The Warning: Post-Quantum Cryptography Moves to Round Three (Part V of VI)
The cryptographic substrate of digital civilisation is on a known retirement schedule. The question is who is in the room when the standards are set.
U.S. National Institute of Standards and Technology · 18 May 2026 · Reading time ~3 minutes
On 18 May, NIST advanced nine post-quantum digital signature candidates to the third round of its standardisation process.
The candidates span lattice-based, isogeny-based, MPCitH, and multivariate cryptography modalities. The evaluation will focus on implementation security, formal proof verification, and resistance to physical attacks, with a culminating conference in 2027 to guide final selections.
The casual reader can be forgiven for finding this story technical and dry. It is neither. It is the news that the U.S. government, having spent the better part of a decade preparing for the possibility that quantum computers will break the encryption securing the modern internet, is now formally moving toward picking the replacement standards. The official preparation work is happening because the threat has been re-evaluated. As recently as April, research from Google and a quantum startup called Oratomic — research that explicitly used AI to accelerate algorithm design — suggested that quantum decryption could arrive earlier than the field’s consensus timelines.
Cloudflare, which secures a significant fraction of internet traffic, responded to the April research by accelerating its post-quantum readiness deadline to 2029.
It’s a real shock. We’ll need to speed up our efforts considerably.
— Bas Westerbaan — Cloudflare cybersecurity researcher, speaking to TIME, April 2026
The thing to understand about post-quantum cryptography is that it is not a defensive measure against a future hypothetical. It is a migration plan being executed now, on the assumption that data being intercepted today will be readable by quantum-capable adversaries within the lifetime of records — bank records, medical records, government communications, institutional archives — that are being created in this calendar year. Every standard NIST picks, and every implementation that follows, is a decision about whose data gets protected and on whose terms.
HCI Reading. The encryption protecting your bank, your messages, your medical records, your government services, and the institutional memory of every organisation on the open internet is on a known retirement schedule. The question is not whether the cryptographic substrate of digital civilisation will be rebuilt. It is whether the rebuild will be coordinated, transparent, and globally inclusive — or whether it will become another arena in which a handful of states and corporations set terms that everyone else must accept. HCI’s interest here is not technical. It is the same interest we bring to every infrastructural transition: who is in the room when the standards are set, and on whose behalf are they speaking?
Sources
- NIST Advances Nine Post-Quantum Digital Signature Candidates to Third Evaluation Round. Quantum Computing Report, 18 May 2026.
- Booth, R. AI Helped Spark a Quantum Breakthrough. The World “Is Not Prepared”. TIME, 7 April 2026. → https://time.com/article/2026/04/07/ai-quantum-computing-advance/
← Previous: Two Industrial Quantum Pilots, One Quiet Theme
→ Next: What This Means for the 4th Wave