Trust centre · Cryptography

Post-quantum migration

AqtaCore is not post-quantum secure today. We document what we sign with, what survives a cryptographically relevant quantum computer (CRQC), and the specific criteria that trigger our v2 migration to ML-DSA hybrid signing.

The chain hash (SHA-256) is quantum-resilient. Tampering with any past receipt still breaks every later chain hash regardless of signature-forgery capability. This bounds the blast radius of a future CRQC for our customers under DORA, MiFID II, or EU AI Act long-retention obligations.

What we sign with today

Ed25519 attestation signature
The signature on every receipt. Proves the gateway, not an imposter, made the decision.
Used in: Every receipt on every gateway request
RFC 8032. Forgeable under Shor against any captured public key once a CRQC exists.
Classical only
Schnorr proof on BN254 G1
A cryptographic proof that policy enforcement ran without revealing the request content.
Used in: Per-trace ZK enforcement proofs (Pro+)
Discrete-log assumption on an elliptic curve; Shor breaks it.
Classical only
Groth16 proof on BN254
A succinct proof that a request was checked against a known threat list, without revealing which entry matched.
Used in: Pairing-based ZK threat-membership proofs
Bilinear-pairing soundness; Shor breaks it.
Classical only
SHA-256 chain hash
The fingerprint that links each receipt to the previous one for the same org. Tampering breaks the chain.
Used in: Per-receipt live chain (chain integrity)
Grover gives 2× speedup, ~128-bit residual security. Chain integrity preserved.
PQ-resilient
SHA-256 canonical payload digest
The fingerprint of each receipt itself, what the signature is computed over.
Used in: Receipt canonicalisation
Same Grover argument as the chain hash.
PQ-resilient
AES-256 (data at rest, when used)
Symmetric encryption for any persisted data. Prompts and responses are not stored, so this surfaces only for retention metadata.
Used in: Encrypted columns, KMS keys
~128-bit residual against Grover. Acceptable.
PQ-resilient

ATTESTATION-v2 target: hybrid signing

Every v2 receipt will carry two signatures over the canonical payload: classical Ed25519 (RFC 8032) plus post-quantum ML-DSA-65 (NIST FIPS 204). A receipt is valid if and only if both signatures verify. This matches NIST SP 800-208 transition guidance and the IETF PQUIP working group's hybrid-mode recommendation.

signature_ed25519 = Ed25519.sign(canonical_payload)
signature_ml_dsa = ML-DSA-65.sign(canonical_payload)
# verify_v2 := verify_ed25519 AND verify_ml_dsa

Timeline criteria

v2 is gated on three checkpoints, in order. Once all three are met, AqtaCore commits to publishing v2 within 90 days and dual-signing for the entire active retention window.

  1. 1
    NIST FIPS 204 reaches federal-use status
    ML-DSA standardised; SP 800-208 transition guidance applies.
    ✓ Met
  2. 2
    Reference implementations of ML-DSA in both Python and JavaScript
    Tracking pq-crystals/dilithium and nokia/oqs-provider with permissive licences and independent audit.
    ◷ In progress
  3. 3
    A regulator cites post-quantum readiness as a procurement requirement
    We review ANSSI, BSI, and EU AI Act post-market guidance quarterly. The trigger is expected to flip in the 2026-2028 window; we monitor each issuance.
    ○ Pending

Threat model today

For enterprise security reviewers

The normative text is in ATTESTATION-v1.0.1, §12 Post-Quantum Migration. Confidential security disclosures: SECURITY.md.

Email security@aqta.ai →Request the spec for reviewTrust centre →

Last reviewed: April 2026. We refresh this page on each NIST or ANSSI/BSI guidance update we monitor.