XDC PQ Initiative — v1.0 · March 2026

XDC Network is
quantum-proofing
global trade finance

The world's enterprise trade blockchain is hardening every cryptographic surface against quantum computing — from XDPoS 2.0 validator consensus to 30-year RWA document signatures — before Q-Day arrives.

$5T
trade gap targeted
30yr
doc longevity
2030
EU PQC deadline
108
masternodes
XDC Network
XDC Network
Post-Quantum Security
2000
TPS
XDPoS 2.0
108
Nodes
→ Falcon
~0.1%
Exposed
vs BTC 25%
2030
EU ready
on schedule
xdc-pq · network audit
xdc-pq scan --mainnet --full // XDPoS 2.0 · 108 active validators Validator keys VULNERABLE — Shor's Trade docs (30yr) HNDL risk Bridge multisigs TNFL risk Keccak-256 SAFE // action → FIPS 204/206
Network LIVE
Threat ACTIVE
Phase 0 NOW
◆ XDC PQ Initiative — Phase 0 · March 2026
⚠ ECDSA secp256k1 — Shor's algorithm threat
● FIPS 203 ML-KEM — NIST finalised Aug 2024
● FIPS 204 ML-DSA Dilithium — primary sig std
● FIPS 206 Falcon — 666B compact sigs, 2025
⚠ EU PQC mandate — Dec 2030 hard deadline
⚠ CNSA 2.0 — NSS compliant Jan 2027
◆ XDC + ITFA + ICC — XDSS-PQ co-authoring
● JPMorgan Q-CAN — QKD+PQC live
● Google Chrome v131 — ML-KEM in production
⚠ IBM Quantum — 10K logical qubits by 2030
◆ Ethereum EIP-8141 — Hegotia 2026 · EVM-portable
Polkadot — Falcon for validator keys · June 2025
◆ XDC PQ Initiative — Phase 0 · March 2026
⚠ ECDSA secp256k1 — Shor's algorithm threat
● FIPS 203 ML-KEM — NIST finalised Aug 2024
● FIPS 204 ML-DSA Dilithium — primary sig std
● FIPS 206 Falcon — 666B compact sigs, 2025
⚠ EU PQC mandate — Dec 2030 hard deadline
⚠ CNSA 2.0 — NSS compliant Jan 2027
◆ XDC + ITFA + ICC — XDSS-PQ co-authoring
● JPMorgan Q-CAN — QKD+PQC live
● Google Chrome v131 — ML-KEM in production
⚠ IBM Quantum — 10K logical qubits by 2030
◆ Ethereum EIP-8141 — Hegotia 2026 · EVM-portable
Polkadot — Falcon for validator keys · June 2025
// threat analysis

XDC's quantum exposure is
categorically higher than any other chain

Trade finance documents have 20–30 year legal lifespans. Every XDC-signed bill of lading is a live harvest-now-decrypt-later target. No other blockchain use case carries this level of cryptographic longevity risk.

P0 Critical
📄

Trade document signatures

Bills of lading, letters of credit, and RWA instruments signed on XDC today remain legally valid for decades. A future quantum computer can forge them to claim false asset ownership — the Trust-Now-Forge-Later (TNFL) attack.

ECDSA · secp256k1 · 20–30yr lifespan
P0 Critical
⚙️

Validator masternode keys

108 active masternodes hold ECDSA keys signing XDPoS 2.0 blocks. Compromise via Shor's algorithm gives an adversary control of finality and block production — the chain's ultimate authority.

ECDSA · secp256k1 · 108 validator keys
P0 Critical
🌉

Bridge & DAO governance

Cross-chain bridge multisigs and XDC DAO admin keys are the highest-value TNFL targets. A forged bridge signature redirects settlement funds — undetectable until after Q-Day arrives.

ECDSA multisig · TNFL · indefinite
P0 Critical
💳

EOA wallet keys

Every XDC account uses secp256k1. Once a public key is on-chain, a quantum computer can derive the private key and drain the wallet. All accounts that have transacted are exposed.

ECDSA · secp256k1 · exposed pubkeys
P1 High
🔌

P2P node communications

Masternode TLS uses classical ECDH key exchange. Harvest-now-decrypt-later attacks on this traffic are active today — adversaries record now and decrypt later when quantum hardware arrives.

ECDH · TLS 1.2–1.3 · HNDL active now
Low Risk
🔐

Hash functions — already safe

Keccak-256 and SHA-3 are quantum-resistant by design. Grover's algorithm provides only a quadratic speedup — effectively doubling the security requirement, not breaking it.

Keccak-256 · Grover 2× only · no action
02
// regulatory pressure

XDC's partners face
hard compliance deadlines

Deutsche Telekom, SBI Holdings, SWIFT members, and every bank on XDC face active PQC mandates. If XDC's cryptography isn't quantum-safe, XDC becomes a compliance liability for its own institutional ecosystem.

Jan 2025
DORA (EU) — in force
Financial entities must demonstrate robust cryptographic controls to regulators
Jan 2027
CNSA 2.0 (NSA)
All new National Security System acquisitions must be PQC compliant
Dec 2030
EU PQC Roadmap
Full PQC migration for all EU critical infrastructure — XDC's bank partners included
2035
NIST IR 8547
ECDSA and all quantum-vulnerable algorithms deprecated from all NIST standards
// industry already deployed pqc
Google Chrome v131ML-KEM TLS
Apple iMessage PQ3Kyber+ECC live
Cloudflare edge TLSX25519+Kyber
AWS Payments APIPQ-TLS Nov 2025
JPMorgan Q-CANQKD+PQC live
Mastercard contactlessPQ since 2022
Signal SPQRPQ msgs 2025
Ethereum EIP-8141Hegotia Q4 2026
Polkadot Falcon keysRoadmap 2025
XDC must lead — or become the last major enterprise chain without PQC
03
// algorithm stack

NIST-standardized PQC for
every XDC cryptographic surface

Each surface needs a different algorithm. XDC's stack is optimised for validator bandwidth (Falcon), document longevity (XDSS-PQ hybrid), and institutional TLS compliance (ML-KEM).

Falcon / FN-DSA (FIPS 206) — XDPoS 2.0 validators
666-byte signatures — most compact NIST-standardized PQ scheme. Critical for XDPoS 2.0 where 108 masternodes sign every block and gossip signatures network-wide. Polkadot chose Falcon for identical bandwidth reasons in June 2025.
🔏ML-DSA / Dilithium (FIPS 204) — EOA wallets
Primary NIST signature standard. 2.4 KB. Best-audited PQ signature scheme — co-developed by IBM Research. Deployed in production by Signal (SPQR 2025). Correct choice for user keys where bandwidth is not as constrained as validator gossip.
📋XDSS-PQ hybrid (FIPS 204+206) — trade documents
XDC flagship: dual ML-DSA + Falcon signatures on all RWA issuances, letters of credit, and bills of lading. Security holds unless BOTH NIST algorithms break simultaneously. Designed for 20–30 year validity windows.
🏛️SLH-DSA / SPHINCS+ (FIPS 205) — DAO governance
Hash-based; security depends only on SHA-256 — most conservative foundation. 8–50 KB size acceptable for rare high-value governance operations. Recommended by UK NCSC for software signing.
// signature size comparison (relative)
ECDSA (now)
Falcon 666B
ML-DSA 2.4KB
SPHINCS+ 8KB
All are PQ-safe. Bar = relative sig size.
FIPS
all NIST std
2024
finalised
3
backup algos
🔒ML-KEM + X25519 hybrid TLS (FIPS 203) — all nodes
Upgrade all 108 masternodes + RPC endpoints to ML-KEM768+X25519 hybrid TLS 1.3. Already deployed at internet scale by Google, AWS, and Cloudflare. <5% overhead on high-bandwidth links. Pure infrastructure upgrade — no protocol changes required.
🔄Hybrid parallel scheme — zero disruption
Classical + PQ run in parallel during every phase. Accept if EITHER validates. Security holds unless both algorithms break simultaneously. Classical path removed only after a publicly announced 18-month notice sunset date.
⚛️QKD for critical masternode links
Physics-based key distribution for highest-value node-to-node links. Any interception is immediately detectable. Mirrors JPMorgan's dual PQC + QKD gold-standard strategy for critical financial infrastructure.
// hybrid tls overhead (production data)
High-BW link
Standard conn
Low-BW link
<5%
overhead HB
drop-in
for ECDH
STARKs over SNARKs for all new ZK deployments
KZG-based SNARKs rely on elliptic curve pairings — quantum-vulnerable. STARKs are hash-based, require no trusted setup, and are PQ-safe by design. All new XDC ZK proofs (DeFi, privacy subnets) must use STARKs from Phase 1 onwards.
🔗Recursive STARK aggregation for consensus
Falcon/ML-DSA lack BLS's native aggregation. Solution: compress N Falcon signatures into one recursive STARK proof. Directly mirrors Ethereum's leanMultisig/leanVM work — XDC's EVM compatibility means we port it, not rebuild it.
EVM precompiles — gas optimisation
PQ signature verification without precompile: ~200,000 gas. With dedicated ML-DSA + Falcon precompiles: ~12,000–15,000 gas. Ethereum's J* fork precompiles port directly to XDC — we build on their $20M+ research investment.
// gas: pq signature verification
ECDSA now
PQ no precomp
PQ precompile
STARK aggreg.
~80
gas amortized
STARKs
PQ-safe ZK
// XDC full algorithm stack — reference
XDC Use CaseAlgorithmStandardSig SizeWhy
XDPoS 2.0 validator signingFalcon / FN-DSAFIPS 206666 BMost compact NIST PQ sig — bandwidth-critical for 108-node gossip
EOA wallet signingML-DSA / DilithiumFIPS 2042.4 KBPrimary NIST standard; best-audited; IBM Research co-authored
RWA & trade doc signingXDSS-PQ dual hybridFIPS 204+206~3 KBBoth must break for forgery; 30-year validity designed-in
P2P & RPC TLSML-KEM + X25519FIPS 203KEMDrop-in for ECDH; deployed by Google/Cloudflare/AWS at scale
DAO & bridge governanceSLH-DSA / SPHINCS+FIPS 2058–50 KBHash-only; most conservative; fine for rare high-value ops
DeFi & subnet ZK proofsSTARKs (hash-based)PQ-safehashNo KZG/ECC dependency; no trusted setup; PQ-safe by design
// what gets upgraded

Every XDC layer gets quantum-hardened

consensus
⚙️

XDPoS 2.0 → Falcon signing

Replace ECDSA with Falcon in validator block signing. 666B sigs preserve gossip bandwidth. 12-month dual-signing ensures zero disruption.

CurrentECDSA secp256k1
TargetFalcon FN-DSA
Validators108 masternodes
flagship · open standard
📋

XDSS-PQ — world's first PQ trade document standard

Dual ML-DSA + Falcon hybrid on all RWA issuances, letters of credit, and bills of lading. Co-authored with ITFA, ICC, and IMDA TradeTrust as an open industry standard — XDC becomes the reference implementation every institution must support.

ML-DSAFalconHybrid dual-sigITFAICCTradeTrust
infrastructure
🔌

PQ-TLS all masternodes

ML-KEM768+X25519 hybrid TLS 1.3 across all 108 masternode P2P and RPC comms. Proven at internet scale by Cloudflare and Google.

108
nodes
<5%
overhead
wallets
👛

Account abstraction + PQ opt-in

Port EIP-8141 equivalent to XDC. Users upgrade to ML-DSA signing without a hard fork. Gradual, incentivised, non-disruptive migration path.

Opt-in
user path
0
disruption
governance
🏛️

DAO & bridge keys — hybrid

XDC DAO and all cross-chain bridge admin keys upgraded to hybrid ECDSA+ML-DSA. Protocol upgrades require both signatures during transition.

SLH-DSAML-DSAHybrid
roadmap
🗓️

Four phases — 2026 to 2033

Structured migration with governance checkpoints, community votes, and independent audits at each phase gate. No surprise migrations.

Phase 0 — Audit & FoundationQ2–Q3 2026
Phase 1 — InfrastructureQ4 2026–Q2 2027
Phase 2 — Execution LayerQ3 2027–Q4 2028
Phase 3 — ConsensusQ1 2029–Q4 2030
compliance

EU 2030 & NIST 2035 on schedule

Phase 3 aligns with EU December 2030 PQC mandate and NIST IR 8547 2035 deprecation deadline.

EU
2030 ready
NIST
FIPS aligned
04
// migration roadmap

Four phases. Highest-risk first.
EU 2030 target met.

No flag-day cutover. Classical and PQ run in parallel at every phase. The network migrates when the community is ready.

01
Audit & Foundation
Crypto inventory, risk matrix, PQ Security Council, Threat Report v1.0
02
Infrastructure
PQ-TLS masternodes, bridge & DAO key upgrades, subnet guidance
03
Execution Layer
PQ precompiles, account abstraction, PQ key registry, XDSS-PQ
04
Consensus Migration
Falcon XDPoS 2.0, STARK aggregation, ECDSA sunset, EU 2030
Phase 0 — Active now
Audit & Foundation
Q2–Q3 2026
Full crypto audit — all XDC surfaces
Risk matrix published publicly
XDC PQ Security Council formed
XIP-PQ-001 community vote
Engage EF PQ Team, Polkadot, NIST
Threat Assessment Report v1.0 published
Phase 1
Infrastructure Hardening
Q4 2026 – Q2 2027
PQ-TLS (ML-KEM+X25519) — all 108 masternodes
Bridge admin keys → hybrid ECDSA+ML-DSA
XDC DAO governance keys upgraded
CNSA 2.0 compliance — Jan 2027 deadline
Phase 2
Execution Layer
Q3 2027 – Q4 2028
ML-DSA + Falcon EVM precompiles live
Account abstraction (XIP-AA) deployed
Masternode PQ Key Registry on-chain
XDSS-PQ v1.0 — open standard published
First banking partner adoption
Phase 3
Consensus Migration
Q1 2029 – Q4 2030
XDPoS 2.0 Falcon validator signing
12-month dual-signing transition
STARK-based aggregation deployed
ECDSA consensus sunset — 18mo notice
EU December 2030 compliance achieved
// flagship deliverable

XDSS-PQ: the standard that makes XDC indispensable

Not just a technical upgrade — the strategic move that repositions XDC from a blockchain into the cryptographic infrastructure standard for global trade finance.

📋
Open industry standard — not proprietary
Co-authored with ITFA, ICC, TradeTrust. Published freely. XDC becomes the reference every institution must support — creating a network effect moat.
🔗
Both algorithms must break for forgery
Hybrid ML-DSA + Falcon: security holds unless both FIPS-standardized algorithms are broken simultaneously — a near-impossible scenario.
📅
Designed for 30-year validity windows
An XDSS-PQ bill of lading signed in 2028 will still be cryptographically verifiable and unforgeable in 2058 — long after Q-Day.
xdss-pq/v1.0 · trade document schemaQUANTUM SAFE
{ "standard": "XDSS-PQ/1.0", "document_type": "bill_of_lading", "issuer": "xdc://0xA3f2...91CC", "signatures": { "ml_dsa": "<FIPS-204 · 2.4KB>", "falcon": "<FIPS-206 · 666B>", "scheme": "hybrid-dual-sig", "valid_if": "either_valid" }, "valid_until": "2058-12-31", "compliance": ["EU-PQC-2030","NIST-FIPS","MLETR"] }
Sigs VALID
Quantum SAFE
MLETR OK
EU 2030 READY
Co-authored with ITFA DNIICCIMDA TradeTrustDeutsche TelekomSBI HoldingsEF PQ TeamSWIFT
"
XDC
// the XDC commitment

Quantum computers will not arrive with a 90-day migration window. The only path that protects the institutions, businesses, and individuals who trust XDC Network with their most critical trade finance infrastructure is to build the migration now — so that every instrument we sign in 2026 remains verifiable, unforgeable, and trusted in 2056.

— XDC Network PQ Security Council  ·  March 2026
// from the ecosystem

Why institutions are watching XDC lead

"Trade finance documents have lifespans measured in decades. The cryptographic infrastructure signing them today must remain verifiable and unforgeable in 2055. XDC's XDSS-PQ initiative is the first serious, structured attempt by any blockchain to face this reality directly — built on NIST standards, not proprietary crypto."

AK
Atul Khekade
Co-Founder, XDC Network
30yr
doc longevity
$5T
trade gap
2030
EU deadline
★★★★★

"The dual PQC + QKD strategy XDC is adopting mirrors exactly what JPMorgan deployed with Q-CAN. They're taking the right architectural path — and doing it before the threat arrives."

// Quantum Security Lead, Global Finance Research
★★★★★

"Publishing XDSS-PQ as an open standard with ITFA and ICC is the correct move. XDC doesn't just become PQ-safe — it becomes the standard setter. That position is very hard to displace."

// Head of Digital Trade, Regional Development Bank
★★★★★

"EVM compatibility means Ethereum's entire PQ toolchain — leanSig, precompiles, EIP-8141 account abstraction — ports directly to XDC. The engineering leverage is enormous."

// Protocol Engineer, Enterprise Blockchain Firm
// faq

Common questions

When will quantum computers actually break ECDSA?+
Most roadmaps place cryptographic relevance in the early-to-mid 2030s. IBM targets 10,000+ logical qubits by 2030. DARPA's 2033 benchmark is the most objective signal. The critical factor isn't the threat date — it's lead time. Migrating XDC's decentralised infrastructure takes 7–10 years. Starting in 2026 means being ready by 2033–2035.
Why is XDC's risk higher than Ethereum or Bitcoin?+
Two reasons unique to XDC. First: trade finance documents have 20–30 year legal lifespans — a bill of lading signed today may be referenced in litigation in 2050. Second: XDC's institutional partners (banks, SWIFT members, Deutsche Telekom) face active DORA and EU 2030 PQC mandates. If XDC isn't PQ-safe, it becomes a compliance liability for its own ecosystem.
Will the PQ migration disrupt XDC users or validators?+
No — by architectural design. Every phase uses a hybrid parallel approach: classical ECDSA and PQ signatures coexist. Users opt in to PQ signing at their own pace. Masternodes dual-sign during the 12-month Phase 3 transition. Existing smart contracts work unchanged throughout phases 0–2. There is no flag-day cutover.
Why Falcon for XDPoS 2.0 validators, not Dilithium?+
Bandwidth. XDPoS 2.0 has 108 masternodes signing every block, and those signatures must be gossiped network-wide. Falcon (FIPS 206) produces 666-byte signatures — the most compact NIST-standardized PQ scheme. ML-DSA's 2.4 KB would increase gossip overhead by ~37×. Polkadot made the exact same choice in June 2025 for identical reasons.
What exactly is XDSS-PQ and why does it matter strategically?+
XDSS-PQ is a complete trade document signing schema: dual ML-DSA + Falcon signatures, metadata standards, 30-year validity windows, and EU 2030 + NIST FIPS compliance declarations. Co-authored as an open standard with ITFA, ICC, and TradeTrust, it makes XDC the reference implementation — creating a network effect moat no fee advantage can overcome.
How does XDC benefit from Ethereum's PQ research?+
Directly, via EVM compatibility. Ethereum's open-source PQ toolchain — leanSig, leanSpec, leanMultisig, STARK aggregation, and future precompiles from the J* fork — port directly to XDC. The XDC PQ team engages with the EF PQ Team at pq.ethereum.org as a collaboration partner. XDC benefits from Ethereum's $20M+ research investment without duplicating it.

Join the initiative

Open to researchers, validators, enterprise clients, and institutional partners. Co-author XDSS-PQ, contribute to the roadmap, or pilot PQ signatures on your subnet.

Contact the PQ Council →
Attend the retreat
EF Post-Quantum Research Retreat
Cambridge, UK · Oct 9–12, 2026
→ pq.ethereum.org → github.com/leanEthereum → NIST FIPS 203/204/205/206
// secure the future of trade

XDC is securing global trade finance
for the next century

Join the XDC PQ Initiative. Help build the world's first post-quantum certified enterprise trade finance blockchain.