Post-Quantum Security: Origin, Fundamentals, and Adoption

TL;DR

This paper explains the importance of post-quantum cryptography, discusses quantum threats to current schemes, introduces lattice-based solutions like Kyber and Dilithium, and reviews ongoing standardization efforts.

Contribution

It provides a comprehensive, self-contained overview of post-quantum cryptography, including mathematical foundations, algorithms, and current adoption efforts.

Findings

Quantum computers threaten classical cryptography schemes.

Lattice-based cryptography offers quantum-resistant solutions.

Standardization efforts are underway for post-quantum algorithms.

Abstract

Nowadays, predominant asymmetric cryptographic schemes are considered to be secure because discrete logarithms are believed to be hard to be computed. The algorithm of Shor can effectively compute discrete logarithms, i.e. it can brake such asymmetric schemes. But the algorithm of Shor is a quantum algorithm and at the time this algorithm has been invented, quantum computers that may successfully execute this algorithm seemed to be far out in the future. The latter has changed: quantum computers that are powerful enough are likely to be available in a couple of years. In this article, we first describe the relation between discrete logarithms and two well-known asymmetric security schemes, RSA and Elliptic Curve Cryptography. Next, we present the foundations of lattice-based cryptography which is the bases of schemes that are considered to be safe against attacks by quantum algorithms (as well as by classical algorithms). Then we describe two such quantum-safe algorithms (Kyber and Dilithium) in more detail. Finally, we give a very brief and selective overview of a few actions currently taken by governments and industry as well as standardization in this area. The article especially strives towards being self-contained: the required mathematical foundations to understand post-quantum cryptography are provided and examples are given.