http://docker:8085Creator signs the SHA-256 hash of NFT metadata (name, description, artwork URI) with ML-DSA-65. Signature is permanent proof of origin.
ML-DSA-65 (FIPS 204)Anyone can verify the creator signature with provider.verify(). Quantum-safe proof that the NFT was minted by the claimed creator.
ML-DSA-65 (FIPS 204)Transfer records owner changes with timestamps. Creator signature persists across all transfers — buyers can always verify origin.
ML-DSA-65 (FIPS 204)This service demonstrates quantum-safe NFT operations — the same patterns you'll implement using the Qudo JNI provider in your NFT marketplace or minting platform.
Mint: provider.sign(metadataHash, creatorPrivKey, "ML-DSA-65") — creator signs the metadata hash at mint time
Verify provenance: provider.verify(metadataHash, sig, creatorPubKey, "ML-DSA-65") — anyone can prove the NFT was signed by its claimed creator
Transfer: Ownership change logged with timestamps; creator signature stays intact, proving origin across transfers
/api/nft/mint
Mint a PQC-signed NFT
/api/nft/transfer
Transfer NFT to a new owner
/api/nft/verify
Verify NFT creator signature
/api/nft/{tokenId}
Get NFT details by tokenId
/api/nft/list
List all minted NFTs
/api/nft/history/{tokenId}
Get transfer history for an NFT
/api/nft/health
Service health
Migrate your NFT minting / marketplace platform to quantum-safe provenance signatures. Use this playground to try PQC NFT operations, then use the Qudo JNI provider in your minting backend.
Creator Buyer / Verifier
| |
| 1. Sign metadata hash at MINT time |
| metadataHash = SHA-256({name, desc, URI}) |
| sig = provider.sign(metadataHash, |
| creatorPrivKey, |
| "ML-DSA-65") |
| |
| 2. NFT minted with: metadata + sig + creatorPubKey |
| |
|---- NFT transfers (owner changes, sig unchanged) --->|
| |
| 3. Anyone verifies provenance: |
| provider.verify(metadataHash, sig, |
| creatorPubKey, "ML-DSA-65") |
| -> proves original creator signed this NFT
Creator signs metadata at mint time with provider.sign(). Signature travels with the NFT across all transfers — buyers can always prove origin, even 50 years from now.
ML-DSA-65 signatures can't be forged even by quantum computers. Counterfeit NFTs fail provider.verify() and are rejected by the marketplace.
Replace your ECDSA mint signature with Qudo JNI. Smart contract ABI (ERC-721 / ERC-1155) stays the same — only the signature field changes.
import com.qudo.crypto.QudoCrypto;
import com.qudo.crypto.QudoKeyPair;
QudoCrypto provider = QudoCrypto.create();
// ============================================================
// 1. Creator setup (once per creator account)
// ============================================================
QudoKeyPair creatorKeys = provider.generateKeyPair("ML-DSA-65");
// Store creatorKeys.getPrivateKeyPem() securely (HSM / keystore)
// Publish creatorKeys.getPublicKeyPem() on creator profile page
// ============================================================
// 2. Mint an NFT (sign metadata hash)
// ============================================================
String metadataJson = "{\"name\":\"PQC Art #1\",\"description\":\"...\",\"image\":\"ipfs://...\"}";
byte[] metadataHash = provider.sha256(metadataJson.getBytes());
byte[] creatorSig = provider.sign(metadataHash, creatorKeys.getPrivateKeyPem(), "ML-DSA-65");
// Store NFT on-chain: {tokenId, metadataHash, creatorSig, creatorPubKey, owner}
// ============================================================
// 3. Transfer NFT (ownership change, signature stays)
// ============================================================
// Update owner field on-chain. creatorSig and creatorPubKey are IMMUTABLE.
// ============================================================
// 4. Verify provenance (any buyer, any time)
// ============================================================
byte[] rehash = provider.sha256(metadataJson.getBytes());
boolean authentic = provider.verify(rehash, creatorSig,
creatorKeys.getPublicKeyPem(), "ML-DSA-65");
if (!authentic) rejectAsCounterfeit();
provider.close();
| Operation | ML-DSA-65 | ECDSA |
|---|---|---|
| Mint sign (per NFT) | ~10ms | <1ms |
| Provenance verify (per check) | ~5ms | <1ms |
| Signature size on-chain/IPFS | 3,309 bytes | 64 bytes |
Cause: If you sign the full JSON, any reformatting breaks verification.
Fix: Always sign provider.sha256(canonicalMetadata). Use JSON canonicalization (RFC 8785) or a fixed byte layout before hashing.
Cause: Off-chain metadata can be replaced without changing on-chain state.
Fix: Store creatorSig + creatorPubKey on-chain alongside the tokenId. Immutable.
A: No. The creator signature is permanent — it proves original authorship, not current ownership. Only the owner field changes on transfer.
A: Yes — ML-DSA-44 signatures are 2,420 bytes (~27% smaller). Good tradeoff for high-volume minting platforms. Keep ML-DSA-87 for high-value collectibles.
Analyze any endpoint's cryptographic configuration. Enter a host:port to scan its TLS setup and identify what's quantum-safe vs what needs migration.