Public reference for EpochCore's quantum-anchored watermark + SBOM scheme — supply-chain integrity primitives for AI agent infrastructure.
This repo specifies a two-layer integrity primitive used across EpochCore's agent stack:
- Quantum Watermark — a tamper-evident binding derived from a quantum-sourced seed (D-Wave / NIST randomness beacon) and a PQC-safe MAC (HMAC-SHA3-512 → ML-DSA signature). Embedded in every agent response and pixel tensor.
- Quantum-Anchored SBOM — a CycloneDX 1.5 + SPDX 2.3 hybrid SBOM whose root hash is anchored alongside the D-KaP dual-chain commitment.
.
├── spec/
│ └── v0.1.md # Normative specification
├── schemas/
│ ├── watermark.schema.json
│ └── sbom.cyclonedx.example.json
├── examples/
├── threat-model.md
└── LICENSE
| Threat | Mitigation |
|---|---|
| Output replay | Per-response nonce + timestamp inside watermark |
| Watermark forgery | PQC signature (ML-DSA) over canonical payload |
| SBOM substitution | Dual-chain anchor of SBOM root |
| Quantum-future attacks | All primitives are PQC-safe |
| Side-channel leak | Constant-time verification reference |
Full threat model in threat-model.md.
from epochcore_sdk import EpochCore
ec = EpochCore()
ok = ec.watermark.verify(payload_bytes, watermark_header)
assert okDraft v0.1. Reference implementation is proprietary EpochCore infrastructure.
Apache License 2.0 © EpochCore LLC.