Cyber News Gator

The National Institute of Standards and Technology (NIST) has chosen HQC as a backup encryption algorithm to safeguard data against potential quantum computing threats. This selection follows the agency’s 2024 standardization of ML-KEM, which remains the primary choice for general encryption. HQC, built on different mathematical principles than ML-KEM, provides an alternative in case vulnerabilities are discovered in the current standard. A draft standard incorporating HQC is expected in 2026, with finalization anticipated in 2027.

NIST has been working for over eight years to develop encryption algorithms that remain secure even against the potential capabilities of future quantum computers. While current encryption methods protect sensitive data such as financial records and national security information, quantum computers could eventually break these defenses. ML-KEM, based on structured lattices, was selected as the core of the new encryption standard, but HQC, which uses error-correcting codes, will serve as a backup. Although HQC requires more computing resources, its reliability and distinct mathematical foundation make it a strong alternative.

The selection of HQC comes as part of NIST’s ongoing Post-Quantum Cryptography project, which has standardized multiple encryption and digital signature algorithms to future-proof cybersecurity systems. HQC is the only algorithm from NIST’s fourth round of candidates to be approved for standardization. A draft standard is expected in about a year, followed by a 90-day public comment period before final approval in 2027.

In addition to selecting HQC, NIST has published draft guidance for implementing key encapsulation mechanisms (KEMs), including both HQC and ML-KEM. KEMs are used to establish secure communications over public networks. The draft guidance, titled Recommendations for Key Encapsulation Mechanisms (NIST Special Publication 800-227), provides best practices for implementing these encryption methods. NIST also hosted a virtual workshop on KEMs in February and accepted public comments on the draft until March 7, 2025.

The finalized encryption standards, including ML-KEM (FIPS 203) and digital signature standards FIPS 204 and FIPS 205, are already in use, with organizations integrating them into their systems. A forthcoming standard, FIPS 206, will address digital signatures based on the FALCON algorithm. These measures aim to ensure long-term data security in an era where quantum computing could disrupt current cryptographic protections.