Shor's algorithm, NIST post-quantum standards, lattice theory, LWE, CRYSTALS-Kyber, CRYSTALS-Dilithium, hash-based signatures, code-based cryptography, and isogeny-based cryptography.
The post-quantum transition is the most consequential shift in cryptography since public-key cryptography was invented. This course builds the mathematical and algorithmic foundation for understanding why quantum computers break RSA and ECC, and how the NIST-standardized replacements (ML-KEM, ML-DSA, SLH-DSA) achieve security that survives even a quantum adversary. Topics include quantum computing foundations, Shor's and Grover's algorithms, lattice theory and LWE, the CRYSTALS family, hash-based signatures, code-based cryptography (McEliece, BIKE, HQC), and isogeny-based cryptography including the 2022 SIDH break.
Built by Lakshya Kumar
We grant free access case-by-case — students, career-switchers, builders on a tight budget. Sign in to send us a note.
Sign in to applyComplete all modules, then submit the required number of capstone projects. Each must earn a passing rating from an admin reviewer.
Using liboqs-python, implement and benchmark keygen + encapsulate + decapsulate for ML-KEM-768 and sign + verify for ML-DSA-65 and SLH-DSA-SHA2-128f. Compare key sizes, signature sizes, and operation latencies against RSA-2048 and Ed25519. Write a 6–8 page migration guide for a system currently using RSA-2048 + ECDSA.
Implement a hybrid handshake combining ML-KEM (Kyber) with X25519 in TLS 1.3 style. Verify the shared secret matches on both sides; benchmark vs pure X25519. Document the wire-format overhead and the recommendation for production deployment.
Paste this into any AI chat. Fill in the bracketed parts with your context — you'll get back a straight answer on whether this belongs on your plate.
I'm studying Advanced Cryptography focused on post-quantum security: quantum computing foundations, Shor's algorithm, Grover's algorithm, lattice theory (LWE, SIS, Module-LWE), CRYSTALS-Kyber (ML-KEM), CRYSTALS-Dilithium (ML-DSA), hash-based signatures (XMSS, SPHINCS+/SLH-DSA), code-based cryptography (McEliece, BIKE, HQC), and isogeny-based cryptography (SIDH break, CSIDH, SQISign). Context: 1. My goal: [e.g. "migrate my system to PQC", "research lattice cryptography", "understand the SIDH break"] 2. My background: [e.g. "completed the Cryptography module", "security engineer familiar with TLS"] 3. One concept needing intuition: [e.g. "why is LWE hard?", "how does Kyber's KEM work?"] Answer: - For (3): explain in 3 paragraphs — definition, why believed hard, best known attack complexity. - What is the migration priority for RSA-2048 + ECDSA + AES-256? - Which NIST PQC standard to deploy first and why?
Implement a simplified version of an isogeny-based protocol (SIDH or CSIDH-style on a small prime). Document the math, prove correctness on small parameters, and benchmark vs a lattice-based alternative.
Implement a simplified lattice attack against a deliberately-weak parameter set (small Ring-LWE). Use LLL or BKZ; recover the secret. Document the attack pipeline and the parameter conditions under which it succeeds.
Implement bootstrapping for a basic FHE scheme (TFHE or BFV) at toy parameters. Demonstrate the noise reduction and the ciphertext refresh. Benchmark the bootstrap cost; analyze its impact on practical FHE pipelines.
The official NIST evaluation. Read to understand why specific algorithms were chosen.