FAEST is a digital signature algorithm designed to be secure against quantum computers. The security of FAEST is based on standard cryptographic hashes (SHA3) and ciphers (AES) which are believed to remain secure against quantum adversaries.


The design of FAEST follows the design principle of Picnic signature scheme. The signing key is an AES key, while the public verification key is a plaintext-ciphertext pair, obtained by encrypting a random message under the signing key. A non-interactive zero-knowledge proof of knowledge is used to produce the signature by showing that the AES key maps the message stored in the public key to the ciphertext. FAEST uses a new zero-knowledge proof technique called VOLE-in-the-head, which improves upon the established MPC-in-the-head paradigm.

NIST submission

The signature scheme was submitted to NIST’s call for Additional Signatures in June 2023. More information on the submission including the reference implementation which was implemented by QCI-CAT project partners AIT and Graz University of Technology can be found on the FAEST website.