--
I shipped post-quantum code to my Layer-1 in 2026, while Bitcoin is still arguing about it
A solo developer’s notes on why I built the migration framework before mandating it.
Last year, around 2 AM, I almost shipped a blockchain with Ed25519 signatures and called it done.
Six months solo, on my own money, no team. The signature module worked, tests passed. I was about to commit and move on. Then I went to bed and couldn’t sleep, because I’d been reading post-quantum papers for two weeks and the same thought kept circling: what if I’m wrong, and the chain I just spent six months on is dead in five years.
At 4 AM I opened the FIPS 203 PDF and started over.
Now, a year later, here’s where things stand in May 2026:
Bitcoin: arguing about BIP-360 and J. Lopp’s migration BIP. No PQ in production.
Ethereum: research papers and roadmap mentions. No PQ in production.
Solana, Cardano, Avalanche, Polkadot: all “thinking about it.” None in production.
My chain — LOGOS LRB — has ML-DSA-65 (FIPS 204) and ML-KEM-768 (FIPS 203) compiled into the production binary. Mainnet live since April 26.
I’m not bragging. I’m saying it because when I tell people this, half of them don’t believe me, and the other half ask what the hell I was thinking.
Here’s what I was thinking.
The post-quantum algorithms are ready. NIST finalized them in August 2024. Solid Rust implementations exist through pqcrypto-mldsa and pqcrypto-mlkem. The cryptographic primitives are not the problem.
The ecosystem is the problem. Wallets, hardware signers, exchanges, SDKs, audit firms — none of it is ready for mandatory PQ. If I had forced every transaction to carry an ML-DSA-65 signature from genesis, I would have shipped a chain that nothing existing could interact with. That’s not “ahead of the industry.” That’s a research project nobody can use.
So I shipped the code, but not the mandate.
The validator nodes can verify Ed25519, ML-DSA-65, or both. There’s a single environment flag — LRB_PQ_REQUIRED — that decides which mode is enforced. Right now it’s false, and standard wallets sending Ed25519 transactions work fine. The moment I flip it to true, the chain starts requiring hybrid signatures on every transaction.
Migration is a config change, not a code change. No fork, no consensus rule rewrite, no coordination nightmare with hard deadlines. Just systemctl restart with a different env var.
The same goes for ML-KEM-768 — the key encapsulation mechanism that handles stealth addresses. Endpoints are live, code is running, opt-in for users who want it.
This is what “ahead of the industry” actually looks like in 2026: not “every transaction is quantum-safe,” but “the infrastructure to make every transaction quantum-safe exists, on a live chain, end-to-end verifiable, ready to activate.”
Bitcoin can’t do this. Their problem isn’t the algorithms — it’s that they have sixteen years of legacy address types and trillions of dollars sitting in P2PK and P2PKH outputs. The migration coordination problem alone is brutal. I read the J. Lopp BIP last week and the proposed timeline is five years for Phase B activation. Five years to coordinate a single ecosystem-wide signature switch.
I had none of those constraints. No users, no exchanges, no legacy. Just three nodes and a wallet I wrote myself. The migration problem that paralyzes Bitcoin discussions was, for me, a Tuesday afternoon decision.
A few things I learned the hard way:
Mixing Kyber library versions across nodes will silently break key encapsulation in ways that look like network problems. Lost a Saturday to this.
Every place in the codebase that assumed “a public key is roughly 32 bytes” needs revisiting. ML-DSA-65 keys at 1,952 bytes break implicit assumptions in mempool indexing, address derivation, even API response shapes.
Hardware wallet support is the bottleneck nobody talks about. Until Ledger and Trezor add ML-DSA to their secure elements, every PQ chain is software-wallet-only. That’s a real constraint.
Hybrid signature serialization isn’t standardized. Every chain shipping hybrid is rolling their own format, which means cross-chain wallets are going to hate us collectively in 2027.
Why hybrid and not pure PQ? Because new cryptography breaks. SIKE was a serious NIST candidate, broken classically in one weekend in 2022. ML-DSA might hold for fifty years, or somebody might publish a paper next month that compromises it. Hybrid mode says: even if one scheme falls, the other still protects you. The attacker needs to break elliptic curves and lattices simultaneously.
The bandwidth cost is real — hybrid transactions are about 55x larger than Ed25519-only — but bounded. We designed block sizes around the long-term steady state, not the optimistic short-term.
I posted a longer technical writeup on Bitcointalk last week, looking for feedback from people who actually work with this stuff. If you want to see the discussion or jump in with questions, the thread is here:
https://bitcointalk.org/index.php?topic=5581920
I’m writing this longer piece because almost every blockchain announcement in 2026 says some variant of “expect post-quantum next year.” The number of chains running ML-DSA verification code on production validators today is small. The number doing it solo, on a self-funded Layer-1, is one that I know of.
If you’re building cryptographic infrastructure in 2026 and you’re not thinking about this, you’re going to look like someone in 2009 saying “HTTPS is overhyped.” Maybe the threats won’t materialize as fast as the alarmists predict. But the migration cost goes up every year, and the ecosystem coordination problem gets worse every year.
I’d rather pay it now, while I still can.
LOGOS LRB — independent Layer-1 in Rust, custom BFT consensus, hybrid post-quantum support. Mainnet live since April 26, 2026.
If you want to look under the hood:
Live block explorer — https://logosblockchain.com/explorer/
Public API, no auth needed — https://logosblockchain.com/api/openapi.json
Whitepaper — https://logosblockchain.com/docs/LOGOS_Whitepaper_Public_v1.0.2_EN.pdf
GitHub — https://github.com/LogosLRB
Bitcointalk thread — https://bitcointalk.org/index.php?topic=5581920
Project Telegram — https://t.me/logosblockchain
Project Twitter / X — https://x.com/RspLogos
Email — [email protected]
If you have technical questions or counter-arguments, drop them in the Bitcointalk thread or send me an email. I read everything.
