While the National Institute of Standards and Technology (NIST) has finalized standards for post-quantum cryptographic (PQC) primitives like ML-KEM and ML-DSA to address algorithmic vulnerabilities to quantum attacks, a critical "trust gap" remains unaddressed. This paper argues that current migration strategies focus almost exclusively on the algorithm layer while leaving the centralized, server-side key generation model—and its accompanying opaque entropy sourcing—largely intact. This structural reliance on server infrastructure represents a significant point of failure that PQC algorithms alone cannot solve. "The Quantum Reset" proposes a new architectural foundation for post-quantum systems that shifts trust away from centralized servers toward user-controlled endpoints. The model advocates for: Client-Side Entropy Collection: Sourcing entropy directly from the user's device to ensure transparency and auditability. Seed-Rooted Key Derivation: Using a single root seed to deterministically derive all subsequent keys, allowing for a more manageable and verifiable trust model. Distributed Trust: Moving from an "opaque centralized" model to a "user-controlled auditable" one, thereby mitigating risks such as silent entropy failures and "harvest now, decrypt later" (HNDL) threats.
Ahmad Yousuf (Wed,) studied this question.