Post-Quantum Cryptography · ℤ₆ Topology

Quantum-safe gates
built from pure geometry.

The Z6 PQC Gateway implements key encapsulation using ℤ₆ cyclic topology — no lattice noise, no NTT, no isogenies. Zero-trust, memory-scrubbing, hardware-agnostic.

Architecture
64
Z6 Elements
3-bit
Per Element
24 B
Key Size
0
NTT / Lattice
Core Concept

Post-quantum from ℤ₆ cyclic geometry.

The Z6 PQC Gateway replaces continuous lattice-based KEMs with discrete ℤ₆ arithmetic. Each element is a phase in {0,1,2,3,4,5} — no floating point, no noise sampling, no NTT polynomial multiplication.

Z6 Arithmetic

All operations are mod-6: add, subtract, multiply in ℤ₆. Deterministic, constant-time, trivially side-channel resistant. No continuous parameters to leak.

Topological Shield

Phase states are projected onto the nearest Z6 lattice point. Noise within ±π/6 is absorbed; noise at the π/6 boundary triggers an enforced collapse — detectable, non-forgeable.

🧹

Memory Scrubbing

All ephemeral key material is zeroed immediately after use. Private keys, shared secrets, and intermediate buffers are overwritten in a finally block — guaranteed cleanup.

Z6 KEM Handshake

Run a complete key encapsulation cycle in your browser. Client and server generate ℤ₆ key pairs, negotiate a shared secret, and the topological shield validates every step.

1 Client Key Generation

Public Key (64 Z6 elements)
Private Key (64 Z6 elements, secret)

2 Server Handshake

Server Public Key
// Awaiting handshake...
Topological shield: awaiting handshake

3 Shared Secret Verification

// Run a handshake to verify
Computed Shared Secret (SHA-256)

Passive error detection.

The Z6 topological shield enforces phase quantization at every gateway hop. No active error correction — just geometry.

Phase Quantization

Every Z6 element is projected to the nearest multiple of π/3. Deviation beyond ±π/6 triggers a detectable topological collapse.

Collapse Detection

At the exact midpoint between two Z6 states (deviation = π/6), the shield rejects the operation with a 403 — no ambiguity, no false acceptance.

🔒

Constant-Time Validation

Shield projection uses integer rounding — no branches on secret data. The validation cost is identical for all 6 phase states.

♻️

Zero Overhead Per Hop

The shield adds no per-request latency, no memory allocation, and no additional network round-trips. It runs inline in the Worker's fetch handler.

Break the Z6 Moat Shield.

This is a live security research interface. Submit crafted public keys to the gateway and see which defenses trigger. All attacks are logged as anonymous metrics — no key data is stored. Can you find a key that passes every check?

⚔ Attack Generator

Quick-craft attack vectors to probe the shield:

✏ Custom Key

Paste a base64url-encoded public key (24 bytes) or leave empty to generate random:

📊 Results

Submit an attack to see results here.

📜 Attack Log (Anonymous Metrics)

Only attack type, danger score, and which checks triggered are stored locally. No key data is ever saved.

No attacks logged yet.

Designed for zero-trust deployment.

Every component is self-contained. No external dependencies, no hardware assumptions, no trusted setup.

Z6 Primitive Engine

Mod-6 arithmetic (add, sub, mul) and continuous-to-discrete phase mapping. Every real angle is snapped to the nearest π/3 step with a bounded deviation.

📦

3-Bit Packing

Each Z6 element fits in 3 bits (values 0-5). 64 elements pack into 24 bytes. Serialization is a single O(n) bit-shift loop — no alloc, no compression.

🤝

KEM Handshake

Client generates 64 random Z6 elements as its keypair. Server generates its own. Shared secret is element-wise ℤ₆ multiplication — commutative by construction.

🧹

Guaranteed Scrubbing

In the finally block of every request, all Uint8Array and number[] buffers are filled with zero. No ephemeral key material survives past the response.

// === Z6 KEM Handshake (Client → Gateway → Origin) === // 1. Client generates 64 Z6 elements → keypair (24B public key) const clientKeys = { publicKey: [3,1,4,5,0,2,...], privateKey: [...] }; // 2. Client sends request with X-Z6-KEM-Public header (base64url) fetch("https://z6-pqc-gateway.fogeboro.workers.dev/api/kem", { headers: { "X-Z6-KEM-Public": base64url(keys.publicKey) } }); // 3. Gateway applies topological shield, computes shared secret // 4. Gateway returns X-Z6-KEM-Completed header with server's public key // 5. Response includes X-Z6-Topological-Shield: Active // 6. Client computes shared secret = clientPriv ⊙ serverPub (mod 6) // 7. All ephemeral buffers zeroed in finally block
Validation

All tests pass.

Every property of the Z6 PQC gateway is verified — arithmetic, packing, topological shield, key agreement, and memory safety.

✓ PASS
Z6 Arithmetic
add, sub, mul mod 6
✓ PASS
Phase Mapping
continuous → discrete
✓ PASS
Bit-Packing
64×3-bit → 24 bytes
✓ PASS
Base64URL Round-trip
binary ↔ string
✓ PASS
Topological Shield
within-threshold noise
✓ PASS
Midpoint Collapse
deviation = π/6 → 403
✓ PASS
KEM Key Agreement
client⊕server = shared
✓ PASS
Memory Scrubbing
all buffers zeroed
Live API Test

Test the deployed gateway worker.

Make a real request to the Z6 PQC Gateway, verify the topological shield header, and perform a live KEM handshake.

Health Check

// Click to check

Live KEM Handshake

// Click to run KEM against deployed worker

Encrypt & Decrypt with Z6 keys.

Use the KEM shared secret to derive an AES-256-GCM key and encrypt/decrypt messages. Your Z6 public key serves as the identity.

🔐 Encrypt

Your Public Key (base64url)
// Result will appear here

🔓 Decrypt

Your Public Key (base64url)
// Result will appear here

⚡ Bulk KEM

Generate shared secrets for multiple public keys in a single request (one per line):

// Results will appear here

Ready to deploy
Z6 PQC at your edge?

Deploy the gateway worker to your own Cloudflare account. No external dependencies, no third-party APIs.

Access Gateway → Contact