Standards & algorithms
The NIST post-quantum standards and the algorithms behind them: ML-KEM, ML-DSA, SLH-DSA, FN-DSA, HQC, with parameters and comparisons.
10 entries
- BIKEBIKE is a code-based key-encapsulation mechanism using QC-MDPC codes with compact keys, not chosen by NIST in round 4 due to decoding-failure-rate concerns.
- Classic McElieceClassic McEliece is a code-based key-encapsulation mechanism from 1978, the oldest unbroken post-quantum scheme, with very large keys and tiny ciphertexts.
- FN-DSA / FalconFN-DSA is the planned FIPS 206 standard for the Falcon signature scheme, an NTRU-lattice design with the smallest keys and signatures among NIST selections.
- FrodoKEMFrodoKEM is a key-encapsulation mechanism built on plain, unstructured LWE, trading larger keys and slower operations for a conservative security margin.
- HQCHQC is a code-based key-encapsulation mechanism selected by NIST in March 2025 as a backup to ML-KEM, adding non-lattice diversity to the PQC standards.
- ML-DSA (FIPS 204)ML-DSA is the module-lattice digital signature algorithm of FIPS 204, formerly CRYSTALS-Dilithium, and the primary post-quantum signature recommendation.
- ML-KEM (FIPS 203)ML-KEM is the module-lattice key-encapsulation mechanism of FIPS 203, formerly CRYSTALS-Kyber, and the default post-quantum key establishment method.
- NIST Post-Quantum Cryptography StandardizationNIST's multi-year process to standardize post-quantum cryptography, from the 2016 call for proposals to FIPS 203, 204, and 205 and the 2025 HQC selection.
- Post-quantum algorithm comparisonReference comparison of ML-KEM, ML-DSA, SLH-DSA, FN-DSA, and HQC against RSA and elliptic-curve cryptography on sizes, speed, and security basis.
- SLH-DSA (FIPS 205)SLH-DSA is the stateless hash-based signature scheme of FIPS 205, formerly SPHINCS+, valued for resting only on well-studied hash function security.