PQC Research Reading List | Quantum Security Era

The Definitive Guide to Post-Quantum Cryptography Literature

This curated reading list takes you from foundational understanding to research-frontier knowledge. Papers are organized by topic and difficulty, with annotations explaining why each is essential.

Part 1: Foundation Papers (Start Here)

1.1 The Original Threat

Shor's Algorithm - The Paper That Started It All

Paper	Authors	Year	Why Read It
"Algorithms for Quantum Computation: Discrete Logarithms and Factoring"	Peter Shor	1994	The foundational paper showing quantum computers break RSA/ECC. Read for historical context.
"Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer"	Peter Shor	1997	Extended journal version with full proofs. Essential for understanding the threat model.

Link: https://arxiv.org/abs/quant-ph/9508027

Key Takeaway: Shor showed that quantum computers solve the discrete logarithm and integer factorization problems in polynomial time, breaking RSA, DSA, ECDSA, and Diffie-Hellman.

Grover's Algorithm

Paper	Authors	Year	Why Read It
"A Fast Quantum Mechanical Algorithm for Database Search"	Lov Grover	1996	Shows quadratic speedup for unstructured search. Explains why we double symmetric key sizes.

Link: https://arxiv.org/abs/quant-ph/9605043

Key Takeaway: Grover provides √N speedup for search, reducing AES-128 to 64-bit security. This is why AES-256 becomes the minimum for quantum resistance.

1.2 Lattice Cryptography Foundations

The LWE Problem - Foundation of Modern PQC

Paper	Authors	Year	Why Read It
"On Lattices, Learning with Errors, Random Linear Codes, and Cryptography"	Oded Regev	2005	THE foundational paper for LWE. Proves hardness based on worst-case lattice problems.
"Lattice-Based Cryptography"	Daniele Micciancio, Oded Regev	2009	Excellent survey of lattice cryptography. Best introduction to the field.

Link (Regev): https://dl.acm.org/doi/10.1145/1060590.1060603

Key Takeaway: Regev proved that solving LWE is as hard as solving worst-case lattice problems (GapSVP, SIVP). This gives lattice cryptography its security foundation.

Ring-LWE and Module-LWE

Paper	Authors	Year	Why Read It
"On Ideal Lattices and Learning with Errors Over Rings"	Vadim Lyubashevsky, Chris Peikert, Oded Regev	2010	Introduces Ring-LWE, enabling efficient implementations.
"Algebraically Structured LWE, Revisited"	Chris Peikert, Zachary Pepin	2019	Comprehensive treatment of Module-LWE security.

Link (LPR): https://eprint.iacr.org/2012/230

Key Takeaway: Ring-LWE and Module-LWE provide the efficiency needed for practical cryptography while maintaining provable security reductions.

Part 2: NIST Standards - The Source Documents

2.1 ML-KEM (CRYSTALS-Kyber)

Original Submission and Specification

Document	Authors	Year	Why Read It
"CRYSTALS-Kyber Algorithm Specifications and Supporting Documentation"	Avanzi et al.	2017-2022	The complete specification. Essential for implementation.
"CRYSTALS-Kyber: A CCA-Secure Module-Lattice-Based KEM"	Bos et al.	2018	Academic paper with security analysis.
"FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard"	NIST	2024	The official federal standard. Authoritative source.

Links:

Specification: https://pq-crystals.org/kyber/
FIPS 203: https://csrc.nist.gov/pubs/fips/203/final

Key Papers on Kyber Security:

Paper	Authors	Year	Focus
"The Security of Kyber"	Kiltz, Lyubashevsky, Schaffner	2020	Tight security proof in the QROM
"On the Hardness of Module-LWE with Binary Secret"	Langlois, Stehlé	2015	Security of binary secrets used in Kyber

2.2 ML-DSA (CRYSTALS-Dilithium)

Original Submission and Specification

Document	Authors	Year	Why Read It
"CRYSTALS-Dilithium Algorithm Specifications"	Ducas et al.	2017-2022	Complete specification for implementation.
"CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme"	Ducas et al.	2018	Academic paper with Fiat-Shamir construction.
"FIPS 204: Module-Lattice-Based Digital Signature Standard"	NIST	2024	The official federal standard.

Links:

Specification: https://pq-crystals.org/dilithium/
FIPS 204: https://csrc.nist.gov/pubs/fips/204/final

Key Papers on Dilithium Security:

Paper	Authors	Year	Focus
"On the Security of Dilithium Against Side-Channel Attacks"	Ravi et al.	2019	Side-channel analysis
"Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures"	Lyubashevsky	2009	The underlying signature technique

2.3 SLH-DSA (SPHINCS+)

Original Submission and Specification

Document	Authors	Year	Why Read It
"SPHINCS+ Specification"	Bernstein et al.	2017-2022	Complete hash-based signature specification.
"SPHINCS+: Compact Signatures from Hash-Based Signatures"	Bernstein et al.	2019	Academic paper with security analysis.
"FIPS 205: Stateless Hash-Based Digital Signature Standard"	NIST	2024	The official federal standard.

Links:

Specification: https://sphincs.org/
FIPS 205: https://csrc.nist.gov/pubs/fips/205/final

Foundational Hash-Based Signature Papers:

Paper	Authors	Year	Focus
"Merkle Signature Schemes, Merkle Trees and Their Cryptanalysis"	Ralph Merkle	1989	Original Merkle tree signatures
"XMSS: A Practical Forward Secure Signature Scheme based on Minimal Security Assumptions"	Buchmann et al.	2011	Stateful predecessor to SPHINCS
"SPHINCS: Practical Stateless Hash-Based Signatures"	Bernstein et al.	2015	The original SPHINCS before SPHINCS+

Part 3: Cryptanalysis Papers

3.1 Lattice Attacks

Classical Attacks on Lattices

Paper	Authors	Year	Why Read It
"The LLL Algorithm"	Lenstra, Lenstra, Lovász	1982	Foundational lattice reduction. Still used today.
"Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems"	Schnorr, Euchner	1994	BKZ algorithm foundation.
"The General Sieve Kernel and New Records in Lattice Reduction"	Ducas et al.	2019	Modern sieving advances.

Key Takeaway: LLL and BKZ are the foundation of lattice attacks. Understanding their complexity (exponential in dimension) is essential for parameter selection.

Quantum Attacks on Lattices

Paper	Authors	Year	Why Read It
"Quantum Algorithms for Lattice Problems"	Laarhoven	2016	Survey of quantum lattice algorithms
"Quantum Speedup of Lattice Sieving"	Laarhoven	2019	Analysis of quantum speedup for SVP
"On the concrete hardness of Learning with Errors"	Albrecht et al.	2015	LWE estimator methodology

Key Takeaway: Quantum computers provide at most polynomial speedup for lattice problems, not the exponential speedup seen with factoring. This is why lattice cryptography is quantum-resistant.

3.2 Side-Channel Attacks

Timing and Power Analysis

Paper	Authors	Year	Focus
"Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems"	Paul Kocher	1996	The original timing attack paper
"Differential Power Analysis"	Kocher, Jaffe, Jun	1999	Foundation of power analysis attacks
"A Systematic Approach to the Side-Channel Analysis of ECC Implementations"	Bauer et al.	2015	Methodology applicable to PQC

PQC-Specific Side-Channel Papers:

Paper	Authors	Year	Focus
"Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption"	Primas et al.	2017	Attacks on Kyber implementations
"Side-Channel Attacks on CRYSTALS-Kyber"	D'Anvers et al.	2020	Comprehensive Kyber side-channel analysis
"Practical Side-Channel Attacks on CRYSTALS-Dilithium"	Ravi et al.	2019	Dilithium implementation attacks

3.3 Fault Attacks

Paper	Authors	Year	Focus
"Differential Fault Analysis of the Advanced Encryption Standard"	Piret, Quisquater	2003	Classic DFA methodology
"Fault Attacks on CRYSTALS-Kyber"	Ravi et al.	2019	Fault attacks on lattice KEM
"Loop-Abort Faults on Lattice-Based Signature Schemes and KEMs"	Bruinderink, Pessl	2018	Skip/loop fault techniques

Part 4: Implementation Security

4.1 Constant-Time Implementation

Paper	Authors	Year	Why Read It
"Verified Assembly Code for Elliptic Curve Cryptography"	Bernstein et al.	2019	Methodology for verified constant-time code
"Jasmin: High-Assurance and High-Speed Cryptography"	Almeida et al.	2017	Verified implementation framework
"Implementing Curve25519/X25519: A Tutorial"	Martin Kleppmann	2021	Practical constant-time tutorial

Key Resources:

Resource	Link	Focus
TIMECOP	https://www.bearssl.org/constanttime.html	Constant-time programming guide
CT-Verif	https://github.com/imdea-software/verifying-constant-time	Verification tool
ctgrind	https://github.com/agl/ctgrind	Valgrind-based timing checker

4.2 Secure Random Number Generation

Paper	Authors	Year	Focus
"Mining Your Ps and Qs: Detection of Widespread Weak Keys in Network Devices"	Heninger et al.	2012	RNG failures in practice
"NIST SP 800-90B: Recommendation for the Entropy Sources Used for Random Bit Generation"	NIST	2018	Entropy source requirements
"A Practical Guide to Random Number Generation in Software"	Bernstein	2014	Practical guidance

Part 5: Migration and Deployment

5.1 Hybrid Cryptography

Paper	Authors	Year	Focus
"Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange"	Bindel et al.	2019	Security proofs for hybrid constructions
"KEMTLS: Post-Quantum Key Exchange with KEMTLS"	Schwabe et al.	2020	TLS migration approach
"Post-Quantum TLS without Handshake Signatures"	Schwabe et al.	2020	Optimized PQ-TLS

Key Takeaway: Hybrid cryptography provides security if either classical OR post-quantum algorithm remains secure.

5.2 Protocol Integration

TLS and HTTPS:

Paper	Authors	Year	Focus
"Post-Quantum Key Exchange for the TLS Protocol"	Bos et al.	2015	First PQC in TLS proposal
"Benchmarking Post-Quantum Cryptography in TLS"	Paquin et al.	2020	Performance analysis
RFC 8446	IETF	2018	TLS 1.3 specification
draft-ietf-tls-hybrid-design	IETF	2024	Hybrid key exchange draft

SSH:

Document	Source	Focus
draft-kampanakis-curdle-ssh-pq-ke	IETF	PQ key exchange for SSH
OpenSSH 9.0 Release Notes	OpenSSH	Hybrid key exchange support

IKE/IPsec:

Document	Source	Focus
RFC 9370	IETF	Multiple Key Exchanges in IKEv2
draft-ietf-ipsecme-ikev2-pqc-hybrid	IETF	Hybrid PQC in IKEv2

5.3 PKI and Certificates

Paper	Authors	Year	Focus
"Sizing Up Post-Quantum Signatures"	Sikeridis et al.	2020	Certificate size analysis
"A Formal Analysis of Backward Compatibility for PQC Certificates"	Bindel et al.	2022	Migration considerations
RFC 8954	IETF	Online Certificate Status Protocol (OCSP)

Part 6: Advanced Topics

6.1 Isogeny-Based Cryptography (Research Area)

Note: SIKE was broken in 2022, but isogeny research continues.

Paper	Authors	Year	Focus
"Supersingular Isogeny Key Encapsulation"	Jao et al.	2017	Original SIKE proposal
"An Efficient Key Recovery Attack on SIDH"	Castryck, Decru	2022	The attack that broke SIKE
"SQIsign: Compact Post-Quantum Signatures from Quaternions and Isogenies"	De Feo et al.	2020	Alternative isogeny approach

6.2 Code-Based Cryptography

Paper	Authors	Year	Focus
"A Public-Key Cryptosystem Based On Algebraic Coding Theory"	McEliece	1978	Original code-based crypto
"Classic McEliece"	Bernstein et al.	2017-2022	NIST Round 4 candidate
"BIKE: Bit Flipping Key Encapsulation"	Aragon et al.	2017-2022	NIST Round 4 candidate
"HQC: Hamming Quasi-Cyclic"	Aguilar et al.	2017-2022	NIST Round 4 candidate

6.3 Multivariate Cryptography

Paper	Authors	Year	Focus
"Multivariate Cryptography"	Ding, Yang	2009	Comprehensive survey
"Rainbow"	Ding, Schmidt	2005	NIST candidate (broken 2022)
"Lessons from Rainbow"	Beullens	2022	Analysis of the Rainbow break

Part 7: Textbooks and Surveys

Essential Textbooks

Book	Authors	Year	Focus
"Post-Quantum Cryptography"	Bernstein, Buchmann, Dahmen (Editors)	2009	The definitive PQC textbook
"An Introduction to Mathematical Cryptography"	Hoffstein, Pipher, Silverman	2014	Mathematical foundations
"A Course in Computational Algebraic Number Theory"	Henri Cohen	2013	Advanced mathematical background
"The LLL Algorithm: Survey and Applications"	Nguyen, Vallée (Editors)	2010	Deep dive on lattice reduction

Survey Papers

Paper	Authors	Year	Focus
"Post-Quantum Cryptography: Current State and Quantum Mitigation"	Bernstein, Lange	2017	Excellent overview
"Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process"	NIST	2020	Competition history
"Status Report on the Third Round of the NIST Post-Quantum Cryptography Standardization Process"	NIST	2022	Final selection rationale
"Lattice-Based Cryptography"	Peikert	2016	Comprehensive lattice survey

Part 8: Reading Order Recommendations

For Security Practitioners (8-Week Plan)

Weeks 1-2: Foundations

Shor's Algorithm (1997 journal version) - Sections 1-3
Grover's Algorithm (1996)
Micciancio & Regev Survey (2009) - Sections 1-4

Weeks 3-4: NIST Standards

FIPS 203 (ML-KEM) - Full document
FIPS 204 (ML-DSA) - Full document
Kyber security paper (Kiltz et al., 2020)

Weeks 5-6: Implementation Security

Kocher timing attacks (1996)
Side-channel attacks on Kyber (D'Anvers, 2020)
Constant-time implementation guide (BearSSL)

Weeks 7-8: Migration

Hybrid key exchange (Bindel, 2019)
Post-quantum TLS benchmarks (Paquin, 2020)
NIST Third Round Status Report (2022)

For Researchers (16-Week Plan)

Weeks 1-4: Mathematical Foundations

Regev LWE paper (2005) - Complete with proofs
LPR Ring-LWE paper (2010)
LLL Algorithm original paper (1982)
BKZ algorithm (Schnorr-Euchner, 1994)

Weeks 5-8: Algorithm Deep Dives

Kyber specification (complete)
Dilithium specification (complete)
SPHINCS+ specification (complete)
Security proofs for each

Weeks 9-12: Cryptanalysis

Lattice sieving (Ducas, 2019)
LWE estimator methodology (Albrecht, 2015)
Quantum lattice algorithms (Laarhoven, 2016)
Side-channel attack papers

Weeks 13-16: Frontiers

Alternative candidates (McEliece, BIKE, HQC)
Isogeny cryptanalysis (SIDH break)
Protocol integration (TLS, SSH, IKE)
Recent IACR ePrint submissions

Part 9: Key Conferences and Journals

Top Venues for PQC Research

Venue	Focus	When to Check
CRYPTO	Top cryptography conference	August
EUROCRYPT	European cryptography conference	May
ASIACRYPT	Asian cryptography conference	December
Real World Crypto	Practical cryptography	January
PQCrypto	Dedicated PQC conference	Varies
CHES	Cryptographic hardware/implementation	September
CCS	Security applications	November

Key Journals

Journal	Focus
Journal of Cryptology	Archival crypto research
Designs, Codes and Cryptography	Mathematical cryptography
IEEE Transactions on Information Forensics and Security	Applied security

Preprint Server

Resource	Link	Notes
IACR ePrint Archive	https://eprint.iacr.org/	Check weekly for new PQC papers

Part 10: Tools and Code References

Reference Implementations

Tool	Link	Notes
liboqs	https://github.com/open-quantum-safe/liboqs	Open Quantum Safe library
pqcrypto	https://libpqcrypto.org/	Reference implementations
CRYSTALS Reference	https://pq-crystals.org/	Official Kyber/Dilithium code
SPHINCS+ Reference	https://sphincs.org/	Official SPHINCS+ code

Security Analysis Tools

Tool	Link	Purpose
LWE Estimator	https://github.com/malb/lattice-estimator	Parameter security estimation
leaky	https://github.com/Crypto-TII/leaky	Lattice attack simulation
SageMath	https://www.sagemath.org/	Mathematical computation

Verification Tools

Tool	Link	Purpose
Jasmin	https://github.com/jasmin-lang/jasmin	Verified implementation
EasyCrypt	https://www.easycrypt.info/	Cryptographic proofs
Cryptol	https://cryptol.net/	Cryptographic specification

Appendix: Quick Reference Links

Official Standards

FIPS 203: https://csrc.nist.gov/pubs/fips/203/final
FIPS 204: https://csrc.nist.gov/pubs/fips/204/final
FIPS 205: https://csrc.nist.gov/pubs/fips/205/final

NIST PQC Project

Main page: https://csrc.nist.gov/projects/post-quantum-cryptography
Call for additional signatures: https://csrc.nist.gov/projects/pqc-dig-sig

Algorithm Specifications

Kyber: https://pq-crystals.org/kyber/
Dilithium: https://pq-crystals.org/dilithium/
SPHINCS+: https://sphincs.org/

Open Quantum Safe

Main: https://openquantumsafe.org/
liboqs: https://github.com/open-quantum-safe/liboqs
OQS-Provider (OpenSSL): https://github.com/open-quantum-safe/oqs-provider

How to Use This Reading List

Start with your level - Practitioners start with Part 1 and 2, researchers go deeper
Follow the reading order - The 8-week and 16-week plans are designed for progressive learning
Don't skip the surveys - Micciancio-Regev (2009) and NIST status reports provide essential context
Check ePrint weekly - New attacks and improvements appear regularly
Join the community - Follow discussions at pqc-forum mailing list

Estimated reading time for full SME competency: 200-300 hours over 6-12 months

This reading list, combined with hands-on implementation experience, will give you the theoretical foundation needed for world-class PQC expertise.