QUAC 100 Security Policy

QUAC100-SEC-001FIPS 140-3 Level 3

This document defines the security policy for the QUAC 100 Quantum-Resistant Universal Accelerator Card as required for FIPS 140-3 Level 3 validation. It describes the cryptographic boundary, approved algorithms, security mechanisms, physical security, and operator roles.

Target Certifications #

StandardTarget LevelRequirementsStatus
FIPS 140-3Level 3Physical security, role-based authentication, key managementIUT — atsec
Common CriteriaEAL4+Security functional requirements per Protection ProfilePlanned
NIST SP 800-90BFull complianceEntropy source validation for QRNGDesign complete
NIST SP 800-57Full complianceKey management lifecycleDesign complete
AIS 31PTG.2 complianceGerman BSI entropy requirementsDesign complete
CNSA 2.0Full complianceNSA Commercial National Security Algorithm SuiteCompliant

Cryptographic Boundary #

The cryptographic boundary encompasses the entire QUAC 100 PCIe card assembly, including all four XCZU7EV MPSoC processors, on-board DDR4 memory (2× 8 GB), QRNG entropy sources, flash storage, the PCB, and the card's physical enclosure with tamper-detection mesh. All cryptographic processing occurs within this boundary; no plaintext Critical Security Parameters (CSPs) cross the boundary except through the PCIe interface under authenticated operator sessions.

┌─────────────────── Cryptographic Boundary ───────────────────┐
│                                                              │
│  ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐               │
│  │  U0    │ │  U1    │ │  U2    │ │  U3    │  4× XCZU7EV   │
│  │ KEM    │ │ QRNG   │ │ NTT    │ │ SIG    │  MPSoC        │
│  │ Engine │ │ Engine │ │ Engine │ │ Engine │               │
│  └────────┘ └────────┘ └────────┘ └────────┘               │
│                                                              │
│  ┌──────────────────┐  ┌──────────────────┐                 │
│  │ DDR4 8GB (U0/U1) │  │ DDR4 8GB (U2/U3) │  Key Storage   │
│  └──────────────────┘  └──────────────────┘                 │
│                                                              │
│  ┌─────────────┐  ┌──────────────┐  ┌───────────────┐      │
│  │ QRNG Sources│  │ Flash Storage │  │ Tamper Sensors │      │
│  │ (×4 entropy)│  │ (512 MB QSPI)│  │ (mesh + env)  │      │
│  └─────────────┘  └──────────────┘  └───────────────┘      │
│                                                              │
├──────────────────────────────────────────────────────────────┤
│  PCIe Gen5 x16 Interface (164-pin edge connector)           │
└──────────────────────────────────────────────────────────────┘

Approved Algorithms #

The QUAC 100 implements only NIST-approved post-quantum and classical algorithms. In FIPS mode, non-approved algorithms are disabled and cannot be invoked.

AlgorithmStandardKey SizesUse
ML-KEM (Kyber)FIPS 203512 / 768 / 1024Key encapsulation mechanism
ML-DSA (Dilithium)FIPS 20444 / 65 / 87Digital signatures
SLH-DSA (SPHINCS+)FIPS 205128/192/256 × s/fHash-based digital signatures
SHA-3 / SHAKEFIPS 202256 / 384 / 512Internal hashing, NTT operations
AES-256-GCMFIPS 197 / SP 800-38D256-bitFirmware encryption, key wrapping
RSA-4096FIPS 186-54096-bitFirmware signature verification
QRNGSP 800-90BN/AQuantum entropy source

Operator Roles #

FIPS 140-3 Level 3 requires identity-based authentication for all operator roles. The QUAC 100 enforces three distinct roles with hardware-level access controls:

RoleAuthenticationPermissions
Crypto OfficerIdentity-based (certificate + PIN)Key management, firmware update, configuration, self-test, audit log access
UserRole-based (token)Cryptographic operations (KEM, sign, verify, QRNG), key use (not management)
AuditorIdentity-based (certificate + PIN)Read-only access to audit logs and health status; cannot perform crypto operations

Separation of duties is enforced: the Crypto Officer role cannot be combined with the Auditor role. Critical operations such as firmware updates and key zeroization require Crypto Officer authentication.

Physical Security #

FIPS 140-3 Level 3 requires tamper evidence and tamper response. The QUAC 100 implements comprehensive physical security:

MechanismImplementationResponse
Tamper-detection meshActive conductive mesh over sensitive componentsImmediate zeroization of all CSPs
Temperature monitoringMultiple on-die and board-level sensorsSuspend operations on anomaly; zeroize on extreme
Voltage monitoringRail monitors on all power domainsSuspend on glitch detection
Clock monitoringFrequency and jitter monitorsSwitch to backup clock on manipulation
Enclosure integrityTamper-evident seals and optical break detectionLog event; zeroize if active tamper
ESD protection±8 kV contact, ±15 kV air dischargeClamping diodes on all external interfaces
 
/* Tamper Response Register (hardware-defined) */
Bit 0: Mesh breach detected         → Initiate full zeroization
Bit 1: Unauthorized debug access     → Disable debug interfaces
Bit 2: Memory access violation       → Lockout failing interface
Bit 3: Fault injection attempt       → Enable redundant computation
Bit 4: Voltage glitch detected       → Suspend operations
Bit 5: Temperature anomaly           → Thermal protection mode
Bit 6: Clock manipulation detected   → Switch to backup clock
Bit 7: Physical tamper detected      → Initiate zeroization

Side-Channel Countermeasures #

The QUAC 100 implements adaptive side-channel protections specifically designed for post-quantum algorithms, as detailed in Dyber Patent Application "Adaptive Side-Channel Countermeasures for Post-Quantum Cryptographic Hardware" (June 2025).

Attack VectorCountermeasureAlgorithm Coverage
Power analysis (SPA/DPA)Constant-power execution, randomized operation scheduling, noise injection during polynomial arithmeticML-KEM, ML-DSA, SLH-DSA
Timing analysisConstant-time implementations, rejection sampling protection, random delaysML-DSA (rejection sampling), SLH-DSA (tree traversal)
Electromagnetic emanationShielding, randomized memory access patterns, signal obfuscationAll algorithms
Fault injectionRedundant computation, result verification, error detection codesAll algorithms
Cache timingCache-line-aligned access, constant-index memory operationsML-KEM (NTT), SLH-DSA (hash trees)

The adaptive protection system uses real-time threat detection to dynamically adjust countermeasure intensity. Under normal operation, minimal overhead is applied. When potential side-channel attack patterns are detected (abnormal data correlations, suspicious access patterns), the system escalates protection automatically.

Key Management #

Key lifecycle management follows NIST SP 800-57 guidelines:

PhasePolicy
GenerationKeys generated using on-board QRNG (SP 800-90B compliant). Entropy source validated before each key generation.
StorageKeys stored in dedicated on-device secure memory with hardware access controls. Maximum 65,536 keys per device.
UseKey usage tracked per role. Keys may be restricted to specific operations (e.g., sign-only, encaps-only).
ExportPublic keys exportable by User role. Private key export requires Crypto Officer authentication and is audit-logged.
ArchivalKeys may be wrapped with AES-256-GCM and exported for encrypted backup. Wrapped keys are device-bound.
DestructionCryptographic zeroization per FIPS 140-3. Memory overwritten with zeros, then random data, then verified zero.
 
# Key zeroization — immediate and complete
$ quac-admin key zeroize --key-id 0x001A --confirm
Key 0x001A zeroized:
  Memory cleared:   3 passes (zero → random → zero → verify)
  Duration:         0.012ms
  Audit logged:     Event #4821 at 2026-01-15T10:22:41Z

# Emergency zeroization of ALL keys
$ quac-admin zeroize-all --confirm --reason "incident response"
WARNING: This will destroy ALL 247 keys on device 0.
Confirmation: ZEROIZE-ALL-247-KEYS
Zeroizing... done (1.8ms)
Audit event: EMERGENCY_ZEROIZE #4822

Self-Test Requirements #

FIPS 140-3 requires both power-on self-tests and conditional self-tests:

Test TypeWhen ExecutedTests Performed
Power-on self-testEvery boot / firmware loadFirmware integrity check (SHA-384), KAT for all approved algorithms, QRNG health test, memory BIST, inter-chip link verification
Conditional self-testBefore first use of each algorithmKnown Answer Test (KAT) for the specific algorithm variant being used
Continuous QRNG testEvery entropy blockNIST SP 800-90B continuous health testing — repetition count test and adaptive proportion test
Periodic self-testConfigurable interval (default: 24h)Full self-test suite identical to power-on

If any self-test fails, the device enters an error state and inhibits all cryptographic output until the issue is resolved. The error is logged to the tamper-evident audit log.

Audit Logging #

The QUAC 100 maintains a tamper-evident, append-only audit log stored in protected flash (16 MB capacity, approximately 500,000 events). Each event is cryptographically chained using HMAC-SHA-384 to detect any tampering or deletion.

Logged events include: operator authentication (success/failure), key lifecycle operations (generate, import, export, destroy), firmware updates, self-test results, tamper detection events, configuration changes, and error conditions.

# View recent audit events
$ quac-admin audit --last 5
#4822 2026-01-15T10:22:45Z CRYPTO_OFFICER  EMERGENCY_ZEROIZE  247 keys destroyed
#4821 2026-01-15T10:22:41Z CRYPTO_OFFICER  KEY_ZEROIZE        key_id=0x001A
#4820 2026-01-15T10:20:11Z USER            KEM_ENCAPS         alg=KYBER_768 key=0x0012
#4819 2026-01-15T10:20:10Z SYSTEM          SELF_TEST_PASS     periodic (24h)
#4818 2026-01-15T09:15:02Z CRYPTO_OFFICER  AUTH_SUCCESS       cert=CN=admin@dyber.org

Audit chain integrity: VALID (HMAC-SHA-384 verified, 4822 events)
← API Reference Troubleshooting →