NIST Selects HQC as its Fifth Post-Quantum Cryptography Algorithm

As quantum computing advances, traditional cryptographic algorithms like RSA and ECC risk being broken by quantum attacks. To address this, NIST standardized three post-quantum algorithms last year: ML-KEM, ML-DSA, and SLH-DSA. The first algorithm (ML-KEM) is used for key exchange, while the last two are signature algorithms. On March 11, NIST announced a new algorithm, HQC, which will also be standardized. HQC is based on a different mathematical problem than ML-KEM, ensuring that even if ML-KEM is broken, there will be an alternative.

When comparing ML-KEM and HQC, ML-KEM uses shorter keys, and its key generation, encapsulation, and decapsulation times are significantly faster. This is why NIST prioritized ML-KEM for standardization first. However, HQC has one key advantage—it is based on code-based cryptography, which has a much longer history than the learning-with-errors (LWE) scheme used by ML-KEM. Hence HQC will effectively act as a backup to ML-KEM should ML-KEM be compromised at some point in the future.

NIST established its Post-Quantum Cryptography Project to identify and standardize quantum-resistant cryptography algorithms back in 2016.  Even though NIST has already selected four algorithms and announced three new standards, their search for additional PQC algorithms continues. HQC is the only algorithm to be selected for standardization from NIST’s recent fourth round of PQC candidates.

NIST says they plan to issue a draft standard incorporating the HQC algorithm in about a year, and they expect to finalize the new standard in 2027.