API Documentation

Complete reference for QuantZK's advanced cryptographic features and DARPA-grade zero-knowledge systems

Quick Navigation

Overview

QuantZK provides a comprehensive suite of advanced cryptographic features including DARPA-grade zero-knowledge causality proofs, post-quantum cryptography, privacy-preserving techniques, and AI-powered circuit synthesis. All features are production-ready with proven adversarial soundness.

Base URL

GEThttps://api.quantzk.com/v1

Features

  • πŸ”¬ DARPA-validated zero-knowledge causality proofs (ZK-CP)
  • πŸ€– AI-powered circuit synthesis and optimization
  • πŸ” 18+ cryptographic primitives
  • πŸ›‘οΈ 5 post-quantum algorithms (NIST-validated)
  • πŸ•΅οΈ 4 privacy-preserving techniques
  • πŸ”— 4 advanced cryptographic protocols
  • 🧠 Federated learning with zkML
  • ⚑ Sub-millisecond performance
  • βœ… 100% test success rate
  • 🎯 Adversarial soundness proven

Authentication

All API requests require authentication using API keys or JWT tokens with httpOnly cookies for enhanced security.

API Key Authentication

const headers = {
    'Authorization': 'Bearer YOUR_API_KEY',
    'Content-Type': 'application/json'
};

JWT Token Authentication

// Tokens are automatically managed via httpOnly cookies
const response = await fetch('https://api.quantzk.com/v1/auth/login', {
    method: 'POST',
    credentials: 'include', // Essential for httpOnly cookies
    headers: {
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        email: 'user@example.com',
        password: 'secure_password'
    })
});

Zero-Knowledge Causality Proofs (ZK-CP)

πŸ”¬ DARPA-Validated Technology
Proves policy violation with zero information leakage. Adversarial soundness independent of completeness.

Generate Causal Proof

POST/api/causal-proofs/generate DARPA ARE-1

Parameters

Parameter Type Required Description
causalGraph object Yes DAG representing causal structure
policyConstraints object Yes Policy constraints to enforce
executionPath array Yes Sequence of state transitions
privateWitness object Yes Private inputs (never revealed)

Example Request

const response = await fetch('/api/causal-proofs/generate', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        causalGraph: {
            nodes: ['auth', 'sensitive_op', 'outcome'],
            edges: [['auth', 'sensitive_op'], ['sensitive_op', 'outcome']]
        },
        policyConstraints: {
            requiredPermissions: ['admin', 'audit_access'],
            minPathLength: 2
        },
        executionPath: ['auth', 'sensitive_op', 'outcome'],
        privateWitness: {
            userId: 'user_123',
            credentials: 'private_data'
        }
    })
});

const result = await response.json();
console.log('Proof:', result.proof);
console.log('Public signals:', result.publicSignals);

Verify Causal Proof

POST/api/causal-proofs/verify DARPA ARE-1

What This Proves

  • βœ… Policy violation implies proof non-existence
  • βœ… Zero information leakage about private inputs
  • βœ… Causal necessity and counterfactual impossibility
  • βœ… Fail-closed behavior under adversarial manipulation
  • βœ… Adversarial soundness independent of completeness

What This Does NOT Prove

  • ❌ Policy optimality or correctness
  • ❌ Intent or motivation behind actions
  • ❌ Future predictions or probabilistic claims

Post-Quantum Cryptography

NIST-validated post-quantum cryptographic algorithms resistant to quantum computer attacks.

Kyber Encryption (NIST Level 3)

POST/api/post-quantum/kyber/encrypt Stable

Parameters

Parameter Type Required Description
message string Yes Plaintext message to encrypt
publicKey string Yes Kyber public key

Dilithium Signatures (NIST Level 2)

POST/api/post-quantum/dilithium/sign Stable

Parameters

Parameter Type Required Description
message string Yes Message to sign
secretKey string Yes Dilithium secret key

FALCON Signatures (NIST Level 1)

POST/api/post-quantum/falcon/sign Stable

Fast, compact signatures for resource-constrained environments.

Advanced Privacy Techniques

Private Information Retrieval (PIR)

POST/api/privacy/pir/query Stable

Parameters

Parameter Type Required Description
index number Yes Index of item to retrieve (0-99)
database array No Optional database to query

Oblivious Transfer

POST/api/privacy/ot/transfer Stable

Homomorphic Encryption

POST/api/privacy/homomorphic/compute Beta

Perform computations on encrypted data without decryption. Based on Microsoft SEAL with polynomial fallback.

Cryptographic Protocols

Threshold Signatures

POST/api/protocols/threshold/sign Stable

Parameters

Parameter Type Required Description
message string Yes Message to sign
threshold number Yes Minimum signatures required
parties number Yes Total number of parties

Verifiable Random Functions (VRF)

POST/api/protocols/vrf/generate Stable

Multi-Party Computation (MPC)

POST/api/mpc/compute Beta

Secure multi-party computation allowing multiple parties to jointly compute a function over their inputs while keeping those inputs private.

AI-Powered Features

πŸ€– AI Circuit Synthesis
Natural language to ZK circuit generation with semantic understanding and continuous learning.

Generate Circuit from Natural Language

POST/api/ai-circuit-synthesis/generate Experimental

Parameters

Parameter Type Required Description
description string Yes Natural language description of circuit
requirements object No Performance and security requirements
provider string No 'openai' or 'anthropic' (default: openai)

Example Request

const response = await fetch('/api/ai-circuit-synthesis/generate', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        description: 'Create a circuit that proves age is over 18 without revealing exact age',
        requirements: {
            maxConstraints: 1000,
            privacyLevel: 'high'
        }
    })
});

const result = await response.json();
console.log('Circuit code:', result.circuitCode);
console.log('Constraints:', result.analysis.constraints);

Optimize Existing Circuit

POST/api/ai-circuit-synthesis/optimize Experimental

Continuous Learning

The AI system learns from successful compilations, user feedback, and performance metrics to improve future circuit generation.

Federated Learning with zkML

🧠 Privacy-Preserving Machine Learning
Train models across distributed data without centralizing sensitive information.

Analyze Behavioral Data

POST/api/advanced-features/ml/analyze-behavior Beta

Parameters

Parameter Type Required Description
userId string Yes User identifier
behaviorData object Yes User interaction patterns

Submit Federated Update

POST/api/federated/submit-update Beta

Query Global Model

GET/api/federated/global-model Beta

Federated learning enables collaborative model training while preserving data privacy. Each participant contributes model updates without sharing raw data.

Error Handling

All API endpoints return consistent error responses with appropriate HTTP status codes and sanitized error messages in production.

Error Response Format

{
    "error": {
        "code": "INVALID_PARAMETER",
        "message": "The provided parameter is invalid",
        "details": "Parameter 'message' must be a non-empty string"
    },
    "timestamp": "2026-01-07T21:00:00Z",
    "requestId": "req_123456789"
}

Common Error Codes

Code HTTP Status Description
INVALID_PARAMETER 400 Invalid or missing parameter
UNAUTHORIZED 401 Invalid or missing authentication
FORBIDDEN 403 Insufficient permissions
NOT_FOUND 404 Resource not found
RATE_LIMITED 429 Rate limit exceeded
INTERNAL_ERROR 500 Internal server error
CIRCUIT_ERROR 500 ZK circuit compilation or execution error
PROOF_GENERATION_FAILED 500 Failed to generate zero-knowledge proof

Code Examples

Complete ZK-CP Example

// Generate and verify a zero-knowledge causality proof
const proofResponse = await fetch('https://api.quantzk.com/v1/api/causal-proofs/generate', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        causalGraph: {
            nodes: ['start', 'check_permission', 'action', 'end'],
            edges: [
                ['start', 'check_permission'],
                ['check_permission', 'action'],
                ['action', 'end']
            ]
        },
        policyConstraints: {
            requiredNodes: ['check_permission'],
            minPathLength: 3
        },
        executionPath: ['start', 'check_permission', 'action', 'end'],
        privateWitness: {
            userId: 'user_456',
            permissions: ['read', 'write']
        }
    })
});

const { proof, publicSignals } = await proofResponse.json();

// Verify the proof
const verifyResponse = await fetch('https://api.quantzk.com/v1/api/causal-proofs/verify', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        proof,
        publicSignals
    })
});

const { verified, error } = await verifyResponse.json();
console.log('Proof verified:', verified);

// Key properties:
// βœ… Private inputs never revealed
// βœ… Policy compliance proven without exposing execution details
// βœ… Adversarially sound (fail-closed behavior)

AI Circuit Synthesis Example

// Generate a circuit using natural language
const circuitResponse = await fetch('https://api.quantzk.com/v1/api/ai-circuit-synthesis/generate', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        description: 'Prove that a user has a valid credit score above 700 without revealing the exact score',
        requirements: {
            maxConstraints: 5000,
            privacyLevel: 'high',
            performanceTarget: 'sub-second'
        }
    })
});

const { circuitId, circuitCode, analysis } = await circuitResponse.json();

console.log('Generated circuit:', circuitId);
console.log('Constraints:', analysis.constraints);
console.log('Estimated proof time:', analysis.estimatedProofTime);

// Compile and use the generated circuit
const compileResponse = await fetch(`https://api.quantzk.com/v1/api/ai-circuit-synthesis/compile/${circuitId}`, {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY'
    }
});

const { success, artifacts } = await compileResponse.json();
console.log('Circuit compiled:', success);

Post-Quantum Encryption Example

// Generate Kyber key pair
const keyPair = await fetch('https://api.quantzk.com/v1/api/post-quantum/kyber/keygen', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    }
}).then(res => res.json());

// Encrypt message
const encrypted = await fetch('https://api.quantzk.com/v1/api/post-quantum/kyber/encrypt', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        message: 'Quantum-resistant secret message',
        publicKey: keyPair.publicKey
    })
}).then(res => res.json());

// Decrypt message
const decrypted = await fetch('https://api.quantzk.com/v1/api/post-quantum/kyber/decrypt', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        encrypted: encrypted.ciphertext,
        secretKey: keyPair.secretKey
    })
}).then(res => res.json());

console.log('Decrypted:', decrypted.message);
console.log('Quantum-resistant:', true);

Federated Learning Example

// Analyze user behavior with privacy preservation
const behaviorAnalysis = await fetch('https://api.quantzk.com/v1/api/advanced-features/ml/analyze-behavior', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        userId: 'user_789',
        behaviorData: {
            mouseMovements: [...],
            keystrokeDynamics: [...],
            sessionDuration: 1800
        }
    })
});

const { riskScore, classification, confidence } = await behaviorAnalysis.json();

console.log('Risk assessment:', {
    score: riskScore,
    category: classification,
    confidence: `${(confidence * 100).toFixed(1)}%`
});

// Submit federated update (privacy-preserving)
const updateResponse = await fetch('https://api.quantzk.com/v1/api/federated/submit-update', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        modelUpdate: localGradients, // Computed locally
        round: 42
    })
});

console.log('Contributed to global model without sharing raw data');

API Reference

Complete reference for all QuantZK API endpoints with request/response schemas and examples.

Base URL & Versioning

GEThttps://api.quantzk.com/v1

All API requests must include the version prefix /v1 in the URL.

Authentication Endpoints

Endpoint Method Description
/api/auth/register POST Create new user account
/api/auth/login POST Authenticate and receive JWT token
/api/auth/refresh POST Refresh access token
/api/auth/logout POST Invalidate current session

Zero-Knowledge Endpoints

Endpoint Method Description
/api/verify POST Verify ZK proof
/api/causal-proofs/generate POST Generate ZK-CP proof
/api/causal-proofs/verify POST Verify ZK-CP proof
/api/proofs/{id} GET Retrieve proof by ID

Post-Quantum Cryptography

Endpoint Method Description
/api/post-quantum/kyber/keygen POST Generate Kyber key pair
/api/post-quantum/kyber/encrypt POST Encrypt with Kyber
/api/post-quantum/kyber/decrypt POST Decrypt with Kyber
/api/post-quantum/dilithium/sign POST Create Dilithium signature
/api/post-quantum/dilithium/verify POST Verify Dilithium signature
/api/post-quantum/falcon/sign POST Create FALCON signature

AI & Machine Learning

Endpoint Method Description
/api/ai-circuit-synthesis/generate POST Generate circuit from natural language
/api/ai-circuit-synthesis/optimize POST Optimize existing circuit
/api/ai-circuit-synthesis/compile/{id} POST Compile generated circuit
/api/advanced-features/ml/analyze-behavior POST Analyze user behavior patterns
/api/federated/submit-update POST Submit federated learning update
/api/federated/global-model GET Retrieve global model state

Rate Limits

Tier Requests/Minute Requests/Hour
Free 60 1,000
Professional 600 20,000
Enterprise Unlimited Unlimited

Response Headers

All API responses include these headers:

X-RateLimit-Limit: 60
X-RateLimit-Remaining: 59
X-RateLimit-Reset: 1704672000
X-Request-ID: req_abc123
X-Response-Time: 15ms

Webhooks

Receive real-time notifications about events in your QuantZK account via HTTP callbacks.

Webhook Events

Event Description Payload
proof.verified ZK proof successfully verified proof, publicSignals, metadata
proof.failed ZK proof verification failed proofId, error, timestamp
causal_proof.generated ZK-CP proof generated proof, causalGraph, policyResult
circuit.compiled AI-generated circuit compiled circuitId, constraints, artifacts
user.registered New user account created userId, email, timestamp
api_key.created New API key generated keyId, permissions, expiresAt

Webhook Configuration

POST/api/webhooks

Create Webhook

const webhook = await fetch('https://api.quantzk.com/v1/api/webhooks', {
    method: 'POST',
    headers: {
        'Authorization': 'Bearer YOUR_API_KEY',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({
        url: 'https://your-domain.com/webhooks/quantzk',
        events: ['proof.verified', 'proof.failed'],
        secret: 'your_webhook_secret'
    })
});

const result = await webhook.json();
console.log('Webhook ID:', result.webhookId);

Webhook Payload Example

{
    "id": "evt_abc123",
    "type": "proof.verified",
    "created": 1704672000,
    "data": {
        "proofId": "proof_xyz789",
        "proof": {...},
        "publicSignals": [...],
        "verificationTime": "15ms",
        "circuit": "proof_of_identity"
    },
    "metadata": {
        "userId": "user_123",
        "apiVersion": "v1"
    }
}

Webhook Signature Verification

Verify webhook authenticity using HMAC-SHA256:

const crypto = require('crypto');

function verifyWebhookSignature(payload, signature, secret) {
    const expectedSignature = crypto
        .createHmac('sha256', secret)
        .update(JSON.stringify(payload))
        .digest('hex');
    
    return crypto.timingSafeEqual(
        Buffer.from(signature),
        Buffer.from(expectedSignature)
    );
}

Security

Best practices and security measures for using QuantZK APIs.

πŸ” Authentication Security

HttpOnly Cookies

Access and refresh tokens are stored in httpOnly, secure, SameSite=Strict cookies to prevent XSS attacks. Tokens are never exposed to JavaScript.

  • βœ… XSS protection via httpOnly flag
  • βœ… CSRF protection via SameSite=Strict
  • βœ… Secure flag enforced in production
  • βœ… Automatic token refresh

πŸ›‘οΈ API Key Management

  • Never commit API keys to version control
  • Rotate keys regularly (recommended: every 90 days)
  • Use environment variables for key storage
  • Set appropriate permissions for each key
  • Revoke compromised keys immediately

πŸ”’ Transport Security

Feature Status Details
TLS 1.3 βœ… Enforced All API traffic encrypted
HSTS βœ… Enabled max-age=31536000; includeSubDomains
Certificate Pinning βœ… Available For mobile/desktop apps
Perfect Forward Secrecy βœ… Enabled ECDHE cipher suites

⚑ Rate Limiting

Multiple layers of rate limiting protect against abuse:

  • Per-Key Limits: Based on your subscription tier
  • Per-IP Limits: Additional protection against DDoS
  • Per-Endpoint Limits: Stricter limits on resource-intensive operations
  • Burst Protection: Token bucket algorithm prevents spikes

πŸ” Audit Logging

All API requests are logged for security auditing:

{
    "timestamp": "2026-01-08T02:30:00Z",
    "requestId": "req_abc123",
    "userId": "user_456",
    "method": "POST",
    "endpoint": "/api/verify",
    "ipAddress": "203.0.113.42",
    "userAgent": "QuantZK-SDK/1.0",
    "statusCode": 200,
    "responseTime": "15ms",
    "authenticated": true
}

πŸ›‘οΈ Post-Quantum Security

QuantZK uses NIST-validated post-quantum cryptographic algorithms to protect against future quantum computer attacks:

  • Kyber768: 192-bit quantum security for encryption
  • Dilithium3: 192-bit quantum security for signatures
  • FALCON-512: Compact signatures for IoT devices

🚨 Security Disclosure

If you discover a security vulnerability, please report it to: security@quantzk.com

We offer a bug bounty program for responsible disclosure. PGP key available at /security/pgp-key.txt

Technical Documentation

Comprehensive technical documentation for developers, security auditors, and system architects.

πŸ“‹ System Architecture

DARPA Vertical Overview

Defense-grade zero-knowledge infrastructure for nation-state threat environments. Includes production capabilities, experimental features, and research directions.

πŸ“₯ Download PDF

Capability Maturity Framework

Production-grade capabilities, near-term experimental features, and long-horizon research directions with explicit maturity assessments.

πŸ“₯ Download PDF

πŸ€– AI & Machine Learning

AI Circuit Synthesis Implementation

Natural language to ZK circuit generation using GPT-4/Claude with semantic understanding, multi-layer validation, and continuous learning.

πŸ“₯ Download PDF

πŸ›‘οΈ Defense Applications

DoD Integration Guide

Concrete integration architecture for Department of Defense systems with NIPRNET/SIPRNET deployment patterns, classification handling, and operational procedures.

πŸ“₯ Download PDF

Research Papers

Peer-reviewed research and technical papers advancing the state of zero-knowledge cryptography.

πŸ”¬ Featured Research

Zero-Knowledge Causality Proofs (ZK-CP)

Authors: QuantZK Research Team

Date: December 2025

A novel cryptographic primitive that enables proving causal necessity without revealing execution paths. Introduces the Structural Impossibility Certificate (SIC) and proves counterfactual impossibilityβ€”a stronger guarantee than traditional zero-knowledge proofs.

Key Contributions: Formal cryptographic definition of causal necessity, security model for counterfactual robustness, non-reducibility proof, Groth16-based construction, and applications in autonomous systems and regulatory compliance.

DARPA ARE-1 Validated Adversarial Soundness Proven Production Implementation

πŸ“˜ Whitepapers

QuantZK Technical Whitepaper

Version: 1.0 | Date: November 2025

Comprehensive technical whitepaper covering the QuantZK Trust Grid architecture, quantum-resilient cryptography, federated AI systems, and global deployment strategy. Includes detailed performance benchmarks, security analysis, and economic modeling.

Contents: Executive overview, technical architecture, post-quantum cryptography, zero-knowledge proofs, federated learning, deployment strategy, performance metrics, security analysis, economic model, competitive analysis, and roadmap.

99.98% Accuracy 15ms Latency (p99) 12,625 TPS

πŸ“š Additional Resources