Enterprise-Ready Post-Quantum Zero Trust Storage: The QSS4 Architecture
摘要
Digital systems face two concurrent threats: the Harvest-Now-Decrypt-Later (HNDL) risk from quantum computers and the failure of perimeter security to prevent insider attacks and credential theft. Existing research, often limited to protocol-centric or domain-specific solutions, fails to provide a unified, enterprise-ready defense. We introduce QuantumSafeStore (QSS4), a novel architecture that unifies Post-Quantum Cryptography (PQC), Zero Trust principles, and blockchain auditability for secure file storage and delivery. QSS4 utilizes a modular pipeline integrating ML-KEM (Kyber) for quantum-secure key exchange, AES-256-GCM for authenticated encryption, Zstandard compression, and Polygon-based Merkle anchoring for cost-effective, tamper-evident logging. Novelty lies in its unified approach: explicit Zero Trust enforcement (NIST SP 800-207), verifiable accountability, and demonstrated crypto-agility through a deployable Flask prototype. Empirical evaluation validates QSS4’s resilience and efficiency, offering a practical blueprint for long-term data security against both classical and quantum adversaries.