Bitcoin Cash BCH

Claim: Bitcoin Cash has quantum-vulnerable surfaces identified through community research (Quantumroot documentation, challenge-based transition protocol on Bitcoin Cash Research) but no formal project-published cryptographic inventory.

Coverage basis: Community research and Quantumroot documentation identify P2PK outputs, reused P2PKH addresses, and ECDSA/Schnorr spend authorization as quantum-vulnerable surfaces.

Implementation score: 0.25 · Evidence confidence: Medium

Issue classification: quantum-critical uncertainty · Score treatment: score-reducing

Assurance: No single formal cryptographic inventory document exists from the BCH project. Community research provides partial coverage. The challenge-based protocol identifies P2PK and reused P2PKH as vulnerable but does not constitute a comprehensive inventory.

The evidence dossier confirms: 'No public cryptographic inventory or quantum risk assessment found in official docs or repos.' Quantumroot documentation and community research partially fill this gap but lack the comprehensiveness and formal authority of a project-published inventory.

• https://bitcoincashresearch.org/t/quantum-resistant-bitcoin-cash-a-challenge-based-transition-protocol
• https://bitjson.com/quantumroot

Claim: Quantumroot provides public code (GitHub), Chipnet testnet transactions, CashAssembly templates, and demo transaction generation code. Community research provides analysis of vulnerable surfaces.

Coverage basis: Open-source code, testnet transactions, protocol specifications, and research posts constitute a public evidence record.

Implementation score: 0.5 · Evidence confidence: Medium

Issue classification: none · Score treatment: score-reducing

Assurance: Chipnet transactions and GitHub code are verifiable. Mainnet Quantumroot transactions post-May-2026 are not yet independently indexed or attested. The evidence is at prototype/testnet-plus-early-mainnet level.

Quantumroot code, Chipnet transactions, and CashAssembly templates are publicly available and reproducible. The challenge-based transition protocol provides analytical evidence for vulnerable surface identification.

• https://github.com/bitjson/quantumroot
• https://blog.bitjson.com/quantumroot-on-chipnet/
• https://upgradespecs.bitcoincashnode.org/transaction/
• https://reference.cash/
• https://github.com/bitcoincashorg/bitcoincash.org/blob/master/spec/2019-05-15-schnorr.md

Claim: Default spend authorization uses ECDSA (secp256k1) or optional Schnorr signatures. Quantumroot provides an opt-in LM-OTS (RFC 8554) post-quantum spending path on mainnet since the May 15, 2026 CashVM upgrade activation.

Coverage basis: PQ/hybrid path exists on mainnet but is opt-in, not default, not mandatory, and not enforced. All standard wallets default to ECDSA.

Implementation score: 0.75 · Evidence confidence: High

Issue classification: quantum-critical vulnerability · Score treatment: score-reducing

Quantum blocker: Default spend authorization remains ECDSA/Schnorr. Quantumroot LM-OTS path is opt-in only. Active production transactions remain ECC-vulnerable by default.

Assurance: ECDSA usage is confirmed by primary protocol specifications. Quantumroot mainnet availability is confirmed by the May 2026 upgrade activation spec, BCHN v29.0.0 release notes, and third-party reporting. No independent audit of Quantumroot exists.

Implementation Score 0.75 reflects optional mainnet support. Full 1.00 would require default, mandatory, or enforced PQ/hybrid spend authorization. The 2026 upgrade made Quantumroot 10-100x more efficient but did not change default signing.

• https://upgradespecs.bitcoincashnode.org/transaction/
• https://github.com/bitcoincashorg/bitcoincash.org/blob/master/spec/2019-05-15-schnorr.md
• https://blog.bitjson.com/quantumroot/
• https://thequantuminsider.com/2026/05/26/bitcoin-quantumroot-vaults-go-live-on-cashvm-upgrade-unlocks-turing-complete-defi-on-l1-with-cashtokens/
• https://upgradespecs.bitcoincashnode.org/2026-05-15-upgrade/

Claim: P2PKH addresses (dominant type) hide public keys behind SHA-256+RIPEMD-160 hashes until spend (short-exposure protection). P2PK outputs expose public keys permanently (long-exposure). Reused P2PKH addresses expose keys permanently. Quantumroot P2SH32 addresses are hash-based and quantum-safe at rest.

Coverage basis: Standard address types provide partial protection. P2PK legacy outputs and address reuse create long-exposure vulnerable paths. No default PQ/hybrid address creation or key derivation.

Implementation score: 0.25 · Evidence confidence: High

Issue classification: quantum-critical vulnerability · Score treatment: score-reducing

Quantum blocker: P2PK outputs have permanently exposed public keys. Reused P2PKH addresses have exposed public keys. No protocol-level mechanism prevents creation of new vulnerable addresses.

Assurance: Address format behavior is well-documented in protocol specifications. P2PK exposure is inherent to the output type. Address reuse exposure is behavioral and not protocol-enforced.

P2PKH provides hash-based protection at rest, which is valuable but not PQ-grade. P2PK outputs (inherited from pre-fork Bitcoin) and address reuse patterns create material long-exposure surfaces. Quantumroot addresses (P2SH32) are quantum-safe at rest but not default.

• https://reference.cash/
• https://upgradespecs.bitcoincashnode.org/transaction/
• https://bitcoincashresearch.org/t/quantum-resistant-bitcoin-cash-a-challenge-based-transition-protocol
• https://blog.bitjson.com/quantumroot/

Claim: Bitcoin Cash is a PoW chain. It does not use validator signatures, BLS threshold signatures, VRFs, randomness beacons, or block certificates for consensus. Consensus is achieved through SHA-256 proof-of-work.

Coverage basis: N/A — PoW chain without validator-set consensus mechanisms.

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: SHA-256 PoW is widely considered quantum-resistant for mining/consensus purposes. N/A classification is architectural, not a gap.

PoW chains lack the validator authentication surface that this subfactor addresses. SHA-256 mining is quantum-resistant in practical terms.

• https://bitcoincash.org/
• https://reference.cash/

Claim: Bitcoin Cash uses SHA-256-based Merkle trees for transaction commitments and block hashing. No KZG/pairing-based commitments, no PLONK/Groth16 proof systems at consensus layer. UTXO set commitments are hash-based.

Coverage basis: Satisfied by design — all state-integrity mechanisms use SHA-256 hashing, which is quantum-resistant.

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: SHA-256 based commitments are well-understood and quantum-resistant for the relevant security properties. No novel cryptography is used for state integrity.

CashVM smart contracts (including Quantumroot) can implement additional commitment schemes, but the base protocol state integrity relies only on SHA-256.

• https://reference.cash/
• https://upgradespecs.bitcoincashnode.org/transaction/

Claim: Bitcoin Cash does not have a native privacy layer. No shielded pools, ZK proofs, note encryption, viewing keys, or stealth addresses are part of the base protocol.

Coverage basis: N/A — no privacy layer exists in the base protocol.

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Optional privacy tools (CashFusion) exist at the application layer but are not protocol-level cryptographic privacy mechanisms. Future ZK-STARK covenant applications are discussed in Quantumroot documentation but not yet deployed.

• https://reference.cash/

Claim: BCH nodes use standard Bitcoin P2P protocol. Node identity is not cryptographically authenticated in a consensus-critical or custody-critical way. P2P compromise does not enable theft, forgery, or consensus attacks on asset ownership.

Coverage basis: Satisfied by design — P2P node identity is not a critical security dependency for asset protection.

Implementation score: 1 · Evidence confidence: Medium

Issue classification: none · Score treatment: not applicable

Assurance: P2P transport encryption and node identity in Bitcoin Cash use classical cryptography, but this is not a quantum-critical path for asset security.

Node eclipse attacks or P2P-level disruptions could affect transaction relay but cannot forge signatures or steal funds. The quantum-critical spend authorization path is independent of P2P identity.

• https://reference.cash/

Claim: OPTN Wallet and Paytaca are reported to support Quantumroot for post-quantum storage of BCH, CashTokens, and DeFi assets on Android and iOS. No major exchange, custodian, or hardware wallet has announced Quantumroot integration.

Coverage basis: Limited/early wallet support exists. Most critical custody paths (exchanges, hardware wallets) remain ECDSA-only.

Implementation score: 0.25 · Evidence confidence: Low

Issue classification: operational/product caveat · Score treatment: score-reducing

Assurance: Wallet support claims come primarily from a press release (The Quantum Insider, May 26, 2026). The OPTN Wallet GitHub repository does not explicitly document Quantumroot integration in its README. Paytaca's website does not mention Quantumroot. Evidence confidence is Low for wallet support claims.

Early wallet support is promising but unverified against primary sources. No hardware wallet, major exchange, or institutional custodian has announced Quantumroot integration. This is an operational/product caveat: it limits adoption of the PQ path but does not create a new quantum-vulnerable path.

• https://thequantuminsider.com/2026/05/26/bitcoin-quantumroot-vaults-go-live-on-cashvm-upgrade-unlocks-turing-complete-defi-on-l1-with-cashtokens/
• https://github.com/OPTNLabs/OPTNWallet
• https://www.paytaca.com/

Claim: Nearly all BCH supply (~20M BCH circulating) is held in ECDSA-based addresses. Quantumroot adoption is negligible as of June 2026 (activated ~2 weeks prior). Legacy P2PK outputs and reused P2PKH addresses represent material long-exposure vulnerable value. No BCH-specific exposed-supply measurement exists.

Coverage basis: Coverage is clearly below 25%. Quantumroot mainnet path has existed for ~2 weeks. No measurable migration has occurred.

Implementation score: 0.05 · Evidence confidence: Medium

Issue classification: quantum-critical vulnerability · Score treatment: cap-applying

Quantum blocker: Material long-exposure quantum-vulnerable value (P2PK outputs, reused P2PKH addresses) exists with no active migration, freeze, deprecation, burn, recovery, or enforced policy path. Coverage is <25%, triggering Readiness & Risk Cap 55.

Assurance: Coverage is estimated from the fact that Quantumroot mainnet path activated only on May 15, 2026, and no exchange or major wallet has announced migration. BCH-specific P2PK/reused-address exposure data is not publicly measured. BTC data suggests ~30% exposure; BCH inherits the pre-fork P2PK UTXO set plus its own reuse patterns.

Coverage score of 1/20 (per 9.3.1: <25% = Experimental/negligible protection). Implementation Score equivalent = 0.05. This triggers Readiness & Risk Cap 55 for material long-exposure vulnerable value.

• https://bitcoincashresearch.org/t/quantum-resistant-bitcoin-cash-a-challenge-based-transition-protocol
• https://buyhodlsell.com/articles/bch-quantum-resistance
• https://bitinfocharts.com/bitcoin%20cash-distribution-history.html

Claim: No evidence that major exchanges, treasuries, foundations, bridges, or protocol-controlled wallets have migrated to Quantumroot. Early wallet support (OPTN, Paytaca) is unverified against primary sources.

Coverage basis: No critical wallet migration evidenced.

Implementation score: 0 · Evidence confidence: Low

Issue classification: quantum-critical vulnerability · Score treatment: score-reducing

Quantum blocker: Major exchanges, custodians, and institutional BCH holders have no evidenced Quantumroot migration.

Assurance: No primary-source evidence of any exchange, custodian, or institutional wallet migrating to or integrating Quantumroot. Press release claims about OPTN/Paytaca are not independently verified.

Critical wallets (top exchanges hold significant BCH: per bitinfocharts, top 20 addresses hold ~20.5% of supply) remain entirely on classical ECDSA addresses.

Claim: The challenge-based transition protocol (April 2026) identifies P2PK outputs and reused P2PKH addresses as quantum-vulnerable. No measurement, deprecation, freeze, migration, or burn mechanism is active. The protocol is a research proposal.

Coverage basis: Vulnerable pools are identified in research but not measured, deprecated, or addressed by any active protocol mechanism.

Implementation score: 0.25 · Evidence confidence: Medium

Issue classification: quantum-critical vulnerability · Score treatment: cap-applying

Quantum blocker: Legacy P2PK and reused P2PKH vulnerable pools are identified in research but have no active deprecation, freeze, burn, or migration mechanism. The challenge-based transition protocol is a proposal, not an enforced policy.

Assurance: The challenge-based protocol provides a design for secure transition but is not adopted as a CHIP, consensus rule, or enforced policy. No BCH-specific measurement of exposed supply exists.

Implementation Score 0.25 reflects the existence of a public research proposal identifying the problem and proposing a solution, but no implementation, measurement, or enforcement.

• https://bitcoincashresearch.org/t/quantum-resistant-bitcoin-cash-a-challenge-based-transition-protocol

Claim: No formal migration roadmap exists from the Bitcoin Cash project. Quantumroot is an opt-in tool enabled by the CashVM upgrade. The challenge-based transition protocol is a community research proposal, not a project-adopted roadmap.

Coverage basis: Research proposals and opt-in tooling exist but no sequenced, governed migration roadmap.

Implementation score: 0.25 · Evidence confidence: Medium

Issue classification: quantum-critical uncertainty · Score treatment: score-reducing

Assurance: The challenge-based protocol provides a design but lacks activation criteria, governance approval, sequencing, and dependencies. Quantumroot is a tool, not a migration plan.

The Bitcoin Cash upgrade process (yearly cadence) provides a governance vehicle but has not been used for quantum-specific migration planning. The 2026 upgrade enabled PQ vaults but did not include migration sequencing.

• https://bitcoincashresearch.org/t/quantum-resistant-bitcoin-cash-a-challenge-based-transition-protocol
• https://blog.bitjson.com/quantumroot/

Claim: Quantumroot requires active opt-in through specific wallets. Default wallet creation uses ECDSA. No migration prompts, deprecation warnings, user education from the protocol, or strongly-preferred PQ defaults exist.

Coverage basis: PQ path exists but is not accessible, default, prompted, or preferred for typical users.

Implementation score: 0.25 · Evidence confidence: Medium

Issue classification: operational/product caveat · Score treatment: score-reducing

Quantum blocker: Users can still create new quantum-vulnerable accounts by default with no warnings or restrictions.

Assurance: Quantumroot requires technical knowledge to use. Standard BCH wallets (Bitcoin.com, Electron Cash, etc.) do not offer Quantumroot as an option. No user-facing migration prompts exist.

The opt-in nature of Quantumroot means migration is entirely user-driven with no ecosystem coordination, education, or prompting. This is a significant adoption barrier even though the technical path exists.

• https://buyhodlsell.com/articles/bch-quantum-resistance
• https://blog.bitjson.com/quantumroot/

Claim: No enforcement mechanisms exist. No deprecation of ECDSA, no freeze of vulnerable outputs, no disabled legacy signing, no restricted withdrawals, no mandatory migration deadline. The challenge-based transition protocol is a proposal only.

Coverage basis: No enforcement mechanisms are implemented or adopted.

Implementation score: 0 · Evidence confidence: High

Issue classification: quantum-critical vulnerability · Score treatment: cap-applying

Quantum blocker: No enforcement, deprecation, freeze, or mandatory migration mechanism exists. The challenge-based protocol is not adopted. Exchange, custody, bridge, and wallet coordination for preventing unsafe fallback is absent.

Assurance: The absence of enforcement mechanisms is clearly evidenced by protocol specifications showing ECDSA as the standard and no restrictions on legacy signing. The challenge-based protocol explicitly states it is a proposal.

BCH's permissionless upgrade model means enforcement would require a consensus change (CHIP + network upgrade). No such CHIP has been proposed or adopted.

• https://bitcoincashresearch.org/t/quantum-resistant-bitcoin-cash-a-challenge-based-transition-protocol

Claim: No formal quantum-specific incident-response process, disclosure policy, or emergency governance mechanism has been published by the Bitcoin Cash project.

Coverage basis: No quantum-specific IR process exists. General BCH upgrade process (yearly cadence) exists but is not quantum-specific.

Implementation score: 0 · Evidence confidence: Medium

Issue classification: assurance-only caveat · Score treatment: score-reducing

Assurance: The absence of a quantum-specific IR playbook is an assurance gap but does not by itself create a current quantum-vulnerable path. Per QRI v3.1 Note-Only Caveat Rule: 'Lack of a formal quantum-specific incident-response playbook unless the absence of a process leaves a current quantum-vulnerable path unresolved.' No such path is identified as unresolved solely due to missing IR documentation.

BCH has a general network upgrade governance process (yearly upgrades, CHIP proposals, multiple node implementations) that could serve as a vehicle for quantum emergency response, but no quantum-specific procedures are documented.

Claim: Quantumroot uses LM-OTS (Leighton-Micali One-Time Signatures) as specified by RFC 8554 and recommended by NIST SP 800-208. LM-OTS relies only on SHA-256.

Coverage basis: RFC 8554 standard, NIST SP 800-208 recommended. Well-reviewed hash-based signature scheme.

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: LM-OTS is a well-established hash-based signature scheme. RFC 8554 and NIST SP 800-208 provide standards-track specification and federal recommendation. The algorithm choice is conservative and appropriate.

LM-OTS uses only SHA-256, meaning any quantum break of Quantumroot would also break Bitcoin Cash mining. This is a deliberately conservative cryptographic choice.

• https://blog.bitjson.com/quantumroot/
• https://github.com/bitjson/quantumroot
• https://www.rfc-editor.org/rfc/rfc8554

Claim: No independent cryptographic or implementation audit of Quantumroot exists. The developer stated in July 2025: 'this wallet template has not yet been reviewed by anyone else' and plans to complete security audits.

Coverage basis: No audit has been performed. Quantumroot code is publicly available but unreviewed by independent parties.

Implementation score: 0 · Evidence confidence: High

Issue classification: assurance-only caveat · Score treatment: score-reducing

Assurance: Per QRI v3.1: 'No independent audit, but public code and mainnet/testnet evidence verify the quantum-security property' → No QRI deduction by itself, Confidence normally capped at Medium. The quantum-critical property (LM-OTS per RFC 8554, SHA-256-based) is verifiable from public code and standards. Audit absence is an assurance gap, not a quantum-critical blocker. Score reduction reflects Implementation Score 0.00 for the audit subfactor itself.

The developer has publicly committed to completing security audits. Until completed, this subfactor scores 0.00. The LM-OTS algorithm itself is well-standardized, but the CashAssembly implementation and integration with BCH's VM warrant independent review.

• https://blog.bitjson.com/quantumroot/

Claim: Quantumroot is open-source (MIT License) on GitHub. CashAssembly templates, demo transaction generation code, and test vectors are publicly available. The implementation can be compiled and reproduced.

Coverage basis: Fully open-source, publicly available, reproducible.

Implementation score: 1 · Evidence confidence: High

Issue classification: none · Score treatment: not applicable

Assurance: Code is publicly available under MIT License. Single-contributor repository (Jason Dreyzehner). Chipnet example transactions are published and verifiable.

The repository includes CashAssembly templates, demo.ts for transaction generation, and exported example transactions for both pre-quantum and post-quantum spending paths.

• https://github.com/bitjson/quantumroot
• https://blog.bitjson.com/quantumroot-on-chipnet/

Claim: Quantumroot design allows sweep-free upgrades. LM-OTS signatures sign a hash of the spending script, enabling the script to be upgraded without moving funds. The design explicitly supports future opcodes and serialization formats.

Coverage basis: Documented upgrade path. Sweep-free upgrades are a core design feature.

Implementation score: 1 · Evidence confidence: Medium

Issue classification: none · Score treatment: not applicable

Assurance: The upgrade path design is documented in the Quantumroot announcement. Sweep-free upgrades and parameter agility are explicitly designed features. Mainnet validation of the upgrade mechanism is early (post-May 2026).

The design signs a script hash rather than a transaction directly, allowing the verification script to be upgraded without moving UTXOs. This is a deliberate architectural choice for long-term agility.

• https://blog.bitjson.com/quantumroot/
• https://blog.bitjson.com/quantumroot-on-chipnet/

Claim: Quantumroot documentation addresses stateful signature risks: pre-broadcast validation, constant-time signing considerations, message randomizer construction (RFC 8554 C), anti-reuse architecture via CashToken delegation, and hardware security module considerations.

Coverage basis: Documented considerations for stateful signature safety. No formal security evaluation or independent review of these controls.

Implementation score: 0.5 · Evidence confidence: Medium

Issue classification: assurance-only caveat · Score treatment: score-reducing

Assurance: Documentation is thorough and addresses key risks (key reuse, side-channel, fault injection, constant-time signing, pre-broadcast validation). However, no formal security evaluation or independent review validates these controls. Wallet implementation security for state management is unverified.

LM-OTS is inherently stateful — key reuse catastrophically breaks security. Quantumroot's architecture mitigates this through CashToken delegation (receive addresses don't reveal Quantumroot usage, each quantum spend moves the token to a new index). The documentation is strong but unaudited.

• https://blog.bitjson.com/quantumroot/
• https://github.com/bitjson/quantumroot

Claim: Detailed byte-level transaction size analysis published for Quantumroot: pre-quantum sweeps (891 inputs/100KB), post-quantum sweeps (868 inputs/100KB, 448 unique addresses/100KB), comparison with P2PKH (15% smaller per-UTXO for sweeps). Typical 2-input PQ transaction: ~2,923 bytes.

Coverage basis: Developer-published performance data with specific byte counts and throughput estimates. No formal third-party benchmark.

Implementation score: 0.75 · Evidence confidence: Medium

Issue classification: none · Score treatment: score-reducing

Assurance: Performance data is developer-published, not independently verified. Chipnet testnet data is available. Mainnet performance under realistic load and fee conditions is not yet measured. The analysis is detailed and credible but lacks formal third-party benchmarking.

Implementation Score 0.75 reflects detailed published analysis but without formal independent benchmarking. The data shows Quantumroot PQ transactions are practical on BCH (100-1000x cheaper than equivalent Ethereum vaults). ~2.5KB per quantum unlock is large but manageable within BCH's adjustable block size limit.

• https://blog.bitjson.com/quantumroot-on-chipnet/
• https://blog.bitjson.com/quantumroot/