Wallets with post-quantum cryptography.

[satscraper]

Feeling like the time is right to open the thread dedicated to wallets supporting post‑quantum cryptography (PQC).

SciChain was probably the first wallet to declare quantum resistance using ML‑DSA‑44 (NIST FIPS 204). Then came Qastle, and now we have BMIC.

In addition, several manufacturers such as SEALSQ, QuantumEmotion, and SatoshiLabs ^{with their newest TROPIC01} have begun producing PQC‑secure chips. So we should expect the appearance of new wallets centered on PQC.

Given this, I took the liberty of compiling a list of post‑quantum wallets currently available to users:

• SciChain
• Qastle
• BMIC
• *Trezor Safe 7
• To be continued

*) After the release of firmware focused on PQC.

Please feel free to add any relevant information that may help expand this list.

[Pmalek]

I think it's premature to be creating wallets and solutions for a post-quantum area when Bitcoin hasn't even started discussing a post-quantum algorithm to migrate to yet. Certain people have made suggestions and released information, but that's about it. Have Bitcoin developers started making any concrete steps? The community needs to reach a new consensus on the future algorithm and signature scheme, and if I remember correctly, those who call themselves or are considered experts on the matter don't think any of those post-quantum algorithms are optimal for Bitcoin. They increase signature sizes by a lot.

Right now we are just guessing what harm quantum computers will make and guessing which implementations will keep Bitcoin safe from them.   

[BlackHatCoiner]

I agree with Pmalek. It's good to be aware, but implementing these algorithms at the firmware level, when there's far from consensus on the mitigations of bitcoin at the main layer, is not sitting well to me. At best, they can make it infeasible for a quantum computer to decrypt sensitive information stored on those devices. However, that requires an enormous leap in assumptions: (1) that a quantum computer capable of factoring a sufficiently large number of bits actually exists, and (2) that such a computer would target the encryption on those devices rather than attacking cryptography that directly secures millions of bitcoin in the first place.

[satscraper]

/|\

I am on the opposite side of this matter. When it comes to any threat it is always better to be prepared before it appears.

To stand against quantum computers wallets will need the large quantum‑resilience stack that includes technologies like QRNG, PQC, PQA, and more. None of this can be created with the wave of magic wand. Therefore, wallet developers must start selecting the top solutions now, and to do that, they must begin developing them immediately.

Regarding the relevant changes at the blockchain level, they are certainly needed. ^{AFAIK, some blockchains are already at the testing stage}.

[ABCbits]

AES-256 is probably common encryption cryptography and deemed as QC resistant[1].

• SciChain
• Qastle
• BMIC

Those 3 wallet appear to be closed source, with some reliance to their server. In addition, the first 2 are subscription based. Personally i would just stay away from all of them.

[1] https://crypto.stackexchange.com/a/7869

[BlackHatCoiner]

I am on the opposite side of this matter. When it comes to any threat it is always better to be prepared before it appears.

Always be prepared, but how prepared are you for one of those quantum algorithms to be broken by a classical computer? It's not clear to me how secure and robust all these mathematical pieces are. They are definitely less than the encryption we already use for decades. In security, when replacing an option with another, you should consider all the implications. A quantum computer breaking old encryption is one. What about finding a vulnerability in one of these encryption schemes, and breaking it with a classical computer, before quantum computers are even a thing?

And I didn't even notice they're closed source. Big red flag.

[satscraper]

AES-256 is probably common encryption cryptography and deemed as QC resistant[1].

• SciChain
• Qastle
• BMIC

Those 3 wallet appear to be closed source, with some reliance to their server. In addition, the first 2 are subscription based. Personally i would just stay away from all of them.

[1] https://crypto.stackexchange.com/a/7869

Sure, you are free to stay away from those wallets.

BTW, QRC is not the only requirement for  wallet to be considered quantum‑resilient. Any seed generated by poor classical RNG can undermine security and make the wallet vulnerable even to attacks from ordinary machines. QRNG protects wallets from this vulnerability.

should consider all the implications.

Definitely, we should. But before making any conclusions, things need to be tested and for testing the working stuff is required.

P.S. When Columbus sail to discover America various people also discourage him from doing so.