§ QuantumPay · Payment authorization

Authorize payments the quantum era can't forge.

QuantumPay lets a payer cryptographically authorize a payment intent — payee, amount, currency, expiry — with a hybrid post-quantum signature (Ed25519 + ML-DSA-87 + optional SLH-DSA). A processor verifies the authorization is authentic, amount- and payee-bound, unexpired, and not replayed before it acts. It is the authorization layer — it does not move money. Settlement stays on a regulated rail (a licensed processor, card network, or broker).

Bound, fresh, and un-replayable.

Authorize → verify → settle.

  1. The payer hybrid-signs a payment intent (payee, amount in minor units, currency, nonce, expiry).
  2. The processor verifies the signature + bindings and atomically consumes the nonce (rejecting any replay) before acting.
  3. The regulated rail — a licensed PSP, card network, or broker — performs the actual settlement. QuantumPay never touches the money.
import { createAuthorization, verifyAndConsume, makeNonceLedger } from 'pqpay'
Reference implementation · in active development · authorization layer · unaudited

QuantumPay is an unaudited reference implementation of post-quantum payment AUTHORIZATION. It signs and verifies authorizations; it does NOT move, hold, custody, or settle funds, and it is not a payment institution, money transmitter, broker, or financial advisor. Settlement is performed by a separate, appropriately licensed payment rail. Anti-replay requires a durable, atomic nonce store on the verifier. Nothing here is an offer of any security, token, or financial instrument, or financial/legal advice.