Quantum

Security & Compliance

TARX Quantum is built for environments where data sovereignty is non-negotiable. This page covers our three security pillars: air-gapped deployment, zero exfiltration guarantees, and post-quantum cryptography readiness.

Air-gapped deployment

TARX Quantum requires no internet connection after the initial binary installation. The local substrate runs entirely on your hardware — CPU, GPU, or FPGA — with zero network calls. This makes TARX Quantum deployable in SCIF, IL-5, and other classified environments.

Installation in air-gapped environments

# On a connected machine: download the offline bundle
curl -fsSL tarx.com/install/offline -o tarx-quantum-offline.tar.gz

# Transfer to air-gapped machine via approved medium (USB, optical, etc.)

# On the air-gapped machine:
tar xzf tarx-quantum-offline.tar.gz
./install.sh --offline --substrate local

# Verify — no network required
curl http://localhost:11435/health
# → {"status":"ok","quantum":"ready","substrate":"local","network":"disabled"}

Network isolation verification

# Confirm zero outbound connections
sudo lsof -i -P -n | grep tarxd
# → tarxd  12345  root  3u  IPv4  TCP 127.0.0.1:11435 (LISTEN)
# No outbound connections. Only localhost listener.

# Firewall rule (optional, defense-in-depth)
sudo iptables -A OUTPUT -m owner --uid-owner tarxd -j DROP

Zero exfiltration guarantee

TARX Quantum collects no telemetry about the content of quantum jobs. The daemon tracks only aggregate operational metrics (uptime, job count, error rate) and never transmits problem data, solution data, or any derivative of either.

What is logged

* Optional telemetry (uptime and aggregate job count only) is disabled by default. Enable with --telemetry=basic for fleet health monitoring. Never includes problem or solution content.

Disabling all telemetry

# Explicit opt-out (already the default)
tarxd --telemetry=none

# Or set in config file
echo 'telemetry = "none"' >> ~/.tarx/config.toml

# Verify
curl http://localhost:11435/health
# → {"telemetry":"none","outbound_connections":0}

Post-quantum cryptography

TARX Quantum includes built-in support for post-quantum cryptographic primitives. As quantum computers threaten RSA and ECC, TARX provides a migration path to NIST-approved post-quantum algorithms.

QRNG — Quantum random number generation

The grover solver supports a qrng problem type that generates cryptographic-grade entropy using quantum measurement. This entropy source passes all NIST SP 800-90B tests and is suitable for key generation, nonces, and initialization vectors.

import requests

# Generate 512 bits of quantum entropy for key material
response = requests.post("http://localhost:11435/api/solve", json={
    "solver": "grover",
    "problem": {
        "type": "qrng",
        "bits": 512,
        "format": "base64"
    },
    "substrate": "local"
})

entropy = response.json()["solution"]["entropy"]
# Use as seed for NIST-approved PQC key generation
print(f"Entropy ({len(entropy)} chars): {entropy[:32]}...")

NIST PQC roadmap

Enabling PQC transport

# Enable ML-KEM + ML-DSA for all TARX Quantum API transport
tarxd --pqc-transport=ml-kem-768,ml-dsa-65

# Verify PQC is active
curl http://localhost:11435/health
# → {"pqc_transport":"ml-kem-768+ml-dsa-65","tls":"1.3","cipher":"TLS_AES_256_GCM_SHA384"}

# Config file equivalent
echo 'pqc_transport = ["ml-kem-768", "ml-dsa-65"]' >> ~/.tarx/config.toml

Compliance certifications

• SOC 2 Type II — Annual audit covering availability, security, and confidentiality
• FedRAMP Moderate — In progress (targeted Q3 2026)
• IL-5 — Approved for CUI and classified workloads via air-gapped deployment
• HIPAA — BAA available for healthcare deployments
• GDPR — Data never leaves the deployment boundary; no cross-border transfer