A curated list of resources about post-quantum cryptography.
To contribute, please file a PR. Please list items alphabetically.
We try to keep this page up to date, as some resources and URLs may become obsolete. If you notice such issues before us, please file PR or an Issue.
"PQC" stands for post-quantum cryptography.
USA:
-
NIST's PQC Project (Selected Algorithms 2022 announcement)
France:
UK:
- IACR ePrint
- pqcrypto.org (incl. conference series)
Survey papers:
- A Decade of Lattice-Based Cryptography by Chris Peikert
- Mathematics of Isogeny-Based Cryptography by Luca de Feo
- aws/s2n-tls
- kudelskisecurity/crystals-go
- Microsoft/PQCrypto-LWEKE (FrodoKEM)
- Microsoft/PQCrypto-SIDH
- mupq/pqm4
- Open Quantum Safe
- open-quantum-safe/liboqs
- PQClean/PQClean
- rustpq/pqcrypto
- paulmillr/noble-post-quantum (Dilithium, Kyber, Sphincs+ in JS)
- PQ Code Package (a Linux Foundation PQCA project building high-assurance implementations of standards-track algorithms)
Implementations of...
-
Homepage NIST Post-Quantum Cryptography
(Only listing those that were not selected for standardization or round 4)
Lattice-based:
- FrodoKEM (KEM, alternate candidate)
- NTRU (KEM, finalist)
- NTRU Prime (KEM, alternate candidate)
- SABER (KEM, finalist)
MQ-based:
ZKP-based:
- Picnic (signature, alternate candidate)
Code-based:
- BIKE (KEM)
- Classic McEliece (KEM)
- HQC (KEM)
Isogeny-based:
- SIKE (KEM)
- Withdrawn, see for example You could have broken SIDH
Lattice-based:
Hash-based:
This project coming after the selection of 4 signatures in 2022 aims to select algorithms "that are not based on structured lattices" and/or "that have short signatures and fast verification."
Hash-based:
- PRUNE-HORST (few-times signature)
Isogeny-based:
- CSIDH (KEM)
Internet Drafts and RFCs:
- ID Framework to Integrate Post-quantum Key Exchanges into Internet Key Exchange Protocol Version 2 (IKEv2)
- ID Hybrid Post-Quantum Key Encapsulation Methods (PQ KEM) for Transport Layer Security 1.2 (TLS)
- ID Hybrid key exchange in TLS 1.3
- RFC 8391: XMSS: eXtended Merkle Signature Scheme
- RFC 8554: Leighton-Micali Hash-Based Signatures
- SUPERCOP (benchmarks)
- PQCrypto Usage & Deployment
- Quantum Doomsday Planning blog posts: