Standards body GlobalPlatform launches Pavona, the first open-source silicon distribution with hardware-accelerated ML-KEM and ML-DSA post-quantum primitives and FIPS 140-3 / Common Criteria alignment, with founding members including Meta, Qualcomm, Tenstorrent, ZeroRISC, and Max Planck Institute for Security and Privacy
On 2026-05-26 (Tuesday), industry-standards body GlobalPlatform launched Pavona, an open-source silicon distribution providing modular, certification-ready intellectual-property (IP) blocks with integrated hardware accelerators for the ML-KEM (Module-Lattice Key Encapsulation Mechanism, formalized as FIPS 203 in 2024) and ML-DSA (Module-Lattice Digital Signature Algorithm, formalized as FIPS 204 in 2024) post-quantum-cryptography primitives. Per the GlobalPlatform announcement and Quantum Computing Report coverage on 2026-05-26, Pavona operates as 'a community-governed hardware security foundation modeled after established open-source software governance frameworks' with a two-tier governance structure consisting of a Governing Board and an independent Technical Steering Committee. The launch is supported by twelve founding member organizations including ZeroRISC, Meta, Qualcomm, Tenstorrent, and the Max Planck Institute for Security and Privacy. Pavona ships two reference hardware configurations: (a) a standalone discrete root-of-trust chip and (b) an integrated root-of-trust module tailored for modular chiplet layouts. Target deployment platforms named in the announcement are cloud data centers, industrial IoT, and automotive control networks. The distribution is 'designed to align with FIPS 140-3 and Common Criteria evaluation criteria' (alignment intent, not yet certified). GlobalPlatform reports that hardware-software integration in the Pavona reference configurations yields a 6- to 9-fold increase in processing performance and a 36% to 75% improvement in maximum operational frequency relative to software-only ML-KEM / ML-DSA implementations on comparable substrates.
Score 6 — anchor §8.2 row 6 'Credible benchmark result with industry-wide implications.' Pavona is the first multi-vendor open-silicon PQC distribution shipping reference hardware for the post-FIPS-203/204 ML-KEM and ML-DSA primitives, the lattice-based primitives finalized by NIST in August 2024 as the migration-baseline asymmetric public-key cryptography for the post-quantum era. Per §8.2 'Trap 7 — Under-rating standards. Policy and standards events feel dry, but PQC standards activity is load-bearing for the CISO audience. Do not under-rate it.' The combination of (a) the participating-vendor mix (Meta, Qualcomm, Tenstorrent, ZeroRISC, Max Planck Institute for Security and Privacy is industrially substantial — Qualcomm's mobile-SoC footprint, Tenstorrent's AI-accelerator silicon, ZeroRISC's RISC-V root-of-trust positioning, and Meta's hyperscaler infrastructure span the four key consumer-cryptography deployment vectors), (b) the explicit FIPS 140-3 and Common Criteria alignment intent, and (c) the named 6–9× performance improvement over software-only baselines together cross the 'meaningful' threshold for industry-wide implications. Held at 6 not 7 because: (a) the announcement is a launch of an open-source distribution, not a certified shipping product — the FIPS 140-3 / Common Criteria certifications are explicitly named as alignment intent, not yet completed; (b) the customer deployment timeline (when the reference hardware moves from IP-block availability to shipping silicon in production devices at the founding-member companies) is not disclosed; (c) the Pavona distribution does not introduce a new PQC primitive — it provides hardware acceleration for ML-KEM and ML-DSA, which are NIST-standardized and already widely implemented in software. Held above 5 because the open-silicon distribution model is structurally novel and the founding-member coverage spans the production silicon supply chain for the consumer cryptography hardware market.
Three trackable second-order consequences. First, Pavona's open-silicon distribution model creates a downward price-and-time pressure on proprietary PQC IP-block vendors (Crypto Quantique, PQShield's silicon IP, Tropic Square) as the open-source alternative becomes commercially-quality available; the price erosion may compress the standalone PQC-IP market within the 12–18 month deployment window. Second, the FIPS 140-3 and Common Criteria alignment intent, if executed, sets a reference implementation against which proprietary PQC implementations will be benchmarked in CISO procurement processes — the open reference is a leverage point for buy-side negotiations. Third, the founding-member roster including hyperscaler (Meta), mobile silicon (Qualcomm), AI-accelerator silicon (Tenstorrent), and RISC-V root-of-trust (ZeroRISC) coverage suggests a coordinated supply-side response to the September 2025 NSA / CISA / NIST joint timeline for PQC migration in U.S. national-security systems — the hardware-side enablement is now being staged ahead of the 2030–2035 enterprise PQC migration deadline window.