ISO standardized Classic McEliece in June 2026. The ISO standard is compatible with the official specification from the Classic McEliece team. The ISO standard includes the following parameter sets:

• mceliece460896
• mceliece460896f
• mceliece460896pc
• mceliece460896pcf
• mceliece6688128
• mceliece6688128f
• mceliece6688128pc
• mceliece6688128pcf
• mceliece6960119
• mceliece6960119f
• mceliece6960119pc
• mceliece6960119pcf
• mceliece8192128
• mceliece8192128f
• mceliece8192128pc
• mceliece8192128pcf

The Classic McEliece team recommends the mceliece6* sizes for long-term security.

History

October 2022 slides from Microsoft said that ISO/IEC JTC1/SC27/WG2 had solicited "comments on proposed inclusion of FrodoKEM, Classic McEliece, and CRYSTALS-Kyber" in ISO/IEC standards.

The Classic McEliece team prepared a document iso-mceliece-20230419.pdf as a draft of a potential ISO McEliece standard. The team released the document to the public for comments.

As per ISO's rule that "Whenever possible, requirements shall be expressed in terms of performance rather than design or descriptive characteristics", this document specified the mathematical functions being computed, without constraining how the functions are computed.

For post-quantum applications, ISO asked cryptosystems to provide at least 128 bits of security in the "quantum model". ISO's quantum model assumes a square-root speedup from Grover search, so asking for 128 bits of security in that model is much more stringent than asking for at least 128 bits of pre-quantum security. The draft specified only the mceliece6* and mceliece8* parameter sets. On the other hand, the speedup from Grover search is well known to be limited by the latency of an attack. ISO decided to also standardize mceliece4*.