Introduction to Qpher
Qpher is a cloud platform that delivers Post-Quantum Cryptography (PQC) as a service. You call our REST API to encrypt data and sign documents using quantum-resistant algorithms -- without managing PQC key infrastructure yourself.
Your private keys never leave our secure enclave.
Why Post-Quantum Cryptography Now?â
Quantum computers are advancing rapidly. While they are not yet powerful enough to break today's RSA and ECC encryption, the timeline is narrowing. Three forces make acting now the right decision:
NIST Has Finalized the Standardsâ
In 2024, NIST published the first post-quantum cryptographic standards:
- FIPS 203 (ML-KEM) -- a key encapsulation mechanism based on the Kyber lattice scheme
- FIPS 204 (ML-DSA) -- a digital signature algorithm based on the Dilithium lattice scheme
These are no longer experimental. They are production-grade, peer-reviewed, and recommended for immediate adoption.
Harvest Now, Decrypt Laterâ
Adversaries are already collecting encrypted data today with the expectation that quantum computers will be able to decrypt it in the future. This attack pattern, known as "harvest now, decrypt later" (HNDL), means that sensitive data you encrypt today with classical algorithms could be exposed within the decade.
If your data has a confidentiality requirement beyond 5-10 years -- medical records, financial data, government communications, intellectual property -- you need quantum-resistant encryption now.
Compliance Is Movingâ
Regulatory bodies and industry standards organizations are beginning to require PQC migration plans. Organizations that adopt early will have a smoother transition path and a competitive advantage in regulated industries.
NIST recommends organizations begin transitioning to post-quantum algorithms immediately. Qpher makes this transition as simple as swapping an API call.
How Qpher Worksâ
Qpher reduces PQC adoption to three steps:
1. Call the APIâ
Send your plaintext (for encryption) or message (for signing) to the Qpher REST API with your API key. No cryptographic libraries to install, no key generation code to write, no algorithm selection to worry about.
curl -X POST https://api.qpher.ai/api/v1/kem/encrypt \
-H "X-API-Key: qph_your_key_here" \
-H "Content-Type: application/json" \
-d '{"plaintext": "SGVsbG8gUXVhbnR1bSBXb3JsZCE=", "key_version": 1}'
2. We Handle the Keysâ
Qpher manages the full lifecycle of your PQC keys -- generation, rotation, retirement, and archival. Private keys are encrypted at rest with AES-256-GCM and never leave our infrastructure. You reference keys by version number; we handle everything else.
3. Your Data Is Quantum-Safeâ
The response contains your quantum-resistant ciphertext or digital signature. Store it, transmit it, or verify it whenever you need to. When quantum computers arrive, your data remains protected.
Supported Algorithmsâ
Qpher implements the two NIST-standardized post-quantum algorithms at Security Level 3:
| Property | Kyber768 | Dilithium3 |
|---|---|---|
| NIST Name | ML-KEM-768 | ML-DSA-65 |
| NIST Standard | FIPS 203 | FIPS 204 |
| Operation | Key Encapsulation (Encrypt/Decrypt) | Digital Signatures (Sign/Verify) |
| Security Level | NIST Level 3 (~AES-192) | NIST Level 3 (~AES-192) |
| Public Key Size | 1,184 bytes | 1,952 bytes |
| Private Key Size | 2,400 bytes | 4,000 bytes |
| Ciphertext Size | 1,088 bytes | 3,293 bytes |
| Shared Secret Size | 32 bytes | N/A |
| Latency Target | < 15ms (p95) | < 30ms (p95) |
NIST Security Level 3 provides protection roughly equivalent to AES-192. It offers a strong security margin against both classical and quantum attacks while keeping performance practical for real-time API use cases.
What Can You Do with Qpher?â
Encrypt and Decrypt Dataâ
Use Kyber768 (ML-KEM-768) to encapsulate a shared secret and encrypt arbitrary data. Qpher uses a hybrid KEM-DEM scheme internally: Kyber768 for key encapsulation, HKDF-SHA256 for key derivation, and AES-256-GCM for symmetric encryption. You get a single ciphertext blob back -- no need to manage the underlying cryptographic pipeline.
Sign and Verify Documentsâ
Use Dilithium3 (ML-DSA-65) to create quantum-resistant digital signatures. Sign invoices, audit logs, API responses, contracts, or any data that needs integrity and authenticity guarantees that will survive the quantum era.
Manage PQC Keysâ
Generate, rotate, retire, and archive keys through the Key Management API. Every key has an explicit version number, and every cryptographic operation requires you to specify which version to use -- no implicit "latest" that could silently change under you.
Rotate Keys Without Downtimeâ
Qpher supports seamless key rotation: a new key version is created and becomes active, while the previous version transitions to retired status. Retired keys can still decrypt and verify, so there is no disruption to in-flight data.
Architecture at a Glanceâ
All external traffic flows through the API Gateway, which authenticates your API key, enforces rate limits, evaluates access policies, and routes requests to the appropriate service. The KMS Orchestrator is the only component that ever touches private key material.
Next Stepsâ
Ready to start? Head to the Quickstart Guide to make your first quantum-safe API call in under 5 minutes.
Want to understand the concepts first? Read about Core Concepts to learn about tenants, key versioning, and the hybrid encryption scheme.