![Understand Post-Quantum Cryptography](https://cdn.slatesource.com/e/8/d/e8d754ef-7c06-4ed8-bf99-1b3b44dcc97a.jpg)

# Understand Post-Quantum Cryptography

- [Made in Slatesource](https://slatesource.com/s/1024)
- By [KaiRenner](https://slatesource.com/u/KaiRenner)
- Science & Technology
- Created on Mar 23, 2026

## The Transition Happening Right Now

NIST ran the most open cryptographic standardization competition since AES: 69 submissions in 2016, multiple public rounds of cryptanalysis, and final standards published in 2024. The winning algorithms rely on mathematical problems believed to be hard even for quantum computers — primarily the geometry of high-dimensional lattices.

The Learning With Errors Problem

The Learning With Errors (LWE) problem: given many pairs (a\_i, b\_i) where b\_i = a\_i times s + e\_i mod q, with s a secret vector and e\_i small random noise, recover s. Without the noise this is easy linear algebra. With noise, no efficient classical or qua

ML-KEM: Key Encapsulation

ML-KEM (formerly Kyber) is the NIST key encapsulation mechanism, based on Module-LWE — LWE structured using module lattices for efficiency. It generates a shared secret that two parties can use for symmetric encryption. Key and ciphertext sizes are around

ML-DSA: Digital Signatures

ML-DSA (formerly Dilithium) is the primary NIST signature algorithm, based on Module-LWE and Module-SIS (short integer solution over module lattices). Signature size is approximately 2–3 KB. Security is based on the hardness of finding short vectors satis

SLH-DSA: Hash-Based Signatures

SLH-DSA (formerly SPHINCS+) builds signatures from hash functions using a hypertree of Merkle trees and one-time signature schemes. Its security assumption is minimal: if the underlying hash function is secure, the signature scheme is secure. No new mathe

PQC Migration Checklist

0%

Inventory all cryptographic primitives in use across services

Identify which use RSA, ECDH, ECDSA, or DH for key exchange or signatures

Deploy ML-KEM alongside ECDH as a hybrid for TLS key exchange (X25519+ML-KEM768)

Update TLS library to a version supporting hybrid post-quantum key exchange

Plan certificate migration to ML-DSA or use hybrid classical+PQC certificates

Prioritize systems handling long-lived secrets or data with multi-year confidentiality

Monitor NIST and library release notes for parameter updates

## Go Deeper: The Geometry of Lattices

Lattice-based cryptography rests on the geometry of high-dimensional lattices — finding the shortest vector in a lattice is a deep mathematical problem connected to number theory, geometry, and the foundations of algorithms. The hardness is preserved under quantum computation because lattice problems lack the periodic structure that Shor exploits.

[

![Understand Information Theory and Entropy](https://cdn.slatesource.com/8/1/0/8108ad52-c7c2-438b-b26a-58135937fbcd.jpg)

Understand Information Theory and EntropyBy KaiRenner

](/s/1017)

[NIST Post-Quantum Cryptography Standardization](https://csrc.nist.gov/projects/post-quantum-cryptography?utm_source=slatesource)