The Quantum Threat Is Real
Quantum computers capable of breaking RSA-2048 and ECC (including Ed25519) are estimated to arrive between 2030 and 2035. That sounds distant, but the threat is present today. Harvest-now-decrypt-later attacks mean adversaries are already collecting encrypted data and signed credentials to decrypt once quantum computers are available. If your AI agent's credentials are signed with Ed25519 today and have a validity period extending beyond 2030, they're already at risk. NIST's post-quantum standardization is complete, and migration should begin now.
NIST's Post-Quantum Standards
NIST finalized three post-quantum cryptographic standards in 2024: ML-KEM (formerly CRYSTALS-Kyber) for key encapsulation, ML-DSA (formerly CRYSTALS-Dilithium) for digital signatures, and SLH-DSA (formerly SPHINCS+) for stateless hash-based signatures. For AI agent credentials, ML-DSA is the critical standard. ML-DSA-65 (security level 3) provides 128-bit post-quantum security with signature sizes of approximately 3.3KB — larger than Ed25519's 64 bytes, but still practical for credential-based systems. SLH-DSA offers an alternative with conservative security assumptions based solely on hash functions.
Hybrid Signatures: The Migration Path
DRD implements hybrid signatures that combine Ed25519 (classical) and ML-DSA-65 (post-quantum) in a single credential. Both signatures must verify for the credential to be valid. This approach provides backward compatibility (systems that only understand Ed25519 can still verify the classical signature), forward security (the ML-DSA signature protects against future quantum attacks), and defense in depth (even if one algorithm is broken, the other provides security). The hybrid approach follows NIST SP 800-227 guidance and is the recommended migration strategy for credentials with long validity periods.
Impact on Agent Credentials
DRD's W3C Verifiable Credentials for AI agents are designed to have long lifetimes — a Gold tier credential might be valid for a year, and the provenance chain it establishes should be verifiable for decades. Post-quantum signatures ensure these credentials remain trustworthy regardless of advances in quantum computing. The credential size increases from approximately 1KB (Ed25519 only) to approximately 5KB (hybrid), and verification time increases from 0.5ms to approximately 3ms. These are acceptable tradeoffs for credentials that need to remain secure for years.
Implementation Details
DRD uses liboqs (Open Quantum Safe) compiled to WebAssembly for browser and Node.js environments. Key generation produces both an Ed25519 keypair and an ML-DSA-65 keypair, linked by a common key identifier. Signing produces a composite signature containing both algorithms' outputs. Verification checks both signatures and returns a structured result indicating which algorithms verified successfully. The implementation passes all NIST Known Answer Tests (KATs) and is continuously tested against the NIST PQC reference implementations.
Migration Timeline and Recommendations
DRD recommends a phased migration: Phase 1 (now through Q2 2026) — enable hybrid signatures for all new credentials while maintaining Ed25519 verification for existing ones. Phase 2 (Q3-Q4 2026) — begin re-issuing existing credentials with hybrid signatures during regular renewal cycles. Phase 3 (2027) — deprecate Ed25519-only credentials and require hybrid signatures for all trust tiers. Organizations deploying AI agents should plan for increased credential sizes in their storage and bandwidth calculations, and update any signature verification code to handle composite signatures.
Ready to protect your digital rights?
Get started with DRD — governance, enforcement, and trust for AI agents and digital content.
Start Free