QAKD

Hardware-rooted keys and identity, gated by admissibility.

QAKD is a coherence-anchored key and identity layer. It binds cryptographic material to measured conditions and refuses key release when the environment is inadmissible. QAKD is a strict client of CohOS.

Device CUF · Session CUF · Attestation bundle No ALLOW → no key release

Core promise

Keys are side effects of admissible state.

QAKD does not “mint keys because a request arrived.” It releases key material only when CohOS verifies the capture conditions and coherence metrics are within policy.

Identity Device CUF + Session CUF separation

Attestation Signed bundles with policy + metrics

Fail-closed Refuse on replay, drift, or out-of-spec

Why QAKD exists

Most key systems assume the environment is valid.

In practice, keys get generated and used while instrumentation is misconfigured, telemetry is replayed, entropy sources are substituted, or timing uncertainty is unbounded. The result is false trust: “cryptographically correct” operations executed on inadmissible state.

Entropy substitution A software RNG can replace a physical source without detection unless explicitly governed.
Replay and reuse Captured material can be replayed to simulate a healthy environment unless fingerprints are enforced.
Key use under drift Keys remain “valid” while capture conditions drift out of spec, unless key epochs are tied to policy.

QCT answer

Admissibility-first key epochs.

QAKD releases key material only when a CohOS decision is ALLOW. When conditions fail, QAKD refuses. This turns keying into an auditable, evidence-backed act.

If the environment is inadmissible

qakd_bundle.json
{
  "status": "REFUSE",
  "reason": "COHERENCE_ENVELOPE_FAIL",
  "key_released": false
}

Identity model

Device CUF and Session CUF separate identity from state.

QAKD splits identity into a persistent device fingerprint and an ephemeral capture fingerprint. This mirrors serious attestation systems: a stable identity plus a state-binding signature per epoch.

Device CUF

Persistent identity derived from a device secret and enrollment challenge. Stable across reboots and sessions.

Session CUF

Ephemeral identity derived from time-bounded capture and session challenge. Changes per run and binds state.

Why two

Device CUF prevents “virtual device spoofing.” Session CUF prevents replay of prior captures or stale state.

CUF bundle fields (illustrative)

qakd_bundle.json
{
  "device_cuf": "…stable…",
  "session_cuf": "…ephemeral…",
  "policy_id": "qakd_policy_v2",
  "coherence_envelope_pass": true
}

Governance

QAKD is a strict client of CohOS.

The kernel is the authority. QAKD cannot override REFUSE. The admissibility decision gates key release, key refresh, and session establishment. This is the core safety boundary.

ALLOW

Key material may be released, with full attestation and hashes.

REFUSE

No key release. Evidence bundle emitted with explicit refusal reason.

Replay detected

Refuse even if metrics appear normal. Reuse is treated as adversarial by default.

Instrument out-of-spec

Refuse on missing ADC, wrong gain, misconfigured sampling, or timing uncertainty.

Attestation outputs

qakd_bundle.json policy.json manifest.json hashes.json metrics.json

Guardrails

What QAKD is not.

QAKD is an admissibility-keyed identity and key release layer. It is not a claim of cryptographic superiority, and it is not a replacement for standard cryptographic primitives.

Not a cipher

QAKD does not encrypt. It provides governed key material and attestation.

Not QKD

It does not require entangled photon hardware. It is a coherence-governed key epoch system.

Not “more random” marketing

The differentiator is admissibility and proof, not slogans about randomness.

Not optional governance

Key release is subordinate to CohOS decisions. Refusal cannot be overridden.