Trump Order Accelerates Federal Post-Quantum Crypto Migration by 2030
The clock is ticking: by December 31, 2030, federal agencies must upgrade their cryptography to protect high-value assets from the looming threat of quantum computers, with digital signatures following suit by December 31, 2031. This executive order accelerates the migration to post-quantum…
#PostquantumCryptography #QuantumComputing #FederalAgencies #CryptographyMigration #ExecutiveOrder
US Accelerates Post-Quantum Cryptography Migration with 2030 Deadline
The White House is taking a major step to protect America's sensitive data and digital economy by mandating a rapid migration to quantum-safe encryption, with a deadline of 2030 for key establishment and 2031 for digital signatures. This move aims to safeguard critical infrastructure, jobs,…
#PostquantumCryptography #QuantumsafeEncryption #ExecutiveOrder #UsFederalAgencies #CriticalInfrastructure
Last week, we hosted the FORTRESS consortium at our HQ. Two days of solid work on quantum-safe secure boot for critical infrastructure across Europe. 🛡️ Subscribe to the project newsletter: http://bit.ly/4fVDA0y
The transition to Post-Quantum Cryptography in the #Tor network’s #TLS layer is making progress! 😎 We are now at 44.57% of relays supporting the X25519MLKEM768 hybrid handshake. This number is up from 34.65% in March.
I’ve uploaded a list of relays and their scan results from yesterday on https://ahf.me/tor-tls-pqc/2026-06-18/ and wrote an email to the tor-relays@ mailing-list summarising the results in https://lists.torproject.org/mailman3/hyperkitty/list/[email protected]/message/IY7FJU5XDSZ2O4SKUTN5VJFRLBRHYZ6W/
The Breach That Changes the Model
We have spent a decade learning to defend the inputs to artificial intelligence and almost no time defending the model itself. Weight tampering is the breach you will not detect, because the system keeps answering and the answers look fine. The only durable defence is a record of what the model was and what it did, signed before it acts and…
https://mickai.co.uk/articles/the-breach-that-changes-the-model
#modelintegrity #AIsecurity #weighttampering #postquantumcryptography #sovereignAI
We have spent a decade learning to defend the inputs to artificial intelligence and almost no time defending the model itself. Weight tampering is the breach you will not detect, because the system keeps answering and the answers look fine. The only durable defence is a record of what the model was and what it did, signed before it acts and verifiable without trusting the vendor.
You Cannot Prove a Negative Without a Record
When an artificial intelligence system is accused of misuse, the only defence is a tamper-evident account of what it actually did. Ordinary logs fail at exactly that moment because the operator who keeps them can change them. This essay argues that provable innocence is an account, not a state, and that the record has to be signed…
https://mickai.co.uk/articles/prove-a-negative-without-a-record
#AIaccountability #auditrecord #tamperevidence #AIgovernance #postquantumcryptography
When an artificial intelligence system is accused of misuse, the only defence is a tamper-evident account of what it actually did. Ordinary logs fail at exactly that moment because the operator who keeps them can change them. This essay argues that provable innocence is an account, not a state, and that the record has to be signed before the action and verifiable by someone who does not trust you.
The clause most AI logging will fail
The EU AI Act's high-risk record-keeping obligations contain a quiet requirement most logging stacks will fail: not whether you logged, but whether you can prove the record was never altered, without asking anyone to trust you. Tamper-evident, post-quantum, independently verifiable logs are the missing piece, and the clause will bite in the…
https://mickai.co.uk/articles/the-clause-most-ai-logging-will-fail
#EUAIAct #AIcompliance #auditlogging #tamperevidentrecords #postquantumcryptography
The EU AI Act's high-risk record-keeping obligations contain a quiet requirement most logging stacks will fail: not whether you logged, but whether you can prove the record was never altered, without asking anyone to trust you. Tamper-evident, post-quantum, independently verifiable logs are the missing piece, and the clause will bite in the dispute, not the audit.
The Training Data Is a Liability You Cannot See
Most artificial intelligence systems carry a hidden liability: nobody can prove what data trained them. I argue that data provenance and poisoning are the real exposure, that you cannot defend outputs you cannot trace to inputs, and that the only honest answer is a signed, hash-chained record you can verify offline…
https://mickai.co.uk/articles/training-data-is-a-liability-you-cannot-see
#dataprovenance #datapoisoning #artificialintelligencesecurity #modelauditing #postquantumcryptography
Most artificial intelligence systems carry a hidden liability: nobody can prove what data trained them. I argue that data provenance and poisoning are the real exposure, that you cannot defend outputs you cannot trace to inputs, and that the only honest answer is a signed, hash-chained record you can verify offline without trusting the vendor.
The Signature Has To Outlive the Signer
Most artificial intelligence systems are designed to be trusted in the present tense. But a model can run for decades, and the record of its actions has to be verifiable long after the keys, the company, and the author are gone. This is an argument for signing today for a verifier who has not been born yet.
https://mickai.co.uk/articles/the-signature-has-to-outlive-the-signer
#keycustody #postquantumcryptography #AIgovernance #sovereignty #auditability
Most artificial intelligence systems are designed to be trusted in the present tense. But a model can run for decades, and the record of its actions has to be verifiable long after the keys, the company, and the author are gone. This is an argument for signing today for a verifier who has not been born yet.
When the log is the product, not the exhaust
Most systems treat logging as exhaust, smoke routed away from the real work. I argue the opposite: in artificial intelligence systems, the trustworthy record of what happened is the actual product. Audit-first design builds that record first, signed before the act, sealed into a chain, and verifiable offline by anyone who trusts no one.
https://mickai.co.uk/articles/log-is-the-product-not-the-exhaust
#auditfirstdesign #AIgovernance #tamperevidentlogging #postquantumcryptography #EUAIAct
Most systems treat logging as exhaust, smoke routed away from the real work. I argue the opposite: in artificial intelligence systems, the trustworthy record of what happened is the actual product. Audit-first design builds that record first, signed before the act, sealed into a chain, and verifiable offline by anyone who trusts no one.
Analyst207
eShard
Alexander Hansen Færøy
Mickai