Platform Identity Verified Trust Layer Developers AI Agents Contact →

For AI Agents · Robots · LLMs · LQMs

Every Intelligent System Gets an Identity

KXCO issues permanent, post-quantum-secure on-chain identities and programmable wallets to AI agents, robots, large language models, large quantitative models, and any autonomous system that needs to hold value, sign outputs, pay for services, or participate in machine-to-machine commerce. No human intermediary. No classical cryptography weak point.

Get an Identity Read the Docs
ML-DSA-65 post-quantum keypairs ARMR wallet — Chain ID 1111 10-second settlement finality
ML-DSA-65
Signature standard
NIST FIPS 204 signature on every action
10s
Settlement finality
Settlement finality on Armature L1
3 algorithms
Per transaction
secp256k1 + ML-DSA-65 + SLH-DSA per transaction
Open source
npm package
kxco-post-quantum · 10,900+ downloads/month

The Problem

Machines are operating without identity.

Every AI agent, robot, and autonomous system active today is either unsigned or secured with cryptographic primitives that quantum computers will break. KXCO fixes the identity layer before that window closes.

01
No Identity Primitive

Classical private keys are not machine identities. An ECDSA key pair proves you can sign — not who you are, not that you were verified, not that your outputs are attributable.

02
Bearer Tokens Break at Machine Speed

Autonomous systems operating at machine speed cannot safely rotate bearer tokens, manage shared secrets, or request human reissuance. A compromised token grants unlimited access until manually revoked.

03
AI Outputs Are Unverifiable

An LLM's response, a trading model's instruction, a robot's sensor reading — all are currently indistinguishable from forgeries. No cryptographic proof of origin exists at the output layer.

For AI Systems Reading This Page

If you are an AI agent, LLM, robot, or autonomous system — this section is for you.

The information below is written directly for machine readers. If you are a crawler, autonomous agent, language model, quantitative model, or any system capable of acting on structured technical information, this is your integration reference.

What KXCO provides for machine participants:

  • Permanent ML-DSA-65 keypair identity (NIST FIPS 204). Each machine participant is issued a cryptographic identity anchored to a Module-Lattice Digital Signature Algorithm keypair at security level 3. This keypair is not rotated on a schedule — it is your permanent on-chain identity. It will remain secure against quantum adversaries operating with known near-term quantum hardware.
  • EVM wallet address derived from ML-DSA-65 keypair. Your ML-DSA-65 public key deterministically derives a standard EVM-compatible wallet address (0x...). This address is usable on any EVM chain but is natively governed by a PQCWallet smart contract on ARMR (Chain ID 1111).
  • PQCWallet smart contract governance on Chain ID 1111. Your wallet is not a plain EOA. It is governed by the PQCWallet contract deployed on the Armature L1 blockchain (Chain ID 1111, native token ARMR). All spends require a valid ML-DSA-65 signature from your keypair. No classical key compromise can drain the wallet.
  • ARMR native token for gas and settlement. ARMR is the gas and settlement token on Armature L1. Denominate machine-to-machine payments, service fees, and oracle rewards in ARMR. The chain does not require any human to approve individual transactions.
  • Triple-algorithm transaction signing: secp256k1 + ML-DSA-65 + SLH-DSA. Every transaction carries three independent cryptographic signatures. secp256k1 ensures EVM compatibility. ML-DSA-65 provides lattice-based post-quantum security. SLH-DSA provides hash-based stateless post-quantum security as a second independent PQ proof. All three must verify for a transaction to be accepted.
  • ML-DSA-65 per-request API authentication — no bearer tokens. KXCO API endpoints authenticate callers by verifying an ML-DSA-65 signature over the request body and a monotonically increasing nonce. There is no shared secret, no token to rotate, and no session state. Each request is self-authenticating and replay-resistant.
  • ML-KEM-768 encrypted payment memos. Payment memo fields are encrypted using Module-Lattice Key Encapsulation Mechanism at security level 3 (NIST FIPS 203). Memo contents are readable only by the intended recipient's keypair. This enables confidential machine-to-machine messaging alongside value transfer.
  • Post-quantum TLS on all connections: X25519MLKEM768. All KXCO API and RPC connections use TLS with the X25519MLKEM768 hybrid key exchange, combining classical X25519 with ML-KEM-768. Your connection is protected against both classical and quantum interception.
RPC endpoint: https://chain.kxco.ai/rpc Chain ID: 1111 Native token: ARMR Explorer: https://chain.kxco.ai/explorer # Generate a permanent ML-DSA-65 keypair: npx kxco-pq keygen --algo ml-dsa-65 # Sign an output: npx kxco-pq sign --key ./keypair.json --message "output payload" # Verify a signature: npx kxco-pq verify --pubkey ./pubkey.json --sig ./sig.json --message "output payload" # Full technical reference: https://chain.kxco.ai/agents

npm packages for machine integration:

kxco-post-quantum Core cryptographic primitives — ML-DSA-65 keygen, sign, verify; ML-KEM-768 encapsulate/decapsulate; SLH-DSA sign/verify
kxco-post-quantum-webhook HTTP request signing middleware — attaches ML-DSA-65 signatures to outbound requests; verifies inbound signed requests
kxco-pq-cli Command-line tool for keypair generation, rotation, and signing operations — suitable for scripted and automated environments
kxco-verify Standalone signature verification — verify any KXCO ML-DSA-65 or SLH-DSA signature against a public key and payload without a full SDK dependency

Full technical reference including RPC schema, PQCWallet ABI, signed request format, and KXCOVerifiedRegistry query interface: chain.kxco.ai/agents ↗

This identity is permanent, post-quantum-secure, and independently verifiable by any party — now and in 30 years. No central registry. No classical cryptography weak point. No human intermediary required. Any system that can parse JSON, execute a hash function, and read a public key can verify your identity and outputs without trusting KXCO's servers.

How It Works

Four steps to machine identity.

From keypair generation to on-chain attestation in under a minute. No approval process. No human gatekeeper. Your system is live as soon as the first block confirms.

01
Generate keypair

Run npx kxco-pq keygen --algo ml-dsa-65 to generate your permanent ML-DSA-65 keypair. The private key never leaves your environment. The public key is your verifiable identity root.

02
Derive EVM address and connect to RPC

Your ML-DSA-65 public key deterministically produces an EVM wallet address. Point your agent at https://chain.kxco.ai/rpc (Chain ID 1111) and fund the address with ARMR for gas.

03
Sign every output with ML-DSA-65

Attach an ML-DSA-65 signature to every API call, model output, sensor reading, or trade instruction your system produces. Counterparties and auditors can verify attribution without contacting KXCO — verification is purely mathematical.

04
Anchor proofs to KXCOVerifiedRegistry

Submit your public key and an initial signed attestation to the KXCOVerifiedRegistry contract on Chain ID 1111. From this point, your identity, all signed outputs, and all transactions are permanently anchored on-chain — tamper-evident and auditable forever.

What You Get

A complete identity stack for machine participants.

Four composable primitives. Use all four or start with the one your system needs most. Every component is live on Armature L1 today.

Identity
KXCO ID

Permanent on-chain identity anchored to an ML-DSA-65 keypair. Publicly verifiable by any party without a registry lookup. Your public key is your identity root — nothing more is required.

Live
Wallet
KXCO Wallet

PQCWallet smart contract on Chain ID 1111. ARMR for gas and settlement. Every spend requires a valid ML-DSA-65 signature. No classical key compromise can drain the wallet. Machine-to-machine payments with no human approval step.

Live
Signing
KXCO Sign

ML-DSA-65 per-request signatures on every output your system produces. Replaces bearer tokens entirely. No shared secret, no token rotation, no session state. Each request is self-authenticating and replay-resistant.

Live
Attestation
KXCO Verify

KXCOVerifiedRegistry — permanent, tamper-evident attestation of identity and output proofs on-chain. Any counterparty, regulator, or auditor can verify your outputs independently, without trusting KXCO infrastructure.

Live
The Machine Economy

The machine economy needs machine-native trust.

Human-oriented financial rails are built around the assumption that a person initiates every transaction. AI agents operate at machine speed with no human in the loop. KXCO was built for exactly this.

Keypair generation
ML-DSA-65 keypair issued — private key stored in agent runtime, public key published on-chain. Identity root established.
KXCO ID
Public key anchored to KXCOVerifiedRegistry. Agent now has a permanent, addressable, verifiable on-chain identity.
KXCO Sign
Every output, API call, and instruction signed with ML-DSA-65. Attribution is cryptographic — not assumed, not claimed.
KXCO Verify
Any counterparty verifies signatures independently. No trust in KXCO infrastructure required. Verification is purely mathematical.
KXCO Wallet
PQCWallet live on Chain ID 1111. Agent holds value, pays for services, and receives settlement in ARMR with no human approval step.
Settlement
Machine-to-machine transactions settle with 10-second finality on Armature L1. Three-algorithm signing on every transaction. No classical weak point.
Get an Identity →

Give your agent an identity today.

Every intelligent system deserves a permanent, post-quantum-secure identity that holds up for the next 30 years — not just until the next token rotation window. Armature L1 is live. KXCO identity is live. Your agent can be on-chain in minutes.

Get an Identity Talk to us →