Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey

Gaurab Chhetri, Shriyank Somvanshi, Pavan Hebli, Shamyo Brotee, Subasish Das

TL;DR

This survey analyzes the state of post-quantum cryptography (PQC) at a pivotal moment when standards (e.g., ML-KEM, ML-DSA, SPHINCS+) have matured. It presents a taxonomy of six algorithm families, details their mathematical foundations, cryptanalytic progress, and practical deployment considerations, and evaluates performance, hardware acceleration, and system-level integration. The work emphasizes crypto-agility, hybrid migration paths, and domain-specific rollout challenges across web, IoT, finance, cloud, and blockchain, while outlining open problems in parameter agility, side-channel resistance, and ecosystem governance. It also discusses complementary quantum technologies (QKD, QRNGs) and provides a holistic view of the socio-technical transition required for scalable quantum-safe security. The paper offers concrete guidance for practitioners and highlights a living repository (awesome-pqc) to support ongoing adoption and research.

Abstract

Post-quantum cryptography (PQC) is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head families, summarizing security assumptions, cryptanalysis, and standardization status. We then compare performance and communication costs using representative, implementation-grounded measurements, and review hardware acceleration (AVX2, FPGA/ASIC) and implementation security with a focus on side-channel resistance. Building upward, we examine protocol integration (TLS, DNSSEC), PKI and certificate hygiene, and deployment in constrained and high-assurance environments (IoT, cloud, finance, blockchain). We also discuss complementarity with quantum technologies (QKD, QRNGs) and the limits of near-term quantum computing. Throughout, we emphasize crypto-agility, hybrid migration, and evidence-based guidance for operators. We conclude with open problems spanning parameter agility, leakage-resilient implementations, and domain-specific rollout playbooks. This survey aims to be a practical reference for researchers and practitioners planning quantum-safe systems, bridging standards, engineering, and operations.

Post-Quantum Cryptography and Quantum-Safe Security: A Comprehensive Survey

TL;DR

This survey analyzes the state of post-quantum cryptography (PQC) at a pivotal moment when standards (e.g., ML-KEM, ML-DSA, SPHINCS+) have matured. It presents a taxonomy of six algorithm families, details their mathematical foundations, cryptanalytic progress, and practical deployment considerations, and evaluates performance, hardware acceleration, and system-level integration. The work emphasizes crypto-agility, hybrid migration paths, and domain-specific rollout challenges across web, IoT, finance, cloud, and blockchain, while outlining open problems in parameter agility, side-channel resistance, and ecosystem governance. It also discusses complementary quantum technologies (QKD, QRNGs) and provides a holistic view of the socio-technical transition required for scalable quantum-safe security. The paper offers concrete guidance for practitioners and highlights a living repository (awesome-pqc) to support ongoing adoption and research.

Abstract

Post-quantum cryptography (PQC) is moving from evaluation to deployment as NIST finalizes standards for ML-KEM, ML-DSA, and SLH-DSA. This survey maps the space from foundations to practice. We first develop a taxonomy across lattice-, code-, hash-, multivariate-, isogeny-, and MPC-in-the-Head families, summarizing security assumptions, cryptanalysis, and standardization status. We then compare performance and communication costs using representative, implementation-grounded measurements, and review hardware acceleration (AVX2, FPGA/ASIC) and implementation security with a focus on side-channel resistance. Building upward, we examine protocol integration (TLS, DNSSEC), PKI and certificate hygiene, and deployment in constrained and high-assurance environments (IoT, cloud, finance, blockchain). We also discuss complementarity with quantum technologies (QKD, QRNGs) and the limits of near-term quantum computing. Throughout, we emphasize crypto-agility, hybrid migration, and evidence-based guidance for operators. We conclude with open problems spanning parameter agility, leakage-resilient implementations, and domain-specific rollout playbooks. This survey aims to be a practical reference for researchers and practitioners planning quantum-safe systems, bridging standards, engineering, and operations.

Paper Structure

This paper contains 52 sections, 4 equations, 6 figures, 4 tables.

Table of Contents

  1. Introduction
  2. Scope of the Survey
  3. Summary of Contributions
  4. Taxonomy and Foundations
  5. Mathematical Foundations and Security Assumptions
  6. Lattice Problems and Learning With Errors
  7. Code-Based Security Foundations
  8. Hash-Based Cryptographic Foundations
  9. Multivariate Cryptographic Assumptions
  10. Core Algorithm Families
  11. Lattice-Based Cryptography
  12. Code-Based Cryptography
  13. Hash-Based Signatures
  14. Multivariate Cryptography
  15. Isogeny-Based Cryptography
  16. ...and 37 more sections

Figures (6)

  • Figure 1: Taxonomy of major PQC algorithm families. The classification highlights six primary categories-lattice-based, code-based, hash-based, multivariate, isogeny-based, and MPC-in-the-Head each defined by distinct mathematical hardness assumptions and representative schemes. This categorization illustrates the diversity of PQC approaches and their varying trade-offs in security, performance, and deployment readiness.
  • Figure 2: Pictorial representation of a 2D lattice ravi2021lattice.
  • Figure 3: The ML-DSA (CRYSTALS-Dilithium) signature process. Bob signs a message $M$ by applying his private key to the message hash, generating a signature $(\text{sig})$. He transmits $(M, \text{sig})$ to Alice, who verifies integrity and authenticity using Bob’s public key and the hash of $M$. A trusted authority, Trent, may participate in key pair certification or management asecuritysite_21337.
  • Figure 4: Illustration of SLH-DSA (SPHINCS+) input processing for SHAKE256. The top approach shows a buffer-based method where pub_seed, address, and data are copied into a buffer before hashing, incurring multiple memcpy operations. The bottom approach demonstrates a pre-allocation strategy that directly arranges inputs for SHAKE256, avoiding redundant memory copies and improving efficiency ye2025rvslh.
  • Figure 5: Cloudflare’s experimental deployment of PQC in the web ecosystem. The figure illustrates a user browser establishing a TLS 1.3 session with PQC-enabled key exchange (1), internal backbone links between Cloudflare data centers protected with PQC (2), Cloudflare Tunnels secured with PQC (3), and connections from edge servers to origin servers (4). These trials highlight the feasibility of hybrid PQC integration across end-user, backbone, and cloud environments while exposing practical challenges such as handshake size, latency, and certificate management Goldberg2025postquantum.
  • ...and 1 more figures