Post-quantum cryptography, also known as quantum-proof, quantum-safe, or quantum-resistant, is the creation of cryptographic algorithms, typically public-key algorithms, that are believed to be impervious to a quantum computer’s cryptanalytic attack. The issue with widely used algorithms in the market today is that their security depends on solving one of three challenging mathematical problems: the discrete logarithm problem, the elliptic-curve discrete logarithm problem, or the integer factorization problem. A sufficiently powerful quantum computer executing Shor’s algorithm or even quicker and less demanding (in terms of the number of qubits required) alternatives might easily address all these difficulties.
Cryptographic systems like learning with errors, ring learning with errors (ring-LWE), ring learning with errors signatures and key exchanges, the older NTRU or GGH encryption methods, and the more recent NTRU signatures and BLISS signatures are all included in this approach.[16] For many years, researchers have researched several of these systems, such as NTRU encryption, but no practical attack has been discovered. There are proofs for some algorithms, like the ring-LWE algorithms, that their security comes down to a worst-case scenario. Instead of studying the NTRU algorithm for standardization, the European Commission-sponsored Post Quantum Cryptography Study Group recommended studying the Stehle–Steinfeld variation of NTRU.
This includes cryptographic schemes based on the difficulty of solving systems of multivariate equations, such as the Rainbow (Unbalanced Oil and Vinegar) technique. Numerous attempts to construct safe multivariate equation encryption methods have been unsuccessful. Nonetheless, the foundation for a quantum secure digital signature might be provided by multivariate signature methods like Rainbow. There is a patent on the Rainbow Signature Scheme.
This covers cryptographic systems including WOTS schemes, XMSS, SPHINCS, Lamport signatures, and the Merkle signature scheme. Ralph Merkle created hash-based digital signatures in the late 1970s, and since then, researchers have been examining them as a potential substitute for number-theoretic digital signatures like RSA and DSA. Their main flaw is that there is a cap on the number of signatures that can be created with the matching set of private keys for every hash-based public key. This fact decreased interest in these signatures until the need for encryption resistant to quantum computer assault rekindled attention.
This comprises error-correcting code-based cryptographic methods including the Courtois, Finiasz, and Sendrier Signature schemes, as well as the McEliece and Niederreiter encryption algorithms. For more than 40 years, the original McEliece signature made with random Goppa codes has remained unbroken. Nevertheless, it has been demonstrated that numerous McEliece scheme variations, which aim to reduce the size of the keys by adding additional structure to the code, are insecure. The McEliece public key encryption system has been suggested by the European Commission-sponsored Post Quantum Cryptography Study Group as a potential long-term defense against quantum computer threats.
These cryptographic systems use the features of isogeny graphs of elliptic curves (and higher-dimensional abelian varieties) over finite fields, specifically supersingular isogeny graphs, to construct them. Among the more well-known representatives of this field is the Diffie-Hellman-like key exchange CSIDH, which can serve as a straightforward quantum-resistant replacement for the Diffie-Hellman and elliptic curve Diffie-Hellman key-exchange methods that are widely used today, and the signature scheme SQISign, which is based on the categorical equivalence between supersingular elliptic curves and maximal orders in specific types of quaternion algebras. Another well-known structure, SIDH/SIKE, was spectacularly demolished in 2022. The attack, however, is limited to the SIDH/SIKE family of schemes and does not apply to alternative isogeny-based constructs.
If sufficiently large key sizes are used, symmetric key cryptography schemes such as AES and SNOW 3G are already resistant to attack by a quantum computer. Furthermore, key management systems and protocols that use symmetric key encryption rather than public key cryptography, such as Kerberos and the 3GPP Mobile Network Authentication Structure, are inherently secure against attacks from quantum computers. Given its broad use around the world, several academics propose expanding the use of Kerberos-like symmetric key management as an efficient approach to achieve post-quantum cryptography today.
