The protocol ossification problem: accountability when cryptographic assumptions are burned into hardware that outlives the standards they implement

Every embedded device that uses cryptography ships with a set of cryptographic primitives — hash functions, key agreement protocols, signature schemes — implemented somewhere in the stack. For devices where cost, power, and performance constraints matter, those implementations often live in silicon: a hardware security module with fixed capabilities, a co-processor that accelerates specific operations, or a bootloader ROM whose contents are immutable after manufacturing.

Immutability is a security property when the primitives are sound. It becomes a vulnerability when they are not. The protocol ossification problem is what happens when an AI agent is deployed on hardware whose cryptographic surface cannot be changed — and when the standards those primitives implement are no longer adequate.

Why the post-quantum transition makes this acute

Most cryptographic vulnerabilities discovered over the past decade have allowed some path of remediation: new protocol versions, revised key sizes, software patches that deprecate old cipher suites. These remediations work because they operate at the software layer, where changes can be deployed incrementally across the installed base.

The post-quantum transition is categorically different. The algorithms threatened — RSA, ECDSA, ECDH and the full suite of classical asymmetric cryptography — are not made unsafe by a new attack that can be patched around. They are made unsafe by a new computational model. When cryptographically relevant quantum computing arrives, every signature made with ECDSA is retroactively untrustworthy, every key agreement done with ECDH is retroactively exposed. The transition is permanent and one-directional.

Hardware that implements these algorithms in fixed silicon has no migration path. An AI agent whose authorization tokens, attestation chains, and audit log signatures are rooted in hardware-accelerated classical cryptography cannot be made post-quantum safe by a firmware update. The accountability instruments the agent generates — the logs, the attestations, the signed authorization records — will carry those classical signatures for as long as the device runs.

The accountability gap that cannot be patched

The problem is not simply that ossified hardware exposes data in transit. It is that it compromises the evidential integrity of every accountability record the agent has ever produced.

AI agents in consequential domains generate signed records: this agent, authorized by this principal, took this action, at this time. The signature is what makes the record trustworthy to a third party — an auditor, a regulator, a court. If the signature scheme can be broken retroactively, the evidentiary value of the record depends on when it is examined, not on whether it was correctly generated. An agent that acted properly in 2026 may be unable to prove it did so in 2036 if the hardware that signed the record is ossified around classical primitives that are no longer trusted.

This is an accountability gap with no retroactive fix. The record exists. The signature exists. But the signature's trustworthiness is contingent on a computational assumption that may not hold at the time of challenge.

The care setting amplifies the stakes

Devices deployed in physical-world care settings have especially long service lives. A monitoring device installed in a care environment may reasonably be expected to operate for a decade. The decisions it makes — anomaly detection, escalation to human providers, medication adherence records — carry direct consequence for the people it serves.

A care AI agent whose hardware cryptographic layer is ossified around classical primitives generates signed accountability records that will not survive the post-quantum transition. When a decision is challenged years later, and the cryptographic proof of what the agent decided must be produced, the signature on that proof may be rendered suspect by the quantum capability available at the time of challenge. There is no way to go back and re-sign with a stronger algorithm. The audit record is what it is.

What correct architecture looks like

The solution is not to avoid hardware-accelerated cryptography. Hardware security modules, secure enclaves, and hardware-rooted key storage provide real security properties that matter in agentic deployments. The solution is to maintain a minimal and separable hardware cryptographic surface — and to plan for cryptographic agility from the first design decision.

For AI agents whose decisions need to remain verifiable over long time horizons, this means: hardware roots that are algorithm-agnostic where the silicon permits; a software cryptographic layer sitting above the hardware that can be updated; audit log signatures generated using post-quantum algorithms from the outset, even when the underlying hardware cannot enforce PQC at the transport layer; and device-level attestation that includes a clear record of the cryptographic assumptions in use, so that any relying party knows exactly what trust model applies.

Separation matters. The hardware that stores key material need not be the same component that applies the signature scheme to accountability logs. Where the signing algorithm can be moved to a software layer without sacrificing the security of key storage, it should be. That separation is the margin that allows a software-layer upgrade when the hardware cryptographic layer cannot be changed.

The design moment is now

Agents being designed and deployed now will run on hardware that will be in service through the post-quantum transition. The cryptographic primitives chosen in the hardware selection meeting today are the ones that will either survive or fail to survive that transition. The accountability systems built on those choices will be as durable — or as fragile — as the hardware assumptions they rest on.

Asaptic Labs' work at the hardware × post-quantum security crossing treats protocol ossification as a first-order design constraint, not an edge case. Every hardware choice that constrains cryptographic agility is a choice about which accountability records will survive the transition intact — and which will not.

The standard you implement in hardware today is the standard you are committed to for the life of the device. Choose accordingly.