What is PQ Crypta?

PQ Crypta defines a new category of security infrastructure: the Post-Quantum Operational Intelligence Platform (PQ-OIP) — a unified environment that validates, observes, and operationalizes post-quantum cryptography across real systems, real protocols, and real deployments.

A PQ-OIP is not a library. Not a PKI vendor. Not a migration consultancy. It is a living operational substrate that gives engineering teams the same capabilities observability platforms gave SREs: continuous insight, reproducible validation, and actionable intelligence for a cryptographic world undergoing irreversible change.

What Makes This a New Category?

Existing players occupy narrow buckets:

• PQC Libraries (liboqs, pqm4) → Code, not operations
• PKI Vendors → Certificates, not protocol behavior
• Crypto-Agility Platforms → Inventory, not validation
• Consultancies → Documents, not reproducible tooling
• Research Labs → Papers, not operational systems

None combine protocol scanning, operational observability, reproducible validation, and developer-centric tooling into a single platform. PQ Crypta is the first.

The Four Pillars of PQ-OIP

PQ Crypta delivers post-quantum operational intelligence through a dual-architecture system: interactive PHP/JavaScript applications for hands-on exploration, and a high-performance Rust API backend for production integration.

Core Mission: Provide continuous cryptographic observability and actionable intelligence for teams preparing for the post-quantum transition — from protocol validation to production deployment.

Dual Architecture Design

1. Frontend Layer (PHP 8.4 + Vanilla JavaScript ES6)

• 30+ interactive web applications
• Zero-knowledge client-side cryptography
• Real-time visualization (Three.js, WebGL, WebGPU)
• Modern build system (Vite.js 7.0.4)
• Deployed on Apache HTTP/2 (port 8080)

2. Backend API Layer (Rust + Axum Framework)

• 547 REST API endpoints (351 static + 196 algorithm-specific)
• High-performance async runtime (Tokio)
• Enterprise business logic services
• PostgreSQL database integration
• Deployed on Rust API server (port 3003)

Endpoint Breakdown:

• 351 static endpoints (core services, analytics, auth, blockchain, etc.)
• 196 algorithm-specific endpoints (31 algorithms × 7 operations each)
• Operations per algorithm: /keys/generate/:algorithm, /encrypt/:algorithm, /decrypt/:algorithm, /validate/:algorithm, /info/:algorithm, /benchmark/:algorithm, /algorithms/info/:algorithm

3. Reverse Proxy Layer (Nginx 1.28.0)

• HTTP/3 with QUIC protocol support
• TLS 1.3 with post-quantum hybrid key exchange (X25519MLKEM768)
• Traffic routing between frontend (pqcrypta.com) and API (api.pqcrypta.com)
• Bot protection, rate limiting, WAF integration
• WebTransport support (port 4433)

4. Database Layer (PostgreSQL 15)

• Comprehensive analytics tracking
• Health monitoring with 30-day retention
• GDPR-compliant dual-mode tracking (anonymous + consented)
• Cryptographic asset discovery inventory
• Blockchain ledger storage
• User authentication and session management

5. ML/AI Layer (Python 3.11 + Groq OpenAI GPT-OSS 120B)

• The Wizard AI Chatbot with RAG (FAISS vector store, 98,183 vectors)
• ML-based compression algorithm selection (RandomForest)
• HTTP/3 recommendation engine (RandomForest, 100 trees)
• Threat detection and bot classification
• Natural language to Regex/SQL generators

6. Automation Layer (Cron Jobs + Scripts)

• 5-minute health check validation (547 endpoints, real cryptographic workflows)
• Daily RAG indexer (codebase documentation, 98,183+ vectors)
• Hourly bot analytics parsing
• 6-hour news refresh automation
• Nightly database maintenance and cleanup (30-day GDPR retention)

All algorithms verified operational with 100% success rate across full cryptographic workflows (Key Generation → Encryption → Decryption → Validation)

Max Secure Series (7 algorithms)

• Max Secure: Lightweight - Compact keys (~800 bytes) for IoT/embedded
• Max Secure: Pure PQ - Maximum quantum resistance, pure PQC
• Max Secure: Hybrid Transition - Hybrid with transition support
• Max Secure: Stateless - Stateless signature schemes
• Max Secure: Crypto-Agile - Multi-algorithm agility
• Max Secure: PQC + ZK Stack - Zero-knowledge proofs + PQC
• Max Secure: Hybrid - Maximum security hybrid mode

FN-DSA Signature Series (6 algorithms)

• FN-DSA 512: Compact - Fast NTRU-based signatures, compact
• FN-DSA 1024: High-Security - NTRU-based, high security level
• FN-DSA: Floating-Point Hardened - FP-hardened implementation
• FN-DSA: Dual Signature - Dual signature support
• FN-DSA: Transition Stack - Transition-ready signatures
• FN-DSA + ZK Stack - FN-DSA with zero-knowledge proofs

Experimental Series (5 algorithms)

• Quantum-Inspired Lattice Fusion - Research-grade lattice cryptography
• Post-ZK Homomorphic Stack ⭐⭐⭐⭐⭐ MOST COMPLEX
  • Zero-Knowledge Proofs + Fully Homomorphic Encryption + ML-KEM-1024
  • Allows computations on encrypted data with privacy proofs
  • Key size: ~400 MB (largest), Performance: 100x+ slower (most intensive)
  • Use case: Confidential smart contracts, privacy-preserving cloud computing
• Quantum-Resistant Consensus - Consensus algorithms with PQC
• Entropy-Orchestrated PQ Stack - Entropy-based algorithm orchestration
• AI-Synthesized Crypto-Agile - AI-driven algorithm selection

Algorithm Performance Rankings:

• Fastest: Classical (baseline) → Hybrid (2-3x slower) → ML-KEM Pure (5x slower)
• Slowest: Post-ZK Homomorphic (100x+ slower, most complex)
• Key Size Range: Classical (~64 bytes) → Post-ZK Homomorphic (~400 MB)

PQ Crypta features an extensive collection of interactive web applications spanning encryption, compression, security scanning, AI tools, visualizations, and entertainment.

1. Encryption Suite (/encryption/index.php)

Purpose: Zero-knowledge client-side encryption with 31 algorithms (29 quantum-resistant)

• Dual Modes: Password Mode (simple) & Key Mode (advanced)
• 28 Total Algorithms: All quantum-resistant options available
• File Support: Text, documents, images, videos, archives (zero file size limits)
• Security: All operations client-side; keys never leave device
• Technology: @noble/post-quantum, @noble/curves, Vite.js, WebAssembly

2. Compression Platform (/compression/index.php)

Purpose: Advanced data compression testing with 14 algorithms and ML-based auto-selection

• 14 Compression Algorithms: Zstandard, Brotli, LZMA, LZ4, Snappy, Deflate, GZIP, PPMd, Arithmetic Coding, BWT, Fractal, Quantum-Inspired, Neural Network, CMIX
• ML Auto-Selection: RandomForest model recommends optimal algorithm
• PQCZ Format: PQCrypta Compressed format with metadata headers

3. PQC Readiness Scanner (/pqc-ready/index.php)

Purpose: Website TLS analysis for post-quantum cryptography support

• Grading System: A+ (PQC Ready + No Downgrade Risk), A (PQC Ready + Downgrade Risk), F (Not PQC Ready)
• Algorithm Detection: ML-KEM, ML-DSA, hybrid TLS configurations
• Certificate Analysis: X.509 parsing, signature algorithm validation

4. HTTP/3 & QUIC Scanner (/http3-quic/index.php)

Purpose: Protocol detection and performance analysis for modern web protocols

• 4-Tier Grading: A+ (HTTP/3 + QUIC + 0-RTT), A (HTTP/3 + QUIC), C (HTTP/2), F (HTTP/1.1)
• ML Recommendations: RandomForest model suggests protocol upgrades

5. Hardware Entropy Generator (/entropy/index.php)

Purpose: Interactive cryptographic randomness generation with quality testing

• 4 Entropy Sources: Hardware (CPU RDRAND), System (/dev/urandom), Quantum (ANU QRNG), Mixed (XOR combination)
• NIST Statistical Tests: Frequency, Block Frequency, Runs, Longest Run of Ones
• Quality Scoring: 0-10 scale with comprehensive metrics

6. The Wizard AI Chatbot (/ent/ml/src/chatbot/qwen_chatbot.py)

Purpose: Codebase-aware AI assistant with RAG, comprehensive PQCrypta algorithm knowledge, and security filtering

• AI Model: Groq OpenAI GPT-OSS 120B (high-speed inference, 128K context)
• RAG System: FAISS Vector Store with 98,183 total vectors
• Security Features: Prompt injection detection, output filtering, risk scoring
• Comprehensive Algorithm Knowledge: Embedded knowledge of all 28 PQCrypta algorithms

7-30. Additional Applications

• Interactive Mouse Effects - Custom cursor animations and visual effects
• Streaming Music Player - High-performance MP3 player with quantum-resistant encryption
• AI-Powered Regex Generator - Natural language to regex pattern converter
• SQL Query Generator - Natural language to SQL converter
• WebTransport Streaming Test - HTTP/3 WebTransport testing with PQC encryption
• Blockchain Platform - Quantum-resistant distributed ledger
• Web Analytics Platform - Enterprise-grade analytics with GDPR compliance
• PQC Challenge Mode - Educational cryptography puzzle platform
• Threat Detection Dashboard - Real-time bot attack monitoring
• Bot Threat Remediation - Automated bot mitigation tools
• Contact Form - Secure contact form with anti-spam
• Quantum Morphic Field Explorer - Interactive quantum field visualization
• Educational Animations - Cosmic Fluid, Neural Network, Fractal Tree, Particle System, etc.
• Resume Fixer - AI-powered resume analysis and improvement
• News Widget - Quantum computing and cryptography news aggregator
• ...and more!

Endpoint Categories

Total Endpoints: 547

• Static Endpoints: 351 (core services)
• Algorithm-Specific Endpoints: 196 (31 algorithms × 7 operations)

Static Endpoint Breakdown (351 endpoints)

Category	Count	Description
Authentication & Authorization	35	Login, OAuth, 2FA, API key management
Encryption & Cryptography	45	Key generation, encryption/decryption, validation
Analytics	60	Web analytics, tracking, metrics, exports
Blockchain & Smart Contracts	25	Block operations, transactions, mining
ML/AI Services	20	Compression, threat analysis, regex/SQL generation
Streaming	15	Stream encryption, WebTransport, session management
Batch Processing	12	Job submission, status queries, batch operations
Quantum Validation	10	Validation status, readiness verification, metrics
Zero-Knowledge Proofs	8	ZK proof generation, verification, schemes
Compliance & Audit	15	Audit logging, compliance config, certificates
Utilities	50+	Compression, health checks, benchmarks, statistics
Scanner Services	15	PQC scanning, HTTP/3 scanning, statistics
Threat & Bot Management	20	Threat dashboard, bot classification, remediation
Music & Media	10	Track listing, streaming, playlist management
Miscellaneous	20+	Contact, news, resume analysis, sessions

Algorithm-Specific Endpoints (196 endpoints)

7 Operations per Algorithm × 28 Algorithms = 196 Endpoints

For each of the 31 algorithms (29 quantum-resistant):

1. GET /keys/generate/:algorithm - Generate key pair
2. POST /encrypt/:algorithm - Encrypt data
3. POST /decrypt/:algorithm - Decrypt data
4. POST /validate/:algorithm - Validate keys
5. GET /info/:algorithm - Algorithm information
6. POST /benchmark/:algorithm - Performance benchmark
7. GET /algorithms/info/:algorithm - Detailed algorithm specs

Example URLs:

• GET https://api.pqcrypta.com/keys/generate/hybrid
• POST https://api.pqcrypta.com/encrypt/post-zk-homomorphic
• POST https://api.pqcrypta.com/decrypt/ml-kem-1024
• GET https://api.pqcrypta.com/info/max-secure-pqc-zk

PostgreSQL 15 Schema

Database: pqcrypta
User: pqcrypta_user

Core Tables

• Health Check Tables - 547-endpoint health monitoring with 5-minute cache
• Analytics Tables - Web analytics sessions, pageviews, events, errors (GDPR-compliant)
• Crypto Discovery Tables - Cryptographic asset inventory
• Blockchain Tables - Blocks, transactions, contracts, validators
• Threat Detection Tables - Bot attack logs, whitelists, patterns
• ML/AI Tables - Wizard sessions, messages, security logs, compression recommendations
• Scanner Tables - PQC scan results, HTTP/3 scanner results
• User Management Tables - Users, API keys with granular permissions, sessions, 2FA configs
• News & Content Tables - News articles, categories
• Configuration Tables - Feature flags, rate limits, system config

Database Performance

• Connection Pooling: PgBouncer (max 100 connections)
• Query Optimization: B-tree indexes on frequently queried columns
• Retention Policies: Automated cleanup (30 days for GDPR compliance)
• Backup Schedule: Nightly full backups, hourly incrementals

Python ML Services

Location: /var/www/html/public/ent/ml/
AI Model: Groq OpenAI GPT-OSS 120B (high-speed inference, 128K context)

1. The Wizard AI Chatbot

• RAG System: FAISS vector store (98,183 vectors)
• Comprehensive Algorithm Knowledge: All 28 PQCrypta algorithms embedded in system prompt
• Security Features: Prompt injection detection, output filtering, risk scoring (0.0-1.0)
• Caching: Redis (60-minute TTL)

2. Compression ML Service

• Model: RandomForest (scikit-learn)
• Training: 10,000+ compression scenarios
• Accuracy: 94.3%

3. HTTP/3 Recommendation Engine

• Model: RandomForest (100 trees)
• Training: 500+ website scans
• Accuracy: 89.7%

4. Threat Detection Classifier

• Model: Gradient Boosting (XGBoost)
• Training: 50,000+ bot request patterns
• Accuracy: 96.8%

5. Regex Generator

• Model: Groq OpenAI GPT-OSS 120B
• Caching: PostgreSQL + Redis
• Features: Natural language → Regex conversion, pattern explanation, ReDoS validation

6. SQL Generator

• Model: Groq OpenAI GPT-OSS 120B
• Databases: PostgreSQL, MySQL, SQLite, SQL Server, Oracle
• Features: Natural language → SQL conversion, database-specific syntax, SQL injection validation

1. Health Check Automation

Schedule: Every 5 minutes
Script: /var/www/html/public/ent/scripts/health_check_cron.rs

• Tests all 547 API endpoints with real cryptographic workflows
• Updates health_checks table with results
• Caches results (5-minute expiration)
• Sends alerts if critical endpoints fail

2. RAG Indexer

Schedule: Daily at 2:00 AM
Script: /var/www/html/public/ent/ml/scripts/index_codebase.py

• Scans codebase for documentation updates
• Generates embeddings using sentence-transformers
• Updates FAISS vector store (current: 98,183 vectors)

3. Bot Analytics Parser

Schedule: Hourly
Script: /var/www/html/public/scripts/parse_bot_logs.sh

• Parses Nginx access logs
• Classifies attacks (SQL injection, XSS, etc.)
• Triggers blocking rules for confirmed attacks

4. News Refresh

Schedule: Every 6 hours
Script: /var/www/html/public/news/fetch_news.php

• Fetches 50+ RSS feeds
• AI summarizes new articles (Groq API)
• Stores in PostgreSQL

5. Database Maintenance

Schedule: Nightly at 3:00 AM
Script: /var/www/html/scripts/db_cleanup.sql

• Deletes data older than 30 days (GDPR)
• Vacuums tables for performance
• Generates database statistics

1. TLS Configuration

• Protocol: TLS 1.3 only (TLS 1.2 disabled)
• Key Exchange: X25519MLKEM768 (hybrid PQC)
• Cipher Suites: CHACHA20-POLY1305, AES-256-GCM
• HSTS: Enabled (max-age=31536000, includeSubDomains)

2. Content Security Policy (CSP)

default-src 'self';
script-src 'self' 'nonce-{random}';
style-src 'self' 'nonce-{random}';
img-src 'self' data: https:;
connect-src 'self' https://api.pqcrypta.com;
frame-ancestors 'none';
upgrade-insecure-requests;

3. Web Application Firewall (WAF)

• Rules: OWASP Core Rule Set 3.3
• Blocking: SQL injection, XSS, path traversal, RCE
• Rate Limiting: 100 requests/minute per IP
• IP Blocking: Automated for repeated attacks

4. Bot Protection

• Good Bot Whitelist: Googlebot, Bingbot, monitoring services
• Challenge-Response: JavaScript execution, cookie support tests
• CAPTCHA: Google reCAPTCHA v3 for suspicious traffic
• Honeypots: Decoy endpoints to trap bots

5. GDPR Compliance

• Data Minimization: Only collect necessary data
• Anonymization: Truncated IPs, hashed visitor IDs
• 30-Day Retention: Automatic cleanup
• User Rights: Data export, deletion requests

API Performance

• Average Response Time: 45ms (p50), 120ms (p95)
• Throughput: 10,000 requests/second
• Uptime: 99.95% (30-day average)

Algorithm Performance

• Classical: 1.2ms key gen, 0.8ms encrypt, 0.7ms decrypt
• Hybrid: 3.5ms key gen, 2.1ms encrypt, 1.9ms decrypt
• Post-Quantum: 6.2ms key gen, 4.3ms encrypt, 3.8ms decrypt
• Post-ZK Homomorphic: 850ms key gen, 1,200ms encrypt, 1,100ms decrypt

Database Performance

• Connection Pool: 100 max connections (PgBouncer)
• Query Time: 15ms average, 85ms p95
• Table Size: 12 GB total

Frontend Performance

• First Contentful Paint (FCP): 1.2s
• Largest Contentful Paint (LCP): 2.3s
• Time to Interactive (TTI): 3.1s
• Cumulative Layout Shift (CLS): 0.05

Frontend

• PHP: 8.4.10 (latest)
• JavaScript: ES2024
• Build Tool: Vite 7.0.4
• Libraries: @noble/post-quantum, @noble/curves, Three.js, Chart.js 4.4.0, D3.js 7.8.5

Backend

• Language: Rust 1.75+ (nightly features)
• Framework: Axum 0.7 (async web framework)
• Runtime: Tokio (async runtime)
• Database Driver: SQLx (async PostgreSQL)

Database

• PostgreSQL: 15
• Connection Pool: PgBouncer
• Backup: Barman (nightly full, hourly incremental)

Reverse Proxy

• pqcrypta-proxy: Rust-based reverse proxy
• Protocols: HTTP/3, QUIC, HTTP/2, WebTransport
• TLS: Rustls (PQC support, ML-KEM native)
• WebTransport: Port 4433

ML/AI

• Python: 3.11
• Framework: scikit-learn, XGBoost
• Embeddings: sentence-transformers
• Vector Store: FAISS
• LLM API: Groq (OpenAI GPT-OSS 120B)

Last Updated: 2026-01-03

Operational Status

• ✅ All 28 Algorithms: 100% operational (full cryptographic workflow validation)
• ✅ 547 API Endpoints: Monitored every 5 minutes with real cryptographic tests
• ✅ 30+ Web Applications: All functional and deployed
• ✅ ML/AI Services: Groq API integrated, RAG system operational (98,183 vectors)
• ✅ Database: PostgreSQL 15 healthy, 30-day GDPR retention active
• ✅ Security: WAF active, bot protection enabled, TLS 1.3 with PQC hybrid

Recent Enhancements (2026-01-03)

1. ✅ Wizard Algorithm Knowledge - Embedded all 31 algorithms in chatbot system prompt
2. ✅ RAG Enhancement - Indexed algorithm documentation (44 chunks, high priority)
3. ✅ Response Quality - Fixed citation behavior (answer-first, no "not available" mentions)
4. ✅ Security Logging - Added wizard_security_logs table for prompt injection tracking