Sarkar explained the underlying concern. “Structured lattices have patterns that could potentially be exploited in the future,” he said. “It is like having a lock that follows a predictable pattern versus one that is deliberately irregular. The patterned lock might be perfectly secure today, but if someone figures out the underlying pattern twenty years from now, trouble follows.”
NIST itself hedged against the possibility of lattice weaknesses: In March 2025, it selected HQC, a code-based algorithm built on different mathematics, as a backup fourth standard. Dustin Moody, a mathematician who heads NIST’s Post-Quantum Cryptography project, said at the time: “We want to have a backup standard that is based on a different math approach than ML-KEM. As we advance our understanding of future quantum computers and adapt to emerging cryptanalysis techniques, it’s essential to have a fallback in case ML-KEM proves to be vulnerable.”
Security, sovereignty, or both
China’s preference for domestic cryptographic standards is not new. It has previously developed its own classical encryption algorithms and mandated their use domestically, requiring foreign technology companies operating in China to support them alongside international standards, according to an analysis published by the Post-Quantum Cryptography Coalition.
