Draft
Conversation
merge: develop to master for v1.7.2
PQVoteEnvelope/Attestation types, STARK aggregator, pqKeyRegistry (0x70), ML-DSA-44 vote signer, fork-gated dispatch in parlia. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
PQVotePool with dedup/verify/prune, PQVoteManager producing votes on chain-head events gated by IsPQFork, IsActivePQValidatorAt. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
New Bsc4 capability with PQVotesMsg, peer PQ vote broadcast, handler glue in eth/handler.go. .gitignore for .claude/.gocache. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instantiate PQ pool/manager in eth/backend.go, add --pqvotekey CLI flag, switch pqAssembleVoteAttestation to PQVotePool. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
WarmPQRegistryCache + ExtractValidatorAddresses at startup. Fix attestation to use PQVoteAddress, back-fill from registry cache. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Required by go mod tidy for the ML-DSA-44 transitive dependency. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Set nonce=1 on pqRegistryAddress before writing storage slots to prevent EIP-158 from treating it as empty and wiping storage. Also add 0x70 with nonce=1 to DeveloperGenesisBlock alloc. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add PQRegistryLookupWithState that reads 0x70 storage slots when the process-level cache has no entry. Override the registry backend in Process() for PQ-fork blocks so any registered sender can be resolved. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Pre-warm pqRegistryCache in Process() before block txs are applied using PQFrom() (no-verify From extraction) + PQRegistryLookupWithState(). The prefetcher goroutines keep using cache-only lookup (sync.Map, safe). Removes the global SetPQRegistryBackend override that caused the race. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
On restart, WarmPQRegistryCache only ran if curHeader was an epoch block; non-epoch heads returned empty validator list so cache stayed cold. Fix by using Parlia snapshot (always current) via new CurrentValidators() helper. Snapshots loaded from DB before warm-up had PQVoteAddress=zero, causing committee root mismatch in pqVerifyVoteAttestation. Fix by back-filling PQVoteAddress in loadSnapshot and at point-of-use in verification. Also warm the txpool PQ sender cache on-demand using a per-call StateAt snapshot to avoid concurrent StateDB access. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
shemnon
added a commit
to tectonic-labs/quantum-tracker-data
that referenced
this pull request
May 1, 2026
Upstream research surfaced a draft node-side ML-DSA-44 + STARK aggregation PoC for BNB Chain (bnb-chain/bsc#3660), pushing three category ratings into b-dev and the tier from D to C. Sui's fastcrypto SLH-DSA build-out progressed (FORS+XMSS+Hypertree merged) but the existing b-dev rating already covers it. - BNB Chain: tx_signature/consensus f-nothing→b-dev, onchain d-discussed→b-dev, tier D→C - Sui: commentary updated to reflect FORS+XMSS+Hypertree merge - Cardano: date_last_updated bump only; CIP-1144/1175 still in editor process
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Migrates BSC fast-finality vote signatures from BLS-12-381 to ML-DSA-44 (NIST FIPS 204),
and introduces a new
PQTxType (0x05)transaction type whose sender is authenticated via anon-chain PQ registry contract (
0x70) rather than ECDSA recovery. Vote attestations areaggregated using a STARK recursive proof instead of BLS linear aggregation. A new
bsc4P2Psub-protocol carries
PQVotesMsgalongside the existingbsc3vote messages.Rationale
BLS-12-381 is broken in polynomial time by Shor's algorithm on a cryptographically relevant
quantum computer. Validator signatures are permanently on-chain, making BSC vulnerable to
harvest-now, decrypt-later attacks. NIST finalised ML-DSA (FIPS 204) in August 2024 as
the primary post-quantum signature standard. ML-DSA-44 was selected over ML-DSA-65 because
it matches the effective security level of BLS-12-381 (~128-bit post-quantum) at 35% smaller
key/signature size, and its single-core verification throughput (~1,500/s) leaves the 450 ms
block slot with ample headroom — verification is not a bottleneck.
Changes
PQTxType = 0x05): transactions carry an explicit 1312-bytepublic key and 2420-byte ML-DSA signature; sender address is derived as
keccak256(pubkey)[12:]and resolved via the on-chain PQ Registry at
0x700x70): storesaddr → pubkeymappings; protected against EIP-158storage wipe by pinning a non-zero nonce in genesis
PQVoteAttestation): replaces BLS aggregate signature witha STARK recursive proof over the validator committee;
pqAssembleVoteAttestation/pqVerifyVoteAttestationgate onIsPQForkPQVoteEnvelopes; manager signsvotes with the local ML-DSA key and submits them when the node is an active PQ validator
bsc4P2P sub-protocol: addsPQVotesMsgfor broadcasting and syncing PQ votes acrosspeers without conflicting with existing
bsc3BLS vote messages--pqvotekey <path>flag: operator opt-in; loads raw ML-DSA private key and startsPQVoteManager; node always instantiatesPQVotePoolso received PQ votes are stored evenwithout a local key
WarmPQRegistryCacheis seeded from the currentvalidator set via
Parlia.CurrentValidators()(snapshot-based, epoch-independent) to preventvote failures immediately after restart
PQVoteAddressback-fill:loadSnapshotcallsbackfillPQVoteAddresses()tofill zero-value entries from the process-level cache;
pqVerifyVoteAttestationapplies asecond point-of-use back-fill, preventing committee root mismatch on nodes restarted before
cache warm-up completes