QTRUST Qualified PQC Timestamp Authority

RFC 3161 ECDSA + Dilithium QAN Testnet
Documentation
Verify

What is QTRUST?

QTRUST is an RFC 3161 compliant timestamp authority with post-quantum cryptography. Every timestamp is dual-signed with ECDSA (backwards compatible) and CRYSTALS-Dilithium (quantum-safe), then anchored on the QAN blockchain.

Privacy by Design: QTRUST never sees your documents. Only the hash is submitted. No metadata is stored. No account required.

Why PQC Timestamps?

Standard timestamps use ECDSA or RSA signatures. These will be broken by quantum computers (Shor's algorithm) within 10-15 years. If your documents need to remain verifiable for 15-30 years (pharma, medical devices, financial records), you need post-quantum cryptography now.

IndustryRetentionRisk with ECDSA
Pharma (GMP)30 yearsVery high
Medical Devices (MDR)15 yearsHigh
Financial (MiFID II)10 yearsMedium
Public Administration30+ yearsVery high

Quick Start: openssl

QTRUST speaks standard RFC 3161. Any RFC 3161 client works out of the box:

# 1. Create timestamp request
openssl ts -query -data myfile.pdf -sha256 -out request.tsq

# 2. Send to QTRUST
curl -s -X POST https://trust.qalyx.eu/timestamp \
  -H "Content-Type: application/timestamp-query" \
  --data-binary @request.tsq \
  -o response.tsr

# 3. Verify
openssl ts -verify -in response.tsr \
  -queryfile request.tsq \
  -CAfile root-ca.pem -untrusted tsa-cert.pem

Quick Start: JSON API

For programmatic access, use the JSON convenience API:

# Stamp a hash
curl -s -X POST https://trust.qalyx.eu/api/stamp \
  -H "Content-Type: application/json" \
  -d '{"hash": "your-sha256-hash-here", "algorithm": "sha256"}'

# Response:
{
  "serial": "QT-000001",
  "timestamp_utc": "2026-03-18T21:00:00+00:00",
  "hash": "...",
  "signatures": {
    "ecdsa": "valid",
    "dilithium": "valid"
  },
  "blockchain": {
    "tx_hash": "0x...",
    "block_number": 598000
  },
  "tsr_download": "https://trust.qalyx.eu/api/download/QT-000001.tsr",
  "pdf_download": "https://trust.qalyx.eu/api/download/QT-000001.pdf"
}

Dual Signing

Every timestamp response contains two signatures:

SignatureAlgorithmPurpose
ECDSASECP256R1 + SHA-256Backwards compatible — works with openssl, any RFC 3161 client
DilithiumCRYSTALS-Dilithium3 (NIST Level 3)Quantum-safe — survives quantum computers, stored as TSR extension

Old clients verify ECDSA and ignore the Dilithium extension. PQC-aware clients verify both. If ECDSA breaks, Dilithium remains valid.

Blockchain Anchor

In addition to cryptographic signatures, the document hash is anchored on the QAN blockchain (a quantum-safe, EU-based blockchain). This provides an independent, immutable verification path that doesn't depend on QTRUST's signing keys.

Downloads

After stamping, you can download:

FormatURLUse
.tsr/api/download/QT-XXXXXX.tsrStandard RFC 3161 response (DER-encoded)
.pdf/api/download/QT-XXXXXX.pdfHuman-readable certificate

Verify Timestamp

Download by Serial