Layer 0 verification infrastructure
Geeq GEEQ
Geeq (GEEQ) currently operates solely as an ERC-20 token on Ethereum mainnet. The native Geeq Chain using Proof of Honesty (PoH) consensus remains in testnet phase with no mainnet launch as of 2026-06-01. The official roadmap lists a 'Quantum-Ready Upgrade' for post-quantum cryptography as 'Planned' — not in progress, not implemented. The current production value-at-risk (~$409K market cap, ~38.5M circulating GEEQ) is entirely exposed to Ethereum's quantum-vulnerable ECDSA spend authorization. All testnet cryptography uses Ed25519, which is also an elliptic-curve scheme vulnerable to Shor's algorithm. The project's 2019 whitepaper acknowledges the quantum threat and describes a conceptual multi-chain architecture that could support quantum-ready instances in the future, but no PQC algorithm has been selected, no PQC code is publicly available, no independent audit exists, and no PQC testnet or mainnet deployment is live. The QRI Score of 6 reflects quantum risk awareness with no meaningful production protection.
Roadmap OnlyERC-20 TokenInherits L1 RiskNo PQ Implementation
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0.56 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0.75 / 15
Migration Status & Value-at-Risk
1.5 / 25
Production Cryptographic Protection
2.19 / 35
Security Assessment & Evidence Preparedness
1.25 / 5
Critical Quantum Blockers
- Active production spend authorization (ERC-20 on Ethereum) is entirely ECDSA-only with no PQ or hybrid protection and no announced migration timeline.
- Post-quantum cryptography is listed as 'Planned' on the roadmap with no prototype, testnet implementation, public code, or algorithm specification.
- No public source code or independent audit exists to verify any cryptographic implementation claims for the native Geeq Chain.
Key Risks
- All ~38.5M circulating GEEQ tokens are held on Ethereum and spend authorization depends entirely on quantum-vulnerable ECDSA signatures. A cryptographically relevant quantum computer could derive private keys from exposed public keys of transacted EOAs and steal tokens.
- The native Geeq chain mainnet has no confirmed launch date. Even if launched with current Ed25519 testnet cryptography, it would remain quantum-vulnerable until the 'Quantum-Ready Upgrade' (currently 'Planned') is implemented.
- No specific PQC algorithm has been selected or prototyped, creating uncertainty about migration timeline, wallet compatibility, signature sizes, and transaction cost impact.
- No public source code exists to independently verify any cryptographic implementation or security claims.
- The project has no published independent security audit covering cryptographic layers.
- There is no quantum-specific incident response process, emergency governance, or mechanism to freeze or migrate vulnerable ERC-20 balances in the event of a quantum advance.
Assurance Notes
- No public independent cryptographic or implementation audit identified. Roadmap lists 'Security Audits — Completed' but no audit firm, scope, report, or date is publicly available.
- No public source code repository found for the Geeq protocol implementation. The github.com/GEEQ organization exists but contains no public repositories with protocol code.
- The native Geeq Chain mainnet is 'In Progress' on the roadmap; the Helium Test Net (launched Feb 2025) is the most advanced public environment.
- The specific post-quantum algorithms planned for the 'Quantum-Ready Upgrade' are not disclosed in any public documentation.
- The 2019 whitepaper and technical paper remain the primary technical references; no updated cryptographic specification has been published.
- GEEQ is frequently categorized as 'quantum-resistant' on coin aggregators, but primary sources confirm PQ cryptography is only a planned future upgrade.
Non-Scoring Caveats
- Geeq is frequently miscategorized as 'quantum-resistant' on secondary coin aggregators, but primary sources confirm PQ cryptography is only a planned future upgrade.
- The native chain's testnet uses Ed25519 (classical ECC), which remains quantum-vulnerable to Shor's algorithm.
- The ERC-20 to native token swap mechanism is described conceptually but no timeline or enforcement mechanism for migrating away from quantum-vulnerable ERC-20 balances has been published.
- The project holds a US patent (US11575499B2) for self-auditing blockchain but this does not address post-quantum cryptography.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory and quantum threat model
Claim: The 2019 whitepaper acknowledges that quantum computers will undermine the security models of existing blockchains and states that Geeq's multi-chain architecture will allow creation of quantum-ready instances for future migration.
Coverage basis: Design-level acknowledgment in whitepaper; no comprehensive public cryptographic inventory mapping all critical public-key mechanisms, attack surfaces, affected layers, and affected assets.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory of critical public-key mechanisms with quantum threat model has been published.
Assurance: The whitepaper mention is high-level and does not constitute a structured cryptographic inventory. No enumeration of specific algorithms, key sizes, attack windows, or affected value-at-risk.
The whitepaper (2019) predates NIST PQC standardization (2024). No updated quantum threat assessment referencing NIST standards exists.
Security Assessment & Evidence Preparedness
Public evidence record supporting assessment
Claim: The roadmap lists 'Quantum-Ready Upgrade: Post-quantum cryptography implementation' as 'Planned' and security audits as 'Completed'.
Coverage basis: Roadmap entries and whitepaper discussion only; no code references, reproducible analytics, audit reports, or transaction examples supporting a quantum-specific assessment.
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: No audit report, auditor identity, scope document, or date is publicly available. The roadmap states external audits are on the to-do list before mainnet.
Roadmap-only evidence; no primary artifacts.
Production Cryptographic Protection
Spend authorization / transaction signatures PQC or hybrid-PQC on mainnet
Claim: GEEQ is an ERC-20 token on Ethereum. All token transfers require Ethereum ECDSA signatures from EOAs. No PQC or hybrid-PQC spend authorization exists in production.
Coverage basis: Token inheritance from Ethereum L1. Verified via Etherscan (contract 0x6b9f031d718dded0d681c20cb754f97b3bb81b78) and CoinGecko/CoinMarketCap listings.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Production spend authorization is entirely ECDSA-dependent via Ethereum L1 inheritance. All GEEQ token transfers require quantum-vulnerable ECDSA signatures.
Token inheritance rule (QRI Section 7.2) applies. Native Geeq chain mainnet is not live; testnet uses Ed25519 which is also not quantum-resistant.
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: GEEQ ERC-20 tokens are held in Ethereum EOAs. EOAs that have sent transactions have exposed their public keys on-chain, creating long-exposure quantum-vulnerable ownership paths.
Coverage basis: Ethereum account model — public keys are exposed in transaction signatures (v, r, s). Once an EOA has spent, its public key is recoverable and vulnerable to offline Shor's algorithm attack.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Material long-exposure quantum-vulnerable value exists. Transacted Ethereum EOAs holding GEEQ have exposed public keys with no migration, freeze, or deprecation path.
~38.5M GEEQ circulating. All holders use Ethereum account model. Any EOA that has ever sent a transaction has a recoverable public key.
Production Cryptographic Protection
Consensus-critical authentication PQC or hybrid-PQC
Claim: As an ERC-20 token, GEEQ has no independent consensus mechanism. Consensus authentication is inherited from Ethereum L1.
Coverage basis: Token inheritance. Ethereum consensus uses ECDSA/BLS signatures for validator authentication — not quantum-resistant.
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: note-only
Native Geeq chain consensus (PoH) would use validator signatures if/when mainnet launches. Testnet uses Ed25519 for node signatures per technical updates — also quantum-vulnerable.
Production Cryptographic Protection
State-integrity and data-availability mechanisms quantum-safe
Claim: ERC-20 token balance state is maintained by the Ethereum L1 state trie using Keccak-256 hashing. Keccak-256 hashing is considered quantum-safe. However, state binding and state transitions depend on ECDSA signatures.
Coverage basis: Ethereum's state model. Hashing is quantum-safe; state-transition authorization (signatures) is not.
Implementation score: 0.25 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Assurance: Ethereum also uses KZG commitments (EIP-4844) for blob data — these are pairing-based and quantum-vulnerable, though the direct impact on ERC-20 token state integrity is indirect.
Keccak-256 hashing provides partial quantum-safe state integrity but does not protect against forged state transitions via broken ECDSA.
Production Cryptographic Protection
Privacy and proof layers quantum-safe
Claim: GEEQ ERC-20 token has no privacy layer, ZK proof system, shielded transactions, note encryption, or stealth address mechanism.
Coverage basis: Standard ERC-20 token with no privacy features.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication PQC/hybrid-PQC
Claim: As an ERC-20 token, GEEQ has no independent P2P network. P2P transport and node identity are inherited from Ethereum L1.
Coverage basis: Token inheritance.
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support PQ/hybrid path
Claim: No evidence of any PQ wallet, custody, HSM, or hardware-wallet support for GEEQ. The token uses standard Ethereum wallets (MetaMask, Ledger, Trezor) with ECDSA-based signing.
Coverage basis: ERC-20 token on Ethereum — all wallet interactions use standard Ethereum ECDSA signing.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
The roadmap mentions hardware wallet investigation as a 'to-do' item. No PQ hardware wallet integration exists.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: 0% of production GEEQ value is protected from quantum key-recovery attacks. All ~38.5M circulating GEEQ tokens (~$409K market cap) reside on Ethereum and are secured only by ECDSA.
Coverage basis: On-chain data from Etherscan and market data from CoinMarketCap. Coverage: <25%.
Implementation score: 0.05 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: 0% of production value-at-risk is protected. All value is on quantum-vulnerable Ethereum L1.
Coverage score of 1 out of 20 per QRI Section 9.3.1 (<25% = experimental/negligible protection). Native chain is not in production; even if it were, it would use Ed25519 (non-PQ) until the Quantum-Ready Upgrade ships.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No critical wallets (treasuries, exchanges, custodians, bridges, foundations) are PQ-protected for GEEQ. All GEEQ custody uses Ethereum ECDSA.
Coverage basis: All GEEQ is ERC-20 on Ethereum. No exchange or custodian offers PQ-protected GEEQ custody.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
CoinMarketCap shows ~2.72K holders. Top holder concentration data not analyzed but all holders use Ethereum EOA security.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: The project has a stated plan for ERC-20 to native coin swap at mainnet launch, and the whitepaper describes quantum-ready instances for future migration. However, the ERC-20 token pool — the entirety of production value — remains the active vulnerable pool with no deprecation, freeze, or migration executed.
Coverage basis: Roadmap and whitepaper describe planned migration; no on-chain action taken.
Implementation score: 0.25 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Entire production token supply (~38.5M GEEQ) is the legacy vulnerable pool with no active migration, freeze, or deprecation.
The ERC-20 to native swap plan was first discussed in 2021 with a target of Q3-Q4 2022. As of 2026-06-01, mainnet is still 'In Progress' and no swap has occurred.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: The roadmap lists 'Quantum-Ready Upgrade: Post-quantum cryptography implementation' as 'Planned' and 'Geeq Chain Launch' as 'In Progress'. An ERC-20 to native swap is described. No specific PQC algorithm, activation criteria, or timeline is provided.
Coverage basis: Roadmap entries and whitepaper conceptual description only.
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Roadmap only; no code, specification, prototype, or testnet for PQC exists. The PQC item has no sequencing, dependencies, or activation criteria beyond the 'Planned' label.
The roadmap separates 'Quantum-Ready Upgrade' (Planned) from 'Geeq Chain Launch' (In Progress), suggesting PQC is not part of the initial mainnet launch.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults: PQ/hybrid account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, and migration prompts
Claim: No PQ account creation, wallet tooling, custody paths, or migration prompts exist for GEEQ in production. The SafeQeep wallet (testnet) uses Ed25519, not PQC.
Coverage basis: No evidence of any PQ-accessible tooling.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
SafeQeep wallet is in testnet preparation (February 2025 update) and uses the same Ed25519 cryptography as the rest of the testnet — not PQC.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination: enforcement mechanisms exist and exchange/custody/bridge/wallet coordination prevents unsafe fallback
Claim: No migration enforcement mechanisms exist. The ERC-20 to native swap is planned but not live. No exchange, custody, or bridge coordination for quantum-safe migration has been announced.
Coverage basis: No evidence of enforcement mechanisms or coordination.
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
The roadmap mentions the ERC-20 will become a 'wrapped version of the GEEQ mainnet coin' after swap — this could create a two-way bridge between PQ-secure native chain and non-PQ Ethereum, but this is speculative since neither the native chain nor PQC exists yet.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No public quantum-specific incident-response process, emergency governance mechanism, or vulnerability disclosure program has been identified for Geeq.
Coverage basis: No evidence found in any public source.
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Absence of a formal quantum-specific IR playbook is an assurance gap but does not independently reduce the QRI Score per the Note-Only Caveat Rule (QRI Section 7.4).
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms
Claim: No PQC algorithms are implemented. Testnet uses Ed25519 (elliptic curve, not PQC). No NIST-standardized PQC algorithm (ML-DSA, FN-DSA, SLH-DSA) has been selected or prototyped.
Coverage basis: Testnet technical updates confirm Ed25519 usage. No PQC algorithm specification exists.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQC algorithm selected or implemented. Ed25519 is quantum-vulnerable.
The February 2023 Tech Round-Up noted 'The dev team upgraded the encryption algorithm to Ed25519' and claimed this 'demonstrated the code is being written such that changing the encryption algorithm leaves the logic of all the validation checks intact.' This suggests algorithm agility in the codebase but Ed25519 itself offers no quantum resistance.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit exists for the quantum-critical scope
Claim: No public independent cryptographic or implementation audit has been identified. The roadmap lists 'Security Audits — Completed' but provides no auditor, scope, date, or report.
Coverage basis: No audit evidence available.
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: The roadmap itself states 'Geeq will seek external audits before public mainnet. This item is on the to-do list.' This contradicts the 'Security Audits — Completed' milestone, suggesting completed audits may be internal or limited-scope. No audit report is publicly available to verify any cryptographic implementation.
Audit gap is recorded as an assurance caveat. The quantum-critical claim (PQC implementation) is already scored at 0.00 because no PQC implementation exists to audit.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: No public source code repository for the Geeq protocol has been identified. The github.com/GEEQ organization exists but contains no public repositories with protocol implementation code.
Coverage basis: GitHub search and project documentation review.
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public source code exists to independently verify any cryptographic implementation or security claims.
The project describes its protocol in whitepapers and technical updates but has not released source code publicly. Without code, no implementation claim can be independently verified.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path documented
Claim: The February 2023 Tech Round-Up stated the Ed25519 upgrade 'demonstrated the code is being written such that changing the encryption algorithm leaves the logic of all the validation checks intact.' This suggests algorithm agility in the codebase design.
Coverage basis: Single statement in technical update; no formal agility specification or upgrade path documentation.
Implementation score: 0.25 · Evidence confidence: Low
Issue classification: none · Score treatment: note-only
Assurance: Claim cannot be verified without public code. Roadmap also states 'Geeq also will employ an encryption algorithm to provide more quantum resistance than older blockchain platforms provide currently' — indicating awareness but no concrete plan.
Algorithm agility is a design claim from 2023; no formal documentation, specification, or upgrade path for PQC migration exists.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks considered
Claim: No PQC signatures are used, so stateful-signature safety (e.g., XMSS/LMS anti-reuse controls) is not applicable. No side-channel or fault-injection analysis has been published for any Geeq cryptography.
Coverage basis: No evidence of any such analysis.
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Not applicable to current production (no PQC). Recorded as a gap for future PQC implementation.
Algorithm & Implementation Assurance
Performance and resource-impact analysis exists for PQ signature/verification costs
Claim: No performance or resource-impact analysis for PQC deployment has been published. No PQC algorithm has been selected, so no basis for analysis exists.
Coverage basis: No evidence.
Implementation score: 0 · Evidence confidence: None
Issue classification: assurance-only caveat · Score treatment: note-only
Assurance: Not applicable to current production (no PQC). Recorded as a gap for future PQC implementation. Per QRI v3.1 Note-Only Caveat Rule, missing formal benchmark does not reduce the QRI Score when no PQC implementation exists.
Report metadata