Classic McEliece ISO Standardisation Is A First For Post-Quantum Cryptography
Classic McEliece achieved global ISO standardisation on 15 July under ISO/IEC 18033-2, becoming the first post-quantum cryptography algorithm to reach that status.
Listen to this article

Classic McEliece achieved global ISO standardisation on 15 July under ISO/IEC 18033-2, becoming the first post-quantum cryptography algorithm to reach that status. The Classic McEliece ISO standardisation gives international procurement a reference point outside the American federal standards process, which is a more consequential development than the technical merits of any single algorithm.
Classic McEliece is a code based key encapsulation mechanism descended from a scheme Robert McEliece published in 1978. Its distinguishing property is age. The underlying problem has resisted attack for nearly five decades, including sustained analysis after quantum algorithms made the vulnerability of RSA and elliptic curve cryptography clear. Its distinguishing disadvantage is equally well known: public keys run to hundreds of kilobytes, which rules it out for many protocols where handshake size determines performance.
That trade-off explains where it fits. Classic McEliece is unsuited to high volume web traffic and well suited to long lived static keys protecting data that must remain confidential for decades. Government archives, medical records, financial settlement systems and industrial control credentials fall into that category, and it is exactly the category most exposed to harvest now, decrypt later collection, in which an adversary stores encrypted traffic today against the arrival of a machine capable of breaking it.
The standardisation carries a diversification argument that deserves attention. NIST’s finalised standards, FIPS 203, 204 and 205, specify ML-KEM, ML-DSA and SLH-DSA. Two of the three are lattice based. In April 2024 a preprint proposed a quantum algorithm against certain lattice problems, and although subsequent analysis found a fundamental flaw and confirmed that deployed schemes were unaffected, the episode was a useful reminder of concentration risk. A code based algorithm standing on entirely different mathematics gives infrastructure operators a second family to fall back on.
The policy context makes the timing of the Classic McEliece ISO standardisation significant. Executive Order 14412, signed on 22 June, sets a deadline of 31 December 2030 for US federal agencies to move their most sensitive systems to post-quantum encryption and 31 December 2031 for post-quantum authentication, and directs federal contractors to comply with post-quantum Federal Information Processing Standards by the end of 2030. Regulators in the United Kingdom, the European Union and Australia have published migration roadmaps with deadlines between 2030 and 2035. The UK’s National Cyber Security Centre issued updated timelines in February urging financial services to complete external TLS hybrids before 2028 regardless of quantum hardware progress.
For organisations outside American federal procurement, the Classic McEliece ISO standardisation removes a practical obstacle. Specifying a NIST FIPS standard in a European or Asian tender has always required a justification that a national procurement officer may or may not accept. An ISO/IEC standard travels without that argument.
The market forming around this transition is substantial. Migration framework documents from the NSA, NIST, ENISA and the major consultancies converge on an estimate that services and integration spending will exceed post-quantum product revenue by a factor of eight to twelve across the migration window, with a total addressable market expanding from a few billion dollars in 2026 to tens of billions by 2036. Most of that is not cryptography. It is discovery, inventory and the replacement of systems whose cryptographic dependencies nobody documented.
The practical guidance has not changed. Inventory cryptographic assets and identify where public key cryptography is used. Apply Mosca’s framework, comparing the time required to migrate, the time data must remain confidential, and the estimated arrival of a cryptographically relevant quantum computer. Design for crypto agility, separating application logic from the cryptographic provider so algorithms can be replaced through policy without rewriting software. Avoid proprietary quantum safe products that have not been through a public standardisation process.
Classic McEliece will not appear in a browser handshake. It will appear in the systems protecting information that has to survive the next thirty years, and the ISO stamp is what allows a procurement officer in Frankfurt or Singapore to specify it without an argument.


