Cryptography offers many solutions for people who wish to communicate securely - from encrypting messages to authenticating them, from jointly computing a function to jointly holding on to a secret (and many more). Many of the algorithms used today will be (severely) impacted by the existence of a quantum computer (that could work with millions of qubits). For example, the well-known RSA cryptosystem relies on the hardness of factoring large numbers. While in a classical world this problem is very hard, due to Shor's algorithm, in a world with quantum computers, this problem is not really hard. The two quantum algorithms which are considered by many to bring the end of "classical" cryptography (which is quite modern) are Shur's and Grover's. However, "classical" cryptographers have been preparing for this future since the late 1980's, with the introduction of public-key encryption schemes which withstand cryptanalysis using quantum computers.

In this talk, we plan to survey some of these cryptosystems, discuss their "maturity" (both on their own, and in comparison to well known schemes), cover the recent NIST effort for standardizing post-quantum cryptography.