Whitepaper - May 2026 - v1.0

The Quantum Sovereign Key

A post-quantum keypair lives on your device. You sign every login. No platform ever sees a password, a phone number, or your private key. This is what comes after passwords - and after the password manager that replaced them.

Version 1.0 Standards NIST FIPS 203 + FIPS 204 Status Infrastructure live - pilots in progress Source Private pilot phase

Why SPEAQ ID exists

Three trends collide in the next 36 months. Passwords still leak because users reuse them. Identity providers still see everything you do, because federated login is a one-way mirror. And cryptographically relevant quantum computers are coming - the harvest-now-decrypt-later attacks are already running. TLS that protects your login today will be reversible by 2030 to 2032 against captured 2026 traffic.

The fix is not "another password manager" or "faster MFA." The fix is a sovereign post-quantum key on your device that signs your way in, without ever giving anyone a long-lived secret to lose.

What SPEAQ ID is, in one paragraph

SPEAQ ID is a small wallet on your phone. Inside the wallet sits an ML-DSA-65 keypair: post-quantum, FIPS 204 standardized, 3293-byte signatures with 1952-byte public keys. When a website or app wants to log you in, it shows a QR code. You scan with the SPEAQ ID app. The wallet shows you who is asking, what they want, and lets you approve with your fingerprint or PIN. The wallet signs a freshly issued nonce, the platform verifies the signature, and you are in. No password ever leaves your device. No platform ever holds a credential that could be stolen.

The three guarantees

Guarantee	What it means
Quantum-Sovereign	The key lives on your device. Plexaris cannot sign on your behalf. There is no recovery email, no SMS, no support agent who can take over your identity.
Quantum-Proof	ML-DSA-65 for signatures + ML-KEM-768 for transport encryption. Both are NIST-standardized post-quantum primitives published in 2024. They survive Shor and Grover.
Quantum-Verifiable	Every governance event - new pilot added, regional issuer added, key revocation - lands in a hash-chained, root-signed audit log. Anyone can read it. Plexaris cannot rewrite the past.

The six attack vectors, closed

Each layer of the protocol closes a specific attack vector that single-server identity systems leave open. The whole stack is live in production today.

Layer	Threat	Defense
L4.1	Harvest-now-decrypt-later against TLS	ML-KEM-768 sealed envelopes encrypt the request body before TLS sees it
L4.2	Compromised server forging "approved" responses	Server signs each approval with ML-DSA-65; pilot verifies locally against the published public key
L4.3	Supply-chain attack on the JavaScript bundle	SRI sha384 hashes pinned in HTML, strict CSP, HSTS preload
L4.4	Phishing via a fake QR code	Each pilot publishes a signed manifest; the wallet refuses to approve unknown or tampered pilots
L4.5	Replay across origins	Origin captured at session-start, bound into the signed approval
L5/L6	Single point of trust at Plexaris	Hub-and-spoke federation of regional issuers, cryptographic revocation list, public hash-chained governance audit log

Defense in depth. The wallet refuses to approve when an issuer is revoked. The server independently refuses to issue a session for the same revocation. A custom client cannot bypass either layer because both check the same root-signed list.

How a login looks

Visit a pilot You open the website or app of a pilot that supports SPEAQ ID. The page shows a QR code with a freshly issued nonce.

Scan with the wallet Open the SPEAQ ID app on your phone, tap Login, scan the QR. The wallet shows the pilot's name, a green badge if its manifest is verified, and the credentials being requested.

Approve with biometric FaceID, fingerprint or PIN unlocks the signing key. The wallet signs the nonce. The signature is sent in a sealed envelope - encrypted on top of TLS for harvest-resistance.

You are in The platform verifies your signature, checks the issuer is not revoked, and opens your session. No password was typed. No long-lived credential was stored. The key never left your phone.

What this means for you

If you are a person

You stop typing passwords. You stop receiving phishing emails that ask for them. Your identity becomes something you carry, not something a platform owns. If a pilot is hacked or shut down, your wallet is unaffected.

If you are a platform

You delete your password database. You comply with GDPR data-minimization, NIS2 cryptographic requirements, and the EU AI Act's identity-verification clauses by design. You charge per signature, not per stored secret. Your liability surface for credential theft drops to zero.

If you are a developer

The TypeScript SDK is open. The post-quantum primitives are NIST-standard. Five lines of code wire SPEAQ ID into a React or Next.js app. No new infrastructure to host: identity sits on the user's device, the verifying server is Cloud Run europe-west1.

Status today

Six of six attack vectors closed in production
Live on Cloud Run europe-west1, operational since week 19, 2026
End-to-end verified on real iPhone Safari
60 unit tests, hash-chained audit log of every governance event
Three regional issuers signed and active: EU, US, UG

Roadmap

Q3 2026: five paying pilots (legal, food-service, education, business intelligence, hospitality)
Q3-Q4 2026: SPEAQ-chain mainnet launch with governance-event anchoring
Q4 2026: native iOS and Android applications alongside the PWA
2027: federated identity providers in EU, US, UG running independently

Where the trust lives

Plexaris is the root issuer today. The root signs regional issuers. Regional issuers sign pilot manifests. Pilots sign the credentials they issue you. Each link is published, root-signed, and revocable. The hash-chained governance log is a public ledger anyone can read at speaq-id-server-pelmsexm7q-ew.a.run.app/governance/log. Nothing about you is in that ledger - only what trust looks like in the ecosystem at any given moment.

Over time the root key migrates to a hardware token, then to a multi-signature governance body, then to SPEAQ-chain itself. The protocol does not depend on Plexaris staying around.

Try it

Open the wallet Try the pilot demo Become a pilot

Prefer to read offline? Download the DOCX version.

Access everything. Give nothing.