AFFIXIO
AffixIO Research
White Papers
Research notes from the AffixIO team on zero-knowledge AI governance, post-quantum attestation, and audit infrastructure you can verify without calling us. New readers: start with the three papers below, then browse the full library.
Start here
- Merkle tree audit architecture (reference design)
- WP-036 Live PQC API sandbox (reproducible field report)
- WP-039 Scan-to-prove partnerships (integration checklist)
Technical buyers: see the evaluation guide and developer documentation.
-
WP-039
Scan-to-Prove Partnerships: Verifying Eligibility Without Exporting Source Data
How the partnerships page proves a yes/no circuit on load when
?affix_scan=1is present: circuit verify, Merkle inclusion, URL proof refs, and sessionStorage for pilot integrators.Scan-to-Prove Partnership Pilots Merkle Inclusion yesno Circuit Integrator Checklist -
WP-038
Proving UK AI Governance in Production: A Sandbox Walkthrough for CDDO and NIS2 Auditors
Field report mapping a fictional HM programme eligibility check through the live sandbox: ZK identity verify, Merkle audit, ML-DSA-65 attestations, and what auditors can verify without trusting vendor logs.
UK AI Governance CDDO Framework NIS2 Audit Evidence Algorithmic Transparency Public Sector Sandbox -
WP-037
Live Ticket Verification Sandbox: Anti-Scalping and Double-Spend Field Report
We minted compact-v3 tickets, bound gates, consumed offline, and blocked duplicate scans in the live sandbox. Latency tables and a reproduction checklist for events and fraud teams.
Anti-Scalping Tickets Double-Spend Prevention compact-v3 Offline Edge Verify Spent Proof Registry -
WP-036
Live PQC API Sandbox: Complete Post-Quantum Verification Field Report
Full walkthrough of the live sandbox at affix-io.com/sandbox: API reference, ML-DSA-65 attestations, Merkle inclusion proofs, 40+ Noir circuits, latency tables, and a press-ready reproduction checklist. No mocks.
Post-Quantum Cryptography Sandbox ML-DSA-65 NIST FIPS 204 Live Merkle Audit Tree Zero-Knowledge Proof API Stateless Edge Verification Quantum-Resistant Attestation Harvest Now Decrypt Later -
WP-035
UK Sovereign AI Governance: Cryptographic Proof for Public Sector Accountability
£1.1bn committed. 38 of 50 Action Plan commitments delivered. The missing piece is runtime accountability. This paper maps CDDO, AISI, NCSC, NHS, HMRC, and MOD requirements to a single verifiable AI audit architecture.
UK Sovereign AI Governance CDDO AI Framework AISI Frontier AI Evaluation NHS AI Governance Algorithmic Transparency UK Zero Trust AI Government -
WP-034
Shadow AI Governance: Why Policies Fail and How Cryptographic Proof Fixes It
67% of employees use AI tools their employer has not sanctioned. Policy is intent. Proof is governance. The EU Product Liability Directive arrives December 2026. Here is what a real shadow AI audit trail looks like.
Shadow AI Governance Shadow AI Audit Trail Shadow AI Compliance 2026 EU Product Liability Directive AI Agentic AI Audit Trail Cryptographic AI Proof -
WP-033
The Convergence of Post-Quantum Cryptography and Zero-Knowledge Proofs: Closing the Verification Gap
PQC secures the channel. ZK proofs protect the claim. Neither alone closes the identity-layer and audit-layer harvest threat. This paper maps the research landscape and the architecture that bridges them.
PQC and ZK Convergence Quantum Resistant Audit Trail Stateless PQ Verification Harvest Now Decrypt Later Lattice Based ZK Proof NIST FIPS 203 204 ZK Circuit -
WP-032
Sublinear Post-Quantum Attestation: Merkle-Anchored Audit Roots with ML-DSA-65 for Long-Lived Records
One ML-DSA-65 signature on a Merkle root covers a million records. O(log n) inclusion proofs replace linear signature sets. The mathematics of post-quantum attestation at scale.
Sublinear PQC Attestation ML-DSA-65 Merkle Root O(log n) Inclusion Proofs Long-Lived Record Integrity Post-Quantum Audit Trail EU AI Act Retention -
WP-031
ZK Post-Quantum Hybrid Key Exchange: ML-KEM-768 in ZK Circuits with SNARK Verification
ML-KEM secures TLS handshakes. ML-DSA signs documents. Neither operates inside a zero-knowledge circuit. This paper presents the architecture that combines both.
ML-KEM-768 ZK Circuit ML-DSA ZK Verify Hybrid SNARK+PQC NIST FIPS 203/204 Prime Mismatch Problem ZK Proof PQC Key Validity -
WP-030
Stateless Post-Quantum Verification: ZK Proofs with NIST PQC for Quantum-Resistant Compliance
Traditional PQC secures the channel but leaves identity databases as harvest targets. This paper defines stateless verification: Groth16 proofs with ML-DSA-65 anchoring, no harvestable state, no PKI migration required.
Stateless ZK Verification Groth16 + ML-DSA-65 NIST FIPS 203/204 Harvest Now Decrypt Later Post-Quantum Compliance Zero-Knowledge PQC -
WP-029
TLS 1.3 Hybrid Post-Quantum Deployment: A Production Guide for 2026
X25519MLKEM768 is already active on 30-50% of TLS 1.3 handshakes. Here is what your team needs to know to deploy it, configure it, and prove you have done it.
TLS 1.3 Hybrid PQC X25519MLKEM768 ML-KEM FIPS 203 OpenSSL 3.5 Harvest Now Decrypt Later RFC 9598 -
WP-028
Supply Chain Provenance: Zero-Knowledge Attestations for IoT Device Authenticity and Critical Infrastructure Compliance
NIS2 and DORA require proof that the devices in your critical infrastructure are genuine. Here is how to provide it without revealing your supply chain to your competitors.
IoT Device Authenticity NIS2 Supply Chain DORA Attestation Cyber Resilience Act Post-Quantum Device Certificates Merkle Device Records -
WP-027
Verifiable Elections Without Voter Privacy Compromise: Zero-Knowledge Proof Architecture for Ballot Integrity
How cryptographic voting systems can prove every vote was counted correctly without ever revealing who voted for whom.
ZK Voting Verifiable Elections Ballot Integrity Post-Quantum Ballot Signing Mixnet Anonymity E2E-V Systems -
WP-026
Colorado, Illinois, and the New US State AI Laws: Building ZK Compliance Architecture Before Enforcement Begins
Colorado SB 24-205 took effect in 2026. Illinois HB 3773 is close behind. Here is how to prove algorithmic compliance without opening your model to auditors.
Colorado SB 24-205 Illinois HB 3773 Algorithmic Discrimination AI Bias Testing NIST AI RMF Consumer AI Disclosure -
WP-025
HIPAA-Compliant Clinical AI: Protecting Patient Data with Zero-Knowledge Attestation
Healthcare AI needs patient data to work. Here is how to use it without violating HIPAA or exposing medical records.
HIPAA Compliant AI PHI Protection Clinical Trial Eligibility ZK Patient Attestation FDA AI SaMD Cross-Border Clinical Portability -
WP-024
Social Media Age Restrictions: Compliant Age Verification Without the Privacy Trade-Off
Australia, the UK, France, the EU, and the US all require platforms to check users' ages. Here is how to do it without turning every sign-up into a data breach waiting to happen.
Age Assurance Online Safety Act Under-16 Social Media GDPR Children's Code Reusable Age Credentials eSafety Commissioner -
WP-023
AML, KYC, and Agentic Payments: Compliance for the Machine-to-Machine Economy
When AI agents make payments at scale, who is the customer? And how do you prove authorisation without slowing everything down?
Agentic Payments AML Compliance KYC FATF Travel Rule Machine-to-Machine Beneficial Ownership -
WP-022
RAG Citation Integrity: Per-Chunk ZK Proofs for Agentic AI
Per-chunk retrieval proofs that let auditors verify every citation without trusting your vector database.
Agentic RAG Citation Integrity Source Verification Hallucination Prevention EU AI Act Merkle Anchoring -
WP-021
Beyond C2PA: ZK Content Provenance That Survives Metadata Stripping
When platforms strip C2PA tags, hash-bound proofs still tell you where content came from.
C2PA Content Provenance Synthetic Media EU AI Act Article 50 DSA Deepfake Detection -
WP-020
DORA-Compliant AI Governance with Zero-Knowledge Audit Records
Five overlapping EU regimes, one proof pipeline your ICT auditor can actually verify.
DORA MiCA Financial Services AI ICT Governance EU AI Act Audit Trail -
WP-019
Post-Quantum PKI Migration: ML-KEM and ML-DSA in Production
A cutover plan for PKI teams who cannot wait for a perfect standard.
Post-Quantum PKI ML-KEM ML-DSA Hybrid Key Exchange TLS Migration Algorithm Agility -
WP-018
Cryptographic AI-BOM: ZK Provenance for Model Supply Chains
Prove where a model came from without handing over your weights.
AI-BOM Model Provenance Supply Chain Security SLSA Attestation EU AI Act Article 11 CISA AI SBOM -
WP-017
ZK Selective Disclosure for eIDAS 2.0 and the EUDI Wallet
Prove you are over 18 without revealing your birthday or linking every login.
eIDAS 2.0 EUDI Wallet Selective Disclosure Verifiable Credentials SD-JWT Digital Identity -
WP-016
Verifiable ML Inference: ZK Proofs as Output Attestation
Show an inference happened correctly when you cannot show the model.
ZKML Verifiable Inference ZKPoI Noir EZKL Model Attestation -
WP-015
Cryptographic Audit Trails for Autonomous AI Agents
Mutable logs cannot keep up with agents that act faster than your reviewers.
Agentic AI Governance Multi-Agent Security OWASP Agentic Top 10 NIST AI Agents ISO 42001 Proof Chains -
WP-014
Double-Spend Prevention for Zero-Knowledge Proofs
One eligibility proof should not work for ten people.
Replay Prevention Zero-Knowledge Proofs Session Nonce Spent Registry ZK Credentials Anti-Replay -
WP-013
AI Safety at the Infrastructure Layer: The Cryptographic Distress Guardrail
Respond to crisis signals without building a database of the worst things users say.
AI Safety Online Safety Act Distress Detection Privacy-Preserving Safety EU AI Act Safeguarding -
WP-012
The Open ZK Circuit Library: gate, kyc, threshold eligibility, eligibility
The circuits we run in production, documented so you can extend them.
Noir ZK Circuits Open Source proving backend Circuit Library AI Governance -
WP-011
Merkle Tree Audit Architecture for AI Decision Systems
An append-only tree beats a database table nobody trusts.
Merkle Tree Tamper Evidence AI Audit Trail SHA-256 Inclusion Proofs Post-Quantum Signing -
WP-010
The Open-Source AI Governance Stack
Six open components, zero black boxes on the governance path.
Open Source AI Governance Noir proving backend the client interface layer a federated retrieval component an application framework -
WP-009
Privacy-Preserving Age Verification with Zero-Knowledge Proofs
Check someone is old enough without learning how old they are.
Age Verification Zero-Knowledge Proofs Online Safety Act DSA GDPR Privacy by Design -
WP-008
Zero-Knowledge Proofs as GDPR Article 25 Infrastructure
When the schema has nowhere to put PII, minimisation is real.
GDPR Article 25 Data Minimisation Zero-Knowledge Proofs Privacy by Design ICO Compliance Technical Measures -
WP-007
EU AI Act and NIS2 Compliance in One Architecture
Stop building two audit stacks for one AI platform.
EU AI Act NIS2 Dual Compliance Technical Documentation Audit Trail Cybersecurity -
WP-006
PII-Free KYC by Design with Zero-Knowledge Identity Circuits
Pass KYC checks while your database stays empty of names and IDs.
PII-Free KYC Zero-Knowledge Proofs Identity Verification GDPR Data Minimisation FATF Travel Rule -
WP-005
Source Verification as a Zero-Knowledge Circuit Input
Make bad citations a failed proof, not a postmortem.
Source Verification Zero-Knowledge Proofs AI Citation Quality Hallucination Prevention Verifiable Citations AI Governance -
WP-004
Real-Time Zero-Knowledge Governance in the AI Response Pipeline
Proofs at reply time, not in next week's audit export.
Real-Time Governance Synchronous ZK Proof production SNARK backend Noir AI Compliance Proof Pipeline -
WP-003
The Proof-Not-Log Paradigm for AI Audit Trails
Logs tell you what someone said happened. Proofs show the maths.
Proof-Based Governance Zero-Knowledge Proofs Cryptographic Audit Trail Merkle Anchoring Post-Quantum Attestation AI Accountability -
WP-002
Post-Quantum Attestation in Production with ML-DSA-65
Sign audit roots today so quantum cannot rewrite them tomorrow.
Post-Quantum Cryptography ML-DSA-65 NIST FIPS 204 Harvest-Now Decrypt-Later CNSA 2.0 HSM Key Custody -
WP-001
Cryptographic AI Governance: A Technical Framework
The reference architecture for everything else in this library.
Zero-Knowledge Proofs ML-DSA-65 NIST FIPS 204 Noir Open Source EU AI Act