NistyPQC

Nifty PQC promoted by NIST.

These are implementations in Julia of various post-quantum cryptography (PQC) algorithms that were picked as (candidate) winners in the Post-Quantum Cryptography Standardization Project run by the National Institute of Standards and Technology (NIST). They fall in two categories:

• key encapsulation mechanisms (KEM)
• digital signature schemes/algorithms (DSA)

All implementations in this package strive for simplicity and close resemblance with the specifications. The focus is not on performance, let alone on security.

Algorithms

Winners

At the moment, NIST has published draft Federal Information Processing Standards (FIPS) for three of the winners:

• ML-KEM

  • derived from CRYSTALS-Kyber
  • specified in FIPS 203, Module-Lattice-Based Key-Encapsulation Mechanism Standard

• ML-DSA

  • derived from CRYSTALS-Dilithium
  • specified in FIPS 204, Module-Lattice-Based Digital Signature Standard

• SLH-DSA

  • derived from SPHINCS+
  • specified in FIPS 205, Stateless Hash-Based Digital Signature Standard

There is one more winner with no draft standard available yet:

• Falcon (Fast-Fourier Lattice-based Compact Signatures over NTRU)

Candidates

The team of winners might be joined by some of the submissions to Round 4 of the standardization project. Up to now, three of the candidates remain unbroken. All of them are code-based KEM's. For the time being, I've included two of them in this package:

• BIKE (Bit Flipping Key Encapsulation)
• Classic McEliece

Security Categories

Each algorithm comes in multiple variants. They are categorized according to the believed security strength. Namely, NIST defined the following five security strength categories based on corresponding attacks on symmetric ciphers:

category	successful attack at least as hard as
1	key search on a block cipher with a 128-bit key (e.g. AES128)
2	collision search on a 256-bit hash function (e.g. SHA256/SHA3-256)
3	key search on a block cipher with a 192-bit key (e.g. AES192)
4	collision search on a 384-bit hash function (e.g. SHA384/SHA3-384)
5	key search on a block cipher with a 256-bit key (e.g. AES256)