Quantum security milestone: ISO updates encryption standard to include quantum-resistant algorithms

The approved code-based standard gains backing from NIST, BSI, Mullvad, offering long-term security against future computing threats and replacing RSA vulnerabilities.

The International Organization for Standardization (ISO) has approved “Classic McEliece” as a quantum-resistant encryption standard, marking a significant milestone in post-quantum cryptography.

The scheme was co-developed by an international research team that includes Dr Varun Maram of the University of Warwick. This decision represents the first time ISO has formally standardized a code-based cryptographic system.

Unlike traditional encryption methods such as RSA, which rely on mathematical exponentiation and could be vulnerable to future quantum attacks, Classic McEliece is built on error-correcting codes originating from a cryptographic approach introduced by Robert J McEliece in 1978.. These codes are widely used to ensure reliable data transmission over noisy channels, offering a fundamentally different security model.

Early adoption and support

Dr Maram has noted that legacy encryption systems like RSA depend on assumptions about the difficulty of certain mathematical problems. Quantum computing has the potential to undermine those assumptions by making such problems significantly easier to solve. In contrast, code-based cryptography like Classic McEliece has remained resistant to both classical and quantum attack models over decades of analysis.

The standard has already seen early adoption and support from both industry and government organizations:

• Mullvad VPN, for example, has implemented Classic McEliece to help safeguard user data against future quantum threats.
• Germany’s Federal Office for Information Security (BSI) has also endorsed it for long-term protection of sensitive information.
• The US National Institute of Standards and Technology (NIST), which released its initial set of post-quantum standards in August 2024, is evaluating Classic McEliece and has deferred to ISO’s process to avoid fragmentation across standards bodies.

The development of Classic McEliece reflects a global collaboration, including contributions from Professor Carlos Cid of the Okinawa Institute of Science and Technology. ISO’s endorsement is expected to accelerate adoption among governments and enterprises seeking to protect data against the long-term risks posed by quantum computing.