后量子密码学发展进展与测试评估研究

Meng Zhang1,*, Jing Wang1, Junsen Lai1, Mingfu Dong2, Zhenzhong Zhu2 1China Academy of Information and Communication Technology (CAICT), Beijing 100191, China;wangjing15@caict.ac.cn (J.W.); laijunsen@caict.ac.cn (J.L.)2KOAL Software Co., Ltd., Shanghai 200072, China; dmf@koal.com (M.D.); zhuzz@koal.com (Z.Z.)3VIAVI Solutions Inc., Beijing 100102, China; ryan.ma@viavisolutions.com (R.M.);jun.yang@viavisolutions.com (J.Y.) Abstract:With the rapid development of quantum computing technology, traditionalcryptographic systems are facing unprecedented challenges. Post-Quantum Cryptography(PQC), as a new cryptographic technology that can resist attacks from quantum computers,has received widespread attention in recent years. This paper first analyzes the threat of Keywords:Post-Quantum Cryptography; development trends; testing and evaluation; 1. Introduction Quantum computing has been theoretically proven to have the ability to crack publickey cryptography far beyond existing classical computing.In recent years, quantumcomputing technology has developed rapidly, especially with the introduction of quantumalgorithms such as Shor’s algorithm [1] and Grover’s algorithm [2], which enable quantum Academic Editor: Osamu Hirota Received: 13 January 2025Revised: 9 February 2025Accepted: 11 February 2025 With the advancement of quantum computing technology, the information securitythreat of public key cryptography cracking is becoming increasingly imminent. The po-tential capabilities of quantum computers will not only damage the existing digital trustsystem, but may also bring a retroactive “harvest now, decrypt later” threat to sensitive Citation:Zhang, M.; Wang, J.; Lai, J.;Dong, M.; Zhu, Z.; Ma, R.; Yang, J.Research on Development Progressand Test Evaluation of Post-Quantum In order to meet this challenge, researchers and cryptographers have begun to developa new generation of cryptographic algorithms: Post-Quantum Cryptography (PQC). PQCprovides a new type of public key cryptographic algorithm by upgrading the underlyingmathematical difficulties. In August 2024, the National Institute of Standards and Technol- Copyright:© 2025 by the authors.Licensee MDPI, Basel, Switzerland.This article is an open access articledistributed under the terms andconditions of the Creative Commons algorithms, but also promotes the further development of cryptographic technology. PQCresearch covers multiple technical routes such as lattice-based cryptography, encoding-based cryptography, and multivariate-based cryptography. These algorithms are believedto be theoretically able to resist attacks from quantum computers, but their practical appli- In this paper, Section 2 discusses the information security risk challenges posed bythe development of quantum computing. Section 3 elaborates on the key technical pathsand standardization progress of PQC. In Section 4, the PQC evaluation system and method 2. Information Security Risk Challenges Caused by Quantum Computing Cryptographic algorithms mainly include symmetric algorithms, asymmetric algo-rithms, and hash algorithms. Symmetric cryptographic algorithms, also known as privatekey cryptographic algorithms, have the core feature that both communicating parties usethe same key to encrypt and decrypt data. This algorithm is widely favored for its highefficiency, especially in scenarios such as data encryption transmission and database encryp-tion storage. It can effectively ensure the confidentiality of data. Asymmetric cryptographicalgorithms, or public key cryptographic algorithms, use a pair of different keys: the public The security foundation of the RSA algorithm lies in the difficulty of IFP. The Shoralgorithm, proposed by Peter Shor in 1994, can efficiently solve the IFP with polynomialtime complexity on quantum computers, which directly threatens the security of the RSA algorithm. The core of the Shor algorithm is to use quantum Fourier transform to solvethe periodrof the function f(x) =ax In addition to the Shor algorithm, converting the IFP into an optimization problemand using adiabatic quantum computing (AQC) [3] to crack the RSA public key is also atechnical solution [4–11]. This solution can be implemented on quantum annealing (QA)machines and nuclear magnetic resonance (NMR) quantum computers based on adiabatic 3. PQC Development StatusIn thefield of cryptography, PQC is also called quantum-resistant cryptography(QRC). In a broad sense, quantum cryptography that uses the characteristics of quantum3. PQC Development StatusIn the field of cryptography, PQC is also called quantum-resistant cryptography(QRC). In a broad sense, quantum cryptography that uses the characteristics of quantummechanics, such as quantum key distribution (QKD) [20], can also be considered a part of post-quantum cryptography because it has the ability to resist quantum attacks. In anarrow sense, post-quantum cryptography refers specifically to mathematical encryption 3.1. PQC Technology Re