09/06/2025 | News release | Distributed by Public on 09/06/2025 13:05
Quantum computing has been making waves once again, starting with a significant gathering at Nvidia's GTC AI conference. CEO Jensen Huang hosted a meeting with 14 CEOs and technical leaders from the quantum industry, where they discussed the current and future states of quantum technology. It was exciting to hear about the different ways to cool, improve logic gates, and try new things in this area. These companies are trying to make quantum computing available to everyone.
Since then, there has been a constant barrage of news on quantum computing for next-gen networking, blockchains, and even banking use cases. But before all that hype, there was a huge announcement from the National Institute of Standards and Technology (NIST) that didn't get much airtime. NIST selected a fifth algorithm, Hamming Quasi-Cyclic (HQC), which will serve as a backup to the existing Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) algorithms recommended by FIPS 203 for protecting against quantum attacks.
Commvault Implements NIST's HQC Algorithm to Enhance Cyber Resiliency
In the ever-evolving landscape of cybersecurity, staying ahead of potential threats is paramount. Commvault is committed to helping protect our customers from modern threats, including the infamous "harvest now, decrypt later" exfiltration.
To improve our defenses, we're excited to announce that we're using NIST's new HQC algorithm for post-quantum encryption. This algorithm is part of our strong crypto-agility strategy (which we will cover in a moment). HQC is designed to provide a second line of defense to protect internet traffic and stored data, even if vulnerabilities are discovered in ML-KEM.
It May Not Stay as a Backup … Why HQC Matters
HQC is based on error-correcting codes, a concept that has been integral to information security for decades. Unlike ML-KEM, which relies on structured lattices, HQC's unique mathematical foundation offers a robust alternative that can help combat the potential threats posed by future quantum computers.
This shift in mathematical approaches is crucial for maintaining the integrity of encrypted data. At Commvault, we know how important it is to have data security measures in place and leverage a crypto- agile approach to respond quickly to changing threats.
The quantum world is changing fast, warranting swift responses. This capability is essential for maintaining cyber resiliency against sensitive data, with a 10+ year lifespan on hardware and software, based on recent estimates.
What About FIPS 204 and FIPS 205 Algorithms?
FIPS 204 and FIPS 205 are two digital signature algorithms (DSA) standards. They are designed to prove who sent a message and make sure it hasn't been changed. Despite both being DSAs, they take a different mathematical approach to securing the signatures. FIPS 204 is module-lattice- based (ML-DSA), while FIPS 205 is stateless hash-based DSA (SLH-DSA).
These differ from HQC and ML-KEM, which are key-encapsulation mechanisms that provide thehandshake, or key exchange, between two parties.
I like to think of it this way: DSAs provide authentication, while KEMs provide key exchange. They tackle separate problems; thus, both are necessary for resiliency. Along the same lines, you can think of FIPS 205 as an alternative for FIPS 204, just like HQC is an alternative to ML-KEM, and this is why crypto-agility is a necessity.
Implementing Crypto-Agility for Enhanced Cyber Resiliency
Commvault's crypto-agility strategy involves several key steps to prepare for the quantum era:
Commvault's implementation of NIST's HQC algorithm and our comprehensive crypto-agility strategy demonstrate our dedication to providing top-tier resiliency solutions. As we navigate the complexities of post-quantum encryption, our priority remains clear: to protect our customers' data integrity and help them achieve continuous business. Stay tuned for more updates as we continue to enhance our data security features and safeguard your business.
Read more in our Executive Brief for Senior IT and Security Leaders, Protecting Your Data: Why Post-Quantum Cryptography Matters.
Protecting Your Data: Post-Quantum Cryptography Explained Post-Quantum Cryptography: Why Your Business Must Prepare NOW