QbitShield Security Guide

Comprehensive security documentation for enterprise quantum cryptography implementation

Last updated: May 31, 2026Version: 2.3.0✓ Keys pass NIST SP 800-22 tests

Security Overview

Quantum-Safe Security

QbitShield provides post-quantum cryptographic security using the Prime Harmonic Modulation (PHM) protocol — a quantum-circuit-based key generation system validated on IBM Quantum hardware. Keys pass NIST SP 800-22 statistical tests for randomness, ensuring security against both classical and quantum computing attacks.

Keys pass NIST SP 800-22 tests

All quantum keys pass NIST SP 800-22 randomness tests

Quantum Hardware

Quantum-derived entropy from hardware backends where available; high-fidelity simulation fallback

Enterprise Grade

SOC 2 program in progress; HIPAA-aligned controls; BAAs available on request

Core Security Principles

  • Authenticated and authorized request architecture - Every request is authenticated and authorized
  • End-to-End Encryption - Data encrypted in transit and at rest using quantum keys
  • Quantum-Circuit Entropy - Key generation via Prime Harmonic Modulation circuits, validated on IBM Quantum hardware
  • Continuous Validation - Real-time NIST SP 800-22 testing and compliance

NIST SP 800-22 Compliance

Every quantum key generated by QbitShield undergoes rigorous testing using the NIST Special Publication 800-22 Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications.

NIST Test Suite Coverage

Frequency (Monobit) Test
Block Frequency Test
Cumulative Sums Test
Runs Test
Longest Run of Ones Test
Binary Matrix Rank Test
Discrete Fourier Transform Test
Non-overlapping Template Matching
Overlapping Template Matching
Maurer's Universal Statistical Test
Linear Complexity Test
Serial Test
Approximate Entropy Test
Random Excursions Test
Random Excursions Variant Test

Quantum Encryption Technology

QbitShield's Prime Harmonics V2 engine implements the PHM quantum key distribution protocol — a novel circuit architecture whose security is provably tied to prime gap statistics (IACR 2026/109747). Keys are cryptographically secure and independently verifiable via IBM Quantum job IDs.

Quantum Key Generation

  • PHM Circuit Entropy: Prime Harmonic Modulation quantum circuits — validated on IBM Fez real hardware (job d8e3v607jphs739k6kig)
  • Variable Security Levels: 128, 256, or 384-bit key lengths
  • Real-time Validation: Continuous NIST testing during generation

Prime Harmonics Technology

  • Harmonic Modulation: Advanced quantum state manipulation
  • Hardware Validated: IBM Fez quantum processor (job d8e3v607jphs739k6kig) — IACR 2026/109747
  • Performance: Sub-millisecond key generation times

Security Guarantees

Information Theoretic Security

Information-theoretic security properties based on quantum mechanics

Post-Quantum Resistance

Secure against both classical and quantum computer attacks

API Security

API Key Security

Always protect your API keys. Never expose them in client-side code, public repositories, or unsecured environments. Use environment variables and secure key management systems.

Authentication & Authorization

API Key Authentication

All API requests require a valid API key in the X-API-Key header:

curl -X POST "https://qbitshield-api-production.up.railway.app/api/v2/generate" \
  -H "X-API-Key: your_enterprise_key" \
  -H "Content-Type: application/json"

Rate Limiting

API requests are rate limited based on your subscription tier:

Trial
10 requests/minute
Professional
100 requests/minute
Enterprise
500 requests/minute

Request Signing

For enhanced security, enterprise customers can enable HMAC request signing to ensure request integrity and prevent replay attacks.

Network Security

  • TLS 1.3 Encryption - All API traffic encrypted in transit
  • Certificate Pinning - Prevent man-in-the-middle attacks
  • IP Whitelisting - Restrict API access to approved IP ranges
  • DDoS Protection - Enterprise-grade attack mitigation

Security Best Practices

Key Management

  • Rotate API Keys Regularly
    Rotate keys at least every 90 days
  • Use Separate Keys per Environment
    Different keys for dev, staging, and production
  • Monitor Key Usage
    Track API key usage patterns and anomalies

Implementation Security

  • Validate All Keys
    Always verify key format and entropy before use
  • Secure Key Storage
    Use hardware security modules or secure enclaves
  • Audit Trail Maintenance
    Log all key generation and usage events

Need Help?

Our security team is available to help you implement quantum-safe security practices in your organization.

Contact Security TeamView API Reference