NIST Recommendations
 Modes of operation for block ciphers approved by NIST (source, updated February 12, 2018)
 Encryption: 6
 Authentication: 1
 Encryption with Authentication: 5
 FormatPreserving Encryption: 2
 Minimum key sizes approved by NIST (source, published January 2016)
 AES: 128 bits
 DiffieHellman: 2048 bits (617 digits)
 RSA: 2048 bits (617 digits)
 Digital Signature Algorithm: 2048 bits (617 digits) for public key, 224 bits (68 digits) for private key
 Elliptic Curve Cryptography: 224 bits (68 digits)
RecordBreaking Computations
 Record for finding a discrete logarithm modulo a prime (source, announced June 16, 2016):
p = + 62762 =1219344858334286932696341909195796109526657386154251328029273656175766870980306505584577389125860826715201547225794072935883258868036433287217994721542199148182841505800433148410869683590659346847659519108393837414567892730579162319 (768 bits, 232 digits)

 Record for finding a discrete logarithm in a finite field (source, announced July 10, 2019): Finite field has 2^{30750} elements; size of the field is 30750 bits (14672 digits).
 Record for factoring a product of two large primes of general form (source, published January 6, 2010):
n=1230186684530117755130494958384962720772853569595334792197322452151726400507263657518745202199786469389956474942774063845925192557326303453731548268507917026122142913461670429214311602221240479274737794080665351419597459856902143413 (768 bits, 232 digits)
 Record for finding a discrete logarithm on an elliptic curve of general form modulo p (source, published September 9, 2009):
p = (2^{128} − 3)/(11 × 6949) = 4451685225093714772084598273548427 (112 bits, 34 digits)
 Record for finding a discrete logarithm on a “pairingfriendly” elliptic curve modulo p (source, published
p = 1957518425389075254535992784167879 (114 bits, 35 digits)
 Record for finding the shortest vector in a randomly generated lattice (source, announced August 30, 2018): A point in a lattice in 153 dimensions which is distance 3192 from the origin.
Quantum Computing Records
 Largest number reported factored using Shor’s Algorithm for fast quantum computing: 21 (source, published October 21, 2012)
 Largest number reported factored using quantum computation at any speed: 249919 (source, published December 5, 2018)
Quantum Cryptography Records
 Fastest quantum key agreement systems:
 Longest quantum key agreement systems:
PostQuantum Cryptography
 Submissions to the NIST PostQuantum Cryptography Standardization process (source, presented April 11, 2018)
 Submissions received by NIST: 82
 Submissions meeting minimum specified requirements: 69
 Submissions still in contention as of the First PQC Standardization Conference: 64
 Submitters involved: 278, from “25 Countries, 16 States, 6 Continents”
 Submissions surviving to Round 2 of the NIST PostQuantum Cryptography Standardization process (source, announced January 20, 2019)
 Publickey encryption and keyestablishment algorithm: 17
 Digital signature algorithms: 9
 2nd NIST PQC Standardization Workshop: August 2224, 2019
 Select algorithms or start a 3rd Round: 2020/2021
 Draft standards available: 20222024
Lightweight Cryptography
 Submissions to the NIST Lightweight Cryptography Standardization process (source, updated April 19, 2019)
 Submissions received by NIST: 57
 Submissions meeting minimum specified requirements: 56
 Submissions surviving to Round 2 of the NIST Lightweight Cryptography Standardization process (source, announced August 30, 2019)
 Round 2 candidate submissions: 32
 3rd NIST Lightweight Cryptography Workshop: November 46, 2019
 Select algorithms or start a 3rd Round: August/September 2020