Falcon is one of the finalists for the NIST standard for PQC (Post Quantum Cryptography), along with NTRU (Nth degree‐truncated polynomial ring units) and CRYSTALS-DILITHIUM. It is derived from NTRU and is a lattice-based methods for quantum robust digital signing. Falcon is based on the Gentry, Peikert and Vaikuntanathan method for generating lattice-based signature schemes, along with a trapdoor sampler - Fast Fourier sampling. We select three parameters: \(N\), \(p\) and \(q\). To generate the key pair, we select two polynomials: \(\textbf{f}\) and \(\textbf{g}\). From these we compute: \(F=\textbf{f}_q=\textbf{f}^{-1} \pmod q\) and where \(\textbf{f}\) and \(\textbf{f}_q\) are the private keys. The public key is \(\textbf{h} = p \cdot \textbf{f}_q . \textbf{f} \pmod q\). With Falcon-512 (which has an equivalent security to RSA-2048), we generate a public key of 897 bytes, a private key size of 1,281 bytes and a signature size of 690 bytes, while FALCON-1024 gives a public key of 1,793 bytes and a signature size of 1,280 bytes.
Related: [Kyber KEM][Kyber KEX][Dilithium Dig Sig Speed][Factoring signature (ECC)][Factoring signature (Logs)][Falcon Digital Signature][Rainbow Digital Signature][Dilithium Digital Signature][SPHINCS+][GeMSS]