Research of Post-Quantum Cryptography in China Jiwu Jing Data Assurance and Communications Security Research Center Chinese Academy of Sciences Quantum Revolution Quantum Quantum Communication Computation Quantum Precision Measurement Contents Background Projects and Results Trends Classical Cryptographic Schemes AES128 DES 2DES 3DES AES192 AES256 SM4 RSA1024 RSA2048 RSA3072 DSA256 DSA160 DSA224 DSA384 DSA512 SM2 SHA-256 SHA-1 SHA-224 SHA-384 SHA-512 SM3 56bit 80bit 112bit 128bit 192bit 256bit 1999 2010 2030 2040 2080 2120 Safe world without quantum computing Current schemes can used for 100 years Quantum Computers Temporal Defense Systems Inc. (TDS) Affect of Quantum Computing Scheme Affect Symmetric Key (SM4,AES) Security Halved (Grover) Hash(SM3,SHA-3) Security Decreased(Grover Public Key (RSA,DSA,SM2) Completely Broken（Shor） Lattice Cryptography Quantum Safe （Currently） Multivariant Cryptogrphy Quantum Safe （Currently） Hash based signature Quantum Safe （Currently） Code-based cryptography Quantum Safe （Currently） Isogeny Cryptography Quantum Safe （Currently） Candidates of NIST PQC PQC Events in China PQC projects in Cryptography Development Fund PQC key projects in NSFC Lattice Cryptography PQC Summer School 2016 Summer School 2018 2016 June 9-10 1st Asia PQC Forum Submit Candidates & Cryptanalysis to NIST PQC Standardization 2018.6 CACR PQC Competition 2010 2015 2018 Candidates Submitted to NIST PQC Algorithms Inventors Lepton Yu yu, Shanghai Jiaotong University, China Zhangjiang, State Key Laboratory of Cryptology, China KCL Yunlei Zhao, Zhengzhong jin, Boru Gong, Guangye Sui Fudan University, China LAC Xianhui Lu, Yamin Liu, Dingding Jia, Haiyang Xue, Jingnan He DACAS, Chinese Academy of Sciences Zhenfei Zhang, OnBoard Security Inc 1st Candidate Submitted to NIST PQC The only candidate based on LPN problem Suitable for low-power devices even RFID 1st Candidate Submitted to NIST PQC LPN is the simplest version of the hard learning problem family 1st Candidate Submitted to NIST PQC Hardness of LPN 1st Candidate Submitted to NIST PQC Main obstacle: public-key and ciphertext size 2nd Candidate Submitted to NIST PQC Optimal Key Consensus in Presence of Noise. 2nd Candidate Submitted to NIST PQC General Framework for PKE, KE 2nd Candidate Submitted to NIST PQC KCL vs NewHope 3rd Candidate Submitted to NIST PQC The only byte-level modulus and bit-level noise Ring-LWE based scheme 3rd Candidate Submitted to NIST PQC NewHope: n=1024, = 8,q 12289 Kyber: n=256*3, =2,q 7816 LAC: n=512, =1/ 2,q 215 3rd Candidate Submitted to NIST PQC a1a2 _mm256_maddubs_epi16 b1 b2 = cabab11122 c 1 AVX2 30 times speed up: 150 microseconds to 5 microseconds 3rd Candidate Submitted to NIST PQC μs 1st Cryptanalysis of NIST PQC Candidate Break DRS Scheme 1st Cryptanalysis of NIST PQC Candidate statistical attack with deep learning 2rd Cryptanalysis of NIST PQC Candidate Break HK17 Scheme 2rd Cryptanalysis of NIST PQC Candidate 3rd Cryptanalysis of NIST PQC Candidate Break Compact-LWE Scheme 3rd Cryptanalysis of NIST PQC Candidate LWE with structured noise Attend ISO/IEC SC27 WG2 SD8 Attend the PQC project of ISO Trends of PQC in China Theoretical Research of PQC： design & quantum computing cryptanalysis Prototype Standardization Application 2018 2020 2025 Thanks!.