Tectia Quantum Safe Edition

Tectia Quantum Safe Edition makes Tectia quantum-safe for the future. It is a separate product enhancementad for Tectia Client/Server that can be enabled with an additional license without the need to reinstall Tectia products.

Tectia Quantum Safe supports multiple Post Quantum Cryptography (PQC) algorithms, including ML-KEM, CRYSTALS-Kyber, FrodoKEM and Streamlined NTRU Prime that are used in a Hybrid Key Exchange in SSH together with a classical ECDH algorithm. Both the PQC and ECDH algorithm contribute to the key material resulting in a session key that is at least as hard to break as the strongest composite. The hybrid approach mitigates the risk of future attacks on recorded secure shell sessions if weaknesses are discovered in either algorithm.

Tectia Quantum Safe and FIPS: The FIPS 140-2 validation, and FIPS 140-3 validation does not cover hybrid algorithms themselves. However, the FIPS 140 series cryptographic of validation allows additional inputs for the validated key derivation functions. The PQC algorithms are used for generating such inputs, and therefore the use of PQC is allowed on FIPS-140 validated cryptosystems. For example, the ML-KEM PQC algorithm standardized by NIST as FIPS PUB 203 and used with ECDH NIST curve P384 in Hybrid Key Exchange in Tectia, can be used in FIPS mode.