Quantum‑resistant authentication with unlimited throughput
PQDSM performs zero‑latency authentication with proofs embedded directly in block verification. There is no per‑auth device bottleneck: verification scales with chain capacity and your webhook cluster. No secret leaves silicon.
FPGA‑GPU hybrid fabric • Deterministic latency • Confidential compute
What is PQDSM?
Post‑Quantum Deterministic Security Module (PQDSM) is a hardware‑native authentication and signing system engineered for quantum resilience. In verifier‑only mode, validation occurs against chain data (e.g., block headers) and immutable pointers in NFT/IPFS, so the device transmits no payloads and auth throughput is not device‑bound.
Why it matters
- Protects keys and auth flows from future quantum attacks.
- Zero‑bandwidth authentication: nothing sensitive leaves the silicon.
- Composable with EVM and non‑EVM chains; exchange‑grade scale.
Where it fits
- Exchanges, custody, and HSM‑style vaults.
- Enterprise SSO / workforce auth with crypto‑grade security.
- IoT/edge devices requiring low‑leakage identity.
Core capabilities
- Polygon‑coordinate traversal engine @ 500 MHz FPGA
- Zero‑bandwidth challenge/response
- Verifier‑only flow (webhook + block/NFT pointers); device emits no payload
- On‑chain attestations & verifiable logs
Developer experience
- gRPC/REST local API with WebSocket streams
- Client SDKs: JS/TS, Python, Go (stubs shown below)
- Infra as code samples (Terraform, Ansible)
Quick start (TypeScript)
// npm i @pqdsm/sdk
import { PQDSM } from "@pqdsm/sdk";
const p = new PQDSM({ host: "http://localhost:9740" });
const session = await p.begin({ policy: "zero-bandwidth" });
const proof = await p.sign({ subject: "0xWallet", nonce: crypto.randomUUID() });
await p.verifyOnChain({ proof, chainId: 8453 });
High‑level design
Split‑plane design with FPGA control fabric (traversal math, timing vectors) and GPU/CPU auxiliaries for orchestration and analytics. Secrets are computed and consumed within the FPGA plane; host receives only proofs.
Data flow
- Client opens session → verifier allocates ephemeral lane.
- FPGA runs polygon traversal → emits proof blob (or verifier‑only consumes chain data).
- Host validates proof → optional on‑chain verify.
Performance envelope
| Metric | Target |
|---|---|
| Auth latency (p50) | ~0 (block‑native) |
| Throughput / device | Effectively unbounded; bounded by verifier/webhook concurrency and chain finality |
| Device power | < 12 W typical |
Practical limit formula
max_auths_per_sec ≈ webhook_workers × verifies_per_sec × replicas
// Example: 32 workers × 200 v/s × 10 replicas ≈ 64,000 auth/s
// Finality of target chain may dominate user‑visible SLA.Appliance
- Desk or 6U rack options
- FPGA primary • GPU assist
- Dual NIC (1/10/25G), TPM 2.0
- Secure boot, signed firmware updates
Device SKU guide
| SKU | Use case | Notes |
|---|---|---|
| Edge‑Lite | POC, labs | USB‑C powered, fanless |
| Core‑Rack | Exchange / Custody | 6U rack, hot‑swap PSU |
| Max‑Cluster | Large enterprise | HA pair, multi‑tenant |
Auth protocol (summary)
Challenge/response with polygon‑coordinate traversals. Secrets live and die on device; only proofs and attestations are exported. Compatible with on‑chain verify functions for settlement workflows.
Example on‑chain verifier (Solidity)
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.24;
interface IPQDSM { function verify(bytes calldata proof, address subject) external view returns (bool); }
contract Verifier {
IPQDSM public device; constructor(address dev){ device = IPQDSM(dev); }
function check(bytes calldata proof, address who) external view returns (bool) { return device.verify(proof, who); }
}
Simple pricing
- Device: from $50,000 est. per unit
- Support: tiered SLAs for enterprise
Typical pilot
- 2 devices • 90‑day evaluation
- SDK integration & solution architect hours
- Optional on‑prem cluster deployment
Contracts & compliance
- Standard MSA + DPA (GDPR/CCPA)
- Security schedule (firmware signing, SBOM, vuln disclosure)
- Optional BAA for healthcare use
Templates
| Document | Description |
|---|---|
| MSA | Master services agreement |
| DPA | Data processing addendum |
| SOC2 mapping | Control alignment guide |
Security model
- Secrets never serialized; no host visibility
- All updates signed; measured boot
- Tamper detection and fuse‑lock
Testing & assurance
- Fuzzed host API and parsers
- Independent pentests (report available under NDA)
- Red‑team exercises per release train
Frequently asked
Q: Can PQDSM run fully air‑gapped?
A: Yes. Proofs can be exported via unidirectional link or sneaker‑net for offline verification flows.
Q: Which chains are supported?
A: EVM first (Solidity verifiers). Additional chains via adaptor interfaces.
Talk to sales
Email: info@quantumarmorsystems.com
Phone: +1 (203) 921‑6991
https://www.quantumarmorsystems.com
Request a pilot kit or enterprise briefing.