{"id":10459,"date":"2019-02-13T09:00:29","date_gmt":"2019-02-13T17:00:29","guid":{"rendered":"https:\/\/www.privateinternetaccess.com\/blog\/?p=10459"},"modified":"2024-01-30T23:04:36","modified_gmt":"2024-01-31T07:04:36","slug":"nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2","status":"publish","type":"post","link":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/","title":{"rendered":"NIST Round 2 and Post-Quantum Cryptography &#8211; The New Asymmetric Algorithms (part 2)"},"content":{"rendered":"<p>In the previous article, I wrote about the <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-part-1\/\">NIST Post-Quantum Competition and which ciphers advanced to the second round<\/a>, meaning that they passed through basic scrutiny and were advanced based on having strong fundamental design and good documentation.<\/p>\n<p>Round 3 will see significant narrowing again, based on the relative strength of the algorithms against one another, as well as the performance of the algorithms on current devices.<\/p>\n<p>Here we talk about each of the candidates for asymmetric algorithms, which are used in establishing a secure connection between a client and server. Even today, asymmetric handshakes are slow and asymmetric encryption is not used for doing anything but passing a secret value between a client and server. Once the shared secret value is passed, the connection switches to a much faster symmetric cipher like AES or ChaCha.<\/p>\n<p>So without further ado, here are the candidates and the broadest strokes on what they are all about: <em>(This is submissions A \u2013 L, expect more next week!)<\/em><\/p>\n<h2>BIG QUAKE<\/h2>\n<p>BIG QUAKE was eliminated in round 1.<\/p>\n<h2>BIKE \u2013 Bit Flipping Key Encapsulation<\/h2>\n<p><a href=\"https:\/\/bikesuite.org\/\">BIKE<\/a> is actually three separate quasi-cyclic algorithms that are similar but have important small differences. All three are improvements on previous work (<a href=\"https:\/\/www.sciencedirect.com\/science\/article\/pii\/S1071579705000043\">Niederreiter<\/a> and <a href=\"https:\/\/en.wikipedia.org\/wiki\/McEliece_cryptosystem\">McEliece<\/a>). These algorithms require ephemeral data that must be thrown away at the end of each session, giving the algorithm forward secrecy.<\/p>\n<p>One of the interesting properties of BIKE is that that encrypted data does have a signature that is recognizable, meaning that equipment could be designed to detect BIKE encryption traveling through networks and throttle or block it. While BIKE would work well for things like HTTPS, it would be less suited to be used in things like privacy networks (unless of course it became widely deployed, which it could then be used in things like <a href=\"https:\/\/en.wikipedia.org\/wiki\/Domain_fronting\">Domain Fronting<\/a> for privacy networks).<\/p>\n<h2>CFPKM<\/h2>\n<p>CFPKM was eliminated in round 1.<\/p>\n<h2>Classic McEliece<\/h2>\n<p><a href=\"https:\/\/classic.mceliece.org\/\">Classic McEliece<\/a> is largely based on one of the oldest cryptosystems designed for computers. It was originally developed in 1978 by <a href=\"https:\/\/en.wikipedia.org\/wiki\/Robert_McEliece\">Robert McEliece<\/a> whose labor has withstood 40 years of public scrutiny. This design is largely unchanged from the original, only with the values scaled up to withstand the advances of modern computing. The system combines using large systems of equations with a method of inserting (and later correcting on decryption) random errors into the data.<\/p>\n<p>McEliece also has the benefit of being computationally faster than RSA, but the complex systems of equations make for a large handshake (300+ KB), which is why it is rarely used today. As network speeds increase over time, this becomes less and less of an issue. In the time of 56K modems, this mattered more.<\/p>\n<p>The largest weakness that has been discovered for McEliece is Structural Decoding, but it can only be applied if the initial values for McEliece are not carefully chosen. These are usually problematic in modified versions of McEliece that attempt to make the public key sizes smaller. (<a href=\"https:\/\/eprint.iacr.org\/2014\/210.pdf\">Example<\/a>) The modern implementation accounts for this.<\/p>\n<h2>Compact LWE \u2013 Compact Learning With Errors<strong><br>\n<\/strong><\/h2>\n<p>Compact LWE was eliminated in round 1.<\/p>\n<h2>CRYSTALS-KYBER \u2013 Cryptographic Suite for Algebraic Lattices<\/h2>\n<p><a href=\"https:\/\/pq-crystals.org\/kyber\/index.shtml\">CRYSTALS-KYBER<\/a> is a lattice-based cryptosystem that relies on the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Learning_with_errors\">Learning with Errors Problem<\/a> to gain its security properties. The key sizes are comparable to McEliece, presenting the same large-key problems.<\/p>\n<p>It has some notable improvements to the classic LWE implementation, namely using the same algorithm for the distribution as the noise that is introduced, and by using a square instead of a rectangular matrix. It is further improved by using polynomial rings (similar to the <a href=\"https:\/\/eprint.iacr.org\/2012\/090\">Module-LWE construction<\/a>) rather than integers to simplify some of the internal math operations.<\/p>\n<p>Interestingly, the KYBER paper recommends combining KYBER with something like ECDH to gain both the classical computing benefits as well as the quantum resistance benefits of KYBER. This, however, would add a significant computing penalty and further increase the size of the key exchange. It isn\u2019t clear whether this recommendation carriers over to a final implementation of KYBER or if this is a temporary recommendation based on prudence and the nature of the ongoing research and development of the algorithm.<\/p>\n<h2>DAGS \u2013 Dyadic GS<\/h2>\n<p>DAGS was eliminated in round 1.<\/p>\n<h2>Ding Key Exchange<\/h2>\n<p>Ding Key Exchange was eliminated in round 1.<\/p>\n<h2>DME<\/h2>\n<p>DME was eliminated in round 1.<\/p>\n<h2>DRS<\/h2>\n<p>DRS was eliminated in round 1.<\/p>\n<h2>Dual-Mode MS \u2013 Dual-Mode Multivariate Signatures<\/h2>\n<p>Dual-Mode MS was eliminated in round 1.<\/p>\n<h2>Edon-K<\/h2>\n<p>Edon-K was withdrawn from the competition by the team.<\/p>\n<h2>Emblem and R.Emblem<\/h2>\n<p>Emblem was eliminated in round 1.<\/p>\n<h2>FALCON \u2013 Fast-Fourier Lattice-Based Compact Signatures over NTRU<\/h2>\n<p>FALCON was eliminated in round 1.<\/p>\n<h2>FrodoKEM<\/h2>\n<p><a href=\"https:\/\/frodokem.org\/\">FrodoKEM<\/a> is a lattice-based cryptosystem that relies on the <a href=\"https:\/\/en.wikipedia.org\/wiki\/Learning_with_errors\">Learning with Errors Problem<\/a> to gain its security properties. The key sizes are comparable to McEliece, presenting the same large-key problems. It is an improvement on the <a href=\"https:\/\/eprint.iacr.org\/2016\/659\">FrodoCCS algorithm presented in 2016<\/a>.<\/p>\n<p>The algorithm designers have focused on simplicity and staying within the bounds of current well-researched design. This means that they have given up optimizations in lieu of a (presumably) safer design. The overall design is small and simple, requiring less than 300 lines of code, meaning that implementations are easy to integrate into a project and easy to review for security. Additionally, the design is constant-time out of the box, which is a leg-up on other NIST candidates that will need to design a constant-time implementation if their project continues to advance. Constant-time implementation is important because it prevents <a href=\"https:\/\/people.inf.ethz.ch\/basin\/pubs\/ccs07.pdf\">timing based side-channel attacks<\/a>.<\/p>\n<p>It also features two different sets of implementations, one that is faster on AES accelerated hardware, and one that is faster on hardware that lacks acceleration.<\/p>\n<p>Interestingly, the project only targets AES-128 and AES-192 equivalent strengths, opting not to create a mode that can claim AES-256 equivalent strength vs both classical and quantum attacks.<\/p>\n<h2>GeMSS \u2013 Great Multivariate Short Signature<\/h2>\n<p>GeMSS was eliminated in round 1.<\/p>\n<h2>Giophantus<\/h2>\n<p>Giophantus was eliminated in round 1.<\/p>\n<h2>Gravity-SPHINCS<\/h2>\n<p>Gravity-SPHINCS was eliminated in round 1.<\/p>\n<h2>Gui<\/h2>\n<p>Gui was eliminated in round 1.<\/p>\n<h2>HILA5<\/h2>\n<p>HILA5 was eliminated in round 1, but components of it may be going to the merged ROUND5 project (combines HILA5 and ROUND 2).<\/p>\n<h2>HiMQ-3<\/h2>\n<p>HiMQ-3 was eliminated in round 1.<\/p>\n<h2>HK17<\/h2>\n<p>HK17 was withdrawn from the competition by the team.<\/p>\n<h2>HQC \u2013 Hamming Quasi-Cyclic<\/h2>\n<p><a href=\"http:\/\/pqc-hqc.org\/index.html\">HQC<\/a> is a Quasi-Cyclic algorithm that is similar in nature to BIKE. It introduces noise (errors) into the scheme which are corrected during decryption. The performance metrics and security proofs closely resemble BIKE, and it similarly does not look like random data when deployed.<\/p>\n<p>HQC requires ephemeral data that must be thrown away at the end of each session, giving the algorithm forward secrecy.<\/p>\n<p>In it\u2019s strongest mode, it (reportedly) provides approximately AES-256 equivalent strength with key sizes of about 18KB, making the size of the full key exchange much smaller than a lattice-based handshake. However, it is possible with this handshake scheme for decryption to fail, causing the entire process to need to be repeated. This means doubled round trips between the client and server, doubled bandwidth usage, and double the computation being performed. Repeat failures could be expensive.<\/p>\n<p>Also, it may be hard to prevent denial-of-service attacks from arising by intentionally initiating handshakes with too many errors, as an automated system cannot simply block IPs that send \u201cbad\u201d handshakes until a sufficient number of bad ones outs them as a bad actor. The system would continue processing bad handshakes while assuming that repeat tries are normal. This means a botnet could do damage to a web system employing this algorithm by leveraging this and overwhelming the CPU of the host with bad requests. This is something that all algorithms that introduce noise must face, not just HQC.<\/p>\n<h2>KCL<\/h2>\n<p>KCL was eliminated in round 1.<\/p>\n<h2>KINDI \u2013 Key Encapsulation and Encryption Based on Lattices<\/h2>\n<p>KINDI was eliminated in round 1.<\/p>\n<h2>LAC<\/h2>\n<p>The documentation on this project leaves something to be desired, and there\u2019s <a href=\"https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Post-Quantum-Cryptography\/documents\/round-1\/official-comments\/LAC-official-comment.pdf\">extensive discussion about the security proofs and parameters selected by the team<\/a>. This is not to speak against the viability of the project, but the current state is hard to follow, and the project has no website, just a <a href=\"https:\/\/csrc.nist.gov\/CSRC\/media\/Projects\/Post-Quantum-Cryptography\/documents\/round-1\/submissions\/LAC.zip\">zip file with a plain text readme<\/a> that was submitted to NIST.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the previous article, I wrote about the NIST Post-Quantum Competition and which ciphers advanced to the second round, meaning that they passed through basic scrutiny and were advanced based on having strong fundamental design and good documentation. Round 3 will see significant narrowing again, based on the relative strength of the algorithms against one &hellip; <a href=\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;NIST Round 2 and Post-Quantum Cryptography &#8211; The New Asymmetric Algorithms (part 2)&#8221;<\/span><\/a><\/p>\n","protected":false},"author":32,"featured_media":10443,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_stopmodifiedupdate":true,"_modified_date":"","footnotes":""},"categories":[12,1001,1],"tags":[1104,1360,1359,1352,1351,85],"class_list":["post-10459","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","category-encryption","category-news","tag-cryptography","tag-lattice","tag-lwe","tag-nist","tag-post-quantum","tag-security-2"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.9 (Yoast SEO v26.9) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>NIST Round 2 and Post-Quantum Cryptography - The New Asymmetric Algorithms (part 2)<\/title>\n<meta name=\"description\" content=\"We discuss the NIST round two candidates to select the best candidate for worldwide standards for encryption and signatures that resist quantum computers.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NIST Round 2 and Post-Quantum Cryptography - The New Asymmetric Algorithms (part 2)\" \/>\n<meta property=\"og:description\" content=\"We discuss the NIST round two candidates to select the best candidate for worldwide standards for encryption and signatures that resist quantum computers.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\" \/>\n<meta property=\"og:site_name\" content=\"PIA\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/privateinternetaccess\/\" \/>\n<meta property=\"article:published_time\" content=\"2019-02-13T17:00:29+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-31T07:04:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Derek Zimmer\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@http:\/\/www.twitter.com\/ostifofficial\" \/>\n<meta name=\"twitter:site\" content=\"@buyvpnservice\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Derek Zimmer\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\"},\"author\":{\"name\":\"Derek Zimmer\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1\"},\"headline\":\"NIST Round 2 and Post-Quantum Cryptography &#8211; The New Asymmetric Algorithms (part 2)\",\"datePublished\":\"2019-02-13T17:00:29+00:00\",\"dateModified\":\"2024-01-31T07:04:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\"},\"wordCount\":1357,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png\",\"keywords\":[\"cryptography\",\"lattice\",\"lwe\",\"NIST\",\"Post Quantum\",\"security\"],\"articleSection\":[\"Cybersecurity\",\"Encryption\",\"General Privacy News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\",\"name\":\"NIST Round 2 and Post-Quantum Cryptography - The New Asymmetric Algorithms (part 2)\",\"isPartOf\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png\",\"datePublished\":\"2019-02-13T17:00:29+00:00\",\"dateModified\":\"2024-01-31T07:04:36+00:00\",\"description\":\"We discuss the NIST round two candidates to select the best candidate for worldwide standards for encryption and signatures that resist quantum computers.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png\",\"width\":1600,\"height\":900},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.privateinternetaccess.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NIST Round 2 and Post-Quantum Cryptography &#8211; The New Asymmetric Algorithms (part 2)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#website\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"name\":\"PIA\",\"description\":\"Online privacy news from around the world.\",\"publisher\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#organization\",\"name\":\"Private Internet Access\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"contentUrl\":\"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png\",\"width\":1200,\"height\":1200,\"caption\":\"Private Internet Access\"},\"image\":{\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/privateinternetaccess\/\",\"https:\/\/x.com\/buyvpnservice\",\"https:\/\/www.instagram.com\/piavpn\/\",\"https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1\",\"name\":\"Derek Zimmer\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g\",\"caption\":\"Derek Zimmer\"},\"description\":\"Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.\",\"sameAs\":[\"https:\/\/ostif.org\/\",\"https:\/\/www.linkedin.com\/in\/derek-zimmer-2164a441\/\",\"https:\/\/x.com\/http:\/\/www.twitter.com\/ostifofficial\"],\"url\":\"https:\/\/www.privateinternetaccess.com\/blog\/author\/derek-zimmer\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"NIST Round 2 and Post-Quantum Cryptography - The New Asymmetric Algorithms (part 2)","description":"We discuss the NIST round two candidates to select the best candidate for worldwide standards for encryption and signatures that resist quantum computers.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/","og_locale":"en_US","og_type":"article","og_title":"NIST Round 2 and Post-Quantum Cryptography - The New Asymmetric Algorithms (part 2)","og_description":"We discuss the NIST round two candidates to select the best candidate for worldwide standards for encryption and signatures that resist quantum computers.","og_url":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/","og_site_name":"PIA","article_publisher":"https:\/\/www.facebook.com\/privateinternetaccess\/","article_published_time":"2019-02-13T17:00:29+00:00","article_modified_time":"2024-01-31T07:04:36+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png","type":"image\/png"}],"author":"Derek Zimmer","twitter_card":"summary_large_image","twitter_creator":"@http:\/\/www.twitter.com\/ostifofficial","twitter_site":"@buyvpnservice","twitter_misc":{"Written by":"Derek Zimmer","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#article","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/"},"author":{"name":"Derek Zimmer","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1"},"headline":"NIST Round 2 and Post-Quantum Cryptography &#8211; The New Asymmetric Algorithms (part 2)","datePublished":"2019-02-13T17:00:29+00:00","dateModified":"2024-01-31T07:04:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/"},"wordCount":1357,"commentCount":0,"publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png","keywords":["cryptography","lattice","lwe","NIST","Post Quantum","security"],"articleSection":["Cybersecurity","Encryption","General Privacy News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/","name":"NIST Round 2 and Post-Quantum Cryptography - The New Asymmetric Algorithms (part 2)","isPartOf":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage"},"thumbnailUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png","datePublished":"2019-02-13T17:00:29+00:00","dateModified":"2024-01-31T07:04:36+00:00","description":"We discuss the NIST round two candidates to select the best candidate for worldwide standards for encryption and signatures that resist quantum computers.","breadcrumb":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#primaryimage","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2019\/02\/PQC.png","width":1600,"height":900},{"@type":"BreadcrumbList","@id":"https:\/\/www.privateinternetaccess.com\/blog\/nist-round-2-and-post-quantum-cryptography-the-new-asymmetric-algorithms-part-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.privateinternetaccess.com\/blog\/"},{"@type":"ListItem","position":2,"name":"NIST Round 2 and Post-Quantum Cryptography &#8211; The New Asymmetric Algorithms (part 2)"}]},{"@type":"WebSite","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#website","url":"https:\/\/www.privateinternetaccess.com\/blog\/","name":"PIA","description":"Online privacy news from around the world.","publisher":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.privateinternetaccess.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#organization","name":"Private Internet Access","url":"https:\/\/www.privateinternetaccess.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","contentUrl":"https:\/\/www.privateinternetaccess.com\/blog\/wp-content\/uploads\/2018\/07\/pialogowhitekglogo.png","width":1200,"height":1200,"caption":"Private Internet Access"},"image":{"@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/privateinternetaccess\/","https:\/\/x.com\/buyvpnservice","https:\/\/www.instagram.com\/piavpn\/","https:\/\/www.youtube.com\/channel\/UClyJZ47Rizb1xnwuKXDI0_w"]},{"@type":"Person","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/e9f24badc1559621e721d94ecb18d6e1","name":"Derek Zimmer","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.privateinternetaccess.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/399c45f76a929cfe8ed46349f8166d975f7fa088108970562cf67fa46ab0176d?s=96&d=mm&r=g","caption":"Derek Zimmer"},"description":"Derek is a cryptographer, security expert and privacy activist. He has twelve years of security experience and six years of experience designing and implementing privacy systems. He founded the Open Source Technology Improvement Fund (OSTIF) which focuses on creating and improving open-source security solutions through auditing, bug bounties, and resource gathering and management.","sameAs":["https:\/\/ostif.org\/","https:\/\/www.linkedin.com\/in\/derek-zimmer-2164a441\/","https:\/\/x.com\/http:\/\/www.twitter.com\/ostifofficial"],"url":"https:\/\/www.privateinternetaccess.com\/blog\/author\/derek-zimmer\/"}]}},"_links":{"self":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/10459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/users\/32"}],"replies":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/comments?post=10459"}],"version-history":[{"count":9,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/10459\/revisions"}],"predecessor-version":[{"id":29852,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/posts\/10459\/revisions\/29852"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media\/10443"}],"wp:attachment":[{"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/media?parent=10459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/categories?post=10459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.privateinternetaccess.com\/blog\/wp-json\/wp\/v2\/tags?post=10459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}