{cite arXiv|title=Two attacks on rank metric code-based schemes: RankSign and an Identity-Based-Encryption scheme|eprint = 1804.02556|last1 = Debris-Alazard|first1 = Thomas|last2 = Tillich|first2 = Jean-Pierre|class = cs.CR|year = 2018}}
• McNie by Philippe Gaborit;{{cite web|url=https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/round-1/official-comments/McNie-official-comment.pdf|title=I am afraid the parameters in this proposal have at most 4 to 6-bits security under the Information Set Decoding (ISD) attack.|website=Csrc.nist.gov|access-date=30 January 2019}} Terry Shue Chien Lau and Chik How Tan {{cite book|chapter=Key Recovery Attack on McNie Based on Low Rank Parity Check Codes and Its Reparation|first1=Terry Shue Chien|title = Advances in Information and Computer Security|volume = 11049|last1=Lau|first2=Chik How|last2=Tan|editor-first1=Atsuo|editor-last1=Inomata|editor-first2=Kan|editor-last2=Yasuda|date=31 January 2019|publisher=Springer International Publishing|pages=19–34|doi=10.1007/978-3-319-97916-8_2|series = Lecture Notes in Computer Science|isbn = 978-3-319-97915-1}}

Candidates moving on to the second round were announced on January 30, 2019. They are:{{cite web|url=https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions|title=Round 2 Submissions – Post-Quantum Cryptography – CSRC|first=Information Technology Laboratory|last=Computer Security Division|date=3 January 2017|website=Csrc.nist.gov|access-date=31 January 2019}}

On July 22, 2020, NIST announced seven finalists ("first track"), as well as eight alternate algorithms ("second track"). The first track contains the algorithms which appear to have the most promise, and will be considered for standardization at the end of the third round. Algorithms in the second track could still become part of the standard, after the third round ends.{{cite web|url=https://csrc.nist.gov/publications/detail/nistir/8309/final |title=Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process |year=2020 |doi=10.6028/NIST.IR.8309 |access-date=2020-07-23|last1=Moody |first1=Dustin |last2=Alagic |first2=Gorjan |last3=Apon |first3=Daniel C. |last4=Cooper |first4=David A. |last5=Dang |first5=Quynh H. |last6=Kelsey |first6=John M. |last7=Liu |first7=Yi-Kai |last8=Miller |first8=Carl A. |last9=Peralta |first9=Rene C. |last10=Perlner |first10=Ray A. |last11=Robinson |first11=Angela Y. |last12=Smith-Tone |first12=Daniel C. |last13=Alperin-Sheriff |first13=Jacob |s2cid=243755462 |doi-access=free }} NIST expects some of the alternate candidates to be considered in a fourth round. NIST also suggests it may re-open the signature category for new schemes proposals in the future.{{Citation|title=Third PQC Standardization Conference - Session I Welcome/Candidate Updates|date=10 June 2021 |url=https://www.nist.gov/video/third-pqc-standardization-conference-session-i-welcomecandidate-updates|language=en|access-date=2021-07-06}}

On June 7–9, 2021, NIST conducted the third PQC standardization conference, virtually.{{cite web|last=Computer Security Division|first=Information Technology Laboratory|date=2021-02-10|title=Third PQC Standardization Conference {{!}} CSRC|url=https://csrc.nist.gov/Events/2021/third-pqc-standardization-conference|access-date=2021-07-06|website=CSRC {{!}} NIST|language=EN-US}} The conference included candidates' updates and discussions on implementations, on performances, and on security issues of the candidates. A small amount of focus was spent on intellectual property concerns.

After NIST's announcement regarding the finalists and the alternate candidates, various intellectual property concerns were voiced, notably surrounding lattice-based schemes such as Kyber and NewHope. NIST holds signed statements from submitting groups clearing any legal claims, but there is still a concern that third parties could raise claims. NIST claims that they will take such considerations into account while picking the winning algorithms.{{cite web|url=https://csrc.nist.gov/CSRC/media/Projects/Post-Quantum-Cryptography/documents/call-for-proposals-final-dec-2016.pdf|title=Submission Requirements and Evaluation Criteria}}

• Rainbow: by Ward Beullens on a classical computer{{Cite journal|last1=Beullens|first1=Ward|date=2022|title=Breaking Rainbow Takes a Weekend on a Laptop|url=https://eprint.iacr.org/2022/214.pdf|website=Eprint.iacr.org}}

During this round, some candidates have shown to be vulnerable to some attack vectors. It forces these candidates to adapt accordingly:

; CRYSTAL-Kyber and SABER: may change the nested hashes used in their proposals in order for their security claims to hold.{{Cite journal|last1=Grubbs|first1=Paul|last2=Maram|first2=Varun|last3=Paterson|first3=Kenneth G.|date=2021|title=Anonymous, Robust Post-Quantum Public Key Encryption|journal=Cryptology ePrint Archive |url=https://eprint.iacr.org/2021/708}}

; FALCON: side channel attack using electromagnetic measurements to extract the secret signing keys. A masking may be added in order to resist the attack. This adaptation affects performance and should be considered whilst standardizing.{{Cite journal|last1=Karabulut|first1=Emre|last2=Aysu|first2=Aydin|date=2021|title=Falcon Down: Breaking Falcon Post-Quantum Signature Scheme through Side-Channel Attacks|journal=Cryptology ePrint Archive |url=https://eprint.iacr.org/2021/772}}

On July 5, 2022, NIST announced the first group of winners from its six-year competition.{{Cite journal|date=2022-07-05|title=NIST Announces First Four Quantum-Resistant Cryptographic Algorithms|url=https://www.nist.gov/news-events/news/2022/07/nist-announces-first-four-quantum-resistant-cryptographic-algorithms|access-date=2022-07-09|journal=NIST|language=EN-US}}{{cite web|date=2022-07-05|title=Selected Algorithms 2022|url=https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022|access-date=2022-07-09|website=CSRC {{!}} NIST|language=EN-US}}

On July 5, 2022, NIST announced four candidates for PQC Standardization Round 4.{{cite web|date=2022-07-05|title=Round 4 Submissions|url=https://csrc.nist.gov/Projects/post-quantum-cryptography/round-4-submissions|access-date=2022-07-09|website=CSRC {{!}} NIST|language=EN-US}}

• SIKE: by Wouter Castryck and Thomas Decru on a classical computer{{cite web |last1=Goodin |first1=Dan |title=Post-quantum encryption contender is taken out by single-core PC and 1 hour |url=https://arstechnica.com/information-technology/2022/08/sike-once-a-post-quantum-encryption-contender-is-koed-in-nist-smackdown/ |website=Ars Technica |date=2 August 2022 |access-date=6 August 2022}}https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8545.pdf

On March 11, 2025, NIST announced the selection of a backup algorithm for KEM.{{Cite journal|date=2025-03-11|title=NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption|url=https://www.nist.gov/news-events/news/2025/03/nist-selects-hqc-fifth-algorithm-post-quantum-encryption|access-date=2025-05-20|journal=NIST|language=EN-US}}

On August 13, 2024, NIST released final versions of its first three Post Quantum Crypto Standards. According to the release announcement:

While there have been no substantive changes made to the standards since the draft versions, NIST has changed the algorithms’ names to specify the versions that appear in the three finalized standards, which are:

• Federal Information Processing Standard (FIPS) 203, intended as the primary standard for general encryption. Among its advantages are comparatively small encryption keys that two parties can exchange easily, as well as its speed of operation. The standard is based on the CRYSTALS-Kyber algorithm, which has been renamed ML-KEM, short for Module-Lattice-Based Key-Encapsulation Mechanism.
• FIPS 204, intended as the primary standard for protecting digital signatures. The standard uses the CRYSTALS-Dilithium algorithm, which has been renamed ML-DSA, short for Module-Lattice-Based Digital Signature Algorithm.
• FIPS 205, also designed for digital signatures. The standard employs the Sphincs+ algorithm, which has been renamed SLH-DSA, short for Stateless Hash-Based Digital Signature Algorithm. The standard is based on a different math approach than ML-DSA, and it is intended as a backup method in case ML-DSA proves vulnerable.
• Similarly, when the draft FIPS 206 standard built around FALCON is released, the algorithm will be dubbed FN-DSA, short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm.

On March 11, 2025 NIST released HQC as the fifth algorithm for post-quantum asymmetric encryption as used for key encapsulation / exchange. The new algorithm is as a backup for ML-KEM, the main algorithm for general encryption. HQC is based on different math than ML-KEM, thus mitigating weakness if found.https://nvlpubs.nist.gov/nistpubs/ir/2025/NIST.IR.8545.pdf The draft standard incorporating the HQC algorithm is expected in early 2026 with the final in 2027.

NIST received 50 submissions and deemed 40 to be complete and proper according to the submission requirements.{{Cite web |last=Moody |first=Dustin |date=17 July 2023 |title=Onramp submissions are posted! |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/4zNPlO_NHas}} Under consideration are:{{cite web|url=https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures|website=csrc.nist.gov|title=Digital Signature Schemes|date=29 August 2022 |access-date=17 July 2023}}

(strikethrough means it has been withdrawn)

• 3WISE by Daniel Smith-Tone
• EagleSign by Mehdi Tibouchi{{Cite web |last=Tibouchi |first=Mehdi |date=17 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: EagleSign |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/zas5PLiBe6A}}
• KAZ-SIGN by Daniel J. Bernstein;{{Cite web |last=Bernstein |first=D.J. |date=17 July 2023 |title=OFFICIAL COMMENT: KAZ-SIGN |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/2ljDcgtawFw}} Scott Fluhrer{{Cite web |last=Fluhrer |first=Scott |date=17 July 2023 |title=KAZ-SIGN |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/aCbi4BMDeUs}}
• Xifrat1-Sign.I by Lorenz Panny{{Cite web |last=Panny |first=Lorenz |date=17 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: Xifrat1-Sign.I |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/9FXtBZKWueA}}
• eMLE-Sig 2.0 by Mehdi Tibouchi{{Cite web |last=Tibouchi |first=Mehdi |date=18 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: EagleSign |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/zas5PLiBe6A/m/EVmNzzglBQAJ}} (implementation by Lorenz Panny{{Cite web |last=Panny |first=Lorenz |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: EagleSign |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/zas5PLiBe6A/m/AKIzf2q8BgAJ |access-date=2025-05-13 |website=groups.google.com}})
• HPPC by Ward Beullens;{{Cite web |last=Beullens |first=Ward |date=18 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: HPPC |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KRh8w03PW4E}} Pierre Briaud, Maxime Bros, and Ray Perlner{{Cite web |last=Perlner |first=Ray |date=21 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: HPPC |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KRh8w03PW4E/m/IYGDdEJEBgAJ}}
• ALTEQ by Markku-Juhani O. Saarinen{{Cite web |last=Saarinen |first=Markku-Juhani O. |date=18 July 2023 |title=OFFICIAL COMMENT: ALTEQ |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/-LCPCJCyLlc}} (implementation only?)
• Biscuit by Charles Bouillaguet{{Cite web |last=Bouillaguet |first=Charles |date=19 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: Biscuit |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/sw8NueiNek0}}
• MEDS by Markku-Juhani O. Saarinen and Ward Beullens{{Cite web |last=Niederhagen |first=Ruben |date=19 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: MEDS |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/CtCe8WXUoXI/m/jgWQ0ia7BQAJ}} (implementation only)
• FuLeeca by Felicitas Hörmann and Wessel van Woerden{{Cite web |last=van Woerden |first=Wessel |date=20 July 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: FuLeeca |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KvIege2EbuM}}
• LESS by the LESS team (implementation only){{Cite web |last=Persichetti |first=Edoardo |date=21 July 2023 |title=OFFICIAL COMMENT: LESS |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Z36SPZJI8Ok}}
• DME-Sign by Markku-Juhani O. Saarinen{{Cite web |last=Saarinen |first=Markku-Juhani O. |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: DME-Sign |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/E0mMMGI5eWE}} (implementation only?); Pierre Briaud, Maxime Bros, Ray Perlner, and Daniel Smith-Tone{{Cite web |title=OFFICIAL COMMENT: DME Key Recovery Attack |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/aoXpl4TlNh4 |access-date=2023-09-10 |website=groups.google.com}}
• EHTv3 by Eamonn Postlethwaite and Wessel van Woerden;{{Cite web |last=van Woerden |first=Wessel |date=Jul 25, 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: EHTv3 |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/mFl_5Rq6-RU}} Keegan Ryan and Adam Suhl{{Cite web |last=Suhl |first=Adam |date=Jul 29, 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: EHT |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/bkJKBFq3TDY}}
• Enhanced pqsigRM by Thomas Debris-Alazard, Pierre Loisel and Valentin Vasseur;{{Cite web |last=VASSEUR |first=Valentin |date=Jul 29, 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: Enhanced pqsigRM |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/yQ1CKOLbGng}} Pierre Briaud, Maxime Bros, Ray Perlner and Daniel Smith-Tone{{Cite web |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: Enhanced pqsigRM |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/4_nUCDvDqqs |access-date=2023-09-30 |website=groups.google.com}}
• HAETAE by Markku-Juhani O. Saarinen{{Cite web |last=Saarinen |first=Markku-Juhani O. |date=Jul 27, 2023 |title=Buffer overflows in HAETAE / On crypto vs implementation errors. |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/ImcSqGLFdoo}} (implementation only?)
• HuFu by Markku-Juhani O. Saarinen{{Cite web |last=Saarinen |first=Markku-Juhani O. |date=Jul 29, 2023 |title=HuFu: Big-flipping forgeries and buffer overflows |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/Hq-wRFDbIaU}}
• SDitH by Kevin Carrier and Jean-Pierre Tillich;{{Cite web |last=Carrier |first=Kevin |date=Aug 3, 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: SDitH |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/d_BcUfFGl5o}} Kevin Carrier, Valérian Hatey, and Jean-Pierre Tillich{{Cite arXiv |last1=Carrier |first1=Kevin |last2=Hatey |first2=Valérian |last3=Tillich |first3=Jean-Pierre |date=5 Dec 2023 |title=Projective Space Stern Decoding and Application to SDitH |class=cs.IT |eprint=2312.02607}}
• VOX by Hiroki Furue and Yasuhiko Ikematsu{{Cite web |last=Furue |first=Hiroki |date=Aug 28, 2023 |title=Round 1 (Additional Signatures) OFFICIAL COMMENT: VOX |url=https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/icHfTrzkfw4}}
• AIMer by Fukang Liu, Mohammad Mahzoun, Morten Øygarden, Willi Meier{{Cite journal |last1=Liu |first1=Fukang |last2=Mahzoun |first2=Mohammad |last3=Øygarden |first3=Morten |last4=Meier |first4=Willi |title=Algebraic Attacks on RAIN and AIM Using Equivalent Representations |url=https://eprint.iacr.org/2023/1133 |journal=IACR ePrint |date=10 November 2023 |issue=2023/1133}}
• SNOVA by Yasuhiko Ikematsu and Rika Akiyama{{Citation |last=Ikematsu |first=Yasuhiko |title=Revisiting the security analysis of SNOVA |date=2024 |url=https://eprint.iacr.org/2024/096 |access-date=2024-01-28 |last2=Akiyama |first2=Rika}}
• PROV by Ludovic Perret, and River Moreira Ferreira{{Citation |last=Ferreira |first=River Moreira |title=Polynomial-Time Key-Recovery Attack on the ${\tt NIST}$ Specification of ${\tt PROV}$ |date=2024 |url=https://eprint.iacr.org/2024/279 |access-date=2024-04-04 |last2=Perret |first2=Ludovic}} (implementation only)

NIST deemed 14 submissions to pass to the second round.{{Cite web |last=Moody |first=Dustin |date=24 October 2024 |title=Status Report on the First Round of the Additional Digital Signature Schemes for the NIST Post-Quantum Cryptography Standardization Process |url=https://csrc.nist.gov/pubs/ir/8528/final}}

• Advanced Encryption Standard process
• CAESAR Competition – Competition to design authenticated encryption schemes
• Lattice-based cryptography
• NIST hash function competition

{{reflist|colwidth=30em}}

• [https://csrc.nist.gov/Projects/Post-Quantum-Cryptography NIST's official Website on the standardization process]
• [https://pqcrypto.org/ Post-quantum cryptography website] by djb

{{crypto navbox|public-key}}

Category:Cryptography standards

Category:Cryptography contests

Category:Post-quantum cryptography