Quantum-Safe Certified

This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Red Flag Term.

“Quantum-Safe Certified”

A note before we begin. This article examines the term “quantum-safe certified” as it appears in security product marketing. I am not referring to any specific company, product, or individual. A product using this language might implement genuine post-quantum cryptography with a marketing department that overstated the certification status. As of today, here is my assessment.

The Certification That Does Not Exist

There is no organization, anywhere in the world, that issues a general “quantum-safe certification” for security products. Not NIST. Not ETSI. Not the NSA. Not Common Criteria. Not any national standards body.

This is worth stating bluntly because the phrase sounds like it should correspond to something real. We have FIPS 140-3 validation for cryptographic modules. We have Common Criteria (ISO/IEC 15408) evaluations for security products. We have SOC 2 audits for service organizations. The concept of third-party security certification is well established. A buyer hearing “quantum-safe certified” would reasonably assume a similar certification program exists for quantum safety. It does not.

What Actually Exists

What does exist is a set of specific, narrow certifications and standards that address parts of the post-quantum migration:

FIPS 140-3 module validation certifies that a specific implementation of a specific cryptographic algorithm has been tested by an accredited laboratory and meets defined requirements for security, key management, and self-testing. A vendor who has implemented ML-KEM and submitted their module to the CMVP (Cryptographic Module Validation Program) for FIPS 140-3 testing can say “our ML-KEM implementation is FIPS 140-3 validated” once the certification is issued. That is a real, verifiable, and meaningful claim. It is also very different from “quantum-safe certified,” because it certifies a specific algorithm implementation, not a blanket quantum safety status for the entire product.

NIST’s standardization process selects algorithms (ML-KEM, ML-DSA, SLH-DSA, and others in progress like HQC and FN-DSA). Selecting an algorithm for standardization means it has survived years of public cryptanalysis. It does not certify any particular product or implementation.

CNSA 2.0 (the NSA’s Commercial National Security Algorithm Suite) specifies which algorithms and parameter sets are approved for National Security Systems, with transition timelines starting in 2025. Compliance with CNSA 2.0 requirements is meaningful, but it is not “quantum-safe certification”; it is a procurement requirement for a specific buyer (the U.S. government and its contractors).

Common Criteria evaluations can assess products that incorporate PQC, but there is no Common Criteria Protection Profile specifically for “quantum safety” as of this writing.

None of these is what a vendor means when they say “quantum-safe certified.” They are using a phrase that sounds like an official credential but corresponds to no actual assessment process.

The Proprietary Algorithm Variant

The worst version of this claim is when a vendor says their proprietary algorithm is “quantum-safe certified.” This combines two red flags: a proprietary algorithm that has not undergone public cryptanalysis, and a certification that does not exist. If the algorithm is not one of the NIST-standardized post-quantum algorithms and has not been submitted to any public standards process, then there is no basis for calling it certified, quantum-safe, or both.

As I have written in Quantum of Flapdoodle and Q-FUD: The Quantum Panic Industry, proprietary quantum-safe algorithms that bypass public scrutiny are the single most reliable indicator of snake oil in this market.

Questions to Ask a Vendor

“Which body issued the quantum-safe certification?” If the answer is vague, self-referential, or names an organization you cannot independently verify, the certification does not exist.

“Do you have FIPS 140-3 validation for your cryptographic module? If so, what is the certificate number?” FIPS 140-3 certificates are public and searchable on NIST’s CMVP website. If the vendor has one, they will know the number. If they do not, ask when they expect to complete the process.

“Which NIST-standardized algorithm does your product implement, and at which parameter set?” ML-KEM-512, ML-KEM-768, or ML-KEM-1024? ML-DSA-44, ML-DSA-65, or ML-DSA-87? The specificity of the answer tells you whether there is substance behind the claim.

The Bottom Line

“Quantum-safe certified” borrows the credibility of real certification programs without corresponding to any actual one. A vendor with genuine post-quantum technology will tell you which NIST algorithm they implement, whether they have FIPS 140-3 validation, and which compliance frameworks they address. That level of specificity is what real certification looks like. If a vendor uses “quantum-safe certified” and cannot provide those details, the certification exists only in the marketing brochure.