Custody Models

QuantumSafe supports different custody models for PQC key management. Currently, only BYOK is available. Managed and Threshold custody are on the roadmap.

Overview

ModelVersionStatusPrivate Key LocationUser Control
BYOKv1.0AvailableClient deviceFull
Managedv1.5PlannedCloud KMS (AWS/GCP/Azure)Shared
Thresholdv2.0PlannedSplit across parties (MPC)Distributed

BYOK (Bring Your Own Key) — v1.0

The current and default custody model.

How It Works

The SDK generates PQC key pairs locally on your device. Only the public key is registered with QuantumSafe. The private key never leaves your environment.

Your Responsibility

You are fully responsible for private key storage, backup, and security. If lost, the key cannot be recovered.

Advantages

  • Full control over private keys
  • No trust required in QuantumSafe infrastructure
  • Lowest attack surface
  • Works offline (key generation only)

Disadvantages

  • No recovery mechanism if private key is lost
  • Requires secure key storage infrastructure
  • Single point of failure (the device holding the key)
EnvironmentStorage
DevelopmentEncrypted file on disk
ProductionHSM, AWS KMS, Azure Key Vault, GCP Cloud KMS
MobileSecure Enclave (iOS) / StrongBox (Android)
HardwareDedicated HSM appliance

Managed Custody — v1.5 (Planned)

Managed custody is planned for v1.5 and is not yet available. The details below are subject to change.
In Managed mode, QuantumSafe handles PQC key storage using cloud KMS providers:
  • Key generation happens in the KMS (keys never exist in plaintext outside the HSM)
  • Signing happens in the KMS
  • Access control via IAM policies and QuantumSafe permissions

Supported KMS Providers (Planned)

  • AWS KMS with CloudHSM
  • Google Cloud KMS
  • Azure Key Vault with Managed HSM

Advantages

  • No private key management burden
  • Automatic backup and disaster recovery
  • HSM-grade security
  • Audit logging

Disadvantages

  • Trust in QuantumSafe + KMS provider
  • Requires network connectivity for signing
  • Higher latency for signing operations
  • Monthly KMS costs

Transition Constraints

Only ML-DSA keys can be upgraded to Managed custody. SLH-DSA and FN-DSA keys cannot be imported into KMS systems due to format constraints. If you plan to use Managed custody in the future, choose an ML-DSA variant now.
Migration from BYOK to Managed:
  1. Export your ML-DSA private key from local storage
  2. Import into KMS via QuantumSafe’s secure import flow
  3. Verify the import succeeded
  4. Delete the local copy

Threshold Custody — v2.0 (Planned)

Threshold custody is planned for v2.0 and is not yet available. The details below are subject to change.
Threshold custody uses multi-party computation (MPC) to split the private key across multiple parties. No single party holds the complete key.

How It Works

  • Key is split into n shares with a threshold of t
  • Any t of n parties can collaborate to sign
  • No party ever sees the full private key
  • Signing is performed via an MPC protocol

Advantages

  • No single point of failure
  • Compromise of t-1 parties does not reveal the key
  • Suitable for organizational custody
  • Can implement approval workflows

Disadvantages

  • Higher complexity
  • Requires coordination between parties
  • Higher latency for signing
  • MPC protocol overhead

Choosing a Model

Use BYOK. You maintain full control and can store keys in your existing infrastructure.