The signing engine that powers every Phoenix product. Epoch-based keys, deterministic state evolution, and automatic recovery after breach. Not a standalone product — the engine behind Attestation, Chain, and Cloud.
PhoenixSig treats every signature as a temporary state snapshot, not a permanent operation.
ML-DSA (FIPS 204) + SLH-DSA (FIPS 205) as signing backends. Dual algorithm coverage. PhoenixSig manages key lifecycle — PQC just signs.
Deterministic state evolution on module ring R_q. Forward-only progression. No external randomness. Every state transition auditable and reproducible.
TEE-backed VaultKey provides hardware entropy for post-compromise recovery. After refresh, all future keys change completely. Attacker's snapshot becomes useless.
No permanent private keys exist. Each epoch generates a fresh keypair from deterministic state. Key used once, then discarded. Compromise of one epoch cannot affect any other.
seed_epoch = HKDF(VaultKey ∥ sigma ∥ context). Every signing key is fully deterministic, dependent on hardware secret + evolving state + message policy. Reproducible yet unpredictable.
All epoch public keys committed to a Merkle tree. Verifiers only need root hash + current epoch proof. Efficient O(log n) verification.
VaultKey ← HKDF(VaultKey ∥ new_secret). After refresh, every future seed, key, and signature changes completely. An attacker with full RAM + storage snapshot before refresh is permanently locked out.
On reboot, suspected compromise, or sync loss: refresh_pending = true. Device signs only pings/dummy data until hardware confirms fresh entropy injection.
Algorithm-agnostic implementation. Wrap any PQC algorithm (current or future) in PCS guarantees within one day. Mathematical verification via FormalPCSModel.
Start with Quantum Attestation — the fastest path to post-quantum security.