Security, sovereignty, or both: China’s preference for domestic cryptographic standards is not new. It has previously developed its own classical encryption algorithms and mandated their use domestically, requiring foreign technology companies operating in China to support them alongside international standards, according to an analysis published by the Post-Quantum Cryptography Coalition.Sarkar said the motivations behind China’s structureless lattice push are not purely technical. “Every major technological power wants some degree of cryptographic independence,” he said. “The security arguments are genuine, but so is the desire to control your own destiny. That does not make the Chinese approach invalid. It makes them a normal player in a world where cryptography is increasingly strategic.”
The harvest window problem: Security agencies and financial regulators assess that nation-state actors are already intercepting and storing encrypted data today, intending to decrypt it once capable quantum computers arrive. The Federal Reserve has assessed this “Harvest Now, Decrypt Later” threat as a live data-privacy risk. The National Endowment for Democracy has specifically identified China as conducting such operations. NIST has warned that sensitive data “retains its value for many years,” making early migration critical.”The five-year gap creates a genuinely difficult position for anyone operating in China,” Sarkar said. “Do you deploy NIST algorithms now to protect against immediate harvest threats, knowing they might not satisfy future Chinese compliance requirements? Or do you wait for Chinese standards and leave that harvest window wide open?”
Don’t wait: Sarah Almond, director analyst at Gartner, said the compliance challenge extends beyond China. “Many regions globally are adopting NIST PQC standards,” she said. “China is one region, among others, which are launching its own PQC standardization initiatives. But it is not new for certain regions to adopt their own cryptographic standards.” Enterprises assessing vendor quantum readiness, Almond said, should ask whether support for regional standards will be provided in base products, as a paid feature, or not at all.Sarkar advised against waiting. “Start hybrid deployments immediately,” he said. “Layer NIST-approved post-quantum algorithms alongside your existing classical cryptography. Build systems that can swap out algorithms as requirements become clearer. The worst possible position is to be frozen, doing nothing, while that harvest clock keeps ticking.”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4147736/beijing-wants-its-own-quantum-resistant-encryption-standards-rather-than-adopt-nists.html
