Post-quantum cryptography is an important branch of cryptography, studying cryptography under the threat model that the attacker has a quantum computer. Systems that can withstand quantum attacks are urgently needed but in many applications all parties need to agree on what system is used. NIST, the US National Institute for Standards and Technology, has been running a competition to select some systems as standards. This talk will report on the process and cover some of the interesting ways that the design, standardization, and deployment of post-quantum cryptography have been going wrong.
Why do we still not use post-quantum cryptography? This talk sheds some light on what happened beyond the efforts of researchers to design good crypto and get it deployed. Bring your tinfoil hats.