[1][2][3] It relies on the hash-and-sign technique over the Gentry, Peikert, and Vaikuntanathan framework[4] over NTRU lattices.
The design rationale of Falcon takes advantage of multiple tools to ensure compactness and efficiency with provable security.
[6] The authors of Falcon provide a reference implementation in C[7] as required by the NIST[8] and one in Python for simplicity.
[9] The set of parameters suggested by Falcon imply a signature size of 666 bytes and a public key size of 897 bytes for the NIST security level 1 (security comparable to breaking AES-128 bits).
[10] On the other hand, the NIST security level 5 (comparable to breaking AES-256) requires a signature size of 1,280 bytes and a public key size of 1793 bytes, a key generation under 28 ms, and a throughput of 2,900 signatures per second and 13,650 verifications per second.