Cryptography

Identity & keys

Your account isn’t a phone number or an email — it’s a set of keys your device makes for itself, with a random-looking name derived from them. Every one is hybrid: classical and post-quantum.

When you sign up, your device mints its own set of keys and gives itself a code-name derived from them (like px_4a3f…). There’s no name, phone, or email involved. Every important operation is signed twice — once with today’s proven maths, once with maths designed to survive a future quantum computer — so breaking one doesn’t break you.

Four keypairs are generated on-device: Ed25519 + Dilithium3 (ML-DSA-65) for hybrid signatures, X25519 for DH, and Kyber1024 (ML-KEM-1024) for the PQ KEM. The pseudonym is px_ + hex(SHA-256(ed25519_pub)[..16]). Hybrid signing produces both an Ed25519 and a Dilithium3 signature; verification requires both.

From keys to a pseudonym
generated on-device, published as public halves only
classical post-quantum identity
Figure. Only the public halves are published. The private halves and the master seed stay encrypted on your device.

The keys at a glance

KeyTypeRole
Ed25519classical signatureSigns identity assertions; derives your px_id.
Dilithium3post-quantum signatureML-DSA-65; the quantum-safe half of every hybrid signature.
X25519classical DHIdentity DH + signed/one-time prekeys for PQXDH.
Kyber1024post-quantum KEMML-KEM-1024; the quantum-safe half of the handshake.
Why hybrid A future quantum computer breaks classical curves but not the lattice schemes; a classical attacker breaks neither. Requiring both to verify means an adversary must defeat both families at once.