# A Survey of Post-Quantum Cryptography: Start of a New Race

^{1}

^{2}

^{3}

^{*}

## Abstract

**:**

## 1. Introduction

## 2. NIST Standardization

#### 2.1. Overview

#### 2.2. First Round

#### 2.3. Second Round

#### 2.4. Third Round

- PKE/KEM algorithms: Classic McEliece, CRYSTALS-Kyber, NTRU, Saber;
- Digital signature schemes: CRYSTALS-Dilithium, Falcon, Rainbow.

- PKE/KEM algorithms: BIKE, FrodoKEM, HQC, NTRU Prime, SIKE;
- Digital signature schemes: GeMSS, Picnic, $SPHINC{S}^{+}$.

- The PKE/KEM algorithm is CRYSTALS-Kyber;
- Digital signatures are CRYSTALS-Dilithium, Falcon, and $SPHINC{S}^{+}$, in which Dilithium is the main algorithm.

#### 2.5. Fourth Round

#### 2.6. Summary

## 3. Literature Overview

#### 3.1. Research Status on PQC

#### 3.2. The Theoretical Basis of Post-Quantum Cryptography

#### 3.2.1. Lattice-Based Cryptography

#### 3.2.2. Hash-Based Cryptography

#### 3.2.3. Code-Based Cryptography

#### 3.2.4. Multivariate Cryptography

#### 3.2.5. Isogeny of Elliptic Curves

## 4. Current Implementation Status

#### 4.1. Public Key Encryption/Key Encapsulation Mechanism

#### 4.1.1. CRYSTALS-Kyber

#### 4.1.2. BIKE

#### 4.1.3. Classic McEliece

#### 4.1.4. HQC

**h**, and a codeword vector that combines from a random error vector, thereby generating a public key; (2) encryption using a combination of Reed–Muller and Reed–Solomon codes, and then combined with the recipient’s public key to create a ciphertext; and (3) decrypt execution using its private key to decrypt, and decrypt in reverse order. Elements in vectors can be considered as polynomials in ${\mathbb{F}}_{2}\left[X\right]/({X}^{n}-1)$. The secret key is a randomly sampled pair $(x,y)$, the public key is the pair $(h,s=x+h.y)$, where h is randomly sampled, and h is used to construct the generator matrix, $\mathbf{G}$. To encrypt a message, m, the sender samples the polynomials $e,{r}_{1},{r}_{2}$ randomly of appropriate weights, and then the ciphertext is calculated by $c=(u,v):=({r}_{1}+h.{r}_{2},m\mathbf{G}+s.{r}_{2}+e)$. Then, the receiver decrypts the ciphertext using the decoding algorithm to decode $(v-u.y)$. The HQC KEM scheme is also implemented through three steps: (1) generate the same key as PKE; (2) encapsulation of the secret value encrypted with the public key is then sent; and (3) decapsulation to regenerate the secret value after one or several decryptions.

^{2}ASIC with a maximum frequency of 700 MHz, and then the study used specialized tools to measure and verify the results. This design was also implemented on the Artix 7 FPGA and compared with previous results. The results show that this design performs similarly to the state-of-art hardware implementation but requires fewer resources, consumes less energy, and shortens the computation time, proving this design has great potential for IoT applications.

#### 4.2. Digital Signatures Schemes

#### 4.2.1. CRYSTALS-Dilithium

**W**, from $\mathbf{Ay}$ and sending it to a verifier. The verifier responds with a random polynomial, $c\in {R}_{q}$, and, after that, the prover responds with a vector $\mathbf{z}:=\mathbf{y}+c{\mathbf{s}}_{1}$. Finally, the verifier accepts if $\mathbf{Az}\approx \mathbf{w}+c\mathbf{t}$. Several works have implemented the Dilithium digital signature scheme on FPGA, ASIC, and RISC-V platforms. In [12], Dilithium is implemented on an ASIC platform, and the results are compared with previous studies. In addition to other schemes, the paper has implemented Dilithium digital signatures schemes with incremental security levels: Dilithium-I, Dilithium-II, Dilithium-III, and Dilithium-IV, respectively. The evaluation parameters are the number of cycles, power, and energy. Measurement results show that, in all three phases of digital signature schemes, namely keyGen, sign, and verify, this design gives many times better results than the performance on the Cortex-M4 core.

#### 4.2.2. $SPHINC{S}^{+}$

#### 4.2.3. Falcon

## 5. Discussion and Future Work

## 6. Conclusions

## Author Contributions

## Funding

## Data Availability Statement

## Acknowledgments

## Conflicts of Interest

## References

- Regev, O. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. J. ACM
**2009**, 56, 1–40. [Google Scholar] [CrossRef] - Karakaya, A.; Ulu, A. A Review on Latest Developments in Post-quantum Based Secure Blockchain Systems. In Proceedings of the 2023 11th International Symposium on Digital Forensics and Security (ISDFS), Chattanooga, TN, USA, 11–12 May 2023; pp. 1–6. [Google Scholar] [CrossRef]
- Iqbal, S.S.; Zafar, A. A Survey on Post Quantum Cryptosystems: Concept, Attacks, and Challenges in IoT Devices. In Proceedings of the 2023 10th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India, 15–17 March 2023; pp. 460–465. [Google Scholar]
- Alagic, G.; Alperin-Sheriff, J.; Apon, D.; Cooper, D.; Dang, Q.; Liu, Y.-K.; Miller, C.; Moody, D.; Peralta, R.; Perlner, R.; et al. Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process; Technical Report; National Institute of Standards and Technolog: Gaithersburg, MD, USA, 2019. [Google Scholar] [CrossRef]
- Moody, D.; Alagic, G.; Apon, D.C.; Cooper, D.A.; Dang, Q.H.; Kelsey, J.M.; Liu, Y.-K.; Miller, C.A.; Peralta, R.C.; Perlner, R.A.; et al. Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process; Technical Report; National Institute of Standards and Technolog: Gaithersburg, MD, USA, 2020. [Google Scholar] [CrossRef]
- Alagic, G.; Apon, D.; Cooper, D.; Dang, Q.; Dang, T.; Kelsey, J.; Lichtinger, J.; Liu, Y.-K.; Miller, C.; Moody, D.; et al. Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process; Technical Report; National Institute of Standards and Technolog: Gaithersburg, MD, USA, 2022. [Google Scholar] [CrossRef]
- Nejatollahi, H.; Dutt, N.; Ray, S.; Regazzoni, F.; Banerjee, I.; Cammarota, R. Post-quantum Lattice-based Cryptography Implementations. ACM Comput. Surv.
**2019**, 51, 1–41. [Google Scholar] [CrossRef] - Merkle, R.C. Secrecy, Authentication, and Public Key Systems; Technical Report; Stanford University: Stanford, CA, USA, 1979. [Google Scholar]
- Potii, O.; Gorbenko, Y.; Isirova, K. Post Quantum Hash-based Digital Signatures Comparative Analysis. Features of Their Implementation and Using in Public Key Infrastructure. In Proceedings of the 2017 4th International Scientific-Practical Conference Problems of Infocommunications. Science and Technology (PIC S&T), Kharkov, Ukraine, 10–13 October 2017; pp. 105–109. [Google Scholar] [CrossRef]
- Kuo, Y.-M.; -Herrero, F.G.; Ruano, O.; Maestro, J.A. RISC-V Galois Field ISA Extension for Non-binary Error-correction Codes and Classical and Post-quantum Cryptography. IEEE Trans. Comput.
**2022**, 72, 682–692. [Google Scholar] [CrossRef] - Elkhatib, R.; Koziel, B.; Azarderakhsh, R.; Kermani, M.M. Accelerated RISC-V for Post-quantum SIKE. IEEE Trans. Circ. Syst. I Regul. Pap. (TCAS-I)
**2022**, 69, 2490–2501. [Google Scholar] [CrossRef] - Banerjee, U.; Ukyab, T.S.; Chandrakasan, A.P. Sapphire: A Configurable Crypto-processor for Post-quantum Lattice-based Protocols. IACR Trans. Crypto. Hardw. Embed. Syst.
**2019**, 2019, 17–61. [Google Scholar] [CrossRef] - Nannipieri, P.; Matteo, S.D.; Zulberti, L.; Albicocchi, F.; Saponara, S.; Fanucci, L. A RISC-V Post Quantum Cryptography Instruction Set Extension for Number Theoretic Transform to Speed-Up CRYSTALS Algorithms. IEEE Access
**2021**, 9, 150798–150808. [Google Scholar] [CrossRef] - Zhao, Y.; Xie, R.; Xin, G.; Han, J. A High-performance Domain-specific Processor with Matrix Extension of RISC-V for Module-LWE Applications. IEEE Trans. Circ. Syst. I Regul. Pap. (TCAS-I)
**2022**, 69, 2871–2884. [Google Scholar] [CrossRef] - Lee, J.; Kim, W.; Kim, S.; Kim, J.-H. Post-quantum Cryptography Coprocessor for RISC-V CPU Core. In Proceedings of the 2022 International Conference on Electronics, Information, and Communication (ICEIC), Jeju, Republic of Korea, 6–9 February 2022; pp. 1–2. [Google Scholar] [CrossRef]
- Kamucheka, T.; Nelson, A.; Andrews, D.; Huang, M. A Masked Pure-hardware Implementation of Kyber Cryptographic Algorithm. In Proceedings of the 2022 International Conference on Field-Programmable Technology (ICFPT), Hong Kong, China, 5–9 December 2022. [Google Scholar] [CrossRef]
- Shimada, T.; Ikeda, M. High-speed and Energy-efficient Crypto-processor for Post-quantum Cryptography CRYSTALS-Kyber. In Proceedings of the 2022 IEEE Asian Solid-State Circuits Conference (A-SSCC), Taipei, Taiwan, 6–9 November 2022; pp. 12–14. [Google Scholar] [CrossRef]
- Lonc, B.; Aubry, A.; Bakhti, H.; Christofi, M.; Mehrez, H.A. Feasibility and Benchmarking of Post-quantum Cryptography in the Cooperative ITS Ecosystem. In Proceedings of the 2023 IEEE Vehicular Networking Conference (VNC), Istanbul, Turkiye, 26–28 April 2023; pp. 215–222. [Google Scholar] [CrossRef]
- Nosouhi, M.R.; Shah, S.W.A.; Pan, L.; Doss, R. Bit Flipping Key Encapsulation for the Post-quantum Era. IEEE Access
**2023**, 11, 56181–56195. [Google Scholar] [CrossRef] - Nosouhi, M.R.; Shah, S.W.; Pan, L.; Zolotavkin, Y.; Nanda, A.; Gauravaram, P.; Doss, R. Weak-key Analysis for BIKE Post-quantum Key Encapsulation Mechanism. IEEE Trans. Inf. Forensics Secur.
**2023**, 18, 2160–2174. [Google Scholar] [CrossRef] - Deshpande, S.; Xu, C.; Nawan, M.; Nawaz, K.; Szefer, J. Fast and Efficient Hardware Implementation of HQC; Cryptology ePrint Archive, Paper 2022/1183; 2022; Available online: https://eprint.iacr.org/2022/1183 (accessed on 1 August 2023).
- Melchor, C.A.; Deneuville, J.-C.; Dion, A.; Howe, J.; Malmain, R.; Migliore, V.; Nawan, M.; Nawaz, K. Towards Automating Cryptographic Hardware Implementations: A Case Study of HQC; Cryptology ePrint Archive, Paper 2022/1425; 2022; Available online: https://eprint.iacr.org/2022/1425 (accessed on 1 August 2023).
- Schöffel, M.; Feldmann, J.; Wehn, N. Code-Based Cryptography in IoT: A HW/SW Co-Design of HQC. arXiv
**2023**, arXiv:2301.04888. [Google Scholar] - Xu, G.; Mao, J.; Sakk, E.; Wang, S.P. An Overview of Quantum-safe Approaches: Quantum Key Distribution and Post-quantum Cryptography. In Proceedings of the 2023 57th Annual Conference on Information Sciences and Systems (CISS), Baltimore, MD, USA, 22–24 March 2023; pp. 1–6. [Google Scholar] [CrossRef]
- Banerjee, U.; Das, S.; Chandrakasan, A.P. Accelerating Post-quantum Cryptography Using an Energy-efficient TLS Crypto-processor. In Proceedings of the 2020 IEEE International Symposium on Circuits and Systems (ISCAS), Seville, Spain, 12–14 October 2020; pp. 1–5. [Google Scholar] [CrossRef]
- Sun, S.; Zhang, R.; Ma, H. Efficient Parallelism of Post-quantum Signature Scheme SPHINCS. IEEE Trans. Parallel Distrib. Syst.
**2020**, 31, 2542–2555. [Google Scholar] [CrossRef] - Dai, Y.; Song, Y.; Tian, J.; Wang, Z. High-throughput Hardware Implementation for Haraka in SPHINCS. In Proceedings of the International Symposium on Quality Electronic Design (ISQED), San Francisco, CA, USA, 5–7 April 2023; pp. 1–6. [Google Scholar] [CrossRef]
- Amiet, D.; Leuenberger, L.; Curiger, A.; Zbinden, P. FPGA-based SPHINCS Implementations: Mind the Glitch. In Proceedings of the 2020 23rd Euromicro Conference on Digital System Design (DSD), Kranj, Slovenia, 26–28 August 2020; pp. 229–237. [Google Scholar] [CrossRef]
- Satheesh, V.; Shanmugam, D. Implementation Vulnerability Analysis: A Case Study on ChaCha of SPHINCS. In Proceedings of the 2020 IEEE International Symposium on Smart Electronic Systems (iSES) (Formerly iNiS), Chennai, India, 14–16 December 2020; pp. 97–102. [Google Scholar] [CrossRef]
- Berthet, Q.; Upegui, A.; Gantel, L.; Duc, A.; Traverso, G. An Area-efficient SPHINCS Post-quantum Signature Coprocessor. In Proceedings of the 2021 IEEE International Parallel and Distributed Processing Symposium Workshops (IPDPSW), Portland, OR, USA, 17–21 June 2021; pp. 180–187. [Google Scholar] [CrossRef]
- Zhu, Y.; Zhu, W.; Zhu, M.; Li, C.; Deng, C.; Chen, C.; Yin, S.; Yin, S.; Wei, S.; Liu, L. A 28nm 48KOPS 3.4uJ/Op Agile Crypto-processor for Post-quantum Cryptography on Multi-mathematical Problems. In Proceedings of the 2022 IEEE International Solid- State Circuits Conference (ISSCC), San Francisco, CA, USA, 20–26 February 2022; Volume 65, pp. 514–516. [Google Scholar] [CrossRef]
- Imran, M.; Aikata, A.; Roy, S.S.; Pagliarini, S. High-speed Design of Post Quantum Cryptography with Optimized Hashing and Multiplication. IEEE Trans. Circuits Syst. II Express Briefs
**2023**. [Google Scholar] [CrossRef] - Tan, W.; Wang, A.; Zhang, X.; Lao, Y.; Parhi, K.K. High-speed VLSI Architectures for Modular Polynomial Multiplication via Fast Filtering and Applications to Lattice-based Cryptography. IEEE Trans. Comput.
**2023**, 72, 2454–2466. [Google Scholar] [CrossRef] - Putranto, D.S.C.; Wardhani, R.W.; Larasati, H.T.; Kim, H. Space and Time-efficient Quantum Multiplier in Post Quantum Cryptography Era. IEEE Access
**2023**, 11, 21848–21862. [Google Scholar] [CrossRef] - Ghosh, A.; Mera, J.M.B.; Karmakar, A.; Das, D.; Ghosh, S.; Verbauwhede, I.; Sen, S. A 334uW 0.158mm
^{2}ASIC for Post-quantum Key-encapsulation Mechanism Saber with Low-latency Striding Toom-cook Multiplication. arXiv**2023**, arXiv:2305.10368. [Google Scholar] [CrossRef] - Guerrieri, A.; Marques, G.D.S.; Regazzoni, F.; Upegui, A. H-Saber: An FPGA-optimized Version for Designing Fast and Efficient Post-quantum Cryptography Hardware Accelerators. In Proceedings of the 2023 24th International Symposium on Quality Electronic Design (ISQED), San Francisco, CA, USA, 5–7 April 2023; pp. 1–6. [Google Scholar] [CrossRef]
- Zhang, J.; Huang, J.; Liu, Z.; Roy, S.S. Time-memory Trade-offs for Saber on Memory-constrained RISC-V Platform. IEEE Trans. Comput.
**2022**, 71, 2996–3007. [Google Scholar] [CrossRef] - Ebrahimi, S.; Sarmadi, S.B.; Boorani, H.M. Post-quantum Cryptoprocessors Optimized for Edge and Resource-constrained Devices in IoT. IEEE Internet Things J.
**2019**, 6, 5500–5507. [Google Scholar] [CrossRef] - Ebrahimi, S.; Sarmadi, S.B. Lightweight and DPA-resistant Post-quantum Cryptoprocessor Based on Binary Ring-LWE. In Proceedings of the 2020 20th International Symposium on Computer Architecture and Digital Systems (CADS), Rasht, Iran, 19–20 August 2020; pp. 1–6. [Google Scholar] [CrossRef]
- Hadayeghparast, S.; Sarmadi, S.B.; Ebrahimi, S. High-speed Post-quantum Cryptoprocessor Based on RISC-V Architecture for IoT. IEEE Internet Things J.
**2022**, 9, 15839–15846. [Google Scholar] [CrossRef] - Bagchi, P.; Maheshwari, R.; Bera, B.; Das, A.K.; Park, Y.; Lorenz, P.; Yau, D.K.Y. Public Blockchain-envisioned Security Scheme Using Post Quantum Lattice-based Aggregate Signature for Internet of Drones Applications. IEEE Trans. Veh. Technol.
**2023**, 1–16. [Google Scholar] [CrossRef] - Qassim, Y.; Magana, M.E.; Yavuz, A. Post-quantum Hybrid Security Mechanism for MIMO Systems. In Proceedings of the 2017 International Conference on Computing, Networking and Communications (ICNC), Silicon Valley, CA, USA, 26–29 January 2017; pp. 684–689. [Google Scholar] [CrossRef]
- Volya, D.; Zhang, T.; Alam, N.; Tehranipoor, M.; Mishra, P. Towards Secure Classical-quantum Systems. In Proceedings of the 2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST), San Jose, CA, USA, 1–4 May 2023; pp. 283–292. [Google Scholar] [CrossRef]
- Fritzmann, T.; Sigl, G.; Sepulveda, J. Extending the RISC-V Instruction Set for Hardware Acceleration of the Post-quantum Scheme LAC. In Proceedings of the 2020 Design, Automation & Test in Europe Conference & Exhibition (DATE), Grenoble, France, 9–13 March 2020; pp. 1420–1425. [Google Scholar] [CrossRef]
- Koleci, K.; Mazzetti, P.; Martina, M.; Masera, G. A Flexible NTT-based Multiplier for Post-quantum Cryptography. IEEE Access
**2023**, 11, 3338–3351. [Google Scholar] [CrossRef]

**Figure 3.**The number of scientific publications published from 2000 to 2022, listed in order from (

**a**) Elsevier Library, (

**b**) IEEE Xplore, (

**c**) IET Digital Library, (

**d**) The Institute of Electronic, Information and Communication Engineers (IEICE), (

**e**) ACM Digital Library, and (

**f**) Springer.

**Figure 4.**Number of journals published from 2000 to 2022, listed in order from (

**a**–

**f**), as mentioned in Figure 3.

Level | Description |
---|---|

1 | At least as hard to break as AES128 |

2 | At least as hard to break as SHA256 |

3 | At least as hard to break as AES192 |

4 | At least as hard to break as SHA384 |

5 | At least as hard to break as AES256 |

**Table 2.**Number of scientific publications in last 5 years compared with the total number of papers on PQC.

Publications | Elsevier | IEEE | IET | IEICE | ACM | Springer | WoS |
---|---|---|---|---|---|---|---|

Last 5 years | 827 | 654 | 55 | 41 | 119 | 2210 | 2349 |

Total | 1393 | 805 | 103 | 100 | 147 | 2885 | 4822 |

Percentage | 59.37% | 81.24% | 53.4% | 41% | 81% | 76.6% | 48.71% |

Basis | Lattice | Hash | Code | Multivariate | Isogeny |
---|---|---|---|---|---|

PKE/KEM | Kyber | - | McEliece | - | SIKE |

Signature | Dilithium, Falcon | $SPHINC{S}^{+}$ | HQC, BIKE | - | - |

Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |

© 2023 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).

## Share and Cite

**MDPI and ACS Style**

Dam, D.-T.; Tran, T.-H.; Hoang, V.-P.; Pham, C.-K.; Hoang, T.-T.
A Survey of Post-Quantum Cryptography: Start of a New Race. *Cryptography* **2023**, *7*, 40.
https://doi.org/10.3390/cryptography7030040

**AMA Style**

Dam D-T, Tran T-H, Hoang V-P, Pham C-K, Hoang T-T.
A Survey of Post-Quantum Cryptography: Start of a New Race. *Cryptography*. 2023; 7(3):40.
https://doi.org/10.3390/cryptography7030040

**Chicago/Turabian Style**

Dam, Duc-Thuan, Thai-Ha Tran, Van-Phuc Hoang, Cong-Kha Pham, and Trong-Thuc Hoang.
2023. "A Survey of Post-Quantum Cryptography: Start of a New Race" *Cryptography* 7, no. 3: 40.
https://doi.org/10.3390/cryptography7030040