blockchain network
XDC Network XDC
XDC Network has published one of the most comprehensive post-quantum migration roadmaps in the blockchain industry (5 phases, 2026–2035), backed by a working Falcon consensus PoC, NIST FIPS 203/204/205/206 alignment, and the XDSS-PQ open standard co-authored with ITFA/ICC/TradeTrust. The project earns full marks for Security Assessment & Evidence Preparedness (5/5). However, as of June 2026, the network is in Phase 0 (Research/Standards) and every quantum-critical production layer — transaction spend authorization, XDPoS 2.0 consensus block signing and quorum certificates, P2P node identity, wallet/custody paths — remains entirely ECDSA (secp256k1). The recently activated Cancun upgrade (v2.6.8, January 2026) added KZG/blob cryptography, introducing a pairing-based quantum-vulnerable data availability primitive into production. Zero percent of economic value-at-risk is protected by PQ mechanisms. The QRI Score of 19.4 reflects strong risk assessment and mitigation planning that is not yet materially protecting any production users, consistent with Stage 2 (Mitigation / Development). The project is on a credible trajectory toward quantum readiness but has substantial engineering, governance, audit, and deployment work ahead before production protection becomes live.
Roadmap OnlyPartial Protection
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
6.5 / 20
Migration Mechanism, Governance & Ecosystem Coordination
1.5 / 15
Migration Status & Value-at-Risk
1.5 / 25
Production Cryptographic Protection
4.9 / 35
Security Assessment & Evidence Preparedness
5 / 5
Critical Quantum Blockers
- Active production spend authorization remains entirely ECDSA (secp256k1) — all transaction signatures are quantum-vulnerable.
- Active production consensus authentication (XDPoS 2.0 block signing, quorum certificates, validator votes) remains entirely ECDSA (secp256k1) — a quantum-enabled attacker could forge block signatures and compromise finality.
- XDC v2.6.8 introduced production KZG/blob cryptography support (pairing-based, quantum-vulnerable) for data availability — a new quantum-vulnerable protocol surface not covered by the current PQ migration scope until Phase 2+.
Key Risks
- All transaction spend authorization is ECDSA-only. A cryptographically relevant quantum computer could recover private keys from exposed public keys of any account that has ever sent a transaction, enabling theft of all accessible funds.
- All XDPoS 2.0 consensus authentication (block signatures, quorum certificates, validator votes) is ECDSA-only. A quantum attacker could forge validator signatures to compromise finality, rewrite chain history, or execute a hostile takeover below the Byzantine fault tolerance threshold.
- XDC v2.6.8 KZG/blob support introduces a pairing-based quantum-vulnerable primitive into the production protocol. While KZG is used for transient data availability (blobs pruned after ~18 days), any L2 or rollup depending on XDC blob DA could face settlement forgery risk under a quantum adversary.
- P2P node identity and transport encryption (devp2p with ECDSA/ECDH) remain quantum-vulnerable, enabling harvest-now-decrypt-later attacks on masternode communications and potential node impersonation.
- Material long-exposure quantum-vulnerable value exists in all accounts that have ever broadcast a transaction (exposed ECDSA public keys), including treasuries, bridge contracts, exchange wallets, and foundation-controlled assets. No migration, freeze, or deprecation mechanism is active.
- The PQ initiative relies primarily on lattice-based algorithms (ML-DSA, Falcon). While SLH-DSA is identified as a hash-based fallback, a catastrophic lattice break before Phase 3 (2030–2031) would require an emergency hard fork to deploy the fallback — a process that has been documented in planning but never tested.
- Migration timeline extends to 2035 for full PQ-only mode. If cryptographically relevant quantum computers arrive earlier than projected (Google's 2026 estimate reduced the logical qubit requirement from ~4,000 to ~1,200), the network could face a protection gap.
Assurance Notes
- Classical security audit (XDPoSChain Security Audit Report) exists but is undated and scope-limited to classical ECDSA/secp256k1 implementation — no PQ coverage.
- CertiK audit of XDC 2.0 achieved AA rating for classical security posture; does not cover post-quantum cryptography.
- No independent cryptographic audit of the Falcon PoC, the PQ roadmap design, or the planned ML-DSA/SLH-DSA implementations has been published.
- Phase 0 cryptographic surface audit is in progress (Q2–Q3 2026 per roadmap) but not yet published.
- XDC v2.6.8 (Cancun upgrade, activated January 2026) introduced KZG/blob cryptography support — a pairing-based, quantum-vulnerable primitive now in production for data availability.
- The PQ roadmap is one of the most detailed and publicly available in the blockchain industry, with NIST FIPS 203/204/205/206 alignment, hybrid-first design principles, and governance gates. However, it remains in Phase 0 (Research/Standards) and provides zero production protection as of the evaluation date.
- General security incident response processes exist (KYC/KYB incident handled as P0, upstream CVE analysis published) but no quantum-specific incident-response playbook has been formalized.
- No formal quantum-specific performance/resource benchmark for the production path exists; prototype benchmarks are available for Falcon consensus signatures only.
Non-Scoring Caveats
- The classical XDPoSChain security audit is undated (stale but relevant for the ECDSA implementation it covers). This does not affect the QRI Score because the ECDSA-only state is verified from multiple primary sources.
- No formal quantum-specific incident-response playbook exists. Recorded as an assurance note; the general security incident response process provides baseline capability.
- Future PQ-to-PQ upgrade uncertainty (e.g., Falcon-to-next-generation-PQ) is a roadmap concern and does not affect current quantum-attack readiness scoring.
- Missing exchange/custody migration attestations for PQ. Not score-reducing because no PQ custody path exists in production, and the native asset has a classical ownership namespace requiring migration.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: XDC has published a comprehensive cryptographic inventory and quantum threat model covering ECDSA (secp256k1) usage in transactions, consensus, bridges, P2P, and smart contracts, with attack assumptions and affected layers.
Coverage basis: Official documentation and research publications
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Primary sources are official XDC Innovation Labs publications and community research posts. Threat model is detailed and publicly accessible.
The quantum threat research page maps every cryptographic surface to attack type, severity, and time window. The FAQ answers 26 questions covering ECDSA vulnerability, NIST PQC standards, migration strategy, and regulatory compliance.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: Evidence record includes code references (XDPoSChain GitHub), specification documents (whitepaper, block structure docs), audit reports (XDPoSChain security audit, CertiK XDC 2.0 audit), transaction examples (xdcscan.io), and reproducible PoC benchmarks.
Coverage basis: Multiple primary-source artifacts
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: Classical audit is undated/stale; CertiK audit is current (2024) but covers classical security only. Evidence is nevertheless sufficient to verify the classical ECDSA-only production state from primary code and documentation.
The evidence dossier and web search confirm consistent findings across code, specs, audits, and explorer: all production cryptography is classical ECDSA/secp256k1.
Production Cryptographic Protection
Spend authorization / transaction signatures
Claim: All XDC mainnet transactions use ECDSA (secp256k1) signatures. No PQC or hybrid-PQC transaction types exist in production.
Coverage basis: Production mainnet code and transaction format
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production spend authorization remains entirely ECDSA (secp256k1) — all transaction signatures are quantum-vulnerable.
Assurance: Confirmed by GitHub source code (secp256k1 crypto package, keystore), official FAQ acknowledgment, audit report, and mainnet explorer showing standard EVM transaction formats.
The XDC PQ FAQ explicitly states: 'XDC currently uses ECDSA (secp256k1) for transaction signatures.' Hybrid wallets (ECDSA + ML-DSA) are planned for Phase 1 (2027).
Production Cryptographic Protection
Account, address, public-key exposure design
Claim: XDC uses standard EVM-style addresses (Keccak-256 hash of public key). Public keys are exposed on-chain when an account sends a transaction, creating long-exposure quantum-vulnerable surfaces for all transacted accounts.
Coverage basis: EVM-compatible address derivation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Address format and public-key exposure follow standard Ethereum patterns, confirmed by explorer and codebase.
Accounts that have never sent transactions have no exposed public key (only address hash). However, all transacted accounts have long-exposure ECDSA public keys visible on-chain, including treasuries, bridges, exchanges, and foundation wallets. No PQ/hybrid address scheme or key-derivation design exists in production.
Production Cryptographic Protection
Consensus-critical authentication (validator signatures, quorum certificates, block signatures)
Claim: XDPoS 2.0 consensus uses ECDSA (secp256k1) for block proposer signatures, quorum certificate signatures, and validator votes. No PQC or hybrid-PQC consensus authentication exists in production.
Coverage basis: XDPoS 2.0 block structure specification and mainnet code
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Active production consensus authentication (XDPoS 2.0 block signing, quorum certificates, validator votes) remains entirely ECDSA (secp256k1).
Assurance: Block structure documentation explicitly confirms: 'The signature is secp256k1, which is currently used in XDPoS 1.0' and carried forward into XDPoS 2.0. Whitepaper confirms ECDSA for masternode authentication.
Falcon (FIPS 206) validator signing is planned for Phase 3 (Q1 2029 – Q4 2030) with a 12-month dual-signing transition. PoC exists on poc_falcon branch but is not deployed to mainnet or testnet.
Production Cryptographic Protection
State-integrity and data-availability mechanisms
Claim: Core state integrity uses Keccak-256 based Merkle Patricia tries (quantum-safe for collision resistance). XDC v2.6.8 (activated January 2026) introduced KZG/blob cryptography for data availability — a pairing-based, quantum-vulnerable primitive.
Coverage basis: Protocol design analysis and v2.6.8 release notes
Implementation score: 0.75 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: XDC v2.6.8 introduced KZG/blob cryptography (pairing-based, quantum-vulnerable) into production for data availability.
Assurance: v2.6.8 release notes explicitly list 'Blob & KZG cryptography support' and 'Support KZG cryptography and blob handling' as production features. Core block hashing and state roots remain Keccak-based (quantum-safe).
KZG is quantum-vulnerable (pairing-based). Blob data is transient (pruned after ~18 days per Ethereum EIP-4844 equivalent design), so KZG does not secure long-lived consensus state. However, any L2/rollup depending on XDC blob DA would face quantum settlement forgery risk. The PQ roadmap addresses KZG/SNARKs in Phase 2 (STARKs-only policy for new ZK deployments, Q3 2027).
Production Cryptographic Protection
Privacy and proof layers
Claim: XDC Network has no native privacy features (no shielded pools, no confidential transactions, no ZK privacy at protocol level). EVM-compatible smart contracts can deploy privacy solutions, but these are application-layer, not protocol-native.
Coverage basis: Protocol architecture
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Subnets (introduced in XDC 2.0) provide private blockchain instances with separate validator sets, but these are segregated networks, not privacy-preserving cryptography on the public mainnet.
Production Cryptographic Protection
P2P transport and node identity
Claim: XDC uses devp2p (Ethereum-compatible) for P2P networking with ECDSA node keys and ECDH key exchange. No PQ-TLS or hybrid key exchange is deployed on mainnet.
Coverage basis: devp2p protocol and v2.6.8 release notes
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: P2P node identity is not directly consensus-critical (separate from validator keys), but enables harvest-now-decrypt-later on masternode communications and potential node impersonation. PQ-TLS (ML-KEM768 + X25519 hybrid) is planned for Phase 1 (Q4 2026).
While P2P node identity is not spend-authorization-critical, it is applicable per the spec. The quantum roadmap correctly prioritizes PQ-TLS as Phase 1 (addressing the only active-today quantum threat of harvest-now-decrypt-later).
Production Cryptographic Protection
Critical wallet, custody, HSM, and hardware-wallet workflows
Claim: No production wallet, custody, HSM, or hardware-wallet workflow supports PQ or hybrid-PQ signing on XDC mainnet. All wallet tooling uses ECDSA exclusively.
Coverage basis: Production wallet ecosystem
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Evidence is indirect — no explicit audit of wallet/custody PQ support exists because no PQ support exists. The FAQ confirms hybrid wallets are planned for Phase 1 (2027). BitGo custody integration (February 2026) is classical only.
The PQ FAQ states: 'Upgrade your wallet software when Phase 1 releases (2027). The wallet will automatically generate PQ keys and dual-sign.' No PQ wallet, custody, or HSM path is available to production users today.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected
Claim: 0% of XDC value-at-risk is protected by PQ mechanisms in production. All native XDC in all account types (EOAs, contracts, treasuries, bridges, exchanges, staked masternode collateral) remains ECDSA-secured with no hybrid or PQ fallback.
Coverage basis: Production mainnet state as of June 2026
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Coverage is scored at <25% (implementation score 0.05) per QRI coverage thresholds. XDC is not PQ-native; it launched with classical ECDSA ownership and all value remains in ECDSA-secured accounts.
The XDC FAQ claims ~0.1% public-key exposure, suggesting most addresses have never transacted. However, this refers to key exposure, not migration coverage. All value — including value in addresses with unexposed keys — remains secured only by ECDSA and would be vulnerable once quantum attack capability exists.
Migration Status & Value-at-Risk
Critical wallets migrated or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, foundations, masternode collateral) have been migrated to PQ or hybrid-PQ protection. All remain ECDSA-only.
Coverage basis: Production mainnet state
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: No PQ migration attestations from any exchange, custodian, or institutional holder exist because the PQ migration has not begun. BitGo custody integration (Feb 2026) is classical-only.
The roadmap targets bridge admin keys → hybrid ECDSA+ML-DSA in Phase 1 (Q4 2026–Q2 2027) and XDC DAO governance keys → hybrid ECDSA+SLH-DSA in the same phase. No critical wallet migration has occurred yet.
Migration Status & Value-at-Risk
Legacy vulnerable pools identified, measurable, deprecated, or proven not to exist
Claim: XDC's quantum threat research identifies ECDSA-vulnerable surfaces across all layers, but no formal measurement, deprecation, freeze, or burn mechanism for legacy vulnerable accounts exists in production.
Coverage basis: Quantum threat research and roadmap documentation
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Identification exists at the assessment level (all ECDSA surfaces catalogued). No production measurement system, on-chain registry of vulnerable accounts, or deprecation policy is active.
The 5-phase roadmap includes ECDSA deprecation only in Phase 4 (2032–2035), after >95% network upgrade. No freeze/burn/salvage policy for unmigratable dormant or lost accounts has been published.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap
Claim: XDC has published a detailed 5-phase quantum-safe migration roadmap (2026–2035) with specific algorithm choices, activation criteria, governance gates, and dependency mapping.
Coverage basis: Official roadmap publication on xdc.network
Implementation score: 0.25 · Evidence confidence: High
Issue classification: none · Score treatment: confidence-only
Assurance: The roadmap is one of the most detailed publicly available — includes Gantt chart, phase gates, algorithm selection rationale, governance checkpoints, regulatory deadline anchors (CNSA 2.0 2027, EU PQC 2030, NIST IR 8547 2035), and dependency mapping. However, it remains a roadmap (Implementation Score 0.25) with no production deployment.
Phase 0 (active): cryptographic surface audit, risk matrix, security council, community vote. Phase 1 (Q4 2026): PQ-TLS, bridge admin key migration. Phase 2 (Q3 2027): EVM precompiles, account abstraction. Phase 3 (Q1 2029): Falcon validator signing. Phase 4 (2032–2035): ECDSA deprecation.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, or migration prompts exist in production. All user-facing infrastructure remains ECDSA-only.
Coverage basis: Production ecosystem as of June 2026
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Explorer, wallet ecosystem, and documentation all confirm ECDSA-only transaction paths. The FAQ explicitly states wallet upgrades will be available in Phase 1 (2027).
Users can still create new quantum-vulnerable ECDSA accounts by default with no warning. Account abstraction (XIP-AA) is planned for Phase 2 (Q3 2027) to enable in-place wallet upgrades without moving funds.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms (deprecation, freeze, disabled legacy signing, restricted withdrawals, mandatory migration deadlines) are active in production. No exchange, custody, bridge, or wallet coordination for PQ migration has occurred.
Coverage basis: Production protocol rules
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: The roadmap includes governance checkpoints (XIP votes at each phase gate) and an 18-month ECDSA sunset notice period (Phase 4), but none of these mechanisms are active.
The hybrid-first design (classical and PQ signatures coexist) means enforcement can be gradual, but the absence of any active enforcement mechanism means 100% of value remains on quantum-vulnerable paths.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum vulnerabilities
Claim: XDC has general security incident response processes (demonstrated in KYC/KYB incident handling and upstream CVE analysis). The PQ FAQ documents emergency hard fork procedures for PQ algorithm break scenarios. No formal quantum-specific incident-response playbook exists.
Coverage basis: Published incident responses and roadmap documentation
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: General security incident response capability is evidenced. Quantum-specific planning is documented in the FAQ (SLH-DSA fallback activation via emergency hard fork). No formal, tested quantum-specific IR playbook. Not score-reducing per Section 8.2 — recorded as an assurance note.
The FAQ describes: 'If lattice-based crypto gets broken: 1. XDC activates SLH-DSA via emergency hard fork. 2. Validators roll back to ECDSA temporarily while SLH-DSA integrates. 3. Community chooses next-gen PQ algorithm.' This is documented planning but has never been exercised.
Algorithm & Implementation Assurance
Uses NIST-standardized or broadly reviewed PQC/hybrid-PQC algorithms
Claim: XDC's PQ strategy uses NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), and FIPS 206 (Falcon/FN-DSA). Falcon PoC implements FIPS 206 Falcon-512/1024.
Coverage basis: Roadmap specification and PoC implementation
Implementation score: 0.5 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: All four NIST FIPS standards are correctly identified with appropriate use cases. Falcon (FIPS 206) for validator consensus (bandwidth-constrained), ML-DSA (FIPS 204) for user wallets, SLH-DSA (FIPS 205) for governance fallback, ML-KEM (FIPS 203) for TLS.
Implementation Score 0.50 reflects prototype status — algorithms are selected and prototyped but not deployed in production. The roadmap also correctly identifies mathematical diversity (lattice-based + hash-based fallback).
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for quantum-critical scope
Claim: No independent cryptographic audit of any PQ implementation (Falcon PoC, planned ML-DSA, SLH-DSA, hybrid construction) has been published. Existing audits cover classical ECDSA only.
Coverage basis: Audit coverage gap
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: confidence-only
Assurance: No PQ audit exists because no PQ code is in production. The XDPoSChain audit and CertiK audit cover classical crypto only. Phase 0 roadmap includes a full cryptographic surface audit (in progress, not yet published). Phase 3 roadmap includes a final independent security audit of the complete PQ migration.
The PQ roadmap explicitly includes 'Independent security audit — final' in Phase 3 (Q1 2029–Q4 2030) with formal verification using Lean 4 framework.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: Falcon PoC is open-source on the poc_falcon branch of XDPoSChain GitHub repository with reproduction instructions. XDCInnovationLabs GitHub demonstrates Falcon integration with XDPoS consensus.
Coverage basis: Public GitHub repositories
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: PoC code is publicly available with reproduction instructions. However, this is prototype-grade code (not production-hardened, not audited, not on testnet/mainnet).
The community proposal provides step-by-step reproduction instructions and benchmark results. Code compiles and runs but is isolated from the main branch and not integrated into any release.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path
Claim: XDC roadmap documents algorithm selection rationale, hybrid coexistence design, fallback procedures for algorithm breaks, and governance-controlled upgrade paths.
Coverage basis: Roadmap and FAQ documentation
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: Documented planning only (Implementation Score 0.25). The hybrid-first design inherently provides parameter agility since either classical or PQ validation is acceptable during transition.
The FAQ explicitly addresses algorithm break scenarios: activate SLH-DSA via emergency hard fork, roll back validators to ECDSA temporarily, community selects next-gen algorithm.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, and implementation risks
Claim: XDC selected Falcon (stateless) for validator consensus and ML-DSA (stateless) for wallets, avoiding stateful-signature pitfalls of XMSS/LMS.
Coverage basis: FAQ and roadmap algorithm selection documentation
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: All selected PQ algorithms are stateless (Falcon, ML-DSA, SLH-DSA), avoiding the state-management risks of XMSS/LMS. However, no formal side-channel analysis has been published.
No stateful signatures (XMSS/LMS) are planned. The stateless design choice is appropriate for a blockchain with high transaction volume.
Algorithm & Implementation Assurance
Performance and resource-impact analysis
Claim: XDC has published detailed performance benchmarks comparing ECDSA, Falcon-512, ML-DSA-65, and SLH-DSA-128s for signature size, verification speed, and bandwidth impact on XDPoS 2.0's 108-validator gossip network.
Coverage basis: FAQ benchmarks and community PoC results
Implementation score: 0.5 · Evidence confidence: Medium
Issue classification: none · Score treatment: not applicable
Assurance: FAQ includes comparative table, verification speed benchmarks, and bandwidth calculations. PoC benchmarks confirm block verification at 0.138ms for Falcon.
Performance analysis is thorough for the prototype phase. Production-scale benchmarks under realistic mainnet conditions are pending.
Report metadata