HQC (Hamming Quasi-Cyclic): The Code-Based Backup KEM (Selected in 2025)

Introduction

The National Institute of Standards and Technology (NIST) has selected the Hamming Quasi-Cyclic (HQC) algorithm as the backup Key Encapsulation Mechanism (KEM) standard in 2025. This decision marks a significant milestone in the development of Post-Quantum Cryptography (PQC) and highlights the importance of diversifying cryptographic algorithms to mitigate the risk of a single mathematical breakthrough compromising all PQC deployments simultaneously.

Theoretical Background

HQC is a code-based scheme that uses different mathematics (error-correcting codes) than the primary lattice-based scheme (Kyber). It is based on the hardness of the Learning Parity with Noise (LPN) problem, which is a well-studied problem in coding theory. The LPN problem is defined as follows:

LPN Problem

Given a random linear code C ⊆ ℤ^n_{2^m} and a noisy parity-check matrix H ∈ ℤ^{k × n}{2^m}, find a vector x ∈ ℤ^n{2^m} such that Hx = c, where c is a noisy vector drawn from a distribution close to the all-zeros vector.

HQC Algorithm

The HQC algorithm consists of the following steps:

Key Generation

  1. Generate a random linear code C ⊆ ℤ^n_{2^m} of length n and dimension k.
  2. Generate a random parity-check matrix H ∈ ℤ^{k × n}_{2^m}.
  3. Compute the syndrome matrix S = Hx, where x is a random vector drawn from ℤ^n_{2^m}.
  4. Compute the error vector e = c - S, where c is a noisy vector drawn from a distribution close to the all-zeros vector.
  5. Compute the key K = x ⊕ e.

Public-Key Encryption

  1. Receive a public key PK = (C, H, S).
  2. Compute the ciphertext Ciphertext = PK ⊕ M, where M is the plaintext message.
  3. Return the ciphertext Ciphertext.

Decryption

  1. Receive the ciphertext Ciphertext.
  2. Compute the syndrome matrix S = Hx, where x is a random vector drawn from ℤ^n_{2^m}.
  3. Compute the error vector e = Ciphertext - S.
  4. Compute the key K = x ⊕ e.
  5. Compute the plaintext message M = K ⊕ Ciphertext.

Security Analysis

The security of the HQC algorithm relies on the hardness of the LPN problem. The LPN problem is known to be hard for large values of n and k, which makes it difficult to compute the key K given the public key PK.

Practical Applications

HQC has several practical applications in cryptography, including:

Key Exchange

HQC can be used as a key exchange protocol to establish a shared secret key between two parties.

Digital Signatures

HQC can be used as a digital signature scheme to authenticate the source of a message.

Secure Communication

HQC can be used to secure communication protocols such as SSL/TLS.

Conclusion

In conclusion, HQC is a code-based KEM standard selected by NIST in 2025. It is based on the hardness of the LPN problem and has several practical applications in cryptography. The security of HQC relies on the hardness of the LPN problem, which makes it difficult to compute the key K given the public key PK.