๐Ÿš€ We build production software with agentic development, at a fraction of traditional cost and timelines. See how โ†’
Agentic DevelopmentAI-agent delivery, .NET, React, Java
Cloud & Financial InfrastructureWeb, mobile, backend, payments
Refactoring & OptimizationLegacy to cloud-native, agentically
ERP ImplementationTurn-key ERPNext, 30% lower TCO
CybersecurityAppSec, pen testing, red teaming
Managed Security ArchitectureContinuous, business-aligned defense
Application & Infra OperationsOn-premise, cloud & financial infra
Urgent Incident ResponseContain the breach, get back to business
Consulting & DesignAgile, data analytics, architecture
๐Ÿ“ฐ News ยท Cybersecurity Innovation Fund (CIF-NL) 2025

Nextarp builds a future-ready
transparency log.

As part of CIF-NL, Nextarp is developing PQ-Transparency: a post-quantum ready, immutable transparency log for digital certificates, making certificate issuance auditable today and secure against the quantum computers of tomorrow.

Post-quantum cryptography Certificate Transparency ML-KEM ยท ML-DSA ยท SLH-DSA eIDAS 2.0

Funded projects under CIF-NL 2025

The Cybersecurity Innovation Fund, 2025 round.

In December 2025, the CIF-NL 2025 scheme was opened to organisations developing innovative cybersecurity solutions, in the form of products and/or services. The 2025 funding round of CIF-NL focuses on two key sub-areas:

1 ยท Promoting crypto-agility

Enabling systems to switch flexibly and quickly to new cryptographic algorithms when existing ones become vulnerable, essential in the light of the quantum threat. This is the sub-area PQ-Transparency addresses.

2 ยท Simplifying cybersecurity solutions

Making cybersecurity easier to adopt and operate. PQ-Transparency contributes here too: one transparent platform with standardised proofs and open APIs simplifies auditing and mis-issuance detection.

Why this matters

Quantum computers will break today's certificates. Transparency keeps them honest.

RSA and ECC, the algorithms underpinning today's PKI and digital signatures, will eventually be broken by quantum algorithms. Meanwhile, "harvest-now-decrypt-later" attacks are already collecting encrypted material. Trust in digital identities depends on preparing now, and on being able to detect mis-issued certificates early.

๐Ÿ“œ

Immutable, auditable log

An append-only transparency log built on Certificate Transparency principles (IETF RFC 9162): Merkle trees, Signed Tree Heads, and inclusion and consistency proofs that stay verifiable as the log grows.

โš›๏ธ

Quantum-resistant by design

NIST-standardised post-quantum algorithms integrated throughout: ML-KEM for key establishment (FIPS 203), ML-DSA for log signing (FIPS 204), and SLH-DSA for long-term integrity (FIPS 205).

๐Ÿ”€

Hybrid, disruption-free migration

Classical and post-quantum algorithms run in parallel, dual signing (ECDSA + ML-DSA/SLH-DSA) and hybrid key establishment, so existing ecosystems keep working while they migrate.

Project highlights

PQ-Transparency, in highlights.

๐Ÿฅ‡
A first for the Netherlands
The first Dutch implementation of a post-quantum hybrid Certificate Transparency log, combining two complex domains in one auditable infrastructure.
๐Ÿ”Œ
Open APIs for the ecosystem
REST and gRPC interfaces with Java, Node.js and Python libraries, so certificate authorities, trust service providers and governments integrate without complex custom work.
๐Ÿ‡ช๐Ÿ‡บ
European compliance built in
A compliance framework aligned with ETSI EN 319 411/412 and eIDAS 2.0, including integration with the European Digital Identity Wallet ecosystem.
๐Ÿงฉ
Crypto-agility at system level
A modular cryptographic abstraction layer with hot-swappable algorithm modules: new algorithms can be added or replaced in under one sprint, no vendor lock-in.

Engineering targets

  • โ‰ฅ 5,000 log entries per minute, scalable further with sharding and batching
  • P95 inclusion proof latency under 200 ms on reference infrastructure
  • โ‰ฅ 95% verification success against external verifiers
  • 100% traceability on the ETSI compliance matrix
  • Verifier library, CLI and mis-issuance monitor with watchlists and notifications

Delivered over a 9-month, 6-phase programme: design, core log & PQ crypto, verification & monitoring, APIs & integrations, security & compliance, and pilots.

Who it serves

Built for the organisations that anchor digital trust.

๐Ÿ›๏ธ

CAs & trust service providers

Detect mis-issued certificates early and guarantee transparency towards browsers, auditors and customers.

๐Ÿข

Governments

Auditable PKI processes for eIDAS 2.0 and the EU Digital Identity Wallet, with pilots foreseen alongside services such as PKIoverheid.

๐Ÿฆ

Enterprise PKI

Finance, telecom and energy organisations that need a quantum-safe migration without disrupting running infrastructure.

๐Ÿ“ก

Cloud & IoT platforms

Device certificates and authentication at scale, where harvest-now-decrypt-later is already a real risk.

Knowledge shared openlyWhitepapers, technical blogs, workshops and collaboration with standardisation bodies such as ETSI and IETF.
RFC 9162FIPS 203/204/205ETSI EN 319 411/412EUDI Wallet

Interested in a pilot or early integration?

Certificate authorities, trust service providers and public organisations are invited to join the user committee and pilot programme.

Book a video call
โœ‰info@nextarp.com ๐Ÿ“ž+31 10 257 99 99