Guides
Adding Post-Quantum Security to Existing TLS: The QiSpace for IoT Secure Network Add-on
A standards-based route to quantum-secure connections
For most organisations, the practical challenge of post-quantum readiness is not replacing the network stack but extending what is already in place. The QiSpace for IoT Secure Network Add-on takes that approach, providing quantum-secure TLS 1.3 connections across everything from desktops and servers down to the most resource-constrained embedded devices, using the cryptographic libraries development teams already work with.
The add-on supports both NIST PQC and Quantropi’s own novel algorithms, the latter optimised for high performance in constrained systems. This combination is intended to give teams both crypto-agility and flexibility, allowing them to adopt standards-based post-quantum cryptography while retaining the option of smaller, faster algorithms where resources are tight.
Two integration components
The add-on is delivered as two components that map onto common TLS implementations:
- OpenSSL Cryptographic Provider module. This supplies the cryptographic functions needed to establish quantum-secure TLS 1.3 connections. Because OpenSSL 3.2 and later use a provider-based architecture, the module can be added dynamically to any OpenSSL 3.x server, providing post-quantum security without re-architecting the application.
- MbedTLS Quantum Safe Extension. This extends Mbed TLS with the key exchange and digital signature algorithms required for quantum-secure TLS 1.3, bringing the same capability to embedded targets.
Packaging: Baseline and Premium
The add-on is offered in Baseline and Premium packages, which sit within the wider QiSpace for IoT solution family and its Dev, Standard and Enterprise tiers:
- The Baseline package provides NIST PQC standards, aligned to NIST FIPS 203 and 204.
- The Premium package adds Quantropi’s novel PQC algorithms and its true random number generator (TRNG), with source code also available at this level.
Support scales with tier, from standard email support and a set number of incidents at entry level through to live call and 24/7/365 support at Enterprise. Operating system coverage spans OpenSSL on Linux and Windows, and Mbed TLS on Embedded Linux, Zephyr, FreeRTOS and Azure/Eclipse RTOS.
Performance of the novel algorithms
The guide sets out why the Quantropi novel algorithms are positioned for embedded use, with figures measured at NIST security level 5:
- HPPK-KEM, the novel key exchange, offers a 64-byte ciphertext size and around 8K of memory utilisation.
- GHPPK-DS, the novel digital signature, offers a 264-byte signature size and under 11K of memory utilisation.
For devices where memory and bandwidth are at a premium, these compact sizes are the practical difference between post-quantum security being feasible and being an overhead the hardware cannot absorb.
Broad MCU and platform support
QiSpace for IoT supports a wide range of chipsets from leading vendors, spanning high-performance parts down to ultra-low-power MCUs. Supported families include STMicroelectronics STM32 and the automotive SPC5 and Stellar lines, Renesas RA, RL, RX, RZ and RH850 automotive series, and Microchip PIC32, SAM and AVR32 parts, alongside legacy Arm and RISC-V processors. Support for further manufacturers and chipsets is available on request.
Download the guide
This guide details the QiSpace for IoT Secure Network Add-on, its integration components, packaging and supported platforms. Download your copy to assess how quantum-secure TLS 1.3 can be added to your existing server and embedded estate.