Post-Quantum Signature Schemes
Comparing NIST on-ramp candidates and standardized schemes. Click column headers to sort. Use the filters to narrow down by category, security level, or size constraints.
Data reflects the latest known specifications for each scheme, last updated 2025-12-20. Consult the individual scheme websites for the most current information.
Filters ▼
pk size vs. sig size (log–log scale)
Shape = family · tap point for details
Scroll to zoom · drag to pan
Performance note: Timings are taken from the scheme submissions and may not reflect optimised implementations.
Cycle counts marked with a wavy underline are extrapolated from reported millisecond timings assuming a 2.5 GHz processor —
comparisons across such values should be treated with caution.
| Scheme ▲ | Category | Status | Parameter Set | Level | pk (B) | sig (B) | pk+sig (B) | Sign | Verify | Assumption |
|---|---|---|---|---|---|---|---|---|---|---|
| EdDSA 💣 | Pre-Quantum | Classic | Ed25519 | Pre-Quantum | 32 | 64 | 96 | 42K | 130K | Elliptic Curves |
| FAEST | Symmetric | On-ramp | 192s | 3 | 48 | 11,260 | 11,308 | 54.7M | 42.3M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | 192f | 3 | 48 | 14,948 | 14,996 | 7.0M | 6.1M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | 256s | 5 | 48 | 20,696 | 20,744 | 76.3M | 74.5M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | 256f | 5 | 48 | 26,548 | 26,596 | 11.1M | 10.2M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | EM-256s | 5 | 64 | 17,984 | 18,048 | 62.5M | 59.7M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | EM-256f | 5 | 64 | 23,476 | 23,540 | 9.4M | 8.7M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | EM-192s | 3 | 48 | 9,340 | 9,388 | 39.3M | 36.2M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | EM-192f | 3 | 48 | 12,380 | 12,428 | 5.2M | 4.7M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | 128s | 1 | 32 | 4,506 | 4,538 | 12.8M | 9.8M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | 128f | 1 | 32 | 5,924 | 5,956 | 1.7M | 1.4M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | EM-128s | 1 | 32 | 3,906 | 3,938 | 9.4M | 7.4M | symmetric / zero-knowledge VOLE-in-the-Head |
| FAEST | Symmetric | On-ramp | EM-128f | 1 | 32 | 5,060 | 5,092 | 1.4M | 1.1M | symmetric / zero-knowledge VOLE-in-the-Head |
| Falcon | Lattices | Std pending | 1024 | 5 | 1,793 | 1,280 | 3,073 | 2.1M | 161K | NTRU-SIS |
| Falcon | Lattices | Std pending | 512 | 1 | 897 | 666 | 1,563 | 1.0M | 81K | NTRU-SIS |
| HAWK | Lattices | On-ramp | 1024 | 5 | 2,440 | 1,221 | 3,661 | 181K | 303K | Lattice Isomorphism Problem |
| HAWK | Lattices | On-ramp | 512 | 1 | 1,024 | 555 | 1,579 | 85K | 148K | Lattice Isomorphism Problem |
| MAYO | Multivariate | On-ramp | five | 5 | 5,554 | 964 | 6,518 | 3.5M | 1.5M | Multivariate quadratic |
| MAYO | Multivariate | On-ramp | three | 3 | 2,986 | 681 | 3,667 | 1.5M | 665K | Multivariate quadratic |
| MAYO 🧨 | Multivariate | On-ramp | two | 1 | 4,912 | 186 | 5,098 | 375K | 97K | Multivariate quadratic |
| MAYO | Multivariate | On-ramp | one | 1 | 1,420 | 454 | 1,874 | 702K | 290K | Multivariate quadratic |
| ML-DSA | Lattices | FIPS | ML-DSA-87 | 5 | 2,592 | 4,627 | 7,219 | 642K | 280K | MLWE/MSIS |
| ML-DSA | Lattices | FIPS | ML-DSA-65 | 3 | 1,952 | 3,309 | 5,261 | 529K | 179K | MLWE/MSIS |
| ML-DSA | Lattices | FIPS | ML-DSA-44 | 2 | 1,312 | 2,420 | 3,732 | 333K | 118K | MLWE/MSIS |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf2-short-3r | 1 | 52 | 2,868 | 2,920 | 11.9M | 11.7M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf2-short-5r | 1 | 52 | 2,820 | 2,872 | 11.9M | 11.6M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf16-short-3r | 1 | 60 | 3,060 | 3,120 | 6.6M | 6.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf16-short-5r | 1 | 60 | 2,916 | 2,976 | 6.3M | 6.0M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf256-short-3r | 1 | 80 | 3,540 | 3,620 | 7.5M | 7.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf256-short-5r | 1 | 80 | 3,156 | 3,236 | 6.9M | 6.6M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf2-fast-3r | 1 | 52 | 3,212 | 3,264 | 6.8M | 6.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf2-fast-5r | 1 | 52 | 3,144 | 3,196 | 6.8M | 6.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf16-fast-3r | 1 | 60 | 3,484 | 3,544 | 2.8M | 2.4M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf16-fast-5r | 1 | 60 | 3,280 | 3,340 | 2.8M | 2.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf256-fast-3r | 1 | 80 | 4,164 | 4,244 | 3.5M | 3.0M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L1-gf256-fast-5r | 1 | 80 | 3,620 | 3,700 | 3.4M | 2.9M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf2-short-3r | 3 | 78 | 6,388 | 6,466 | 61.3M | 58.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf2-short-5r | 3 | 78 | 6,280 | 6,358 | 60.7M | 57.8M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf16-short-3r | 3 | 90 | 6,820 | 6,910 | 35.8M | 31.8M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf16-short-5r | 3 | 90 | 6,496 | 6,586 | 33.0M | 29.5M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf256-short-3r | 3 | 120 | 7,900 | 8,020 | 42.5M | 38.5M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf256-short-5r | 3 | 120 | 7,036 | 7,156 | 37.4M | 33.2M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf2-fast-3r | 3 | 78 | 7,576 | 7,654 | 30.0M | 29.4M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf2-fast-5r | 3 | 78 | 7,414 | 7,492 | 30.4M | 29.7M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf16-fast-3r | 3 | 90 | 8,224 | 8,314 | 11.8M | 11.4M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf16-fast-5r | 3 | 90 | 7,738 | 7,828 | 11.3M | 10.6M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf256-fast-3r | 3 | 120 | 9,844 | 9,964 | 16.0M | 14.8M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L3-gf256-fast-5r | 3 | 120 | 8,548 | 8,668 | 14.0M | 13.4M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf2-short-3r | 5 | 104 | 11,764 | 11,868 | 135.0M | 133.6M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf2-short-5r | 5 | 104 | 11,564 | 11,668 | 136.3M | 133.4M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf16-short-3r | 5 | 122 | 12,664 | 12,786 | 56.8M | 54.6M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf16-short-5r | 5 | 122 | 12,014 | 12,136 | 53.8M | 52.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf256-short-3r | 5 | 160 | 14,564 | 14,724 | 64.0M | 63.7M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf256-short-5r | 5 | 160 | 12,964 | 13,124 | 58.1M | 56.8M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf2-fast-3r | 5 | 104 | 13,412 | 13,516 | 74.4M | 75.0M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf2-fast-5r | 5 | 104 | 13,124 | 13,228 | 74.5M | 73.0M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf16-fast-3r | 5 | 122 | 14,708 | 14,830 | 24.9M | 24.6M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf16-fast-5r | 5 | 122 | 13,772 | 13,894 | 24.5M | 23.3M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf256-fast-3r | 5 | 160 | 17,444 | 17,604 | 29.2M | 29.5M | Multivariate Quadratic |
| MQOM | MPC-in-the-Head | On-ramp | L5-gf256-fast-5r | 5 | 160 | 15,140 | 15,300 | 28.1M | 27.5M | Multivariate Quadratic |
| QR-UOV | Multivariate | On-ramp | I-(127 156 54 3) | 1 | 24,255 | 200 | 24,455 | 3.1M | 2.7M | Multivariate |
| QR-UOV | Multivariate | On-ramp | I-(31 165 60 3) | 1 | 23,641 | 157 | 23,798 | 4.2M | 3.7M | Multivariate |
| QR-UOV | Multivariate | On-ramp | I-(31 600 70 10) | 1 | 12,266 | 435 | 12,701 | 15.0M | 15.1M | Multivariate |
| QR-UOV | Multivariate | On-ramp | I-(7 740 100 10) | 1 | 20,641 | 331 | 20,972 | 46.8M | 44.9M | Multivariate |
| QR-UOV | Multivariate | On-ramp | III-(127 228 78 3) | 3 | 71,891 | 292 | 72,183 | 9.8M | 8.6M | Multivariate |
| QR-UOV | Multivariate | On-ramp | III-(31 246 87 3) | 3 | 70,983 | 232 | 71,215 | 14.5M | 12.7M | Multivariate |
| QR-UOV | Multivariate | On-ramp | III-(31 890 100 10) | 3 | 34,399 | 643 | 35,042 | 49.8M | 48.7M | Multivariate |
| QR-UOV | Multivariate | On-ramp | III-(7 1100 140 10) | 3 | 55,149 | 489 | 55,638 | 134.9M | 128.6M | Multivariate |
| QR-UOV | Multivariate | On-ramp | V-(127 306 105 3) | 5 | 173,676 | 392 | 174,068 | 23.9M | 20.9M | Multivariate |
| QR-UOV | Multivariate | On-ramp | V-(31 1120 120 10) | 5 | 58,532 | 807 | 59,339 | 90.7M | 87.8M | Multivariate |
| QR-UOV | Multivariate | On-ramp | V-(31 324 114 3) | 5 | 158,421 | 306 | 158,727 | 30.1M | 26.2M | Multivariate |
| QR-UOV | Multivariate | On-ramp | V-(7 1490 190 10) | 5 | 135,407 | 662 | 136,069 | 347.8M | 329.5M | Multivariate |
| RSA 💣 | Pre-Quantum | Classic | 2048 | Pre-Quantum | 272 | 256 | 528 | 27.0M | 45K | Factoring |
| SDitH | MPC-in-the-Head | On-ramp | SDitH2-L1-gf2-short | 1 | 70 | 3,705 | 3,775 | 16.8M | 15.1M | Syndrome Decoding |
| SDitH | MPC-in-the-Head | On-ramp | SDitH2-L1-gf2-fast | 1 | 70 | 4,484 | 4,554 | 5.0M | 4.5M | Syndrome Decoding |
| SDitH | MPC-in-the-Head | On-ramp | SDitH2-L3-gf2-short | 3 | 98 | 7,964 | 8,062 | 105.7M | 99.6M | Syndrome Decoding |
| SDitH | MPC-in-the-Head | On-ramp | SDitH2-L3-gf2-fast | 3 | 98 | 9,916 | 10,014 | 15.9M | 14.4M | Syndrome Decoding |
| SDitH | MPC-in-the-Head | On-ramp | SDitH2-L5-gf2-short | 5 | 132 | 14,121 | 14,253 | 151.2M | 143.1M | Syndrome Decoding |
| SDitH | MPC-in-the-Head | On-ramp | SDitH2-L5-gf2-fast | 5 | 132 | 17,540 | 17,672 | 23.6M | 21.8M | Syndrome Decoding |
| SLH-DSA | Symmetric | FIPS | SHAKE-192s | 3 | 48 | 16,224 | 16,272 | 8.09G | 6.5M | Hash-based |
| SLH-DSA | Symmetric | FIPS | SHAKE-256s | 5 | 64 | 29,792 | 29,856 | 7.09G | 10.2M | Hash-based |
| SLH-DSA | Symmetric | FIPS | SHAKE-128s | 1 | 32 | 7,856 | 7,888 | 4.68G | 4.8M | Hash-based |
| SLH-DSA | Symmetric | FIPS | SHAKE-256f | 5 | 64 | 49,856 | 49,920 | 763.9M | 19.9M | Hash-based |
| SLH-DSA | Symmetric | FIPS | SHAKE-192f | 3 | 48 | 35,664 | 35,712 | 386.9M | 19.9M | Hash-based |
| SLH-DSA | Symmetric | FIPS | SHAKE-128f | 1 | 32 | 17,088 | 17,120 | 239.8M | 12.9M | Hash-based |
| SNOVA | Multivariate | On-ramp | (60 10 4) | 5 | 8,016 | 576 | 8,592 | 2.8M | 1.9M | Non-commutative ring UOV |
| SNOVA | Multivariate | On-ramp | (66 15 3) | 5 | 15,204 | 381 | 15,585 | 2.2M | 1.7M | Non-commutative ring UOV |
| SNOVA 🧨 | Multivariate | On-ramp | (75 33 2) | 5 | 71,890 | 232 | 72,122 | 1.4M | 1.3M | Non-commutative ring UOV |
| SNOVA 🧨 | Multivariate | On-ramp | (29 6 5) | 5 | 2,716 | 454 | 3,170 | 1.8M | 1.1M | Non-commutative ring UOV |
| SNOVA ⚠️ | Multivariate | On-ramp | (37 8 4) | 3 | 4,112 | 376 | 4,488 | 1.1M | 652K | Non-commutative ring UOV |
| SNOVA | Multivariate | On-ramp | (49 11 3) | 3 | 6,006 | 286 | 6,292 | 984K | 676K | Non-commutative ring UOV |
| SNOVA 🧨 | Multivariate | On-ramp | (56 25 2) | 3 | 31,266 | 178 | 31,444 | 648K | 531K | Non-commutative ring UOV |
| SNOVA 🧨 | Multivariate | On-ramp | (24 5 5) | 3 | 1,579 | 379 | 1,958 | 1.1M | 685K | Non-commutative ring UOV |
| SNOVA ⚠️ | Multivariate | On-ramp | (24 5 4) | 1 | 1,016 | 248 | 1,264 | 385K | 206K | Non-commutative ring UOV |
| SNOVA 🧨 | Multivariate | On-ramp | (25 8 3) | 1 | 2,320 | 165 | 2,485 | 341K | 176K | Non-commutative ring UOV |
| SNOVA 🧨 | Multivariate | On-ramp | (37 17 2) | 1 | 9,842 | 124 | 9,966 | 262K | 152K | Non-commutative ring UOV |
| SQIsign | Isogenies | On-ramp | V | 5 | 129 | 292 | 421 | 507.5M | 35.7M | Isogenies |
| SQIsign | Isogenies | On-ramp | III | 3 | 97 | 224 | 321 | 309.2M | 18.6M | Isogenies |
| SQIsign | Isogenies | On-ramp | I | 1 | 65 | 148 | 213 | 101.6M | 5.1M | Isogenies |
| UOV 🧨 | Multivariate | On-ramp | V-pkc | 5 | 446,992 | 260 | 447,252 | 591K | 2.0M | Multivariate |
| UOV 🧨 | Multivariate | On-ramp | V-classic | 5 | 2,869,440 | 260 | 2,869,700 | 591K | 530K | Multivariate |
| UOV 🧨 | Multivariate | On-ramp | III-pkc | 3 | 189,232 | 200 | 189,432 | 303K | 964K | Multivariate |
| UOV 🧨 | Multivariate | On-ramp | III-classic | 3 | 1,225,440 | 200 | 1,225,640 | 303K | 283K | Multivariate |
| UOV ⚠️ | Multivariate | On-ramp | Is-pkc | 1 | 66,576 | 96 | 66,672 | 129K | 283K | Multivariate |
| UOV ⚠️ | Multivariate | On-ramp | Is-classic | 1 | 412,160 | 96 | 412,256 | 129K | 61K | Multivariate |
| UOV 🧨 | Multivariate | On-ramp | Ip-pkc | 1 | 43,576 | 128 | 43,704 | 109K | 235K | Multivariate |
| UOV 🧨 | Multivariate | On-ramp | Ip-classic | 1 | 278,432 | 128 | 278,560 | 109K | 80K | Multivariate |
107 parameter sets