South Korea Selects Four Domestic PQC Algorithms, Running a Parallel Track to NIST

30 January 2025 — South Korea has announced the winners of its Korean Post-Quantum Cryptography (KpqC) competition, selecting four algorithms as national PQC standards after a three-year evaluation process. The competition, run by the National Intelligence Service (NIS) and the National Security Research Institute (NSR) since 2021, follows the structure of the NIST PQC standardization process but arrived at entirely different algorithm selections.

The four winners:

Digital signatures: HAETAE (a lattice-based scheme related to but distinct from ML-DSA/Dilithium, using a different rejection sampling technique) and AIMer (a signature scheme based on the AIM block cipher, using a design philosophy different from NIST’s lattice-based choices).

Key encapsulation mechanisms: SMAUG-T (a lattice-based KEM using the Module Learning with Rounding problem, distinct from ML-KEM/Kyber’s Module Learning with Errors approach) and NTRU+ (a variant of the NTRU lattice problem, drawing on one of cryptography’s oldest post-quantum proposals).

The competition began with 16 candidate submissions in November 2022, narrowed to eight in Round 1 (December 2023), and concluded with these four selections in January 2025. HAETAE has also been submitted to NIST’s additional digital signature round, where it is being evaluated alongside other international candidates.

South Korea’s PQC master plan, published in July 2023, outlines a decade-long rollout roadmap targeting 2035 for full migration across government and industry. Pilot migrations in critical sectors (finance and telecommunications) are scheduled between 2025 and 2028. The government has indicated it will adopt NIST’s algorithms as well, with the KpqC selections serving as additional domestic options providing algorithm diversity.

My Analysis

South Korea is now the third country, after France (ANSSI) and Germany’s BSI, to signal that its PQC algorithm portfolio will extend beyond NIST’s selections. But Korea’s approach is different in kind. France and Germany added conservative alternatives (FrodoKEM, Classic McEliece) that were candidates in the NIST process. Korea ran its own competition and selected algorithms that were never part of NIST’s pipeline.

The question is straightforward: will Korean government systems require KpqC algorithms, NIST algorithms, or both? If the answer is “both” (KpqC for domestic government use and NIST for international interoperability), that’s manageable but expensive. If any Korean procurement requirement mandates KpqC-exclusive algorithms for certain use cases, then every international vendor selling into the Korean market needs to implement algorithms that no other market requires.

I’ve been tracking PQC standards fragmentation for some time, and Korea’s KpqC outcome adds a new dimension. The fragmentation so far has been about which parameters to use (ML-KEM-768 vs. ML-KEM-1024), whether to require hybrid mode, and which additional algorithms to accept alongside NIST’s selections. Korea introduces the possibility of entirely separate algorithms occupying official standards positions.

There are legitimate reasons for the approach. Algorithm diversity is a genuine security benefit. If a mathematical breakthrough compromises the Module LWE problem underlying ML-KEM and ML-DSA, having SMAUG-T (Module LWR) and AIMer (symmetric-based) as fallbacks provides defense in depth. NIST’s ongoing process for selecting additional algorithms reflects the same logic: having backups from different mathematical families is prudent cryptographic hygiene.

The caveat is that these algorithms have not undergone the same duration of public scrutiny as NIST’s candidates. NIST’s selection process ran for eight years precisely because cryptographic algorithms need extensive adversarial analysis before deployment. The KpqC competition ran for three. The KpqC algorithms may prove equally secure, but the analysis record is shorter and narrower. Korean agencies and their suppliers need to weigh this factor alongside the diversity benefit.

For organizations operating in or selling into South Korea: monitor how the KpqC algorithms appear in Korean procurement requirements over the next 12 to 18 months. The 2035 rollout target aligns with the global consensus, but the algorithm question is Korea-specific. Crypto-agility (the ability to swap algorithms without re-architecting systems) is the insurance policy that makes this manageable regardless of which direction Korean standards evolve.