The transition to post-quantum cryptography
Institutskolloquium
- Datum: 11.07.2025
- Uhrzeit: 10:30 - 12:00
- Vortragender: Prof. Peter Schwabe
- Peter Schwabe is scientific director at MPI-SP and professor at Radboud University. He graduated from RWTH Aachen University in computer science in 2006 and received a Ph.D. from the Faculty of Mathematics and Computer Science of Eindhoven University of Technology in 2011. He then worked as a postdoctoral researcher at the Institute for Information Science and the Research Center for Information Technology Innovation of Academia Sinica, Taiwan and at National Taiwan University. His research area is cryptographic engineering; in particular the security and performance of cryptographic software. He published more than 70 articles in journals and at international conferences presenting, for example, fast software for a variety of cryptographic primitives including AES, hash functions, elliptic-curve cryptography, and cryptographic pairings. He has also published articles on fast cryptanalysis, in particular attacks on the discrete-logarithm problem. In recent years he has focused in particular on post-quantum cryptography. He co-authored the "NewHope" and "NTRU-HRSS" lattice-based key-encapsulation schemes which were used in post-quantum TLS experiments by Google and he is co-submitter of seven proposals to the NIST post-quantum crypto project, all of which made it to the second round, five of which made it to the third round, and 3 of which were selected after round 3 for standardization. In 2021, he co-founded the Formosa-Crypto project, an effort by multiple research groups to build (post-quantum) cryptographic software with formal proofs of functional correctness and security.
- Ort: IPP Garching
- Raum: Arnulf-Schlüter Lecture Hall in Building D2 and Zoom
- Gastgeber: IPP
- Kontakt: stefan.possanner@ipp.mpg.de

Already since Shor's seminal paper from 1994 we know that once physicists and quantum engineers are able to build a large universal quantum computer, our current generation of asymmetric cryptography will be broken. To be ready for the day when this happens, the world is currently moving to a new generation of cryptography: so called post-quantum cryptography. This migration was majorly facilitated and driven by a multi-year open standardization effort by the US American National Institute for Standards and Technology (NIST), which selected 4 algorithms for standardization in 2022. Three standards were published in 2024, two for signature schemes and one, ML-KEM, for key encapsulation. ML-KEM is securing billions of Internet connections per day already now. In my talk I will give an overview of the design of this algorithm and the path through standardization to ongoing deployment.