Quantum-ready protection for off-chain Bloom data — hybrid encryption (AES-256-GCM + HMAC-SHA-256) today, with a pluggable provider so post-quantum schemes (ML-KEM / ML-DSA) can be layered in later. This protects stored data, not wallet signatures. See docs/quantum-ready-security.md for configuration and the BLOOM_DATA_KEY secret.
QUANTUM-READY SECURITY LAYERCHECKING…
Quantum-ready protection for agent memory, strategy data, and execution logs.
Bloom wraps sensitive off-chain data in a hybrid-encryption envelope built for post-quantum cryptography. Symmetric primitives (AES-256-GCM, HMAC-SHA-256) provide long-term data protection today, and a pluggable provider lets Bloom layer in post-quantum KEMs and signatures (ML-KEM / Kyber, ML-DSA / Dilithium) via Open Quantum Safe (liboqs) or Cloudflare CIRCL without changing call sites.
■ Agent MemoryAutonomous agent reasoning, journal, and learned state.
■ Strategy ConfigsRisk limits, profiles, and strategy parameters.
■ Oracle ReportsForecasts, consensus, and intelligence outputs.
■ Execution LogsTrade history, quotes, and execution outcomes.
■ Risk ReportsToken risk assessments and security findings.
■ User PreferencesLocal settings and personalization.
Scope: this protects off-chain Bloom data at rest. On-chain transactions are still signed by your wallet with its existing cryptography — quantum-readiness here is about long-term protection of stored data, not wallet signatures.
