Although NIST finalized its standardization of post-quantum digital signature schemes ML-DSA and SLH-DSA, and the standardization documentation for the Falcon scheme is still being developed, NIST is still looking to diversify its portfolio of post-quantum signature schemes. To this end, last year, NIST announced an “on-ramp” for new signature submissions. 40 schemes had been admitted in total, spread over 7 categories. NIST has now announced the end of the first round, and reduced the number of candidates to 14. These schemes are spread across the categories Code-based (2 schemes), Isogenies (1 scheme), Lattices (1 scheme), MPC-in-the-Head (5 schemes), Multivariate (4 schemes), and symmetric (1 scheme).
PQShield’s Thomas Prest contributed to the HAWK submission (lattice-based), and PQShield alumnus Markku-Juhani O. Saarinen contributed to the LESS submission (code-based) whilst with us. HAWK is the only remaining submissions in its category.
The selected round-2 schemes vary wildly in their characteristics: Public key sizes range from 32 bytes to 2.8 MB, while signature sizes range between 96 bytes and 76 kB. The algorithms also have huge variance in their runtime performance.
Last year, we developed a tool to compare the submissions. This tool has now been updated to the round-2 selections, and where possible we have included the latest updates from the submission teams (though more are still incoming). We show the categories for all submissions to NIST’s call for additional signature schemes, as well as the public key sizes, signature sizes, and performance characteristics. Our tool allows you to select those schemes and security levels that you are interested in, as well as restrict the list of algorithms based on minimum and maximum key sizes, signature sizes, and signing or verification performance.
You can find our tool at https://pqshield.github.io/nist-sigs-zoo/
Pro-tip: the public key vs. signature size scatter plot, which is a useful tool to gain an overview of the schemes, will update based on the selected algorithms.
Follow PQShield on GitHub via https://github.com/PQShield/. For further guidance on how to prepare your existing systems for the transition to post-quantum cryptography, please refer to our white papers, such as Cryptography Modernization Part 1: Where is your Cryptography?.