Signing Today for a Verifier in 2035

The threat stopped being hypothetical

For years, the quantum threat to cryptography was discussed in the conditional tense, a problem for a future that kept receding. That tense has changed. In May 2026 The Quantum Insider set out the case (https://thequantuminsider.com/2026/05/01/harvest-now-decrypt-later-why-should-you-care/) for treating harvest-now-decrypt-later as a present-day operational assumption rather than a forecast, citing official warnings from the NSA, CISA, and NIST that the practice is "already happening." The mechanics are unglamorous and cheap. An adversary intercepts encrypted data now, stores it indefinitely because storage costs almost nothing, and waits for a quantum computer capable of running Shor's algorithm to make the stored material readable. The piece notes that recent research compressed the resources estimated to break RSA-2048 from around twenty million qubits to fewer than one million, and it lands on a sentence that ought to reorganise how anyone thinks about long-lived data: "If your data needs to remain confidential past 2035, it is already at risk."

National authorities are pricing this in. The NCSC's post-quantum cryptography migration timelines (https://www.ncsc.gov.uk/guidance/pqc-migration-timelines) set a phased path: discovery and assessment by 2028, highest-priority migration activities by 2031, and complete migration across all systems, services, and products by 2035. The NCSC is blunt about the inevitability: "Migration will happen, globally. It will not be possible to avoid PQC migration." Post-quantum cryptography has also moved onto the international agenda, with the G7's cyber workstream taking up PQC migration as a coordination priority. The deadlines are not aspirations. They are the dates by which the institutions that set security policy expect the work to be done.

Most of the conversation is about the wrong half

Almost all of the harvest-now-decrypt-later discussion concerns confidentiality, and rightly so. The fear is that today's secrets, diplomatic cables, health records, financial histories, become tomorrow's plaintext. That is a real and urgent problem, and the remedy is to encrypt long-lived data under post-quantum algorithms now.

But there is a second half of the cryptographic world that the confidentiality framing tends to skip, and for an audit substrate it is the half that matters most. Alongside encryption, which keeps data secret, sits the digital signature, which proves a record is authentic and unaltered. Signatures rest on the same classical mathematics that quantum computers threaten. A signature produced today under RSA or elliptic-curve cryptography is a signature a sufficiently capable quantum adversary can forge tomorrow.

For an audit record, that is a more insidious failure than disclosure. The entire value of an audit record is that it can be trusted years later. A regulator, a coroner, a court, or an auditor opens a record from the past and relies on its signature to confirm that this is what the system did, unchanged since the moment it did it. If the signature scheme is broken by the time the record is examined, the record's integrity collapses retroactively. The danger is not only that an old secret is exposed. It is that an old proof becomes forgeable, and a record that can be forged proves nothing. An audit trail meant to be verifiable in 2035 must be signed under cryptography that is still standing in 2035.

The verifier is in the future

This is the asymmetry an audit substrate has to design around, and it is unusual. With confidentiality, the clock runs against the defender: every day the data sits encrypted is a day closer to the adversary's quantum machine. With audit integrity, the obligation is fixed at the moment of signing and called in much later. You do not get to re-sign a record from the past once the adversary arrives. The signature has to outlast the threat from the day it is written.

That reframes the migration deadlines. The NCSC's 2031 and 2035 dates describe when systems must have migrated. But an audit record signed under classical cryptography in 2026 and intended to be relied upon in 2035 is exposed for the entire intervening period, regardless of when the surrounding infrastructure migrates. The verifier who matters is the one in the future, examining a record that cannot be re-signed. The only way to serve that verifier is to have signed correctly now, under an algorithm chosen to survive the gap.

What signing under ML-DSA-65 today buys

Mickai is the British Sovereign Intelligence Operating System, and this is the problem its audit layer was built for. Every action the system takes is signed at the moment of commit under FIPS 204 ML-DSA-65, the NIST-standardised, lattice-based post-quantum digital signature algorithm, with the key held in operator-controlled silicon. The signed actions are written into the Open Audit Record, a hash-linked chain designed to be verified offline by anyone the operator chooses to show it to, using only a public key.

The consequence is specific. Records Mickai signs today are signed under a scheme selected to remain unforgeable after Q-Day. The verifier in 2035, or 2040, opens a record from 2026 and can still establish that it is authentic and unaltered, because the signature was never resting on the classical mathematics a quantum computer breaks. This is not migration in the NCSC's sense of moving an existing estate from old algorithms to new ones, a multi-year programme the guidance rightly says will span leadership cycles. It is starting on the far side of that migration for the one artefact whose integrity has to reach furthest into the future. The audit record does not need to be migrated later, because it was never signed under the vulnerable scheme in the first place.

Restraint, and the precise claim

It is worth being exact about what this does and does not address. ML-DSA-65 signing protects the integrity and authenticity of the audit record. It is the signature half of the post-quantum problem, not the confidentiality half, and it does not on its own discharge an organisation's broader PQC migration obligations, which span key exchange, data at rest, data in transit, and a long inventory of systems the NCSC timeline is concerned with. Mickai's claim is narrow and, because it is narrow, defensible: the records of what the system did are signed today under cryptography built to outlast the quantum threat, so their evidential value does not expire when the adversary's machine arrives.

The deadlines tell organisations to be ready by 2031 and 2035. For an audit record, readiness has a sharper meaning than for most assets, because the record cannot be re-signed once the moment of signing has passed. The honest response to harvest-now-decrypt-later, for the part of the problem that concerns proof rather than secrecy, is to sign correctly from the start. Mickai signs the Open Audit Record under ML-DSA-65 today, for a verifier who will open it long after Q-Day, and ahead of the deadlines the rest of the estate is still working towards. That is what signing today for a verifier in 2035 means.

Sources and references

• The Quantum Insider, "Harvest Now, Decrypt Later: Why Should You Care?," 1 May 2026, https://thequantuminsider.com/2026/05/01/harvest-now-decrypt-later-why-should-you-care/
• NCSC, "Post-quantum cryptography: migration timelines," https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
• G7 cyber workstream, post-quantum cryptography migration as a coordination priority, January 2026.
• FIPS 204 (ML-DSA), NIST post-quantum digital signature standard.
• Mickai Open Audit Record and operator-held post-quantum signing, mickai.co.uk/patents