Post-Quantum Cryptography and the NIST HQC Algorithm

By /

Post-Quantum Cryptography and the NIST HQC Algorithm

In March 2025, NIST announced the selection of the HQC algorithm as a new standard for post-quantum encryption. Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks from powerful quantum computers. As quantum computing advances, classical encryption schemes like RSA and ECC could become vulnerable, making quantum-resistant encryption critical. The new HQC (Hamming Quasi-Cyclic) algorithm will serve as a backup alongside NIST’s primary post-quantum solution, ML-KEM (a variant of the Kyber scheme). This ensures that if one approach is later found weak, an alternative quantum-safe encryption method is available to protect sensitive data.

A bitcoin on top of a padlock
Photo by rc.xyz NFT gallery on Unsplash

Table of Contents

What Is the HQC Algorithm?

NIST officially announced that HQC (Hamming Quasi-Cyclic) will be the fifth standardized post-quantum encryption algorithm, with an expected draft standard in 2026 and finalization by 2027. Unlike lattice-based ML-KEM, HQC is based on error-correcting codes – a well-known field of coding theory – providing a mathematically distinct approach. According to official sources, HQC and ML-KEM are now the two NIST-approved algorithms that will protect the confidentiality of communications across the Internet and beyond. NIST emphasizes that ML-KEM remains the primary choice for general encryption, and HQC is being adopted as a backup defense in case future advances undermine the strength of ML-KEM.

Why Quantum-Resistant Encryption Matters

Quantum computers threaten to break today’s public-key cryptography. For example, NIST notes that a powerful quantum computer could factor the large prime numbers underlying RSA encryption “in days or even hours,” rather than the billions of years required by classical computers. This would compromise everything from state secrets to financial data. To protect against this, the cryptographic community is preparing algorithms based on mathematical problems believed to be hard for both classical and quantum machines. Post-quantum cryptography aims to “provide solutions for different situations” with multiple algorithms, so that if one fails, others still secure our information.

HQC and ML-KEM: A Complementary Strategy

The ML-KEM algorithm (standardized in NIST FIPS 203 as CRYSTALS-KYBER) remains the main post-quantum KEM for general encryption. HQC joins this portfolio as a complementary option. The distinct math behind HQC (code-based) means that any future breakthrough affecting ML-KEM (lattice-based) would not automatically break HQC. In fact, experts explain that having two different math-based defenses is intentional: “we want to have a backup standard that is based on a different math approach than ML-KEM,” according to NIST mathematicians. In practice, developers may implement hybrid schemes or support both KEMs for added security.

Actionable Steps for Developers and IT Professionals

The transition to post-quantum cryptography will take time, so it’s best to start preparing now. Below are key steps to take:

  • Inventory Your Cryptography: Identify where and how public-key encryption is used in your systems (SSL/TLS, VPNs, digital signatures, etc.). These will need upgrading or replacement as PQC standards roll out.
  • Follow NIST and Standards: Stay updated on NIST’s PQC project announcements and drafts. NIST encourages organizations to prepare for PQC now, as outlined in their guidance. Review NIST publications (e.g. FIPS 203 for Kyber, NIST SP 800-227 for PQC guidance).
  • Test PQC Libraries: Try out available post-quantum libraries and implementations (for example, Open Quantum Safe’s liboqs or PQClean, which include Kyber and early HQC versions). Benchmark performance and integration issues.
  • Plan for Crypto Agility: Design systems to be “crypto-agile” so that algorithms can be swapped with minimal disruption. Consider hybrid encryption (combining classical and PQC KEMs) during transition periods.
  • Train and Research: Educate your team on PQC basics. Understand the properties (key sizes, signature sizes, performance) of algorithms like Kyber (ML-KEM) and HQC. Engage with communities and NIST’s programs to share best practices.

By auditing current cryptography and building in agility, organizations can ensure a smoother migration to quantum-resistant encryption once the NIST standards are finalized. Early experimentation and design updates will pay off as quantum computers continue to advance.

If you found this article interesting, be sure to check out our article on Post-Quantum Cryptography and the Future of the Blockchain, which you can find here.

If you enjoyed this article and want to support us, you can do so by buying us a bagel using the button below!

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top