This blog post describes the post-quantum cryptography (PQC) system Kyber, which is a finalist in NIST’s PQC competition. In the first section I’ll introduce post-quantum crypto and give some background on Kyber. Then I’ll describe the concrete system by looking at a minified version. The last section will cover remaining technical details and security claims.
Already in the early 2000s cryptographers got increasingly worried about potential advances in quantum computing. Since Peter Shor published his famous Shor’s Algorithm we know that a large enough quantum computer would break all widely used public key systems. This includes RSA, finite field and elliptic curve constructions.
As a consequence, in 2017 the National Institute of Standards and Technology called for new public key systems that can withstand quantum computers. Kyber is such a proposed post-quantum scheme. In 2021 NIST decided it is worthy of standardization.
Kyber is a post-quantum public-key encryption system. Its main use case is to establish keys of symmetric-key systems in higher-level protocols like TLS, Signal or OpenPGP. it is a post-quantum system because Kyber is specifically designed to be secure even in the presence of quantum computers.