The advent of large-scale quantum computers will fundamentally transform cryptography. Classical algorithms like RSA and Diffie-Hellman key exchange, which secure much of today's internet, will become vulnerable to Shor's quantum algorithm for efficiently factoring large numbers and solving discrete logarithms. Post-quantum cryptography prepares for this transition by developing security that can withstand both classical and quantum attacks.

While post-quantum algorithms are now starting to be standardized, significant challenges remain. Current signature schemes lack diversity, with most relying on similar mathematical foundations. In our group, we address this gap by developing novel cryptographic solutions based on different mathematical assumptions, ensuring the cryptographic ecosystem remains robust even if some approaches prove vulnerable.

We contribute to this effort through both practical algorithm development and foundational protocol design:

• Post-quantum signatures: We have developed two signature algorithms with distinct mathematical foundations - FAEST based on symmetric cryptography and SQISign based on supersingular isogeny walks. Both are currently under consideration in NIST's ongoing standardization process, representing different approaches to quantum-resistant signatures.
• Advanced lattice-based protocols: Beyond basic encryption and signatures, we design sophisticated cryptographic protocols using quantum-safe lattice assumptions. This includes threshold cryptography, where cryptographic operations are distributed across multiple parties to eliminate single points of failure. Our threshold protocols for both public-key encryption and digital signatures demonstrate how post-quantum assumptions can enable complex, real-world security applications.

We believe that diversifying the mathematical foundations of post-quantum cryptography is crucial for long-term security. Just as the cryptographic community learned not to rely solely on factoring-based assumptions, the post-quantum era requires multiple independent approaches. Our work on isogeny-based and symmetric-based constructions, alongside lattice-based protocols, helps build this essential diversity into tomorrow's cryptographic infrastructure.