/Logo%202023.svg "Logo 2023"){kind=small}
There has been a lot of buzz about the advancements in quantum computing recently from Google, Nvidia, and Bill Gates.
Determining the exact date of quantum supremacy – let’s call it Quantum Day - is still a topic of debate. In particular, the speed at which quantum computing will dramatically impact cryptographic schemes and cybersecurity is yet to be fully characterized. Nonetheless, regular and significant achievements from key quantum computing players, alongside the certainty that the security impact will eventually be spectacular and global, are motivating major organizations around the world to assemble post-quantum cryptography task forces as part of their cybersecurity strategies.
Similarly, in anticipation of Quantum Day, NIST has been working for almost 10 years to create standards for cryptography that will resist the quantum threat.
NIST is a major stakeholder in the world of cryptography and dictates the pace for PQC algorithm implementation in the U.S., while also guiding many of its regional counterpart institutions globally.
On Tuesday, March 11, 2025, NIST announced the conclusion of the fourth round of the Post-Quantum Cryptography Standardization Process. Initially, NIST had selected four candidates for backup algorithms to the already recommended ML-KEM, ML-DSA, and SLH-DSA: BIKE, Classic McEliece, HQC, and SIKE. However, as we all remember, SIKE was broken shortly after being selected for the fourth round.
NIST sought a backup algorithm that differed in its underlying security problem. The three remaining candidates—BIKE, Classic McEliece, and HQC—are all code-based, making them viable backup options.
NIST emphasized that security was the most important factor when considering fourth-round candidates and argued that HQC provides a stronger security analysis compared to BIKE.
Performance-wise, HQC and BIKE differ slightly depending on the use case. One may be preferable over the other, but in general, both could see wide adoption.
Classic McEliece is usually seen as the conservative choice for security; however, its large public-key size made NIST skeptical about whether it will ever see widespread usage.
Consequently, NIST has chosen to standardize only HQC and announced that a draft standard will be ready in 2026, with finalization sometime in 2027.
With ML-KEM, ML-DSA, and SLH-DSA already standardized, and Falcon (FN-DSA) set to be finalized in the spring, NIST is looking to conclude its nearly decade-long journey of creating a quantum-resistant cryptographic suite.
The story of the SIKE algorithm should remind organizations that cryptographic algorithms can change over time—sometimes in a very short period—highlighting the need for crypto agility. Being crypto agile means having the ability to swiftly transition between cryptographic algorithms without significant changes to software or infrastructure.
While you may not see an immediate need to adopt PQC algorithms, you will benefit from adaptability in other areas, such as use-case-specific cryptographic needs that prioritize speed or security, regional or industry-specific requirements, and flexibility in user and policy management to simplify employee turnover or support high growth. Additionally, crypto-agile solutions—such as Cryptomathic CrystalKey360—can help reduce operational costs by incorporating the latest industry best practices.
There is clear short-term value in crypto agility beyond PQC, making it worthwhile to start prioritizing and planning the transition today.
Stay ahead of the quantum threat with crypto agility. Learn how Cryptomathic’s solutions, like CrystalKey360, can help you transition smoothly to PQC and ensure long-term security. Contact us today to start future-proofing your cryptographic infrastructure.