The KXCO Quantum Index
Quarterly tracking of post-quantum cryptography adoption across major banking, payments, and digital-asset infrastructure providers. Six indicators per provider, scored 0–6. Most of the industry sits at zero. The 2030 NSA migration deadline is roughly four years away.
| Provider | Category | TLS | Sigs | Hooks | Disc | FIPS | Map | Score |
|---|---|---|---|---|---|---|---|---|
KXCO Production deployment across 13 products on Armature L1. | Unification Layer | YES | YES | YES | YES | YES | YES | 6/6 |
Adyen | Payments / BaaS | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Anchorage | Custody | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Binance | Exchange | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
BitGo | Custody | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
BNY Mellon | Custody bank | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Circle Public; no PQC disclosure as of last review. | Stablecoin issuance | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
ClearBank | BaaS / clearing (UK) | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Coinbase | Exchange | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
DBS | Global bank | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Fireblocks | Custody | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Fnality | Interbank settlement | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Galileo | Card issuance | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Goldman Sachs (DAP) | Bank digital arm | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
HSBC Published PQC research with Quantinuum. | Global bank | UNKNOWN | NO | NO | NO | UNKNOWN | PARTIAL | 0/6 |
ING | Global bank | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
JPMorgan (Kinexys / JPM Coin) Public statements on quantum-readiness research; production posture undisclosed. | Bank digital arm | UNKNOWN | NO | NO | NO | UNKNOWN | PARTIAL | 0/6 |
Kraken | Exchange | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Marqeta | Card issuance | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Modulr | BaaS (UK) | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Partior | Interbank settlement | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Paxos | Stablecoin + custody | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
R3 Corda | Enterprise DLT | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Railsr | BaaS (UK) | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Ripple | Cross-border | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Solaris | BaaS (EU) | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Standard Chartered | Global bank | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
State Street | Custody bank | UNKNOWN | NO | NO | NO | UNKNOWN | UNKNOWN | 0/6 |
Stripe Cloudflare-fronted endpoints may negotiate hybrid TLS. | Payments / BaaS | PARTIAL | NO | NO | NO | NO | UNKNOWN | 0/6 |
Treezor | BaaS (EU) | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Unit | BaaS (US) | UNKNOWN | NO | NO | NO | NO | UNKNOWN | 0/6 |
Methodology
Six binary indicators of post-quantum cryptography adoption, each worth one point. "Unknown" is the honest answer when no public disclosure has been found — the majority of providers in this index have not disclosed their PQC posture, and absence of disclosure is itself a signal. Sources reviewed quarterly: vendor security pages, whitepapers, regulatory filings (SEC, FCA, MAS), press statements, public GitHub repositories, well-known endpoints, TLS handshake observation, and explicit vendor confirmation when provided. Inclusion is not endorsement. Exclusion is not criticism. The list focuses on providers whose cryptographic posture is materially relevant to institutional buyers. Corrections, additions, and self-reporting from listed entities: research@kxco.ai
The six indicators
- TLS — hybrid post-quantum TLS (eg X25519MLKEM768) in production at the public edge
- Signatures — post-quantum signatures (ML-DSA-65 or SLH-DSA) on transactions or audit events
- Webhooks — hybrid HMAC + post-quantum signatures on outbound webhook delivery
- Discovery — publicly discoverable post-quantum public key (eg /.well-known endpoint)
- FIPS — NIST FIPS 203 / FIPS 204 algorithms implemented in production
- Roadmap — published post-quantum migration roadmap with dates
Are we wrong about your organisation? This index is updated quarterly from public sources. Most cells read Unknown because most providers have not disclosed their PQC posture. If we have missed something or you would like to self-report your status, email research@kxco.ai with verifiable evidence — public security page, whitepaper, well-known endpoint, or confirmation from your security team. We update the index quarterly and post-correction within one cycle.