NIST selects backup algorithm for general encryption against quantum cyberattacks
The National Institute of Standards and Technology announced an algorithm that could serve as a second line of defense to ensure encrypted information stays encrypted in the face of an attack from a future quantum computer.
The standard, called HQC, is a backup for the main “post-quantum cryptography” algorithm NIST finalized for general encryption known as Module-Lattice-Based Key-Encapsulation Mechanism, or ML-KEM. According to a Tuesday announcement from the agency, HQC is based on different math and provides another form of protection, which could prove useful if a future quantum computer deciphers ML-KEM.
“As we advance our understanding of future quantum computers and adapt to emerging cryptanalysis techniques, it’s essential to have a fallback in case ML-KEM proves to be vulnerable,” Dustin Moody, a mathematician who leads the agency’s post-quantum cryptography project, said in a statement included in the release.
NIST, which is part of the Department of Commerce, said it plans to issue a draft standard for HQC in roughly a year for public comment and expects to release a finalized standard by 2027.
While quantum computing is in its early stages, NIST has been working for years to get ahead of an eventual “Q day,” or the day that quantum computers can break through the existing methods of encryption that protect digital information. Current encryption is difficult for standard computers to crack, but future quantum computers are expected to be able to break through those algorithms, which would put information across the globe at risk of compromise.
The post-quantum cryptography, or PQC, algorithms being finalized by NIST are designed to protect against that scenario.
As part of that work, NIST already released its first three finalized post-quantum cryptography algorithms in August 2024, including ML-KEM and two other algorithms for digital signatures — authentication for electronic messages like emails and credit card transactions.
In addition to the announcement of HQC on Tuesday, NIST disclosed that a draft of a standard being built around an algorithm known as FALCON — which is also for digital signatures — will “be released shortly as FIPS 206.” NIST previously estimated that the draft would be published by late 2024.
Per the release, the HQC algorithm is based on a mathematical concept known as error-correcting codes. That concept has been deployed for decades in information security, including for NASA missions. HQC stands for Hamming Quasi-Cyclic, a reference to Richard Hamming, who is credited with developing the concept of error correction codes.
According to the release, Moody said HQC is a longer algorithm than ML-KEM and as a result, needs more computing resources. It was selected by reviewers as a backup due to its “clean and secure operation,” the release said. NIST also released a report on all of the candidate algorithms it evaluated and why HQC was ultimately selected.
