Abstract: Chen-Mou Cheng, Post-quantum cryptography and cryptanalysis Increasingly, our society now faces all kinds of security threats as information technologies permeate modern life. An essential prerequisite for our society and the economy to sustain is that the members of the society can justifiably "trust" each other, for which cryptography is a cornerstone and key enabler. Unfortunately, today’s public-key cryptography (PKC), an important building block of modern cryptography, is threatened by the emergent thousand-qubit quantum computers. Post-quantum cryptosystems (PQCs) are those cryptosystems that can resist the attack of quantum computers, which will instantly break today’s most popular PKCs including RSA (Rivest-ShamirAdleman), DSA (Digital Signature Algorithm), and ECC (elliptic-curve cryptography). The most promising candidates of PQCs include lattice-based, code-based, hash-based, as well as multivariate PKCs. Besides representing a future-proof invest- ment, some PQCs such as multivariate PKC also enjoy the benefit of executing much faster than their traditional counterparts on the same hardware, making them ideal for applications in mobile and embedded systems. For example, with appropriate architectural support, it is possible to run multivariate PKC on computing platforms with the most stringent constraints such as passive RFID (radio-frequency identification) tags. In this talk, I will give a high-level overview of PQC, as well as several related cryptanalysis projects that I have worked on in recent years.