Why Internal PQC Support Will Define the Future of HSMs

Post-Quantum Cryptography (PQC) is moving from an academic concern to an operational imperative for cybersecurity vendors. Hardware Security Module (HSM) manufacturers are at the center of this shift, and while most have made progress exposing PQC algorithms through firmware updates, far fewer have taken the leap to embed quantum resistance into their internal architectures. That’s a problem.

Today, many vendors claim quantum readiness, but in practice this often means they’ve made standardized algorithms like ML-KEM or ML-DSA available through early-access firmware libraries. These updates help clients experiment with post-quantum schemes, but they only scratch the surface. True quantum security goes far beyond the API layer. It must be built into the architecture.

Building Security from the Inside Out

To prepare for a world of Cryptographically Relevant Quantum Computers (CRQCs), HSM vendors will need to overhaul how trust is established, managed, and maintained within their systems. That means securing the entire lifecycle: from manufacturing processes and root key provisioning to boot verification and firmware validation.

Take the secure boot process, for example. It cannot rely solely on classical signatures like ECDSA or RSA as they will be disallowed within a decade. Instead, HSM vendors must start incorporating hybrid schemes that use both classical and PQC algorithms to authenticate firmware and protect root-of-trust assets. This kind of design ensures that even if classical cryptography is compromised, PQC components can still stand in as a fail-safe.

Architectural Agility, Not Just Algorithm Support

Hardware limitations add another layer of complexity. The key sizes for PQC algorithms are significantly larger, and some require more compute overhead than legacy algorithms. HSM vendors must optimize performance through new hardware accelerators and storage techniques that can handle seed-based key derivation or layered hybrid signatures without compromising latency or throughput.

Lifecycle management also demands rethinking. HSMs should be capable of securely generating, wrapping, rotating, and retiring PQC keys in tandem with classical ones. More importantly, these processes must be tamper-evident and fully auditable across both cryptographic domains.

Why Crypto-Agility Remains Essential

As vendors integrate PQC internally, crypto-agility plays a crucial bridging role. Supporting a range of algorithms (classical, quantum, and hybrid) is the only practical approach in a transitional era. Outside of critical infrastructure, most customers may not need PQC today, but they will need the flexibility to adopt it when mandates arrive or threat models change.

Crypto-agility also allows vendors to future-proof their offerings. Should a PQC algorithm be broken or deprecated, agile architectures can quickly adopt replacements without requiring costly hardware changes.

Final Thought

PQC support should not be treated as a surface-level feature or a firmware checkbox. To truly prepare for the quantum era, HSM vendors must treat PQC as a foundational capability, embedded into the cryptographic core of their products. While crypto-agility offers immediate flexibility, deep internal PQC integration is what will define long-term resilience.

Learn more about how HSM manufacturers are embracing PQC in the blog post, What Does Quantum-Safe Really Mean for HSM Vendors? Vendor Playbook for Internal and External PQC Support from our head of cybersecurity research.