PoW chain
Dogecoin DOGE
Dogecoin is a classical PoW UTXO chain whose production spend authorization remains entirely ECDSA/secp256k1-only. The Dogecoin Foundation and core developers have made tangible R&D progress: libdogecoin PR #288 (merged April 2026) integrates liboqs-based PQC support (Falcon, Dilithium/ML-DSA), and an experimental OP_RETURN-based post-quantum commitment transaction was executed on mainnet in April 2026. However, these are prototype/experimental artifacts that provide zero material protection to production users. The UTXO model offers inherent hash-based at-rest protection for P2PKH addresses that have never been spent or reused, but ~82.5M P2PK public keys are structurally exposed on-chain, and address reuse creates additional operational exposure. No formal cryptographic inventory, quantum threat model, migration mechanism, enforcement path, or independent PQC audit exists. The RE-EN proposal uses un-reviewed bespoke cryptography and should not be weighted as a credible PQC design. Dogecoin is in Stage 2 (Mitigation / Development) with a QRI Score of 17, capped at 40 by the ECC-only spend authorization blocker.
Roadmap OnlyPartial ProtectionPQ-Recoverable
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
5 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0.75 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
10.4 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- Active production spend authorization remains entirely ECDSA/secp256k1-only; no PQC or hybrid-PQC signature path is available to any production user (caps QRI at 40).
- Material long-exposure quantum-vulnerable value exists: ~82.5M P2PK extracted unique public keys on-chain (structurally exposed), plus operational exposure from address reuse and spent-output key revelation; no migration, freeze, deprecation, burn, or policy path exists (caps QRI at 55, subsumed by the 40 cap).
- No formal public cryptographic inventory or quantum threat model has been published by the Dogecoin project.
Key Risks
- All DOGE spend authorization depends on ECDSA/secp256k1; a CRQC running Shor's algorithm could derive private keys from any revealed public key.
- P2PK outputs (~82.5M extracted unique public keys, including early coinbase outputs) are structurally exposed at rest and many may be lost/abandoned, making them permanently vulnerable with no migration path.
- Address reuse across the network creates operational exposure: once a P2PKH public key is revealed in a spend, all remaining UTXOs at that address become at-rest vulnerable.
- The RE-EN proposal's cryptographic claims ('infinite compression', non-standard techniques) are un-reviewed and could create a false sense of progress; the credible PQC path runs through libdogecoin/liboqs, which is not yet in Dogecoin Core.
- No governance process, activation mechanism, or community consensus exists for a PQC soft fork; timeline is aspirational (2027-2030) with no binding milestones.
- Dogecoin's 1-minute block time makes on-spend attacks extremely difficult (<0.0125% success probability per Google's March 2026 analysis), but at-rest attacks on exposed keys face no such timing constraint.
Assurance Notes
- The only known independent audit (Least Authority, April 2023) covers Dogecoin node upgrade software, not quantum-critical cryptographic components, and is stale for the current evaluation date.
- libdogecoin PR #288 (merged April 2026) adds liboqs-based PQC support (Falcon, Dilithium/ML-DSA) to the library layer, but this has not been integrated into Dogecoin Core production releases.
- The April 2026 experimental OP_RETURN-based PQ transaction on mainnet is a proof-of-concept demonstration, not a production protection mechanism. It does not protect any user funds.
- No formal quantum-specific incident-response playbook, performance benchmark, or migration user-education program exists.
- The Dogecoin Standard (Foundation trailmap) does not yet include cryptographic inventory or quantum risk assessment scope.
- RE-EN (Revolutionary Encryption Network) proposal makes extraordinary claims (e.g., 'infinite compression into a single character') that lack peer-reviewed cryptographic validation and should not be treated as a credible PQC design without independent review.
Non-Scoring Caveats
- The Dogecoin Standard documentation project does not cover cryptographic inventory or quantum risk assessment scope.
- No formal performance/resource benchmark exists for PQC signature verification in the Dogecoin block-validation context; this is an operational/product caveat that does not affect current quantum-attack readiness.
- No exchange, custody, or hardware-wallet migration attestations exist, but these are note-only since no production PQC path exists for anyone to attest to.
- Future upgrade from one PQ-secure design to another (e.g., Falcon → ML-DSA) is not a current quantum-readiness concern.
- RE-EN proposal cryptography is un-reviewed and should not be treated as a credible PQC scheme; the libdogecoin/liboqs path is the only standards-track PQC work observed.
- P2P node identity uses classical cryptography but is not consensus, spend, or custody-critical.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: No formal public cryptographic inventory or quantum threat model has been published by the Dogecoin project.
Coverage basis: Absence of documented inventory; confirmed by Foundation trailmap scope and GitHub repository contents.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No formal public cryptographic inventory or quantum threat model has been published by the Dogecoin project.
Assurance: Community discussions (#3400, #3779) acknowledge ECDSA vulnerability and reference NIST PQC standards, but these are informal and do not constitute a formal inventory or threat model.
The Dogecoin Standard project (Foundation trailmap) does not include cryptographic inventory scope. No BIP/DIP-style quantum risk assessment document exists.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: Project has not published a formal evidence record (code references, specs, audits, transaction examples, reproducible analytics) supporting a quantum risk assessment.
Coverage basis: Absence of formal evidence record; informal GitHub discussions exist but lack structure, completeness, and reproducibility.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Informal GitHub discussions acknowledge vulnerability and reference NIST PQC algorithms, but no structured evidence record exists.
External academic research (Stütz et al., 2026) provides third-party public-key exposure data for Dogecoin but is not project-published evidence.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: Dogecoin Core uses ECDSA with secp256k1 for all production transaction signatures. Experimental OP_RETURN-based PQ commitment transactions have been executed on mainnet (April 2026) but provide no production spend-authorization protection.
Coverage basis: Source code confirmed via libsecp256k1 subtree dependency; experimental mainnet PQ transaction confirmed by Dogecoin Foundation director and core developers.
Implementation score: 0.5 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Active production spend authorization remains entirely ECDSA/secp256k1-only; caps QRI at 40.
Assurance: The experimental OP_RETURN PQ transaction is a proof-of-concept, not production protection. Implementation Score of 0.50 reflects prototype/experimental mainnet integration, not any material user protection.
libdogecoin PR #288 (merged April 2026) adds liboqs-based Falcon and Dilithium support at the library level, but this has not been integrated into Dogecoin Core or any production wallet.
- https://github.com/dogecoin/dogecoin
- https://www.dlnews.com/articles/web3/dogecoin-developers-start-preparing-for-threat-of-quantum-computers/
- https://coinpaper.com/4123/dogecoin-successfully-tests-quantum-resistant-transaction-on-mainnet
- https://coingo.net/altcoins/dogecoin-executes-first-experimental-post-quantum-transaction-on-mainnet/
Production Cryptographic Protection
Account, address, public-key exposure
Claim: Dogecoin uses UTXO model with P2PKH addresses that hide public keys behind SHA-256+RIPEMD-160 hashes, providing at-rest protection for never-spent, never-reused addresses. However, P2PK outputs (~82.5M extracted unique public keys per Stütz et al. 2026) are structurally exposed, and address reuse creates operational exposure.
Coverage basis: Protocol design (Bitcoin-derived UTXO) plus academic measurement of on-chain public-key exposure.
Implementation score: 0.25 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Academic paper (Stütz et al., FC 2026) provides third-party measurement: 82,459,658 P2PK and 1,873,438 P2MS extracted unique public keys for DOGE as of March 2025. No project-published exposure measurement exists.
Google's March 2026 analysis confirms Dogecoin's 1-minute block time makes on-spend attacks extremely difficult (success probability <0.0125%), but at-rest attacks on structurally or operationally exposed keys face no timing constraint.
Production Cryptographic Protection
Consensus-critical authentication
Claim: Dogecoin is a PoW chain with no validator signatures, BLS threshold signatures, VRFs, or finality signatures. Consensus is achieved through Scrypt PoW with SHA-256 block hashing.
Coverage basis: Protocol architecture: PoW with no validator set or consensus signature scheme.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
SHA-256 block hashing provides ~128-bit security against Grover's algorithm, which is generally considered adequate. Scrypt PoW does not introduce additional quantum-vulnerable cryptographic assumptions.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: Dogecoin state integrity relies on SHA-256 block hashing and Merkle tree commitments. No KZG/pairing-based commitments, zero-knowledge proof systems, or bridge verification mechanisms exist at the protocol level.
Coverage basis: Protocol architecture inspection: standard Bitcoin-derived PoW chain with SHA-256 hashing.
Implementation score: 0.25 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: SHA-256 has inherent partial quantum resistance (128-bit post-Grover), but the project has made no deliberate PQC design choices for state integrity. This is assurance-only since state integrity is not the primary quantum attack vector for a simple PoW chain.
No advanced cryptographic state-integrity mechanisms (pairings, ZK commitments, accumulators) are in use, so the quantum attack surface for state integrity is limited to SHA-256 preimage resistance.
Production Cryptographic Protection
Privacy and proof layers
Claim: Dogecoin has no privacy layer, shielded transactions, ZK proofs, note encryption, viewing keys, or stealth addresses at the protocol level.
Coverage basis: Protocol architecture: transparent UTXO chain with no privacy features.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: Dogecoin Core uses standard Bitcoin-derived P2P networking with no PQC or hybrid-PQC for node identity or peer authentication.
Coverage basis: Source code inspection; inherited from Bitcoin Core P2P stack.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: P2P node identity is not consensus-critical, spend-critical, bridge-critical, or custody-critical for Dogecoin. Node identity compromise would not enable theft, forgery, or inflation. This is an operational caveat, not a quantum-critical vulnerability.
Per QRI spec Section 7, P2P node identity using classical cryptography where network identity is not consensus/spend/bridge/custody-critical may be treated as satisfied by design. However, since no explicit design consideration exists, scored at 0.00 with note-only treatment.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows
Claim: No production wallet, custody, HSM, or hardware-wallet supports PQ/hybrid-PQC signature paths for Dogecoin. libdogecoin PR #288 adds PQC library support but is not integrated into any production wallet.
Coverage basis: Absence of production PQC wallet support; libdogecoin PQC integration exists at library level only.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: libdogecoin PR #288 (merged April 2026) by edtubbs integrates liboqs with Falcon and Dilithium support, but this is a C library not yet consumed by any production Dogecoin wallet. No hardware wallet, HSM, or custody vendor has announced Dogecoin PQC support.
This subfactor is scored at 0.25 because a prototype/library-level PQC integration exists (libdogecoin), but zero production wallet support exists for end users.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: Essentially 0% of Dogecoin's circulating supply is protected by PQC or hybrid-PQC spend authorization. UTXO hash-based protection shields never-spent P2PKH addresses at rest, but structurally exposed P2PK outputs and operationally exposed (reused/spent) addresses have no quantum protection.
Coverage basis: Protocol design: all spend authorization is ECDSA-only. No PQC migration has occurred. Academic research quantifies exposed public keys.
Implementation score: 0.05 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: cap-applying
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, burn, or policy path.
Assurance: Exact percentage of exposed supply is not independently measured by the project. Academic research (Stütz et al.) provides lower-bound key-exposure data. Coverage is clearly <25%, scoring 1 of 20 per QRI coverage thresholds.
Dogecoin's 1-minute block time provides strong defense against on-spend attacks (Google 2026: <0.0125% success probability), but at-rest exposed value (P2PK, reused addresses, spent-from addresses with remaining UTXOs) has no timing protection.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, foundations, major protocols) have migrated to or are protected by PQC for Dogecoin.
Coverage basis: No evidence of any PQC migration by any Dogecoin stakeholder.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Top Dogecoin wallets are predominantly exchange cold storage (Robinhood ~27B DOGE, Binance ~15.7B DOGE). None have published PQC migration plans or attestations for DOGE.
Exchange-custodied DOGE (~36%+ of supply) is controlled by ECDSA keys. These represent concentrated, high-value quantum targets.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No project-published identification, measurement, deprecation, or migration of legacy quantum-vulnerable UTXOs exists. Third-party academic research has identified ~82.5M P2PK and ~1.9M P2MS extracted public keys.
Coverage basis: Absence of project-published vulnerable-UTXO inventory; external academic measurement exists.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Stütz et al. (2026) provides third-party measurement but is not a project-published inventory. No project tooling or dashboard exists for users to check their own exposure status.
Early Dogecoin coinbase outputs (2013-2014 era) used P2PK and may contain lost/abandoned coins that are permanently quantum-vulnerable with no migration path. The Cryptsy wallet (~5B DOGE, dormant since 2016) is a notable example of inaccessible-but-exposed value.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: RE-EN proposal (January 2025) and QDOGE testnet plan (GitHub Discussion #3779) outline aspirational PQC integration with informal timeline (testnet 2025-2026, mainnet 2027-2030). No formal DIP, activation criteria, or binding milestones exist.
Coverage basis: GitHub Discussions and secondary reporting of developer statements.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The RE-EN proposal includes extraordinary and un-reviewed cryptographic claims. The more credible path is the libdogecoin/liboqs integration (PR #288), but this has no formal roadmap for Dogecoin Core integration. Timelines (2027-2030) are aspirational only.
No Dogecoin Improvement Proposal (DIP) for PQC has been formally submitted. The QDOGE testnet plan in Discussion #3779 is a community contribution, not an official Foundation or Core developer roadmap commitment.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts are available to Dogecoin users.
Coverage basis: Absence of any production PQ user tooling or migration prompts.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Users cannot create a PQC-protected Dogecoin address, sign a PQ transaction, or migrate funds to a quantum-safe path through any production wallet. The experimental OP_RETURN transaction is not user-accessible.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms exist: no deprecation of ECDSA, no freeze of vulnerable UTXOs, no disabled legacy signing, no restricted withdrawals, no unsafe-path blocking, no mandatory migration deadlines.
Coverage basis: Absence of any enforcement mechanism in protocol or governance.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No exchange, custody, bridge, wallet, or infrastructure coordination for PQC migration has been publicly documented. No soft-fork signaling mechanism (e.g., BIP9-style) has been proposed for PQC activation.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific incident-response process, emergency disclosure mechanism, or governance framework exists for quantum-related vulnerabilities.
Coverage basis: Absence of documented quantum-specific incident response.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Absence of a formal quantum-specific IR playbook is an assurance-only caveat per QRI Note-Only Caveat Rule since it does not independently create a current quantum-vulnerable path (the ECDSA-only spend authorization is the primary vulnerability).
Dogecoin has general security disclosure practices inherited from Bitcoin Core but nothing quantum-specific.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: libdogecoin PR #288 integrates liboqs, which provides NIST-standardized ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), plus Falcon (selected for NIST standardization). RE-EN proposal uses un-reviewed bespoke cryptography. The experimental OP_RETURN transaction uses liboqs-based algorithms.
Coverage basis: libdogecoin source code and PR review; liboqs algorithm documentation.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The libdogecoin PQC integration uses NIST-standard/standards-track algorithms (Falcon, Dilithium/ML-DSA, SLH-DSA), which is positive. However, the RE-EN proposal claims non-standard techniques ('infinite compression') with no peer review. The specific algorithm used in the April 2026 experimental mainnet transaction has not been publicly specified by the Foundation, though it is inferred to use Falcon or Dilithium via liboqs.
Scored at 0.25 because NIST algorithms are referenced in R&D but are not in production. The RE-EN proposal's un-reviewed cryptography is a concern but does not independently reduce the score since the liboqs path exists as a credible alternative.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit
Claim: No independent audit of quantum-critical cryptographic components (ECDSA/secp256k1 or PQC implementations) exists for the current production version. The Least Authority audit (April 2023) covers node upgrade software only.
Coverage basis: Least Authority audit report scope; absence of any PQC or ECC-focused audit.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: Per QRI v3.1, stale/scope-mismatched audit does not independently reduce QRI Score but caps confidence. The Least Authority audit is both stale (2023) and scope-mismatched (node software, not cryptographic primitives).
No audit exists for libdogecoin PQC integration (PR #288) or for the Dogecoin Core ECDSA/secp256k1 implementation specifically. The libsecp256k1 library has received some review in the Bitcoin context but not in a Dogecoin-specific quantum-threat model.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Dogecoin Core and libdogecoin are open-source (MIT/BSD-like licenses). libdogecoin PQC integration is open-source and buildable. No production PQC implementation exists in Dogecoin Core.
Coverage basis: GitHub repositories are publicly accessible with build instructions.
Implementation score: 0.5 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: The existing ECDSA code and the libdogecoin PQC library are open-source and reproducible. Scored 0.50 because PQC code exists at library level but is not in production Core, and the RE-EN proposal code has not been published.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: No documented parameter agility or PQC upgrade path exists for Dogecoin Core. The QDOGE testnet plan mentions transaction version flags for new signature types, but this is informal and not implemented.
Coverage basis: Informal GitHub discussion mentions; no formal specification.
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Informal proposal mentions version flags and hybrid approach but no formal specification. This is a future-upgrade concern that does not affect current quantum-attack readiness per QRI Note-Only Caveat Rule.
Algorithm & Implementation Assurance
Stateful-signature safety
Claim: The planned PQC algorithms (Falcon, Dilithium/ML-DSA, SLH-DSA) as integrated via liboqs are stateless signature schemes. No XMSS/LMS or other stateful schemes are planned.
Coverage basis: liboqs algorithm properties: Falcon, ML-DSA, and SLH-DSA are all stateless.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Satisfied by design for the planned PQC algorithms. If the project later adopts stateful schemes (e.g., XMSS/LMS for specific use cases), this subfactor would need re-evaluation.
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: No formal performance or resource-impact analysis exists for PQC signature/verification costs in the Dogecoin context (block validation, mempool policy, fee markets, archival growth, node hardware requirements).
Coverage basis: Absence of published performance analysis for Dogecoin PQC integration.
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Per QRI Note-Only Caveat Rule, absence of a formal performance benchmark does not independently reduce the QRI Score. PQC signature sizes (Falcon: ~666-1280 bytes, ML-DSA: ~2420-4627 bytes, SLH-DSA: ~7856-29792 bytes) are substantially larger than ECDSA (~70-72 bytes), which will affect block space and fees when deployed. This is an operational/product caveat for future deployment.
Dogecoin's 1MB block size limit and 1-minute block time make PQC signature size a material future concern for throughput and fee economics, but this does not affect current quantum-attack readiness.
Report metadata