Post-Quantum FAQ

Understanding the QRing protocol, the mathematics securing the network, and the reality of the quantum threat.

1. The Quantum Threat & Urgency

Q: Is "Q-Day" a real, immediate threat, or just FUD? Why switch now if quantum computers are years away?

A: The threat is immediate due to the "Harvest Now, Decrypt Later" (HNDL) strategy. Sophisticated adversaries (nation-states, cybercriminals) are currently intercepting and archiving all encrypted data, including blockchain transaction history, with the explicit intent of decrypting it years from now once a Cryptographically Relevant Quantum Computer (CRQC) is operational. Because blockchains are immutable, the privacy of today's transactions is retroactively compromised if the underlying cryptography (like Monero's Elliptic Curve Cryptography) is broken in the future. The projected arrival of a CRQC has been "severely compressed," now estimated between late 2028 and 2032. Migration is an urgent imperative, not a distant exercise.

Q: Monero's cryptography is already 256-bit secure. Doesn't Grover's algorithm only halve that to 128 bits?

A: You are correct about Grover's algorithm impacting symmetric ciphers/hashes (halving 256-bit security to ~128-bit), but the existential threat to Monero is Shor's algorithm. Shor's algorithm completely breaks the underlying mathematical problem (the Elliptic Curve Discrete Logarithm Problem) in polynomial time. This means a CRQC can trivially derive a private key from its publicly posted counterpart, effectively destroying all sender anonymity and recipient unlinkability in the entire historical ledger.

2. Core Cryptographic Primitives

Q: What specific NIST-standardized algorithms does QRing use to replace Monero's ECC?

A: QRing replaces the elliptic curve stack with a hybrid lattice-based cryptographic suite:
  • Stealth Addresses / Key Exchange: ML-KEM-768 (Module-Lattice-Based Key-Encapsulation Mechanism, derived from Kyber) replaces the Dual-Key Stealth Address Protocol.
  • Transaction Signatures: ML-DSA-65 (Module-Lattice-Based Digital Signature Algorithm, derived from Dilithium3) replaces Ed25519 signatures.
  • Addressing Protocol: The Carrot protocol is used for quantum-resistant addressing and switch commitments during the 12-month migration epoch.

Q: How does QRing avoid the massive blockchain bloat that lattice cryptography is famous for?

A: This is QRing's main architectural innovation, which we refer to as our "technical moat":
  • LACT+ (Lattice-Based Aggregable Confidential Transactions): This protocol compresses confidential monetary value commitments down to an optimized footprint of 3.87 kilobytes. Crucially, it bounds immutability verification to a static, constant-size 49-byte activity proof, regardless of the transaction's complexity or number of inputs/outputs. This is essential for long-term ledger pruning.
  • MatRiCT+ (Logarithmic Scaling): It integrates Full-Chain Membership Proofs (FCMP++) using a zero-knowledge structure that scales logarithmically (O(log N)) with the anonymity set size, rather than linearly. This allows the network to use an unprecedented global decoy set exceeding one hundred million historical outputs without paralyzing the network with gigabytes of proof data.

3. Exchange Mode & Compliance

Q: I heard QRing has an "Exchange Mode" for regulators. Is this a backdoor?

A: No, it is not a backdoor for the decentralized network. "Exchange Mode" is a MiCAR-compliant selective-disclosure mechanism that gives centralized exchanges (CEXs) like Binance or Coinbase perfect visibility into their own custodial wallets only, while leaving every other wallet on the peer-to-peer network completely opaque and unlinkable.

How it works: CEXs are issued dedicated cryptographic View Keys (Kyber-based) tied exclusively to their internal custodial addresses. Private users who never interact with a CEX will have transactions that do not contain any spend-authority proofs and are filtered out by View Tags. Their transactions continue to use full MatRiCT+ ring signatures over the global anonymity set, remaining fully anonymous.

Q: What are the 1-byte View Tags, and what do they do?

A: The View Tag is a 1-byte (8-bit) truncation of the shared secret between sender and receiver. It acts as an extremely efficient filter. It allows a wallet (including an exchange's custodial wallet) to scan the entire blockchain and discard 99.6% of transactions in milliseconds, significantly accelerating synchronization and real-time monitoring with negligible compute cost.

4. Performance & Ecosystem

Q: How can a lattice-based coin be fast enough for a consumer node? Won't my laptop melt?

A: The protocol utilizes specific engineering optimizations to ensure performance on consumer-grade hardware:
  • Hardware Acceleration: The core polynomial mathematics (for Kyber/Dilithium) are optimized using specialized algorithms like Improved Plantard Arithmetic (for low-end 32-bit hardware), Hybrid Barrett Multiplication, and Signed Montgomery Reduction. The protocol is engineered to natively utilize modern vector instructions like x86 AVX-512 and ARMv9-A SME (Scalable Matrix Extensions) for a massive speedup.
  • Lazy Reduction: The use of Improved Plantard Arithmetic allows for "lazy reduction" strategies, intentionally skipping unnecessary modular operations to further reduce computational overhead.

Q: What is the Qubit Protocol and why does QRing need a Layer 2 solution?

A: QRing's Layer 1 (L1) is rigidly optimized for confidential settlement. Attempting to force heavy smart contract execution directly onto the L1 would cause exponential blockchain bloat and destroy the constant-size proof mechanisms.

Qubit is the L2 solution: It is a post-quantum zero-knowledge rollup (zk-Rollup) built directly atop QRing. It moves all programmable execution off-chain and settles state transitions back to QRing in a single, succinct, lattice-based proof. It uses a specialized PQ-WASM execution engine and hosts the RingCollider DEX, which uses native quantum entropy to eliminate MEV-driven manipulation.

Q: What is PeregrineCoin ($PGC)? Is it a competitor?

A: PeregrineCoin ($PGC) is a maximalist Layer-1 transparent blockchain developed by the same team. It is not a direct competitor to QRing, but rather a parallel component of the overall post-quantum ecosystem.

$PGC is unburdened by privacy features and prioritizes absolute transaction throughput and sub-second deterministic finality, aiming to be the "leanest, fastest" post-quantum public ledger. In short: QRing is a privacy-first, confidential settlement layer. $PGC is a transparent, high-velocity settlement layer.