• Home
  • Products
    • QxHSM
    • QxEDGE
  • Resources
    • Document Library
    • Blogs
    • CNSA 2.0 FAQs
    • Sales Terms & Conditions
  • About
    • Company
    • Our Team
    • Newsroom
    • Careers
    • Co-op Programs
    • Contact
  • Support
Address 1550 Laperriere Ave Suite 203 Ottawa, ON, Canada
Email info@crypto4a.com
    • Home
    • Products
      • QxHSM
      • QxEDGE
    • Resources
      • Document Library
      • Blogs
      • CNSA 2.0 FAQs
      • Sales Terms & Conditions
    • About
      • Company
      • Our Team
      • Newsroom
      • Careers
      • Co-op Programs
      • Contact
    • Support
Quantum Safe Hardware Security Modules
Quantum Safe Hardware Security Modules
  • Home
  • Products
    • QxHSM
    • QxEDGE
  • Resources
    • Document Library
    • Blogs
    • CNSA 2.0 FAQs
    • Sales Terms & Conditions
  • About
    • Company
    • Our Team
    • Newsroom
    • Careers
    • Co-op Programs
    • Contact
  • Support
BMC-3-and-BMC-1
  • November 26, 2024
  • Andreea
  • Quantum
  • 0

Crypto4A is Quantum-Safe Now

Ask the right questions!

  • The FIPS 140-3 Validation of a classic HSM does not make it quantum-safe
  • A classic HSM providing PQC algorithm support does not make it quantum-safe
  • Adding QRNG to a classic HSM does not make it quantum-safe
  • HSMs without quantum-safe roots of trust (RoT) injected at manufacturing time are not quantum-safe and will never become quantum-safe in the future
  • Classic HSMs performing load-balancing or other HSM to HSM secure communication are subject to Harvest Now / Decrypt later attacks

Many people mistakenly believe that a FIPS 140 validation means an HSM is quantum-safe. In reality, not only does FIPS validation not address quantum-readiness, but the process can make designing a quantum-safe HSM particularly challenging. During our validation, we had to strongly advocate for using hybrid signatures and key exchange techniques to ensure our HSMs were quantum-safe by design—not an afterthought. Ultimately, we were able to point to NIST’s FAQ on hybrid signatures and key exchange schemes to support our approach.

Our design uses LMS+ECDSA for firmware updates and Classic McEliece+ECDH for HSM-to-HSM secure communications. This quantum-safe by design approach guarantees quantum-safe delivery of all firmware updates and mitigates the risk of “harvest now, decrypt later” attacks on HSM communications.

If you’re planning your PQC transition and use HSMs, remember: they are the foundation of your future PQC stack and must be quantum-safe by design. Ask your vendors how they ensure quantum-safe firmware updates and secure HSM-to-HSM communication, you might not like their responses.

Crypto4A is Quantum-Safe Now!

Ask us!

Tags: classic HSMFIPS 140-3HSMQRNGQuantum-Saferoots of trustRoT

Categories

  • Crypto Agility
  • Cryptography
  • Digital Trust
  • Entropy
  • Other
  • Public Key Infrastructure (PKI)
  • Quantum

Recent Posts

BMC-3-and-BMC-1
Quantum-Safe Now
Inside Sco-op
Next-generation HSMs: Rethinking the hardware form factor
transparent-pricing-picture
Transparent Hardware Security Module Pricing
Quantum Safe Hardware Security Modules
Canadian cybersecurity technology company providing industry leading, next-generation Quantum-Safe Hardware Security Modules (HSM) and Security Platforms.
Funded by the Government of Canada

Products

  • Hardware Security Modules
  • Hardware Security Platforms

Contact Info

  • 1550A Laperriere Ave, Suite 202
    Ottawa, Ontario
    Canada K1Z 7T2
  • +1 (613) 454-2222 | +1 (302) 787-3239
  • info@crypto4a.com

© 2025 All Rights Reserved.

  • Home
  • Products
    • QxHSM
    • QxEDGE
  • Resources
    • Document Library
    • Blogs
    • CNSA 2.0 FAQs
    • Sales Terms & Conditions
  • About
    • Company
    • Our Team
    • Newsroom
    • Careers
    • Co-op Programs
    • Contact
  • Support