digital key (Mott Jordan/

NIST again narrows post-quantum encryption algorithm candidates

To protect communications in a future where quantum computers will be capable of cracking the prime number factoring that is the basis of today’s encryption, the National Institute of Standards and Technology has selected 15 promising new approaches to encryption and data protection to form the core of the first post-quantum cryptography standard. 

In December 2016, NIST issued a call for new algorithms that would be less susceptible to a quantum computer’s attack. Within a year, it had received 69 submissions for replacements for algorithms dealing with public key cryptography for encryption, key establishment and digital signatures.

That initial group was narrowed to 26 in January 2019. Because the future capabilities of quantum computers remain unclear, the 26 candidates were built around multiple mathematical approaches. 

“Most fall into three large families -- lattice, code-based, multivariate -- together with a few miscellaneous types. That’s to hedge against the possibility that if someone breaks one, we could still use another,” NIST mathematician Dustin Moody said when the 26 were initially selected.

The group of 26 has been winnowed to a final group of 15, and now NIST has begun a third round of review to decide which algorithms have the most promise.

For this third round, NIST divided the 15 candidate algorithms into two groups: the  first contains the seven algorithms that appear to have the most potential as general-purpose algorithms, and the other eight are those that either might need more time to mature or are tailored to more specific applications, NIST officials said in its announcement of the final 15. Because all the candidates still in play have survived from the initial group of submissions in 2016, they will also be considered for more recent developed applications, Moody said. 

“The likely outcome is that at the end of this third round, we will standardize one or two algorithms for encryption and key establishment, and one or two others for digital signatures,” he said. “We intend to give people tools that are capable of protecting sensitive information for the foreseeable future, including after the advent of powerful quantum computers.”

The review period is expected to last about a year, after which NIST will issue a call for comments. NIST plans to release the initial standard for quantum-resistant cryptography in 2022. 

Read the “Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process” here.

About the Author

Connect with the GCN staff on Twitter @GCNtech.


  • 2020 Government Innovation Awards
    Government Innovation Awards -

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected