Why "Post-Quantum" Is Not a Binary Label
Every major blockchain project is aware of the quantum threat. A growing number have added something to their documentation in response: a NIST-approved algorithm here, a roadmap entry there, a partnership announcement with a post-quantum hardware vendor. The result is a market where "quantum resistant" is used to describe projects that range from genuinely comprehensive to superficially dressed up.
The difference matters enormously. A blockchain that protects its transaction signatures with a NIST-standardized algorithm but still exposes public keys on-chain, still uses classical validator signing, and has no mechanism to escalate its defences as hardware advances is not quantum resistant in any complete sense. Genuine quantum resistance requires coverage across every surface a quantum adversary can target.
This comparison uses five architectural properties drawn from the technical literature to score six leading post-quantum blockchain projects. The five properties are: zero public key exposure on-chain, NIST-standardized PQC signatures for all authorization layers, quantum-resistant consensus signing, adaptive cryptographic parameters, and quantum-hardened state integrity. Each property is either fully satisfied, partially satisfied, or absent. Partial credit is noted but not inflated.
The Five Properties of Genuine Quantum Resistance
Before scoring individual projects, the five properties warrant brief definition. The full technical breakdown of each property is covered separately, but a working definition is necessary for the comparison to be interpretable.
Property 1: Zero public key exposure. Shor's algorithm requires the public key as input. A blockchain that publishes public keys on-chain when accounts are created or when transactions are signed gives a quantum adversary exactly what it needs. Harvest-now-decrypt-later attacks collect this data today for decryption once capable hardware exists. True satisfaction of this property requires that no public key ever appears on-chain at any point in an address's lifecycle.
Property 2: NIST-standardized PQC for all signatures. The NIST post-quantum standardization process concluded in 2024 after eight years of public cryptanalysis. It selected three signature standards: CRYSTALS-Dilithium (ML-DSA), FALCON (FN-DSA), and SPHINCS+ (SLH-DSA). Using a homegrown or non-standardized scheme is not equivalent. The "all" qualifier is important: a chain that uses a NIST standard for user transactions but classical ECDSA for validator attestations has left its consensus layer classically vulnerable.
Property 3: Quantum-resistant consensus signing. Most proof-of-stake networks use ECDSA or BLS signatures for validator operations, block proposals, and attestations. These are precisely the signatures Shor's algorithm breaks. A network where validators sign with classical keys can be attacked at the consensus layer even if its user-facing transaction layer is PQC-protected.
Property 4: Adaptive parameters. Quantum hardware capability is not static. A blockchain whose cryptographic parameters are fixed at genesis will eventually be outpaced by hardware advances. Adaptive resistance means the network can escalate its cryptographic parameters in response to real-world threat signals, without user action or governance votes requiring months of coordination.
Property 5: Quantum-hardened state integrity. Long-range reorg attacks become easier as the cost of computing classical proof-of-work or proof-of-stake falls. A blockchain whose historical state can be rewritten if an adversary accumulates sufficient computing power has a state integrity problem. Quantum-hardened state integrity typically means external anchoring to independent networks or use of hash-based accumulators that resist both classical and quantum forgery.
QRL: The Pioneer With Seven Years of Mainnet History
The Quantum Resistant Ledger has operated on mainnet since June 2018, making it the longest-running production post-quantum blockchain by a significant margin. It uses XMSS (eXtended Merkle Signature Scheme), a hash-based signature algorithm that NIST has standardized as XMSS and LMS. Hash-based signatures derive their security from the one-wayness of hash functions rather than from algebraic hardness assumptions. Grover's algorithm weakens hash functions by reducing effective security to the square root of key size, but doubling parameters restores security margins at modest computational cost.
Property 1 is partially satisfied. QRL exposes the public key in XMSS signatures, which is standard for most hash-based schemes. This is less damaging than permanent on-chain key storage because XMSS keys are one-time-use by design, but it is not zero-exposure in the strictest sense. Property 2 is fully satisfied for user transactions. Property 3 is fully satisfied: validator operations use XMSS throughout. Property 4 is absent: QRL's cryptographic parameters are fixed, with no automated escalation mechanism. Property 5 is partially satisfied through hash-based state accumulators, but without external cross-chain anchoring.
Project Zond is adding EVM-compatible smart contract capability with SPHINCS+ signatures. This extends QRL's PQC coverage to the smart contract layer without requiring a complete rebuild. The throughput constraint remains: XMSS was designed for security, not speed, and QRL's transaction capacity reflects that.
Score: 3.5 out of 5 properties.
Algorand: The First Mainnet Falcon Transaction
On November 3, 2025, Algorand executed the first Falcon-1024 transaction on a major public blockchain's mainnet, an industry milestone for the post-quantum field. Falcon-1024 is compact and fast relative to other PQC options, making it better suited to a high-throughput network than hash-based alternatives. Algorand's state proofs are already Falcon-secured, and the project is actively migrating core accounts to the new scheme. The network runs at approximately 10,000 transactions per second with 2.8-second block times.
Property 1 is not satisfied. Algorand accounts expose public keys on-chain, and historical key exposure on accounts that have already transacted cannot be retroactively resolved. The implications of this for legacy account holders are significant: any address that has ever sent a transaction has a permanently archived public key available for future quantum attack. Property 2 is partially satisfied: Falcon is in use for new transactions and state proofs, but legacy accounts using the old scheme remain classically vulnerable until users actively migrate. There is no mechanism to force or automate that transition. Property 3 is not yet fully satisfied: not all validator-layer operations have migrated to Falcon. Property 4 is absent. Property 5 is partially satisfied through Algorand's own state proof mechanism, which creates cryptographically compact proofs of historical state, though without external anchoring.
Algorand's migration path runs through user participation and governance coordination. Both introduce uncertainty that quantum-native chains avoid entirely.
Score: 2 out of 5 properties.
IOTA: DAG Architecture and PQC Ambitions
IOTA uses a directed acyclic graph (Tangle) rather than a linear blockchain, which changes how consensus works and eliminates the traditional miner or validator set. The project has been working on post-quantum cryptography since the IOTA 2.0 rebrand and has incorporated hash-based address schemes that avoid reuse. IOTA's address model is designed so that each address is intended for single use, which reduces (but does not eliminate) public key exposure relative to reusable classical addresses.
Property 1 is partially satisfied. Single-use addresses reduce exposure, but the public key is still revealed when spending, meaning any spent address has a permanently archived key. Property 2 is partially satisfied: IOTA has incorporated post-quantum considerations into its address design, but a complete NIST-standardized PQC signature scheme across all authorization layers has not been fully deployed as of mid-2026. Property 3 is not satisfied in the classical sense because the Tangle's consensus model differs from proof-of-stake, but coordinator and validation nodes have not fully transitioned to PQC signing. Property 4 is absent. Property 5 is partially satisfied through the DAG structure itself, which makes certain reorg attacks structurally harder than on a linear chain, but does not provide quantum-hardened state anchoring.
IOTA's DAG architecture is genuinely innovative and its single-use address model reflects quantum-aware design thinking, but the current implementation does not satisfy the majority of the five properties in their strict forms.
Score: 1.5 out of 5 properties.
QANplatform: EVM-Compatible Dilithium
QANplatform is a hybrid proof-of-stake Layer 1 using CRYSTALS-Dilithium for transaction signing, with EVM compatibility for Solidity smart contract deployment and support for multiple programming languages. The combination of a NIST-approved signature algorithm and familiar developer tooling makes it one of the more accessible entry points for teams building quantum-resistant applications. The hybrid public and private chain design targets enterprise use cases where regulatory compliance requires data separation.
Property 1 is not satisfied. QANplatform uses a classical account model where public keys are published on-chain when accounts are created. Property 2 is fully satisfied for transaction-layer signing: CRYSTALS-Dilithium is a NIST-standardized ML-DSA algorithm, and QANplatform uses it consistently for user transaction authorization. Whether all consensus-layer validator operations use Dilithium exclusively requires independent verification. Property 3 is partially satisfied: Dilithium is used for signing at the network level, but full confirmation that all validator attestations have migrated away from classical schemes is not available in public documentation. Property 4 is absent: QANplatform's modular architecture is designed to absorb future NIST standard updates without hard forks, which is a meaningful architectural choice, but it is not the same as automated parameter escalation in response to real-time threat signals. Property 5 is not satisfied through external anchoring.
QANplatform sits in the "PQC signatures on a classical architecture" category. It is meaningfully more quantum resistant than networks still using ECDSA, but it has not redesigned the key management or state integrity layers that full quantum resistance requires.
Score: 2 out of 5 properties.
Hedera: Enterprise Governance and Hardware PQC
Hedera is the largest enterprise-grade distributed ledger by governance structure, with a council including Google, IBM, Boeing, and Deutsche Telekom. It uses SHA-384 hashing throughout its core protocol, which meets NSA CNSA Suite 2.0 hash standards. SHA-384 is not broken by Shor's algorithm, and Grover's algorithm reduces effective security from 384 bits to 192 bits, well above the threshold for classical or near-term quantum attack.
Property 1 is not satisfied: Hedera accounts expose public keys on-chain. Property 2 is in progress: Hedera is deploying CRYSTALS-Dilithium keys via a partnership with SEALSQ's QS7001 hardware chip, which embeds PQC keys at the device level. This hardware-embedded approach is compelling for enterprise deployments but has not reached full network coverage. Property 3 is not yet fully satisfied: the validator layer transition to hardware-embedded PQC signing is ongoing. Property 4 is absent. Property 5 is partially satisfied through SHA-384 state hashing, which provides strong hash-layer resistance.
Hedera's governance composition creates a direct institutional incentive to stay ahead of the quantum threat. The council members have their own post-quantum migration timelines and access to quantum hardware programs. For enterprise deployments where governance credibility and regulatory positioning matter alongside cryptographic completeness, Hedera's combination of council structure and active PQC roadmap is credible. As a fully deployed quantum-resistant blockchain, it is not yet complete.
Score: 2 out of 5 properties.
QuanChain: The Full Five-Property Architecture
QuanChain was designed from genesis with quantum resistance as a first-class architectural constraint. It is the only project in this comparison that addresses all five properties.
Property 1 is fully satisfied. TADEQS (Threat-Adaptive Dynamic Encryption and Quantum Security) uses a parent/child key structure where spending is authorized through a commitment scheme that never publishes the underlying public key to the ledger. The SpendAndRotate mechanism atomically rotates the key commitment with every spend, leaving no static target at any point in an address's history. No QuanChain address has ever exposed a public key. That is a structural property, not a configuration option. Retrofitting this onto an existing blockchain is not technically feasible, which is why it required building a new layer-1.
Property 2 is fully satisfied. CRYSTALS-Dilithium and FALCON are applied across 20 security tiers that scale signature parameters to the value at risk in each transaction. A routine payment uses efficient lower-tier parameters; a high-value institutional transfer uses the highest available security configuration. All 20 tiers use NIST-standardized algorithms. The transaction layer, smart contract layer, and data anchoring channel all operate under this scheme.
Property 3 is fully satisfied. Proof of Coherence uses quantum-resistant signing for all validator attestations and block production. Validators operating certified quantum-hardened infrastructure receive additional rewards, creating a financial incentive for the network to maintain its security posture at the consensus layer as well as the user-facing layer. This closes the attack surface that proof-of-stake chains with classical validator keys leave permanently open.
Property 4 is fully satisfied. The Quantum Oracle continuously monitors LQCp/h (Logical Qubit Cost per Hour) and feeds real-time threat data into a dual-path cost model evaluating both Grover-class and Shor-class attack economics simultaneously. When attack costs cross predefined thresholds, the network automatically escalates cryptographic parameters through a three-tier migration system, with no hard fork required and no user action required. Every other project in this comparison requires governance coordination or user participation to respond to hardware advances. QuanChain responds at the protocol level. Use the quantum threat calculator to model how that escalation window maps to different hardware advancement scenarios.
Property 5 is fully satisfied. CCRP (Cross-Chain Referential Points) writes cryptographic state commitments to Bitcoin, Ethereum, and Solana at regular intervals. A successful long-range reorg attack against QuanChain's history would require simultaneously compromising four independent networks with four independent security models and four independent validator sets. This is not a practical attack surface.
On throughput: the Three-Channel Architecture delivers 200,000 or more transactions per second on the payment channel, 15,000 or more TPS on the smart contract channel, and 2,000 or more TPS on the data anchoring channel. The PQC signature size overhead, a real performance cost that QRL and Algorand both absorb, is addressed through channel-specific compression rather than accepted as a fixed throughput penalty.
The caveat is honest: QuanChain is on testnet. QRL has seven years of mainnet history. Algorand executed its first mainnet Falcon transaction in November 2025. Architectural completeness and production track record are different forms of credibility, and the latter takes time to establish. The question is whether the track record of classical-architecture chains will matter when capable quantum hardware arrives.
Score: 5 out of 5 properties.
The Summary Table
Across the five properties, the scores break down as follows. QRL: 3.5 out of 5, strongest in terms of proven production security through XMSS, weakest on adaptivity and partial key exposure. Algorand: 2 out of 5, notable for executing the first mainnet Falcon transaction, constrained by legacy account exposure and incomplete migration. IOTA: 1.5 out of 5, innovative DAG architecture but incomplete PQC implementation across authorization layers. QANplatform: 2 out of 5, NIST-standardized Dilithium for transactions and EVM compatibility, but classical key management and no adaptive layer. Hedera: 2 out of 5, strong institutional governance and SHA-384 hash security, PQC account signing in progress through hardware partnership. QuanChain: 5 out of 5, the only project satisfying all five properties in architecture, currently on testnet.
The gap between the field and a fully realized post-quantum architecture is not small. Most projects satisfy one or two properties and use that partial coverage to claim the "quantum resistant" label. Understanding which properties each project actually satisfies is the only way to evaluate those claims accurately. The structural differences between quantum-native and classically-retrofitted chains do not narrow over time. They widen as quantum hardware advances and as the implications of historical public key exposure become increasingly concrete.
The question for anyone building or holding on a blockchain is not whether post-quantum cryptography is available somewhere in the market. It is whether the specific chain they are using will still be secure when fault-tolerant quantum hardware arrives, and whether they have waited long enough that the answer to that question no longer has practical significance.
