Post-quantum cryptography - Wikiwand
后量子密码学 - Wikiwand
CRQC: Cryptographically Relevant Quantum Computer
Q-Day: when CRQC is widely available
How NIST's New PQC Algorithms Impact You | Encryption Consulting
PQC for non-cryptographers – Key Material
PQC-Almanac.pdf 2025-04-11
The state of the post-quantum Internet 2024-03,❗!important, history, KEX and signature
10 Step Checklist For Tech Leaders: Simplify Your Transition to New NIST Algorithms
SoK: How (not) to Design and Implement Post-Quantum Cryptography
Post-Quantum Use In Protocols (pquip) ❗!important, IETF
draft-ietf-pquip-pqc-engineers-12 - Post-Quantum Cryptography for Engineers timeline
Chromium Blog: Advancing Our Amazing Bet on Asymmetric Cryptography
Closure | Post-quantum cryptography is too damn big.
Factoring problem, the discrete logarithm problem, and the period-finding problem, can be solved efficiently (in polynomial time) with general-purpose quantum computer, known as a Cryptographically Relevant Quantum Computer (CRQC).
This makes asymmetric cryptographic algorithms like RSA, ECC, DH vulnerable to CRQC's attack.
Shor's algorithm - Wikiwand
Demonstration of Shor’s factoring algorithm for N $$=$$ 21 on IBM quantum processors | Scientific Reports
How Quantum Computers Break Encryption | Shor's Algorithm Explained - YouTube
How Quantum Computers Break The Internet... Starting Now - YouTube RSA and Shor's Algorithm, Lattice PQC
Cost analysis of hash collisions: Will quantum computers make SHARCS obsolete?
Authenticated cipher (AEAD) such as AES-GCM are considered quantum resilient with enough key length.
KEMs and Post-Quantum age
Understanding Post-Quantum Cryptography | Entrust
Post-quantum Cryptography (PQC): New Algorithms for a New Era - Rambus
How to prepare for post quantum cryptography | McKinsey
What are quantum-resistant algorithms—and why do we need them? | MIT Technology Review
Quantum_FAQs_20210804.PDF
The White House Roundtable: Preparing for PQC Migration
Cryptographic Agility & the Cost of Implementing PQC
draft-hoffman-c2pq-07 - The Transition from Classical to Post-Quantum Cryptography expired
Why Quantum Computers Can Break RSA But Not Lattice Cryptography
【商密前沿】后量子密码最新进展(2024年2月) - 沃通WoTrus安全资讯站
PQ/T Hybrid
PQC Roundtable: When (and When Not to Use) Hybrid Encryption
RFC 9794 - Terminology for Post-Quantum Traditional Hybrid Schemes ❗!important
draft-ietf-pquip-hybrid-signature-spectrums-07 - Hybrid signature spectrums
Transitioning to a Quantum-Resistant Public Key Infrastructure unforgeability, non-separability
A Note on Hybrid Signature Schemes defines weak separability, strong separability, backwards/forwards compatibility, simultaneous verification, hybrid generality
RFC 9180 - Hybrid Public Key Encryption ❗!important
An Analysis of Hybrid Public Key Encryption
Algorithms
Post-Quantum Cryptography | CSRC
- Lattice-based cryptography - Wikiwand
- Multivariate cryptography - Wikiwand
- Hash-based cryptography - Wikiwand
- Code-based cryptography
- Isogeny-based cryptography
- Symmetric key quantum resistance
CRYSTALS hard problems over module lattices, learning with errors (LWE)
Standardized Algorithms
FIPS 203: ML-KEM
- FIPS 203 Module-Lattice-Based Key-Encapsulation Mechanism Standard
- hard problems over module lattices, LWE
- originally Kyber
pqcrystals-kyberlibrary is also replaced byml-kem- almost drop in replacement for ECDH
- ECDH is a NIKE (Non-Interactive Key Exchange) whereas ML-KEM is a KEM
what is Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM) - Phind
In-Depth Overview of FIPS 203: The Module-Lattice-Based Key-Encapsulation Mechanism Standard | Encryption Consulting
An Overview about FIPS 203: Module-Lattice-based Key-Encapsulation-Mechanism - HackMD
FIPS 204: ML-DSA
- FIPS 204 Module-Lattice-Based Digital Signature Standard
- hard problems over module lattices, LWE
- originally Dilithium
pqcrystals-dilithiumlibrary is also replaced byml-dsa- almost drop-in replacement for RSA and ECDSA
- outperforms SLH-DSA in both signature generation and validation time, as well as in signature size
what is Module-Lattice-Based Digital Signature Standard (ML-DSA) - Phind
In-Depth Overview of FIPS 204: Module-Lattice-Based Digital Signature Standard
HashML-DSA considered harmful – Key Material
Address external mu and PH modes · Issue #131 · lamps-wg/draft-composite-sigs
Don't use a prehashed version of ML-DSA · Issue #54 · chipsalliance/adams-bridge
FIPS 205: SLH-DSA
- FIPS 205 Stateless Hash-Based Digital Signature Standard
- stateless signature, hash-based
- originally SPHINCS+
- has limit on the max number of signatures per signing key (e.g. 2^64)
- smaller key sizes, strong cryptographic assurances
- long-lived TLS sessions
what is Stateless Hash-Based Digital Signature Standard (SLH-DSA) - Phind
In-Depth Overview of FIPS 205: Stateless Hash-Based Digital Signature Standard
On Protecting SPHINCS+ Against Fault Attacks | IACR Transactions on Cryptographic Hardware and Embedded Systems
draft-ietf-lamps-cms-sphincs-plus-19 overview of SLH-DSA
FIPS 205: FN-DSA (not final)
- FFT (Fast-Fourier transform) over NTRU-Lattice-Based Digital Signature Algorithm
- stateless signature, NTRU lattice, requires floating point when signing
- originally Falcon
- https://csrc.nist.gov/csrc/media/Presentations/2024/falcon/images-media/prest-falcon-pqc2024.pdf
Stateful Signature
state is considered a part of private key
RFC 8391 - XMSS: eXtended Merkle Signature Scheme hash-based signatures
XMSS/xmss-reference: Repository for the XMSS reference code, accompanying RFC 8391, XMSS: eXtended Merkle Signature Scheme
RFC 8554 - Leighton-Micali Hash-Based Signatures LMS, hash-based signatures
cisco/hash-sigs: A full-featured implementation of of the LMS and HSS Hash Based Signature Schemes from draft-mcgrew-hash-sigs-07.
Research
Public Key Encryption + Key encapsulation mechanism
BIKE - Bit Flipping Key Encapsulation QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check)
Classic McEliece: Intro binary Goppa codes, very large (268kB) public key, very small ciphertexts (128 bytes)
NTS-KEM merged with Classic McEliece
FrodoKEM LWE
HQC Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
NTRU Prime: Intro NTRU lattice
SIKE – Supersingular Isogeny Key Encapsulation isogeny-based, 💀pawned do not use
Stateless Signature
CROSS crypto random linear code
MAYO structured multivariable quadratic equations, balanced signature (321/180 bytes) and public key (1.1/5.4kB) sizes
Hawk NTRU lattice
PQCRainbow structured multivariable quadratic equations, 💀pawned do not use
BIKE - Bit Flipping Key Encapsulation
awslabs/bike-kem: Additional implementation of BIKE (Bit Flipping Key Encapsulation)
Bit Flipping Key Encapsulation for the Post-Quantum Era | IEEE Journals & Magazine | IEEE Xplore
Adoption
Latency from post-quantum cryptography shrinks as data increases - Amazon Science MLKEM+MLDSA, uses TTLB
The impact of data-heavy, post-quantum TLS 1.3 on the Time-To-Last-Byte of real-world connections
The impact of ML-KEM and ML-DSA on mTLS connection Time-to-Last-Byte - YouTube
PQC support · Cloudflare SSL/TLS docs
Modern browsers support ML-KEM in TLS
Cloudflare now uses post-quantum cryptography to talk to your origin server
Chromium Blog: Protecting Chrome Traffic with Hybrid Kyber KEM
Apple's New iMessage, Signal, & Post-Quantum Crypto | CSA
Blog - iMessage with PQ3: The new state of the art in quantum-secure messaging at scale - Apple Security Research
Signal >> Blog >> Quantum Resistance and the Signal Protocol
Go Post-Quantum with Caddy | Sam Burns' Tech Blog
cloudflare/go: Go with Cloudflare experimental patches
Framework/Library
Home | Open Quantum Safe Another project under Post-Quantum Cryptography Alliance, focuses on the application of PQC
Open Quantum Safe
open-quantum-safe/oqs-provider: OpenSSL 3 provider containing post-quantum algorithms
provider - OpenSSL Documentation
open-quantum-safe/liboqs: C library for prototyping and experimenting with quantum-resistant cryptography ❗!important
microsoft/SymCrypt: Cryptographic library
microsoft/SymCrypt-OpenSSL: OpenSSL engine for use with SymCrypt cryptographic library
Microsoft's quantum-resistant cryptography is here | Microsoft Community Hub
PQClean/PQClean: Clean, portable, tested implementations of post-quantum cryptography impose requirements on C implementations
lean cryptography in every aspect
smuellerDD/leancrypto: Lean cryptographic library usable for bare-metal environments
PQ Code Package Another project under Post-Quantum Cryptography Alliance
Benchmarks
pq-code-package/mlkem-native: High-assurance, high-performance C90 implementation of ML-KEM
pq-code-package/mldsa-native
cloudflare/circl: CIRCL: Cloudflare Interoperable Reusable Cryptographic Library
Kyber and SIKE PQC Key Exchange Mechanism (KEM) with CIRCL
Kyber, SIKE and Hybrid PQC Key Exchange
[2501.09568] Quantum Diffie-Hellman key exchange
mupq/mupq: Provides common files for instances of mupq, e.g., for pqm4 and pqriscv
mupq/pqm4: Post-quantum crypto library for the ARM Cortex-M4
mupq/pqriscv
Supports Open Quantum Safe and liboqs, pqm4
colinxu2020/slhdsa: The pure python implement of the slh-dsa algorithm.