The Quantum-Resistant Ethereum L2

QShield L2 is the first Ethereum Layer 2 network secured by NIST FIPS 204 post-quantum cryptography. It implements ML-DSA-65 (Security Level 3) and ML-DSA-87 (Security Level 5) as native EVM precompiles, providing quantum-resistant smart accounts through ERC-4337 Account Abstraction. Built on the OP Stack, it maintains full EVM equivalence while protecting user assets against future quantum computer attacks via Shor's algorithm.

Ethereum's current security relies on ECDSA (secp256k1) digital signatures, which are vulnerable to Shor's algorithm on a sufficiently powerful quantum computer. NIST estimates that cryptographically relevant quantum computers could emerge within 10–15 years. A "harvest now, decrypt later" attack means adversaries can already collect signed transactions today and break them once quantum hardware matures. QShield L2 addresses this by adding ML-DSA post-quantum signatures alongside ECDSA in a hybrid scheme, so accounts remain secure even if ECDSA is compromised.

Everyday transactions using Session Keys cost approximately $0.002 per transaction with EIP-4844 blobs, or $0.0003 with Celestia data availability — comparable to standard Layer 2 transaction costs. This is because Session Key transactions use a lightweight 66-byte ECDSA signature instead of the full 3,375-byte hybrid PQC signature, reducing both execution gas (from ~54,000 to ~8,200) and data availability costs by up to 98%. High-security operations like account creation or key rotation use full hybrid signatures at approximately $0.05 per transaction.

ML-DSA-65 (formerly known as CRYSTALS-Dilithium) is a lattice-based digital signature algorithm standardized by NIST as FIPS 204 in August 2024. It provides Security Level 3 (equivalent to AES-192) against both classical and quantum attacks. QShield chose ML-DSA-65 because it offers the best balance of security and performance for blockchain use: the 1,952-byte public key and 3,309-byte signature are large but manageable with SSTORE2 storage patterns and session key optimization. The Go implementation uses Cloudflare's CIRCL library, verified at approximately 45,000 gas per verification as a native EVM precompile.

Session Keys allow users to authorize a temporary ECDSA key for routine transactions (token transfers, swaps, NFT mints) without requiring a full hybrid PQC signature each time. The user signs once with their hybrid key (ECDSA + ML-DSA) to register a Session Key with configurable limits: time expiry (up to 30 days), maximum transaction value, and target address whitelist. Subsequent transactions use only the Session Key's 66-byte ECDSA signature, reducing per-transaction costs from ~$0.05 to ~$0.002 — a 96% reduction. The quantum security is preserved because the Session Key was authorized through a quantum-resistant hybrid signature.

QShield supports 5 signature modes for different security needs: (1) Hybrid 0x01 — ECDSA + ML-DSA-65 dual verification for high-value transactions and key operations; (2) PQC-only 0x02 — ML-DSA-65 only, activated when ECDSA is compromised; (3) Session Key 0x03 — lightweight ECDSA for everyday transactions, authorized by a prior hybrid signature; (4) ML-DSA-87 0x04 — ECDSA + ML-DSA-87 for maximum Level 5 security; (5) ECDSA-only 0xFF — emergency fallback if a PQC vulnerability is discovered. Modes 0x02 and 0xFF require governance gate activation to prevent unauthorized switching.

Add QShield L2 testnet to your wallet with these settings: RPC endpoint https://qshield.xyz/rpc, Chain ID 42069, Currency Symbol ETH. Get testnet tokens from our faucet at https://qshield.xyz/faucet. The Web Wallet at https://qshield.xyz/wallet/ supports PQC key generation via MetaMask Snap. The block explorer at https://scan.qshield.xyz provides full transaction visibility. For developers, the PQC precompiles are available at addresses 0x0101 (ML-DSA-65) and 0x0102 (ML-DSA-87).

Yes. QShield L2 is built on the OP Stack and maintains full EVM equivalence. Standard Ethereum tools like MetaMask, Hardhat, Foundry, ethers.js, and web3.js work without modification. The post-quantum features are additive — they operate through ERC-4337 smart accounts and native precompiles, so existing Solidity contracts deploy and execute identically. The MetaMask Snap extension adds PQC key management without replacing the standard MetaMask workflow.