What I Saw at Eurocrypt 2026: The Field Has Crossed a Threshold on Quantum Security

I was in Rome for Eurocrypt 2026, one of the flagship conferences of the International Association for Cryptologic Research (IACR), and arguably the most important gathering in academic cryptography happening right now. I gave a talk at the Cryptographic Applications Workshop (CAW) on Shufflecake - an open-source plausible deniability tool I've been developing - and I had the opportunity of meeting new and old friends, and to have a first-hand view of the bleeding edge in cryptography and its surroundings.

Horizen Labs was a Silver Sponsor this year, which meant our logo appeared on the sponsor board alongside Google, Apple, AWS, IBM, and AMD. That's not something I say to impress anyone: I say it because it's a signal of where we're positioning ourselves as a cryptographic engineering company that operates next to institutions doing foundational technical work.

But the thing I keep coming back to, now that I'm home, is something I wasn't fully expecting: quantum security is no longer one of many topics at Eurocrypt: it's a central focus. Something has shifted, and if you're building anything cryptographic right now, you should understand what that shift means.

But first: what is Eurocrypt, and why does it matter?

Not Your Typical Crypto Conference

If you are not aware that “crypto” stands for “cryptography” and you've been to ETHDenver, Consensus, or ZK Summit, Eurocrypt will feel like a different planet. No flashy disco, no investor panels, no token launches. What you get instead is dense, peer-reviewed research from the people who are actually building the cryptographic foundations that the rest of the industry will be using five to ten years from now.

The IACR has been the reference body for academic cryptography since 1982. For a long time it kept its distance from the Web3 world, and honestly for good reasons, given how much hype dominated the space. But that's changed substantially since the explosion of ZK cryptography. Today there's genuine collaboration between IACR and organizations like the Ethereum Foundation and Web3 Foundation, and a significant chunk of IACR research is now directly applicable to decentralized systems.

Eurocrypt sits at Tier 1 alongside CRYPTO and ASIACRYPT. Getting accepted to speak here is genuinely difficult. The room is mostly composed of academic researchers and engineers from major technology companies. It's a room that takes cryptography seriously as infrastructure, not as a product category.

Shufflecake

My presentation was at CAW, one of several affiliated workshops that run alongside the main conference. The talk “Shufflecake, AKA VeraCrypt on Steroids: Improvements, Updates, and 2026 Status” was about an open-source privacy tool built for people under genuine coercive threat: whistleblowers, journalists, activists in oppressive environments.

The reception was amazing! The Eurocrypt audience is a discerning one, but it felt like this topic was interesting and entertaining enough. These are researchers and engineers who think carefully about adversarial threat models, and the conversations that followed the talk were really good. There was interest in the real-world security of Shufflecake, in the performance improvements from the past year, and in the longer-term roadmap. The topic of plausible deniability is hot in the context of other privacy and security models, especially in the context of coercive threats.

Three Things the Cryptographic Research Community Is Focused On Right Now

This is the part I find most valuable about being at a conference like Eurocrypt: you get a real-time look on where the field is going, without any commercial filter. Here's what stood out in my opinion.

1. Privacy Regulation Is About to Get Much More Complicated

There was significant discussion around the EU Digital Identity (EUDI) initiative, and not the kind of discussion that ends with "this will be fine." The EUDI framework is going to create a complex category of compliance requirements, similar if not more complex than GDPR. At its core, it involves creating European digital wallet applications that allow people to prove identity across public services and private platforms: age verification, authentication, access to government portals, and much more.

The technical and regulatory complexity here is substantial. The topic of digital sovereignty, and in particular the need to disentangle these privacy-sensitive solutions from the market dominance of a few big players, came up repeatedly, next to the need to adopt modern cryptographic solutions that take privacy seriously. The terms that kept coming up in these discussions were: anonymous credentials, zero-knowledge proofs, and hardware attestation.

If you're in enterprise infrastructure and you're not thinking about these yet, you will be soon.

2. Post-Quantum Is No Longer Optional

This is the big one, and I want to be precise about what I observed, because it's easy to dismiss as hype if you weren't in the room.

A few years ago, post-quantum cryptography was a dedicated track at conferences like this - important, yes, but something you opted into. The framing was essentially: "QR is the responsible direction, but if the performance cost is too high, we can do something else." That framing is gone: At Eurocrypt 2026, I watched researcher after researcher across different sessions, different domains, different institutions, treat quantum resistance not as a design goal but as a baseline requirement. Presenters whose work didn't meet that bar flagged it as an explicit limitation or committed to follow-up. Basically, an acknowledgment that non-QR solutions simply won't have a long shelf life.

This is the academic research community, the people who set the direction for everything the industry builds over the next decade, and they have collectively decided that if it's not quantum-resistant, it's not finished.

What is driving this shift isn't just progress on quantum hardware, though that's real and accelerating. It's the recognition that migration timelines are long, quantum attacks are improving faster than expected, and the window to act is narrowing. The concern I kept hearing wasn't "will this happen?" — it was "are we moving fast enough?"

The honest answer, based on what I heard from practitioners at the conference, is: probably not. And a significant part of the problem is that the automated industry tools promising to help with cryptographic migration are still getting important things wrong. This leaves organizations in a decisional freeze, overspending because of missed prioritization planning, or believing that they're better in their QR posture than they actually are.

That gap is exactly what Horizen Labs' quantum security practice exists to close. The difference between what a scanner tells you and what a real cryptographic assessment reveals can make a difference.

There's also a genuinely exciting frontier emerging: quantum cryptography applications that go beyond just defending against quantum attacks, but use quantum information processing proper to achieve tasks that border on science fiction. We're talking about software licenses that physically cannot be copied, encryption keys that self-destruct when stolen, self-expiring documents - capabilities that only become possible because of quantum mechanics, not just resistant to it. This is early-stage research, but it's moving fast and it's coming from serious people.

3. Web3 and Web2 Are Converging at the Infrastructure Layer

The old framing of Web3 and Web2 as separate worlds is breaking down, at least in how cryptographic researchers are approaching the problem space. There is growing interest in techniques that let Web2 applications interact with decentralized systems without leaking information about those interactions - private information retrieval (PIR) being a primary example.

Separately, fully homomorphic encryption (FHE) continues to mature steadily. It's overkill for most use cases yet, but the performance trajectory is real and the research community is taking it seriously as a practical tool rather than a theoretical curiosity.

Why This Matters

Eurocrypt was a good opportunity for digging into the latest research trends and doing some good networking, but it also gave me a clear sense of where the field is, and where the gap is between what the research community understands and what most organizations are actually doing.

The quantum security shift is no longer theoretical or gradual: Everything being built now that isn't quantum-resistant is already running a deprecation clock. The privacy regulation wave is coming and the organizations that will handle it well are the ones building ZK-based infrastructure now, not scrambling later. And the convergence of Web3 and Web2 at the cryptographic layer is exactly the territory Horizen Labs has been navigating.

I'll be writing more about the specific technical gaps I saw discussed at Eurocrypt, particularly around quantum resistance misconceptions that even sophisticated organizations are still getting wrong. That's coming in a follow-up post. It's worth reading if you have any stake in cryptographic infrastructure.

**********

About the Author

Dr. Tommaso Gagliardoni is a mathematician, cryptographer, and cybersecurity expert. He published influential peer-reviewed papers in the areas of cryptography, quantum security, and privacy, he spoke at many international conferences in these fields (CRYPTO, EUROCRYPT, ASIACRYPT, CCS, Black Hat Europe, DEF CON Demo Labs, etc.), and is a member and co-founder of the national cryptography association De Componendis Cifris.

He is known, among other achievements, for his collaborations in solving the longstanding problem of adaptive quantum authentication (EUROCRYPT 2018, TQC 2019) and breaking the security of ISO-standard smart card protocol PLAID (Real World Crypto 2015, SSR 2015). As a subject expert, he serves as a Program Committee member at academic conferences such as PQCRYPTO, and collaborated with the World Economic Forum, NIST, and other official agencies in the context of international treaties, development programs, and standardization processes on emerging technologies.

Expert in blockchain, Web3 and DeFi, Tommaso has performed cryptographic code audits for clients such as Binance, Coinbase, ING, Swiss Post. Additionally, he has a background in privacy hacktivism, investigative journalism, and ethical hacking, speaking at venues such as the International Journalism Festival and the E-Privacy Meeting, and being main admin of the Shufflecake Project for protecting the data of journalists, whistleblowers, and dissidents.

Tommaso obtained a PhD at the Technical University of Darmstadt, Germany, with a dissertation on the quantum security of cryptographic primitives. He was postdoctoral researcher at IBM Research Zurich, and cryptography tech lead at Kudelski Security, before joining Horizen Labs in 2025, where he is currently leading the Quantum Security and Cryptography Research activities.

**************

Horizen Labs builds cryptographic infrastructure for organizations that take security seriously — including quantum resistance consulting, ZK proof verification, and privacy-preserving systems. If this resonates with work you're doing, explore our quantum security practice at horizenlabs.io/quantum-security

Follow Horizen Labs on LinkedIn and X for more technical perspectives from our team.