LPsLux Proposals
Post-Quantum Cryptography
All Proposals
LP-4000

Q-Chain - Core Quantum-Resistant Specification

Review

Core specification for the Q-Chain (Quantum Chain), Lux Network's post-quantum cryptographic chain

Category
Core
Created
2025-12-11
corequantumcryptographyq-chain
DiscussionsEdit on GitHub

Abstract

LP-4000 specifies the Q-Chain (Quantum-Resistant Chain), Lux Network's specialized blockchain providing post-quantum cryptographic security. The Q-Chain implements NIST-approved post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) and provides quantum timestamping services for cross-chain operations.

Motivation

With quantum computing advancement, traditional cryptographic algorithms face threats:

  1. Quantum-Safe Transactions: All Q-Chain transactions use post-quantum signatures
  2. Quantum Stamping: Provides quantum-safe timestamps for cross-chain
  3. Key Management: Secure key generation using lattice-based cryptography
  4. Migration Path: Enables gradual migration to quantum-safe algorithms

Specification

Chain Parameters

ParameterValue
Chain IDQ
VM IDqvm
VM Namequantumvm
Network ID (Mainnet)36963
Network ID (Testnet)36962
Block Time2 seconds
ConsensusQuasar (quantum-aware)

Implementation

Go Package: github.com/luxfi/node/vms/quantumvm

import (
    qvm "github.com/luxfi/node/vms/quantumvm"
    "github.com/luxfi/node/utils/constants"
)

// VM ID constant
var QVMID = constants.QVMID // ids.ID{'q', 'v', 'm'}

// Create Q-Chain VM
factory := &qvm.Factory{}
vm, err := factory.New(logger)

Directory Structure

node/vms/quantumvm/
├── config/           # Chain configuration
├── quantum/          # Post-quantum primitives
├── stamper/          # Quantum timestamp service
├── factory.go        # VM factory
├── vm.go             # Main VM implementation
└── *_test.go         # Tests

node/crypto/
├── mlkem/            # ML-KEM (FIPS 203)
├── mldsa/            # ML-DSA (FIPS 204)
└── slhdsa/           # SLH-DSA (FIPS 205)

Cryptographic Algorithms

ML-KEM (FIPS 203) - Key Encapsulation

import "github.com/luxfi/node/crypto/mlkem"

// Generate key pair
pk, sk, err := mlkem.GenerateKey768()

// Encapsulate
ciphertext, sharedSecret, err := mlkem.Encapsulate768(pk)

// Decapsulate
sharedSecret, err := mlkem.Decapsulate768(ciphertext, sk)
VariantSecurity LevelPublic KeyCiphertext
ML-KEM-768128-bit1,184 bytes1,088 bytes
ML-KEM-1024192-bit1,568 bytes1,568 bytes

ML-DSA (FIPS 204) - Digital Signatures

import "github.com/luxfi/node/crypto/mldsa"

// Generate key pair
pk, sk, err := mldsa.GenerateKey65()

// Sign message
signature, err := mldsa.Sign65(sk, message)

// Verify signature
valid, err := mldsa.Verify65(pk, message, signature)
VariantSecurity LevelPublic KeySignature
ML-DSA-44128-bit1,312 bytes2,420 bytes
ML-DSA-65192-bit1,952 bytes3,309 bytes
ML-DSA-87256-bit2,592 bytes4,627 bytes

SLH-DSA (FIPS 205) - Hash-Based Signatures

import "github.com/luxfi/node/crypto/slhdsa"

// Generate key pair (stateless)
pk, sk, err := slhdsa.GenerateKey()

// Sign message
signature, err := slhdsa.Sign(sk, message)

// Verify signature
valid, err := slhdsa.Verify(pk, message, signature)

Quantum Stamping Service

type QuantumStamp struct {
    ChainID     ids.ID    `json:"chainId"`
    BlockHash   [32]byte  `json:"blockHash"`
    BlockHeight uint64    `json:"blockHeight"`
    Timestamp   time.Time `json:"timestamp"`
    Signature   []byte    `json:"signature"`    // ML-DSA signature
    PublicKey   []byte    `json:"publicKey"`
}

// Stamp a block from another chain
stamp, err := qvm.CreateQuantumStamp(chainID, blockHash, blockHeight)

// Verify a quantum stamp
valid, err := qvm.VerifyQuantumStamp(stamp)

Transaction Types

TypeDescription
QuantumTransferTransfer assets with PQ signatures
KeyRotationRotate quantum keys
StampRequestRequest quantum timestamp
StampVerifyVerify quantum timestamp
HybridSignClassical + PQ signature

Cross-Chain Integration

┌─────────────┐     ┌─────────────┐     ┌─────────────┐
│   C-Chain   │────▶│   Q-Chain   │────▶│   B-Chain   │
│  (Source)   │     │  (Stamp)    │     │  (Bridge)   │
└─────────────┘     └─────────────┘     └─────────────┘
       │                   │                   │
       │    Request Stamp  │                   │
       │──────────────────▶│                   │
       │                   │                   │
       │    Return Stamp   │                   │
       │◀──────────────────│                   │
       │                   │                   │
       │         Cross-chain with PQ stamp     │
       │──────────────────────────────────────▶│

API Endpoints

RPC Methods

MethodDescription
quantum.getStampGet quantum stamp for block
quantum.verifyStampVerify quantum stamp
quantum.getPublicKeyGet node's quantum public key
quantum.signMessageSign message with quantum key
quantum.verifySignatureVerify quantum signature

REST Endpoints

GET  /ext/bc/Q/quantum/stamp/{chainId}/{blockHeight}
POST /ext/bc/Q/quantum/verify
GET  /ext/bc/Q/quantum/keys
POST /ext/bc/Q/quantum/rotate

Configuration

{
  "quantumvm": {
    "signatureScheme": "ML-DSA-65",
    "keyEncapsulation": "ML-KEM-768",
    "stampingEnabled": true,
    "stampExpirySeconds": 3600,
    "parallelVerification": true,
    "maxVerifyWorkers": 8,
    "hybridMode": true
  }
}

Performance

OperationTime (ms)Notes
ML-DSA-65 Sign0.5Per signature
ML-DSA-65 Verify0.2Per signature
ML-KEM-768 Encap0.3Per operation
ML-KEM-768 Decap0.2Per operation
Parallel Verify (8)0.03Per signature

Rationale

Design decisions for Q-Chain:

  1. Separate Chain: Isolation allows independent upgrades
  2. NIST Algorithms: Industry standard, extensively analyzed
  3. Stamping Service: Enables quantum security without modifying all chains
  4. Hybrid Mode: Classical + PQ during transition

Backwards Compatibility

LP-4000 supersedes LP-0082. Both old and new numbers resolve to this document.

Test Cases

See github.com/luxfi/node/vms/quantumvm/*_test.go:

func TestQuantumSigner(t *testing.T)
func TestParallelVerification(t *testing.T)
func TestConfigValidation(t *testing.T)
func TestQuantumStampExpiration(t *testing.T)
func TestMLKEMKeyExchange(t *testing.T)
func TestMLDSASignVerify(t *testing.T)

Reference Implementation

Repository: github.com/luxfi/node Packages:

  • vms/quantumvm
  • crypto/mlkem
  • crypto/mldsa
  • crypto/slhdsa

Security Considerations

  1. Quantum Threat Model: Assumes quantum computers capable of breaking classical crypto
  2. Side-Channel Resistance: Implementations must resist timing attacks
  3. Key Management: Quantum keys require larger storage
  4. Migration Security: Hybrid mode prevents "harvest now, decrypt later"
LPTitleRelationship
LP-0082Q-Chain SpecificationSuperseded by this LP
LP-4100ML-KEMSub-specification
LP-4200ML-DSASub-specification
LP-4300SLH-DSASub-specification
LP-4400Quantum StampingSub-specification
LP-4500Key ManagementSub-specification

Copyright and related rights waived via CC0.

LP-3001: Teleport Bridge - MPC Cross-Chain Protoc...

Previous Page

LP-4004: Quantum-Resistant Cryptography Integrati...

Next Page

On this page

AbstractMotivationSpecificationChain ParametersImplementationDirectory StructureCryptographic AlgorithmsML-KEM (FIPS 203) - Key EncapsulationML-DSA (FIPS 204) - Digital SignaturesSLH-DSA (FIPS 205) - Hash-Based SignaturesQuantum Stamping ServiceTransaction TypesCross-Chain IntegrationAPI EndpointsRPC MethodsREST EndpointsConfigurationPerformanceRationaleBackwards CompatibilityTest CasesReference ImplementationSecurity ConsiderationsRelated LPsCopyright