PoS smart-contract platform
Cardano ADA
Cardano's production cryptography is entirely classical: Ed25519 for transaction signatures, ECVRF (Ed25519-based) for Ouroboros leader election, and summed Ed25519 for KES block signing. All are vulnerable to Shor's algorithm. The eUTXO model provides a structural mitigation by hashing public keys in addresses until first spend, protecting never-spent UTXOs from long-exposure attacks, but spent and reused-address holdings remain fully exposed. Post-quantum work is active at the research and proposal level: CPS-0027 surveys PQ signature approaches for Plutus, the Vision 2026 research program includes post-quantum work packages (TRL 1-4), and founder statements reference NIST FIPS 203-206 lattice-based cryptography as the target. However, zero PQ code exists in any public Cardano repository, no testnet or prototype has been deployed, and no production migration timeline has been established. The project scores 14/100, capped at 40 by the 'active ECC-only spend authorization' Readiness & Risk Cap, and is classified as Stage 2 (Mitigation/Development).
Roadmap OnlyPartial Protection
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
1.25 / 20
Migration Mechanism, Governance & Ecosystem Coordination
1.5 / 15
Migration Status & Value-at-Risk
1.5 / 25
Production Cryptographic Protection
5.74 / 35
Security Assessment & Evidence Preparedness
3.75 / 5
Critical Quantum Blockers
- Active production spend authorization uses Ed25519 (ECC) exclusively; fully vulnerable to Shor's algorithm for key recovery and signature forgery.
- Consensus-critical VRF (ECVRF over Ed25519) and KES (summed Ed25519) are entirely quantum-vulnerable, enabling slot-leader manipulation and bootstrapping-chain forgery by a quantum adversary.
- No PQ code, prototype, or testnet exists in any public Cardano repository. All post-quantum work is confined to research papers, CPS documents, roadmap proposals, and founder interviews.
- Material long-exposure quantum-vulnerable value exists in reused addresses and previously-spent UTXOs with exposed public keys, with no migration, freeze, burn, or deprecation mechanism.
Key Risks
- All active transaction signing keys can be recovered by a CRQC running Shor's algorithm, enabling theft of any ADA in addresses with exposed public keys (spent UTXOs, reused addresses, stake pool keys, treasury keys).
- Ouroboros consensus integrity can be compromised: a quantum adversary recovering VRF keys can predict and bias slot leader schedules; recovering KES keys from historical operational certificates can forge alternative chains for bootstrapping nodes.
- Mithril certificate aggregation relies on BLS signatures over BLS12-381, which is quantum-vulnerable, potentially allowing forged state certificates for light clients and bootstrapping nodes.
- The timeline from current research (TRL 1-4) to production-hard-fork deployment is measured in years, while quantum computing advances (recent ZK-proven ECDLP circuits at ~1200 logical qubits, potential on-spend attack feasibility on fast-clock architectures) may compress the available migration window.
- No mechanism exists to freeze, deprecate, burn, or migrate quantum-vulnerable dormant UTXOs with exposed public keys (reused addresses, early-era Byron addresses, exchange hot wallets).
- The PQ migration strategy (proof chain, Mithril integration, NIST PQC adoption) remains at the conceptual design stage with unresolved questions about VRF replacement, KES replacement, signature size impact on block space, and coordination across wallets, exchanges, and DApps.
Assurance Notes
- No independent audit exists for any quantum-critical PQ implementation because no PQ implementation exists in production, testnet, or prototype form.
- The IOG Cryptography Handbook provides thorough official specifications for Ed25519, KES, and VRF primitives, confirming the classical-only production posture.
- CPS-0027 ('Approaches to Post-Quantum Signatures') was confirmed as a Cardano Problem Statement in February 2026 and represents the most concrete public-facing PQ documentation, but it is a survey/review document, not an implementation.
- The Vision 2026 research program includes post-quantum work packages (WP1.2) at TRL 1-4, meaning foundational research through prototype only; no mainnet-path deliverables are scheduled within the 2026 work program.
- Mithril's current production certificate aggregation uses BLS signatures (quantum-vulnerable), though the team is prototyping SNARK-based aggregation as of April 2026; this is a separate infrastructure component, not core consensus.
- The Cardano node codebase (cardano-base, cardano-crypto, cardano-node) contains zero PQ algorithm implementations in any public branch as of the evaluation date.
- No formal quantum-specific incident-response playbook, performance benchmarks for PQ transition, or exchange/custody migration attestations exist.
Non-Scoring Caveats
- Cardano's eUTXO model hashes public keys (Blake2b-224) in addresses until first spend, providing structural protection against long-exposure attacks for UTXOs that have never been moved. This is a genuine architectural advantage but does not protect spent or reused-address value.
- The annual hard-fork cadence and CIP/CPS governance process provide a credible pathway for coordinated protocol upgrades once PQ primitives are ready for integration.
- The Vision 2026 research program is community-funded (₳32.916M) and includes specific post-quantum deliverables (novel PQ VRF construction, quantum-secure Ouroboros analysis, migration strategy), but all outputs target TRL 1-4 (research to prototype), not production deployment.
- Mithril's recursive SNARK prototype (in developer network as of April 2026) could eventually provide a quantum-safe alternative to BLS-based certificate aggregation, but this is not yet in production and does not affect the L1 spend-authorization or consensus vulnerability.
- Hoskinson's public statements (Consensus Miami, May 2026) reference a 'more than 50%' probability of commercially viable quantum computers before 2033, aligning with the urgency of migration planning but not constituting production protection.
- No production ZK privacy layer exists on Cardano mainnet, so quantum-vulnerable proof systems (Groth16, PLONK) are not a current production concern for the L1 scope evaluated.
- Future PQ-to-PQ upgrades (e.g., from one NIST PQC algorithm to another) are not scored as incomplete migration for the current production scope since no PQ production system exists yet.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: Cardano has published a cryptographic inventory across the IOG Cryptography Handbook (Ed25519, KES, VRF specifications), CPS-0027 ('Approaches to Post-Quantum Signatures'), and the Vision 2026 research proposal (WP1.2 Post-Quantum Security). CPS-0027 provides a prioritized threat model (signatures > VRFs > KES).
Coverage basis: PQ/hybrid usage
Implementation score: 0.75 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: CPS-0027 is a confirmed Cardano Problem Statement (as of Feb 2026) and provides a thorough survey, but it is not a formal quantum threat model with quantified attack timelines and value-at-risk modeling.
Inventory is strong by blockchain standards: official specs for all primitives, CPS-level threat prioritization, and research-program documentation.
- https://input-output-hk.github.io/cryptography_spec/specs/ed25519.html
- https://input-output-hk.github.io/cryptography_spec/specs/kes.html
- https://input-output-hk.github.io/cryptography_spec/specs/vrf25519.html
- https://github.com/cardano-foundation/CIPs/pull/1144
- https://www.cardanocube.com/governance/gov_actions/gov_action1ttgs45ulfxs0jwkfrecystc3flduhszmyzk8wnd7yw5za77tsg9qq4afmus
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: Evidence includes official IOG cryptographic specifications, open-source code (cardano-base, cardano-crypto, cardano-node), CIP/CPS repository documents, community forum discussions, and consistent secondary-source reporting.
Coverage basis: PQ/hybrid usage
Implementation score: 0.75 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: All cryptographic primitives are verifiable from public source code and official specifications. No independent quantum-specific audit exists because no PQ implementation exists to audit.
Evidence quality is good for verifying the classical-only posture. Source code confirms Ed25519 DSIGN instantiation, KES summed Ed25519, and ECVRF over Ed25519. No PQ code in any public branch.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: Cardano production transaction signatures use Ed25519 exclusively. The cardano-base DSIGN class instantiates Ed25519DSIGN for all transaction signing. No PQ or hybrid signature path exists in mainnet, testnet, or any public code branch.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization uses Ed25519 (ECC) exclusively; fully vulnerable to Shor's algorithm for private key recovery and signature forgery.
Assurance: The DSIGN class also supports EcdsaSecp256k1 and SchnorrSecp256k1 for interoperability, plus BLS12-381 for aggregation. All are classical and quantum-vulnerable. No PQ DSIGN instance exists.
Founder Hoskinson publicly acknowledged this vulnerability at Consensus Miami (May 2026).
- https://input-output-hk.github.io/cryptography_spec/specs/ed25519.html
- https://github.com/IntersectMBO/cardano-crypto
- https://www.iog.io/news/new-cardano-cryptographic-primitives-to-bring-greater-interoperability-and-secure-cross-chain-dapp-development
- https://beincrypto.com/cardano-founder-warns-quantum-threat/
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design prevents long-exposure quantum-vulnerable ownership paths or supports PQ/hybrid controls
Claim: Cardano's eUTXO model uses Blake2b-224 hashes of public keys in addresses rather than raw public keys. Public keys are revealed only at spend time. This structurally protects never-spent UTXOs from long-exposure quantum attacks. However, reused addresses and all previously-spent UTXOs have exposed public keys on-chain.
Coverage basis: complete-by-design native coverage
Implementation score: 0.25 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The eUTXO address construction (CIP-19) is well-documented and verifiable. Public key hashing provides genuine structural mitigation but only for the long-exposure attack window on never-spent addresses. Short-exposure (on-spend) attacks and all reused-address holdings remain fully vulnerable.
This structural advantage was noted in a Google Quantum AI paper summary ranking Cardano second among quantum-ready blockchains. However, most economically active ADA has been spent at least once, exposing the public key.
- https://developers.cardano.org/docs/learn/core-concepts/addresses/
- https://developers.cardano.org/docs/learn/core-concepts/eutxo/
- https://www.tradingview.com/news/u_today:20260401:cardano-adausd-has-been-ranked-second-on-a-list-of-blockchains-that-has-the-potential-to-resist-any-future-quantum-computer-attacks/
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable, including validator signatures, VRFs, randomness beacons, threshold signatures, or block certificates
Claim: Ouroboros Praos uses ECVRF (Ed25519-based) for private slot leader selection and summed Ed25519 KES for block signing. Both primitives are entirely classical and quantum-vulnerable. The Phalanx anti-grinding extension (CIP-0161) adds a VDF-based computation layer but does not replace the underlying ECVRF.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Consensus-critical VRF (ECVRF over Ed25519) and KES (summed Ed25519) are entirely quantum-vulnerable. A quantum adversary can recover VRF keys to predict/bias leader schedules and recover historical KES keys from operational certificates to forge alternative chains.
Assurance: The IOG Cryptography Handbook provides complete specifications for both ECVRF and KES. Both are instantiated over Ed25519. The Vision 2026 WP1.2 explicitly identifies PQ VRF construction as the most significant research challenge.
Phalanx (CIP-0161) adds a VDF layer to make grinding attacks economically infeasible but does not address quantum vulnerability of the underlying VRF.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: Cardano's core ledger uses Blake2b-256 hashing for UTXO commitments and block headers, which is hash-based and only affected by Grover's algorithm (requiring parameter doubling, not a fundamental break). However, Mithril certificate aggregation uses BLS signatures over BLS12-381, which is quantum-vulnerable. Future Leios/Peras consensus upgrades also introduce BLS-based aggregate signature certificates.
Coverage basis: PQ/hybrid usage
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Core ledger state integrity is hash-based and not directly vulnerable to Shor's algorithm. Mithril's BLS dependency is a separate infrastructure component (certificate aggregation for light clients and bootstrapping), not core consensus. The Mithril team is prototyping SNARK-based aggregation as of April 2026 but this is not in production.
The 'proof chain' concept proposes using Mithril certificates with PQ signatures to secure historical ledger state, but this is a proposal only.
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: Cardano mainnet does not have a production ZK privacy layer or shielded pool. Plutus can theoretically implement ZK verification, but no quantum-vulnerable ZK proof system (Groth16, PLONK) is deployed as a protocol-level privacy mechanism on mainnet.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
If Midnight or another privacy solution becomes a critical L1 dependency, this subfactor would need re-evaluation.
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: Cardano node P2P communication uses classical cryptography for transport security and peer authentication. This layer does not directly secure asset ownership, consensus finality, or spend authorization.
Coverage basis: complete-by-design native coverage
Implementation score: 1 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: No specific P2P crypto audit was reviewed. This is not quantum-critical for the evaluated scope.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path or are protected by native satisfied-by-design controls
Claim: No production wallet (Lace, Eternl, Yoroi, Daedalus, Typhon) supports PQ signature schemes. No HSM or hardware wallet integration for PQ signing exists. All wallet signing uses Ed25519.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No wallet vendor has announced PQ support. This is consistent with the absence of any PQ signature scheme at the protocol level. Wallet PQ support is blocked on protocol-level PQ adoption.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks across all attack windows
Claim: Essentially 0% of ADA value-at-risk is protected by PQ cryptography. The eUTXO structural protection (public key hashing) covers only never-spent UTXOs against long-exposure attacks. All actively used addresses, staked ADA, exchange-held ADA, treasury ADA, and previously-spent UTXOs have exposed or exposable public keys.
Coverage basis: migrated value
Implementation score: 0.05 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists in reused addresses and previously-spent UTXOs with exposed public keys, with no migration, freeze, burn, or deprecation mechanism.
Assurance: Exact percentage of never-spent vs. previously-spent UTXOs by value is not publicly measured. The assessment is based on the structural properties of the eUTXO model and the known behavior of exchanges, staking, and DApp usage patterns.
Coverage score of 1/20 per QRI coverage thresholds (<25%). The eUTXO model means some dormant, never-moved ADA may have unexposed public keys, but this represents a small and shrinking fraction of total supply.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (Cardano Foundation treasury, IOG-controlled wallets, exchange custody wallets, major protocol treasuries, stake pool operator keys) are PQ-protected. All use Ed25519 key pairs.
Coverage basis: migrated value
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No public evidence of any Cardano ecosystem wallet, exchange, custodian, or protocol treasury having migrated to PQ keys. This is consistent with the absence of protocol-level PQ support.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: The eUTXO model makes it technically possible to distinguish never-spent UTXOs (public key not exposed) from previously-spent ones. CPS-0027 and the Vision 2026 research program acknowledge the quantum vulnerability of exposed keys. However, no systematic on-chain identification, measurement, deprecation, freeze, or burn mechanism exists for quantum-vulnerable UTXOs.
Coverage basis: migrated value
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The problem is acknowledged in research documents but no measurement methodology, on-chain tagging, or deprecation mechanism has been proposed, let alone implemented.
The eUTXO structure inherently distinguishes exposed from unexposed keys, which is a structural advantage for future migration planning but does not constitute active identification or deprecation.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: Cardano has published a multi-layered PQ roadmap: CPS-0027 (Approaches to Post-Quantum Signatures, confirmed Feb 2026), Vision 2026 research program (WP1.2 Post-Quantum Security with specific deliverables), and public statements by Charles Hoskinson referencing NIST FIPS 203-206 adoption and annual hard-fork-based migration.
Coverage basis: PQ/hybrid usage
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: CPS-0027 is a confirmed Cardano Problem Statement (not a CIP implementation proposal). Vision 2026 WP1.2 targets TRL 1-4 (research to prototype), not production deployment. The roadmap has no committed mainnet activation date for PQ primitives.
Roadmap quality is above average for the blockchain space: there is a formal CPS, a funded research program, and founder-level strategic commitment. However, this is still a roadmap, not production protection.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts are available, default, strongly preferred, mandatory, or complete by design
Claim: No PQ account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist. All user-facing infrastructure assumes Ed25519 keys.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No Cardano wallet supports PQ key generation or PQ transaction signing. This is verifiable from wallet documentation and is consistent with the protocol-level absence of PQ signature support.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist and exchange, custody, bridge, wallet, and infrastructure coordination prevents unsafe fallback into vulnerable systems
Claim: No enforcement mechanisms exist for quantum-vulnerable keys. No deprecation, freeze, disabled legacy signing, restricted withdrawals, unsafe-path blocking, or mandatory migration deadlines have been proposed, let alone implemented.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: Cardano has a functional on-chain governance system (CIP-1694, Voltaire) with DReps, Constitutional Committee, and treasury. The annual hard-fork cadence provides a structured upgrade path. However, no quantum-specific incident-response playbook, disclosure process, or emergency governance procedure exists.
Coverage basis: PQ/hybrid usage
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The absence of a quantum-specific IR playbook does not itself create a quantum-vulnerable path; the vulnerability exists regardless. General governance infrastructure exists and could theoretically coordinate a response.
The annual hard-fork schedule provides a credible mechanism for coordinated upgrades once PQ primitives are ready.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No PQC algorithms are implemented in any Cardano production, testnet, or prototype code. Research references (CPS-0027, Vision 2026, Hoskinson statements) mention NIST FIPS 203-206 candidates (ML-KEM, ML-DSA, SLH-DSA) as likely targets, but no algorithm selection has been formalized.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: CPS-0027 discusses NIST PQC candidates (ML-DSA, SLH-DSA, Falcon, SQIsign, FAEST) and their trade-offs in the context of Plutus builtins. But no formal algorithm selection has been made, and no reference implementation has been integrated.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: No independent cryptographic or implementation audit exists for any PQ component because no PQ implementation exists in any form (production, testnet, or prototype) within the Cardano ecosystem.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The classical Ed25519 implementation in cardano-base uses libsodium and has been subject to general security review through Cardano's development process, but no quantum-specific audit has been conducted.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: All classical cryptographic primitives (Ed25519 DSIGN, KES, ECVRF) are open-source in the cardano-base and cardano-crypto repositories, with reproducible builds. However, no PQ implementation exists to evaluate for openness or reproducibility.
Coverage basis: PQ/hybrid usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The existing classical crypto codebase is well-structured and publicly verifiable. This provides a good foundation for future PQ integration but does not constitute PQ implementation assurance.
The KES Rust implementation explicitly states it 'has not been audited. Use at your own risk.'
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: Cardano's DSIGN, KES, and VRF abstractions are type-class-based, providing theoretical parameter agility. The annual hard-fork cadence provides a regular upgrade window. CPS-0027 discusses algorithm selection criteria including upgradeability. However, no PQ parameter agility has been implemented or tested.
Coverage basis: PQ/hybrid usage
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The DSIGN type class supports multiple algorithm instantiations (Ed25519, EcdsaSecp256k1, SchnorrSecp256k1, BLS12-381, Ed448, Mock), demonstrating that the abstraction layer can accommodate new algorithms. However, adding a PQ scheme involves more than a new DSIGN instance.
PQ algorithms with much larger signatures (2-50 KB) pose integration challenges not yet addressed.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks are considered
Claim: Cardano's KES implementation already manages stateful key evolution with secure forgetting (mlocked memory, deterministic erasure). The KES codebase demonstrates awareness of state management discipline. However, this has not been applied to PQ stateful schemes (XMSS/LMS) and no PQ-specific side-channel analysis exists.
Coverage basis: PQ/hybrid usage
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The KES class includes secure forgetting, mlocked allocators, and period tracking. This demonstrates institutional awareness of stateful signature risks, but PQ stateful schemes have different requirements.
SLH-DSA (SPHINCS+) is stateless and would not require KES-style state management.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: CPS-0027 and Vision 2026 WP1.2 acknowledge the performance implications of PQ signatures (size, verification time). CPS-0027 specifically discusses signature sizes (Falcon ~666 bytes, Dilithium ~2420 bytes, SPHINCS+ ~8080 bytes). Vision 2026 includes performance benchmarking as a deliverable. However, no empirical performance analysis with Cardano-specific integration parameters has been published.
Coverage basis: PQ/hybrid usage
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The performance analysis in CPS-0027 is qualitative rather than quantitative with Cardano-specific block size, mempool, and validation-time constraints.
PQ signature sizes (particularly SLH-DSA at 8-50 KB and ML-DSA at ~2.4 KB) are orders of magnitude larger than Ed25519 (64 bytes). This has significant implications for Cardano's block size limits, transaction fees, mempool behavior, and UTXO storage.
Report metadata