PQCrypto is a recent conference dedicated to postquantum cryptography. This year’s edition was organized at Fort Lauderdale, in Florida, and colocated with NIST’s first PQC standardization conference. Both conferences gathered about 350400 attendees. The schedule was as follows:

From Monday morning to Wednesday noon : PQCrypto (24 talks + 3 invited talks)

From Wednesday afternoon to Friday evening : NIST’s PQC conference (56 talks)
PQCrypto : on a purely personal note, my favorite talks were the following:

The first invited talk given by JeanPierre Tillich: JeanPierre presented cryptanalytic techniques in codebased cryptography, and concluded the talk with a new technique (origami) that he and a student used to break the signature scheme RankSign. The attack is available on ePrint;

The second invited given talk by Dave Wecker, engineer at Microsoft: David presented the company’s strategy to build quantum computers. As I understood it, the technique relies on Majorana fermions and is quite bold as it is very hard to get a functional qubit with it but if it succeeds, it will be easy to scale. He expects quantum computers to be interesting for cryptanalysis in 10 years;

Koen de Boer presented a MITM attack on a recently proposed encryption scheme based on Mersenne numbers; the attack relies on localitysensitive hashing to find approximate collisions;

David Derler showed how to build ring signatures from symmetric primitives (hash functions and block ciphers). The proposal relies on and extend ideas from Picnic (a postquantum signature scheme based on a MPCinthehead evaluation of oneway functions);

Hart Montgomery presented a variant of the LWR problem; as a reminder, LWR is a deterministic variant of the LWE problem, which is convenient in many situations. Hart’s version of LWR is not practical for concrete use but plays well with security proofs. I found it to be a very interesting theoretic paper;

Leon Groot Bruinderink showed that the sponge construction is safe in the Quantum Random Oracle Model. However, this requires the underlying function f to be a oneway permutation, which we currently don’t know how to build (In particular, Keccak uses an inversible permutation);
There were also talks given by members of the project RISQ:

Matthieu Lequesne, PhD student in the INRIA team Secret, presented an improvement and a generalization of a timing attack against some QCMDPC encryption schemes, as well as a mitigation of this attack;

Pauline Bert, PhD student at IRISA, presented an instantiation of an identitybased encryption scheme based on ringSIS and ringLWE;

I presented a fault attack against signature schemes of the SPHINCS family;

Elena Kirshanova, postdoctoral researcher at ENS de Lyon, presented a quantum speedup of an information set decoding algorithm;
Right now, the articles are available here, the slides are here and the videos should be online in a few weeks.
The next edition of PQCrypto will be at Chongqing, in China.
NIST’s PQC conference : it is the first important event in NIST’s process for standardizing postquantum cryptographic schemes. The schedule and slides are on the dedicated website. Submitters of each proposed scheme had (most of the time) 15 minutes to present the scheme. I found this event quite interesting: due to the restricted time, presenters were going straight to the point, which made most talks pleasant to follow. The only caveat is that many schemes were similar (I’ll get back to that later). There were nine sessions each of about six presentations, roughly ordered with respect to the mathematical building blocks they use :

Exotic (isogenies, hashbased, postquantum RSA, Picnic, braids)

Lattices

Lattices

Multivariate

Lattices + Codes

Codes

Lattices + Codes

Exotic + Lattices

Codes
NIST noticed (and I think most of us agree) that many schemes were quite similar. For example:

Many latticebased KEMs are isomorphic to NewHope;

A few multivariate signature schemes are similar (a notable exception being MQDSS);

GravitySPHINCS and SPHINCS+ follow the same framework;

Ramstake and Mersenne are virtually identical;

At a very high level, NTRU encryption, QCMDPC, Ramstake/Mersenne rely on similar ideas, but on different rings and metrics;

Classic McEliece, Big Quake and DAGS are based on the same principle, but with different choices regarding security/performance tradeoffs (Classic McEliece is the most conservative);
This point was further emphasized by Philippe Gaborit in the final slides of his last talk:
For this reason, NIST encouraged submitters of similar proposals to merge their proposals. Given that there are 64 submissions still running, I hope that they will be heard.
Again, a strictly personal list of my favorite talks would be:

SIKE

SPHINCS+

CRYSTALSKyber/Dilithium

Saber

Mersenne

Classic McEliece
Now, about the future: NIST expects to select candidates for the round 2 at the beginning of 2019. The next NIST PQC conference will be colocated with CRYPTO 2019.
For complementary points of view, you can also check these nice blog posts by Thomas Attema and Steven Galbraith.