CQ1 MODULE
Technical Specifications
Full hardware, cryptographic, and interface specifications for evaluation and procurement.
Cryptographic Algorithms
| Algorithm | Standard | Key Sizes | Notes |
|---|---|---|---|
| CRYSTALS-Kyber-1024 | NIST FIPS 203 (ML-KEM) | 1568 bytes public, 3168 bytes encap | Primary KEM — post-quantum key exchange |
| CRYSTALS-Dilithium-3 | NIST FIPS 204 (ML-DSA) | 1952 byte public, 3293 byte sig | Post-quantum digital signatures |
| Hybrid X25519+Kyber-1024 | IETF draft-ietf-tls-hybrid-design | Combined 64 + 1568 bytes | TLS migration mode |
| ECDSA P-384 | NIST FIPS 186-5 | 384-bit | Classical fallback, backward compat |
| RSA-2048 / RSA-4096 | PKCS#1 v2.2 | 2048 or 4096 bit | Legacy key storage and operations |
| AES-256-GCM | NIST SP 800-38D | 256-bit key, 96-bit IV | Symmetric encryption, authenticated |
| SHA-3 (Keccak-f1600) | NIST FIPS 202 | 256 / 384 / 512 output | Hashing, internal KDF input |
Performance
| Operation | Throughput | P99 Latency | Measurement Conditions |
|---|---|---|---|
| Kyber-1024 Key Encapsulation | >18,000 ops/sec | <0.8ms | Sustained 10,000 ops/sec, 1500B payload |
| Kyber-1024 Key Decapsulation | >18,000 ops/sec | <0.8ms | Same conditions |
| Dilithium-3 Sign | >12,000 ops/sec | <1.2ms | 512-byte message |
| Dilithium-3 Verify | >22,000 ops/sec | <0.6ms | 512-byte message |
| AES-256-GCM Encrypt | 40 Gbps | <0.1ms | 1500B blocks, hardware pipeline |
| RSA-4096 Sign | 800 ops/sec | <3ms | Legacy key operations |
| ECDSA P-384 Sign | 6,000 ops/sec | <1.5ms | Standard operations |
Physical & Environmental
| Attribute | Value |
|---|---|
| Form factor | 1U rack-mount, 19" EIA-310 |
| Depth | 448mm (17.6") |
| Weight | 4.8 kg (10.6 lb) |
| Power consumption | 65W typical, 90W max |
| Power input | 90–264 VAC, 47–63 Hz, dual PSU |
| Cooling | Dual counter-rotating fans, N+1 |
| Operating temperature | 0°C to 50°C (32°F to 122°F) |
| Storage temperature | −40°C to 70°C |
| Operating humidity | 5% to 95% non-condensing |
| Altitude | 0 to 3,000m operating |
| Security Attribute | Value |
|---|---|
| Physical security target | Designed for FIPS 140-3 Level 3 |
| Tamper detection | Anti-tamper mesh, voltage/temp sensors |
| Zeroization time | <100ms on breach detection |
| Key storage | Battery-backed SRAM, encrypted at rest |
| Operator auth | Dual-control smartcard + PIN |
| Audit log | Tamper-evident, 100,000 entry capacity |
| HSM management | TLS 1.3 + mutual cert auth, out-of-band |
| RNG | Dual DRBG (SP 800-90A/C), NIST tested |
Interfaces & Connectivity
| Interface | Type | Quantity | Notes |
|---|---|---|---|
| PKCS#11 | Software library (cryptoki) | — | v3.0 compliant, 1x PKCS#11 DLL/SO |
| JCA/JCE | Java Cryptography Provider | — | Java 11+ SPI, signed provider JAR |
| PCIe | Gen3 x4 host adapter | 1 | Included; supports x8/x16 slots |
| 10GbE | SFP+ network | 2 | HA active-standby or load-balanced |
| Management port | 1GbE RJ45 | 1 | Out-of-band management, IPMI 2.0 |
| USB | USB-A 3.2 Gen 1 | 2 | Smartcard reader, firmware update |
| Serial console | DB9 RS-232 | 1 | Recovery console access |
Compliance & Standards
| Standard | Status | Details |
|---|---|---|
| FIPS 140-3 Level 3 | Designed for validation | Physical + logical security requirements; CMVP submission in progress |
| NIST FIPS 203 (ML-KEM) | Implemented | CRYSTALS-Kyber-1024 per final standard, August 2024 |
| NIST FIPS 204 (ML-DSA) | Implemented | CRYSTALS-Dilithium-3 per final standard, August 2024 |
| PKCS#11 v3.0 | Compliant | Full Cryptoki API including PQC mechanisms |
| Common Criteria EAL4+ | Evaluation planned | Target: EAL4 augmented with ATE_DPT.2 |
| PCI HSM | Evaluation planned | For Issuer and Acquirer transaction signing |
| FCC Part 15 Class A | Certified | EMI/EMC for data center environments |
| CE Mark | Certified | EU electromagnetic compatibility and safety |
| RoHS 3 | Compliant | EU Directive 2011/65/EU |
Compliance statuses reflect current state as of Q2 2026. FIPS 140-3 and Common Criteria evaluations are ongoing. Cryptrig does not claim certified status on any standard until formal validation body confirmation. Contact [email protected] for current evaluation timeline.