Thales T-Series HSM

Compiled and produced by Steve Monti

Thales TCT Luna Hardware Security Modules


This is the first Thales Luna HSM release that includes Post-Quantum Cryptographic Algorithms.


Thales Trusted Cyber Technologies (TCT)


The announcement by Thales Trusted Cyber Technologies (TCT) regarding the release of version 7.13.0 of the Luna Network and PCIe Hardware Security Modules (HSMs) introduces several key advancements and features in the realm of cryptographic security. Here’s a detailed explanation of the key points:

Post-Quantum Cryptographic (PQC) Algorithms

Introduction of PQC Algorithms: This is the first Luna HSM release that includes post-quantum cryptographic algorithms. These algorithms are designed to be secure against the potential future threats posed by quantum computers, which could break many of the current cryptographic algorithms.

Pre-standards Implementations of NIST-selected PQC Algorithms: The release includes early implementations of PQC algorithms that are being considered by the National Institute of Standards and Technology (NIST) for standardization. This is significant because it allows U.S. federal agencies and technology partners to begin testing and transitioning to quantum-resistant cryptographic systems in compliance with federal policies.

Supported PQC Algorithms:

CRYSTALS-Dilithium: A digital signature algorithm.

CRYSTALS-KYBER: A key encapsulation mechanism.

FALCON: A digital signature algorithm.

Stateful Hash-based Signature Algorithms

Leighton-Micali Signature (LMS) and Hierarchical Signature Scheme (HSS): These are stateful hash-based signature mechanisms. They are important for providing security in a post-quantum world and are compliant with specific standards (SP 800-208 and PKCS#11 v3.1).

LMS: A single-tree signature scheme.

HSS: A multi-tree variant of LMS, offering more flexibility and efficiency.

Additional Features in Release 7.13.0

Remote Initialization of Remote PED Vector Key: This feature allows for fully remote administration of the HSM, enhancing the ease of management and deployment in various scenarios.

Support for LACP 802.3ad Protocol: This enhances the bonding capabilities of multi-NIC (Network Interface Card) port in the Network HSM appliance, improving network performance and redundancy.

Luna Client Support: The update includes support for newer operating systems like Windows Server 2022 and Ubuntu 22 LTS, ensuring compatibility with the latest server environments.

Components of the Release

Luna T-Series Network HSM Appliance Software: The main software that runs on the network-connected HSM hardware.

Luna T-Series HSM Firmware: The low-level software running on the HSM hardware itself.

Luna Client: The software used by clients to interact with the HSM.

Luna User Documentation Revision K: Updated documentation to guide users on the new features and capabilities.


SafeCipher see this release as significant as it marks a major step towards adopting quantum-resistant cryptographic technologies, which is crucial in the age of advancing quantum computing capabilities. By incorporating these new algorithms and features, Thales TCT is positioning its Luna HSMs as future-proof, secure solutions for cryptographic needs, especially in sensitive sectors like government and defence. The update also emphasizes the importance of crypto-agility, the ability to quickly adapt to new cryptographic standards and threats.

 Contact SafeCipher regarding Thales Quantum HSM Upgrades & Models