South Korea announces winners of KpqC competition

By Matthew Stubbs

January 31, 2025

This month, South Korea selected its final four algorithms as part of the Korean Post-Quantum Cryptography (KpqC) competition.

The competition, running since 2021, was designed to standardize algorithms for use in the nation’s cryptography, in accordance with the country’s PQC master plan, published in 2023.

As with many nations, South Korea has been making considerable effort to transition its cryptography to PQC to safeguard against the quantum threat. This step is a key milestone, coming as it does at the end of a four-year project, initially launched by the National Intelligence Service (NIS) in collaboration with the National Security Research Institute (NSR).

We’ve summarized the four selected algorithms below.

Digital Signatures

• HAETAE. HAETAE is a close variant of ML-DSA (Dilithium) that uses a more complex but also more efficient technique when it comes to rejection sampling. As a result, it achieves more compact signatures. 
• AIMer. AIMer is a digital signature algorithm with much larger signature sizes than NIST-standardized ML-DSA, comparable with SLH-DSA in terms of performance. It runs more slowly than lattice-based schemes. It is based on the recent “MPC-in-the-head” design.

PKE/KEMs

• SMAUG-T. Comparable with ML-KEM (Kyber), SMAUG-T relies on the same Module Learning With Errors assumption with some small differences. It’s generally considered equally as secure as ML-KEM and exhibits a similar performance.
• NTRU+. NTRU was originally a NIST finalist, but was not selected as a KEM, being surpassed by ML-KEM (Kyber) during the standardization project. NTRU+ can be similarly efficient but can also mean more complicated implementations.

Further afield?

Naturally, this announcement raises the profile of these schemes. However, it will be intriguing to see their reception outside of South Korea. Since many ‘ingredients’ of these algorithms differ in terms of implementation, a large amount of development effort is needed to use them in implementations, such as those offered by PQShield. However, it’s encouraging to see standards develop.

At PQShield we’re focused on implementation as well as ground-breaking research, but particularly with an eye on physical threat detection; it’s worth pointing out that these schemes have yet to be tested or evaluated against the threat of side-channel analysis – and this matters. Even with the current NIST candidates, we regularly observe new attacks, despite the fact that those standards have been rigorously studied and robustly tested for a number of years. It’s a pertinent threat for standards of all levels of maturity. 

It’s great to observe the progress made by South Korea on PQC standardization, particularly as the roadmap set out by the NIS is on schedule for transition by 2035. It aligns with European and US timescales, which is certainly a positive. In the NIS Roadmap, the next phase for South Korea is a focus on ‘establishment of procedure’ and from 2026, ‘supporting systems for cryptography transformation’.

In this year of PQC adoption around the world, there will be many governments and organizations now planning on the transition to crypto agility, with the latest PQC algorithms in place.