Post-Quantum Security
End-to-end quantum-resistant cryptography — NIST FIPS 204/203/205, lattice-based consensus, hybrid threshold signatures
The LQDTY chain is the first blockchain with end-to-end post-quantum security across every layer — consensus, signing, key exchange, cross-chain messaging, and MPC custody. Quantum resistance is not bolted on; it is the consensus protocol itself.
NIST Standards Implemented
| Algorithm | Type | FIPS | Security Level | Key Sizes |
|---|---|---|---|---|
| ML-DSA (Dilithium) | Digital Signature | 204 | Level 3 | PubKey: 1,952B, Sig: 3,309B |
| ML-KEM (Kyber) | Key Encapsulation | 203 | Level 3 | PubKey: 1,184B, Ciphertext: 1,088B |
| SLH-DSA (SPHINCS+) | Hash-Based Signature | 205 | Level 5 | Hash-based backup |
| Ringtail | Threshold Signature | Custom | 192-bit | N=768, Q=32,749 lattice |
All algorithms are NIST-ratified (2024) and implemented as native EVM precompiles — no external libraries needed for on-chain verification.
ML-DSA-65 (Dilithium) — Order Signing
Primary signature scheme for all order signing in the trading system. Lattice-based, resistant to Shor's algorithm.
import "github.com/cloudflare/circl/sign/dilithium/mode3"
// Constants
const (
PublicKeySize = 1952 // bytes
PrivateKeySize = 4032 // bytes
SignatureSize = 3309 // bytes
)
// Sign an order
signer, _ := DilithiumSigner.Generate()
signature := signer.Sign(orderBytes)
verified := signer.Verify(orderBytes, signature)Performance: 8,000 signs/sec, 12,000 verifies/sec.
ML-KEM-768 (Kyber) — Key Exchange
Hybrid X25519 + Kyber-768 key encapsulation for all node-to-node communication.
const (
PublicKeySize = 1184 // bytes
PrivateKeySize = 2400 // bytes
CiphertextSize = 1088 // bytes
SharedKeySize = 32 // bytes
)
// Hybrid combination
combined := SHAKE256(x25519_shared || kyber_shared || "LX-DEX-HYBRID-v1")
// Result: 32-byte shared secret for AES-256Performance: 15,000 encaps/sec, 18,000 decaps/sec. Network overhead: 1,120 bytes per key exchange.
Ringtail — Lattice Threshold Signatures
Custom post-quantum threshold signature protocol for validator consensus. Enables t-of-n signing without a trusted dealer.
| Security Level | Ring Dimension N | Modulus Q | Threshold |
|---|---|---|---|
| 128-bit | 512 | 12,289 | t-of-n |
| 192-bit | 768 | 32,749 | t-of-n (default) |
| 256-bit | 1,024 | 65,521 | t-of-n |
// Default configuration for 100 validators
RingtailConfig{
N: 768, // Ring dimension
Q: 32749, // Prime modulus
Threshold: 67, // 2/3 of 100 validators
Parties: 100,
}Hybrid BLS+Ringtail Warp Signatures
Cross-chain Warp messages are signed with both classical BLS and post-quantum Ringtail signatures. Verification requires both to pass.
type HybridBLSRTSignature struct {
Signers []byte // Bit vector of participating validators
BLSSignature [96]byte // Classical BLS aggregate
RingtailSignature []byte // Post-quantum Ringtail
RingtailPublicKeys [][]byte // Per-signer lattice keys
}This dual-signature approach provides defense-in-depth: even if one scheme is broken, the other protects message integrity.
EVM Precompiles
All post-quantum algorithms are available as native EVM precompiles for on-chain verification:
| Precompile | Address | Gas Cost | Purpose |
|---|---|---|---|
| ML-DSA Verify | 0x0500 | ~5,000 | Verify Dilithium signatures on-chain |
| ML-KEM Decaps | 0x0501 | ~3,000 | Key encapsulation on-chain |
| SLH-DSA Verify | 0x0502 | ~8,000 | Verify SPHINCS+ signatures |
| Ringtail Verify | 0x0503 | ~10,000 | Verify threshold lattice signatures |
| Blake3 Hash | 0x0300 | ~100 | Fast hashing (3x faster than Keccak) |
Solidity Usage
// Verify a Dilithium signature on-chain
(bool success, bytes memory result) = address(0x0500).staticcall(
abi.encodePacked(publicKey, message, signature)
);
require(success && abi.decode(result, (bool)), "Invalid PQ signature");Threshold Cryptography
The threshold cryptography library provides production-grade multi-party computation:
| Protocol | Algorithm | Rounds | Latency | Use Case |
|---|---|---|---|---|
| CMP | ECDSA (secp256k1) | 4 sign | ~15ms | Bitcoin, Ethereum |
| FROST | Schnorr/EdDSA | 2 | ~8ms | Solana, Cardano, BIP-340 Taproot |
| LSS | ECDSA | Variable | ~35ms | Dynamic resharing |
| Doerner | 2-of-2 ECDSA | 2 | ~5ms | Optimized two-party |
| Ringtail | Lattice-based | Variable | — | Post-quantum threshold |
Supported chains: Bitcoin, Ethereum, Solana, Polkadot, Cosmos, TON, Cardano, XRPL, BSC, NEAR, Aptos, Sui, Tezos, Algorand, Stellar, Hedera, Flow, Kadena, Mina, LQDTY (20+).
Migration Strategy
| Phase | Timeline | Signatures | Key Exchange | Warp |
|---|---|---|---|---|
| Phase 1 (Hybrid) | 2024-2027 | Ed25519 + Dilithium | X25519 + Kyber | BLS + Ringtail |
| Phase 2 (PQ-Primary) | 2027-2030 | Dilithium primary | Kyber primary | Ringtail primary |
| Phase 3 (PQ-Only) | 2030+ | Dilithium only | Kyber only | Ringtail only |
The hybrid approach ensures zero downtime during migration. Both classical and post-quantum signatures are verified in parallel during Phase 1.
QZMQ — Quantum-Resistant Messaging
Node-to-node communication uses QZMQ (Quantum-resistant ZeroMQ):
- Kyber key exchange for session establishment
- Dilithium signatures for message authentication
- SHA3 hashing for message integrity
- AES-256-GCM for symmetric encryption (derived from hybrid key exchange)
All validator gossip, block proposals, and vote messages are quantum-safe by default.