digital key (Mott Jordan/

NIST again narrows post-quantum encryption algorithm candidates

To protect communications in a future where quantum computers will be capable of cracking the prime number factoring that is the basis of today’s encryption, the National Institute of Standards and Technology has selected 15 promising new approaches to encryption and data protection to form the core of the first post-quantum cryptography standard. 

In December 2016, NIST issued a call for new algorithms that would be less susceptible to a quantum computer’s attack. Within a year, it had received 69 submissions for replacements for algorithms dealing with public key cryptography for encryption, key establishment and digital signatures.

That initial group was narrowed to 26 in January 2019. Because the future capabilities of quantum computers remain unclear, the 26 candidates were built around multiple mathematical approaches. 

“Most fall into three large families -- lattice, code-based, multivariate -- together with a few miscellaneous types. That’s to hedge against the possibility that if someone breaks one, we could still use another,” NIST mathematician Dustin Moody said when the 26 were initially selected.

The group of 26 has been winnowed to a final group of 15, and now NIST has begun a third round of review to decide which algorithms have the most promise.

For this third round, NIST divided the 15 candidate algorithms into two groups: the  first contains the seven algorithms that appear to have the most potential as general-purpose algorithms, and the other eight are those that either might need more time to mature or are tailored to more specific applications, NIST officials said in its announcement of the final 15. Because all the candidates still in play have survived from the initial group of submissions in 2016, they will also be considered for more recent developed applications, Moody said. 

“The likely outcome is that at the end of this third round, we will standardize one or two algorithms for encryption and key establishment, and one or two others for digital signatures,” he said. “We intend to give people tools that are capable of protecting sensitive information for the foreseeable future, including after the advent of powerful quantum computers.”

The review period is expected to last about a year, after which NIST will issue a call for comments. NIST plans to release the initial standard for quantum-resistant cryptography in 2022. 

Read the “Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process” here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected