Evidence Portability
Federal-grade evidence that survives software change, cloud migration, and post-quantum cryptography transitions.
Federal systems have evidence retention requirements measured in decades. Cloud providers change. Software stacks change. Cryptographic primitives change. Evidence that is bound to today's signing keys, today's database schema, or today's cloud vendor does not survive the retention window. H33 produces evidence designed to survive all three: cryptographically portable, schema-versioned, post-quantum signed.
The federal retention problem
Federal evidence retention is governed by statute, regulation, and agency policy. Retention windows of seven, ten, twenty-five, and fifty years are common. Some classified evidence is retained indefinitely. Across those windows, the technology stack that produced the evidence will change repeatedly — cloud providers replaced, software vendors acquired or sunset, database schemas evolved, logging frameworks rewritten, cryptographic primitives deprecated or broken, storage formats obsoleted. If evidence depends on any of these moving parts, it loses verifiability when the part changes.
How H33 evidence is portable
Five architectural decisions combine to produce portability across retention windows. Canonical JSON — the evidence artifact is a self-contained canonical JSON document. As long as JSON is readable, the artifact's structure is interpretable. Three-family post-quantum signatures — ML-DSA-65, FALCON-512, and SLH-DSA-128f. Three independent algorithm families with three independent mathematical foundations. Schema versioning — every artifact declares its schema version. Verifier behavior for older schemas is frozen in the open-source verifier. Sidecar inclusion — evidence rows are bundled with the artifact. No external lookup is required. Optional chain anchoring — the artifact's 32-byte commitment can be anchored to a public blockchain for time binding.
Cryptographic primitive transitions
The federal post-quantum cryptography transition is underway. NIST has finalized the first round of post-quantum signature algorithms: ML-DSA (FIPS 204), SLH-DSA (FIPS 205), and FALCON is anticipated in FIPS 206. NSA's CNSA 2.0 mandates these algorithms for National Security Systems by 2030–2033. Federal evidence signed today with RSA-2048 or ECDSA-P256 will face two problems before retention windows close: quantum cryptanalysis breaks RSA and ECDSA, and algorithm deprecation removes them from federal cryptographic standards. H33 evidence is signed with three independent post-quantum algorithm families today.
Software and cloud transitions
H33 evidence does not depend on the cloud provider it was generated on. The artifact is a portable file storable in any S3-compatible object store, customer-owned NAS, offline cold storage, or any federal-approved archive medium. The artifact does not depend on the software vendor that produced it. The verification protocol is published. The open-source verifier is independently maintainable. If H33 ceases to exist, the artifact remains verifiable. Verification runs entirely offline.
Use cases
Federal AI decision evidence. A federal agency uses AI to assist in eligibility determinations. Each decision produces an H33 evidence artifact retained per applicable statute. Decades later, the artifacts are verified offline — even though the AI vendor, cloud provider, and several major federal software systems have all changed. Classified evidence retention. A defense system produces evidence with extended retention requirements. The H33 artifact survives the platform, the software stack, and the cryptographic primitive transitions. Inter-agency evidence sharing. Agency A produces evidence; Agency B verifies under its own systems. Both run the open-source verifier.
Common questions
Is this FedRAMP applicable?
The artifact-generation system can be deployed on FedRAMP-authorized infrastructure. The artifact itself is a portable file.
Does this support CNSA 2.0?
ML-DSA-65 satisfies the CNSA 2.0 ML-DSA mandate; the additional FALCON and SLH-DSA signatures provide algorithmic diversity beyond the mandate.
Can artifacts be stored in classified networks?
Yes. The artifact is a standalone file with no external dependencies.
Does this work with FedRAMP High?
Yes. The artifact-generation system can be deployed on FedRAMP High infrastructure. Verification runs offline.
Can foreign regulators verify US-generated evidence?
Yes. The verifier is open source and runs anywhere. No dependency on US vendor infrastructure.
Related: Portable Artifact · Post-Quantum Readiness · Federal Independent Verification · Continuity Portability · Regulatory Submission Integrity