Cryptsoft has taken a significant step toward strengthening future-ready cybersecurity by successfully demonstrating a Hybrid Post-Quantum Cryptography (PQC) authentication token proof-of-concept (POC). This innovation combines a low-memory Rust implementation of ML-DSA-65 with FEITIAN Technologies’ OpenSK dongle, ultimately delivering hybrid PQC passkey authentication for the Cryptsoft KMIP C Server.

Importantly, this development addresses a long-standing gap in quantum-safe security infrastructure. Until now, authentication mechanisms capable of supporting PQC systems remained underdeveloped. However, with this proof-of-concept, Cryptsoft provides a practical and scalable pathway for implementing quantum-resistant authentication systems across modern infrastructures.

The solution builds upon a development branch of the OpenSK project. However, the team replaced the original cryptographic layer with ML-DSA-65 sourced from Bouncy Castle’s bc-rust alpha release. Furthermore, engineers optimized the implementation specifically for embedded platforms, ensuring it operates efficiently even in memory-constrained environments.

To achieve this, the system uses a highly efficient memory design across key generation, signing, and verification processes. Instead of storing large datasets, it incrementally derives public-key material and reconstructs private-key states only when required. During signing, the system processes data sequentially—component by component—while recomputing commitments and responses dynamically. Additionally, it performs incremental hashing and writes outputs directly into buffers, which significantly reduces memory overhead.

Similarly, the verification process follows a streamlined approach. Rather than building large intermediate structures, it reconstructs only essential data and processes hash inputs in a continuous stream. Notably, these techniques build upon earlier OpenSK experiments using non-standardized Dilithium variants, but Cryptsoft has now refined and adapted them for the standardized ML-DSA-65 algorithm.

As a result, this innovation demonstrates how PQC algorithms can effectively function even in constrained environments like hardware tokens and embedded devices—an essential requirement for real-world adoption.

“The successful integration of ML-DSA-44, ML-DSA-65 and ML-DSA-87 into OpenSK demonstrates Cryptsoft’s commitment to advancing security standards and to driving innovation in the Key Management Server market,” said Justin Corlett, Business Development Manager, Cryptsoft. “It gives developers, security engineers, and researchers a practical platform for testing how next-generation FIDO2 credentials may operate in a modern PQC-ready security architecture.”

“FEITIAN is thrilled to congratulate Cryptsoft on implementing NIST PQC Algorithms into their products and SDKs. By leveraging the FEITIAN hardware platform, Cryptsoft has demonstrated how collaboration can solve the most pressing security challenges of the quantum era. At FEITIAN, we will continue our dedicated efforts to ensure our hardware remains a trusted, future-proof foundation for the global security ecosystem.” – Geoffrey Li, International Technical Director at FEITIAN Technologies Co. Ltd.

“A goal of the bc-rust project is to ensure support for embedded platforms and constrained environments. Meeting this goal is one of the reasons we have worked with Cryptsoft to better explore and understand techniques for PQC algorithms on constrained devices.” – David Hook, Secretary, Legion of the Bouncy Castle Inc.

Recommended Cyber Technology News:

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com  



🔒 Login or Register to continue reading