Cryptographic Trust Model
QNSP's cryptographic trust model defines what is trusted and how trust is established.
Cryptographic Trust Model
QNSP's cryptographic trust model defines what is trusted and how trust is established.
Root of Trust
The root of trust is established via:
- HSM-protected root keys
- Hardware attestation (enclaves)
- Secure boot chain
Trust hierarchy
HSM Root Key
↓
Tenant Master Key (TMK)
↓
Data Encryption Keys (DEK)
Trust assumptions
What we trust
- HSM hardware and firmware
- Enclave attestation
- Cryptographic primitives (post-quantum and classical)
What we don't trust
- Application code (verified via attestation)
- Network (encrypted in transit)
- Storage (encrypted at rest)
- Operators (no access to plaintext)
Verification
Trust is verified via:
- HSM attestation reports
- Enclave quotes
- Certificate chains
- Cryptographic proofs
Compromise recovery
If a key is compromised:
- Revoke affected keys
- Re-encrypt with new keys
- Audit access during exposure window
- Rotate dependent credentials