PQC-Bench Guide - Post-Quantum Algorithm Recommendations

Why Algorithm Selection Matters

Choosing the right post-quantum cryptography algorithm is one of the most critical decisions in your quantum readiness journey. Different algorithms have different trade-offs in security, performance, and implementation complexity.

No One-Size-Fits-All Solution NIST has standardized multiple PQC algorithms because different use cases require different solutions. ML-KEM is ideal for key exchange, ML-DSA for general signatures, and SLH-DSA for high-assurance scenarios. Making the wrong choice can impact security, performance, or compliance.

Organizations face significant challenges in algorithm selection:

Complexity of standards - Understanding FIPS 203, 204, 205 requires deep cryptographic expertise
Sector requirements - Financial, healthcare, and government sectors have unique compliance needs
Performance constraints - Key sizes, signature sizes, and computation times vary dramatically
Library maturity - Not all implementations are production-ready

PQC-Bench solves this by providing natural language recommendations tailored to your specific use case, sector, and threat model.

What is PQC-Bench

PQC-Bench is an open-source recommendation engine that helps you select the right post-quantum cryptography algorithms. Ask questions in plain English and get expert guidance based on NIST standards and industry best practices.

Natural Language Queries

Ask questions like "What algorithm should I use for TLS?" or "Which signature algorithm is best for code signing?"

7 Sector Guides

Pre-built guidance for Financial Services, Healthcare, Government, Critical Infrastructure, Technology, Telecommunications, and Energy sectors.

SNDL Threat Assessment

Evaluate Store Now, Decrypt Later risks for your data based on sensitivity and retention requirements.

Library Readiness Checks

Verify if PQC implementations are production-ready in popular cryptographic libraries.

Getting Started

Installation

Clone and install PQC-Bench from source:

git clone https://github.com/csnp/pqc-bench.git
cd pqc-bench
pip install -e .

Basic Usage

Ask questions in natural language:

# Get algorithm recommendations
pqc-bench ask "What algorithm should I use for key exchange?"

# Get sector-specific guidance
pqc-bench sector financial

# Assess SNDL threat for your data
pqc-bench sndl --sensitivity high --retention 10years

# Check library readiness
pqc-bench library openssl

Common Queries

# Key exchange recommendations
pqc-bench ask "Best algorithm for TLS key exchange?"

# Signature recommendations
pqc-bench ask "What should I use for document signing?"

# Hybrid mode recommendations
pqc-bench ask "Should I use hybrid classical + PQC?"

# Protocol impact analysis
pqc-bench ask "How will PQC affect my TLS performance?"

# Compliance guidance
pqc-bench ask "What does CNSA 2.0 require by 2030?"

NIST PQC Algorithms

NIST has standardized three primary post-quantum cryptography algorithms:

Algorithm	Standard	Type	Primary Use Case
ML-KEM	FIPS 203	Key Encapsulation	TLS key exchange, encrypted communications
ML-DSA	FIPS 204	Digital Signature	Code signing, document signing, certificates
SLH-DSA	FIPS 205	Digital Signature	High-assurance applications, long-term verification

ML-KEM vs ML-DSA ML-KEM (formerly CRYSTALS-Kyber) is for key establishment - creating shared secrets for encryption. ML-DSA (formerly CRYSTALS-Dilithium) is for digital signatures - proving authenticity and integrity. They solve different problems and are often used together.

Algorithm Comparison

Property	ML-KEM-768	ML-DSA-65	SLH-DSA-128f
Public Key Size	1,184 bytes	1,952 bytes	32 bytes
Private Key Size	2,400 bytes	4,032 bytes	64 bytes
Ciphertext/Signature	1,088 bytes	3,309 bytes	17,088 bytes
Security Level	AES-192 equivalent	AES-192 equivalent	AES-128 equivalent

Sector-Specific Guidance

PQC-Bench provides tailored recommendations for 7 critical infrastructure sectors:

Financial Services

pqc-bench sector financial

Covers PCI-DSS implications, payment system requirements, and regulatory timelines for banks and financial institutions.

Healthcare

pqc-bench sector healthcare

Addresses HIPAA considerations, medical device constraints, and long-term patient data protection requirements.

Government

pqc-bench sector government

Details CNSA 2.0 compliance timelines, FedRAMP implications, and classified system requirements.

Critical Infrastructure

pqc-bench sector infrastructure

Covers SCADA/ICS environments, operational technology constraints, and long operational lifecycles.

SNDL Threat Assessment

The Store Now, Decrypt Later (SNDL) threat is the primary driver for urgent PQC adoption. PQC-Bench helps you assess your SNDL risk:

# Assess SNDL risk for your data
pqc-bench sndl --sensitivity high --retention 10years

# Example output:
# SNDL Risk Assessment
# ====================
# Data Sensitivity: HIGH
# Retention Period: 10 years
# Risk Level: CRITICAL
#
# Recommendation: Immediate migration to hybrid PQC
# Data encrypted today with RSA/ECDH may be decrypted
# by quantum computers within 5-15 years.

SNDL Risk Factors Data with high sensitivity AND long retention periods has the highest SNDL risk. Medical records, financial data, trade secrets, and classified information are particularly vulnerable because they remain valuable for decades.

SNDL Risk Matrix

Retention	Low Sensitivity	Medium Sensitivity	High Sensitivity
< 5 years	LOW	MEDIUM	MEDIUM
5-10 years	MEDIUM	HIGH	CRITICAL
> 10 years	HIGH	CRITICAL	CRITICAL

Best Practices

1. Start with Hybrid Mode

Combine classical and post-quantum algorithms during transition:

pqc-bench ask "How do I implement hybrid TLS?"

# Hybrid provides defense-in-depth:
# - Classical algorithm protects against implementation bugs in PQC
# - PQC algorithm protects against future quantum attacks
# - Both must be broken for the system to fail

2. Match Algorithm to Use Case

Key exchange (TLS, VPN) - Use ML-KEM
Code signing - Use ML-DSA (performance) or SLH-DSA (conservatism)
Document signing - Use ML-DSA for most cases
Long-term certificates - Consider SLH-DSA for root CAs

3. Plan for Key Size Increases

PQC algorithms have larger keys and signatures. Plan for:

Increased bandwidth requirements
Larger certificate chains
Database schema changes for key storage
Protocol negotiation updates

4. Follow CNSA 2.0 Timelines

pqc-bench ask "What are the CNSA 2.0 deadlines?"

# Key dates:
# - 2025: Begin planning and pilots
# - 2030: Software/firmware signing must use PQC
# - 2033: All NSS must support PQC

5. Test Library Readiness

# Check if your library supports PQC
pqc-bench library openssl
pqc-bench library boringssl
pqc-bench library liboqs
pqc-bench library aws-lc

Ready to Choose Your PQC Algorithms?

Get started with PQC-Bench today - it's free, open source, and provides expert guidance for your quantum migration.

View on GitHub Take QRAMM Assessment

Related Resources

Algorithm Selection Guide - Comprehensive algorithm comparison
NIST PQC Standards - Understanding FIPS 203, 204, 205
PQC Migration Planning - Planning your post-quantum migration
Harvest Now, Decrypt Later - Understanding the HNDL threat

PQC-Bench: Algorithm Recommendation Guide

Why Algorithm Selection Matters

What is PQC-Bench

Natural Language Queries

7 Sector Guides

SNDL Threat Assessment

Library Readiness Checks

Getting Started

Installation

Basic Usage

Common Queries

NIST PQC Algorithms

Algorithm Comparison

Sector-Specific Guidance

Financial Services

Healthcare

Government

Critical Infrastructure

SNDL Threat Assessment

SNDL Risk Matrix

Best Practices

1. Start with Hybrid Mode

2. Match Algorithm to Use Case

3. Plan for Key Size Increases

4. Follow CNSA 2.0 Timelines

5. Test Library Readiness

Ready to Choose Your PQC Algorithms?

Related Resources