Europe has already some initial recommendations/ under investigation algorithms here: https://pqcrypto.eu.org/docs/initial-recommendations.pdf
- Salsa20 with a 256-bit key
- GCM using a 96-bit nonce and a 128-bit authenticator.
- McEliece with binary Goppa codes using length n = 6960, dimension k = 5413 and adding t = 119 errors.
- Quasi-cyclic MDPC codes for McEliece with parameters at least n = 2 elevated to 16 + 6; k = 2 elevated to 15 + 3; d = 274 and adding t = 264 errors.
- The Stehlé-Steinfeld version of the NTRU lattice-based cryptosystem.
- HFEv- multivariate-quadratic signature system
Right now, between friends, or similar, when both can meet personally, they can exchange elliptic curve public keys or even passwords, and then encrypt and send to the other everything inside encrypted capsules.
It is free and open source:
From the author:
"There is increasing political pressure in my country(Germany) to criminalize encryption, further deteriorate civil rights and march into an Orwellian society. Thus the day may be near when we will all need steganography, hide our enforcement of privacy and need "plausible deniability".
To get closer to this defense I introduced the concept of a "NADA Cap". NADA stands for No Access Data Available. A NADA Cap is an additional layer, which protects all format information and access data. A capped cipher file is indistinguishable from noise in toto. You can feed it to whatever "Die the Hardest" test of randomness without detecting the slightest sign of deviation from randomness. (Achieving this beautiful, perfect cipher state in Academic Signature gave me deep satisfaction.) Thus you will now always be able to claim your EC-cipher is just data from your last SETI search round, or you XOR it with your favourite Michael Jackson video and claim the cipher were just a one time pad for your illegally downloaded video. A featureless cipher is the ideal input for any steganography tool. There is always a good explanation for noise in your pictures or audio files if it truly looks like noise.
Upon producing en elliptic curve cipher you can now tick a box "apply NADA Cap". If you do so, you will be asked for a NADA Cap key. If you use "intrinsic" the Cap key will be deterministically set from the public key data of the recipient. The "public key" should then be kept somewhat confidential, like confidential in the group of say your 10 coworkers. The recipient has to guess then, which of his private keys the file was encrypted to. Alternatively you could share a newly agreed on keyword within your group and keep that confidential. In this case you may even have your plain public key accessible to anyone. Please note, that this would also render your ECC-cipher secure against Shor's Algorithm which may become a threat after the future advent of Quantum Computing. Without knowledge of the ecc-header file, quantum computing doesn't help them shit."
( in. https://www.fh-wedel.de/~an/crypto/Read_me.html )