Evidence must outlive the cryptography that sealed it: a post-quantum audit doctrine
Long-lived AI records survive by staying verifiable after their sealing cryptography is superseded, using post-quantum signatures, hash-chaining, algorithm identifiers and a defined re-signing path.
Post-quantum audit doctrine: evidence must stay verifiable after its sealing cryptography is broken, because a signature trusted today can be forged once quantum computers mature.
Why this matters in 2026: the records AI systems generate now, medical decisions, financial approvals, defence logs, must remain provable for decades. Adversaries already harvest sealed data to decrypt it later, and standards bodies have finalised the post-quantum signatures that will outlast today's mathematics. A record sealed with a scheme that quantum computers can break is not durable evidence; it is a liability waiting for the machine that discredits it. The doctrine below is the governing principle that ties the whole post-quantum cluster together.
What does it mean for evidence to outlive its cryptography?
It means a record stays independently verifiable long after the algorithm that first signed it is deprecated, because verification never depends on any single scheme.
Cryptographic guarantees have shelf lives. A signature is a promise about the future, and that promise fails the day its algorithm is broken. Evidence that must last decades therefore cannot bind its credibility to one scheme. It must carry its own chain of proof so that any future verifier can check it without trusting the tool, the vendor or the mathematics that created it. The design goal is not a stronger padlock but a record that can be re-proven for as long as anyone might reasonably contest it.
Which post-quantum standards sign the audit ledger?
FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) sign the audit ledger; FIPS 203 (ML-KEM) only encapsulates keys and never signs anything.
The distinction is not pedantry. FIPS 203, ML-KEM, protects confidentiality by encapsulating keys. It produces no signature and proves nothing about who wrote a record or when. Only FIPS 204, ML-DSA, and FIPS 205, SLH-DSA, produce the signatures that seal an audit ledger. ML-DSA is the lattice-based default; SLH-DSA is a conservative hash-based alternative, so a weakness discovered in one family does not collapse the entire chain. Treating encapsulation as if it were signing is the most common and most dangerous error in post-quantum planning.
What threatens long-lived evidence, and which control answers each?
Four threats dominate: a quantum computer forging signatures, an algorithm being deprecated, the vendor disappearing, and a key being lost; each maps to one control.
| Threat to long-lived evidence | Consequence | Doctrine control |
|---|---|---|
| Quantum computer forges the signature | Old seals become forgeable and evidence turns repudiable | Post-quantum signatures under FIPS 204 and 205 over a hash-chained ledger |
| Algorithm is deprecated | Verifiers reject the original scheme | Algorithm identifiers plus a defined re-signing path |
| Vendor disappears | No service left to check or reissue proofs | Offline verifiability on operator-owned hardware |
| Key is lost | Signing authority cannot be reproduced | Hardware-attested identity bound to the audit chain |
Each row is a single sentence a reviewer can act on. No threat is left to hope, and no control depends on a supplier still being in business when the record is finally challenged.
How does a re-signing path keep old records valid?
A re-signing path wraps existing evidence in a fresh post-quantum signature while preserving the original hash chain, so nothing is rewritten and history stays intact.
Algorithm identifiers stamp every entry with the scheme that sealed it, so a verifier always knows which mathematics to apply. When a scheme is later deprecated, the re-signing path over-signs the existing chain with a current post-quantum signature rather than reissuing the records themselves. The originals are never edited, the old identifiers remain in place, and the new signature vouches for everything beneath it. That is the difference between renewing trust and destroying the very continuity that makes a record credible.
Why does sovereignty decide whether evidence survives?
Because verification tied to a vendor's servers dies when the vendor does; sovereign evidence verifies offline on operator-owned hardware, outside any provider's control.
The US CLOUD Act can compel a US-based provider to produce data regardless of where its servers physically sit, so evidence held in another party's cloud is never fully under the operator's control. Public services such as ChatGPT, Copilot and Gemini are the right choice for open, low-sensitivity work; for records that must survive decades and hostile scrutiny, verification cannot rest on infrastructure the operator cannot see. Mickai is a Sovereign Intelligence Operating System, a SIOS, that runs offline on operator-owned hardware behind a zero-egress inbound perimeter, with hardware-attested identity bound to the audit chain and cross-model consensus across 50 brains, 25 domain and 25 operational. Its design is protected by 104 filed UK patent applications and 2,340 claims owned by Mickai LTD (Companies House 17166618), filed and patent pending.
How does this doctrine tie the post-quantum cluster together?
It is the governing principle beneath every other control: signatures, encapsulation, offline verification and re-signing all keep evidence checkable after its first cryptography fails.
Read alone, each control looks like a technical choice. Read together, they answer one question: will this record still convince a sceptic once the scheme that sealed it is history? Every other page in this cluster is an implementation of that single test.
“Evidence that cannot be verified once its original cryptography is broken is not evidence; it is a claim awaiting the machine that will discredit it.”
Frequently asked questions
Do I need to re-sign records that are already signed?
Not by rewriting them. A re-signing path over-signs the existing hash chain with a current post-quantum signature, so the original entries and their algorithm identifiers stay intact. Trust is renewed while history is preserved, which is exactly what a court or auditor expects.
Does FIPS 203 sign my audit trail?
No. FIPS 203, ML-KEM, is a key-encapsulation mechanism that protects confidentiality and never produces a signature. Signing the ledger is the job of FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA). Confusing the two leaves records encrypted but unprovable.
What happens to my evidence if our security vendor goes out of business?
If verification depends on that vendor's servers, the proofs die with it. Under this doctrine, evidence verifies offline on operator-owned hardware, so a record stays checkable even when the vendor, the service and the network are all gone. Survivability is a design property, not a support contract.
Is post-quantum signing required by regulation yet?
Not universally, but the direction is set. DORA has been in force since January 2025 and NIS2 covers essential and important entities, while the EU AI Act's high-risk Annex III obligations were deferred by the Digital Omnibus from 2 August 2026 to 2 December 2027. Long-lived evidence should be sealed for the rules that will apply across its whole life, not only today's.
How long should long-lived evidence stay verifiable?
For as long as anyone might reasonably contest it, which for medical, financial and defence records can mean decades. That horizon, not today's threat model, sets the cryptography: evidence is sealed for the algorithms expected to hold across its whole life, with a re-signing path ready for the day they no longer do.




