QxHSM
Overview
QxHSM is a fifth-generation, crypto-agile hardware security module built on Crypto4A’s patented Quantum Assured Security Module (QASM) architecture. It supports both classical cryptographic algorithms and NIST-approved post-quantum cryptography standards for key generation, digital signatures, and encryption. The platform is FIPS 140-2 Level 3 validated and has been submitted for FIPS 140-3 Level 3 certification with full PQC algorithm support — a first for the HSM industry.
Unsung is a Crypto4A Bronze Partner and Value-Added Solutions Provider. We design, implement, and support QxHSM deployments for UK customers planning post-quantum cryptography transitions and requiring quantum-safe hardware roots of trust for their PKI and cryptographic infrastructure.
The Challenge
Organisations that depend on hardware security modules to protect their most sensitive cryptographic keys face a growing strategic concern: the algorithms underpinning their current HSM deployments will eventually be vulnerable to quantum computing attacks. NIST has published post-quantum cryptography standards and set transition timelines, and regulatory bodies including the G7 Cyber Expert Group have established target dates for PQC readiness in critical sectors.
Traditional HSMs were not designed with crypto-agility in mind. Transitioning to post-quantum algorithms on legacy hardware often requires complete platform replacement, creating significant operational disruption and cost. Organisations need HSMs that support both current and post-quantum algorithms, enabling a managed transition without forcing an immediate, wholesale infrastructure change.
What It Does
QxHSM addresses this challenge by providing a crypto-agile HSM that supports classical and post-quantum algorithms from the same platform. Its FPGA-based architecture enables new algorithms to be deployed through quantum-safe firmware updates, ensuring the HSM can adapt as cryptographic standards evolve. The quantum-safe root of trust ensures that even the firmware update mechanism itself is protected against quantum attacks.
The platform provides HSM services for PKI, code signing, unified key management, and other high-assurance use cases. QxHSM integrates with platforms including DigiCert and Keyfactor EJBCA to act as a quantum-safe hardware root of trust for certificate lifecycle management and digital signing operations. With a 300 per cent increase in rack deployment density compared to traditional network-attached HSMs, the platform delivers improved operational efficiency alongside its quantum-safe capabilities.
How Unsung Helps
Unsung helps clients evaluate their post-quantum cryptography readiness, assess the suitability of quantum-safe HSMs for their environment, and plan practical transition strategies. Our consultants provide pragmatic guidance on deployment timelines and integration requirements, ensuring organisations can begin their PQC migration without disrupting current operations. Our Hardware Security Modules service covers the full lifecycle from requirements assessment through deployment and operational support.
Related Unsung Services
Hardware Security Modules — HSM selection, deployment, and integration for cryptographic key protection.
PKI Consultancy — Independent advisory on post-quantum cryptography strategy and migration planning.
PKI Design & Build — End-to-end design and implementation of quantum-ready PKI architectures.
