Post-Quantum Security
Classical + post-quantum. Side by side.
AgentHALO's PQ hardening protects all agent-controlled cryptographic surfaces. No CRITICAL or MEDIUM quantum vulnerabilities remain in AgentHALO-controlled code. Three upstream dependencies remain quantum-vulnerable — we disclose them honestly.
Complete Cryptographic Stack
| Surface | Classical | Post-Quantum | Combined |
|---|---|---|---|
| DIDComm authcrypt/anoncrypt | X25519 ECDH | ML-KEM-768 (FIPS 203) | Hybrid KEM |
| DIDComm mesh transport | X25519 ECDH | ML-KEM-768 (FIPS 203) | Hybrid KEM |
| Identity signatures | Ed25519 | ML-DSA-65 (FIPS 204) | Dual-signed |
| KEM key derivation | — | HKDF-SHA-512 | 256-bit PQ security |
| Identity ledger hash chain | — | SHA-512 | 256-bit PQ collision |
| Attestation Merkle tree | — | SHA-512 | 256-bit PQ collision |
| EVM transaction signing | secp256k1 ECDSA | PQ-gated (Ed25519 + ML-DSA-65) | Two-cryptosystem barrier |
| Gossipsub discovery | Ed25519 + ML-DSA-65 | Addresses stripped (DHT-only) | Metadata minimized |
Hybrid Encryption Flow
Upstream Quantum Vulnerabilities
We don't claim perfection. We claim transparency. These cannot be fixed unilaterally.
| Dependency | Vulnerability | Impact | Mitigation |
|---|---|---|---|
| libp2p Noise XX (X25519) | Transport decryption | Metadata only (no DIDComm content) | Awaiting PQ Noise variants |
| Nym Sphinx (X25519) | Traffic deanonymization | Communication patterns (not content) | DIDComm hybrid KEM protects payload |
| Ethereum ECDSA (secp256k1) | Key recovery | Ecosystem-wide | PQ-gated signing reduces unilateral risk |
All three vulnerabilities affect transport and metadata layers only. DIDComm message content is always protected by the hybrid KEM (X25519 + ML-KEM-768), which is quantum-resistant regardless of transport security.
Operational Security
Zero Telemetry
Nothing leaves your machine. No analytics, no tracking, no phone-home. All data stored locally.
Encrypted Storage
Genesis material, vault secrets, and provider keys encrypted with AES-256-GCM. Argon2-based password-derived master keys.
File Permissions
Credentials stored with owner-only permissions (0600). No world-readable secrets.
Signal Forwarding
SIGINT/SIGTERM forwarded to child processes for clean shutdown. No orphaned agent processes.
Witness Signatures
Commits carry Ed25519 + ML-DSA-65 witness signatures. Tamper-evident commitment chain.
Certificate Transparency
RFC 6962-style transparency roots for commit history. Append-only seal chaining via monotone seals.
Advanced Security Features
Privacy-Preserving Attestation
RISC Zero guest programs for verifiable computation. Agents prove identity properties, capability levels, or trust tiers without revealing underlying DID data.
Cache Eviction Policy
Chebyshev-polynomial-based cache eviction for memory management. Optimal eviction scheduling minimizes re-computation while respecting memory bounds.
Topological Signatures
H0 persistence (Rips complex) analysis on trace structures. Topological signatures fingerprint agent behavior patterns for anomaly detection and attestation.
Network Isolation Defense
Monitors P2P mesh topology for eclipse attacks. Alerts when an agent's peer set narrows below safety thresholds, indicating potential network view manipulation.
ERC-8004 Capabilities
On-chain capability beacons with task-scoped specifications. Cryptographic verification of agent capabilities before tool access is granted.
Programmable Access Control
Policy circuits define complex access rules as composable boolean gates. The policy registry manages versioned rule sets across the agent fleet.
Secure Agent Communication
Agents exchange DIDComm v2 encrypted messages using hybrid KEM. Two transport options:
P2P Discovery
Noise XX handshake + Gossipsub + Kademlia DHT. Agents discover each other via gossip protocol with privacy-preserving address stripping.
Network Anonymity
Sphinx packet format for network-layer anonymity. SOCKS5 proxy or native Sphinx integration. Communication patterns hidden from observers.
Quantum-Resistant Today, Not Someday
Every cryptographic surface under AgentHALO's control is post-quantum hardened.