Getting Started — Phoenix Platform Docs

What Is PhoenixSig?

PhoenixSig is a post-quantum digital signature system with Post-Compromise Security (PCS). Unlike traditional signature schemes, PhoenixSig is designed to recover automatically after key compromise — without human intervention, network connectivity, or certificate revocation.

PhoenixSig is not a replacement for NIST PQC algorithms. It uses ML-DSA or SLH-DSA as its signing engine and adds the lifecycle management layer on top. Think of it as: PQC provides the cryptographic strength; PhoenixSig provides the operational resilience.

The Core Problem

Every digital signature scheme today — classical or post-quantum — assumes the private key stays secret for its entire lifetime. When that assumption breaks (and it will, eventually), the only response is manual key revocation, which is slow, unreliable, and requires network connectivity.

PhoenixSig eliminates this assumption. It treats compromise as an expected event and engineers recovery into the system itself.

Three-Layer Architecture (30-Second Version)

Layer 3: PQC Signing Engine ML-DSA-65 or SLH-DSA — the actual signing algorithm Signs messages using ephemeral epoch keys Layer 2: DyLWE State Core Deterministic state evolution (forward secrecy) Each signing operation advances state irreversibly Layer 1: Phoenix Injection TEE-anchored VaultKey provides fresh entropy Enables recovery after compromise (PCS)

How Signing Works

PhoenixSig doesn’t use long-lived private keys. Instead:

The system maintains an internal state seed that evolves with every operation
For each signing epoch, an ephemeral key pair is derived from the state seed + VaultKey
The message is signed using the ephemeral private key via ML-DSA or SLH-DSA
The ephemeral private key is immediately destroyed
The state seed advances irreversibly to the next state

How Verification Works

The verifier doesn’t need to know every epoch key. All epoch public keys are committed to a Merkle tree during setup. Each signature includes the epoch public key plus a Merkle authentication path. The verifier only needs the tree’s root public key (RootPK) to verify any signature.

What Makes It Different: PCS

Suppose an attacker captures your device’s complete state — memory, storage, everything — at time t. With any other signature scheme, they can forge signatures indefinitely.

With PhoenixSig, after the next Phoenix refresh:

The VaultKey (stored in the TEE) is rotated with new entropy
All future state seeds change unpredictably
The attacker’s snapshot becomes useless

This is Post-Compromise Security: the system heals itself after breach, automatically and without external help.

What’s Next?

Ready to go deeper? Here are the recommended next reads:

Architecture Overview — detailed walkthrough of all three layers
Key Concepts — terminology glossary and concept reference
Technical Whitepaper — formal specification and security analysis

← Back to Documentation Request a Demo →