December 09, 2025 -- SafeLogic today announced the immediate availability of CryptoComply Go v4.0 featuring comprehensive post-quantum cryptography (PQC) algorithm support.  This new version includes all NIST-standardized PQC algorithms, enables hybrid mode that combines PQC with FIPS-certified classical cryptography, and optionally works with SafeLogic’s NIST ESV-certified entropy source. CryptoComply Go v4.0 is the industry’s first FIPS 140-3 certified cryptography software package for Go with enterprise support that includes comprehensive PQC capabilities for Go developers.

Originally developed by Google, Golang is widely recognized for its simplicity, efficiency, and powerful concurrency model. It’s quickly become the language of choice for:

• Cloud-native applications
• Distributed systems and microservices
• Embedded and IoT platforms
• Security-focused architectures

As adoption grows in security-sensitive industries like finance, healthcare, and government, Golang developers face growing demand for FIPS 140-3 validated cryptography that offers the latest PQC capabilities.

Post-Quantum Cryptography Support

NIST has been working to identify and standardize cryptographic algorithms that will not be susceptible to quantum computer attacks since 2017.  In August 2024, it standardized a first set of post-quantum cryptography (PQC) algorithms. CryptoComply Go v4.0 includes support for all three of these NIST-standard PQC algorithms:

ML-KEM (FIPS 203), short for Module-Lattice Key Encapsulation Mechanism, enables parties to establish shared secrets, like symmetric encryption keys, over insecure networks in the presence of both quantum and classical computers. It was designed to be used in TLS/SSL, VPNs, encrypted messaging apps, and government or military communications

ML-DSA (FIPS 204), which stands for Module-Lattice Digital Signature Algorithm, is a digital signature scheme for verifying identity, integrity, or authenticity that is secure against both classical and quantum computers. It is designed to deliver fast signature generation and verification, as well as reasonable key and signature sizes for a PQC algorithm. Typical use cases for ML-DSA include secure software updates, certificate signing, email, and document signing, and applications requiring authenticated and tamper-proof digital communication

SLH-DSA (FIPS 205), which stands for Stateless Hash-Based Digital Signature Algorithm, is also a quantum-resistant digital signature scheme. It employs proven and secure hashing that is not vulnerable to quantum computer attacks. Also since it is stateless, it simplifies implementation. SLH-DSA features relatively small public keys (albeit with relatively large signatures), which can make it a better option than ML-DSA for certain use cases.

Hybrid PQC/FIPS-Validated Mode

Some organizations subject to FIPS 140 also need PQC because they have sensitive data with long-term value at risk to Harvest Now, Decrypt Later (HNDL) attacks. However, no PQC implementations have yet received FIPS 140 certification. CryptoComply Go v4.0 supports hybrid mode by combining SafeLogic’s FIPS 140-3 validated algorithms used in CryptoComply Go v3 (CMVP FIPS 140-3 certificate #5040) with PQC algorithms.  This enables organizations to achieve quantum resistance today while maintaining FIPS compliance.

CryptoComply Entropy Provider

CryptoComply Go v4.0 can optionally use SafeLogic’s new ESV-certified entropy source (Entropy Certificate #E241). NIAP is already requiring ESV-certified entropy sources for new Common Criteria submissions that employ cryptography. NIST will require an ESV-certified entropy source for new FIPS 140-3 submissions January 1, 2026.