Master reference list for all sources cited in chapter endnotes. Organized by category. ~95 entries covering all 128 endnotes across Chapters 1–9.
Foundational Physics and Quantum Mechanics#
Planck, M. “Über das Gesetz der Energieverteilung im Normalspektrum.” Annalen der Physik 309 (1901): 553–563.
Einstein, A. “Über einen die Erzeugung und Verwandlung des Lichtes betreffenden heuristischen Gesichtspunkt.” Annalen der Physik 322, no. 6 (1905): 132–148.
Bohr, N. “On the Constitution of Atoms and Molecules.” Philosophical Magazine 26 (1913): 1–25.
de Broglie, L. “Recherches sur la théorie des quanta.” PhD thesis, University of Paris, 1924.
Heisenberg, W. “Über quantentheoretische Umdeutung kinematischer und mechanischer Beziehungen.” Zeitschrift für Physik 33 (1925): 879–893.
Schrödinger, E. “Quantisierung als Eigenwertproblem.” Annalen der Physik (1926). Wave mechanics formulation.
Born, M. “Zur Quantenmechanik der Stoßvorgänge.” Zeitschrift für Physik 37 (1926): 863–867. Probabilistic interpretation.
Heisenberg, W. “Über den anschaulichen Inhalt der quantentheoretischen Kinematik und Mechanik.” Zeitschrift für Physik 43 (1927): 172–198. Uncertainty principle.
Schrödinger, E. “Die gegenwärtige Situation in der Quantenmechanik.” Naturwissenschaften 23 (1935): 807–812, 823–828, 844–849. Cat thought experiment.
Einstein, A., Podolsky, B., and Rosen, N. “Can Quantum-Mechanical Description of Physical Reality Be Considered Complete?” Physical Review 47, no. 10 (1935): 777–780. EPR paradox.
Bell, J.S. “On the Einstein Podolsky Rosen Paradox.” Physics 1, no. 3 (1964): 195–200.
Aspect, A., Dalibard, J., and Roger, G. “Experimental Realization of EPR-Bohm Gedankenexperiment.” Physical Review Letters 49 (1982): 1804–1807.
Tonomura, A. et al. “Demonstration of single-electron buildup of an interference pattern.” American Journal of Physics 57 (1989): 117–120.
Pais, A. Subtle is the Lord: The Science and the Life of Albert Einstein. Oxford University Press, 1982.
Nielsen, M.A. and Chuang, I.L. Quantum Computation and Quantum Information. Cambridge University Press, 10th Anniversary Edition, 2010.
Mermin, N.D. Quantum Computer Science: An Introduction. Cambridge University Press, 2007.
Quantum Biology#
Engel, G.S. et al. “Evidence for wavelike energy transfer through quantum coherence in photosynthetic systems.” Nature 446 (2007): 782–786.
Panitchayangkoon, G. et al. “Long-lived quantum coherence in photosynthetic complexes at physiological temperature.” PNAS 107, no. 29 (2010): 12766–12770.
Cao, J. et al. “Quantum biology revisited.” Science Advances 6, no. 14 (2020).
Lambert, N. et al. “Quantum biology.” Nature Physics 9 (2013): 10–18.
Quantum Algorithms and Complexity#
Shor, P.W. “Algorithms for Quantum Computation: Discrete Logarithms and Factoring.” Proceedings 35th Annual Symposium on FOCS (1994): 124–134.
Grover, L.K. “A fast quantum mechanical algorithm for database search.” Proceedings 28th Annual ACM STOC (1996): 212–219.
Gidney, C. and Ekerå, M. “How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits.” Quantum 5, 433 (2021).
Gidney, C. “Factoring integers with sublinear resources on a superconducting quantum processor.” arXiv:2505.15917 (May 2025).
Mosca, M. and Piani, M. Quantum Threat Timeline Report. Global Risk Institute, 2022.
Classical Cryptography Foundations#
Diffie, W. and Hellman, M. “New Directions in Cryptography.” IEEE Transactions on Information Theory 22, no. 6 (1976): 644–654.
Rivest, R.L., Shamir, A., and Adleman, L. “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems.” Communications of the ACM 21, no. 2 (1978): 120–126.
Lenstra, A.K. “Key Lengths.” The Handbook of Information Security (2004). GNFS factoring complexity.
Lyubashevsky, V. “Fiat-Shamir With Aborts: Applications to Lattice and Factoring-Based Signatures.” ASIACRYPT 2009.
NIST Standards and Publications#
NIST Special Publication 800-37 Revision 2. Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy. December 2018. https://csrc.nist.gov/pubs/sp/800/37/r2/final
NIST Special Publication 800-207. Zero Trust Architecture. Scott Rose, Oliver Borchert, Stu Mitchell, Sean Connelly. August 2020. https://csrc.nist.gov/pubs/sp/800/207/final
NIST Special Publication 800-207A. A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments. September 2023. https://csrc.nist.gov/pubs/sp/800/207/a/final
NIST FIPS 203. Module-Lattice-Based Key-Encapsulation Mechanism Standard (ML-KEM). August 2024.
NIST FIPS 204. Module-Lattice-Based Digital Signature Standard (ML-DSA). August 2024.
NIST FIPS 205. Stateless Hash-Based Digital Signature Standard (SLH-DSA). August 2024.
NIST FIPS 206 (Draft). FFT-over-NTRU-Lattice Digital Signature Standard (FN-DSA). Expected 2025–2026.
NIST. “NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption.” News release, March 11, 2025. HQC specification: https://pqc-hqc.org
NIST IR 8547 (Initial Public Draft). Transition to Post-Quantum Cryptography Standards. November 2024.
NIST SP 800-57 Part 1 Rev. 5. Recommendation for Key Management: Part 1. May 2020.
NIST SP 800-131A Rev. 3. Transitioning the Use of Cryptographic Algorithms and Key Lengths. November 2024.
NIST SP 800-208. Recommendation for Stateful Hash-Based Signature Schemes (LMS, XMSS). December 2019.
NIST SP 800-227 (Draft). Recommendations for Key-Encapsulation Mechanisms. 2024.
NIST SP 1800-38A/B/C (Preliminary Drafts). Migration to Post-Quantum Cryptography, Volumes A–C. NCCoE.
NIST CSWP 39 (Final). Considerations for Achieving Crypto Agility. December 2025.
NIST PQC Standardization Project. Initiated 2016, 82 submissions from 25 countries. https://csrc.nist.gov/projects/post-quantum-cryptography
NIST PQC Round 3 Report. Status Report on the Third Round of the NIST PQC Standardization Process. 2022.
NIST PQC Conference Presentations (2024–2026). Fifth and Sixth PQC Standardization Conferences. Regenscheid, A. & Newhouse, B. “NIST PQC Update.” December 2024.
Moody, D. (NIST). HQC selection announcement and commentary on algorithmic diversity. March 2025.
NSA and U.S. Government#
Department of Defense Instruction 8510.01. Risk Management Framework for DoD Systems. July 19, 2022. https://www.esd.whs.mil/Portals/54/Documents/DD/issuances/dodi/851001p.pdf
Federal Risk and Authorization Management Program (FedRAMP). RFC-0004 Boundary Policy (Draft). January 16, 2025. Defines authorization boundary scope for cloud service offerings. https://www.fedramp.gov/rfcs/0004/
Federal Risk and Authorization Management Program (FedRAMP). Continuous Monitoring Playbook Version 1.0. November 17, 2025. https://www.fedramp.gov/resources/documents/Continuous_Monitoring_Playbook.pdf
Federal Aviation Administration. Acquisition Management System (AMS) Policy. FAA Acquisition System Toolset (FAST). https://fast.faa.gov/AMS_Policy.cfm
CISA. Zero Trust Maturity Model Version 2.0. April 2023. https://www.cisa.gov/sites/default/files/2023-04/CISA_Zero_Trust_Maturity_Model_Version_2_508c.pdf
Office of Management and Budget (OMB) Memorandum M-22-09. Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. January 26, 2022.
NSA. CNSA Suite 2.0 Algorithm Guidance (PP-22-1338, Ver. 1.0). September 2022. FAQ Ver. 2.1, December 2024.
NSA. Quantum Key Distribution (QKD) and Quantum Cryptography (QC). Cybersecurity Advisory.
NSA. Quantum Computing and Post-Quantum Cryptography FAQ. August 2021.
NSA. draft-guthrie-cnsa2-ipsec-profile: CNSA Suite 2.0 Profile for IPsec. IETF Internet-Draft.
White House. National Security Memorandum 10 (NSM-10). May 4, 2022.
White House. Executive Order 14144: Strengthening Cybersecurity. January 2025.
White House. Executive Order 14306: Amending EO 14028 and EO 14144. June 2025.
Quantum Computing Cybersecurity Preparedness Act. Pub. L. No. 117-349. December 21, 2022.
OMB Memorandum M-23-02: Migrating to Post-Quantum Cryptography. November 2022.
CISA. Post-Quantum Cryptography Initiative. https://www.cisa.gov/quantum
CISA. Strategy for Migrating to Automated Post-Quantum Cryptography Discovery and Inventory Tools. September 2024.
USDA Acquisition Regulation (AGAR). Revised September 2025. Explicit PQC procurement language.
U.S. Federal Government PQC Migration Cost Estimate: $7.1 billion (2025–2035). Referenced in OMB budget documents.
IETF Standards and Drafts#
RFC 6928. Increasing TCP’s Initial Window. April 2013.
RFC 8446. The Transport Layer Security (TLS) Protocol Version 1.3. August 2018.
RFC 8555. Automatic Certificate Management Environment (ACME). Barnes, R., Hoffman-Andrews, J., McCarney, D., Kasten, J. March 2019.
RFC 8784. Mixing Preshared Keys in IKEv2 for Post-Quantum Security. June 2020.
RFC 8879. TLS Certificate Compression. December 2020.
RFC 9580. OpenPGP (Updated Specification). July 2024.
IETF draft-ietf-tls-ecdhe-mlkem (draft-04). Hybrid ECDHE-MLKEM Key Agreement for TLS 1.3. February 2026. Kwiatkowski (PQShield), Kampanakis (AWS), Westerbaan (Cloudflare), Stebila (Waterloo).
IETF draft-ietf-tls-hybrid-design-16. Hybrid Key Exchange in TLS 1.3. September 2025.
IETF draft-ietf-sshm-mlkem-hybrid-kex. ML-KEM Hybrid Key Exchange for SSH.
IETF draft-fregly-research-agenda-for-pqc-dnssec-02. Research Agenda for a Post-Quantum DNSSEC. 2024–2025.
IETF draft-sheth-pqc-dnssec-strategy-00. Post-Quantum Cryptography Strategy for DNSSEC. October 2025.
DNS Flag Day 2020. EDNS buffer size recommendation of 1,232 bytes. https://dnsflagday.net/2020/
IETF LAMPS Working Group. Composite certificate formats for CMS (S/MIME PQC integration). Drafts in progress, 2025–2026.
IETF PLANTS Working Group. Post-quantum Lightweight Authentication for Network TLS Security. Formed 2026 to standardize Merkle Tree Certificates.
Industry, Vendor, and Cloud Provider Sources#
Cloudflare Blog. “Automatically Secure: How We Upgraded 6,000,000 Domains.” September 2025.
Cloudflare Blog. “State of the Post-Quantum Internet in 2025.” October 2025.
Cloudflare Blog. “Keeping the Internet Fast and Secure: Introducing Merkle Tree Certificates.” October 2025.
Cloudflare Blog. “Post-Quantum Zero Trust.” March 2025.
Google Security Blog. “Cultivating a Robust and Efficient Quantum-Safe HTTPS.” February 2026.
Chromium Blog. “Advancing Our Amazing Bet on Asymmetric Cryptography.” May 2024. PQC key exchange vs. authentication priority.
OpenSSH 9.0 Release Notes. April 2022. sntrup761x25519-sha512 default key exchange.
OpenSSH 10.0 Release Notes. April 2025. mlkem768x25519-sha256 default key exchange.
Microsoft. “Post-Quantum Cryptography APIs Now Generally Available on Microsoft Platforms.” November 2025. Windows Server 2025, Windows 11, .NET 10. ADCS PQC support targeted early 2026.
AWS. “AWS KMS Adds Support for Post-Quantum ML-DSA Digital Signatures.” June 2025.
Google Cloud Blog. “Announcing Quantum-Safe Digital Signatures in Cloud KMS.” February 2025.
CA/Browser Forum. Ballot SC-081v3: Reducing Certificate Validity Periods. 200 days (March 2026), 100 days (March 2027), 47 days (March 2029).
DigiCert Blog. “Google Merkle Tree Certificates.” March 2026.
Open Quantum Safe (OQS) Project. PQC algorithm benchmarks and liboqs library. https://openquantumsafe.org
PKI Consortium PQC Working Group. Hybrid and composite certificate format development. https://pkic.org
Gartner Research. Almond, Sarah, and Mark Horvath. “A Journey Guide to Postquantum Readiness.” Research note G00843746, 13 March 2026. Provides the CCOE model, five-layer crypto-agility framework, “inventory at source” concept, discovery pilot recommendations, internal cryptographic policy requirements, and CFO-partnership financial planning guidance referenced throughout Chapters 5 and 6.
SafeLogic. “NIST Publishes Next Volume of PQC Migration Guidance.” 2025. Discovery tool findings.
Thales. Luna HSM Firmware 7.9.0+. ML-DSA support with operational caveats for stateful hash-based signatures.
Entrust. nShield 5 firmware. NIST CAVP-validated ML-DSA, ML-KEM, SLH-DSA. FIPS 140-3 certification in progress (2025).
NGINX. “NGINX Introduces Native Support for ACME Protocol.” NGINX Community Blog. August 12, 2025. https://blog.nginx.org/blog/native-support-for-acme-protocol
F5, Inc. Kojot ACME: An ACMEv2 client utility function for integration and advanced features on the F5 BIG-IP. GitHub: f5devcentral/kojot-acme (MIT License). https://github.com/f5devcentral/kojot-acme
International Guidance#
AIVD, CWI, TNO. The PQC Migration Handbook: Guidelines for Migrating to Post-Quantum Cryptography. 2nd Edition, December 2024.
UK NCSC. “Quantum Networking Technologies.” Updated white paper, August 2025.
UK NCSC. “Timelines for Migration to Post-Quantum Cryptography.” Three-phase roadmap, March 2025.
ENISA. Post-Quantum Cryptography Integration Study. 2024.
NIS Cooperation Group. “Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography.” Early 2025.
European Commission. Proposed directive amending NIS2 with PQC requirements. January 2026.
G7 Cyber Expert Group. Financial Sector PQC Roadmap. January 13, 2026. Co-chaired by US Treasury and Bank of England.
RAND Corporation. “U.S.-Allied Militaries Must Prepare for the Quantum Threat to Cryptography.” June 2025.
Academic Papers and Conference Presentations#
Kampanakis, P. et al. “The Impact of Data-Heavy Post-Quantum TLS 1.3.” NIST 5th PQC Standardization Conference. 2024.
Anastasova, M. et al. “The Impact of ML-KEM and ML-DSA on mTLS Connection Time-To-Last-Byte.” PKI Consortium PQC Conference, Austin. 2025.
Rawat, A. and Jhanwar, M. “Post-Quantum DNSSEC with Faster TCP Fallbacks.” INDOCRYPT 2024, LNCS vol. 15496.
arXiv:2512.00110. “Post-Quantum-Resilient Audit Evidence for Long-Lived Regulated Systems.” February 2026. Security proofs for Q-Audit Integrity, Q-Non-Equivocation, Q-Binding.
VeriSign/NIST. “Post-Quantum Diversity for DNSSEC: Routine Performance, Resilient Fallback.” 6th PQC Standardization Conference. 2025.
postquantum.com. “The Complete US Post-Quantum Cryptography (PQC) Regulatory Framework in 2026.” February 2026.
postquantum.com. “Google’s Merkle Tree (MTC) Gambit to Quantum-Proof HTTPS.” March 2026.
F5, Inc. Resources#
F5, Inc. BIG-IP PQC / TLS Offload Overview (internal field guidance). 2025.
F5, Inc. BIG-IP v21.1 Release Notes: PQC cipher support, hybrid TLS cipher groups, quantum-resistant VPN.
F5, Inc. BIG-IP 17.5.1: Initial X25519MLKEM768 hybrid key exchange support.
F5, Inc. Application Study Tool (AST): Open-source BIG-IP telemetry. GitHub: f5devcentral/application-study-tool.
F5, Inc. “F5 Strengthens Its Application Delivery and Security Platform.” Press release, March 2026. F5 Insight announcement.
F5, Inc. BIG-IP SSL Orchestrator (SSLO) product documentation. TLS visibility and crypto discovery.
— End of Appendices —