PQC Tools & Infrastructure

ML-DSA authenticated transport layer for Model Context Protocol (MCP) servers. Quantum-resistant agent-to-tool connections with per-call signing and session-level mutual authentication. Open source, 29 tests passing.

Sign and verify RAG document chunks with ML-DSA at ingestion and retrieval time. Prevents vector database poisoning attacks on enterprise RAG pipelines. Open source, 43 tests passing.

GitHub Action + CLI that scans code for classical cryptography (RSA, ECDSA, ECDH, DH, Ed25519, MD5, SHA-1) and suggests PQC replacements. Supports Python, JavaScript, Go, Rust, Java, C/C++. SARIF output for GitHub code scanning. Open source, 43 tests passing.

PQC-native C2PA-compatible content provenance for AI outputs. Sign every LLM/image/audio output with ML-DSA so its origin and chain-of-custody remain verifiable after quantum computers exist. Includes pluggable assertions (AI-generated, training data, usage licensing). 34 tests passing.

Quantum-resistant credential vault for AI agents. ML-KEM-768 key encapsulation, AES-256-GCM at rest, PBKDF2-SHA256 KDF, ML-DSA-signed audit log. Drop-in integrations for LangChain, AutoGen, CrewAI via secret provider and os.getenv shim. 40 tests passing.

PQC-signed AI Model Bill of Materials. Cryptographically enumerate every model component (weights, training data, fine-tuning, RLHF, quantization, evals) with quantum-safe ML-DSA signatures. SPDX-2.3 export/import. Diff utility for model version audits. 28 tests passing.

Merkle-tree commitments for AI training datasets using SHA3-256 + ML-DSA. Prove what a model was trained on without revealing the data. Inclusion proofs are O(log n) and publicly verifiable. Survives the quantum transition for the 15-20 year shelf life of training data. 29 tests passing.

PQC-signed hypervisor memory attestation framework for AI workloads. ML-DSA signed claims about memory region state, drift detection, pluggable backends for AMD SEV-SNP and Intel TDX. Protects model weights and activations on shared cloud infrastructure. 26 tests passing.

PQC-signed load gate for eBPF programs on AI inference servers. ML-DSA signatures over bytecode, pluggable LoadPolicy with allow-listed signers and size caps, append-only audit log. CLI (pqc-bpf sign/verify/info) for DevOps integration. 31 tests passing.

PQC-hardened framework for encrypted CPU-GPU tensor transfers and driver attestation. ML-KEM-768 channel keys, AES-256-GCM per-transfer encryption with AAD binding, ML-DSA signed driver attestations. Pluggable CUDA/ROCm backends. 24 tests passing.

PQC-native signed-boot framework for AI appliances. ML-DSA-65 firmware signatures, TPM-style measured-boot PCR chain, update-chain with rollback protection, manufacturer key-ring with revocation. Fork U-Boot/GRUB/coreboot to integrate. 31 tests passing.

PQC-native per-tenant KV cache encryption for multi-tenant LLM inference. ML-KEM-768 derived session keys, AES-256-GCM per-entry encryption, strict tenant isolation enforcement, automatic key rotation by entry count or time. Protects against cross-tenant side-channel reads. 34 tests passing.

Immutable filesystem-level audit log for AI inference events. SHA3-256 Merkle segments with ML-DSA-65 signed headers, cross-segment hash chain, O(log n) inclusion proofs, filesystem immutability guards. EU AI Act Article 12 compliance ready. 37 tests passing.

PQC-secured federated learning aggregation. ML-DSA signed gradient updates from clients, verifiable aggregation proofs from server. Pluggable aggregators: FedAvg, FedSum, FedMedian (robust), FedTrimmedMean. Byzantine-resilient. 31 tests passing.

PQC-signed neurosymbolic reasoning ledger. Chain-of-thought steps hash-chained in real time during AI inference, Merkle-rooted, ML-DSA-65 signed. Produces legally defensible reasoning trails that survive quantum transition. 11 StepKinds (thought, observation, hypothesis, deduction, retrieval, tool-call, tool-result, self-critique, refinement, decision, meta). 36 tests passing.

PQC Secure Enclave SDK for on-device AI. ML-KEM-768 key encapsulation + AES-256-GCM encrypted model weights, credentials, adapters, biometric templates. Pluggable backends for Apple Secure Enclave, Android StrongBox, Qualcomm QSEE. ML-DSA device attestation for proof of enclave storage. Protects 5+ year HNDL exposure of on-device weights. 32 tests passing.

PQC Byzantine fault-tolerant consensus for federated AI governance. ML-DSA-65 signed proposals and votes, weighted quorum policy (PBFT 2/3+2/3 default), Byzantine double-vote detection, AuthorizationChain with AUTHORIZE/REVOKE semantics. 9 proposal kinds for enterprise AI oversight. Quantum-resistant DAO for distributed AI trust. 38 tests passing.