###### NIST Recommendations

- Modes of operation for block ciphers approved by NIST (source, updated February 12, 2018)
- Encryption: 6
- Authentication: 1
- Encryption with Authentication: 5
- Format-Preserving Encryption: 2

- Minimum key sizes approved by NIST (source, published January 2016)
- AES: 128 bits
- Diffie-Hellman: 2048 bits (617 digits)
- RSA: 2048 bits (617 digits)
- Digital Signature Algorithm: 2048 bits (617 digits) for public key, 224 bits (68 digits) for private key
- Elliptic Curve Cryptography: 224 bits (68 digits)

###### Record-Breaking Computations

- Record for factoring a product of two large primes of general form (source, announced December 2, 2019):

*n *= 124620366781718784065835044608106590434820374651678805754818788883289666801188210855036039570272508747509864768438458621054865537970253930571891217684318286362846948405301614416430468066875699415246993185704183030512549594371372159029236099

= 509435952285839914555051023580843714132648382024111473186660296521821206469746700620316443478873837606252372049619334517

244624208838318150567813139024002896653802092578931401452041221336558477095178155258218897735030590669041302045908071447

(“RSA-240“, 795 bits, 240 digits)

- Record for finding a discrete logarithm modulo a prime (source, announced December 2, 2019):

*p *= RSA-240 + 49204 (the first safe prime above RSA-240, 795 bits, 240 digits)

- Record for finding a discrete logarithm in a finite field (source, announced July 10, 2019): Finite field has 2
^{30750}elements; size of the field is 30750 bits (14672 digits).

- Record for finding a discrete logarithm on an elliptic curve of general form modulo
*p*(source, published September 9, 2009):

*p *= (2^{128} − 3)/(11 × 6949) = 4451685225093714772084598273548427 (112 bits, 34 digits)

- Record for finding a discrete logarithm on a “pairing-friendly” elliptic curve modulo
*p*(source, published

*p *= 1957518425389075254535992784167879 (114 bits, 35 digits)

- Record for finding the shortest vector in a randomly generated lattice (source, announced August 30, 2018): A point in a lattice in 153 dimensions which is distance 3192 from the origin.

###### Quantum Computing Records

- Largest number reported factored using Shor’s Algorithm for fast quantum computing: 21 (source, published October 21, 2012)
- Largest number reported factored using quantum computation at any speed: 249919 (source, published December 5, 2018)

###### Quantum Cryptography Records

- Fastest quantum key agreement systems:
- Longest quantum key agreement systems:

###### Post-Quantum Cryptography

- Submissions to the NIST Post-Quantum Cryptography Standardization process (source, presented April 11, 2018)
- Submissions received by NIST: 82
- Submissions meeting minimum specified requirements: 69
- Submissions still in contention as of the First PQC Standardization Conference: 64
- Submitters involved: 278, from “25 Countries, 16 States, 6 Continents”

- Submissions surviving to Round 2 of the NIST Post-Quantum Cryptography Standardization process (source, announced January 20, 2019)
- Public-key encryption and key-establishment algorithm: 17
- Digital signature algorithms: 9
- 2nd NIST PQC Standardization Workshop: August 22-24, 2019

- Select algorithms or start a 3rd Round: 2020/2021
- Draft standards available: 2022-2024

###### Lightweight Cryptography

- Submissions to the NIST Lightweight Cryptography Standardization process (source, updated April 19, 2019)
- Submissions received by NIST: 57
- Submissions meeting minimum specified requirements: 56

- Submissions surviving to Round 2 of the NIST Lightweight Cryptography Standardization process (source, announced August 30, 2019)
- Round 2 candidate submissions: 32
- 3rd NIST Lightweight Cryptography Workshop: November 4-6, 2019

- Select algorithms or start a 3rd Round: August/September 2020