Future-proof against quantum computers

You may have heard that quantum computers could one day break some of the encryption we rely on today. That worry is real, but it is narrower than it sounds — and Label 309 already has a practical answer to it, switched on by default.

First, the good news about ordinary proofs. A plain Label 309 record is just a fingerprint of your content plus a timestamp — no secret to steal, nothing hidden. A quantum computer changes nothing here. The fingerprint still can't be reversed, and the timestamp on the blockchain is still permanent. Ordinary proofs of existence were never at risk, and they still aren't.

The question only matters when a record is sealed — when the content is locked so that only a chosen reader can open it.

Why sealed content is different

A sealed record might need to stay private for a very long time. Think of a scientific discovery under embargo for years, or a trade secret — a recipe, a formula — that has to stay hidden for a decade or more.

Here's the uncomfortable part. The blockchain is public and permanent. An attacker can quietly copy the locked record today, sit on it, and wait. If a powerful quantum computer arrives in fifteen years and can break today's locks, the attacker simply opens the copy they saved long ago. People in the field call this "harvest now, decrypt later." The danger isn't that your content gets opened today — it's that it gets opened eventually.

So for sealed content, "safe for now" is not good enough. It has to stay safe into a future we can't fully see.

Two locks on the same door

Label 309's answer is to use two locks at once — and for sealed files, that's the default.

Picture a door with two completely different locks bolted to it, and the two locks have nothing in common. One is today's well-tested method: the standard uses X25519, a key-exchange that has guarded secrets for years and that experts trust deeply. The other is a brand-new method built specifically to resist quantum computers: ML-KEM-768, one of the post-quantum schemes recently standardised by NIST.

To get through the door, an attacker has to pick both locks. Picking one gets them exactly nowhere.

That is the whole idea. Maybe the new quantum-resistant method turns out to have a flaw nobody spotted yet — the door still holds, because the proven lock is untouched. Or maybe a future quantum computer cracks today's proven method — the door still holds, because the quantum-resistant lock is untouched. The content stays private as long as either lock survives. You'd need both to fail at the same time, which is a far harder thing to bet on.

This combined approach has a plain name: a hybrid lock. Label 309 uses the one called X-Wing, which braids ML-KEM-768 and X25519 together into a single shared secret. It's the default the moment you seal a record — you don't have to ask for it — and recipients who want it simply publish a post-quantum address (the kind that starts with age1pqc…).

Available today, not someday

The most important thing to understand is that this is not a promise for later. The hybrid lock isn't a future upgrade waiting on a new version of the standard. Label 309 registered it from day one, right next to the classical option, and made it the recommended default. Anyone sealing content today already gets both locks, automatically.

That matters because of the timing problem above. You can't go back and re-lock something after the copy has been harvested. The protection has to be in place the moment you publish — and in Label 309 it is.