PQ-PRIV: Post-Quantum Privacy Layer-1 Whitepaper
Version 0.9 Draft | Date: 2025-10-03 | Authors: Project Team (pseudonymous)
EXECUTIVE SUMMARY
PQ-PRIV is a new layer-1 cryptocurrency designed from day one to deliver three core guarantees simultaneously: (1) post-quantum cryptographic resilience for signatures and verification, (2) strong transaction privacy comparable to best privacy coins (stealth addresses, unlinkability, confidential amounts), and (3) practical throughput and UX for real adoption (compact blocks, light clients, L2 rollups). The design intentionally embeds selective, user-controlled disclosure mechanisms and exchange-friendly deposit workflows so institutions can meet AML obligations without destroying user privacy.
KEY FEATURES
Post-Quantum Security
CRYSTALS-Dilithium signatures and STARK-based proofs ensure resistance to quantum attacks using Shor's algorithm. The system uses lattice-based cryptography as primary signature scheme with SPHINCS+ hash-based signatures as conservative fallback.
Strong Privacy
Stealth addresses, confidential amounts, and one-of-many proofs provide unlinkable transactions by default. All peer-to-peer payments use privacy mode automatically without user configuration.
Regulatory Compliance
Selective disclosure mechanisms and exchange-friendly workflows enable institutional adoption without backdoors. Users maintain control over what information they share and with whom.
1. MOTIVATION AND GOALS
Problem Statement
Public blockchains are powerful but face competing needs: auditability for regulators and institutions; robust privacy for user safety and freedom; and cryptographic resilience as quantum computing advances. Existing systems address at most two of these well. Privacy coins often lack institutional compatibility; mainstream chains lack native privacy; nearly all chains rely on ECC primitives vulnerable to Shor's algorithm in a full-scale universal quantum computer.
Project Goals
- Native post-quantum signature scheme (primary) with conservative fallback(s)
- Native privacy primitives that hide sender/recipient and amounts by default
- Selective disclosure facilities that let a user provide cryptographic proof of provenance
- Operational pragmatism: practical transaction sizes, reasonable verification costs
- Governance and transparency preventing authoritarian locking or secret keys
2. THREAT MODEL
Adversaries Considered
Quantum Adversary: Able to run Shor's and Grover's algorithms in the future. Forensic Analyst: Attempting chain analytics to deanonymize users. Malicious Insiders: Single or small group attempting to misuse privileged keys. Regulatory Coercion: Requests for disclosure, warrants, gag orders.
Note: We explicitly do not design to help evade lawful investigations, but rather reduce attractiveness to criminals through compliant on/off ramps and user-controlled disclosure mechanisms.
3. HIGH-LEVEL ARCHITECTURE
- Layer-1 UTXO model with privacy default (stealth outputs plus confidential amounts)
- Consensus: Configurable PoW for launch or hybrid PoW/PoS
- Crypto stack: Multi-algorithm crypto-agile approach with CRYSTALS-Dilithium primary signature, SPHINCS+ fallback signature, STARK-style zero-knowledge proofs, SHA-2/SHA-3 family and BLAKE3 hash functions
- Privacy primitives: Stealth addresses, confidential commitments, STARK-based one-of-many proofs
- Light clients: Utreexo accumulator commitments and succinct proofs
- Compliance primitives: Deposit-mode subaddresses plus selective disclosure ZK proofs
4. CRYPTOGRAPHIC CHOICES AND RATIONALE
Primary Signature: CRYSTALS-Dilithium
Advantages: NIST acceptance family, reasonable signature sizes (approximately 1 to 3 kB), fast keygen/sign/verify operations. Good tradeoff for Layer-1 blockchain.
Fallback Signature: SPHINCS+
Advantages: Hash-based, conservative approach, large signatures (tens of kB) but resilience to unforeseen quantum advances; used as emergency fallback option.
Zero-knowledge: STARKs
Advantages: Transparent (no trusted setup) and hash-based primitives resilient to quantum attacks. STARKs are used for: (1) Range proofs for confidential amounts, (2) One-of-many proofs proving ownership of one output in a set, (3) Succinct light-client proofs to verify chain predicate without full chain download.
Crypto-agility
The protocol includes a versioning system for signature and proof primitives. Blocks and transaction witnesses include algorithm version tags. New primitives can be introduced as protocol upgrades without invalidating old outputs.
5. TRANSACTION MODEL (UTXO, PRIVACY FEATURES)
Overview
UTXO outputs carry: (1) A one-time stealth destination derivation unlinkable to recipient, (2) A commitment to value that is confidential, (3) A small public tag for optional auditing or exchange deposit association.
Privacy Primitives in a Transaction
Stealth Addresses: Recipient publishes scan/spend keys. Sender derives unique one-time public key for each transaction.
Confidential Amounts: Values hidden in cryptographic commitments with range proofs ensuring non-negative amounts.
One-of-Many Proofs: STARK-based proof of membership in anonymity set with linkability tags to prevent double-spending.
View Keys: Optional tokens for specific parties to scan outputs to subaddresses for compliance purposes.
6. ONE-OF-MANY SPEND FLOW
When a wallet wants to spend a UTXO privately: (1) The wallet selects a decoy set of existing outputs (the anonymity set), (2) The wallet produces a STARK proof that one of those outputs is truly owned, (3) The proof does not reveal which one, but produces a spend tag, (4) If the same UTXO were spent twice, the tags match and double-spend is detectable, (5) Miner/validator verifies the STARK proof and the spend is accepted.
Conceptually: This is like Monero ring signatures but implemented with STARK-based circuits and post-quantum signatures.
10. WALLET UX AND COMPLIANCE MODES
Default UX
All peer-to-peer payments default to private mode (stealth addresses plus confidential amounts). Simple UI: "Send privately".
Exchange Deposit Mode
When sending to an exchange, the wallet offers "Deposit (exchange mode)": (1) Exchange generates a deposit subaddress tied to a KYC account, (2) Wallet sends funds to that subaddress with exchange view token, (3) Public chain shows stealth output, but exchange can reconcile deposits, (4) For suspicious deposits, wallet can generate audit packet per user consent.
One-click Auditor Disclosure
Wallet UX presents plainly what is disclosed when the user creates an audit packet, maintaining transparency about privacy trade-offs.
17. ROADMAP AND MVP
Phase 0 (0-3 months): Foundation, legal, core team; research; primitive choices; skeleton repo.
Phase 1 (3-9 months): Core L1 node: UTXO, Dilithium signatures, basic PoW, stealth outputs; testnet.
Phase 2 (9-18 months): Add STARK privacy; wallet client; exchange SDK; comprehensive audits.
Phase 3 (18-30 months): Utreexo support; light clients; L2 rollup prototype; ecosystem grants.
Post-Launch Goals: Iterative upgrades (crypto-agility), hardware wallet integration, multi-jurisdictional expansion, and continued research partnerships.
21. CONCLUSION
PQ-PRIV aims to prove that privacy and legal compliance are not mutually exclusive and that post-quantum safety can be engineered as a first-class property of a ledger. The design leverages modern STARKs, lattice signatures and prudent governance to deliver a practical, implementable chain that protects user privacy while offering real rails for exchanges and institutions.
The engineering challenge is substantial but the path is clear: layered rollout, heavy auditing, and a disciplined governance model.
Building the future of private, post-quantum secure digital money.
This document is for research and educational purposes. All cryptographic implementations require extensive auditing before production use.