XDC PQ Initiative — v1.0 · March 2026

The world's enterprise trade blockchain is hardening every cryptographic surface against quantum computing — from XDPoS 2.0 validator consensus to 30-year RWA document signatures — before Q-Day arrives.

$5T

trade gap targeted

30yr

doc longevity

2030

EU PQC deadline

108

masternodes

Quantum-Safe
Migration Roadmap

Four phases. Highest risk first. No flag-day cutover. Classical and PQ signatures run in parallel at every phase. EU December 2030 compliance targeted.

● Phase 0 — Active ● Phase 1 — Q4 2026 ● Phase 2 — Q3 2027 ● Phase 3 — Q1 2029

Research Timeline Since 2024

XDC's quantum preparedness isn't new — the community has been actively researching and building for over a year.

MARCH 2024

Ritesh Kakkad publishes quantum research

"XDC Network's Unbreakable Future" — first comprehensive analysis of quantum threats to XDC, covering ECDSA vulnerability, NIST PQC standards, and migration strategies.

Read article →

AUGUST 9, 2025

Falcon POC committed to XDPoSChain

Working proof-of-concept implementing Falcon signatures for XDPoS consensus — block signing and quorum certificates. Benchmarks: 0.138ms verification, 652B signatures.

View code →

AUGUST 16, 2025

Gary publishes PQ signatures deep-dive

"Securing XDC with Post-Quantum Signatures" — comprehensive 3-layer migration analysis covering validator keys, wallet addresses, and document signatures.

Read article →

MARCH 2026 — NOW

XDC PQ Initiative launched

Formal 5-phase migration roadmap, XDSS-PQ standard co-authored with ITFA/ICC, Google quantum research integrated. Phase 0 audit in progress.

Overall PQ Migration Progress

~8%

Phase 0
Q2–Q3 2026

Phase 1
Q4 2026–Q2 2027

Phase 2
Q3 2027–Q4 2028

Phase 3
Q1 2029–Q4 2030

// gantt timeline · 2026 – 2030

H1'26

H2'26

H1'27

H2'27

H1'28

H2'28

H1'29

H2'29

H1'30

H2'30 🏁

Phase 0

Phase 1

Phase 2

Phase 3

Deadlines

CNSA 2.0

EU 2030

Phase 0 — Active Now

Audit & Foundation

Q2 – Q3 2026

● Active

★

Full cryptographic surface audit

Inventory every XDC cryptographic dependency — consensus, wallets, bridges, P2P, smart contracts. Publish findings in Threat Assessment Report v1.0.

★

Risk matrix — publicly published

Severity × likelihood matrix for all quantum attack vectors. Maps each surface to its NIST PQC solution.

✓

XDC PQ Security Council formed

Cross-functional team: protocol engineers, cryptographers, enterprise partners, validator operators.

✓

XIP-PQ-001 community vote

Governance proposal ratifying the 4-phase roadmap. Community consensus before any protocol changes.

✓

Engage EF PQ Team, Polkadot, NIST

Collaboration agreements with Ethereum Foundation PQ research (pq.ethereum.org), Polkadot's Falcon team, and NIST PQC working groups.

✓

Threat Assessment Report v1.0 published

Comprehensive public report covering all quantum threats to XDC, with specific mitigation plans and timeline for each.

Foundation built by community: This phase builds on Ritesh Kakkad's quantum-proof blockchain research, which identified the seven key defense pillars: quantum-resistant cryptography, network hardening, consensus resilience, QKD integration, continuous assessment, industry collaboration, and regular audits.

Phase 1

Infrastructure Hardening

Q4 2026 – Q2 2027

Upcoming

✓

PQ-TLS — all 108 masternodes

ML-KEM768 + X25519 hybrid TLS 1.3 across all masternode P2P and RPC communications. Eliminates harvest-now-decrypt-later risk. <5% overhead.

✓

Bridge admin keys → hybrid ECDSA+ML-DSA

Cross-chain bridge multisig keys upgraded to dual classical+PQ signing. Both signatures required during transition.

✓

XDC DAO governance keys upgraded

All protocol governance admin keys migrated to hybrid ECDSA + SLH-DSA (SPHINCS+). Most conservative algorithm for highest-value operations.

★

CNSA 2.0 compliance achieved

All new NSS-grade operations PQC compliant by January 2027 deadline.

⚠ CNSA 2.0 — Jan 2027 deadline

✓

Subnet PQ guidance published

Best practices document for XDC subnet operators to adopt PQ-TLS and hybrid signing.

✓

QKD partnership pilot

Begin QKD integration pilot for critical masternode links, as proposed in community research. Mirrors JPMorgan's Q-CAN dual PQC+QKD strategy.

⚠ CNSA 2.0 (NSA) — Jan 2027

⚠ DORA (EU) — Active enforcement

Why TLS first: Harvest-now-decrypt-later is the only quantum attack vector that is active today. PQ-TLS eliminates it immediately. Google, Cloudflare, and AWS have proven this is a drop-in upgrade at internet scale.

Dependency: Phase 0 audit must complete before infrastructure changes begin. Ensures no surface is missed.

Phase 2

Execution Layer

Q3 2027 – Q4 2028

Upcoming

✓

ML-DSA + Falcon EVM precompiles

Dedicated precompiled contracts for PQ signature verification. Reduces gas from ~200,000 to ~12,000–15,000. Ported from Ethereum's J* fork precompile research.

✓

Account abstraction (XIP-AA) deployed

EIP-7702/8141 equivalent on XDC. Users can upgrade wallet signing from ECDSA to ML-DSA without moving funds. No hard fork required.

✓

Masternode PQ Key Registry on-chain

On-chain registry mapping validator addresses to their PQ public keys. Enables the Phase 3 consensus migration.

★

XDSS-PQ v1.0 — open standard published

Dual ML-DSA + Falcon hybrid signing schema for trade documents. Co-authored with ITFA, ICC, TradeTrust. Open industry standard. The strategic deliverable.

★

First banking partner adoption

Initial institutional partner issues PQ-signed trade documents on XDC using XDSS-PQ v1.0.

✓

STARKs-only policy for new ZK deployments

All new XDC ZK proofs (DeFi, privacy subnets) must use hash-based STARKs instead of KZG-based SNARKs. PQ-safe by design.

Key milestone: XDSS-PQ v1.0 publication. This transforms XDC from "a blockchain doing PQ" to "the standard setter for PQ trade finance." Network effect moat.

EVM leverage: Precompiles and account abstraction are ported from Ethereum's open-source research. Lean Consensus's leanSig and leanMultisig work directly informs XDC's implementation.

Phase 3

Consensus Migration

Q1 2029 – Q4 2030

Upcoming

✓

XDPoS 2.0 Falcon validator signing

Replace ECDSA with Falcon (FIPS 206) in XDPoS 2.0 block signing. 666B sigs preserve gossip bandwidth. The final and most critical migration step.

✓

12-month dual-signing transition

Masternodes sign blocks with both ECDSA and Falcon for 12 months. Either signature validates. Zero-disruption rollout.

✓

STARK-based signature aggregation

Compress N Falcon signatures into one recursive STARK proof. Mirrors Ethereum's leanMultisig approach. Restores BLS-like aggregation efficiency.

✓

ECDSA consensus sunset — 18-month notice

After 12-month dual-signing, announce 18-month countdown to ECDSA removal from consensus. Classical path remains for user transactions longer.

★

EU December 2030 compliance achieved

Full PQC compliance for all XDC critical infrastructure. EU PQC mandate met. NIST FIPS aligned.

🏁 EU PQC Mandate — Dec 2030

✓

Independent security audit — final

Third-party audit of complete PQ migration. Public report. Formal verification of critical paths using Lean 4 framework.

🏁 EU PQC Mandate — Dec 2030

→ NIST IR 8547 — 2035 (ECDSA deprecated)

Governance checkpoint: Community vote required before ECDSA sunset. No surprise migrations. Full transparency at every step.

Google's recommendation: Google set a 2029 PQC migration deadline for their own systems. Phase 3 aligns with this timeline while providing the 12-month dual-signing safety net.

// migration principles

Guiding Principles

🔄

Hybrid-first, always

Classical and PQ coexist at every phase. Security holds if either algorithm is secure. No flag-day cutover, ever.

⚡

Highest risk first

HNDL (active today) → Bridge keys → Trade docs → Validator consensus. Each phase addresses the next-highest-risk surface.

🏛️

Community governance

XIP votes at each phase gate. Independent audits before each transition. 18-month sunset notices before any removal.

🔗

Leverage Ethereum's research

EVM compatibility = direct port of precompiles, account abstraction, STARK aggregation. Build on $20M+ research, don't duplicate it.

📋

Open standards

XDSS-PQ published as open standard with ITFA/ICC/TradeTrust. XDC becomes the reference implementation — network effect moat.

🎯

Compliance-driven timeline

Anchored to CNSA 2.0 (2027), EU PQC (2030), and NIST IR 8547 (2035). XDC's institutional partners require compliance on these dates.

XDC Network isquantum-proofingglobal trade finance

Quantum-SafeMigration Roadmap

Research Timeline Since 2024

Guiding Principles

XDC Network is
quantum-proofing
global trade finance

Quantum-Safe
Migration Roadmap