###### NIST Recommendations

- Modes of operation for block ciphers approved by NIST (source, updated February 12, 2018)
- Encryption: 6
- Authentication: 1
- Encryption with Authentication: 5
- Format-Preserving Encryption: 2

- Minimum key sizes approved by NIST (source, published January 2016)
- AES: 128 bits
- Diffie-Hellman: 2048 bits (617 digits)
- RSA: 2048 bits (617 digits)
- Digital Signature Algorithm: 2048 bits (617 digits) for public key, 224 bits (68 digits) for private key
- Elliptic Curve Cryptography: 224 bits (68 digits)

###### Record-Breaking Computations

- Record for factoring a product of two large primes of general form (source, announced February 28, 2020):

*n *= 2140324650240744961264423072839333563008614715144755017797754920881418023447140136643345519095804679610992851872470914587687396261921557363047454770520805119056493106687691590019759405693457452230589325976697471681738069364894699871578494975937497937

= 64135289477071580278790190170577389084825014742943447208116859632024532344630238623598752668347708737661925585694639798853367

×

33372027594978156556226010605355114227940760344767554666784520987023841729210037080257448673296881877565718986258036932062711

(“RSA-250“, 829 bits, 250 digits)

- Record for finding a discrete logarithm modulo a prime (source, announced December 2, 2019):

*p *= RSA-240 + 49204 (the first safe prime above “RSA-240“, 795 bits, 240 digits)

774356626343973985966622216006087686926705588649958206166317147722421706101723470351970238538755049093424997

≡ 5^{92603135928144195363094955331732855502961099191437611616729420475898744562365366788100548099072093487548258752802923326447367244150096121629264809207598195062213366889859186681126928982506005127728321426751244111412371767375547225045851716}

(mod *p*)

- Record for finding a discrete logarithm in a finite field (source, announced July 10, 2019): Finite field has 2
^{30750}elements; size of the field is 30750 bits (14672 digits).

- Record for finding a discrete logarithm on an elliptic curve of general form modulo
*p*(source, published September 9, 2009):

*p *= (2^{128} − 3)/(11 × 6949) = 4451685225093714772084598273548427 (112 bits, 34 digits)

- Record for finding a discrete logarithm on a “pairing-friendly” elliptic curve modulo
*p*(source, published March 21, 2018):

*p *= 1957518425389075254535992784167879 (114 bits, 35 digits)

- Record for finding the shortest vector in a randomly generated lattice (source, announced August 30, 2018): A point in a lattice in 153 dimensions which is distance 3192 from the origin.

###### Quantum Computing Records

- Largest number reported factored using Shor’s Algorithm for fast quantum computing: 21 (source, published October 21, 2012)
- Largest number reported factored using quantum computation at any speed: 249919 (source, published December 5, 2018)

###### Quantum Cryptography Records

- Fastest quantum key agreement systems:
- Longest quantum key agreement systems:

###### Post-Quantum Cryptography

- Submissions to the NIST Post-Quantum Cryptography Standardization process (source, presented April 11, 2018)
- Submissions received by NIST: 82
- Submissions meeting minimum specified requirements: 69
- Submissions still in contention as of the First PQC Standardization Conference: 64
- Submitters involved: 278, from “25 Countries, 16 States, 6 Continents”

- Submissions surviving to Round 2 of the NIST Post-Quantum Cryptography Standardization process (source, announced January 20, 2019)
- Public-key encryption and key-establishment algorithm: 17
- Digital signature algorithms: 9
- 2nd NIST PQC Standardization Workshop: August 22-24, 2019

- Select algorithms or start a 3rd Round: 2020/2021
- Draft standards available: 2022-2024

###### Lightweight Cryptography

- Submissions to the NIST Lightweight Cryptography Standardization process (source, updated April 19, 2019)
- Submissions received by NIST: 57
- Submissions meeting minimum specified requirements: 56

- Submissions surviving to Round 2 of the NIST Lightweight Cryptography Standardization process (source, announced August 30, 2019)
- Round 2 candidate submissions: 32
- 3rd NIST Lightweight Cryptography Workshop: November 4-6, 2019

- Select algorithms or start a 3rd Round: August/September 2020