Red Hot Cyber
Cybersecurity is about sharing.
Recognize the risk, combat it, share your experiences,
and encourage others to do better than you.
Tara Lie : 18 March 2025 18:24
The fourth round of the American National Institute of Standards and Technology (NIST) Post Quantum Cryptography (PQC) competition has selected HQC as a secondary quantum-resilient key encapsulation mechanism (KEM) to the previously selected ML-KEM (based on CRYSTALS-Kyber).
HQC, or “Hemming Quasi-Cyclic” in full, is a code-based KEM which utilises the cryptographically challenging Quasi-Cyclic Syndrome Decoding Problem as its base and built around the concept of error-correcting codes. NIST has stated that they have selected HQC as a backup algorithm to ML-KEM, which utilises a different mathematical approach. ML-KEM is a modular lattice-based algorithm which was first selected by NIST in 2022, and standardised in Federal Information Processing Standard FIPS 203 in August 2024. Given these differences, if ML-KEM does prove vulnerable to quantum attacks, HQC would be unlikely to have the same vulnerability and could be used instead.
“Organizations should continue to migrate their encryption systems to the standards NIST finalized in 2024. We are announcing the selection of HQC because we want to have a backup standard that is based on a different math approach than ML-KEM.” —Dustin Moody, NIST mathematician. Source.
Iscriviti GRATIS alla RHC Conference 2025 (Venerdì 9 maggio 2025)
Il giorno Venerdì 9 maggio 2025 presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terrà
la RHC Conference 2025. Si tratta dell’appuntamento annuale gratuito, creato dalla community di RHC, per far accrescere l’interesse verso le tecnologie digitali, l’innovazione digitale e la consapevolezza del rischio informatico.
La giornata inizierà alle 9:30 (con accoglienza dalle 9:00) e sarà interamente dedicata alla RHC Conference, un evento di spicco nel campo della sicurezza informatica. Il programma prevede un panel con ospiti istituzionali che si terrà all’inizio della conferenza. Successivamente, numerosi interventi di esperti nazionali nel campo della sicurezza informatica si susseguiranno sul palco fino alle ore 19:00 circa, quando termineranno le sessioni. Prima del termine della conferenza, ci sarà la premiazione dei vincitori della Capture The Flag prevista per le ore 18:00.
Potete iscrivervi gratuitamente all'evento utilizzando questo link.
Per ulteriori informazioni, scrivi a [email protected] oppure su Whatsapp al 379 163 8765
Supporta RHC attraverso:
Ti piacciono gli articoli di Red Hot Cyber? Non aspettare oltre, iscriviti alla newsletter settimanale per non perdere nessun articolo.
The Status Report released on the fourth round of the PQC competition discusses the four finalist algorithms – HQC, BIKE, Classic McEliece, and SIKE. Although there are similar merits to BIKE in that it too could complement ML-KEM based on its mathematical differences, and its basis in quasi-cyclic codes, the deciding factor for NIST to ultimately select HQC above the other algorithms was its relatively stable and low Decryption Failure Rate (DFR) estimate – where ciphertext cannot be decoded due to an error.
The increasingly rapid development of quantum computing is a great achievement of the 21st century, however for the cyber security community it comes with a very large risk. Much of the encryption we use today could be threatened by a sufficiently advanced quantum computer which leverages certain physics principles to ‘bypass’ mathematical assumptions which continue to secure data from decryption attempts from classical computers. Post-Quantum Cryptography (PQC) is encryption designed to be secure from quantum and classical attacks, which can run on classical machines.
As more and more breakthroughs are made with quantum computing technology, including Microsoft’s recent Majorana 1 announcement, the advent of a Cryptographically-Relevant Quantum Computer gets closer. To ensure that our day-to-day digital lives continue to be secured by strong encryption, special algorithms which are not susceptible to quantum attacks need to be developed and implemented. The NIST PQC competition has so far selected 5 algorithms designed to run on classical computers, with three already standardised last year.
The recent NIST PQC announcement of the selection of the HQC key encapsulation mechanism marks another positive step for the security of digital information in the ever approaching quantum era.
References:
Tara Lie