Research | QNSP

Research Mission

QNSP research focuses on advancing the state of post-quantum cryptography (PQC) transition, crypto-agility, evidence-based security, and secure AI orchestration with confidential computing enclaves.

Research scope:

Post-quantum cryptographic protocols and migration strategies
Cryptographic posture enforcement and policy-driven security
Tamper-evident audit systems with Merkle tree checkpoints
Confidential computing and enclave orchestration for AI workloads
Searchable symmetric encryption (SSE) and encrypted data workflows
Downgrade detection and remediation for cryptographic protocols

We do not conduct offensive security research or publish exploits for third-party systems.

Vulnerability Disclosure & Reporting

How to Report Security Issues

If you discover a security vulnerability in QNSP, please report it to:

Email: qnsp-security@cuilabs.io

Please include the following in your report:

Detailed description of the vulnerability
Steps to reproduce (proof-of-concept)
Affected components and versions
Potential impact assessment
Suggested remediation (if applicable)

Safe Harbor & Rules of Engagement

We support responsible disclosure and will not pursue legal action against researchers who:

Report vulnerabilities in good faith
Avoid privacy violations, data destruction, and service disruption
Do not test against systems you do not own or have permission to test
No denial-of-service
Do not exploit vulnerabilities beyond proof-of-concept validation
Allow us reasonable time to remediate before public disclosure

Disclosure Timeline

Acknowledgment: Within 48 hours of report submission
Initial assessment: Within 5 business days
Remediation target: 90 days for critical/high severity; 180 days for medium/low
Public disclosure: Coordinated with reporter after fix deployment

Credit Policy

We acknowledge security researchers in our advisories (unless anonymity is requested).

Security Advisories

QNSP publishes security advisories for vulnerabilities affecting production deployments. Each advisory includes:

Advisory ID (e.g., QNSP-SA-2026-001)
Severity rating (Critical / High / Medium / Low)
Affected components and versions
Fixed versions and mitigation guidance
Detection evidence (how to confirm exposure)

No security advisories have been published yet. This section will be updated as advisories are released.

Publications & Technical Notes

QNSP Whitepaper

Cryptographic primitives reference: KEM/signature/symmetric algorithm lifecycle, enforcement layers, and evidence-based audit systems documented per primitive.

Read crypto primitives docs →

PQC Migration & Crypto-Agility

Operational guidance on post-quantum cryptography transition strategies, algorithm lifecycle management, and crypto-agility patterns for production systems.

Read migration docs →

Tamper-Evident Audit Architecture

Hash-chained audit events, Merkle tree checkpoints, and cryptographic commitment schemes for verifiable audit trails.

Read audit docs →

Research Areas

Post-Quantum Cryptography

NIST-finalized algorithms (ML-KEM (formerly Kyber), ML-DSA, SLH-DSA), migration strategies, and crypto-agility patterns for production systems.

Cryptographic Policy Enforcement

Tenant-scoped algorithm allowlists, HSM integration, and deterministic policy evaluation with audit evidence.

Crypto Inventory & CBOM

Cryptographic Bill of Materials (CBOM) generation, algorithm lifecycle tracking, and compliance assessment automation.

Confidential Computing

Enclave orchestration for AI workloads, attestation-based verification, and secure multi-party computation patterns.

Tamper-Evident Audit Systems

Hash-chained events, Merkle tree checkpoints, cryptographic commitments, and verifiable audit trails.

Downgrade Detection & Remediation

Protocol downgrade detection, automated remediation workflows, and continuous cryptographic posture monitoring.

Questions about QNSP security research or vulnerability disclosure?

Contact Security Team