The quantum-safe signing that protects RankShield Legal’s certificates points at a broader need: much of what a firm holds must stay confidential for decades, and the encryption protecting it today was not chosen for that lifetime. The vault extends post-quantum protection from the proof to the underlying records. It is a roadmap capability, described here so a firm can plan around it — not a shipped storage product you can load files into today.
What is the quantum-safe legal vault?
A law firm holds two kinds of data. Most of it has a short confidentiality half-life: an intake form, a scheduling email, a routine filing that becomes public anyway. Then there is the other kind — the material whose secrecy has to hold for the professional lifetime of everyone involved and often longer. Privileged strategy memos. The unredacted terms of a sealed settlement. A client’s trade secret sitting in a discovery set. The deal book for an acquisition that has not closed. These records do not expire when the matter closes; the obligation to protect them compounds.
The vault is designed for exactly that second category. The idea is simple to state and deliberately narrow in scope: take the records a firm can least afford to see decrypted a decade from now, and seal them with cryptography chosen for that time horizon rather than for today’s convenience. It is a companion to the broader quantum-safe law firm posture, not a replacement for a firm’s document management system or its everyday backups.
Because it is a roadmap item, this page describes intent and direction. What is already real is the foundation underneath it: the post-quantum signing that protects the platform’s certificates and attestations runs in production today. The vault extends that same cryptography from the proof to the payload.
What is it designed to protect?
The vault targets data ranked by confidentiality lifetime rather than by size or recency: the material that would still cause harm if decrypted in ten or twenty years. That is precisely the data harvest-now, decrypt-later collection is aimed at, and precisely where classical RSA and ECDSA — slated for deprecation after 2030 — leave the longest exposure.
In practice, a firm and its custodians would rank record classes together before anything moves. The point of the exercise is not to vault everything; it is to identify the handful of categories where a future decryption would be genuinely damaging and treat those first.
- Privileged communications — the strategy memos, opinion letters, and client correspondence whose value to an adversary does not fade when the matter closes.
- Trade secrets held on a client’s behalf — formulas, source code, designs, and process documentation that stay valuable for as long as they stay secret.
- Sealed settlements — agreements whose terms a court ordered kept confidential, sometimes in perpetuity.
- M&A and IP files — deal books, diligence sets, and patent material that must stay quiet before a transaction and, for some of it, long after.
- Long-lived matter records — anything a retention obligation or an ethics rule requires the firm to hold, and keep confidential, for years.
Why does confidentiality lifetime change the math?
Most security decisions optimize for the present: is this data encrypted in transit and at rest right now, against an attacker operating today? For long-lived legal records, that framing is incomplete. The right question is whether the confidentiality will still hold across the entire period the record must stay secret — and that period frequently runs past the point at which today’s public-key cryptography is expected to be retired.
Ranking records by lifetime turns an abstract worry into a concrete triage list. A record that becomes public in a year does not belong in the vault. A record that must stay secret past roughly 2030 to 2035 is inside the window where the cryptographic ground is already shifting, and it belongs near the front of the line.
| Record class | Typical confidentiality lifetime | Inside the harvest-now window? |
|---|---|---|
| Routine correspondence, scheduling | Weeks to months | No — expires long before it matters |
| Active-matter working files | Months to a few years | Sometimes — depends on the matter |
| Privileged strategy and opinion work | Career-length or longer | Yes — protect first |
| Sealed settlements | Years to perpetual | Yes — protect first |
| Client trade secrets and IP | Decades, while secrecy holds | Yes — protect first |
| M&A deal books, diligence | Years before and after close | Yes — protect first |
What is harvest-now, decrypt-later?
Harvest-now, decrypt-later describes a patient strategy: an adversary copies encrypted data today, when they cannot read it, and stores it against the day a capable quantum computer makes the classical encryption breakable. Nothing has to be broken at the moment of theft. The attacker is buying an option on the future value of the ciphertext.
This is why long-lived legal records are an unusually attractive target. A stolen batch of encrypted privileged files has little immediate value if the encryption holds. But if that same encryption is expected to fall within the record’s confidentiality lifetime, the archive is effectively a delayed-action breach — and the firm may never know the copy was taken. It is a different threat model from the ransomware and exfiltration a firm defends against day to day; the two are covered together on the data breach and ransomware page.
How would the vault seal a record?
Records would be sealed with the same NIST-standardized post-quantum algorithms the platform already uses for signing, with integrity anchored to a tamper-evident transparency log. The sequence below is the intended design, described so a firm’s security team can evaluate it — not a description of a running product.
- Rank by confidentiality lifetimeThe firm and its custodians classify record sets by how long each must stay confidential, and select the classes whose lifetime runs past the point where today’s public-key cryptography is expected to be retired.
- Seal with composite post-quantum signaturesSelected records are sealed using a composite of ML-DSA and SLH-DSA (FIPS 204 and 205), so integrity does not rest on a single algorithm family. This is the same post-quantum signing that runs on the platform today.
- Anchor integrity to a transparency logEach sealed record’s integrity is anchored to an RFC 6962 transparency log — the append-only, tamper-evident structure the platform already uses — so any later alteration is detectable and independently checkable.
- Keep it inside privilege boundariesThe vault would sit inside the firm’s existing separation of client and matter data, consistent with the privilege isolation model, so sealing a record does not quietly widen who can reach it.
- Verify without trusting the vendorBecause integrity is anchored to a public transparency log, a firm — or a client, or a court — can confirm a sealed record has not been altered without having to take RankShield’s word for it.
What standards does the vault build on?
The vault does not invent cryptography. It builds on the algorithms the U.S. National Institute of Standards and Technology finalized as federal standards in August 2024, and on the transparency-log format that already underpins the platform’s certificate integrity. Standing on published standards rather than a proprietary scheme is deliberate: it is what lets an outside party check the work.
What does quantum-safe actually mean? An honest status.
Quantum-safe is an engineering standard, not a promise of invulnerability. It means a system is built on cryptography designed to resist attack by a future quantum computer, under current public analysis. It does not mean any record is unbreakable, and we never describe the vault as quantum-proof. Precision here matters more than marketing, because the whole value of the vault is that a firm can trust exactly what it does and does not claim.
- The vault is a roadmap capability, not a shipped storage product.
- The post-quantum signing it builds on is live on the platform today.
- It protects confidentiality lifetime; it is not a claim that any system is unbreakable.
-
MythA quantum computer can break this encryption today.
TruthNo large-scale quantum computer capable of breaking RSA or ECDSA exists yet, and there is no announced “Q-Day.” The vault is a defense against a future capability, protecting records whose lifetime reaches into that horizon.
-
MythQuantum-safe means quantum-proof — the records can never be read.
TruthIt does not. Quantum-safe means resistant to foreseeable quantum attack under today’s standards. It is an engineering standard, not a guarantee that any system is unbreakable.
-
MythQuantum random-number generators or quantum key distribution are the same thing as this.
TruthThey are not. QRNG and QKD are separate technologies and are not post-quantum cryptography. The vault relies on NIST’s standardized post-quantum algorithms (FIPS 204/205), not on quantum hardware.
-
MythYou need special quantum hardware to use the vault.
TruthNo. Post-quantum cryptography runs on ordinary computers. The standards were chosen specifically so firms can adopt them without exotic equipment.
How does this connect to signing that is already live?
RankShield Legal already uses post-quantum signatures to protect the certificates and attestations the platform issues — the proofs that a citation was checked or that privilege boundaries held. That signing is in production. The vault is the natural extension of it: the same composite ML-DSA and SLH-DSA cryptography, and the same RFC 6962 transparency log, applied to the underlying records rather than only to the proofs about them.
Framing it this way keeps the honesty line clear. The cryptographic machinery is not speculative — it runs today, and you can read more about the platform’s posture on the security page. What is on the roadmap is the storage product that puts a firm’s longest-lived records behind that machinery, with the record-class definitions and operational controls a firm would need to adopt it responsibly.
Which records should a firm vault first?
The first-in-line records are the ones ranked by how long they must stay confidential, not by how sensitive they feel today. A record that must stay secret beyond roughly 2030 to 2035 is already inside the harvest-now window: even if no one can decrypt a stolen copy now, the record’s own lifetime reaches into the period where the classical encryption is expected to fall.
- Privileged communications and attorney work product with career-length or indefinite sensitivity.
- Trade secrets and IP a firm holds for clients, valuable for as long as they stay secret.
- Sealed settlements whose confidentiality a court ordered kept for years or in perpetuity.
- M&A deal books and diligence sets that must stay quiet well beyond a closing date.
- Any record a retention or ethics obligation requires the firm to hold, and protect, for a long time.
How would a firm roll this out?
Adoption is meant to be incremental, not a forced migration of everything a firm stores. The vault is a targeted layer for the small set of records where a future decryption would do real damage, added alongside a firm’s existing systems rather than replacing them.
- Scope with a design partnerEarly-access firms help define which record classes belong in the vault first, so the initial version reflects how firms actually rank confidentiality rather than an assumption about it.
- Start narrowBegin with one or two clearly long-lived categories — a set of sealed settlements, or a client’s trade-secret archive — rather than attempting a firm-wide sweep on day one.
- Keep the honest boundary visibleEvery claim the vault makes is meant to be checkable against a transparency log and stated without superlatives, so the firm can represent to clients exactly what protection is and is not in place.
- Expand as obligations growAs new long-lived record classes appear — a new sealed matter, a new IP mandate — they can be added to the same post-quantum seal without changing the underlying model.
Where does the vault fit in a firm’s overall security posture?
The vault is one layer, not a whole program. It addresses a specific, often-overlooked risk — the long confidentiality tail of a firm’s most sensitive records against a future decryption capability. It does not replace access controls, backups, breach response, or the everyday discipline of keeping client and matter data separated.
Think of it as the deepest shelf in the archive: the place for the records whose secrecy has to outlast the cryptography currently guarding them. For everything else, a firm’s existing controls and the broader quantum-safe law firm posture do the work. If a firm wants to help shape which record classes the vault handles first, the early-access conversation is where that starts.