Post-Quantum Cryptography.

Post-Quantum Cryptography (PQC) is a class of public-key algorithms whose security relies on problems believed to resist polynomial-time quantum algorithms like Shor's, such as lattice problems (LWE, NTRU), code-based problems (McEliece), multivariate quadratic systems, isogenies, and hash-based signatures. Following its 2016–2024 competition, NIST has standardized ML-KEM (FIPS 203, lattice-based key encapsulation derived from CRYSTALS-Kyber), ML-DSA (FIPS 204, lattice signatures based on CRYSTALS-Dilithium) and SLH-DSA (FIPS 205, hash-based signatures from SPHINCS+); FN-DSA (Falcon) is in draft. PQC is being deployed today in hybrid TLS (X25519+ML-KEM-768), SSH, IPsec, and signing infrastructures because of "harvest now, decrypt later" risks. PQC complements rather than replaces symmetric primitives like AES-256 and SHA-3, which only require larger parameters to remain secure against Grover-style speed-ups.