ML-DSA signatures for quantum execution provenance
NIST published FIPS 204 (ML-DSA) in August 2024. For NSS programs, CNSA 2.0 specifies ML-DSA-87 as the default signature algorithm. Nuqasm uses ML-DSA to bind submitter identity to workload and execution records.
Parameter selection
ML-DSA-87: CNSA 2.0 default for NSS — use for defense, intelligence, and classified-adjacent programs.
ML-DSA-65: Available for non-NSS deployments where lower signature size matters and NSS parameters are not required.
What gets signed
Seal and attestation records bind submitter identity, workload policy, execution environment, and results. Field-level definitions are in the open schema — signatures are offline-verifiable without access to Nuqasm infrastructure.
Key exchange for cloud routing
ML-KEM-1024 (FIPS 203) for enterprise cloud routing paths. No classical-only TLS as the sole protection for workload payloads.
Open schema: audit-record-schema.json