QStrike — Public Attestation
Hardware Platform Integrity Attestation
Document version-lock: v1.0 · Locked: 2026-04-28 · Maintainer: Qtonic Quantum Corp
1. Statement of fact
The public /demo path on qstrike.qtonicquantum.com runs as a provider-calibrated modeled runtime. No live quantum hardware is contacted during a public demonstration. Per-vendor noise models are calibrated against published hardware-characterization data (gate-error rates, T1/T2 coherence times, readout fidelity, gate-set support), and every emitted event is ECDSA-P256 signed and statistically validated.
Engagement-scope (commercial L2/L3) execution may include direct provider-API integration on a per-engagement basis, governed by the signed Engagement-Specific Access Schedule. Public-demo and engagement-scope evidence are explicitly differentiated in the deliverable artifact pack and the metadata.access_mode field of every per-platform record.
What QStrike claims: forward-threat quantum attack-path validation against an organization’s existing cryptographic implementation, using indirect-brute-force methodology (side-channel leakage, ephemeral key reuse, weak RNG, biased nonces, deprecated protocols, lattice attacks on partial-information problems).
What QStrike does NOT claim: direct break of RSA-2048 or ECC-256. Hardware capable of either does not exist commercially as of May 2026. Resource estimates from Google Quantum (Gidney 2025 — arXiv:2505.15917) and Caltech-Oratomic (April 2026) inform the projection; no operational platform has crossed those thresholds.
2. Per-platform access posture
The 8-platform reference set is described in metadata.quantum_platforms of every QStrike bundle. The access_mode field is the canonical indicator of platform posture; UI rendering must surface it.
| # | Vendor | Modality | Access mode |
|---|---|---|---|
| 1 | IBM Quantum | superconducting | operational · commercial |
| 2 | Rigetti Computing | superconducting | operational · commercial |
| 3 | Quantinuum | trapped_ion | operational · commercial |
| 4 | IonQ | trapped_ion | operational · commercial |
| 5 | QuEra Computing | neutral_atom | operational · commercial |
| 6 | Withheld Pending NDA | photonic | withheld · pending NDA |
| 7 | D-Wave Quantum | annealing_gate_hybrid | operational · commercial |
| 8 | Google Quantum | superconducting | research · reference |
Summary: 6 operational_commercial (vendor-redundant in superconducting + trapped-ion modalities), 1 research_reference (Google Quantum, public cryptanalytic-resource basis), 1 withheld_pending_nda (photonic, modality diversity). 5 modalities total: superconducting, trapped_ion, neutral_atom, photonic, annealing_gate_hybrid.
3. Calibration & validation
Modeled-runtime output is statistically validated through three independent mechanisms:
- Cross-vendor consistency check — bounded validation tasks executed against multiple vendors within the same modality (IBM ↔ Rigetti for superconducting; Quantinuum ↔ IonQ for trapped-ion). Distributional agreement at α = 0.001 (Bonferroni-corrected) is required before a finding is admitted to the deliverable evidence package.
- Replay determinism — every engagement bundle ships
compute.replaySha256andcompute.determinismSeedSha256. Re-running with the same seed and code revision MUST produce a byte-identical event stream up to ECDSA signature timestamps. - Hostile-review-ready evidence — Bonferroni α = 0.001 statistical-validation overlay. Each statistical claim ships with
alternatives_consideredrecords that explicitly enumerate competing hypotheses and their disposition. Designed to survive sophisticated diligence by counsel, regulators, or underwriters.
4. Live integrity controls
Build → bundle → deploy provenance is exposed at /canary.json for every deployment. ECDSA-P256 signing fingerprint is verifiable via the live signing endpoint. The receipt strip below reads both endpoints in real time.
Live attestation receipts
● Loading…Bundle hash, engine git rev, signing fingerprint, and build time — read through the public QStrike provenance endpoint.
- Bundle SHA-256
- 36e205a0ec3edbf3…
- Engine git rev
- a1937ff7
- Signing fingerprint
- b022a283d551c87c…
- Built
- 14d ago
5. Roadmap to live hardware execution
Current state (May 2026): QStrike Engine ships with qiskit-aer (GPU-accelerated quantum circuit executor) and dwave-neal / dwave-samplers (classical thermodynamic-annealing reference samplers calibrated to D-Wave hardware behavior). No direct provider-API SDKs are loaded in the engine on the public demo path.
Engagement-scope state: Per-engagement integration is governed by signed Engagement-Specific Access Schedules. Buyer-NDA-bound technical detail on which platforms have signed access agreements is published per engagement under the NDA Technical Appendix.
Anchor: January 1, 2029 — three-internet-operator (Google, Cloudflare, Meta) PQC commitment milestone. Direct API integration with IBM Quantum Network, AWS Braket, and Microsoft Azure Quantum is sequenced against commercial engagement volume between now and that anchor.
6. What this attestation does NOT cover
- Insurance / underwriting framing of the $2M Challenge — see /challenge for contract structure
- Engagement-specific signed agreements — see Engagement-Specific Access Schedule per engagement
- Intelligence Model architecture detail — see the NDA-bound technical annex
- Per-finding cryptographic detail — see Substantiation Pack templates 01-05 (engagement-internal)
7. Sign-off
Stage 2 — owner-locked statements (2026-04-28):
- Public-facing signed-vendor agreements: as of the version-lock date below, no individual vendor agreements are published from this attestation. Per-engagement vendor scope is governed by the signed Engagement-Specific Access Schedule under buyer NDA.
- Photonic vendor identity disclosure: scope is engagement-specific. Public attestations omit the photonic vendor identity until per-engagement disclosure permission is executed.
- Live-hardware integration roadmap: sequenced against commercial engagement volume between version-lock and the January 1, 2029 PQC anchor.
- Default disposition for buyer-NDA technical detail: per-vendor calibration parameters, gate-error rates, and platform-access tier detail are published in the NDA Technical Appendix under buyer-executed NDA.
- Document version-lock
- v1.0
- Locked
- 2026-04-28
- Maintainer
- Qtonic Quantum Corp
- Contact
- ops@qtonicquantum.com
Citations & source traces
Every claim above maps to a source readable in the QStrike repositories or canonical doc-suite:
- Per-vendor data:
metadata.quantum_platformsinacme-bank-national-master-bundle.json - ECDSA fingerprint endpoint:
qstrike-engine/main.py,qstrike-engine/signer.py - Replay determinism:
qstrike-engine/tests/test_signing_roundtrip_post_upgrade.py - Bonferroni α = 0.001: White Paper §05, Substantiation Pack template 01
- 2029 anchor: White Paper §02
- Caltech-Oratomic April 2026 estimate: WP §03 footnote 4
- Gidney 2025 arXiv:2505.15917: WP §03 footnote 3