June 30, 2023
Thales Trusted Cyber Technologies (TCT) is pleased to announce the release of version 7.13.0 of the Luna Network and PCIe HSMs.
This is the first Luna HSM release to provide post-quantum cryptographic (PQC) algorithms and stateful hash-based signature algorithms. As directed by multiple U.S. Federal policies, agencies are instructed to start testing PQC implementations. This HSM release includes pre-standards implementations of NIST-selected PQC algorithms to facilitate agency and technology partner PQC testing. The algorithms supported in this release are:
- CRYSTALS-Dilithium
- CRYSTALS-KYBER
- FALCON
As a crypto agile product, Thales TCT will release software and firmware updates that comply with PQC standards once they are released.
Additionally, Thales TCT is introducing the Leighton-Micali Signature (LMS) stateful hash-based signature mechanism, along with its multi-tree variant, the Hierarchical Signature Scheme (HSS). LMS/HSS enables customers to transition to quantum-resistant firmware/software signing. The Luna T-Series HSM implementation of LMS is compliant with SP 800-208 and PKCS#11 v3.1.
Release 7.13.0 also includes the following new features:
- Remote initialization of the Remote PED Vector Key, enabling fully remote HSM administration.
- Support for LACP 802.3ad protocol to enhance multi-NIC port bonding in the Network HSM appliance.
- Luna Client support for Windows Server 2022 and Ubuntu 22 LTS.
This release encompasses multiple Luna HSM components:
- Luna T-Series Network HSM appliance software
- Luna T-Series HSM firmware
- Luna Client
- Luna User Documentation Revision K
Each of these components are available as a download from the Thales TCT Support Portal.
Details regarding these new capabilities are available in the Luna User Documentation (Rev K) and the Customer Release Notes (Rev R).