Security & Compliance

SDK-SEC-008 v1.0

The QUAC 100 and QuantaCore SDK are designed from the ground up for FIPS 140-3 Level 3 certification. This page documents the operational security requirements, approved algorithm boundaries, key management lifecycle, zeroization guarantees, and audit capabilities that govern cryptographic operations in compliance-sensitive deployments.

Overview #

Compliance is not an afterthought â€” it shapes every layer of the system architecture. The QUAC 100 hardware implements a cryptographic boundary that encompasses all key material, algorithm implementations, and random number generation. The SDK enforces policy at the software layer, ensuring that applications cannot inadvertently violate FIPS operational requirements.

Certification	Level	Status	Scope
FIPS 140-3	Level 3	IUT â€” atsec Information Security	Hardware module + firmware + SDK cryptographic boundary
Common Criteria	EAL4+	Planned	Full product including management interfaces
CNSA 2.0	Suite B	Compliant	Algorithm selection and key sizes
SOC 2 Type II	â€”	Planned	Cloud management and update infrastructure

Important: FIPS 140-3 certification applies to a specific hardware, firmware, and SDK version combination. Running non-validated firmware or SDK versions operates the module outside the FIPS-validated configuration, even if FIPS mode is enabled. Always verify the validated version matrix in the CMVP certificate before deploying in FIPS-required environments.

FIPS 140-3 Mode #

The QUAC 100 supports two operational modes: FIPS mode and permissive mode. FIPS mode enforces the cryptographic boundary defined in the FIPS 140-3 Security Policy, restricting operations to approved algorithms, validated key sizes, and compliant random number generation. Permissive mode allows all supported algorithms including experimental and non-FIPS variants.

Enabling FIPS Mode

// Check current mode
quac_fips_status_t fips_status;
quac_get_fips_status(dev, &fips_status);

if (fips_status.mode == QUAC_FIPS_PERMISSIVE) {
    // Switch to FIPS mode (requires reboot of the module)
    quac_status_t rc = quac_set_fips_mode(dev, QUAC_FIPS_ENFORCED);
    if (rc == QUAC_OK) {
        printf("FIPS mode enabled. Module reset required.\n");
        quac_reset_module(dev);
    }
}

// Verify FIPS mode after reset
quac_get_fips_status(dev, &fips_status);
assert(fips_status.mode == QUAC_FIPS_ENFORCED);
assert(fips_status.self_test_passed == true);
printf("FIPS certificate: %s\n", fips_status.certificate_number);
printf("Firmware version: %s\n", fips_status.firmware_version);
printf("Security policy:  %s\n", fips_status.security_policy_version);

FIPS Mode Restrictions

When FIPS mode is active, the following restrictions are enforced by both hardware and SDK:

Category	FIPS Mode	Permissive Mode
ML-KEM	ML-KEM-512, 768, 1024 (FIPS 203)	All + experimental variants
ML-DSA	ML-DSA-44, 65, 87 (FIPS 204)	All + Dilithium round-3
SLH-DSA	SLH-DSA all parameter sets (FIPS 205)	All + SPHINCS+ round-3
Classical	AES-256-GCM, SHA-3, HMAC-SHA3	All including SHA-1, 3DES
RNG	SP 800-90A DRBG with QRNG seed	Raw QRNG, DRBG, any seed
Key export	Encrypted wrapping only (AES-KWP)	Plaintext and encrypted
Debug interfaces	Disabled	Available
Firmware update	Signed + integrity-verified only	Signed only
Self-test	Mandatory at power-on	Optional

Attempting a non-approved operation in FIPS mode returns QUAC_ERR_FIPS_NOT_APPROVED. The operation is not performed, and the attempt is logged in the audit trail.

Runtime FIPS Validation

Applications can programmatically verify FIPS compliance before performing operations:

// Check if a specific algorithm is FIPS-approved in current mode
bool approved = quac_is_fips_approved(dev, QUAC_KEM_ML_KEM_768);

// Get the complete list of approved algorithms
quac_alg_t approved_algs[64];
size_t n_approved;
quac_get_fips_approved_algorithms(dev, approved_algs, 64, &n_approved);

// Verify the cryptographic module integrity
quac_integrity_result_t integrity;
quac_verify_module_integrity(dev, &integrity);
if (!integrity.firmware_valid || !integrity.sdk_valid) {
    // Module integrity check failed â€” do not use for FIPS operations
    abort();
}

Approved Algorithms #

The following algorithms are approved for use within the FIPS 140-3 cryptographic boundary. All implementations use constant-time execution paths and are hardened against side-channel attacks as required by the security policy.

Algorithm	Standard	Key Sizes / Parameters	NIST Security Level
ML-KEM-512	FIPS 203	k=2, Î·â‚=3, Î·â‚‚=2	Level 1 (128-bit)
ML-KEM-768	FIPS 203	k=3, Î·â‚=2, Î·â‚‚=2	Level 3 (192-bit)
ML-KEM-1024	FIPS 203	k=4, Î·â‚=2, Î·â‚‚=2	Level 5 (256-bit)
ML-DSA-44	FIPS 204	k=4, l=4, Î·=2, Î³â‚=2Â¹â·	Level 2 (~128-bit)
ML-DSA-65	FIPS 204	k=6, l=5, Î·=4, Î³â‚=2Â¹â¹	Level 3 (192-bit)
ML-DSA-87	FIPS 204	k=8, l=7, Î·=2, Î³â‚=2Â¹â¹	Level 5 (256-bit)
SLH-DSA-128s	FIPS 205	SHA-256, n=16, h=63	Level 1 (128-bit)
SLH-DSA-128f	FIPS 205	SHA-256, n=16, h=66	Level 1 (128-bit)
SLH-DSA-192s	FIPS 205	SHA-256, n=24, h=63	Level 3 (192-bit)
SLH-DSA-192f	FIPS 205	SHA-256, n=24, h=66	Level 3 (192-bit)
SLH-DSA-256s	FIPS 205	SHA-256, n=32, h=64	Level 5 (256-bit)
SLH-DSA-256f	FIPS 205	SHA-256, n=32, h=68	Level 5 (256-bit)
AES-256-GCM	FIPS 197 / SP 800-38D	256-bit key, 96-bit IV	â€”
SHA3-256/384/512	FIPS 202	â€”	â€”
SHAKE128/256	FIPS 202	Variable output	â€”
HMAC-SHA3	FIPS 198-1	256/384/512-bit	â€”
SP 800-90A CTR_DRBG	SP 800-90A	AES-256, QRNG-seeded	â€”

CNSA 2.0 Compliance

For National Security Systems (NSS), the CNSA 2.0 suite requirements are satisfied by using ML-KEM-1024 for key establishment and ML-DSA-87 for digital signatures. The SDK provides a convenience function to verify CNSA 2.0 compliance:

bool cnsa2 = quac_is_cnsa2_compliant(dev, QUAC_KEM_ML_KEM_1024);
// Returns true for ML-KEM-1024, ML-DSA-87, SLH-DSA-256*

Key Lifecycle Management #

The QUAC 100 enforces a strict key lifecycle state machine for all key material stored within the hardware cryptographic boundary. Keys transition through well-defined states, and operations are only permitted on keys in the appropriate state.

State	Description	Allowed Operations
Pre-Active	Generated but not yet activated	Export (wrapped), Activate, Destroy
Active	Available for cryptographic use	All crypto ops, Export, Deactivate, Destroy
Suspended	Temporarily disabled	Reactivate, Destroy
Deactivated	No longer used for new operations	Verify/Decrypt only, Destroy
Compromised	Known or suspected compromise	Verify only (for audit), Destroy
Destroyed	Zeroized and irrecoverable	None

// Generate a key (enters Pre-Active state)
quac_key_handle_t key;
quac_key_attrs_t attrs = {
    .algorithm      = QUAC_SIG_ML_DSA_65,
    .usage          = QUAC_KEY_USAGE_SIGN | QUAC_KEY_USAGE_VERIFY,
    .extractable    = false,
    .persistent     = true,
    .label          = "code-signing-2025",
    .activation     = QUAC_KEY_ACTIVATE_IMMEDIATELY,
    .expiry_days    = 365,
};
quac_key_generate(dev, &attrs, &key);

// Check lifecycle state
quac_key_state_t state;
quac_key_get_state(key, &state);
assert(state == QUAC_KEY_STATE_ACTIVE);

// Deactivate after rotation
quac_key_deactivate(key);
// Key can still verify old signatures but cannot create new ones

// Destroy (zeroize)
quac_key_destroy(key);
// Key material is overwritten with zeros in hardware

Key Storage

The QUAC 100 provides secure non-volatile storage for up to 4,096 persistent keys within the hardware cryptographic boundary. Keys are stored in AES-256-GCM encrypted form using the module's internal Key Encryption Key (KEK), which is derived from the hardware root of trust and never leaves the device.

// Query storage capacity
quac_storage_info_t storage;
quac_get_key_storage_info(dev, &storage);
printf("Keys: %zu / %zu, Storage: %zu / %zu bytes\n",
       storage.keys_used, storage.keys_total,
       storage.bytes_used, storage.bytes_total);

// Enumerate stored keys
quac_key_handle_t keys[128];
size_t n_keys;
quac_key_enumerate(dev, keys, 128, &n_keys);

for (size_t i = 0; i < n_keys; i++) {
    quac_key_info_t info;
    quac_key_get_info(keys[i], &info);
    printf("  [%s] alg=%s state=%s created=%s\n",
           info.label, info.algorithm_name,
           info.state_name, info.creation_time);
}

Key Wrapping and Export

In FIPS mode, key material can only leave the cryptographic boundary in wrapped (encrypted) form using AES Key Wrap with Padding (AES-KWP, SP 800-38F). This ensures keys are protected in transit between QUAC 100 devices or during backup operations.

// Wrap a key for export
uint8_t wrapped_key[4096];
size_t wrapped_len;
quac_key_wrap(key,
    wrapping_key,           // AES-256 wrapping key (must be in hardware)
    QUAC_WRAP_AES_KWP,      // SP 800-38F AES Key Wrap with Padding
    wrapped_key, sizeof(wrapped_key), &wrapped_len
);

// Unwrap on another device
quac_key_handle_t imported;
quac_key_unwrap(dev2,
    wrapping_key_dev2,      // Same wrapping key on destination device
    QUAC_WRAP_AES_KWP,
    wrapped_key, wrapped_len,
    &attrs,                 // Key attributes for imported key
    &imported
);

Zeroization Guarantees #

The QUAC 100 implements multi-layer zeroization to ensure cryptographic material cannot be recovered after destruction. These guarantees are a FIPS 140-3 Level 3 requirement and are enforced by both hardware and software.

Automatic Zeroization

Trigger	Scope	Mechanism
Key destroy	Single key	3-pass overwrite (0x00, 0xFF, 0x00) + verification read
Session close	Session keys	All ephemeral keys zeroized on `quac_close()`
Tamper detect	All key material	Hardware zeroization within 10 Î¼s
Self-test failure	All key material	Automatic zeroization + error state
Manual emergency	All key material	Physical tamper button or `quac_emergency_zeroize()`
Power loss	Volatile keys	SRAM decay (keys cleared within milliseconds)

Software-Side Zeroization

The SDK provides a compiler-barrier-protected zeroization function for host-side sensitive data. Unlike memset, quac_zeroize() is guaranteed not to be optimized away by the compiler:

// Zeroize host-side buffers
quac_kem_keypair_t kp;
// ... use kp ...

quac_zeroize(&kp, sizeof(kp));  // Guaranteed not optimized out

// For Rust users: the quac100 crate implements Zeroize trait
// Keys are automatically zeroized on Drop

Emergency Zeroization

// Software-triggered emergency zeroization
// WARNING: Destroys ALL key material â€” cannot be undone
quac_status_t rc = quac_emergency_zeroize(dev);
if (rc == QUAC_OK) {
    // All keys destroyed. Module enters error state.
    // Requires factory reset to resume operation.
}

Audit Logging #

The QUAC 100 maintains a tamper-evident audit log within the hardware cryptographic boundary. Every security-relevant event â€” key generation, algorithm usage, authentication, configuration changes, and error conditions â€” is recorded with a monotonic timestamp and sequence number. The audit log cannot be modified or deleted without detection.

Configuration

// Configure audit logging
quac_audit_config_t audit_cfg = {
    .level          = QUAC_AUDIT_VERBOSE,      // MINIMAL, STANDARD, VERBOSE
    .external_sink  = QUAC_AUDIT_SYSLOG,       // NONE, SYSLOG, FILE, CALLBACK
    .syslog_facility= LOG_AUTH,
    .file_path      = "/var/log/quac100/audit.log",
    .file_max_size  = 100 * 1024 * 1024,       // 100 MB rotation
    .file_max_files = 10,                       // Keep 10 rotated files
    .sign_entries   = true,                    // HMAC-sign each entry
};
quac_audit_configure(dev, &audit_cfg);

Audit Event Categories

Category	Events	Audit Level
Lifecycle	Module power-on, reset, shutdown, firmware update	MINIMAL
Authentication	Login, logout, failed auth, role change	MINIMAL
Key Management	Generate, import, export, destroy, state change	MINIMAL
Crypto Operations	Sign, verify, encapsulate, decapsulate	STANDARD
Configuration	FIPS mode change, policy update, clock sync	MINIMAL
Security	Tamper detect, self-test, zeroization, error state	MINIMAL
Access Control	Permission grant/revoke, tenant isolation events	STANDARD
Performance	Queue depth, throughput stats, thermal events	VERBOSE

Reading the Audit Log

// Read recent audit entries from hardware
quac_audit_entry_t entries[100];
size_t n_entries;
quac_audit_read(dev, entries, 100, &n_entries,
    &(quac_audit_filter_t){
        .category  = QUAC_AUDIT_CAT_KEY_MGMT,
        .since     = time(NULL) - 3600,  // Last hour
    }
);

for (size_t i = 0; i < n_entries; i++) {
    printf("[%s] seq=%lu cat=%s event=%s detail=%s\n",
           entries[i].timestamp_iso,
           entries[i].sequence,
           entries[i].category_name,
           entries[i].event_name,
           entries[i].detail);
}

// Verify audit log integrity (check HMAC chain)
bool valid;
quac_audit_verify_integrity(dev, &valid);
if (!valid) {
    // Audit log tampering detected
    log_critical("AUDIT LOG INTEGRITY FAILURE");
}

Side-Channel Countermeasures #

The QUAC 100 implements comprehensive side-channel countermeasures at both the hardware and algorithmic level. These protections are always active â€” they cannot be disabled, even in permissive mode.

Timing Attack Resistance

All cryptographic operations execute in constant time regardless of input values. This is enforced at the hardware level through fixed-cycle execution pipelines. The NTT butterfly network processes all coefficient operations in identical cycle counts, eliminating timing leakage from polynomial arithmetic.

Power Analysis Resistance

Countermeasure	Technique	Protection Against
Algorithmic masking	Boolean and arithmetic masking with fresh random shares per operation	Simple Power Analysis (SPA)
Random delays	QRNG-seeded random pipeline stalls between operations	Differential Power Analysis (DPA)
Noise injection	Dummy operations on dedicated noise generators	Correlation Power Analysis (CPA)
Dual-rail logic	Complementary switching for constant Hamming weight	Electromagnetic Analysis (EMA)
Clock jitter	QRNG-modulated clock phase variation	Template attacks
Shuffling	Randomized execution order of NTT butterfly stages	Higher-order DPA

Fault Injection Protection

The hardware includes active fault detection circuitry that monitors voltage glitching, clock manipulation, laser fault injection, and temperature extremes. Detected fault conditions trigger immediate zeroization of active key material and transition to the error state.

// Query tamper detection status
quac_tamper_status_t tamper;
quac_get_tamper_status(dev, &tamper);

printf("Voltage monitor:     %s\n", tamper.voltage_ok     ? "OK" : "ALERT");
printf("Clock monitor:       %s\n", tamper.clock_ok       ? "OK" : "ALERT");
printf("Temperature:         %.1fÂ°C (%s)\n",
       tamper.temperature_c, tamper.temp_in_range ? "OK" : "ALERT");
printf("Physical enclosure:  %s\n", tamper.enclosure_ok   ? "OK" : "BREACH");
printf("Tamper events:       %lu\n", tamper.total_events);

Power-On Self-Test (POST) #

Every time the QUAC 100 module is powered on or reset, it performs a comprehensive self-test sequence before accepting any cryptographic operations. In FIPS mode, POST is mandatory â€” the module will not enter the operational state until all tests pass.

Test	Duration	Description
Firmware Integrity	~50 ms	SHA3-256 hash of firmware image verified against signed manifest
KAT: ML-KEM	~20 ms	Known Answer Test for all ML-KEM parameter sets
KAT: ML-DSA	~30 ms	Known Answer Test for all ML-DSA parameter sets
KAT: SLH-DSA	~100 ms	Known Answer Test for SLH-DSA-128s (representative)
KAT: AES-GCM	~5 ms	Known Answer Test for AES-256-GCM encrypt/decrypt
KAT: SHA-3	~5 ms	Known Answer Test for SHA3-256, SHA3-512, SHAKE128, SHAKE256
QRNG Health	~200 ms	SP 800-90B health tests on quantum entropy source
DRBG	~10 ms	CTR_DRBG instantiation and Known Answer Test
NTT Engine	~15 ms	Forward/inverse NTT correctness on test vectors
Memory	~500 ms	HBM memory test (walking ones/zeros pattern)
PCIe Link	~10 ms	DMA loopback and integrity check

// Query POST results
quac_post_results_t post;
quac_get_post_results(dev, &post);

printf("POST status:    %s\n", post.passed ? "PASSED" : "FAILED");
printf("POST duration:  %u ms\n", post.duration_ms);
printf("Tests run:      %u / %u\n", post.tests_passed, post.tests_total);

if (!post.passed) {
    for (int i = 0; i < post.tests_total; i++) {
        if (!post.tests[i].passed) {
            printf("  FAILED: %s â€” %s\n",
                   post.tests[i].name, post.tests[i].error);
        }
    }
}

// Trigger conditional self-test (non-destructive)
quac_run_self_test(dev, QUAC_SELFTEST_CONDITIONAL);

Common Criteria #

The QUAC 100 Common Criteria evaluation targets EAL4+ (augmented with ALC_FLR.3 and AVA_VAN.5) under the Protection Profile for Cryptographic Modules. The evaluation scope includes the complete product: hardware module, firmware, SDK, and management interfaces.

Key security functional requirements addressed include:

SFR Class	Description	Implementation
FCS_COP	Cryptographic operation	All FIPS-approved algorithms with constant-time implementation
FCS_CKM	Cryptographic key management	Hardware-bound key lifecycle with secure storage
FDP_ITC	Import from outside TSF	Key unwrapping with AES-KWP integrity verification
FDP_ETC	Export from TSF	Key wrapping with mandatory encryption
FAU_GEN	Security audit data generation	Tamper-evident audit log with HMAC integrity
FPT_TST	TSF self-test	POST and conditional self-tests
FPT_PHP	Physical protection	Tamper detection with automatic zeroization
FTP_ITC	Inter-TSF trusted channel	Authenticated firmware update channel

Export Controls #

The QUAC 100 is classified under Export Control Classification Number (ECCN) 5A002.a.1 as a cryptographic hardware accelerator. Export is subject to U.S. Bureau of Industry and Security (BIS) Export Administration Regulations (EAR).

Destination	License Requirement	Notes
EAR99 countries	No Individual Validated License (NLR with ENC exception)	Most commercial destinations
Five Eyes	NLR	US, UK, Canada, Australia, New Zealand
EU/EEA	NLR with ENC exception	Requires one-time BIS classification
Country Group D:1	Individual license required	China, Russia, etc. â€” case-by-case review
Embargoed	Prohibited	Cuba, Iran, North Korea, Syria, Crimea

Customers are responsible for ensuring compliance with all applicable export control regulations in their jurisdiction. Dyber provides export classification documentation and end-user certificate templates upon request. Contact export@dyber.com for classification details.

SDK-only distribution: The QuantaCore SDK software (without hardware) may qualify for the TSU (Technology and Software Unrestricted) exception under EAR Â§740.13(e) when publicly available. Consult your export compliance counsel for specific determinations.

Next Steps #

For the complete function-level reference of all security and compliance APIs, see the API Reference. To download the validated SDK version and associated security documentation, visit the Downloads page. For questions about FIPS certification status or Common Criteria evaluation, contact compliance@dyber.com.

Was this page helpful? Send feedback