tokenized asset
Figure Heloc FIGR_HELOC
FIGR_HELOC is a tokenized real-world asset (HELOC portfolio) native to the Provenance Blockchain (Cosmos SDK/CometBFT PoS Layer 1). The token has no independent cryptographic namespace and fully inherits Provenance's quantum exposure. Provenance uses secp256k1 for user transaction spend authorization and ed25519 for validator consensus signatures—both classical ECC schemes vulnerable to Shor's algorithm. No PQC or hybrid-PQC protection is deployed on mainnet. Figure Technologies acknowledged quantum risk in its August 2025 SEC prospectus, and the Provenance whitepaper lists 'Quantum-Resistant Protocol Evolution' as a long-term (24-36 months) vision item with no specific algorithms, implementation plan, or governance proposal. All on-chain FIGR_HELOC ownership and settlement remains quantum-vulnerable. The project is assessed at Stage 1 (Quantum Risk Assessed) with a QRI Score of 19/100. The score is capped by the Stage 1 limit (20) and reflects risk acknowledgment with minimal production protection credit for quantum-safe SHA-256 state-integrity mechanisms. The token's 'digital twin' design with off-chain legal documentation provides potential off-chain recoverability but does not constitute quantum resistance or protect on-chain settlement from quantum-enabled forgery or theft.
Roadmap OnlyTokenized RWAInherits L1 Score (Provenance Blockchain)
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0.17 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
6.56 / 35
Security Assessment & Evidence Preparedness
1.25 / 5
Critical Quantum Blockers
- Spend authorization on Provenance Blockchain is entirely ECC-based (secp256k1) with no PQC or hybrid-PQC support in production. All FIGR_HELOC token ownership, transfer, and settlement paths depend on quantum-vulnerable ECC signatures.
- Consensus and validator authentication on Provenance Blockchain uses ed25519 ECC-based signatures, remaining quantum-vulnerable. A quantum adversary could compromise network finality and block certification.
- No PQC migration mechanism, prototype, testnet, or mainnet support exists for Provenance Blockchain or FIGR_HELOC token holders. The whitepaper roadmap vision has no implementation plan, algorithm selection, or governance proposal.
- Material long-exposure quantum-vulnerable value exists on Provenance (all accounts that have transacted expose public keys on-chain) with no migration, freeze, deprecation, or recovery path.
Key Risks
- Complete quantum vulnerability of all on-chain spend authorization: a CRQC could forge secp256k1 transaction signatures to steal any FIGR_HELOC tokens or manipulate on-chain ownership records.
- Consensus and validator authentication on Provenance uses ed25519; a quantum adversary could compromise network finality, validator set integrity, and block certification.
- All FIGR_HELOC value-at-risk (approximately $13B+ TVL across Figure's RWA ecosystem as of Sep 2025) is exposed to quantum key-recovery attacks with no migration path, freeze mechanism, or deprecation policy.
- No quantum-safe custody, wallet, or HSM workflows exist for FIGR_HELOC tokens. Institutional holders have no protection against long-exposure key compromise.
- Public keys are exposed on-chain for every Provenance account that has sent a transaction, creating long-exposure (at-rest) quantum attack surfaces with no time constraint for an adversary.
- The Provenance 'Quantum-Resistant Protocol Evolution' roadmap is a whitepaper vision item with no specification, algorithm selection, timeline commitment, or governance proposal, providing no current protection.
- Even if off-chain legal documentation could support recovery of underlying HELOC assets, the on-chain token settlement layer would be compromised, potentially freezing secondary market trading and causing cascading trust failures in the RWA tokenization ecosystem.
Assurance Notes
- No independent cryptographic or security audit exists for Provenance Blockchain's production cryptographic stack, including signature schemes, consensus authentication, or key management.
- No quantum-specific audit or review has been published for Provenance Blockchain or FIGR_HELOC token contracts.
- The Provenance whitepaper lists 'Quantum-Resistant Protocol Evolution' as a Long-Term Ecosystem Expansion (24-36 Months) vision item with post-quantum cryptographic primitives, quantum-safe signature schemes, and lattice-based cryptography integration. No specific algorithms, timeline commitments, governance proposals, or implementation plans are provided.
- Figure Technologies acknowledged quantum computing as a risk factor to blockchain cryptography in its SEC S-1 filing (August 2025) but did not describe any deployed mitigation, migration plan, or quantum-readiness program for FIGR_HELOC or Provenance.
- Provenance Blockchain uses standard Cosmos SDK cryptography: secp256k1 for user transaction spend authorization and ed25519 for validator consensus signatures. Both are verifiable from public code (provenance-io/provenance) and official developer documentation (developer.provenance.io).
- State-integrity mechanisms on Provenance use SHA-256 hash-based Merkle trees (CometBFT standard), which are quantum-safe per current knowledge (Grover's algorithm provides only quadratic speedup, preserving ~128-bit post-quantum security). However, this does not protect spend authorization or consensus, which remain quantum-vulnerable.
- FIGR_HELOC is a tokenized 'digital twin' of real-world HELOC loans governed by traditional legal documentation. Quantum-enabled on-chain theft may be legally recoverable through the underlying loan agreements, but this does not protect the on-chain settlement layer.
- No formal quantum-specific incident-response playbook, performance benchmark, exchange migration attestation, or custody migration plan exists for Provenance Blockchain or FIGR_HELOC.
Non-Scoring Caveats
- FIGR_HELOC represents real-world HELOC debt instruments with traditional legal documentation. A quantum-enabled theft of the on-chain token might be legally recoverable off-chain through the underlying loan agreements, but this does not protect the on-chain settlement layer from quantum-enabled forgery or theft.
- The Provenance whitepaper mentions 'Quantum-Resistant Protocol Evolution' under Long-Term Ecosystem Expansion (24-36 Months) with lattice-based cryptography integration. No specific algorithms (e.g., ML-DSA, FN-DSA, SLH-DSA), timeline commitments, governance proposals, or public code were found. The 'late 2026/2027' target mentioned in some secondary sources could not be verified from primary Provenance documentation. This is treated as Low-confidence roadmap intent, not current production protection.
- Provenance's on-chain governance mechanism supports software upgrades and parameter changes, which could theoretically accommodate a PQC migration. However, no quantum-related governance proposals have been submitted or discussed publicly.
- Figure Technologies holds approximately 20% of HASH utility token supply and supports Provenance protocol development, creating potential for coordinated upgrade but no current PQC commitment.
- Standard Cosmos SDK IBC (Inter-Blockchain Communication) light client verification depends on counterparty chain consensus signatures, which are typically ECC-based. This is a potential bridge-level quantum risk if IBC is used for FIGR_HELOC-related value transfers, though no specific IBC dependency was identified for this token.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and quantum threat model
Claim: Figure Technologies acknowledged quantum computing risk to blockchain cryptography in its SEC S-1 filing (August 2025). The Provenance whitepaper lists 'Quantum-Resistant Protocol Evolution' as a long-term vision item. No detailed public cryptographic inventory or quantum threat model specific to Provenance or FIGR_HELOC was found.
Coverage basis: SEC filing risk-factor disclosure and whitepaper roadmap mention
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: SEC filing is a high-confidence primary source for risk acknowledgment but does not inventory affected cryptographic primitives, assess attack surfaces, or propose mitigation timelines. Whitepaper roadmap is a vision item with no detail.
The SEC filing acknowledges quantum risk generically for blockchain cryptography but does not detail affected layers, assets, or attack assumptions for Provenance or FIGR_HELOC specifically.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: Evidence includes SEC filing, whitepaper, GitHub repository, official developer documentation, and secondary market data sources. No code references, spec analysis, transaction examples, or reproducible analytics support an actionable quantum-readiness assessment.
Coverage basis: Documentation and source code
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Evidence supports the claim that quantum risk has been acknowledged at a high level, but no actionable quantum-readiness assessment exists. The whitepaper is a general vision document; GitHub shows active classical Cosmos SDK development with no quantum-related modules.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: Provenance Blockchain uses secp256k1 for user transaction spend authorization, inherited from the Cosmos SDK standard account model. No PQC or hybrid-PQC support exists.
Coverage basis: Standard Cosmos SDK architecture; inherited by FIGR_HELOC
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization is secp256k1 ECC-only; quantum-vulnerable to Shor's algorithm.
Assurance: Provenance developer documentation explicitly states users use secp256k1 curve for transaction authentication. Cosmos SDK source code confirms this as the default signing algorithm.
Public keys are stored on-chain in Account objects after first transaction, creating long-exposure attack surfaces.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: Provenance uses standard Cosmos SDK Bech32 addresses derived from secp256k1 public keys. Public keys are exposed on-chain when accounts transact. No PQ or hybrid key-derivation or address design exists.
Coverage basis: Standard Cosmos SDK account model; inherited by FIGR_HELOC
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: HD wallet derivation path m/44'/505'/0'/0/0 confirmed in Provenance docs. Public key exposure follows standard Cosmos SDK pattern. Addresses that have never sent a transaction have not exposed their public key (only the address hash is visible).
All FIGR_HELOC token holder addresses are publicly visible on Provenance, creating a harvest-now-decrypt-later target for quantum adversaries.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC
Claim: Provenance uses CometBFT BFT PoS consensus with ed25519 validator signatures. No PQC or hybrid consensus authentication exists.
Coverage basis: CometBFT consensus engine with classical ECC signatures; inherited by FIGR_HELOC
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Consensus validator authentication uses ed25519 ECC-only; quantum-vulnerable to Shor's algorithm.
Assurance: Provenance developer docs explicitly state validator nodes use ed25519 curve. Whitepaper confirms CometBFT-based BFT PoS consensus at 4-5 second block times.
Consensus compromise on Provenance would directly affect FIGR_HELOC settlement finality and ownership records.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: Provenance uses standard CometBFT SHA-256 Merkle trees (RFC 6962) for state commitments and block verification. SHA-256 is quantum-safe against known quantum attacks (Grover's algorithm provides only quadratic speedup, leaving ~128-bit post-quantum security). No KZG, pairing-based commitments, or quantum-vulnerable commitment schemes are used.
Coverage basis: SHA-256 hash-based state integrity; satisfied by design
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: SHA-256 Merkle tree usage is standard across CometBFT/Cosmos SDK and confirmed in CometBFT encoding specification. The whitepaper mentions zk-SNARK research for privacy, which would be pairing-based and quantum-vulnerable if deployed, but this is a future vision item, not a production mechanism.
State-integrity quantum safety does not protect against quantum-enabled ownership forgery or theft since spend authorization paths remain ECC-based.
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: Provenance has no privacy layer, shielded pool, or ZK proof system deployed for FIGR_HELOC. The whitepaper mentions zk-SNARK and zk-STARK research as future vision items only.
Coverage basis: Not applicable to current FIGR_HELOC scope
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Whitepaper mentions zk-SNARK implementation and zk-STARK research for post-quantum security as future vision items. If zk-SNARKs (pairing-based) were deployed, they would be quantum-vulnerable. zk-STARKs (hash-based) would be quantum-safe.
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: Provenance uses standard CometBFT/Tendermint P2P networking with ed25519 node identity. No PQC transport or node identity protection exists.
Coverage basis: Standard CometBFT P2P stack; inherited by FIGR_HELOC nodes
Implementation score: 0 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: score-reducing
Assurance: P2P node identity is not consensus, spend, bridge, or custody-critical. Quantum compromise of P2P layer could enable eclipse attacks or network disruption but not direct token theft. This is a lower-priority quantum vulnerability.
Standard CometBFT P2P uses ed25519 for node identity and TLS or noise protocol for transport encryption. Quantum-vulnerable key exchange could enable harvest-now-decrypt-later on P2P traffic.
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path
Claim: No evidence of PQC-compatible wallet, custody, HSM, or hardware-wallet support for Provenance or FIGR_HELOC. Standard Cosmos SDK keyrings support secp256k1 and ed25519 only.
Coverage basis: Standard Cosmos SDK wallet infrastructure; no PQ support
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Provenance docs describe standard Cosmos SDK keyring with secp256k1 and ed25519 support only. No quantum-safe key management is available.
No public information about PQC wallet support, HSM integration, or quantum-safe custody solutions for Provenance-based assets was found.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of FIGR_HELOC value-at-risk on Provenance is protected from quantum key-recovery attacks. All on-chain ownership relies on ECC signatures. Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, or recovery path.
Coverage basis: All FIGR_HELOC value inherits Provenance L1 quantum exposure
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists with no migration, freeze, deprecation, or recovery path.
Assurance: Coverage is <25% (effectively 0%), scoring 1 out of 20 per QRI 9.3.1 thresholds. Figure's SEC filing reports ~$13B TVL as of Sep 2025; no quantum-protected value pool exists.
Off-chain legal recovery of underlying HELOC debt may be possible, but on-chain token ownership is fully exposed to quantum attack.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, Figure foundation) holding FIGR_HELOC or HASH on Provenance have been migrated to PQ-safe controls.
Coverage basis: No evidence of any PQ wallet migration
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No public attestations, migration announcements, or PQ wallet deployments have been identified for any Provenance-based asset holders.
Figure Technologies holds significant HASH and operates critical infrastructure for the ecosystem; quantum compromise of these wallets would be catastrophic.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No legacy vulnerability identification, measurement, deprecation, migration, or freeze mechanism exists for FIGR_HELOC or Provenance accounts.
Coverage basis: No evidence of any vulnerability management
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
All existing FIGR_HELOC token holdings are permanently exposed with no planned remediation path.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: The Provenance whitepaper lists 'Quantum-Resistant Protocol Evolution' as a Long-Term Ecosystem Expansion (24-36 Months) vision item with post-quantum cryptographic primitives, quantum-safe signature schemes, and lattice-based cryptography integration. No specific algorithms, timeline commitments, governance proposals, or public code were found.
Coverage basis: Whitepaper vision bullet point only
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: The 'roadmap' is a single vision item in the whitepaper's Long-Term Ecosystem Expansion section with no sequencing, activation criteria, algorithm selection, governance proposal, or timeline commitment.
Assurance: This qualifies as 'roadmap/proposal only' under QRI Readiness & Risk Cap. The 'late 2026/2027' target mentioned in some secondary sources could not be verified from primary Provenance documentation.
Late 2026/2027 target mentioned on provenance.io is aspirational only; no governance proposal or development activity has been initiated.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for FIGR_HELOC or Provenance accounts.
Coverage basis: No evidence available
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Complete absence of any migration infrastructure or user communication about quantum risk.
FIGR_HELOC token holders have no path to protect their on-chain holdings from quantum attack.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist and ecosystem coordination prevents unsafe fallback
Claim: No enforcement mechanisms, deprecation policies, legacy signing disablement, or exchange/custodian coordination exist for quantum migration.
Coverage basis: No evidence available
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Complete absence of migration enforcement planning.
Provenance has on-chain governance for software upgrades and parameter changes, but no quantum-related governance proposals have been submitted or discussed publicly.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific incident response plan, disclosure process, or emergency governance mechanism has been published.
Coverage basis: No evidence available
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Provenance has on-chain governance for software upgrades and parameter changes, but no quantum-specific emergency procedures are documented. Absence of a quantum-specific IR playbook is an assurance-only caveat per QRI guidance.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: No PQC or hybrid-PQC algorithms are deployed on Provenance mainnet or in FIGR_HELOC token operations. The whitepaper mentions lattice-based cryptography as a future vision item with no specific algorithm selection.
Coverage basis: No evidence of any PQC algorithm usage
Implementation score: 0 · Evidence confidence: None
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Whitepaper mentions 'lattice-based cryptography integration' as a long-term vision without specifying NIST standards (ML-DSA, FN-DSA, SLH-DSA) or any implementation plan.
The complete absence of any PQC algorithm adoption is the foundational vulnerability underlying all other quantum-critical issues.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: No independent cryptographic or security audit has been identified for Provenance Blockchain's cryptographic stack or FIGR_HELOC token contracts.
Coverage basis: No audit evidence available
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: This is an assurance-only caveat under QRI rules. The absence of an audit does not itself create a quantum-critical vulnerability, but it means no independent verification of the classical crypto implementation exists.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Provenance Blockchain has an open-source GitHub repository (Go, Cosmos SDK fork). FIGR_HELOC is a native asset using Provenance's marker module. However, no PQC implementation exists to evaluate for quantum readiness.
Coverage basis: Public GitHub repository
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: score-reducing
Assurance: Open-source code is available and actively maintained (v1.29.0-rc2 as of May 2026). The classical crypto stack is verifiable from public code. No PQC implementation exists to evaluate.
Partial credit for open-source availability, but this supports only the classical implementation, not any quantum-readiness claim.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: Provenance has governance mechanisms for software upgrades and parameter changes via Cosmos SDK governance. No specific PQC agility or hybrid transition path is documented.
Coverage basis: Standard Cosmos SDK governance and upgrade modules
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: General governance infrastructure exists for parameter changes and software upgrades, but no quantum-specific upgrade plan, hybrid signature scheme design, or key migration protocol has been proposed or documented.
The Cosmos SDK governance mechanism theoretically could accommodate a PQC migration, but no concrete plan, RFC, or governance proposal exists.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks considered
Claim: No PQC signature scheme is in use, so stateful-signature safety (XMSS/LMS) concerns are not applicable to the current production scope.
Coverage basis: No PQC implementation exists
Implementation score: 0 · Evidence confidence: None
Issue classification: none · Score treatment: not applicable
Assurance: This subfactor becomes applicable if/when a stateful PQC scheme (e.g., XMSS/LMS) is adopted.
N/A because no PQC implementation exists to evaluate.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists where PQ signature/verification costs could affect safe deployment
Claim: No PQC performance analysis, benchmark, or resource-impact study has been published for Provenance Blockchain.
Coverage basis: No evidence available
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Under QRI rules, missing formal performance benchmarks in the absence of any PQC implementation are note-only caveats. If Provenance proceeds with PQC migration, large signature sizes (FN-DSA ~1,280 bytes, ML-DSA ~2,420+ bytes vs Ed25519 64 bytes) will significantly impact block size, transaction throughput, gas costs, and archival storage.
Report metadata