Post-Quantum Attestation in Production: ML-DSA-65 for Long-Lived Record Integrity | AffixIO

affix-io.com<br>Whitepapers<br>Post-Quantum Attestation<br>Download PDF

AffixIO Technical Paper — WP-002

June 2026

affix-io.com

AffixIO White Paper · WP-002

Post-Quantum Attestation in Production: ML-DSA-65 for Long-Lived Record Integrity

A practical guide to Q-Day risk, store-now-decrypt-later attacks, NIST FIPS 204 compliance, and deploying quantum-safe signatures for AI governance and cryptographic audit trails

AffixIO | Cardiff / Swansea, Wales | affix-io.com | June 2026

Abstract

The quantum threat timeline has compressed faster than most post-quantum cryptography roadmaps anticipated. The qubit count required to break RSA-2048 has fallen from 20 million in 2019 to under 100,000 in early 2026, a reduction of more than 200 times in seven years, driven entirely by engineering improvements rather than new theoretical breakthroughs. For organisations producing AI governance records, compliance audit trails, and cryptographic attestations today, this compression creates an immediate exposure: classical signatures applied now will be forgeable in the future via store-now-decrypt-later (SNDL) attacks, well before most PQC readiness roadmaps reach completion. This paper argues that long-lived attestation records require quantum-safe signatures from the point of generation. It describes the ML-DSA-65 algorithm standardised as NIST FIPS 204 in August 2024, covering the lattice-based cryptography foundations, crypto-agility considerations, HSM key custody requirements, Merkle tree integration, verifiable-credential compatibility, and migration paths from ECDSA and RSA. It also documents AffixIO's production deployment of ML-DSA-65 for AI governance attestation, with implementation detail sufficient for engineering teams evaluating post-quantum migration for their own cryptographic audit trail infrastructure.

Contents

1Introduction

2The Compressed Quantum Timeline

3Store-Now-Decrypt-Later Attacks

4NIST FIPS 204: The ML-DSA Standard

5ML-DSA-65 Technical Specification

6Why Attestation Records Are Uniquely Exposed

7The Attestation Gap in AI Governance

8AffixIO's Production Implementation

9Integration with Zero-Knowledge Proof Pipelines

10HSM Key Custody and FIPS 140-2 Level 3

11Third-Party Verification and Digital Sovereignty

12Regulatory Drivers

13Migration from Classical Signature Schemes

14Performance and Crypto-Agility Considerations

15Known Limitations

16Conclusion

Section 1

Introduction

Classical digital signatures (ECDSA, RSA, Ed25519) rest on mathematical problems that classical computers cannot solve in reasonable time but that quantum computers running Shor's algorithm can. For most of the past decade, this vulnerability felt theoretical: the quantum computers needed to exploit it did not exist, and credible projections placed their arrival far enough away that a planned migration felt adequate. That position is no longer defensible.

In March 2026, Google published a zero-knowledge proof demonstrating that a first-generation fault-tolerant quantum computer could break elliptic curve cryptography keys in under nine minutes using optimised circuit designs. Research published between mid-2025 and early 2026 has reduced the qubit estimate for breaking RSA-2048 to under 100,000, down from 20 million in 2019. The compression is driven entirely by engineering optimisations to known techniques, and there is no strong theoretical argument that it has reached its floor. The conversation in the security community has shifted from "if Q-Day arrives" to "when Q-Day arrives and how much warning we will have."

For short-lived encrypted communications, a planned migration is adequate. A TLS session encrypted yesterday does not need to remain confidential in fifteen years. Rotating keys to a quantum-safe scheme when the threat materialises is sufficient for that category of data.

Attestation records are a different category entirely. A signed governance certificate, an AI decision audit trail, a compliance attestation, or a signed proof of eligibility may need to withstand scrutiny in legal proceedings, regulatory investigations, or Freedom of Information requests years or decades from now. If the signature on such a record uses a classical algorithm, and a sufficiently capable quantum computer exists at the time of that scrutiny, the signature can be forged. A forged signature produces a record indistinguishable from a genuine one. No audit trail built on classical cryptography is safe from this outcome.

The correct response is to apply quantum-safe signatures to attestation records from the point of generation. Records generated before a PQC migration carry classical signatures that will eventually be forgeable. Records generated after carry post-quantum signatures that resist forgery for any foreseeable timeline. Closing the gap requires starting now, not at a future migration date.

NIST finalised...