Blog

Developer Guide

Stellar's Quantum Preparedness Plan: How Developers Should Audit Signatures Before Post-Quantum Soroban

The Stellar Development Foundation published its Quantum Preparedness Plan in early 2026, entering stage one of a multi-phase effort to introduce NIST-approved quantum-safe signature algorithms into the Stellar protocol. The initial focus is on the Soroban smart contract layer, where new cryptographic primitives will be available before they reach the classic transaction layer. If you build on Stellar, this is your signal to start auditing how your application handles key management, transaction signing, and signature verification.

Why Quantum Preparedness Matters Now

Quantum computers capable of breaking Ed25519 and ECDSA do not exist today. But the threat model is not about today. It is about two scenarios:

  • Harvest now, decrypt later: Adversaries can record signed transactions today and attempt to forge keys once quantum hardware matures. Any long-lived account with significant assets is a target.
  • Migration lead time: Transitioning millions of accounts and applications to new signature schemes takes years. Starting now means the network is ready before it is urgent.
  • NIST finalized three post-quantum signature standards in 2024:

    AlgorithmTypeSignature SizePublic Key SizeUse Case
    ML-DSA (Dilithium)Lattice-based2,420-4,627 bytes1,312-2,592 bytesGeneral purpose
    SLH-DSA (SPHINCS+)Hash-based7,856-49,856 bytes32-64 bytesConservative fallback
    FN-DSA (Falcon)Lattice-based666-1,280 bytes897-1,793 bytesCompact signatures

    Compare this to Ed25519, which Stellar currently uses:

    PropertyEd25519ML-DSA-65 (Dilithium)
    Signature size64 bytes3,309 bytes
    Public key size32 bytes1,952 bytes
    Verification speed~70,000/sec~30,000/sec
    Quantum safeNoYes

    The size increase is significant. A Stellar transaction envelope that currently fits in a few hundred bytes could grow by an order of magnitude. This has implications for network throughput, storage costs, and state archival.

    What Changes for Stellar Developers

    Stage One: Soroban Cryptographic Primitives

    The first stage introduces post-quantum signature verification as Soroban host functions. This means smart contracts can verify quantum-safe signatures, but the network's consensus layer still uses Ed25519.

    // Future Soroban host function (illustrative)
    // Verify an ML-DSA signature inside a contract
    const result = contract.call('verify_pq_signature', {
      algorithm: 'ML-DSA-65',
      message: messageBytes,
      signature: signatureBytes,
      publicKey: pqPublicKeyBytes,
    });

    This allows developers to build hybrid schemes: the transaction itself is signed with Ed25519 (as required by the network), but the contract payload includes an additional quantum-safe signature for sensitive operations.

    Stage Two: Hybrid Transaction Signatures

    In a later stage, the transaction envelope format will support hybrid signatures, where both a classical and a post-quantum signature are attached to each transaction. Validators verify both during consensus.

    Stage Three: Full Migration

    Eventually, the network may allow pure post-quantum signatures. This is the furthest out and depends on ecosystem readiness.

    How to Monitor Signature Schemes via API

    You can already start monitoring the cryptographic health of accounts and transactions on the Stellar network using the Horizon API through LumenQuery.

    Check Account Signer Types

    const HORIZON = 'https://horizon.stellar.org';
    
    async function getAccountSigners(accountId) {
      const res = await fetch(`${HORIZON}/accounts/${accountId}`);
      const account = await res.json();
    
      return account.signers.map(signer => ({
        key: signer.key,
        type: signer.type,       // 'ed25519_public_key' currently
        weight: signer.weight,
      }));
    }
    
    // Audit: flag accounts that lack multi-sig
    async function auditSignerSecurity(accountId) {
      const signers = await getAccountSigners(accountId);
    
      return {
        accountId,
        signerCount: signers.length,
        totalWeight: signers.reduce((sum, s) => sum + s.weight, 0),
        usesMultiSig: signers.length > 1,
        signerTypes: [...new Set(signers.map(s => s.type))],
        hasQuantumSafeSigner: signers.some(s =>
          s.type === 'ml_dsa_public_key' || s.type === 'slh_dsa_public_key'
        ),
      };
    }

    Monitor Transaction Signature Sizes

    Track signature sizes over time to detect when quantum-safe signatures begin appearing on the network:

    async function analyzeTransactionSignatures(limit = 50) {
      const res = await fetch(
        `${HORIZON}/transactions?limit=${limit}&order=desc`
      );
      const data = await res.json();
    
      return data._embedded.records.map(tx => {
        const envelope = Buffer.from(tx.envelope_xdr, 'base64');
        return {
          hash: tx.hash,
          ledger: tx.ledger,
          signatureCount: tx.signatures?.length || 0,
          envelopeSize: envelope.length,
          possiblePQSignature: envelope.length > 1000,
        };
      });
    }

    Use LumenQuery Analytics to Track Network-Wide Trends

    // Monitor average transaction envelope sizes over time
    const res = await fetch('https://lumenquery.io/api/analytics/network');
    const metrics = await res.json();
    
    console.log('Average tx size:', metrics.avgTransactionSize);
    console.log('Current protocol:', metrics.protocolVersion);

    Practical Audit Checklist

    Use this checklist to assess your application's quantum readiness:

    Key Management

  • Inventory all signing keys: List every Ed25519 key your application uses (hot wallets, cold storage, multi-sig signers)
  • Identify long-lived keys: Keys that have been active for more than 1 year are higher priority for migration
  • Check key derivation: If you derive keys from HD paths (SEP-0005), verify your library supports post-quantum key derivation
  • Assess multi-sig configurations: Multi-sig with 3-of-5 Ed25519 is not quantum-safe, it just requires breaking 3 keys instead of 1
  • Transaction Signing

  • Audit signature verification: If your application verifies signatures client-side, ensure your SDK version supports hybrid verification
  • Check hardcoded assumptions: Search your codebase for hardcoded signature sizes (64 bytes) or key sizes (32 bytes)
  • Review XDR parsing: If you parse transaction envelopes manually, verify your parser handles variable-length signature arrays
  • // Example: find hardcoded Ed25519 assumptions in your code
    const AUDIT_PATTERNS = [
      /signature\.length\s*===?\s*64/,     // Hardcoded sig size
      /publicKey\.length\s*===?\s*32/,      // Hardcoded key size
      /ed25519/i,                           // Direct algorithm references
      /SIGNATURE_LENGTH\s*=\s*64/,         // Constants
    ];

    Smart Contract Design

  • Review on-chain verification: If your Soroban contracts verify signatures, plan to add PQ verification paths
  • Check storage impact: Post-quantum keys and signatures consume more storage; review your TTL extension budget
  • Assess contract upgradeability: Ensure your contracts can be upgraded to support new signature verification logic
  • Cost Impact Estimation

    Post-quantum signatures will affect transaction costs due to larger envelope sizes:

    MetricEd25519 (Current)ML-DSA-65 (Hybrid)Impact
    Signature size64 bytes64 + 3,309 bytes~52x increase per sig
    Typical tx envelope300-500 bytes3,600-4,000 bytes~8-10x increase
    Write bytes (Soroban)Charged per byteCharged per byteHigher resource fees
    State archivalPer-byte TTL costPer-byte TTL costHigher rent
    // Future-proof fee estimation
    async function estimateTransactionFee(tx, usePQSignature = false) {
      const baseFee = 100; // stroops
      const currentEnvelopeSize = tx.toEnvelope().toXDR().length;
    
      if (usePQSignature) {
        const pqOverhead = 3309 * tx.signatures.length;
        const adjustedSize = currentEnvelopeSize + pqOverhead;
        return Math.ceil(baseFee * (adjustedSize / currentEnvelopeSize));
      }
    
      return baseFee;
    }

    Timeline and Recommendations

    PhaseExpected TimelineDeveloper Action
    Stage 1: Soroban primitives2026 H2Audit contracts, test PQ verification
    Stage 2: Hybrid signatures2027Update SDK, test hybrid signing
    Stage 3: Full migration2028+Rotate keys to PQ, deprecate Ed25519-only

    What to Do Today

  • Audit your key inventory using the checklist above
  • Update your Stellar SDK to the latest version
  • Monitor the SDF's quantum-preparedness repository for specification updates
  • Test on testnet once PQ host functions are available
  • Budget for increased transaction costs in your application's fee model
  • How LumenQuery Helps

    LumenQuery provides the infrastructure to monitor the quantum transition:

  • Horizon API: Query account signers, transaction envelopes, and signature metadata through api.lumenquery.io
  • Analytics Dashboard: Track network-wide transaction size trends on /analytics/network
  • Soroban RPC: Test post-quantum host functions via rpc.lumenquery.io as they become available
  • Live Transactions: Monitor signature types in real time on /dashboard/transactions
  • Natural Language Query: Ask questions like "show transactions with envelope size > 1000 bytes" on /query

  • *Prepare your Stellar application for the quantum transition. LumenQuery provides managed Horizon API and Soroban RPC with analytics to track the migration. Start free.*