Today, NIST put out its preliminary choice of PQC algorithms to standardize. I wrote an introduction to lattice-based KEMs (for non-cryptographers) this last weekend in preparation for the report, where one implements an (aggressively unoptimized) variant of FrodoKEM. FrodoKEM ended up not being standardized, but the “broad picture” of the construction should still be useful to understand Kyber.

Anyway, I am writing this small post to collect links to the three posts on a single page.

• Part 1 discusses the base underlying hardness assumption (Learning with Errors) some.
• Part 2 constructs a simple lattice-based (private-key) cryptosystem, and
• Part 3 constructs a lattice-based (public-key) cryptosystem.