An important recent development in the National Institute of Standards and Technology (NIST) standardization project has seen them select SandboxAQ’s Hamming Quasi-Cyclic (HQC) as the fifth algorithm to be added to their suite of post-quantum cryptography (PQC) standards.
HQC will act as a backup in the event that quantum computers become capable enough in the future to crack the Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) specified in Federal Information Processing Standard (FIPS) 203.
FIPS 203
FIPS 203 is NIST’s primary standard for general encryption. It is based on the CRYSTALS-Kyber algorithm, which was subsequently renamed to ML-KEM – the algorithm it specifies. ML-KEM belongs to the class of lattice-based cryptographic systems, which rely on the difficulty of solving problems in lattice structures. Its security is based on the hardness of the Module Learning with Errors (MLWE) problem, a specific type of lattice problem.
Key Encapsulation Mechanisms
Key-encapsulation mechanisms (KEMs) like ML-KEM differ from traditional key exchange methods in that they are specifically designed to be unsusceptible to classical and quantum computing attacks. KEMs enable two parties to securely exchange keys over public channels, provide authentication, and give proof of possession.
HQC
HQC is a code-based KEM that utilizes the cryptographically challenging Quasi-Cyclic Syndrome Decoding Problem as its base and is built on the mathematical foundation of error-correcting codes. Significantly, it is a key encapsulation mechanism designed to secure the exchange of encryption keys in a quantum-resistant manner, unlike traditional public-key encryption systems such as one of the oldest and most widely used Rivest–Shamir–Adleman (RSA).
HQC is designed to deliver strong security without having to compromise performance factors like computational efficiency and key size, which are essential for large-scale real-world deployments.
In their final selection report, NIST observed how the HQC algorithm stood out as a robust and reliable candidate for mass cross-industry adoption following several rounds of global cryptanalysis and peer review. They commented that HQC “would provide a good complement to MLKEM since it is based on a different underlying security problem and still retains reasonable performance characteristics for general applications.”
Setting the Standards
The selection of HQC is SandboxAQ’s second major contribution to NIST’s post-quantum standardization effort after NIST previously standardized SPHINCS+.
Taher Elgamal, a partner at Evolution Equity Partners and senior advisor at SandboxAQ, believes that the moves by NIST have greatly strengthened the infosec community. “With SPHINCS+ and HQC both standardized by NIST, SandboxAQ has solidified its leadership in developing effective PQC solutions for enterprises and government agencies. This is not just a milestone for SandboxAQ; it’s a win for global security in the face of future quantum disruption.”
Future-Proofing
Quantum computers are no longer a distant dream and could be built ‘within years rather than decades,’ Microsoft has claimed following the recent unveiling of its Majorana 1 chip. The chip is the first quantum chip ‘top conductor,’ capable of creating a new state of matter that is not a solid, liquid, or gas. Developments like this, along with the introduction of Sectigo PQC Labs, serve to emphasize the urgent need for quantum-safe cryptography. The NIST standards are doing invaluable work in providing organizations with a framework that can help secure their systems against future quantum threats.
Adam Parlett is a cybersecurity marketing professional who has been working as a project manager at Bora for over two years. A Sociology graduate from the University of York, Adam enjoys the challenge of finding new and interesting ways to engage audiences with complex Cybersecurity ideas and products.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.