Post-quantum cryptographic solutions refer to a class of public-key cryptographic algorithms that are designed to remain secure in the presence of large-scale quantum computers. After nearly a decade of global cryptanalysis and evaluation, the National Institute for Standards and Technology (NIST) has officially completed the first phase of its Post-Quantum Cryptography Standardization Project. This process, which began in late 2016, culminated in the selection and standardization of core quantum-safe algorithms for key exchange and digital signatures between 2022 and 2024. In parallel, other international organizations such as the European Telecommunications Standards Institute (ETSI) and the Internet Engineering Task Force (IETF) are actively defining interoperable PQC standards for real-world protocols including TLS, VPNs, PKI, and secure communications. However, the primary global focus for PQC algorithm standardization remains on the NIST PQC effort. At PQSecure, we proudly develop production-grade, side-channel-resistant hardware and software IP for the finalized NIST PQC standards, enabling secure deployment across FPGA, ASIC, SoC, and embedded platforms.
Post-Quantum Public Key Exchange
Post-quantum public key exchange refers to a family of cryptographic algorithms designed to establish a shared secret key securely over an untrusted network in a manner that remains secure against quantum attacks. As part of the finalized NIST PQC standardization process, NIST has standardized ML-KEM (Module-Lattice Key Encapsulation Mechanism, formerly CRYSTALS-Kyber) as the primary quantum-safe key establishment algorithm. Earlier candidate families explored in the process included lattice-based, code-based, multivariate, and isogeny-based approaches. While isogeny-based schemes were ultimately not selected for standardization, the final NIST selection reflects a balance of strong security, high performance, and implementation efficiency. PQSecure provides side-channel-protected, fault-resilient implementations of ML-KEM, optimized for secure boot, root-of-trust, IoT, defense, and high-assurance embedded systems.
Post-Quantum Digital Signatures
Post-quantum digital signature algorithms are designed to authenticate the sender of information and ensure data integrity while remaining resistant to both classical and quantum attacks. As part of NIST’s finalized PQC standards, the following digital signature families have now been standardized:
- ML-DSA (Module-Lattice Digital Signature Algorithm, formerly CRYSTALS-Dilithium)
- SLH-DSA (Stateless Hash-Based Digital Signature Algorithm, formerly SPHINCS+)
In addition to these, legacy hash-based signatures such as XMSS and LMS remain standardized under earlier NIST specifications for specialized long-term signature use cases. PQSecure delivers high-assurance, side-channel-resistant hardware and software IP for ML-DSA and SLH-DSA, with protection against power analysis and fault-injection attacks. Our implementations are engineered for certification readiness and are deployable across secure enclaves, roots of trust, firmware authentication, and post-quantum PKI systems.
Post-Quantum Solutions
PQSecure offers a broad set of hardware IP cores that implement both post-quantum and classical cryptographic algorithms, aligned with NIST standards and CNSA 2.0 recommendations. These IPs are designed with configurable security and performance options, enabling seamless integration into ASICs, FPGAs, and secure embedded systems. Each core is available with optional side-channel protections, and all certifiable components have passed ACVP validation where applicable. The following table summarizes the supported algorithms, core functions, standards, and unique security features.
| Algorithms/Primitive | Functionality | Standard | Features |
|---|---|---|---|
| ML-KEM + ML-DSA | KeyGen, Encaps/Decaps, Sign/Verify | NIST FIPS 203 & 204 | Integrated Kyber + Dilithium cores, DPA-hardened, flexible profiles |
| ML-KEM (Kyber) | KeyGen, Encapsulation, Decapsulation | NIST FIPS 203 | ML-KEM-512/768/1024, CCA-secure, masking & shuffling |
| ML-DSA (Dilithium) | KeyGen, Sign, Verify | NIST FIPS 204 | ML-DSA-44/65/87, constant-time, threshold masking, DPA-safe |
| SLH-DSA (SPHINCS+) | KeyGen, Sign, Verify | NIST FIPS 205 | Stateless, parameterizable, masking-supported |
| LMS / HSS | KeyGen, Sign, Verify | RFC 8554, CNSA 2.0, ACVP SP NIST 800-208 | CNSA-recommended, ACVP certified, DPA-hardened |
| XMSS | KeyGen, Sign, Verify | RFC 8391 SP NIST 800-208 | RFC-compliant, DPA-protected |
| Ascon | KeyGen (sym.), AEAD Encrypt/Decrypt, Hash | NIST SP 800-232 | Lightweight AEAD and hashing algorithm standardized by NIST; includes masking and DPA resistance |
| Hybrid ECC + PQC | KeyGen, Key Exchange, Sign, Verify | CNSA 2.0 | ECC + PQC integration, dual-mode, constant-time |
| AES-GCM / AES-CTR | KeyGen (sym.), Encrypt/Decrypt | FIPS 197, SP 800-38D | Side-channel protected AES cores |
| SHA-2 | Hash | FIPS 180-4 | Pipelined, constant-latency, timing-safe |
| SHA-3 | Hash, SHAKE | FIPS 202 | Keccak core with domain separation |
| HMAC-SHA2 | KeyGen, MAC | FIPS 198-1 | SHA2-based HMAC with masking |
| HMAC-SHA3 | KeyGen, MAC | SP 800-185 | Domain-separated HMAC, DPA-safe |
| SP 800-90A DRBG (Hash, HMAC, CTR) | Deterministic Random Bit Generation | NIST SP 800-90A Rev.1 | Hardware DRBG cores based on SHA2, HMAC, or AES; entropy reseeding and health tests included; DPA-resistant |
| SP 800-90B Conditioner (AES CBC-MAC) | Entropy Conditioning / Whitening | NIST SP 800-90B | AES CBC-MAC-based conditioning for TRNG entropy sources; compliant with FIPS 140-3 health tests |
| TRNG | Entropy Generation | SP 800-90B/C, FIPS 140-3 | Online testing, entropy conditioned (optional AES CBC-MAC module) |
| Trivium | PRNG / Stream Cipher | NIST SP 800-232 IPD | Lightweight PRNG used for DPA randomness only (not for compliance-grade entropy) |
PQSecure offers a wide range of hardware solutions and software solutions for every need from high-end servers to low-end embedded devices with side-channel countermeasures added by design.