A Deadline With Hard Dates

Governments have stopped treating the migration away from classical public-key cryptography as a long-term research concern and started setting deadlines. The public-key algorithms the internet runs on, RSA and the elliptic-curve schemes, are breakable in principle by a sufficiently large quantum computer, and the response is now a scheduled, mandated transition rather than a debate. The United States has finalized post-quantum standards and directed federal migration on a defined timeline; allied governments have published coordinated roadmaps with explicit milestone years; and procurement and compliance regimes are beginning to require post-quantum readiness as a condition of doing business. The migration is no longer optional and no longer distant. What it points at, on close reading, is not merely a swap of one signature algorithm for another.

The Pattern in the Replacements

Look at what the standards bodies actually chose. Among the finalized post-quantum signature standards is a hash-based scheme whose security rests on the difficulty of inverting a hash function, the preimage problem, rather than on the algebraic structure a quantum computer exploits. National security guidance for signing firmware and software has specifically named stateful hash-based signature schemes for that purpose. National technical authorities in Europe have expressed a preference for hash-based approaches where they fit, on the grounds that their security assumptions are the most conservative and best understood. The through-line is clear: when the requirement is long-term, conservative, future-proof integrity, the field is moving toward security founded on hash-preimage hardness.

There is a second pattern alongside the first. The same regulatory direction is pushing toward credentials that are short-lived and freshly produced rather than long-lived and stored, and toward unlinkability requirements that discourage a single persistent key from following a subject across contexts. The field is simultaneously moving to preimage-based security and to ephemeral, non-persistent credentials. Both are steps in the same direction, and both stop one step short of the obvious conclusion.

The Step Not Taken

For all of that movement, the migration has not gone keyless. The hash-based signature schemes are post-quantum, but they still hold a private key whose disclosure forges signatures. The ephemeral-credential systems reseed from key material; the ratchets that rotate session keys still begin from a keypair; the wallets that hold post-quantum credentials are still bound to a device keypair. The field has adopted preimage security and adopted short-lived credentials, but it has kept the stored secret. It has migrated the algorithm and preserved the architecture.

The destination the migration implies but has not reached is identity that is secured by exactly the preimage hardness the standards bodies are betting on, and that holds no stored key at all. Keyless identity is an evolving, device-entangled hash chain: its security rests on the same one-way-function assumption as the hash-based signature standards, its credential is computed from continuity rather than stored, it is naturally ephemeral because each state supersedes the last, and it is naturally unlinkable because there is no persistent key to correlate. Crucially, there is nothing to harvest. The harvest-now-decrypt-later threat, in which an adversary records today's signed material to break later when quantum computers arrive, has no purchase on an identity that stores no secret to be broken. The migration is forcing the world onto preimage-based security and ephemeral credentials, which is to say onto the exact foundation keyless identity already stands on, while the rest of the field stops at re-issuing keys.

Relation to the Migration Itself

This article is the forcing-function argument: why the post-quantum transition, taken to its logical end, points past key-based public-key infrastructure to keyless identity. The companion piece on post-quantum migration addresses the practical application, how a keyless approach is adopted within an organization's migration program. Read together, one explains why the deadline makes the keyless direction inevitable and the other explains how to move in it.

Disclosure Scope

The keyless identity mechanism, secured by hash-preimage hardness, device-entangled, holding no stored private key, and naturally ephemeral and unlinkable because identity is a computed property of an evolving chain rather than a persistent secret, is disclosed in the identity filing (U.S. Application No. 19/388,580, published as US 2026/0126730 A1). This article frames that disclosed mechanism against the publicly announced post-quantum migration: the finalized hash-based signature standards, the national guidance favoring hash-based schemes for firmware and long-term integrity, the coordinated migration roadmaps, and the regulatory pressure toward short-lived and unlinkable credentials. It argues that the migration converges on a preimage-based, non-stored foundation that keyless identity already occupies. References to standards and government roadmaps are to their public materials and are used for context only.