Post-Quantum Cryptography (PQC) is cryptography designed to be resistant to quantum computer attacks, protecting systems against the future threat of quantum computing.

What is Post-Quantum Cryptography?

Post-quantum cryptography includes cryptographic algorithms that are believed to be secure against both classical and quantum computer attacks.

Quantum Threat

Shor’s Algorithm

  • Factorization: Breaks RSA and ECC
  • Discrete Logarithm: Breaks Diffie-Hellman
  • Time: Exponential to polynomial
  • Impact: Breaks current asymmetric cryptography

Grover’s Algorithm

  • Search: Accelerates database search
  • Hash Functions: Reduces security by half
  • Symmetric: Affects symmetric encryption
  • Impact: Requires longer keys

Transition Time

  • Y2Q (Years to Quantum): Estimated time
  • Harvest Now, Decrypt Later: Storage attacks
  • Migration Period: Migration period
  • Legacy Systems: Legacy systems

PQC Algorithm Families

Lattice-Based

  • NTRU: Encryption algorithm
  • Learning With Errors (LWE): Mathematical problem
  • Ring-LWE: LWE variant
  • Applications: Encryption, signatures, key exchange

Code-Based

  • McEliece: Encryption system
  • Niederreiter: Encryption system
  • Classic McEliece: Standardized version
  • Applications: Encryption, key exchange

Hash-Based

  • XMSS: Digital signature
  • SPHINCS+: Digital signature
  • LMS: Digital signature
  • Applications: Digital signatures

Isogeny-Based

  • SIKE: Key exchange
  • SIDH: Key exchange
  • CSIDH: Key exchange
  • Applications: Key exchange

Multivariate

  • Rainbow: Digital signature
  • GeMSS: Digital signature
  • LUOV: Digital signature
  • Applications: Digital signatures

NIST Standard Algorithms

NIST Round 4 (2024)

  • CRYSTALS-Kyber: KEM encryption
  • CRYSTALS-Dilithium: Digital signature
  • FALCON: Digital signature
  • SPHINCS+: Digital signature

Alternative Algorithms

  • Classic McEliece: KEM encryption
  • BIKE: KEM encryption
  • HQC: KEM encryption
  • SIKE: Key exchange (withdrawn)

Practical Implementation

CRYSTALS-Kyber

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

# Conceptual example of Kyber
import numpy as np
from cryptography.hazmat.primitives import hashes

class Kyber:
    def __init__(self, n=256, q=3329, k=2):
        self.n = n  # Polynomial degree
        self.q = q  # Modulus
        self.k = k  # Module dimension
    
    def keygen(self):
        # Generate public and private key
        s = self.sample_secret()
        A = self.sample_matrix()
        e = self.sample_error()
        
        t = (A @ s + e) % self.q
        pk = (A, t)
        sk = s
        
        return pk, sk
    
    def encrypt(self, pk, message):
        A, t = pk
        r = self.sample_secret()
        e1 = self.sample_error()
        e2 = self.sample_error()
        
        u = (A.T @ r + e1) % self.q
        v = (t @ r + e2 + message) % self.q
        
        return (u, v)
    
    def decrypt(self, sk, ciphertext):
        u, v = ciphertext
        message = (v - sk @ u) % self.q
        return message

CRYSTALS-Dilithium

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56

# Conceptual example of Dilithium
class Dilithium:
    def __init__(self, n=256, q=8380417, k=4, l=4):
        self.n = n
        self.q = q
        self.k = k
        self.l = l
    
    def keygen(self):
        # Generate public and private key
        rho = self.sample_random()
        K = self.sample_random()
        
        A = self.expand_matrix(rho)
        s1 = self.sample_secret(self.l)
        s2 = self.sample_secret(self.k)
        
        t = (A @ s1 + s2) % self.q
        pk = (rho, t)
        sk = (rho, K, s1, s2, t)
        
        return pk, sk
    
    def sign(self, sk, message):
        rho, K, s1, s2, t = sk
        
        mu = self.hash_message(message)
        rho_prime = self.hash_keys(rho, t)
        kappa = 0
        
        while True:
            y = self.sample_gamma1()
            w = self.expand_matrix(rho_prime) @ y
            w1 = self.high_bits(w)
            c = self.hash_challenge(mu, w1)
            z = y + c * s1
            
            if self.check_norm(z) and self.check_norm(c * s2):
                h = self.make_hint(w - c * s2, w1)
                return (c, z, h)
            
            kappa += 1
            if kappa >= 100:
                return None
    
    def verify(self, pk, message, signature):
        rho, t = pk
        c, z, h = signature
        
        mu = self.hash_message(message)
        rho_prime = self.hash_keys(rho, t)
        w1 = self.expand_matrix(rho_prime) @ z - c * t
        w1 = self.use_hint(w1, h)
        c_prime = self.hash_challenge(mu, w1)
        
        return c == c_prime and self.check_norm(z)

Migration to PQC

Migration Strategy

  • Assessment: Assess current systems
  • Prioritization: Prioritize critical systems
  • Hybrid Approach: Hybrid approach
  • Testing: Exhaustive testing

Hybrid Approach

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22

# Example of hybrid approach
class HybridCrypto:
    def __init__(self):
        self.classical_crypto = RSACrypto()
        self.post_quantum_crypto = KyberCrypto()
    
    def encrypt(self, message):
        # Encrypt with both algorithms
        classical_cipher = self.classical_crypto.encrypt(message)
        pq_cipher = self.post_quantum_crypto.encrypt(message)
        
        return {
            'classical': classical_cipher,
            'post_quantum': pq_cipher
        }
    
    def decrypt(self, ciphertext):
        # Attempt to decrypt with both
        try:
            return self.classical_crypto.decrypt(ciphertext['classical'])
        except:
            return self.post_quantum_crypto.decrypt(ciphertext['post_quantum'])

Migration Tools

  • Open Quantum Safe: PQC libraries
  • NIST PQC Reference: Reference implementations
  • Migration Tools: Migration tools
  • Testing Suites: Testing suites

Specific Applications

Blockchain and Cryptocurrencies

  • Quantum-Resistant Wallets: Resistant wallets
  • Post-Quantum Signatures: Post-quantum signatures
  • Quantum-Safe Transactions: Safe transactions
  • Migration Strategies: Migration strategies

Internet and Communications

  • TLS/SSL: Secure protocols
  • Email Security: Email security
  • VPN: Virtual private networks
  • DNS Security: DNS security

IoT and Devices

  • Lightweight PQC: Lightweight PQC
  • Resource Constraints: Resource constraints
  • Power Consumption: Power consumption
  • Memory Usage: Memory usage

Government and Defense

  • National Security: National security
  • Classified Information: Classified information
  • Critical Infrastructure: Critical infrastructure
  • Military Communications: Military communications

Challenges and Limitations

Performance

  • Computational Overhead: Computational overhead
  • Memory Usage: Memory usage
  • Key Sizes: Key sizes
  • Signature Sizes: Signature sizes

Implementation

  • Complexity: Implementation complexity
  • Testing: Exhaustive testing
  • Interoperability: Interoperability
  • Legacy Support: Legacy support

Standards

  • NIST Standardization: NIST standardization
  • ISO Standards: ISO standards
  • IETF Standards: IETF standards
  • Industry Adoption: Industry adoption

Tools and Libraries

Open Quantum Safe

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

# Example with liboqs
import oqs

# Generate Kyber keys
kem = oqs.KeyEncapsulation("Kyber512")
public_key, secret_key = kem.generate_keypair()

# Encrypt
ciphertext, shared_secret = kem.encap_secret(public_key)

# Decrypt
shared_secret_decrypted = kem.decap_secret(ciphertext, secret_key)

NIST PQC Reference

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12

# Example with reference implementation
from pqcrypto import kyber, dilithium

# Kyber KEM
pk, sk = kyber.keypair()
ct, ss = kyber.encapsulate(pk)
ss_dec = kyber.decapsulate(ct, sk)

# Dilithium Signatures
pk, sk = dilithium.keypair()
sig = dilithium.sign(sk, message)
valid = dilithium.verify(pk, message, sig)

Roadmap and Timeline

NIST Timeline

  • 2016: Process start
  • 2022: Round 3 completed
  • 2024: Round 4 completed
  • 2025+: Commercial implementation

Industry Adoption

  • 2025-2027: Early implementation
  • 2027-2030: Widespread adoption
  • 2030+: PQC dominance
  • Legacy: Legacy systems
  • AES - Algorithm that requires longer post-quantum keys
  • RSA - Algorithm vulnerable to quantum computing
  • ECC - Algorithm vulnerable to quantum computing
  • Hash Functions - Algorithms that require longer keys
  • TLS/SSL - Protocol that needs PQC migration
  • PKI - Infrastructure that requires PQC
  • HSM - Devices that support PQC
  • CISO - Role that oversees PQC migration
  • General Cybersecurity - Discipline that includes PQC
  • Security Breaches - Incidents that affect PQC
  • Attack Vectors - Quantum attacks
  • Incident Response - Process that includes PQC
  • SIEM - System that monitors PQC
  • SOAR - Automation that manages PQC
  • EDR - Tool that protects PQC
  • Firewall - Device that can inspect PQC
  • VPN - Connection that uses PQC
  • Dashboards - Visualization of PQC metrics
  • Logs - PQC operation logs

References