A Vendor-Neutral Analysis of HSM Vendors

A Vendor-Neutral Analysis of HSM Vendors and Their Support for PQC

Top Seven Vendors and Ease of Upgrading to NIST PQC Algorithms

Vendor/Product	Top Network-Attached HSM	Approach to PQC Upgrade	Ease of Upgrade (RSA/ECDSA to ML-DSA/ML-KEM)	Practicality of Vendor Claims
Entrust (nCipher)	nShield Connect	Post-Quantum SDK + firmware updates	Moderate (requires SDK coding + testing)	Claims of flexibility overstated; app rework significant
Thales SafeNet	Luna Network HSM	Functionality Modules (FMs) via firmware	Moderate (modular but slow/customization heavy)	“Crypto-agile” claim optimistic; FMs cumbersome
Utimaco	SecurityServer Se Gen2	Firmware updates + PKCS#11	Moderate to High (firmware smooth, config tweaks)	Claims solid; minor adjustments manageable
Futurex	Vectera Plus	Firmware updates + REST API/KMES tools	Moderate to High (firmware + integration effort)	Claims practical but setup complexity tempers ease
Marvell via AWS Cloud HSM	LiquidSecurity (AWS CloudHSM)	AWS-managed firmware updates + PKCS#11	High (AWS handles it, app integration only)	Claims hold; ease relies on AWS pace, not user control
Thales via Azure Dedicated HSM	Luna 7 A790 (Azure Dedicated HSM)	Firmware updates with Thales tools	Moderate (firmware + manual integration)	Claims fair; user-managed effort higher than cloud-managed
Fortanix	Data Security Manager (DSM)	Software updates via REST API + SGX enclaves	High (seamless software updates, app tweaks)	Claims robust; ease real but SGX trust a factor

Vendor Breakdown: Ease of Upgrade and Practicality

1. Entrust (nCipher) – nShield Connect

Approach: Post-Quantum SDK (CodeSafe) and firmware updates support ML-DSA/ML-KEM.
Ease of Upgrade: Moderate. Firmware adds PQC, but legacy RSA/ECDSA apps need SDK-driven code changes to handle larger keys (e.g., ML-DSA-44: 1312-byte public key vs. ECDSA P-256: 64 bytes). Hybrid certificates ease phased transitions.
Practicality: “Future-proof” claims overpromise—app rework and performance tuning for PQC’s slower operations (e.g., ML-DSA signing) demand significant effort.

2. Thales SafeNet – Luna Network HSM

Approach: Functionality Modules (FMs) via firmware enable ML-DSA/ML-KEM.
Ease of Upgrade: Moderate. Pre-built FMs cover NIST PQC, but custom FMs for specific needs are slow and costly. Legacy apps must adapt to larger keys (e.g., ML-KEM-512: 800-byte public key vs. RSA-2048: 256 bytes).
Practicality: “Crypto-agile” sounds great, but FMs are less practical than advertised—customization lags, and integration isn’t plug-and-play.

3. Utimaco – SecurityServer Se Gen2

Approach: Firmware updates with PKCS#11 support ML-DSA/ML-KEM.
Ease of Upgrade: Moderate to High. Firmware upgrades are efficient, and PKCS#11 helps legacy integration. Config tweaks (e.g., timeouts) address larger PQC signatures (e.g., ML-DSA-65: 3307 bytes vs. ECDSA: 72 bytes).
Practicality: Claims of smooth transitions hold—firmware and standards support minimize friction, though minor adjustments are needed.

4. Futurex – Vectera Plus

Approach: Firmware updates with REST API and KMES tools enable ML-DSA/ML-KEM.
Ease of Upgrade: Moderate to High. Firmware adds PQC, and KMES aids key management, but legacy apps need API updates for bigger keys (e.g., ML-KEM-768: 1088-byte public key). Hybrid mode supports gradual shifts.
Practicality: Claims of scalability are practical, but complex initial setup and app integration temper the ease for legacy systems.

5. Marvell via AWS Cloud HSM – LiquidSecurity (AWS Cloud HSM)

Approach: AWS-managed firmware updates with PKCS#11 support ML-DSA/ML-KEM.
Ease of Upgrade: High. AWS deploys PQC via firmware, so legacy users only update apps to handle larger keys/signatures (e.g., ML-DSA-87: 4595-byte signature). Cloud scaling manages performance.
Practicality: Claims of seamless upgrades are realistic—AWS’s control simplifies everything. The caveat is reliance on AWS’s rollout schedule, which lacks firm dates as of March 03, 2025.

6. Thales via Azure Dedicated HSM – Luna 7 A790 (Azure Dedicated HSM)

Approach: Customer-managed firmware updates with Thales tools support ML-DSA/ML-KEM.
Ease of Upgrade: Moderate. Firmware enables PQC, but users manually update and reconfigure apps for larger data (e.g., ML-KEM-512: 1632-byte ciphertext). More effort than AWS’s managed model.
Practicality: Claims of flexibility are fair—updates work, but user-managed effort and testing reduce practicality compared to cloud-managed options.

7. Fortanix – Data Security Manager (DSM)

Approach: Software updates via REST API, leveraging Intel SGX enclaves, support ML-DSA/ML-KEM.
Ease of Upgrade: High. No hardware swaps—software patches add PQC post-NIST standardization (already supports LMS, ML-DSA/ML-KEM). Legacy apps need minor tweaks via REST API for larger keys (e.g., ML-DSA-44: 1312 bytes).
Practicality: Claims of “crypto-agility” are robust—software-driven updates are fast and scalable. SGX reliance might raise trust concerns, and PQC performance needs testing, but ease is real for cloud-friendly setups.

Key Insights: Upgrading Legacy to ML-DSA/ML-KEM

Easiest Upgrades: Fortanix DSM and Marvell/AWS Cloud HSM lead—software/cloud management minimizes user effort to app-level tweaks. Utimaco and Futurex follow with firmware simplicity, needing slight config adjustments.
Moderate Effort: Entrust, Thales SafeNet, and Thales/Azure Dedicated HSM require more work—SDK coding, custom FMs, or manual integration slow the process for legacy systems.
Practicality Gaps: Vendors like Entrust and Thales SafeNet overhype “flexibility” and “agility”—SDKs and FMs sound elegant but bog down in real-world legacy uplift. Fortanix, Utimaco, and Marvell/AWS align better with their promises.
Universal Challenges: PQC’s larger keys (e.g., ML-KEM-768: 1088 bytes vs. RSA-2048: 256 bytes) and slower operations (ML-DSA signing ~10x slower than ECDSA) mean all vendors face app updates and performance tuning. Hybrid certificates (RSA+PQC) help, but full PQC isn’t “drop-in” anywhere.