NIST Cryptographically Relevant
Quantum Computers (CRQCs) Selections



Federal Information Processing Standard (FIPS)






FIPS 203

ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism)

formerly known as CRYSTALS-Kyber
Standard for general encryption/key agreement


Features


Comparatively small encryption keys that two parties can exchange easily speed of operation



FIPS 204

ML-DSA (Module-Lattice-Based Digital Signature Algorithm)

formerly known as CRYSTALS-Dilithium
Standard for digital signatures


FIPS 205

SLH-DSA (Stateless Hash-Based Digital Signature Algorithm)


formerly known as SPHINCS+
Standard for digital signatures
It is intended as a backup method in case ML-DSA proves vulnerable


FIPS 206

FN-DSA (FALCON)


A fourth algorithm
is planned for future standardization
Standard is built around FALCON
When it is released, it will be dubbed FN-DSA
short for FFT (fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm



ASSUMPTIONS


Lattice-based and hash-based algorithms are currently secure


The first three finalized NIST Post-Quantum Cryptography (PQC) standards, released in August 2024, are considered secure and have not been compromised


NIST continues to evaluate additional algorithms to serve as backups in case future weaknesses are discovered in the primary standards


One candidate algorithm from the NIST selection process, SIKE (Supersingular Isogeny Key Encapsulation), was cracked by a classical computer attack in 2022 and was subsequently excluded from the final standards.