Why Qpher?
The Build vs. Buy Decision
liboqs is a free, open-source, and well-maintained cryptographic library. Qpher itself uses liboqs under the hood. The question is not "can you do PQC yourself?" — you absolutely can. The question is whether it makes sense to build and operate PQC key infrastructure yourself.
The analogy: OpenSSL is free. AWS KMS generates billions in annual revenue. The difference is not the cryptography — it is the infrastructure around the cryptography: key lifecycle management, access control, audit trails, multi-tenant isolation, and compliance reporting.
Comparison
| Capability | DIY with liboqs | Qpher |
|---|---|---|
| PQC Algorithms | ML-KEM-768, ML-DSA-65, etc. | ML-KEM-768, ML-DSA-65, X-Wing, Composite ML-DSA |
| Key Generation | oqs.KeyEncapsulation() | API call — keys generated in secure enclave |
| Key Rotation | Build yourself | One API call, zero downtime |
| Key Versioning | Build yourself | Explicit version on every operation |
| Key Retirement & Archival | Build yourself | Lifecycle: active → retired → archived |
| Private Key Storage | Your responsibility | AES-256-GCM encrypted, non-exportable |
| Multi-Tenant Isolation | Build yourself | 4-layer isolation (DB → Context → Gateway → Policy) |
| Audit Trails | Build yourself | SHA-256 hash chain + Dilithium-signed anchors |
| Access Control | Build yourself | Zero Trust policy engine, fail-closed |
| Rate Limiting & Quotas | Build yourself | Per-tenant, per-plan, Redis-backed |
| Compliance Reporting | Build yourself | SOC 2 roadmap, audit log export |
| Algorithm Migration | Rewrite on standard update | We handle algorithm updates |
| Time to First Encryption | Days to weeks | 5 minutes |
What You Get with Qpher
1. Key Lifecycle Management
Every PQC key in Qpher has an explicit version number and a defined lifecycle:
active → retired → archived
- Active keys can encrypt, decrypt, sign, and verify
- Retired keys can only decrypt and verify (no new operations)
- Archived keys cannot perform any operations
Key rotation is a single API call. The new key becomes active immediately, and the previous key transitions to retired status. There is no downtime, no key confusion, and a complete audit trail of every transition.
With liboqs alone, you would need to build this lifecycle management yourself — including versioned key storage, rotation logic, status tracking, and the enforcement rules that prevent operations on retired or archived keys.
2. Security by Default
Qpher enforces security patterns that are easy to get wrong when building from scratch:
- Non-exportable keys — Private keys exist only inside the KMS-Orchestrator. There is no API endpoint to export them. This eliminates an entire class of key leakage bugs.
- Fail-closed policy engine — Every API request is evaluated against access rules. If the policy engine is unavailable, all requests are denied (not allowed through).
- Timing-safe comparisons — All hash and token comparisons use constant-time algorithms to prevent timing side-channel attacks.
- Tenant isolation — Four layers of isolation prevent one tenant from accessing another's keys or data, even in the presence of application bugs.
These are well-known security best practices, but they are frequently omitted or incorrectly implemented in custom infrastructure.
3. Multi-Tenant Ready
If you are a SaaS company, your customers expect their cryptographic keys to be completely isolated from other tenants. Qpher provides four layers of tenant isolation out of the box:
- Repository layer — Every database query includes a
tenant_idfilter - Database constraints — Unique indexes are scoped to
(tenant_id, ...) - Context propagation — The API Gateway injects tenant identity into every request
- Gateway enforcement — API keys resolve to exactly one tenant
Building this level of isolation on top of liboqs is a significant engineering effort — especially the database constraints, context propagation, and the policy engine that enforces per-tenant access rules.
4. Compliance and Auditability
Qpher records every cryptographic operation in a tamper-evident audit log:
- Every log entry is linked to the previous entry via a SHA-256 hash chain
- Periodic anchors are signed with Dilithium3, making the chain quantum-resistant
- Audit logs are retained for 180 days
- Growth, Pro, and Enterprise plans can export audit logs via API
For regulated industries (finance, healthcare, government), these audit trails are not optional — they are a compliance requirement. Building equivalent auditability on top of raw liboqs would require implementing the hash chain, the signing infrastructure, the retention policy, and the export API.
When NOT to Use Qpher
Qpher is not the right choice for every scenario. We believe in transparent recommendations — here are cases where you should consider alternatives.
You already have a mature KMS
If you are already using AWS KMS, GCP Cloud KMS, Azure Key Vault, or HashiCorp Vault, and your provider adds PQC algorithm support, it may make more sense to use their native PQC capabilities. As of early 2026, most major cloud KMS providers do not yet support PQC algorithms, but this is expected to change.
Your use case is transport-layer encryption
Qpher is optimized for data-at-rest encryption and digital signatures. If your primary concern is protecting data in transit, you need PQ-TLS — consider Cloudflare (which supports X25519Kyber768), or wait for your TLS library to add PQC support.
You need full control over algorithm parameters
Qpher provides NIST Level 3 algorithms with fixed parameters. If you are a cryptography researcher or need to experiment with different parameter sets, security levels, or non-standardized algorithms, use liboqs directly.
Your data does not need long-term protection
The HNDL (Harvest Now, Decrypt Later) threat primarily affects data that must remain confidential for 5+ years. If your encrypted data has a short useful lifetime (session tokens, temporary cache entries), the urgency of PQC migration is lower. You may choose to wait for PQC support to become standard in your existing tools.
Getting Started
Ready to try it? The Quickstart Guide walks you through your first quantum-safe API call in under 5 minutes.
Want to understand the security architecture first? Read the Threat Model to see exactly what Qpher protects and where the trust boundaries lie.