Papers

Topics

Authors

Recent

View all

Assistant

AI Research Assistant

Well-researched responses based on relevant abstracts and paper content.

Custom Instructions Pro

Preferences or requirements that you'd like Emergent Mind to consider when generating responses.

Gemini 2.5 Flash

Gemini 2.5 Flash 69 tok/s

Gemini 2.5 Pro 39 tok/s Pro

GPT-5 Medium 35 tok/s Pro

GPT-5 High 37 tok/s Pro

GPT-4o 103 tok/s Pro

Kimi K2 209 tok/s Pro

GPT OSS 120B 457 tok/s Pro

Claude Sonnet 4.5 34 tok/s Pro

2000 character limit reached

Post-Quantum Cryptographic Algorithms

Updated 4 October 2025

Post-quantum cryptographic algorithms are cryptographic methods that rely on NP-hard and complex mathematical problems to resist quantum attacks.
They span diverse families—including lattice-, code-, hash-, multivariate, and isogeny-based schemes—that offer tailored benefits for various practical applications.
Key challenges include large key sizes, integration into existing systems, and balancing computational efficiency with robust security.

Post-quantum cryptographic algorithms are cryptographic constructions designed to provide security against adversaries equipped with large-scale quantum computing resources. Unlike classical systems such as RSA and DLOG-based schemes, whose security depends on problems (notably integer factorization and discrete logarithms) efficiently solved by quantum algorithms like Shor’s, post-quantum cryptography (PQC) seeks to ground security in mathematical problems conjectured to withstand quantum attacks—typically NP-hard or NP-complete problems. PQC encompasses both “classical” software-implementable schemes built for current hardware and other approaches, such as quantum key distribution (QKD), which leverage the principles of quantum mechanics directly. The practical focus of PQC is on algorithms that are amenable to immediate large-scale deployment within existing digital infrastructures and can operate on smartphones, desktops, and IoT devices through software upgrades (Bogomolec et al., 2018).

1. Mathematical Foundations and Families of PQC Algorithms

PQC algorithm design is centered on families defined by the underlying hard problem conjectured to be quantum-resistant:

A. Code-Based Cryptography

Code-based cryptosystems, led by the McEliece and Niederreiter schemes, disguise a code with a fast decoding algorithm via random transformation matrices. The public key is constructed as $G' = SGP$ where $S$ is a random invertible matrix and $P$ a permutation matrix. Security reduces to the syndrome decoding problem, which is NP-complete even for quantum adversaries. Private keys comprise the original code and its proprietary decoding procedure (e.g., Goppa Codes, Patterson decoding). Code-based schemes also underpin key exchange protocols such as Ouroboros (Bogomolec et al., 2018).

B. Hash-Based Cryptography

These schemes rely exclusively on cryptographic hash function properties—primarily one-wayness and collision resistance. Notable constructions are Merkle tree signatures, where one-time keys are arranged in a tree for aggregating public keys, and stateless hash-based signatures like SPHINCS⁺, which enable “few-times” usability (e.g., $2^{64}$ signatures before reinitialization). Signature sizes typically span 8–30 kB, offering strong fallback options where trust in algebraic hardness is questioned (Bogomolec et al., 2018).

C. Lattice-Based Cryptography

Lattice-based schemes are founded on the computational hardness of finding short or closest lattice vectors (SVP, CVP). Leading exemplars include NTRU/NTRU Prime (involving polynomial mixing and modular reductions), Learning With Errors (LWE)-based systems (e.g., BCNS and New Hope), and module-lattice schemes like Dilithium. Public keys are typically “bad” bases where SVP/CVP is hard, while secret keys are “good” (short, nearly orthogonal) bases. The mathematical backbone is the inapproximability (within polynomial factors) of SVP and CVP, with formal reductions to sphere packing and covering density problems and positive definite quadratic forms: $\text{SVP:}~ \min_{\mathbf{v} \in A \setminus \{\mathbf{0}\}} \|\mathbf{v}\|, \qquad \delta(A) = \frac{\operatorname{vol}(B_n) r^n}{\det(A)}, ~ r = \frac{1}{2} \min \|\mathbf{v}\|$ (Zong, 30 Apr 2024). The intractability of these lattice problems is conjectured to be robust even for quantum algorithms (Bogomolec et al., 2018, Zong, 30 Apr 2024).

D. Multivariate Polynomial Cryptography

These rely on the NP-hardness of solving systems of multivariate quadratic equations over finite fields. Schemes such as HFE (Hidden Field Equations), QUAD, and “medium field” approaches are instantiated by concatenating affine maps with a central trapdoor quadratic map. The public key is a composed function $P = S \circ P' \circ T$ where $P'$ is quadratic and $S,T$ are affine invertible maps. Signature generation inverts $P$ using trapdoor knowledge, while verification confirms the match with a hash of the message (Bogomolec et al., 2018).

E. Isogeny-Based Cryptography

A newer and actively researched group, isogeny-based schemes depend on finding isogenies (algebraic morphisms) between supersingular elliptic curves. SIDH and SIKE offer very compact key sizes (e.g., 2,688 bits for 128-bit security) and support features like perfect forward secrecy. However, their underlying hardness remains less vetted compared to lattice and code-based cryptography (Bogomolec et al., 2018).

2. Security Assumptions and Quantum Resistance

Each PQC family’s security is tightly coupled to a concrete hard mathematical problem:

Code-based: Security relies on the syndrome decoding problem—NP-complete and not known to be amenable to quantum speed-up beyond moderate improvements (quantum versions of information set decoding still require large keys).
Hash-based: Security is predicated solely on well-established hash function properties; quantum attacks (such as Grover’s) offer at best quadratic speedup, not exponential, justifying increased output/parameter sizes.
Lattice-based: SVP and CVP are conjectured to resist quantum attacks within polynomial factors. The lack of quantum polynomial-time algorithms for approximating these problems underpins security guarantees (Zong, 30 Apr 2024).
Multivariate: Secure as long as systems of quadratic equations over finite fields are hard for both classical and quantum adversaries.
Isogeny-based: Hardness lies in constructing isogenies between supersingular curves, not currently feasible with quantum resources.

Security is preserved for all these families when appropriately large parameters are used, balancing between computational/communication overhead and security margins (Bogomolec et al., 2018).

3. Standardization, Benchmarking, and Performance

Efforts toward standardization are global and multi-staged. NIST’s ongoing process evaluates finalists across all major PQC families (e.g., CRYSTALS-Kyber for KEM, Dilithium/Falcon for signatures, SPHINCS+ for hash-based signatures, Classic McEliece for code-based, SIKE for isogeny-based). Metrics for evaluation include:

Cryptanalytic hardness (including resistance to chosen-ciphertext and side-channel attacks),
Efficiency (CPU cycles, memory footprint, throughput in server and embedded environments),
Integration complexity (API design, hybrid deployment),
Scalability for IoT and bandwidth-constrained deployments (Bavdekar et al., 2022, Kumar, 2022).

Performance benchmarking using tools such as the Open Quantum Safe (OQS) liboqs project typically considers:

Algorithm	Key Size (bytes)	Signature/Ciphertext Size	Computation (cycles)
CRYSTALS-Kyber	~800–1,184	~768–1,568 (ct)	Low
Dilithium	~1,312–2,592	~2,420–4,595	Moderate
Classic McEliece	~250,000–1,000,000	variable	Low–Moderate
SIDH/SIKE	~330–2,688	~336–2,736	Slow
SPHINCS+	~32–64	~8,000–30,000	Moderate–Slow

Note: Values above reflect typical settings found in benchmarking tables; see empirical results in (Kumar, 2022) for specifics. Overheads are substantially higher than classical RSA or ECC, especially in key and signature/ciphertext sizes for code-based and hash-based signatures.

4. Implementation and Integration Challenges

PQC deployment presents several critical challenges:

Parameter Selection: Small changes can dramatically alter security and performance; schemes require fine-tuned calibration.
Key and Signature Sizes: Large key/ciphertext/signature sizes in code-based (e.g., McEliece public keys may approach megabytes) and hash-based schemes (e.g., SPHINCS+ signatures of 8–30 kB) strain bandwidth and storage constraints, especially in mobile/IoT deployments.
Performance and Efficiency: Lattice-based systems (notably NTRU, Kyber) achieve fast runtime and relatively compact keys, while isogeny-based and some code-based or multivariate constructions can have prohibitive computational overhead.
System Integration: PQC algorithms must be integrated into legacy protocols (e.g., TLS) without introducing implementation or side-channel vulnerabilities. Replacement in large infrastructures (such as OpenSSL) introduces the need for extensive interoperability and regression testing.
Expertise Requirements: Implementations rely on advanced mathematics, increasing the barrier for safe and robust deployment, often requiring interdisciplinary collaboration (Bogomolec et al., 2018, Kumar, 2022).

5. Future Research, Standardization, and Interdisciplinary Efforts

Looking forward, PQC continues to evolve in several directions:

Ongoing Standardization: NIST, ETSI, and multiple standard bodies continue to evaluate and set standards, with the NIST process informing the future cryptographic landscape (Bogomolec et al., 2018, Bavdekar et al., 2022, Kumar, 2022).
Parameter Optimization: Critical research focuses on selecting parameters that maximize both efficiency and security, especially for emerging quantum hardware.
Implementation and Side-Channel Studies: Robustness against implementation flaws, hardware leakage, and side-channel and fault attacks necessitate thorough investigation, particularly as commercial deployment expands.
Hybrid Deployment: The trend towards cryptographic agility—enabling rapid update and hybrid PQC-classic deployments in protocols—serves as an intermediate step for widespread adoption (Campagna et al., 2021).
Mathematical Insight: New results in geometry of numbers (e.g., sphere packing/covering), algebraic geometry (for isogeny-based schemes), and linear algebraic approaches may yield improved constructions or attack tools, impacting security expectations.

6. Prospects and Strategic Planning

The transition from classical to PQC is more complex than any prior cryptographic migration, affecting core digital infrastructure across sectors. The necessary steps include:

Inventorying current cryptographic usage,
Coordinating multi-stakeholder engagements among governments, standards bodies, and industry,
Developing toolkits for easy cryptographic agility and algorithm replacement,
Engineering hybrid and agile cryptographic infrastructures that allow for rapid response as security levels and standards evolve,
Continuing research into quantum-resilient primitives that could replace or enhance today’s leading candidates.

Adoption must be guided by both cryptanalytic advances and empirical performance studies, with an emphasis on coordinated international action and sustained investment in standardization and education. PQC stands as an essential pillar in maintaining secure digital communications as quantum computing matures (Bogomolec et al., 2018, Bavdekar et al., 2022, Campagna et al., 2021, Kumar, 2022).