{"id":15978,"date":"2026-03-19T17:05:10","date_gmt":"2026-03-19T17:05:10","guid":{"rendered":"https:\/\/newestek.com\/?p=15978"},"modified":"2026-03-19T17:05:10","modified_gmt":"2026-03-19T17:05:10","slug":"beijing-wants-its-own-quantum-resistant-encryption-standards-rather-than-adopt-nists","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=15978","title":{"rendered":"Beijing wants its own quantum-resistant encryption standards rather than adopt NIST\u2019s"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

China is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by the US in 2024<\/a>.<\/p>\n

Post-quantum cryptography deals with algorithms that can protect data from the threat proposed by future quantum computers, which are expected to be able to decrypt data encrypted with legacy algorithms far faster than conventional computers. Governments are pushing for their widespread adoption today to reduce the scope for so-called \u201charvest now, decrypt later\u201d attacks.<\/p>\n

Chinese post-quantum cryptography experts have focused on a different type of algorithm to those favored elsewhere, said Wang Xiaoyun, a professor at Tsinghua University\u2019s Institute for Advanced Study, on the sidelines of the National People\u2019s Congress in Beijing last week, Reuters reported<\/a>.<\/p>\n

The algorithms could be ready within three years, and finance and energy would be priority sectors for migration, given the sensitivity of their data.<\/p>\n

China is not simply adopting what the rest of the world is implementing, Wang said, because its researchers have focused on structureless lattice algorithms which they think are stronger than the algebraic lattice designs used elsewhere. The latter, Wang said, \u201chave some degree of security degradation\u201d while structureless lattice algorithms \u201cbasically do not have this problem,\u201d she said, according to the Reuters report.<\/p>\n

The US, UK, EU, and Australia have all aligned on three standards published by the US National Institute of Standards and Technology (NIST): ML-KEM, ML-DSA, and SLH-DSA<\/a> \u2014 and have set migration deadlines between 2030 and 2035. The UK\u2019s National Cyber Security Centre<\/a> has advised organizations to identify vulnerable systems by 2028 and complete full transition by 2035.<\/p>\n

Meanwhile, China\u2019s Institute of Commercial Cryptography Standards launched a global call<\/a> for post-quantum algorithm proposals in February 2025. No algorithm selections have been announced. If Wang\u2019s three-year estimate holds, China\u2019s standards would arrive roughly five years after NIST\u2019s.<\/p>\n

Serious concern<\/h2>\n

Wang is not an outsider raising a fringe concern. She is the cryptographer who demonstrated collision attacks against MD5 and SHA-1<\/a> in 2004 and 2005, two hash functions the broader community had considered secure. Her work triggered their phase-out from most major software systems. Her track record matters here.<\/p>\n

\u201cWhen she raises questions about algebraic lattices, it is not some nationalist talking point or fringe theory,\u201d said Dr. Arindam Sarkar, head of computer science and electronics at Ramakrishna Mission Vidyamandira, India. \u201cIt comes from someone who has a track record of finding weaknesses that everyone else missed.\u201d<\/p>\n

Sarkar explained the underlying concern. \u201cStructured lattices have patterns that could potentially be exploited in the future,\u201d he said. \u201cIt is like having a lock that follows a predictable pattern versus one that is deliberately irregular. The patterned lock might be perfectly secure today, but if someone figures out the underlying pattern twenty years from now, trouble follows.\u201d<\/p>\n

NIST itself hedged against the possibility of lattice weaknesses: In March 2025, it selected HQC, a code-based algorithm built on different mathematics, as a backup fourth standard. Dustin Moody, a mathematician who heads NIST\u2019s Post-Quantum Cryptography project, said at the time<\/a>: \u201cWe want to have a backup standard that is based on a different math approach than ML-KEM. As we advance our understanding of future quantum computers and adapt to emerging cryptanalysis techniques, it\u2019s essential to have a fallback in case ML-KEM proves to be vulnerable.\u201d<\/p>\n

Security, sovereignty, or both<\/h2>\n

China\u2019s preference for domestic cryptographic standards is not new. It has previously developed its own classical encryption algorithms and mandated their use domestically, requiring foreign technology companies operating in China to support them alongside international standards, according to an analysis published by the Post-Quantum Cryptography Coalition<\/a>.<\/p>\n

Sarkar said the motivations behind China\u2019s structureless lattice push are not purely technical. \u201cEvery major technological power wants some degree of cryptographic independence,\u201d he said. \u201cThe security arguments are genuine, but so is the desire to control your own destiny. That does not make the Chinese approach invalid. It makes them a normal player in a world where cryptography is increasingly strategic.\u201d<\/p>\n

The harvest window problem<\/h2>\n

Security agencies and financial regulators assess that nation-state actors are already intercepting and storing encrypted data today, intending to decrypt it once capable quantum computers arrive. The Federal Reserve has assessed this \u201cHarvest Now, Decrypt Later\u201d threat<\/a> as a live data-privacy risk. The National Endowment for Democracy has specifically identified China as conducting such operations<\/a>. NIST has warned that sensitive data \u201cretains its value for many years<\/a>,\u201d making early migration critical.<\/p>\n

\u201cThe five-year gap creates a genuinely difficult position for anyone operating in China,\u201d Sarkar said. \u201cDo you deploy NIST algorithms now to protect against immediate harvest threats, knowing they might not satisfy future Chinese compliance requirements? Or do you wait for Chinese standards and leave that harvest window wide open?\u201d<\/p>\n

Don\u2019t wait<\/h2>\n

Sarah Almond, director analyst at Gartner, said the compliance challenge extends beyond China. \u201cMany regions globally are adopting NIST PQC standards,\u201d she said. \u201cChina is one region, among others, which are launching its own PQC standardization initiatives. But it is not new for certain regions to adopt their own cryptographic standards.\u201d Enterprises assessing vendor quantum readiness, Almond said, should ask whether support for regional standards will be provided in base products, as a paid feature, or not at all.<\/p>\n

Sarkar advised against waiting. \u201cStart hybrid deployments immediately,\u201d he said. \u201cLayer NIST-approved post-quantum algorithms alongside your existing classical cryptography. Build systems that can swap out algorithms as requirements become clearer. The worst possible position is to be frozen, doing nothing, while that harvest clock keeps ticking.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

China is reportedly planning to develop its own national post-quantum cryptography standards within the next three years, even as most of the world has already begun migrating to those finalized by the US in 2024. Post-quantum cryptography deals with algorithms that can protect data from the threat proposed by future quantum computers, which are expected to be able to decrypt data encrypted with legacy algorithms… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-15978","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15978","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15978"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/15978\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15978"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15978"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15978"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}