System Architecture v2.1

QUANTUMPY

Enterprise-grade cryptographic orchestration designed for stateless resilience and post-quantum threat containment.

AES-256-GCM READY VERIFIED

Secure Handover Protocol

QuantumPy facilitates the safe encryption and transmission of sensitive data between parties. By leveraging end-to-end pass-key logic, you can securely give data to another person, ensuring that even if the assets are intercepted by third parties, they remain completely impenetrable. Both sender and receiver leverage the QuantumPy engine to maintain high-integrity localized encryption and decryption.

UNIFIED PASS-KEY
SAFE TRANSIT

Security Boundaries

Defining the perimeter in a post-compromise environment.

Defensive Capabilities

Offline Immunity Protects data against full physical storage acquisition.
Tamper Evidence Detects unauthorized modification via GCM authentication tags.
Asymmetric Resistance Memory-hard Argon2id cost makes GPU/ASIC attacks economically infeasible.

Out of Scope

OS Level Compromise Cannot defend against keyloggers or kernel-level scrapers.
Active RAM Extraction Physical cold-boot attacks during runtime are outside the crypto-primitive scope.

Cryptographic Primitives

QuantumPy shifts from legacy PBKDF2 to memory-hard foundations, ensuring long-term data durability against evolving compute capabilities.

AES-256-GCM

Authenticated encryption providing IND-CCA2 security levels.

AAD Binding

Cryptographic metadata binding to prevent splicing attacks.

Startup Diagnostic PASS KAT Vector & Integrity Validated
NOMINAL
Brute-Force Resistance

KDF Efficiency Scaling

Relative computational cost for automated GPU clusters.

Configuration Lab

Simulate how the engine optimizes performance based on host hardware availability.

System RAM Reservation 16 GB
Argon2 Memory 256 MB
Block size 64 MB

Protocol Settings Guide

Comprehensive reference for engine configuration and operational security.

Secure Shredder

Defense Against Forensics Overwrite original files with cryptographically random data before deletion. Prevents recovery tools (Recuva, EnCase) from salvaging unencrypted remnants from the disk platter or flash cells.

Use for: Sensitive localized assets

Container Strategy

ZIP vs RAW ZIP: Standard compatibility. RAW: A custom stream format that supports pause/resume operations for large datasets. RAW strips standard headers, offering slightly better obfuscation.

Use RAW for: Multi-GB Backups

Block Optimization

Performance Tuning Controls the chunk size (1MB - 64MB) for the GCM pipeline. Larger blocks increase throughput on modern CPUs but require higher RAM. 'Auto' mode scales based on available system memory.

Recommended: 16MB or Auto

Keyfile Auth (2FA)

Physical Token Requires both a password AND a specific file (image, document, or random keyfile) to decrypt. If the keyfile is missing, the password alone is mathematically useless.

Use for: High-value targets

Steganography

Plausible Deniability Embeds the encrypted payload inside a carrier file (like a standard JPEG or WAV). The output remains a valid, viewable image, hiding the existence of the secret data.

Limit: 500MB payload

Camouflage Mode

Evasion Masks the output file as a system log (`.log`) or binary data file (`.dat`), allowing it to blend into system folders and avoid casual visual inspection.

Use for: Shared environments

Stream Format: .qenc

Stateless binary layout designed for resumable, high-integrity I/O.

MAGIC
4b
VER
1b
SALT
16b
NONCE
12b
LEN
METADATA (JSON)
TAG
ENCRYPTED HEADER BLOCK
CHUNK 0
CHUNK 1
...
DATA PAYLOAD STREAM

Enterprise Archetypes

Specialized configurations for critical operations.