name: Falcon
type: signature
principal-submitters:
- Thomas Prest
auxiliary-submitters:
- Pierre-Alain Fouque
- Jeffrey Hoffstein
- Paul Kirchner
- Vadim Lyubashevsky
- Thomas Pornin
- Thomas Prest
- Thomas Ricosset
- Gregor Seiler
- William Whyte
- Zhenfei Zhang
crypto-assumption: hardness of NTRU lattice problems
website: https://falcon-sign.info
nist-round: 3
spec-version: 20211101
primary-upstream:
  source: https://github.com/PQClean/PQClean/commit/1eacfdafc15ddc5d5759d0b85b4cef26627df181
  spdx-license-identifier: MIT
  upstream-ancestors:
  - https://www.falcon-sign.info
optimized-upstreams:
  pqclean-aarch64:
    source: https://github.com/PQClean/PQClean/commit/7707d1bcc8ae7f9ffd296dd13b1d76d2767d14f8
    spdx-license-identifier: Apache-2.0
parameter-sets:
- name: Falcon-512
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 897
  length-secret-key: 1281
  length-signature: 752
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
- name: Falcon-1024
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 1793
  length-secret-key: 2305
  length-signature: 1462
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
- name: Falcon-padded-512
  claimed-nist-level: 1
  claimed-security: EUF-CMA
  length-public-key: 897
  length-secret-key: 1281
  length-signature: 666
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
- name: Falcon-padded-1024
  claimed-nist-level: 5
  claimed-security: EUF-CMA
  length-public-key: 1793
  length-secret-key: 2305
  length-signature: 1280
  implementations-switch-on-runtime-cpu-features: true
  implementations:
  - upstream: primary-upstream
    upstream-id: clean
    supported-platforms: all
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: true
    no-secret-dependent-branching-checked-by-valgrind: true
    large-stack-usage: false
  - upstream: primary-upstream
    upstream-id: avx2
    supported-platforms:
    - architecture: x86_64
      required_flags:
      - avx2
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false
  - upstream: pqclean-aarch64
    upstream-id: aarch64
    supported-platforms:
    - architecture: ARM64_V8
      operating_systems:
      - Linux
      - Darwin
    common-crypto:
    - SHA3: liboqs
    no-secret-dependent-branching-claimed: false
    no-secret-dependent-branching-checked-by-valgrind: false
    large-stack-usage: false