Post-quantum cryptography is being standardized. Whether the standardized schemes are secure against AI-augmented attacks is an open question.

The algorithms standardized by NIST (ML-KEM, ML-DSA, and others) are built on Euclidean lattice problems such as Learning With Errors (LWE) and the Shortest Vector Problem (SVP). These are objects of linear algebra, number theory, and probability. On the AI side, machine learning-based cryptanalysis, using neural networks, SVMs, and evolutionary methods to attack or evaluate the robustness of PQC schemes, is a growing subfield.

NIST finalized its first post-quantum standards in 2024. Governments and industries are beginning migration. But the assumption underlying these standards, that lattice-based problems are hard enough, is being tested by a growing body of work applying machine learning to cryptanalysis.

The SALSA line of research (NeurIPS 2022) demonstrated the first ML-based secret recovery attacks against the Learning With Errors problem, the mathematical foundation of most PQC schemes. PICANTE (CCS 2023) scaled these attacks to dimensions previously considered safe. VERDE and FRESCA continued pushing the boundary. These are still far from breaking production parameters, but the trajectory is clear: the attack surface is growing, and the tools are getting better.

At Agades, we are approaching this problem as a combinatorial search problem. An attack on a PQC scheme is a program: a specific combination of algebraic techniques, lattice reduction strategies, and parameter choices that, composed in the right order, reduces the security of the scheme below its claimed threshold. The space of possible attack programs is enormous. Searching it effectively requires AI systems that can generate candidate strategies, evaluate them rigorously, and iteratively improve.

The recent work on evolutionary program synthesis provides a framework that fits this problem naturally. Systems like AlphaEvolve use language models as mutation operators to evolve programs scored against a fitness oracle. The candidate is an attack strategy. The oracle is the Lattice Estimator, which returns the cost of a strategy in security bits. The objective is to minimize that number. If an evolved strategy yields 2¹¹⁵ where known strategies yield 2¹²⁸, that is a result.

The end goal is a system that takes as input a PQC scheme, its parameters and reference implementation, and produces as output an executable attack program with a formal complexity proof. Key recovery, ciphertext decryption, or signature forgery, demonstrated end to end. This is the same process that Castryck and Decru followed when they broke SIKE in 2022, or that Beullens followed when he broke Rainbow, but with AI searching the space of mathematical structures instead of a single researcher.