Product Overview
Quantum-first HSM
The QxHSM™ is a quantum-safe Hardware Security Module (HSM) built for organizations that need to secure their digital assets today while preparing for tomorrow. QxHSM™ combines crypto-agility, scalability, and a revolutionary modular blade design to deliver unmatched flexibility.
QxHSM™ enables enterprises and governments to:
- Protect sensitive keys, identities, and cryptographic operations against current and future threats
- Maintain ownership and sovereignty of cryptographic assets with no vendor lock-in
- Deploy seamlessly across on-premises, hybrid, or cloud environments
Stay ahead of evolving standards with a hardware platform built for post-quantum cryptography and crypto agility. QxHSM™ ensures your systems can seamlessly adapt to new algorithms without costly redesigns.
Maintain ownership, control, and operational management of your cryptographic assets with the freedom to migrate to new platforms safely and securely, without vendor lock-in.
A modular, scalable design combined with transparent pricing and longer product life cycle delivers lower total cost of ownership, ensuring measurable cost savings and operational efficiency.
Product Features
QxHSM™ highlights
Quantum-safe & crypto-agile architecture
FIPS 140-2 level 3+ validated, pending 140-3 level 3 (MIP)
Full support for NIST standard approved PQC algorithms
Over 60% rack space savings vs. traditional network-attached HSMs
Modular 1U, 4U blade server or desktop enclosure
Transparent, all-inclusive pricing model
Product Specifications
| Supported Algorithms | RSA, Elliptic Curve Cryptography (ECDSA, Diffie-Hellman (ECDH), EdSA-25519/448, X25519, X448) |
| Support for NIST & other PQC standards-based algorithms including |
|
| Asymmetric | RSA, Elliptic Curve Cryptography (ECDSA, Diffie-Hellman (ECDH), EdSA-25519/448, X25519, X448) |
| Symmetric | AES and its associated ECB, CBC, and GCM modes of operation |
| Hash/Message Digest/HMAC | SHA-1, SHA-2, SHA-3 (including the SHAKE XOF) |
| Key Derivation Functions (KDF) | SP800-108 Counter Mode, ANSI x9.63, SP800-56C, and HMAC (RFC 5869), including co-factor variants of these schemes |
| Random Number Generation | Designed to comply with AIS 20/31 DRG. Made with three independent noise sources based on quantum effects, each of which certified against NIST SP800-90B feedback into a a NIST SP800-90A compliant HASH-DRBG |
Deployment options
Chassis Configurations
- Single blade chassis
- Extended battery life: 5 years of additional unpowered standby
- Built in CLO
Use Cases
Where QxHSM™ shines
Securely sign applications, firmware, and software updates to ensure integrity and authenticity
Build a robust, quantum-safe PKI foundation for digital certificates, authentication, and trust services
QxHSM™ securely generates and injects device keys, provisions unique identities, and signs firmware to ensure every device leaves the factory with verified authenticity and integrity
Securely generate, store, and use encryption keys to protect data at rest and in transit
Manage cryptographic keys consistently across on-premises, private, and public cloud deployments
Centralize and safeguard API keys, passwords, tokens, and other secrets with hardware-backed security
Strengthen DNS integrity by protecting signing keys and cryptographic operations