What this stuff actually means.
PQ Chain talks about lattices, folds, rings, and UTXOs. Here is what they buy you in plain English.
Why this market
PQ Chain is built for buyers who cannot put their data on a public ledger and cannot wait for someone else's chain to ship post-quantum. That market has two architectural requirements: every cryptographic layer must be post-quantum, with no classical fallback; transfers need confidentiality, with amounts (and, with shielded UTXOs, recipients) hidden from non-participants. The post-quantum layer is integrated today. The privacy primitives are next on the roadmap, on the same Frog ring algebra. Steps 2 and 5 cover the soundness analysis, work we drive ourselves rather than wait on outside proofs.
CBDCs & sovereign reserves
A central bank issuing digital currency cannot put inter-bank transfers on a public ledger, and cannot accept the risk that a quantum machine in 2030 reads its archive of today's transactions. Procurement rules already require post-quantum cryptography. Treasury policy already requires confidentiality. PQ Chain is one of the few credible substrates that meets both on day one.
Defense & supply chain
A defense supplier moving tokenized contracts on-chain does not want competitors reading their payment history with the government. NIST CNSA 2.0 already requires post-quantum signing for federal systems by 2030. Compliance and confidentiality point at the same chain shape: every cryptographic primitive lattice-based, every counterparty visible only to itself.
Long-duration regulated assets
A bond signed today might still need to verify in 2050. An identity attestation issued in 2030 may be relied on for the rest of someone's life. Adversaries are already capturing today's ciphertexts to decrypt after Q-day. Anything held for decades has to be post-quantum from issuance, with confidentiality that holds across the whole span.
Post-quantum (PQ)
Cryptography that survives quantum computers. Today's blockchain signatures (Bitcoin's ECDSA, Ethereum's BLS) do not. PQ schemes are built on math problems that quantum machines do not shortcut.
Lattice
A regular grid extended into hundreds or thousands of dimensions. Lattice problems are the leading family for post-quantum cryptography because no fast quantum algorithm is known for them. Every PQ Chain layer builds on lattice hardness.
Q-day / HNDL
Q-day is the (estimated) day a cryptographically relevant quantum computer exists. HNDL (Harvest Now, Decrypt Later) is the attack pattern: an adversary captures today's ciphertext and decrypts it after Q-day. Long-duration assets are exposed today.
HAWK-512
The digital signature algorithm PQ Chain uses for every transaction. Replaces ECDSA (Bitcoin) and BLS (Ethereum). Currently a Round 2 candidate in NIST's additional-signatures track. The reason we picked HAWK over the already-selected NIST winners is size: HAWK-512 has the smallest signature of any lattice-based PQ signature, which directly cuts on-chain bandwidth and storage costs at scale.
| Scheme | Signature | Public key | NIST status |
|---|---|---|---|
| HAWK-512 | 555 B | 1,024 B | Round 2 candidate |
| Falcon-512 (FN-DSA) | 666 B | 897 B | FIPS 206 (selected, draft) |
| Dilithium-3 (ML-DSA-65) | 3,293 B | 1,952 B | FIPS 204 (selected) |
| SPHINCS+-128f (SLH-DSA) | 17,088 B | 32 B | FIPS 205 (selected) |
Kyber (ML-KEM, FIPS 203) is sometimes mentioned alongside these schemes but it is a key-encapsulation mechanism for key exchange, not a signature, so it is not directly comparable here.
Module-SIS / GapSVP
The hard math problems lattice schemes reduce to. Breaking PQ Chain means solving one of these. Both are believed to be infeasible even for quantum computers; the hardness is provable, given the underlying lattice problem is hard.
Ring-SIS / Frog ring
The specific algebraic structure where PQ Chain's lattices live (Z_q[X] / (X^16+1)). Same structure as the Ethereum Foundation's LatticeFold project, so PQ Chain inherits its proof system without algebraic porting.
Folding (LatticeFold)
A technique that compresses many proofs into one. PQ Chain folds every transaction in a block into a single 2.6 KB attestation, regardless of block size. This is how the chain stays fast at scale.
UTXO
Unspent Transaction Output. The Bitcoin-style ledger model where each transaction consumes some UTXOs and produces new ones. PQ Chain plans to move to UTXOs because they carry per-transfer privacy better than account-based models.
Shielded UTXO
A UTXO whose amount (and optionally recipient) is hidden behind a cryptographic commitment. To spend it you provide a zero-knowledge proof, never the plaintext. The destination of PQ Chain's privacy roadmap.
BFT consensus
Byzantine Fault Tolerant. A way for many validators to agree on the next block even if some are adversarial. PQ Chain's alpha runs single-validator (no BFT yet); BFT is Step 4 on the roadmap.