Post-quantum cryptography (PQC) is about devising cryptographic algorithms that are secure in the quantum era with security against both classical/conventional and quantum computers. There are several candidate approaches for building the post-quantum cryptographic schemes, as described below in Section 3.1 [18,19,20].
This subsection delineates the candidates of the PQC schemes. These are hash-based cryptography, code-based cryptography, multivariate cryptography, lattice-based cryptography, and isogeny-based cryptography schemes.
Hash-based cryptography focuses on designing digital signature schemes based on the security of cryptographic hash functions, e.g., SHA-3. These schemes are based on the security of hash functions (as a one-way function, collision-resistant property, and hardness of second pre-image attacks), and require fewer security assumptions than the number-theoretic signature schemes (e.g. RSA, DSA). Ralph Merkle in 1989 introduced Merkle Signature Scheme (MSS) [21], which is based on one-time signatures (e.g., the Lamport signature scheme) and uses a binary hash tree (Merkle tree). The MSS is resistant to quantum computer algorithms. More details can be found in this survey on hash-based schemes Butin (2017) [22]. Sphincs+ hash-based signature [23] is chosen as an alternate solution in the outcome of the third round of the NIST standardization process [24].
Code-based cryptography [25,26] has its security relying on the hardness of problems from coding theory, for example, syndrome decoding (SD) and learning parity with noise (LPN). These cryptosystems are based on error-correcting codes to construct a one-way function. The security is based on the hardness of decoding a message which contains random errors and recovering the code structure. A classic McEliece code-based encryption scheme [5] is chosen as a finalist scheme in the outcome of the third round of the NIST standardization process [24].
