Bringing HQC to Production: How ExeQuantum Adopted a Post-Quantum KEM at Scale

ExeQuantum Adopting HQC
At ExeQuantum, we believe post-quantum cryptography (PQC) isn’t just a research milestone, it’s a deployment challenge. And we’re solving it.

We’ve taken one of the most advanced post-quantum algorithms, HQC-192, and made it accessible via API, deployable in production, and usable today, not someday.

Why HQC, and Why Now?

While much of the cryptographic world is focused on ML-KEM (Kyber), we believe in diversification. ML-KEM, like many PQC finalists, is built on lattice-based assumptions, a powerful but increasingly scrutinised foundation.

Recent breakthroughs in classical cryptanalysis have raised flags about the long-term resilience of lattice-based constructions. While these advances don’t break ML-KEM today, they’ve sparked important questions about crypto-agility and single-algorithm dependence.

That’s why we chose HQC (Hamming Quasi-Cyclic), a code-based KEM that relies on completely different mathematical principles. With HQC, we’re not just diversifying cryptographic theory, we’re building practical, production-ready alternatives.

A Post-Quantum TLS Transport Layer

The API is secured with a hybrid post-quantum TLS handshake, combining classical elliptic curve cryptography with a PQC algorithm. This ensures secrets aren’t just safe at rest, but safe in transit, even against future quantum adversaries.

If you’re exchanging secrets over TLS today, you’re trusting that the handshake won’t be retroactively broken. With our PQ TLS layer, that’s no longer a blind spot.

In Beta For a Reason

HQC has been selected by NIST as an alternate finalist, a strong endorsement, but not yet a completed standard. NIST expects to finalise alternate KEMs like HQC in 2027.

That’s why we’re offering HQC support through beta-only, opt-in endpoints.

These endpoints are ideal for:
  • Developers building future-proof encryption systems
  • Researchers exploring non-lattice PQC adoption
  • Security teams preparing for cryptographic agility
As the standard matures, we’ll promote HQC support to our core API, ready for mainstream integration. At the moment, we recommended using it in hybrid with ML-KEM and/or ECC.

Try It Now

The HQC beta API is now live for early adopters.
- Request HQC-192 shared secrets
- Encapsulate and decapsulate via authenticated API
- Delivered securely over a post-quantum TLS channel
- Zero storage, zero trust - secrets are never retained server-sideQuantum-safe cryptography doesn’t belong on your roadmap.
It belongs in your deployment pipeline.

Let’s make it real, together.