Frequently Asked Questions

Post-quantum cryptography refers to cryptographic algorithms that remain secure even against attackers using sufficiently powerful quantum computers. Today's mainstream public-key algorithms, RSA, DH, ECC, ECDSA, are not post-quantum: they can be broken by Shor's algorithm.

PQC algorithms are based on different mathematical problems (lattices, hashes, isogenies, codes) that are believed to remain hard for quantum computers. NIST finalized the first PQC standards in August 2024.

A DID is a globally unique, cryptographically verifiable identity URI you control yourself, no central registry needed. A DID looks like did:web:example.com or did:key:z6Mk… and resolves to a DID Document that lists your public keys and service endpoints.

The crucial property: you can rotate or replace keys (including swapping algorithms) without changing your DID. That's what makes crypto agility possible.

A Verifiable Credential is a tamper-evident digital attestation issued by one party (the issuer) to another (the holder), provable to a third party (the verifier) using only cryptography. Think of it as a digital passport stamp.

The W3C VC Data Model is the open standard that makes VCs interoperable across wallets and verifiers worldwide. Business Wallet-issued VCs use hybrid signatures (Ed25519 + ML-DSA) so they're verifiable by both legacy and PQC systems.

Business Wallet is built for organizations that need to prove something about themselves to partners, regulators, customers, or supply chains, and want that proof to remain trustworthy in a post-quantum world.

Typical users include manufacturers proving compliance, service providers asserting certifications, suppliers issuing product passports, financial institutions exchanging LEI credentials, and any organization that participates in cross-border digital trade.

ML-DSA (Module-Lattice Digital Signature Algorithm) is the NIST-standardized post-quantum signature scheme published as FIPS 204. It was originally submitted as CRYSTALS-Dilithium.

Business Wallet defaults to ML-DSA-65, the Level-3 parameter set (≈ AES-192 equivalent strength). Signatures are ~3.3 KB and public keys ~2 KB, bigger than ECDSA, but verifiable on any modern hardware.

ML-KEM (Module-Lattice Key Encapsulation Mechanism) is the NIST-standardized post-quantum key exchange scheme, FIPS 203, originally CRYSTALS-Kyber. It's the PQC replacement for Diffie-Hellman / ECDH.

Business Wallet uses ML-KEM-768 (Level-3) inside DIDComm v2 sessions to negotiate symmetric keys for encrypted channels between business partners.

A hybrid key bundles a classical algorithm (Ed25519 or X25519) with a post-quantum algorithm (ML-DSA or ML-KEM) into the same DID Document. Operations are performed with both at once.

The benefit: legacy verifiers that don't yet understand PQC can still check the classical proof, while PQC-ready verifiers check the post-quantum proof. As partners migrate, the classical proof can be dropped without re-issuing credentials. This is the bridge that makes zero-downtime migration practical.

The two terms are often confused but they are not the same.

Quantum resilient = the system can withstand some quantum attacks or tolerate quantum disruption, for example, by doubling key sizes (RSA-4096) or using AES-256 instead of AES-128. It buys time but doesn't fix the underlying weakness.

Quantum safe (also called post-quantum) = the algorithm is mathematically designed to resist all known quantum attacks, including Shor's. Only the NIST-standardized PQC algorithms qualify.

Crypto agility is the ability to swap cryptographic algorithms in a running system without breaking identities, integrations, or partner relationships. Traditional PKI couples your identity to a specific key, change the key, change the identity.

Business Wallet decouples who you are (your DID) from how you sign (your keys). New algorithms can be added, old ones deprecated, and partners notified, all without re-onboarding or reissuing credentials.

Not yet. Ed25519 is still the most efficient and widely compatible classical signature scheme today. Until a CRQC exists it remains secure against classical attackers.

Business Wallet uses Ed25519 alongside ML-DSA in hybrid keys, so your credentials are verifiable by both legacy and PQC partners. As the ecosystem matures, the Ed25519 component is gradually retired, while your DID and credentials stay valid.

The wallet stores three things: your organization's DID (identity), its hybrid key pairs (sign and encrypt), and its verifiable credentials (issued, received, and revoked).

Day-to-day, you use it to: receive credentials from issuers (e.g. your accreditor), present them to verifiers (e.g. a customer's procurement system), or issue your own attestations to partners. All exchanges go through encrypted DIDComm v2 channels, no email, no PDFs, no manual verification.

Business Wallet supports multiple key custody models depending on your security posture:

• Software wallet, keys encrypted at rest in the Business Wallet backend (default for trial / pilot).
• HSM-backed, keys stored in an organization-controlled hardware security module (FIPS 140-3 validated).
• Cloud KMS, keys held in AWS KMS, Azure Key Vault, or Google Cloud KMS with PQC support.

In all modes, signing operations happen inside the secure boundary, private key material never leaves the HSM/KMS.

Yes. Key rotation is built into the DID lifecycle: you publish a new public key in your DID Document, partners pick it up automatically on the next resolution, and the old key is deprecated with an explicit revoked timestamp.

For recovery, Business Wallet supports administrator-controlled controller delegation and threshold backup (Shamir secret sharing) for organizations that need offline disaster recovery.

Both. Business Wallet is delivered as a Spherity-managed SaaS for organizations that want fast onboarding, and as a self-hosted deployment (Kubernetes/Helm) for organizations with stricter data residency or sovereignty requirements.

The protocols and credentials are identical in both deployment modes, so SaaS-hosted and self-hosted wallets interoperate seamlessly.

A PQC Digital Corridor is a secure, standards-based communication channel between two verified business identities. It uses DIDComm v2 with hybrid encryption (ML-KEM + X25519) so the data exchanged, credentials, compliance proofs, supply-chain attestations, is protected against both classical and quantum attackers.

Corridors are the unit of trust between organizations. Once a corridor is established, partners can exchange any number of credentials and messages without renegotiating identity each time.

DIDComm v2 is an open-standard, end-to-end-encrypted messaging protocol between DIDs. It is designed to be transport-agnostic (works over HTTP, WebSocket, Bluetooth, or queues), and natively supports hybrid encryption, making it the backbone of Business Wallet's digital corridors.

Specs are maintained by the Decentralized Identity Foundation (DIF) at identity.foundation/didcomm-messaging.

A digital corridor is the Business Wallet pattern for two pre-verified business identities exchanging credentials over a quantum-resilient channel. Common scenarios include cross-jurisdictional supplier onboarding (e.g. Türkiye–Germany, United States–Germany, China–Germany), supplier audit attestations inside the EU, and KYC/KYS exchanges between financial institutions.

The corridor concept is jurisdiction-agnostic: any pair of legal entities with Business Wallet-resolvable DIDs can open one. Country pairs are listed here as illustrative examples, not as a fixed registry of pre-provisioned corridors.

Establishing a corridor takes three steps. First, both parties present their organizational identity credentials (LEI or equivalent) so each side knows the other is a verified legal entity. Second, DIDs are exchanged and DID Documents resolved. Third, an ML-KEM + X25519 handshake derives the symmetric session keys.

Once established, the corridor stays open for as long as both parties want, keys rotate transparently in the background.

Anything that fits the W3C Verifiable Credential data model. Common types in Business Wallet:

• Natural Person Credential, proves the human authority behind an organization (used for KYB / KYC).
• LEI (verifiable Legal Entity Identifier), the GLEIF-issued credential identifying a legal entity globally.
• EUCC, EU Common Criteria certificate for a product or service.
• Industry-specific attestations, supplier compliance, ESG declarations, product passports, audit reports.

From the Credentials page, click Request, choose the credential type and the issuer, fill in the required attributes, and submit. The issuer reviews the request and, once approved, signs the credential with their hybrid key and pushes it back into your wallet via DIDComm.

You'll see the new credential in the Credentials list with status Active and a green PQC Resilient security pill.

Open the credential, click Share, select the partner from your corridor list, choose which fields to disclose (selective disclosure is supported), and send. The partner receives the proof through your established DIDComm corridor, no email attachments, no PDFs.

The credential is verified automatically on the partner's side: signature checked, issuer trust evaluated, revocation status pulled.

The pill shows the cryptographic posture of the credential at a glance:

• PQC Resilient (green), credential is signed with ML-DSA, fully PQC-protected.
• Legacy Only (gray), signed only with classical algorithms; planned for upgrade.

Yes. Issuers can revoke credentials at any time using a status list (W3C StatusList2021). Verifiers always check the current status before accepting a presentation, so a revoked credential stops being usable within minutes of revocation.

The revised eIDAS Regulation (EU 2024/1183) extends the EU's electronic identification framework to require all member states to offer European Digital Identity Wallets (EUDI Wallets) by 2026. It also explicitly calls for crypto-agile, post-quantum-ready implementations.

Business Wallet is designed to interoperate with EUDI Wallet specifications and supports the credential formats listed in the related Architecture and Reference Framework.

NIST published three post-quantum standards in August 2024:

• FIPS 203, ML-KEM (lattice key exchange).
• FIPS 204, ML-DSA (lattice signatures).
• FIPS 205, SLH-DSA (stateless hash-based signatures, conservative backup).

Business Wallet defaults to ML-KEM and ML-DSA. SLH-DSA is available for use cases where a conservative non-lattice fallback is required.

Germany's Federal Office for Information Security (BSI) recommends migrating to PQC now using hybrid schemes that combine classical and post-quantum algorithms. The BSI's TR-02102 guideline, updated annually, lists ML-KEM and ML-DSA as recommended algorithms and explicitly endorses hybrid usage as a defense against both classical cryptanalysis and HNDL.

Yes. Business Wallet wallets can hold and verify LEI credentials issued under the GLEIF governance framework. LEI is the internationally recognized verifiable identifier for legal entities, the digital, cryptographic counterpart to a paper LEI registration.

This is the foundation for cross-border B2B trust: when a Turkish manufacturer connects to a German buyer, both can present their LEIs to confirm legal-entity identity before any sensitive data is exchanged.

Business Wallet stays close to open standards rather than building proprietary protocols:

• W3C DID Core 1.0, identity primitives.
• W3C VC Data Model 2.0, credential format.
• W3C Data Integrity, proofs (incl. hybrid signatures).
• DIF DIDComm v2, secure messaging.
• NIST FIPS 203 / 204 / 205, PQC algorithms.
• OIDC4VC / OIDC4VP, credential issuance and verifier presentation flows.

An HNDL attack means an adversary records encrypted traffic today and stores it, planning to decrypt it once a quantum computer becomes capable. Nation-state actors are widely believed to be doing this at scale, building petabyte-scale archives of TLS sessions, signed credentials, and EDI traffic.

Any data with a long confidentiality horizon (medical records, contracts, IP, identity assertions) is at risk now even though the quantum decryption will happen years later.

A CRQC is a "Cryptographically Relevant Quantum Computer", one with enough logical qubits and low-enough error rates to run Shor's algorithm against real-world key sizes (RSA-2048, ECC-P256). Estimates of the arrival vary by source: NIST, BSI, and major intelligence agencies generally place plausible CRQC arrival in the early-to-mid 2030s.

The exact date is uncertain, but the migration must finish before CRQC arrives, and a global migration takes years.

Now. The exact CRQC date doesn't change the migration timeline because (a) HNDL is already happening, and (b) hybrid migration is itself a multi-year operational program. Starting today with hybrid keys is the conservative, low-risk path: nothing breaks, partners stay compatible, and you build the agility you'll need anyway.

Shor's algorithm (Peter Shor, 1994) factors integers and computes discrete logarithms in polynomial time on a quantum computer. It defeats RSA, DH, and ECC completely once a CRQC exists.

Grover's algorithm (Lov Grover, 1996) speeds up unstructured search quadratically. Practical effect: it halves the strength of symmetric ciphers, AES-128 effectively becomes 64-bit. Mitigation is straightforward: double the key length to AES-256.