The PQPlatform-TrustSys is a new quantum-safe Root of Trust solution that enables ASIC and FPGA hardware to achieve compliance with new PQC standards set out in regulations like the NSA’s CNSA 2.0.
PQPlatform-TrustSys falls under the ultra-secure pillar of PQShield’s UltraPQ-Suite, which offers a range of ultra-fast, small and ultra-secure highly optimised implementations of PQC for critical use cases at a time of transition to new cryptographic standards.
PQShield’s product suite allows organisations to choose implementations of PQC that best match their priorities, something that is increasingly important for manufacturers that require either fast-performance, high-security, or low-footprint solutions.
Its three pillars – ultra-fast, ultra-secure and ultra-small – means PQShield can deliver high quality PQC products that address the specific needs of customers.
Ultra-fast delivers high-performance PQC at the core of the network to accelerate new and existing applications in FPGA or ASIC designs. The company’s core product in this category, PQPerform-Lattice, optimises key encapsulations per second to maintain strong latency performance and optimise power consumption. This is particularly critical in the networking sector, for example with applications like firewalls, routers and HSMs.
PQShield’s ultra-secure implementations have been optimised for use in products that are the target of highly sophisticated attackers, for instance in critical infrastructure devices with a long lifecycle that require the highest levels of integrity. Side channel attack (SCA) and fault injection attack (FIA) resistance are also key to this category.
This is particularly important for device attestation, where confirming that your device has not been tampered with, compromised, or is running unauthorised firmware/software enabling remote trust establishment is critical.
PQPlatform-TrustSys is PQShield’s leading product in this pillar but there are also a range of modular IPs that can future proof existing security implementations.
The company’s ultra-small targets implementations in memory-constrained devices, embedded systems, microcontrollers and devices that are already in the field, like energy smart meters and industrial controls.
PQShield’s PQCryptoLib-Embedded, is the smallest implementation of PQC currently on the market and is particularly useful for OEMs and device manufacturers, where efficient implementations of PQC are needed to secure end-to-end-encrypted (E2EE) comms channels, as well as ensuring data confidentiality and integrity.
Last year, the PKfail vulnerability highlighted multiple security issues within Secure Boot and Secure Update mechanisms, which now need to be updated to PQC to protect organisations and maintain platform security, as Secure Boot and Secure Update play a fundamental role in protecting against malware.
Product developers will need to ensure they meet both existing and new regulatory requirements with clear timelines set out by NIST, both for the adoption of PQC and more crucial for Secure Boot, the complete phase-out of RSA by 2035. Looking across current guidance it is clear that companies and organisations will have a 5-10 year window to migrate.
PQShield’s PQPlatform-TrustSys is designed to help manufacturers achieve compliance with cybersecurity regulations with minimal integration time and effort. Built as a PQC-first design, this allows for strong, efficient, and quantum-resistant security implementations, free from the limitations of older architectures.
In terms of key management, PQPlatform-TrustSys tracks the key’s origin and permission including key revocation, which is an essential and often overlooked part of securing any large-scale cryptographic deployment. It allows the Root of Trust to enforce restrictions on critical operations and maintain security even if the host system is compromised.
Additionally, both key origin and permission attributes are extended to cryptographic accelerators that are connected to a Private Peripheral Bus.
When a device is physically exposed to potential attackers – which includes most implementations of ASIC and FPGA hardware in consumer devices, automotive use, and communications networks – so-called “side-channel attacks” that exploit timing, power, and fault vulnerabilities need to be considered as well.
Ali El Kaafarani, founder and CEO of PQShield, said, “With new standards announced, last year was pivotal in the progress towards quantum security. 2025 is where we run into the real challenge – implementation. Given the wide range of implementation use cases, we need to offer manufacturers enough flexibility and crypto-agility to roll out PQC in a way that meets their priorities.
“Our ultra-secure, ultra-fast and ultra-small products address the major challenges manufacturers face when choosing an implementation of PQC, enabling them to more easily protect the next generation of devices and digital infrastructure that reaches the market.”
The launch follows PQShield achieving FIPS 140-3 certification through the Cryptographic Module Verification Program (CMVP), which is designed to evaluate cryptographic modules and provide agencies and organisations with a metric for security products, as well as building its own silicon test chip to prove this can all be delivered ‘first time right’.
