https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/G0DoD7lkGPk [logo_group]Groups Conversations All groups and messages [Search conversations][ ] Send feedback to Google Help Sign in Groups pqc-forum Conversations About Privacy * Terms Announcement: The End of the 3rd Round - the First PQC Algorithms to be Standardized 5785 views Skip to first unread message Moody, Dustin (Fed)'s profile photo Moody, Dustin (Fed) unread, 11:32 AM (7 hours ago) 11:32 AM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum Announcement After careful consideration during the 3^rd Round of the NIST PQC Standardization Process, NIST has identified four candidate algorithms for standardization. The primary algorithms NIST recommends be implemented for most use cases are CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). In addition, the signature schemes Falcon and SPHINCS+ will also be standardized. Algorithms to be Standardized Public-Key Encryption/KEMs CRYSTALS-KYBER Digital Signatures CRYSTALS-Dilithium Falcon SPHINCS+ CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures) were both selected for their strong security and excellent performance, and NIST expects them to work well in most applications. Falcon will also be standardized by NIST since there may be use cases for which CRYSTALS-Dilithium signatures are too large. Additionally, SPHINCS+ will be standardized to avoid only relying on the security of lattices for signatures. NIST asks for public feedback on a version of SPHINCS+ with a lower number of maximum signatures. Additionally, the following candidate KEM algorithms will advance to the fourth round: 4^th Round Candidates Public-Key Encryption/KEMs BIKE Classic McEliece HQC SIKE Both BIKE and HQC are based on structured codes, and either would be suitable as a general-purpose KEM that is not based on lattices. NIST expects to select at most one of these two candidates for standardization at the conclusion of the fourth round. SIKE remains an attractive candidate for standardization because of its small key and ciphertext sizes and will continue to study it in the fourth round. Classic McEliece was a finalist but is not being standardized by NIST at this time. Although Classic McEliece is widely regarded as secure, NIST does not anticipate it being widely used due to its large public key size. NIST may choose to standardize Classic McEliece at the end of the fourth round. For the algorithms moving on to the fourth round, NIST will allow the submission teams to provide updated specifications and implementations ("tweaks"). The deadline for these tweaks will be October 1, 2022. Any submission team that feels that they may not meet the deadline should contact NIST as soon as possible. NIST will review the proposed modifications and publish the accepted submissions shortly afterwards. As a general guideline, NIST expects any modifications to be relatively minor. The fourth round will proceed similarly to the previous rounds. More detailed information and guidance will be provided in another message. A detailed description of the decision process and rationale for selection will be included in NIST Interagency or Internal Report (NISTIR) 8413, Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process, which will soon be available at https://csrc.nist.gov/publications and on the NIST post-quantum webpage https://nist.gov/pqcrypto. Questions may be directed to pqc-co...@nist.gov. NIST will create new draft standards for the algorithms to be standardized and will coordinate with the submission teams to ensure that the standards comply with the specifications. As part of the drafting process, NIST will seek input on specific parameter sets to include, particularly for security category 1. When finished, the standards will be posted for public comment. After the close of the comment period, NIST will revise the draft standards as appropriate based on the feedback received. A final review, approval, and promulgation process will then follow. NIST will hold a 4th NIST PQC Standardization Conference on November 29 - December 1, 2022. The conference details have not yet been finalized. The preliminary Call for Papers will be posted, both on the pqc-forum and the NIST PQC webpage http://nist.gov/pqcrypto. NIST also plans to issue a new Call for Proposals for public-key (quantum-resistant) digital signature algorithms by the end of summer 2022. NIST is primarily looking to diversify its signature portfolio, so signature schemes that are not based on structured lattices are of greatest interest. NIST would like submissions for signature schemes that have short signatures and fast verification (e.g., UOV). Submissions in response to this call will be due by June 1, 2023. Submitters are encouraged to communicate with NIST ahead of time. NIST will decide which (if any) of the submitted signature algorithms to accept and will initiate a new process for evaluation. NIST expects this process to be much smaller in scope than the current PQC process. The signature schemes accepted to this process will need to be thoroughly analyzed, which will similarly take several years. NIST would like to thank the community and all of the submission teams for their efforts in this standardization process and hopes that the teams whose schemes were not selected to advance will continue to participate by evaluating and analyzing the remaining cryptosystems alongside the cryptographic community at large. These combined efforts are crucial to the development of NIST's future post-quantum public-key standards. The NIST PQC team Deirdre Connolly's profile photo Deirdre Connolly unread, 11:45 AM (7 hours ago) 11:45 AM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to Moody, Dustin (Fed), pqc-forum Congratulations and thank you to the NIST team and all the submitters! -- You received this message because you are subscribed to the Google Groups "pqc-forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov. To view this discussion on the web visit https:// groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/ SA1PR09MB866933A15C3568FC510B4B68E5819%40SA1PR09MB8669.namprd09.prod.outlook.com . Doge Protocol's profile photo Doge Protocol unread, 12:27 PM (7 hours ago) 12:27 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum, dustin...@nist.gov Thanks NIST team! >>>NIST would like submissions for signature schemes that have short signatures and fast verification (e.g., UOV). On this, will having shorter public keys also be a pre-requisite for submissions or only shorter signatures is a pre-req? Yesterday there was a paper posted that improves on Falcon signature size. Would this and similar improvements in the future also be considered eligible for submission? Moody, Dustin (Fed)'s profile photo Moody, Dustin (Fed) unread, 1:34 PM (5 hours ago) 1:34 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum Guidelines for submitting tweaks for Fourth Round Candidates Deadline: October 1, 2022 Candidate teams must meet the same submission requirements and minimum acceptability criteria stated in the original Call for Proposals. Submissions must be submitted to NIST at pqc-sub...@nist.gov by October 1, 2022. Submissions should include a cover sheet, algorithm specifications (and other supporting documentation), and optical/digital media (e.g., implementations, known-answer test files, etc.) as described in Section 2 of the original Call For Proposals. In addition, NIST requires a short document outlining the modifications introduced in the new submission. This document should be included in the supporting documentation folder of the submission (see Section 2.C.4 of the CFP). NIST will review the proposed changes to determine whether they meet the submission requirements and minimum acceptability requirements, as well as whether they significantly affect the design of the algorithm and require a major reevaluation. As a general guideline, NIST expects any modifications to be relatively minor. It would be helpful if submission teams provided NIST with a summary of their expected changes prior to the deadline. If the deadline will pose a problem for any submission team, they should contact NIST in advance. NIST does NOT need new signed IP statements unless new submission team members have been added or the status of intellectual property for the submission has changed. If either of these cases apply, NIST will need new signed IP statements (see Section 2.D of the CFP). These statements must be actual hard copies - not digital scans - and must be provided to NIST by the 4^th NIST PQC Standardization Conference (December 1, 2022). NIST is aware that some submission packages may be large in size. The email system for pqc-submi...@nist.gov can only accept files up to 25MB. For larger files, candidate teams may upload submission packages at a location of their choosing and send NIST the download link. If that option is not suitable, NIST has a file transfer system that can be used (please email pqc-co...@nist.gov for more details). NIST will review the submitted packages as quickly as possible and post the candidate submission packages that are complete and proper on www.nist.gov/pqcrypto. Teams are encouraged to submit early. General questions may be asked on the pqc-forum. For more specific questions, please email pqc-co...@nist.gov. The NIST PQC team -- Moody, Dustin (Fed)'s profile photo Moody, Dustin (Fed) unread, 1:34 PM (5 hours ago) 1:34 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum During PQC Standardization, the United States Department of Commerce's National Institute of Standards and Technology (NIST) has worked on selecting a cryptographic key encapsulation algorithm that would protect information from attacks by classical and quantum computers. In furtherance of NIST's PQC Standardization efforts, NIST and Dr. Jintai Ding announce intentions to enter into a patent license agreement, wherein a patent owned by Dr. Ding's Ohio-based company, Algo Consulting, would be licensed to NIST. As a result of this patent license agreement, implementers and end users of NIST's PQC standard, which will be based on the selected cryptographic key encapsulation algorithm, will not need a separate license from Algo Consulting, Inc. This will promote the timely and widespread adoption of NIST's PQC standard, a shared goal of NIST and Dr. Ding. NIST appreciates Dr. Ding's efforts and cooperation and will announce its selection of the cryptographic key encapsulation algorithm as soon as reasonably possible. The NIST PQC team Dr. Jintai Ding, owner Algo Consulting, Inc. From: 'Moody, Dustin (Fed)' via pqc-forum Sent: Tuesday, July 5, 2022 11:32 AM To: pqc-forum Subject: [pqc-forum] Announcement: The End of the 3rd Round - the First PQC Algorithms to be Standardized Announcement -- Moody, Dustin (Fed)'s profile photo Moody, Dustin (Fed) unread, 1:35 PM (5 hours ago) 1:35 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum Call for Papers for the 4th NIST PQC Standardization Conference Location: Virtual November 29 - December 1, 2022 Submission deadline: September 15, 2022 (Conference without proceedings) NIST plans to hold the 4^th NIST PQC Standardization Conference from November 29 to December 1, 2022. The purpose of the conference is to discuss various aspects of the candidate algorithms and to obtain valuable feedback for informing decisions on standardization. NIST will invite the submission teams for both the selected algorithms, as well as the algorithms advancing to the fourth round, to give an update on their algorithms. In addition, NIST is soliciting research and discussion papers, surveys, presentations, case studies, panel proposals, and participation from all interested parties, including researchers, system architects, implementors, vendors, and users. NIST will post the accepted papers and presentations on the conference website after the conference; however, no formal proceedings will be published. NIST encourages the submission of presentations and reports on preliminary work that participants plan to publish elsewhere. Topics for submissions should include but are not limited to: * Classical and quantum cryptanalysis of the algorithms, including cryptanalysis of weakened or toy versions * Analysis of relative performance or resource requirements for some or all of the algorithms * Assessments of classical and quantum security strengths of the algorithms * Systemization of knowledge relevant to the NIST PQC standardization process * Substantial improvements in the implementation of algorithms * Improved analysis or proofs of properties of finalists/ candidates, even when this does not lead to any attack * Proposed criteria to be used for selecting algorithms for standardization * Impacts to existing applications and protocols (e.g., changes needed to accommodate specific algorithms) * Steps or strategies for organizations to prepare for the coming transition Submissions should be provided electronically, in PDF, for standard US letter-size paper (8.5 x 11 inches). Submitted papers must not exceed 20 pages, excluding references and appendices (single space, with 1-inch margins using a 10 pt or larger font). Proposals for panels should be no longer than five pages and should include possible panelists and an indication of which panelists have confirmed their participation. Please submit the following information to pqc...@nist.gov: * Name, affiliation, email, phone number (optional), postal address (optional) for the primary submitter * First name, last name, and affiliation of each co-submitter * Finished paper, presentation, or panel proposal in PDF format as an attachment All submissions will be acknowledged. General information about the conference, including registration information, will be available at the conference website: http:// www.nist.gov/pqcrypto. From: 'Moody, Dustin (Fed)' via pqc-forum Sent: Tuesday, July 5, 2022 11:32 AM To: pqc-forum Subject: [pqc-forum] Announcement: The End of the 3rd Round - the First PQC Algorithms to be Standardized Announcement -- Moody, Dustin (Fed)'s profile photo Moody, Dustin (Fed) unread, 1:36 PM (5 hours ago) 1:36 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum Sorry for so many messages! Here's the link to the official NIST announcement. Please share: https://www.nist.gov/news-events/news/2022/07/ nist-announces-first-four-quantum-resistant-cryptographic-algorithms Here's the link to NISTIR 8413: Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process, which explains the rationale behind the decisions. https://nvlpubs.nist.gov/nistpubs/ir/2022/NIST.IR.8413.pdf Dustin From: 'Moody, Dustin (Fed)' via pqc-forum Sent: Tuesday, July 5, 2022 11:32 AM To: pqc-forum Subject: [pqc-forum] Announcement: The End of the 3rd Round - the First PQC Algorithms to be Standardized Announcement -- You received this message because you are subscribed to the Google Groups "pqc-forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov. To view this discussion on the web visit https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/ SA1PR09MB866933A15C3568FC510B4B68E5819%40SA1PR09MB8669.namprd09.prod.outlook.com . ToTheMars ABC's profile photo ToTheMars ABC unread, 1:50 PM (5 hours ago) 1:50 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-forum, dustin...@nist.gov Can someone tell me why there is no rainbow signature in the list? Isn't it a 3rd round finalist? Gustavo Banegas's profile photo Gustavo Banegas unread, 1:54 PM (5 hours ago) 1:54 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to ToTheMars ABC, pqc-forum, dustin...@nist.gov Well, As Dustin pointed in the first email, there is a report that details all the choices. It includes why some of the schemes were not selected. For Rainbow, please read page 51. All the best, Gustavo -- Sent from my Android device with K-9 Mail. Please excuse my brevity. D. J. Bernstein's profile photo D. J. Bernstein unread, 4:04 PM (3 hours ago) 4:04 PM Reply to author Sign in to reply to author Forward Sign in to forward Delete You do not have permission to delete messages in this group Link Report message as abuse Sign in to report message as abuse Show original message Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message to pqc-...@list.nist.gov 'Moody, Dustin (Fed)' via pqc-forum writes: > NIST and Dr. Jintai Ding announce intentions to enter into a patent > license agreement Great. Is there a specific schedule for the completion of this agreement? [ implementors and end users ] > will not need a separate license That's good to hear. But will the agreement have limitations and poison pills similar to the "grant" that NIST previously obtained from ISARA (https://web.archive.org/web/20201101181903/https://www.isara.com/ nist-grant.html)? In any case, congratulations to Dr. Ding and the rest of the Kyber team regarding Kyber's selection for standardization! ---D. J. Bernstein P.S. Also, regarding signatures, congratulations to the Dilithium and Falcon teams! And, since I'm just one of a huge number of members of the SPHINCS+ team, maybe I'm allowed to congratulate SPHINCS+ too. signature.asc Reply all Reply to author Forward 0 new messages Search Clear search Close search Google apps Main menu