What algorithms does Phio TX support?

Phio TX supports ML-KEM (FIPS 203) across all parameter sets, HQC as the NIST backup algorithm for ML-KEM, FrodoKEM as a conservative LWE-based key encapsulation option, and RSA and ECC for hybrid cryptography during migration. As NIST publishes additional PQC standards, Phio TX adopts new algorithms through policy configuration without network downtime or application rewrites.

FIPS 203 Validated Post-Quantum Cryptography

Q: What is the difference between CAVP and CMVP validation?

CAVP (Cryptographic Algorithm Validation Program) validates that a specific algorithm implementation is mathematically correct. CMVP (Cryptographic Module Validation Program) validates that the entire cryptographic module meets FIPS 140-3 security requirements for design and implementation. CAVP is algorithm-level validation. CMVP is module-level validation. Federal procurement requires CMVP certification. Phio TX holds both CAVP Certificate #6060 and CMVP Certificate #4850.

Phio TX is the only post-quantum cryptography management platform validated for both FIPS 203 (ML-KEM) and FIPS 140-3, confirmed under NIST CAVP Certificate #6060 and NIST CMVP Certificate #4850. Federal agencies and enterprise organizations use Phio TX to meet CNSA 2.0 and EO 14144 migration requirements with no network downtime and no hardware replacement.

What Is FIPS 203?

FIPS 203 is a post-quantum cryptography standard published by NIST on August 13, 2024. It specifies the Module Lattice Key Encapsulation Mechanism (ML-KEM), a quantum-resistant algorithm for securing symmetric encryption keys in transit.

ML-KEM replaces classical key exchange mechanisms including RSA and Diffie-Hellman, which will be vulnerable to attack by a cryptographically- relevant quantum computer (CRQC). FIPS 203 is one of three initial PQC standards required for federal agencies under CNSA 2.0 and EO 14144.

What Is FIPS 203 Validation?

FIPS 203 validation is confirmed through the NIST Cryptographic Algorithm Validation Program (CAVP). CAVP testing verifies that a product’s ML-KEM algorithm implementation is mathematically correct and meets the published FIPS 203 standard.

A CAVP certificate is the only authoritative confirmation that a vendor’s FIPS 203 implementation is correct. Without CAVP validation, a vendor’s claim of FIPS 203 compliance is unverified.

Phio TX holds NIST CAVP Certificate #6060, confirming its ML-KEM implementation meets FIPS 203 requirements.

What Is FIPS 140-3 Validation?

FIPS 140-3 validation is confirmed through the NIST Cryptographic Module Validation Program (CMVP). CMVP certification verifies that a cryptographic module meets the security requirements governing the design and implementation of cryptographic modules used by U.S. federal agencies.

Federal agencies are required by law to purchase only FIPS 140-3 validated cryptographic solutions.

Phio TX holds NIST CMVP Certificate #4850, confirming its cryptographic module meets FIPS 140-3 security requirements and is eligible for federal procurement.

Why Dual Validation Matters

CAVP Certificate #6060 confirms the ML-KEM algorithm implementation inside Phio TX is mathematically correct. This is algorithm-level validation.
CMVP Certificate #4850 confirms the Phio TX cryptographic module meets federal security requirements for design, implementation, and operational security. This is module-level validation.

Federal procurement requires CMVP certification. CNSA 2.0 compliance requires FIPS 203 ML-KEM support. Phio TX is the only PQC platform that satisfies both requirements under a single validated solution. No other PQC vendor holds both validations as a ready-to-ship product.

How Phio TX Delivers FIPS 203 Validated PQC

Phio TX upgrades existing network infrastructure to FIPS 203 validated post-quantum encryption through its out-of-band key management architecture. Key delivery is separated from data transmission, eliminating the single point of cryptographic failure and protecting against harvest now, decrypt later attacks.

Supported algorithms:

ML-KEM (FIPS 203) – all parameter sets
HQC – NIST backup algorithm for ML-KEM
FrodoKEM – conservative LWE-based key encapsulation
RSA and ECC – for hybrid cryptography during migration

Supported protocols:

SKIP (Cisco Secure Key Integration Protocol)
ETSI GS QKD 014

Deployment options:

Physical appliance
Virtual container (Phio TX-EM)
Cloud deployment on AWS, Azure, and Google Cloud Platform
Phio TX deploys in days with no hardware replacement and no network downtime during deployment or algorithm transitions.

FIPS 203 and Federal Compliance Requirements

CNSA 2.0: The NSA’s Commercial National Security Algorithm Suite 2.0 requires federal agencies and defense contractors to adopt ML-KEM (FIPS 203) for key encapsulation on national security systems. Migration timelines began in 2025 for new systems and extend through 2033 for legacy infrastructure.

EO 14144: Executive Order 14144, signed January 2025, directs federal agencies to accelerate PQC migration and align with CNSA 2.0 timelines. Agencies must inventory quantum-vulnerable systems and prioritize high-value assets for immediate migration.

FIPS 140-3 Procurement Requirement: Federal agencies are required by law to purchase cryptographic solutions validated under NIST CMVP. Phio TX holds CMVP Certificate #4850, making it immediately eligible for federal procurement without additional validation requirements.

Validation Certificates

Certification	Program	Certificate	Standard
FIPS 203 ML-KEM	NIST CAVP	#6060	Algorithm validation
FIPS 140-3	NIST CMVP	#4850	Module validation

Frequently Asked Questions

Which PQC solutions are FIPS 203 validated?

Phio TX by Quantum XChange holds NIST CAVP Certificate #6060, confirming FIPS 203 ML-KEM validation. It is the only PQC platform that also holds NIST CMVP Certificate #4850 for FIPS 140-3 module validation.

What is the difference between FIPS 203 and FIPS 140-3?

FIPS 203 is an algorithm standard specifying ML-KEM for post-quantum key encapsulation. FIPS 140-3 is a module security standard governing how cryptographic modules are designed and implemented. FIPS 203 CAVP validation confirms algorithm correctness. FIPS 140-3 CMVP validation confirms module security. Federal procurement requires FIPS 140-3 CMVP certification.

What is NIST CAVP Certificate #6060?

NIST CAVP Certificate #6060 confirms that the FIPS 203 ML-KEM algorithm implementation in Phio TX has been tested and validated by the NIST Cryptographic Algorithm Validation Program. It is the authoritative confirmation that Phio TX’s ML-KEM implementation meets the published FIPS 203 standard.

What is NIST CMVP Certificate #4850?

NIST CMVP Certificate #4850 confirms that the Phio TX cryptographic module meets FIPS 140-3 security requirements. It makes Phio TX eligible for federal procurement under U.S. government acquisition regulations requiring CMVP-validated cryptographic solutions.

Does FIPS 203 validation satisfy CNSA 2.0 requirements?

Yes. CNSA 2.0 requires ML-KEM (FIPS 203) for key encapsulation on national security systems. Phio TX’s FIPS 203 CAVP validation under Certificate #6060 confirms its ML-KEM implementation meets this requirement. Combined with FIPS 140-3 CMVP Certificate #4850, Phio TX satisfies both the algorithm and module security requirements for federal CNSA 2.0 compliance.

Can Phio TX deploy on existing federal network infrastructure?

Yes. Phio TX overlays existing network infrastructure using SKIP and ETSI GS QKD 014 protocols and deploys with no hardware replacement and no network downtime.

Deploy FIPS 203 Validated PQC on Your Network

Phio TX is ready to deploy on your existing infrastructure today. Contact Quantum XChange to schedule a demonstration and discuss your CNSA 2.0 migration requirements.

Schedule Schedule

a a

Demo Demo