Overview
As organizations struggle to take control of their cryptographic security risks, advances in quantum computing will soon render current cryptographic protections obsolete. If your organization hasn't started executing on a Post-Quantum Readiness plan, now is the time. Fortanix provides PQC solutions to help streamline operations, accelerate readiness, and reduce both risk and cost.
Fortanix PQC Solutions
The Fortanix platform enables crypto-agility for your organization to transition to a post-quantum ready state with minimal disruptions. The Fortanix platform is designed to support you through all three phases of the Post-Quantum Readiness process, whether you are dealing with data at rest, in transit, or in use.
Discover
- Maps your organization's entire cryptographic security posture
- Inventories all encryption keys and data services across multi-cloud, multi-geography and on-premise environments
- Provides complete visibility into key locations, statuses, and usage across critical data services.
PQC Assessment
- Benchmarks your organization’s cryptographic security posture against emerging post-quantum computing threats
- Identifies gaps in security posture and detects data services lacking proper encryption or protection
- Prioritizes vulnerabilities through an intuitive dashboard and heat maps
PQC Transition
- Centrally manage all encryption keys and policies
- Ensures compliance and governance with the latest security standards, algorithms and policies.
- Automates manual processes to eliminate human error, reduce inconsistencies, and enhance overall data security.
Crypto-agility
With processes and tools in place, organizations now have an agile framework for quickly adapting to new cryptographic systems. PQC Readiness is a continuous process, as enterprises have a hyper-dynamic infrastructure where new services and systems launch regularly, potentially disrupting the cryptographic security footprint.
Supported Post-Quantum Algorithms
NIST released a set of Post-Quantum Cryptography (PQC) standards so organizations can upgrade their cryptographic footprint. Fortanix supports the full suite algorithms in the Commercial National Security Algorithm Suite (CNSA) 2.0. Our platform is built for agility and will swiftly implement updates and new standards when they arise.
| Algorithm | Function | Specification | Parameters |
|---|---|---|---|
| Advanced Encryption Standard (AES) | Symmetric block cipher for information protection | FIPS PUB 197 | Use 256-bit keys for all classification levels. |
| CRYSTALS-Kyber (ML-KEM) | Asymmetric algorithm for key establishment | FIPS PUB 203 | Use Level V parameters for all classification levels. |
| CRYSTALS-Dilithium (ML-DSA) | Asymmetric algorithm for digital signatures | FIPS PUB 204 | Use Level V parameters for all classification levels. |
| Secure Hash Algorithm (SHA) | Secure Hash Algorithm (SHA) | FIPS PUB 180-4 | Use SHA-384 or SHA512 for all classification levels. |
| Leighton-Micali Signature (LMS) | Asymmetric algorithm for digitally signing firmware and software | NIST SP 800-208 | All parameters approved for all classification levels. SHA-256/192 recommended. |
| eXtended Merkle Signature Scheme (XMSS) | Asymmetric algorithm for digitally signing firmware and software | NIST SP 800-208 | All parameters approved for all classification levels. |
Partner Solutions
Fortanix simplifies cryptographic operations for many use cases with various partner solutions.Fortanix joined forces with industry leaders to help our joint customers accelerate the PQC transition of their in Public Key Infrastructure (PKI). Gain visibility and control for critical use cases such as Certificate Lifecycle Management, while Fortanix facilitates the PQC encryption key management and secure storage using FIPS 140-2 Level 3 Hardware Security Modules (HSMs).
PQC Use Cases
Cryptographic Bill of Materials
A Cryptographic Bill of Materials (CBOM) is a detailed inventory that lists all cryptographic components within an organization's IT infrastructure, including algorithms, libraries, and protocols. Without a BOM, it is impossible to manage cybersecurity risks, ensure compliance, and plan PQC transition steps. Due to the operational silos of hybrid multicloud environments, obtaining and maintaining a CBOM is challenging without solutions such as a key security posture management solution.
Secure TLS Connections
Because the short-lived connections, Secure TLS Connections is an excellent opportunity for network and security engineers to deploy PQC, and observe the impacts of the larger key sizes to the system’s performance. Studies have shown that while ML-KEM increases the handshake time due to its larger key sizes, the impact on the overall connection time diminishes as the amount of data transferred increases.
Code Signing
Software is created from many different components that are developed by different engineering departments, or third parties. Injecting malicious code in the supply chain is an incredibly effective attack vector for adversaries. Besides third-party scrutiny and auditing processes, Fortanix recommends LMS to digitally sign firmware and software across the software supply chain, ensuring code has not been tampered with.
Firmware Deployment
Firmware deployment is a critical use case for post-quantum cryptography (PQC) due to software updating management challenges. IT infrastructure and IoT devices often rely on firmware updates for functionality and security improvements, yet these updates are difficult to control and monitor. With the advent of quantum computing, machine identities need PQC to sign firmware and protect the updating process to prevent exploitation by quantum-powered attacks.
