AIR
Proof Lab
StartEcosystem
Explore (579)Live Systems (52)Pricing
Log InGet API Key✓ Verify It Yourself
H33 H33-74 ← All one-pagers Screen-shot the card · Cmd+Shift+4 · paste to LinkedIn
H33
H33-74Chain-Portable Evidence
For CISOs

"My audit evidence depends on the SIEM staying up. My logs depend on me not being compromised."

Cryptographic integrity at creation. Tampering requires breaking three independent crypto stacks.

Related · tier-1 reading. For what a portable artifact actually is, see Portable Artifact.

01

SIEM-independent audit trail by construction

Every privileged action, configuration change, and security event emits a PQ-signed proof. The audit trail survives the SIEM vendor, the retention contract, and the system.

02

Tamper-evident by signature, not by storage controls

Integrity rests on three post-quantum signature families. An attacker who owns the SIEM still cannot forge proofs. Integrity is structural, not contractual.

03

Incident response evidence chain-portable

Detection, classification, containment decisions, and notifications all emit proofs the regulator can verify directly. 72-hour reporting becomes cryptographically anchored.

04

Post-quantum durability through Q-Day

Three independent PQ families (ML-DSA-65, FALCON-512, SLH-DSA-128f). When the host chain's signatures break, the receipt's integrity does not.

The asset may move.
The evidence remains.
h33.ai/h33-74
H33-74 · Post-Quantum Evidence

H33-74 in brief — for the CISO

H33-74 is the portable 74-byte post-quantum evidence primitive — a 32-byte on-chain commitment plus a 42-byte off-chain receipt, signed under three independent NIST post-quantum signature families (ML-DSA, FALCON, SLH-DSA) — that produces and anchors a self-contained, tamper-evident proof of each privileged action and security event. For a CISO it moves audit integrity from "the SIEM stayed up and no one tampered with the logs" to integrity that is cryptographic at creation.

What it is not. H33-74 is the evidence primitive, not a control. It does not detect or monitor threats (that is HATS), it does not issue the verdict (that is Verification), and it does not govern agents (that is Agent-008). It makes the record tamper-evident; it does not prevent the event.

Why does a CISO care?

An attacker who owns the SIEM still cannot forge proofs. Integrity rests on three signature families, so the audit trail survives compromise, vendor change, and retention expiry.

How is it different from SIEM or WORM?

Those protect integrity via storage and access controls that must stay online. H33-74 is tamper-evident by signature at creation — structural, not contractual.

What proves it?

Three families — ML-DSA-65 (FIPS 204), FALCON-512, SLH-DSA-128f (FIPS 205). Wire format at /schemas/h33-74/, reproducible timings at /benchmarks/.

How does it hold up post-quantum?

The three families rest on different hardness assumptions, so a proof stays unforgeable even if one family is later broken.