Skip to main content

Why Post-Quantum?

Quantum computers threaten current cryptographic algorithms. A sufficiently powerful quantum computer could break ECDSA signatures, potentially allowing attackers to forge historical attestations. SESHAT implements ANSSI-compliant hybrid signatures combining classical and post-quantum algorithms.

ANSSI Requirements

The French National Cybersecurity Agency (ANSSI) recommends:
  • Hybrid approach: Classical + PQC combined
  • Timeline: 2027 no PQC = no qualification, 2030 mandatory
  • Algorithms: ML-KEM-1024 / ML-DSA-87 (NIST Level 5)

Implementation

SESHAT uses hybrid ECDSA + ML-DSA: 
Signature = ECDSA(data) || ML-DSA(data)
Both signatures must verify for the attestation to be valid.

Security Levels

LevelAlgorithmNIST LevelSecurityUse Case
44ML-DSA-442128-bitFast, standard security
65ML-DSA-653192-bitBalanced
87ML-DSA-875256-bitMaximum security (default)
Configure via environment: 
ENABLE_PQC=true
PQC_LEVEL=87

Signature File

When ENABLE_PQC=true, bundle_release generates SIGNATURE.pqc.json: 
{
  "version": "1.0.0",
  "timestamp": "2026-01-16T12:00:00Z",
  "data_hash": "sha512:abc123...",
  "signatures": {
    "ecdsa": {
      "algorithm": "secp256k1",
      "signature": "0x...",
      "public_key": "0x..."
    },
    "ml_dsa": {
      "algorithm": "ML-DSA-87",
      "nist_level": 5,
      "signature": "base64...",
      "public_key": "base64..."
    }
  },
  "compliance": {
    "standard": "ANSSI-hybrid-PQC",
    "classical_algorithm": "ECDSA-secp256k1",
    "pqc_algorithm": "ML-DSA-87",
    "nist_security_level": 5,
    "security_bits": "256-bit"
  }
}

Key Derivation

ML-DSA keys are deterministically derived from your ETH private key using HKDF: 
HKDF(ETH_PRIVATE_KEY, salt="seshat-mldsa87-v1", info="ml-dsa-87-keypair")
  → ML-DSA seed
  → ML-DSA keypair
This means:
  • No separate key management
  • Keys can be regenerated from ETH key
  • Consistent across reinstalls
Protect your ETH private key. It derives both ECDSA and ML-DSA keys.

Verification

To verify a hybrid signature:
  1. Extract both signatures from SIGNATURE.pqc.json
  2. Verify ECDSA with standard tools (ethers.js, etc.)
  3. Verify ML-DSA with @noble/post-quantum
  4. Both must pass for valid attestation
Future SESHAT versions will include a verification tool for easy signature checking.