Quantum-Resilient Infrastructure: SoftIron's Proactive Approach to Cryptographic Security
Cryptographic Resilience
Quantum-Resistant Cryptographic Arsenal
As part of SoftIron's future-facing security discipline, we have engineered post-quantum cryptography (PQC) into the core of our technology. Our advanced cryptographic extension supports a comprehensive suite of quantum-resistant algorithms, carefully selected to meet emerging FIPS standards.
Key Encapsulation
- ML-KEM (FIPS 203 Final): the standardized version of the Kyber algorithm, providing secure, quantum-resistant key exchange
Digital Signature Algorithms
- ML-DSA (FIPS 204 Final): the standardized version of a lattice-based, quantum-resistant signature algorithm
- SLH-DSA (FIPS 205 Final): the standardized version of a hash-based, quantum-resistant signature algorithm
Data in Transit: TLS
SoftIron's SingularIT™ platform supports PQC cipher suites to secure in-transit data across our devices. This includes TLS endpoints for the Web interface, APIs, metadata, and S3 object storage.
Our products support modern hybrid key exchanges (such as X25519+ML-KEM-768 and NIST P-Curve+ML-KEM-768) for compatibility with existing clients, pure PQC key exchanges (ML-KEM-1024 and ML-KEM-768) that meet FIPS 203 standards, and traditional encryption methods like ECC (X25519 and NIST P-Curve) for legacy fallback.
This provides future-proofing for both current and future cryptographic needs.
Data in Transit: SSH
SoftIron's SSH endpoints support PQC key exchange, ensuring stronger protection against future threats while maintaining compatibility with current systems. This includes the hybrid key-exchange algorithm X25519+ML-KEM-768, which combines the advantages of PQC with proven traditional methods for advanced security.
By employing hybrid key exchanges, SoftIron's SingularIT™ platform ensures secure communication even as cryptographic standards evolve. For legacy systems or clients that do not yet support PQC, we provide conventional SSH key exchange algorithms as a fallback. This approach allows for a smooth transition to post-quantum readiness while minimizing disruptions.
Data at Rest
Stored data is protected by quantum-resistant, 512-bit AES-XTS. Key material is stored offline on secure hardware tokens.
Beyond Compliance
SoftIron's cryptographic extension is more than a checklist of features. It represents our commitment to:
- anticipating future computational threats
- providing fully integrated, standards-compliant security
- providing flexibility and interoperability across different deployment configurations
Whether you are ready to adopt PQC now or simply want to be prepared against future eventualities, SoftIron meets your requirements by putting the choice in your hands, without integration costs or service interruptions.
Read our blog post to learn more.