About ExeQuantum

High level explanation of what we do, how we do it

ExeQuantum's API, or Post-Quantum Cryptography as a Service (PQCaaS), is a cloud-based API that aims to allow integration of Post-Quantum Cryptography into your system easily, seamlessly and quickly, regardless of your framework, language or level, while letting you defer "crypto-agility" to us.

What does ExeQuantum do exactly?

In a nutshell, instead of you having to learn the PQC algorithms, then keep up with the constantly changing standards, as well as having to deal with the heavier computations related to said algorithms, we do it for you. Our API utilises a Post-Quantum TLS to ensure that the communication between your device and our server remains secure as any keys or shared secrets get sent over.

Here's how Alice and Bob will utilise PQCaaS to secure their end-to-end communication:

1

Alice:

1) Generate a private-public key pair by calling into our generate_key endpoint.

2) Send the public key to Bob and keep the private key.

2

Bob:

1) Generate a shared secret and "encapsulate" the shared secret by using Alice's public key to encrypt it using the encapsulate endpoint.

3) Send the encapsulated secret to Alice.

3

Alice (again)

1) "Decapsulate" the encapsulated secret with the private key she kept using the decapsulate endpoint.

2) Now Bob and Alice have a shared secret to perform symmetric encryption to secure their communication.

PQCaaS KEM

Essentially, we run the algorithms and give you back the values that are generated out of them.

Putting "agility" in "crypto-agility"

After you integrate PQCaaS into your system, you no longer have to worry about evolving standards, backwards compatibility and all the other headaches involved with the whole "Crypto-agility" stuff. With the algorithms being run in our backend, we can take care of updating the standards, patching vulnerabilities and even changing the whole algorithm.

Disclaimers

ExeQuantum does not store any of the keys (public or private), secrets, or signatures we generate.

That's why we can't just do the shared secrets distribution ourselves, and instead work with all .

This is done for multiple reasons:

1. Privacy - What you encrypt (or decrypt) with our keys is non of our business. We just want to make sure you stay secure.

2. Security - In the unlikely event that we get hacked and user data is breached in a manner that makes it accessible to malicious actors, they won't be able to access or decrypt any of the keys, signatures or encrypted data you generated while using us.

While these are some amazing upsides, this does mean that you need to practice basic care with keys. You need to make sure you store the private keys and shared secret somewhere safe. You'll also need to keep on top of your API token's safety - mishandling your API token can lead to someone else being able to use your API on your behalf, which can not only be insecure but very expensive.

ExeQuantum is not a replacement for good cybersecurity practices

Our key service is generating you keys that are thought to be safe from quantum powered attacks. Just like RSA is not meant to prevent social engineering and other related attacks, PQC is focused on securing encryption, not being the whole cybersecurity department.

Make sure to practice common sense security practices when coding, and that includes when using our API.

Redundancies and fallbacks are always good

Our API deploys various protections, such as firewalls, anti-DDOSing and other measures to ensure that we stay operational. That said, we have yet to deploy measures against an astroid falling on our servers, so we can't guarantee that we'll never be down. When integrating our API, please make sure to have a fallback for a case of failure. It's good practice in general.