SSH

Tectia Quantum Safe Edition

Tectia Quantum Safe Edition makes Tectia quantum-safe for the future. It is a separate product enhancementad for Tectia Client/Server that can be enabled with an additional license without the need to reinstall Tectia products.

Tectia Quantum Safe supports multiple Post Quantum Cryptography (PQC) algorithms, including CRYSTALS-Kyber, FrodoKEM, SABER and Streamlined NTRU Prime that are used in a Hybrid Key Exchange in SSH together with a classical ECDH algorithm. Both the PQC and ECDH algorithm contribute to the key material resulting in a session key that is at least as hard to break as the strongest composite. The hybrid approach mitigates the risk of future attacks on recorded secure shell sessions if weaknesses are discovered in either algorithm.

Tectia Quantum Safe and FIPS

The FIPS 140-2 validation, and FIPS 140-3 validation does not cover PQC algorithms themselves. However, the FIPS 140 series cryptographic of validation allows additional inputs for the validated key derivation functions. The PQC algorithms are used for generating such inputs, and therefore the use of PQC is allowed on FIPS-140 validated cryptosystems. For example, the CRYSTALS-Kyber PQC algorithm selected by NIST and used with ECDH NIST curve P521 in Hybrid Key Exchange in Tectia, can be used in FIPS mode.