vinod sharma .in Solution Architect, Author & Educator
Courses, books, roadmaps, and tutorials to help developers build real-world skills.
Β© 2026 Vinod Sharma. All rights reserved.
Post-Quantum Cryptography A specialised roadmap for understanding and implementing cryptographic systems that are secure against quantum computer attacks. This path covers mathematical foundations, classical cryptography, quantum threats, lattice-based and code-based cryptography, hash-based signatures, NIST standards, migration planning, implementation security, and quantum-safe infrastructure design.
12 milestones in this roadmap
Step 1 beginner 8-10 weeks
Mathematics Foundation (Number Theory & Abstract Algebra) Build the mathematical foundations for cryptography including number theory, abstract algebra, and computational complexity.
1 Modular arithmetic, Euler totient function, and Fermat's little theorem 2 Prime factorisation, discrete logarithm problem, and elliptic curve groups 3 Abstract algebra: groups, rings, fields, and polynomial rings 4 Lattice theory: basis, shortest vector problem (SVP), closest vector problem (CVP) 5 Computational complexity: P, NP, NP-hard, and reduction proofs 6 Information theory basics: entropy, one-time pad, and perfect secrecy
Step 1 beginner 8-10 weeks
Mathematics Foundation (Number Theory & Abstract Algebra) Build the mathematical foundations for cryptography including number theory, abstract algebra, and computational complexity.
1 Modular arithmetic, Euler totient function, and Fermat's little theorem 2 Prime factorisation, discrete logarithm problem, and elliptic curve groups 3 Abstract algebra: groups, rings, fields, and polynomial rings 4 Lattice theory: basis, shortest vector problem (SVP), closest vector problem (CVP) 5
Step 2 beginner 6-8 weeks
Classical Cryptography (RSA, ECC, AES) Master the cryptographic algorithms protecting the internet today and understand precisely why they are vulnerable to quantum attack.
1 RSA: key generation, encryption, signatures, and PKCS padding 2 Elliptic curve cryptography: ECDH key exchange and ECDSA signatures 3 AES: block cipher modes (CBC, GCM, CTR), key schedules, and authenticated encryption 4 Diffie-Hellman key exchange and its discrete logarithm basis
Step 3 intermediate 4-6 weeks
Cryptographic Protocols (TLS, PKI) Study how cryptographic primitives combine into protocols like TLS, PKI, and digital signatures that must be upgraded for quantum safety.
1 TLS 1.3 handshake: key exchange, authentication, and record protocol 2 Public Key Infrastructure: X.509 certificates, CAs, OCSP, and CRLs 3 Digital signature schemes: RSA-PSS, ECDSA, and EdDSA 4 Key management: generation, distribution, rotation, and destruction
Step 4 intermediate 3-4 weeks
Understanding Quantum Threats Analyse exactly how quantum computers threaten current cryptography and why migration must begin now despite quantum computers being years away.
1 Shor's algorithm: polynomial-time factoring and discrete logarithm computation 2 Grover's algorithm: quadratic speedup for symmetric key search 3 Harvest now, decrypt later (HNDL) threat model and its implications 4 Timeline estimates for cryptographically relevant quantum computers (CRQC)
Step 5 intermediate 6-8 weeks
Lattice-Based Cryptography Study lattice-based cryptography built on hard problems like LWE and Ring-LWE, including the NIST-selected standards Kyber and Dilithium.
1 Lattices in cryptography: basis, shortest vector problem, and learning with errors 2 LWE, Ring-LWE, and Module-LWE hardness assumptions and reductions 3 CRYSTALS-Kyber (ML-KEM, FIPS 203): key encapsulation mechanism design 4 CRYSTALS-Dilithium (ML-DSA, FIPS 204): digital signature scheme
Step 6 advanced 4-6 weeks
Code-Based Cryptography Explore code-based cryptography built on the hardness of decoding random linear codes, including the Classic McEliece finalist.
1 Linear codes, generator and parity-check matrices, and syndrome decoding 2 Goppa codes, algebraic geometry codes, and their decoding algorithms 3 McEliece cryptosystem: key generation, encryption, and security proofs 4 Classic McEliece: NIST finalist, parameter sets, and key size trade-offs
Step 7 advanced 4-6 weeks
Hash-Based Signatures Master hash-based signature schemes that rely only on hash function security, including XMSS, LMS, and SPHINCS+.
1 One-time signatures: Lamport signatures and Winternitz OTS (WOTS+) 2 Merkle tree construction for many-time signatures from OTS 3 XMSS (RFC 8391): stateful hash-based signatures and state management 4 LMS (NIST SP 800-208): hierarchical signatures and parameter choices
Step 8 advanced 3-4 weeks
Multivariate Cryptography Study multivariate polynomial cryptography, its cryptanalysis challenges, and lessons from broken schemes like Rainbow.
1 Multivariate quadratic (MQ) problem and its NP-hardness 2 Oil and Vinegar signature scheme and Unbalanced Oil and Vinegar (UOV) 3 Rainbow: design, NIST submission, and the 2022 key-recovery attack 4 GeMSS and other multivariate signature candidates
Step 9 advanced 4-6 weeks
NIST PQC Standards (Kyber, Dilithium, SPHINCS+) Deep dive into the finalised NIST post-quantum standards, their parameter sets, security levels, and implementation guidance.
1 ML-KEM (FIPS 203): parameter sets (512, 768, 1024), encapsulation, and decapsulation 2 ML-DSA (FIPS 204): parameter sets, signing, verification, and deterministic vs hedged 3 SLH-DSA (FIPS 205): parameter sets (SHA-2 vs SHAKE, small vs fast) 4 Security levels I-V and their mapping to classical AES key strengths
Step 10 advanced 4-6 weeks
Migration Planning & Hybrid Approaches Develop practical strategies for migrating existing systems to post-quantum cryptography using hybrid approaches and crypto-agility.
1 Cryptographic inventory: discovering all algorithm usage across an organisation 2 Crypto-agility: designing systems that can swap algorithms without full rewrite 3 Hybrid key exchange: combining classical (X25519) and PQC (Kyber) for defence in depth 4 Risk-based prioritisation: protect long-lived secrets and high-value assets first
Step 11 advanced 6-8 weeks
Implementation & Side-Channel Security Learn to implement PQC algorithms securely with constant-time code, side-channel protections, and formal verification.
1 Constant-time programming: avoiding branches and memory access patterns dependent on secrets 2 Power analysis attacks (SPA, DPA) and masking countermeasures 3 Fault injection attacks and redundancy-based protections 4 Timing attacks on lattice-based schemes: Gaussian sampling and NTT
Step 12 advanced 6-8 weeks
Quantum-Safe Infrastructure Design Design end-to-end quantum-safe infrastructure by upgrading TLS, PKI, VPNs, code signing, and long-lived secret protection.
1 Quantum-safe TLS: hybrid key exchange, PQC cipher suites, and certificate upgrades 2 Post-quantum PKI: certificate sizes, chain validation, and transition strategies 3 VPN tunnel upgrades: IPsec and WireGuard with PQC key exchange 4 Code signing with hash-based signatures for long-term verification Ready to start this journey? Browse our courses and books to begin your learning path.
SageMath Python (sympy, galois) MATLAB / Mathematica Koblitz textbook (A Course in Number Theory and Cryptography)
Computational complexity: P, NP, NP-hard, and reduction proofs
6 Information theory basics: entropy, one-time pad, and perfect secrecy
SageMath Python (sympy, galois) MATLAB / Mathematica Koblitz textbook (A Course in Number Theory and Cryptography)
5 Hash functions: SHA-2, SHA-3, collision resistance, and preimage resistance
6 Why Shor's algorithm breaks RSA and ECC but only weakens AES (Grover)
OpenSSL Python cryptography library GnuPG CyberChef
Step 2 beginner 6-8 weeks
Classical Cryptography (RSA, ECC, AES) Master the cryptographic algorithms protecting the internet today and understand precisely why they are vulnerable to quantum attack.
1 RSA: key generation, encryption, signatures, and PKCS padding 2 Elliptic curve cryptography: ECDH key exchange and ECDSA signatures 3 AES: block cipher modes (CBC, GCM, CTR), key schedules, and authenticated encryption 4 Diffie-Hellman key exchange and its discrete logarithm basis 5 Hash functions: SHA-2, SHA-3, collision resistance, and preimage resistance 6 Why Shor's algorithm breaks RSA and ECC but only weakens AES (Grover)
OpenSSL Python cryptography library GnuPG CyberChef
5
Certificate transparency and CT logs
6 Protocol analysis: verifying security properties and known vulnerabilities
Wireshark for TLS analysis OpenSSL / LibreSSL Let's Encrypt / ACME Burp Suite
Step 3 intermediate 4-6 weeks
Cryptographic Protocols (TLS, PKI) Study how cryptographic primitives combine into protocols like TLS, PKI, and digital signatures that must be upgraded for quantum safety.
1 TLS 1.3 handshake: key exchange, authentication, and record protocol 2 Public Key Infrastructure: X.509 certificates, CAs, OCSP, and CRLs 3 Digital signature schemes: RSA-PSS, ECDSA, and EdDSA 4 Key management: generation, distribution, rotation, and destruction 5 Certificate transparency and CT logs 6 Protocol analysis: verifying security properties and known vulnerabilities
Wireshark for TLS analysis OpenSSL / LibreSSL Let's Encrypt / ACME Burp Suite
5 Mosca's theorem for migration urgency calculation
6 NIST, NSA, and CNSA 2.0 guidance on quantum-resistant transition timelines
Qiskit (Shor's algorithm simulation) NIST PQC documentation Quantum Threat Timeline resources Mosca's risk assessment framework
Step 4 intermediate 3-4 weeks
Understanding Quantum Threats Analyse exactly how quantum computers threaten current cryptography and why migration must begin now despite quantum computers being years away.
1 Shor's algorithm: polynomial-time factoring and discrete logarithm computation 2 Grover's algorithm: quadratic speedup for symmetric key search 3 Harvest now, decrypt later (HNDL) threat model and its implications 4 Timeline estimates for cryptographically relevant quantum computers (CRQC) 5 Mosca's theorem for migration urgency calculation 6 NIST, NSA, and CNSA 2.0 guidance on quantum-resistant transition timelines
Qiskit (Shor's algorithm simulation) NIST PQC documentation Quantum Threat Timeline resources Mosca's risk assessment framework
5
Parameter selection: security levels, key sizes, and performance trade-offs
6 NTRU: historical lattice-based encryption and its relationship to modern schemes
liboqs (Open Quantum Safe) PQClean reference implementations SageMath for lattice computations NIST PQC submission packages
Step 5 intermediate 6-8 weeks
Lattice-Based Cryptography Study lattice-based cryptography built on hard problems like LWE and Ring-LWE, including the NIST-selected standards Kyber and Dilithium.
1 Lattices in cryptography: basis, shortest vector problem, and learning with errors 2 LWE, Ring-LWE, and Module-LWE hardness assumptions and reductions 3 CRYSTALS-Kyber (ML-KEM, FIPS 203): key encapsulation mechanism design 4 CRYSTALS-Dilithium (ML-DSA, FIPS 204): digital signature scheme 5 Parameter selection: security levels, key sizes, and performance trade-offs 6 NTRU: historical lattice-based encryption and its relationship to modern schemes
liboqs (Open Quantum Safe) PQClean reference implementations SageMath for lattice computations NIST PQC submission packages
5
Information set decoding attacks and their complexity
6 BIKE and HQC: structured-code alternatives with smaller key sizes
SageMath (coding theory modules) PQClean (Classic McEliece implementation) liboqs NIST PQC Round 4 documentation
Step 6 advanced 4-6 weeks
Code-Based Cryptography Explore code-based cryptography built on the hardness of decoding random linear codes, including the Classic McEliece finalist.
1 Linear codes, generator and parity-check matrices, and syndrome decoding 2 Goppa codes, algebraic geometry codes, and their decoding algorithms 3 McEliece cryptosystem: key generation, encryption, and security proofs 4 Classic McEliece: NIST finalist, parameter sets, and key size trade-offs 5 Information set decoding attacks and their complexity 6 BIKE and HQC: structured-code alternatives with smaller key sizes
SageMath (coding theory modules) PQClean (Classic McEliece implementation) liboqs NIST PQC Round 4 documentation
5
SPHINCS+ (SLH-DSA, FIPS 205): stateless hash-based signatures and hypertrees
6 Stateful vs stateless trade-offs: performance, security, and operational risk
liboqs (SPHINCS+ implementation) hash-sigs (LMS/XMSS reference) PQClean OpenSSL (experimental PQC branch)
Step 7 advanced 4-6 weeks
Hash-Based Signatures Master hash-based signature schemes that rely only on hash function security, including XMSS, LMS, and SPHINCS+.
1 One-time signatures: Lamport signatures and Winternitz OTS (WOTS+) 2 Merkle tree construction for many-time signatures from OTS 3 XMSS (RFC 8391): stateful hash-based signatures and state management 4 LMS (NIST SP 800-208): hierarchical signatures and parameter choices 5 SPHINCS+ (SLH-DSA, FIPS 205): stateless hash-based signatures and hypertrees 6 Stateful vs stateless trade-offs: performance, security, and operational risk
liboqs (SPHINCS+ implementation) hash-sigs (LMS/XMSS reference) PQClean OpenSSL (experimental PQC branch)
5
Kipnis-Shamir attack, MinRank, and algebraic cryptanalysis techniques
6 Lessons from Rainbow: conservative security analysis and parameter selection
SageMath (multivariate polynomial systems) Magma (algebraic computation) NIST PQC submission documentation Cryptanalysis papers (eprint.iacr.org)
Step 8 advanced 3-4 weeks
Multivariate Cryptography Study multivariate polynomial cryptography, its cryptanalysis challenges, and lessons from broken schemes like Rainbow.
1 Multivariate quadratic (MQ) problem and its NP-hardness 2 Oil and Vinegar signature scheme and Unbalanced Oil and Vinegar (UOV) 3 Rainbow: design, NIST submission, and the 2022 key-recovery attack 4 GeMSS and other multivariate signature candidates 5 Kipnis-Shamir attack, MinRank, and algebraic cryptanalysis techniques 6 Lessons from Rainbow: conservative security analysis and parameter selection
SageMath (multivariate polynomial systems) Magma (algebraic computation) NIST PQC submission documentation Cryptanalysis papers (eprint.iacr.org)
5 Performance benchmarks: key generation, encapsulation/signing, and bandwidth
6 Fourth round candidates: HQC, BIKE, and additional signature schemes
NIST FIPS 203/204/205 publications liboqs / OQS-OpenSSL PQClean reference implementations SUPERCOP benchmarking framework
Step 9 advanced 4-6 weeks
NIST PQC Standards (Kyber, Dilithium, SPHINCS+) Deep dive into the finalised NIST post-quantum standards, their parameter sets, security levels, and implementation guidance.
1 ML-KEM (FIPS 203): parameter sets (512, 768, 1024), encapsulation, and decapsulation 2 ML-DSA (FIPS 204): parameter sets, signing, verification, and deterministic vs hedged 3 SLH-DSA (FIPS 205): parameter sets (SHA-2 vs SHAKE, small vs fast) 4 Security levels I-V and their mapping to classical AES key strengths 5 Performance benchmarks: key generation, encapsulation/signing, and bandwidth 6 Fourth round candidates: HQC, BIKE, and additional signature schemes
NIST FIPS 203/204/205 publications liboqs / OQS-OpenSSL PQClean reference implementations SUPERCOP benchmarking framework
5 Early adopter case studies: Google CECPQ2, Cloudflare, Signal (PQXDH)
6 NSA CNSA 2.0 and NIST migration guidance timelines and compliance
Cloudflare PQC tools AWS KMS (PQC TLS support) Signal Protocol (PQXDH) Open Quantum Safe (OQS) project
Step 10 advanced 4-6 weeks
Migration Planning & Hybrid Approaches Develop practical strategies for migrating existing systems to post-quantum cryptography using hybrid approaches and crypto-agility.
1 Cryptographic inventory: discovering all algorithm usage across an organisation 2 Crypto-agility: designing systems that can swap algorithms without full rewrite 3 Hybrid key exchange: combining classical (X25519) and PQC (Kyber) for defence in depth 4 Risk-based prioritisation: protect long-lived secrets and high-value assets first 5 Early adopter case studies: Google CECPQ2, Cloudflare, Signal (PQXDH) 6 NSA CNSA 2.0 and NIST migration guidance timelines and compliance
Cloudflare PQC tools AWS KMS (PQC TLS support) Signal Protocol (PQXDH) Open Quantum Safe (OQS) project
5
Formal verification of cryptographic implementations (Jasmin, EasyCrypt)
6 Hardware acceleration: FPGA and ASIC implementations for PQC
liboqs / pqcrypto libraries Valgrind (ct-grind for constant-time checking) ChipWhisperer (side-channel analysis) Jasmin / EasyCrypt
Step 11 advanced 6-8 weeks
Implementation & Side-Channel Security Learn to implement PQC algorithms securely with constant-time code, side-channel protections, and formal verification.
1 Constant-time programming: avoiding branches and memory access patterns dependent on secrets 2 Power analysis attacks (SPA, DPA) and masking countermeasures 3 Fault injection attacks and redundancy-based protections 4 Timing attacks on lattice-based schemes: Gaussian sampling and NTT 5 Formal verification of cryptographic implementations (Jasmin, EasyCrypt) 6 Hardware acceleration: FPGA and ASIC implementations for PQC
liboqs / pqcrypto libraries Valgrind (ct-grind for constant-time checking) ChipWhisperer (side-channel analysis) Jasmin / EasyCrypt
5
IoT and embedded device considerations: constrained resources and firmware updates
6 Organisational readiness: testing environments, performance benchmarking, and rollout plans
OQS-OpenSSL / OQS-BoringSSL wolfSSL (PQC support) strongSwan (PQC IPsec) Chromium / Firefox (PQC TLS experiments)
Step 12 advanced 6-8 weeks
Quantum-Safe Infrastructure Design Design end-to-end quantum-safe infrastructure by upgrading TLS, PKI, VPNs, code signing, and long-lived secret protection.
1 Quantum-safe TLS: hybrid key exchange, PQC cipher suites, and certificate upgrades 2 Post-quantum PKI: certificate sizes, chain validation, and transition strategies 3 VPN tunnel upgrades: IPsec and WireGuard with PQC key exchange 4 Code signing with hash-based signatures for long-term verification 5 IoT and embedded device considerations: constrained resources and firmware updates 6 Organisational readiness: testing environments, performance benchmarking, and rollout plans
OQS-OpenSSL / OQS-BoringSSL wolfSSL (PQC support) strongSwan (PQC IPsec) Chromium / Firefox (PQC TLS experiments)