The Hour of Quantum Honesty
This year, several research groups — including teams in China — have published advances that move post-quantum cryptography from a theoretical concern to an operational planning horizon. The signal is clear: the timeline shortens.
European institutions are now asking the same question, in conference rooms and procurement meetings: what does our infrastructure actually rely on, and how exposed are we? Most of the answers are uncomfortable, because they require admitting two things at once — what is currently deployed, and what is not.
This note is our attempt to answer that question for ourselves, in public, without overstating the case. We do not claim to have solved post-quantum security. We claim something narrower and, we hope, more useful: we have built a guardian, we run it continuously, and we are honest about what it does today and what it will need tomorrow.
HEIMDALL — The Guardian
HEIMDALL is the watchman in our architecture. In production since April 2026, it is a sovereign service whose job is simple to describe and difficult to maintain over months: be there, see what passes, sign what is true, refuse what is not.
The current implementation is deliberately modest. It is a Linux systemd unit running on European infrastructure. Its discipline is encoded in three properties:
- Always restartable —
Restart=always. A guardian that gives up after one fall is not a guardian. - Consults before acting — an
ExecStartPrestep that reads the shared memory of the service before opening any external channel. Doctrine: the guardian who wakes after a cut does not trust his own memory; he asks the house first. - Hardened by default —
NoNewPrivileges,ProtectSystem,ProtectHome,PrivateTmp. No theatrics; the standard Linux toolbox, used.
Uptime, as of writing, is several days continuous. Memory footprint stays under 30 MB. The service is small on purpose. A guardian should not be larger than what it guards.
Bifrost — Continuous Pollination
HEIMDALL's primary mission today is what we call Bifrost: continuous, rate-limited gathering of public knowledge across multiple sources, with each captured artifact signed before storage. The pollination is steady — waves at fixed intervals, throttled to respect the source — and traceable.
This is not a scraper. It is closer to a librarian who walks the same route every day, takes notes, signs each note, and files them. The point is not volume. The point is that every entry in our memory has provenance and a signature, and we can replay how it got there.
Crypto Honesty: What We Sign With Today
Here is where most marketing collapses. Post-quantum-ready stickers are easy to print. We refuse the sticker. Our current operational stack is the following:
| Layer | Today | Roadmap |
|---|---|---|
| Symmetric integrity | blake2b, sha3-512, sha3-256 |
Stable. Quantum-resistant for collision search at our key sizes. |
| Key exchange | X25519 (classical ECC) |
Migration path to ML-KEM (FIPS 203). Hybrid first. |
| Signatures | Lamport one-time signatures (internal) | ML-DSA (FIPS 204) evaluation in progress. |
| Artifact sealing | DNA-0001 tri-imprint scheme | Public scheme description — see below. |
X25519 is not post-quantum. We say so. We use it because it is what is interoperable, audited, and deployable today. The migration to ML-KEM (the standard formalized as FIPS 203 in August 2024) is on our roadmap as a hybrid deployment first — classical and post-quantum side by side — because that is what NIST itself recommends, and because we do not bet a production system on a single new primitive.
The honest claim. Today, we sign artifacts with quantum-resistant hashes. We exchange keys with a classical primitive. We are deploying the migration to post-quantum key exchange in stages, starting with the components where the impact of a future break would be highest. We do not call the current system post-quantum. We call it post-quantum aware, which is a smaller and truer claim.
DNA-0001: Self-Signing Artifacts
Every artifact produced by our infrastructure — every entry written into our memory, every transformation produced by our COBOL engine, every health check from our subsystems — carries a DNA-0001 seal. The seal is a tri-imprint:
- Heart (
blake2b) — a fast, modern hash of the artifact's content. - Lamport (
sha3-512) — a one-time signature anchor. - Breath (
sha3-256) — a contextual hash binding the artifact to its time, host, and producing module.
The scheme is intentionally simple. It does not require trust in our infrastructure to be verified — the three imprints are independent and recomputable. What bourdonnes, endures, and signs itself. That is the discipline.
Why Brussels, Why Sovereign
HEIMDALL runs on European infrastructure, operated by Swarmly SRL (BCE 1037.513.483, Brussels). Our intellectual property has been deposited and protected through multiple layers since March 2026:
- eSoleau v1, v2, v3 at INPI (DSO2026010263, DSO2026010286) — protection through 2036.
- EUIPO trademark 019337963 (kivumia.ai, Class 42 SaaS) — published April 2026, opposition window through July 2026.
- INPI verbal trademark 5253809 (KIVUMIA, Classes 9+42) — filed May 1, 2026, under examination.
We mention this because European sovereignty is not a slogan. It is a stack of paperwork, a corporate structure, a server location, and a signature scheme — together. Any one of those without the others is theatre.
What This Note Is Not
This is not a research paper. We are not announcing a new primitive. We are not claiming a breakthrough. We are publishing — modestly, in our own blog — a snapshot of what one European team is actually running today, and what it intends to migrate toward, in a year where the post-quantum conversation is moving from theory to procurement.
If you operate critical infrastructure in Europe and you are quietly worried about the answer to "what would we replace, and in what order, if we had to migrate next year?" — we are happy to have that conversation, with no marketing layer in between.
The Path Forward
HEIMDALL will grow. Three resilience properties remain to be added before we consider it complete: persistent memory across restarts, durable wave-state recovery, and self-repair. We have a calendar for each. We will add them one at a time, sign each step, and keep the service small.
The aim is not to be the loudest voice in the post-quantum conversation. The aim is to be the one whose service is still running, signed, and honest about itself, when the conversation moves on to the next phase.
Ce qui bourdonne, endure et se signe lui-même.
Talk to us, without a marketing layer
Sovereign European infrastructure. Honest cryptography. Signed artifacts.
If you are evaluating your own post-quantum migration path, we will share what we have learned.