The U.S. National Institute of Standards and Technology (NIST) has chosen HQC as a backup algorithm for post-quantum encryption, providing an alternative to the already standardized ML-KEM.
HQC is based on a different mathematical approach, ensuring resilience in case ML-KEM is found vulnerable. A draft standard incorporating HQC is expected in 2026, with a finalized version slated for 2027.
NIST selecting security standards
NIST has been leading the global effort to develop encryption methods resistant to quantum attacks since 2016. The selection of HQC follows the agency’s release of the first three post-quantum encryption standards in August 2024, which included ML-KEM as the primary algorithm for general encryption. While ML-KEM relies on structured lattices, HQC is built on error-correcting codes, a distinct mathematical foundation that has been used in secure communications for decades.
Dustin Moody, head of NIST’s Post-Quantum Cryptography project, emphasized the importance of having a backup encryption standard. “Organizations should continue to migrate their encryption systems to the standards we finalized in 2024,” he said. “We are announcing the selection of HQC because we want to have a backup standard that is based on a different math approach than ML-KEM. As we advance our understanding of future quantum computers and adapt to emerging cryptanalysis techniques, it’s essential to have a fallback in case ML-KEM proves to be vulnerable.”
HQC will be the fifth post-quantum algorithm selected by NIST and the only one to emerge from the agency’s fourth round of evaluations. NIST had initially considered four algorithms for further study before ultimately selecting HQC. It will join the existing set of quantum-resistant encryption standards:
- FIPS 203 (ML-KEM) – The primary standard for key encapsulation and general encryption.
- FIPS 204 (ML-DSA) – A digital signature standard based on lattice cryptography.
- FIPS 205 (SLH-DSA) – A hash-based digital signature standard for authentication.
- FIPS 206 (FALCON, pending finalization) – A signature scheme providing an alternative cryptographic approach.
HQC will not replace ML-KEM but will serve as an alternative in case future cryptanalysis finds weaknesses in lattice-based encryption. However, HQC has higher computational requirements, making it less efficient in some scenarios. Despite this, its well-understood security properties and resilience against quantum threats convinced NIST that it was the best backup option.
NIST plans to release a draft standard incorporating HQC for public comment in 2026. Following a 90-day review period, the agency will refine the standard based on feedback before finalizing it in 2027.
As part of its ongoing post-quantum cryptography efforts, NIST has also issued draft guidance on implementing Key Encapsulation Mechanisms (KEMs), including both ML-KEM and HQC. The guidance, detailed in NIST Special Publication 800-227, outlines best practices for securely deploying these algorithms in real-world encryption systems.
With the timeline for practical quantum computers still uncertain, NIST’s proactive approach ensures that encryption remains secure well into the future. Already, software companies like NordVPN, ExpressVPN, Zoom, Tuta Mail, and Signal, have adopted NIST-approved quantum-resistant encryption algorithms in their products.
FTC Reports $12.5 Billion in Fraud Losses, Issues $25.5M in Refunds
Leave a Reply