The inference log you sign today is the only one that still verifies in 2035.
smshPQ signs every model call so it holds up against quantum computers, not just today's attackers. Every call gets an ML-DSA-65 signed receipt. That's the algorithm behind FIPS 204 and the one the NSA lists under CNSA 2.0. Signing takes under a millisecond and costs $0.00018 per receipt. Built for OpenAI, Anthropic, Google, Kimi, Manus, vLLM, SGLang, and any team running its own open-weight models.
One receipt for every call, signed the same way every time.
Every inference call routed through Hive comes back with a structured receipt. It's signed with ML-DSA-65 before the response ever leaves the inference boundary. The signature covers the model, the prompt hash, the response hash, the route it took, the cache state, and the policy that applied. The receipt is small, it checks out in under a second, and it uses the only NIST signature standard the NSA has cleared for national security work through 2035.
Ed25519 and ECDSA won't survive what's coming. An attacker can capture an inference log signed with either one today, then forge it later once a quantum computer strong enough to break it exists. An audit log signed in 2026 with ML-DSA-65 is the only one that still checks out in 2035.
The deadline to switch algorithms is already written down.
FIPS 204 finalized
NIST published the Module-Lattice Digital Signature Standard. ML-DSA-65 is the named successor for general-purpose signatures. Every government cryptographic procurement is now obligated to plan migration.
csrc.nist.gov/pubs/fips/204/finalNSA CNSA 2.0 listed
The Commercial National Security Algorithm Suite 2.0 names ML-DSA as the digital signature standard for National Security Systems. Software signing is required starting in 2025, with full sector compliance due by 2030 to 2033.
media.defense.gov · CNSA 2.0EU AI Act · Article 12 logging
High-risk AI systems must keep automatically-generated logs sufficient to trace operation across the lifecycle. Article 12 specifies "logs", but Articles 13 and 50 demand integrity, transparency, and machine-verifiability. A signed receipt is the simplest way to satisfy all three.
artificialintelligenceact.eu · Article 12Three deadlines, three jurisdictions, one answer that satisfies all of them. Any other signature scheme on any other AI audit log shipping in 2026 misses at least one of these three deadlines.
Ed25519 / ECDSA versus ML-DSA-65, on what matters for an audit log.
| Dimension | Ed25519 / ECDSA | ML-DSA-65 (smshPQ) |
|---|---|---|
| Signature scheme family | Elliptic-curve, pre-quantum | Module-lattice, post-quantum |
| NIST FIPS status | FIPS 186 (legacy) | FIPS 204 · Finalized Aug 2024 |
| NSA CNSA 2.0 | Excluded | Listed · Required for NSS |
| Quantum-forgeable | Yes · by Shor's algorithm | No · lattice-hard |
| Harvest-now-decrypt-later exposure | Full · adversary stores today, forges later | Zero |
| Sign latency | ~0.05 ms | ~0.6 ms · sub-millisecond |
| Receipt size | 64 B | ~3.3 KB |
| Audit-log lifetime against Q-Day | Bounded · expires before the model retires | Unbounded |
The 64-byte signature looks lighter on the wire, but it stops being any good once a quantum computer strong enough to break it shows up. The 3.3 KB receipt is the one your CISO can still defend to an auditor in 2032.
Attackers are already storing today's data to break open later.
The logs are being captured now.
State-level attackers are storing signed traffic today, betting that a quantum computer strong enough to break it will exist before your audit log retention window closes. AI inference logs name the model, the prompt, and the output, which makes them one of the highest-value targets for this kind of after-the-fact forgery.
The migration takes years.
NIST's own guidance assumes a multi-year switch. Google's published timeline targets 2029 for full migration. Software signing requirements under CNSA 2.0 start in 2025. The inference layer is still the one place routinely signing with Ed25519, which means it's still generating fresh data that can be captured and broken later.
blog.google · PQC migration timelineThe numbers hold up even at scale. This isn't a free add-on.
Take a default scenario for an Anthropic-scale buyer: 300M calls a month at 1,200 tokens per call, $3.50 per million tokens. Current spend runs $1.26M a month. Route that through smshPQ, with cache-proof and verified-routing savings, and it drops to $772K a month. That's $5.85M in net annual savings, a 9× ROI, and a three-day payback. One click in the calculator reruns the numbers at OpenAI scale or hyperscale.
Scope a pilot.
One scoping call is all it takes. We bring the receipts. You bring your call volume, your model mix, and whatever audit worry has been sitting in the back of your mind since the EU AI Act passed.
[email protected]