The Mathematical Foundation of Post-Quantum Cryptography

In 1994, P. Shor discovered quantum algorithms that can break both the RSA cryptosystem and the ElGamal cryptosystem. In 2007, a Canadian company D-Wave demonstrated the first quantum computer. These events and quick further developments have brought a crisis to secret communication. In 2022, the National Institute of Standards and Technology (NIST) announced 4 candidates-CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and Sphincs+-for post-quantum cryptography standards. The first 3 are based on lattice theory and the last on Hash functions. In 2024, NIST announced 3 standards: FIPS 203 based on CRYSTALS-Kyber, FIPS 204 based on CRYSTALS-Dilithium, and FIPS 205 based on Sphincs+. The fourth standard based on Falcon is on the way. It is well known that the security of the lattice-based cryptosystems relies on the hardness of the shortest vector problem (SVP), the closest vector problem (CVP), and their generalizations. In fact, the SVP is a ball packing problem and the CVP is a ball covering problem. Furthermore, both SVP and CVP are equivalent to arithmetic problems for positive definite quadratic forms. There are several books and survey papers dealing with the computational complexity of the lattice-based cryptography for classical computers. However, there is no review article to demonstrate the mathematical foundation of the complexity theory. This paper will briefly introduce post-quantum cryptography and demonstrate its mathematical roots in ball packing, ball covering, and positive definite quadratic forms.