FAQ

Fundamental Concepts and Industry Background
#Decision Maker | CISO | IT Director | Procurement/PM
A

Post-quantum cryptographyPost-Quantum CryptographyIt is a new generation of cryptographic algorithms designed to resist attacks from quantum computers. Widely used public-key cryptosystems like RSA and ECC may face risks in the future once quantum computing capabilities mature, thus the industry is advancing PQC migration through testing, standardization, and implementation.

#CISO | Information Security/Compliance | Risk Management | Decision-Makers

A
Due to the realistic risk of "Harvest Now, Decrypt Later": attackers can intercept and save encrypted data today, and then decrypt it later when quantum capabilities are available. For data that requires long-term confidentiality (government, financial, critical infrastructure, etc.), the earlier an inventory, testing, and migration plan begins, the more controllable the risks and future implementation costs will be.

# Decision-Makers | CISO | IT Managers | Partners

A
CeQureX is a technology company focused on post-quantum cybersecurity. Our core direction is Agile Quantum-Safe Transformation: providing practical PQC solutions to help enterprises build crypto-agility, protect long-term data, and plan and execute quantum-safe transformation in multi-cloud/hybrid cloud environments.

Products and Solutions
#IT Manager | Procurement/Project Manager | Information Security Architect | Business Contact

A
CeQureX's PQC solution suite includes:

Wave-Key: An encrypted asset inventory and assessment tool to measure encrypted agility maturity and provide remediation/migration roadmaps.
Wave-On: PQC Transition Toolkit (SDK Pack + Optional Hardware Accelerator) allows for PQC testing and integration to be performed on the cloud or on-premises.
Wave-Plus: PQC Proxy Server (deployed in the DMZ), quickly integrates PQC via bridging without modifying the original system code, reducing system modification costs.
WaaS: PQC Cloud as a Service, offering a quantum-safe cloud platform and crypto-asset management capabilities.

#CISO | Information Security Architect | IT Manager | Procurement/PM

A
The three products correspond to different stages of PQC migration. You can understand it as "first inventory, then test, and finally implement quickly":
Wave-Key (PQC Inventory): Conduct cryptographic asset inventory and readiness assessment, and produce an actionable remediation/migration roadmap (including mitigation strategies, algorithm recommendations, and prioritization).

Wave-On (PQC Migration Toolkit): Enables development/security teams to test PQC algorithms and integrate cryptographic operations on the cloud or on-premises, supports Java/Python calls, and optionally includes hardware accelerators for performance enhancement.

Wave-Plus (PQC Proxy Server): Deploy services in the DMZ via Proxy/Bridge, performing Hybrid (TLS+PQC) conversion externally. This approach requires minimal modifications to existing systems and code, making it suitable for scenarios demanding quick and low-impact integration.

#IT Manager | Procurement/PM | Cloud/Platform Team | Decision-Maker

A
WaaS (PQC Cloud as a Service) is suitable for customers who want to "achieve quantum resilience faster" and do not want to build a complete PQC protection layer from scratch. It is a ready-to-go cloud platform with built-in quantum-safe data protection, cryptographic asset (including certificates and keys) management capabilities, and offers more flexible business models as an alternative to self-building.

Technology, Compatibility, and Standards
#CISO | IT Manager | Information Security/Architect | PM
A

The actual timeline will vary depending on your system scope, dependencies, and implementation strategy. CeQureX's approach is to proceed with "inventory → planning → phased migration," and the document also mentions that the goal is for large enterprises to complete key inventory and migration tasks in an agile manner within one year.

# Information Security/Architect | IT Infrastructure | Lead for Performance-Sensitive Systems

A

Wave-On can be optionally equipped with hardware accelerator cards. For a single accelerator card, computing speeds for operations such as key generation, encryption, and decryption can be increased by 2.55 to 6.7 times.(Varies depending on usage scenario and workload)

 

#CISO | Compliance/Audit | Information Security Architect

A
Wave-On is designed to integrate NIST identified and advancing standardized PQC algorithms into enterprise testing/migration processes, and can be deployed in a FIPS 140-2 certified secure environment (with or without CeQureX HSM). Additionally, the Wave-On SDK Pack documentation lists its supported PQC algorithms, including: CRYSTALS-Dilithium, FALCON, SPHINCS+ (signatures), and CRYSTALS-Kyber (KEM).

 

# Cloud/Platform Team | IT Manager | Information Security Architect

A
Supports multi-cloud/hybrid cloud deployment scenarios, including On-Premise, AWS, GCP, and Azure.

 

#IT Architect | Platform Engineering | DevOps | Information Security Engineering

A
The platforms listed in the document include IIS, F5, Apache, Kubernetes, HashiCorp Vault, and Azure Key Vault, and can be quickly integrated through service interfaces, REST APIs, standard protocols, or existing plugins.

# Development Team | Information Security Engineering | Architect

A
Wave-On supports PQC-related operations such as key generation, key signing, digital signature, encryption, decryption, and key exchange, and allows developers to test and integrate PQ algorithms.

Introduction Process and Usage
#CISO | PM | IT Manager | Information Security Architect

A
We recommend starting with "Inventory and Risk Visualization": 1. Wave-Key Inventory and Assessment: Inventory cryptographic assets, and assess cryptographic agility maturity and readiness. 2. Produce an Actionable Roadmap: Not only identify risks but also define mitigation strategies, recommend algorithms, prioritize actions, and guide step-by-step implementation. 3. Choose an Deployment Path: For rapid, low-interference deployment, choose Wave-Plus; for in-depth testing and integration, choose Wave-On; to accelerate with a cloud platform, choose WaaS.

# Decision-Makers | CISO | IT Managers | PMs

A

Okay.CeQureX One of its positioning goals is to allow large enterprises to transition to post-quantum architectures in "phases," migrating gradually without making significant changes to their existing environments.

 

# Development Manager | Engineering Team | Information Security Engineering | PM

A

Wave-On provides a suite of cryptographic operations that can be executed in a secure testing environment and supports use with Java 或 Python Method call password operation(e.g., key generation, signature, encryption/decryption, key exchange)to test and integrate PQC.

 

#IT Architect | Information Security Architect | PM | Head of External Service Systems

A
Wave-Plus's positioning is "PQC migration via Proxy/Bridge." The documentation clearly states that it can be introduced without modifying existing infrastructure, environment, or network, and deployed in the DMZ as a PQC proxy between internal and external networks. Externally, it packages TLS messages into a Hybrid Model (TLS + PQC), while internally, it can maintain existing legacy TLS.

Services, Compliance, and Support

#CISO | Compliance/Audit | PM | IT Operations

  • PQC Transition Planning Support (Experienced SME): Assist enterprises in planning PQC migration.
  • Audit/Compliance Visualization: Provides intuitive dashboards and CBOM reports to simplify audit and compliance requirements.
  • Global Intelligence Integration: Integrate global intelligence from the US cybersecurity alliance to support clients in advancing their migration strategies.

# Audit/Compliance | CISO | Information Security Governance

A
CeQureX mentions that it will help businesses simplify audit and compliance requirements and improve visibility through an intuitive dashboard and CBOM reports.

Industry and cooperation

# Decision-Makers | Strategy/Partners | Government/Financial Contacts

A
CeQureX will collaborate with governments, banks, and critical infrastructure operators in various regions in the future, and is focusing its efforts on the Asian market, including Taiwan, Malaysia, the Philippines, Vietnam, Indonesia, and Thailand.

A

Please contact us via the following methods:

Team and R&D

# Decision-Makers | Partners | Government/Financial Contacts | Technology Peers

A
The PKI Officer is the head of the R&D team, holding a Ph.D. in Electrical and Computer Engineering, with over ten years of experience in advanced research and engineering practices. They previously served as a senior engineer at several top research institutions. With over 85 SCIE international journal publications in the field of quantum cryptography and holding multiple core technology patents, they combine theoretical innovation with over six years of practical cybersecurity experience to drive the practical application of research findings in cybersecurity.