MICKAI
Article · 30 June 2026

ML-DSA-65: The Signature Under Every Action

How the FIPS 204 post-quantum signature seals every operation a Sovereign Intelligence Operating System takes, built to stand for decades and through the quantum era after it.

ML-DSA-65: The Signature Under Every Action
Author
Micky Irons
Published
30 June 2026
Follow Micky Irons
LinkedInX
post-quantumfips-204ml-dsaaudit-ledgersovereign-ai

Most audit trails answer one question: what happened? A cryptographic signature answers a harder one: can you still prove it years from now, when the machine that made the record is gone, the operator has moved on, and a future adversary commands more computing power than anyone alive today can imagine? At Mickai we treat that harder question as the real one, because in regulated work the record has to outlive everything around it.

Underneath every action a Mickai brain takes sits a single, quiet mechanism: a post-quantum digital signature built to the FIPS 204 standard, in its ML-DSA-65 parameter set. It is the seal that turns an action into evidence. This is the story of what that signature is, why we chose it, and why we designed it to hold for decades rather than headlines.

What FIPS 204 and ML-DSA-65 actually are

FIPS 204 is the Federal Information Processing Standard for the Module-Lattice-Based Digital Signature Algorithm, known as ML-DSA, published by the United States National Institute of Standards and Technology (NIST) in 2024. It is the finalised form of the algorithm the world knew during the standardisation competition as CRYSTALS-Dilithium. ML-DSA-65 is one of three defined strength levels, the middle tier, chosen to sit comfortably in the security band NIST calls Category 3.

The important word is post-quantum. Classical signature schemes such as RSA and elliptic-curve cryptography draw their strength from mathematics that a large fault-tolerant quantum computer could unpick in a practical timeframe using Shor's algorithm. ML-DSA does not. Its security rests on the hardness of lattice problems, a class of mathematics for which no efficient quantum attack is known. A signature made today with ML-DSA-65 is meant to resist not only the computers of the present but the quantum machines of a future we cannot yet see.

Why a signature under every action, not just at the door

Many systems sign at the perimeter. A user logs in, a token is issued, and everything that follows is trusted because the door was locked once. We reject that model for anything that matters. In a Sovereign Intelligence Operating System, a brain can read records, move money, alter a configuration, or dispatch a message. Each of those is an action with consequences, and each deserves its own evidence.

A colossal winged marble figure of Kairos standing on tiptoe reaching forward as gold light streaks past
Like Kairos, the fleeting moment, the seal is set the instant before the deed and can never be reclaimed unsigned

So every operation carries an Operation Attestation Record, which we call the OAR. The OAR describes what is about to happen: which brain, which inputs, which policy allowed it, at what time, under whose approval. Critically, we sign the OAR before the action executes, not after. The signature is the commitment, and the action follows only once that commitment exists. If the deed is questioned in five years, the OAR is the sworn statement made the instant before, sealed with ML-DSA-65.

The chain that makes tampering visible

A single signed record proves one event. A ledger of them proves a history, but only if that history cannot be quietly edited. We link the records into a hash chain using SHA-3-512, so each entry carries the fingerprint of the one before it. Change a record in the middle and every fingerprint after it breaks, the way a forged page tears the thread that binds a bound book.

A colossal marble figure of Mnemosyne seated in stillness holding a linked chain of tablets across her lap
Mnemosyne, memory itself, holds the hash-linked chain where breaking one link tears the whole record

The result is a tamper-evident, cryptographically-signed audit ledger. It is not merely stored; it is provable. An auditor does not have to trust that our database is honest. They can recompute the hashes and verify each ML-DSA-65 signature independently, and the mathematics either agrees or it does not. That is the difference between a log you are asked to believe and a ledger you can check for yourself.

Offline verification and the customer's own hardware

A seal is only useful if it can be checked without asking the sealer for permission. ML-DSA-65 verification needs only the public key and the standard algorithm, both of which are open. So a regulator, an insurer, or the customer's own compliance team can verify a Mickai ledger with no connection back to us, on a laptop in an air-gapped room if they wish. There is no phone-home, no licence server standing between the evidence and the person examining it.

This matters most where Mickai is designed to live: on hardware the customer owns, air-gapped or on-premise, with zero data egress. The signatures are made inside that boundary and stay inside it. For institutions bound by the General Data Protection Regulation (GDPR), the European Union Artificial Intelligence Act, the Digital Operational Resilience Act (DORA), or the Health Insurance Portability and Accountability Act (HIPAA), the ability to prove an action without exporting a single byte is not a convenience. It is the whole point.

High-stakes actions and the weight behind a signature

Not every action carries the same risk, and the signature is only as meaningful as the authority behind it. For consequential operations, a Mickai signature is not produced on the say-so of one brain acting alone. We gate high-stakes actions behind multi-brain agreement and voice-biometric approval, so the OAR that gets signed reflects a decision that more than one authority endorsed, with a human voice as part of the quorum.

A colossal marble figure of Argus Panoptes covered in watching eyes turned outward into the dark
Argus of the hundred eyes verifies the seal alone, needing no permission and trusting nothing unchecked

Brains are also revocable. If one is compromised or retired, we can withdraw its authority, and because every past action it took is sealed and hash-linked, the historical record remains intact and independently checkable even after the brain itself is gone. The signature does not just say a thing happened. It says who was accountable, how the decision was reached, and that the account cannot be quietly rewritten afterwards.

Why we chose the middle tier, and why decades

ML-DSA offers three strength levels. We standardised on the 65 parameter set because it lands in the sweet spot NIST intends for serious long-lived data: comfortably beyond the reach of foreseeable attack, while keeping signatures and keys small enough to sign every single action without slowing the system to a crawl. It is a deliberate engineering choice, not the maximum for its own sake and not the minimum for speed.

A colossal marble figure of Chronos striding through the void as gold light stretches long behind him
Chronos, deep time, is the true test: a seal that must still stand when the machine that made it is long gone

The reason to reach for post-quantum strength now, before quantum computers are a daily threat, is a problem the field calls harvest-now, decrypt-later. An adversary can capture signed records today and wait for the machines that might break weaker schemes tomorrow. A financial instruction, a medical decision, or a legal attestation may need to stand for twenty or thirty years. Sealing it with ML-DSA-65 today is how we make sure the evidence made this morning is still evidence long after the technology that made it has been replaced.

The bottom line

The signature under every action is not a feature we bolt on for a compliance checkbox. It is the load-bearing element of what a Sovereign Intelligence Operating System is for: turning autonomous action into durable, verifiable evidence that belongs entirely to the customer and answers to mathematics rather than to us. FIPS 204 ML-DSA-65 is the choice that lets that evidence outlast the present moment, and the quantum era after it.

This capability is one of about 2,340 claims across 104 filed United Kingdom patent applications owned by Mickai LTD. We build for the regulated boundary the public cloud cannot cross on the customer's own terms, and the signature is where that promise is kept, one operation at a time. Micky Irons, founder and CEO of Mickai.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/ml-dsa-65-the-signature-under-every-action. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles
4 Jul 2026
Sovereign AI for Central Banks
A central bank cannot send its rate deliberations or supervisory secrets to anyone else's cloud. We built Mickai, a Sovereign Intelligence Operating System, so monetary and supervisory intelligence runs entirely offline on hardware the bank owns, with independence proven, secrecy architectural and every decision signed before it acts.
4 Jul 2026
Sovereign AI for Defence Primes
Defence primes hold the most sensitive programme data in the world, and the public cloud cannot cross the boundary that protects it. We built Mickai as a Sovereign Intelligence Operating System that runs on hardware the prime owns, air-gapped, where every action is cryptographically signed before it executes and every brain can be revoked in seconds.
4 Jul 2026
Sovereign AI for Maritime and Shipping
Fleets and ports need intelligence that keeps deciding when the satellite link dies and keeps an honest record no one can edit. Mickai runs on the operator's own hardware, at sea and on the quay, with zero data egress and a post-quantum signed ledger. Autonomy where the connection ends, governance that never does.
4 Jul 2026
Sovereign AI for Aerospace
Aerospace cannot ship export-controlled geometry to borrowed cloud infrastructure or hand engineers unexplained answers. We built Mickai, a Sovereign Intelligence Operating System, to run design and safety-case intelligence on hardware the customer owns, with zero data egress and cryptographic provenance signed onto every artifact before it exists.