Records that must survive regulatory scrutiny beyond the anticipated timeline of quantum computing threats need more than classical signatures. PQ Hybrid combines ECDSA-P256 with CRYSTALS-Dilithium (NIST ML-DSA) in a composite envelope.
Three Composite Strategies
Concatenated
Both signatures in envelope. Either independently validates the record.
Nested
PQ signature covers both payload hash and classical signature. Prevents signature stripping attacks.
Dual Independent
Separate verification paths for classical and post-quantum validators.
Archival Durability
Configurable archival targets: 5 years (standard compliance), 10 years (regulatory archival), 25 years (long-term legal hold), Permanent (sovereign/constitutional record). Pluggable signing provider supports HSM, liboqs, and cloud KMS backends.