v1.0 · May 2026
Qubit Whitepaper
The post-quantum wallet for Base and Ethereum. CRYSTALS-Dilithium signatures, NIST 2024 standard, survivable after Q-Day.
01 — Executive Summary
The cryptography under every EVM wallet is broken by quantum computing. Qubit fixes that.
Every Ethereum and Base wallet today signs transactions with ECDSA on secp256k1. The security of that scheme rests on one assumption: a classical computer cannot derive a private key from a public key in practical time. Shor's algorithm breaks that assumption on a sufficiently large quantum computer, in polynomial time. Qubit is a post-quantum wallet built from scratch on NIST's 2024 standardised lattice signature: CRYSTALS-Dilithium (FIPS 204) for the EVM. It signs across Base and every EVM chain. Every signature it produces is verifiable today and survivable tomorrow.
02 — The Problem
Every public key on Ethereum is on chain forever. Q-Day turns each one into a recoverable private key.
A wallet picks a random private key and derives a public key on secp256k1. Every signed transaction reveals that public key, and the ledger is permanent. Shor's algorithm, run on a sufficiently large quantum computer, computes the discrete logarithm in polynomial time meaning the private key can be derived from any exposed public key. Recent estimates place the quantum resource requirement at roughly 2,000 logical qubits, achievable inside the decade on published roadmaps from Google, IBM, and others. Public timelines from NIST place Q-Day between 2029 and 2034. Adversaries are recording chain data today and will run the Shor reduction the day the hardware exists. The cryptography community calls this harvest now, decrypt later. It is already happening.
03 — The Solution
One post-quantum key model. Every signature governed by what NIST standardised.
A Qubit account derives a CRYSTALS-Dilithium keypair. The private key never leaves the device. In v1, Qubit signs with both ECDSA and Dilithium a hybrid envelope so every existing EVM verifier accepts the transaction today. A Qubit-aware verifier requires both to validate. As chains upgrade their verifiers, the ECDSA component becomes optional and lattice-only becomes the default. Qubit is not a new chain, a new layer-2, or a new consensus mechanism. Block structure, fee markets, and contract interfaces stay exactly the same. Qubit is the signer, not the chain.
04 — Cryptographic Stack
Lattice signatures chosen for the EVM, plus the classical curve they replace.
CRYSTALS-Dilithium-3 (FIPS 204) is the primary EVM signer. Its hardness rests on Module Learning With Errors (MLWE) no known quantum shortcut, and decades of cryptanalysis attention from NIST's post-quantum selection process. Dilithium-3 is the NIST-recommended security level (roughly equivalent to AES-192). Public key: 1,952 bytes. Signature: 3,293 bytes. SPHINCS+ 128f (FIPS 205) is available as a long-term fallback a stateless hash-based signature whose security reduces only to hash-function preimage resistance. If cryptanalysis weakens Dilithium over the next decade, SPHINCS+ remains intact. ECDSA secp256k1 rides alongside in hybrid mode v1 only, to satisfy verifiers that still expect it.
05 — Smart Wallet
Deploy a QryptWallet contract on any EVM chain. No ECDSA. Pure post-quantum from day one.
QubitWallet is a minimal EVM smart contract wallet. It holds one Dilithium public key, a nonce, and an execute function. To send a transaction, the user signs a message committing to the destination, value, calldata hash, nonce, chain ID, and contract address. The Dilithium verifier contract checks the signature. If valid, the wallet increments the nonce and executes the call. There is no ECDSA key, no seed phrase tied to a classical curve, and no private key that a quantum computer can derive from on-chain data. The verifier contract is derived from the NIST reference implementation, reviewed for constant-time properties, and published with an external audit before mainnet.
06 — Product
Browser extension first. Mobile and hardware wallet to follow.
The Qubit browser extension works with Chromium, Firefox, and Safari from one codebase. It implements EIP-1193 the same provider surface every EVM dApp already uses. No dApp changes required. The extension signs with a hybrid envelope in v1: ECDSA for compatibility, Dilithium for quantum safety. QR pairing with the mobile app (Q3 2026) allows hardware-backed signing without exposing keys to the browser. A plain-language transaction decoder shows what you're signing before every confirmation.
07 — Roadmap
Shipped, launching, and on the way.
Foundation — Shipped
Core Dilithium signer. Testnet on Base Sepolia. Smart wallet contract deployed. Independent cryptography audit.
Launch — Q2 2026
Browser extension public beta. Base and Ethereum mainnet live. Hybrid signing enabled.
Mobile — Q3 2026
Qubit Mobile on iOS and Android. QR pairing with the extension. Buy and swap surfaces live.
Hardware — Q4 2026
Air-gapped hardware wallet. EAL6+ secure element. QR-only data path. Open reproducible firmware.
08 — Risk and Disclaimer
Post-quantum cryptography is a young field. The schemes Qubit deploys are NIST-standardised in 2024 and considered safe under current cryptanalysis, but no mathematical assumption is risk-free. Qubit mitigates this by maintaining parallel signers (Dilithium and SPHINCS+ alongside ECDSA in hybrid) so that the weakening of any one scheme does not compromise the wallet. This document describes Qubit as of May 2026. Specifications and timelines are subject to change as the protocol moves from testnet to mainnet. Nothing in this document is investment, legal, or tax advice.
