### 2019-05-17, 11:15–11:45, Conf 2

A spectre is haunting the Internet — the spectre of quantum

computing. All the powers of old Cryptography have entered into a holy

alliance to exorcise this spectre.

Significant advances in quantum computing capabilities would spell the

end of the public key infrastructure as we know it. Shor's algorithm,

a quantum algorithm for efficiently solving the discrete logarithm

problem, means that computational problems whose hardness is the

foundation of public key crypto are easy to compute on a quantum

computer.

All is not lost for asymmetric cryptography. Quantum key distribution

(QKD) allow the establishment of a shared secret key under the sole

assumption of an authenticated channel. Post-quantum cryptography

looks instead to replace the hardness assumptions on which public-key

cryptosystems are built.

This talk will review computational assumptions relied upon by

traditional cryptography and why they fail the coming of the quantum

computer. We will review proposed alternatives that are part of NIST's

post-quantum cryptography standardization's efforts.