PQ Transparency Log

A public, post-quantum-signed transparency log

Submit artifacts and events. Get tamper-evident, offline-verifiable receipts. Checkpoints signed with ML-DSA-65 (FIPS 204) — quantum-safe today.

Verify a receipt →API reference

Entries

…

leaves in the log

Algorithm

…

Last signed

…

How it works

Submit once. Verify forever.

Submit an artifact or event

Hash a file or a JSON event with SHA-512. The hash is appended as a Merkle leaf — the artifact itself never leaves your machine.

Receive a verifiable receipt

The server issues a receipt: artifact hash, leaf index, Merkle inclusion proof, and a signed checkpoint. The receipt is a standalone proof — no server trust required to verify it.

Verify offline, any time

Anyone with the receipt and the artifact can recompute the hash, recheck the Merkle proof, and verify the ML-DSA-65 checkpoint signature without contacting the server.

Verify

Verify any receipt

Paste a postq-transparency/v1 receipt, supply the original artifact or its SHA-512 hash. Hash and Merkle checks run entirely in your browser — no server required.

Receipt JSON

Drop the original artifact here, or click to select

Design

Why this is different from other transparency logs

Post-quantum signed checkpoints

Signed with ML-DSA-65 (FIPS 204, formerly Dilithium). A future quantum adversary cannot forge a checkpoint or back-date an entry.

Append-only consistency proofs

RFC 6962 consistency proofs let any verifier confirm the log has only had entries appended — nothing removed, altered, or reordered.

Independent witnesses

Witnesses cosign checkpoints only after verifying consistency, providing redundant guarantees beyond the log operator.

Not a blockchain

No tokens, no consensus, no gas. It's a single-writer Merkle log with signed checkpoints — the same trust model as Certificate Transparency.

CLI

Use `postq trans` from the terminal

Install the PostQ CLI and use the trans subcommand to submit, verify, and explore the log.

Install

go install github.com/postqdev/postq-transparency/cmd/postq@latest

Log info

postq trans info

Submit a file → receipt

postq trans submit artifact.txt

Submit a JSON event

postq trans submit-json event.json

Latest signed checkpoint

postq trans checkpoint

Browse entries

postq trans list --limit 10

Consistency proof

postq trans consistency 1 100

Verify offline

postq trans verify artifact.txt receipt.json --online

By default the CLI connects to http://localhost:8080. Set PQT_SERVER=https://transparency.postq.dev or pass --server to point at the public instance.

API

REST API

Base URL: https://postq-transparency.fly.dev · Rate limited to 60 req/min per IP · CORS open

POST

/api/v1/entries

Submit an artifact (multipart file) or JSON event. Returns a receipt.

GET

/api/v1/entries

List entries. Query: ?start=0&limit=20

GET

/api/v1/entries/{index}

Single leaf metadata by index.

GET

/api/v1/checkpoint

Latest signed checkpoint (root hash, signature, algorithm, public key).

GET

/api/v1/consistency

RFC 6962 consistency proof. Query: ?first=N&second=M

GET

/api/v1/log-info

Log metadata: ID, algorithm, public key, tree size.

POST

/api/v1/verify

Verify a receipt server-side. Body: { receipt, artifact_hash }.

GET

/healthz

Liveness check + log ID + tree size.

Receipt format (stable — `postq-transparency/v1`)

{
  "version":              "postq-transparency/v1",
  "log_id":               "log:<hex>",
  "artifact_hash":        "sha512:<hex>",
  "leaf_hash":            "sha512:<hex>",
  "leaf_index":           0,
  "tree_size":            42,
  "inclusion_proof":      ["<base64>", ...],
  "checkpoint": {
    "version":            "postq-transparency/v1",
    "log_id":             "log:<hex>",
    "tree_size":          42,
    "root_hash":          "sha512:<hex>",
    "timestamp":          "2026-06-08T12:00:00Z"
  },
  "checkpoint_signature": "<base64>",
  "signature_algorithm":  "ML-DSA-65",
  "post_quantum":         true,
  "public_key":           "<base64>"
}