# Post-Quantum Cryptography Tool for Protecting Data

**Source**: https://quantumsequrity.com/
**Generated**: 2026-04-14 from HTML mirror

---

SYSTEM ONLINE

FIPS 203 · FIPS 204 · FIPS 205 · SP 800-208 · HYBRID PQC

v7.2.32 -

POST-QUANTUM HYBRID · NIST FIPS 203 / 204 / 205

# PROTECT YOUR DATA FROM QUANTUM COMPUTERS. DEFEND AGAINST HARVEST NOW, DECRYPT LATER.

**Post-quantum cryptography**, in one command. QNSQY is a hybrid quantum-resistant cryptography tool built on **NIST FIPS 203 (ML-KEM)**, **FIPS 204 (ML-DSA)**, and **FIPS 205 (SLH-DSA)**, paired with classical X25519 & Ed25519 for defense-in-depth. Your data, passwords, and private keys **never leave your machine**. Protect data at rest, across databases, and in cold storage.

[Get Started Free](/pricing) [How it works](/security)

qnsqy

 LIVE

$

NIST FIPS 203/204/205 ALGORITHMS

12+ ALGORITHM FAMILIES

HYBRID DEFENSE-IN-DEPTH

AIR-GAPPED (LINUX)

ZERO DATA COLLECTION

Name QuaNtum SeQuritY

·

Command `qnsqy`

·

Extension `.qs`

Security At A Glance

**Encryption:** NIST FIPS 203/204/205 + 206 (draft) post-quantum algorithms + classical hybrid

**Network:** File content, passwords, and private keys never leave your machine. Linux CLI: seccomp-bpf restricts all network syscalls to billing.quantumsequrity.com only; Windows and GUI: no kernel-level enforcement, use physical air-gap.

**Privacy:** No cloud storage of your files. No telemetry on file operations. Only billing metadata (tier, credit counter) transits, under a PQC-envelope over HTTPS.

01

## The threat is already here

Nation-state actors are harvesting encrypted data *today*, waiting for quantum computers to break it *tomorrow*.

This is called [Harvest Now, Decrypt Later](/blog/harvest-now-decrypt-later).

Medical records. Legal documents. Financial data. Trade secrets. Everything encrypted with RSA or ECDH today becomes readable once quantum computers arrive, whether it lives on a laptop, in a database, on backup tape, or in a cold-storage archive.

Sensitive data needs protection that lasts *decades*, not years, across every layer it touches.

2026 HARVESTING

203X Q-DAY

Q-Day: The moment a cryptographically-relevant quantum computer becomes operational. Most estimates place it within the next 10-15 years.

02

## The solution is simple

A

### Quantum-Resistant

Built on NIST-approved post-quantum standards (FIPS 203, 204, 205). Not experimental. Production-ready encryption with AES-256-GCM. All tiers include [hybrid ML-KEM + X25519 key encapsulation](/blog/ml-kem-explained) for quantum resistance.

B

### Local-Only by Design

File content, passwords, and private keys never leave your device. Works fully offline for file operations. The only network traffic is encrypted billing metadata to billing.quantumsequrity.com, restricted by seccomp-bpf on Linux CLI. Windows and GUI: use a physical air-gap for the strongest isolation.

C

### Zero-Knowledge Architecture

No accounts. No registration. No cloud storage. We never see your passwords, your files, or your encryption keys. Everything happens locally.

D

### Memory-Hard Key Derivation

Uses Argon2id (OWASP recommended) for password hashing. Brute-force attacks become computationally impractical.

E

### Authenticated Encryption

AES-256-GCM ensures both confidentiality and integrity. Any tampering is detected immediately upon decryption.

F

### Forward Secrecy

Unique file keys for every encryption operation. Compromising one file doesn't compromise others.

03

## How it works

01

### Select

Point QNSQY at any data you hold: documents, databases, backups, or archival cold storage.

02

### Encrypt

One command. Enter your password. QNSQY handles the rest with quantum-safe hybrid algorithms.

03

### Store

The resulting .qs output is safe from both classical and quantum attacks, at rest or in transit.

04

### Decrypt

When you need access, decrypt with your password. Integrity verified automatically.

For organizations migrating databases, replication streams, or long-retention cold storage off classical cryptography, QNSQY offers scoped professional services (readiness assessment, DB migration, cold storage PQC, migration-as-a-service). See [Pricing](/pricing#professional-services).

04

## Proof, not promises

Every claim on this page resolves to a file, a test, or a standard you can look up yourself. Links below point at the actual sources. No testimonials, no fabricated logos, no invented numbers.

01

### Known Answer Tests

17 KAT modules cross-checked against NIST ACVP, FIPS, and RFC reference vectors.

Source: `qs-ultra/tests/kat/` covers ML-KEM, ML-DSA, SLH-DSA, HQC, Falcon, LMS, AES-GCM, XChaCha20, Ed25519, X25519, Argon2id, HKDF-SHA3, HMAC, SHA-2, SHA-3, BLAKE3, Shamir.

02

### Official NIST and IETF reference vectors

3,300+ cases exercised against vectors from NIST ACVP, NIST CAVP, NIST FIPS publications, and IETF RFCs. Includes ML-KEM (240), ML-DSA (285), SLH-DSA (372), AES-128-GCM (45), AES-256-GCM CAVP (100), HMAC (1,950), SHA-2 / SHA-3 (~620), Ed25519 (54), and BLAKE3 (105).

Source: `qs-ultra/tests/kat/vectors/` (44 vector files). HQC and Falcon are exercised by roundtrip and corruption-rejection tests; their NIST submission KAT format does not match our PQClean-derived wrappers, so we are explicit that they are not vector-replayed.

02b

### [NIST ACVP-Server full replay](/security#nist-acvp-validation)

18,703 / 0 vectors pass / fail against ACVP-Server v1.1.0.42 (commit `15c0f3deeefbfa`). 100.00% non-skipped pass rate. 33 of 50 algorithm directories at 100% NIST coverage: HMAC (all 22 dirs), ML-DSA keyGen + sigVer, ML-KEM keyGen, SLH-DSA (all 12 parameter sets), SHA-2-256 / 512 / 512-256, SHAKE-128 (FIPS 202), XECDH-SSC. 11,259 documented skips. Not FIPS 140-3 / CMVP certification (on the roadmap).

Source: `qs-ultra/tests/acvp_official.rs`, `qs-ultra/tests/acvp_official/`. Reproduce with the standalone harness on [/validation](/validation); source access for customers and auditors on request under NDA. Write-up: [/blog/nist-acvp-validation](/blog/nist-acvp-validation).

03

### Algorithms actually wired up

ML-KEM-512/768/1024, ML-DSA-44/65/87, SLH-DSA (6 parameter sets), FN-DSA-512/1024, LMS/HSS, HQC-128/192/256, X25519, Ed25519, AES-256-GCM, XChaCha20-Poly1305, Argon2id, HKDF-SHA3-256, BLAKE3.

Source: `qs-ultra/crates/qnsqy-core/src/crypto/` modules `kem.rs`, `sign.rs`, `aead.rs`, `argon2.rs`, `hkdf.rs`, `shamir.rs`. Anchors: FIPS 203, 204, 205, 206 (draft), SP 800-208.

04

### Source available on request

Source code is held in a private GitHub organization while we finish a security review. We share read access with prospects, integrators, and auditors who ask. Public open-source release is on the roadmap; until then, "trust us, here's the code" is honest.

Organization: [`github.com/quantumsequrity`](https://github.com/quantumsequrity). Request read access via the [`contact`](/contact) form.

05

### Builds for every major OS

OS-native packages produced for Linux (DEB, RPM), macOS (.app bundle), and Windows (NSIS, MSI). Linux packages ship a SHA-256 manifest plus an embedded ML-DSA-87 binary signature; macOS ships ready for codesign + notarization with your Apple Developer ID; Windows can be signed with a self-signed cert by default and re-signed with a CA cert before distribution.

Source: `qs-ultra/packaging/linux/`, `qs-ultra/packaging/macos/`, `qs-ultra/packaging/windows/`. Direct downloads at [`download.html`](/download).

06

### Benchmarks you can rerun

Criterion benchmark harnesses for Argon2, AEAD (AES-GCM, XChaCha20), ML-KEM keygen/encap/decap, ML-DSA keygen/sign/verify, SLH-DSA, and hybrid roundtrips.

Source: `qs-ultra/benches/pqc_benchmarks.rs`, `qs-ultra/benches/crypto_benchmarks.rs`. Run locally with `cargo bench`.

07

### Multi-agent security audits

20+ dated audit reports checked into the repository, covering crypto, billing, packaging, MCP, and infrastructure.

Source: dated audit reports maintained in the project repository, spanning crypto, billing, packaging, MCP, and infrastructure reviews.

08

### Pinned dependency graph

Every transitive dependency is pinned by exact version + checksum in `Cargo.lock`, committed in-tree. Two parties starting from the same git commit pull byte-identical sources for every crate. Bit-for-bit reproducible release binaries (fixed timestamps, normalized paths, deterministic linker) are on the roadmap , not yet wired in.

Source: `qs-ultra/Cargo.lock` tracked in git.

05

## Built on open standards

Public, peer-reviewed cryptographic standards. No security through obscurity. No proprietary algorithms.

### Hybrid KEM

ML-KEM + X25519

FIPS 203 lattice-based, all tiers

### Code-Based KEM

[HQC](/blog/hqc-explained) + X25519

NIST Round 4 backup to ML-KEM (Business)

### Hybrid Signatures

ML-DSA + Ed25519

FIPS 204 lattice-based, defense-in-depth

### NTRU Signatures

[FN-DSA (Falcon)](/blog/fn-dsa-falcon-explained)

FIPS 206 (draft) compact signatures (Business)

### Stateful Hash Signatures

[LMS](/blog/lms-stateful-signatures)

SP 800-208 hash-only security (Business)

### Hash-Based Signatures

SLH-DSA

FIPS 205 stateless (Pro+)

### Symmetric Encryption

[AES-256-GCM](/blog/aes-256-gcm-explained)

XChaCha20-Poly1305 also available

### Password Hashing

Argon2id

OWASP recommended, memory-hard

### Integrity

[BLAKE3](/blog/blake3-hashing)

7x faster than SHA-256, Merkle tree

### Network Access

None

Air-gapped by design

Memory-hard password hashing Authenticated encryption Forward secrecy Tamper detection No telemetry

[Full Security Details](/security)

06

## Simple, transparent pricing

Free

qnsqy

$0

Forever free. ML-KEM-512 + ML-DSA-44 always unlimited (0 credits).

- Hybrid ML-KEM-512 + X25519
- ML-DSA-44 signatures
- AES-256-GCM + XChaCha20-Poly1305 AEAD
- Argon2id (128 MB, 3 iterations)
- BLAKE3 integrity verification
- 100 MB per-file limit (advanced algorithms only)
- Encrypt / Decrypt / Sign / Verify / Hash / Shred
- Compression (zstd)
- GUI + CLI + TUI + MCP included
- All platforms (Windows, macOS, Linux)

[Get Started Free](/pricing)

MOST POPULAR

Pro

qnsqy

$29/mo

Everything you need for serious protection.

- Everything in Free, plus:
- ML-KEM-768/1024 (NIST Level 3/5)
- ML-DSA + Ed25519 hybrid signatures
- SLH-DSA hash-based signatures
- Batch encrypt/decrypt
- Password change (rekey)
- Password vault
- Audit logging
- Custom Argon2 (up to 256 MB)
- 25 GB maximum file size
- **R74:** triple-polyglot, self-extracting polyglot, tripwire URL, keyfile-from-any-file, ABE

[Start Pro](/pricing)

FULL PLATFORM

Business

qnsqy

$149/mo

Full platform for teams and compliance documentation. $1,490/yr (save 17%), self-serve.

- Everything in Pro, plus:
- FN-DSA (Falcon) NTRU signatures
- HQC code-based KEM (backup to ML-KEM)
- LMS stateful hash-based signatures
- Threshold encryption (M-of-N)
- 12+ algorithm families
- Unlimited file size

[Start Business](/pricing)

CONTRACT

Enterprise

qnsqy

Contact sales

Custom terms. Signed SLA. Dedicated engineering channel.

- Everything in Business, plus:
- Custom seat counts and volume pricing
- Signed SLA (business hours; 24/7 4-hour available)
- Dedicated Slack / email channel
- Quarterly 4-hour readiness consult
- White-glove onboarding
- Named customer-success contact
- Air-gap license + HSM integration (v7.3 roadmap)

[Contact sales](/contact)

[Full Feature Comparison](/pricing)

07

## Services

Beyond the CLI: end-to-end PQC migration services. Scoped engagements, written deliverables, no retainers.

01 · available now

### PQC Readiness Assessment

Fixed-scope 2 to 4 week discovery powered by qnsqy scan. Risk-ranked inventory, HNDL exposure, CNSA 2.0 and NIST IR 8547 gap map, remediation roadmap with estimates.

[See full scope on the Services page.](/services#readiness)

02 · available now

### Migration as a Service

File-tree PQC migration powered by qnsqy migrate. Atomic, resumable, rollback-safe. Discovery, design, implementation, validation, and handover.

[See full scope on the Services page.](/services#maas)

03 · coming soon

### Database Migration to PQC

In-place TDE and key-wrapping migration for PostgreSQL, MySQL, Oracle, SQL Server. Pilot waitlist open. Today, DB key-material discovery is handled by the Readiness Assessment.

[Join the pilot waitlist.](/services#database-migration)

04 · coming soon

### Cold Storage PQC

Re-envelope the key material on long-retention archives. Tape, S3 Glacier, Azure Archive. Pilot waitlist open. Today, manual re-envelope workflows are covered under MaaS.

[Join the pilot waitlist.](/services#cold-storage)

[All Services](/services)

08

## Quick start

### Encrypt a file

```
# Encrypt (prompts for password)
$ qnsqy encrypt -i secret.pdf
# Output: secret.pdf.qs

# Encrypt with compression
$ qnsqy encrypt -i largefile.tar -z
# Output: largefile.tar.qs (compressed)
```

### Decrypt a file

```
# Decrypt (prompts for password)
$ qnsqy decrypt -i secret.pdf.qs
# Output: secret.pdf (original restored)
```

### Securely delete original

```
# 3-pass secure delete
$ qnsqy shred secret.pdf
# File overwritten and deleted
```

[Full Documentation](/docs)

09

## Why QNSQY?

| Feature | QNSQY | 7-Zip | GPG | VeraCrypt |
| --- | --- | --- | --- | --- |
| Post-quantum safe | Yes | No | No | No |
| Memory-hard KDF | Argon2id | PBKDF2 | S2K | PBKDF2 |
| Large file streaming | Yes | Limited | No | Yes |
| Authenticated encryption | Yes | Yes | Yes | Yes |
| Digital signatures | ML-DSA | No | RSA/ECDSA | No |
| Network Blocked* | Linux CLI | No | No | No |
| Works Offline | Yes | Yes | Yes | Yes |

[Full Feature Comparison](/features)

10

## Common questions

What is quantum-safe encryption?

Quantum-safe encryption uses algorithms designed to resist attacks from both classical and quantum computers. QNSQY uses a **hybrid approach** combining post-quantum (ML-KEM, ML-DSA, SLH-DSA) with classical algorithms (X25519, Ed25519) using AND construction, so attackers must break BOTH to succeed. This provides defense-in-depth against both quantum and classical threats. All algorithms are NIST-standardized (FIPS 203/204/205).

What happens if I forget my password?

Your files cannot be recovered. This is by design. QNSQY uses zero-knowledge architecture: we never see your password and have no way to recover encrypted files. We recommend keeping secure backups of critical passwords. Business tier users have optional key escrow features for organizational recovery scenarios.

Is this better than 7-Zip or GPG?

For quantum resistance, yes. 7-Zip and GPG use traditional cryptography that quantum computers will eventually break. QNSQY specifically addresses this threat with NIST-approved post-quantum algorithms. Additionally, QNSQY uses Argon2id for key derivation (more resistant to brute-force than the older algorithms used by 7-Zip and GPG) and provides authenticated encryption with tamper detection by default.

Does this work offline?

Data encryption, decryption, signing, and verification run locally and work offline. No data-operation telemetry is collected. **Note on air-gap:** The CLI does contact billing.quantumsequrity.com to validate your subscription tier and credit counter; the response is cached for up to 7 days of offline work. Kernel-level network restriction to billing-only is enforced on Linux CLI via seccomp-bpf. On Windows/macOS/GUI, physically disconnect from the network for a true air-gap.

What operating systems are supported?

Verified end-to-end for v7.2.32 on Linux x86_64 (Ubuntu 22.04 / 24.04 / 24.10 / 25.04 / 25.10, Debian 12 / 13, Fedora 40-44, AlmaLinux 10) and Windows 10 (1809+) / 11 x86_64. Install via npm, the apt or dnf repo, or a direct .deb / .rpm / Windows installer (.exe) download. Requires glibc 2.35+ on Linux; RHEL 10 (same glibc 2.39 as AlmaLinux 10) works, but RHEL / Rocky / AlmaLinux 9 ship glibc 2.34 and are not supported. macOS and Linux ARM64 builds are not yet available.

[All Questions](/faq)

11

## Learn the cryptography

Plain-language deep dives on the algorithms, threats, and standards behind post-quantum encryption.

primer · 8 min read

### What is post-quantum cryptography?

The full story: why RSA and ECC break, what NIST standardized, and how PQC actually protects data today.

[Read the primer.](/blog/what-is-post-quantum-cryptography)

threat · 6 min read

### CRQC: what it means

Cryptographically Relevant Quantum Computer, defined. Qubit thresholds, gate fidelity, and realistic timelines.

[Decode the term.](/blog/crqc-meaning-explained)

design · 7 min read

### Hybrid encryption explained

Why every serious PQC deployment combines a lattice KEM with X25519 , and what happens if either side fails.

[See the construction.](/blog/hybrid-encryption)

comparison · 9 min read

### ML-DSA vs SLH-DSA

Lattice signatures versus hash-based: speed, size, assumptions, and when to pick which for your threat model.

[Compare the signatures.](/blog/mldsa-vs-slhdsa)

playbook · 12 min read

### Implementing PQC in your org

Step-by-step migration playbook: inventory, risk-rank, pilot, roll out. Avoids the common rewrite trap.

[Get the playbook.](/blog/implementing-pqc-your-organization)

standards · 10 min read

### NIST FIPS 203, 204, 205, 206

A guided tour of the four post-quantum standards: scope, parameters, test vectors, and what they don't cover.

[Read the standards guide.](/blog/nist-fips-guide)

scenario · 7 min read

### Q-Day: when quantum breaks encryption

What actually happens the day a CRQC arrives, who is exposed first, and which workflows must shift before then.

[See the scenario.](/blog/q-day-when-quantum-breaks-encryption)

report · 11 min read

### State of PQC in 2026

Where vendors, regulators, and standards bodies stand right now. Adoption numbers, gaps, and what to watch next.

[Read the 2026 report.](/blog/pqc-state-2026)

[All Blog Posts](/blog)

## Your data. *Yours.*

Not your cloud provider's. Not your government's. Not ours. Take control with post-quantum encryption across every layer: laptops, databases, and cold storage.

[Get Started Free](/pricing) [View Pricing](/pricing)