stablecoin
Dai DAI
Dai (DAI) is a standard ERC-20 stablecoin on Ethereum that inherits its host chain's quantum-readiness posture (Ethereum QRI: 25/100, Migration Stage 2 per LayerQu). The token itself has no independent cryptographic layer; all transfers and ownership rely on Ethereum's ECDSA secp256k1 signatures. MakerDAO/Sky governance controls (minting parameters, collateral ratios, stability fees) are administered via classical ECDSA multisig wallets, creating an additional quantum-vulnerable surface. No public cryptographic inventory, quantum threat assessment, or migration roadmap has been published by MakerDAO/Sky. DAI's quantum readiness is therefore entirely gated by Ethereum's future base-layer migration and MakerDAO's eventual governance coordination.
Category breakdown
QRI Factors
Critical Quantum Blockers
- MakerDAO/Sky governance and admin keys rely entirely on quantum-vulnerable ECDSA signatures on Ethereum; an attacker who compromises these keys could manipulate collateral ratios, mint unbacked DAI/USDS, adjust stability fees, trigger liquidations, or drain protocol reserves.
- No token-specific or L1-inherited post-quantum migration path is currently live, planned, or formally assessed by the MakerDAO/Sky protocol team.
Key Risks
- DAI inherits Ethereum's quantum-vulnerable ECDSA secp256k1 signature scheme for all token transfers and ownership.
- MakerDAO/Sky governance and administrative multisig wallets rely on classical ECDSA signatures, exposing DAI's monetary policy, collateral parameters, and emergency controls to quantum key-recovery attacks.
- No public cryptographic inventory, quantum threat model, or migration roadmap exists for the Maker Protocol or DAI token.
- A quantum attack on Ethereum EOAs would compromise the collateral backing DAI, leading to potential de-pegging, forced liquidations, and systemic failure.
- Governance multisig signer public keys are permanently exposed on-chain through historical transactions, creating a long-exposure (at-rest) attack surface with no time constraint for a quantum adversary.
Assurance Notes
- DAI is a standard ERC-20 token and inherently inherits the cryptographic reality and quantum exposure of Ethereum L1 (QRI 25/100, Migration Stage 2 per LayerQu).
- MakerDAO/Sky has not published a quantum-specific risk assessment, cryptographic inventory, or migration roadmap for the Maker Protocol or DAI token.
- Ethereum Foundation has a dedicated post-quantum team and published roadmap targeting ~2029 for core infrastructure; DAI will inherit any future Ethereum base-layer PQ upgrades for user transactions, but MakerDAO/Sky governance keys require separate migration.
- Governance, administrative multisig wallets, and collateral management controls remain entirely dependent on classical ECDSA secp256k1 signatures.
- Token-specific evaluation yields no post-quantum protection; any future quantum readiness for DAI is strictly gated by Ethereum's base-layer migration and MakerDAO's governance coordination.
Non-Scoring Caveats
- DAI inherits Ethereum's base-layer quantum readiness (QRI 25/100 per LayerQu, Migration Stage 2); token-specific admin keys add additional quantum risk that is not captured in the inherited score.
- Ethereum's post-quantum roadmap targets approximately 2029 for core infrastructure; DAI user transactions will benefit from any future Ethereum PQ upgrades, but MakerDAO/Sky governance keys require separate migration coordination.
- The ongoing DAI-to-USDS migration (Sky Protocol rebrand) is operationally significant but cryptographically neutral — USDS governance uses the same ECDSA-based mechanisms.
- Bridged/wrapped DAI representations on non-Ethereum chains are outside this evaluation scope; each inherits its host chain's quantum posture and bridge security model.
Evidence record
Claims and Caveats
Token / L1 Inheritance
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: DAI is a standard ERC-20 token on Ethereum, inheriting its ECDSA secp256k1 spend authorization with no custom cryptographic primitives.
Coverage basis: Non-native dependency (L1 inheritance)
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECC-only via Ethereum L1 inheritance.
Assurance: Contract address and standard ERC-20 implementation verified on Etherscan. No PQ extensions exist.
Token inherits L1 Score [Ethereum]. Quantum exposure is determined by the host chain's base layer.
Governance / Admin Keys
Account, address, public-key exposure, and key-derivation design
Claim: MakerDAO/Sky governance, treasury controls, and protocol parameters are managed via classical Ethereum multisignature wallets using ECDSA.
Coverage basis: Classical ECC
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Governance and admin keys remain quantum-vulnerable with no PQ or hybrid controls documented.
Assurance: MIP47, StablePQC, and BMIC confirm reliance on standard Ethereum multisig patterns with exposed ECDSA public keys.
Quantum compromise of MKR governance tokens' signing keys or protocol multisigs would give an attacker control over DAI's monetary policy and collateral ratios.
Security Assessment
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: No public cryptographic inventory or risk assessment for quantum threats exists for MakerDAO or DAI.
Coverage basis: No PQ implementation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory or formal risk assessment published by the protocol team.
Assurance: Whitepaper and technical docs predate quantum discussions; no updates found indicating PQ awareness or planning.
Third-party research (e.g., Google Quantum AI, BMIC) has assessed the risk, but the protocol itself has not published an evidence-backed risk assessment.
Ethereum L1 Inheritance
Base-layer QRI score inheritance
Claim: DAI inherits Ethereum's base-layer QRI score of 25/100 (Migration Stage 2) per LayerQu methodology.
Coverage basis: L1 inheritance per QRI Section 7.2
Implementation score: 1 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: LayerQu provides external reference for Ethereum's quantum readiness; score reflects Ethereum's acknowledged post-quantum roadmap.
Ethereum's QRI score (25/100) reflects acknowledged quantum risk with active research and roadmap but no production PQ protection yet.
Migration Status
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of DAI token-specific value-at-risk is protected from quantum attacks; all governance-controlled value remains quantum-vulnerable.
Coverage basis: Classical ECC
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, or recovery path.
Assurance: All on-chain value and governance control paths are exposed to long-duration ECDSA public keys.
Coverage is 0% for token-specific governance keys. Migration is entirely dependent on Ethereum L1 ecosystem tooling and MakerDAO governance action.
Report metadata