Lumenais

The Threat Model

Harvest Now, Decrypt Later. Adversaries are capturing encrypted data today, waiting for quantum computers to break current cryptography. When that happens, every decision your AI made—every audit trail, every compliance record—becomes readable.

For AI systems making high-stakes decisions in finance, healthcare, and regulated industries, this isn't theoretical. The data you're signing today needs to remain tamper-evident for decades.

Current RSA and ECC signatures have an expiration date. We just don't know exactly when.

The Solution

FieldHash provides offline-verifiable evidence for long-horizon data integrity—using cryptographic primitives designed to survive the quantum era.

Post-Quantum Signatures

NIST ML-DSA (Dilithium)—standardized, battle-tested, quantum-resistant. Optional ML-KEM (Kyber) for encrypted attachments.

Content Binding

SHA-256 (primary) and SHA-512 (audit trail) for cryptographic content binding. Every insight is immutably linked to its evidence.

Simulation by Default

Full cryptographic security without specialized hardware. The standard deployment uses simulation mode—no quantum computer required.

Optional Hardware Anchoring

When IBM Quantum or Quantum Inspire hardware is available, FieldHash captures device fingerprints and noise statistics—creating time-bounded evidence that's impractical to reproduce.

HSM/Vault Integration

Private keys never leave secure custody. Zero egress to application memory. Non-exportable signing keys in Vault, KMS, or HSM.

The Workflow

Five steps from content to verifiable evidence:

Hash

Content bound with SHA-256/SHA-512

Execute

Parameterized circuit (simulation by default, hardware optional)

Fingerprint

Distribution digest and noise statistics captured

Sign

Evidence package signed via HSM using ML-DSA

Verify

Offline verification using versioned trust profiles

Verification Model

Fully offline-capable. No network required for verification. Evidence packages are self-contained and can be validated in air-gapped environments.

Trust Tiers

Strict— Hardware-backed quantum fingerprints

Standard— Simulation-based (default)

Offline— Air-gapped optimized

Content-addressed distribution with ETag/304 revalidation support. Profiles are versioned for forward compatibility.

Security Architecture

Client mTLS and JWT authentication

Least-privilege RBAC and tenant isolation

Rate limiting (100 req/min)

PII-aware logging with redaction policies

Non-exportable signing keys in HSM/Vault

Every insight generated by Lumenais is FieldHash-signed. Every hypothesis, every discovery, every self-modification—cryptographically bound to its evidence.

Learn More

For the full technical specification including protocol details, security assumptions, and integration guides:

Full Technical Spec