Ambit Client is an enterprise VPN that combines post-quantum cryptography (PQC) with networking improvements to mitigate both the cryptographic security impacts of quantum computing and the operational friction commonly induced by cryptographic security products.

Ambit Client defeats Harvest-Now-Decrypt-Later (HNDL) attacks through the use of PQC that is compliant with the Federal Information Processing Standard (FIPS) 140-3 and Commercial National Security Algorithm Suite (CNSA) 2.0 standards. When using Ambit Client, all information leaving an endpoint (e.g., workstation, laptop, mobile device) is fully encrypted with PQC. While bad actors may be able to capture information, they will not be able to decrypt, use, or derive value from it. As a result, Ambit Client creates future-proofing for a post-quantum world.

Underlying these capabilities is an innovative cryptographic protocol, MaxKyber®, that enables rapid, modular replacement of classical cryptographic primitives anticipated to be vulnerable to quantum computers with secure PQC algorithms within a framework extensible to currently ubiquitous network protocols (e.g., Transport Layer Security (TLS), IPSec IKEv2) as well as the generation of a product suite supporting all aspects of connected business operations.

Think of Ambit Client as an armored car to transport your data. It needs quantum-resistant armor and a powerful engine to move large payloads of data safely and quickly. The MaxKyber® protocol plays the roles of the armor and the engine. MaxKyber® was designed to meet a number of technical challenges impacting PQC implementation, including:

1. Making the new PQC algorithms functionally useful by packaging them in a modular manner such that they could be readily integrated into any product requiring the secure exchange of information across a potentially insecure channel. Think of it like putting the engine and armor into a different type of car. This includes VPNs, such as Ambit Client VPN, and also networking and connectivity tools like software defined networks (SDN), browsers, and cloud services.

2. Ensuring that common features such as in-session key rotation were provided in a manner consistent with PQC cryptographic standards and CNSA 2.0.  For example, the ML-KEM standard is silent on the issue of key rotation, which is a standard part of legacy cryptographic protocols like Internet Key Exchange, v.2 (IKEv2).

3. Ensuring the provision of a robust, post-quantum analog to the key establishment capabilities provided by classical cryptographic protocols such as the elliptical curve Diffie-Hellman key agreement protocol (ECDH) that was faithful to PQC standards and the requirements specified in CNSA 2.0.

4. Ensuring compatibility with existing networking standards and implementations. For example, PQC algorithms often run into issues with Maximum Transmission Unit (MTU) limitations. This constraint becomes of singular importance when mobile and Internet-of-Things (IoT) networks are considered.

5. Solving the key distribution problem between peers in a manner consistent with CNSA 2.0 without exposing a shared secret (e.g., a cryptographic key) to the risks of transit across an insecure channel.

The MaxKyber® protocol is implemented as a modular package that is portable to TLS and IPSec IKEv2, thus offering a short path to rapid, prolific PQC adoption.