REGULATORY · For Atkins, Peirce, and the SEC Crypto Task Force

A clearing agency without a tamper-evident receipt is just a counterparty.

Onchain markets inherit four legacy roles — broker, dealer, exchange, clearing agency — and one missing primitive. Counterparties signed with ECDSA can settle a trade, but they cannot, after the fact, prove to a regulator, an auditor, or a court that the settlement record they hold has not been altered and was produced under a key the issuer controlled. The missing primitive is a dual-signed, post-quantum-ready receipt. Ed25519 today, ML-DSA-65 (NIST FIPS 204) after Q-day. Identifier resolved by did:hive. Settled in USDC on Base 8453.

Reach Steve A2A context
The thesis in one paragraph

Section 17A of the Exchange Act asked clearing agencies to be the trusted intermediary that records, confirms, and clears every trade. Onchain venues have moved settlement onto public chains but have not moved the receipt forward in cryptographic terms. ECDSA secp256k1 signatures secure the chain’s consensus; they are not a tamper-evident, regulator-grade receipt of who promised what to whom and when. Hive issues that receipt as a separate, neutral primitive that any venue, broker, or trust bank can adopt.

The four roles, mapped onchain

The U.S. securities-market role definitions still bind. Onchain venues do not escape them — they take them on. The grid below restates each legacy role, names the onchain delta, and identifies what Hive provides for that role.

15 U.S.C. § 78c(a)(4)

Broker

LegacyAny person engaged in the business of effecting transactions in securities for the account of others.
Onchain deltaA wallet that routes a customer’s order through a venue is, functionally, a broker. The audit gap is no signed record of what the customer instructed versus what the wallet executed.
Hive providesA dual-signed instruction receipt at order intake, bound to a customer DID, that the broker can produce on demand. Independent of the wallet provider.
15 U.S.C. § 78c(a)(5)

Dealer

LegacyAny person engaged in the business of buying and selling securities for such person’s own account.
Onchain deltaA market maker quoting on an automated venue is a dealer. The audit gap is no signed quote-and-fill record tied to a controller identity rather than a rotating address.
Hive providesA dual-signed quote and fill attestation, with a stable controller DID. The address may rotate; the controller binding does not.
15 U.S.C. § 78c(a)(1)

Exchange

LegacyAn organization, association, or group that constitutes, maintains, or provides a market place for bringing together purchasers and sellers of securities.
Onchain deltaAn order book, AMM, or RFQ venue that matches buyers and sellers is the exchange. The audit gap is no neutral, third-party-verifiable record of the match itself.
Hive providesA dual-signed match receipt attesting the participants, the price, the time, and the policy under which the match cleared — verifiable offline against the venue’s published keys.
15 U.S.C. § 78c(a)(23)

Clearing agency

LegacyAny person who acts as an intermediary in making payments or deliveries, or who provides facilities for the comparison of data respecting the terms of settlement of securities transactions.
Onchain deltaThe chain provides settlement finality but not comparison-of-data. Two counterparties may both believe a trade settled and disagree on its terms a year later.
Hive providesThe tamper-evident receipt — the comparison primitive — bound to both parties’ controller DIDs and dual-signed. The clearing-agency function reduced to a single verifiable artifact.

None of the four roles is replaced. Each is made cleanly auditable by the addition of a neutral receipt primitive that sits underneath whichever venue, wallet, or trust bank operates the role.

The Q-day gap

Today’s settlement records lean almost entirely on classical signatures — ECDSA secp256k1 on chain, RSA and ECDSA in the supporting infrastructure. Every one of those signatures has the same long-term property: a sufficiently capable quantum computer recovers the private key from the public key, and a once-valid signature becomes forgeable retroactively. NIST’s public timeline calls for federal deprecation of classical asymmetric cryptography by 2030 and disallowance by 2035 (NIST IR 8547). Conservative cryptographically relevant quantum computer (CRQC) roadmaps land inside that window. A receipt that can only be verified with ECDSA in 2031 is no receipt at all.

THE BREAK
An attacker with a CRQC, given any party’s on-chain public key, recovers the private key offline. Every ECDSA signature ever produced under that key — including settlement attestations sealed years earlier — becomes indistinguishable from a forged one.
THE BREAK
RSA-2048 and ECDSA P-256 are the supporting cast across CA chains, TLS, and HSM-anchored receipt logs. Shor’s algorithm dissolves them on the same day. Every receipt whose chain of trust touches one of these is retroactively unverifiable.
THE FIX
Sign every receipt twice. Ed25519 (RFC 8032) provides classical assurance today. ML-DSA-65 (NIST FIPS 204) is module-lattice-based and remains valid after Q-day. Both must verify.
THE FIX
Wrap key-encapsulation in ML-KEM (NIST FIPS 203) where session keys back the receipt log. The dual envelope means a 2031 audit of a 2025 trade still verifies cleanly.

The dual-signature design is not a hedge. It is the only construction that survives a future CRQC and a present-day classical attack on a poorly-implemented post-quantum library.

The receipt envelope

The shape below is a real Hive settlement receipt as a verifier renders it. The CBOR-canonical bytes are what travel between systems; the JSON view is for the human auditor. The signatures bind every field above them.

hive_receipt_verify · event = trade_settled VERIFIED 
// CBOR-canonical envelope, JSON-rendered for review
{
  "event":           "trade_settled",
  "replay_id":       "01J9C7H-TRADE-3F1A8E",
  "venue_did":       "did:hive:venue:0x4b21…9d77",
  "buyer_did":       "did:hive:org:0x71ab…d309",
  "seller_did":      "did:hive:org:0xc0a4…112e",
  "instrument":      "USDC/USD",
  "qty":             250000,
  "price":           "1.00003",
  "settle_chain":    "base:8453",
  "settle_currency": "USDC",
  "settle_tx":       "0x9c1e…a4f2",
  "policy_hash":     "sha256:7a1f9c…e3b2",
  "prior_attestation_id": "01J9C7H-MATCH-2D9B14",
  "timestamp":       "2026-09-14T17:42:08Z",
  "sig_ed25519":     "6f9b…c104",    // RFC 8032
  "sig_ml_dsa_65":   "a3d2…81fe"     // NIST FIPS 204
}
[ok] Ed25519 signature valid · venue key fingerprint k1:8c2a…
[ok] ML-DSA-65 signature valid · venue key fingerprint kq:b71d…
[ok] did:hive:venue:… resolves · key history covers timestamp
[ok] Settlement tx confirmed on Base 8453 · replay_id matches

Five fields carry the regulatory weight: replay_id is the unique identifier that prevents double-counting; venue_did, buyer_did, and seller_did bind the parties through did:hive; sig_ed25519 and sig_ml_dsa_65 are the dual signatures; timestamp is the canonical clock reference; settle_chain and settle_tx tie the receipt to the on-chain settlement of record.

Why did:hive

An identifier that resolves only inside one venue’s database is a counterparty identifier, not a market identifier. did:hive is a registered method under the W3C DID specification (DID 1.1), which means three things in practice.

For a regulator, this is the property that matters: the identifier on a receipt produced in 2026 still resolves correctly in 2031, even after every operational detail beneath it has changed.

Who this is for

This is a receipt primitive, infrastructure-neutral. It is offered to the regulators, auditors, and supervisory bodies whose mandates already require tamper-evident records of securities settlement, and to the operators those bodies supervise.

SEC Crypto Task Force
A standards-grade primitive that resolves the “what is a clearing agency for onchain markets” question without prejudging which venue or trust bank operates the role.
FINRA
CAT-grade attestation chain for member firms that touch onchain venues, with the same signing discipline used for equities and options.
NSCC / DTCC
A receipt envelope that fits inside existing comparison and settlement messaging without requiring a new central database to verify.
Registered ATS operators
A neutral, dual-signed match-and-settle record that satisfies Reg ATS Form ATS-N record-keeping in onchain venues.
OCC trust banks
A custodial attestation primitive aligned with Interpretive Letter 1170 and 1174 expectations on cryptographic asset custody.
SEC examiners
An offline-verifiable audit artifact for examination programs reviewing crypto-asset broker-dealers, ATSs, and registered clearing agencies.
State securities regulators
A consistent, vendor-neutral evidence format under NASAA frameworks; receipts verify on a laptop without internet access.
Onchain venues
A way to operate at clearing-agency-grade evidentiary standard without becoming a single point of failure for the chain itself.

The receipt primitive is not the clearing agency. It is the artifact a clearing agency — whoever the SEC ultimately registers in that role for onchain markets — would issue at every state transition. The choice of operator is policy. The shape of the receipt is engineering.

A real conversation, not a demo black hole

If the receipt-primitive framing fits the way the Crypto Task Force, FINRA, or DTCC working groups are thinking about onchain market structure, the fastest path is a direct note. No qualification gate, no SDR. Steve reads them.

Reach Steve A2A context
Dual-signed (Ed25519 + ML-DSA-65) · NIST FIPS 204 / FIPS 203 aligned · W3C DID 1.1 method did:hive · Settles USDC on Base 8453 · Treasury 0x15184Bf50B3d3F52b60434f8942b7D52F2eB436E