# Post-Quantum Identity & Credentials Autonomi 2.0 uses ML-DSA-65 (NIST FIPS 204) post-quantum digital signatures for all identity and authentication, with ML-KEM-768 (NIST FIPS 203) for key exchange — both at NIST Level 3 security. Each user's identity is based on a cryptographic key pair — there are no usernames, passwords, or central authentication servers. Post-quantum keys are larger than classical keys — this is the cost of quantum resistance: * ML-DSA-65 public key: 1,952 bytes (vs \~32 bytes for Ed25519) * ML-DSA-65 signature: 3,309 bytes (vs \~64 bytes for Ed25519) * ML-KEM-768 public key: 1,184 bytes These sizes affect handshake overhead (\~7.5KB vs \~228 bytes for classical TLS) but do not impact data throughput once a connection is established. There is no classical cryptographic fallback. A user's secret key is the root of their identity on the network. From a single master secret key, unlimited child keys can be derived using HKDF (HMAC-based Key Derivation Function). This enables: * **Separate keys for different apps or contexts** — logical separation without managing unrelated keys * **Delegation** — derive a child key for a specific purpose, share it without exposing the master * **Hierarchical access control** — organise data access through key hierarchies * **Per-application data organisation** — each derived key has its own address space on the network Credentials are extremely important, but credential loss can be a serious problem on decentralized networks where there is no central authority to help recover or reset forgotten passwords. **Key Management Best Practices:** Users should securely back up their master secret key. Without it, all data derived from that key — including all child keys and their associated data — becomes permanently inaccessible. There is no recovery mechanism on a decentralised network. For enhanced security, users may choose to split their key across multiple devices or locations, so that no single point of failure results in complete loss of access. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.autonomi.com/how-it-works/encryption-and-authentication/multisig-credentials.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.