TA

Quantum-Secure Encryption
for the Post-Quantum Era

Defense-in-depth cryptography with NIST-approved algorithms. Hybrid KEM, dual signatures, cascading encryption—built in Rust for memory safety.
Get StartedTry Live Demo
NIST FIPS 203/204/205Open SourceRust-Powered

Why Now?

The quantum computing threat isn't hypothetical—it's already happening.

"Harvest Now, Decrypt Later"

Nation-state actors are actively collecting encrypted data today, storing it until quantum computers can break current encryption. Your RSA and ECC-encrypted data from today could be readable by 2035.

The Timeline

2024 ✓NIST finalized FIPS 203/204/205
2025-2030Migration window (we are here)
2030-2035Cryptographically relevant QC

If your data needs to remain confidential for 10+ years, you need post-quantum cryptography today.

Defense-in-Depth Architecture

Multiple layers of quantum-resistant algorithms working together. Even if one is compromised, your data remains secure.

FIPS 203

Hybrid KEM

X25519 + ML-KEM-768

Combines classical Elliptic Curve Diffie-Hellman with lattice-based ML-KEM for quantum-resistant key encapsulation. Security remains even if one algorithm is broken.

FIPS 204/205

Dual Signatures

ML-DSA-65 + SLH-DSA

Lattice-based ML-DSA paired with hash-based SLH-DSA provides cryptographic diversity. Two mathematically independent signature schemes for maximum assurance.

Defense-in-Depth

Cascading Encryption

AES-256-GCM + ChaCha20-Poly1305

Data encrypted with AES-256-GCM is re-encrypted with ChaCha20-Poly1305. An attacker must break both NIST and IETF approved ciphers.

Rust-Powered

Memory Safety

Rust + Zeroization

Written in Rust with automatic memory zeroization. Secrets are scrubbed from memory immediately after use, preventing memory-based attacks.

GPU Resistant

Key Derivation

Argon2id + HKDF-SHA3-512

Passwords are hardened with Argon2id (19MB memory-hard, GPU/ASIC resistant). Raw keys use HKDF-SHA3-512 with domain separation for cryptographic isolation.

PFS

Forward Secrecy

HMAC-SHA3-256 Ratcheting

Session keys are ratcheted forward after each message using HMAC-SHA3-256. Past messages cannot be decrypted even if the current key is compromised.

Simple API, Powerful Protection

Quantum-secure cryptography shouldn't be complicated. A clean Rust API abstracts the complexity while maintaining maximum security.

main.rs
1use quantum_shield::{QShieldKEM, QuantumShield, QShieldSign};
2
3// Hybrid key encapsulation (X25519 + ML-KEM-768)
4let (public_key, secret_key) = QShieldKEM::generate_keypair()?;
5let (ciphertext, shared_secret) = QShieldKEM::encapsulate(&public_key)?;
6let decapsulated = QShieldKEM::decapsulate(&secret_key, &ciphertext)?;
7// shared_secret == decapsulated
8
9// Cascading encryption (AES-256-GCM + ChaCha20-Poly1305)
10let cipher = QuantumShield::new(&shared_secret)?;
11let encrypted = cipher.encrypt(b"Quantum-secure message")?;
12let decrypted = cipher.decrypt(&encrypted)?;
13
14// Dual signatures (ML-DSA-65 + SLH-DSA)
15let signer = QShieldSign::new()?;
16let sig = signer.sign(b"Sign this document")?;
17assert!(signer.verify(b"Sign this document", &sig)?);

Algorithm Stack

ML-KEM-768FIPS 203ML-DSA-65FIPS 204SLH-DSAFIPS 205X25519RFC 7748AES-256-GCMNISTChaCha20-Poly1305IETFHKDF-SHA3-512RFC 5869

Security Properties

  • Quantum-resistant key exchange & signatures
  • Perfect forward secrecy
  • Constant-time operations (side-channel resistant)
  • Automatic memory zeroization
  • Domain-separated key derivation

Built for Critical Infrastructure

Industries where data confidentiality must be maintained for decades, not years.

Healthcare / HIPAA

Protect patient records and PHI with encryption that will remain secure for decades. Meet HIPAA requirements today while preparing for quantum threats.

Financial Services

Secure transactions, account data, and financial records. Regulatory compliance requires forward-looking security—QuantumShield delivers.

Government & Defense

Classified communications and sensitive government data require the highest security standards. NIST-approved algorithms for national security.

Long-term Archives

Data that must remain confidential for 50+ years—legal documents, intellectual property, research data. Quantum-safe encryption from day one.

Why QuantumShield?

Built with the latest NIST-approved post-quantum algorithms for maximum security.

Key Features

  • NIST FIPS 203/204/205: ML-KEM-768, ML-DSA-65, SLH-DSA-SHAKE-128f — all three finalized standards
  • Hybrid KEM: X25519 + ML-KEM-768 — secure if EITHER algorithm holds
  • Dual signatures: Lattice-based + hash-based — two independent mathematical foundations
  • Cascading cipher: AES-256-GCM + ChaCha20-Poly1305 — both must be broken
  • Argon2id KDF: 19MB memory-hard password hashing, GPU/ASIC resistant
  • Memory safe: Written in Rust with automatic zeroization — no buffer overflows
  • WebAssembly ready: Runs in any browser with full post-quantum security
  • Open source: Fully auditable code under MIT license
NEW

QAuth

Post-Quantum Authentication Protocol

Built on QuantumShield's crypto primitives, QAuth replaces OAuth 2.0 and JWT with dual signatures (Ed25519 + ML-DSA-65), encrypted payloads, mandatory proof-of-possession, and built-in revocation. The authentication protocol for the quantum era.

Explore QAuthTry Demo

Open Source & MIT Licensed

QuantumShield is fully open source. Audit the code, contribute improvements, report security issues, or learn from the implementation.

Try Live DemoView on GitHub

Get Started

Install QuantumShield and start encrypting with post-quantum security in minutes.

Rust SDK

Native performance, full API

Available

Add to Cargo.toml

Cargo.toml
1[dependencies]
2quantum-shield = { git = "https://github.com/Tushar010402/Tushar-Agrawal-Website", path = "quantum-shield/rust" }

Quick Example

main.rs
1use quantum_shield::{QShieldKEM, QuantumShield};
2
3let (pk, sk) = QShieldKEM::generate_keypair()?;
4let (ct, shared) = QShieldKEM::encapsulate(&pk)?;
5let cipher = QuantumShield::new(&shared)?;
6let encrypted = cipher.encrypt(b"Hello, quantum world!")?;
5,358 linesFIPS 203/204/205MIT License

WebAssembly SDK

Browser & Node.js

Available

Build from Source

terminal
1# Clone and build the WASM package
2git clone https://github.com/Tushar010402/Tushar-Agrawal-Website.git
3cd Tushar-Agrawal-Website/quantum-shield/wasm
4wasm-pack build --target web

Quick Example

app.ts
1import init, { QShieldCipher, QShieldHybridKEM } from './pkg';
2
3await init();
4const cipher = QShieldCipher.new("my-password");
5const encrypted = cipher.encrypt_string("Hello from WASM!");
~420KB WASMTypeScript typesAll browsers

Python SDK

Python 3.9+

Available

Install

terminal
1pip install quantum-shield

Quick Example

main.py
1from quantum_shield import QShieldKEM, QuantumShield
2
3pk, sk = QShieldKEM.generate_keypair()
4ct, shared = QShieldKEM.encapsulate(pk)
5cipher = QuantumShield(shared)
6encrypted = cipher.encrypt(b"Hello!")
59 testsZero native deps

Node.js SDK

Node 18+, TypeScript

Available

Install

terminal
1npm install @quantumshield/node

Quick Example

app.ts
1import { init, QShieldCipher } from '@quantumshield/node';
2
3await init();
4const cipher = QShieldCipher.fromPassword('secret');
5const enc = cipher.encryptString('Hello!');
6const dec = cipher.decryptString(enc);
72 testsZero runtime deps

Go SDK

Go 1.21+

Available

Install

terminal
1go get github.com/Tushar010402/quantum-shield-go

Quick Example

main.go
1import qs "github.com/Tushar010402/quantum-shield-go"
2
3alice, _ := qs.NewKEM()
4bob, _ := qs.NewKEM()
5ct, shared, _ := alice.Encapsulate(bob.PublicKey())
6cipher, _ := qs.NewCipher(shared)
56 testsx/crypto powered