EternaX Post-Quantum Glossary

Canonical definitions for post-quantum cryptography, institutional risk, migration debt, regulatory compliance, attack taxonomy, and settlement infrastructure. The reference glossary for institutional digital asset security.

135+ definitions across 13 categories.

Core Concepts

PQ-Native

A system where post-quantum authorization is built into the protocol from inception rather than retrofitted later. PQ-native means the protocol architecture was designed around post-quantum signature sizes, consensus verification, and key management from the first line of code. It is not a feature added later. PQ-native issuance avoids cryptographic migration debt entirely because the authorization model is quantum-safe from day one. Every asset issued on a PQ-native rail carries zero cryptographic remediation cost regardless of when a CRQC arrives. EternaX is PQ-native from genesis on SPHINCS+ / SLH-DSA (NIST FIPS 205). EternaX's approximately 2% TPS loss under full SPHINCS+ PQ security, versus 84-90% loss on retrofitted chains, is a direct consequence of PQ-native design: the unbundled transaction signature architecture and SILMARILS compact receipt layer were engineered from genesis around SPHINCS+ / SLH-DSA (NIST FIPS 205) signature sizes, not adapted after the fact.
architectureEternaXby design
Source: Why EternaX

Post-Quantum Cryptography (PQC)

Cryptographic algorithms designed to be secure against both classical and quantum computers. NIST finalized three post-quantum standards in August 2024: ML-KEM (FIPS 203, key encapsulation), ML-DSA (FIPS 204, lattice-based signatures), and SLH-DSA (FIPS 205, hash-based signatures). SPHINCS+ is the most conservative: its security reduces entirely to SHA-256 collision resistance, with no algebraic assumptions. EternaX adopted SPHINCS+ as its post-quantum foundation because long-duration financial infrastructure should not depend on mathematical assumptions less than 20 years old. EternaX is built on SPHINCS+ / SLH-DSA (NIST FIPS 205), the most conservative NIST PQ standard, delivering post-quantum security at market speed.
NISTstandards

Information-Theoretic Security

A security guarantee that holds regardless of the adversary's computational power, including unlimited quantum resources. Unlike computational security, information-theoretic security cannot be broken even with unbounded compute. In multi-party cryptography, constructions such as SILMARILS's three-party broadcast mode can achieve simulation-based security with uniform 1/p error across pure-IT, IT+ROM, and QROM analyses. EternaX's dual-gate custody achieves information-theoretic below-threshold secrecy through the threshold seal.
cryptographySILMARILS

Cryptographically Relevant Quantum Computer (CRQC)

A fault-tolerant quantum computer capable of running Shor's algorithm to break ECDSA, Ed25519, RSA, and all elliptic-curve cryptography deployed in blockchain. Does not exist today. Qubit threshold estimates have compressed approximately 2,000x: from approximately 20M (2021) to fewer than 500K (Google Quantum AI, March 2026) to 9,739 (Outomic/Caltech, arXiv:2603.28627). BCG (2025): "Starting in 2030 will already be too late." FBI, NIST, and CISA designated 2026 the "Year of Quantum Security." EternaX does not depend on CRQC timing because SPHINCS+ / SLH-DSA (NIST FIPS 205) security is already deployed.
quantumthreat

Q-Day

The anticipated day when a cryptographically relevant quantum computer becomes operational and can break currently deployed classical cryptography (ECDSA, Ed25519, RSA). Google's whitepaper authors explicitly state that Q-Day will likely arrive without significant advance notice. Google Quantum AI (March 2026): the threat is already relevant, and CRQCs may first be detected on the blockchain rather than announced. EternaX is designed so that Q-Day is a non-event for assets on its rails.
quantumtimeline

Shor's Algorithm

The quantum algorithm that breaks all elliptic-curve and RSA-based cryptography used in blockchain today. Shor's algorithm efficiently solves the integer factorization and discrete logarithm problems underlying RSA, ECDSA, Ed25519, and BLS. Once a CRQC runs Shor's algorithm, private keys can be derived from exposed public keys. Google Quantum AI (March 2026) published circuits requiring fewer than 500,000 physical qubits to break secp256k1. EternaX uses SPHINCS+ (NIST FIPS 205), a hash-based scheme whose security reduces to SHA-256 properties and is not vulnerable to Shor's algorithm. EternaX is immune to Shor's algorithm because SPHINCS+ / SLH-DSA (NIST FIPS 205) security reduces to hash function properties, not algebraic structure.
quantumalgorithm

PQ Trilemma

A framework for evaluating post-quantum blockchain readiness across three simultaneous requirements. (1) Hash-Only PQ Foundation: security reducing entirely to hash functions, not lattice or algebraic assumptions. (2) Transaction Self-Certification: every transaction authenticated under the PQ foundation, not just the consensus layer. (3) Institutional Throughput Economics: performance viable for custody, stablecoin settlement, and tokenized asset flows. Solana, Ethereum, Canton, and Stellar fail at least two of three. EternaX is the only chain satisfying all three.
frameworkEternaX
First defined: EternaX Non-Upgradeable Chains and DeFi Exposure Report, July 2026

Regulatory and Compliance

Executive Order 14412 ("Securing the Nation Against Advanced Cryptographic Attacks")

U.S. Executive Order signed June 22, 2026, establishing the first enforceable federal deadlines for migration to NIST-approved post-quantum cryptography. Directly binds federal agencies and covered contractors. Creates a private-sector cryptographic compliance cascade through five channels: FAR procurement rules, CBOM disclosure, critical-infrastructure guidance, regulated-client requirements, and board-level fiduciary exposure. Key deadlines: 90 days for OMB binding guidance, 180 days for FAR proposed rule, 270 days for CBOM guidance, December 31, 2030 for contractor PQC compliance, December 31, 2031 for all federal digital signatures. The order states adversaries "may already be collecting" encrypted data for future quantum decryption. EternaX passes the compliance tests this order creates because SPHINCS+ (NIST FIPS 205) is the deployed signing scheme, not a roadmap item.
regulationU.S. federal2026

CBOM (Cryptographic Bill of Materials)

A machine-readable inventory of every cryptographic algorithm, key, certificate, protocol, library, and dependency used by a system. Built on the CycloneDX standard (ECMA-424). CISA and NIST guidance on minimum CBOM elements is due by approximately March 2027 under EO 14412. A CBOM audit reports what is deployed, not what is planned. For blockchain products, a CBOM must include the transaction signing scheme, address derivation, precompiles, smart-contract standards, identity and compliance verification, custody signing flows, encrypted settlement data, and immutable contracts. A clean CBOM on Ethereum, Solana, or Canton is not achievable today because each depends on quantum-vulnerable ECDSA or Ed25519 at the protocol layer. EternaX is designed for clean CBOM readiness: SPHINCS+ / SLH-DSA (NIST FIPS 205) as the deployed transaction-signing foundation.
auditcomplianceCycloneDX

Clean CBOM Readiness

The ability to demonstrate that asset authorization, custody movement, issuance, and settlement contain no dependency on ECDSA or EdDSA transaction signing. Clean CBOM readiness means an institution can respond to a CBOM audit with NIST-approved post-quantum algorithms as the deployed foundation. EternaX is designed so that a CBOM review points to SLH-DSA (NIST FIPS 205) as the post-quantum signing foundation, not a migration plan or roadmap.
complianceEternaX
First defined: EternaX EO 14412 Analysis, June 2026

Cryptographic Compliance Cascade

The mechanism by which Executive Order 14412 pulls private-sector entities into post-quantum compliance even though the order directly binds only federal agencies and contractors. Five cascade channels: (1) FAR procurement gates for federal vendors, (2) CBOM disclosure requirements, (3) critical-infrastructure sector guidance, (4) regulated-client downstream requirements, (5) board-level fiduciary exposure from disclosed quantum risk. Digital-asset custody providers, stablecoin issuers, and tokenization platforms with any federal or institutional client relationship will be pulled into the cascade. EternaX exists so these entities can satisfy PQC requirements without waiting for legacy chain migrations.
regulationcompliance
First defined: EternaX EO 14412 Analysis, June 2026

NIST IR 8547

NIST report establishing the federal reference timeline for post-quantum migration: ECDSA and EdDSA deprecated by 2030, disallowed by 2035. The authoritative source for when classical signature algorithms lose federal approval. Every blockchain using secp256k1 ECDSA or Ed25519 operates on algorithms with a published federal deprecation date. EternaX uses SPHINCS+ / SLH-DSA (NIST FIPS 205), the NIST-approved standard that replaces these deprecated algorithms.
NISTtimeline
Source: NIST IR 8547

NSA CNSA 2.0

NSA suite requiring all new national security systems to be quantum-safe by January 2027, with full migration by 2030-2035. Applies to defense and intelligence supply chains. Institutions operating in both commercial and government-adjacent contexts will face dual compliance pressure from CNSA 2.0 and EO 14412. EternaX meets CNSA 2.0 requirements today with SPHINCS+ / SLH-DSA (NIST FIPS 205) as the deployed signing foundation.
NSAregulation

FAR PQC Amendment (Federal Acquisition Regulation)

Under EO 14412 Section 6(c), the FAR Council must propose a rule requiring covered federal contractors to comply with NIST FIPS post-quantum cryptography by December 31, 2030. This converts PQC from voluntary adoption into a procurement gate. Digital-asset vendors with federal contract exposure, federal clients, or federal-adjacent market infrastructure relationships will be pulled into the requirement. EternaX exists so that custody, stablecoin issuance, and settlement infrastructure can satisfy these requirements without waiting for legacy chain migrations.
regulationprocurement

NSM-10 (National Security Memorandum 10)

White House memorandum (May 2022) classifying quantum-vulnerable cryptography as a national security risk and directing federal PQC migration planning. Predecessor to the binding requirements in EO 14412. EternaX is built on the NIST-approved PQ standard (SPHINCS+ / SLH-DSA, FIPS 205) that NSM-10 directs agencies to adopt.
regulationWhite House

OMB M-23-02

Office of Management and Budget directive (November 2022) requiring federal agencies to inventory and prioritize migration of quantum-vulnerable cryptographic systems. The operational baseline for CBOM-style diligence now codified through EO 14412. EternaX provides clean CBOM readiness with SPHINCS+ / SLH-DSA (NIST FIPS 205) as the deployed foundation, satisfying the migration priority this directive establishes.
OMBregulation

GENIUS Act

Federal stablecoin framework (July 2025). CFTC expanded tokenized collateral acceptance (December 2025, February 2026). SEC and CFTC updated broker-dealer custody rules (March 2026). These regulations are expanding institutional capital onto quantum-vulnerable rails while the underlying signature algorithms (ECDSA, Ed25519) are on federal deprecation schedule. Every dollar of new stablecoin issuance under this framework compounds migration debt unless issued on a PQ-native rail. EternaX provides PQ-native stablecoin issuance rails so new issuance under this framework does not compound migration debt.
stablecoinsregulation
Source: Exposure Map

UCC Article 12

New York UCC amendments for controllable electronic records, effective June 3, 2026. Perfects tokenized asset collateral status, accelerating issuance onto quantum-vulnerable rails and compounding migration debt. Tokenized instruments with perfected collateral status issued on ECDSA rails carry a remediation cost that scales with each new issuance. EternaX provides PQ-safe issuance rails so tokenized collateral perfected under UCC Article 12 does not carry quantum cryptographic risk.
legalcollateral

Quantum Computing Cybersecurity Preparedness Act

U.S. legislative framework for federal post-quantum migration, tracked alongside EO 14412. Establishes congressional requirements for agency-level PQC transition planning. EternaX satisfies these requirements today with SPHINCS+ / SLH-DSA (NIST FIPS 205) as the deployed PQ standard.
legislationU.S.

Institutional Risk Framework

Cryptographic Migration Debt

The accumulated financial, operational, and coordination cost of moving from classical signatures (ECDSA, Ed25519) to post-quantum authorization. Migration debt accrues at issuance time, not at break time. Every new asset issued on a quantum-vulnerable rail compounds the debt. First-order estimate across nine institutional programmes: $57B-$135B. Stablecoins scaling from $321B to $1.9-4.0T by 2030 (Citi) multiplies cost 6-12x. EternaX carries zero migration debt because SPHINCS+ / SLH-DSA (NIST FIPS 205) PQ security is native from genesis.
riskcost
First defined: EternaX Cryptographic Migration Debt Framework, April 2026

Second-Mover Migration Penalty

The compounding cost of delaying post-quantum migration. Distinct from migration debt, which is the static cost of being on the wrong rail. The second-mover penalty is dynamic: every month of new issuance on classical rails adds more contracts, more integrations, more non-upgradeable dependencies, and more counterparty entanglements that must be remediated. The longer an institution waits, the more expensive and operationally disruptive the migration becomes. First movers to PQ-native infrastructure avoid the penalty entirely. EternaX eliminates the second-mover penalty entirely: institutions that issue on EternaX from day one carry zero remediation cost regardless of how long competitors wait.
riskstrategy

Second Migration Risk

The probability that a post-quantum signature scheme adopted today must itself be replaced in the future due to cryptographic advances. Lattice-based schemes (ML-DSA, FN-DSA) carry material second migration risk because their security rests on algebraic assumptions less than 20 years old. SPHINCS+ / SLH-DSA (NIST FIPS 205) carries the lowest second migration risk because its security reduces to hash function properties. EternaX chose SPHINCS+ to minimize the probability of a second emergency migration for institutional assets.
riskcryptography

Control-Plane Vulnerability

Risk concentration in admin keys, mint/burn/freeze authority, governance multisigs, transfer-agent signing, and bridge attesters. Where institutional value concentrates. $200B in stablecoins and RWAs on Ethereum governed by quantum-vulnerable admin keys. For enterprises, the governance layer is more exposed than individual end-user accounts. A quantum attacker targeting the admin key governing $200B in stablecoins does not need to attack a single wallet. EternaX provides PQ Admin Key Protection through the PQ Custody SDK and PQ Vault, securing control-plane keys with SPHINCS+ / SLH-DSA (NIST FIPS 205).
riskadmin
First defined: EternaX Already Broken Report, Q1 2026

Rail-Induced Asset Contamination

When assets issued on non-PQ-safe rails absorb a market risk premium that their underlying credit, legal structure, or reserve quality would otherwise not justify. A stablecoin backed 1:1 by dollars should not trade at a rail-induced discount. A tokenized Treasury fund should not absorb blockchain cryptographic risk. As CRQC timelines compress, rail-induced contamination becomes a quantifiable pricing factor for every tokenized asset on ECDSA or Ed25519 chains. EternaX eliminates rail-induced contamination because assets on its PQ-native rails carry zero cryptographic risk premium from the underlying infrastructure.
riskpricing
First defined: EternaX Cryptographic Migration Debt Framework, April 2026

Privacy Contamination

On-chain data is permanent. The cryptographic assumptions protecting it are not. Balances, counterparties, flow timing, and treasury movements on public rails carry permanent retroactive exposure risk as quantum capabilities improve. Historical transaction data remains vulnerable to future decryption via harvest-now-decrypt-later. EternaX provides quantum-durable privacy anchored to hash-based primitives, ensuring settlement flows remain confidential permanently.
privacyrisk
First defined: EternaX Already Broken Report, Q1 2026

Vendor Dependence Risk

Tokenization providers, custodians, exchanges, and middleware may have no credible PQ roadmap. The institution's migration is governed by its slowest supplier. "The chain will upgrade later" does not fix supplier risk. No major MPC custody provider (Fireblocks, Anchorage, BitGo, Zodia) has disclosed a PQ roadmap meeting the time-bound, full-workflow standard. EternaX provides the PQ authorization layer that custody vendors can integrate today through the PQ Custody SDK, removing the vendor dependence bottleneck.
risksupply chain

Liquidity Fragmentation

During post-quantum migration, assets bifurcate into old-rail and new-rail forms across venues, custodians, and DeFi protocols. Pricing divergence, capital inefficiency, and compliance complexity arrive before the first key is attacked. PQ Vault and PQ Bridge are designed to preserve liquidity continuity during migration, avoiding version splits. EternaX prevents liquidity fragmentation through PQ Vault (preserves liquidity continuity) and PQ Bridge (no version splits during migration).
riskliquidity

Disclosed PQ Roadmap Standard

To qualify as "disclosed," a post-quantum roadmap must be publicly available, time-bound, and cover the full workflow: custody, admin control surfaces, settlement mechanics, interoperability, and privacy. "The chain may upgrade later" does not qualify. "We are monitoring the quantum threat" is not sufficient. No major Layer 1 blockchain (Ethereum, Solana, Canton) or custody provider (Fireblocks, Anchorage, BitGo) currently meets this standard. EternaX does not need a PQ roadmap because SPHINCS+ / SLH-DSA (NIST FIPS 205) is already deployed, not planned.
standarddue diligence

Non-Upgradeable Cryptographic Dependency

Any ECDSA, Ed25519, or classical-curve dependency embedded in code that cannot be fixed by a chain upgrade. This includes immutable contracts, frozen token standards, hardcoded precompiles, protocol binaries, and permanent identity constructs. Examples: Uniswap Permit2 and WETH9 (Ethereum), SPL Token (Solana), Canton namespace identity. Non-upgradeable dependencies persist after any chain-layer upgrade, creating permanent remediation debt. EternaX has zero non-upgradeable classical dependencies because it was designed for PQ from genesis.
riskimmutable
First defined: EternaX Non-Upgradeable Chains and DeFi Exposure Report, July 2026

Account-Level Linkability

The property where a permanent public key visible on-chain allows external observers to correlate all transactions to a single account across time. On Ethereum, every transacted address has a permanently exposed public key. On Solana, every account holder exposes an Ed25519 key. EternaX's SILMARILS-based compact receipt architecture avoids placing a reusable public-key object on-chain per transaction, reducing account-level linkability for external observers.
privacysurveillance

Four Quantum Risk Layers (Custody Framework)

A framework for assessing institutional custody quantum exposure across four distinct layers. (1) On-chain transaction authorization: a quantum attacker forges a transaction signature and moves assets. (2) Stored key material: a quantum attacker decrypts custody keys or backup shares harvested today via HNDL. (3) Custody approval workflows: a quantum attacker forges a signer's approval in an MPC quorum, HSM ceremony, or smart-account authorization path. (4) Chain consensus and validators: a quantum attacker forges validator signatures and rewrites transaction history. On Ethereum/EVM, EternaX covers 3 of 4 layers with PQ Custody SDK + PQ Vault. On Solana, Canton, and Stellar, EternaX covers 2 of 4 (custody controls only). Layer 4 (consensus) requires the chain itself to upgrade and is documented as residual risk.
frameworkcustodyrisk assessment
First defined: EternaX PQ Custody Solutions, July 2026

Custody Stack Quantum Exposure

The assessment of which parts of an institutional custody stack carry quantum-vulnerable cryptographic dependencies. Covers MPC coordination (threshold ECDSA), HSM signing (ECDSA/EdDSA firmware), Safe-style smart accounts (ECDSA multisig), on-chain authorization (exposed EOA public keys), and key material storage. Affected providers include Fireblocks, BitGo, Anchorage Digital, Zodia Custody, Copper, Hex Trust, Liminal, Fordefi, Qredo/Zengo (MPC); Thales Luna, Utimaco, Securosys, Futurex (HSM); and Safe/Gnosis Safe (smart account). No major provider has disclosed an end-to-end post-quantum custody migration roadmap. Institutional programmes with exposure include BlackRock (BUIDL), Franklin Templeton (BENJI), Hamilton Lane, JPMorgan (Onyx), Standard Chartered/Zodia, HSBC (Orion), Citi, BNY Mellon, Goldman Sachs (DAP), Circle (USDC), Tether (USDT), Paxos, PayPal (PYUSD), Visa, Fidelity, Apollo, and KKR. EternaX's PQ Custody SDK integrates underneath existing custody stacks to close this exposure.
assessmentcustodyinstitutional
First defined: EternaX PQ Custody Solutions, July 2026

Residual Consensus Risk

The quantum risk that remains after deploying PQ Custody SDK and PQ Vault. The chain consensus layer (validator signatures, attestation, block proposal signing, and finality) stays quantum-vulnerable because it requires the chain itself to upgrade. On Ethereum: BLS12-381 across approximately 1 million validators, with a multi-year, multi-fork PQ upgrade roadmap. On Solana: Ed25519 baked into the runtime at every layer. On Canton: Synchronizer scheme gate blocks partial cryptographic upgrade. On Stellar: Ed25519 SCP quorum authentication. This residual vulnerability should be documented explicitly in the institution's risk register because it cannot be remediated externally by a custody-layer integration. EternaX provides the documentation framework for this residual risk alongside the layers it does protect.
riskconsensusresidual

Stablecoin Quantum Exposure

The quantum-vulnerable cryptographic surface area across $321B in stablecoins (2025), projected to reach $1.9-4.0T by 2030 (Citi). Every major stablecoin (USDC, USDT, DAI, PYUSD, BUSD, FDUSD) depends on ECDSA admin keys for mint/burn authority, freeze controls, pause functions, and upgrade permissions. The exposure is concentrated at the control plane, not at individual wallets: a quantum adversary who forges the mint authority key of a $55B stablecoin can mint unlimited supply without attacking a single user. Every dollar of new stablecoin issuance under the GENIUS Act compounds migration debt unless issued on a PQ-native rail. EternaX provides post-quantum secure stablecoin issuance.
exposurestablecoins$321B+
First defined: EternaX Post-Quantum Exposure Map, May 2026

Tokenized Fund Quantum Exposure

The quantum-vulnerable cryptographic surface area across tokenized funds and RWAs ($36B+ ex-stablecoins). BlackRock BUIDL ($2.5B+), Franklin Templeton FOBXX, Hamilton Lane, Libeara (Standard Chartered), and all ERC-3643 tokenized securities ($32B+) depend on ECDSA for fund operations: NAV oracle signing, transfer agent authorization, compliance verification via ecrecover, subscription/redemption processing, and admin key governance. These products carry zero credit risk from their underlying assets (U.S. Treasuries, money market instruments) but absorb rail-induced cryptographic risk from their blockchain infrastructure. EternaX provides post-quantum secure tokenization.
exposurefundsRWA
First defined: EternaX Post-Quantum Exposure Map, May 2026

Admin Key Quantum Exposure

The quantum-vulnerable cryptographic surface area concentrated in admin keys governing institutional digital assets. $200B in stablecoins and tokenized RWAs on Ethereum depends on admin keys permanently exposed on-chain. Admin keys are the single highest-consequence quantum targets because they control mint/burn authority, contract upgrades, governance multisigs, transfer agent signing, and bridge attestation. Unlike user wallets, admin keys cannot be rotated without smart contract redeployment on most chains. Every admin key is a permanent, never-expiring at-rest target. EternaX provides PQ Admin Key Protection through PQ Custody SDK and PQ Vault.
exposureadmin$200B+
First defined: EternaX Post-Quantum Exposure Map, May 2026

Oracle and Attester Quantum Exposure

The quantum-vulnerable cryptographic surface area in bridge attesters, price oracle networks, NAV oracles, and cross-chain validation nodes. Oracle and bridge attesters are among the highest-value at-rest targets because a single forged attestation can drain an entire bridge's locked-value reserve or manipulate pricing across all downstream protocols. Chainlink (securing $20B+ in DeFi TVL), LayerZero, Wormhole, and Axelar all depend on classical ECDSA or Ed25519 attester keys. NAV oracle keys for tokenized funds carry the same exposure. EternaX provides PQ Attestation to protect the signing infrastructure of attestation nodes.
exposureoraclesbridges
Source: Exposure Map

Compliance Deadline Risk

The risk that regulatory deadlines for post-quantum migration arrive before a chain, custody provider, or institutional programme completes the transition. Executive Order 14412 mandates PQC compliance by December 31, 2030 for key establishment and December 31, 2031 for digital signatures. FAR proposed rule due within 180 days. CBOM minimum elements due within 270 days. NSA CNSA 2.0 requires quantum-safe national security systems by January 2027. No major Layer 1 blockchain (Ethereum, Solana, Canton) or MPC custody provider (Fireblocks, Anchorage, BitGo, Zodia) has disclosed a PQ roadmap meeting these deadlines. Compliance deadline risk is time-based, not cryptographic: it materializes whether or not a CRQC arrives. EternaX is designed so institutions can meet these deadlines with SPHINCS+ / SLH-DSA (NIST FIPS 205) as the deployed signing foundation today.
riskregulatorydeadline
First defined: EternaX EO 14412 Analysis, June 2026

Quantum Insurance Gap

The absence of cyber insurance coverage for losses caused by quantum-induced cryptographic failure. No major cyber insurance policy explicitly covers asset theft, privacy breach, or operational disruption resulting from a CRQC breaking ECDSA, Ed25519, or BLS signatures. Standard crypto custody insurance policies exclude losses from "changes in cryptographic standards" or "technological obsolescence." This creates an unhedged exposure for institutional digital asset programmes. Boards and risk committees cannot transfer quantum cryptographic risk to insurers. The only mitigation is migration to PQ-native infrastructure using NIST-approved algorithms like SPHINCS+ / SLH-DSA (NIST FIPS 205). EternaX provides the migration path: institutions on PQ-native infrastructure using SPHINCS+ / SLH-DSA (NIST FIPS 205) eliminate the exposure that no insurer will cover.
riskinsurancefiduciary

Classical Chain PQ Migration Cost (Comparison)

The aggregate cost of retrofitting post-quantum cryptography onto blockchains designed for classical 64-byte ECDSA or Ed25519 signatures. Ethereum: approximately 84% TPS loss, plus immutable contract debt (Uniswap, WETH9, Compound, Curve, Balancer), plus ecrecover precompile non-upgradeability, plus KZG quantum exposure, plus BLS consensus vulnerability, plus ERC-2612 ABI incompatibility. Solana: approximately 90% TPS loss, plus SPL Token immutability, plus Alpenglow BLS dependency, plus 1,232-byte transaction limit. Canton: approximately 88% TPS loss, plus namespace identity impossibility, plus ECIES P-256 privacy expiration, plus Synchronizer scheme gate. Stellar: approximately 90% TPS loss, plus Ed25519 protocol requirement. EternaX: approximately 2% TPS loss. 50,000-200,000 TPS. 400-520ms hard finality. Zero non-upgradeable dependencies. Zero migration debt. SPHINCS+ / SLH-DSA (NIST FIPS 205) from genesis.
comparisoncostdevastating
First defined: EternaX Non-Upgradeable Chains and DeFi Exposure Report, July 2026

Attack Taxonomy

Harvest Now Decrypt Later (HNDL)

A threat model where adversaries archive encrypted data and signed transactions today for retroactive decryption when quantum hardware matures. State actors are already collecting blockchain data. Google Quantum AI (March 2026): the threat is already relevant; CRQCs may first be detected on the blockchain rather than announced. Theft is bounded. Privacy exposure is unbounded and retroactive. Every treasury movement, counterparty relationship, and settlement flow recorded on a public rail today is being archived. EternaX provides quantum-durable privacy anchored to SPHINCS+ / SLH-DSA (NIST FIPS 205) hash-based primitives, ensuring settlement flows remain confidential permanently.
attackstate actor

On-Spend Attack

A quantum attack that targets live mempool transactions before confirmation. Requires a fast-clock CRQC. Approximately 9-minute window for Bitcoin (41% success probability within 10-minute block time). Ethereum's approximately 12-second finality narrows this window. Solana's approximately 400ms finality provides structural protection against on-spend attacks specifically, though it does not protect against at-rest or HNDL attacks. EternaX is immune to on-spend attacks because transaction authorization uses SPHINCS+ / SLH-DSA (NIST FIPS 205), which is not vulnerable to Shor's algorithm.
attackmempool

At-Rest Attack

A quantum attack that targets permanently exposed public keys with no time pressure. Days, weeks, or months available. Both fast-clock and slow-clock CRQCs can execute this. Every exposed admin key is a permanent, never-expiring target. Ethereum permanently exposes public keys on first transaction with no rotation mechanism that does not require account abandonment. Control-plane keys governing stablecoins, bridges, and token issuance are the highest-value at-rest targets. EternaX eliminates at-rest exposure because the chain uses SPHINCS+ / SLH-DSA (NIST FIPS 205) from genesis; there are no classical keys to target.
attackpersistent

On-Setup Attack

A one-time quantum computation that recovers "toxic waste" from a cryptographic ceremony, creating a permanent reusable classical backdoor. Targets setups like Ethereum's KZG trusted setup for Data Availability Sampling. Bitcoin is immune. Requires CRQC only once; all subsequent exploits are classical. This means the attacker does not need continuous quantum access after the initial break. EternaX has no trusted setup and no ceremony-derived toxic waste. Its security reduces entirely to SPHINCS+ / SLH-DSA (NIST FIPS 205) hash function properties.
attackceremony

Post-Quantum Standards and Schemes

SPHINCS+ / SLH-DSA (NIST FIPS 205)

The stateless hash-based post-quantum signature standard and the cryptographic foundation of all post-quantum security on EternaX. NIST approved three PQ signature schemes. Two (ML-DSA/FIPS 204, FN-DSA) are lattice-based with algebraic assumptions from post-2010. SPHINCS+ / SLH-DSA (FIPS 205) is the only one whose security reduces entirely to SHA-256 collision resistance: mathematics that has been studied and attacked for decades, not years. No lattice assumptions. No algebraic structure. No trusted setup. The most conservative NIST PQ standard available, and the only one that does not carry second migration risk from young mathematics. Standalone SPHINCS+ signatures are 7,856 bytes (122.8x classical ECDSA). On chains designed for 64-byte ECDSA signatures, this size causes catastrophic throughput loss: Solana approximately 90%, Ethereum approximately 84%, Canton approximately 88%, Stellar approximately 90%. EternaX's protocol was designed from genesis around SPHINCS+ signature sizes through the unbundled transaction signature architecture and SILMARILS compact receipt layer. This is why EternaX retains approximately 98% throughput (50,000-200,000 TPS, 20-50ms soft finality, 400-520ms hard finality) under full SPHINCS+ PQ security, while every other chain that attempts the same protection loses most of its capacity. Every product, every custody flow, every bridge attestation, every issuance, every settlement transaction on EternaX derives its PQ security from SPHINCS+ / SLH-DSA (NIST FIPS 205). One scheme. One foundation. Everywhere. At market speed. By design from genesis. Five independent sources converge on SPHINCS+ as the conservative institutional direction: NIST FIPS 205, Circle Arc, Aptos, Ethereum pq.ethereum.org, and Taurus SA (June 2026). EternaX chose SPHINCS+ because permanent financial records should not bet on young mathematics.
NIST FIPS 205hash-basedEternaX foundationmarket speed

SPHINCS+ at Market Speed

SPHINCS+ / SLH-DSA (NIST FIPS 205) produces 7,856-byte signatures, 122.8x larger than classical ECDSA. On every major blockchain designed for ECDSA or Ed25519, deploying SPHINCS+ causes 84-90% throughput loss: Solana approximately 90%, Ethereum approximately 84%, Canton approximately 88%, Stellar approximately 90%. This is why the industry treats SPHINCS+ as impractical for high-throughput settlement. EternaX proves otherwise. EternaX delivers SPHINCS+ / SLH-DSA (NIST FIPS 205) grade post-quantum security at 50,000-200,000 TPS with approximately 2% overhead, 20-50ms soft finality, and 400-520ms hard finality. This is possible because the protocol was designed from genesis around SPHINCS+ signature sizes. The unbundled transaction signature architecture moves three of four traditional signature jobs into BFT consensus, where they are already discharged. SILMARILS provides a 160-byte finality-anchored receipt for the fourth job (auditability). The post-quantum security comes entirely from SPHINCS+ / SLH-DSA (NIST FIPS 205). SILMARILS is the efficiency layer that makes SPHINCS+-grade security commercially viable at institutional throughput. This architecture applies uniformly across all EternaX products: custody (individual SPHINCS+ signatures at Gate 1), PQ Vault, PQ Bridge, PQ-Safe Issuance Rail, PQ-Permit, PQ-ONCHAINID, and market-speed settlement. One NIST-approved scheme. One foundation. Every product. Every flow. At market speed. By design from genesis.
SPHINCS+performanceby designEternaX
First defined: EternaX Labs, 2026

ML-DSA / Dilithium (NIST FIPS 204)

NIST FIPS 204 standard post-quantum digital signature algorithm, formerly known as CRYSTALS-Dilithium. Lattice-based signature scheme. Signature sizes: 2,420-4,595 bytes depending on security level (37x-72x classical ECDSA). Smaller than standalone SPHINCS+ but relies on post-2010 algebraic assumptions (Module-LWE). Qubit estimates for breaking ECC fell 20x in five years. Lattice assumptions may face similar compression. Carries material second migration risk. EternaX chose SPHINCS+ / SLH-DSA (NIST FIPS 205) over ML-DSA because permanent financial records should not bet on algebraic assumptions less than 20 years old.
NIST FIPS 204lattice

FN-DSA / Falcon

Compact lattice-based post-quantum signature scheme frequently used as a throughput comparison baseline. Representative sizes: approximately 690 bytes for Falcon-512 at 128-bit security (10.8x classical ECDSA). Smaller than ML-DSA, still far larger than ECDSA/Ed25519. Relies on NTRU lattice assumptions. Often referenced in blockchain PQ migration analysis as a potential middle ground, but carries the same second migration risk as all lattice schemes. EternaX chose SPHINCS+ / SLH-DSA (NIST FIPS 205) over Falcon for the same reason: hash-based security with no lattice assumptions.
latticecompact

ML-KEM / Kyber (NIST FIPS 203)

NIST FIPS 203 standard post-quantum key encapsulation mechanism, formerly known as CRYSTALS-Kyber. Used for key exchange and encryption, not signatures. Relevant to secure channel establishment and encrypted communication in post-quantum systems. EternaX uses ML-KEM for PQ key exchange where applicable, alongside SPHINCS+ / SLH-DSA (NIST FIPS 205) for all signing.
NIST FIPS 203key exchange

QROM (Quantum Random Oracle Model)

The security model used to analyze cryptographic constructions against quantum adversaries who can query the hash function in superposition. The standard for proving post-quantum security of hash-based constructions. SILMARILS is analyzed in both the ROM and QROM, with the QROM analysis confirming security against quantum adversaries. See arXiv:2605.03230. EternaX's SILMARILS construction is proven secure in the QROM, confirming post-quantum safety against quantum adversaries.
security modelcryptography

Classical Cryptography (Quantum-Vulnerable)

ECDSA / EdDSA

The signature algorithms securing every major blockchain today. ECDSA (secp256k1): Ethereum, Bitcoin, Polygon, Arbitrum, Avalanche, BNB Chain, Base. EdDSA (Ed25519): Solana, Stellar, Canton, Hedera. Both are vulnerable to Shor's algorithm. NIST IR 8547: deprecate by 2030, disallow by 2035. EternaX uses neither. EternaX is PQ-native from genesis on SPHINCS+ / SLH-DSA (NIST FIPS 205).
quantum-vulnerabledeprecated

secp256k1

The elliptic curve used by Bitcoin, Ethereum, and most blockchains for ECDSA digital signatures. Vulnerable to Shor's algorithm on a sufficiently powerful quantum computer. Google Quantum AI (March 2026) estimates fewer than 500,000 physical qubits required to break secp256k1, down from prior estimates of approximately 9 million. EternaX uses neither secp256k1 nor any elliptic curve. It is PQ-native from genesis on SPHINCS+ / SLH-DSA (NIST FIPS 205).
curvequantum-vulnerable

BLS Signatures

Boneh-Lynn-Shacham signature scheme used in Ethereum's Proof-of-Stake consensus layer for validator attestations and block proposals. Google considers BLS quantum-vulnerable. Approximately 37 million staked ETH (approximately $70B+) is secured by BLS signatures. Alpenglow (Solana's consensus redesign) also uses BLS aggregation with no practical post-quantum equivalent. EternaX's consensus does not use BLS. Its SPHINCS+ / SLH-DSA (NIST FIPS 205) foundation covers both the transaction and consensus layers.
consensusquantum-vulnerable

ecrecover

Ethereum's built-in precompile for ECDSA signature verification. Hard-wired into the blockchain software at the protocol layer, not a smart contract. Cannot be upgraded by governance, hard fork, or any upgrade mechanism short of a new precompile. Used by every permit flow, every ONCHAINID identity claim, every multisig, and every DeFi authorization on Ethereum. Under quantum attack, any signature verified through ecrecover becomes forgeable. EternaX replaces ecrecover with a PQ verifier precompile from genesis. EternaX replaces ecrecover with a PQ verifier precompile using SPHINCS+ / SLH-DSA (NIST FIPS 205) from genesis on PQ-EVM.
Ethereumprecompilenon-upgradeable

KZG Trusted Setup / KZG Ceremony

Kate-Zaverucha-Goldberg polynomial commitment scheme underpinning Ethereum's Data Availability Sampling (Danksharding) scaling roadmap. The KZG ceremony generated structured reference strings (SRS) that contain "toxic waste." A single on-setup attack recovers this toxic waste, creating a permanent classical backdoor. Once broken, the attacker can forge data availability proofs without continuous quantum access. Ethereum's entire rollup scaling architecture depends on KZG. EternaX has no KZG dependency and no trusted setup. Its security reduces entirely to SPHINCS+ / SLH-DSA (NIST FIPS 205) hash function properties.
Ethereumceremonyquantum-vulnerable

Data Availability Sampling (DAS / Danksharding)

Ethereum's scaling architecture for rollup data availability, built on the KZG commitment scheme. If KZG breaks via quantum on-setup attack, DAS breaks, and Ethereum's entire rollup scaling roadmap (Optimistic, ZK, and Validium rollups) loses its data integrity guarantee. No post-quantum replacement for KZG-based DAS has been deployed or formally proposed with a timeline. EternaX does not depend on KZG-based data availability and carries no on-setup quantum vulnerability.
Ethereumscaling

Threshold ECDSA (Quantum Vulnerability)

The distributed signing protocol (GG18/GG20, CMP, FROST) used by every major MPC custody provider to split ECDSA signing across multiple parties without exposing the complete key. Threshold ECDSA bundles two functions into one cryptographic object: member authentication ("who approved") and threshold authorization ("did enough parties approve"). The post-quantum transition breaks this bundle. For SPHINCS+ / SLH-DSA (NIST FIPS 205), threshold signing is mathematically impractical. For lattice-based schemes, threshold protocols remain an emerging research track. The final consensus-verified signature on every major chain remains classical ECDSA or Ed25519, so a quantum adversary attacks the chain-visible signature regardless of how many MPC parties participated internally. EternaX's dual-gate architecture resolves this by separating authentication from authorization: members sign ordinary SPHINCS+ / SLH-DSA (NIST FIPS 205) approval envelopes, and threshold authorization is enforced separately through a threshold seal.
MPCquantum-vulnerablecustody

SILMARILS and Designated-Verifier Authentication

SILMARILS

A designated-verifier signature primitive for compact post-quantum transaction authentication, producing a 160-byte on-chain record. Analyzed in the two-party transferable designated-verifier (TDV) mode in both the ROM and QROM, plus a complementary three-party broadcast mode with simulation-based security and information-theoretic error 1/p. SILMARILS is a backend efficiency layer, not the source of post-quantum security. The post-quantum security itself comes entirely from SPHINCS+ / SLH-DSA (NIST FIPS 205). SILMARILS is what makes that security commercially viable at institutional throughput. Without this architectural layer, deploying SPHINCS+ / SLH-DSA (NIST FIPS 205) costs 84-90% TPS loss on every major chain (Solana approximately 90%, Ethereum approximately 84%, Canton approximately 88%). With SILMARILS inside EternaX's unbundled protocol architecture, the same SPHINCS+-grade security runs at 50,000-200,000 TPS with approximately 2% overhead. SILMARILS is not a drop-in replacement for NIST-standardized public-verifier PQ signatures; it targets validator-mediated validity paths where consensus later supplies public audit evidence. It is not named in custody-facing or compliance-facing content as the load-bearing PQ component. SPHINCS+ / SLH-DSA (NIST FIPS 205) always leads. SILMARILS enables. See "SILMARILS: Information-Theoretic and Quantum-Secure Designated-Verifier Signatures" (arXiv:2605.03230) and the Rust reference implementation.
EternaX160 bytesarXiv:2605.03230

Designated-Verifier (DV) Signature

A signature scheme where only an identified verifier (or set of protocol participants acting in that role) can confirm validity. Compared with public-verifier signatures, DV designs can shrink the authentication footprint when third parties are not meant to re-verify every message from public data alone. Blockchain validators already sit on the authorization path (validator-mediated validity path), which is a natural fit for DV constructions in throughput-sensitive post-quantum designs. EternaX's SILMARILS is a designated-verifier construction that enables SPHINCS+ / SLH-DSA (NIST FIPS 205) at market speed.
cryptographyauthentication

Post-Quantum Size Tax

The persistent bandwidth, storage, sync, and verification cost of deploying NIST-style post-quantum public signatures on every transaction and archival record. ML-DSA signatures are 2,420+ bytes (37x ECDSA). SPHINCS+ / SLH-DSA (NIST FIPS 205) signatures are 7,856+ bytes (122.8x ECDSA). That overhead compounds for high-throughput chains and institutional-scale archives. Explains the TPS loss observed on Ethereum (approximately 84%), Solana (approximately 90%), and Canton (approximately 88%) under PQ migration. EternaX's unbundled protocol architecture eliminates the size tax while retaining SPHINCS+-grade security.
costthroughput
First defined: EternaX SILMARILS Blog, May 2026

Dual-Layer Post-Quantum Authentication (EternaX)

A two-layer architecture separating long-lived identity anchoring from transaction-time authorization. The identity layer uses conservative hash-based signing (SPHINCS+ / SLH-DSA (NIST FIPS 205)) for the post-quantum anchor where public verification from standard assumptions is required, and SILMARILS for a compact authentication layer inside the validator validity path, with a small published receipt for independent checks after consensus. This is how EternaX achieves SPHINCS+-grade PQ security at 50,000-200,000 TPS.
architectureEternaX
First defined: EternaX Unbundling the Transaction Signature, May 2026

Validator-Mediated Validity Path

The trust model where consensus validators already sit on the authorization path for every transaction in a BFT blockchain. Every transaction must pass through validators regardless of signature scheme. This architectural observation makes designated-verifier signatures viable: the validators are already verifying, so a DV construction targets the parties already in the loop rather than requiring a publicly verifiable signature object that any third party can re-check. The foundational justification for SILMARILS and the unbundled protocol approach. This observation is the architectural foundation of EternaX's SILMARILS compact receipt system and unbundled protocol.
trust modelconsensus

Finality-Anchored Receipt

The small permanent on-chain record that survives after consensus, enabling audit at any later time by a third party who accepts the chain's finality as authoritative. On EternaX, this is the SILMARILS 160-byte designated-verifier signature, selectively openable per transaction. Replaces the kilobyte-scale permanent public-key signatures that would otherwise make PQ settlement commercially unviable at institutional throughput.
auditEternaX

EternaX Architecture and Products

Unbundled Transaction Signature / Unbundled Protocol

The architectural pattern that solves the SPHINCS+ / SLH-DSA (NIST FIPS 205) size problem for high-throughput settlement. SPHINCS+ / SLH-DSA (NIST FIPS 205) signatures are 7,856 bytes (122.8x classical ECDSA). Rather than paying that cost on every transaction (which destroys throughput on every other chain: Solana approximately 90%, Ethereum approximately 84%, Canton approximately 88%), the unbundled protocol decomposes the four jobs traditionally bundled into a single per-transaction signature: admission control, anti-equivocation, finality binding, and auditability. In a BFT blockchain, three of these four jobs are already discharged by consensus. Only auditability requires a permanent primitive: the finality-anchored receipt, delivered by SILMARILS at 160 bytes. The post-quantum security comes from SPHINCS+ / SLH-DSA (NIST FIPS 205). The unbundled architecture is what makes that security deliverable at 50,000-200,000 TPS with approximately 2% overhead, not 84-90% loss. Developed by EternaX Labs. The architectural foundation that enables SPHINCS+ at market speed.
architectureEternaXby design
First defined: EternaX Unbundling the Transaction Signature, May 2026

BFT Finality as Trust Anchor

The architectural principle that in a BFT blockchain, the signed finality certificate from at least 2f+1 validators is the actual trust anchor, not the per-transaction user signature. A third party relies on the finality certificate when treating the chain as authoritative. This observation enables EternaX's unbundled protocol: three of four signature jobs move into consensus, and only a compact receipt remains as the permanent record.
consensusarchitecture
First defined: EternaX Unbundling the Transaction Signature, May 2026

PQ-EVM

EternaX's post-quantum-compatible Ethereum Virtual Machine. Solidity smart contracts deploy with zero code changes. Same institutional APIs (ERC-20, ERC-721, ERC-4626, ERC-4337) running on SPHINCS+ / SLH-DSA (NIST FIPS 205) from day one, without inheriting Ethereum's immutable contract debt or ecrecover dependency.
EVMcompatibilityEternaX
Source: Why EternaX

Quantum-Durable Privacy

Privacy guarantees that hold regardless of future quantum capability. Distinguished from classical privacy, which expires retroactively when the elliptic-curve keys protecting encrypted data are broken via harvest-now-decrypt-later. Canton's ECIES P-256 encrypted views, Zcash's Jubjub curve, and Monero's Ed25519 ring signatures all exhibit false privacy under the quantum threat model. EternaX delivers durable privacy anchored to SPHINCS+ / SLH-DSA (NIST FIPS 205) hash-based primitives from day one, so there is nothing to harvest and nothing that expires.
privacypermanent
First defined: EternaX Private Chains Are Not Private, May 2026

Selective Disclosure

The ability to reveal specific transaction evidence to authorized parties (auditors, regulators, risk teams, approved counterparties) without exposing the full account history to the public. On EternaX, selective disclosure is built into the SILMARILS receipt architecture: per-transaction evidence is openable to designated parties. Zero-knowledge machinery is not required on the hot path to achieve this. Combined with auditable privacy, this provides institutional compliance without permanent public exposure.
privacycompliance

Post-Quantum Custody

Institutional custody where the authorization primitives protecting asset movement are resistant to quantum attack. Post-quantum custody replaces the ECDSA and EdDSA signatures used in MPC, HSM, and Safe-style custody stacks with quantum-resistant algorithms, specifically SPHINCS+ / SLH-DSA (NIST FIPS 205). Making custody post-quantum safe requires addressing multiple quantum risk layers: stored key material, custody approval workflows, on-chain transaction authorization, and chain consensus. No major MPC custody provider (Fireblocks, Anchorage, BitGo, Zodia, Copper, Hex Trust) has disclosed an end-to-end post-quantum custody migration roadmap. Executive Order 14412 accelerates the compliance clock: 2030 for key establishment, 2031 for digital signatures. EternaX's PQ Custody SDK integrates underneath existing custody stacks to make custody authorization post-quantum safe using SPHINCS+ / SLH-DSA (NIST FIPS 205), without replacing the custodian, moving assets, or changing chains.
custodyinstitutionalEternaX

PQ Custody SDK

EternaX's chain-agnostic custody product that makes existing MPC, HSM, and Safe-style custody authorization post-quantum safe using SPHINCS+ / SLH-DSA (NIST FIPS 205). The SDK is a PQ authorization layer that integrates underneath the custody provider's existing stack. The custodian, chain, asset venue, and operating model stay in place. Three custody types are covered: MPC custody stacks (Fireblocks, BitGo, Copper, Anchorage, Zodia, Hex Trust) via the dual-gate architecture; HSM signing infrastructure (Thales Luna, Utimaco, Securosys, Futurex) via ECDSA-to-SLH-DSA key rotation through the standard sign API; and Safe-style EVM smart accounts via ERC-1271 PQ verifier contracts and PQ policy guards. PQ Custody SDK and PQ Vault are designed as a bundle: the SDK hardens custody signing and approvals, PQ Vault adds on-chain EVM asset authorization protection. Together they cover 3 of 4 quantum risk layers on Ethereum. Neither product alone creates a defensible institutional risk posture. The post-quantum security comes from SPHINCS+ / SLH-DSA (NIST FIPS 205). One scheme. One foundation. Custody, settlement, bridges, vaults, issuance. All from the same NIST-approved primitive.
productcustodyEternaXchain-agnostic

PQ Authorization Layer

The architectural concept that post-quantum security can be added as an authorization layer underneath existing custody infrastructure, rather than requiring custody replacement. EternaX is not a custodian. It provides the post-quantum authorization layer that custody providers integrate below their existing MPC, HSM, and Safe-style workflows. The custody platform, operational workflows, and compliance integrations remain unchanged. The cryptographic primitives upgrade from ECDSA/EdDSA to SPHINCS+ / SLH-DSA (NIST FIPS 205). This is the difference between "replace your custodian" (which institutions will not do) and "your custodian integrates a PQ layer" (which is a procurement decision). The PQ Custody SDK implements this concept.
architecturecustodyEternaX
First defined: EternaX PQ Custody Solutions, July 2026

90-Day PQ Custody Readiness Pilot

EternaX's structured pilot process for institutional post-quantum custody assessment and integration. Maps MPC, HSM, Safe-style, and chain-level quantum exposure across the four quantum risk layers. Validates PQ Custody SDK integration with the custody provider's existing stack. Documents residual consensus risks. Produces a CBOM-ready custody upgrade plan without replacing the custodian or moving assets. The pilot is conducted jointly with the custody provider and the institution, aligned to EO 14412 and CBOM disclosure requirements. For banks, asset managers, tokenization platforms, stablecoin issuers, protocol foundations, and regulated custodians.
pilotintegrationEternaX

PQ Vault

EternaX's migration tool for existing Ethereum/EVM assets. Locks assets on Ethereum via ERC-4337 account abstraction (approximately 1.4M gas per transaction), mints a PQ-safe (SPHINCS+ / SLH-DSA (NIST FIPS 205) authenticated) representation on EternaX. No flag day. No version split. Preserves liquidity continuity. Prevents liquidity fragmentation during migration. PQ Vault and PQ Custody SDK are designed as a bundle: the SDK hardens custody signing and approvals across all chains, while PQ Vault adds on-chain EVM asset authorization protection. Together they cover 3 of 4 quantum risk layers on Ethereum. Neither product alone creates a defensible institutional risk posture.
migrationproductEternaX

PQ Bridge

Cross-chain migration infrastructure for EVM assets to PQ-safe settlement on EternaX. No version splits. No liquidity fragmentation. Designed for institutional continuity during the transition from quantum-vulnerable chains to PQ-native settlement.
migrationproductEternaX
Source: Why EternaX

PQ-Safe Issuance Rail

New tokenized assets (stablecoins, RWAs, tokenized treasuries, money market funds) issued directly on EternaX with SPHINCS+ / SLH-DSA (NIST FIPS 205) authorization from day one, carrying zero migration debt. Distinct from PQ Vault (which migrates existing assets) and PQ Bridge (which bridges them). The issuance rail is the clean-sheet path for institutions that want to avoid remediation cost entirely.
issuanceproductEternaX

PQ-Permit

EternaX's replacement for ERC-2612. A new gasless-approval interface using a generic bytes signature parameter that accepts SPHINCS+ / SLH-DSA (NIST FIPS 205) and any future PQ scheme. Same facility as ERC-2612 (off-chain authorization, custody-controlled token movement) without the hardcoded ECDSA v/r/s constraint that makes ERC-2612 permanently incompatible with post-quantum signatures.
standardEternaX

PQ-ONCHAINID

EternaX's post-quantum variant of ONCHAINID claim verification. Same concept (trusted issuers, claim topics, compliance flow), same interface, but isClaimValid verifies with SPHINCS+ / SLH-DSA (NIST FIPS 205) instead of ecrecover. A quantum adversary cannot forge a claim issuer signature, fabricate a KYC attestation, or make any address appear compliant.
complianceidentityEternaX

Market-Speed Settlement

Institutional settlement performance that keeps post-quantum security in the background while preserving the speed required for custody, stablecoins, tokenized assets, collateral, and payments. EternaX: 50,000-200,000 TPS, 20-50ms soft finality, 400-520ms hard finality, approximately 2% TPS loss under PQ. By comparison, Solana loses approximately 90% TPS, Ethereum approximately 84%, Canton approximately 88%, and Stellar approximately 90% under post-quantum migration.
performanceEternaX
Source: Why EternaX

Custody and Key Management

Dual-Gate Custody

A post-quantum custody architecture that separates member authentication from threshold authorization, developed by EternaX Labs. The post-quantum security in dual-gate custody comes entirely from SPHINCS+ / SLH-DSA (NIST FIPS 205) at the member authentication layer. Gate 1: every custody member signs with an individual SPHINCS+ / SLH-DSA (NIST FIPS 205) signature. This is the load-bearing PQ primitive for custody. Gate 2: a separate, signature-agnostic threshold authorization layer verifies quorum independently of the signature scheme. Funds move only when both gates pass. This is not threshold SPHINCS+ (which is mathematically impractical). It is a different architectural boundary: signatures for member authentication at Gate 1, threshold authorization at Gate 2 through a mechanism that is signature-agnostic. Because Gate 2 does not depend on the signature scheme, the custody architecture works with SPHINCS+ / SLH-DSA (NIST FIPS 205) today and any future NIST-approved PQ scheme without redesign. The same SPHINCS+ / SLH-DSA (NIST FIPS 205) foundation that secures EternaX's settlement layer, bridges, vaults, and issuance rails also secures every custody flow. One scheme. One foundation. Custody included.
custodyEternaXSPHINCS+
First defined: EternaX Post-Quantum MPC Custody On-Chain, June 2026. Formalized: arXiv:2607.08226, July 2026

Signature-Agnostic Threshold Authorization

The principle that threshold custody authorization should be enforced independently of the signature scheme used for member authentication. Classical MPC custody bundled distributed authorization and native signature production into one object (threshold ECDSA). EternaX unbundles them: any NIST-approved PQ signature can authenticate members at Gate 1 while Gate 2 operates through a signature-agnostic threshold mechanism. The custody architecture never needs to change when the signature scheme changes.
custodyarchitecture
First defined: EternaX Post-Quantum MPC Custody On-Chain, June 2026

MPC (Multi-Party Computation) Custody

The dominant institutional custody model. 15+ providers (Fireblocks, Anchorage Digital, BitGo, Zodia Custody, Ripple Custody/Metaco, Copper, Cobo, Fordefi/Paxos, Dfns, Ceffu, others) protect $10T+ in digital assets. MPC distributes signing so no single party holds the complete key. But on every major chain, the final consensus-verified signature remains classical ECDSA or Ed25519. A quantum adversary attacks the chain-visible signature, not the internal MPC ceremony. MPC custody is not post-quantum custody. EternaX's PQ Custody SDK integrates underneath existing MPC custody stacks to make custody authorization post-quantum safe using SPHINCS+ / SLH-DSA (NIST FIPS 205), without replacing the provider, moving assets, or changing chains.
custodyinstitutional

MPC + SPHINCS+ Impossibility

Hash-based PQ signatures (SPHINCS+ / SLH-DSA (NIST FIPS 205)) are mathematically incompatible with MPC threshold signing. SPHINCS+ requires 10,000-20,000 SHA-256 compressions per signature. Threshold-computing across 5 MPC parties: approximately 26 terabytes of communication, 500-700 rounds, 6-7 orders of magnitude beyond institutional requirements. Hash functions lack the algebraic properties for distributed signing. Confirmed by Taurus SA (June 2026) and NIST MPTS 2026 (Kondi, Kumar, Vanegas). EternaX resolves this: each custody member authenticates with an individual SPHINCS+ signature (Gate 1). Threshold authorization operates through a signature-agnostic mechanism (Gate 2). The MPC provider never threshold-computes a hash-based signature. The impossibility is conceded and architecturally resolved. Formally specified in arXiv:2607.08226 (Porechna, July 2026) with proofs of threshold unforgeability and information-theoretic below-threshold secrecy.
impossibilitycustody

Proactive Key Refresh / Epoch Key Rotation

Periodic rotation of key shares in MPC custody systems to limit exposure from compromised shares. Under quantum attack, the rotation itself becomes vulnerable if the underlying scheme is classical ECDSA or Ed25519: the new key shares are generated and distributed using the same quantum-vulnerable cryptographic primitives. EternaX's dual-gate model handles key rotation at Gate 2 through a signature-agnostic mechanism without touching the signature scheme, so rotation security is independent of signature-scheme quantum resistance.
custodykey management

Threshold Authorization Without Threshold Signatures

The principle that institutional custody can achieve distributed multi-party authorization with below-threshold secrecy and share refresh without threshold-signing the post-quantum signature itself. Formalized in arXiv:2607.08226 (Porechna, EternaX Labs, July 2026). A threshold signature bundles two functions: member authentication ("who approved") and threshold authorization ("did enough parties approve"). For hash-based PQ signatures like SPHINCS+ / SLH-DSA (NIST FIPS 205), threshold signing is mathematically impractical. The dual-gate architecture separates these functions: members authenticate with ordinary SPHINCS+ / SLH-DSA (NIST FIPS 205) signatures (Gate 1), and threshold authorization is enforced through a threshold seal from Shamir-shared secrets (Gate 2). The signature scheme becomes a deployment parameter: migrating from ECDSA to SLH-DSA is a key rotation, not a protocol redesign.
papercustodyarXiv:2607.08226
First defined: Porechna, arXiv:2607.08226, EternaX Labs, July 2026

Threshold Seal

The cryptographic primitive providing Gate 2 threshold authorization in EternaX's dual-gate custody architecture. A Shamir-shared Wegman-Carter one-time authenticator evaluated at an operation-bound point. Each custody member computes one local evaluation from their secret shares; any t evaluations reconstruct the seal through Lagrange interpolation. Below-threshold secrecy is information-theoretic: an adversary holding fewer than t shares learns nothing about the seal coefficients regardless of computational power. The seal requires no curve arithmetic, no multi-round signing MPC, and no zero-knowledge machinery. One field evaluation and one ordinary SPHINCS+ / SLH-DSA (NIST FIPS 205) signature per member. Coefficient slots are single-use and consumed under finality. The seal uses single-use coefficient slots provisioned in batches via JRSS (Joint Random Secret Sharing). Formally specified in arXiv:2607.08226.
cryptographycustodyarXiv:2607.08226
First defined: Porechna, arXiv:2607.08226, EternaX Labs, July 2026

Below-Threshold Secrecy

The property that fewer than t compromised custody members learn zero information about the authorization secret, regardless of their computational power including unlimited quantum resources. In EternaX's dual-gate custody, below-threshold secrecy of the threshold seal coefficients is information-theoretic, provided by Shamir secret sharing. This is stronger than computational secrecy: it does not depend on any hardness assumption and cannot be broken by a CRQC. By contrast, threshold ECDSA publishes a group public key whose discrete logarithm is the joint signing key, a permanent target for a future quantum adversary. The dual gate publishes no joint key; member keys are individually replaceable. Proven in Theorem 2 of arXiv:2607.08226.
securityinformation-theoreticcustody
First defined: Porechna, arXiv:2607.08226, EternaX Labs, July 2026

Coefficient Slot (Single-Use)

The per-operation consumable authorization resource in EternaX's dual-gate custody, analogous to presignatures in production threshold ECDSA. Each coefficient slot is consumed exactly once. Enforcement is two-layered: signer-side reservation prevents a member from emitting two evaluations of one slot, and enforcement-layer consumption under ordered finality prevents a second accepted operation. Unlike ECDSA nonce reuse, coefficient slot reuse does not leak any long-term key. Slots are provisioned in batches via JRSS (Joint Random Secret Sharing); batch pre-sharing amortizes setup cost for frequent operations. Proactive refresh re-shares unconsumed slots on a schedule. Specified in Section 7.2 of arXiv:2607.08226.
operationalcustody

Keys-Without-Shares Adversary

An attacker who steals t or more member signing keys but not the corresponding threshold seal coefficient shares. In multisig custody, compromising t signing keys is total compromise. In EternaX's dual-gate custody, the keys-without-shares adversary still fails: stolen signing keys pass any signature-counting gate but cannot produce the seal because coefficient shares are separate material, typically in separate storage, with information-theoretic below-threshold secrecy. This is the second independent authorization factor that multisig cannot provide. Proven in Theorem 1 and Table 1 of arXiv:2607.08226.
attackcustodytwo-factor
First defined: Porechna, arXiv:2607.08226, EternaX Labs, July 2026

Enforcement-Layer Authorization

The output type of EternaX's dual-gate custody. Unlike threshold ECDSA, which produces a native signature any standard ECDSA verifier accepts, the dual gate produces an authorization receipt: the reconstructed seal, custody metadata, and finality evidence, verified by an enforcement layer that implements both gates. The enforcement layer holds no custody secret and can verify but never produce an authorization. It deploys wherever the asset-control path supports programmable verification: smart contracts, vault modules, account-abstraction layers, or an HSM guarding a master key. Where the enforcement layer is an HSM, it can release a native signature under the master key after verifying both gates, recovering compatibility with legacy chains. Specified in Sections 3 and 4.3 of arXiv:2607.08226.
architecturecustodyoutput
First defined: Porechna, arXiv:2607.08226, EternaX Labs, July 2026

ECDSA-to-SLH-DSA Key Rotation

The migration concept in EternaX's dual-gate custody: moving from ECDSA to SPHINCS+ / SLH-DSA (NIST FIPS 205) is a key rotation, not a custody-stack redesign. Because the threshold seal and its Shamir-shared field arithmetic have zero coupling to the member-signature primitive, migrating the signature scheme is a maintenance operation: register the new public key, retire the old. The threshold layer, policy engine, and audit pipeline are untouched. Mixed ECDSA/PQ quorums support staged migration with no flag day. Members holding keys in commodity HSMs participate through the standard sign API. By contrast, changing the signature scheme under threshold ECDSA means a new DKG, a new presignature lifecycle, a new combination algorithm, and a new security analysis. Specified in Section 4.1 of arXiv:2607.08226.
migrationcustodykey rotation

Mixed-Scheme Quorum (ECDSA/PQ Hybrid)

Staged migration capability in EternaX's dual-gate custody. During post-quantum transition, some custody members can still use ECDSA while others have rotated to SPHINCS+ / SLH-DSA (NIST FIPS 205). The enforcement layer checks each envelope under that member's registered key, so members on different schemes coexist in one quorum. No flag day. No all-or-nothing migration. The mixed quorum inherits the weakest deployed scheme: an operation approved by a quorum containing even one classical key carries the classical security bound for that operation. This removes the migration barrier that forces institutions to choose between "upgrade everyone simultaneously" and "stay on ECDSA." Specified in Section 4.1 of arXiv:2607.08226.
migrationcustodystaged

Proactive Coefficient Refresh

Periodic re-sharing of unconsumed coefficient slots in EternaX's dual-gate custody. Re-randomizes shares so that below-threshold share exfiltration from any prior epoch is neutralized by the next refresh. The refresh is itself an authorized custody operation, consuming a slot under the current setup root. Multisig has no analogous recovery: a leaked signing key stays leaked until a public key rotation. In threshold ECDSA, proactive key-share refresh exists but the underlying ECDSA key remains a permanent quantum target. In the dual gate, below-threshold secrecy of the seal coefficients is information-theoretic regardless of refresh schedule. Specified in Section 7.3 of arXiv:2607.08226.
maintenancecustodysecurity
First defined: Porechna, arXiv:2607.08226, EternaX Labs, July 2026

Admin Keys

Privileged keys governing mint/burn/freeze authority, contract upgrades, governance functions, and bridge operations. Google estimates $200B in stablecoins and tokenized RWAs on Ethereum depends on admin keys permanently exposed on-chain. Admin keys are the highest-value at-rest attack targets. A single compromised admin key can drain or freeze an entire stablecoin issuance without attacking any individual user wallet. See control-plane vulnerability. EternaX provides PQ Admin Key Protection through the PQ Custody SDK and PQ Vault.
riskgovernance
Source: Exposure Map

PQ-Safe Vault

Preserve-first controls for treasuries, custodians, exchanges, and foundations. Reduces cryptographic exposure immediately through controlled policy and operational safeguards, without requiring an immediate ecosystem-wide upgrade. Part of the EternaX product suite for institutions that need to reduce quantum exposure before a full PQ migration.
custodypreservation
Source: Why EternaX

Chain-Specific Quantum Exposure

Canton Network

Permissioned DLT used by Goldman Sachs, BNY Mellon, Broadridge ($384B/day DLT repo), DTCC, JPMorgan, HSBC, and 700+ institutional participants. Uses Ed25519, Curve25519, and P-256: all quantum-vulnerable. Privacy through ECIES P-256 encryption expires retroactively when keys break via HNDL. Not composable. No disclosed PQ roadmap. Namespace identity structurally prevents key type rotation. EternaX delivers what Canton cannot: SPHINCS+ / SLH-DSA (NIST FIPS 205) based PQ settlement, permanent privacy, full composability.
competitorpermissionedquantum-vulnerable

Canton Namespace

Canton identity construct permanently binding every namespace to the cryptographic fingerprint of its root signing key. Canton's own documentation states: "A namespace root signing key is a permanent key. It cannot be rotated without losing the namespace." Changing key type from classical to PQ changes the fingerprint, destroys the namespace, and breaks every party, node, topology delegation, and contract reference. This is a structural identity impossibility that must be solved before any Canton PQ migration becomes relevant. EternaX has no legacy identity construct tied to classical key fingerprints. Identity is PQ-native from genesis.
Cantonidentitynon-upgradeable

ECIES P-256 (Canton Privacy)

Elliptic-curve integrated encryption scheme used in Canton for sub-transaction privacy (encrypted transaction views). Every encrypted view ever sequenced through Canton's Global Synchronizer is stored with quantum-vulnerable keys. Under harvest-now-decrypt-later, $60T+ in cumulative settlement volume between Goldman Sachs, DTCC, JPMorgan, HSBC, Broadridge, and 700+ institutions is retrospectively decryptable. Future migration protects future transactions but does not protect the past. This is privacy contamination at institutional scale. EternaX provides quantum-durable privacy anchored to hash-based primitives from day one, so there is nothing to harvest and nothing that expires.
Cantonprivacyquantum-vulnerable

Canton Synchronizer Scheme Gate

Canton's Synchronizer enforces a minimum set of cryptographic schemes. Any node that does not support the required set is unable to connect. This makes partial PQ migration technically impossible on Canton: all 700+ institutional participants must upgrade simultaneously, or the classical scheme remains the operating standard and no quantum safety is achieved. EternaX has no synchronizer scheme gate. Its PQ-native architecture does not require coordinated multi-party cryptographic upgrades.
Cantonmigration barrier

SPL Token (Solana)

Core Solana token program used for all fungible assets, mint authority, freeze authority, upgrade authority, and token account control. Loaded by the deprecated BPFLoader2, making it permanently immutable. Every stablecoin, every DeFi position, every tokenized asset on Solana depends on SPL Token. PQ migration requires deploying an entirely new token program and migrating all state across the ecosystem. Authority model depends entirely on Ed25519. Critically, the Solana protocol requires a standard Ed25519 account to pay transaction fees, so even assets inside a Winternitz Vault require a quantum-vulnerable fee payer. EternaX's PQ-EVM has no immutable token program dependency. Token standards run on SPHINCS+ / SLH-DSA (NIST FIPS 205) from genesis.
Solananon-upgradeable

Winternitz Vault (Solana)

Solana's only deployed PQ primitive. Uses hash-based one-time signatures suitable for cold storage only. Each signature reveals approximately 50% of the private key, so keys cannot be reused. Not default; users must opt in. Does not protect validator identities, consensus, transaction signing, DeFi programs, or any authority key. The Solana protocol requires a standard Ed25519 account to pay transaction fees, so even assets inside a Winternitz Vault require a quantum-vulnerable fee payer. Not a system-wide PQ migration. EternaX provides system-wide PQ security through SPHINCS+ / SLH-DSA (NIST FIPS 205) on every transaction, not a limited cold-storage opt-in.
Solanalimited PQ

Alpenglow (Solana)

Solana's consensus redesign using BLS signature aggregation for validator voting. BLS aggregation has no practical post-quantum equivalent. Even if Solana migrates user transactions to PQ, the consensus layer carries an unsolved cryptographic dependency. Not a PQ solution. EternaX's consensus does not depend on BLS aggregation and carries no unsolved PQ consensus dependency.
Solanaconsensusquantum-vulnerable

Broadridge DLR (Distributed Ledger Repo)

The single largest institutional DLT deployment by notional value: $384B per day ($8T+ monthly) in repo settlement volume, running on the Canton Network. All settlement secured by Ed25519 signatures and ECIES P-256 encryption, both quantum-vulnerable. The cumulative historical settlement data is permanently archived and subject to harvest-now-decrypt-later. EternaX provides post-quantum settlement at market speed, protecting the same institutional settlement flows that Canton currently processes on quantum-vulnerable rails.
Cantonrepoinstitutional

Tokenized Treasuries / Tokenized Money Market Funds

Real-world asset products issuing U.S. Treasury exposure as on-chain tokens. BUIDL (BlackRock, $2.5B+), FOBXX (Franklin Templeton), Libeara (Standard Chartered). All deployed on quantum-vulnerable rails (Ethereum ECDSA, Stellar Ed25519). Each new issuance compounds migration debt. These products carry zero credit risk from the underlying Treasuries but absorb rail-induced cryptographic risk from their blockchain infrastructure. A tokenized Treasury fund should not carry blockchain quantum risk. EternaX provides PQ-safe issuance rails so tokenized Treasury products carry zero blockchain cryptographic risk from day one.
RWAinstitutional
Source: Exposure Map

Smart Contract and Token Standards

ERC-3643 / ONCHAINID

The dominant institutional tokenization standard for regulated securities on Ethereum. $32B+ tokenized across 180+ jurisdictions. DTCC ComposerX integration, SEC endorsement pathway, ISO standardization underway, 92+ association members. Compliance enforcement depends on ONCHAINID, which verifies claim issuer signatures using ECDSA ecrecover. A quantum adversary forges a claim issuer signature, fabricates a KYC attestation, and any address appears compliant. EternaX provides PQ-ONCHAINID: the same compliance concept with SPHINCS+ / SLH-DSA (NIST FIPS 205) based claim verification.
Ethereumsecuritiesquantum-vulnerable

ERC-2612 (Permit)

Ethereum standard for gasless token approvals. The permit function hardcodes ECDSA-specific parameters: (uint8 v, bytes32 r, bytes32 s). SPHINCS+ signatures (7,856+ bytes) cannot fit this ABI. The standard cannot be adapted; it must be replaced. Dollar exposure: USDC ($55B+), DAI/USDS (~$5B), stETH ($15B+), PYUSD, plus all OpenZeppelin ERC20Permit deployments. Total permit-enabled token market cap exceeds $80B. Through Uniswap Permit2, exposure extends to every ERC-20 on every EVM chain. EternaX defines PQ-Permit with a generic bytes signature parameter from day one.
EthereumDeFinon-upgradeable

ERC-1400

Security token suite standard with partitioned tokens and transfer agent certificates. CertificateController uses ecrecover to verify transfer agent signatures. Under quantum attack, unauthorized transfers of partitioned security tokens become possible without issuer approval. EternaX's PQ Transfer Agent Controls provide the same certificate verification using SPHINCS+ / SLH-DSA (NIST FIPS 205) instead of ecrecover.
Ethereumsecurities

ERC-4626

Ethereum standard for tokenized yield-bearing vaults. Applicable to BUIDL, FOBXX, Libeara-class products. On Ethereum: exposes counterparty data through public on-chain state. On EternaX: operates with SPHINCS+ / SLH-DSA (NIST FIPS 205) anchored quantum-durable privacy and selective disclosure.
Ethereumvaults

ERC-4337 (Account Abstraction)

Ethereum standard for programmable account validation, enabling custom signature verification logic. The mechanism that makes PQ Vault possible on Ethereum: account abstraction allows a smart contract wallet to verify SPHINCS+ / SLH-DSA (NIST FIPS 205) signatures instead of relying on ecrecover. However, ERC-4337 operates at approximately 1.4M gas per transaction on Ethereum, making it commercially impractical for high-throughput settlement. EternaX's PQ-EVM provides native PQ verification without the gas overhead.
Ethereumwallets

EIP-712

Ethereum typed-data signing standard supporting permit, custody, and institutional authorization flows. All signatures verified through EIP-712 inherit ECDSA dependency. Every custody policy, every gasless approval, and every meta-transaction framework built on EIP-712 carries quantum-vulnerable authorization logic. EternaX's PQ-EVM replaces ECDSA-dependent typed signing with SPHINCS+ / SLH-DSA (NIST FIPS 205) verification from genesis.
Ethereumsigning

ERC-1271 PQ Verifier

EternaX's mechanism for making Safe-style EVM smart-account custody post-quantum safe. An ERC-1271-compatible smart contract that requires SPHINCS+ / SLH-DSA (NIST FIPS 205) authorization before asset movement or privileged account changes execute. Integrates with existing Safe deployments without moving assets or changing chains. For anyone running Gnosis Safe, Safe{Wallet}, or any ERC-1271-compatible smart account, this is the path to post-quantum custody authorization on EVM. Part of the PQ Custody SDK.
EthereumSafecustodyEternaX

PQ Policy Guard (Safe Custody)

EternaX's post-quantum policy enforcement for Safe-style EVM smart accounts. Covers all privileged execution paths that could bypass PQ authorization: normal executions, owner changes, threshold changes, guard changes, fallback-handler changes, module enablement, and module transactions. Where a Safe retains ECDSA-only execution paths, those paths are documented as residual configuration risk. PQ policy must cover both normal executions and privileged configuration paths because an attacker who forges an owner-change transaction can add themselves as an owner and then authorize any subsequent transaction through the standard path. Part of the PQ Custody SDK.
SafepolicyEternaX

Immutable Contract (Non-Upgradeable Smart Contract)

A deployed smart contract with no proxy pattern, no upgrade function, and no admin key enabling modification. Uniswap Permit2, V2/V3 Pools, Compound V2 cTokens, Curve base pools, Balancer V2 Vault, WETH9, and ENS Registry are all immutable on Ethereum with permanent ECDSA logic that can never be replaced. These contracts collectively hold or route over $15B in TVL. They represent non-upgradeable cryptographic dependencies that persist after any chain-layer upgrade. On a PQ-native chain like EternaX, no legacy immutable contract debt exists at genesis. EternaX's PQ-EVM has zero legacy immutable contract debt because all contracts deploy on SPHINCS+ / SLH-DSA (NIST FIPS 205) from genesis.
EthereumDeFinon-upgradeable

PQ Solutions Taxonomy

Post-Quantum Secure Tokenization

Tokenization of real-world assets where every authorization primitive in the issuance, transfer, and compliance workflow is protected by quantum-resistant cryptography, specifically SPHINCS+ / SLH-DSA (NIST FIPS 205). Post-quantum secure tokenization means the mint authority, burn authority, freeze authority, transfer agent signing, compliance verification, and on-chain settlement all use NIST-approved PQ algorithms as the deployed foundation, not a migration plan. Current tokenization ($36B+ RWAs ex-stablecoins) runs entirely on ECDSA or Ed25519. Every new tokenized asset issued on classical rails compounds cryptographic migration debt. BlackRock BUIDL, Franklin Templeton BENJI/FOBXX, Hamilton Lane, Securitize, and every ERC-3643 deployment carry tokenized fund quantum exposure. EternaX provides post-quantum secure tokenization through the PQ-Safe Issuance Rail (new assets on SPHINCS+ / SLH-DSA (NIST FIPS 205) from day one), PQ Vault (migrating existing EVM assets), and PQ-ONCHAINID (post-quantum compliance verification).
tokenizationinstitutionalEternaX

Post-Quantum Secure Stablecoin Issuance

Stablecoin issuance where the mint authority, burn authority, freeze authority, pause controls, and admin keys are protected by SPHINCS+ / SLH-DSA (NIST FIPS 205) from the moment of deployment. $321B in stablecoins today (USDC, USDT, DAI, PYUSD, BUSD) runs on ECDSA admin keys on Ethereum. Citi projects $1.9-4.0T by 2030, multiplying migration debt 6-12x. A quantum adversary targeting the mint/burn authority of a $55B stablecoin does not need to attack a single user wallet. The GENIUS Act and UCC Article 12 are expanding institutional capital onto quantum-vulnerable rails while the underlying algorithms are on federal deprecation schedule. EternaX provides PQ-native stablecoin issuance: mint, burn, freeze, pause, and transfer authority all running on SPHINCS+ / SLH-DSA (NIST FIPS 205) from day one, with zero migration debt.
stablecoinsissuanceEternaX

Post-Quantum Settlement

Institutional settlement where every transaction signature, finality certificate, and settlement proof is protected by quantum-resistant cryptography. Distinct from post-quantum custody (which protects key storage and approval workflows) and post-quantum secure tokenization (which protects asset issuance). Post-quantum settlement means the actual movement of value on-chain carries SPHINCS+ / SLH-DSA (NIST FIPS 205) grade PQ security at market speed. On existing chains, PQ settlement costs 84-90% TPS loss. EternaX delivers post-quantum settlement at 50,000-200,000 TPS with approximately 2% overhead through the unbundled transaction signature architecture. One scheme. SPHINCS+ at market speed. By design from genesis.
settlementinstitutionalEternaX
Source: Why EternaX

Post-Quantum Fund Administration

Fund operations for tokenized products where every signing and authorization primitive is protected by SPHINCS+ / SLH-DSA (NIST FIPS 205). Fund administration creates multiple quantum attack surfaces beyond the custody layer: NAV oracle signing, transfer agent authorization, share class management, and investor registry updates. A quantum adversary forging a NAV oracle signature can manipulate fund pricing. A quantum adversary forging a transfer agent signature can process unauthorized transfers. Tokenized funds including BlackRock BUIDL, Franklin Templeton FOBXX, and Hamilton Lane products carry these exposures. EternaX provides PQ-safe fund administration through SPHINCS+ / SLH-DSA (NIST FIPS 205) protected signing across all fund operation workflows.
fundsadministrationEternaX

Post-Quantum Key Management

The complete lifecycle of cryptographic key material (generation, storage, rotation, backup, recovery, revocation) using quantum-resistant algorithms. Broader than post-quantum custody, which focuses on authorization workflows. Post-quantum key management covers HSM firmware upgrades to support SPHINCS+ / SLH-DSA (NIST FIPS 205), ECDSA-to-SLH-DSA key rotation, backup encryption under ML-KEM (NIST FIPS 203), and key escrow protection against harvest-now-decrypt-later. EternaX's PQ Custody SDK addresses the custody authorization subset; the broader key management lifecycle must also cover key generation entropy, secure transport, and cross-system key synchronization under PQ.
key managementlifecycle

Post-Quantum Compliance Infrastructure

The audit, attestation, and regulatory reporting layer that must itself be post-quantum safe. Includes CBOM (Cryptographic Bill of Materials) generation and disclosure, EO 14412 readiness documentation, clean CBOM readiness verification, residual risk register maintenance, and quantum exposure reporting for risk committees and boards. Compliance infrastructure is not just about the assets; it is about the evidence trail. If audit signatures, compliance attestations, and regulatory filings use ECDSA, the integrity of the compliance record itself is quantum-vulnerable. EternaX's glossary, reports, and 90-day pilot deliverables are designed to produce the documentation institutional compliance teams need for EO 14412, FAR, and board-level fiduciary review.
complianceauditinstitutional

Post-Quantum DeFi

Decentralized finance protocols operating on post-quantum-safe rails where every signature, authorization, and privacy primitive uses quantum-resistant cryptography. Current DeFi ($130B+ TVL on Ethereum) runs entirely on ECDSA. Immutable contracts (Uniswap, Compound, Curve, Balancer, WETH9) contain permanent ECDSA logic that cannot be upgraded. ERC-2612 Permit hardcodes ECDSA parameters. The entire DeFi composability stack inherits quantum vulnerability. Post-quantum DeFi requires a PQ-native chain where Solidity deploys with zero code changes on PQ-EVM, ERC-4626 vaults operate with quantum-durable privacy, and composability is preserved. EternaX is PQ-safe, private, and composable from genesis.
DeFicomposabilityEternaX

Post-Quantum Privacy

Privacy guarantees for institutional settlement data that hold regardless of future quantum capability. Distinguished from classical blockchain privacy, which expires retroactively when the elliptic-curve keys protecting encrypted data are broken via harvest-now-decrypt-later. Every encrypted transaction view on Canton (ECIES P-256), every shielded transaction on Zcash (Jubjub curve), and every ring signature on Monero (Ed25519) carries false privacy: it looks private today but will be exposed when quantum hardware matures. Post-quantum privacy requires encryption and signing primitives whose security does not depend on elliptic-curve assumptions. EternaX provides quantum-durable privacy with selective disclosure and auditable privacy, anchored to SPHINCS+ / SLH-DSA (NIST FIPS 205) hash-based primitives from day one.
privacypermanentEternaX

PQ Mint/Burn Authority

Stablecoin and tokenized asset mint/burn authority where the privileged signing keys are protected by SPHINCS+ / SLH-DSA (NIST FIPS 205). Mint/burn authority is the highest-value admin key in stablecoin infrastructure: Circle's USDC ($55B+), Tether's USDT ($140B+), Paxos, and PayPal PYUSD all depend on ECDSA admin keys that can mint unlimited supply or freeze any account. A quantum adversary who forges the mint authority key can mint unlimited tokens without accessing any custody infrastructure. PQ Mint/Burn Authority means the minting, burning, freezing, and pausing functions are authorized under SPHINCS+ / SLH-DSA (NIST FIPS 205) from day one, eliminating the single highest-consequence control-plane vulnerability in institutional digital assets. Part of the EternaX product suite. Available through the PQ-Safe Issuance Rail for new stablecoin deployments and PQ Custody SDK for existing issuers.
stablecoinsadminEternaX

PQ Transfer Agent Controls

Post-quantum-safe signing for transfer agent operations in tokenized securities. Transfer agents maintain shareholder records, process transfers, and ensure compliance. In ERC-1400 and ERC-3643 implementations, transfer agent authorization depends on ECDSA ecrecover. A quantum adversary forging a transfer agent signature can process unauthorized transfers of regulated securities, add unauthorized investors to the registry, or bypass compliance restrictions. PQ Transfer Agent Controls means every transfer agent signing operation uses SPHINCS+ / SLH-DSA (NIST FIPS 205), ensuring that the compliance and record-keeping layer of tokenized securities is quantum-safe. Part of the EternaX product suite, integrated through the PQ Custody SDK.
securitiescomplianceEternaX

PQ Admin Key Protection

Post-quantum-safe protection for admin keys governing mint/burn/freeze authority, contract upgrades, governance multisigs, and bridge operations. $200B in stablecoins and RWAs on Ethereum depends on admin keys permanently exposed on-chain. Admin keys are permanent, never-expiring at-rest targets. PQ Admin Key Protection means these privileged keys are authorized under SPHINCS+ / SLH-DSA (NIST FIPS 205) through EternaX's PQ Custody SDK (custody-level protection) and PQ Vault (on-chain EVM protection). On EternaX's PQ-Safe Issuance Rail, admin keys are PQ-native from genesis.
admincontrol planeEternaX

PQ NAV Oracle

Post-quantum-safe signing for Net Asset Value (NAV) oracle updates in tokenized funds. Tokenized fund products (BlackRock BUIDL, Franklin Templeton FOBXX, Libeara, Hamilton Lane) depend on oracle-signed NAV updates to price fund shares on-chain. If the NAV oracle signing key uses ECDSA, a quantum adversary can forge NAV updates, manipulate fund pricing, and trigger unauthorized subscriptions or redemptions. PQ NAV Oracle means every NAV update signature is authorized under SPHINCS+ / SLH-DSA (NIST FIPS 205), ensuring that the pricing integrity of tokenized funds is quantum-safe. Part of the EternaX product suite for post-quantum fund administration.
fundsoracleEternaX

PQ Attestation

Post-quantum-safe signing for bridge attesters, oracle networks, and cross-chain validation nodes. Bridge attesters and price oracles (Chainlink, LayerZero, Wormhole, Axelar) are among the highest-value at-rest targets in the ecosystem. A forged bridge attestation can drain the entire locked-value reserve. A forged oracle price feed can trigger cascading liquidations across DeFi. PQ Attestation means every attestation and oracle signature uses SPHINCS+ / SLH-DSA (NIST FIPS 205). EternaX's PQ Custody SDK can protect the signing infrastructure of attestation nodes; PQ Bridge provides PQ-safe cross-chain attestation natively.
bridgesoraclesEternaX

Infrastructure and Settlement

TPS Loss Under PQ Migration

The throughput penalty incurred when replacing classical signatures with post-quantum alternatives on existing blockchains. Driven by the post-quantum size tax. These losses occur because Solana, Ethereum, Canton, and Stellar were architected for 64-byte ECDSA or Ed25519 signatures. SPHINCS+ / SLH-DSA (NIST FIPS 205) signatures at 7,856 bytes overwhelm their block space, bandwidth, and verification pipelines. Confirmed losses: Solana approximately 90% (live testnet, April 2026), Ethereum approximately 84%, Canton approximately 88%, Stellar approximately 90%. EternaX: approximately 2%, retaining 50,000-200,000 TPS, 20-50ms soft finality, and 400-520ms hard finality. This gap is not incremental optimization. It is the difference between a protocol designed from genesis around SPHINCS+ / SLH-DSA (NIST FIPS 205) signature sizes through the unbundled transaction signature architecture, and protocols attempting to retrofit PQ signatures onto architectures that assumed 64-byte signatures permanently.
performancecomparisonby design

Soft Finality

The point at which a transaction is ordered and locally confirmed. 20-50ms on EternaX. The transaction is in the pipeline and will not be reordered, but has not yet received full consensus attestation.
finalityperformance
Source: Why EternaX

Hard Finality

The point at which a transaction is irrevocably settled with full consensus. 400-520ms on EternaX. Ethereum: approximately 15 minutes. Solana: approximately 12.8 seconds. Hard finality is the point after which no rollback, reorganization, or reversal is possible. Critical for institutional settlement, custody, and collateral flows.
finalityperformance
Source: Why EternaX

Spendable Finality

The time after which a transfer is safely usable for downstream settlement without rollback risk. EternaX targets approximately 120ms spendable finality. Critical for market-speed payments, DvP (delivery versus payment), and institutional settlement where the receiving party needs to act on the incoming transfer immediately. EternaX targets approximately 120ms spendable finality with full SPHINCS+ / SLH-DSA (NIST FIPS 205) post-quantum security on every transaction.
finalitysettlement
Source: Why EternaX

Auditable Privacy

Privacy model combining confidential transaction data with selective disclosure and verifiable settlement proofs. Confidential by default, verifiable in settlement, selectively disclosable under policy. Designed for institutional routing that needs confidentiality without losing accountability. EternaX builds tiered selective disclosure and per-transaction unlinkability against external observers through the SILMARILS receipt architecture. EternaX delivers auditable privacy with quantum-durable guarantees anchored to SPHINCS+ / SLH-DSA (NIST FIPS 205).
privacyinstitutional

RWA Tokenization

Issuance of real-world assets as programmable on-chain representations. Includes tokenized treasuries, money market funds, securities, real estate, and other off-chain assets. $36B+ tokenized RWAs (ex-stablecoins) on-chain. Every RWA issued on a quantum-vulnerable rail compounds migration debt and absorbs rail-induced asset contamination. PQ-safe issuance rails on EternaX eliminate these risks from day one.
assetsinstitutional
Source: Exposure Map

DeFi Composability

Tokenized assets interacting across multiple protocols (lending, collateral, yield) without bilateral agreements. $130B+ DeFi TVL on Ethereum, all secured by ECDSA. Ethereum: composable but exposed and quantum-vulnerable. Canton: private but closed, no composability. EternaX: PQ-safe (SPHINCS+ / SLH-DSA (NIST FIPS 205)), private (quantum-durable), and composable (Solidity deploys on PQ-EVM with zero code changes).
DeFiarchitecture

Collateral Mobility

Tokenized assets moving as collateral across protocols without bilateral lock-up. DTCC and Broadridge identify this as the primary value unlock of tokenization. On Ethereum: composable but quantum-exposed. On Canton: not composable, precluding cross-protocol collateral movement. On EternaX: PQ-safe, private, composable. UCC Article 12 perfects tokenized asset collateral status, accelerating the need for PQ-safe collateral rails.
collateralsettlement

Transfer Agent

In tokenized securities, the entity responsible for maintaining shareholder records, processing transfers, and ensuring compliance. Transfer-agent logic in smart contracts creates admin key exposure that is separate from end-user wallet risk. ERC-1400 CertificateController verifies transfer-agent signatures via ecrecover. Under quantum attack, the transfer agent's signing authority can be forged. EternaX provides PQ Transfer Agent Controls using SPHINCS+ / SLH-DSA (NIST FIPS 205).
securitiescompliance

Bridge Attester

Signer nodes that validate cross-chain transfers. Oracle and bridge attesters are among the highest-value at-rest targets in the ecosystem. A forged bridge attestation can drain the entire locked-value reserve of a bridge. Bridge attester keys are permanently exposed and represent perpetual quantum targets. EternaX provides PQ Attestation to protect bridge attester signing infrastructure with SPHINCS+ / SLH-DSA (NIST FIPS 205).
bridgerisk
Source: Exposure Map

For detailed analysis of these concepts in institutional context, see: