Comparison
QNSP vs PQShield
An honest, code-grounded side-by-side. PQShield is a genuine post-quantum pioneer — a co-author of all four NIST PQC standards — and supplies the cryptographic IP cores, embedded libraries, and SDK that integrators build into silicon, firmware, and applications. QNSP operates a level up: the full managed PQC platform that runs the keys, secrets, storage, and audit chain. Every row below is backed by a verifiable public source — pqshield.com pages, NIST listings, or QNSP source files at github.com/cuilabs/qnsp-public.
The cleanest way to read this comparison is by layer. PQShield sells the cryptographic engine — IP cores for FPGA / ASIC and libraries such as PQCryptoLib and PQMicroLib (down to sub-5 KB RAM for embedded devices). QNSP is the operating platform that turns those kinds of primitives into managed KMS, vault, encrypted storage, and a tamper-evident audit chain, with 90 algorithms, dual-provider cross-verification, and public NIST ACVP evidence. If you are designing a quantum-safe device, PQShield is squarely in your lane; if you need a managed quantum-safe platform behind an API, QNSP is.
Side by side
Twelve categories that matter to a PQC buyer
| Category | QNSP | PQShield |
|---|---|---|
| Layer of the stack | Full managed PQC platform — KMS, quantum-safe vault, SSE-X encrypted storage, encrypted search, AI orchestration, audit chain, and crypto-policy enforcement, delivered as a hosted multi-tenant service with SDKs in 5 languages. You operate keys, secrets, storage, and audit, not just primitives. | Cryptographic IP and software supplier — post-quantum IP cores for FPGA / ASIC, the PQCryptoLib / PQMicroLib embedded libraries, and the PQCryptoLib-SDK (an OpenSSL 3.x provider). PQShield supplies the building blocks an integrator embeds into their own device, firmware, or application. Source: pqshield.com/products. |
| Product form factor | SaaS platform reachable through a public API gateway (api.qnsp.cuilabs.io), plus on-prem, VPC, and air-gapped deployment topologies for regulated estates. No silicon integration project required to start — sign up and call the API. | Licensed components: hardware IP cores (RTL for FPGA / ASIC), software libraries, and SDKs. At Embedded World 2026 PQShield unveiled PQMicroLib-Core at under 5 KB of RAM for constrained embedded devices, and a full-stack post-quantum TLS for embedded. The customer builds the product around these parts. Source: pqshield.com, thequantuminsider.com (2026-03-10). |
| Public PQC algorithm coverage | 90 algorithms across 14 PQC families (27 KEMs + 63 signatures): ML-KEM, ML-DSA, SLH-DSA, FN-DSA / Falcon, HQC, BIKE, Classic McEliece, FrodoKEM, NTRU, NTRU-Prime, MAYO, CROSS, UOV, SNOVA. Independently reproducible from the public mirror at github.com/cuilabs/qnsp-public. | PQCryptoLib-SDK publicly references ML-KEM (FIPS 203) and ML-DSA (FIPS 204). PQShield co-authored all four NIST PQC standards (ML-KEM, ML-DSA, SLH-DSA, FN-DSA / Falcon) and its libraries target the NIST-finalized set; the public SDK product page lists ML-KEM + ML-DSA specifically. The breadth a customer gets depends on the licensed library configuration. Source: pqshield.com/products/pqc-sdk. |
| NIST standardization pedigree | Implements the NIST-finalized standards (FIPS 203 / 204 / 205) plus the broader liboqs research surface, and publishes per-algorithm ACVP conformance evidence. QNSP is an implementer and platform operator, not a NIST standards author. | A leading NIST PQC standardization contributor — co-authored all four announced standards (ML-KEM, ML-DSA, SLH-DSA, FN-DSA / Falcon). This is a genuine PQShield strength and a strong reason to trust the correctness of its primitives. Source: pqshield.com, prnewswire.com NIST draft-standards announcement. |
| Verifiable conformance evidence | Public, reproducible NIST ACVP conformance at qnsp.cuilabs.io/verify/conformance: noble 435/435 across FIPS 203/204/205 and liboqs 240/240 ML-KEM, with a published evidence digest. Anyone can re-run the sandbox and check the result — no signup. | PQCryptoLib-Core is described as FIPS 140-3 CAVP / CMVP-ready, and PQShield reports having achieved FIPS 140-3 certification for its hybrid library via the NIST CMVP process. CAVP/CMVP listings live on the NIST validation pages. A public self-serve, re-runnable conformance harness equivalent to QNSP's /verify/conformance is not part of the component-supplier model. Source: pqshield.com/products/certifications, csrc.nist.gov CMVP. |
| Dual-provider cross-verification | On Maximum and Government policy tiers every crypto operation is signed by one provider (liboqs, native C) and verified by a second, independent provider (noble, pure JS) — 18 NIST-finalized algorithms overlap. A single-implementation bug is caught at runtime, with provider attestation written into the audit ledger. | Not part of a component / IP offering — cross-verification is a runtime property of an operating platform, not of a primitives library an integrator embeds. We are not asserting PQShield's primitives are unverified; only that a two-independent-implementation runtime model is a platform feature, not an SDK feature. |
| Enforceable crypto-policy tiers | Four hard-enforced tiers (default / strict / maximum / government) with per-tenant algorithm allow-lists enforced at the edge gateway, KMS, and vault. Government tier enforces FIPS-finalized-only (FIPS 203/204/205), no draft standards, HSM-protected root keys. A tenant cannot accidentally downgrade. | Policy enforcement is the responsibility of the system the integrator builds around PQShield's libraries. PQShield publishes CNSA 2.0-compliant configurations, but per-tenant policy-tier guardrails are a property of an operating platform rather than of the supplied components. Source: pqshield.com CNSA 2.0 page. |
| Managed key / secret / storage operations | KMS key generation, rotation, wrap / unwrap, BYOK import; PQC-encrypted vault with versioning; SSE-X encrypted object storage; encrypted vector search. The platform actually holds and operates the keys, secrets, and ciphertext on the customer's behalf. | PQShield supplies the cryptographic engine; it does not operate a managed KMS, vault, or encrypted-storage service. The integrator's product (or a separate KMS / HSM) holds and operates keys. This is the core layer difference — different problem, different position in the stack. |
| Deployment model | Hosted multi-tenant SaaS, plus VPC, on-prem, and air-gapped topologies for sovereign workloads. Identical SDK wire contract across deployments. | Embedded and on-device by design — silicon IP and libraries run inside the customer's own hardware / firmware / application, including ultra-constrained embedded targets (sub-5 KB RAM). Ideal where the cryptography must live in the device itself rather than behind an API. |
| Pricing model | Transparent self-serve ladder: $0 free forever (10 GB + 50K API calls), then dev / business / enterprise tiers up to $5,999 business-elite, plus custom enterprise. No credit card for the free tier; tier limits reproducible from the public mirror. | IP / library licensing — enterprise sales and per-design or per-license commercial terms. No public self-serve pricing page or free tier is published, which is normal for a silicon-IP and embedded-library vendor. Source: pqshield.com. |
| Funding + scale | Singapore-based startup (CUI Labs Pte. Ltd.); public benchmarks and a transparent SDK mirror. Built to be the auditable managed PQC platform. | Oxford University spin-out, headquartered in the UK. Raised a $37M Series B in 2024 led by Addition, with Chevron Technology Ventures, Legal & General, Braavos Capital, and Oxford Science Enterprises. Licensees include silicon and embedded-systems vendors (e.g. Microchip Technology). Source: pqshield.com Series B announcement, securityweek.com, crunchbase.com. |
| Open + auditable | Full public SDK + integration mirror at github.com/cuilabs/qnsp-public; SDKs on npm, PyPI, pkg.go.dev, crates.io, and Maven Central. Every claim on this page is independently reproducible. | PQShield publishes research, solution briefs, and standards contributions publicly, but its production libraries and IP cores are commercially licensed source — appropriate for a cryptographic-IP business model, and not directly comparable to QNSP's public platform mirror. |
When to pick which
Honest decision guide
Pick PQShield if…
- You are designing silicon, firmware, or a constrained embedded device and need post-quantum cryptography to run on the chip itself — including sub-5 KB-RAM targets.
- You want IP cores or a drop-in OpenSSL provider (PQCryptoLib-SDK) to make an existing OpenSSL-based application quantum-resistant without code changes.
- NIST-standards-author pedigree and FIPS 140-3 CAVP / CMVP-ready primitives are your primary procurement criteria.
Pick QNSP if…
- You need a managed platform that actually operates keys, secrets, encrypted storage, and a tamper-evident audit chain — not just a library to embed.
- You want PQC algorithm breadth beyond ML-KEM + ML-DSA, with dual-provider cross-verification and public NIST ACVP evidence you can re-run yourself.
- You want transparent self-serve pricing, a free tier, and a multi-language SDK reachable through an API today.
Use both if…
- Your devices embed PQShield's on-chip cryptography at the edge, while your back-end key management, vault, storage, and audit run on QNSP — the two live at different layers and complement each other rather than compete.
Verify the QNSP claims
Every claim on this page is independently reproducible
QNSP's algorithm registry, policy tiers, cross-verification logic, and tier limits are all published in the public mirror at github.com/cuilabs/qnsp-public, and the NIST ACVP conformance evidence is live at qnsp.cuilabs.io/verify/conformance. The PQShield claims on this page link to pqshield.com primary pages, NIST listings, or named third-party reports. If anything is wrong or outdated, email qnsp-legal@cuilabs.io — we'll re-verify and correct.