Shor’s algorithms for factoring integers and finding discrete logarithms famously break much of the cryptography used today. This has led to the field of post-quantum cryptography, whose goal is to develop cryptosystems secure against quantum attacks. In this talk, I will survey some of the challenges of post-quantum cryptography. In particular, I will explain how the emergence of quantum computers requires updating the entire modern practice of cryptography, including the underlying mathematical building blocks, the formal definitions of security, and the proofs of security.