Everything you need to understand, integrate, and deploy Phoenix Platform. From architecture overviews to API references and deployment guides.
New to Phoenix Platform? Start here. These guides will take you from zero to understanding the core concepts in under 30 minutes.
A 15-minute introduction to PhoenixSig concepts. Understand epoch-based signing, state evolution, and PCS without diving into the math.
โDetailed walkthrough of the three-layer architecture: PQC engine, DyLWE state core, and Phoenix injection. How they interlock to achieve PCS.
โEssential terminology and concepts: epochs, VaultKey, Phoenix refresh, Merkle tree commitments, quarantine mode, and anti-rollback protection.
โTechnical documentation for engineers, architects, and security professionals evaluating or integrating Phoenix Platform.
Mathematical foundations of the deterministic state evolution. Ring structure R_q = Z_q[X]/(Xยฒโตโถ+1), LWR operations, state representation, and evolution proofs.
โHow VaultKey, TEE integration, and entropy injection deliver Post-Compromise Security. Includes the Phoenix Injection Rule and refresh protocol.
โHow epoch-based key derivation works, Merkle tree commitment of public keys, signature structure, and verification flow.
โState protection mechanisms: quarantine mode during reboot or suspected compromise, monotonic counters, and hardware-backed state commitments.
โStep-by-step guides for integrating PhoenixSig into different platforms, environments, and compliance frameworks.
Integrate PhoenixSig with Android Keystore as the TEE backend. Covers key attestation, biometric binding, and StrongBox support.
โUse Apple Secure Enclave as the VaultKey store. Covers CryptoKit integration, Face ID binding, and App Attest for remote verification.
โDeploy PhoenixSig in server environments using Intel SGX or AMD SEV for VaultKey isolation. HSM fallback options included.
โFull API documentation is available to early access partners. Request access โ
No. PhoenixSig uses ML-DSA/SLH-DSA as its signing engine. It adds the lifecycle management, state evolution, and PCS recovery layer on top. Think of PQC as the engine, PhoenixSig as the operating system.
PhoenixSig requires a Trusted Execution Environment for VaultKey storage. On mobile, this means Android Keystore (Titan M, TrustZone) or Apple Secure Enclave. On servers, Intel SGX, AMD SEV, or an HSM. Without a TEE, PCS cannot be guaranteed.
The additional overhead is minimal: one HKDF call for state evolution, one HKDF call for key derivation, and a Merkle path inclusion in the signature. The dominant cost remains the PQC signing operation itself. Typical overhead is <5% on modern hardware.
Each signature includes the epoch public key and a Merkle authentication path. The verifier checks: (1) the PQC signature is valid under pk_epoch, and (2) pk_epoch belongs to the Merkle tree with root RootPK. Only RootPK needs to be pre-shared.
The cryptographic primitives used (ML-DSA, SLH-DSA, HKDF-SHA256) are NIST-standardized. FIPS 140-3 validation and CNSA 2.0 compliance are part of our commercial release roadmap. The system is designed to meet all relevant algorithm requirements for these frameworks.