Alibaba Cloud offers the Post-Quantum Cryptography General Virtual Security Module (GVSM) as part of its Cloud Hardware Security Module (HSM) service. By integrating post-quantum cryptography algorithms, the GVSM protects the confidentiality, integrity, and authenticity of sensitive data, digital identities, and critical business operations. This helps you defend against potential threats from quantum computing and ensures long-term security. This topic describes the Post-Quantum Cryptography GVSM.
What is a post-quantum HSM
Post-Quantum Cryptography (PQC) is a set of encryption technologies that can resist attacks from quantum computers. As quantum computing develops, mature quantum computers will be able to break widely used public key encryption algorithms such as RSA and ECC. This poses a critical threat to global digital infrastructure. The "Harvest Now, Decrypt Later" attack model means that even currently encrypted data may be decrypted in the future. To address future threats from quantum computing, you can migrate to hardware security modules (HSMs) that resist quantum attacks.
Alibaba Cloud offers a beta product for post-quantum cryptography called the GVSM PQC version. It inherits existing HSM security features. It also integrates advanced algorithms from the post-quantum cryptography standardization project led by the National Institute of Standards and Technology (NIST) and other mature hash-based signature schemes.
NIST PQC standard algorithms
FIPS-203 ML-KEM (CRYSTALS-Kyber): A lattice-based Key Encapsulation Mechanism (KEM) used to establish quantum-resistant shared keys. This ensures the confidentiality of data transmission and communication.
FIPS-204 ML-DSA (CRYSTALS-Dilithium): A lattice-based Digital Signature Algorithm (DSA) used to provide quantum-resistant data integrity verification and identity authentication.
FIPS-205 SLH-DSA (SPHINCS+): A hash-based stateless digital signature algorithm that provides strong security guarantees. It is an alternative signature scheme recommended by NIST.
Other hash-based signature schemes
LMS (Leighton-Micali Signature Scheme): A stateful hash-based signature scheme standardized in RFC 8554. It is suitable for scenarios that require extremely high security guarantees, such as firmware signing.
XMSS (eXtended Merkle Signature Scheme): A stateful hash-based signature scheme standardized in RFC 8391. It provides more flexibility and features than LMS.
ImportantLMS and XMSS are stateful hash-based signature schemes. To ensure security, you must properly manage the signature key state when you use them.
Benefits
Proactive security: Uses PQC algorithms to defend against future decryption risks from quantum computing. This ensures the long-term security of your assets and data.
Standard compliance: Follows the PQC standardization process from authorities such as NIST. This ensures your solution is credible and interoperable.
Enhanced root of trust: Provides a quantum-resistant root of trust for core scenarios, such as your Public Key Infrastructure (PKI), code signing, database encryption, and digital identities.
Long-term data protection: Uses quantum-resistant encryption to ensure the enduring security of sensitive data that requires long-term archiving.
Seamless integration: Compatible with standard interfaces such as PKCS#11, Java Cryptography Extension (JCE), and Cryptography API: Next Generation (CNG). This allows a smooth transition from traditional systems to a quantum-resistant architecture.
Scenarios
Encrypt sensitive data for long-term protection: Use ML-KEM (Kyber) for key encapsulation and data encryption. This provides quantum-resistant protection for long-term data storage and real-time communication.
Future-proof digital signatures: Use ML-DSA (Dilithium) or SLH-DSA (SPHINCS+) signature algorithms. This ensures that critical data, such as software updates, firmware, legal contracts, and transaction records, remains unforgeable and verifiable in a quantum computing environment.
Quantum-resistant certificate security: Deploy a quantum-resistant certificate authority (CA) based on PQC algorithms. This secures certificate signing and verification and ensures that digital certificates remain tamper-proof and authoritative in the quantum era.
Internet of Things (IoT) device security: Provide quantum-resistant identity authentication and secure firmware update mechanisms for long-lifecycle IoT devices to defend against future threats.
Blockchain and digital asset protection: Blockchains rely on public key encryption to secure transactions and wallets. Quantum computing could break these traditional algorithms. You can deploy PQC to replace existing signature algorithms to ensure that digital assets remain tamper-proof and their ownership is verifiable in the quantum era. This provides long-term security for next-generation blockchain protocols and wallet systems.
GVSM PQC version performance data
The following tables show the algorithms and performance supported by the GVSM PQC version.
Key encapsulation algorithms
Encapsulation algorithm | Encapsulation | Unblock | Key generation | Maximum number of keys |
FIPS-203 ML-KEM | 6,000/s | 2,500/s | 3,500 pairs/s | 256 |
Key signature algorithms
Signature algorithm | Signing | Signature verification | Key generation | Maximum number of keys |
FIPS-204 ML-DSA | 1,000/s | 3,000/s | 1,800 pairs/s | 256 |
FIPS-205 SLH-DSA | 1/s (slow) 10/s (fast) | 300/s (slow) 600/s (fast) | 15 pairs/s (slow) 250 pairs/s (fast) | 256 |
LMS | 1 to 40/s | 200 to 1,500/s | 1 pair/15 minutes | 256 |
XMSS | 50 to 200/s | 50 to 600/s | 1 pair/10 minutes | 256 |
Purchase the GVSM PQC version
To purchase a GVSM (SM) HSM in the Chinese mainland and enable the post-quantum module, go to the purchase page.
Risk notice
PQC cryptographic operations may affect performance. Before migration, conduct a stress test and then gradually migrate your business to the GVSM PQC version. This process ensures system stability and business continuity.