[Cryptography] Quillon Graph: A private, post-quantum electronic cash system

[Viktor S. Kristensen]

rg, you're correct about traditional blockchains like Bitcoin—they don't encrypt anything. Transaction data (amounts, addresses) is intentionally public, and the only cryptography is hashes and signatures. HNDL doesn't apply to Bitcoin's transaction data because there's nothing to decrypt.

  But you've identified precisely why transparent ledgers are problematic for privacy, and why this system takes a fundamentally different approach.

  Q-NarwhalKnight does encrypt:

  1. Transaction payloads - ZK-STARKs hide transaction details. The on-chain data is a zero-knowledge proof, not plaintext amounts and addresses.
  2. Network layer - All gossip runs over Tor with Dandelion++ mixing. The encrypted traffic is harvested at backbone scale (UPSTREAM/PRISM - Snowden 2013).
  3. Authenticated encryption - AEGIS-QL for data-in-transit.

  For the encrypted portions, HNDL absolutely applies. But here's the defense:

  - Signatures: CRYSTALS-Dilithium5 (NIST PQC standard, lattice-based)
  - Key exchange: Kyber1024 (NIST PQC standard)
  - These are post-quantum from genesis block

  The temporal security paper (link: https://drive.proton.me/urls/7X9Q1X3CRR#Oad9B38YoQpg) formalizes this: Shannon proved only information-theoretic security (OTP) is truly HNDL-immune. Everything else—including lattice crypto—is a "bet against time." But the bet improves dramatically:

  - RSA/ECDSA: Shor's algorithm breaks them in O(n³)
  - Dilithium5/Kyber1024: No known quantum speedup beyond Grover's √N

  You're right that "there's nothing to harvest" on Bitcoin. That's also why Bitcoin offers no meaningful privacy—chain analysis firms read it like a newspaper. This design encrypts first, then uses PQ crypto to extend the temporal security horizon.

  Peter Gutmann's skepticism about QC timelines is addressed in Section 5 of the paper. His engineering objections are valid for short-term horizons. For an immutable ledger where τ_secrecy → ∞, prudent risk management favors preparation.

  -Viktor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - overdrevetfedmetodologi at pm.me - 0x5F4716BA.asc
Type: application/pgp-keys
Size: 1722 bytes
Desc: not available
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251230/b10211e9/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 603 bytes
Desc: OpenPGP digital signature
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20251230/b10211e9/attachment.sig>