Postquantum cryptography 

IntroductionHere's the oneminute introduction: "Imagine that it's fifteen years from now. Somebody announces that he's built a large quantum computer. RSA is dead. DSA is dead. Elliptic curves, hyperelliptic curves, class groups, whatever, dead, dead, dead. So users are going to run around screaming and say 'Oh my God, what do we do?' Well, we still have secretkey cryptography, and we still have some publickey systems. There's hash trees. There's NTRU. There's McEliece. There's multivariatequadratic systems. But we need more experience with these. We need algorithms. We need paddings, like OAEP. We need protocols. We need software, working software for these systems. We need speedups. We need to know what kind of key sizes to use. So come to PQCrypto and figure these things out before somebody builds a quantum computer."For a twentyminute introduction, read the following paper: Daniel J. Bernstein. "Introduction to postquantum cryptography." http://www.springer.com/math/numbers/book/9783540887010?detailsPage=samplePages [PDF mirror] This paper is the introductory chapter of the following book: Daniel J. Bernstein, Johannes Buchmann, Erik Dahmen (editors). Postquantum cryptography. Springer, Berlin, 2009. ISBN 9783540887010. For much more information, read the rest of the book! There are five detailed chapters surveying the state of the art in quantum computing, hashbased cryptography, codebased cryptography, latticebased cryptography, and multivariatequadraticequations cryptography. The book has a 2009 publication date but was already available in November 2008 from booksellers such as Amazon. For earlier analyses of the impact of quantum computers on cryptography, see the following papers:
Conferences and workshopsPQCrypto is the main conference series devoted to postquantum cryptography:
Several workshops have emphasized security analysis of postquantum cryptography:
Postquantum cryptography is also appearing more and more frequently at general cryptographic conferences. Survey talksThe following presentations are available online:
Challenges for cryptanalysts
About this sitepqcrypto.org was founded by Daniel J. Bernstein and Tanja Lange. Bernstein added the bibliography. PierreLouis Cayrel and Christiane Peters contributed many references and URLs.VersionThis is version 2017.07.18 of the index.html web page. 