PQTG is a gateway that replaces the vulnerable classical TLS on your QKD key-delivery channel (ETSI GS QKD 014) with post-quantum cryptography — transparently, and provably. It closes the harvest-now-decrypt-later gap at the exact layer meant to be quantum-safe.
Book a pilot See pricing
QKD vendors protect their key-delivery API with ordinary TLS — breakable by a quantum computer, at the one layer that's supposed to be quantum-safe. PQTG fixes exactly that.
Clients reach the key-delivery API over a post-quantum channel (ML-KEM-768 key exchange, Falcon-512 / SLH-DSA authentication). The vendor's classical TLS is confined to loopback — never exposed on the network.
Drops in front of your existing QKD KME. No change to the device or the key semantics. Works across vendors; optional hybrid QKD⊕PQC key mixing.
Deploy PQTG to see your exposure, then flip it on to close it. Same box, two jobs.
Passively maps the cryptography on your network — TLS, SSH, VPN, and certificate algorithms — and produces a quantum-risk inventory: the audit deliverable, generated by the device itself. In development. Available today as a guided PQC migration audit.
Wraps your highest-risk channel — starting with QKD key delivery (ETSI-014) — in post-quantum cryptography. Transparent, device-agnostic, reversible; no change to your quantum hardware.
The gateway doesn't just encrypt your QKD control channel — it can watch it. A sub-kilobyte model runs on the appliance itself, flagging attacks on the key-delivery telemetry it already handles, and signing every alert.
A 211-byte ternary neural model — additions only, no GPU — reads the QKD error-rate telemetry the gateway already sees and flags a sustained rise in the quantum bit-error rate: the signature of an intercept-resend eavesdropper. Every alert is Falcon-512 signed into the same post-quantum audit trail as the keys — attributable and tamper-evident, not just a log line.
Tested offline on 4 hours of real Toshiba-QKD-through-PQTG telemetry (Numana KirQ, June 2026): on held-out data the detector reaches the eavesdropper-detection floor derived independently from the link's own Allan-deviation metrology — a ~0.3 percentage-point sustained error rise, AUC ≈ 0.99. Two independent methods, one detection threshold. Classical-grade sensitivity at a fraction of the footprint. Detection framework in development; tuned to each channel during pilot.
1U appliance on AMD Kria / Mobius optical hardware — real optical I/O, redundant power, no compromises.
2× Mobius optical cards · 10G SFP+ ports · redundant PSU · console + management
Software runs today. The 1U appliance (AMD Kria / Mobius optical) is in fabrication — reserve a unit now.
Tell us what you need. We'll reply with pricing, scope, and next steps.