QUAC 100 Developer Guide
This guide covers QuantaCore SDK integration patterns, language-specific bindings, standard cryptographic interface providers, multi-tenant deployment, and performance optimization for the QUAC 100 accelerator.
SDK Architecture #
The QuantaCore SDK provides a layered architecture with a native C library at its core, language bindings built on top, and standard interface providers (OpenSSL, PKCS#11, CNG) that integrate with existing cryptographic infrastructure.
┌──────────────────────────────────────────────────────────â”
│ Application Layer │
│ ┌──────────┠┌──────────┠┌────────┠┌──────┠┌──────â”│
│ │ Python │ │ Rust │ │ Go │ │ Java │ │ C# ││
│ │ Bindings │ │ Crate │ │ Module │ │ JNI │ │ P/I ││
│ └────┬─────┘ └────┬─────┘ └───┬────┘ └──┬───┘ └──┬───┘│
├───────┼─────────────┼───────────┼─────────┼────────┼────┤
│ ┌────┴─────────────┴───────────┴─────────┴────────┴──┠│
│ │ libquac100 (Native C API) │ │
│ └──────────────────────┬─────────────────────────────┘ │
├─────────────────────────┼───────────────────────────────┤
│ Standard Providers │ │
│ ┌──────────┠┌────────┴──┠┌──────────┠│
│ │ OpenSSL │ │ PKCS#11 │ │ Windows │ │
│ │ 3.x Prov │ │ v2.40 │ │ CNG Prov │ │
│ └──────────┘ └───────────┘ └──────────┘ │
├─────────────────────────────────────────────────────────┤
│ Kernel Driver (quac100.ko / quac100.sys) │
├─────────────────────────────────────────────────────────┤
│ QUAC 100 Hardware (4× XCZU7EV) │
└─────────────────────────────────────────────────────────┘| Language | Package | Min Version | Install |
|---|---|---|---|
| C / C++ | libquac100 | C11 / C++17 | SDK installer (included) |
| Rust | quantacore | 1.70+ | cargo add quantacore |
| Python | quantacore | 3.8+ | pip install quantacore |
| Go | quantacore | 1.21+ | go get github.com/dyber-inc/quantacore-go |
| Java | quantacore-jni | 11+ | Maven: com.dyber:quantacore:1.0.0 |
| C# / .NET | Dyber.QuantaCore | .NET 6+ | dotnet add package Dyber.QuantaCore |
| Node.js | @dyber/quantacore | 18+ | npm install @dyber/quantacore |
Core Cryptographic Operations #
ML-KEM (Kyber) — Key Encapsulation
ML-KEM provides quantum-resistant key encapsulation for establishing shared secrets. The QUAC 100 accelerates all three parameter sets using a patented Radix-32 NTT architecture running at 1 GHz.
| Parameter Set | Security | Public Key | Secret Key | Ciphertext | Shared Secret |
|---|---|---|---|---|---|
| ML-KEM-512 (Kyber-512) | NIST Level 1 | 800 B | 1,632 B | 768 B | 32 B |
| ML-KEM-768 (Kyber-768) | NIST Level 3 | 1,184 B | 2,400 B | 1,088 B | 32 B |
| ML-KEM-1024 (Kyber-1024) | NIST Level 5 | 1,568 B | 3,168 B | 1,568 B | 32 B |
/* ML-KEM-768 Key Exchange — C Example */
#include <quac100.h>
quac_init();
quac_device_t dev;
quac_open(0, &dev);
/* Key Generation */
quac_key_t keypair;
quac_kem_keygen(dev, QUAC_ALG_KYBER_768, &keypair);
/* Encapsulation (sender side) */
uint8_t ct[1088], ss_a[32];
size_t ct_len = sizeof(ct), ss_len = sizeof(ss_a);
quac_kem_encaps(keypair, ct, &ct_len, ss_a, &ss_len);
/* Decapsulation (receiver side) */
uint8_t ss_b[32];
size_t ss_b_len = sizeof(ss_b);
quac_kem_decaps(keypair, ct, ct_len, ss_b, &ss_b_len);
/* ss_a == ss_b (32-byte shared secret) */
quac_destroy_key(keypair);
quac_close(dev);
quac_shutdown();ML-DSA (Dilithium) — Digital Signatures
| Parameter Set | Security | Public Key | Secret Key | Signature |
|---|---|---|---|---|
| ML-DSA-44 (Dilithium-2) | NIST Level 2 | 1,312 B | 2,528 B | 2,420 B |
| ML-DSA-65 (Dilithium-3) | NIST Level 3 | 1,952 B | 4,000 B | 3,293 B |
| ML-DSA-87 (Dilithium-5) | NIST Level 5 | 2,592 B | 4,864 B | 4,595 B |
/* ML-DSA-65 Sign/Verify — C Example */
quac_key_t sigkey;
quac_sign_keygen(dev, QUAC_ALG_DILITHIUM_3, &sigkey);
uint8_t message[] = "Critical transaction data";
uint8_t signature[3293];
size_t sig_len = sizeof(signature);
/* Sign */
quac_sign(sigkey, message, sizeof(message)-1, signature, &sig_len);
/* Verify */
quac_result_t valid = quac_verify(sigkey, message, sizeof(message)-1,
signature, sig_len);
/* valid == QUAC_SUCCESS if signature is valid */QRNG — Quantum Random Number Generation
The QUAC 100 includes four integrated photonic quantum entropy sources delivering true quantum random numbers at over 100 MB/s. Output is conditioned per NIST SP 800-90B and suitable for direct use as cryptographic key material.
/* QRNG — Generate 256 bits of quantum-random entropy */
uint8_t random_bytes[32];
size_t rand_len = sizeof(random_bytes);
quac_random(dev, random_bytes, &rand_len);
/* Bulk entropy — fill a 1 MB buffer */
uint8_t *bulk = malloc(1024 * 1024);
size_t bulk_len = 1024 * 1024;
quac_random(dev, bulk, &bulk_len); /* ~9ms at 112 MB/s */OpenSSL 3.x Provider Integration #
The QuantaCore OpenSSL provider enables transparent hardware acceleration for applications that use OpenSSL. No application code changes are required — configure the provider and existing TLS/PKI workflows automatically use the QUAC 100.
# openssl.cnf — Add QuantaCore provider
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
default = default_sect
quantacore = quantacore_sect
[default_sect]
activate = 1
[quantacore_sect]
module = /opt/dyber/quantacore/lib/ossl-modules/quantacore.so
activate = 1# Verify provider is loaded
$ openssl list -providers
Providers:
default
name: OpenSSL Default Provider
status: active
quantacore
name: Dyber QuantaCore Provider
version: 1.0.0
status: active
# Generate ML-DSA-65 key pair via OpenSSL CLI
$ openssl genpkey -provider quantacore -algorithm mldsa65 -out server_key.pem
# Create a self-signed certificate with ML-DSA
$ openssl req -new -x509 -provider quantacore -key server_key.pem \
-out server_cert.pem -days 365 -subj "/CN=pqc.example.com"
# Test TLS with PQC key exchange + signatures
$ openssl s_server -provider quantacore -cert server_cert.pem -key server_key.pemPKCS#11 v2.40 Provider #
The PKCS#11 module enables integration with enterprise PKI infrastructure, Java KeyStores, Firefox/Thunderbird, and any PKCS#11-aware application.
# Register the PKCS#11 module
# Module path: /opt/dyber/quantacore/lib/libquac-pkcs11.so (Linux)
# C:\Program Files\Dyber\QuantaCore\bin\quac-pkcs11.dll (Windows)
# Initialize a token with SO PIN
$ pkcs11-tool --module /opt/dyber/quantacore/lib/libquac-pkcs11.so \
--init-token --label "QUAC100-Token" --so-pin 12345678
# Set user PIN
$ pkcs11-tool --module /opt/dyber/quantacore/lib/libquac-pkcs11.so \
--init-pin --login --so-pin 12345678 --pin 87654321
# Generate ML-KEM-768 keypair on the token
$ pkcs11-tool --module /opt/dyber/quantacore/lib/libquac-pkcs11.so \
--login --pin 87654321 \
--keypairgen --mechanism CKM_ML_KEM_768 \
--label "pqc-kem-key"
# List objects on token
$ pkcs11-tool --module /opt/dyber/quantacore/lib/libquac-pkcs11.so \
--login --pin 87654321 --list-objects| Mechanism | Algorithm | Operations |
|---|---|---|
| CKM_ML_KEM_512 | ML-KEM-512 | KeyGen, Encaps, Decaps |
| CKM_ML_KEM_768 | ML-KEM-768 | KeyGen, Encaps, Decaps |
| CKM_ML_KEM_1024 | ML-KEM-1024 | KeyGen, Encaps, Decaps |
| CKM_ML_DSA_44 | ML-DSA-44 (Dilithium-2) | KeyGen, Sign, Verify |
| CKM_ML_DSA_65 | ML-DSA-65 (Dilithium-3) | KeyGen, Sign, Verify |
| CKM_ML_DSA_87 | ML-DSA-87 (Dilithium-5) | KeyGen, Sign, Verify |
| CKM_SLH_DSA_* | SLH-DSA (SPHINCS+) variants | KeyGen, Sign, Verify |
| CKM_QUAC_QRNG | Quantum RNG | C_GenerateRandom |
Language-Specific Examples #
Rust
use quantacore::{Device, Algorithm, Result};
fn main() -> Result<()> {
quantacore::init()?;
let dev = Device::open(0)?;
// ML-KEM-768 key exchange
let keypair = dev.kem_keygen(Algorithm::Kyber768)?;
let (ciphertext, shared_secret_a) = dev.kem_encaps(&keypair)?;
let shared_secret_b = dev.kem_decaps(&keypair, &ciphertext)?;
assert_eq!(shared_secret_a, shared_secret_b);
// ML-DSA-65 signature
let sigkey = dev.sign_keygen(Algorithm::Dilithium3)?;
let message = b"Important document";
let signature = dev.sign(&sigkey, message)?;
assert!(dev.verify(&sigkey, message, &signature)?);
// QRNG
let random: Vec<u8> = dev.random(32)?;
dev.close()?;
quantacore::shutdown()?;
Ok(())
}Python
import quantacore
quantacore.init()
dev = quantacore.open(0)
# ML-KEM-768
keypair = dev.kem_keygen(quantacore.ALG_KYBER_768)
ct, ss_a = dev.kem_encaps(keypair)
ss_b = dev.kem_decaps(keypair, ct)
assert ss_a == ss_b
# ML-DSA-65
sigkey = dev.sign_keygen(quantacore.ALG_DILITHIUM_3)
sig = dev.sign(sigkey, b"Transaction record #12345")
assert dev.verify(sigkey, b"Transaction record #12345", sig)
# QRNG — 1 KB of quantum randomness
entropy = dev.random(1024)
print(f"Entropy: {len(entropy)} bytes, first 8: {entropy[:8].hex()}")
# Async batch operations (high-throughput mode)
futures = [dev.kem_encaps_async(keypair) for _ in range(1000)]
results = quantacore.await_all(futures)
dev.close()
quantacore.shutdown()Go
package main
import (
"fmt"
"log"
qc "github.com/dyber-inc/quantacore-go"
)
func main() {
if err := qc.Init(); err != nil { log.Fatal(err) }
defer qc.Shutdown()
dev, err := qc.Open(0)
if err != nil { log.Fatal(err) }
defer dev.Close()
// ML-KEM-768
keypair, _ := dev.KEMKeygen(qc.AlgKyber768)
ct, ssA, _ := dev.KEMEncaps(keypair)
ssB, _ := dev.KEMDecaps(keypair, ct)
fmt.Printf("Shared secrets match: %v\n", ssA == ssB)
// QRNG
random, _ := dev.Random(32)
fmt.Printf("Random: %x\n", random)
}Multi-Tenant Deployment #
The QUAC 100 supports hardware-isolated multi-tenancy through SR-IOV virtual functions. Each tenant receives dedicated cryptographic resources with hardware-enforced isolation via the QuantaVirt virtualization platform.
| Feature | Specification |
|---|---|
| Virtual Functions (VFs) | Up to 64 VFs per physical card |
| Resource Allocation | Per-VF NTT engine, memory partition, and key store |
| Isolation Model | Hardware-enforced — no shared cryptographic state between VFs |
| Key Store per VF | Up to 1,024 keys per virtual function |
| QoS Enforcement | Per-VF rate limiting and priority scheduling |
| Hypervisor Support | KVM/QEMU (VFIO), VMware ESXi (SR-IOV), Kubernetes (device plugin) |
# Enable SR-IOV (Linux host)
echo 16 > /sys/class/quac/quac0/sriov_numvfs
# Verify VFs created
lspci | grep -i dyber
# 0000:3b:00.0 Processing accelerator: Dyber QUAC 100 (PF)
# 0000:3b:00.1 Processing accelerator: Dyber QUAC 100 (VF)
# ... (16 VFs)
# Assign VF to a VM via VFIO
echo "0000:3b:00.1" > /sys/bus/pci/drivers/vfio-pci/bind
# Kubernetes device plugin
# In pod spec:
# resources:
# limits:
# dyber.com/quac100: 1Performance Optimization #
| Operation | Throughput | Latency (avg) | vs. Software |
|---|---|---|---|
| ML-KEM-768 KeyGen | 523K ops/sec | 1.91 μs | 38× |
| ML-KEM-768 Encaps | 814K ops/sec | 1.23 μs | 43× |
| ML-KEM-768 Decaps | 798K ops/sec | 1.25 μs | 41× |
| ML-DSA-65 Sign | 215K ops/sec | 4.65 μs | 28× |
| ML-DSA-65 Verify | 512K ops/sec | 1.95 μs | 35× |
| QRNG Output | 112 MB/sec | N/A | N/A (true quantum) |
Optimization tips:
1. Batch operations: Use quac_kem_encaps_batch() and async APIs to submit multiple operations and amortize PCIe round-trip latency. Batch sizes of 64–256 yield optimal throughput.
2. Pin CPU affinity: Pin the calling thread to the NUMA node closest to the QUAC 100's PCIe slot to minimize cross-socket memory copies.
3. Pre-allocate key handles: Reuse quac_key_t handles rather than generating new keys per operation. Key generation is the most expensive operation.
4. Use DMA-friendly buffers: Allocate input/output buffers with quac_alloc() for page-aligned, DMA-capable memory that avoids kernel bounce buffers.
/* High-throughput batch encapsulation */
#define BATCH_SIZE 256
quac_batch_t batch;
quac_batch_create(dev, &batch, BATCH_SIZE);
for (int i = 0; i < BATCH_SIZE; i++) {
quac_batch_add_encaps(batch, keypair, ct_buf[i], &ct_lens[i],
ss_buf[i], &ss_lens[i]);
}
quac_batch_submit(batch); /* Single PCIe round-trip for 256 ops */
quac_batch_wait(batch); /* Block until all complete */
quac_batch_destroy(batch);Asynchronous Operations #
The async API enables non-blocking cryptographic operations using a future/callback pattern. This is essential for high-concurrency servers that cannot block on individual cryptographic operations.
/* Async KEM with callback */
void on_encaps_done(quac_async_t *op, quac_result_t result, void *user_data) {
if (result == QUAC_SUCCESS) {
/* Ciphertext and shared secret are now available */
struct my_ctx *ctx = (struct my_ctx *)user_data;
send_ciphertext(ctx->conn, op->ct, op->ct_len);
}
}
quac_async_t *op;
quac_kem_encaps_async(keypair, ct_buf, &ct_len, ss_buf, &ss_len,
on_encaps_done, my_ctx, &op);
/* ... do other work while hardware processes ... */
/* Or poll manually */
quac_result_t status;
quac_async_poll(op, &status);
if (status == QUAC_SUCCESS) { /* done */ }Was this page helpful? Send feedback to docs@dyber.org