Post-quantum cryptography refers to new cryptographic algorithms (usually public-key algorithms) that have the potential to offer efficient protection against attacks using a quantum or conventional computer. PQC schemes are executed on conventional computers and do not need a quantum computer to work. From the user’s point of view, they behave in a similar way to currently available ciphers (e.g. RSA or ECC). This makes PQC an ideal drop-in replacement offering added robustness against quantum attacks. To afford protection against attacks that currently threaten RSA and ECC, PQC schemes rely on new and fundamentally different mathematical foundations. This leads to new challenges when implementing PQC on small chips with limited storage space.