chapter fourteen

14 Post-quantum cryptography

This chapter covers:

Quantum computers and how they impact today’s cryptographic algorithms.
Post-quantum cryptography and this new field’s attempt at providing algorithms that can resist quantum computers.
The post-quantum algorithms that you can use today, and the ones that you might use in the future.

"Quantum computers can break cryptography" implied Peter Shor, a professor of mathematics at MIT. It was 1994, and Shor had just come up with a new algorithm. His discovery unlocked efficient factoring of integers, destroying cryptographic algorithms like RSA, that is if quantum computers ever were to become a reality. At the time, the quantum computer was just a theory, a concept of a new class of computer based on quantum physics. The idea remained to be proven.

In the middle of 2015, the National Security Agency (NSA) took everybody by surprise after announcing their plans to transition to quantum-resistant algorithms; cryptographic algorithms not vulnerable to quantum computers.

14.1 What are quantum computers and why are they scaring cryptographers?

14.1.1 Quantum mechanics, the study of the small

14.1.2 From the birth of quantum computers to quantum supremacy

14.1.3 The impact of Grover and Shor’s algorithms on cryptography

14.1.4 Post-quantum cryptography, the defense against quantum computers

14.2 Hash-based signatures: don’t need anything but a hash function

14.2.1 One-time signatures (OTS) with Lamport signatures

14.2.2 Smaller keys with Winternitz one-time signatures (WOTS)

14.2.3 Many-times signatures with XMSS and SPHINCS+

14.3 Shorter keys and signatures with lattice-based cryptography

14.3.1 What’s a lattice?

14.3.2 Learning with errors (LWE), a basis for cryptography?

14.3.3 Kyber, a lattice-based key exchange

14.3.4 Dilithium, a lattice-based signature scheme

14.4 Do I need to panic?

14.5 Summary