top of page

Post-Quantum Cryptography and the End of Algorithmic Permanence

  • Writer: Brian Couzens
    Brian Couzens
  • Jun 19
  • 9 min read


Brian Couzens, CEO, SITG-Consulting


Peter Shor published his quantum factoring algorithm in 1994. Thirty-two years later, the global cryptographic community is still responding to the consequences.


That response has been substantial. NIST finalised its first three post-quantum cryptography (PQC) standards in August 2024: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). In March 2025, NIST selected HQC as a fifth standard, a lattice-independent backup to ML-KEM (NIST, "NIST Selects HQC as Fifth Post-Quantum Standard," March 2025). NSA's CNSA 2.0 guidance mandates quantum-resistant algorithms across all National Security Systems by 2030 for software and firmware, and 2033 for hardware and physical infrastructure (NSA CNSA 2.0, September 2022). NIST IR 8547 formalises the transition roadmap, recommending deprecation of RSA, ECDSA, and EdDSA by 2030 and disallowing them entirely after 2035 (NIST IR 8547, November 2024).


PQC is not optional. It is operationally necessary. Governments cannot wait. Migration timelines measured in years mean that delayed action compounds exposure. Classical cryptography is provably vulnerable to a sufficiently capable quantum computer, and "harvest now, decrypt later" attacks mean sensitive data encrypted today is already at risk.


None of this is in dispute. The question this article poses is different.


What if PQC, through its own success, is quietly seeding the conditions for a fundamentally different trust market to emerge?


The Institutionalisation of Cryptographic Impermanence

For decades, cryptographic standardisation implied stability. When NIST adopted AES in 2001, the implicit promise was longevity. Organisations built infrastructure around the assumption that approved algorithms would endure for decades with only incremental updates.


That assumption no longer holds.


NIST's PQC programme is structurally different from its predecessors. The selection of HQC as a backup to ML-KEM was explicitly motivated by the need for algorithm diversity in case lattice-based schemes prove vulnerable (NIST, March 2025). NIST has signalled that further signature schemes are under evaluation. The process is not converging on a settled endpoint. It is becoming perpetual.


NIST IR 8547 itself acknowledges this dynamic. The document frames post-quantum transition not as a one-time migration but as an ongoing capability requirement, recommending that organisations build crypto-agility into their systems to accommodate future algorithm changes (NIST IR 8547, Section 4).


Read that carefully. The standards body responsible for global cryptographic guidance is telling organisations to prepare for continuous algorithm replacement. "Approved" no longer means "settled." It means "current, pending further evaluation."


The disruption is not only technical. It is cultural, architectural, and governance-shaped. PQC is rewriting expectations of permanence, procurement philosophy, lifecycle assumptions, and trust planning horizons. Boards that previously approved cryptographic estates on a ten-year refresh cycle now face indefinite transition management. Procurement teams that specified algorithms by name must specify replaceability as a contract requirement. Governance frameworks anchored to fixed cryptographic baselines must accommodate continuous standards drift. This is the deeper shift Shor's algorithm set in motion.


Shor Was the Beginning

There is a tendency to treat Shor's algorithm as a singular event: the one breakthrough that broke classical cryptography. That framing is dangerously narrow.


Shor's algorithm demonstrated that a sufficiently powerful quantum computer could factor large integers and compute discrete logarithms in polynomial time, rendering RSA and ECC vulnerable. But Shor was not working in isolation. Grover's algorithm (1996) provided a quadratic speedup for unstructured search, halving the effective security of symmetric ciphers. More recent work on quantum algorithms for lattice problems, while not yet conclusive, continues to probe the foundations of the mathematical structures on which current PQC standards rest.


In 2024, Yilei Chen published a preprint claiming a polynomial-time quantum algorithm for certain lattice problems, which, if confirmed, would have threatened ML-KEM and ML-DSA directly. The paper was subsequently found to contain errors and was withdrawn. But its brief existence sent tremors through the cryptographic community precisely because the threat was architecturally plausible (Yilei Chen, "Quantum Algorithms for Lattice Problems," 2024).


The lesson is not that lattice-based cryptography is broken. It is that the assumption of algorithmic permanence is no longer defensible. If one researcher can credibly threaten the mathematical foundations of an entire PQC family, the reasonable inference is that further challenges will follow. Not necessarily next year. But within the operational lifetime of infrastructure being deployed today.


This inverts a relationship that held for decades. In previous eras, algorithms evolved more slowly than the infrastructure they secured. RSA outlived multiple hardware generations. AES outlived multiple firmware ecosystems. In the post-quantum era, the reverse may apply. Infrastructure deployed today, particularly long-lifecycle assets in defence, energy, transport, and industrial control, may outlive confidence in the trust primitives securing it. That asymmetry alone justifies a different architectural approach.


Article content

Shor’s algorithm showed that quantum computation could break the assumptions behind RSA and ECC - and changed cryptography forever.

The Ecosystem Burden

If algorithms require continuous replacement, then algorithms themselves stop being the ultimate trust anchor. They become maintenance infrastructure: necessary, continuously managed, and periodically swapped out.


This is not merely an internal engineering problem. It is a coordination problem of unprecedented scale.


A single organisation rotating its cryptographic estate is difficult. The global trust ecosystem rotating simultaneously is structurally different. PKI hierarchies, firmware ecosystems, HSM fleets, telecom infrastructure, hyperscale cloud providers, defence systems, embedded device populations, software supply chains, regulators, identity providers, and sovereign interoperability frameworks must each transition without breaking the trust relationships that connect them.


NIST IR 8547 recommends that cryptographic libraries, protocols, and systems be designed for algorithm substitution without requiring full system redesign (NIST IR 8547). ETSI's Quantum-Safe Cryptography working group has published technical specifications for hybrid key exchange mechanisms that combine classical and post-quantum algorithms precisely because no single algorithm family is considered sufficiently proven for standalone deployment (ETSI TS 103 744).


The hybrid approach is revealing. It is an architectural admission that the industry is hedging against the failure of its own recently approved standards. Hedging is rational. But it also signals that the era of deploy-and-forget cryptographic trust is over.


The operational consequence is that the entire trust ecosystem enters a permanent state of coordinated transition management. That is not a temporary condition tied to the PQC migration. It is the new steady state. And steady-state coordination at that scale is a fundamentally different commercial problem from the one cryptography has solved historically.


The Economic Inversion

If algorithms are now a rotating, managed component rather than a permanent foundation, the economic structure of the trust market changes with them.


Algorithms increasingly become commoditised infrastructure components. The premium does not sit with the algorithm. It sits with the systems that manage continuous transition, attestation, validation, and assurance across the ecosystem. Value migrates upward, away from cryptographic ownership and toward trust continuity.


This is the inversion that matters commercially. For thirty years, cryptographic vendors competed on algorithm strength, key sizes, and performance. In the post-quantum era, the durable competitive moat is not which algorithm a vendor implements. It is whether the vendor can deliver trust that survives algorithm rotation without breaking the systems built on it.


Premium trust markets will centre on durability rather than primitive selection. That is a category shift, not a product shift.


What Algorithm-Decentred Trust Looks Like

The framing "post-algorithmic" is convenient but technically imprecise. All practical systems contain algorithms somewhere. The shift is not toward systems without algorithms. It is toward systems where algorithms are no longer the centre of gravity.


Call it algorithm-decentred trust. Or physics-anchored trust. Or layered trust hierarchies. The point is that the durable trust anchor sits elsewhere, and algorithms become a rotating layer beneath it.


Several technology classes are emerging in this space. They are early-stage, unevenly distributed, and not yet proven at scale. But they are observable, funded, and attracting serious institutional attention.


Hardware Roots of Trust. Trusted Platform Modules, Hardware Security Modules, and secure enclaves already provide hardware-bound cryptographic operations. The next generation extends this principle: non-exportable key material, tamper-evident processing environments, and physically isolated trust boundaries (TCG TPM 2.0 Specification).


Physically Unclonable Functions (PUFs). PUFs exploit manufacturing variations in silicon to generate device-unique identifiers that cannot be cloned or extracted. Unlike cryptographic keys derived from algorithms, PUF responses are bound to physical reality. Research and commercialisation are accelerating, with applications in device authentication, supply-chain provenance, and anti-counterfeiting (Herder et al., "Physical Unclonable Functions and Applications," Proceedings of the IEEE, 2014).


Quantum Random Number Generators (QRNGs). Entropy is the foundation of cryptographic security. Classical pseudo-random number generators are deterministic by construction. QRNGs derive randomness from quantum physical processes, providing entropy that is provably unpredictable. Standards are emerging through BSI's AIS 31 and NIST SP 800-90B (BSI AIS 31; NIST SP 800-90B).


Continuous Attestation Fabrics. Zero-trust architectures already assume that no single authentication event is sufficient. The extension into hardware and firmware attestation creates a continuous validation layer that does not depend on any single algorithm remaining secure. If the attestation framework accommodates algorithm rotation without breaking the trust chain, it becomes the durable layer (TCG DICE Specification).


Entropy-Bound Identity. If a device's identity is bound to its physical entropy signature, that identity persists regardless of which algorithm protects communications. The entropy source becomes the root of trust. The algorithm becomes transport.


A note of caution is warranted. These approaches do not eliminate trust problems. They relocate them. Hardware roots of trust depend on the integrity of foundries, supply chains, and firmware update processes. PUFs depend on the stability of physical phenomena and the absence of side-channel leakage. QRNGs depend on the correctness of physical entropy modelling. None of this is automatic. The thesis is not that hardware is inherently superior. It is that hardware-coupled trust introduces a different and potentially more durable set of assumptions than algorithm-dependent trust alone.


Article content

Conceptual graphic for thought leadership purposes only. Terms such as ‘physics-anchored trust,’ ‘continuous trust fabric,’ and related layers are used here as illustrative constructs to describe emerging directions in cryptographic governance and as

Commodity Trust and High-Assurance Trust

The market that emerges will not be uniform. It will bifurcate.


Commodity trust covers transport security, enterprise communications, standard identity, and internet-scale interoperability. PQC is sufficient here. Algorithm rotation is manageable. The cost of occasional re-migration is acceptable. The ecosystem can absorb continuous change because the consequences of localised failure are bounded.


High-assurance trust covers sovereign identity, financial settlement infrastructure, defence systems, autonomous systems, industrial control, machine-to-machine trust, and long-lifecycle critical infrastructure. The consequences of trust failure are not bounded. The cost of compromise is civilisational. The operational windows are measured in decades. Algorithm-only trust is structurally insufficient for these domains because the durability requirement exceeds the demonstrated durability of any current algorithm family.


This is where the parallel trust market emerges. Not as a wholesale replacement for cryptography. As a layer above it, absorbing the functions that cannot tolerate the impermanence the rest of the ecosystem now accepts as normal.


What This Does Not Mean

This article is not a prediction of PQC's failure. PQC is essential. It protects the transport layer. It secures commodity communications. It provides the baseline for state infrastructure. Without PQC, the migration gap between classical and post-quantum systems is a civilisational vulnerability.


Nor is this an endorsement of any specific vendor or product. Several companies are actively developing algorithm-decentred trust solutions. Some will succeed. Many will not. The category is nascent and claims should be evaluated with rigour.


What this article argues is structural: if algorithms require perpetual replacement, then algorithms alone cannot serve as the permanent root of trust for civilisation-scale systems. A parallel trust market will emerge, absorbing the highest-assurance functions over time.


Conclusion

PQC may ultimately succeed technically while simultaneously accelerating the decline of algorithms as the dominant trust commodity.


That is the strategic position. Not that PQC fails. Not that cryptography becomes irrelevant. But that the very act of institutionalising algorithm rotation changes what algorithms can be expected to carry. They become essential, commoditised infrastructure. They cease to be the apex of the trust hierarchy.


Above them, a new layer is forming. Hardware-coupled. Entropy-bound. Physics-anchored. Continuously attested. Designed for an era in which mathematical assumptions are managed assets rather than permanent foundations.


The products are beginning to appear. Some will be dismissed. Some will be premature. But the structural logic is sound: if trust must survive perpetual algorithmic uncertainty, then trust must eventually be rooted in something more durable than algorithms.


That is the real disruption Shor's algorithm set in motion. Not the breaking of RSA. The breaking of the assumption that mathematics alone could carry civilisational trust indefinitely.


Brian Couzens is the Founder and CEO of SITG-Consulting, a boutique independent advisory firm specialising in post-quantum cryptography, cryptographic governance, and quantum risk. He publishes the Quantum Risk and Resilience newsletter on LinkedIn.


Article content

© 2026 Brian Couzens and SITG-Consulting. All rights reserved.


This article is provided for informational, educational, and thought leadership purposes only and reflects the views, analysis, and opinions of the author at the time of writing. The content is intended to stimulate discussion regarding post-quantum cryptography, digital trust architectures, and emerging security paradigms and should not be interpreted as legal, regulatory, investment, procurement, engineering, cybersecurity, cryptographic, or technical implementation advice.


References to standards bodies, frameworks, technologies, algorithms, vendors, research papers, products, organisations, or emerging concepts are illustrative in nature and do not constitute endorsement, certification, assurance, recommendation, or suitability determination by Brian Couzens or SITG-Consulting.


While reasonable efforts have been made to ensure factual accuracy, the post-quantum and cryptographic landscape is evolving rapidly. No representation or warranty, express or implied, is made regarding the completeness, accuracy, future validity, operational suitability, or ongoing applicability of the information contained herein. Readers remain solely responsible for independent verification, technical evaluation, risk assessment, and professional consultation appropriate to their specific environments and use cases.


Any forward-looking statements, market observations, architectural concepts, or strategic projections reflect current interpretations of emerging trends and should not be treated as guarantees of future technological, commercial, regulatory, or market outcomes.


SITG-Consulting provides independent advisory and strategic consulting services. Nothing in this article creates any client, fiduciary, advisory, partnership, or professional services relationship between the reader and SITG-Consulting or the author.


All trademarks, service marks, product names, standards references, logos, research citations, and third-party intellectual property referenced remain the property of their respective owners.

 
 
 

Recent Posts

See All

Comments


bottom of page