This week, NIST published a Status Report on the Fourth Round of the NIST Post-Quantum Cryptography Standardization Process, concluding the round, and subsequently announcing the selection of HQC for standardization, over its competitors BIKE, Classic McEliece, and SIKE.
While BIKE and Classic McEliece showed early promise (Round 4 began in July 2022), NIST ultimately favoured HQC (Hamming Quasi-Cyclic) due to its more stable security analysis and well-analyzed decryption failure rate.
“As with the previous phases of the PQC Standardization Process,” NIST reports, “…security was the most important factor considered when evaluating the fourth round candidate schemes”.
For this reason, NIST has aimed for a wide variety of underlying assumptions and models in order to mitigate the risk of a cryptanalytic breakthrough. For example, BIKE, HQC and Classic McEliece are all code-based, SIKE is isogeny-based and ML-KEM (already standardized as FIPS 203) is a lattice-based scheme.
Conclusively, NIST have selected HQC over BIKE, which has a less mature security analysis, and Classic McEliece, which, while promisingly secure, seems less likely to be adopted widely. Meanwhile SIKE proved insufficiently secure early on in Round 4, and was subsequently not recommended for further use by its submitters.
The report outlines NIST’s view that HQC will provide a good complement to ML-KEM. ML-KEM (formerly Kyber) reached standardization in July 2024 as NIST’s recommended Key Encapsulation Mechanism going forward. The addition of HQC to the three already-standardized post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) will be a significant step towards providing comprehensive post-quantum security for the future.
This is once again, another milestone moment in the story of post-quantum cryptography. It’s significant for NIST, and it solidifies the effort to establish cryptographic standards that are resilient to quantum attacks. HQC, a code-based solution rather than lattice-based, will provide an alternative to ML-KEM, which adds another string to the bow when it comes to the choice of implementing PQC in real-world solutions.
For PQShield, it’s exciting news. There’s little doubt that the world is moving closer to widespread adoption of post-quantum cryptography, and our world-leading products are specifically designed to be flexible when it comes to implementing new algorithms. We move fast, and we’re focused on helping build the solutions of tomorrow, in step with both compliance, and the ever-changing technology threat landscape.
NIST will certainly develop a draft standard based on HQC, with the final version expected to follow.
Link to Press Release
While BIKE and Classic McEliece showed early promise (Round 4 began in July 2022), NIST ultimately favoured HQC (Hamming Quasi-Cyclic) due to its more stable security analysis and well-analyzed decryption failure rate.
“As with the previous phases of the PQC Standardization Process,” NIST reports, “…security was the most important factor considered when evaluating the fourth round candidate schemes”.
For this reason, NIST has aimed for a wide variety of underlying assumptions and models in order to mitigate the risk of a cryptanalytic breakthrough. For example, BIKE, HQC and Classic McEliece are all code-based, SIKE is isogeny-based and ML-KEM (already standardized as FIPS 203) is a lattice-based scheme.
Conclusively, NIST have selected HQC over BIKE, which has a less mature security analysis, and Classic McEliece, which, while promisingly secure, seems less likely to be adopted widely. Meanwhile SIKE proved insufficiently secure early on in Round 4, and was subsequently not recommended for further use by its submitters.
The report outlines NIST’s view that HQC will provide a good complement to ML-KEM. ML-KEM (formerly Kyber) reached standardization in July 2024 as NIST’s recommended Key Encapsulation Mechanism going forward. The addition of HQC to the three already-standardized post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) will be a significant step towards providing comprehensive post-quantum security for the future.
This is once again, another milestone moment in the story of post-quantum cryptography. It’s significant for NIST, and it solidifies the effort to establish cryptographic standards that are resilient to quantum attacks. HQC, a code-based solution rather than lattice-based, will provide an alternative to ML-KEM, which adds another string to the bow when it comes to the choice of implementing PQC in real-world solutions.
For PQShield, it’s exciting news. There’s little doubt that the world is moving closer to widespread adoption of post-quantum cryptography, and our world-leading products are specifically designed to be flexible when it comes to implementing new algorithms. We move fast, and we’re focused on helping build the solutions of tomorrow, in step with both compliance, and the ever-changing technology threat landscape.
NIST will certainly develop a draft standard based on HQC, with the final version expected to follow.
Link to Press Release