SafeLogic Launches CryptoComply™ Core and Mobile v4, Bringing FIPS 140-3 Validated Cryptography to the Post-Quantum Era

SafeLogic, a leader in Cryptographic Posture Management, today announced the general availability of CryptoComply™ Core and Mobile v4, the latest generation of its trusted cryptographic software libraries. The new releases help software vendors, device manufacturers, government contractors, and enterprise organizations prepare for the transition to post-quantum cryptography while maintaining the security, compliance, and operational continuity required in production environments.

As organizations face increasing pressure to modernize cryptography in response to emerging quantum threats, evolving government guidance, and new procurement requirements, many are discovering that successful migration requires more than simply adding post-quantum algorithms. It requires validated implementations, deployment flexibility, performance optimization, policy-driven controls, and a practical path for adopting quantum-resistant security at scale.

CryptoComply Core and Mobile v4 were built to address those requirements through deployment editions optimized for different customer needs.

Common Criteria Edition targets environments where customers require CAVP-tested cryptography rather than CMVP FIPS validation. In this edition, cryptographic services are provided by SafeLogic’s next-generation CryptoComply FIPS Provider v4 module, with integrity tests and required self-tests enabled. This enables organizations pursuing Common Criteria certifications to use CAVP-tested classical and post-quantum cryptography, including hybrid TLS 1.3 and CNSA 2.0 enforcement capabilities, within a deployment model aligned to Common Criteria requirements.

FIPS Edition targets organizations requiring CMVP FIPS 140-3 compliance while adopting post-quantum cryptography. This edition combines FIPS 140-3 validated classical cryptography with post-quantum cryptographic capabilities and supports FIPS-approved hybrid operation while maintaining required integrity checks and self-tests.

"Organizations are moving beyond asking whether they should prepare for post-quantum cryptography and are now focused on how to deploy it in production environments," said Evgeny Gervis, CEO of SafeLogic. " With CryptoComply Core and Mobile v4, we're delivering the trusted cryptographic foundation customers need today—combining FIPS-validated classical cryptography, NIST CAVP-tested post-quantum algorithms, crypto-agility, broad deployment coverage across more than 28 operating environments, and enterprise-ready performance into solutions designed for real-world deployment." 

Bringing Post-Quantum Cryptography to Production

The transition to post-quantum cryptography represents one of the most significant security modernization efforts in decades. Organizations must balance the adoption of new quantum-resistant algorithms with the operational realities of existing applications, infrastructure, devices, and compliance obligations.

CryptoComply Core and Mobile v4 address this challenge through deployment editions that support both traditional and post-quantum cryptographic requirements. Organizations can select editions optimized either for Common Criteria and CNSA 2.0 deployments or for CMVP FIPS 140-3 compliant post-quantum adoption.

The new releases include NIST CAVP-validated implementations of the latest standardized post-quantum cryptographic algorithms, including:

• ML-KEM (FIPS 203)
• ML-DSA (FIPS 204)
• SLH-DSA (FIPS 205)
• LMS (RFC 8554 / SP 800-208)

These validated implementations enable organizations to begin integrating post-quantum protections into products and infrastructure today while preparing for future regulatory, customer, and security requirements.

Unlike experimental PQC implementations, CryptoComply libraries deliver enterprise-grade cryptography backed by SafeLogic's proven validation expertise and deployment experience across highly regulated markets.

FIPS 140-3 Validation and Crypto-Agile Architecture

CryptoComply Core v4 is a cryptographic software library that is drop-in compatible with OpenSSL 3.x, engineered to accelerate FIPS 140-3 adoption while providing broad deployment flexibility across cloud, server, and embedded environments.

CryptoComply Mobile v4 extends these capabilities to iOS, iPadOS, and Android platforms, allowing mobile application developers to integrate validated cryptography with minimal code changes.

Both libraries are designed around a crypto-agile architecture that helps organizations adapt as standards, requirements, and threat models evolve.

In the FIPS Edition, CryptoComply Core and Mobile v4 combine validated classical cryptography with validated post-quantum algorithms within a single library, so organizations can implement phased migration strategies without introducing unnecessary operational complexity.

Full CNSA 2.0 Support for Next-Generation Security Requirements

The Common Criteria Edition provides support for the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), helping organizations align with NSA guidance for quantum-resistant security and prepare for Common Criteria and National Security System deployments.

CNSA 2.0 establishes a framework for transitioning from legacy public-key cryptography and adopting quantum-resistant alternatives, including ML-KEM and ML-DSA. New National Security System acquisitions beginning in 2027 are expected to utilize CNSA 2.0-approved cryptography, making readiness increasingly important for technology providers serving government and defense-related markets.

 Common Criteria Edition includes:

• Support for approved CNSA 2.0 algorithms, including AES-256, ML-KEM-1024, ML-DSA-87, LMS, and SHA-384/512
• CNSA 2.0 Mode for policy-based enforcement of only CNSA 2.0 aligned algorithms
• Automatic blocking of non-CNSA 2.0 algorithms such as RSA and ECDSA when policy requirements demand strict compliance

These capabilities help organizations simplify compliance efforts while reducing the operational risk associated with cryptographic modernization.

Broad Deployment Coverage Across More Than 28 Operating Environments

Successful cryptographic modernization requires more than validated algorithms—it requires deployment flexibility across the diverse software ecosystems that organizations rely on today.

CryptoComply Core and Mobile v4 supports more than 28 operating environments, providing the flexibility to integrate post-quantum cryptography across cloud, enterprise, mobile, networking, and embedded deployments with minimal disruption.

This heterogeneous deployment support enables organizations to standardize on a common cryptographic foundation across cloud services, enterprise applications, networking infrastructure, mobile platforms, embedded systems, and high-assurance environments.

By supporting a wide range of operating environments and technology stacks, CryptoComply Core and Mobile v4 help organizations accelerate post-quantum adoption, reduce integration complexity, and maintain consistent cryptographic controls across their entire software portfolio.

AVX2 Optimizations for Post-Quantum Algorithms

CryptoComply Core and Mobile v4 include AVX2-optimized implementations of ML-KEM and ML-DSA on supported platforms.

AVX2 (Advanced Vector Extensions 2) is a CPU instruction set extension available on many modern Intel and AMD processors. By leveraging 256-bit SIMD operations, AVX2 enables the efficient parallel processing of cryptographic workloads and can improve performance for computationally intensive post-quantum algorithms.

CryptoComply Core and Mobile v4 use AVX2-optimized implementations of ML-KEM and ML-DSA where platform support is available. The same algorithm self-tests executed for the standard implementations are also executed for the AVX2 implementations.

AES-NI and AVX2 optimizations are controlled through SafeLogic's ASM and no-ASM build configurations. Binaries built with ASM support include AES-NI acceleration and, where supported by the underlying processor and operating system, AVX2 optimizations. Because AVX2 availability depends on platform capabilities, some ASM-enabled deployments may utilize AES-NI without AVX2 acceleration.

To support FIPS testing requirements, SafeLogic validates both ASM and no-ASM binary configurations. This testing approach exercises deployments with and without AES-NI acceleration while also covering the corresponding configurations that may include AVX2 optimizations. Consistent with FIPS 140-3 Implementation Guidance 2.3.C, AVX2 optimizations are not considered Processor Algorithm Accelerators (PAA), but are included for completeness.

Accelerating Common Criteria and High-Assurance Certifications

For organizations pursuing Common Criteria (CC) and NIAP-aligned certifications, CryptoComply Core and Mobile v4 deliver a powerful combination of validated cryptography and future-ready security capabilities.

The Common Criteria Edition includes: 

• NIST CAVP-validated post-quantum cryptography
• Full CNSA 2.0 algorithm support and CNSA 2.0 Mode
• Hybrid TLS 1.3 support
• NIST ESV-certified entropy generation capabilities

These capabilities provide a strong foundation for products targeting Common Criteria, including profiles for network devices (NDcPP), secure communications, VPN, authentication, HSM, and other high-assurance certification environments.

By enabling vendors to begin integrating standardized PQC today, CryptoComply Core and Mobile v4 help reduce future remediation costs while supporting alignment with evolving government guidance and procurement requirements.

Availability

CryptoComply Core and Mobile v4 are available immediately.

Organizations interested in accelerating FIPS 140-3 validation efforts, adopting post-quantum cryptography, preparing for CNSA 2.0 requirements, or supporting Common Criteria certification initiatives can learn more by visiting www.safelogic.com.