Post-Quantum Cryptography
Trust Hub is built on NIST-standardized post-quantum algorithms that are resistant to attacks from both classical and quantum computers.
Signing: ML-DSA (Dilithium)
All identity and credential signatures use ML-DSA (FIPS 204), the NIST-standardized lattice-based digital signature scheme.
| Parameter Set | NIST Level | Signature Size | Public Key Size |
|---|---|---|---|
| ML-DSA-44 | 2 | 2,420 bytes | 1,312 bytes |
| ML-DSA-65 | 3 | 3,309 bytes | 1,952 bytes |
| ML-DSA-87 | 5 | 4,627 bytes | 2,592 bytes |
Key Exchange: ML-KEM (Kyber)
Secure agent-to-agent communication uses ML-KEM (FIPS 203) for key encapsulation, establishing shared secrets for AES-256-GCM encrypted channels.
Hybrid Mode
Trust Hub supports hybrid cryptography combining ECC (P-256/P-384) with PQC for transition-period security. Both signatures must verify for the message to be considered authentic.
agent = TrustAgent.create(
org="acme",
entity_type="agent",
hybrid_mode=True # ECC + PQC combined
)