-[Security Issues on the CNG Cryptography Library (Cryptography API: Next Generation)](https://ieeexplore.ieee.org/document/6603762) This paper introduces structure, features, and programming techniques of CNG, which was released as a substitute of the previous CAPI (Cryptography API) library from Microsoft.
-[Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API. [HZHW20](#[HZHW20])
-[Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API. [[HZHW20]](../refs#HZHW20)
- Research on CA mechanism
-[On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to moderncryptography. [PN19](#[PN19])
-[On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to moderncryptography. [[PN19]](../refs#PN19)
- CA as design principle
-[PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks](https://arxiv.org/abs/2010.06571) Proposes a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature. [HPDM20](#[HPDM20])
-[Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. [UWK15](#[UWK15])
-[PQFabric: A Permissioned Blockchain Secure from Both Classical and Quantum Attacks](https://arxiv.org/abs/2010.06571) Proposes a redesign of Fabric's credential-management procedures and related specifications in order to incorporate hybrid digital signatures, protecting against both classical and quantum attacks using one classical and one quantum-safe signature. [[HPDM20]](../refs#HPDM20)
-[Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. [[UWK15]](../refs#UWK15)
- Eval crypto libs
-[Comparing the Usability of Cryptographic APIs](https://ieeexplore.ieee.org/document/7958576) This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them. [ABF+ 17](#[ABF+ 17])
-[Comparing the Usability of Cryptographic APIs](https://ieeexplore.ieee.org/document/7958576) This paper is the first to examine both how and why the design and resulting usability of different cryptographic libraries affects the security of code written with them. [[ABF+ 17]](../refs#ABF+ 17)
- Eval code examples for crypto libs
-[Usability and Security Effects of Code Examples on Crypto APIs](https://ieeexplore.ieee.org/document/8514203) Platform for cryptographic code examples that improves the usability and security of created applications by non security experts. [MW18](#[MW18])
-[Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs](https://arxiv.org/abs/2004.03973) Researches whether similarity and Gf also have an effect in the context of using cryptographic APIs.[MW20](#[MW20])
-[Usability and Security Effects of Code Examples on Crypto APIs](https://ieeexplore.ieee.org/document/8514203) Platform for cryptographic code examples that improves the usability and security of created applications by non security experts. [[MW18]](../refs#MW18)
-[Fluid Intelligence Doesn't Matter! Effects of Code Examples on the Usability of Crypto APIs](https://arxiv.org/abs/2004.03973) Researches whether similarity and Gf also have an effect in the context of using cryptographic APIs.[[MW20]](../refs#MW20)
- Eval docum. system for crypto libs
-[Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API. [HZHW20](#[HZHW20])
-[Zur Benutzbarkeit und Verwendung von API-Dokumentationen](https://dl.gi.de/handle/20.500.12116/33515) Showcases requirements for a good security API. [[HZHW20]](../refs#HZHW20)
-[Stateful Hash-based Digital Signature Schemes for Bitcoin Cryptocurrency](https://ieeexplore.ieee.org/document/9043192) This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. [NWAO19](#[NWAO19])
-[Stateful Hash-based Digital Signature Schemes for Bitcoin Cryptocurrency](https://ieeexplore.ieee.org/document/9043192) This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. [[NWAO19]](../refs#NWAO19)
- Satellites difficult
-[Quantum Resistant Authentication Algorithms for Satellite-Based Augmentation Systems](https://web.stanford.edu/group/scpnt/gpslab/pubs/papers/Neish_2018_IONITM_QuantumResistantAuthenticationUpdated.pdf) Introduces the cryptographic primitives necessary to understand the vulnerabilities in modern day cryptography due to quantum computing and investigates the use of TESLA and EC-Schnorr algorithms in broadcast systems. [NWE19](#[NWE19])
-[Quantum Resistant Authentication Algorithms for Satellite-Based Augmentation Systems](https://web.stanford.edu/group/scpnt/gpslab/pubs/papers/Neish_2018_IONITM_QuantumResistantAuthenticationUpdated.pdf) Introduces the cryptographic primitives necessary to understand the vulnerabilities in modern day cryptography due to quantum computing and investigates the use of TESLA and EC-Schnorr algorithms in broadcast systems. [[NWE19]](../refs#NWE19)
- Cryptographic primitives handable
-[Cryptographic Agility and its Relation to Circular Encryption](https://eprint.iacr.org/2010/117) Researches whether wPRFs (weak-PRFs) are agile and whether every secure (IND-R) encryption scheme is secure when encrypting cycles. [ABBC10](#[ABBC10])
-[Cryptographic Agility and its Relation to Circular Encryption](https://eprint.iacr.org/2010/117) Researches whether wPRFs (weak-PRFs) are agile and whether every secure (IND-R) encryption scheme is secure when encrypting cycles. [[ABBC10]](../refs#ABBC10)
-[Biggest Failures in Security](https://drops.dagstuhl.de/opus/volltexte/2020/11981/) Tries to identify the "biggest failures" in security and to get a comprehensive understanding on their overall impact on security. [AVVY19](#[AVVY19])
-[Biggest Failures in Security](https://drops.dagstuhl.de/opus/volltexte/2020/11981/) Tries to identify the "biggest failures" in security and to get a comprehensive understanding on their overall impact on security. [[AVVY19]](../refs#AVVY19)
- Best practice for agility in protocols
-[Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms](https://tools.ietf.org/html/rfc7696) Provides guidelines to ensure that protocols have the ability to migrate from one mandatory-to-implement algorithm suite to another over time. [Hou15](#[Hou15])
-[Guidelines for Cryptographic Algorithm Agility and Selecting Mandatory-to-Implement Algorithms](https://tools.ietf.org/html/rfc7696) Provides guidelines to ensure that protocols have the ability to migrate from one mandatory-to-implement algorithm suite to another over time. [[Hou15]](../refs#Hou15)
- Building blocks of crypto-agility
-[On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to moderncryptography. [PN19](#[PN19])
-[On the importance of cryptographic agility for industrial automation](https://www.degruyter.com/document/doi/10.1515/auto-2019-0019/html) This work motivates cryptographic agility by discussing the threat of quantum computers to moderncryptography. [[PN19]](../refs#PN19)
-[Security Agility Solution Independent of the Underlaying Protocol Architecture](https://www.semanticscholar.org/paper/Security-Agility-Solution-Independent-of-the-Vasic-Mikuc/489054a1f28eb26b1baa1a9f0caff2306c821695) The agilecryptographic negotiation protocol (ACNP) proposed in this paper repre-sents a layer-agnostic, robust solution that can be deployed for providingcryptographic agility and greatly improve security. [VM12](#[VM12])
-[Stateful Hash-based Digital Signature Schemes for Bitcoin Cryptocurrency](https://ieeexplore.ieee.org/document/9043192) This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. [NWAO19](#[NWAO19])
-[Security Agility Solution Independent of the Underlaying Protocol Architecture](https://www.semanticscholar.org/paper/Security-Agility-Solution-Independent-of-the-Vasic-Mikuc/489054a1f28eb26b1baa1a9f0caff2306c821695) The agilecryptographic negotiation protocol (ACNP) proposed in this paper repre-sents a layer-agnostic, robust solution that can be deployed for providingcryptographic agility and greatly improve security. [[VM12]](../refs#VM12)
-[Stateful Hash-based Digital Signature Schemes for Bitcoin Cryptocurrency](https://ieeexplore.ieee.org/document/9043192) This research work presents basic analysis and the background understanding of Stateful Hash-based Signature Schemes, particularly the Lamport One-Time Signature Scheme, Winternitz One-Time Signature Scheme, and the Merkle Signature Scheme. [[NWAO19]](../refs#NWAO19)
- Enhance existing protocols for use with PQC
-[Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility](https://tools.ietf.org/html/rfc8636.html) This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. [AZCH19](#[AZCH19])
-[The Secure Socket API: TLS as an Operating System Service](https://www.usenix.org/conference/usenixsecurity18/presentation/oneill) We explore the use of the standard POSIX socket API as a vehicle for a simplified TLS API, while also giving administrators the ability to control applications and tailor TLS configuration to their needs. [OHW+18](#[OHW+18])
-[Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) Algorithm Agility](https://tools.ietf.org/html/rfc8636.html) This document updates the Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) standard (RFC 4556) to remove protocol structures tied to specific cryptographic algorithms. [[AZCH19]](../refs#AZCH19)
-[The Secure Socket API: TLS as an Operating System Service](https://www.usenix.org/conference/usenixsecurity18/presentation/oneill) We explore the use of the standard POSIX socket API as a vehicle for a simplified TLS API, while also giving administrators the ability to control applications and tailor TLS configuration to their needs. [[OHW+18]](../refs#OHW+18)
- Enhance existing infrastructure for PQC
-[Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities](https://link.springer.com/chapter/10.1007%2F978-3-319-49100-4_6) In this paper, we review all the TPM 2.0 ECC functionalities, and discuss on whether the existing TPM commands can be used to implement new cryptographic algorithms which have not yet been addressed in the specification. [CU16](#[CU16])
-[Fail-Safe-Konzept für Public-Key-Infrastrukturen](https://tuprints.ulb.tu-darmstadt.de/246/) In dieser Dissertation wird ein Fail-Safe-Konzept für Public-Key-Infrastrukturen vorgestellt. [Mas02](#[Mas02])
-[Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. [UWK15](#[UWK15])
-[Algorithm Agility – Discussion on TPM 2.0 ECC Functionalities](https://link.springer.com/chapter/10.1007%2F978-3-319-49100-4_6) In this paper, we review all the TPM 2.0 ECC functionalities, and discuss on whether the existing TPM commands can be used to implement new cryptographic algorithms which have not yet been addressed in the specification. [[CU16]](../refs#CU16)
-[Fail-Safe-Konzept für Public-Key-Infrastrukturen](https://tuprints.ulb.tu-darmstadt.de/246/) In dieser Dissertation wird ein Fail-Safe-Konzept für Public-Key-Infrastrukturen vorgestellt. [[Mas02]](../refs#Mas02)
-[Public Key Infrastructure and Crypto Agility Concept for Intelligent Transportation Systems](http://www.thinkmind.org/index.php?view=article&articleid=vehicular_2015_1_30_30028) This paper proposes a multi-domain PKI architecture for intelligent transportation systems, which considers the necessities of road infrastructure authorities and vehicle manufacturers, today. [[UWK15]](../refs#UWK15)
- Draft for composite keys and signatures
-[Composite Keys and Signatures For Use In Internet PKI](https://tools.ietf.org/id/draft-ounsworth-pq-composite-sigs-01.html) This document defines the structures CompositePublicKey, CompositeSignatureValue, and CompositeParams, which are sequences of the respective structure for each component algorithm. [OP20](#[OP20])
-[Composite Keys and Signatures For Use In Internet PKI](https://tools.ietf.org/id/draft-ounsworth-pq-composite-sigs-01.html) This document defines the structures CompositePublicKey, CompositeSignatureValue, and CompositeParams, which are sequences of the respective structure for each component algorithm. [[OP20]](../refs#OP20)
-[Systematic Testing of Post-Quantum Cryptographic Implementations Using Metamorphic Testing](https://ieeexplore.ieee.org/document/8785645) Investigates the effectiveness of a systematic testing approach for discovering bugs in highly complex cryptographic algorithm implementations. [PRKK19](#[PRKK19])
\ No newline at end of file
-[Systematic Testing of Post-Quantum Cryptographic Implementations Using Metamorphic Testing](https://ieeexplore.ieee.org/document/8785645) Investigates the effectiveness of a systematic testing approach for discovering bugs in highly complex cryptographic algorithm implementations. [[PRKK19]](../refs#PRKK19)
| [BIKE](https://bikesuite.org/) | Bit flipping key encapsulation based on QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check) [ABB+20](#[ABB+20]) | Public-key Encryption and Key-establishment | Round Three Alternative |
| [CRYSTALS-Dilithium](https://pq-crystals.org/dilithium/) | Digital signature scheme based on the hardness of lattice problems over module lattices [DKL+21](#[DKL+21]) | Digital Signature | Round 3 Finalist |
| [Falcon](https://falcon-sign.info/) | Lattice-based signature scheme based on the short integer solution problem (SIS) over NTRU lattices [FHK+20](#[FHK+20]) | Digital Signature | Round 3 Finalist |
| [FrodoKEM](https://frodokem.org/)| Key encapsulation from generic lattices [NAB+20](#[NAB+20]) | Public-key Encryption and Key-establishment | Round Three Alternative |
| [GeMSS](https://www-polsys.lip6.fr/Links/NIST/GeMSS.html) | Multivariate signature scheme producing small signatures [CFP+19](#[CFP+19]) | Digital Signature | Round Three Alternative |
| [HQC](http://pqc-hqc.org/) | Hamming quasi-cyclic code-based public key encryption scheme [MAB+20](#[MAB+20]) | Public-key Encryption and Key-establishment | Round Three Alternative |
| [KYBER](https://pq-crystals.org/kyber/) | IND-CCA2-secure key-encapsulation mechanism (KEM) based on hard problems over module lattices [ABD+21](#[ABD+21])| Public-key Encryption and Key-establishment | Round 3 Finalist |
| [Classic McEliece](https://classic.mceliece.org/) | Code-based public-key cryptosystem based on random binary Goppa codes [CCU+20](#[CCU+20]) | Public-key Encryption and Key-establishment | Round 3 Finalist |
| [NTRU](https://ntru.org/) | Public-key cryptosystem based on lattice-based cryptography [CDH+19](#[CDH+19]) | Public-key Encryption and Key-establishment | Round 3 Finalist |
| [NTRU-Prime](https://ntruprime.cr.yp.to/) | Small lattice-based key-encapsulation mechanism (KEM) [BBC+20](#[BBC+20]) | Public-key Encryption and Key-establishment | Round 3 Alternative |
| [Picnic](https://microsoft.github.io/Picnic/) | Digital signature algorithems based on the zero-knowledge proof system and symmetric key primitives [CDG+17](#[CDG+17]) | Digital Signature | Round 3 Alternative |
| [Rainbow](https://www.pqcrainbow.org/)| Public key cryptosystem based on the hardness of solving a set of random multivariate quadratic systems [DS05](#[DS05]) | Digital Signature | Round 3 Finalist |
| [SABER](https://www.esat.kuleuven.be/cosic/pqcrypto/saber/) | IND-CCA2-secure Key Encapsulation Mechanism (KEM) based on the hardness of the Module Learning With Rounding problem (MLWR) [DKR+19](#[DKR+19]) | Public-key Encryption and Key-establishment | Round 3 Finalist |
| [SIKE](https://sike.org/)| Isogeny-based key encapsulation suite based on pseudo-random walks in supersingular isogeny graphs [CCH+20](#[CCH+20]) | Public-key Encryption and Key-establishment | Round 3 Alternative |
| [SPHINCS+](https://sphincs.org/) | A stateless hash-based signature scheme [BHK+19](#[BHK+19]) | Digital Signature | Round 3 Alternative |
| [BIKE](https://bikesuite.org/) | Bit flipping key encapsulation based on QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check) [[ABB+20]](../refs#ABB+20) | Public-key Encryption and Key-establishment | Round Three Alternative |
| [CRYSTALS-Dilithium](https://pq-crystals.org/dilithium/) | Digital signature scheme based on the hardness of lattice problems over module lattices [[DKL+21]](../refs#DKL+21) | Digital Signature | Round 3 Finalist |
| [Falcon](https://falcon-sign.info/) | Lattice-based signature scheme based on the short integer solution problem (SIS) over NTRU lattices [[FHK+20]](../refs#FHK+20) | Digital Signature | Round 3 Finalist |
| [FrodoKEM](https://frodokem.org/)| Key encapsulation from generic lattices [[NAB+20]](../refs#NAB+20) | Public-key Encryption and Key-establishment | Round Three Alternative |
| [GeMSS](https://www-polsys.lip6.fr/Links/NIST/GeMSS.html) | Multivariate signature scheme producing small signatures [[CFP+19]](../refs#CFP+19) | Digital Signature | Round Three Alternative |
| [HQC](http://pqc-hqc.org/) | Hamming quasi-cyclic code-based public key encryption scheme [[MAB+20]](../refs#MAB+20) | Public-key Encryption and Key-establishment | Round Three Alternative |
| [KYBER](https://pq-crystals.org/kyber/) | IND-CCA2-secure key-encapsulation mechanism (KEM) based on hard problems over module lattices [[ABD+21]](../refs#ABD+21)| Public-key Encryption and Key-establishment | Round 3 Finalist |
| [Classic McEliece](https://classic.mceliece.org/) | Code-based public-key cryptosystem based on random binary Goppa codes [[CCU+20]](../refs#CCU+20) | Public-key Encryption and Key-establishment | Round 3 Finalist |
| [NTRU](https://ntru.org/) | Public-key cryptosystem based on lattice-based cryptography [[CDH+19]](../refs#CDH+19) | Public-key Encryption and Key-establishment | Round 3 Finalist |
| [NTRU-Prime](https://ntruprime.cr.yp.to/) | Small lattice-based key-encapsulation mechanism (KEM) [[BBC+20]](../refs#BBC+20) | Public-key Encryption and Key-establishment | Round 3 Alternative |
| [Picnic](https://microsoft.github.io/Picnic/) | Digital signature algorithems based on the zero-knowledge proof system and symmetric key primitives [[CDG+17]](../refs#CDG+17) | Digital Signature | Round 3 Alternative |
| [Rainbow](https://www.pqcrainbow.org/)| Public key cryptosystem based on the hardness of solving a set of random multivariate quadratic systems [[DS05]](../refs#DS05) | Digital Signature | Round 3 Finalist |
| [SABER](https://www.esat.kuleuven.be/cosic/pqcrypto/saber/) | IND-CCA2-secure Key Encapsulation Mechanism (KEM) based on the hardness of the Module Learning With Rounding problem (MLWR) [[DKR+19]](../refs#DKR+19) | Public-key Encryption and Key-establishment | Round 3 Finalist |
| [SIKE](https://sike.org/)| Isogeny-based key encapsulation suite based on pseudo-random walks in supersingular isogeny graphs [[CCH+20]](../refs#CCH+20) | Public-key Encryption and Key-establishment | Round 3 Alternative |
| [SPHINCS+](https://sphincs.org/) | A stateless hash-based signature scheme [[BHK+19]](../refs#BHK+19) | Digital Signature | Round 3 Alternative |
||
| [NewHope](https://newhopecrypto.org/) | Key-exchange protocol based on the Ring-Learning-with-Errors (Ring-LWE) problem [ADPS16](#[ADPS16]) | Public-key Encryption and Key-establishment | Round Two |
| [qTESLA](https://qtesla.org/) | Signature schemes based on the hardness of the decisional Ring Learning With Errors (R-LWE) problem [ABB+20](#[ABB+20]) | Digital Signature | Round Two |
\ No newline at end of file
| [NewHope](https://newhopecrypto.org/) | Key-exchange protocol based on the Ring-Learning-with-Errors (Ring-LWE) problem [[ADPS16]](../refs#ADPS16) | Public-key Encryption and Key-establishment | Round Two |
| [qTESLA](https://qtesla.org/) | Signature schemes based on the hardness of the decisional Ring Learning With Errors (R-LWE) problem [[ABB+20]](../refs#ABB+20) | Digital Signature | Round Two |
-[Algorithm Agility Procedure for the Resource Public Key Infrastructure (RPKI)](https://tools.ietf.org/html/rfc6916): RFC6916 formalizes the Migration Process for algorithm suites in the Resource Public Key Infrastructure [GKT13](#[GKT13])
-[Algorithm Agility Procedure for the Resource Public Key Infrastructure (RPKI)](https://tools.ietf.org/html/rfc6916): RFC6916 formalizes the Migration Process for algorithm suites in the Resource Public Key Infrastructure [[GKT13]](../refs#GKT13)
- Muckle Protocol Security Analysis:
-[Many a Mickle Makes a Muckle: A Framework for Provably Quantum-Secure Hybrid Key Exchange](https://eprint.iacr.org/2020/099.pdf): Framework for the security analysis of hybrid authenticated key exchange protocols and Introduction of the Muckle protocol [DHP20](#[DHP20])
\ No newline at end of file
-[Many a Mickle Makes a Muckle: A Framework for Provably Quantum-Secure Hybrid Key Exchange](https://eprint.iacr.org/2020/099.pdf): Framework for the security analysis of hybrid authenticated key exchange protocols and Introduction of the Muckle protocol [[DHP20]](../refs#DHP20)
@@ -9,39 +9,39 @@ Evaluation of the performance of PQC algorithms in various facets, classified in
##### **Algorithm Performance**
- PQC evaluation on chosen hardware:
-[On Feasibility of Post-Quantum Cryptography on Small Devices](https://www.sciencedirect.com/science/article/pii/S2405896318308474) Experimental post-quantum cryptography implementations on small devices with different platforms [MPD+18](#[MPD+18])
-[Towards Practical Deployment of Post-quantum Cryptography on Constrained Platforms and Hardware-Accelerated Platforms](https://link.springer.com/chapter/10.1007/978-3-030-41025-4_8) Evaluation of the NIST candidates regarding their suitability for the implementation on special hardware platforms [MRD+20](#[MRD+20])
-[On Feasibility of Post-Quantum Cryptography on Small Devices](https://www.sciencedirect.com/science/article/pii/S2405896318308474) Experimental post-quantum cryptography implementations on small devices with different platforms [[MPD+18]](../refs#MPD+18)
-[Towards Practical Deployment of Post-quantum Cryptography on Constrained Platforms and Hardware-Accelerated Platforms](https://link.springer.com/chapter/10.1007/978-3-030-41025-4_8) Evaluation of the NIST candidates regarding their suitability for the implementation on special hardware platforms [[MRD+20]](../refs#MRD+20)
- Improvements to PQC algorithms:
-[Performance Optimization of Lattice Post-Quantum Cryptographic Algorithms on Many-Core Processors](https://ieeexplore.ieee.org/abstract/document/9238630?casa_token=j7T_SBR8ECgAAAAA:Skx0Ze-JY3YP5CSLn20TOmrWviAP_-aUZ0b9W_gpR5fDpO8AWLigR52JC4qZVPTbLlIzv-3p2g) 52% and 83% improvement in performance for the CRYSTALS-Kyber KEM SHA3 variant and AES variant through Vectorization [KKP20](#[KKP20])
-[Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4](http://link.springer.com/10.1007/978-3-030-23696-0_11) Optimized software implementation of Kyber for the ARM Cortex-M4 microcontroller [BKS19](#[BKS19])
-[Performance Optimization of Lattice Post-Quantum Cryptographic Algorithms on Many-Core Processors](https://ieeexplore.ieee.org/abstract/document/9238630?casa_token=j7T_SBR8ECgAAAAA:Skx0Ze-JY3YP5CSLn20TOmrWviAP_-aUZ0b9W_gpR5fDpO8AWLigR52JC4qZVPTbLlIzv-3p2g) 52% and 83% improvement in performance for the CRYSTALS-Kyber KEM SHA3 variant and AES variant through Vectorization [[KKP20]](../refs#KKP20)
-[Memory-Efficient High-Speed Implementation of Kyber on Cortex-M4](http://link.springer.com/10.1007/978-3-030-23696-0_11) Optimized software implementation of Kyber for the ARM Cortex-M4 microcontroller [[BKS19]](../refs#BKS19)
- Lattice-based vs. Isogeny-based:
-[Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication](https://link.springer.com/chapter/10.1007/978-3-030-59013-0_15) Two solutions for the integration of PQ primitives into the industrial protocol Open Platform Communications Unified Architecture (OPC UA) [PASC20](#[PASC20])
-[Incorporating Post-Quantum Cryptographyin a Microservice Environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf) On the practical feasibility of using PQCin a microservice architecture [WvdG20](#[WvdG20])
-[Towards Post-Quantum Security for Cyber-Physical Systems: Integrating PQC into Industrial M2M Communication](https://link.springer.com/chapter/10.1007/978-3-030-59013-0_15) Two solutions for the integration of PQ primitives into the industrial protocol Open Platform Communications Unified Architecture (OPC UA) [[PASC20]](../refs#PASC20)
-[Incorporating Post-Quantum Cryptographyin a Microservice Environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf) On the practical feasibility of using PQCin a microservice architecture [[WvdG20]](../refs#WvdG20)
- PQC in IoT:
-[From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things](https://ieeexplore.ieee.org/abstract/document/8932459) A wide view of post-quantum IoT security and give useful guidelines [FC20](#[FC20])
-[From Pre-Quantum to Post-Quantum IoT Security: A Survey on Quantum-Resistant Cryptosystems for the Internet of Things](https://ieeexplore.ieee.org/abstract/document/8932459) A wide view of post-quantum IoT security and give useful guidelines [[FC20]](../refs#FC20)
##### **Hardware Performance**
- CRYSTALS-Dilithium and qTesla:
-[NIST Post-Quantum Cryptography - A Hardware Evaluation Study](https://eprint.iacr.org/2019/047) A hardware-based comparison of the NIST PQC candidates [BSNK19](#[BSNK19])
-[NIST Post-Quantum Cryptography - A Hardware Evaluation Study](https://eprint.iacr.org/2019/047) A hardware-based comparison of the NIST PQC candidates [[BSNK19]](../refs#BSNK19)
- Performance critial use cases:
-[Ultra-Fast Modular Multiplication Implementation for Isogeny-Based Post-Quantum Cryptography](https://ieeexplore.ieee.org/document/9020384) Improved unconventional-radix finite-field multiplication (IFFM) algorithm reducing computational complexity by about 20% [TLW19](#[TLW19])
-[Ultra-Fast Modular Multiplication Implementation for Isogeny-Based Post-Quantum Cryptography](https://ieeexplore.ieee.org/document/9020384) Improved unconventional-radix finite-field multiplication (IFFM) algorithm reducing computational complexity by about 20% [[TLW19]](../refs#TLW19)
- FPGA performance benefits:
-[Implementation and benchmarking of round 2 candidates in the NIST post-quantum cryptography standardization process using hardware and software/hardware co-design approaches](https://cryptography.gmu.edu/athena/PQC/GMU_PQC_2020_SW_HW.pdf) Methodology for implementing and benchmarking PQC candidates usingboth hardware and software/hardware co-design approaches [DFA+20](#[DFA+20])
-[Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves](https://ieeexplore.ieee.org/abstract/document/7725935) Isogeny-based schemes can be implemented with high efficiency on reconfigurable hardware [KAMJ17](#[KAMJ17])
-[Post-Quantum Secure Boot](https://ieeexplore.ieee.org/document/9116252) Post-quantum secure boot solution implemented fully as hardware for reasons of security and performance [KGC+20](#[KGC+20])
-[Implementation and benchmarking of round 2 candidates in the NIST post-quantum cryptography standardization process using hardware and software/hardware co-design approaches](https://cryptography.gmu.edu/athena/PQC/GMU_PQC_2020_SW_HW.pdf) Methodology for implementing and benchmarking PQC candidates usingboth hardware and software/hardware co-design approaches [[DFA+20]](../refs#DFA+20)
-[Post-Quantum Cryptography on FPGA Based on Isogenies on Elliptic Curves](https://ieeexplore.ieee.org/abstract/document/7725935) Isogeny-based schemes can be implemented with high efficiency on reconfigurable hardware [[KAMJ17]](../refs#KAMJ17)
-[Post-Quantum Secure Boot](https://ieeexplore.ieee.org/document/9116252) Post-quantum secure boot solution implemented fully as hardware for reasons of security and performance [[KGC+20]](../refs#KGC+20)
- Hardware Security Modules (HSMs):
-[Post-Quantum Secure Architectures for Automotive Hardware Secure Modules](https://eprint.iacr.org/2020/026.pdf) Building a post-quantum secure automotive HSM is feasible and can meet the hard requirements imposed by a modern vehicle ECU [WaSt20](#[WaSt20])
-[Post-Quantum Secure Architectures for Automotive Hardware Secure Modules](https://eprint.iacr.org/2020/026.pdf) Building a post-quantum secure automotive HSM is feasible and can meet the hard requirements imposed by a modern vehicle ECU [[WaSt20]](../refs#WaSt20)
##### **Network Performacne**
- Measurments and benchmarks:
-[Benchmarking Post-Quantum Cryptography in TLS](https://eprint.iacr.org/2019/1447) Packet loss rates above 3–5% start to have a significantimpact on post-quantum algorithms that fragment across many packets [PST19](#[PST19])
-[Real-world measurements of structured-lattices and supersingular isogenies in TLS](https://www.imperialviolet.org/2019/10/30/pqsivssl.html) Computational advantages of structured lattices make them a more attractive choice for post-quantum confidentiality [Lang19](#[Lang19])
-[Measuring TLS key exchange with post-quantum KEM](https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kwiatkowski-measuring-tls.pdf)[KSL+19](#[KSL+19])
-[Post-Quantum Authentication in TLS 1.3: A Performance Study](http://eprint.iacr.org/2020/071) Detailed performance evaluation of the NIST signature algorithm candidates and imposed latency on TLS 1.3 [SKD20](#[SKD20])
-[Benchmarking Post-Quantum Cryptography in TLS](https://eprint.iacr.org/2019/1447) Packet loss rates above 3–5% start to have a significantimpact on post-quantum algorithms that fragment across many packets [[PST19]](../refs#PST19)
-[Real-world measurements of structured-lattices and supersingular isogenies in TLS](https://www.imperialviolet.org/2019/10/30/pqsivssl.html) Computational advantages of structured lattices make them a more attractive choice for post-quantum confidentiality [[Lang19]](../refs#Lang19)
-[Measuring TLS key exchange with post-quantum KEM](https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/kwiatkowski-measuring-tls.pdf)[[KSL+19]](../refs#KSL+19)
-[Post-Quantum Authentication in TLS 1.3: A Performance Study](http://eprint.iacr.org/2020/071) Detailed performance evaluation of the NIST signature algorithm candidates and imposed latency on TLS 1.3 [[SKD20]](../refs#SKD20)
- TLS, DTLS, IKEv2 and QUIC PQC integrations:
-[The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/) Evaluating the performance and feasibility of deployment in TLS of two post-quantum key agreement ciphers [KwVa19](#[KwVa19])
-[Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyberand SPHINCS+ with Mbed TLS](https://dl.acm.org/doi/abs/10.1145/3320269.3384725) Post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants [BSKNS20](#[BSKNS20])
-[The Viability of Post-quantum X.509 Certificates](https://eprint.iacr.org/2018/063) Signature schemes standardized in NIST PQ Project can work with X.509certs in a post-quantum Internet [KPDG18](#[KPDG18])
-[Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project](https://link.springer.com/chapter/10.1007%2F978-3-319-69453-5_2)[StMo16](#[StMo16])
-[The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/) Evaluating the performance and feasibility of deployment in TLS of two post-quantum key agreement ciphers [[KwVa19]](../refs#KwVa19)
-[Post-Quantum TLS on Embedded Systems: Integrating and Evaluating Kyberand SPHINCS+ with Mbed TLS](https://dl.acm.org/doi/abs/10.1145/3320269.3384725) Post-quantum key establishment with Kyber performs well in TLS on embedded devices compared to ECC variants [[BSKNS20]](../refs#BSKNS20)
-[The Viability of Post-quantum X.509 Certificates](https://eprint.iacr.org/2018/063) Signature schemes standardized in NIST PQ Project can work with X.509certs in a post-quantum Internet [[KPDG18]](../refs#KPDG18)
-[Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project](https://link.springer.com/chapter/10.1007%2F978-3-319-69453-5_2)[[StMo16]](../refs#StMo16)
- VPN evaluations:
-[Two PQ Signature Use-cases: Non-issues, challenges and potential solutions](https://eprint.iacr.org/2019/1276) Dilithium and Falcon are the best available options but come with an impact on TLS performance [KaSi19](#[KaSi19])
\ No newline at end of file
-[Two PQ Signature Use-cases: Non-issues, challenges and potential solutions](https://eprint.iacr.org/2019/1276) Dilithium and Falcon are the best available options but come with an impact on TLS performance [[KaSi19]](../refs#KaSi19)
-[Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH](https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/stebila-prototyping-post-quantum.pdf): Hybrid approach: Two or more independent algorithms chosen from both post-quantum, and classical schemes [CPS19](#[CPS19])
-[Zur Integration von Post-Quantum Verfahren in bestehende Softwarepodukte](https://arxiv.org/pdf/2102.00157v1): Field report on the integration of thePQC methods McEliece and SPHINCS+ based on the eUCRITE API [ZWH21](#[ZWH21])
-[Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH](https://csrc.nist.gov/CSRC/media/Events/Second-PQC-Standardization-Conference/documents/accepted-papers/stebila-prototyping-post-quantum.pdf): Hybrid approach: Two or more independent algorithms chosen from both post-quantum, and classical schemes [[CPS19]](../refs#CPS19)
-[Zur Integration von Post-Quantum Verfahren in bestehende Softwarepodukte](https://arxiv.org/pdf/2102.00157v1): Field report on the integration of thePQC methods McEliece and SPHINCS+ based on the eUCRITE API [[ZWH21]](../refs#ZWH21)
- Hybrid Lattice-Based:
-[ImperialViolet - CECPQ1 results](https://www.imperialviolet.org/2016/11/28/cecpq1.html): Successful experiment using hybrid approach, no network problems and a median connection latency increase of one millisecond [A. 16](#[A.16])
-[Experimenting with Post-Quantum Cryptography](https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html): Same experiment, see above [Bra16](#[Bra16])
-[Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial m2m communication](http://link.springer.com/10.1007/978-3-030-59013-0_15): Tradeoffs in security: big key/certificate sizes results in problems and difficulties for various protocols.[PS20](#[PS20])
-[Incorporating post-quantum cryptography in a microservice environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf): Post-Quantum algorithms perform on a similar level to classical ones. The most feasible algorithms are lattice-based. [WvdG20](#[WvdG20])
-[ImperialViolet - CECPQ1 results](https://www.imperialviolet.org/2016/11/28/cecpq1.html): Successful experiment using hybrid approach, no network problems and a median connection latency increase of one millisecond [[A. 16]](../refs#A.16)
-[Experimenting with Post-Quantum Cryptography](https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html): Same experiment, see above [[Bra16]](../refs#Bra16)
-[Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial m2m communication](http://link.springer.com/10.1007/978-3-030-59013-0_15): Tradeoffs in security: big key/certificate sizes results in problems and difficulties for various protocols.[[PS20]](../refs#PS20)
-[Incorporating post-quantum cryptography in a microservice environment](https://homepages.staff.os3.nl/~delaat/rp/2019-2020/p13/report.pdf): Post-Quantum algorithms perform on a similar level to classical ones. The most feasible algorithms are lattice-based. [[WvdG20]](../refs#WvdG20)
- Hybrid PQ CECPQ2(b) & X25519:
-[The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/): Experiment between google and cloudflare comparing three groups using post-quantum CECPQ2, CECPQ2b or non-post-quantum X25519.[KV19](#[KV19])
-[The TLS Post-Quantum Experiment](https://blog.cloudflare.com/the-tls-post-quantum-experiment/): Experiment between google and cloudflare comparing three groups using post-quantum CECPQ2, CECPQ2b or non-post-quantum X25519.[[KV19]](../refs#KV19)
- Hybrid Certificates:
-[X.509-Compliant Hybrid Certificates for the Post-Quantum Transition](http://tubiblio.ulb.tu-darmstadt.de/115809/): Parallel usage of two independent cryptographic schemes within public key infrastructures enabling a stepwise transition to post-quantum secureand hybrid algorithms [BBG+19](#[BBG+19])
\ No newline at end of file
-[X.509-Compliant Hybrid Certificates for the Post-Quantum Transition](http://tubiblio.ulb.tu-darmstadt.de/115809/): Parallel usage of two independent cryptographic schemes within public key infrastructures enabling a stepwise transition to post-quantum secureand hybrid algorithms [[BBG+19]](../refs#BBG+19)
##### **Algorithm, Parameter Selection and Tradeoffs**
- Key/sig. size problematic for protocols:
-[The Viability of Post-quantum X.509 Certificates](https://eprint.iacr.org/2018/063.pdf): Present suitable parameters for software signature use cases and good signature candidates for TLS 1.3 authentication. [KPDG18](#[KPDG18])
-[Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial m2m communication](http://link.springer.com/10.1007/978-3-030-59013-0_15): Tradeoffs in security: big key/certificate sizes results in problems and difficulties for various protocols.[PS20](#[PS20])
-[The Viability of Post-quantum X.509 Certificates](https://eprint.iacr.org/2018/063.pdf): Present suitable parameters for software signature use cases and good signature candidates for TLS 1.3 authentication. [[KPDG18]](../refs#KPDG18)
-[Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial m2m communication](http://link.springer.com/10.1007/978-3-030-59013-0_15): Tradeoffs in security: big key/certificate sizes results in problems and difficulties for various protocols.[[PS20]](../refs#PS20)
##### **Cryptanalysis**
- PQC schemes broken by cryptanalysis:
-[Cryptanalysis of the Lifted Unbalanced Oil Vinegar Signature Scheme](https://eprint.iacr.org/2019/1490.pdf): A new type of attack called Subfield Differential Attack (SDA) on Lifted Unbalanced Oil and Vinegar (LUOV) [DDS+20](#[DDS+20])
-[Quantum cryptanalysis on some generalized Feistel schemes](https://eprint.iacr.org/2017/1249.pdf): Quantum distinguishers to introduce generic quantum key-recovery attacks [DLW19](#[DLW19])
-[A reaction attack against cryptosystems based on LRPC codes.](https://eprint.iacr.org/2019/845.pdf): Analyze cryptosystems based on Low-Rank Parity-Check (LRPC) codes. [SSPB19](#[SSPB19])
-[Cryptanalysis of the Lifted Unbalanced Oil Vinegar Signature Scheme](https://eprint.iacr.org/2019/1490.pdf): A new type of attack called Subfield Differential Attack (SDA) on Lifted Unbalanced Oil and Vinegar (LUOV) [[DDS+20]](../refs#DDS+20)
-[Quantum cryptanalysis on some generalized Feistel schemes](https://eprint.iacr.org/2017/1249.pdf): Quantum distinguishers to introduce generic quantum key-recovery attacks [[DLW19]](../refs#DLW19)
-[A reaction attack against cryptosystems based on LRPC codes.](https://eprint.iacr.org/2019/845.pdf): Analyze cryptosystems based on Low-Rank Parity-Check (LRPC) codes. [[SSPB19]](../refs#SSPB19)
- New security assessment methods:
-[Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE.](https://eprint.iacr.org/2019/103.pdf): New models of computation which allow a direct comparison between classical and quantum algorithms [JS19](#[JS19])
-[A classification of differential invariants for multivariate post-quantum cryptosystems](http://link.springer.com/10.1007/978-3-642-38616-9_11): Present an extension of a recent measure of security against a differential adversary. The technique assures security against any first-order differential invariant adversary. [PST13](#[PST13])
-[Quantum Cryptanalysis in the RAM Model: Claw-Finding Attacks on SIKE.](https://eprint.iacr.org/2019/103.pdf): New models of computation which allow a direct comparison between classical and quantum algorithms [[JS19]](../refs#JS19)
-[A classification of differential invariants for multivariate post-quantum cryptosystems](http://link.springer.com/10.1007/978-3-642-38616-9_11): Present an extension of a recent measure of security against a differential adversary. The technique assures security against any first-order differential invariant adversary. [[PST13]](../refs#PST13)
- Code-based PQC algorithms for PRNG:
-[Testing of Code-Based Pseudorandom Number Generators for Post-Quantum Application](https://www.researchgate.net/publication/342456148_Testing_of_Code-Based_Pseudorandom_Number_Generators_for_Post-Quantum_Application): Code-based pseudorandom generator, improvement of Fischer-Stern generator [KKS+20](#[KKS+20])
-[Testing of Code-Based Pseudorandom Number Generators for Post-Quantum Application](https://www.researchgate.net/publication/342456148_Testing_of_Code-Based_Pseudorandom_Number_Generators_for_Post-Quantum_Application): Code-based pseudorandom generator, improvement of Fischer-Stern generator [[KKS+20]](../refs#KKS+20)
##### **Side-Channel Attacks**
- Side-Channel Attacks:
-[Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions](https://arxiv.org/abs/2005.04344): Overview of several PQC-related side-channel attacks[CCA+21](#[CCA+21])
-[Physical security in the post-quantum era: A survey on side-channel analysis, random number generators, and physically unclonable functions](https://arxiv.org/abs/2005.04344): Overview of several PQC-related side-channel attacks[[CCA+21]](../refs#CCA+21)
- Minimize attack vectors:
-[Physical protection of lattice-based cryptography: Challenges and solutions](https://pure.qub.ac.uk/files/156772945/paper.pdf): Attack and countermeasure for gaussian sampler of lattice-based schemes. [KOV+18](#[KOV+18])
-[A side-channel resistant implementation of saber](https://eprint.iacr.org/2020/733.pdf): State of the art in terms of side channel attacks against lattice based cryptosystems and their respective countermeasures. [VBDK+20](#[VBDK+20])
-[Side-Channel Analysis and Countermeasure Design on ARM-based Quantum-Resistant SIKE](https://ieeexplore.ieee.org/document/9181442): Side-Channel resistant implementation of saber, using masking as a countermeasure [ZYD+20](#[ZYD+20])
-[Physical protection of lattice-based cryptography: Challenges and solutions](https://pure.qub.ac.uk/files/156772945/paper.pdf): Attack and countermeasure for gaussian sampler of lattice-based schemes. [[KOV+18]](../refs#KOV+18)
-[A side-channel resistant implementation of saber](https://eprint.iacr.org/2020/733.pdf): State of the art in terms of side channel attacks against lattice based cryptosystems and their respective countermeasures. [[VBDK+20]](../refs#VBDK+20)
-[Side-Channel Analysis and Countermeasure Design on ARM-based Quantum-Resistant SIKE](https://ieeexplore.ieee.org/document/9181442): Side-Channel resistant implementation of saber, using masking as a countermeasure [[ZYD+20]](../refs#ZYD+20)
- Successfull attack on Himq-3:
-[A complete cryptanalysis of the post-quantum multivariate signature scheme himq-3](https://link.springer.com/chapter/10.1007%2F978-3-030-61078-4_24): Singularity Attack: Successfully breaks signatures of the multivarite public key scheme Himq-3 [DDW20](#[DDW20])
\ No newline at end of file
-[A complete cryptanalysis of the post-quantum multivariate signature scheme himq-3](https://link.springer.com/chapter/10.1007%2F978-3-030-61078-4_24): Singularity Attack: Successfully breaks signatures of the multivarite public key scheme Himq-3 [[DDW20]](../refs#DDW20)
-[Status report on the second round of the NIST post-quantum cryptography standardization process](https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf): Third round finalists for public-key encryption / key-establishment algorithms and digital signatures [MAA+20](#[MAA+20])
-[Status report on the second round of the NIST post-quantum cryptography standardization process](https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8309.pdf): Third round finalists for public-key encryption / key-establishment algorithms and digital signatures [[MAA+20]](../refs#MAA+20)
- Review of NIST Candidates:
-[Standardisierung von post-quanten-kryptografie und empfehlungen des bsi](https://www.bsi.bund.de/DE/Service-Navi/Veranstaltungen/Deutscher-IT-Sicherheitskongress-30-Jahre-BSI/deutscher-it-sicherheitskongress-30-jahre-bsi_node.html): Overview of the current state of standardization of post Quantum cryptography with respect to the BSI recommendations. [HKW21](#[HKW21])
-[Standardisierung von post-quanten-kryptografie und empfehlungen des bsi](https://www.bsi.bund.de/DE/Service-Navi/Veranstaltungen/Deutscher-IT-Sicherheitskongress-30-Jahre-BSI/deutscher-it-sicherheitskongress-30-jahre-bsi_node.html): Overview of the current state of standardization of post Quantum cryptography with respect to the BSI recommendations. [[HKW21]](../refs#HKW21)
- Open Quantum Project:
-[Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project](https://eprint.iacr.org/2016/1017.pdf): Open Quantum Project, libqos library: exemplary cryptographic applications like OpenSSL. Comparing NIST Round 2 PQC candidate implementations using OpenSSL [SM16](#[SM16])
-[Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project](https://eprint.iacr.org/2016/1017.pdf): Open Quantum Project, libqos library: exemplary cryptographic applications like OpenSSL. Comparing NIST Round 2 PQC candidate implementations using OpenSSL [[SM16]](../refs#SM16)
- DNSSEC PQC Draft:
-[Retrofitting post-quantum cryptography in internet protocols: a case study of DNSSEC](https://dl.acm.org/doi/10.1145/3431832.3431838): Evaluate three PQC-Algorithms that are suitable for DNSSEC within certain constraints [MdJvH+20](#[MdJvH+20])
-[Retrofitting post-quantum cryptography in internet protocols: a case study of DNSSEC](https://dl.acm.org/doi/10.1145/3431832.3431838): Evaluate three PQC-Algorithms that are suitable for DNSSEC within certain constraints [[MdJvH+20]](../refs#MdJvH+20)
- Decentralized Cert. Management:
-[Next-generation web public-key infrastructure technologies](https://eprints.qut.edu.au/128643): New decentralized approach to certificate management based on generic blockchains (DPKIT), compatible with existing PKIs. [HM19](#[HM19])
\ No newline at end of file
-[Next-generation web public-key infrastructure technologies](https://eprints.qut.edu.au/128643): New decentralized approach to certificate management based on generic blockchains (DPKIT), compatible with existing PKIs. [[HM19]](../refs#HM19)
@@ -11,12 +11,12 @@ A collection of survey papers and references dealing with general challenges and
*A full reference list can be found in the [references](../refs) section. All references are listed in alphabetical order.*
-[Identifying Research Challenges in Post Quantum Cryptography Migration and Cryptographic Agility](http://arxiv.org/abs/1909.07353): A wide range of topics and challenges at a high abstraction level grouped into categories of PQC migration and crypto-agility [[OPp19]](../refs#opp19)
-[Our Paper] [paper](#paper)
-[Getting Ready for Post-Quantum Cryptography](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04282021.pdf): Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms [BPS20](#[BPS20]).
-[Practical Post-Quantum Cryptography](https://www.sit.fraunhofer.de/fileadmin/dokumente/studien_und_technical_reports/Practical.PostQuantum.Cryptography_WP_FraunhoferSIT.pdf?_=1503992279): White paper from the Fraunhofer Institute for Secure Information Technology SIT addressing challenges of PQC migration and comparison of PQC algorithms [NIWA17](#[NIWA17]).
-[From Pre-Quantum to Post-Quantum IoT Security](https://ieeexplore.ieee.org/document/8932459): Challenges for PQC in IoT and comparison of the performance of PQC algorithms [FC20](#[FC20]).
-[Biggest Failures in IT Security](https://drops.dagstuhl.de/opus/volltexte/2020/11981/pdf/dagrep_v009_i011_p001_19451.pdf): A variety of problems in achieving IT security and possible strategies to solve them [AVVY19](#[AVVY19]).
-[Getting Ready for Post-Quantum Cryptography](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.05262020-draft.pdf): Challenges associated with adoption and use of post-quantum cryptographic algorithms [BPS20](#[BPS20]).
-[Migration zu Post-Quanten-Kryptografie](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Post-Quanten-Kryptografie.html): Recommendations for action on migration to PQC by the BSI (German Federal Office for Information Security) [BSI20](#[BSI20]).
-[Quantencomputerresistente Kryptografie: Aktuelle Aktivitäten und Fragestellungen](https://www.secumedia-shop.net/Deutschland-Digital-Sicher-30-Jahre-BSI): A brief evaluation of the current state of both post-quantum and quantum cryptography [HLL+21](#[HLL+21]).
-[Quantum Safe Cryptography and Security: An introduction, benefits, enablers and challenges](https://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf): Important use cases for cryptography and potential migration strategies to transition to post-quantum cryptography [CCD+15](#[CCD+15]).
\ No newline at end of file
-[Our Paper] [[paper]](../refs#paper)
-[Getting Ready for Post-Quantum Cryptography](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04282021.pdf): Challenges Associated with Adopting and Using Post-Quantum Cryptographic Algorithms [[BPS20]](../refs#BPS20).
-[Practical Post-Quantum Cryptography](https://www.sit.fraunhofer.de/fileadmin/dokumente/studien_und_technical_reports/Practical.PostQuantum.Cryptography_WP_FraunhoferSIT.pdf?_=1503992279): White paper from the Fraunhofer Institute for Secure Information Technology SIT addressing challenges of PQC migration and comparison of PQC algorithms [[NIWA17]](../refs#NIWA17).
-[From Pre-Quantum to Post-Quantum IoT Security](https://ieeexplore.ieee.org/document/8932459): Challenges for PQC in IoT and comparison of the performance of PQC algorithms [[FC20]](../refs#FC20).
-[Biggest Failures in IT Security](https://drops.dagstuhl.de/opus/volltexte/2020/11981/pdf/dagrep_v009_i011_p001_19451.pdf): A variety of problems in achieving IT security and possible strategies to solve them [[AVVY19]](../refs#AVVY19).
-[Getting Ready for Post-Quantum Cryptography](https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.05262020-draft.pdf): Challenges associated with adoption and use of post-quantum cryptographic algorithms [[BPS20]](../refs#BPS20).
-[Migration zu Post-Quanten-Kryptografie](https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Post-Quanten-Kryptografie.html): Recommendations for action on migration to PQC by the BSI (German Federal Office for Information Security) [[BSI20]](../refs#BSI20).
-[Quantencomputerresistente Kryptografie: Aktuelle Aktivitäten und Fragestellungen](https://www.secumedia-shop.net/Deutschland-Digital-Sicher-30-Jahre-BSI): A brief evaluation of the current state of both post-quantum and quantum cryptography [[HLL+21]](../refs#HLL+21).
-[Quantum Safe Cryptography and Security: An introduction, benefits, enablers and challenges](https://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeWhitepaper.pdf): Important use cases for cryptography and potential migration strategies to transition to post-quantum cryptography [[CCD+15]](../refs#CCD+15).
