The Threat Model
Harvest Now, Decrypt Later. Adversaries are capturing encrypted data today, waiting for quantum computers to break current cryptography. When that happens, archived trade records, audit trails, compliance packages, and long-retention evidence become exposed.
This is not limited to AI. Trade documentation, compliance records, investigation files, and long-retention institutional evidence all need to remain tamper-evident for years, sometimes in degraded or offline verification environments.
The problem is not only whether a signature verifies. It is whether an auditor can still inspect the exact evidence bundle when providers are down, networks are unavailable, or a signing pipeline is later questioned.
Current RSA and ECC signatures have an expiration date. We just don't know exactly when.
The Solution
FieldHash provides offline-verifiable evidence for long-horizon data integrity by combining modern post-quantum cryptography with optional quantum hardware anchoring. It is backend-agnostic and can use available provider APIs now. In the governed-memory stack, the same evidence layer can attach to hash-chained memory events, signed checkpoints, certificates, and transparency anchors. Evidence bundles are designed to be self-contained: verifiers inspect signed hashes, policy metadata, and provenance statistics locally rather than sending raw protected content to a third-party validator.
Post-Quantum Signatures
NIST ML-DSA (Dilithium)—standardized, battle-tested, quantum-resistant. Optional ML-KEM (Kyber) for encrypted attachments.
Content Binding
SHA-256 (primary) and SHA-512 (audit trail) for cryptographic content binding. Protected artifacts can be immutably linked to their evidence when the provenance path is enabled.
Optional Quantum Hardware Anchoring
When IBM Quantum or Quantum Inspire hardware is available, FieldHash captures device-conditioned fingerprints, distribution digests, noise statistics, and calibration context. Users do not need to own a quantum computer; the system can call available backends through provider APIs.
Simulation by Default
Full cryptographic security without specialized hardware. Simulation mode covers many near-term workflows, while hardware-backed profiles add an extra physical provenance layer when higher assurance is required.
HSM/Vault Integration
Private keys never leave secure custody. Zero egress to application memory. Non-exportable signing keys in Vault, KMS, or HSM.
Local Verification & Continuity
Verifiers can validate the signed evidence bundle locally using versioned trust profiles. If an issuer, provider, or FieldHash service is unreachable, workflows can continue and verification can occur from cached evidence without adding a new inline dependency.
Measured Evidence
FieldHash is not a concept-only security claim. It has been executed on real quantum hardware with reproducible evidence and adversarial validation.
Hardware Backends
Executed on IBM Quantum and Quantum Inspire with auditable job records.
Baseline Finding
A standard-profile uniform-blend attack passed in 15/800 trials (1.875%).
Hardened Closure
The hardened profile closed that measured gap to 0/800 under the same attack family.
Adaptive Result
Production-gated adaptive testing produced 0/5000 successful forgeries per tested model.
The public evidence package includes the preprint, execution reports, adversarial benchmarks, and reproducibility materials.
The Workflow
Five steps from content to verifiable evidence:
Hash
Content bound with SHA-256/SHA-512
Execute
Parameterized circuit run on simulation or available QPU backends via API
Fingerprint
Distribution digest, device metadata, noise statistics, and calibration context captured when available
Sign
Evidence package signed with ML-DSA through Vault/KMS/HSM or a configured PQC signer
Verify
Offline verification using versioned trust profiles and local policy
Verification Model
Fully offline-capable. No network required for verification. Evidence packages are self-contained and can be validated in air-gapped environments. They contain hashes, provenance metadata, and policy labels rather than raw protected documents.
Trust Tiers
Production deployments use composed verification: statistical policy gates plus signature-bound integrity metadata. Profiles are versioned for forward compatibility and can enforce minimum shots, drift windows, mode policy, and hardware-vs-simulation requirements.
Evidence is content-addressed for efficient distribution and can support ETag/304 revalidation at scale. Connected deployments can distribute verifier keys through signed trust bundles or internal JWKS endpoints; disconnected deployments can pin the same trust material inside their enclave.
Security Architecture
For European or regulated deployments, the intended enterprise posture is controlled deployment plus evidence: customer-approved model routing, EU-region cloud, customer VPC or on-prem infrastructure, documented subprocessors, retention and deletion controls, and audit-log ownership. FieldHash can supply verifiable evidence records for counsel, CISO, and AI-governance review; it is not legal advice and does not make an AI system compliant by itself.
FieldHash binds selected major artifacts and governance decisions to tamper-evident evidence records. Governed-memory event logs can be hash-chained, checkpointed, signed, bound to FieldHash-compatible certificates, and anchored to a transparency log where configured. In a Dilithium-enabled local governed-memory diagnostic, the checkpoint and certificate used CRYSTALS-Dilithium3 signatures without PQC fallback while local Ollama handled the answer path; the demo can also fail loudly when PQC is required but unavailable. Operator-resistance depends on retaining that transparency log outside the governed-memory operator boundary; FieldHash does not claim that every private memory, transient model output, or internal trace is public or permanently signed.
Learn More
Read the strategic brief first for a concise narrative, then review the public evidence package for the measured hardware, spoofing, and reproducibility artifacts: