For Government Agencies · Public Bodies · Sovereign Institutions
Post-quantum citizen credentials, tamper-evident procurement records, and public authority signing — built on NIST-standardised cryptography and independently verifiable by any party without trusting a central authority.
The Problem
These are not edge cases. They are systemic, and they compound over time as the threat environment escalates.
Government-issued credentials — passports, driving licences, professional registrations — exist in isolated databases. Citizens re-prove identity at every touchpoint. Each institution bears the full cost and liability.
Contract documents, tender submissions, and official records are routinely backdated, modified, or fabricated. Without cryptographic signing at creation, provenance is unprovable.
Government PKI infrastructure built on RSA and ECDSA will be breakable by quantum computers. Documents and credentials signed today will be repudiable. The NSA mandate is 2035. Procurement starts now.
How It Works
Six steps from identity onboarding to independently verifiable, quantum-resistant public record. No KXCO intermediary required at verification.
Citizen or entity submits to KYC/identity verification via the institution's onboarding flow. KXCO provides the SDK; the agency or operator runs the process under their own regulatory relationship.
KXCO ID credential minted on Armature L1: ML-DSA-65 keypair generated, address registered in PQCRegistry. The credential is cryptographically bound to the verified identity — not a pointer to a database record.
Credential is portable: any operator in the KXCO network can verify without re-running full KYC. Citizens present once; institutions verify independently. No shared database. No centralised trust authority.
Public authority issues a signed document via Quantum Document Signing. The document hash is anchored to Armature L1 at the moment of creation. Modification after the fact is cryptographically detectable.
Procurement records, legislation instruments, official notices signed at creation — immutable thereafter. The record is not stored by KXCO; it is anchored on a public chain. The authority retains custody of the document itself.
Any auditor, court, or regulator verifies independently via kxco-verify. No KXCO intermediary required. No API call to KXCO. The chain is the authority. KXCO is the infrastructure that wrote the record, not the gatekeeper of it.
Products
Each product can be deployed independently or as a unified platform under agency brand. All are white-label by default.
Citizen and entity credential issuance platform. White-label under agency brand. ML-DSA-65 keypairs. KYC-gated issuance via Sumsub or agency-provided verification. HSM-backed key custody. Portable across all KXCO-connected operators.
LiveTamper-evident attestation for official documents, procurement records, and public notices. Hash anchored to Armature L1 at creation. Auditor-accessible without API dependency. Verifiable in perpetuity.
LivePublic authority signing of legislation, contracts, certificates, and official communications. FIPS 204/205 compliant. 30-year verification horizon via SLH-DSA for archival records. Dual-algorithm support for transition periods.
LiveSign any official output with ML-DSA-65 — provably from this authority, at this time, unmodified. Suitable for bulk document flows, automated procurement outputs, and regulated correspondence. SDK and REST API available.
LiveStandards Alignment
KXCO is not anticipating future standards — it is implementing the standards that national security agencies and standards bodies have already published.
| Standard | Relevance to Government Deployment |
|---|---|
| NIST FIPS 204 | Defines ML-DSA (Module-Lattice-Based Digital Signature Algorithm) — the primary post-quantum signature standard KXCO deploys for credential issuance and document signing. Federal agencies are required to begin adoption. |
| NIST FIPS 205 | Defines SLH-DSA (Stateless Hash-Based Digital Signature Scheme) — KXCO's archival signing algorithm. Hash-based security assumptions provide a 30-year verification horizon independent of lattice assumptions. Recommended for long-lived government records. |
| NSA CNSA 2.0 | The US National Security Agency's Commercial National Security Algorithm Suite 2.0. Sets the 2035 migration deadline for national security systems. KXCO's algorithm selection is directly aligned with CNSA 2.0 requirements. |
| IETF draft-ietf-tls-hybrid-design | Specifies hybrid classical/post-quantum key exchange for TLS — the transition-period approach where both classical and PQ algorithms are required simultaneously. Relevant for government services maintaining backward compatibility during migration. |
| BSI TR-02102-1 | German Federal Office for Information Security technical guideline on cryptographic mechanisms. Widely referenced by European public sector procurement. KXCO's algorithm selections are within BSI-recommended parameters for the relevant security level. |
| ENISA PQC Report | European Union Agency for Cybersecurity post-quantum cryptography readiness guidance. Provides the EU-level policy framing for PQC migration. Relevant for agencies operating under EU cybersecurity frameworks or NIS2 obligations. |
Governments that deploy post-quantum infrastructure before the mandate will define the standard. Those that wait will inherit someone else's standard.
The PQC migration mandate is 2035. Infrastructure procurement takes years. The institutions that move now will be done when the deadline arrives. Those that start in 2033 will not be.