PQC & Security
Comprehensive security reference for QuantaVirt — post-quantum cryptographic algorithms, QUAC 100 hardware acceleration, key management, VM attestation, confidential computing with AMD SEV-SNP and Intel TDX, memory encryption, secure boot, and compliance frameworks.
Security Overview #
QuantaVirt is the first hypervisor designed from the ground up with post-quantum cryptography. Every cryptographic operation — disk encryption, network tunnels, VM attestation, migration authentication, and key management — uses NIST-standardized PQC algorithms. When a Dyber QUAC 100 accelerator card is present, all PQC operations are hardware-accelerated with sub-microsecond latency.
| Security Layer | Protection | Algorithm |
|---|---|---|
| Storage encryption | Data at rest | ML-KEM key wrapping + AES-256-GCM / ChaCha20-Poly1305 |
| Network tunnels | Data in transit | ML-KEM key exchange + AES-256-GCM |
| VM attestation | Identity verification | ML-DSA digital signatures |
| Migration auth | Host authentication | ML-DSA mutual authentication + ML-KEM session keys |
| Memory encryption | RAM protection | AMD SEV-SNP (AES-128) / Intel TDX (AES-128-XTS) |
| Secure boot | Integrity chain | ML-DSA signature verification on hypervisor image |
| Random generation | Entropy source | QUAC 100 QRNG (quantum random number generator) |
Threat Model #
QuantaVirt's security architecture addresses the following threat categories:
| Threat | Vector | Mitigation |
|---|---|---|
| Harvest-now-decrypt-later | Adversary captures encrypted data today, decrypts with future quantum computer | All encryption uses PQC algorithms resistant to Shor's and Grover's algorithms |
| VM escape | Guest exploits hypervisor vulnerability | Hardware isolation (VMX/SVM), IOMMU DMA protection, memory encryption (SEV/TDX) |
| Side-channel attack | Spectre/Meltdown-class microarchitectural leaks | IBRS, STIBP, L1TF flush, MDS mitigations, core scheduling |
| Compromised hypervisor host | Attacker gains root on host | SEV-SNP / TDX: even hypervisor cannot read guest memory |
| Network interception | Man-in-the-middle on VM traffic | PQC-encrypted tunnels with ML-KEM key exchange |
| Disk theft | Physical access to storage media | PQC-encrypted disk images with hardware-backed keys |
| Rogue VM impersonation | VM claims false identity | ML-DSA attestation with hardware-rooted trust chain |
PQC Algorithms #
QuantaVirt implements NIST FIPS 203 (ML-KEM) and FIPS 204 (ML-DSA) post-quantum standards, with SLH-DSA (FIPS 205) as a stateless hash-based backup.
ML-KEM (Key Encapsulation)
| Parameter Set | Security Level | Public Key | Secret Key | Ciphertext | Shared Secret | Use Case |
|---|---|---|---|---|---|---|
| ML-KEM-512 | NIST Level 1 (128-bit) | 800 B | 1,632 B | 768 B | 32 B | Development, low-security testing |
| ML-KEM-768 | NIST Level 3 (192-bit) | 1,184 B | 2,400 B | 1,088 B | 32 B | General production (recommended) |
| ML-KEM-1024 | NIST Level 5 (256-bit) | 1,568 B | 3,168 B | 1,568 B | 32 B | Maximum security, classified workloads |
ML-DSA (Digital Signatures)
| Parameter Set | Security Level | Public Key | Secret Key | Signature | Use Case |
|---|---|---|---|---|---|
| ML-DSA-44 | NIST Level 2 (128-bit) | 1,312 B | 2,560 B | 2,420 B | VM attestation, general signing |
| ML-DSA-65 | NIST Level 3 (192-bit) | 1,952 B | 4,032 B | 3,309 B | Migration auth, production (recommended) |
| ML-DSA-87 | NIST Level 5 (256-bit) | 2,592 B | 4,896 B | 4,627 B | Maximum security, government workloads |
Symmetric Algorithms
| Algorithm | Type | Key Size | Use |
|---|---|---|---|
| AES-256-GCM | AEAD | 256-bit | Disk encryption, network tunnel bulk cipher |
| ChaCha20-Poly1305 | AEAD | 256-bit | Alternative AEAD (no AES-NI required) |
| SHA3-256 / SHA3-512 | Hash | — | Integrity verification, key derivation input |
| SHAKE-128 / SHAKE-256 | XOF | — | Extensible output for ML-KEM/ML-DSA internals |
| HKDF-SHA3-256 | KDF | — | Derive encryption keys from ML-KEM shared secrets |
QUAC 100 Integration #
The Dyber QUAC 100 is a PCIe Gen5 x8x8 cryptographic accelerator card that provides hardware-accelerated PQC operations and quantum random number generation. When installed in the hypervisor host, QuantaVirt automatically delegates all PQC operations to the QUAC 100.
| Capability | Software Backend | QUAC 100 Hardware |
|---|---|---|
| ML-KEM-768 Keygen | ~120 μs | ~0.7 μs |
| ML-KEM-768 Encaps | ~150 μs | ~0.6 μs |
| ML-KEM-768 Decaps | ~140 μs | ~0.6 μs |
| ML-DSA-65 Sign | ~800 μs | ~2.5 μs |
| ML-DSA-65 Verify | ~300 μs | ~1.2 μs |
| AES-256-GCM | ~2 GB/s (AES-NI) | ~25 GB/s |
| QRNG Entropy | N/A (uses /dev/urandom) | 100 Mbps true quantum random |
| Aggregate throughput | ~10K ops/sec | ~1.4M ops/sec (ML-KEM) |
# Check QUAC 100 status
quantavirt pqc status
# PQC Backend: QUAC 100 Hardware
# Device: 0000:03:00.0 (vendor=0x1DB7 device=0x0100)
# Firmware: 1.0.0
# Temperature: 42°C
# Operations/sec: 234,567 (current load)
# QRNG Status: Active (entropy pool: full)
# Key Store: 12 / 1024 slots used
# Run PQC self-test
quantavirt pqc self-test
# ML-KEM-512: PASS (keygen, encaps, decaps)
# ML-KEM-768: PASS (keygen, encaps, decaps)
# ML-KEM-1024: PASS (keygen, encaps, decaps)
# ML-DSA-44: PASS (keygen, sign, verify)
# ML-DSA-65: PASS (keygen, sign, verify)
# ML-DSA-87: PASS (keygen, sign, verify)
# AES-256-GCM: PASS
# QRNG: PASS (NIST SP 800-90B)Key Management #
QuantaVirt maintains a hierarchical key store. When a QUAC 100 is present, private keys are stored in the hardware's secure key store and never exposed to host software. Without QUAC 100, keys are stored in an encrypted file on disk, protected by a passphrase-derived key.
# Generate keys
quantavirt pqc key-gen --algorithm ML-KEM-768 --name storage-master --store quac100
quantavirt pqc key-gen --algorithm ML-DSA-65 --name host-identity --store quac100
# List keys
quantavirt pqc key-list
# NAME ALGORITHM STORE CREATED PURPOSE
# storage-master ML-KEM-768 QUAC 100 2026-01-15T10:00:00Z Storage encryption KEK
# host-identity ML-DSA-65 QUAC 100 2026-01-15T10:00:01Z Host authentication
# vm-attest-001 ML-DSA-44 QUAC 100 2026-01-15T11:30:00Z VM attestation
# Rotate a key (generates new key, re-encrypts all dependent resources)
quantavirt pqc key-rotate storage-master
# Export public key (for remote host trust establishment)
quantavirt pqc key-export host-identity --public --output host-identity.pub
# Import a remote host's public key (for migration trust)
quantavirt pqc key-import --name remote-host-01 --input remote-host.pubVM Attestation #
VM attestation provides cryptographic proof of a VM's identity and configuration. The hypervisor signs a measurement of the VM's initial state (firmware, kernel, initrd, boot parameters) with an ML-DSA key. Remote parties can verify the attestation report to confirm the VM is running the expected software.
# Enable attestation on a VM
"pqc": {
"enabled": true,
"attestation": {
"enabled": true,
"algorithm": "ML-DSA-65",
"key": "vm-attest-001",
"measure": ["firmware", "kernel", "initrd", "cmdline", "config_hash"]
}
}
# Request attestation report
quantavirt vm attest web-01
# Attestation Report:
# VM: web-01
# Algorithm: ML-DSA-65
# Signer: vm-attest-001
# Timestamp: 2026-01-15T14:30:00Z
# Measurements:
# firmware: sha3-256:a1b2c3d4... (OVMF 2024-Q4)
# kernel: sha3-256:e5f6a7b8... (vmlinuz-6.6.0)
# initrd: sha3-256:c9d0e1f2... (initramfs-6.6.0)
# cmdline: sha3-256:34567890...
# config: sha3-256:abcdef01...
# Signature: ML-DSA-65:0x3045...
# Status: VALID
# Verify attestation report externally
quantavirt pqc verify-attestation \
--report attestation-web01.json \
--pubkey vm-attest-001.pubConfidential Computing #
Confidential computing protects VM data even from a compromised hypervisor host. QuantaVirt supports AMD SEV, SEV-ES, SEV-SNP, and Intel TDX for hardware-enforced memory encryption and integrity protection.
| Technology | Vendor | Memory Encryption | Register Protection | Integrity | Attestation | CPU Required |
|---|---|---|---|---|---|---|
| SEV | AMD | ✅ AES-128 | ⌠| ⌠| ⌠| EPYC 7001+ (Naples) |
| SEV-ES | AMD | ✅ AES-128 | ✅ Encrypted VMSA | ⌠| ⌠| EPYC 7002+ (Rome) |
| SEV-SNP | AMD | ✅ AES-128 | ✅ Encrypted VMSA | ✅ RMP | ✅ Hardware | EPYC 7003+ (Milan) |
| TDX | Intel | ✅ AES-128-XTS | ✅ | ✅ MAC | ✅ Hardware | Xeon 4th Gen+ (Sapphire Rapids) |
# Enable SEV-SNP on a VM
"security": {
"type": "sev-snp",
"policy": {
"min_fw_version": "1.51",
"debug": false,
"migrate": false,
"smt_allowed": true
}
}
# Enable TDX on a VM
"security": {
"type": "tdx",
"attributes": {
"debug": false,
"sept_ve_disable": true
}
}
# Check confidential computing capability
quantavirt system cc-status
# AMD SEV: Supported (EPYC 7003)
# AMD SEV-ES: Supported
# AMD SEV-SNP: Supported (firmware 1.51)
# Intel TDX: Not available (AMD platform)
# Max VMs: 509 (SEV ASIDs available)Memory Encryption #
Beyond hardware confidential computing, QuantaVirt provides software-level memory encryption using the PQC subsystem. This protects VM memory pages from cold-boot attacks, DMA attacks (when IOMMU is not available), and physical memory probing.
# VM config — enable PQC memory encryption
"memory": {
"size": "4G",
"encrypted": true
}
# Memory encryption is layered:
# 1. Hardware: SEV-SNP / TDX encrypts at the CPU level (if available)
# 2. Software: PQC subsystem encrypts EPT/NPT pages (supplemental)Secure Boot Chain #
QuantaVirt implements a measured boot chain from firmware to hypervisor kernel. Each stage verifies the integrity of the next stage using ML-DSA signatures before transferring control.
/* Secure boot chain */
UEFI Firmware (platform root of trust)
│
â–¼ Verify ML-DSA signature on bootloader
QuantaVirt Bootloader (GRUB / systemd-boot UKI)
│
â–¼ Verify ML-DSA signature on hypervisor kernel
QuantaVirt Kernel
│
â–¼ Verify ML-DSA signature on PQC subsystem module
PQC Subsystem + QUAC 100 Driver
│
â–¼ QUAC 100 firmware integrity check
QUAC 100 Hardware Initialization
│
â–¼ Measure VM firmware before launch
VM Launch (with attestation)Security Auditing #
# View security audit log
quantavirt audit list --last 24h
# TIMESTAMP EVENT SUBJECT DETAIL
# 2026-01-15T10:00:01Z pqc.key.generated storage-master ML-KEM-768, QUAC 100
# 2026-01-15T10:05:30Z vm.attestation.generated web-01 ML-DSA-65, VALID
# 2026-01-15T10:10:00Z storage.encrypted classified ML-KEM-768 / AES-256-GCM
# 2026-01-15T14:00:00Z network.tunnel.established pqc-overlay ML-KEM-768 → 192.168.1.20
# 2026-01-15T15:00:00Z network.tunnel.rekeyed pqc-overlay session key rotated
# Export audit log (for SIEM integration)
quantavirt audit export --format json --output /var/log/quantavirt-audit.json
# Syslog forwarding
# /etc/quantavirt/quantavirt.conf
[audit]
enabled = true
syslog = true
syslog_facility = "auth"
file = "/var/log/quantavirt/audit.log"Compliance & Standards #
| Standard | Status | Relevance |
|---|---|---|
| FIPS 203 (ML-KEM) | ✅ Implemented | Key encapsulation for all encryption operations |
| FIPS 204 (ML-DSA) | ✅ Implemented | Digital signatures for attestation and authentication |
| FIPS 205 (SLH-DSA) | ✅ Implemented | Stateless hash-based backup signature scheme |
| FIPS 140-3 | 🔄 IUT (atsec) | Cryptographic module validation (targeting Level 2) |
| CNSA 2.0 | ✅ Compliant | NSA Commercial National Security Algorithm Suite |
| NIST SP 800-90B | ✅ Compliant | Entropy source validation (QUAC 100 QRNG) |
| Common Criteria | 📋 Planned | EAL4+ evaluation target |