The security of many commonly used cryptographic protocols, especially public-key cryptosystems, would be compromised if general-purpose, large-scale, fault-tolerant quantum computers become a reality. In this paper we present our experience developing and launching a course in Post-Quantum Cryptography (PQC). PQC refers to cryptographic systems that are secure against both quantum and classical computers. Such systems may be achieved through classical (i.e. non-quantum) means.

Because of progress in the design of quantum computers and the ongoing National Institute of Standards and Technology (NIST) process to develop post-quantum cryptographic systems, we realized that there is a need to design a course that covers the consequences of developments in quantum computing (QC), the threats of QC to currently used cryptographic schemes, and how to mitigate those threats by developing quantum-resistant schemes. We designed a new course that is attracting students interested in the future of cryptography and computing security/cybersecurity. We first offered it as an MS-level graduate course, also open to upper-level undergraduates, in Spring 2022, and followed with the second offering in Spring 2023. The course covers the PQC algorithm design process, the consequences of QC, some computationally hard problems and then discusses selected proposals for post-quantum cryptosystems designed to be resistant to known classical and quantum attacks. Three main types of such designs include lattice-based, code-based, and hash-based schemes. These three types are used both for key encapsulation methods (KEM) and digital signatures (DS), and more generally for encryption and authentication.