Quartz
Sign in GitHub ↗ Get started
NEW v0.9 · Hybrid post-quantum by default · NIST FIPS 203/204

Zero trust,
rebuilt on QUIC.
Post-quantum by default.

Your VPN was designed for 1998. Quartz is a modern ZTNA platform — pure QUIC data plane, hybrid ML-KEM + ML-DSA cryptography, controller out of the data path. Production-grade remote access for networks that will still be secure in 2045.

Start self-hosting Read the architecture
MIT / Apache-2.0 / Self-hosted / 100% Rust, unsafe-denied / CNSA 2.0 aligned
§ Control plane coordination only · no user data CONTROLLER OIDC · policy · session identity policy session HTTPS HTTPS § Data plane · QUIC encrypted peer-to-peer · controller never sees user traffic stream #1 · ssh stream #2 · sync AGENT A user · laptop AGENT B server · prod DERP RELAY fallback · :443 ML-KEM · X25519 0-RTT resume ✓ connection migration ✓
Built on open standards
RFC 9000 · QUIC FIPS 203 · ML-KEM FIPS 204 · ML-DSA OIDC · SAML OpenTelemetry Prometheus
§ 01 / Platform

Three principles.
No compromise.

Most "ZTNA" vendors repackaged VPN concentrators with a policy dashboard. Quartz starts from a different architecture — one where transport, cryptography, and trust boundaries are all first-class.

01 / QUIC

Pure QUIC data plane

All traffic rides QUIC — the IETF-standardized protocol that powers HTTP/3. No TCP fallback, no TLS-over-TCP legacy. Independent streams, 0-RTT resumption, native connection migration.

RFC 9000 · Quinn 0.11 UDP · userspace · no kernel modules
02 / Cryptography

Post-quantum by default

Hybrid ML-KEM-768 + X25519 for key exchange. ML-DSA-65 + Ed25519 for signatures. Both classical and quantum algorithms must break for a connection to compromise.

FIPS 203 / 204 · NIST Level 3 AES-256-GCM · BLAKE3 · zeroized keys
03 / Trust

Controller out of path

The control plane authenticates, authorizes, coordinates. It never terminates QUIC streams. It never decrypts user data. If the controller is compromised, the attacker gains metadata — not your traffic.

Default deny · signed policies Re-verified every 60s · 5-min session TTL
§ 02 / How it works

From click to encrypted stream, in one RTT.

Authentication, discovery, direct peer connection, hybrid handshake, continuous verification. Five stages — and after that first setup, subsequent resumes cost zero round trips.

01
Authenticate via OIDC
Google Workspace, Azure AD, Okta, any OIDC/SAML provider. The control plane issues a short-lived session token (≤5 min).
→ session.ttl = 300s
02
Discover peers & policy
The agent pulls network candidates and signed ACLs. Policies are verified locally before enforcement — and cached for offline operation.
→ policy.sig = Ed25519
03
Connect P2P (ICE-lite + STUN)
Direct UDP hole-punching first. Fall back to DERP (HTTPS/443) if UDP is blocked, or native QUIC relay when P2P fails.
→ preferred path: direct
04
Hybrid PQ handshake
QUIC negotiates ML-KEM-768 + X25519 keys in parallel. Application traffic flows over independent streams, each with its own flow control.
→ 1-RTT new · 0-RTT resume
05
Continuous verification
Policy re-evaluated on every request. Device posture re-checked every 60 seconds. Violations trigger immediate disconnection.
→ posture.interval = 60s
t = 0ms authenticate POST /auth/oidc → token t = 12ms discover GET /peers/b.prod → candidates[] t = 38ms ICE probe STUN srflx → udp://5.4.3.2:41234 t = 64ms QUIC handshake ML-KEM-768 ⊕ X25519 → shared_secret t = 78ms stream opened ✓ hybrid pq · posture.score = 92 on resume → 0ms · 0-RTT ✓
§ 03 / Performance

Performance TCP cannot match.

The numbers matter. A lost packet in a file sync stalls only that file sync — your interactive terminal, API calls, and video streams continue. Walk from Wi-Fi to cellular: the session doesn't drop.

Capability TCP VPN WireGuard Quartz
Connection setup (new) 2–3 RTT 1 RTT 1 RTT
Connection setup (resumed) 2–3 RTT 1 RTT 0 RTT
Connection migration (IP change) ✗ breaks ✗ breaks ✓ survives
Stream multiplexing ✗ HoL blocking ✗ n/a (L3) ✓ independent
Post-quantum crypto — none — none ✓ ML-KEM + ML-DSA
Userspace (no kernel modules) partial optional ✓ native
§ 04 / Security

Security that goes beyond the checklist.

Every connection is authenticated, authorized, and continuously re-verified. The cryptographic stack assumes a quantum attacker. The implementation assumes unsafe code is a bug class.

§ Crypto stack

Hybrid post-quantum, end to end.

Every Quartz connection combines classical and post-quantum primitives via a KDF with domain separation. Both must break — independently — to compromise a session.

  • KEXX25519 ⊕ ML-KEM-768 · NIST L3
  • SignaturesEd25519 ⊕ ML-DSA-65 · NIST L3
  • AEADAES-256-GCM · ChaCha20-Poly1305
  • HashBLAKE3
  • Key hygienezeroize · constant-time · no GC
  • StandardsFIPS 203 · FIPS 204 · FIPS 205
§ Device trust score

Zero → 100, re-evaluated every 60s.

Every agent carries a continuously-updated device posture score. Policies can gate access on exact thresholds.

Hardware attestation+20
Disk encryption+10
Firewall on+10
Screen lock < 5m+5
Attestation failure−30
Jailbroken / rooted−50
§ Policy engine

Signed, cached, default-deny.

Policies are Ed25519-signed by the controller and verified by the agent before enforcement. First-match-wins. Works offline.

  • Conditions12 types
  • Operators12 · incl. regex, in, contains
  • Defaultdeny
  • Offlinelocal cache · signed
§ Implementation

Memory-safe by construction.

The entire codebase denies unsafe_code at the workspace level. No buffer overflows, no use-after-free, no data races. Keys are zeroed on drop. HMAC comparisons run in constant time.

  • LanguageRust (100%) · #![deny(unsafe_code)]
  • Key destructionzeroize crate
  • Timingsubtle::ConstantTimeEq
  • Buildmulti-stage · non-root · hardened systemd
  • ObservabilityPrometheus · OpenTelemetry · tracing
§ 05 / Comparison

An honest look at the alternatives.

Tailscale and Netbird are mature, excellent products. If you need a mesh VPN today and PQC isn't a priority, use them. Quartz is for teams who need QUIC-native transport, hybrid PQC, and auditable self-hosted infrastructure.

Aspect Tailscale Netbird Cloudflare WARP Quartz
Transport WireGuard · L3 WireGuard · L3 WireGuard / MASQUE QUIC · L4
Post-quantum crypto — none — none — none ✓ hybrid, shipped
Open source partial (client) ✓ yes ✗ no ✓ MIT / Apache-2.0
Controller in data path DERP sees metadata relay sees metadata cloud-hosted ✓ out of path
Self-hosted Headscale (community) ✓ yes ✗ no ✓ first-class
Connection migration via DERP via relay yes ✓ native QUIC
Stream multiplexing — no — no — no ✓ yes
Maturity ★★★★★ excellent ★★★★ good ★★★★★ excellent ★★★ growing
Mobile clients all platforms all platforms all platforms Q1 2027
§ 06 / Status · April 2026

We ship. We don't oversell.

Quartz is at Milestones 1–3. Core networking, cryptography, and policy enforcement are functional today. Multi-platform agents and managed cloud are on a dated roadmap — here is exactly what's where.

Shipping today

M1 – M3
  • ●DERP infrastructure. Multi-region mesh, complete.
  • ●Agent core. Register, authenticate, connect, SOCKS5 proxy.
  • ●Hybrid PQC. ML-KEM-768, ML-DSA-65.
  • ●Pure QUIC transport. 0-RTT · migration · multiplexing.
  • ●Signed policies. Local enforcement, offline capable.
  • ●Device trust scoring.
  • ●Docker deployment. Prometheus + Grafana.

In progress

M3 active
  • ◐Policy engine hardening & edge cases (M3).
  • ◐Continuous verification loop refinement.
  • ◐macOS / Windows device attestation depth.
  • ◐WebAuthn / FIDO2 UX polish.
  • ◐NAT traversal — ICE-lite, STUN: partial.

On the roadmap

M4 – M7
  • â—‹M4 · Q4 2026. PostgreSQL · ACME TLS · production hardening.
  • â—‹M5 · Q1 2027. macOS, Windows, Android, iOS agents.
  • â—‹M6 · Q2–Q3 2027. Multi-tenancy · SCIM · RBAC · split tunneling.
  • â—‹M7 · Q4 2027. Multipath · exit nodes · subnet routing · MagicDNS.

§ What we don't claim

  • ✕"Defense-grade." Our crypto is defense-relevant. The product has not undergone DoD certification, Common Criteria, or FedRAMP authorization.
  • ✕"Cloud-hosted SaaS." Self-hosted is available today. Managed cloud is on the roadmap (M4 – M6).
  • ✕"HIPAA / FedRAMP / SOC 2 certified." The architecture supports compliance. Formal audits have not been completed.
  • ✕"FIPS 140-2 validated." We use NIST-standardized algorithms; we do not use FIPS 140-2 validated modules.
  • ✕"Unhackable." No software is unhackable. We minimize attack surface, undergo review, and fix what we find.
§ 07 / Architecture

Eleven crates.
One honest stack.

Each subsystem is its own crate. The workspace denies unsafe code. The dashboard is React 19 + TypeScript. The protocol definitions are five .proto files, versioned and stable.

quartz-cryptoPost-quantum cryptography · hybrid KEM & signatures
production
quartz-transportQUIC transport · Quinn 0.11
functional
quartz-protoProtocol definitions · 5 .proto files
production
quartz-controlControl plane API · Axum
functional
quartz-policyPolicy engine · 12 conditions · 12 operators
functional
quartz-natNAT traversal · ICE-lite · STUN
partial
quartz-derpDERP relay · Tailscale-compatible
complete
quartz-relayNative QUIC relay
functional
quartz-agentAgent daemon · CLI · SOCKS5
core complete
quartz-identityIdentity · OIDC/SAML · session mgmt
functional
quartz-metricsMetrics & tracing · Prometheus · OTel
functional
admin-dashboardReact 19 · TypeScript · Tailwind
production UI
§ 08 / Who Quartz is for

Built for teams that read the source.

Quartz is a deliberate choice, not a default. It's the right fit when post-quantum cryptography is insurance you need, when you audit your tools, and when you care about how packets actually move.

§ long-secrecy data

Data with a 10–25 year half-life.

If your data must stay confidential for decades, post-quantum crypto isn't optional. It's insurance against harvest-now-decrypt-later.

§ CNSA 2.0

Defense contractors.

The 2033 NSA CNSA 2.0 deadline is closer than it looks. Hybrid PQC deployments take years to validate and operationalize.

§ air-gapped

Regulated environments.

Self-hosted control plane, local policy enforcement, auditable open-source code — maps directly to compliance requirements.

§ open source

Teams that audit their tools.

MIT / Apache-2.0. Full source available. No black-box binaries. Verify every claim in this page against the code.

§ transport-aware

Network architects.

If you understand why 0-RTT, connection migration, and stream multiplexing matter, Quartz is built for you.

§ NOT for

Plug-and-play teams.

If you need all platforms today with zero engineering overhead and PQC isn't relevant, use Tailscale or Cloudflare WARP. We'll say so.

§ 09 / Get started

Run your own control plane
in under 60 seconds.

Quartz is self-hostable today. Managed cloud is on the roadmap (M4–M6). Clone the repo, bring up the stack, point your agent at it.

Self-hosted · available now

Docker Compose with controller, DERP relay, Prometheus, and Grafana. Multi-stage builds on Debian Bookworm slim, non-root containers, systemd hardening templates. SQLite by default; PostgreSQL migration path in M4.

Clone on GitHub ↗ Deployment guide
  • LicenseMIT · Apache-2.0
  • Binarieslinux/amd64 · linux/arm64
  • Agent OSLinux (today) · macOS/Win/iOS/Android (M5)
  • DBSQLite (default) · PostgreSQL (M4)
~/quartz · zsh
# clone & start the stack
$ git clone https://github.com/quartz-ztna/quartz.git
$ cd quartz
$ docker-compose -f docker/docker-compose.yml up -d
  ✓ quartz-controller   running :8443
  ✓ quartz-derp         running :3478/udp  :443/tcp
  ✓ prometheus          running :9090
  ✓ grafana             running :3000

# configure & run your first agent
$ cp config/agent.toml.example config/agent.toml
$ cargo run --bin quartz-agent -- --config config/agent.toml

  [INFO]  identity: OIDC → google-workspace ✓
  [INFO]  handshake: ML-KEM-768 ⊕ X25519 ✓
  [INFO]  session opened in 78ms  · trust=92/100
  [INFO]  SOCKS5 listening on 127.0.0.1:1080
§ 10 / FAQ

Straightforward answers.

No marketing dodges. If you need more, the docs go deeper and the source goes deeper still.

Is Quartz production-ready?
Core networking (M1–M2) is functional and tested. Policy engine (M3) is in progress and works for standard use cases. We recommend evaluating Quartz for non-mission-critical workloads today, with production hardening planned for Q4 2026 (M4).
Does Quartz require kernel modules or root?
No. The agent runs entirely in userspace. In SOCKS5 proxy mode it requires no special privileges. For system-level TUN tunneling, CAP_NET_ADMIN is needed.
What if a quantum computer is never built?
Your data remains secure. Hybrid mode includes classical X25519 / Ed25519, which are secure against classical computers. You lose nothing by adding PQC — you gain protection against a credible, if uncertain, threat.
Can I use Quartz without post-quantum cryptography?
Yes — the classical crypto mode disables PQC algorithms. We don't recommend this for new deployments, but it's available for compatibility testing.
How do I migrate from Tailscale or WireGuard?
Deploy Quartz alongside your existing mesh. Use SOCKS5 proxy mode to route specific applications through Quartz while maintaining legacy connectivity. Migrate incrementally as comfort grows.
Is there a managed cloud option?
Not yet. We're building toward a managed SaaS offering (M4–M6). If you need managed ZTNA today, evaluate Tailscale, Cloudflare WARP, or Zscaler.
What cryptography standards do you follow?
NIST FIPS 203 (ML-KEM) for key encapsulation, FIPS 204 (ML-DSA) for digital signatures, FIPS 205 (SLH-DSA) for conservative signatures, RFC 9000 for QUIC transport, RFC 9114 for HTTP/3, and alignment with NSA CNSA 2.0 for hybrid key establishment.

Ready to build a VPN that will still be secure in 2045?

Clone the repo, run the stack, point your first agent at it. If Quartz isn't the right fit, we'll tell you where to look instead.

Start self-hosting Read the architecture