Post-quantum cryptography is coming, and companies that host “contested” technology environments need to prepare.

Beneath this assertion lies a troubling assumption, that we can predict which environments will be “contested” and which will remain safe with existing security measures. The harsh reality emerging from state-sponsored attacks, supply chain compromises, and the looming quantum threat is simpler: in the near future, every environment will be contested. Every certificate exchange, every key distribution, every cryptographic handshake happens under potential observation by adversaries with patient strategies and quantum ambitions.

This shift from selective to universal “contest” fundamentally changes how we must think about security infrastructure. There are solutions being developed for post-quantum certificates, like Merkle Tree Certificates (MTC), which solve “natural tensions” of algorithmic integrity versus network performance. But they still operate within the traditional PKI assumption that the network itself, while untrusted for confidentiality, is at least available for communication. What happens when even this assumption breaks down?

The Quantum Clock and HNDL

The intelligence community doesn’t mince words about the current threat landscape. Adversaries aren’t waiting for quantum computers to become available; they’re harvesting encrypted data today, betting on their ability to decrypt it tomorrow. Every certificate exchange, every TLS handshake, every encrypted tunnel established today might as well be transmitted in cleartext to an adversary with sufficient patience, compute and storage capacity.

This “harvest now, decrypt later” strategy transforms the threat model in profound ways. Traditional PKI assumes that if we can establish a secure channel today, our communications are safe forever. But when adversaries can retroactively decrypt stored communications, every bit transmitted over networks becomes a future vulnerability. The question isn’t whether your environment is contested today; it’s whether it will matter when it becomes readable tomorrow.

Elegant Mathematics for an Inelegant World

Merkle Tree Certificates represent a brilliant mathematical solution to the post-quantum certificate problem. By batching certificates into Merkle trees and distributing signed tree heads (landmarks) out-of-band, MTC reduces the overhead of post-quantum signatures from tens of kilobytes to manageable exchanges. The math is elegant: one signature can validate thousands of certificates through cryptographic inclusion proofs.

But mathematics operates in an idealized space where communication channels exist and function reliably. The real world, especially contested environments, is messier:

• Network segmentation: Air-gapped networks can’t fetch landmarks from the internet
• Adversarial disruption: DNS poisoning, BGP hijacking, and other attacks can prevent landmark distribution
• Temporal attacks: Adversaries can delay or replay old landmarks to enable man-in-the-middle attacks
• Supply chain compromise: How do you bootstrap trust when the very systems distributing landmarks might be compromised?

The engineers at Cloudflare working on this aren’t naive to these challenges. The protocol includes provisions for immediate issuance certificates that don’t require landmarks, but these lose the efficiency benefits that make MTC attractive. The question becomes: how do we preserve MTC’s mathematical elegance while addressing the physical realities of contested environments?

The Social Model of Trust

Before we had networks, before we had computers, humans established trust through physical presence and social ceremonies. Military organizations have key management ceremonies. Financial institutions have dual control procedures. These aren’t just bureaucratic overhead; they’re physical manifestations of trust establishment that no amount of network compromise can subvert.

What if we could modernize these trust ceremonies for the digital age? Not abandon them for the sake of convenience, but enhance them with cryptographic rigor while preserving their physical security properties?

This is where hardware security modules (HSMs) designed for contested environments become critical. They don’t replace network-based PKI; they complement it with a physical layer of trust establishment that operates through channels adversaries cannot intercept: direct human interaction, physical proximity, and air-gapped communication.

The KeyStation Model

Traditional air-gapped security create friction by design, but they ignore a critical component. People are social; security procedures that ignore this reality get bypassed. The KeyStation HSM design embraces this reality by making secure key distribution feel like a natural social interaction.

Consider how MTC landmarks need to reach clients. The traditional approach would be to download them over the network and hope the connection isn’t compromised. But what if landmark distribution was managed by an out-of-band trust ceremony?

The Morning Briefing Model: Every morning, security officers gather for their briefing. As part of this existing routine, the KeyStation HSM displays a QR code containing the day’s MTC landmarks, signed with keys derived from quantum entropy. Officers scan this code with their QuantumCredential devices, which then propagate the landmarks to their local networks through infrared broadcast, never touching the contested network.

The Visitor Badge Model: When contractors or partners need network access, they already go through physical security. While receiving their badge, their device also receives MTC landmarks and connection keys through a QR code or infrared transfer from the security desk’s KeyStation. The physical security checkpoint becomes a cryptographic security checkpoint.

The Team Sync Model: Development teams already have daily standups and weekly meetings. A KeyStation in the team room can distribute updated landmarks and rotate keys during these gatherings. Team members simply hold their devices near the station while discussing their work. Security becomes ambient, not intrusive.

These aren’t hypothetical scenarios; they’re implementations of a fundamental principle: security procedures that align with human behavior get followed, while those that fight it get bypassed.

Proving Implementation Matches the Math

MTC’s security proofs are elegant and well-founded, but they make a critical assumption: the implementation correctly follows the specification. In contested environments, this assumption is dangerous. A single buffer overflow, an incorrect bounds check, or a subtle timing attack could compromise the entire system.

This is where the Fidelity Framework’s approach to formal verification becomes crucial. By compiling MTC protocol handlers through a proof-aware compilation pipeline, we can mathematically prove that the implementation matches the specification:

// Formally verified MTC landmark validation
module MTCLandmark

// The type system proves this function correctly validates landmarks
val validateLandmark: 
    landmark: Landmark -> 
    signature: Signature -> 
    publicKey: PublicKey{isAuthorized publicKey} ->
    Tot (result:ValidationResult{
        match result with
        | Valid -> genuinelyIssued landmark signature publicKey
        | Invalid -> not (genuinelyIssued landmark signature publicKey)
    })

// Proof obligation: Side-channel resistant implementation
val constantTimeVerification:
    landmark: Landmark ->
    signature: Signature ->
    ST bool
      (requires (fun h -> timingIndependent h))
      (ensures (fun h0 r h1 -> 
        executionTime h0 h1 == fixedTime /\
        r = isValid landmark signature))

This isn’t just about correctness; it’s about proving properties that matter in contested environments:

• Timing independence: The verification takes constant time regardless of input, preventing timing attacks
• Memory safety: No buffer overflows or use-after-free vulnerabilities
• State isolation: Different certificate validations cannot interfere with each other
• Cryptographic correctness: The implementation actually performs the cryptographic operations specified

The Fidelity Framework’s hypergraph representation makes these proofs compositional. Each security property becomes a hyperedge that must be preserved through compilation. The result is machine code that is both highly optimized and formally verified, with mathematical proof that the implementation won’t become the weak link in your security chain.

Three Layers of Post-Quantum Defense

In contested environments, defense in depth isn’t just good practice; it’s the only viable strategy. MTC, HSMs, and formal verification aren’t competing solutions but complementary layers:

Layer 1 (Algorithmic): MTC and post-quantum algorithms provide mathematical resistance to quantum attacks. Even with infinite computational power bounded by quantum mechanics, these algorithms remain secure.

Layer 2 (Physical): HSMs with out-of-band distribution ensure that even if the principal network is completely compromised, critical keys and landmarks can still be distributed by other channels. The physical layer provides a trust anchor.

Layer 3 (Implementation): Formal verification ensures that the implementation actually provides the security properties that the algorithms promise. No buffer overflows, no timing attacks, no unnecessary memory copies that can provide opportunities for compromise, no subtle implementation bugs that adversaries could exploit.

Each layer protects against different threats:

• Algorithmic security protects against cipher attacks
• Physical security protects against network compromise
• Implementation security protects against software vulnerabilities

Together, they create a defense that remains robust even when every environment is contested.

The Reality of Contested Environments

Let’s be concrete about what “contested environment” means in practice. It’s not just military networks under active cyber warfare. It’s:

• Corporate networks where nation-state actors have established persistent presence
• Critical infrastructure where adversaries have planted logic bombs waiting for activation
• Academic networks where intellectual property is constantly exfiltrated
• Healthcare systems where ransomware operators have proven they can strike at will
• Financial networks where milliseconds of advance knowledge can mean millions in profit

In each of these environments, we must assume:

1. Adversaries are already present in the network
2. They’re capturing and storing all encrypted traffic
3. They have or will have quantum computing capabilities
4. They can disrupt network communications at critical moments
5. They may have compromised parts of the supply chain

This isn’t paranoia; it’s the operational reality acknowledged by every serious security assessment of the past decade. The question isn’t whether your environment is contested, but how to operate securely despite the gravity of that reality.

A Practical Path Forward

The beauty of combining MTC with HSM-based distribution is that deployment can be incremental. Organizations don’t need to rebuild their entire infrastructure overnight:

Phase 1: Landmark Caching: Deploy KeyStation HSMs to cache and distribute MTC landmarks within high-security zones. Even if the external network is compromised, internal systems can validate certificates using locally-stored landmarks.

Phase 2: Key Ceremonies: Integrate QuantumCredential devices into existing security procedures. When employees receive their badges, when contractors are onboarded, when systems are commissioned, they also receive cryptographic material through physical proximity.

Phase 3: Verified Implementation: Replace critical MTC protocol handlers with formally verified implementations from the Fidelity Framework. Start with the most sensitive systems and expand outward.

Phase 4: Full Integration: Achieve complete coverage where every certificate validation, every key exchange, and every cryptographic operation benefits from all three defensive layers.

Social Engineering Reversal

Traditional security fails because it treats humans as the weak link. But in contested environments, humans become the strong link, the one element adversaries cannot compromise remotely. The KeyStation/QuantumCredential model reverses social engineering:

Instead of tricking humans into compromising security, the system leverages human presence to establish security. Physical proximity, visual verification, and social protocols and key security ceremonies become strengths, not weaknesses. The security officer who checks badges, the team lead who runs morning briefings, the IT administrator who provisions systems, they all become active participants in maintaining cryptographic security, not potential victims of social engineering.

This is security that works with human nature, not against it. It’s the difference between a system people bypass and one they embrace.

Pay Now or Pay Forever

The investment in HSM infrastructure and formal verification might seem daunting, but consider the alternative. In a world where every environment is contested and quantum computers can retroactively decrypt historical data, the cost of compromise isn’t just immediate damage; it’s decades of secrets exposed.

A single KeyStation device that prevents one major breach pays for itself thousands of times over. A formally verified implementation that prevents one critical vulnerability justifies the entire development effort. This isn’t speculative; it’s the cold economic reality of modern cybersecurity where the average data breach costs millions and nation-state attacks can affect much more than that.

Every day without proper protection is another day of data harvested for future exploitation. The economic question isn’t whether you can afford to implement these protections; it’s whether you can afford not to.

Engineering Sympathies

The engineers designing MTC understand the mathematical beauty of Merkle trees and the elegance of batched certificate validation. The teams building HSMs appreciate the security of air-gapped systems and the reliability of hardware-based key generation. The developers working on formal verification value the certainty of mathematical proofs both for security and efficiency.

These aren’t competing philosophies but complementary approaches born from the same engineering sympathy: the desire to build systems that actually work in the real world, not just in academic papers or vendor demonstrations.

When these approaches combine, something powerful will emerge:

• MTC’s efficiency makes post-quantum certificates practical
• HSM’s physical security makes key distribution trustworthy
• Formal verification makes implementation reliable

Together, they create infrastructure that can withstand not just today’s contested environments but tomorrow’s quantum-enabled adversaries.

The Complete Story

Merkle Tree Certificates brings an important, viable story to post-quantum PKI, but it doesn’t complete it. The complete story requires acknowledging that every environment will be contested, that network distribution alone isn’t sufficient, and that implementation correctness is as important as algorithmic security.

Hardware security modules that make out-of-band distribution feel like natural social interaction, combined with formally verified implementations that prove correctness properties, completes the narrative that MTC has elevated. This approach has the potential to transform post-quantum PKI from a theoretical possibility to an operational reality.

The future isn’t about choosing between mathematical elegance and practical security. It’s about recognizing that in contested environments, which is to say all environments, we need both. We need the algorithmic sophistication of MTC, the physical security of HSMs, and the implementation guarantees of formal verification as a starting position.

As we race toward the quantum deadline, as the harvest of encrypted data continues, as contested environments become the universal norm, we can’t afford to implement partial solutions.

The complete post-quantum PKI story isn’t just about new algorithms or clever mathematics. It’s about building systems that remain secure when every assumption about the network is violated, when every communication channel is monitored, and when quantum computers can retroactively decrypt decades of stored data. That story requires all three chapters: algorithmic security, physical security, and implementation security.

Only when we tell the complete story can we build infrastructure that survives not just today’s contested environments, but tomorrow’s post-quantum reality.