NIST has chosen HQC (Hamming Quasi-Cyclic) as the fifth and final public-key encryption algorithm to standardize for post-quantum cryptography. HQC, based on code-based cryptography, offers small public key and ciphertext sizes, making it suitable for resource-constrained environments. This selection concludes NIST's multi-year effort to standardize quantum-resistant algorithms, adding HQC alongside the previously announced CRYSTALS-Kyber for general encryption, CRYSTALS-Dilithium, FALCON, and SPHINCS+ for digital signatures. These algorithms are designed to withstand attacks from both classical and quantum computers, ensuring long-term security in a future with widespread quantum computing capabilities.
The National Institute of Standards and Technology (NIST) has announced the selection of a fifth and final public-key encryption algorithm to be standardized as part of its ongoing effort to prepare for the era of quantum computing. This newly chosen algorithm, called HQC (Hamming Quasi-Cyclic), will join four others previously selected in July 2022—CRYSTALS-Kyber, CRYSTALS-Dilithium, FALCON, and SPHINCS+—in providing robust cryptographic defenses against the potential threat posed by future quantum computers capable of breaking current encryption standards.
HQC, developed by a multinational team of researchers, is a code-based cryptosystem that relies on the hardness of decoding random linear codes. It stands out for its comparatively small public key and ciphertext sizes, which are deemed advantageous for constrained environments with limited resources. This makes it particularly suitable for applications in devices with restricted memory or bandwidth, such as embedded systems or Internet of Things (IoT) devices.
The selection of HQC rounds out NIST's post-quantum cryptography standardization project, covering both public-key encryption and digital signatures. CRYSTALS-Kyber, also chosen for public-key encryption, offers strong security and performance characteristics. The other three algorithms address digital signatures: CRYSTALS-Dilithium as the primary algorithm, FALCON for applications requiring smaller signatures, and SPHINCS+ as a backup based on different mathematical principles to diversify security in case unexpected vulnerabilities are discovered in the other algorithms.
NIST emphasizes the importance of transitioning to these post-quantum cryptography algorithms as soon as practicable. While large-scale quantum computers capable of breaking current encryption are not yet a reality, the standardization process is a proactive measure to ensure a smooth and timely migration to quantum-resistant cryptography. NIST is developing draft standards for all five selected algorithms, with public comment periods planned. The final standards are expected to be published in 2027. This lengthy lead time is intended to give organizations ample opportunity to assess their cryptographic needs, select appropriate algorithms, and implement and test the new standards before any potential threat from quantum computers materializes. NIST encourages organizations to begin preparing for the transition now, including inventorying their cryptographic systems and developing migration plans.
Summary of Comments ( 80 )
https://news.ycombinator.com/item?id=43332944
HN commenters discuss NIST's selection of HQC, expressing surprise and skepticism. Several highlight HQC's vulnerability to side-channel attacks and question its suitability despite its speed advantages. Some suggest SPHINCS+ as a more robust, albeit slower, alternative. Others note the practical implications of the selection, including the need for hybrid approaches and the potential impact on existing systems. The relatively small key and ciphertext sizes of HQC are also mentioned as positive attributes. A few commenters delve into the technical details of HQC and its underlying mathematical principles. Overall, the sentiment leans towards cautious interest in HQC, acknowledging its strengths while emphasizing its vulnerabilities.
The Hacker News post titled "NIST selects HQC as fifth algorithm for post-quantum encryption" has generated a moderate number of comments discussing various aspects of the announcement. Several compelling threads of conversation emerge.
One key area of discussion revolves around the surprise selection of HQC, a code-based cryptosystem, given its perceived vulnerabilities to side-channel attacks. Commenters express concern about the practicality and security of deploying HQC in real-world scenarios where side-channel attacks are a significant threat. Some question NIST's decision-making process and wonder if the selection criteria adequately weighed these security concerns. Comparisons are made to other code-based systems, and the potential implications for the broader post-quantum cryptography landscape are debated.
Another significant topic is the performance characteristics of HQC, particularly its relatively large public key size. Commenters discuss the challenges of managing and transmitting such large keys, especially in resource-constrained environments. The potential impact on network bandwidth and storage requirements is also considered. Some commenters speculate on the feasibility of optimizing HQC implementations to mitigate these performance limitations.
The standardization process itself is also subject to scrutiny. Commenters discuss the complexities of evaluating and selecting post-quantum cryptographic algorithms, highlighting the inherent trade-offs between security, performance, and implementation complexity. The long-term implications of standardization are considered, with some expressing concerns about the potential for future vulnerabilities and the need for ongoing research and development in this area.
Finally, some comments delve into the technical details of HQC, explaining its underlying principles and comparing it to other post-quantum cryptographic approaches. These comments provide valuable insights for those seeking a deeper understanding of the algorithm and its place within the broader field of post-quantum cryptography. There's also a discussion of the ongoing nature of security research, with some commenters emphasizing the need for continued vigilance and adaptation in the face of evolving threats.