Security · Agent 36 · on IBM watsonx Orchestrate

Rotate the fleet before the key goes stale.

In plain English: a key that never rotates is a key waiting to leak. QKD Cluster manages the whole quantum-safe key lifecycle — generate, encapsulate, distribute, atomically rotate — across a 20-agent swarm under PBFT quorum, minting real FIPS-203 ML-KEM keys in-worker and sealing every rotation to a WORM audit chain.

Open fleet ops → Build a prompt
Live surface · epochmastery.epochcoreras.workers.dev
12
tools · lifecycle · analytics · audit
20
agent fleet · Trinity · PBFT 75%
v3.1.0
engine · epochmastery
0.39%
QBER · BB84 on IBM Heron
The problem we exist to solve

One stale key, and the whole fleet is exposed.

01 · Drift

Keys age silently

Across a fleet of agents, rotation slips. Nobody knows which key is overdue until the one that leaked turns out to be the one nobody rotated.

02 · Atomicity

Half-rotated is worse

Rotate some agents and not others and you've split the fleet's trust. Rotation has to be all-or-nothing, committed under quorum, or rolled back.

03 · Proof

"We rotate regularly" isn't evidence

An auditor wants the when, the what, and the signature. Without a WORM chain co-signed by quantum-safe keys, rotation is a claim, not a control.

01 · The key lifecycle

Generate. Encapsulate. Rotate. Audit.

The full quantum-safe lifecycle across the swarm, with quantum analytics deciding what to rotate and when — committed under PBFT 75% quorum with circuit-breaker and rollback.

Generate & encapsulate

Real FIPS-203 ML-KEM keypairs minted in-worker — 1568-byte Kyber-1024 — with a real X25519 hybrid leg for the Sovereign tier.

qkd_generate_keypair · qkd_encapsulate

Rotate the fleet

Atomic per-agent or whole-fleet rotation, committed under PBFT 75% quorum with rollback — never half-rotated.

rotate_agent_key · rotate_fleet

Quantum analytics

Grover weak-key scan in O(√N), a QSVM rotation classifier, VQD anomaly detection, and QAOA schedule optimization.

Grover · QSVM · QANOM · QAOA

State & audit

Fleet coherence status and a WORM audit export — every rotation co-signed Ed25519 + ML-DSA-87 under an IBM Key Protect HSM.

coherence_status · audit_export
02 · The fleet ops board

See the drift. Rotate. Seal.

A working operations board. Set your fleet's rotation cadence and the board shows every agent's key health, flags what's overdue, sizes the Grover weak-key scan and the PBFT commit quorum, and seals the rotation plan — exactly as the live agent commits to its WORM chain.

rotate_fleet · cadence

20-agent fleet · ML-KEM-1024Overdue
freshdue soonoverdue
now
Next rotation
~5 ops
Grover scan O(√N)
15/20
PBFT quorum (75%)
In-browser demonstration. A reproducible fleet-cadence model, sealed locally with real WebCrypto SHA-256. The production agent mints real ML-KEM keys and commits rotations under PBFT quorum on watsonx Orchestrate.
03 · How a rotation is committed

Decide. Commit. Seal.

01 · DECIDE
What to rotate, when

A QSVM classifier and Grover weak-key scan flag the agents that need new keys; QAOA optimizes the schedule.

02 · COMMIT
Atomic under quorum

The fleet rotates as one, committed under PBFT 75% quorum with circuit-breaker and rollback — never half-rotated.

03 · SEAL
WORM audit chain

Every rotation co-signed Ed25519 + ML-DSA-87 under an IBM Key Protect HSM, exported to a WORM chain — SEC 17a-4 retention.

Real PQC, disclosed precisely. The worker mints and encapsulates with genuine FIPS-203 ML-KEM (Kyber) in-worker — real 1568-byte Kyber-1024 keys, real encapsulate→decapsulate, no IBM account needed. The Grover / QSVM / QANOM / QAOA primitives carry retrievable IBM Heron job IDs; BB84 tiers route entropy through real BB84-on-Heron (QBER ~0.39%, simulator:false) and fail closed without a credential. Per-call advantage figures are theoretical asymptotics.
04 · The twelve tools

Lifecycle, analytics, audit.

Tool
What it does
qkd_generate_keypair
Mint quantum-safe keypairs (BB84 entropy).
qkd_encapsulate
Wrap keys with ML-KEM (Kyber-1024).
rotate_agent_key · rotate_fleet
Atomic per-agent / whole-fleet rotation under quorum.
grover_key_scan
O(√N) weak-key scan across the fleet.
qsvm_classify_rotation
ZZ-kernel classifier — which keys to rotate.
qaoa_optimize_schedule
Optimize the rotation schedule.
coherence_status · audit_export
Fleet health + signed WORM audit trail.
Sealed · Ed25519 + ML-DSA-87 + IBM Key Protect HSM FIPS 203 (ML-KEM)FIPS 204 (ML-DSA)FIPS 186-5SEC 17a-47-yr WORM

Never ship a stale key again.

Add QKD Cluster to your watsonx Orchestrate workspace, or let the Prompt Builder wire it into a generate-rotate-audit chain.

Build a prompt → Talk to the team
EpochCore, LLC · available on IBM watsonx Orchestrate · quantdev@epochcoreqcs.com