digital key (Mott Jordan/

NIST again narrows post-quantum encryption algorithm candidates

To protect communications in a future where quantum computers will be capable of cracking the prime number factoring that is the basis of today’s encryption, the National Institute of Standards and Technology has selected 15 promising new approaches to encryption and data protection to form the core of the first post-quantum cryptography standard. 

In December 2016, NIST issued a call for new algorithms that would be less susceptible to a quantum computer’s attack. Within a year, it had received 69 submissions for replacements for algorithms dealing with public key cryptography for encryption, key establishment and digital signatures.

That initial group was narrowed to 26 in January 2019. Because the future capabilities of quantum computers remain unclear, the 26 candidates were built around multiple mathematical approaches. 

“Most fall into three large families -- lattice, code-based, multivariate -- together with a few miscellaneous types. That’s to hedge against the possibility that if someone breaks one, we could still use another,” NIST mathematician Dustin Moody said when the 26 were initially selected.

The group of 26 has been winnowed to a final group of 15, and now NIST has begun a third round of review to decide which algorithms have the most promise.

For this third round, NIST divided the 15 candidate algorithms into two groups: the  first contains the seven algorithms that appear to have the most potential as general-purpose algorithms, and the other eight are those that either might need more time to mature or are tailored to more specific applications, NIST officials said in its announcement of the final 15. Because all the candidates still in play have survived from the initial group of submissions in 2016, they will also be considered for more recent developed applications, Moody said. 

“The likely outcome is that at the end of this third round, we will standardize one or two algorithms for encryption and key establishment, and one or two others for digital signatures,” he said. “We intend to give people tools that are capable of protecting sensitive information for the foreseeable future, including after the advent of powerful quantum computers.”

The review period is expected to last about a year, after which NIST will issue a call for comments. NIST plans to release the initial standard for quantum-resistant cryptography in 2022. 

Read the “Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process” here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected