Hardware Root of Trust Drives the PQC Transition, Building a Zero-Trust Security Foundation for AI and Edge Computing
Hsinchu, Taiwan – January 16th, 2026 — eMemory Technology Inc., a global leader in embedded non-volatile memory, together with its subsidiary PUFsecurity Corp., a specialist in hardware security silicon IP, today jointly announced a major technological breakthrough. Their collaboratively developed PUF-PQC Post-Quantum Cryptography (PQC) hardware-accelerated solution has officially passed the latest standards certification issued by the National Institute of Standards and Technology (NIST).
Following the earlier achievement of FIPS 203 (ML-KEM/Kyber) and FIPS 204 (ML-DSA/Dilithium) certifications, PUF-PQC has now further obtained certification for FIPS 205 (SLH-DSA/SPHINCS+), which specifies stateless hash-based digital signatures, as well as SP 800-208, which defines stateful hash-based signature schemes (LMS/XMSS). This milestone signifies that eMemory and PUFsecurity now comprehensively cover all key PQC standards currently released by NIST.
Building on this foundation, in addition to having already been integrated into the chip designs of leading server management controller (BMC SoC) vendors to support NIST-compliant post-quantum cryptographic security requirements, PUF-PQC has now completed the final piece of the post-quantum security protection framework, further strengthening the company’s leadership position in the global semiconductor security landscape.
Addressing the Quantum Threat and Accelerating Security Architecture Transformation
As quantum computing technologies continue to advance at an exponential pace, the public-key cryptographic systems underpinning today’s global digital economy – RSA (Rivest–Shamir–Adleman) and ECC (Elliptic Curve Cryptography) – are increasingly exposed to the risk of future compromise. In 2024, NIST formally released a new series of PQC standards, representing not only a significant technological evolution in cryptography, but also a clear signal for structural transformation across the global semiconductor industry.
In particular, the LMS and XMSS algorithms specified in SP 800-208, recognized for their high security assurance and maturity, are widely regarded as critical technologies for secure firmware updates in long-lifecycle devices such as industrial control systems, automotive electronics, and server baseboard management controllers (BMCs). Meanwhile, FIPS 205 provides stateless hash-based signatures, offering a flexible and complementary option for a wide range of application scenarios.
The founder of eMemory and PUFsecurity, Charles Hsu, stated:
“Achieving full NIST certification across FIPS 203, 204, 205, and SP 800-208 represents a major milestone for eMemory and PUFsecurity in the field of hardware security. Under the growing shadow of ‘harvest-now, decrypt-later’ threats, compliance has become an urgent industry imperative. Our comprehensive certification portfolio not only addresses today’s security compliance requirements, but also enables our partners to establish robust and future-proof defenses well ahead of the commercialization of quantum computers.”
Hardware Root of Trust: The Cornerstone of PQC Security
While PQC algorithms provide mathematical resistance against quantum attacks, their real-world security ultimately depends on the quality of key generation and storage. Without sufficient randomness at the source or robust protection of stored keys, even the strongest algorithms can be rendered ineffective. eMemory and PUFsecurity emphasize that the core strength of PUF-PQC lies in its deep integration with PUFrt (Root of Trust), addressing the most critical challenges in PQC implementation at the physical level:
- NeoPUF (Physical Unclonable Function, silicon fingerprint):
Leverages inherent manufacturing variations to generate chip-unique identities, serving as the entropy foundation for all cryptographic key generation and ensuring keys are unclonable and tamper-resistant. - TRNG (True Random Number Generator, entropy source):
Delivers high-quality, NIST-compliant physical entropy, ensuring the unpredictability required for PQC algorithms. - NeoFuse OTP (One-Time Programmable Memory, secure storage):
Provides highly reliable non-volatile memory for secure storage of sensitive data and cryptographic material, establishing a complete and trusted chain of security.
Building a Sustainable Quantum-Secure Ecosystem for the Future
The newly certified FIPS 205 and SP 800-208 standards are particularly well suited for mission-critical infrastructure that demands the highest security assurance and long-term maintainability. LMS-based signatures, built entirely on hash functions, are widely regarded as among the most robust digital signature schemes against quantum attacks, making them ideal for verifying firmware authenticity and preventing malicious code injection.
Michael Ho, President of eMemory Technology, added:
“Our solution is not merely a collection of certified IP blocks – it represents a scalable and sustainable trust architecture for the post-quantum era. By combining eMemory’s long-standing technical and production expertise in embedded memory with PUFsecurity’s specialization in hardware security design, we significantly lower the barrier to PQC adoption. Chip designers can integrate these NIST-validated modules into their designs without needing deep expertise in complex cryptographic parameters.”
The fully NIST-certified PUF-PQC solution is now commercially available and can be seamlessly integrated across both advanced and mature process platforms at multiple foundries. From cost-sensitive IoT endpoint devices to high-performance computing (HPC) and AI accelerators, PUF-PQC enables customers to build robust security architectures while complying with stringent international security frameworks such as CNSA 2.0 (the post-quantum cryptography migration framework), confidently guiding the industry into the post-quantum era.
About PUFsecurity
PUFsecurity is a global leading provider of Hardware Root of Trust technologies, specializing in security IP solutions built around PUF (Physical Unclonable Function) technology. Leveraging its parent company eMemory’s NeoPUF native key generation and OTP secure storage foundations, PUFsecurity focuses on the development and deployment of NeoPUF-based, full-stack hardware security architectures. The company is dedicated to helping global chip and system designers address the security challenges of the quantum era and build long-term, resilient security foundations.
PUFsecurity’s core product portfolio includes PUF-PQC (Post-Quantum Cryptography), PUFcc (Crypto Coprocessor), PUFrt (Root of Trust), and PUFhsm (Hardware Security Module) IP solutions. The company is further advancing a PUF-based Security-as-a-Service ecosystem, delivering trusted identity, protection, and authentication mechanisms for next-generation connected devices.
力旺電子攜手熵碼科技 PUF-PQC 獲 NIST FIPS 205 與 SP 800-208 認證,達成全方位後量子密碼學防護里程碑
以硬體信任根驅動 PQC 革命,為 AI 與邊緣運算建構零信任安全基石
【台灣新竹 – 2026年1月16日】 全球嵌入式非揮發性記憶體領導廠商力旺電子(eMemory Technology Inc.)與旗下專注於硬體安全矽智財的子公司熵碼科技(PUFsecurity Corp.),今日共同宣布一項重大技術突破:其合作開發的 PUF-PQC 後量子密碼學(Post-Quantum Cryptography, PQC)硬體加速解決方案,已正式通過美國國家標準暨技術研究院(NIST)的最新標準認證。
繼先前取得 FIPS 203(ML-KEM/Kyber)與 FIPS 204(ML-DSA/Dilithium)證書後,PUF-PQC 近期進一步通過了 FIPS 205(SLH-DSA/SPHINCS+)為無狀態的雜湊簽章 (Stateless Hash-Based Digital Signatures)以及針對有狀態雜湊簽章(Stateful Hash-Based Signatures)的 SP 800-208(LMS/XMSS) 認證;這也代表力旺與熵碼已完整覆蓋 NIST 當前發布的所有關鍵 PQC 標準。
在此基礎上,除了先前已由領先級伺服器管理控制晶片(BMC SoC)供應商導入其晶片設計,以支援符合 NIST 標準的後量子密碼安全需求外,PUF-PQC 亦成功完成後量子安全防護網的最後一塊拼圖,進一步鞏固公司在全球半導體資安領域的領先地位。
應對量子威脅,啟動資安架構轉型
隨著量子運算技術的指數級成長,當前全球數位經濟賴以生存的 RSA (Rivest-Shamir-Adleman)與 ECC(Elliptic Curve Cryptography,橢圓曲線密碼學)公鑰加密體系,正面臨被破解的危機。NIST 於 2024 年正式發布一系列 PQC 標準,不僅是密碼學界的技術迭代,更是向全球半導體產業發出的轉型訊號。
特別是 SP 800-208 標準中所規範的 LMS 與 XMSS 算法,因具備極高的安全性與成熟度,被視為保護長生命週期設備,如工控系統、車用電子、伺服器 BMC等,進行安全韌體更新的關鍵技術;而 FIPS 205 則提供了無狀態的雜湊簽章,為應用不同場景提供了靈活的備援選擇。
力旺電子與熵碼科技創辦人徐清祥博士表示:「完整取得 NIST FIPS 203、204、205 以及 SP 800-208 的認證,是力旺與熵碼在硬體安全領域的重大里程碑。在『先竊取,後解密』的威脅陰影下,業界對於合規的需求已刻不容緩。我們的全方位認證不僅滿足了客戶當前的資安合規需求,更協助合作夥伴在量子電腦正式商用化之前,提前構築起堅不可摧的防禦工事。」
物理級信任根源:PQC 的安全定海神針
儘管 PQC 演算法在數學邏輯上保證了抗量子攻擊的能力,但若金鑰生成的「源頭」缺乏隨機性,或金鑰儲存方式存在漏洞,再強大的演算法也將形同虛設。力旺與熵碼強調,PUF-PQC 的核心優勢在於深度整合了 PUFrt (Hardware Root of Trust)硬體信任根,從物理層面解決了 PQC 實作中最棘手的難題:
- NeoPUF(Physical Unclonable Function,晶片指紋): 利用晶片製程中微小的物理變異產生唯一的識別碼,作為所有密鑰生成的熵源基礎,確保金鑰無法被複製或篡改。
- TRNG(True Random Number Generator,真隨機數生成器): 提供符合 NIST 標準的高品質熵源,確保 PQC 演算法所需的隨機種子具備物理級的不可預測性。
- NeoFuse OTP(One-Time Programmable Memory,安全儲存): 提供高可靠度的非揮發性記憶體,用於安全存儲敏感資訊與金鑰,建構完整的信任鏈。
展望未來:構建可持續的量子安全生態
本次通過認證的 FIPS 205 與 SP 800-208,特別適用於對安全要求極高且需要長期維護的基礎設施。例如,LMS 算法因其基於雜湊函數的特性,被廣泛認為是目前對抗量子攻擊最穩健的數位簽章方案之一,極適合用於驗證韌體更新的合法性,防止惡意程式碼植入。
力旺電子總經理何明洲補充道:「我們的解決方案不僅僅是一組通過認證的 IP,更是後量子時代可持續、可擴展信任架構的藍圖。透過結合力旺在嵌入式記憶體領域的深厚累績的技術與量產經驗與熵碼在硬體安全設計的專業,我們大幅降低了 PQC 的導入門檻。晶片設計者無需深入鑽研複雜的密碼學參數,即可輕鬆將這套經 NIST 驗證的模組整合至設計中。」
目前,這套獲得 NIST 全系列認證的 PUF-PQC 解決方案已全面上市,並可無縫整合至多家晶圓代工廠的先進製程與成熟製程平台。無論是追求成本效益的物聯網端點設備,還是追求極致效能的高速運算(HPC)與 AI 晶片,PUF-PQC 都能協助客戶在符合 CNSA 2.0(後量子密碼遷移框架)等國際高規格資安標準的前提下,構建強固的安全防禦體系,引領產業自信邁向後量子時代。
關於熵碼科技 熵碼科技為全球領先的硬體信任基礎 (Hardware Root of Trust) 技術提供者,專注於以PUF (Physical Unclonable Function) 技術為核心的安全IP解決方案。憑藉母公司力旺電子的NeoPUF原生密鑰技術與OTP安全儲存基礎,熵碼聚焦於 NeoPUF 與全棧安全架構的開發與部署,協助全球晶片與系統設計者迎接量子時代的資安挑戰,打造具備長期韌性的安全防線。熵碼科技核心產品包括PUF-PQC (Post-Quantum Cryptography)、PUFcc (Crypto Coprocessor)、PUFrt (Root of Trust)、PUFhsm (Hardware Security Module)等多項安全IP,並進一步布局以 PUF 為基礎的 Security-as-a-Service 生態系,為新一代連網裝置提供可信的身分、保護與認證機制。