Secure and Efficient Post-Quantum Cryptography in Hardware and Software (Dagstuhl Seminar 23152)

NIST recently announced the winners of its post-quantum cryptography (PQC) standardization process and outlined the next steps in its ongoing standardization efforts. With fewer algorithms now in the focus of the cryptographic community, the time has come to intensify the investigation of efficiency and physical security aspects of PQC algorithms. This is required to enable PQC in real-life applications and to provide feedback to NIST and submitters before final standardization. To allow widespread adoption, the implementation of PQC in current microchip technologies must be possible within application- or platform-specific constraints such as area, memory, time, power, and energy budgets. Furthermore, more and more PQC use-cases require resistance to physical attacks like power analysis. The primary aim of this Dagstuhl Seminar was to initiate deeper investigations into secure and efficient implementations of PQC on hardware and hardware/software codesign platforms. In this direction, the seminar brought together researchers in theoretical cryptology, applied cryptography, cryptographic hardware and software systems, and physical security. During the seminar, participants identified new challenges and research directions in PQC, exchanged thoughts and ideas, and initiated collaborations on researching secured and efficient design methodologies for PQC.