While NIST's post-quantum cryptography standardization has received the most attention, several countries are developing their own PQC standards. Understanding the global PQC landscape is crucial for organizations operating internationally or requiring algorithm diversity beyond North American standards (US NIST partners with Candada's CCCS for FIPS and CSPRNG selections). BTW, the Open Quantum Safe project was started at University of Waterloo. So most of what we're doing we have Bob and Doug Makenzie to thank.
This module provides an overview of PQC standardization efforts in South Korea, China, and European recommendations.
After completing this module, you will be able to:
- Identify key PQC algorithms from South Korean standardization
- Understand China's approach to cryptographic sovereignty
- Recognize European agency recommendations
- Assess implications for international compliance
- Make reasonable decisions about global PQC strategy
- Look cool to all your friends at the bar
South Korea's National Intelligence Service (NIS) and related agencies conducted the Korean Post-Quantum Cryptography (KpqC) competition to develop national PQC standards.
| Year | Milestone |
|---|---|
| 2021 | KpqC competition announced |
| 2022 | Round 1 submissions |
| 2023 | Round 2 selections |
| 2024 | Final algorithm selections |
| 2025+ | Standardization in progress |
| Algorithm | Mathematical Basis | Notes |
|---|---|---|
| NTRU+ | NTRU lattice (enhanced) | Enhanced NTRU variant |
| SMAUG-T | Module-LWE | Similar basis to ML-KEM |
| Algorithm | Mathematical Basis | Notes |
|---|---|---|
| HAETAE | Lattice-based | Fiat-Shamir signature |
| ALMer | Lattice-based | Alternative construction |
South Korean algorithms may not be available in standard OQS distributions. Organizations working with South Korean entities should:
- Monitor NIS publications for official specifications
- Consider direct implementation if required
- Plan for potential hybrid deployments (NIST + KpqC)
China prioritizes cryptographic independence from Western standards. While NIST algorithms are based on well-understood mathematical problems, China is developing algorithms with Chinese-designed implementations.
| Organization | Role |
|---|---|
| ICCS | Institute of Commercial Cryptography Standards |
| CACR | Chinese Association for Cryptologic Research |
| OSCCA | Office of State Commercial Cryptography Administration |
| Year | Milestone |
|---|---|
| 2019-2020 | Initial PQC competition completed |
| 2020-2024 | Algorithm refinement |
| Feb 2025 | ICCS calls for new algorithm proposals |
| 2025+ | Continued development |
| Algorithm | Mathematical Basis | Notes |
|---|---|---|
| Aigis-enc | LWE-based | Chinese lattice KEM |
| LAC.PKE | Lattice-based | Alternative construction |
| Algorithm | Mathematical Basis | Notes |
|---|---|---|
| Aigis-sig | Lattice-based | Chinese signature scheme |
For organizations operating in China:
- Monitor developments: Chinese standards may become mandatory for certain sectors
- Plan for dual compliance: May need both NIST and Chinese algorithms
- Consider hybrid approaches: Use multiple algorithms in parallel
- Engage local expertise: Chinese cryptographic requirements evolve independently
Chinese PQC algorithms are generally not available in Western cryptographic libraries. Implementation would require:
- Direct reference implementation from Chinese sources
- Custom integration
- Potential licensing considerations
European cybersecurity agencies have evaluated PQC algorithms and provided recommendations:
| Recommendation | Algorithm | Rationale |
|---|---|---|
| Primary | ML-KEM, ML-DSA | NIST standards |
| Conservative | FrodoKEM | Unstructured lattice |
| Maximum security | Classic McEliece | Longest security history |
| Recommendation | Algorithm | Rationale |
|---|---|---|
| Primary | ML-KEM, ML-DSA | NIST standards |
| Conservative | FrodoKEM | Conservative security margin |
Similar recommendations to BSI and ANSSI, emphasizing hybrid approaches during transition.
The EU's approach to PQC includes:
- eIDAS 2.0: May incorporate PQC requirements
- ENISA guidance: Agency publishes PQC transition recommendations
- NIS2 Directive: May influence cryptographic requirements
Russia's TK26 Working Group 2.5 has been evaluating PQC submissions since 2019. Limited public information is available about specific algorithm selections.
- Russian standards likely to be independent from NIST
- Based on similar mathematical foundations (lattice, code-based)
- May require separate compliance for organizations operating in Russia
| Region | Primary KEM | Alternative KEMs |
|---|---|---|
| NIST | ML-KEM | HQC (2027) |
| Europe | ML-KEM | FrodoKEM, Classic McEliece |
| South Korea | SMAUG-T | NTRU+ |
| China | Aigis-enc | LAC.PKE |
| Region | Primary Signature | Alternative Signatures |
|---|---|---|
| NIST | ML-DSA | SLH-DSA, FN-DSA (2025) |
| Europe | ML-DSA | SLH-DSA |
| South Korea | HAETAE | ALMer |
| China | Aigis-sig | TBD |
Despite independent development, most algorithms use similar mathematical foundations:
| Problem | NIST | South Korea | China | Europe |
|---|---|---|---|---|
| Module-LWE | ML-KEM | SMAUG-T | Aigis-enc | ML-KEM |
| Plain LWE | - | - | LAC.PKE | FrodoKEM |
| NTRU lattices | - | NTRU+ | - | - |
| Code-based | HQC | - | - | Classic McEliece |
Overlap suggests that cryptanalytic advances against one algorithm type would likely affect algorithms from multiple regions.
Proceed to Module 05: Performance Analysis for performance comparisons across all algorithms covered in this learning path.
Module Navigation:
| Previous | Current | Next |
|---|---|---|
| 03 - BIKE and HQC | 04 - International PQC | 05 - Performance Analysis |