Nifty PQC promoted by NIST.
These are implementations in Julia of various post-quantum cryptography (PQC) algorithms that were picked as (candidate) winners in the Post-Quantum Cryptography Standardization Project run by the National Institute of Standards and Technology (NIST). They fall in two categories:
All implementations in this package strive for simplicity and close resemblance with the specifications. The focus is not on performance, let alone on security.
At the moment, NIST has published draft Federal Information Processing Standards (FIPS) for three of the winners:
-
ML-KEM
- derived from CRYSTALS-Kyber
- specified in FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard
-
ML-DSA
- derived from CRYSTALS-Dilithium
- specified in FIPS 204, Module-Lattice-Based Digital Signature Standard
-
SLH-DSA
- derived from SPHINCS+
- specified in FIPS 205, Stateless Hash-Based Digital Signature Standard
There is one more winner with no draft standard available yet:
- Falcon (Fast-Fourier Lattice-based Compact Signatures over NTRU)
The team of winners might be joined by some of the submissions to Round 4 of the standardization project. Up to now, three of the candidates remain unbroken. All of them are code-based KEM's. For the time being, I've included two of them in this package:
- BIKE (Bit Flipping Key Encapsulation)
- Classic McEliece
Each algorithm comes in multiple variants. They are categorized according to the believed security strength. Namely, NIST defined the following five security strength categories based on corresponding attacks on symmetric ciphers:
| category | successful attack at least as hard as |
|---|---|
| 1 | key search on a block cipher with a 128-bit key (e.g. AES128) |
| 2 | collision search on a 256-bit hash function (e.g. SHA256/SHA3-256) |
| 3 | key search on a block cipher with a 192-bit key (e.g. AES192) |
| 4 | collision search on a 384-bit hash function (e.g. SHA384/SHA3-384) |
| 5 | key search on a block cipher with a 256-bit key (e.g. AES256) |