Post-Quantum Crypto: McEliece Standardization
canopic jug writes:
Mathematician, cryptologist, and computer scientist, Daniel J Bernstein has written a detailed blog post about the McEliece cryptosystem. Specifically he covers what Classic McEliece does , how the parameter sets were selected, its small ciphertexts, what NIST says about ISO standardization. what NIST says about deployment, a note about one performance number, a second note about FrodoKEM, and finally what NIST says about security.
Once upon a time,NIST started working on standardizing post-quantum cryptography,and announcedthat "The goal of this process is toselect a number of acceptable candidate cryptosystems for standardization".
By now NIST has quite a few standards for post-quantum signatures.It has already standardizedDilithium (ML-DSA),LMS,SPHINCS+ (SLH-DSA),andXMSS.It said in 2022that it will also standardize Falcon (FN-DSA)"because its small bandwidth may be necessary in certain applications".It is evaluating more options for post-quantum signatures,such as small-signature large-key options.Evidently NIST will end up with at least six post-quantum signature standards.
For post-quantum encryption,NIST's offerings are much more sparse.NIST has just one standard, namely Kyber (ML-KEM).It said in March 2025 that it also plans to standardize HQC;supposedly the patent on HQC won't be an issue because of an upcoming FRAND license;but an April 2025 posting regardingdesign flaws in HQCprompted an HQC team announcement that HQC would bemodified.Doesn't look like HQC is ready for usage yet.
Wait. What about theincreasingly widely deployedMcEliece cryptosystem?
Previously:
(2025) NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption
(2024) Here's the Paper No One Read Before Declaring the Demise of Modern Cryptography
(2023) Signal Adds Quantum-resistant Encryption to its E2EE Messaging Protocol
(2023) NIST Releases Draft Post-Quantum Encryption Document
... and many more.
Read more of this story at SoylentNews.