CAP-01
World-First Capability

Quantum Mission Lineage

Post-Quantum KSL Fingerprint Chain

As quantum computing advances, ECDSA-signed mission logs become retroactively forgeable. The Quantum Mission Lineage engine (KCML, M217) replaces classical signatures with NIST FIPS 204 ML-DSA (Dilithium) across the entire KSL command chain — mission authorisations, audit records, and ASR evidence — so that every lineage record is quantum-safe at rest and in transit.

CAP-LIST

Capability specification

HOW-IT-WORKS

How it works

01

Key Registration

Operator registers a device-bound ML-DSA key pair via the KSL endpoint. The public key is stored; the private key never leaves the originating device.

02

Command Signing

Every mission command is signed with the ML-DSA private key before submission. The platform verifies the signature against the registered public key and rejects any request that fails verification.

03

Chain Anchoring

Each accepted command is written to the audit ledger with a SHA-256 chain hash linking it to the prior record. The chain is forwarded to the ASR evidence layer for autonomous defence correlation.

STANDARDS

Standards we follow

AREA-SERVED

Areas served

This capability is deployed across 14 operational regions. Regulatory alignment details vary by jurisdiction — consult engineering for jurisdiction-specific deployment guidance.

TürkiyeEuropean UnionUnited StatesUnited KingdomCanadaAustraliaJapanSouth KoreaSingaporeUnited Arab EmiratesSaudi ArabiaBrazilIndiaEgypt
FAQ

Frequently asked questions

Why does post-quantum signing matter for drone operations today?

Harvest-now-decrypt-later attacks allow an adversary to record signed mission logs today and forge or repudiate them once a sufficiently capable quantum computer exists. ML-DSA signatures are secure against such attacks because they rely on module lattice hardness rather than integer factorisation or discrete logarithm problems that quantum algorithms can efficiently solve.

Does switching to ML-DSA require replacing existing hardware?

No. The KCML engine runs in software on the existing platform. Key pairs are generated and stored on the operator device; the platform stores only public keys. The private key never enters the server, consistent with the KSL device-sovereignty model across all other engines.

ENGAGEMENT

Talk to engineering

For capability evaluation, integration guidance, and deployment scoping, submit a brief to the engineering team.

Submit engineering brief