Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Workshop on Cybersecurity in a Post-Quantum World

The advent of practical quantum computing will break all commonly used public key cryptographic algorithms. In response, NIST is researching cryptographic algorithms for public key-based key agreement and digital signatures that are not susceptible to cryptanalysis by quantum algorithms. NIST is holding this workshop to engage academic, industry, and government stakeholders. The Post Quantum Workshop will be held on April 2-3, 2015, immediately following the 2015 International Conference on Practice and Theory of Public-Key Cryptography. NIST seeks to discuss issues related to post-quantum cryptography and its potential future standardization.

Accepted Presentations  Call for Papers

Presentations are linked within the agenda.



Thursday, April 2, 2015

9:00am - 9:10am Opening Remarks
Donna F. Dodson, ITL Associate Director, Chief Cybersecurity Advisor, and Director of the National Cybersecurity Center of Excellence
9:10am - 10:30am

Session I: Multivariate and Code-based Cryptosystems
Session Chair: Daniel Smith-Tone, NIST

  1. Gui: Revisiting Multivariate Digital Signature Schemes based on HFEv- [paper
    presented by: Jintai Ding, University of Cincinnati
  2. QC-MDPC-McEliece: A public-key code-based encryption scheme
    presented by: Jean-Pierre Tillich, INRIA
  3. A New Code Based Public Key Encryption and Signature Scheme based on List Decoding
    presented by: Danilo Gligoroski, NTNU
  4. Rank based Cryptography: a credible post-quantum alternative to classical crypto [paper]
    presented by: Philippe Gaborit, University of Limoges
10:30am - 11:00am Coffee Break
11:00am - 11:50am

Session II: Invited talk by Bart Preneel, Katholieke Universiteit Leuven
Introduced by: Dustin Moody, NIST

  1. Public Key Cryptography: the next 4 decades
11:50pm - 12:50pm

Session III: Higher level protocols
Session chair: Rene Peralta, NIST

  1. Post-quantum key exchange for the TLS protocol from RLWE problem [paper]
    presented by: Craig Costello, Microsoft
  2. Future Anonymity in Today's Budget [paper]
    presented by: Aniket Kate, CISPA, Saarland University
  3. A quantum-safe circuit-extension handshake for Tor [paper]
    presented by: Zhenfei Zhang, Security Innovation
12:50pm - 2:00pm Lunch
2:00pm - 2:50pm

Session IV: Invited Talk by David McGrew, Cisco Systems
Introduced by: Rene Peralta, NIST

  1. Living with Post-Quantum Cryptography
2:50pm - 3:20pm Coffee Break
3:20pm - 4:20pm

Session V: Hash-based Signature Schemes
Session chair: Ray Perlner, NIST

  1. Hash-based Signatures: An outline for a new standard [paper]
    presented by: Andreas Hulsing, Technische Universiteit Eindhoven
  2. Let Live and Let Die - Handling the state of Hash-based signatures [paper]
    presented by: Stefan-Lukas Gazdag, Genua mbh
  3. SPHINCS: practical stateless hash-based signatures [paper]
    presented by: Daniel Bernstein, University of Illinois at Chicago
4:20pm - 5:20pm

Session VI: Panel: Shoring up the Infrastructure: A strategy for Standardizing Hash Signatures
Moderator: Burt Kaliski, Verisign


  • Andreas Hulsing, TU Eindhoven
  • David McGrew, Cisco Systems 
  • Aziz Mohaisen, Verisign Labs
  • Russ Housley, Vigil Security, LLC



Friday, April 3, 2015

9:00am - 11:00am

Session VII: Topics in Post-Quantum Cryptography
Session chair: Stephen Jordan, NIST

  1. Evaluating Post-Quantum Asymmetric Cryptographic Algorithm Candidates
    presented by: Dan Shumow, Microsoft
  2. Failure is not an option: Standardization issues for Post-Quantum key Agreement
    presented by: Mark Motley, Department of Defense
  3. PQCrypto project in the EU
    presented by: Tanja Lange, TU Eindhoven
  4. MQ Challenge: Hardness Evaluation of Solving MQ problems [paper]
    presented by: Takanori Yasuda, Institute of Systems, Information Technologies and Nanotechnologies
  5. Grobner Bases Techniques in Post-Quantum Cryptography
    presented by: Ludovic Perret, LIP6
  6. DTLS-HIMMO: Efficiently Securing PQ world with a fully-collusion resistant KPS [paper]
    presented by: Oscar Garcia-Morchon, Phillips Group Innovation
11:00am - 11:30am Coffee Break
11:30am - 12:20pm

Session VIII: Invited talk by Michele Mosca, University of Waterloo
Introduced by: Lily Chen, NIST

  1. Cybersecurity in a quantum world: will we be ready?
12:20pm - 1:20pm Lunch
1:20pm - 3:00pm

Session IX: Key Management, and Lattice-based Cryptography
Session chair: Dustin Moody, NIST

  1. Panel: Key Management for Quantum-safe Cryptography
    Moderator: Robert Griffin, RSA
    • Elizabeth O'Sullivan, Queen's University Belfast
    • Sean Parkinson, RSA
    • Gregoire Ribordy, ID Quantique
    • William Whyte, Security Innovation
  2. Practical Lattice-based Digital Signature Schemes [paper]
    presented by: Maire O'Neill, Queen's University Belfast
  3. Post-quantum Authenticated Key Exchange from Ideal Lattices [paper]
    presented by: Jintai Ding, University of Cincinnati 
3:00pm - 3:30pm Coffee Break
3:30pm - 5:00pm

Session X: Quantum and classical cryptanalysis
Session chair: Yi-Kai Liu, NIST

  1. Invited talk:  Paul Lopata, Laboratory for Physical Sciences
    Experimental Quantum Computing Progress in a Pre-Quantum World
  2. Renaissance of Pre-computation in a Post-Quantum World
    presented by: Aydin Aysu, Virginia Tech
  3. Trapdoor simulation of quantum algorithms
    presented by: Daniel Bernstein, University of Illinois at Chicago
5:00pm - 5:10pm

Closing Remarks
Lily Chen, Acting Manager, Cryptographic Technology Group, NIST

Invited Speakers

Paul Lopata Laboratory for Physical Sciences
Topic: Experimental Quantum Computing Progress in a Pre-Quantum World

ABSTRACT: The anticipated promise of the field of quantum computing depends upon two major theoretical results: the construction of high-quality quantum algorithms; and the development of reasonable methods for noise-reduction through fault-tolerant operations. In addition, the continued success of the field relies on steady progress in experimental demonstrations of quantum computing primatives. This talk provides a survey of recent experimental successes, and places these results in the context of what needs to be achieved to someday experimentally demonstrate fault-tolerant operations and demonstrate quantum algorithms. 






David McGrew Cisco Systems
Topic: Living with Post-Quantum Cryptography

ABSTRACT: This presentation outlines a systems engineering approach that makes it easier to live with postquantum cryptography. There are asymmetric encryption and signature algorithms that will be secure even in the postquantum era, but they bring baggage: big signatures and ciphertexts, really big keys, costly key generation, and stateful signing. Adopting these algorithms into standard protocols in a straightforward way is possible, but is suboptimal. A better approach is to consider the overall security goals and adapt protocols to make good use of the capabilities of postquantum algorithms. This approach brings an important benefit: it eliminates the pressure to trade off security against systems constraints like computation and communication cost.



Michele Mosca Institute for Quantum Computing, University of Waterloo, Canada
Topic: Cybersecurity in a quantum world: will we be ready? 



ABSTRACT: Emerging quantum technologies will break currently deployed public-key cryptography which is one of the pillars of modern-day cybersecurity. Thus we need to migrate our systems and practices to ones that are quantum-safe before large-scale quantum computers are built. For systems protecting medium-term or long-term secrets, this migration should occur sufficiently many years before the current quantum-vulnerable tools are broken.

Impressive progress in developing the building blocks of a fault-tolerant scalable quantum computer indicates that the prospect of a large-scale quantum computer is a medium-term threat.

There are viable options for quantum-proofing our cryptographic infrastructure, but the road ahead is neither easy nor fast. A broad community of stakeholders will need to work together to quantum-proof our cyber systems within the required timeframe.  

Bart Preneel Electrical Engineering Department, Katholieke Universiteit Leuven, Belgium
Topic: Public Key Cryptography: the next 4 decades

Created March 26, 2014, Updated June 16, 2020