The National Institute of Standards and Technology (NIST) is developing a second protocol for post-quantum quantum encryption to back up the potential failure of the initial standard, which it finalized in August.
Banks, payment processors and other companies are implementing ML-KEM, an encryption algorithm NIST finalized last year as the first and preferred algorithm to secure data against decryption by quantum computers. NIST announced this week it selected an encryption algorithm called HQC as a second line of defense.
The
HQC is not meant to replace ML-KEM, according to Dustin Moody, the mathematician who heads the NIST project for post-quantum cryptography standards, adding the new standard is designed for redundancy.
"Organizations should continue to migrate their encryption systems to the standards we finalized in 2024," Moody said in
The value of HQC is that it is based on a different math problem than ML-KEM, meaning that a vulnerability in one algorithm would not appear in the other algorithm.
HQC stands for Hamming Quasi-Cyclic, a type of mathematical code. So-called codes come from coding theory, a subset of mathematics that underpins data compression (like a ZIP file) and error correction. This field of mathematics formed in 1948, in the same paper that conceived of the bit — the 0s and 1s on which modern computers operate. As such, coding theory has been an intimate part of computer science from the beginning.
By contrast, ML-KEM, which stands for Module-Lattice-Based Key-Encapsulation Mechanism, is older and has its roots in pure mathematics. The first part of the name refers to mathematical lattices; these were the subject of study as early as 1848, but it took until the 1940s for the field to gain traction among academics.
Both HQC and ML-KEM are built on decades of mathematics and computer science research. Their infallibility is not a scientific or mathematical fact; there is no way to prove that a computer — quantum or otherwise — will be unable to break these two types of encryption.
Rather, their strength is an article of faith, hence the need for one to be reserved as a backup plan in case the other fails.
HQC is the only algorithm NIST selected out of a group of four that were based on coding theory. One of the other four was found to have a critical flaw that rendered it useless; another is being studied by the International Organization for Standardization (ISO), so NIST opted not to duplicate that group's evaluative work.
Between the remaining two algorithms, HQC proved to have more desirable properties, according to NIST. Specifically, the work evaluating the security properties of HQC were more "mature," according to
HQC is a lengthier algorithm than ML-KEM and demands more computing resources, according to Moody. However, its clean and secure operation convinced reviewers that it would make a worthy backup to ML-KEM.
HQC and ML-KEM both fall into a category called public-key encryption. This type of encryption involves two keys: one public, the other private. When two people or computers need to establish a secure connection, especially over the internet, they can do so using public-key encryption.
The other category of encryption is symmetric-key algorithms. Since 2001, NIST has endorsed the Advanced Encryption Standard (AES) as the symmetric-key algorithm of choice. AES and algorithms like it use just the same key for both encryption and decryption, so this key must remain secret at all times.
AES is more efficient for encrypting data compared to public-key algorithms, but it can't be used to establish a secure connection over the internet. It is only useful once that secure connection has been established, hence the need for algorithms such as HQC and ML-KEM.
