Post-Quantum Cryptographic Suite
Quantum computers will break RSA and elliptic curve cryptography. This is not a question of if, but when. AI systems that rely on classical cryptographic authentication today are building on foundations that will crumble. SCBE ships with a full post-quantum cryptographic stack that is quantum-resistant now, not as a future migration plan.
The Problem: Harvest Now, Decrypt Later
Adversaries are already collecting encrypted data today with the expectation that quantum computers will let them decrypt it in the future. For AI governance systems, this means that every audit log, every governance decision, every signed attestation created with classical cryptography has an expiration date on its integrity guarantee.
AI systems are particularly vulnerable because their governance records must remain verifiable for years or decades. A tampered audit trail from 2026 that cannot be verified in 2032 undermines the entire governance chain of trust.
SCBE's PQC Stack
ML-KEM-768 (Key Encapsulation)
Standard: NIST FIPS 203
Formerly: Kyber768 (CRYSTALS-Kyber)
ML-KEM-768 is the primary key encapsulation mechanism. It generates shared secrets for symmetric encryption using Module Learning with Errors (MLWE) over structured lattices. Security level 3 (equivalent to AES-192). Used for all session key establishment between SCBE nodes, governance councils, and external clients.
// Key encapsulation flow
const { publicKey, secretKey } = ml_kem_768.keygen();
const { ciphertext, sharedSecret } = ml_kem_768.encapsulate(publicKey);
const decryptedSecret = ml_kem_768.decapsulate(ciphertext, secretKey);
// sharedSecret === decryptedSecret
ML-DSA-65 (Digital Signatures)
Standard: NIST FIPS 204
Formerly: Dilithium3 (CRYSTALS-Dilithium)
ML-DSA-65 provides digital signatures for all governance attestations, audit records, and inter-node communication. Based on Module Learning with Errors, it produces signatures that are unforgeable even by quantum adversaries. Every governance decision in the 14-layer pipeline is signed with ML-DSA-65.
// Signature flow
const { publicKey, secretKey } = ml_dsa_65.keygen();
const signature = ml_dsa_65.sign(message, secretKey);
const valid = ml_dsa_65.verify(message, signature, publicKey);
// valid === true for authentic messages
AES-256-GCM (Symmetric Encryption)
Standard: NIST SP 800-38D
AES-256-GCM provides authenticated symmetric encryption for all data at rest and in transit. The shared secrets from ML-KEM-768 are used as AES-256-GCM keys. GCM mode provides both confidentiality and integrity -- a tampered ciphertext will fail authentication before any decryption occurs.
BLAKE2s (Hashing)
BLAKE2s is the hash function used throughout the SCBE stack for content addressing, Merkle tree construction, and integrity verification. Faster than SHA-256 with equivalent security margins. Quantum computers provide at most a quadratic speedup against hash functions (Grover's algorithm), making 256-bit hashes effectively 128-bit secure against quantum attack -- still well above the security threshold.
GeoSeal: Location-Bound Encryption
GeoSeal extends the PQC stack with location-bound cryptographic envelopes. A GeoSeal proves that data was sealed at a specific geographic location and time, binding the cryptographic attestation to physical space.
To unseal, the verifier checks both the ML-DSA-65 signature and the location/time hashes. The data can only be verified as authentic if the location and time claims match the cryptographic binding.
Sacred Eggs: Controlled Mutation Gates
Sacred Eggs are cryptographically verified mutation points in the GeoSeed network. Each Egg represents a controlled genesis event -- a new seed, a new training run, a new model version. The Egg's cryptographic envelope ensures that mutations can only occur through the proper governance channel.
- Egg Creation: A new Egg is minted with an ML-DSA-65 signature from the creating council.
- Egg Hatching: Requires quorum approval from the BFT council (at least 4/6 councils must sign).
- Egg Verification: Any node can verify the Egg's signature chain to confirm it was properly created and hatched.
- Egg Revocation: A compromised Egg can be revoked by posting a signed revocation notice, which propagates through the network's Merkle tree.
RWP v3 Protocol: Read-Write-Prove
The Read-Write-Prove (RWP) protocol wraps every data operation in a cryptographic envelope that provides non-repudiation. Version 3 upgrades all signatures to ML-DSA-65 and all key exchanges to ML-KEM-768.
RWP v3 Envelope Structure
{
"version": "3.0",
"operation": "READ | WRITE | PROVE",
"payload": { ... },
"signature": "ML-DSA-65 signature over payload",
"kem_ciphertext": "ML-KEM-768 encapsulated session key",
"timestamp": "ISO-8601 with NTP attestation",
"chain_hash": "BLAKE2s hash linking to previous envelope",
"governance_stamp": {
"council_votes": [6 boolean votes],
"decision": "ALLOW | QUARANTINE | DENY",
"quorum_met": true
}
}
liboqs Migration Notes
The underlying PQC library (liboqs) renamed algorithms to match NIST's final standard names. SCBE handles this with a fallback pattern:
def _select_dsa_algorithm():
"""Try NIST standard name first, fall back to draft name."""
try:
return oqs.Signature("ML-DSA-65") # FIPS 204 final
except oqs.MechanismNotSupportedError:
return oqs.Signature("Dilithium3") # Draft name
def _select_kem_algorithm():
"""Try NIST standard name first, fall back to draft name."""
try:
return oqs.KeyEncapsulation("ML-KEM-768") # FIPS 203 final
except oqs.MechanismNotSupportedError:
return oqs.KeyEncapsulation("Kyber768") # Draft name
This ensures SCBE works with both older liboqs releases (pre-0.9.0) that use the draft names and newer releases that use the NIST standard names.
Standards Compliance
| Standard | Algorithm | SCBE Usage | Status |
|---|---|---|---|
| FIPS 203 | ML-KEM-768 | Key encapsulation for all sessions | Implemented |
| FIPS 204 | ML-DSA-65 | Governance signatures and attestations | Implemented |
| FIPS 205 | SLH-DSA (SPHINCS+) | Stateless hash-based fallback signatures | Planned |
| SP 800-38D | AES-256-GCM | Symmetric authenticated encryption | Implemented |