The usability of NIST post-quantum competition candidates as replacements in existing systems and protocols

Quantum computers pose a real threat to cryptography if and when they are realized in full scale. Certain hard problems are much easier to solve with a quantum computer. This holds in particular for cryptography based on factoring and computing discrete logarithms. Standardization bodies have already begun the process of finding new quantum resistant primitives that can replace current schemes based on problems that are easy to solve with quantum computer. However, this process will take some time, while current projections estimate that it is not unlikely that a cryptographically relevant quantum computer is realized in the next 10-15 years. Governments are taking action right now. In particular, systems that carry information that requires protection for a long time (>15 yrs) should replace algorithms that can be broken by quantum computers now. However, this is difficult without a post quantum replacement at hand. This goal of this project is to investigate the practical limitations of the post quantum NIST candidates as replacements in real world systems and protocols. In particular, the goal of the project is to rank candidates in terms of how easy they are to deploy in existing protocols and systems. Relevant metrics include implementation costs, key-sizes and speed. One suggestion is to use deployment into TLS as a benchmark.