The U.S. National Institute of Standards and Technology adds HQC as a secondary line of defense against threats from future quantum computers.
The National Institute of Standards and Technology (NIST) has announced the selection of the HQC algorithm as the fifth component of its post-quantum cryptography algorithm suite, marking a new milestone in its strategy to protect sensitive information from potential attacks using quantum computers.
This decision positions HQC as a backup algorithm for general encryption, complementing the already standardized ML-KEM, which was officially adopted in 2024 as the primary standard for quantum-resistant encryption. Both algorithms are designed to secure both stored data and information transmitted over public networks, such as internet traffic.
HQC: An alternative based on a different mathematical approach
While ML-KEM is based on lattice structures, HQC relies on error-correcting codes, a technique that has been used for decades in secure communications. According to Dustin Moody, a mathematician at NIST and the leader of the post-quantum cryptography project, the aim is to diversify cryptographic defenses:
“We do not intend for HQC to replace ML-KEM. Its inclusion addresses the need for an alternative based on a different mathematical approach,” Moody explained. “If we discover vulnerabilities in ML-KEM in the future due to advancements in quantum computing or cryptanalysis techniques, HQC will be ready as a backup.”
Although HQC requires more computational resources due to its longer length, NIST has deemed it a solid option because of its clean design and robust security track record.
From the lab to global standard
With this addition, HQC joins the four algorithms previously selected by NIST. Three of them have already been published as official standards:
- FIPS 203: based on ML-KEM for general encryption.
- FIPS 204 and FIPS 205: digital signature algorithms that allow for authenticating the identity of a sender.
A fourth standard, based on the FALCON algorithm (also for digital signatures), is currently in draft form and will be published as FIPS 206 soon.
HQC is the only selected algorithm in the fourth round of NIST’s evaluation process, which began in 2016 to stay ahead of the cryptographic challenges posed by future quantum computers. The institute has published a detailed report on the four candidates analyzed in this phase, explaining the reasons for choosing HQC.
Next steps and comment period
NIST plans to publish a draft of the HQC standard in about a year, after which a 90-day public consultation period will open. The final version of the standard is expected in 2027, once comments from the technical community and industry have been reviewed.
Additionally, NIST has recently released the Guidance for Implementing Key Encapsulation Mechanisms (KEM) in its SP 800-227 document, which establishes definitions, properties, and best practices for securely using these algorithms. Both HQC and ML-KEM are KEMs, essential for initial key exchanges between two parties wanting to communicate securely over insecure networks.
Why does this announcement matter?
The advance of quantum computing poses a real threat to traditional cryptographic systems, especially those used to protect trade secrets, government communications, and personal data. Post-quantum cryptography, led by organizations like NIST, is crucial to ensuring that the global digital infrastructure remains secure in a future dominated by new computing capabilities.
With the inclusion of HQC, the United States reinforces its position at the forefront of global cryptographic security, providing businesses, governments, and developers with a clear path toward a secure and diversified transition to quantum-resistant algorithms.
Source: NIST.gov – HQC selected as fifth post-quantum algorithm