FIPS 204 ML-DSA-87
Platform PQC Public Key
Anyone can use this key to independently verify every PQC signature in the QuantaMrkt registry. This is our ML-DSA-87 (Dilithium5) signing key, compliant with FIPS 204.
ML-DSA-87 Public Key
FIPS 204 / Dilithium5
Key not yet configured
The platform signing key will be published after the first GitHub Actions signing run.
Algorithm Details
| Algorithm | ML-DSA-87 |
| NIST Standard | FIPS 204 |
| Implementation | Dilithium5 (liboqs) |
| Security Level | NIST Level 5 (256-bit quantum) |
| Signer DID | did:web:quantamrkt.com:chain:authority |
| Usage | Platform model signing and chain block signatures |
How Verification Works
- 1 The signing service computes a SHA3-256 hash of the canonical model manifest (slug + file hashes + version).
- 2 The hash is signed with ML-DSA-87 using the platform's private key (stored as a GitHub secret).
- 3 The signature and message hash are pushed to the QuantaMrkt API and recorded in the transparency log.
- 4 Anyone can fetch this public key and the signature, recompute the manifest hash, and verify the ML-DSA-87 signature independently.
Verify with the CLI
Verify a model's PQC signature
quantumshield verify --pqc <model_slug> Verify with an explicit public key
quantumshield verify --key <public_key_hex> <model_slug>
View JSON endpoint: /.well-known/pqc-public-key
Machine-readable public key for automated verification pipelines