NIST Recommendations
- Modes of operation for block ciphers approved by NIST (source, updated February 12, 2018)
- Encryption: 6
- Authentication: 1
- Encryption with Authentication: 5
- Format-Preserving Encryption: 2
- Minimum key sizes approved by NIST (source, published January 2016)
- AES: 128 bits
- Diffie-Hellman: 2048 bits (617 digits)
- RSA: 2048 bits (617 digits)
- Digital Signature Algorithm: 2048 bits (617 digits) for public key, 224 bits (68 digits) for private key
- Elliptic Curve Cryptography: 224 bits (68 digits)
Record-Breaking Computations
- Record for factoring a product of two large primes of general form (source, announced February 28, 2020):
n = 2140324650240744961264423072839333563008614715144755017797754920881418023447140136643345519095804679610992851872470914587687396261921557363047454770520805119056493106687691590019759405693457452230589325976697471681738069364894699871578494975937497937
= 64135289477071580278790190170577389084825014742943447208116859632024532344630238623598752668347708737661925585694639798853367
×
33372027594978156556226010605355114227940760344767554666784520987023841729210037080257448673296881877565718986258036932062711
(“RSA-250“, 829 bits, 250 digits)
- Record for finding a discrete logarithm modulo a prime (source, announced December 2, 2019):
p = RSA-240 + 49204 (the first safe prime above “RSA-240“, 795 bits, 240 digits)
774356626343973985966622216006087686926705588649958206166317147722421706101723470351970238538755049093424997
≡ 592603135928144195363094955331732855502961099191437611616729420475898744562365366788100548099072093487548258752802923326447367244150096121629264809207598195062213366889859186681126928982506005127728321426751244111412371767375547225045851716
(mod p)
- Record for finding a discrete logarithm in a finite field (source, announced July 10, 2019): Finite field has 230750 elements; size of the field is 30750 bits (14672 digits).
The finite field was obtained by taking polynomials in two variables, x and t, and reducing them modulo t30 + t + 1, modulo x1025 + x + t3, and modulo 2.The challenge was to take the logarithm ofwith respect to the generator g = x + t9 .
- Record for finding a discrete logarithm on an elliptic curve of general form modulo p (source, announced June 16, 2020):
p = 2256 – 232 – 29 – 28 – 27 – 26 – 24 – 1 = 115792089237316195423570985008687907853269984665640564039457584007908834671663
A ≡ 31464123230573852164273674364426950 G (mod p)
The logarithm was from the 100 BTC Bitcoin Challenge and was specified to have at most 115 bits (35 digits).
- Record for finding the shortest vector in a randomly generated lattice (source, announced February 8, 2021): A point in a lattice in 180 dimensions which is distance 3509 from the origin.
- Record for solving the Learning With Errors problem in the highest dimension (source, announced June 12, 2022): A point in a lattice in 90 dimensions with a relative error size of 0.005.
- Record for solving the Learning With Errors problem with the largest relative error (source, announced March 6, 2022): A point in a lattice in 40 dimensions with a relative error size of 0.035.
- Record for solving the syndrome decoding problem (as used in Classic McEliece) with the longest length solution (source, announced February 26, 2023): A string of 1347 bits, 25 of which had value 1.
- Record for recovering a McEliece (with Goppa code) secret key from a public key (source, announced May 30, 2024): Public key is a matrix with 40 rows and 253 columns.
- Record for recovering a McEliece (with Goppa code) plaintext from a public key and a ciphertext (source, announced May 30, 2024): Public key is a matrix with 230 rows and 988 columns.
- Record for solving the quasi-cyclic syndrome decoding problem (as used in BIKE) with the longest length solution (source, announced April 18, 2022): A string of 3138 bits, 56 of which had value 1.
- Record for breaking reduced-size Kyber with the largest secret key size (source, announced August 3, 2023): A 1536-bit secret key.
Quantum Computing Records
- Largest number reported factored using Shor’s Algorithm for fast quantum computing: 21 (source, published October 21, 2012)
- Largest number reported factored using quantum computation at any speed: 249919 (source, published December 5, 2018)
Quantum Cryptography Records
- Fastest quantum key agreement systems:
- Longest quantum key agreement systems:
Post-Quantum Cryptography
- Submissions to the NIST Post-Quantum Cryptography Standardization process (source, presented April 11, 2018)
- Submissions received by NIST: 82
- Submissions meeting minimum specified requirements: 69
- Submissions still in contention as of the First PQC Standardization Conference: 64
- Submitters involved: 278, from “25 Countries, 16 States, 6 Continents”
- Submissions selected for standardization after Round 3 (source, announced July 5, 2022)
- CRYSTALS-KYBER (key-establishment for most use cases)
- CRYSTALS-Dilithium (digital signatures for most use cases)
- FALCON (digital signatures for use cases requiring smaller signatures)
- SPHINCS+ (digital signatures not relying on the security of lattices)
- Public-key encryption and key-establishment algorithms deferred to Round 4 of the NIST Post-Quantum Cryptography Standardization process: BIKE, Classic McEliece, HQC, SIKE
- 4th NIST PQC Standardization Conference: November 29-December 1, 2022
-
Draft standards for KYBER, Dilithium, and SPINCS+ available for public comment: August 24, 2023
- FALCON draft standard available for public comment: 2024
- Submissions to the New Call for Proposals: Digital Signature Algorithms with Short Signatures and Fast Verification (source, announced June 9, 2023)
- Fifth PQC standardization conference: April 10-12, 2024.
Lightweight Cryptography
- Submissions to the NIST Lightweight Cryptography Standardization process (source, updated April 19, 2019)
- Submissions received by NIST: 57
- Submissions meeting minimum specified requirements: 56
- Submissions surviving to Round 2 of the NIST Lightweight Cryptography Standardization process (source, announced August 30, 2019)
- Round 2 candidate submissions: 32
- 3rd NIST Lightweight Cryptography Workshop: November 4-6, 2019
- 4th NIST Lightweight Cryptography Workshop (virtual): October 19-21, 2020
- Submissions surviving to Round 3 of the NIST Lightweight Cryptography Standardization process (source, announced March 29, 2021)
- Round 3 candidate submissions: 10 (ASCON, Elephant, GIFT-COFB, Grain128-AEAD, ISAP, Photon-Beetle, Romulus, Sparkle, TinyJambu, and Xoodyak)
- 5th NIST Lightweight Cryptography Workshop (virtual): May 9-11, 2022
- NIST selects Ascon as the family of algorithms for the new Lightweight Cryptography Standard! (source, announced February 7, 2023)
- Unofficial brief description of Ascon
- 6th NIST Lightweight Cryptography Workshop (virtual): June 21-22, 2023
- Draft standards available for public comment: 2023