Vortex doesn't predict attacks. It reacts to the laws of exact sciences. A packet either satisfies the mathematics — or it doesn't.
Every packet is evaluated against deterministic mathematical invariants — not patterns, not models, not predictions.
Signatures based on Learning With Errors — the foundation of NIST's 2024 post-quantum standards. A quantum computer does not break this.
Trust scores derived from distance and entropy metrics, evaluated against deterministic thresholds. Not a model. Not a heuristic. Mathematics.
Every packet is Accept or Reject with a typed, auditable reason. No silent failures. No undefined behavior. No gray area to exploit.
A packet only reaches the next layer if it fully satisfies the current one.
The code is open. Read it, break it, tell us what you find.
Vortex DFS is a post-quantum security SDK written in Rust with a Go gateway. It replaces heuristic-based security with deterministic mathematical evaluation — every packet is either valid or it isn't.
[dependencies]
vortex-dfs = "0.1"use vortex_dfs::engine::{VortexGate, TrustState}; use vortex_dfs::signer_lwe::keygen; let (sk, pk) = keygen(seed); let gate = VortexGate::new(pk.clone()); let sig = sk.sign(&payload, &pk, nonce); match gate.process_packet(&raw, &sig) { TrustState::HighTrust => { /* proceed */ } TrustState::Operational => { /* monitor */ } TrustState::Fragile => { /* degrade */ } TrustState::RejectedSignature => { /* block */ } TrustState::RejectedProtocol(why) => { /* block */ } TrustState::RejectedBounds => { /* block */ } }
export VORTEX_HMAC_KEY="$(openssl rand -hex 32)"
├─ CRC mismatch? → RejectedProtocol ├─ LWE signature invalid? → RejectedSignature ├─ Metrics out of [0,1]? → RejectedBounds └─ score ≥ 0.95 → HighTrust score ≥ 0.70 → Operational score ≥ 0.20 → Fragile score < 0.20 → Critical
Binary packet parsing. Uses from_le_bytes() — no pointer casting, no unsafe. CRC-32 IEEE validation.
Fiat-Shamir over LWE lattice. Hash-bound commitment. For production use pqcrypto-dilithium.
Typestate pipeline with PhantomData. A packet cannot reach evaluation without passing validation — enforced at the type level.
HMAC-SHA256 with constant-time comparison. Invalid hex returns an explicit typed error.
Axum middleware. 1MB body limit. Session IDs sanitized. HMAC key from environment.
pkt, err := ParsePacket(buf) err = VerifySignature(payload, sigHex, key) raw := BuildPacket(0x0001, payload)
VORTEX_HMAC_KEY via secret managersigner_lwe with pqcrypto-dilithiumOsRngvortex_guardgit log -S "SECRET" --all to verify clean historyTechnical papers and findings from our work on deterministic security, post-quantum cryptography, and physics-bound trust evaluation.
A silent bug in our LWE signature verification caused verify() to return true for any input — including signatures made with completely different keypairs. Root cause: with modulus Q=257, the tolerance c×ETA exceeded Q/2, making the ring distance check vacuously true. We document the discovery, the mathematical analysis, and the fix — moving to hash-bound commitment (Fiat-Shamir). Caught only by explicitly writing the adversarial test case.
Introducing DFS = S × T × B as a quantitative framework for security detections. Signal Strength evaluates semantic fidelity. Telemetry Stability validates payload completeness under high-throughput runtime. Behavioral Robustness measures resistance to structural drift. Applied to LLM output pipelines as deterministic middleware.
System prompts alone are insufficient to mitigate runtime alignment drifts — they introduce token overhead, increase latency, and remain susceptible to adversarial injection. A deterministic approach handles this downstream via isolated decision-boundary middleware. By treating LLM output as a raw signal, we compute a Detection Fidelity Score before dispatching the response.
One SDK. Pay for the period that fits your deployment cycle. No seats, no per-request fees, no hidden costs.
Ideal for solo engineers evaluating Vortex DFS in a staging environment.
For teams running Vortex DFS in production with full anonymization and webhook pipelines.
For organizations with compliance requirements and custom detection rules at scale.
We work with engineering teams evaluating post-quantum migration, AI infrastructure security, and deterministic defense layers. If heuristics haven't solved your problem — reach out.