Quantum-Resistant Security, Built Into Every Layer
EATF integrates ML-DSA (Dilithium3) post-quantum signatures alongside classical RSA-4096 — protecting AI agent identities, decisions, and audit trails against both current and future quantum threats.
Live PQC System Status
/api/v1/crypto/healthWhy Post-Quantum Now?
Quantum computers capable of breaking RSA and ECC are projected within the next decade. The "harvest now, decrypt later" threat means data captured today can be decrypted once quantum computers arrive. Hybrid cryptography provides immediate protection.
Harvest Now, Decrypt Later
Adversaries are already collecting encrypted data to decrypt with future quantum computers. Long-lived AI governance records are prime targets.
Migration Takes Years
NIST estimates full PQC migration will take 5-15 years for large organizations. Starting with hybrid mode ensures backward compatibility during the transition.
Hybrid = Best of Both
Dual RSA-4096 + ML-DSA signatures guarantee security even if one algorithm is compromised. This is the industry-recommended approach for the transition period.
Supported Algorithms
EATF supports classical, post-quantum, and hybrid cryptographic modes — giving operators full control over their quantum readiness posture.
Classical
LegacyPost-Quantum
NIST StandardizedHybrid
RecommendedWhere PQC Lives in the Architecture
Post-quantum cryptography is integrated across multiple layers of the trust framework — from agent identity to evidence packaging.
Agent Identity
PQC ENABLEDDID-based identities with hybrid certificates (RSA-4096 + ML-DSA)
Certificate Authority
PQC ENABLEDQTSP-ready CA issuing classical, post-quantum, and hybrid certificates
AI Response Signing
PQC ENABLEDEvery AI response is dual-signed: RSA-4096 (classical) + ML-DSA (post-quantum)
Evidence Packages
PQC ENABLEDTamper-proof .aep bundles with PQC signatures and TSA timestamps
Audit Ledger
Immutable action logs with cryptographic chain integrity
Policy Engine
Governance rules enforced at every decision point
Standards Alignment
Built on NIST-standardized algorithms, aligned with emerging regulatory requirements.
ML-DSA (Dilithium)
Module-Lattice-Based Digital Signature Algorithm. NIST's primary post-quantum signature standard. Security parameter set: ML-DSA-65 (Dilithium3) — NIST Security Level 3 (128-bit equivalent against quantum attacks).
Dual-Signature Architecture
Every cryptographic operation produces two independent signatures: RSA-4096 (classical, battle-tested) and ML-DSA-65 (quantum-resistant). Verification succeeds if either signature is valid, ensuring backward compatibility and forward security.
Compliance-Ready
Aligned with NSA CNSA 2.0, EU Cyber Resilience Act, and upcoming eIDAS 2.0 post-quantum requirements. QTSP-ready certificate infrastructure supports seamless migration to mandated PQC algorithms.
The Quantum Threat Timeline
The transition to post-quantum cryptography is not a future problem — it's happening now.
NIST finalizes FIPS 203, 204, 205 (ML-KEM, ML-DSA, SLH-DSA)
NSA CNSA 2.0 requires PQC for national security systems
EATF ships ML-DSA hybrid certificates in production
EU mandates PQC migration for eIDAS trust services
Cryptographically relevant quantum computers expected (CRQC)
Harvest-now-decrypt-later attacks already happening
Try PQC Signing — Live Demo
Enter any text below. The backend will sign it with both RSA-4096 and ML-DSA-65, returning the dual signatures and timing data.
Quantum-Ready Agent Governance
Don't wait for quantum computers to arrive. Start protecting your AI agents with post-quantum cryptography today.