NIST Adds SandboxAQ's HQC to Post-Quantum Cryptography Standards
SandboxAQ has announced that the National Institute of Standards and Technology (NIST) has selected HQC (Hamming Quasi-Cyclic) as the fifth algorithm in its suite of post-quantum cryptographic (PQC) standards. HQC, along with ML-KEM, will play a vital role in securing global communications, including the Internet, cellular networks, payment systems, and more.
This is a significant milestone for SandboxAQ, marking its second major contribution to NIST's post-quantum standardization efforts. The selection of HQC reinforces the company's position at the forefront of quantum-resistant cryptography. HQC is a key encapsulation mechanism designed to safeguard the exchange of encryption keys against quantum threats. Unlike traditional encryption methods like RSA and elliptic-curve cryptography (ECC), which are vulnerable to quantum attacks, HQC is based on error-correcting codes, offering strong protection against future quantum decryption methods.
NIST's final selection report highlights HQC for its security, computational efficiency, and scalability. These qualities make it suitable for widespread use in industries requiring robust encryption. Following multiple rounds of global cryptanalysis and peer review, HQC stood out as a reliable and secure solution. This achievement follows SandboxAQ's previous involvement with SPHINCS+, another PQC algorithm that NIST selected in 2022. With HQC now officially part of NIST's standards, SandboxAQ has contributed to two out of the five critical post-quantum protocols, further establishing its leadership in the cybersecurity space.
HQC's development began in the early 2000s, and by the 2010s, SandboxAQ demonstrated that it solved a 40-year-old challenge in code-based key exchanges. Today, HQC is one of just two protocols that protect the confidentiality of nearly all global communications. SandboxAQ's work with NIST reflects the company's ongoing commitment to quantum-safe cryptography.
According to Taher Elgamal, senior advisor at SandboxAQ, HQC provides strong protection against quantum decryption methods while maintaining efficiency for real-world applications. 'With both SPHINCS+ and HQC standardized by NIST, SandboxAQ is leading the way in developing PQC solutions for enterprises and governments,' Elgamal stated.
Carlos Aguilar Melchor, Chief Cybersecurity Scientist at SandboxAQ, emphasized the importance of HQC in securing the future of global communications. 'HQC is a key part of the transition to a quantum-safe world, and its inclusion in NIST's standards is a win for global security,' he said.
In addition to its contributions to cryptographic standards, SandboxAQ offers AQtive Guard, a cryptography management solution that provides real-time visibility and enhanced security. With its unique AI-driven approach, AQtive Guard helps organizations protect their systems against evolving quantum threats.
As quantum computing advances, SandboxAQ remains committed to driving innovation in post-quantum cybersecurity and helping organizations stay prepared for the future of encryption.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Channel Post MEA
5 days ago
- Channel Post MEA
DigiCert Joins NIST Framework To Boost Software Supply Chain & DevSecOps Security
DigiCert has announced its participation in the National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) project focused on Secure Software Development, Security, and Operations (DevSecOps) Practices. DigiCert joins 13 other technology collaborators, including Google, Microsoft, IBM, Palo Alto Networks, CyberArk, Dell Technologies, and GitLab, to help design and demonstrate integrated solutions that improve security across the software supply chain. As software supply chain attacks continue to rise, organizations need trusted, proven ways to harden their development environments. This project, sponsored by the U.S. Federal government, provides an independent evaluation of how to integrate leading technologies in a way that enhances software integrity and operational security, without favoring any particular vendor. 'Secure software development too often relies on fragmented tools that don't integrate well or scale across the software lifecycle,' said Tim Hollebeek, Vice President of Industry Standards at DigiCert. 'This project helps demonstrate how trusted technologies can work together to create a more cohesive, risk-based approach to DevSecOps, aligning with NIST's guidance while offering practical solutions to the market.' The NCCoE's collaborative approach marks the first time these specific technologies have been brought together to form a comprehensive solution for secure software development, operations, and monitoring. The project stands out for its focus on applied, real-world implementations, going beyond theory to show how to achieve security and compliance goals using current tools and practices. The public is encouraged to review and comment on the NIST SP 1800-44 Draft, now available online. Stakeholders are also invited to participate in an upcoming virtual event hosted by NIST on August 27, where project collaborators will discuss insights, implementation guidance, and community engagement opportunities.
Tahawul Tech
06-08-2025
- Tahawul Tech
How to navigate the transition to post-quantum cryptography
Security professionals worldwide are preparing for a major upgrade in the form of a migration to new post-quantum cryptographic standards as the era of quantum computing comes closer to reality. The U.S. National Institute of Standards and Technology (NIST) has been leading a standardisation process to transition from classical public-key cryptosystems to quantum-resistant alternatives. Governments and businesses can now plan their transition to post-quantum cryptography (PQC) to ensure long-term data security against quantum-enabled threats. However, this shift must be approached with caution to avoid unintended vulnerabilities. Recent research from the Technology Innovation Institute (TII)'s Cryptography Research Center (CRC) in Abu Dhabi and Polytechnic University of Turin highlights a key concern: solutions that rely on variants of computationally hard problems used in the design of PQC algorithms to enhance their performance or to provide added functionalities require additional scrutiny. An example is the Linear Code Equivalence (LCE), which plays a role in PQC signature schemes. The study, Don't Use it Twice! Solving Relaxed Linear Code Equivalence Problems warns that modifying computational problems, even slightly, can significantly change their complexity, sometimes making them solvable with today's technology. This is a caution to designers of new designs to double-check that tweaks they introduce don't lead to weaker security guarantees than intended. Lessons from the Linear Code Equivalence Problem LCE, a computational assumption consisting of two linear codes that are equivalent up to a linear transformation, has been studied by cryptanalysts and is used to construct secure cryptosystems like digital signatures. The research warns against using relaxed versions of LCE in cryptographic applications without rigorous security validation, which could lead to vulnerabilities. A key takeaway is that even for well-established hard problems, providing additional data, such as multiple instances of a problem that share the same secret, can make it easier for attackers to recover the secret information. This serves as a reminder to designers that seemingly minor adjustments to cryptographic structures can unintentionally reduce security. While the study highlights potential vulnerabilities, it by no means suggests abandoning PQC development. Instead, organizations should begin transitioning to quantum-safe cryptography while keeping in mind the importance of careful validation and measured adoption. For example, security practitioners should focus on rigorous cryptanalysis to assess the long-term security of any PQC scheme built on novel or modified computational problems. They must also avoid relying on less studied assumptions or at least approach them with skepticism to ensure that relaxations of problems don't introduce unintended vulnerabilities. The transition to PQC should be a gradual process, informed by ongoing cryptanalysis and contributions from the global cryptographic community. The process will also go through refinements as a natural part of its journey in the coming years. The Road Ahead The industry must navigate this shift with an understanding that cryptographic design is inherently iterative. New threats emerge and countermeasures must adapt accordingly. Governments and organizations embarking on their PQC migration journey must recognise that while PQC is still maturing, it presents an exciting opportunity to build a stronger, more resilient cryptographic foundation for the future. This opinion piece is authored by Dr. Víctor Mateu, Acting Chief Researcher, Cryptography Research Center at TII.
Gulf Business
06-08-2025
- Gulf Business
Why SandboxAQ says the Gulf must lead on GPS alternatives
Image: Supplied As GPS disruptions escalate across the Middle East, affecting everything from flights to smartphones, the risks to national security and economic stability are mounting. Gulf Business speaks with Luca Ferrara, GM of AQNav at SandboxAQ, about why GPS has become aviation's single point of failure — and how their new quantum-based navigation system, recently tested with Airbus, could offer the Gulf a strategic edge in aviation resilience. GPS disruptions have made headlines in the Middle East recently, with incidents affecting shipping, aviation, and even personal devices. How serious is this threat, and what risks does it pose to regional economies and safety? It's far more serious and taking place to a far greater degree than many people realise. Many commercial flights lose satellite signals mid-air, and when tensions in the region flared up recently, we even saw people in the UAE complain about their phones' clocks and maps being impacted. What makes this especially urgent for the Gulf is how much of the economy and infrastructure depends on GPS. Every oil shipment, every aircraft, every logistics hub, all of it depends today on the signals from GPS satellites. And when these signals are jammed or spoofed the ripple effects can jeopardise safety, national security, and public trust. Why has GPS become such a critical vulnerability for aviation, and why is it often described as a single point of failure? Don't reliable fallbacks already exist? It's not an exaggeration to say that presently, GPS is the single most important navigation tool globally, especially for aviation. But in case of failure, the fallbacks deployed at present are not built for the scale and complexity of modern air traffic. If a plane loses GPS, pilots have to revert to radar and radio communication with control towers, which are already under strain. They also switch to inertial navigation which drifts over time, like a spinning top wobbling out of balance. Beyond GPS jamming there is also GPS spoofing, where the pilot is not aware that they are navigating with a misdirected fake GPS signal. That's even more dangerous because you don't even know you're off course. SandboxAQ and Airbus recently announced the successful completion of comprehensive real-world trials of AQNav, a GPS-independent alternative. Can you explain how it works and why it offers greater resilience? Absolutely. The system we've pioneered, AQNav, takes a radically different approach to positioning, inspired by nature. Birds and whales have been navigating vast distances for millennia by sensing the Earth's magnetic field. Today we have the technology to achieve biomimicry of this capability. At All this is done without reliance on any external sources such as satellites. It's entirely self-contained, about the size of a toaster, passive (so it can't be jammed or intercepted), and inherently resilient to spoofing. Everything happens inside the device. That's the beauty of it — simple, elegant, and resilient. Your testing shows AQNav met FAA standards across more than 100 flights. What do these results tell us about its commercial viability and reliability? Those results give us enormous confidence in both the technology and its readiness for real-world use. Over more than 100 flights, across diverse geographies and conditions, AQNav consistently showed performance that could satisfy FAA standards known as RNP1 and RNP2. In total, we logged over 44,000 kilometres, which is more than the circumference of the Earth. And we did all this without GPS. That's proof not just of the science, but of the commercial viability. The system is already being tested with the biggest players in the industry — Airbus, Boeing, and the US Air Force. Why are you inviting Middle East airlines and governments to participate in the next phase of testing? How can the region take a leading role in adopting this technology? The Gulf is uniquely positioned to lead here. This region sits at the crossroads of global air travel, is home to some of the fastest growing airlines and logistics hubs in the world. At the same time, given ongoing geopolitical issues, it is also a region that faces some of the highest levels of GPS interference globally. This combination of high stakes and strong growth makes the Gulf the perfect proving ground for resilient navigation. By partnering with
