Evidence Introduction

The Verifiability Challenge

As quantum computing moves from research to production, organizations need cryptographic proof that computations were executed correctly. Traditional logging is insufficient for compliance, audit, and legal requirements.

Why Evidence Matters

Compliance Requirements

Regulations like SOX, GDPR, and industry-specific standards require auditable records of computational processes.

Legal Discovery

In litigation, you may need to prove exactly what was computed, when, and with what inputs.

Scientific Reproducibility

Research results need verifiable provenance to support peer review and publication.

Business Trust

Customers and partners need assurance that services performed as claimed.

The Quantum Cryptography Advantage

Traditional digital signatures will be vulnerable to quantum computers. Evidence bundles use post-quantum cryptography (PQC) to ensure proofs remain valid even in a post-quantum world:

Algorithm	Type	Status	Quantum-Safe
RSA	Classical	Vulnerable	❌
ECDSA	Classical	Vulnerable	❌
ML-DSA-65	Lattice	NIST Standard	✅

Evidence Bundle Architecture

An Evidence Bundle is a self-contained, cryptographically signed package:

┌────────────────────────────────────────────────────────┐
│                    Evidence Bundle                      │
├────────────────────────────────────────────────────────┤
│  ┌──────────────────────────────────────────────────┐  │
│  │                   Execution Data                  │  │
│  │  • Circuit hash                                   │  │
│  │  • Backend ID                                     │  │
│  │  • Parameters (shots, options)                    │  │
│  │  • Results hash                                   │  │
│  │  • Timestamps                                     │  │
│  └──────────────────────────────────────────────────┘  │
│                                                        │
│  ┌──────────────────────────────────────────────────┐  │
│  │                   Chain Proof                     │  │
│  │  • Previous bundle ID                             │  │
│  │  • Sequence number                                │  │
│  │  • Merkle root                                    │  │
│  └──────────────────────────────────────────────────┘  │
│                                                        │
│  ┌──────────────────────────────────────────────────┐  │
│  │                  PQC Signature                    │  │
│  │  • Algorithm: ML-DSA-65                           │  │
│  │  • Public key ID                                  │  │
│  │  • Signature value                                │  │
│  └──────────────────────────────────────────────────┘  │
│                                                        │
│  ┌──────────────────────────────────────────────────┐  │
│  │                 Timestamp Proof                   │  │
│  │  • TSA authority                                  │  │
│  │  • RFC 3161 token                                 │  │
│  └──────────────────────────────────────────────────┘  │
└────────────────────────────────────────────────────────┘

Core Components

1. Execution Data

Complete record of the quantum execution:

Circuit Hash: SHA3-256 of the input circuit
Backend: Which quantum backend was used
Parameters: Shots, optimization level, options
Results Hash: SHA3-256 of the output results
Timestamps: Start, end, queue times

2. Chain Proof

Links this bundle to the chain for ordering and integrity:

Previous Bundle: Reference to predecessor
Sequence Number: Global ordering
Merkle Root: Aggregated hash of chain state

3. PQC Signature

Quantum-resistant digital signature:

Algorithm: ML-DSA-65 (FIPS 204)
Security: 128-bit post-quantum security
Key Management: Automatic rotation

4. Timestamp Proof

Trusted timestamp proving when execution occurred:

Authority: SoftQuantus TSA or external
Format: RFC 3161 compatible
Precision: Microsecond resolution

Verification Process

Verification checks all components:

verification = evidence.verify(bundle)

# Results
{
    "valid": true,
    "checks": {
        "signature": "valid",      # PQC signature verified
        "circuit_hash": "valid",   # Input matches hash
        "results_hash": "valid",   # Output matches hash
        "timestamp": "valid",      # TSA token valid
        "chain": "valid"           # Chain links verified
    },
    "verification_time_ms": 8
}

Bundle Types

Type	Contents	Use Case
`optimization`	Circuit optimization proof	QCOS Core jobs
`position`	Location evidence	NavCore PNT
`timing`	Timing proof	NavCore timing
`network`	Distributed execution proof	Network jobs
`aggregate`	Multi-bundle summary	Batch verification

Export Formats

JSON

Machine-readable, complete data:

evidence.export("bundle.json", format="json")

PDF

Human-readable audit document:

evidence.export("audit.pdf", format="pdf")

CBOR

Compact binary for constrained environments:

evidence.export("bundle.cbor", format="cbor")

Retention & Storage

Plan	Retention	Storage
Pro	1 year	Cloud
Enterprise	7 years	Cloud + customer

Enterprise customers can:

Download bundles to own storage
Mirror to compliance systems
Integrate with SIEM/GRC tools

Compliance Support

Standard	Evidence Support
SOX	Full audit trail
GDPR	Data processing proof
ISO 27001	Security controls
SOC 2	Processing integrity
HIPAA	PHI processing proof

Getting Started

Ready to add cryptographic proof to your quantum workloads?

Quick Start Guide - Generate your first evidence bundle
API Reference - Explore the Evidence API
Verification Guide - How to verify bundles
Compliance Guide - Regulatory requirements

The Verifiability Challenge​

Why Evidence Matters​

Compliance Requirements​

Legal Discovery​

Scientific Reproducibility​

Business Trust​

The Quantum Cryptography Advantage​

Evidence Bundle Architecture​

Core Components​

1. Execution Data​

2. Chain Proof​

3. PQC Signature​

4. Timestamp Proof​

Verification Process​

Bundle Types​

Export Formats​

JSON​

PDF​

CBOR​

Retention & Storage​

Compliance Support​

Getting Started​