Quantum Secure Cryptographic Library (QSC)
A replacement-class cryptographic platform combining primitives, certificate infrastructure, and TLS inside one coherent C23 codebase
QSC is the foundational software asset of the QRCS portfolio. It is not merely a bundle of algorithms. It combines modern symmetric cryptography, post-quantum and classical asymmetric primitives, deterministic key derivation, entropy and DRBG subsystems, a complete X.509 certificate layer, and an in-progress full TLS 1.3 stack inside a single dependency-free engineering model.
Within the QRCS stack, QSC is the common implementation substrate that makes the broader protocol family commercially credible as an integrated platform. Its replacement value is defined against fragmented library combinations that force operators to mix unrelated cryptographic, certificate, and transport dependencies. QSC instead offers one auditable base aligned to post-quantum migration, deterministic behavior, and long lifecycle deployment.
Portable reference code and optimized instruction-set paths are organized under one internally consistent API and validation model.
ML-KEM, Classic McEliece, HQC, ML-DSA, SLH-DSA, Falcon, ECDH, EdDH, ECDSA, and EdDSA are exposed through a single library boundary.
Certificate lifecycle handling, trust-store validation, and a layered TLS 1.3 implementation place QSC beyond primitive-only toolkits.
The library emphasizes explicit validation, constant-time discipline, regression control, fuzzing, NIST vectors, and platform portability.
Executive Summary
Acquirer-oriented synopsis of QSC as the foundational software layer of the QRCS cryptographic stack.
Open Executive SummaryTechnical Specification
Detailed inventory of algorithms, module scope, interfaces, implementation constraints, and engineering assumptions.
Open Technical SpecificationIntegration Guide
Practical guidance for embedding QSC into products, appliances, services, and protocol stacks under real deployment constraints.
Open Integration GuideSource Repository
Current public implementation base, companion validation projects, and release notes describing recent library expansion.
Open GitHub RepositoryQSC should be read as a full cryptographic platform, not a narrow primitive library
The portfolio chapter positions QSC as the foundational software asset of QRCS because the library spans primitive coverage, secure communications infrastructure, portability, validation discipline, and the implementation substrate used by the rest of the protocol family.
Why the library is commercially unusual
Most post-quantum libraries expose algorithm families and leave certificate handling, TLS, entropy management, or platform integration to external dependencies. QSC instead collects those responsibilities inside one coherent codebase. That matters to acquirers because it changes the asset from an algorithm package into a replacement-class cryptographic foundation.
| Dimension | Primitive-only libraries | QSC |
|---|---|---|
| Primitive coverage | Usually limited or family-specific | PQ, classical, symmetric, hash, MAC, DRBG, KDF |
| Certificate layer | External dependency | Integrated X.509 and ASN.1 infrastructure |
| TLS support | Usually absent | Layered TLS 1.3 stack built on QSC primitives |
| Engineering model | Mixed or dependency-driven | Single dependency-free C23 codebase |
| Validation posture | Variable | KATs, NIST vectors, fuzzing, stress, round-trip tests |
Acquisition-oriented interpretation
QSC is the software layer that gives the wider QRCS portfolio architectural coherence. The portfolio chapter makes the point directly: without QSC, the other assets are protocols; with QSC, they become parts of an integrated secure infrastructure stack. That is why the library should be treated as a Tier 1 strategic asset.
- It supports long-term post-quantum migration without tying the buyer to one asymmetric family.
- It reduces third-party dependency risk by bringing certificate and transport infrastructure in-house.
- It offers a credible route into firmware, secure appliances, enterprise services, and government-grade deployments.
- It enforces deterministic cryptographic lifecycles, improving auditability and reducing implementation ambiguity.
- It aligns with compliance-driven environments through MISRA-oriented design and strict runtime validation boundaries.
- It consolidates primitives, certificate handling, and transport security into a single coherent engineering model.
Broad primitive coverage across symmetric, post-quantum, classical, and deterministic support layers
The QSC chapter and repository README both emphasize breadth as a defining property. The library is designed so that key generation, authenticated encryption, certificate validation, and protocol establishment can remain inside one audited boundary rather than being delegated to unrelated packages.
Cryptographic inventory
| Area | Coverage in QSC |
|---|---|
| Post-quantum KEMs | ML-KEM, Classic McEliece, HQC |
| Post-quantum signatures | ML-DSA, SLH-DSA, Falcon |
| Classical key exchange | ECDH P-256, P-384, P-521; X25519; X448 |
| Classical signatures | ECDSA P-256, P-384, P-521; Ed25519; Ed448 |
| Symmetric ciphers | AES, RCS, CSX, ChaCha20-Poly1305 |
| Hash / XOF | SHA2, SHA3, SHAKE, cSHAKE |
| MACs | KMAC, QMAC, HMAC, Poly1305 |
| KDF / hardening | cSHAKE-based derivation, SCB |
| Randomness | DRBGs and entropy providers |
Proprietary constructions that differentiate the library
The portfolio chapter highlights QSC’s proprietary internal assets because they are both implemented and separately documented. This matters strategically. A serious acquirer is not just acquiring wrappers around standards. It is acquiring library-level intellectual property with an engineering and documentation trail.
| RCS | Rijndael-based authenticated AEAD stream cipher intended for high-assurance transport and storage paths. |
|---|---|
| CSX | ChaCha-derived authenticated stream construction positioned for high-speed packet and message protection. |
| QMAC | Keccak-centered message authentication primitive for deterministic integrity binding. |
| SCB | Memory-hard, SHAKE-derived cost-based KDF supporting configurable hardness profiles. |
X.509 lifecycle handling and TLS 1.3 scaffolding move QSC beyond algorithm exposure
The commercially important distinction in the portfolio chapter is that QSC does not stop at primitives. The repository now explicitly includes a complete X.509 infrastructure and an in-progress full TLS 1.3 stack, materially changing how the library should be valued.
X.509 certificate infrastructure
| Subsystem | Scope |
|---|---|
| Parsing and semantic verification | Strict DER and BER-capable ASN.1 decoding with certificate semantics enforced inside the library. |
| Certificate lifecycle | Certificate generation, CRL generation, PKCS#10 CSR handling, OCSP response validation, PKCS#12 bundle handling. |
| Trust and peer validation | Trust-store management, chain verification, hostname and IP matching, extension decoding. |
| PQ / classical profiles | Native support for classical ECDSA and post-quantum ML-DSA certificate paths. |
This is a significant engineering differentiator because many libraries still treat post-quantum certificate support as experimental, partial, or externalized. In QSC, certificate parsing, validation, and signature verification for post-quantum algorithms are integrated directly into the core X.509 subsystem rather than delegated to external tooling or transitional wrappers. This reduces integration complexity and ensures that post-quantum identity handling is subject to the same deterministic and auditable execution model as the rest of the library.
TLS 1.3 module map
| Core layers | Type definitions, protocol constants, protocol limits, error codes, alerts, record framing, low-level codec, and TLS I/O. |
|---|---|
| Negotiation and crypto | Named groups, signature algorithm registry, extension encoding and decoding, HKDF-based key schedule, transcript hash maintenance. |
| State machine | Handshake container and entry points for client and server behavior, including Finished processing and certificate handling. |
| Lifecycle modules | Session resumption, TLS certificate management, certificate messages, policy configuration, high-level client wrapper, and high-level server wrapper. |
MISRA-aligned implementation discipline, portability, and validation are part of the asset
The QSC chapter is unusually explicit that engineering quality is not a side note. Portability, intrinsic optimization, deterministic behavior, secure coding discipline, and validation coverage are all part of the library’s strategic value because they reduce porting cost and assurance risk for an acquirer or integrator.
Secure coding posture
The repository describes QSC as written to MISRA C secure coding guidelines and aligned to current FIPS standards for standardized post-quantum algorithms. The engineering aim is explicit validation, deterministic control flow, and auditable structure.
| Standards focus | MISRA C, FIPS-203, FIPS-204, FIPS-205 |
|---|---|
| Operational goal | Auditability and predictable behavior |
Dual performance path
The library is built around clean portable reference implementations alongside AVX, AVX2, and AVX-512 intrinsic-optimized variants. This preserves portability by default while allowing serious throughput on modern CPUs.
| Reference path | Portable C for broad deployment and review |
|---|---|
| Optimized path | Instruction-set acceleration for high-performance targets |
Validation coverage
Known-answer tests, official NIST ACVP/CAVP vectors, fuzzing, stress testing, round-trip correctness checks, and companion compliance and wrapper projects show that the library is organized for regression control rather than mere demonstration.
| Companion projects | QSCTest, QSCCAVP, QSCNETCW |
|---|---|
| Targets | Windows, Linux, macOS |
The library is intended to support real secure systems, not isolated algorithm calls
The portfolio chapter stresses that QSC reaches beyond bare cryptography in strategically useful ways. It is positioned for firmware, appliances, embedded devices, secure services, and protocol servers that need one coherent substrate rather than a patchwork of unrelated components.
Where QSC fits operationally
- Embedded and firmware deployments requiring deterministic behavior and minimal dependency footprint.
- Secure appliances and gateways where certificate, transport, and primitive layers must be audited together.
- Enterprise and government services requiring post-quantum migration without fragmented library risk.
- Protocol implementations across the QRCS stack, including tunnels, messaging, relay systems, access protocols, and identity frameworks.
- Long-lifecycle infrastructure where cryptographic stability, reproducibility, and controlled upgrade paths are mandatory.
- Regulated environments that require full-stack traceability from primitive selection through certificate validation and transport enforcement.
The library’s explicit support for hostname and IP validation inside X.509 handling is a narrow but revealing example of the broader design principle: QSC is engineered to operate in real protocol environments.
QSC is the software layer that turns QRCS from a collection of designs into a deployable platform
The portfolio chapter closes with a direct strategic conclusion: QSC is one of the few QRCS assets that can stand on its own as an acquisition target because it combines primitive breadth, protocol depth, post-quantum coverage, certificate infrastructure, transport infrastructure, intrinsic-optimized performance paths, and a validation-oriented engineering posture in one codebase. That combination is unusual in the current market.
For a buyer, the practical implication is speed. Acquiring QSC is not merely acquiring algorithms. It is acquiring a coherent implementation substrate that can accelerate post-quantum modernization, reduce external dependency concentration, and provide a stable base for higher-level secure products and services.