CPS-???? | Quantum secure Cardano settlement layer#1175
Draft
perturbing wants to merge 1 commit intocardano-foundation:masterfrom
Draft
CPS-???? | Quantum secure Cardano settlement layer#1175perturbing wants to merge 1 commit intocardano-foundation:masterfrom
perturbing wants to merge 1 commit intocardano-foundation:masterfrom
Conversation
perturbing
force-pushed
the
perturbing/CPS-PQC
branch
2 times, most recently
from
d30e3e2 to
46407a1
Compare
Ryun1
changed the title
perturbing
force-pushed
the
perturbing/CPS-PQC
branch
from
46407a1 to
85683ad
Compare
hjeljeli32
reviewed
Apr 3, 2026
Contributor
hjeljeli32
left a comment
hjeljeli32
left a comment
There was a problem hiding this comment.
Thanks @perturbing for kicking this off 🙏
I added a couple of comments on the Problem and Goals sections to try to structure the discussion around threat model and priorities.
For the next steps, I think it could be interesting to expand on:
- Use cases (especially from a consensus / protocol perspective)
- You and Gamze have a very strong view on the use cases and system aspects.
Of course, very open to feedback on my suggestions above 👍
| ## Abstract | ||
| <!-- A short (\~200 word) description of the target goals and the technical obstacles to those goals. --> | ||
|
|
||
| ## Problem |
Contributor
There was a problem hiding this comment.
We can structure the Problem section in two parts:
- Context (why this matters now)
- Threat model / priority analysis (what breaks first in Cardano)
Context (proposal)
- Quantum hardware continues to progress
- More importantly, resource estimates for attacks are dropping (e.g. recent ECC estimates)
→ This suggests that the threshold for practical attacks may arrive earlier than previously expected
Threat Model / Priority Analysis (proposal)
- Signature schemes (root of trust)
- Used for transactions, stake pool cold keys, block production
- If broken → adversary can forge transactions and blocks
- Public keys are exposed on-chain, making long-lived keys potential targets
→ highest priority
- Verifiable Random Function (VRF)
- Used for leader election / randomness
- If broken → adversary can bias or control slot leadership
→ critical for consensus security
- Delegation / stake authority
- Governs who is allowed to produce blocks (stake pools, delegation certificates)
- If broken → adversary can assign stake or control block producers
→ system-wide failure
Do you think this makes sense?
| ## Use Cases | ||
| <!-- A concrete set of examples written from a user's perspective, describing what and why they are trying to do. When they exist, this section should give a sense of the current alternatives and highlight why they are not suitable. --> | ||
|
|
||
| ## Goals |
Contributor
There was a problem hiding this comment.
Goals (proposal)
Following the threat model above, we could define the following high-level goals:
-
Ensure post-quantum security of the root of trust
- Cover signature schemes, VRF, and delegation mechanisms
- Favor mature, well-studied, and standardized constructions (e.g. NIST PQC)
-
Optimize for practical constraints (latency, bandwidth, storage)
- Carefully evaluate trade-offs between signature size, public key size, and verification cost
- Prefer schemes that minimize impact on block size, propagation, and validation
-
Maintain acceptable network performance
- Ensure block production, propagation, and validation remain within acceptable limits
- Allow for potential adaptation of protocol parameters if needed
-
Support crypto-agility
- Enable smooth and incremental migration of cryptographic primitives
- Minimize disruption to existing infrastructure and avoid costly future migrations
Do you think it makes sense?
rphair
added
the
Category: Consensus
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This CPS discusses the technical details of making the Cardano layer one settlement layer quantum secure. The scope of this work is limited by the consensus side of the PQC discussion.
Rendered version