Security Model

Cryptographic Foundations

Signing: ML-DSA (FIPS 204) — lattice-based, quantum-resistant
Key Exchange: ML-KEM (FIPS 203) — lattice-based encapsulation
Symmetric: AES-256-GCM — authenticated encryption
KDF: HKDF-SHA256 — key derivation from shared secrets
Hash: SHA3-256 — hash chains and Merkle trees

Tamper Evidence

Both the audit log and trust ledger use SHA3-256 hash chains. Each entry includes the hash of the previous entry. Breaking the chain requires recomputing all subsequent hashes.

Key Storage

Private keys are encrypted at rest using AES-256-GCM with a key derived from the system keyring or a passphrase via HKDF.