blockchain network
NEAR Protocol NEAR
NEAR Protocol is at Stage 2 (Mitigation / Development) with a QRI Score of 20/100. The project has published a substantive quantum threat assessment and has a concrete roadmap to integrate NIST-standardized FIPS-204 (ML-DSA) signatures, with network upgrade 2.13 targeted for June 2026 to include a testnet deployment. However, as of the evaluation date (2026-06-05), no PQ protection exists on mainnet. All production spend authorization uses Ed25519/ECDSA, validator consensus relies on Ed25519 signatures, the P2P layer uses classical cryptography, and the Chain Signatures MPC bridge network (spanning 35+ chains) uses threshold ECC — all quantum-vulnerable. NEAR's decoupled account model with rotatable access keys is a genuine structural advantage that will enable single-transaction migration when PQ signatures reach mainnet. The score is capped at 40 by Stage 2 and further constrained by the near-total absence of production cryptographic protection. Users should monitor for the upgrade 2.13 testnet launch and subsequent mainnet deployment timeline.
Roadmap OnlyECC-Only Production
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
12 / 20
Migration Mechanism, Governance & Ecosystem Coordination
5 / 15
Migration Status & Value-at-Risk
0 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
3 / 5
Critical Quantum Blockers
- Active production spend authorization remains entirely Ed25519 (EdDSA) and ECDSA (secp256k1) — both quantum-vulnerable. No PQ signature scheme is available on mainnet as of 2026-06-05.
- Validator consensus authentication uses Ed25519 signatures (per Nomicon spec and nearcore code). Quantum-enabled forgery of validator approvals could compromise finality and block production.
- P2P network layer uses classical cryptographic signatures for peer authentication and message integrity.
- Chain Signatures MPC network relies on threshold ECDSA (secp256k1) and threshold EdDSA (Ed25519) for cross-chain signing across 35+ chains. Post-quantum MPC remains in research stage.
- 100% of value-at-risk (~$3.2B market cap, ~$196M DeFi TVL) is protected only by quantum-vulnerable cryptography with no migration path live on mainnet.
Key Risks
- All ~$3.2B market cap (~1.3B NEAR circulating) and ~$196M DeFi TVL are secured exclusively by quantum-vulnerable Ed25519 and ECDSA signatures with no mainnet PQ alternative.
- NEAR accounts that have submitted transactions have exposed Ed25519 public keys on-chain, creating long-exposure at-rest attack surfaces for quantum key-recovery attacks.
- Validator consensus could be disrupted by a quantum adversary capable of forging Ed25519 approval signatures, potentially enabling double-signing, finality reversal, or chain halt.
- The Chain Signatures MPC network's threshold ECDSA/EdDSA keys control cross-chain asset flows to 35+ external blockchains. Compromise of the 5-of-8 threshold could drain bridge assets.
- No mainnet PQ migration date has been set. The timeline from testnet to audited mainnet deployment is uncertain and depends on audit outcomes, wallet ecosystem readiness, and governance approval.
- Hardware wallets — critical for large holders and institutions — do not currently support ML-DSA and may require hardware replacement, creating a multi-year downstream dependency.
- Post-quantum MPC for Chain Signatures remains in research stage with no announced timeline, leaving the cross-chain bridge infrastructure quantum-vulnerable indefinitely.
Assurance Notes
- Hacken audit of nearcore (October 2023) is stale but relevant for classical protocol security; does not assess quantum readiness.
- Trail of Bits audits of NEAR MPC components (PedPop+, Chain Signatures, Robust ECDSA, Confidential Key Derivation) in 2025-2026 are current for MPC scope but do not cover PQ signature integration.
- No independent audit exists for the planned FIPS-204 (ML-DSA) implementation.
- NEAR's MPC Chain Signatures network operates with a 5-of-8 threshold and no proactive key refresh per independent analysis (Alin Tomescu, May 2026).
- No formal quantum-specific incident-response playbook or emergency governance process has been published.
- Hardware wallet support for ML-DSA/FIPS-204 does not exist; Near One is collaborating with Ledger and other manufacturers but no PQ hardware wallet is available.
- The nearcore v2.12.0-rc.1 release (May 25, 2026) does not include FIPS-204; PQ signing is expected in upgrade 2.13 targeted for June 2026.
- Zero-knowledge proof fallback for seed-phrase ownership verification is in early research and not a production mitigation.
Non-Scoring Caveats
- NEAR's decoupled account model with rotatable access keys is a significant structural advantage for future PQ migration, allowing single-transaction key rotation without address changes.
- NEAR has selected NIST-standardized FIPS-204 (ML-DSA) for post-quantum signatures, a strong algorithm choice. Network upgrade 2.13 is targeted for June 2026 and is expected to include the FIPS-204 testnet.
- The open-source protocol (nearcore, MPC repos) enables verification of cryptographic primitives.
- ML-DSA signatures (~2400 bytes) and public keys (~1300 bytes) are significantly larger than Ed25519 (~64 bytes), requiring substantial downstream ecosystem coordination.
- Chain Signatures MPC currently uses classical threshold cryptography (secp256k1/Ed25519), exposing cross-chain intents and bridged assets to quantum compromise until PQ-MPC is deployed.
- No mainnet PQ deployment date has been set; timeline from testnet to audited mainnet is uncertain and depends on audit outcomes, wallet ecosystem readiness, and governance approval.
- Hardware wallets critical for institutional and cold-storage holders do not support ML-DSA and may require hardware replacement.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: NEAR One CTO Anton Astafiev published a blog post identifying Ed25519 and ECDSA as quantum-vulnerable, describing the quantum threat to blockchain signatures, and outlining the migration strategy.
Coverage basis: Public blog post by Anton Astafiev, CTO at Near One, published May 2026 on near.org, cross-posted to multiple outlets.
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: The assessment is in blog-post form rather than a formal cryptographic inventory document. It covers user-facing signatures but does not comprehensively inventory all quantum-vulnerable layers in detail.
Score of 0.50 reflects a substantive CTO-authored threat assessment but not a formal, independently reviewed cryptographic inventory.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: NEAR's source code (nearcore, MPC repositories), protocol specification (Nomicon), and official documentation provide verifiable evidence of cryptographic primitives in use.
Coverage basis: Open-source repositories on GitHub, Nomicon protocol specification, official docs at docs.near.org.
Implementation score: 0.75 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Code and specs are publicly available and verifiable. The Hacken audit (Oct 2023) and Trail of Bits audits (2025-2026) provide third-party review of components.
Score of 0.75 reflects strong evidence for current classical implementation.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: NEAR mainnet currently supports EdDSA (Ed25519) as default and ECDSA (secp256k1) as an alternative. Neither is quantum-safe. FIPS-204 (ML-DSA) is planned for testnet in June 2026 but is not on mainnet.
Coverage basis: Official docs, nearcore source code, CTO blog post (May 2026).
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECC/EdDSA-only. Caps score at 40.
Assurance: Current state is confirmed by multiple primary sources. No ambiguity.
NEAR's multi-scheme architecture can accommodate new signature schemes, but this does not protect current users.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: NEAR uses human-readable account IDs decoupled from cryptographic keypairs. Accounts are controlled through rotatable access keys. Public keys are exposed when accounts transact, but the rotatable design allows key migration without address change.
Coverage basis: Official docs and CTO blog post describing the account model.
Implementation score: 0.25 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The rotatable access key design is verified in official documentation and is a genuine architectural advantage. However, current exposed public keys remain quantum-vulnerable.
Implementation score of 0.25 reflects the structural design advantage but not current protection, since all active keys are ECC-based and exposed.
Production Cryptographic Protection
Consensus-critical authentication (validator signatures, block certificates)
Claim: NEAR's Doomslug consensus requires validators to sign approvals (Endorsement/Skip messages) using Ed25519 signatures. Block production and finality depend on these validator signatures.
Coverage basis: Nomicon protocol specification (Consensus section), nearcore source code.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Validator consensus signatures are Ed25519-based and quantum-vulnerable.
Assurance: The Approval struct in the Nomicon includes a Signature field from validators. Ed25519 is confirmed as the signing algorithm.
Quantum-enabled forgery of validator approvals could compromise finality.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: NEAR uses a Merkle Patricia Trie (MPT) for state storage. Hash-based state commitments are quantum-resistant for preimage resistance, but state roots are certified by classical validator signatures.
Coverage basis: Hacken audit report (2023), nearcore source code.
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The MPT-based state model uses hash-based commitments (SHA-256/Keccak-like), which are quantum-resistant for preimage resistance. However, the binding to consensus relies on Ed25519.
Score of 0.50 reflects that hash-based state commitments are inherently more quantum-resistant than pairing-based schemes, but state certification is still classical.
Production Cryptographic Protection
Privacy and proof layers
Claim: NEAR Protocol does not have a native shielded transaction or privacy layer. The protocol is transparent by design.
Coverage basis: Official documentation and protocol architecture.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication
Claim: NEAR's P2P network layer uses classical cryptographic signatures for message signing and peer authentication. Validators sign network messages with Ed25519 keys.
Coverage basis: Nomicon Network specification.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: P2P network layer uses classical signatures, quantum-vulnerable.
Assurance: Confirmed by the Nomicon protocol specification.
Production Cryptographic Protection
Critical wallet, custody, HSM, and hardware-wallet workflows
Claim: Current NEAR wallets (software and hardware) support only Ed25519 and ECDSA signing. Hardware wallets do not support ML-DSA/FIPS-204.
Coverage basis: CTO blog post (May 2026), secondary reporting.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Hardware wallet PQ support is a downstream dependency that will take significant time to resolve.
No PQ wallet or custody workflow exists today.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of NEAR's ~$3.2B market cap and ~$196M DeFi TVL is protected by quantum-resistant cryptography. All value is secured by Ed25519/ECDSA.
Coverage basis: CoinGecko market data, DefiLlama TVL data, confirmed absence of mainnet PQ signatures.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: 100% of value-at-risk is quantum-vulnerable with no mainnet PQ protection.
Assurance: Market data from multiple independent sources. Absence of mainnet PQ signatures confirmed by primary sources.
NEAR accounts that have transacted have exposed Ed25519 public keys, creating a long-exposure at-rest attack surface.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, foundations, major protocols) on NEAR have migrated to PQ protection. No PQ migration path exists on mainnet.
Coverage basis: Confirmed absence of mainnet PQ support.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Negatively confirmed: no mainnet PQ path exists, therefore no critical wallet can be migrated.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts identified and measurable
Claim: NEAR's rotatable access key model means all accounts can theoretically migrate without address changes. However, no legacy pool identification, deprecation, or migration has occurred.
Coverage basis: CTO blog post describing the account model, absence of any on-chain migration activity.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The rotatable account model means address-level identification of vulnerable accounts is less critical than on UTXO chains.
Score of 0.25 reflects the structural design advantage but no implementation.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: NEAR has published a clear roadmap: FIPS-204 (ML-DSA) integration in network upgrade 2.13 (June 2026) with dynamic resharding, testnet first, mainnet after security audits and community coordination.
Coverage basis: CTO blog post (May 2026), NEAR Protocol X/Twitter thread (May 21, 2026), multiple secondary confirmations.
Implementation score: 0.75 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Roadmap is public and specific (FIPS-204, upgrade 2.13, June 2026). However, the mainnet timeline is not specified and depends on audit outcomes and governance.
Score of 0.75 reflects a concrete, versioned roadmap with specific algorithm choice and near-term testnet target, but no mainnet date.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: NEAR's decoupled account model enables single-transaction key rotation to PQ without address change. Multi-scheme architecture supports adding new signature schemes. Wallet tooling, custody paths, and hardware support do not yet exist.
Coverage basis: CTO blog post, official documentation on account model.
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: The rotatable key design is verified in protocol architecture. However, no PQ wallet, custody path, or migration tooling is available today.
Score of 0.50 reflects the strong architectural foundation but complete absence of user-facing tooling.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: Near One is coordinating with wallet providers (including Ledger) and the Defuse team for Chain Signatures PQ migration. No enforcement mechanisms exist on mainnet.
Coverage basis: CTO blog post, secondary reporting.
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: operational/product caveat · Score treatment: note-only
Assurance: Coordination efforts are described in blog posts but not evidenced by public working groups, specifications, or attestations.
Score of 0.25 reflects early-stage coordination discussions without any enforcement or binding commitments.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: NEAR maintains a bug bounty program on HackenProof. No quantum-specific incident-response process has been published.
Coverage basis: Bug bounty program existence, absence of quantum-specific IR documentation.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The bug bounty program has processed critical vulnerabilities (e.g., the November 2024 network shutdown vulnerability). No quantum-specific playbook exists.
Score of 0.25 reflects a functioning bug bounty program with demonstrated ability to ship emergency patches.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC algorithms
Claim: NEAR has selected FIPS-204 (ML-DSA, formerly CRYSTALS-Dilithium), a NIST-standardized lattice-based signature scheme finalized in August 2024, as its first PQ signing scheme.
Coverage basis: CTO blog post, multiple secondary confirmations.
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: FIPS-204 is a well-reviewed NIST standard. The algorithm choice is appropriate. However, the implementation is not yet in production or publicly verifiable on testnet.
Score of 0.50 reflects the selection and public commitment to a NIST-standardized algorithm at testnet/proposal level.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: NEAR's MPC components have been audited by Trail of Bits (2025-2026). Nearcore had a Hacken audit (October 2023). No PQ-specific audit exists.
Coverage basis: Trail of Bits publications page, Hacken audit report.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Existing audits cover classical MPC and protocol components but are scope-mismatched for PQ. The FIPS-204 implementation will require a new, in-scope audit before mainnet deployment.
Score of 0.25 reflects that audits exist for related components but no PQ-specific audit is available.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Nearcore and MPC node implementations are fully open-source (Rust, MIT license) with reproducible build support.
Coverage basis: GitHub repositories, MPC repo documents reproducible Docker builds.
Implementation score: 0.75 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Both repositories are actively maintained and publicly accessible.
Score of 0.75 rather than 1.00 because the PQ implementation (FIPS-204) is not yet in the public codebase.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: NEAR's protocol was designed to support multiple signing schemes from inception. The account model decouples accounts from specific keypairs, enabling algorithm agility.
Coverage basis: CTO blog post, official documentation, protocol architecture.
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Multi-scheme support is designed into the protocol and verified by the existence of both Ed25519 and ECDSA schemes.
Score of 0.50 reflects that the protocol architecture supports agility but no formal PQ-specific agility documentation exists.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, and custody implementation risks
Claim: No published analysis of side-channel, fault-injection, or custody implementation risks for the planned ML-DSA integration. ML-DSA is a stateless scheme so stateful-signature discipline is N/A.
Coverage basis: Absence of published security analysis for PQ implementation.
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: ML-DSA implementations require careful side-channel protection. This will need to be addressed before mainnet deployment.
Score of 0.00 reflects absence of any published analysis.
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: NEAR's CTO blog post acknowledges that ML-DSA signatures (~2,400 bytes) and public keys (~1,300 bytes) are significantly larger than Ed25519 (~64 bytes), requiring downstream stack changes. No formal benchmark has been published.
Coverage basis: CTO blog post.
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Acknowledgment of the performance challenge exists but no formal analysis or benchmark has been published.
Score of 0.25 reflects that the issue is acknowledged in a public proposal but no systematic analysis exists.
Report metadata