Abstract
The security of public-key cryptography is based on the hardness of some mathematical problems such as the integer factorization problem (IFP) and the discrete logarithm problem (DLP). However, in 1994 Shor proposed a quantum polynomial time algorithm for solving the IFP and DLP, and thus the widely used public-key cryptography (RSA cryptosystem or elliptic curve cryptography) is expected to eventually become vulnerable. From this viewpoint, the American National Security Agency (NSA) announced preliminary plans for transitioning to quantum-resistant algorithms in 2015, and the National Institute of Standards and Technology (NIST) started to standardize post-quantum cryptography (PQC) in 2016. In this article, we give an overview of the recent research on PQC, which will still be secure in the era of quantum computers.
