Post-Quantum Cryptography: Detours, delays, and disasters
12-29, 20:00–20:40 (Europe/Berlin), Fireshonks-Stream
Language: English

Post-quantum cryptography is an important branch of cryptography, studying cryptography under the threat model that the attacker has a quantum computer. Systems that can withstand quantum attacks are urgently needed but in many applications all parties need to agree on what system is used. NIST, the US National Institute for Standards and Technology, has been running a competition to select some systems as standards. This talk will report on the process and cover some of the interesting ways that the design, standardization, and deployment of post-quantum cryptography have been going wrong.


Why do we still not use post-quantum cryptography? This talk sheds some light on what happened beyond the efforts of researchers to design good crypto and get it deployed. Bring your tinfoil hats.

In which language do you want to give your talk?



See also: Slides for the talk (434.1 KB)

Tanja is a professor in Eindhoven and has been working on cryptography for many years.

D. J. Bernstein ( designs cryptography to proactively reduce risks. His currently deployed designs, with various coauthors, include X25519, Ed25519, ChaCha20, SipHash, and NTRU Prime. He coined the phrase "post-quantum cryptography" in 2003.