Skip to main content

Post-Quantum Security

QoreChain is built with post-quantum cryptography (PQC) at genesis — not retrofitted as an upgrade. The x/pqc module provides lattice-based digital signatures and key encapsulation as the primary cryptographic primitives, with a governance-controlled algorithm agility framework for long-term resilience.

The full PQC baseline — Dilithium-5 (signatures) + ML-KEM-1024 (KEM) + SHAKE-256 (hash) — is now complete and the network default. As of the current chain version (v3.1.82), hybrid signatures are required by default on the cosmos transaction path: hybrid_signature_mode = required and allow_classical_fallback = false. Every cosmos-path transaction must carry a Dilithium-5 signature alongside its classical secp256k1 signature; classical-only transactions from a PQC account are rejected, and the classical downgrade path is closed.

Design Principles

  • PQC-required by default: Post-quantum signatures are mandatory on the cosmos path. Classical secp256k1 signatures alone are no longer sufficient — allow_classical_fallback = false.
  • Hybrid by default: Cosmos transactions carry both a classical secp256k1 signature and a Dilithium-5 PQC signature simultaneously. The classical-only fallback is closed.
  • Algorithm agility: The cryptographic algorithm registry is governance-controlled, allowing the network to adopt new algorithms or deprecate compromised ones without hard forks.
  • Deterministic verification: All signature verification is deterministic and reproducible across validator nodes.

Supported Algorithms

AlgorithmStandardCategoryNIST LevelPublic KeyPrivate KeySignature / CiphertextShared Secret
Dilithium-5ML-DSA-87 (FIPS 204)Signature52,592 bytes4,896 bytes4,627 bytes--
ML-KEM-1024FIPS 203Key Encapsulation51,568 bytes3,168 bytes1,568 bytes32 bytes

Both algorithms operate at NIST Security Level 5, the highest standardized security category, providing protection equivalent to AES-256 against both classical and quantum adversaries.

Cryptographic Backend

PQC operations are implemented in a high-performance, memory-safe cryptographic backend that exposes lattice-based signing, verification, and key encapsulation to the QoreChain runtime. The backend provides:

Algorithm-specific operations:

  • Dilithium-5 key generation, signing, and verification
  • ML-KEM-1024 key generation, encapsulation, and decapsulation
  • Deterministic random beacon generation (seed, epoch)

Algorithm-aware operations:

  • Keygen(algorithmID) — Generate a keypair for any registered algorithm
  • Sign(algorithmID, privkey, message) — Create a signature
  • Verify(algorithmID, pubkey, message, signature) — Verify a signature
  • AlgorithmInfo(algorithmID) — Query key/output sizes
  • ListAlgorithms() — Enumerate all supported algorithms

All signing and verification operations are deterministic and produce identical results across every validator node and supported platform.

These same primitives — ML-DSA (FIPS-204), ML-KEM (FIPS-203), and SHAKE-256 (FIPS-202) — are available to wallets and integrators through the open-source qorechain-pqc library, which provides one consistent, byte-compatible API across six languages (JavaScript/TypeScript, Rust, Go, C, Python, Java). See Post-Quantum Signing.

Key Registration

Accounts register PQC keys via MsgRegisterPQCKey (legacy, defaults to Dilithium-5) or MsgRegisterPQCKeyV2 (algorithm-aware). Each message includes:

  • Sender: The account address registering the key.
  • PublicKey: The PQC public key bytes.
  • AlgorithmID: The PQC algorithm identifier (v2 only).
  • KeyType: One of three registration modes:
Key TypeDescription
hybridBoth classical (ECDSA) and PQC keys. Transactions carry dual signatures.
pqc_onlyPQC key only. Classical signature is not required.
classical_onlyClassical key only. No PQC protection (not recommended).

Hybrid Signatures

The hybrid signature system requires cosmos-path transactions to carry both a classical signature and a PQC signature simultaneously. This provides defense-in-depth: even if one scheme is broken, the other protects the transaction.

With the network default of hybrid_signature_mode = required, every cosmos-path transaction must include the Dilithium-5 extension alongside the secp256k1 signature. The only exemptions (for bootstrap) are genesis gentxs (height 0) and PQC key registration/migration transactions (MsgRegisterPQCKey, MsgRegisterPQCKeyV2, MsgMigratePQCKey), which are allowed to be classical-only so accounts can register their first PQC key.

EVM transactions are unaffected. EVM transactions are authenticated on a separate eth_secp256k1 ante path (the QoreChain EVM Engine path) and never require the hybrid PQC extension. The hybrid requirement applies only to the cosmos transaction path.

Cosign Flow

To produce a compliant cosmos transaction, the classical secp256k1 signature is computed over the standard sign bytes (which exclude the PQC extension), and a Dilithium-5 signature is computed and attached as the PQCHybridSignature extension. Standard CosmJS / relayer tooling must produce this extension to transact on the cosmos path. Today this is done via:

  • qorechaind tx pqc gen-key — generate a Dilithium-5 key.
  • qorechaind tx pqc cosign — attach the Dilithium-5 cosignature to a transaction.
  • The QoreChain SDK's hybrid signing — buildHybridTx with includePqcPublicKey (embeds the PQC public key for auto-registration on first use).

A transaction signed with secp256k1 (ECDSA) plus ML-DSA-87 (Dilithium-5), verified by the ante handler under the chain-wide enforcement mode.

TX Extension Format

PQC signatures are attached to transactions as a TX extension with type URL /qorechain.pqc.v1.PQCHybridSignature:

{
"algorithm_id": 1,
"pqc_signature": "<4627 bytes for Dilithium-5>",
"pqc_public_key": "<2592 bytes, optional>"
}

The pqc_public_key field is optional. If present and the account has no registered PQC key, the ante handler will auto-register the key on first use.

PQCHybridVerifyDecorator

The PQCHybridVerifyDecorator ante handler processes hybrid signatures with three-way verification logic:

ScenarioAccount Has PQC KeyExtension PresentPublic Key in ExtensionResult
Path 1YesYes--Verify PQC signature against registered key
Path 2NoYesYesAuto-register key, verify signature
Path 3aNoNo--Optional mode: Allow classical-only transaction
Path 3bNoNo--Required mode: Reject transaction
Path 4YesNo--Handled by the standard PQCVerifyDecorator

Hybrid Signature Modes

The chain-wide hybrid enforcement level is governance-configurable. The current network default is required:

ModeIDDefaultBehavior
Disabled0NoClassical signatures only. PQC extensions are ignored.
Optional1NoPQC extensions are verified if present. Accounts without PQC keys may transact with classical signatures only.
Required2YesAll cosmos-path transactions must carry both classical and PQC signatures. Transactions without a PQC extension are rejected.

The network has completed its migration: Optional (genesis) → Required (the current default since v3.1.71, with allow_classical_fallback = false). The three modes remain governance-controlled and can be adjusted by proposal.

Algorithm Agility Framework

The algorithm agility framework provides a governance-controlled registry for PQC algorithms, enabling the network to add new algorithms, deprecate vulnerable ones, and migrate accounts — all without hard forks.

Algorithm Lifecycle

Each registered algorithm has a lifecycle status:

active --> migrating --> deprecated --> disabled
StatusDescription
ActiveFully operational. New key registrations and verifications are accepted.
MigratingDual-signature period is active. Accounts are encouraged to migrate to the replacement algorithm. Both old and new signatures are accepted.
DeprecatedExisting signatures can still be verified, but no new key registrations are accepted.
DisabledEmergency kill switch. The algorithm cannot verify any signatures. Used when a vulnerability is discovered.

Dual-Signature Migration

When an algorithm is deprecated, a migration period begins (default: 1,000,000 blocks, approximately 69 days at 6s/block). During this period:

  1. Accounts with keys using the deprecated algorithm must migrate to the replacement.
  2. Migration requires dual signatures (MsgMigratePQCKey): one from the old key and one from the new key, proving ownership of both.
  3. Both algorithms are accepted for verification throughout the migration period.

Governance Messages

MessageDescription
MsgAddAlgorithmProposes adding a new PQC algorithm to the registry. Includes full AlgorithmInfo (name, category, NIST level, key sizes). Must be submitted through governance.
MsgDeprecateAlgorithmBegins the deprecation process for an algorithm. Specifies the replacement algorithm and migration period in blocks.
MsgDisableAlgorithmEmergency-disables an algorithm immediately. Requires a reason string. Used when a cryptographic vulnerability is discovered.

Extensibility

Adding a new algorithm requires:

  1. Implementing the algorithm in the cryptographic backend behind the unified signing and verification interface.
  2. Submitting a MsgAddAlgorithm governance proposal with the algorithm metadata.
  3. Once approved, the algorithm becomes available for key registration and verification.

SHAKE-256 Hash

As of v3.1.73, SHAKE-256 (SHA-3 extendable-output function) is the default application hash across QoreChain — provided by the qorehash package — completing the quantum-resistant cryptographic baseline alongside Dilithium-5 signatures and ML-KEM-1024 key encapsulation. The x/pqc module provides pure-Go SHAKE-256 utilities:

FunctionDescriptionOutput
SHAKE256Hash(data, outputLen)Variable-length SHAKE-256 digestArbitrary length
SHAKE256Hash32(data)Standard 256-bit SHAKE-256 digest32 bytes
SHAKE256ConcatHash(left, right)Hash of concatenated inputs32 bytes
SHAKE256DomainHash(domain, data)Domain-separated hash32 bytes

These utilities back the default application hash and are used for:

  • Merkle tree node hashing
  • Hash commitments in cross-layer attestations
  • Domain separation for different hash contexts (e.g., "leaf:" vs "node:")

Bridge PQC

All cross-chain bridge attestations and state commitments use Dilithium-5 signatures. The x/multilayer module requires PQC aggregate signatures on every MsgAnchorState submission, and ML-KEM commitments secure key exchange channels between bridge relayers.

This ensures that cross-chain security is not degraded by the use of classical cryptography in bridge infrastructure, maintaining quantum resistance across the entire protocol stack.

Module Parameters

ParameterTypeDefaultDescription
pqc_primarybooltruePQC is the primary signature scheme
allow_classical_fallbackboolfalseClassical-only fallback is closed; cosmos txs must be hybrid
min_security_levelint325Minimum NIST security level for accepted algorithms
default_migration_blocksint641,000,000Default dual-signature migration period in blocks
default_signature_algoAlgorithmID1 (Dilithium-5)Default signature algorithm for new key registrations
hybrid_signature_modeHybridSignatureMode2 (Required)Chain-wide hybrid signature enforcement level