NIST round 2
Now updated with all Round-2 specifications.
Please report any errors on GitHub!
A list of post-quantum algorithms and their characteristics.
In the below, we give an overview of the post-quantum algorithms that have been submitted to the NIST post-quantum signatures on-ramp.
We have copied the properties of the schemes out of the individual scheme submission documents, so be aware of potential errors.
Schemes
| Scheme | Status | Category | Assumption |
|---|
Click on the table headers to sort.
Filter categories
Parameters
Click on the table headers to sort.
Filter Security Levels
Filter on sizes
Public key size
Signature size
Pk+Sig size
Sync performance filters
Apply performance filters
Performance metrics
Performance characteristics have been directly taken from the submission documents!
Note that many submissions do not have optimized implementations, and that the measurements were collected under an enormous variation of measurement setups. Some implementation are also not timing-invariant with regards to secrets ("constant-time"), and fixing this may also come with performance penalties. Take the performance metrics with a significant grain of salt.
Some metrics have been extrapolated from reported times in milliseconds. These have been converted assuming a 2.5 GHz cpu; independent of the benchmarking platform reported. Converted metrics are .
Click on the table headers to sort.
Filter Security Levels
Filter on runtime
Signing cycles
Verification cycles
Sync size filters
Apply size filters