Post-quantum identity · NIST FIPS 203 / 204 / 205

Identity that outlives
the quantum computer.

One 32-byte seed becomes a complete post-quantum identity: keys, addresses, spends, login, recovery, and encryption. Pure JavaScript. Zero runtime dependencies. Byte-exact to the BTX chain, verified against a live node.

View on GitHub Read the spec repo opens with the independent audit
identity.js
import { createIdentity, randomSeed } from 'qid';

const id = createIdentity(randomSeed());

id.btxAddress    // btx1z… — receives value on-chain
id.identityRoot  // stable root — survives key rotation
id.login         // ML-DSA-44 — signs spends & logins
id.recovery      // SLH-DSA-128s — cold, hash-based
id.attestation   // root-signed, canonical bytes (v3)
73/73 tests byte-pinned consensus vectors Reproducible builds provenance published Node-verified address KAT + testmempoolaccept FIPS-205 live C-002 active on mainnet
What it is

Two layers. One seed.

qID pairs a hash-based cold root with a fast lattice hot key — the most conservative cryptographic assumption anchors the identity, the fast one carries the daily load. The money core is byte-exact to BTX; the identity layer works anywhere, with or without a chain.

The money core BTX-exact

Everything a self-custodial post-quantum wallet needs, reproducing the node's own bytes.

  • ML-DSA-44 login key + SLH-DSA-128s recovery root, derived on BTX's m/87′ path
  • P2MR (pay-to-Merkle-root) addresses — bech32m, witness v2, network-strict decoding
  • Multi-input spend builder: coin selection, node-exact PQ fees, change, max-fee clamp
  • Sighash commits to every input and output — a lying explorer can't redirect value
  • Recovery-leaf rescue path, era-aware (legacy pre-C-002, FIPS-205 today)

The identity layer chain-agnostic

A cold root that vouches for hot keys — CA-style, self-custodial, no third party in the trust path.

  • Login with qID: origin-bound, replay-proof challenge signing (WebAuthn-style)
  • Key rotation with monotonic serials + root-signed revocation floors
  • Hybrid encryption: ML-KEM-768 + X25519 — secure if either primitive holds
  • Canonical signing preimages — no JSON in anything signed, ever
  • Relying-party verifier with pluggable storage, safe on any backend
Security posture

Built adversarial-first.

qID has been through repeated adversarial audit rounds, and the important properties aren't asserted — they're machine-checked on every commit.

01

Negative-space tests

Tests that break on backdoor classes: hedged signatures must differ, a one-satoshi mutation must change every sighash, and the bundle must contain zero Math.random.

02

Reproducible, pinned, provable

The shipped bundle rebuilds byte-identical from source in CI, and every release publishes its sha256 ↔ commit pair so vendors verify what they pin.

03

Total-contract verifiers

Attestation, revocation, and login verification never throw on attacker-shaped input — property-based fuzzing holds them to it.

04

Fail-closed everywhere

Wrong network? Throws. Truncated seed? Throws. Swapped keys that would mint an unspendable address? Throws. Silent wrong answers are treated as the worst bug class.

05

Zero runtime dependencies

Audited noble/scure cryptography, pinned exactly and bundled. The page you're reading follows the same rule: no third-party requests.

06

Responsible disclosure

A real security policy with response targets — report privately via GitHub security advisories.

The honest claim: resistant to quantum attacks, built on NIST-standardized post-quantum cryptography (FIPS 203, 204, 205), pending independent audit. We don't say "unhackable" — precision is the security feature.
$ shasum -a 256 dist/qid.bundle.js 9155a691f753fd51c7293205f96ef497d4862a823923eada2d239b32e513485e reproducible @ effefa1 (v0.3.0)
Standard track

Made to be reimplemented.

A protocol is only a standard when a second implementation agrees on every byte. qID ships the artifacts that make that checkable.

Canonical byte layouts

Everything signed off-chain — attestations, login challenges, revocations — signs an explicit, versioned byte layout. A Rust or Swift implementation produces identical signatures or fails loudly.

Language-neutral vectors

One JSON file: seed → keys → addresses → sighashes → signing preimages. Reproduce every value byte-for-byte, or the implementation is wrong. Point your CI at it.

The written convention

The full identity convention — derivation paths, attestation format, login protocol, revocation — as a versioned spec, developed in review with the BTX core team.

Running today

Three integrations, one frozen core.

Every consumer pins a byte-frozen, hash-verified snapshot and re-vendors deliberately. No CDN, no floating versions, no surprises.

BTX PQ Wallet

Self-custodial desktop wallet. Sends real value on BTX mainnet through qID's spend core, pinned in CI by sha256.

EasyBTX

The BTX miner. Sweeps mined coins to cold storage with qID's sweep builder.

bonuz

Multi-chain mobile app. BTX wallet built on qID with hardware-accelerated key generation — a 4-minute operation brought to a quarter second, byte-identical.

v0.3.0 — wire formats frozen C-002 / FIPS-205 compatibility confirmed with BTX core Independent audit — next milestone Open source — with the audit