On December 20, 2016, the National Institute of Standards and Technology (NIST) published a Federal Register notice formally soliciting nominations for candidate algorithms to be considered for public-key post-quantum cryptographic standards. The call for proposals launched what would become a multi-year international competition to develop encryption and digital signature algorithms resistant to attacks from quantum computers.
NIST’s stated goal was to develop and standardize one or more additional public-key cryptographic algorithms to augment FIPS 186-4 (Digital Signature Standard) and NIST Special Publications SP 800-56A and SP 800-56B (key establishment schemes). The new standards were intended to specify algorithms capable of protecting sensitive government information after the advent of quantum computers. NIST expected to perform multiple rounds of evaluation over a period of three to five years.
The call followed a preparatory sequence that began with the release of draft NISTIR 8105 in February 2016 and the final Report on Post-Quantum Cryptography in April 2016, which outlined NIST’s initial plan for addressing the quantum threat to public-key cryptography. In August 2016, NIST had published proposed submission requirements and evaluation criteria for public comment. The submission deadline for candidate algorithms was set for November 30, 2017.
By the close of the submission window, 82 candidate algorithms were submitted; NIST accepted 69 into the first round as meeting minimum acceptability requirements. The standardization process was also informed by the NSA’s 2015 announcement of the Commercial National Security Algorithm Suite (CNSA 1.0), which signaled the U.S. intelligence community’s concern about quantum threats to elliptic curve cryptography and its intent to transition national security systems to quantum-resistant algorithms.