This volume emerged from the NATO Advanced Research Workshop on Quantum and Post-Quantum Cryptography we hosted in Malta in November 2021 and brings together eleven invited papers from experts in the event’s scope. In this workshop, made possible with the generous assistance of the NATO Science for Peace and Security (SPS) programme, we set out to understand and reconcile two seemingly divergent points of view on where the future of cryptography and secure communication lies in a post-quantum world. The accelerating pace at which quantum computing is developing, approximately thirty years after Peter Shor published the seminal algorithms that now bear his name, makes it all but a foregone conclusion that some major cryptographic algorithms and protocols that we rely upon daily for anything from internet shopping to running our critical infrastructure may be compromised in the coming years.

One way of addressing this challenge is by developing post-quantum cryptographic (PQC) algorithms, which are designed from the ground up to resist attacks by quantum computers. Deploying PQC as a replacement for the algorithms that are in active use nowadays requires overhauling cryptographic systems and software stacks, but it does not require the deployment of new infrastructure. This latter reason has been suggested as a reason to prefer PQC over an alternative technology for overcoming this quantum threat—quantum cryptography, more specifically quantum key distribution (QKD). By exploiting the laws of quantum mechanics, QKD can in principle endow physical communication channels with the capability to distribute symmetric cryptographic keys without the possibility of these keys being stolen in transit; although QKD gives mathematical certainty of information security, it may in places require the deployment of new telecommunication infrastructure and implementation-level security measures need to be adequate. Our workshop was intended to bring these two communities together and to work towards a future where the two technologies are not seen as somehow in competition with each other, but rather as complementary solutions that help to secure communication systems at the hardware (QKD) and software (PQC) level. We also decided to broaden the discussion from the strictly technical to include the economic and broader societal perspectives. We hope that by adopting this perspective, this volume contributes a helpful and new voice to the conversation.

An overview of the papers in this volume follows and we note that these contributions were not peer-reviewed. In A Brief Overview of Quantum Advances and Impact on Economics, we read how one of the items that need to be addressed in this upcoming post-quantum transition is the education of an adequate workforce for the quantum age. Complementing this point of view is a discussion in Post-quantum cryptography migration: challenges in education of how universities’ curricula may require adjustments.

The third paper takes a leaf out of the collaborative nature of our workshop philosophy on how PQC and QKD are both required to enable a quantum-safe future. This is followed by a discussion of Quantum-Safe Cryptography from BSI’s Perspective, pointing out gaps in the state of the art, and a contribution on the Security against attacks to cryptographic algorithms by quantum computer - and why multiple different solutions are needed making a case for hybrid approaches. The subsequent two contributions look into technical aspects of implementing quantum-secure communication systems, with Authentication methods for Quantum Key Distribution: challenges and perspectives looking at authentication methods for QKD, and Securing DILITHIUM against physical attacks: performances analysis addressing the cost of securing a prominent post-quantum cryptographic proposal against implementation-level attacks.

Our next two contributions give an idea of two NATO nations’ efforts to address the possible emergence of cryptanalytically relevant quantum computers: Quantum-Safe Communication Research in Finland and Post-Quantum Cryptography Efforts in Türkiye. To conclude the volume, we take a look at two cryptographic applications that go beyond the basic goal of securing two-party communication in a post-quantum world: Group key exchange: living on the edge with a quantum adversary, which describes post-quantum group key exchange in an Internet-of-Things scenario, and Beyond Quantum Threats: Bridging Fully Homomorphic Encryption Schemes.

We thank all the contributors to our workshop and to this volume, and hope that you find it a useful contribution to the literature.

— Rainer Steinwandt and André Xuereb, December 2023