MQOM v2.1 Release
144 views
Skip to first unread message
Thibauld Feneuil
Sep 23, 2025, 7:39:58 PMSep 23
to pqc-...@list.nist.gov
Dear PQC-Forum members,
The MQOM Team is thrilled to announce the release of version 2.1 of the MQOM signature candidate! This release brings several key improvements:
- Refined design: minor adjustments to the public key structure and signature transcript, improving performance (with impact on KAT).
- New parameter sets: fresh instances over GF(16), complementing the existing GF(2) and GF(256) options, achieving good trade-offs between signature size and computational cost.
- Optimized x86 implementations: high-performance code for AVX2/AVX512 (with GFNI support when available), delivering up to a 10x speedup over the previous code.
- Embedded implementations: new implementations for memory-constrained embedded devices (showcasing low memory requirements), with benchmarks for Cortex-M4.
Here are some performance highlights:
- On modern x86 platforms, MQOM delivers competitive performance compared to other MPCitH/TCitH/VOLEitH-based schemes: 5–7 Mcycles for L1 and 35–50 Mcycles L5, for the trade-off “short”.
- On embedded devices, MQOM outperforms existing implementations in both runtime and memory usage. For example, a fast L1 instance can be implemented with a footprint under 15 KB, achieving signing times around 70 Mcycles. Depending on the configuration, the memory footprint can even be reduced to under 10 KB.
For further details, please see the updated specifications or attend the MQOM presentation at the NIST standardization conference this week.
Best regards,
The MQOM Team
https://mqom.org/
The MQOM Team is thrilled to announce the release of version 2.1 of the MQOM signature candidate! This release brings several key improvements:
- Refined design: minor adjustments to the public key structure and signature transcript, improving performance (with impact on KAT).
- New parameter sets: fresh instances over GF(16), complementing the existing GF(2) and GF(256) options, achieving good trade-offs between signature size and computational cost.
- Optimized x86 implementations: high-performance code for AVX2/AVX512 (with GFNI support when available), delivering up to a 10x speedup over the previous code.
- Embedded implementations: new implementations for memory-constrained embedded devices (showcasing low memory requirements), with benchmarks for Cortex-M4.
Here are some performance highlights:
- On modern x86 platforms, MQOM delivers competitive performance compared to other MPCitH/TCitH/VOLEitH-based schemes: 5–7 Mcycles for L1 and 35–50 Mcycles L5, for the trade-off “short”.
- On embedded devices, MQOM outperforms existing implementations in both runtime and memory usage. For example, a fast L1 instance can be implemented with a footprint under 15 KB, achieving signing times around 70 Mcycles. Depending on the configuration, the memory footprint can even be reduced to under 10 KB.
For further details, please see the updated specifications or attend the MQOM presentation at the NIST standardization conference this week.
Best regards,
The MQOM Team
https://mqom.org/
Reply all
Reply to author
Forward
0 new messages