Skip to main content

Frequently Asked Questions

Getting Started

What is Post-Quantum Cryptography (PQC)?

Post-Quantum Cryptography refers to cryptographic algorithms that are designed to resist attacks from both classical computers and future quantum computers. Today's widely used encryption (RSA, ECC) will be broken by sufficiently powerful quantum computers. PQC algorithms like Kyber768 and Dilithium3 are built on mathematical problems that remain hard even for quantum computers.

Do I need to understand quantum computing to use Qpher?

No. Qpher provides PQC as a simple API service. You send data in, you get encrypted data or signatures back. The quantum-resistant algorithms run on our servers, and you interact with them the same way you would interact with any REST API.

How do I get started?

  1. Sign up for a free account (no credit card required).
  2. Create an API key from the Dashboard.
  3. Generate your first PQC key pair.
  4. Make your first encrypt or sign API call.

See the Quickstart Guide for a step-by-step walkthrough.

What languages and frameworks do you support?

Qpher provides official SDKs for:

  • Python (3.8+)
  • Node.js (18+)
  • Go (1.21+)

You can also use Qpher with any language that can make HTTP requests, since all functionality is exposed through a standard REST API.

Security

Are my private keys safe?

Yes. Your private keys are generated and stored exclusively inside the KMS-Orchestrator service. They are encrypted at rest using AES-256-GCM and never leave the secure boundary. There is no API endpoint to download or export private keys. See Non-Exportable Keys for details.

What happens if Qpher goes down?

Qpher is designed for high availability. If a temporary outage occurs:

  • Your encrypted data remains safe -- ciphertexts do not expire.
  • Your keys are not affected -- they remain encrypted at rest.
  • The system follows a fail-closed design, meaning requests are denied rather than processed insecurely.
  • Check status.qpher.ai for real-time status updates.

How does Qpher isolate my data from other customers?

Qpher uses four layers of tenant isolation:

  1. Every database query is scoped to your tenant ID.
  2. Database constraints enforce tenant-scoped uniqueness.
  3. The API Gateway injects your tenant ID from the authenticated API key (never from user input).
  4. Cross-tenant access is architecturally impossible at the data layer.

See Security Architecture for more details.

What cryptographic algorithms does Qpher use?

AlgorithmStandardPurpose
Kyber768 (ML-KEM-768)NIST FIPS 203Key encapsulation / encryption
Dilithium3 (ML-DSA-65)NIST FIPS 204Digital signatures
AES-256-GCMNISTPrivate key encryption at rest

Both PQC algorithms provide NIST Level 3 security.

Billing

Is there a free tier?

Yes. The Free plan includes 5,000 API calls per month, 1 API key, and 1 PQC key per algorithm. No credit card is required. You can use the Free plan indefinitely.

Can I try a paid plan before committing?

Yes. Every paid plan (Starter, Growth, Pro) includes a 14-day free trial with no credit card required. If you do not add a payment method before the trial ends, your account automatically downgrades to the Free plan with no data loss.

Can I cancel my subscription?

Yes. You can cancel at any time from the Dashboard. Your plan remains active until the end of the current billing period, then you are automatically downgraded to the Free plan. No data is deleted when you cancel.

What happens if I exceed my API call quota?

Additional requests receive a 403 error with a "quota exceeded" message. There are no overage charges. You can upgrade your plan at any time to increase your limits.

Do you offer annual billing?

Yes. Annual billing provides a 20% discount compared to monthly billing. For example, the Growth plan is $179/month or $143/month when billed annually.

Technical

What is the maximum plaintext size?

The maximum plaintext size for a single KEM encrypt operation is 1 MB (1,048,576 bytes). For larger data, encrypt in chunks or use a hybrid approach where you encrypt a symmetric key with KEM and then use that key to encrypt the larger payload.

What are Qpher's latency targets?

OperationTarget (p95)
KEM encrypt< 15ms
KEM decrypt< 15ms
Signature sign< 30ms
Signature verify< 30ms
Gateway auth pipeline< 5ms
Policy evaluation< 2ms

What is a key version and why is it required?

Every PQC key has a version number that increments each time you rotate the key. You must specify the key_version in every encrypt, decrypt, sign, and verify request. This ensures you always know exactly which key was used for an operation and prevents accidentally using the wrong key.

See Key Versioning for more information.

What does "fail-closed" mean?

Fail-closed means that when a component fails or is unavailable, the system denies access rather than allowing requests through without authorization. This is a security-first design choice: brief availability loss is preferable to a security gap.

Can I use Qpher from behind a firewall?

Yes. Qpher's API is accessible over standard HTTPS (port 443). As long as your network allows outbound HTTPS connections to api.qpher.ai, you can use Qpher.

Still Have Questions?

Contact our support team at support@qpher.ai or use the chat widget in the Dashboard (available on Growth plans and above).