Inspiration
In today’s digital landscape, the line between authentic and forged documents has blurred. With sophisticated forgery techniques becoming more accessible, the ability to confidently verify the origin and integrity of documents is no longer optional but rather it’s essential. This project was born from the need to restore trust, ensuring that every document can be independently verified, securely, and cryptographically, especially in a post-quantum future.
What it does
This application redefines how we interact with documents by introducing an unforgeable, cryptographically verifiable layer of trust. Inspired by the Zero Trust security model, it assumes nothing and validates everything, enabling users, organizations, and institutions to verify documents independently of their origin. It’s not just a tool it’s a cultural shift in digital trust and document assurance.
How we built it
We developed the application using a robust PHP backend powered by the Laravel framework and a MySQL database for secure, scalable data management. To perform advanced cryptographic operations, we integrated a dedicated Python microservice, containerized with Docker, which handles quantum-safe hybrid signatures and watermark embedding. This modular architecture ensures flexibility, performance, and future extensibility across document types and cryptographic standards.
Challenges we ran into
One of the most significant challenges was implementing a hybrid signature scheme combining classical cryptography (Ed25519) with post-quantum algorithms (Dilithium2). Ensuring seamless coordination between these cryptographic systems required careful design of signature formatting, key management, and versioning. Additionally, embedding and extracting watermark data securely while maintaining compatibility across document types like PDFs and images presented edge cases and validation hurdles we had to overcome.
Accomplishments that we're proud of
One of our proudest accomplishments was seeing the entire system come together from cryptographic design to document verification UI into a cohesive, functioning prototype. We were especially proud of integrating post-quantum cryptography into a real-world application, something that remains rare even among advanced security tools. Most importantly, we’ve built a solution that addresses a growing global concern: the ability to trust whether a document is genuine, tampered with, or entirely fabricated.
What we learned
Security isn’t just a technical implementation, it’s a mindset. Through this project, we learned that adopting strong security practices requires a cultural shift as much as a technological one. Traditional approaches are no longer sufficient in a world where document forgery and deep fakes are increasingly sophisticated. We must rethink verification, identity, and trust from the ground up, aligning with principles like Zero Trust to ensure authenticity in everything we handle.
What's next for Q-Mark
The journey for Q-Mark is just beginning. Our next step is large-scale deployment through a robust, secure API—enabling effortless integration into enterprise systems, government platforms, and digital workflows. We envision Q-Mark as the invisible trust layer for document validation, offering quantum-resilient protection that scales with global needs. Future enhancements will include native support for additional file types (like video and 3D documents), customizable verification thresholds, and integration with digital identity ecosystems.
Log in or sign up for Devpost to join the conversation.