Cryptographic Artifact Lifecycle, Versioning, and Retraction Policy

Abstract

This Technical Note defines the lifecycle, versioning, and retraction framework governing cryptographic and security-related artifacts published by the QIST Foundation. The purpose of this document is to establish clear, auditable rules for how artifacts are created, reviewed, revised, superseded, and—when necessary—retracted. By formalizing these processes, QIST aims to preserve scientific integrity, ensure long-term citability, and reduce systemic risk arising from ambiguous or unmanaged publication practices in high-assurance domains.

This document is procedural in nature. It does not define cryptographic algorithms, protocols, or implementations, nor does it assert regulatory authority. It applies uniformly across all QIST artifact types.

Review, version advancement, and retraction are governed by this Technical Note.

1. Purpose and Scope

The QIST Foundation publishes scientific and technical artifacts intended to inform research, interoperability, governance, and pre-standardization efforts in Quantum Information Science and Technology (QIST).

Given the safety-critical and long-lived nature of cryptographic and trust-related systems, unmanaged publication practices pose material risk. Ambiguous drafts, silent revisions, or untraceable withdrawals undermine reproducibility, auditability, and institutional trust.

This Technical Note defines a mandatory lifecycle framework governing all QIST artifacts, including:

• Technical Notes (TN)
• Whitepapers (WP)
• Reference Architectures (RA)
• Pre-Standards (PS)

The framework applies from initial drafting through archival or retraction.

2. Artifact Classes

QIST recognizes the following artifact classes:

• Technical Note (TN): Exploratory or explanatory documents addressing specific technical or procedural topics.
• Whitepaper (WP): System-level or institutional analyses intended for cross-disciplinary audiences.
• Reference Architecture (RA): Abstract system architectures defining components, interfaces, and trust boundaries without prescribing implementations.
• Pre-Standard (PS): Candidate specifications intended to inform or precede formal standardization efforts.

All artifact classes are subject to the same lifecycle and governance rules defined herein.

3. Lifecycle States

Each QIST artifact MUST exist in exactly one lifecycle state at any given time. Lifecycle states are explicit, public, and immutable once assigned, except as defined below.

3.1 Draft

• Internal working state
• Not publicly indexed
• Subject to change without notice
• Not citable

3.2 Unreviewed

• Publicly visible
• Assigned a permanent Artifact ID
• Versioned
• Clearly marked as Unreviewed
• Citable with caution

3.3 Reviewed

• Successfully completed the QIST peer-review process
• Publicly visible
• Versioned
• Marked as Reviewed
• Eligible for DOI assignment

3.4 Superseded

• Replaced by a newer artifact or version
• Remains publicly accessible for historical and audit purposes
• Clearly marked as Superseded
• MUST reference the successor artifact

3.5 Retracted

• Withdrawn due to material error, security risk, or integrity concern
• Remains publicly accessible
• Clearly marked as Retracted
• MUST include a retraction notice explaining rationale

4. Versioning Rules

All QIST artifacts MUST follow explicit versioning conventions:

• Major version changes indicate substantive technical or conceptual revisions
• Minor version changes indicate clarifications or non-substantive corrections

Version identifiers MUST be visible on:

• Artifact landing pages
• PDF snapshots
• Citation blocks

Silent revisions are prohibited.

5. Change Control

Changes to public artifacts MUST:

• Result in a new version identifier
• Include a change log describing the modification
• Preserve access to prior versions

Reviewed artifacts undergoing substantive revision MAY be reverted to Unreviewed status pending re-review.

6. Retraction Policy

Retraction is a protective mechanism, not a failure condition.

Artifacts MAY be retracted under the following conditions:

• Discovery of material technical errors
• Identification of security vulnerabilities with unacceptable risk
• Proven conflicts of interest or integrity violations
• Obsolescence creating material harm if relied upon

Retraction decisions are made by the QIST Editorial Office in consultation with the Research Oversight Board.

Retracted artifacts MUST:

• Remain publicly accessible
• Retain their original Artifact ID
• Display a clear retraction notice

7. Citation and Persistent Identity

Each artifact is assigned a permanent Artifact ID at first public release.

Reviewed artifacts MAY be assigned a Digital Object Identifier (DOI) via an approved archival service.

Once assigned:

• DOIs MUST resolve to a stable snapshot of the reviewed artifact
• Subsequent revisions MUST reference, but not overwrite, the DOI-linked version

8. Transparency and Public Record

Lifecycle state, version history, review status, and retraction notices MUST be publicly visible.

QIST maintains these records to enable:

• Long-term auditability
• Independent verification
• Responsible downstream reuse

9. Non-Regulatory Statement

This Technical Note does not claim regulatory authority, certification power, or standards-setting mandate.

QIST artifacts are informational and pre-standard in nature unless explicitly stated otherwise.

Review, version advancement, and retraction are governed by this Technical Note.

10. Conclusion

A disciplined publication lifecycle is a prerequisite for trust in high-assurance domains. By formalizing artifact lifecycle, versioning, and retraction practices, the QIST Foundation establishes a durable foundation for responsible scientific contribution, transparent governance, and long-term institutional credibility.

---

End of QIST-TN-2025-002 (v0.1)