QVault TPM Now Compliant with ML-DSA-87 and ML-KEM-1024, Leverages the Most Secure NIST-Standardized CRYSTALS-Dilithium and Kyber Algorithms for Quantum-Resistant Protection

SEALSQ Corp (NASDAQ: LAES) ("SEALSQ" or "Company"), a company that focuses on developing and selling Semiconductors, PKI, and Post-Quantum technology hardware and software products, today announced that its QVault Trusted Platform Module (TPM) is fully compliant with ML-DSA-87 and ML-KEM-1024, the highest-security parameter sets of the NIST-standardized CRYSTALS-Dilithium (ML-DSA) and CRYSTALS-Kyber (ML-KEM) algorithms. This milestone reinforces SEALSQ's position as a trusted provider of quantum-resistant security solutions, addressing the stringent requirements of defense, IoT, automotive, and telecommunications markets.

ML-DSA-87 and ML-KEM-1024: The Pinnacle of Post-Quantum Security

ML-DSA-87 and ML-KEM-1024 represent the most robust variants of the CRYSTALS-Dilithium digital signature algorithm and CRYSTALS-Kyber key encapsulation mechanism (KEM), respectively, standardized by NIST in August 2024 as FIPS 204 and FIPS 203. These algorithms, part of the Cryptographic Suite for Algebraic Lattices (CRYSTALS), are based on the hardness of module lattice problems, offering resistance to both classical and quantum attacks.

Their superior security stems from longer key sizes, which provide enhanced protection against cryptanalytic advances:



ML-DSA-87 (Dilithium): With a public key size of 1,952 bytes and a signature size of 4,595 bytes, ML-DSA-87 targets security equivalent to AES-256, the highest security level among NIST's PQC signature schemes. This makes it ideal for applications requiring long-term data integrity and authentication, such as firmware signing and secure communications in defense systems.

ML-KEM-1024 (Kyber): Featuring a public key size of 1,568 bytes and a ciphertext size of 1,568 bytes, ML-KEM-1024 also achieves AES-256-equivalent security, ensuring robust key exchange for encrypted data transmission. Its design supports high-security use cases like IoT device authentication and satellite telecommunications.



Compared to lower-parameter variants (e.g., ML-DSA-44, ML-KEM-512), ML-DSA-87 and ML-KEM-1024 use larger keys and more complex lattice structures, significantly increasing computational difficulty for attackers, including those with future quantum computers. According to NIST, these parameter sets are recommended for applications where“the highest level of security is required,” such as protecting classified data or critical infrastructure.

Market Demand for High-Security PQC Solutions

The urgency to adopt quantum-resistant cryptography is driven by the rapid advancement of quantum computing, with experts predicting cryptographically relevant quantum computers could emerge within a decade, threatening traditional encryption like RSA and ECC.

Industry leaders have echoed the demand for high-security PQC algorithms. IBM, a key contributor to ML-DSA and ML-KEM, noted that these standards mark“a crucial milestone to advancing the protection of the world's encrypted data,” (*) highlighting their adoption in products like IBM z16 and IBM Cloud for government and financial services. Cloudflare reported that nearly 2% of TLS 1.3 connections were PQC-secured by early 2024, with expectations of double-digit adoption by year-end, driven by customers prioritizing quantum-safe key exchange for data protection against“harvest now, decrypt later” attacks. The preference for AES-256-equivalent security delivered by ML-DSA 87 and ML-KEM 1024 aligns with customer requirements in defense and critical infrastructure, where long-term data confidentiality is paramount.

(*)

QVault TPM: A Robust Platform for Quantum-Resistant Security

SEALSQ's QVault TPM integrates ML-DSA-87 and ML-KEM-1024 into a hardware-based security module, providing a tamper-resistant environment for cryptographic operations, key storage, and device authentication. Certified to FIPS 140-2/3 and Common Criteria EAL5+, the QVault TPM supports a range of applications, including:



Defense: Secure firmware signing and authentication for drones and satellite systems, ensuring data integrity against quantum threats.



IoT: Quantum-safe authentication for billions of connected devices, protecting smart cities and industrial systems.

Automotive: Secure vehicle-to-everything (V2X) communications, meeting ISO 26262 safety and cybersecurity standards.





The QVault TPM's compliance with ML-DSA-87 and ML-KEM-1024 builds on SEALSQ's expertise in secure semiconductors, as demonstrated in partnerships with Parrot and AgEagle for drone security and WISeSat for satellite IoT connectivity. By embedding the most secure PQC algorithms, SEALSQ ensures long-term protection for data encrypted today, addressing customer demands for future-proof cybersecurity.

“SEALSQ's QVault TPM sets a new benchmark for post-quantum security by integrating ML-DSA-87 and ML-KEM-1024, the most advanced algorithms available,” said Jean-Pierre Enguent, CTO of SEALSQ.“Our commitment to delivering quantum-resistant solutions empowers customers in defense, IoT, and automotive sectors to safeguard critical systems against emerging threats.”

