Knogin
[Developers]

Security: Post-Quantum Cryptography

"Harvest now, decrypt later" is not a theoretical threat. Intelligence agencies and well-resourced adversaries are already collecting encrypted traffic today, betting on the arrival of cryptographically relevant quantum

Back to All Modules
Category: ManagementLast Updated: Mar 25, 2026
managementreal-timecomplianceblockchain

Overview#

"Harvest now, decrypt later" is not a theoretical threat. Intelligence agencies and well-resourced adversaries are already collecting encrypted traffic today, betting on the arrival of cryptographically relevant quantum computers within the next decade. For defence organisations, law enforcement agencies, and critical infrastructure operators, records that must remain confidential for ten or twenty years face a real risk if they are protected only by RSA or elliptic curve cryptography.

Argus Post-Quantum Cryptography addresses this by applying quantum-resistant algorithm primitives to the platform's encryption, signing, and key-establishment workflows. The capability covers long-lived evidence records, inter-organisational data exchange, and the establishment of persistent real-time sessions, not just static exports. Organisations that need a credible cryptographic posture for high-assurance deployments can apply these controls selectively or uniformly across their operational environment.

Key Features#

  • Quantum-Resistant Algorithm Suite: Apply modern quantum-resistant cryptographic primitives to encryption, signing, and key-establishment workflows. Supported algorithms follow the NIST PQC standardisation process, including ML-DSA (CRYSTALS-Dilithium) for signing and ML-KEM (CRYSTALS-Kyber) for key encapsulation.
  • Long-Lived Integrity Protection: Protect evidence, orders, audit artefacts, and high-value records that must remain trustworthy for years against future cryptanalytic capability.
  • Secure Exchange Workflows: Support partner and inter-organisational data sharing with stronger cryptographic assurance, including signing STIX bundles before diode transfer.
  • Protected Session Establishment: Use quantum-resistant key encapsulation mechanisms to harden the establishment of long-lived secure sessions.
  • Real-Time Transport Hardening: Extend stronger cryptographic posture to persistent real-time channels such as operations WebSocket connections, rather than limiting protection to static exports.
  • Clearance and Governance Controls: Apply administrative and access controls to cryptographic material and related operational use, aligned with the platform's secrecy-level model.
  • Operational Auditability: Preserve the evidence needed to show when quantum-resistant controls were used and how they were applied, for compliance and trust assurance purposes.

Use Cases#

  • Long-Term Evidence Integrity: Protect digital evidence and formal records that must remain verifiable for extended retention periods against future decryption capability.
  • Secure Partner Exchange: Share sensitive operational data across organisational boundaries with stronger future-facing cryptographic assurance, particularly for cross-domain Eurydice diode transfers.
  • Protected Real-Time Operations: Harden persistent communication channels used during live missions, incidents, or command operations where session interception is a concern.
  • High-Assurance Deployments: Support environments where cryptographic posture is part of the broader trust model for the deployment, such as national-level command infrastructure or critical national infrastructure protection.

Integration#

  • Secure messaging, sharing, and evidence workflows
  • Operations WebSocket and real-time session services
  • Identity, secrets, and audit-management systems
  • Export, signing, and cross-organisation exchange controls
  • Eurydice cross-domain diode transfers (bundle signing before transmission)

Open Standards#

  • NIST FIPS 203 (ML-KEM / CRYSTALS-Kyber): The primary key encapsulation mechanism used for quantum-resistant session key establishment, implemented via the Open Quantum Safe liboqs provider with ML-KEM-768 (Kyber-768) as the default algorithm.
  • NIST FIPS 204 (ML-DSA / CRYSTALS-Dilithium): The lattice-based digital signature standard applied to evidence records, audit artefacts, and notarised alerts, with ML-DSA-65 (Dilithium-3) used as the default signing algorithm.
  • NIST FIPS 205 (SLH-DSA / SPHINCS+): The stateless hash-based signature scheme supported as an alternative algorithm option within the key generation and signing workflows.
  • ETSI GS QKD 014: Referenced as a design basis for the hybrid key exchange scheme used in quantum-secured tactical network sessions, supporting interoperability with quantum key distribution infrastructure.
  • OASIS STIX 2.1: PQC signing is applied to STIX threat-intelligence bundles before cross-domain Eurydice diode transfer, providing quantum-resistant integrity assurance for inter-organisational data exchange.

Last Reviewed: 2026-03-25 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.