Post-Quantum Cryptography

Post-Quantum Cryptography: The Threat Model

Shor's algorithm doesn't break all cryptography — it breaks the specific subset built on integer factoring and discrete logarithms, which happens to be nearly every public-key system in production. This tutorial lays out the precise threat model, the 'harvest now, decrypt later' attack, NIST's standardization response, and exactly which of your primitives to replace first.

intermediate · ~22 min · prereq: Tutorial 12: Shor's Algorithm

ML-KEM and ML-DSA in Practice

NIST's FIPS 203 and FIPS 204 are the new cryptographic standards replacing RSA and ECDSA. This tutorial explains the math behind lattice-based key encapsulation and signatures, shows how to use them with real code (Python cryptography library + OpenSSL 3.5), and walks through hybrid TLS 1.3 — the production-grade migration deployment.

intermediate · ~24 min · prereq: Tutorial 21: Post-Quantum Cryptography Threat Model

Auditing a Codebase for Y2Q Readiness

A hands-on tutorial that walks through building a crypto-agility scanner for any codebase — Python, JavaScript, Go, Rust, Java, C/C++. Identifies every place RSA, ECDSA, ECDH, and DH are used, produces a prioritized migration report, and is the exact deliverable that PQC consulting engagements sell.

intermediate · ~23 min · prereq: Tutorial 22: ML-KEM and ML-DSA in Practice

Falcon (FN-DSA): The Compact Lattice Signature Standard

Falcon — standardized as FN-DSA in NIST FIPS 206 — is a post-quantum signature scheme built from NTRU lattices and floating-point Gaussian sampling. It produces signatures roughly 5x smaller than ML-DSA at comparable security, but at the cost of a much harder implementation (constant-time Gaussian sampling is notoriously subtle). This tutorial covers the math, the implementation pitfalls, and when Falcon is the right post-quantum signature choice.

advanced · ~16 min · prereq: Tutorial 22: ML-KEM and ML-DSA in Practice

SPHINCS+ (SLH-DSA): Hash-Based Signatures for Conservative Long-Term Security

SPHINCS+ — standardized as SLH-DSA in NIST FIPS 205 — is the only NIST-standardized post-quantum signature whose security depends only on hash-function security, not on lattice or other algebraic problems. Its signatures are large (~8 KB) and signing is slow, but it is the most conservative quantum-resistant signature available. This tutorial covers Merkle trees, the FORS few-time signature, the hyper-tree construction, and when SPHINCS+ is the right choice over lattice schemes.

advanced · ~15 min · prereq: Tutorial 22: ML-KEM and ML-DSA in Practice, Tutorial 49: Falcon Signatures

Hybrid TLS with Post-Quantum KEMs: How the Internet Is Migrating in 2026

The 2026 production migration to post-quantum cryptography on the public internet uses hybrid key exchange — combining classical X25519 with post-quantum ML-KEM in TLS 1.3. The hybrid approach protects against both quantum break-throughs (ML-KEM saves you) and unforeseen lattice-cryptanalysis breakthroughs (X25519 saves you). This tutorial covers the IETF-standardized hybrid groups, deployment status across browsers and CDNs, and the open performance and policy questions.

intermediate · ~14 min · prereq: Tutorial 22: ML-KEM and ML-DSA in Practice

Harvest-Now-Decrypt-Later: The Threat Model That Drives Post-Quantum Migration Timelines

An adversary who captures and stores encrypted traffic in 2026 can decrypt it in 2036 — assuming quantum computers exist by then and the data was encrypted under classical (non-post-quantum) cryptography. This is the harvest-now-decrypt-later threat model, and it is the structural reason post-quantum cryptography migration must precede the actual quantum threat by 5-15 years. This tutorial covers the threat model, who is doing the harvesting, what data is at risk, and how to assess your organization's timeline exposure.

intermediate · ~14 min · prereq: Tutorial 21: Post-Quantum Cryptography Threat Model, Tutorial 51: Hybrid TLS with Post-Quantum KEMs