Abstract
Classical cryptographic standards underpinning today's digital signature infrastructure — RSA-2048, ECDSA, and Diffie-Hellman key exchange — are mathematically vulnerable to sufficiently powerful quantum computers running Shor's algorithm. While large-scale cryptographically relevant quantum computers (CRQCs) are not yet commercially available, adversaries are actively executing a "Harvest Now, Decrypt Later" (HNDL) strategy: intercepting and archiving encrypted legal, financial, and healthcare documents today with the intent to decrypt them once quantum hardware matures.
For documents with 10–50 year legal consequence — wills, trust instruments, board resolutions, FDA trial records, M&A closing packages — the risk horizon of HNDL is already inside the document's operative lifespan. Executive Digital Notary (EDN) was engineered to close this gap. This whitepaper describes the threat model, the technical architecture of EDN's post-quantum trust layer, and the operational controls that govern its deployment across regulated enterprise environments.
1. The Threat Model: Harvest Now, Decrypt Later
HNDL is not a theoretical risk. Nation-state intelligence agencies and sophisticated threat actors have strong economic incentives to archive encrypted communications at scale. Storage costs continue to decline; quantum compute timelines continue to compress. The U.S. National Security Agency (NSA) issued CNSA 2.0 in 2022 mandating migration to post-quantum algorithms across national security systems. NIST finalized its first post-quantum cryptography standards in August 2024 (FIPS 203, 204, 205).
A will executed and notarized today using RSA-2048 or ECDSA may be cryptographically unverifiable before the estate it governs is fully settled. EDN eliminates this failure mode before it occurs.
The specific document categories most exposed to HNDL include:
- Wills, revocable and irrevocable trusts, powers of attorney (30–60 year operative life)
- FDA 21 CFR Part 11 clinical trial records and drug master files (20+ year retention)
- Corporate board resolutions and IP assignments (perpetual legal effect)
- Patient consent records and regulated health records (10+ year retention)
- Real estate deeds and title instruments (perpetual chain of title)
2. EDN's Cryptographic Architecture
2.1 Post-Quantum Digital Signatures: SPHINCS+ (SLH-DSA)
All document signatures in the EDN platform use SPHINCS+, standardized by NIST as SLH-DSA in FIPS 205 (August 2024). SPHINCS+ is a stateless hash-based signature scheme. Its security rests entirely on the collision resistance of the underlying hash function (SHA-256 or SHAKE-256) — a property that is not threatened by Shor's algorithm. Grover's algorithm offers only a quadratic speedup against hash functions, which is addressed by parameter selection at the 128-bit post-quantum security level.
Unlike lattice-based schemes (ML-KEM, ML-DSA), SPHINCS+ carries no algebraic structural assumptions. Its security proof is conservative and well-understood, making it the lowest-risk choice for long-lived document integrity where a single cryptographic failure could have multi-decade legal consequences.
2.2 Hardware-Backed Key Custody: FIPS 140-2 HSM
All signing keys in the EDN platform are generated inside and never leave a FIPS 140-2 validated Hardware Security Module (HSM). Private key material is:
- Non-exportable by design — the HSM firmware prevents any mechanism from reading raw key bytes
- Bound to a specific HSM partition with role-based access controls requiring quorum approval for key operations
- Backed by tamper-evident audit logs written to an append-only store outside the HSM's control domain
This eliminates the most common signing key compromise vector: exfiltration of software-based private keys from memory, disk, or backup systems.
2.3 Blockchain Anchoring: Ethereum Immutability Layer
Every notarized document's SPHINCS+ signature hash is anchored to the Ethereum blockchain via a smart contract write. This produces an immutable, publicly verifiable timestamp and fingerprint that cannot be altered by EDN, the notary, or any third party — including state actors. The on-chain record serves as a mathematically independent corroboration of the notarial act that survives even the compromise or discontinuation of EDN's own infrastructure.
The anchoring operation writes only the document hash — never document content or personally identifiable information. The original document is never transmitted to or stored on the blockchain.
2.4 Zero-Trust Session Architecture
EDN's session model enforces zero-trust principles across every interaction:
- No implicit trust: every API call is independently authenticated and authorized against the least-privilege principal
- Short-lived credentials: session tokens expire on a 24-hour maximum lifecycle with no silent renewal
- Stateless 24-Hour Purge: all biometric data (facial comparison frames, KBA inputs) and personally identifiable information collected during a session are cryptographically purged within 24 hours of session close, leaving only the notarial seal and blockchain anchor
- Mutual TLS: all service-to-service communication is encrypted and mutually authenticated at the transport layer
3. Regulatory Alignment
NIST FIPS 205
SLH-DSA (SPHINCS+) is the standardized post-quantum signature scheme used for all EDN document signatures.
FDA 21 CFR Part 11
EDN's audit trail, tamper-evidence controls, and identity verification meet the electronic records and signature requirements for regulated clinical environments.
Washington MHMDA
The Stateless 24-Hour Purge Policy ensures health data and biometric data are not retained beyond the session, supporting data minimization obligations under MHMDA.
NSA CNSA 2.0
EDN's post-quantum algorithm selection is aligned with the NSA's Commercial National Security Algorithm Suite 2.0 migration guidance.
Washington RCW 42.45
All notarial acts are performed under Washington State's Remote Online Notarization statute, producing court-admissible, tamper-evident records.
SOC 2 Type II Alignment
EDN's access controls, audit logging, and incident response framework are designed to meet SOC 2 Trust Services Criteria for Security, Availability, and Confidentiality.
4. Deployment Model: Horizontal Infrastructure, Not a Competing Platform
EDN is not a Remote Online Notarization (RON) platform. It is a cryptographic trust layer that wraps and extends existing RON, IPEN, and document management systems. Title companies, estate attorneys, FinTech lenders, and healthcare networks can deploy EDN alongside their existing PROOF/Notarize.com, DocuSign, or proprietary workflows without replacing or disrupting them.
The EDN integration surface is intentionally narrow: a signing API, a verification API, and a webhook for blockchain anchor confirmation. There is no vendor lock-in at the document layer — the post-quantum signature and blockchain anchor are portable artifacts that remain valid independent of EDN's continued operation.
If EDN ceased to exist tomorrow, every document signed through the platform would remain cryptographically verifiable — the SPHINCS+ signature is self-contained and the Ethereum anchor is permanent.
5. Conclusion
The migration from classical to post-quantum cryptographic infrastructure is not optional for organizations managing long-lived regulated records — it is a matter of when, not if. The organizations that act before CRQCs become commercially available will preserve the legal integrity of their document archives. Those that wait will face a retroactive cryptographic crisis with no remediation path.
EDN provides the earliest available commercial implementation of NIST-standardized post-quantum signatures in a notarization and document trust context. The platform is production-ready, regulatory-aligned, and designed for integration with the enterprise infrastructure already in place.
Speak With Our Architecture Team
Schedule a technical consultation to evaluate EDN's integration path for your organization.