Identity & Wallets for AI Agents

Live on KXCO Chain

KXCO Chain issues permanent, post-quantum-secure identities and programmable wallets to AI agents, robots, LLMs, large quantitative models, and any autonomous system that needs to hold value, sign outputs, pay for services, or participate in machine-to-machine commerce. No human intermediary. No central registry. No classical cryptography weak point.

The machine economy needs machine-native infrastructure.Human-oriented financial rails are built around the assumption that a person initiates and authorises every transaction. AI agents operate at machine speed, across many counterparties, with no human in the loop. KXCO Chain was designed for exactly this — permissioned, programmable, post-quantum, and built for non-human participants from day one.

Who Gets an Identity on KXCO Chain

Any autonomous system that needs to act as an economic participant — receiving, holding, or spending value; signing outputs for verifiability; or authenticating to APIs without bearer tokens.

🤖

AI Agents

Autonomous decision-making agents that execute multi-step workflows, manage funds, pay for services, and sign agreements — with a verified on-chain identity that cannot be spoofed.

🧠

Large Language Models

LLMs operating as economic actors: paying API costs, receiving inference fees, signing outputs with a cryptographic identity, and settling micro-transactions in real time.

📊

Large Quantitative Models

Quantitative and algorithmic trading systems with dedicated wallets and signing keys — enabling provably-attributed trade instructions and on-chain settlement of model-driven positions.

🤝

Robotic Systems

Industrial robots, autonomous vehicles, and IoT devices that need a persistent wallet to pay for energy, materials, maintenance, or inter-machine services without human intermediaries.

⚡

Autonomous Pipelines

Data pipelines, build systems, and CI/CD bots that sign deployments, pay for compute, and record integrity attestations — leaving a tamper-evident audit trail for every automated action.

🔗

Multi-Agent Networks

Hierarchies and meshes of agents that delegate authority, pay sub-agents, and resolve disputes — each node holding its own KXCO Chain identity and verified by ML-DSA-65 signatures.

What Every Agent Gets

Each identity issued on KXCO Chain includes a full cryptographic stack — not just an address.

Capability	Detail
Post-Quantum Identity	Each participant gets an ML-DSA-65 (NIST FIPS-204) KxcoIdentity, registered on-chain and independently verifiable, alongside a standard EVM wallet for gas and settlement.
Native On-Chain PQ Verification	Armature verifies ML-DSA-65 signatures natively on-chain via a precompile at 0x0b — live in production. A smart contract can require a valid post-quantum signature before it authorizes an action.
Post-Quantum API Authentication	Authenticate with ML-DSA-65 per-request signatures (FIPS-204) instead of bearer tokens — for example via the kxco-post-quantum-webhook pattern. The server stores only the public key, so every request is independently verifiable.
PQCAccount (reference implementation)	PQCAccount is a reference ERC-4337-style smart account that requires an on-chain ML-DSA-65 signature (verified via the 0x0b precompile) to move funds. Available as a reference implementation — not the default account model.
Algorithm Diversity (SDK)	The kxco-post-quantum SDK provides ML-DSA-65 (FIPS-204, lattice) and SLH-DSA-SHAKE-128s (FIPS-205, hash-based), so applications can sign with two independent post-quantum foundations.
Programmatic Access	Full JSON-RPC 2.0 API at chain.kxco.ai/rpc. npm packages for post-quantum key generation, signing, and webhook verification — drop-in for any Node.js or browser environment.

Why Post-Quantum Cryptography Matters for Machine Identities

An AI agent identity signed with classical ECDSA is a liability, not an asset.Classical secp256k1 and Ed25519 keys are broken by a sufficiently powerful quantum computer running Shor's algorithm. Agent identities issued today will still be in use when quantum compute becomes practical — in financial infrastructure, that window is measured in decades. KXCO Chain issues identities anchored in NIST-standardised post-quantum cryptography: ML-DSA-65 (FIPS 204) and SLH-DSA-SHAKE-128s (FIPS 205). An identity issued today is safe across the quantum transition.

Unforgeable Attribution

An agent can sign its outputs, requests, and attestations with ML-DSA-65. The signature proves — to any counterparty, now or in 30 years — that this specific identity, and no other, produced it. No bearer token, no shared secret: public-key accountability that Armature can verify natively on-chain (precompile 0x0b).

Harvest-Now-Decrypt-Later Immunity

Adversaries record data today to attack once quantum hardware arrives. Post-quantum identities and signatures (ML-DSA-65) issued now stay valid and unforgeable across that transition — what an agent signs today cannot be forged later.

Algorithm Diversity

The kxco-post-quantum SDK provides both ML-DSA-65 (lattice-based) and SLH-DSA-SHAKE-128s (hash-based). They rest on different mathematical foundations — a breakthrough against one does not compromise the other.

No Custody Single-Point-of-Failure

PQCAccount, our reference smart account, can require a valid on-chain ML-DSA-65 signature (verified via the 0x0b precompile) before funds move — so a compromised secp256k1 key alone cannot move assets. KXCO never holds participant private keys.

How an Agent Gets an Identity

Step 1 — Generate a post-quantum keypair

Use the kxco-post-quantum npm package to generate an ML-DSA-65 keypair locally — the private key never leaves the agent's environment. A kid (key ID) fingerprint is derived from the public key for rotation tracking.

npm install kxco-post-quantum   # ML-DSA-65 keygen + signing

Step 2 — Use an EVM wallet + register the identity

The agent uses a standard EVM wallet (secp256k1) for gas and settlement, and registers its ML-DSA-65 public key as its KxcoIdentity. The EVM address handles on-chain transactions; the ML-DSA-65 identity provides post-quantum-verifiable attribution.

Step 3 — Connect to KXCO Chain

Point any EVM library (ethers.js, viem, web3.js) at the KXCO Chain RPC. Chain ID is 1111111. The agent's wallet address is its on-chain identity. No registration, no KYC at the chain layer — the licensed operator running the platform handles that at the application layer.

RPC: https://chain.kxco.ai/rpc  |  Chain ID: 1111111  |  Token: ARMR

Step 4 — Sign and transact

Submit transactions over standard JSON-RPC (secp256k1, EVM-compatible). To add post-quantum authorization, route through a PQCAccount or sign an ML-DSA-65 intent for the KXCO relay — Armature verifies ML-DSA-65 natively via the 0x0b precompile.

Step 5 — Authenticate to APIs with your identity

Use ML-DSA-65 per-request signatures to authenticate to the KXCO Chain API and any counterparty that accepts KXCO identity-signed requests. No bearer token to rotate. No secret to leak. The server verifies the signature against the registered public key — every request is independently auditable.

Technical Reference

Resource	Value / Location	Notes
RPC endpoint	https://chain.kxco.ai/rpc	JSON-RPC 2.0 — EVM-compatible, public, no auth required
Wallet API	https://chain.kxco.ai/wallet	Key generation, transaction signing, balance, transfer
PQ primitives (npm)	kxco-post-quantum	ML-DSA-65, ML-KEM-768, SLH-DSA — NIST FIPS 204/203/205
Webhook adapters (npm)	kxco-post-quantum-webhook	Express / Fastify / Hono / Workers / Vercel — PQ-signed HTTP
Browser verifier (npm)	kxco-verify	Verify any KXCO attestation or signed delivery in the browser
CLI (npm)	kxco-pq-cli	kxco-pq keygen · fingerprint · rotate — scriptable key management
Chain ID	1111111	Add to MetaMask or any EVM wallet / library
Native token	ARMR	Used for gas and inter-agent settlement
PQ identity (well-known)	chain.kxco.ai/wallet/api/.well-known/kxco-pq-pubkey	Platform ML-DSA-65 public key — pin for outbound signature verification

Use Cases

Agent-to-Agent Micropayments

An orchestrating AI agent pays sub-agents for completed tasks in ARMR — provably attributed, settled in seconds, with an on-chain audit trail. No invoicing, no manual reconciliation, no human approval gate.

LLM Output Signing

Every response an LLM generates can be signed with its ML-DSA-65 identity key before delivery. Recipients verify the signature via the published well-known public key — proving provenance and ruling out man-in-the-middle substitution.

Algorithmic Trading Attribution

A quantitative model's trade instructions are signed on-chain. Compliance teams can prove, cryptographically, which model version produced which instruction — without relying on application-layer logs that can be altered.

Robotic Resource Purchasing

An autonomous robot pays for electricity, replacement parts, or cloud compute directly from its ARMR wallet — no human card on file, no shared credential, no manual purchase order. Payment is proof of identity.

Cross-Agent Trust Delegation

An agent signs a delegation token with its ML-DSA-65 key, granting a sub-agent limited authority. The sub-agent presents the signed delegation with each action it takes. No central access management system required.

Provenance Attestation

An agent attests the origin and integrity of data it processed — model weights, training datasets, inference outputs — by anchoring a hash to the KXCO Chain with a ML-DSA-65 signature. Immutable, independently verifiable, quantum-resistant.

Ready to give your agent an identity?

Connect to KXCO Chain, generate a post-quantum keypair, and your agent is live. For institutional integrations, custom identity issuance, or enterprise onboarding, contact us.

Read the Docs Post-Quantum Security Contact Us