Structural race to post-quantum cryptography exposes systemic vulnerabilities in global digital infrastructure

Indigenous knowledge systems often treat data as sacred and communal, contrasting with the corporate commodification of encryption in the PQC race. Traditional mathematical and cryptographic practices in cultures like the Maya or Aboriginal Australians emphasize holistic security—protecting not just data but the social fabric it sustains—yet these are entirely absent from the tech industry’s technical roadmaps. The focus on 'winning' the PQC transition ignores Indigenous principles of reciprocity and long-term stewardship, which could offer alternative models for sustainable digital infrastructure.

The PQC transition is the latest iteration of a century-long struggle over cryptographic control, from the NSA’s Cold War-era encryption standards to the Clipper Chip debacle in the 1990s. The Dual_EC_DRBG scandal revealed how corporate and state actors collude to embed vulnerabilities in encryption, a pattern that persists today in the rush to PQC. Historical precedents like the Enigma machine’s vulnerabilities show that no encryption system is foolproof, yet the tech industry frames PQC as a linear 'progress' rather than a cyclical arms race between cryptographers and adversaries.

Non-Western nations like China and Russia have developed parallel cryptographic ecosystems (e.g., SM-series algorithms) as part of broader geopolitical strategies to resist Western dominance in digital infrastructure. In Africa, initiatives like the African Union’s Digital Transformation Strategy emphasize 'data free flow with trust,' a framework that prioritizes collective security over competitive advantage. Indigenous communities in the Amazon and Arctic have long used oral and symbolic encryption methods to protect sacred knowledge, offering low-tech alternatives to the high-stakes PQC race.

Post-quantum cryptography is grounded in mathematical breakthroughs like lattice-based and hash-based cryptography, which are theoretically resistant to Shor’s algorithm but face practical challenges in implementation. The NIST PQC standardization process, while rigorous, has been criticized for prioritizing computational efficiency over long-term security, echoing past failures in cryptographic standardization. Scientific consensus acknowledges that Q-Day is not a binary event but a spectrum of risks, yet the tech industry’s 'race' narrative obscures this nuance.

Artistic and spiritual traditions often frame encryption as a metaphor for hidden truths or sacred knowledge, contrasting with the tech industry’s reductionist view of data as a resource to be secured. Indigenous and Eastern spiritual practices emphasize the impermanence of all systems, including encryption, which could temper the tech industry’s hubristic belief in 'unbreakable' security. The PQC race reflects a modernist obsession with control, whereas spiritual traditions like Buddhism or Stoicism advocate for acceptance of uncertainty and resilience in the face of disruption.

Scenario planning for PQC must account for cascading failures in critical infrastructure, from financial systems to healthcare, where quantum decryption could expose decades of sensitive data. The tech industry’s focus on 'winners' ignores the risk of a 'winner-takes-all' scenario, where a single quantum breakthrough by a state or corporation could destabilize global trust systems overnight. Future models should incorporate decentralized, community-driven encryption standards to mitigate the risks of centralized control and single points of failure.

Small businesses, nonprofits, and Global South nations lack the resources to participate in the PQC transition, leaving them disproportionately vulnerable to cryptographic failures. Civil society groups, such as the Electronic Frontier Foundation, have warned about the risks of corporate monopolies over encryption but are sidelined in policy debates dominated by Big Tech lobbyists. Indigenous communities, whose knowledge systems are increasingly digitized, face unique risks of exploitation when encryption standards are controlled by external actors.