Paper 2021/462

SoK: How (not) to Design and Implement Post-Quantum Cryptography

James Howe, Thomas Prest, and Daniel Apon


Post-quantum cryptography has known a Cambrian explosion in the last decade. What started as a very theoretical and mathematical area has now evolved into a sprawling research field, complete with side-channel resistant embedded implementations, large scale deployment tests and standardization efforts. This study systematizes the current state of knowledge on post-quantum cryptography. Compared to existing studies, we adopt a transversal point of view and center our study around three areas: (i) paradigms, (ii) implementation, (iii) deployment. Our point of view allows to cast almost all classical and post-quantum schemes into just a few paradigms. We highlight trends, common methodologies, and pitfalls to look for and recurrent challenges.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Major revision. CT-RSA 2021
post-quantum cryptography
Contact author(s)
james howe @ pqshield com
thomas prest @ pqshield com
daniel apon @ nist gov
2021-04-12: received
Short URL
Creative Commons Attribution


      author = {James Howe and Thomas Prest and Daniel Apon},
      title = {{SoK}: How (not) to Design and Implement Post-Quantum Cryptography},
      howpublished = {Cryptology ePrint Archive, Paper 2021/462},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.