PQ Signatures zoo

Post-Quantum signatures zoo

NIST round 1

A list of post-quantum algorithms and their characteristics.

In the below, we give an overview of the post-quantum algorithms that have been submitted to the NIST post-quantum signatures on-ramp.

We have copied the properties of the schemes out of the individual scheme submission documents, so be aware of potential errors.

We welcome any and all suggestions and improvements on this page's GitHub repository.

Schemes

Scheme Status Category Assumption
Click on the table headers to sort.
Filter categories

Parameters

Scheme Parameterset NIST level Pk bytes Sig bytes pk+sig
Click on the table headers to sort.
Filter Security Levels
Filter on sizes
Public key size
Signature size
Pk+Sig size
Sync performance filters
Apply performance filters
Filter schemes
Select none all

Performance metrics

Performance characteristics have been directly taken from the submission documents!

Note that many submissions do not have optimized implementations, and that the measurements were collected under an enormous variation of measurement setups. Some implementation are also not timing-invariant with regards to secrets ("constant-time"), and fixing this may also come with performance penalties. Take the performance metrics with a significant grain of salt.

Some metrics have been extrapolated from reported times in milliseconds. These have been converted assuming a 2.5 GHz cpu; independent of the benchmarking platform reported. Converted metrics are marked as such.

Scheme Parameterset NIST level Sign (cycles) Verify (cycles)
Click on the table headers to sort.
Filter Security Levels
Filter on runtime
Signing cycles
Verification cycles
Sync size filters
Apply size filters
Filter parameters
Select none all