RESEARCH PREVIEW

We do not encrypt — we entangle.

QERYX is the first messenger to bind a verified quantum Bell-measurement into its session keys. A signed, hash-chained quantum beacon publishes each measurement; the app folds the verified pulse into key derivation as an additive co-factor that can never weaken the key — and degrades cleanly to the device’s own quantum/OS entropy floor when offline.

The strongest, loophole-free anchor — CURBy, the public Bell-test randomness beacon from NIST and the University of Colorado Boulder — is on the roadmap below. This page lets you verify a beacon pulse yourself, right now, in your browser.

VERIFY IT YOURSELF

Recompute a beacon pulse in your browser

No trust in QERYX required. Your browser fetches one pulse, recomputes its SHA3-256 self-commitment from the raw bytes, checks the hash-chain link to the previous pulse, and re-derives the CHSH Bell-violation flag exactly as the signer did. Nothing here calls home; the code is verify.js and sha3.js, both readable and ~100 lines each.

Press Use bundled sample pulse to verify a real signed pulse offline, or point the endpoint at a live beacon and press Fetch & verify.

Checked live, in this browser

  • SHA3-256 self-commitment. pulse_hash = SHA3-256(canonical(record) ‖ signature) recomputed from the wire bytes and compared to the value the pulse carries.
  • Hash-chain link. record.prev_hash compared to the previous pulse’s hash — the chain is append-only.
  • CHSH violation flag. Re-derived as S − 3σ > 2.0 and checked against the signed flag; S is shown against the Tsirelson bound 2√2 ≈ 2.828.
  • Canonical encoding. Number literals preserved verbatim (0.0 stays 0.0), keys sorted, no whitespace — byte-identical to the signer.

Offered as a downloadable verifier

  • ML-DSA-87 signature (FIPS 204). The lattice signature over the exact same canonical bytes. In-browser ML-DSA-87 verification is heavy (large keys, NTT-domain arithmetic), so we keep this widget small and ship the full check as a standalone verifier you run locally.
  • Beacon public-key pin. The verifier confirms the signing key matches the out-of-band fingerprint e7223f32…3708de3f.
  • Entropy-extractor accounting. Re-runs the min-entropy estimate and Toeplitz output-length rule the pulse claims.

Until you run the downloadable verifier, a passing widget means self-consistent and chain-linked — not yet signature-authenticated. The bytes are identical; only the lattice-signature math is deferred.

THE LADDER

From device-behaviour check to loophole-free anchor

Honest status labels. We claim only what is shipping; everything else is marked roadmap.

  1. R1SHIPPING

    Own-beacon Bell-measurement bound into keys

    A QERYX-run quantum source runs a CHSH test; a signed, hash-chained pulse (ML-DSA-87 + SHA3-256) carries the result and extracted output. The app verifies the pulse and folds it into the QSEED as an additive public co-factor. S > 2 here is a device-behaviour check under trusted-device assumptions — the locality and detection loopholes are open, so this is evidence the device behaved as a quantum source, not a loophole-free entanglement proof.

  2. R2IN PROGRESS

    External loophole-free anchor via CURBy

    Bind the loophole-free public Bell-test beacon (CURBy, NIST + CU Boulder) alongside the own-beacon pulse, so the co-factor inherits a measurement where the locality and detection loopholes are closed. The app already folds verified external pulses; wiring CURBy’s format and pin is the remaining work.

  3. R3ROADMAP

    Multi-source quorum of independent Bell beacons

    Require agreement across jurisdiction- and vendor-diverse beacons before a pulse is counted, so no single beacon operator can steer the co-factor.

  4. R4ROADMAP

    Public transparency log + third-party witnesses

    Gossip the pulse chain to independent witnesses who co-sign what they saw, so a forked or withheld history is detectable by anyone.

  5. R∞HORIZON

    Per-session, device-local loophole-free measurement

    The long-horizon goal: a measurement bound to this session on hardware the user holds. This does not exist today for phones, and we never claim two phones share entanglement. We name it so the ladder has a top.

TECH BEHIND

How a Bell-measurement reaches your session key

1

Measure

A quantum source is prepared in a Bell state and measured under four CHSH setting pairs. The correlation sum S is computed; the ideal quantum maximum is the Tsirelson bound 2√2 ≈ 2.828, and the classical ceiling is 2.

2

Extract

Raw measurement bits pass a conservative min-entropy estimate (a tested subset of NIST SP 800-90B — not the full battery, not CMVP-validated) and a Toeplitz strong extractor, yielding the published output.

3

Sign & chain

The full record — S, sigma, the violation flag, entropy accounting, and output — is signed with ML-DSA-87 (FIPS 204) and self-committed as pulse_hash = SHA3-256(canonical(record) ‖ signature), with prev_hash linking the previous pulse into an append-only chain.

4

Verify

The app re-checks every invariant against a pinned public-key fingerprint (never a key carried inside the pulse), failing closed on anything malformed. The widget above performs the hash, chain, and flag checks live; the signature check ships as a downloadable verifier.

5

Fold — additively, never below the floor

The verified pulse is mixed into the QSEED through the same multi-source path as the device’s own quantum samples, via XOR + HKDF-Extract over a superset of inputs. Extracting over more named sources can only raise the adversary’s uncertainty, never lower it. The pulse hash is also bound into the session context, so the key depends on which pulse was folded — while the device’s own entropy floor (its quantum samples or OS RNG) is always present underneath. A missing, offline, or rejected pulse degrades cleanly to that floor.

What this is — and is not

  • Is: the first shipping messenger to fold a verified, signed quantum Bell-measurement into key derivation, above an X25519 + ML-KEM-1024 hybrid floor with ML-DSA-87 signatures.
  • Is not: quantum key distribution, quantum teleportation, quantum networking, or two phones sharing entanglement. Those would violate the no-communication theorem; we make no such claim.
  • The honest boundary on R1: the own-beacon CHSH test is a device-behaviour check (locality and detection loopholes open). The loophole-free anchor comes from CURBy (R2). The co-factor is additive and public — it steers the seed, it never is the secret.