The National Institute of Standards and Technology (NIST) has selected the HQC (Hamming Quasi-Cyclic) algorithm as a backup option for post-quantum encryption, reinforcing national and global cryptographic security against the anticipated threats of quantum computing.

Why This Matters

• Quantum computing advancements pose an existential risk to current encryption methods.
• NIST’s selection of HQC as a backup algorithm ensures redundancy in the transition to post-quantum cryptography.
• Businesses and governments worldwide are preparing for post-quantum security, as the shift is imminent.
• The decision aligns with broader U.S. national security goals, particularly in securing sensitive communications and infrastructure.

Key Points

• HQC is a code-based cryptosystem designed for quantum-safe encryption.
• It serves as a backup to the four previously selected primary algorithms in NIST’s Post-Quantum Cryptography Standardization process.
• NIST’s decision ensures a robust security posture by maintaining an alternative cryptographic option in case primary methods face unforeseen vulnerabilities.
• NIST IR 8545 provides a comprehensive status update on the fourth round of NIST’s Post-Quantum Cryptography Standardization.
• Post-quantum cryptography is a priority for the cybersecurity community, with NIST working alongside international stakeholders to mitigate encryption risks.

For the full NIST Announcement, see:

• NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption
• NIST Internal Report – NIST IR 8545 Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process

What is the Hamming Quasi-Cyclic (HQC) Algorithm for Post-Quantum Encryption?

The Hamming Quasi-Cyclic (HQC) algorithm is a code-based post-quantum encryption scheme designed to withstand quantum computing attacks. It is structured around error-correcting codes, particularly leveraging quasi-cyclic codes, to provide secure encryption mechanisms resistant to quantum threats.

HQC represents a critical fallback solution in the quantum-resistant cryptographic landscape. While lattice-based algorithms have gained mainstream attention, code-based cryptography remains a strong contender due to its long-standing security guarantees. With NIST’s endorsement, HQC may play a pivotal role in securing the digital world against quantum computing threats.

How HQC Works

HQC is based on the principles of error-correcting codes, which were first introduced in the McEliece cryptosystem in the late 1970s. Unlike McEliece, which relies on Goppa codes, HQC employs quasi-cyclic codes to optimize efficiency and reduce key sizes.

• Key Generation: The public key is generated from structured code-based cryptographic principles, ensuring security while maintaining practical key sizes.
• Encryption: A message is encoded using an error-correcting code and then masked with additional random noise.
• Decryption: The receiver, possessing the secret key, decodes the message by leveraging the error-correcting structure to remove the added noise.

Why HQC is Important for Post-Quantum Cryptography

Quantum computers threaten traditional cryptographic systems by breaking widely used public-key encryption algorithms, such as RSA and ECC, via Shor’s algorithm. HQC offers:

• Quantum resistance: Based on the hardness of decoding problems in error-correcting codes, which remain resistant to quantum algorithms.
• Structured Efficiency: Uses quasi-cyclic structures to improve computational efficiency compared to earlier code-based schemes like McEliece.
• Backup Solution: Selected by NIST as a backup algorithm in the post-quantum cryptography standardization process, complementing the four primary algorithms.

​ML-KEM Remains the Recommended Choice for General Encryption

Despite HQC’s selection, ML-KEM continues to be the primary recommendation for general encryption. Dustin Moody, who leads NIST’s Post-Quantum Cryptography project, emphasized that organizations should continue migrating their systems to the standards finalized in 2024…

NIST has reaffirmed that the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) remains the recommended choice for general encryption in the post-quantum era. This algorithm, standardized last year, is designed to protect both stored information and data transmitted over public networks. ​ As discussed, to bolster cryptographic defenses, NIST has also selected the Hamming Quasi-Cyclic (HQC) algorithm as a backup. While ML-KEM is built on structured lattices, HQC is based on error-correcting codes, offering a different mathematical foundation.

Despite HQC’s selection, ML-KEM continues to be the primary recommendation for general encryption. Dustin Moody, who leads NIST’s Post-Quantum Cryptography project, emphasized that organizations should continue migrating their systems to the standards finalized in 2024, highlighting the importance of having a fallback option like HQC to address potential vulnerabilities in ML-KEM. This strategic approach ensures a robust and adaptable security framework as quantum computing capabilities evolve.

Additional Resources

• Executive’s Guide: Navigating the Impact of NIST’s Finalized Post-Quantum Encryption Standards
• Strategy for Migrating to Automated Post-Quantum Cryptography Discovery and Inventory Tools
• The Executive’s Guide To Quantum Computing: What you need to know for your strategy today

Quantum Technology and National Security: Emerging Threats, Strategic Investments, and Federal Agency Readiness

Domestic U.S. and international quantum technology infrastructure has been dramatically built out in the last seven years – since the passage of the initial Quantum Initiative Act in 2018 – with commitments to cryptography, post-quantum crypto agility, quantum networking and computing that will continue to reshape national security and federal operations. The U.S. government, military, and allied nations continue making strategic investments to maintain this edge. The convergence of quantum technology with AI, biotechnology, and cybersecurity also presents both opportunities and threats.

In this post, we “set levels” and provide a definitive, baseline analysis of major developments in the public sector quantum ecosystem (based on OODA Loop news briefs, tracking and Original Analysis that, in some cases, pre-date the launch of the National Quantum Initiative in 2018). This synthesis and summary of our previous analysis efforts is the foundation on which we will be basing our quantum research efforts in 2025 – in what we expect to be the continuation of an accelerated timeline of developments in the private and public sector quantum ecosystem and community of practice.